# variable settings $path = GSDATAOTHERPATH; $file = GSWEBSITEFILE; $theme_options = ''; # was the form submitted? if (isset($_POST['submitted']) && isset($_POST['template'])) { check_for_csrf("activate"); # get passed value from form $newTemplate = var_in($_POST['template']); if (!path_is_safe(GSTHEMESPATH . $newTemplate, GSTHEMESPATH)) { die; } # backup old GSWEBSITEFILE (website.xml) file $bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH); // backups/other/ createBak($file, $path, $bakpath); # udpate GSWEBSITEFILE (website.xml) file with new theme $xml = new SimpleXMLExtended('<item></item>'); $note = $xml->addChild('SITENAME'); $note->addCData($SITENAME); $note = $xml->addChild('SITEURL'); $note->addCData($SITEURL); $note = $xml->addChild('TEMPLATE'); $note->addCData($newTemplate); $xml->addChild('PRETTYURLS', $PRETTYURLS); $xml->addChild('PERMALINK', $PERMALINK); XMLsave($xml, $path . $file); $success = i18n_r('THEME_CHANGED'); $TEMPLATE = $newTemplate; // set new global }
} else { $err .= i18n_r('USERNAME_ERROR') . '<br />'; } if (!check_email_address($_POST['email'])) { $err .= i18n_r('EMAIL_ERROR') . '<br />'; } else { $EMAIL = $_POST['email']; } # if there were no errors, continue setting up the site if ($err == '') { # create new password $random = createRandomPassword(); $PASSWD = passhash($random); # create user xml file $file = _id($USR) . '.xml'; createBak($file, GSUSERSPATH, GSBACKUSERSPATH); $xml = new SimpleXMLElement('<item></item>'); $xml->addChild('USR', $USR); $xml->addChild('PWD', $PASSWD); $xml->addChild('EMAIL', $EMAIL); $xml->addChild('HTMLEDITOR', '1'); $xml->addChild('TIMEZONE', $TIMEZONE); $xml->addChild('LANG', $LANG); if (!XMLsave($xml, GSUSERSPATH . $file)) { $kill = i18n_r('CHMOD_ERROR'); } # create password change trigger file $flagfile = GSUSERSPATH . _id($USR) . ".xml.reset"; copy(GSUSERSPATH . $file, $flagfile); # create new website.xml file $file = 'website.xml';
unlink(GSUSERSPATH . _id($USR) . '.xml.reset'); } $xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>'); $xml->addChild('USR', $USR); $xml->addChild('NAME', var_out($NAME)); $xml->addChild('PWD', $PASSWD); $xml->addChild('EMAIL', var_out($EMAIL, 'email')); $xml->addChild('HTMLEDITOR', $HTMLEDITOR); $xml->addChild('TIMEZONE', $TIMEZONE); $xml->addChild('LANG', $LANG); exec_action('settings-user'); if (!XMLsave($xml, GSUSERSPATH . $file)) { $error = i18n_r('CHMOD_ERROR'); } # create website xml file createBak($wfile, GSDATAOTHERPATH, GSBACKUPSPATH . 'other/'); $xmls = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>'); $note = $xmls->addChild('SITENAME'); $note->addCData($SITENAME); $note = $xmls->addChild('SITEURL'); $note->addCData($SITEURL); $note = $xmls->addChild('TEMPLATE'); $note->addCData($TEMPLATE); $xmls->addChild('PRETTYURLS', $PRETTYURLS); $xmls->addChild('PERMALINK', var_out($PERMALINK)); exec_action('settings-website'); if (!XMLsave($xmls, GSDATAOTHERPATH . $wfile)) { $error = i18n_r('CHMOD_ERROR'); } # see new language file immediately include GSLANGPATH . $LANG . '.php';
$SITEEMAIL = var_in($_POST['email'], 'email'); } if (isset($_POST['timezone'])) { $SITETIMEZONE = var_in($_POST['timezone']); } if (isset($_POST['lang'])) { $SITELANG = var_in($_POST['lang']); } // check valid lang files if (!in_array($LANG . '.php', $lang_array) and !in_array($LANG . '.PHP', $lang_array)) { die; } # create website xml file $bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH); // backups/other/ createBak(GSWEBSITEFILE, GSDATAOTHERPATH, $bakpath); $xmls = new SimpleXMLExtended('<item></item>'); $note = $xmls->addChild('SITENAME'); $note->addCData($SITENAME); $note = $xmls->addChild('SITEURL'); $note->addCData($SITEURL); $note = $xmls->addChild('TEMPLATE'); $note->addCData($TEMPLATE); $xmls->addChild('PRETTYURLS', $PRETTYURLS); $xmls->addChild('PERMALINK', $PERMALINK); $xmls->addChild('EMAIL', $SITEEMAIL); $xmls->addChild('TIMEZONE', $TIMEZONE); $xmls->addChild('LANG', $LANG); $xmls->addChild('SITEUSR', $SITEUSR); exec_action('settings-website'); if (!XMLsave($xmls, GSDATAOTHERPATH . GSWEBSITEFILE)) {
public function mmAddUser() { //Set User File, Username, And Password From Submission $usrfile = strtolower($_POST['usernamec']); $usrfile = $usrfile . '.xml'; $NUSR = strtolower($_POST['usernamec']); $pwd1 = $_POST['userpassword']; $NPASSWD = passhash($pwd1); // create user xml file - This coding was mostly taken from the 'settings.php' page.. createBak($usrfile, GSUSERSPATH, GSBACKUSERSPATH); if (file_exists(GSUSERSPATH . _id($NUSR) . '.xml.reset')) { unlink(GSUSERSPATH . _id($NUSR) . '.xml.reset'); } $xml = new SimpleXMLExtended('<item></item>'); $xml->addChild('USR', $NUSR); $xml->addChild('PWD', $NPASSWD); $xml->addChild('EMAIL', $_POST['useremail']); $xml->addChild('HTMLEDITOR', $_POST['usereditor']); $xml->addChild('TIMEZONE', $_POST['ntimezone']); $xml->addChild('LANG', $_POST['userlng']); $xml->addChild('USERSNAME', $_POST['users_name']); $userbio = $xml->addChild('USERSBIO'); $userbio->addCData($_POST['users_bio']); $perm = $xml->addChild('PERMISSIONS'); $perm->addChild('PAGES', $_POST['Pages']); $perm->addChild('FILES', $_POST['Files']); $perm->addChild('THEME', $_POST['Theme']); $perm->addChild('PLUGINS', $_POST['Plugins']); $perm->addChild('BACKUPS', $_POST['Backups']); $perm->addChild('SETTINGS', $_POST['Settings']); $perm->addChild('SUPPORT', $_POST['Support']); $perm->addChild('EDIT', $_POST['Edit']); $perm->addChild('LANDING', $_POST['Landing']); $perm->addChild('ADMIN', $_POST['Admin']); save_custom_permissions(); if (!XMLsave($xml, GSUSERSPATH . $usrfile)) { $error = i18n_r('CHMOD_ERROR'); } else { print '<div class="updated" style="display: block;">' . $NUSR . ' ' . i18n_r('user-managment/CREATED') . '</div>'; } //Show Manage Form mmManageUsersForm(); }
private static function gscsBackup() { $bakpath = GSBACKUPSPATH . 'other/custom_settings/'; if (!file_exists($bakpath)) { mkdir($bakpath); } $csfiles = array_diff(scandir(GSDATAOTHERPATH . 'custom_settings'), array('.', '..', '.htaccess')); foreach ($csfiles as $csfile) { createBak($csfile, GSDATAOTHERPATH . 'custom_settings/', $bakpath); } }
$data = getXML(GSDATAOTHERPATH . $file); $USR = $data->USR; $EMAIL = $data->EMAIL; } if (isset($_POST['submitted'])) { $nonce = $_POST['nonce']; if (!check_nonce($nonce, "reset_password")) { die("CSRF detected!"); } if (isset($_POST['email'])) { if ($_POST['email'] == $EMAIL) { // create new random password $random = createRandomPassword(); // create new users.xml file $bakpath = GSBACKUPSPATH . "other/"; createBak($file, GSDATAOTHERPATH, $bakpath); $flagfile = GSBACKUPSPATH . "other/user.xml.reset"; copy(GSDATAOTHERPATH . $file, $flagfile); $xml = @new SimpleXMLElement('<item></item>'); $xml->addChild('USR', @$USR); $xml->addChild('PWD', passhash($random)); $xml->addChild('EMAIL', @$EMAIL); XMLsave($xml, GSDATAOTHERPATH . $file); // send the email with the new password $subject = $site_full_name . ' ' . $i18n['RESET_PASSWORD'] . ' ' . $i18n['ATTEMPT']; $message = "'" . cl($SITENAME) . "' " . $i18n['RESET_PASSWORD'] . " " . $i18n['ATTEMPT']; $message .= '<br>-------------------------------------------------------<br>'; $message .= "<br>" . $i18n['LABEL_USERNAME'] . ": " . $USR; $message .= "<br>" . $i18n['NEW_PASSWORD'] . ": " . $random; $message .= '<br><br>' . $i18n['EMAIL_LOGIN'] . ': <a href="' . $SITEURL . 'admin/">' . $SITEURL . 'admin/</a>'; exec_action('resetpw-success');