/** * Implementation of module_content */ function admin_content() { global $ssc_user, $ssc_database; $out = ''; if ($_GET['path'] != '/admin' || $ssc_user->gid == SSC_USER_GUEST) { ssc_not_found(); return; } switch ($_GET['param']) { case '': ssc_set_title("Administration"); $out = _admin_base_content(); break; default: // Check for sub-page. args can be claimed from $_GET[param] $_GET['param'] = explode("/", $_GET['param']); $_GET['admin_page'] = array_shift($_GET['param']); if (!login_check_auth($_GET['admin_page'])) { ssc_not_allowed(); } else { $out = module_hook('admin', $_GET['admin_page']); } if (empty($out)) { ssc_not_found(); } break; } return $out; }
/** * Validation routine for event editing * @return TRUE or FALSE depending on validation success */ function events_edit_validate() { // Ensure auth'd people only if (!login_check_auth('sailing')) { return false; } if (!isset($_POST['id'], $_POST['name'], $_POST['date'], $_POST['uri'], $_POST['submit'])) { return false; } if ($_POST['id'] == '' || $_POST['name'] == '' || $_POST['date'] == '') { ssc_add_message(SSC_MSG_CRIT, t('Required fields were not filled in')); return false; } return true; }
/** * Edit link validation */ function nav_add_link_validate() { // Check privileges if (!login_check_auth("nav")) { return false; } if (empty($_POST['title']) || empty($_POST['url']) || empty($_POST['wid'])) { ssc_add_message(SSC_MSG_CRIT, t('Both link title and path need to be entered')); return false; } if (empty($_POST['desc'])) { $_POST['desc'] = ''; } return true; }
function sailing_series_validate() { if (!isset($_POST['id'], $_POST['name'], $_POST['submit'], $_POST['url'])) { return false; } // missing compulsory fields - drop quietly if (!login_check_auth('sailing')) { return false; } if (strlen($_POST['name']) == 0) { ssc_add_message(SSC_MSG_CRIT, t('Series must have a name')); return false; } return true; }
/** * Profile edit saving */ function login_profile_submit() { global $ssc_database, $ssc_user; $admin = $_GET['path'] == '/admin' && login_check_auth("login"); if (!empty($_POST['n2'])) { $hash = new PasswordHash(8, true); $pass = $hash->HashPassword($_POST['n2']); } else { $pass = null; } // Ready to submit if ($_POST['uid'] <= 0 && $admin) { // New user $result = $ssc_database->query("INSERT INTO #__user SET\n\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\tgid = %d, password = '******', created = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $pass, time()); if (!$result) { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); return; } $id = $ssc_database->last_id(); ssc_add_message(SSC_MSG_INFO, t('User details saved')); ssc_redirect("/admin/login/edit/{$id}"); } else { // Update existing if ($admin) { if ($pass) { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tgid = %d, password = '******' WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $pass, $_POST['uid']); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } else { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tgid = %d WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $_POST['uid']); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } } else { if ($pass) { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tpassword = '******' WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $pass, $ssc_user->id); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } else { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s'\n\t\t\t\tWHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $ssc_user->id); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } } } }
/** * Gallery edit validation */ function gallery_form_validate() { global $ssc_database; // Drop invalid user if (!login_check_auth("gallery")) { return false; } if (empty($_POST['name']) || !isset($_POST['url'], $_POST['gid'])) { ssc_add_message(SSC_MSG_CRIT, t('Gallery name can\'t be empty')); return false; } // Check valid form combo $gid = $_POST['gid'] = (int) $_POST['gid']; if ($gid < 0 || $gid == 0 && isset($_POST['item'])) { return false; } if (empty($_POST['desc'])) { $_POST['desc'] = ''; } if (isset($_POST['vis'])) { $_POST['vis'] = 1; } else { $_POST['vis'] = 0; } $result = $ssc_database->query("SELECT id FROM #__handler WHERE path = '%s' LIMIT 1", $_POST['url']); if (!$result) { return false; } $data = $ssc_database->fetch_object($result); if ($data && $data->id != $gid) { ssc_add_message(SSC_MSG_CRIT, t('That path name has already been used elsewhere')); return false; } if (!empty($_FILES['single'])) { switch ($_FILES['single']['error']) { case UPLOAD_ERR_OK: // Upload good // Upload good case UPLOAD_ERR_NO_FILE: // Or no file to upload break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: ssc_add_message(SSC_MSG_WARN, t('The image you uploaded was too large')); unset($_FILES['single']); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_TMP_DIR: case UPLOAD_ERR_CANT_WRITE: case UPLOAD_ERR_EXTENSION: default: ssc_add_message(SSC_MSG_WARN, t('There was an error uploading the image')); unset($_FILES['single']); break; } } return true; }
/** * Comment moderation form validation */ function blog_spam_ham_validate() { if (!login_check_auth("blog")) { return false; } $count = 0; if (isset($_POST['spam'])) { $_POST['action'] = 'spam'; $keys = array_keys($_POST['spam']); if (count($keys) > 1) { return false; } $count++; } if (isset($_POST['ham'])) { $_POST['action'] = 'ham'; $keys = array_keys($_POST['ham']); if (count($keys) > 1) { return false; } $count++; } if (isset($_POST['show'])) { $_POST['action'] = 'show'; $keys = array_keys($_POST['show']); if (count($keys) > 1) { return false; } $count++; } if (isset($_POST['hide'])) { $_POST['action'] = 'hide'; $keys = array_keys($_POST['hide']); if (count($keys) > 1) { return false; } $count++; } if (isset($_POST['disable_comments'])) { $_POST['action'] = 'disable_comments'; $keys = array_keys($_POST['disable_comments']); if (count($keys) > 1) { return false; } $count++; } if (isset($_POST['enable_comments'])) { $_POST['action'] = 'enable_comments'; $keys = array_keys($_POST['enable_comments']); if (count($keys) > 1) { return false; } $count++; } if ($count != 1) { return false; } $_POST['i'] = $keys[0]; return true; }
/** * Page validation */ function static_form_validate() { if (!login_check_auth("static")) { return false; } // Only saved if properly submitted - not preview if (empty($_POST['sub'])) { ssc_add_message(SSC_MSG_WARN, t('This is a preview - the form continues below.')); if (!empty($_POST['url']) && $_POST['url'][0] == '/') { $_POST['url'] = substr($_POST['url'], 1); } return false; } if (empty($_POST['title']) || !isset($_POST['url']) || empty($_POST['body'])) { ssc_add_message(SSC_MSG_CRIT, t('Not all required fields were filled in')); if (!empty($_POST['url']) && $_POST['url'][0] == '/') { $_POST['url'] = substr($_POST['url'], 1); } return false; } if (!empty($_POST['url']) && $_POST['url'][0] == '/') { $_POST['url'] = substr($_POST['url'], 1); } return true; }