}
        if (!empty($_POST['status_send'])) {
            $plugin['order_status'][] = 'SENT';
        }
        if (!empty($_POST['status_back'])) {
            $plugin['order_status'][] = 'RETURN';
        }
        if (!empty($_POST['status_done'])) {
            $plugin['order_status'][] = 'COMPLETED';
        }
        $plugin['order_status'] = implode('-', $plugin['order_status']);
        if ($plugin['order_status'] == '') {
            $plugin['order_status'] = 'NEW-ORDER';
        }
        $sql = 'UPDATE ' . DB_PREPEND . "phpwcms_shop_orders SET order_status='" . aporeplace($plugin['order_status']) . "' ";
        $sql .= "WHERE order_id=" . intval($_POST['order_status']);
        if (_dbQuery($sql, 'UPDATE')) {
            set_status_message($BLM['shopprod_status_msg'], 'success');
        }
    }
    $sql = 'SELECT *, UNIX_TIMESTAMP(order_date) AS order_date_unix FROM ' . DB_PREPEND . 'phpwcms_shop_orders ';
    $sql .= "WHERE order_id = " . intval($_GET['show']);
    $plugin['data'] = _dbQuery($sql);
    if (isset($plugin['data'][0])) {
        $plugin['data'] = $plugin['data'][0];
        $plugin['data']['order_data'] = @unserialize($plugin['data']['order_data']);
    } else {
        headerRedirect(shop_url('controller=order', ''));
    }
    $BLM['shopprod_payby_INVOICE'] = $BLM['shopprod_payby_onbill'];
}
            $plugin['data']['shopprod_filecaption'] = array();
            $plugin['data']['shopprod_url'] = isset($plugin['data']['shopprod_var']['url']) ? $plugin['data']['shopprod_var']['url'] : '';
        } else {
            headerRedirect(shop_url('controller=prod', ''));
        }
    }
    $sql = 'SELECT C1.cat_id, C1.cat_name, C1.cat_pid, C1.cat_status, ';
    $sql .= "IFNULL(CONCAT(C2.cat_name, '>', C1.cat_name), C1.cat_name) AS category ";
    $sql .= 'FROM ' . DB_PREPEND . 'phpwcms_categories C1 ';
    $sql .= 'LEFT JOIN ' . DB_PREPEND . 'phpwcms_categories C2 ';
    $sql .= 'ON C1.cat_pid=C2.cat_id ';
    $sql .= "WHERE C1.cat_type='module_shop' AND C1.cat_status!=9 ";
    $sql .= 'ORDER BY category';
    $plugin['data']['categories'] = _dbQuery($sql);
} elseif ($action == 'status') {
    list($plugin['data']['shopprod_id'], $plugin['data']['shopprod_status']) = explode('-', $_GET['status']);
    $plugin['data']['shopprod_id'] = intval($plugin['data']['shopprod_id']);
    $plugin['data']['shopprod_status'] = empty($plugin['data']['shopprod_status']) ? 1 : 0;
    $sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_shop_products SET ';
    $sql .= "shopprod_status = " . $plugin['data']['shopprod_status'] . " ";
    $sql .= "WHERE shopprod_id = " . $plugin['data']['shopprod_id'];
    _dbQuery($sql, 'UPDATE');
    headerRedirect(shop_url('controller=prod', ''));
} elseif ($action == 'delete') {
    $plugin['data']['shopprod_id'] = intval($_GET['delete']);
    $sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_shop_products SET ';
    $sql .= "shopprod_status = 9 ";
    $sql .= "WHERE shopprod_id = " . $plugin['data']['shopprod_id'];
    _dbQuery($sql, 'UPDATE');
    headerRedirect(shop_url('controller=prod', ''));
}
示例#3
0
         mysql_free_result($alias_result);
     }
 }
 //Kategoriebezeichner
 $article['cat'] = $content['struct'][$row["article_cid"]]['acat_name'];
 //redirection definition
 if ($row["article_redirect"]) {
     $row["article_redirect"] = str_replace('{SITE}', PHPWCMS_URL, $row["article_redirect"]);
     $content["redirect"] = explode(' ', $row["article_redirect"]);
     $content["redirect"]["link"] = $content["redirect"][0];
     $content["redirect"]["target"] = isset($content["redirect"][1]) ? $content["redirect"][1] : '';
     $content["redirect"]["timeout"] = isset($content["redirect"][2]) ? intval($content["redirect"][2]) : 0;
     //check how to redirect - new window or self window
     if (!$content["redirect"]["target"] || $content["redirect"]["target"] == "_self" || $content["redirect"]["target"] == "_top" || $content["redirect"]["target"] == "_parent") {
         // direct redirection in the same window
         headerRedirect($content["redirect"]["link"], 301);
     } else {
         // redirection by using a special <meta><javascript> html head part
         $content["redirect"]["code"] = LF . '  <noscript>' . LF;
         $content["redirect"]["code"] .= '	<meta http-equiv="refresh" content="' . $content["redirect"]["timeout"] . ';URL=';
         $content["redirect"]["code"] .= $content["redirect"]["link"];
         $content["redirect"]["code"] .= '" />' . LF . '  </noscript>' . LF;
         $content["redirect"]["code"] .= '  <script' . SCRIPT_ATTRIBUTE_TYPE . '>' . LF;
         $content["redirect"]["code"] .= '	var redirectWin;' . LF;
         if ($content["redirect"]["timeout"]) {
             $content["redirect"]["code"] .= '	window.setTimeout(\'window.open("' . $content["redirect"]["link"] . '", redirectWin)\', ';
             $content["redirect"]["code"] .= $content["redirect"]["timeout"] * 1000;
             $content["redirect"]["code"] .= ');';
         } else {
             $content["redirect"]["code"] .= '	window.open("' . $content["redirect"]["link"] . '", redirectWin);';
         }
示例#4
0
if (isset($phpwcms['modules'][$module]['path'])) {
    // module default stuff
    // load special backend CSS
    $BE['HEADER']['module_calendar.css'] = '	<link href="' . $phpwcms['modules'][$module]['dir'] . 'template/backend.calendar.css" rel="stylesheet" type="text/css" />';
    // put translation back to have easier access to it - use it as relation
    $BLM =& $BL['modules'][$module];
    define('MODULE_HREF', 'phpwcms.php?do=modules&amp;module=' . $module);
    $glossary = array();
    if (isset($_GET['edit'])) {
        // handle posts and read data
        include_once $phpwcms['modules'][$module]['path'] . 'inc/processing.inc.php';
        // edit form
        include_once $phpwcms['modules'][$module]['path'] . 'backend.editform.php';
    } elseif (isset($_GET['verify'])) {
        // active/inactive
        $sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_calendar SET ';
        $sql .= "calendar_status=" . (intval($_GET['verify']) ? 1 : 0) . " ";
        $sql .= "WHERE calendar_id=" . intval($_GET['editid']);
        @_dbQuery($sql, 'UPDATE');
        headerRedirect(decode_entities(MODULE_HREF));
    } elseif (isset($_GET['delete'])) {
        // delete
        $sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_calendar SET ';
        $sql .= "calendar_status=9 WHERE calendar_id=" . intval($_GET['delete']);
        @_dbQuery($sql, 'UPDATE');
        headerRedirect(decode_entities(MODULE_HREF));
    } else {
        // listing
        include_once $phpwcms['modules'][$module]['path'] . 'backend.listing.php';
    }
}
示例#5
0
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if ($_SESSION["wcs_user_admin"] == 1) {
    list($do, $id) = explode('|', $_GET['do']);
    $do = intval($do);
    $id = intval($id);
    if ($id) {
        if ($do === 1) {
            _dbUpdate('phpwcms_pagelayout', array('pagelayout_default' => 0, 'pagelayout_trash' => 9), 'pagelayout_id=' . $id);
        } elseif ($do === 2) {
            $result = _dbUpdate('phpwcms_template', array('template_default' => 0, 'template_trash' => 9), 'template_id=' . $id);
            // Update article categories with new default template ID or to 0 if no default template is defined
            if ($result) {
                $default = _dbGet('phpwcms_template', 'template_id, template_default', 'template_trash=0 AND template_default=1', '', '', 1);
                _dbUpdate('phpwcms_articlecat', array('acat_template' => isset($default[0]['template_id']) ? $default[0]['template_id'] : 0), 'acat_trash=0 AND acat_template=' . $id);
            }
        }
    }
}
headerRedirect($_SESSION['REFERER_URL']);
示例#6
0
            $sql .= 'glossary_created, glossary_changed, glossary_title, glossary_tag, ';
            $sql .= 'glossary_keyword, glossary_text, glossary_highlight, glossary_object, glossary_status';
            $sql .= ') VALUES (';
            $sql .= "'" . aporeplace($glossary['data']['glossary_created']) . "', ";
            $sql .= "'" . aporeplace($glossary['data']['glossary_changed']) . "', ";
            $sql .= "'" . aporeplace($glossary['data']['glossary_title']) . "', ";
            $sql .= "'" . aporeplace($glossary['data']['glossary_tag']) . "', ";
            $sql .= "'" . aporeplace($glossary['data']['glossary_keyword']) . "', ";
            $sql .= "'" . aporeplace($glossary['data']['glossary_text']) . "', ";
            $sql .= aporeplace($glossary['data']['glossary_highlight']) . ', ';
            $sql .= "'" . aporeplace(serialize($glossary['data']['glossary_object'])) . "', ";
            $sql .= aporeplace($glossary['data']['glossary_status']);
            $sql .= ')';
            if ($result = @_dbQuery($sql, 'INSERT')) {
                if (isset($_POST['save'])) {
                    headerRedirect(decode_entities(GLOSSARY_HREF));
                }
                if (!empty($result['INSERT_ID'])) {
                    $glossary['id'] = $result['INSERT_ID'];
                }
            } else {
                $glossary['error']['update'] = mysql_error();
            }
        }
    }
}
// try to read entry from database
if ($glossary['id'] && !isset($glossary['error'])) {
    $sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_glossary WHERE glossary_id=' . $glossary['id'];
    $glossary['data'] = _dbQuery($sql);
    $glossary['data'] = $glossary['data'][0];
            // check for multiple entries
            if ($value['address_count'] > 1) {
                $sql = 'SELECT address_id FROM ' . DB_PREPEND . 'phpwcms_address ';
                $sql .= "WHERE address_email='" . aporeplace($value['address_email']) . "' ";
                $sql .= 'ORDER BY address_verified DESC, address_name DESC LIMIT 1';
                $dataID = _dbQuery($sql);
                if (!empty($dataID[0]['address_id'])) {
                    $sql = 'DELETE FROM ' . DB_PREPEND . 'phpwcms_address ';
                    $sql .= "WHERE address_email='" . aporeplace($value['address_email']) . "' ";
                    $sql .= "AND address_id != " . intval($dataID[0]['address_id']);
                    @_dbQuery($sql, 'DELETE');
                }
            }
        }
    }
    headerRedirect(PHPWCMS_URL . 'phpwcms.php?do=messages&p=4');
}
// delete susbcriber
if (isset($_GET["del"]) && isset($_GET["s"]) && $_GET["del"] == $_GET["s"]) {
    _dbQuery("DELETE FROM " . DB_PREPEND . "phpwcms_address WHERE address_id=" . intval($_GET["del"]) . " LIMIT 1", 'DELETE');
}
// change verification
if (isset($_GET["verify"]) && isset($_GET["s"])) {
    $sql = "UPDATE " . DB_PREPEND . "phpwcms_address SET address_verified=";
    $sql .= intval($_GET["verify"]) ? 1 : 0;
    $sql .= " WHERE address_id=" . intval($_GET["s"]) . " LIMIT 1";
    _dbQuery($sql, 'UPDATE');
}
echo '<div class="title" style="margin-bottom:10px">' . $BL['be_subnav_msg_subscribers'] . '</div>';
?>
示例#8
0
                if (!empty($data[0]['address_url1'])) {
                    headerRedirect($data[0]['address_url1']);
                }
                if (!($page = file_get_contents(PHPWCMS_TEMPLATE . 'inc_default/subscribe.tmpl'))) {
                    $page = "The email address <strong>{EMAIL}</strong> was verified.";
                }
                break;
            case 'unsubscribe':
                $sql = 'DELETE FROM ' . DB_PREPEND . 'phpwcms_address ';
                $sql .= "WHERE address_key='" . aporeplace($hash) . "'";
                $result = _dbQuery($sql, 'DELETE');
                if (!empty($data[0]['address_url2'])) {
                    headerRedirect($data[0]['address_url2']);
                }
                if (!($page = file_get_contents(PHPWCMS_TEMPLATE . 'inc_default/unsubscribe.tmpl'))) {
                    $page = "All Subscriptions for <strong>{EMAIL}</strong> canceled.";
                }
                break;
        }
    } else {
        headerRedirect(PHPWCMS_URL);
    }
} else {
    headerRedirect(PHPWCMS_URL);
}
// some replacements
$page = replaceGlobalRT($page);
$page = str_replace('{EMAIL}', $email, $page);
// send non caching page header
headerAvoidPageCaching();
echo $page;
示例#9
0
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// general wrapper for ajax based queries
session_start();
$phpwcms = array();
require '../../include/config/conf.inc.php';
require '../inc_lib/default.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if (empty($_SESSION["wcs_user"])) {
    headerRedirect('', 401);
    die('Sorry, access forbidden');
}
if (isset($_POST['action'])) {
    $action = isset($_POST['action']) ? $_POST['action'] : false;
    $method = isset($_POST['method']) ? $_POST['method'] : 'json';
    $value = isset($_POST['value']) ? clean_slweg($_POST['value'], 0, false) : '';
    $jquery = false;
} elseif ($_GET['action']) {
    $action = isset($_GET['action']) ? $_GET['action'] : false;
    $method = isset($_GET['method']) ? $_GET['method'] : 'json';
    $value = isset($_GET['value']) ? clean_slweg($_GET['value'], 0, false) : '';
    $jquery = true;
}
if (empty($value)) {
    $action = 'empty';
示例#10
0
                    }
                }
                $basis = floor($value["max_width"] / $grid);
                if (!$basis) {
                    $basis = 1;
                }
                $value["max_width"] = $basis * $grid;
                $basis = floor($value["max_height"] / $grid);
                if (!$basis) {
                    $basis = 1;
                }
                $value["max_height"] = $basis * $grid;
            }
            if (($image = get_cached_image($value, false, false)) && !empty($image[0])) {
                // Redirect, the "old" way
                if (!empty($phpwcms['cmsimage_redirect'])) {
                    headerRedirect(PHPWCMS_URL . PHPWCMS_IMAGES . $image[0], 301);
                }
                if (empty($image['type'])) {
                    $image['type'] = get_mimetype_by_extension(which_ext($image[0]));
                }
                header('Content-Type: ' . $image['type']);
                header('Content-Disposition: inline');
                @readfile(PHPWCMS_THUMB . $image[0]);
                exit;
            }
        }
    }
}
// uncached transparent GIF
phpwcms_empty_gif();
示例#11
0
    //Wenn Benutzer Admin-Rechte hat
    //Löschen eines Benutzers
    if (isset($_GET["del"])) {
        $ui = explode(":", clean_slweg($_GET["del"]));
        $user_id = intval($ui[0]);
        $user_email = '';
        if (isset($ui[1])) {
            $user_email = $ui[1];
        }
        if ($user_id != $_SESSION["wcs_user_id"]) {
            $sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET " . "usr_login='******', " . "usr_pass='******', " . "usr_email='', " . "usr_admin=0, " . "usr_aktiv=9 " . "WHERE usr_id=" . $user_id . " AND " . "usr_email=" . _dbEscape($user_email);
            if ($result = mysql_query($sql, $db)) {
                if (is_valid_email($user_email)) {
                    @mail($user_email, "your account", "YOUR PHPWCMS ACCOUNT WAS DELETED\n \ncontact the admin if you have any question.\n\nSee you at " . $phpwcms["site"], "From: " . $phpwcms["admin_email"] . "\nReply-To: " . $phpwcms["admin_email"] . "\n");
                }
            }
        }
    }
    if (isset($_GET["aktiv"])) {
        $ui = explode(":", clean_slweg($_GET["aktiv"]));
        $user_id = intval($ui[0]);
        $user_aktiv = !empty($ui[1]) ? 1 : 0;
        if ($user_id != $_SESSION["wcs_user_id"]) {
            $sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET usr_aktiv=" . $user_aktiv . " WHERE usr_id=" . $user_id . ";";
            mysql_query($sql, $db) or die("error");
        }
    }
}
//Ende Abarbeiten Aktion
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin');
示例#12
0
<?php

// compare against current domain and redirect to correct if neccessary
//check active Domain
if (isset($LEVEL_ID[1]) && $LEVEL_ID[1] == 1 && strpos(PHPWCMS_URL, 'mydomain1.com') === false) {
    headerRedirect('http://www.mydomain1.com/' . rel_url(array(), array(), '', 'urlencode'));
} elseif (isset($LEVEL_ID[1]) && $LEVEL_ID[1] == 2 && strpos(PHPWCMS_URL, 'mydomain2.com') === false) {
    headerRedirect('http://www.mydomain2.com/' . rel_url(array(), array(), '', 'urlencode'));
}
示例#13
0
         $sql = "UPDATE " . DB_PREPEND . "phpwcms_forum SET " . $sqla;
         $sql .= " WHERE forum_entry=0 AND forum_id=" . $forum["id"];
         $sql .= " LIMIT 1";
     } else {
         $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_forum SET ";
         $sql .= "forum_entry='0', ";
         $sql .= "forum_uid='" . $_SESSION["wcs_user_id"] . "', ";
         $sql .= "forum_created = '" . time() . "', ";
         $sql .= $sqla;
     }
     // update or insert data entry
     mysql_query($sql, $db) or die("error while updating or inserting forum data");
     if (!$forum["id"]) {
         $forum["id"] = mysql_insert_id($db);
     }
     headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&' . build_QueryString('&', 'do=messages', 'p=6', 's=' . $forum["id"]));
 }
 if ($forum["id"]) {
     // read the given subscription datas from db
     $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_forum WHERE forum_id=" . $forum["id"] . " LIMIT 1;";
     if ($result = mysql_query($sql, $db)) {
         if ($row = mysql_fetch_assoc($result)) {
             $forum["id"] = $row["forum_id"];
             $forum["title"] = html($row["forum_title"]);
             $forum["text"] = html($row["forum_text"]);
         }
         mysql_free_result($result);
     }
 }
 // show form
 ?>
         $sql = "UPDATE " . DB_PREPEND . "phpwcms_template SET " . "template_name='" . aporeplace($template["name"]) . "', " . "template_default=" . $template["default"] . ", " . "template_var='" . aporeplace(serialize($template)) . "' " . "WHERE template_id=" . $template["id"];
     } else {
         // if ID = 0 then show create new template form
         $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_template (" . "template_name, template_default, template_var) VALUES ('" . aporeplace($template["name"]) . "', " . $template["default"] . ", '" . aporeplace(serialize($template)) . "')";
     }
     // update or insert data entry
     @mysql_query($sql, $db) or die("error while updating or inserting template datas");
     if (empty($template["id"]) || $createcopy == 1) {
         $template["id"] = mysql_insert_id($db);
     }
     //now proof for default template definition
     if ($template["default"]) {
         mysql_query("UPDATE " . DB_PREPEND . "phpwcms_template SET template_default=0 " . "WHERE template_id != " . $template["id"], $db);
     }
     update_cache();
     headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=11&s=' . $template["id"]);
 }
 if ($template["id"]) {
     // read the given template datas from db
     $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_template WHERE template_id=" . $template["id"] . " LIMIT 1";
     if ($result = mysql_query($sql, $db)) {
         if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
             unset($template);
             $template = unserialize($row["template_var"]);
             $template["id"] = $row["template_id"];
             $template["default"] = $row["template_default"];
             // compatibility for older releases where only
             // 1 css file could be stored per template
             if (is_string($template['css'])) {
                 $template['css'] = array($template['css']);
             }
            $sql .= 'adplace_created, adplace_changed, adplace_status, adplace_title, ';
            $sql .= 'adplace_format, adplace_width, adplace_height, adplace_prefix, adplace_suffix';
            $sql .= ') VALUES (';
            $sql .= "'" . aporeplace($plugin['data']['adplace_created']) . "', ";
            $sql .= "'" . aporeplace($plugin['data']['adplace_changed']) . "', ";
            $sql .= $plugin['data']['adplace_status'] . ", ";
            $sql .= "'" . aporeplace($plugin['data']['adplace_title']) . "', ";
            $sql .= $plugin['data']['adplace_format'] . ", ";
            $sql .= $plugin['data']['adplace_width'] . ", ";
            $sql .= $plugin['data']['adplace_height'] . ", ";
            $sql .= "'" . aporeplace($plugin['data']['adplace_prefix']) . "', ";
            $sql .= "'" . aporeplace($plugin['data']['adplace_suffix']) . "'";
            $sql .= ')';
            if (@_dbQuery($sql, 'INSERT')) {
                if (isset($_POST['save'])) {
                    headerRedirect(decode_entities(MODULE_HREF) . '&listadplace=1');
                }
            } else {
                $plugin['error']['update'] = mysql_error();
            }
        }
    }
}
// try to read entry from database
if ($plugin['id'] && !isset($plugin['error'])) {
    $sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_ads_place WHERE adplace_id=' . $plugin['id'];
    $plugin['data'] = _dbQuery($sql);
    $plugin['data'] = $plugin['data'][0];
}
// default values
if (empty($plugin['data'])) {
示例#16
0
// try browser based language detection
// but only when user has opened the root level
$_DOMAIN_DETECT_BROWSER_LANG = true;
//////////////////////////////////////////////////////////////////////////////////
$_DOMAIN_URI = strtolower($_SERVER['SERVER_NAME']);
if (isset($LEVEL_ID[1])) {
    $_DOMAIN_STATUS = true;
    foreach ($_DOMAIN_REDIRECT as $key => $value) {
        if ($LEVEL_ID[1] == $value['ID'] && strpos($_DOMAIN_URI, strtolower($key)) !== false) {
            $_DOMAIN_STATUS = false;
            break;
        } elseif ($LEVEL_ID[1] == $value['ID'] && strpos($_DOMAIN_URI, strtolower($key)) === false) {
            headerRedirect($value['HOME_URL'], 301);
        }
    }
    if ($_DOMAIN_STATUS) {
        reset($_DOMAIN_REDIRECT);
        $value = current($_DOMAIN_REDIRECT);
        headerRedirect($value['HOME_URL'], 301);
    }
} elseif ($_DOMAIN_DETECT_BROWSER_LANG && $content['cat_id'] == 0) {
    $current_lang = strtoupper(substr(preg_replace('/(;q=\\d+.\\d+)/i', '', $_SERVER['HTTP_ACCEPT_LANGUAGE']), 0, 2));
    foreach ($_DOMAIN_REDIRECT as $key => $value) {
        if ($value['LANG'] == $current_lang) {
            headerRedirect($value['HOME_URL'], 301);
        }
    }
    reset($_DOMAIN_REDIRECT);
    $value = current($_DOMAIN_REDIRECT);
    headerRedirect($value['HOME_URL'], 301);
}
示例#17
0
function checkLogin($mode = 'REDIRECT')
{
    $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_in=0, logged_change='" . time() . "' ";
    $sql .= "WHERE logged_in=1 AND (" . time() . "-logged_change) > " . intval($GLOBALS['phpwcms']["max_time"]);
    _dbQuery($sql, 'UPDATE');
    checkLoginCount();
    if (empty($_SESSION["wcs_user"])) {
        @session_destroy();
        $ref_url = '';
        if (!empty($_SERVER['QUERY_STRING'])) {
            $ref_url = '?ref=' . rawurlencode(PHPWCMS_URL . 'phpwcms.php?' . xss_clean($_SERVER['QUERY_STRING']));
        }
        if ($mode == 'REDIRECT') {
            // check again if user was logged in and this is a valid redirect request
            $sql = 'SELECT COUNT(*)  FROM ' . DB_PREPEND . 'phpwcms_userlog WHERE ';
            $sql .= "logged_ip=" . _dbEscape(getRemoteIP()) . " AND ";
            $sql .= '( ' . time() . ' - logged_change ) < 3600';
            $ref_url = _dbCount($sql) > 0 ? get_login_file() . $ref_url : '';
            headerRedirect(PHPWCMS_URL . $ref_url);
        } else {
            return false;
        }
    }
    return true;
}
function update_404redirect()
{
    $data = array('error' => array(), 'data' => array('rid' => intval($_POST['rid']), 'alias' => clean_slweg($_POST['alias']), 'id' => trim($_POST['id']) === '' ? '' : intval($_POST['id']), 'aid' => trim($_POST['aid']) === '' || !intval($_POST['aid']) ? '' : intval($_POST['aid']), 'type' => empty($_POST['type']) || !in_array($_POST['type'], array('alias', 'id', 'aid', 'link')) ? '' : clean_slweg($_POST['type']), 'active' => empty($_POST['active']) ? 0 : 1, 'shortcut' => empty($_POST['shortcut']) ? 0 : 1, 'code' => empty($_POST['code']) || !in_array($_POST['code'], array('301', '307', '404', '401', '503')) ? '' : clean_slweg($_POST['code']), 'target' => clean_slweg($_POST['target']), 'changed' => date('Y-m-d H:i:s')));
    if (!$data['data']['aid'] && !$data['data']['alias'] && $data['data']['id'] == '' && !isset($_POST['delete_' . md5($data['data']['rid'])])) {
        $data['error'][] = $GLOBALS['BL']['be_redirect_error1'];
    }
    if ($data['data']['type'] && $data['data']['target'] === '') {
        $data['error'][] = $GLOBALS['BL']['be_redirect_error2'];
    } elseif (($data['data']['type'] == 'id' || $data['data']['type'] == 'aid') && !is_intval($data['data']['target'])) {
        $data['error'][] = $GLOBALS['BL']['be_redirect_error3'];
    }
    if (count($data['error'])) {
        $data['data']['active'] = 0;
        set_status_message(implode('<br />', $data['error']), 'error');
    } else {
        $data['error'] = NULL;
        $rid = $data['data']['rid'];
        unset($data['data']['rid']);
        if ($rid) {
            // Mark for deletion
            if (isset($_POST['delete_' . md5($rid)])) {
                $data['data']['active'] = 9;
                $result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_redirect WHERE rid=' . $rid, 'DELETE');
            } else {
                $result = _dbUpdate('phpwcms_redirect', $data['data'], 'rid=' . $rid);
            }
        } else {
            $result = _dbInsert('phpwcms_redirect', $data['data']);
            if (isset($result['INSERT_ID'])) {
                $rid = $result['INSERT_ID'];
            }
        }
        $data['data']['rid'] = $rid;
        if ($result) {
            if ($data['data']['active'] == 9) {
                set_status_message(str_replace('{ID}', $data['data']['rid'], $GLOBALS['BL']['be_action_deleted']), 'success');
                headerRedirect('phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=14');
            } else {
                set_status_message($GLOBALS['BL']['be_successfully_saved'], 'success');
            }
        } else {
            set_status_message($GLOBALS['BL']['be_error_while_save'], 'error');
        }
    }
    return $data;
}
示例#19
0
        $fkey["sort"] = empty($_POST["fkey_sort"]) ? 0 : intval($_POST["fkey_sort"]);
        if (isEmpty($fkey["name"])) {
            $fkey["error"] = 1;
        } else {
            if (!$fkey["id"]) {
                $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_filekey (fkey_name, fkey_aktiv, fkey_cid, fkey_sort) VALUES ('";
                $sql .= aporeplace($fkey["name"]) . "', " . $fkey["active"] . ", " . $fkey["cid"] . ", " . $fkey["sort"] . ")";
            } else {
                $sql = "UPDATE " . DB_PREPEND . "phpwcms_filekey SET fkey_name='" . aporeplace($fkey["name"]);
                $sql .= "', fkey_aktiv=" . $fkey["active"] . ", fkey_cid=" . $fkey["cid"] . ", fkey_sort=" . $fkey["sort"] . " WHERE fkey_id=" . $fkey["id"];
            }
            if ($result = mysql_query($sql, $db) or die("error while inserting/updating file key")) {
                if (!$fkey["id"]) {
                    $fkey["id"] = mysql_insert_id($db);
                }
                headerRedirect(PHPWCMS_URL . "phpwcms.php?do=admin&p=7");
            }
        }
    }
    ?>
		  <form action="phpwcms.php?do=admin&amp;p=7&amp;fkeyid=<?php 
    echo $fkey["id"] . "&cid=" . $fkey["cid"];
    ?>
" method="post" name="filekey" id="filekey">
		  <tr align="center" bgcolor="#F0F2F4"><td colspan="2"><table border="0" cellpadding="0" cellspacing="0" summary="">
		  <tr>
		      <td align="right" class="chatlist"><?php 
    echo $BL['be_admin_fcat_fcat'];
    ?>
:&nbsp;</td>
		      <td><select name="fkey_cid" id="fkey_cid">
示例#20
0
function logout_user($reason = '', $type = '')
{
    $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 ";
    $sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1";
    _dbQuery($sql, 'UPDATE');
    $_SESSION = array();
    @session_destroy();
    $login_url = PHPWCMS_URL . get_login_file();
    $get_parameter = array();
    if ($reason) {
        $get_parameter[] = 'reason=' . rawurlencode($reason);
    }
    if ($type) {
        $get_parameter[] = 'type=' . rawurlencode($type);
    }
    if (count($get_parameter)) {
        $login_url .= '?' . implode('&', $get_parameter);
    }
    headerRedirect($login_url, 401);
}
示例#21
0
        $mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100);
        if (!is_mimetype_format($mime)) {
            $mime = get_mimetype_by_extension(which_ext($file));
        }
        header('Content-Type: ' . $mime);
        if (BROWSER_OS == 'iOS') {
            require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php';
            rangeDownload($file);
        } else {
            header('Content-Transfer-Encoding: binary');
            if (!isset($_GET['ios'])) {
                header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"');
            }
            header('Content-Length: ' . filesize($file));
            readfile($file);
        }
        $success = true;
    }
}
if ($success) {
    $sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET f_dlfinal=f_dlfinal+1 ";
    $sql .= "WHERE f_hash=" . _dbEscape($download["f_hash"]) . " LIMIT 1";
    _dbQuery($sql, 'UPDATE');
    if ($countonly) {
        headerRedirect(PHPWCMS_URL . PHPWCMS_FILES . $fileinfo['filename']);
    }
} else {
    headerRedirect('', 404);
    echo '<h1>404 File Not Found</h1>';
}
exit;
示例#22
0
} elseif (isset($POST_ERR)) {
    // do on POST_ERROR
    if (isset($_FILES)) {
        foreach ($_FILES as $file_key => $file_val) {
            @unlink($_FILES[$file_key]['tmp_name']);
        }
        if (isset($POST_val) && count($POST_val)) {
            foreach ($POST_val as $file_key => $file_val) {
                if (isset($POST_val[$file_key]['name'])) {
                    @unlink(PHPWCMS_ROOT . '/' . $POST_val[$file_key]['folder'] . $POST_val[$file_key]['name']);
                }
            }
        }
    }
    if ($cnt_form["onerror_redirect"] === 1) {
        headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onerror"]));
    } else {
        if ($cnt_form["onerror"]) {
            $form_error_text = '<div class="form-error on-send">' . LF;
            $form_error_text .= $cnt_form["onerror_redirect"] === 0 ? plaintext_htmlencode($cnt_form["onerror"]) : $cnt_form["onerror"];
            $form_error_text .= LF . '</div>' . LF;
        }
        $POST_ERR = array_diff($POST_ERR, array('', FALSE, TRUE));
        $POST_ERR = array_map('html_specialchars', $POST_ERR);
        if ($cnt_form['labelpos'] != 2 && count($POST_ERR)) {
            if ($cnt_form['labelpos'] == 3) {
                $form_error = '<div class="' . trim('form-error ' . $cnt_form["error_class"]) . '">' . LF;
                $form_error .= '	<p>' . implode('</p>' . LF . '	<p>', $POST_ERR) . '</p>' . LF;
                $form_error .= '</div>' . LF;
            } else {
                $form_error = "<tr>\n";
                    if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) {
                        $file_error["upload"] = $BL['be_fprivup_err3'] . ' (2)';
                    }
                } else {
                    $file_error["upload"] = $BL['be_fprivup_err4'];
                }
                umask($oldumask);
            }
            if (is_file($usernewfile)) {
                @chmod($usernewfile, 0666);
            }
            if (empty($file_error["upload"])) {
                // store tags
                _dbSaveCategories($file_tags, 'file', $new_fileId, ',');
                //after successful upload go back to clear post (form) var
                headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=files&f=0&uploaded=1');
            } else {
                echo $file_error["upload"] . "<br />";
                $file_error["upload"] = str_replace('{VAL}', $phpwcms["admin_email"], $BL['be_fprivup_err6']);
                mysql_query("DELETE FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $new_fileId . " AND f_uid=" . $_SESSION["wcs_user_id"] . ";", $db);
            }
        }
    }
    if (!ini_get('safe_mode') && function_exists('set_time_limit')) {
        set_time_limit(30);
    }
}
?>
<form action="phpwcms.php?do=files&amp;f=0" method="post" enctype="multipart/form-data" name="uploadfile" id="uploadfile">
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#EBF2F4" summary="">
	<tr>
示例#24
0
//Undo Normale Message
if ($do == 3) {
    if (intval($wert) == 0) {
        $sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_deleted=0, msg_tstamp=msg_tstamp WHERE " . "msg_uid=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . ";";
        mysql_query($sql, $db) or die("error");
    }
}
//Undo Sent Message
if ($do == 4) {
    if (intval($wert) == 0) {
        $sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_from_del=0, msg_tstamp=msg_tstamp  WHERE " . "msg_from=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . ";";
        mysql_query($sql, $db) or die("error");
    }
}
//Delete Normale Message
if ($do == 5) {
    if (intval($wert) == 9) {
        $sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_deleted=9, msg_tstamp=msg_tstamp WHERE " . "msg_uid=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . " AND msg_deleted=1;";
        mysql_query($sql, $db) or die("error");
    }
}
//Delete sent message (Set del to 9)
if ($do == 6) {
    if (intval($wert) == 9) {
        $sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_from_del=9, msg_tstamp=msg_tstamp  WHERE " . "msg_from=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . " AND msg_from_del=1;";
        mysql_query($sql, $db) or die("error");
    }
}
$ref = empty($_SESSION['REFERER_URL']) ? PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') : $_SESSION['REFERER_URL'];
headerRedirect($ref);
示例#25
0
function importData($type, $format, $filename)
{
    switch ($type) {
        case 'ioc':
            $iocList = [];
            switch ($format) {
                case 'json':
                    $iocList = json_decode(file_get_contents($filename), true);
                    // 					foreach ($iocList as &$ioc) $ioc['value'] = json_encode($ioc['value']);
                    break;
                case 'csv':
                    $iocList = parseCsv(file($filename));
                    foreach ($iocList as &$ioc) {
                        unpackValues($ioc['value']);
                    }
                    break;
                default:
                    throw new Exception('Unsupported format');
            }
            if (!is_array($iocList) || isIocData($iocList)) {
                $iocList = [$iocList];
            }
            $iocApi = new Ioc([]);
            foreach ($iocList as $ioc) {
                if (isIocData($ioc)) {
                    $ioc['value'] = json_encode($ioc['value']);
                    $iocApi->setParams($ioc)->addAction();
                } else {
                    throw new Exception('Bad data');
                }
            }
            headerRedirect(1, 'IOC import successful');
        case 'set':
            $setList = [];
            switch ($format) {
                case 'json':
                    $setList = json_decode(file_get_contents($filename), true);
                    break;
                default:
                    throw new Exception('Unsupported format');
            }
            if (!is_array($setList) || isSetData($setList)) {
                $setList = [$setList];
            }
            $iocApi = new Ioc([]);
            $setApi = new Set([]);
            foreach ($setList as $set) {
                if (isSetData($set)) {
                    $goodName = $set['name'];
                    $iter = 1;
                    $namePassed = false;
                    while (!$namePassed) {
                        $namePassed = true;
                        try {
                            $setApi->setParams(['name' => $goodName, 'type' => 'root', 'parent' => -1])->addAction();
                        } catch (Exception $e) {
                            $namePassed = false;
                            $iter++;
                            $goodName = $set['name'] . ' ' . $iter;
                        }
                    }
                    foreach ($set['data'] as $root) {
                        importTree($goodName, $root, 0);
                    }
                } else {
                    throw new Exception('Bad data');
                }
            }
            headerRedirect(1, 'Set import successful');
        case 'rep':
            $repList = [];
            switch ($format) {
                case 'json':
                    $repList = json_decode(file_get_contents($filename), true);
                    break;
                default:
                    throw new Exception('Unsupported format');
            }
            if (!is_array($repList) || isRepData($repList)) {
                $repList = [$repList];
            }
            $clientApi = new Client([]);
            foreach ($repList as $report) {
                if (isRepData($report)) {
                    $clientApi->setParams(['report' => json_encode($report)])->uploadAction();
                } else {
                    throw new Exception('Bad data');
                }
            }
            headerRedirect(1, 'Report import successful');
        default:
            throw new Exception('Invalid type');
    }
}
示例#26
0
    if ($_test_canonical_schema !== 'http') {
        $content['overwrite_canonical'] = ltrim('/');
        if ($_test_canonical_schema === '{SIT') {
            $content['overwrite_canonical'] = str_replace('{SITE}', PHPWCMS_URL, $content['overwrite_canonical']);
        } else {
            $content['overwrite_canonical'] = PHPWCMS_URL . $content['overwrite_canonical'];
        }
    }
    $block['custom_htmlhead']['canonical'] = '  <link rel="canonical" href="' . html($content['overwrite_canonical']) . '"' . HTML_TAG_CLOSE;
    $content['set_canonical'] = false;
}
//check for no content error
$content["main"] = trim($content["main"]);
if ($content['404error']['status'] === true) {
    // Show 404 error page
    headerRedirect('', 404, false);
    // [404] … {404} … [/404]
    $content["main"] .= render_cnt_template($block["errortext"], '404', '<!-- 404 Not Found -->');
} elseif ($no_content_for_this_page || $content["main"] === '') {
    // [404_ELSE] … {404_ELSE} … [/404_ELSE]
    $content["main"] .= render_cnt_template($block["errortext"], '404', '', '<!-- Just empty: Why ever, there is no content! -->');
}
//check if one of needed block texts and values are empty and if then fill with content
if (empty($block["maintext"])) {
    $block["maintext"] = $content["main"];
}
//normal page operation
if ($aktion[2] == 0) {
    switch ($pagelayout["layout_render"]) {
        case 0:
            //create the page layout table (header, left, content, right, footer)
            $sql .= "\t'" . aporeplace($plugin['data']['adcampaign_title']) . "', ";
            $sql .= "\t'" . aporeplace($plugin['data']['adcampaign_comment']) . "', ";
            $sql .= "\t'" . aporeplace($plugin['data']['adcampaign_datestart']) . "', ";
            $sql .= "\t'" . aporeplace($plugin['data']['adcampaign_dateend']) . "', ";
            $sql .= $plugin['data']['adcampaign_maxview'] . ", ";
            $sql .= $plugin['data']['adcampaign_maxclick'] . ", ";
            $sql .= $plugin['data']['adcampaign_maxviewuser'] . ", ";
            $sql .= $plugin['data']['adcampaign_type'] . ", ";
            $sql .= $plugin['data']['adcampaign_place'] . ", ";
            $sql .= "\t'" . aporeplace(serialize($plugin['data']['adcampaign_data'])) . "'";
            $sql .= ')';
            if ($plugin_new_id = @_dbQuery($sql, 'INSERT')) {
                if (isset($_POST['save'])) {
                    headerRedirect(decode_entities(MODULE_HREF) . '&listcampaign=1');
                } elseif (!empty($plugin_new_id['INSERT_ID'])) {
                    headerRedirect(decode_entities(MODULE_HREF) . '&campaign=1&edit=' . $plugin_new_id['INSERT_ID']);
                }
            } else {
                $plugin['error']['update'] = mysql_error();
            }
        }
    }
}
// try to read entry from database
if ($plugin['id'] && !isset($plugin['error'])) {
    $sql = 'SELECT *,';
    $sql .= "DATE_FORMAT(adcampaign_datestart, '%d" . $BLM['date_delimiter'] . "%m" . $BLM['date_delimiter'] . "%Y') AS adcampaign_date_start, ";
    $sql .= "DATE_FORMAT(adcampaign_dateend,   '%d" . $BLM['date_delimiter'] . "%m" . $BLM['date_delimiter'] . "%Y') AS adcampaign_date_end, ";
    $sql .= "DATE_FORMAT(adcampaign_datestart, '%H:%i') AS adcampaign_time_start, ";
    $sql .= "DATE_FORMAT(adcampaign_dateend,   '%H:%i') AS adcampaign_time_end ";
    $sql .= 'FROM ' . DB_PREPEND . 'phpwcms_ads_campaign WHERE adcampaign_id=' . $plugin['id'];
示例#28
0
         $content["search_word"][$key] = preg_quote($value);
         $content["search_word"][$key] = str_replace("\\?", '.?', $content["search_word"][$key]);
         $content["search_word"][$key] = str_replace("\\*", '.*', $content["search_word"][$key]);
         $content['highlight'][] = $value;
     }
 }
 if (count($content['highlight'])) {
     if (strpos($crow['template']['item'], '{IMAGE') !== false) {
         $crow['template']['image_render'] = true;
     }
     $s_result_highlight = implode(' ', $content['highlight']);
     if (!empty($_POST["search_input_field"])) {
         // make a redirection to avoid message when using browser back
         $GLOBALS['_getVar']['searchstart'] = 1;
         $GLOBALS['_getVar']['searchwords'] = $s_result_highlight;
         headerRedirect(abs_url(array(), array(), '', 'rawurlencode'));
     }
     $s_result_highlight = rawurlencode($s_result_highlight);
     $sql = "SELECT article_id, article_cid, article_title, article_username, article_subtitle, ";
     $sql .= "article_summary, article_keyword, UNIX_TIMESTAMP(article_tstamp) AS article_date, ";
     $sql .= "article_image, article_alias, article_aliasid, article_headerdata ";
     $sql .= "FROM " . DB_PREPEND . "phpwcms_article ar ";
     $sql .= "LEFT JOIN " . DB_PREPEND . "phpwcms_articlecat ac ON ";
     $sql .= "(ar.article_cid = ac.acat_id OR ar.article_cid = 0)";
     $sql .= " WHERE ";
     // limit to special structure IDs if not all
     if (count($content["search"]["start_at"])) {
         $sql .= 'ar.article_cid IN (' . implode(',', $content["search"]["start_at"]) . ')';
     } else {
         $sql .= "IF(ar.article_cid = 0, " . (empty($GLOBALS['indexpage']['acat_nosearch']) ? 1 : 0) . ", 1)";
     }
示例#29
0
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
$chat_message = clean_slweg(trim($_POST['chatmsg']));
$chatlist = intval($_POST['chatlist']);
if ($chat_message) {
    $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_chat (chat_uid, chat_name, chat_text, chat_cat) ";
    $sql .= "VALUES (" . $_SESSION['wcs_user_id'] . "," . _dbEscape($_SESSION['wcs_user']) . "," . _dbEscape($chat_message) . ",0)";
    _dbQuery($sql, 'INSERT');
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=chat&p=1&l=' . $chatlist . '&' . get_token_get_string('csrftoken'));
示例#30
0
                 break;
             case "create_detail":
                 include PHPWCMS_ROOT . '/include/inc_lib/profile.create.inc.php';
                 break;
         }
     }
     $subnav .= subnavtext($BL['be_subnav_profile_login'], "phpwcms.php?do=profile", $p, "", 0);
     $subnav .= subnavtext($BL['be_subnav_profile_personal'], "phpwcms.php?do=profile&amp;p=1", $p, "1", 0);
     break;
 case "logout":
     //Logout
     $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 ";
     $sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1";
     _dbQuery($sql, 'UPDATE');
     session_destroy();
     headerRedirect(PHPWCMS_URL . get_login_file());
     break;
 case "admin":
     //Admin
     if (!empty($_SESSION["wcs_user_admin"])) {
         include PHPWCMS_ROOT . '/include/inc_lib/admin.functions.inc.php';
         $subnav .= subnavtext($BL['be_subnav_admin_sitestructure'], "phpwcms.php?do=admin&amp;p=6", $p, "6", 0);
         $subnav .= '<tr><td colspan="2"><img src="img/leer.gif" height="5" width="1" alt="" /></td></tr>' . "\n";
         $subnav .= subnavtext($BL['be_subnav_admin_pagelayout'], "phpwcms.php?do=admin&amp;p=8", $p, "8", 0);
         $subnav .= subnavtext($BL['be_subnav_admin_templates'], "phpwcms.php?do=admin&amp;p=11", $p, "11", 0);
         if (!empty($phpwcms['enable_deprecated'])) {
             $subnav .= subnavtext($BL['be_subnav_admin_css'], "phpwcms.php?do=admin&amp;p=10", $p, "10", 0);
         }
         $subnav .= '<tr><td colspan="2"><img src="img/leer.gif" height="5" width="1" alt="" /></td></tr>' . "\n";
         $subnav .= subnavtext($BL['be_subnav_admin_users'], "phpwcms.php?do=admin", $p, "", 0);
         if (!empty($phpwcms['usergroup_support'])) {