Пример #1
0
    require_once WB_PATH . '/modules/foldergallery/languages/DE.php';
} else {
    // a module language file exists for the language defined by the user, load it
    require_once WB_PATH . '/modules/foldergallery/languages/' . LANGUAGE . '.php';
}
// First we prevent direct access and check for variables
if (!isset($_POST['action']) or !isset($_POST['recordsArray'])) {
    // now we redirect to index, if you are in subfolder use ../index.php
    header('Location: ../../index.php');
} else {
    // check if user has permissions to access the  module
    require_once WB_PATH . '/framework/class.admin.php';
    $admin = new admin('Modules', 'module_view', false, false);
    if (!($admin->is_authenticated() && $admin->get_permission('foldergallery', 'module'))) {
        die(header('Location: ../../index.php'));
    }
    // Sanitized variables
    $action = $admin->add_slashes($_POST['action']);
    $updateRecordsArray = isset($_POST['recordsArray']) ? $_POST['recordsArray'] : array();
    // This line verifies that in &action is not other text than "updateRecordsListings", if something else is inputed (to try to HACK the DB), there will be no DB access..
    if ($action == "updateRecordsListings") {
        $listingCounter = 1;
        $output = "";
        foreach ($updateRecordsArray as $recordIDValue) {
            $database->query("UPDATE `" . TABLE_PREFIX . "mod_foldergallery_categories` SET position = " . $listingCounter . " WHERE `id` = " . $recordIDValue);
            $listingCounter++;
        }
        echo '<img src="' . WB_URL . '/modules/jsadmin/images/success.gif" style="vertical-align:middle;"/> <span style="font-size: 80%">' . $MOD_FOLDERGALLERY['REORDER_INFO_SUCESS'] . '</span>';
    }
}
// this ends else statement from the top of the page
}
// Include WB admin wrapper script
$admintool_link = ADMIN_URL . '/admintools/index.php';
$ToolUrl = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$admin = new admin('admintools', 'admintools', false);
$droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'post'));
if (!$admin->checkFTAN() || !$droplet_id) {
    $admin->print_header();
    $admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl);
}
$admin->print_header();
// Validate all fields
if ($admin->get_post('title') == '') {
    $admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl);
} else {
    $title = $admin->add_slashes($admin->get_post('title'));
    $active = (int) $admin->get_post('active');
    $admin_view = (int) $admin->get_post('admin_view');
    $admin_edit = (int) $admin->get_post('admin_edit');
    $show_wysiwyg = (int) $admin->get_post('show_wysiwyg');
    $description = $admin->add_slashes($admin->get_post('description'));
    $tags = array('<?php', '?>', '<?');
    $content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent']));
    $comments = trim($admin->add_slashes($admin->get_post('comments')));
    $modified_when = time();
    $modified_by = (int) $admin->get_user_id();
}
// Update row
$sql = 'UPDATE `' . TABLE_PREFIX . 'mod_droplets` SET ' . '`name` = \'' . $title . '\', ' . '`active` = ' . $active . ', ' . '`admin_view` = ' . $admin_view . ', ' . '`admin_edit` = ' . $admin_edit . ', ' . '`show_wysiwyg` = ' . $show_wysiwyg . ', ' . '`description` = \'' . $description . '\', ' . '`code` = \'' . $content . '\', ' . '`comments` = \'' . $comments . '\', ' . '`modified_when` = ' . $modified_when . ', ' . '`modified_by` = ' . $modified_by . ' ' . 'WHERE `id` = ' . $droplet_id;
$database->query($sql);
// Check if there is a db error, otherwise say successful
$module_permissions = $_SESSION['MODULE_PERMISSIONS'];
// Loop through sections
$query_sections = $database->query("SELECT section_id,module,position FROM " . TABLE_PREFIX . "sections WHERE page_id = '{$page_id}' ORDER BY position ASC");
if ($query_sections->numRows() > 0) {
    $num_sections = $query_sections->numRows();
    while ($section = $query_sections->fetchRow()) {
        if (!is_numeric(array_search($section['module'], $module_permissions))) {
            // Update the section record with properties
            $section_id = $section['section_id'];
            $sql = '';
            $publ_start = 0;
            $publ_end = 0;
            $dst = date("I") ? " DST" : "";
            // daylight saving time?
            if (isset($_POST['block' . $section_id]) && $_POST['block' . $section_id] != '') {
                $sql = "block = '" . $admin->add_slashes($_POST['block' . $section_id]) . "'";
            }
            // named sections patch
            if (isset($_POST['namesection' . $section_id])) {
                $sql .= ", namesection = '" . $admin->add_slashes($_POST['namesection' . $section_id]) . "'";
            }
            // update publ_start and publ_end, trying to make use of the strtotime()-features like "next week", "+1 month", ...
            if (isset($_POST['start_date' . $section_id]) && isset($_POST['end_date' . $section_id])) {
                if (trim($_POST['start_date' . $section_id]) == '0' || trim($_POST['start_date' . $section_id]) == '') {
                    $publ_start = 0;
                } else {
                    $publ_start = jscalendar_to_timestamp($_POST['start_date' . $section_id]);
                }
                if (trim($_POST['end_date' . $section_id]) == '0' || trim($_POST['end_date' . $section_id]) == '') {
                    $publ_end = 0;
                } else {
// Include the configuration file
require '../../../config.php';
// Include the language file
require WB_PATH . '/languages/' . DEFAULT_LANGUAGE . '.php';
// Include the database class file and initiate an object
require WB_PATH . '/framework/class.admin.php';
$admin = new admin('Start', 'start', false, false);
// Get the website title
$results = $database->query("SELECT value FROM " . TABLE_PREFIX . "settings WHERE name = 'title'");
$results = $results->fetchRow();
$website_title = $results['value'];
// Check if the user has already submitted the form, otherwise show it
if (isset($_POST['email']) and $_POST['email'] != "") {
    $email = htmlspecialchars($_POST['email'], ENT_QUOTES);
    // Check if the email exists in the database
    $query = "SELECT user_id,username,display_name,email,last_reset,password FROM " . TABLE_PREFIX . "users WHERE email = '" . $admin->add_slashes($_POST['email']) . "'";
    $results = $database->query($query);
    if ($results->numRows() > 0) {
        // Get the id, username, email, and last_reset from the above db query
        $results_array = $results->fetchRow();
        // Check if the password has been reset in the last 2 hours
        $last_reset = $results_array['last_reset'];
        $time_diff = time() - $last_reset;
        // Time since last reset in seconds
        $time_diff = $time_diff / 60 / 60;
        // Time since last reset in hours
        if ($time_diff < 2) {
            // Tell the user that their password cannot be reset more than once per hour
            $message = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
        } else {
            $old_pass = $results_array['password'];
// Extra protection
if (trim($_POST['code']) == '') {
    header("Location: index.php");
    exit(0);
}
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Check if the language exists
if (!file_exists(WB_PATH . '/languages/' . $_POST['code'] . '.php')) {
    $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']);
}
// Check if the language is in use
if ($_POST['code'] == DEFAULT_LANGUAGE or $_POST['code'] == LANGUAGE) {
    $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']);
} else {
    $query_users = $database->query("SELECT user_id FROM " . TABLE_PREFIX . "users WHERE language = '" . $admin->add_slashes($_POST['code']) . "' LIMIT 1");
    if ($query_users->numRows() > 0) {
        $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']);
    }
}
// Try to delete the language code
if (!unlink(WB_PATH . '/languages/' . $_POST['code'] . '.php')) {
    $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']);
} else {
    // Remove entry from DB
    $database->query("DELETE FROM " . TABLE_PREFIX . "addons WHERE directory = '" . $_POST['code'] . "' AND type = 'language'");
}
// Print success message
$admin->print_success($MESSAGE['GENERIC_UNINSTALLED']);
// Print admin footer
$admin->print_footer();
$js_back = ADMIN_URL . '/users/index.php';
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// After check print the header
$admin->print_header();
// Check if user id is a valid number and doesnt equal 1
if (!isset($_POST['user_id']) or !is_numeric($_POST['user_id']) or $_POST['user_id'] == 1) {
    header("Location: index.php");
    exit(0);
} else {
    $user_id = $_POST['user_id'];
}
// Gather details entered
$groups_id = isset($_POST['groups']) ? implode(",", $admin->add_slashes($_POST['groups'])) : '';
$active = $admin->add_slashes($_POST['active'][0]);
$username_fieldname = $admin->get_post_escaped('username_fieldname');
$username = strtolower($admin->get_post_escaped($username_fieldname));
$password = $admin->get_post('password');
$password2 = $admin->get_post('password2');
$display_name = $admin->get_post_escaped('display_name');
$email = $admin->get_post_escaped('email');
$home_folder = $admin->get_post_escaped('home_folder');
// Check values
if ($groups_id == "") {
    $admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back);
}
if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
    $admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'] . ' / ' . $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);
}
Пример #7
0
 * @license     http://www.gnu.org/licenses/gpl-2.0.html
 */
require '../../../config.php';
$bAdminHeader = FALSE;
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Pages', 'pages_settings', $bAdminHeader);
// check if user can change things to avoid any submission from a logged in not admin user
if ($admin->get_permission('pages_modify') == false) {
    exit;
}
// Create the Fields from Submission
$aFromString = explode("-", $_POST['id']);
$sDbField = $aFromString[0];
$iPageId = intval($aFromString[1]);
//sanitize new value to update
$sNewValue = str_replace(array("[[", "]]", "\n", "\t"), '', htmlspecialchars($admin->add_slashes($admin->get_post('value'))));
$aCheckPagesFields = array('page_title', 'description', 'keywords');
//	GET TOOL SETTINGS FROM DB (Json Array)
$jsonSettings = $database->get_one("SELECT `settings_json` FROM `" . TABLE_PREFIX . "mod_page_seo_tool`");
$aSettings = json_decode($jsonSettings, TRUE);
if (!defined('REWRITE_URL') && $aSettings['rewriteUrl']['use'] == TRUE) {
    define('REWRITE_URL', $aSettings['rewriteUrl']['dbString']);
    array_push($aCheckPagesFields, REWRITE_URL);
}
// UPDATE the DB Field
if (isset($_POST['value']) && in_array($sDbField, $aCheckPagesFields)) {
    // Update page settings in the pages table
    $sUpdateQuery = 'UPDATE `' . TABLE_PREFIX . 'pages` SET `' . $sDbField . '` = "' . $sNewValue . '" WHERE `page_id` = ' . $iPageId;
    $database->query($sUpdateQuery);
}
if ($database->is_error() == FALSE) {
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
include_once 'resize_img.php';
// Create Imagedir (/slide is rejected by some add_blockers, use slide inverted
$slide_dir = WB_PATH . MEDIA_DIRECTORY . '/slider/';
make_dir($slide_dir);
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider';
$admin = new admin('admintools', 'admintools');
// Validate all fields
if ($admin->get_post('comments') == '') {
    $admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL . '/modules/capslider/modify_slide.php?slide_id=' . $slide_id);
} else {
    $active = $admin->get_post('active');
    $group = $admin->add_slashes($admin->get_post('group'));
    $alt = $admin->add_slashes($admin->get_post('alt'));
    $height = $admin->add_slashes($admin->get_post('height'));
    $width = $admin->add_slashes($admin->get_post('width'));
    $image = $admin->add_slashes($admin->get_post('image'));
    $comments = $admin->add_slashes($admin->get_post('comments'));
    $modified_when = time();
    $modified_by = $admin->get_user_id();
    // Check if the user uploaded an image or wants to delete one
    if (isset($_FILES['newimage']['tmp_name']) && $_FILES['newimage']['tmp_name'] != '') {
        // Get real filename and set new filename
        $filename = $_FILES['newimage']['name'];
        $path_parts = pathinfo($filename);
        $fileext = strtolower($path_parts['extension']);
        // Make sure the image is a jpg or png file
        if (!($fileext == "jpg" || $fileext == "jpeg" || $fileext == "png" || $fileext == "gif")) {
Пример #9
0
    require_once WB_PATH . '/modules/capslider/languages/EN.php';
} else {
    require_once WB_PATH . '/modules/capslider/languages/' . LANGUAGE . '.php';
}
// Include WB admin wrapper script
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider';
$admin = new admin('admintools', 'admintools');
// Validate all fields
if ($admin->get_post('title') == '') {
    $admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL . '/modules/capslider/modify_group.php?group_id=' . $group_id);
} else {
    $title = $admin->add_slashes($admin->get_post('title'));
    $height = $admin->add_slashes($admin->get_post('height'));
    $width = $admin->add_slashes($admin->get_post('width'));
    $speed = $admin->add_slashes($admin->get_post('speed'));
    $delay = $admin->add_slashes($admin->get_post('delay'));
    $panel = $admin->add_slashes($admin->get_post('panel'));
}
$gtable = TABLE_PREFIX . 'mod_capslider_groups';
// Update row
$database->query("UPDATE " . $gtable . " SET `group_name` = '{$title}',`height` = '{$height}' ,`width` = '{$width}',`speed` = '{$speed}',`delay` = '{$delay}',`panel` = '{$panel}' WHERE group_id = '{$group_id}'");
// Check if there is a db error, otherwise say successful
if ($database->is_error()) {
    $admin->print_error($database->get_error(), WB_URL . '/modules/capslider/modify_group.php?group_id=' . $group_id);
} else {
    $admin->print_success($TEXT['SUCCESS'], $module_edit_link);
}
Пример #10
0
/*
	Drag'N'Drop Position
*/
if (!isset($_POST['action']) || !isset($_POST['row'])) {
    header('Location: ../../index.php');
} else {
    require '../../config.php';
    // Check if user has permissions to access the Bakery module
    require_once '../../framework/class.admin.php';
    $admin = new admin('Modules', 'module_view', false, false);
    if (!($admin->is_authenticated() && $admin->get_permission('bakery', 'module'))) {
        die(header('Location: ../../index.php'));
    }
    // Sanitize variable
    $action = $admin->add_slashes($_POST['action']);
    // We just get the array here, and few lines below we sanitize it
    $row = $_POST['row'];
    $sID = $database->get_one("SELECT section_id FROM " . TABLE_PREFIX . "mod_bakery_items WHERE item_id = " . intval($row[0]));
    /*
    Bakery isn't using ordering (ASC/DESC) so we comment this code
    
    $sorting = $database->get_one("SELECT ordering FROM ".TABLE_PREFIX."bakery_settings WHERE section_id = ".$sID." ");
    if($sorting == 1) // DESC == new first
    {
    	$row = array_reverse($row);
    }
    */
    // For security reasons (to prevent db hacks) this line verifies that
    // in the $action var there is no other text than "updatePosition"
    if ($action == "updatePosition") {
Пример #11
0
require WB_PATH . '/languages/' . DEFAULT_LANGUAGE . '.php';
// Include the database class file and initiate an object
require WB_PATH . '/framework/class.admin.php';
$admin = new admin('Start', 'start', false, false);
// Get the website title
//$sql = 'SELECT `value` FROM `'.TABLE_PREFIX.'settings` '
//     . 'WHERE `name` = \'title\'';
//$oRes = $database->query($sql);
//$aSetting = $oRes->fetchRow(MYSQLI_ASSOC);
//$website_title = $aSetting['value'];
//unset($oRes);
// Check if the user has already submitted the form, otherwise show it
if (isset($_POST['email']) && $_POST['email'] != "") {
    $email = htmlspecialchars($_POST['email'], ENT_QUOTES);
    // Check if the email exists in the database
    $query = 'SELECT `user_id`, `username`, `display_name`, `email`, `last_reset`, `password` FROM `' . TABLE_PREFIX . 'users` ' . 'WHERE `email` = \'' . $admin->add_slashes($_POST['email']) . '\'';
    $oRes = $database->query($query);
    if ($oRes->numRows() > 0) {
        // Get the id, username, email, and last_reset from the above db query
        $results_array = $oRes->fetchRow(MYSQLI_ASSOC);
        // Check if the password has been reset in the last 2 hours
        $last_reset = $results_array['last_reset'];
        $time_diff = time() - $last_reset;
        // Time since last reset in seconds
        $time_diff = $time_diff / 60 / 60;
        // Time since last reset in hours
        if ($time_diff < 2) {
            // Tell the user that their password cannot be reset more than once per hour
            $message = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
        } else {
            $old_pass = $results_array['password'];
Пример #12
0
            case 'pages_directory':
                break;
            case 'wbmailer_smtp_auth':
                // $value = isset($_POST[$setting_name]) ? $_POST[$setting_name] : '' ;
                $value = true;
                $passed = true;
                break;
            default:
                $passed = in_array($setting_name, $allow_empty_values);
                break;
        }
        if (!in_array($setting_name, $allow_tags_in_fields)) {
            $value = strip_tags($value);
        }
        if (!in_array($value, $disallow_in_fields) && (isset($_POST[$setting_name]) || $passed == true)) {
            $value = trim($admin->add_slashes($value));
            $sql = 'UPDATE `' . TABLE_PREFIX . 'settings` ' . 'SET `value`=\'' . $value . '\' ' . 'WHERE `name`!=\'wb_version\' AND `name`=\'' . $setting_name . '\'';
            if (!$database->query($sql)) {
                $admin->print_error($database->get_error, $js_back);
                break;
            }
        }
    }
}
// Query current search settings in the db, then loop through them and update the db with the new value
$sql = 'SELECT `name`, `value` FROM `' . TABLE_PREFIX . 'search` ' . 'WHERE `extra`=\'\'';
if (!($res_search = $database->query($sql))) {
    $admin->print_error($database->is_error(), $js_back);
}
while ($search_setting = $res_search->fetchRow()) {
    $old_value = $search_setting['value'];
$pagetree_url = ADMIN_URL . '/pages/index.php';
$target_url = ADMIN_URL . '/pages/settings.php?page_id=' . $page_id;
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $target_url);
}
// After check print the header
$admin->print_header();
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Get values
$page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title')));
$menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title')));
$the_link = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('link')));
$page_code = intval($admin->get_post('page_code'));
$description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description'))));
$keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords'))));
$parent = intval($admin->get_post('parent'));
// fix secunia 2010-91-3
$visibility = $admin->get_post_escaped('visibility');
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {
    $visibility = 'public';
}
// fix secunia 2010-93-3
$template = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('template'));
// fix secunia 2010-93-3
//$template = (($template == DEFAULT_TEMPLATE ) ? '' : $template);
$target = preg_replace("/\\W/", "", $admin->get_post('target'));
$admin_groups = $admin->get_post_escaped('admin_groups');
$viewing_groups = $admin->get_post_escaped('viewing_groups');
$searching = intval($admin->get_post('searching'));
Пример #14
0
    require WB_PATH . '/framework/class.admin.php';
}
$admin = new admin('Addons', 'languages_uninstall', false);
$js_back = ADMIN_URL . '/languages/index.php';
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// After check print the header
$admin->print_header();
// Check if user selected language
if (!isset($_POST['code']) || $_POST['code'] == "") {
    $code = '';
    $admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'], $js_back);
} else {
    $code = $admin->add_slashes($_POST['code']);
}
if (!preg_match('/^[A-Z]{2}$/', $code) && $code != '') {
    $admin->print_error($MESSAGE['GENERIC_ERROR_OPENING_FILE'], $js_back);
}
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Check if the language exists
if (!file_exists(WB_PATH . '/languages/' . $code . '.php')) {
    $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED'], $js_back);
}
// Check if the language is in use
if ($code == DEFAULT_LANGUAGE or $code == LANGUAGE) {
    $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']);
} else {
    $query_users = $database->query("SELECT `user_id` FROM `" . TABLE_PREFIX . "users` WHERE `language` = '" . $code . "' LIMIT 1");
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with Website Baker; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA	02111-1307	USA
*/
// tool_doclone.php
// Where the actual cloning will take place
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
require_once WB_PATH . '/framework/class.order.php';
// create admin object depending on platform (admin tools were moved out of settings with WB 2.7)
$admin = new admin('admintools', 'admintools');
// First get the selected page
$title = isset($_REQUEST["title"]) ? $admin->add_slashes($_REQUEST["title"]) : '';
$parent = isset($_REQUEST["parent"]) ? $_REQUEST["parent"] : '';
$pagetoclone = isset($_REQUEST["pagetoclone"]) ? (int) $_REQUEST["pagetoclone"] : 0;
$include_subs = isset($_REQUEST["include_subs"]) ? '1' : '0';
$copy_title = isset($_REQUEST['include_title']) ? true : false;
$visibility = isset($_REQUEST['visibility']) ? $_REQUEST['visibility'] : 'public';
// Validate data
if ($title == '') {
    $admin->print_error($MESSAGE['PAGES']['BLANK_PAGE_TITLE']);
}
// The actual pagecloning
function clone_page($title, $parent, $pagetoclone, $copy_title, $visibility)
{
    // Get objects and vars from outside this function
    global $admin, $template, $database, $TEXT, $PCTEXT, $MESSAGE;
    global $page_id, $section_id;
// Setup admin object
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Addons', 'modules_uninstall', false);
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// After check print the header
$admin->print_header();
// Check if user selected module
if (!isset($_POST['file']) or $_POST['file'] == "") {
    header("Location: index.php");
    exit(0);
} else {
    $file = $admin->add_slashes($_POST['file']);
}
// Extra protection
if (trim($file) == '') {
    header("Location: index.php");
    exit(0);
}
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Check if the module exists
if (!is_dir(WB_PATH . '/modules/' . $file)) {
    $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']);
}
if (!function_exists("replace_all")) {
    function replace_all($aStr = "", &$aArray)
    {