$Logs = new cLogs("addcapability.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['add_capab'])) {
    foreach ($_POST as $k => $v) {
        $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
    }
    $Check = new cCheckForm();
    $namePat = '/^[a-zA-Z0-9_-]{1,50}$/';
    if ($Check->check('name', 'preg_match("' . $namePat . '",$test)', 'The NAME must be without whitespaces and diacritical marks and max. 50 symbols!')) {
        $Check->check('name', '$test==false', 'This capability already exists!', admin_capabExists($_POST['name']));
    }
    $Check->check('description', 'strlen($test) > 0 && strlen($test) < 266', 'The description of capability is required with max length 255 symbols!');
    $Logs->addLog($Check->isValid(), 'add new one valid');
    if (!$Check->isValid()) {
        foreach ($Check->getErrors() as $k => $error) {
            $aErrors[] = admin_getErrorToPrint($k, $error);
        }
    } else {
        try {
            $aVals = array();
            $aVals[] = array('name', $_POST['name']);
            $aVals[] = array('description', $_POST['description']);
            /// insert values ///
            if (!$DB->insert('core_capabilities', $aVals)) {
                throw new cException("Some error during insert operation!");
            }
            $aAlerts[] = "New capability waw added.";
        } catch (cException $e) {
Пример #2
0
 /**
  * adds msg to logs(passes msg to parent cLogs with prefix DB_LOG);
  * if second parameter is true adds also the msg to static logs in this class 
  * @param mixxed $value
  * @param string $name
  */
 public function addLog($value, $name = "--", $dbLog = "_dbLog")
 {
     parent::addLog($value, $name, $dbLog);
 }
 private function insert($aUser)
 {
     $time = getDateToDb(time() + AUTH_TIMEOUT);
     $sess = session_id();
     $res = cDb::insert('core_authentications', array(array('timeinit', $time), array('user', $aUser['id'], false), array('session', $sess), array('ip', $_SERVER['REMOTE_ADDR'])));
     if (!$res) {
         cLogs::addLog("#### AuthInsert: false");
         $this->aErrors[] = getString("Some error during login process!", 'core');
         $this->aErrors[] = getString("Contact your admin to solve this problem!", 'core');
         $this->clearSessions();
         $this->clearCookies();
         return false;
     }
     $this->setSessions($aUser);
     $this->setCookies($aUser);
     return true;
 }
Пример #4
0
<?php

if (!session_id()) {
    @session_start();
}
require_once "../core/core_defines.inc.php";
require_once ROOT_PATH . "core/global_fce.php";
requireFile("admin/admin_fce.php");
$DB = new cDb();
$DB->connect();
$CFG = new cCfg();
$Logs = new cLogs("index.php");
$Logs->on();
$Logs->addLog($_POST, "POST");
$_aErrors = array();
$_aAlerts = array();
$Authent = new cAuthentication();
$bAut = $Authent->authenticate();
if (!$bAut && ADMIN_PAGE_ACCESS_AUTHORIZIED || $bAut && !$CFG->hasCapability('superadmin')) {
    header("Location: " . HTTP_PATH);
}
$_index_rights = true;
foreach ($_GET as $k => $v) {
    $_GET[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
/// update capabilities ///
if (isset($_POST['update_capab'])) {
    _updateCapabilities();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Пример #5
0
 }
 $Check = new cCheckForm();
 $Check->check('name', 'strlen($test)>0 && strlen($test)<101', 'The name is required with max 100 symbols including whitespaces!');
 $Check->check('surname', 'strlen($test)>0 && strlen($test)<101', 'The surname is required with max 100 symbols including whitespaces!');
 $Check->check('role', 'is_numeric($test)', 'The role is required!');
 /// max. 50 symbols ///
 $loginPat = '/^[a-zA-Z0-9_-]{1,50}$/';
 if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) {
     /// check if login already exists ///
     $Check->check('login', '$test==false', 'This login already exists!', admin_userLoginExists($_POST['login']));
 }
 $passwPat = '/^[a-zA-Z0-9_-]{1,50}$/';
 if ($Check->check('password', 'strlen($test)>5 && strlen($test)<51', 'The password must have at least 6 symbols and max. 50, without diacritical marks and whitespaces!', $_POST['passw'])) {
     $Check->check('password', '$test==true', 'Verification of password is not correct!', $_POST['passw'] == $_POST['passw_ver']);
 }
 $Logs->addLog($Check->isValid(), 'add new one valid');
 if (!$Check->isValid()) {
     foreach ($Check->getErrors() as $k => $error) {
         $aErrors[] = admin_getErrorToPrint($k, $error);
     }
 } else {
     try {
         $aVals = array();
         $aVals[] = array('name', $_POST['name']);
         $aVals[] = array('surname', $_POST['surname']);
         $aVals[] = array('login', $_POST['login']);
         $aVals[] = array('password', cAuthentication::cyphrePassword($_POST['passw']));
         $aVals[] = array('role', $_POST['role'], false);
         /// insert values ///
         if (!$DB->insert('core_users', $aVals)) {
             throw new cException("Some error during insert operation!");
Пример #6
0
###################################### code ##############################################
$Logs = new cLogs("add.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
if (isset($_POST['add_template'])) {
    foreach ($_POST as $k => $v) {
        $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
    }
    $Check = new cCheckForm();
    $namePat = '/^([a-z]+[a-z0-9_-]+){1,50}$/';
    /// existing templates wasn't selected ///
    if ($Check->check('newtemp', 'preg_match("' . $namePat . '",$test)', 'The name of TEMPLATE must be in lowercase letters without whitespaces and diacritical marks and max. 50 symbols! (e.g.: newhomepage or new_home-page1')) {
        $Check->check('newtemp', '$test==false', 'The name of TEMPLATE already exists!', admin_tempExists($_POST['newtemp']));
    }
    $Logs->addLog($Check->isValid(), 'valid');
    //$Logs->addLog($Check->getErrors(),'errors');
    if (!$Check->isValid()) {
        foreach ($Check->getErrors() as $k => $error) {
            $aErrors[] = admin_getErrorToPrint($k, $error);
        }
        $result = false;
    } else {
        $result = add_insertNewTemplate();
    }
    if ($result) {
        $aAlerts[] = "Template was added.";
    } else {
        $aErrors[] = "Template wasn't added.";
    }
    $Logs->addLog($result, 'new template RESULT');
Пример #7
0
$aAlerts = array();
global $DB;
if (isset($_POST['add_role'])) {
    foreach ($_POST as $k => $v) {
        $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
    }
    $Check = new cCheckForm();
    /// max. 100 symbols ///
    if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) {
        /// check if name already exists ///
        $Check->check('name', '$test==false', 'The name of role already exists!', admin_roleExists($_POST['name']));
    }
    $Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!');
    $Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type');
    $Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type');
    $Logs->addLog($Check->isValid(), 'add new one valid');
    if (!$Check->isValid()) {
        foreach ($Check->getErrors() as $k => $error) {
            $aErrors[] = admin_getErrorToPrint($k, $error);
        }
    } else {
        try {
            $aVals = array();
            $aVals[] = array('name', $_POST['name']);
            $aVals[] = array('description', $_POST['description']);
            $sort = $_POST['sort'];
            $db_sorts = $DB->select('core_roles', array('id', 'sort'), null, 'sort');
            $aSort = array();
            foreach ($db_sorts as $dbsort) {
                $aSort[] = array($dbsort['id'], (int) $dbsort['sort']);
            }
Пример #8
0
if (isset($_POST['submit']) && (isset($_POST['pageid']) && is_numeric($_POST['pageid']))) {
    foreach ($_POST as $k => $v) {
        $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
    }
    $Check = new cCheckForm();
    /// existing templates wasn't selected ///
    $Check->check('temp', '$test !== "null"', 'TEMPLATE is required!');
    $bTitle = false;
    foreach ($_POST as $k => $v) {
        if (substr($k, 0, 3) == 'lng') {
            $Check->check('title' . substr($k, 3), 'strlen($test)>0', 'Title of PAGE' . strtoupper(substr($k, 3)) . ' is required!');
            $bTitle = true;
        }
    }
    $Check->check('page_title', '$test == true', 'Title of PAGE is required!', $bTitle);
    $Logs->addLog($Check->isValid(), 'valid');
    //$Logs->addLog($Check->getErrors(),'errors');
    if (!$Check->isValid()) {
        foreach ($Check->getErrors() as $k => $error) {
            $aErrors[] = admin_getErrorToPrint($k, $error);
        }
        $result = false;
    } else {
        $result = editpage_alterPage($_POST['pageid']);
    }
    if ($result) {
        $aAlerts[] = "Template was succesfully saved.";
    } else {
        $aErrors[] = "Template wasn't saved.";
    }
    $Logs->addLog($result, 'alter page RESULT');
Пример #9
0
}
$Logs = new cLogs("editroles.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['update_role'])) {
    foreach ($_POST as $k => $v) {
        $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
    }
    $Check = new cCheckForm();
    $Check->check('General', 'is_numeric($test) && ' . ($_POST['roleid'] == $_GET['id']), 'There is no correct role!', $_POST['roleid']);
    if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) {
        /// check if name already exists ///
        if ($exists = admin_roleExists($_POST['name'])) {
            $Logs->addLog($exists, 'role EXISTS');
            $exists = !($exists['id'] == $_POST['roleid']);
        }
        $Logs->addLog($exists, 'role EXISTS');
        $Check->check('name', '$test==false', 'The name of role already exists!', $exists);
    }
    $Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!');
    $Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type');
    $Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type');
    $Logs->addLog($Check->isValid(), 'form valid');
    if (!$Check->isValid()) {
        foreach ($Check->getErrors() as $k => $error) {
            $aErrors[] = admin_getErrorToPrint($k, $error);
        }
        //throw new cException("Form is not valid!");
    } else {
Пример #10
0
<?php

if (!session_id()) {
    @session_start();
}
require_once "core/core_defines.inc.php";
require_once "core/global_fce.php";
require_once "custom_defines.inc.php";
$Logs = new cLogs("index.php");
$Logs->on();
$Logs->addLog($_POST, "POST");
$DB = new cDb();
$connection = $DB->connect();
if ($connection) {
    $CFG = new cCfg();
    if (!isset($_GET['_pageAction_'])) {
        if (is_string($CFG->getDefaultPage('path'))) {
            header("Location: " . $CFG->getDefaultPage('path'));
        } else {
            if (!ADMIN_PAGE_ACCESS_AUTHORIZIED) {
                header("Location: " . HTTP_PATH . "admin");
            }
        }
    }
    $action = get_magic_quotes_gpc() ? $_GET['_pageAction_'] : addslashes($_GET['_pageAction_']);
    //$Logs->addLog($action,"_pageAction_");
    $CORE = new cBuildIndex($action);
    if (MK_DEBUG) {
        $CORE->addCssToHead("core/logs.css");
    }
    $Authent = new cAuthentication();
}
##########################################################################################
###################################### code ##############################################
$Logs = new cLogs("edittemplate.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['submit']) && (isset($_POST['tempid']) && is_numeric($_POST['tempid']))) {
    foreach ($_POST as $k => $v) {
        $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
    }
    $Check = new cCheckForm();
    $Check->check('js', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in JS field!');
    $Check->check('css', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in CSS field!');
    $Logs->addLog($Check->isValid(), 'valid');
    //$Logs->addLog($Check->getErrors(),'errors');
    if (!$Check->isValid()) {
        foreach ($Check->getErrors() as $k => $error) {
            $aErrors[] = admin_getErrorToPrint($k, $error);
        }
    } else {
        if ($_POST['parent_temp'] != 'null') {
            $aVals[] = array('parentid', intval($_POST['parent_temp']), false);
        } else {
            $aVals[] = array('parentid', 'NULL', false);
        }
        $aVals[] = array('js', $_POST['js']);
        $aVals[] = array('css', $_POST['css']);
        $aVals[] = array('timemodified', getDateToDb());
        try {
Пример #12
0
     $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
 }
 $aVals = array();
 $Check = new cCheckForm();
 $Check->check('General', 'is_numeric($test) && ' . ($_POST['userid'] == $_GET['id']), 'There is no correct user!', $_POST['userid']);
 $Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name must be max. 100 symbols!');
 $Check->check('surname', 'strlen($test) > 0 && strlen($test) < 101', 'The surname must be max. 100 symbols!');
 $Check->check('role', 'is_numeric($test)', 'The role is in wrong format!');
 /// change login ///
 if (strlen($_POST['login'])) {
     /// max. 50 symbols ///
     $loginPat = '/^[a-zA-Z0-9_-]{1,50}$/';
     if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) {
         /// check if login already exists ///
         if ($exists = admin_roleExists($_POST['login'])) {
             $Logs->addLog($exists, 'user login EXISTS');
             $exists = !($exists['id'] == $_POST['userid']);
         }
         $Logs->addLog($exists, 'user login EXISTS');
         $Check->check('login', '$test==false', 'This login already exists!', $exists);
     }
     $aVals[] = array('login', $_POST['login']);
 }
 /// change password ///
 if (strlen($_POST['passw'])) {
     $passwPat = '/^[a-zA-Z0-9_-]{1,50}$/';
     if ($Check->check('password', 'strlen($test)>5 && strlen($test)<51', 'The password must have at least 6 symbols and max. 50, without diacritical marks and whitespaces!', $_POST['passw'])) {
         $Check->check('password', '$test==true', 'Verification of password is not correct!', $_POST['passw'] == $_POST['passw_ver']);
     }
     $aVals[] = array('password', cAuthentication::cyphrePassword($_POST['passw']));
 }