function AdminMain() { global $txt, $context, $scripturl, $modSettings, $settings, $sourcedir, $options, $boarddir, $backend_subdir; // Load the language and templates.... loadLanguage('Admin'); loadAdminTemplate('Admin'); $context['robot_no_index'] = true; require_once $sourcedir . '/lib/Subs-Menu.php'; // Some preferences. $context['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array(); // Define all the menu structure - see Subs-Menu.php for details! $admin_areas = array('forum' => array('title' => $txt['admin_main'], 'permission' => array('admin_forum', 'manage_permissions', 'moderate_forum', 'manage_membergroups', 'manage_bans', 'send_mail', 'edit_news', 'manage_boards', 'manage_smileys', 'manage_attachments'), 'areas' => array('index' => array('label' => $txt['admin_center'], 'function' => 'AdminHome', 'icon' => 'administration.gif'), 'credits' => array('label' => $txt['support_credits_title'], 'function' => 'AdminHome', 'icon' => 'support.gif'), 'news' => array('label' => $txt['news_title'], 'file' => $backend_subdir . '/ManageNews.php', 'function' => 'ManageNews', 'icon' => 'news.gif', 'permission' => array('edit_news', 'send_mail', 'admin_forum'), 'subsections' => array('editnews' => array($txt['admin_edit_news'], 'edit_news'), 'mailingmembers' => array($txt['admin_newsletters'], 'send_mail'), 'settings' => array($txt['settings'], 'admin_forum'))), 'packages' => array('label' => $txt['package'], 'file' => $backend_subdir . '/Packages.php', 'function' => 'Packages', 'permission' => array('admin_forum'), 'icon' => 'packages.gif', 'subsections' => array('browse' => array($txt['browse_packages']), 'packageget' => array($txt['download_packages'], 'url' => $scripturl . '?action=admin;area=packages;sa=packageget;get'), 'installed' => array($txt['installed_packages']), 'perms' => array($txt['package_file_perms']), 'options' => array($txt['package_settings']))), 'plugins' => array('label' => $txt['plugins_title'], 'file' => $backend_subdir . '/Plugins.php', 'function' => 'PluginsMain', 'permission' => array('admin_forum'), 'icon' => 'packages.gif', 'subsections' => array('browse' => array($txt['browse_plugins']), 'hooks' => array($txt['browse_hooks']))), 'search' => array('function' => 'AdminSearch', 'permission' => array('admin_forum'), 'select' => 'index'))), 'config' => array('title' => $txt['admin_config'], 'permission' => array('admin_forum'), 'areas' => array('corefeatures' => array('label' => $txt['core_settings_title'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifyCoreFeatures', 'icon' => 'corefeatures.gif'), 'featuresettings' => array('label' => $txt['modSettings_title'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifyFeatureSettings', 'icon' => 'features.gif', 'subsections' => array('basic' => array($txt['mods_cat_features']), 'layout' => array($txt['mods_cat_layout']), 'sig' => array($txt['signature_settings_short']), 'profile' => array($txt['custom_profile_shorttitle'], 'enabled' => in_array('cp', $context['admin_features'])))), 'securitysettings' => array('label' => $txt['admin_security_moderation'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifySecuritySettings', 'icon' => 'security.gif', 'subsections' => array('general' => array($txt['mods_cat_security_general']), 'spam' => array($txt['antispam_title']), 'moderation' => array($txt['moderation_settings_short'], 'enabled' => substr($modSettings['warning_settings'], 0, 1) == 1))), 'languages' => array('label' => $txt['language_configuration'], 'file' => $backend_subdir . '/ManageServer.php', 'function' => 'ManageLanguages', 'icon' => 'languages.gif', 'subsections' => array('edit' => array($txt['language_edit']), 'add' => array($txt['language_add']), 'settings' => array($txt['language_settings']))), 'serversettings' => array('label' => $txt['admin_server_settings'], 'file' => $backend_subdir . '/ManageServer.php', 'function' => 'ModifySettings', 'icon' => 'server.gif', 'subsections' => array('general' => array($txt['general_settings']), 'database' => array($txt['database_paths_settings']), 'cookie' => array($txt['cookies_sessions_settings']), 'cache' => array($txt['caching_settings']), 'loads' => array($txt['load_balancing_settings']))), 'relatedtopics' => array('label' => $txt['admin_related_topic'], 'file' => $backend_subdir . '/RelatedTopics.php', 'function' => 'RelatedTopicsAdmin', 'subsections' => array('settings' => array($txt['admin_related_topics_settings']), 'methods' => array($txt['admin_related_topics_methods']))), 'current_theme' => array('label' => $txt['theme_current_settings'], 'file' => $backend_subdir . '/Themes.php', 'function' => 'ThemesMain', 'custom_url' => $scripturl . '?action=admin;area=theme;sa=settings;th=' . $settings['theme_id'], 'icon' => 'current_theme.gif'), 'theme' => array('label' => $txt['theme_admin'], 'file' => $backend_subdir . '/Themes.php', 'function' => 'ThemesMain', 'custom_url' => $scripturl . '?action=admin;area=theme;sa=admin', 'icon' => 'themes.gif', 'subsections' => array('admin' => array($txt['themeadmin_admin_title']), 'list' => array($txt['themeadmin_list_title']), 'reset' => array($txt['themeadmin_reset_title']), 'edit' => array($txt['themeadmin_edit_title']))), 'modsettings' => array('label' => $txt['admin_modifications'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifyModSettings', 'icon' => 'modifications.gif', 'related' => array($txt['admin_related_topic']), 'subsections' => array('general' => array($txt['mods_cat_modifications_misc']))), 'socialsettings' => array('label' => $txt['admin_social'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifySocialSettings', 'subsections' => array('general' => array($txt['socialsettings_general']), 'astream' => array($txt['socialsettings_astream']))))), 'layout' => array('title' => $txt['layout_controls'], 'permission' => array('manage_boards', 'admin_forum', 'manage_smileys', 'manage_attachments', 'moderate_forum'), 'areas' => array('manageboards' => array('label' => $txt['admin_boards'], 'file' => $backend_subdir . '/ManageBoards.php', 'function' => 'ManageBoards', 'icon' => 'boards.gif', 'permission' => array('manage_boards'), 'subsections' => array('main' => array($txt['boardsEdit']), 'newcat' => array($txt['mboards_new_cat']), 'settings' => array($txt['settings'], 'admin_forum'))), 'postsettings' => array('label' => $txt['manageposts'], 'file' => $backend_subdir . '/ManagePosts.php', 'function' => 'ManagePostSettings', 'permission' => array('admin_forum'), 'icon' => 'posts.gif', 'subsections' => array('posts' => array($txt['manageposts_settings']), 'bbc' => array($txt['manageposts_bbc_settings']), 'censor' => array($txt['admin_censored_words']), 'topics' => array($txt['manageposts_topic_settings']), 'prefixes' => array($txt['manageposts_prefix_settings']), 'tags' => array($txt['manageposts_tag_settings']), 'ratings' => array($txt['karma']))), 'managecalendar' => array('label' => $txt['manage_calendar'], 'file' => $backend_subdir . '/ManageCalendar.php', 'function' => 'ManageCalendar', 'icon' => 'calendar.gif', 'permission' => array('admin_forum'), 'enabled' => in_array('cd', $context['admin_features']), 'subsections' => array('holidays' => array($txt['manage_holidays'], 'admin_forum', 'enabled' => !empty($modSettings['cal_enabled'])), 'settings' => array($txt['calendar_settings'], 'admin_forum'))), 'managesearch' => array('label' => $txt['manage_search'], 'file' => $backend_subdir . '/ManageSearch.php', 'function' => 'ManageSearch', 'icon' => 'search.gif', 'permission' => array('admin_forum'), 'subsections' => array('weights' => array($txt['search_weights']), 'method' => array($txt['search_method']), 'settings' => array($txt['settings']), 'managesphinx' => array($txt['search_managesphinx']))), 'smileys' => array('label' => $txt['smileys_manage'], 'file' => $backend_subdir . '/ManageSmileys.php', 'function' => 'ManageSmileys', 'icon' => 'smiley.gif', 'permission' => array('manage_smileys'), 'subsections' => array('editsets' => array($txt['smiley_sets']), 'addsmiley' => array($txt['smileys_add'], 'enabled' => !empty($modSettings['smiley_enable'])), 'editsmileys' => array($txt['smileys_edit'], 'enabled' => !empty($modSettings['smiley_enable'])), 'setorder' => array($txt['smileys_set_order'], 'enabled' => !empty($modSettings['smiley_enable'])), 'editicons' => array($txt['icons_edit_message_icons'], 'enabled' => !empty($modSettings['messageIcons_enable'])), 'settings' => array($txt['settings']))), 'manageattachments' => array('label' => $txt['attachments_avatars'], 'file' => $backend_subdir . '/ManageAttachments.php', 'function' => 'ManageAttachments', 'icon' => 'attachment.gif', 'permission' => array('manage_attachments'), 'subsections' => array('browse' => array($txt['attachment_manager_browse']), 'attachments' => array($txt['attachment_manager_settings']), 'avatars' => array($txt['attachment_manager_avatar_settings']), 'maintenance' => array($txt['attachment_manager_maintenance']))))), 'members' => array('title' => $txt['admin_manage_members'], 'permission' => array('moderate_forum', 'manage_membergroups', 'manage_bans', 'manage_permissions', 'admin_forum'), 'areas' => array('viewmembers' => array('label' => $txt['admin_users'], 'file' => $backend_subdir . '/ManageMembers.php', 'function' => 'ViewMembers', 'icon' => 'members.gif', 'permission' => array('moderate_forum'), 'subsections' => array('all' => array($txt['view_all_members']), 'search' => array($txt['mlist_search']))), 'membergroups' => array('label' => $txt['admin_groups'], 'file' => $backend_subdir . '/ManageMembergroups.php', 'function' => 'ModifyMembergroups', 'icon' => 'membergroups.gif', 'permission' => array('manage_membergroups'), 'subsections' => array('index' => array($txt['membergroups_edit_groups'], 'manage_membergroups'), 'add' => array($txt['membergroups_new_group'], 'manage_membergroups'), 'settings' => array($txt['settings'], 'admin_forum'))), 'permissions' => array('label' => $txt['edit_permissions'], 'file' => $backend_subdir . '/ManagePermissions.php', 'function' => 'ModifyPermissions', 'icon' => 'permissions.gif', 'permission' => array('manage_permissions'), 'subsections' => array('index' => array($txt['permissions_groups'], 'manage_permissions'), 'board' => array($txt['permissions_boards'], 'manage_permissions'), 'profiles' => array($txt['permissions_profiles'], 'manage_permissions'), 'postmod' => array($txt['permissions_post_moderation'], 'manage_permissions', 'enabled' => $modSettings['postmod_active']), 'settings' => array($txt['settings'], 'admin_forum'))), 'regcenter' => array('label' => $txt['registration_center'], 'file' => $backend_subdir . '/ManageRegistration.php', 'function' => 'RegCenter', 'icon' => 'regcenter.gif', 'permission' => array('admin_forum', 'moderate_forum'), 'subsections' => array('register' => array($txt['admin_browse_register_new'], 'moderate_forum'), 'agreement' => array($txt['registration_agreement'], 'admin_forum'), 'reservednames' => array($txt['admin_reserved_set'], 'admin_forum'), 'settings' => array($txt['settings'], 'admin_forum'))), 'ban' => array('label' => $txt['ban_title'], 'file' => $backend_subdir . '/ManageBans.php', 'function' => 'Ban', 'icon' => 'ban.gif', 'permission' => 'manage_bans', 'subsections' => array('list' => array($txt['ban_edit_list']), 'add' => array($txt['ban_add_new']), 'browse' => array($txt['ban_trigger_browse']), 'log' => array($txt['ban_log']))), 'paidsubscribe' => array('label' => $txt['paid_subscriptions'], 'enabled' => in_array('ps', $context['admin_features']), 'file' => $backend_subdir . '/ManagePaid.php', 'icon' => 'paid.gif', 'function' => 'ManagePaidSubscriptions', 'permission' => 'admin_forum', 'subsections' => array('view' => array($txt['paid_subs_view']), 'settings' => array($txt['settings']))), 'sengines' => array('label' => $txt['search_engines'], 'enabled' => in_array('sp', $context['admin_features']), 'file' => $backend_subdir . '/ManageSearchEngines.php', 'icon' => 'engines.gif', 'function' => 'SearchEngines', 'permission' => 'admin_forum', 'subsections' => array('stats' => array($txt['spider_stats']), 'logs' => array($txt['spider_logs']), 'spiders' => array($txt['spiders']), 'settings' => array($txt['settings']))))), 'maintenance' => array('title' => $txt['admin_maintenance'], 'permission' => array('admin_forum'), 'areas' => array('maintain' => array('label' => $txt['maintain_title'], 'file' => $backend_subdir . '/ManageMaintenance.php', 'icon' => 'maintain.gif', 'function' => 'ManageMaintenance', 'subsections' => array('routine' => array($txt['maintain_sub_routine'], 'admin_forum'), 'database' => array($txt['maintain_sub_database'], 'admin_forum'), 'members' => array($txt['maintain_sub_members'], 'admin_forum'), 'topics' => array($txt['maintain_sub_topics'], 'admin_forum'))), 'scheduledtasks' => array('label' => $txt['maintain_tasks'], 'file' => $backend_subdir . '/ManageScheduledTasks.php', 'icon' => 'scheduled.gif', 'function' => 'ManageScheduledTasks', 'subsections' => array('tasks' => array($txt['maintain_tasks'], 'admin_forum'), 'tasklog' => array($txt['scheduled_log'], 'admin_forum'))), 'mailqueue' => array('label' => $txt['mailqueue_title'], 'file' => $backend_subdir . '/ManageMail.php', 'function' => 'ManageMail', 'icon' => 'mail.gif', 'subsections' => array('browse' => array($txt['mailqueue_browse'], 'admin_forum'), 'settings' => array($txt['mailqueue_settings'], 'admin_forum'))), 'reports' => array('enabled' => in_array('rg', $context['admin_features']), 'label' => $txt['generate_reports'], 'file' => 'Reports.php', 'function' => 'ReportsMain', 'icon' => 'reports.gif'), 'logs' => array('label' => $txt['logs'], 'function' => 'AdminLogs', 'icon' => 'logs.gif', 'subsections' => array('errorlog' => array($txt['errlog'], 'admin_forum', 'enabled' => !empty($modSettings['enableErrorLogging']), 'url' => $scripturl . '?action=admin;area=logs;sa=errorlog;desc'), 'adminlog' => array($txt['admin_log'], 'admin_forum', 'enabled' => in_array('ml', $context['admin_features'])), 'modlog' => array($txt['moderation_log'], 'admin_forum', 'enabled' => in_array('ml', $context['admin_features'])), 'banlog' => array($txt['ban_log'], 'manage_bans'), 'spiderlog' => array($txt['spider_logs'], 'admin_forum', 'enabled' => in_array('sp', $context['admin_features'])), 'tasklog' => array($txt['scheduled_log'], 'admin_forum'), 'pruning' => array($txt['pruning_title'], 'admin_forum'))), 'repairboards' => array('label' => $txt['admin_repair'], 'file' => $backend_subdir . '/RepairBoards.php', 'function' => 'RepairBoards', 'select' => 'maintain', 'hidden' => true)))); if (!$modSettings['tags_active']) { unset($admin_areas['layout']['areas']['postsettings']['subsections']['tags']); } if (empty($modSettings['karmaMode'])) { unset($admin_areas['layout']['areas']['postsettings']['subsections']['ratings']); } // Any files to include for administration? if (!empty($modSettings['integrate_admin_include'])) { $admin_includes = explode(',', $modSettings['integrate_admin_include']); foreach ($admin_includes as $include) { $include = strtr(trim($include), array('$boarddir' => $boarddir, '$sourcedir' => $sourcedir, '$themedir' => $settings['theme_dir'])); if (file_exists($include)) { require_once $include; } } } // Let them modify admin areas easily. HookAPI::callHook('integrate_admin_areas', array(&$admin_areas)); SimpleSEF::adminAreas($admin_areas); // Make sure the administrator has a valid session... validateSession(); // Actually create the menu! $admin_include_data = createMenu($admin_areas); unset($admin_areas); // Nothing valid? if ($admin_include_data == false) { fatal_lang_error('no_access', false); } // Build the link tree. $context['linktree'][] = array('url' => $scripturl . '?action=admin', 'name' => $txt['admin_center']); if (isset($admin_include_data['current_area']) && $admin_include_data['current_area'] != 'index') { $context['linktree'][] = array('url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => $admin_include_data['label']); } if (!empty($admin_include_data['current_subsection']) && $admin_include_data['subsections'][$admin_include_data['current_subsection']][0] != $admin_include_data['label']) { $context['linktree'][] = array('url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';sa=' . $admin_include_data['current_subsection'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => $admin_include_data['subsections'][$admin_include_data['current_subsection']][0]); } // Make a note of the Unique ID for this menu. $context['admin_menu_id'] = $context['max_menu_id']; $context['admin_menu_name'] = 'menu_data_' . $context['admin_menu_id']; // Why on the admin are we? $context['admin_area'] = $admin_include_data['current_area']; // Now - finally - call the right place! if (isset($admin_include_data['file'])) { require_once $sourcedir . '/' . $admin_include_data['file']; } $admin_include_data['function'](); }
/** * Entry point for the moderation center. * * @param bool $dont_call = false */ function ModerationMain($dont_call = false) { global $txt, $context, $scripturl, $sc, $modSettings, $user_info, $settings, $sourcedir, $options, $smcFunc; // Don't run this twice... and don't conflict with the admin bar. if (isset($context['admin_area'])) { return; } $context['can_moderate_boards'] = $user_info['mod_cache']['bq'] != '0=1'; $context['can_moderate_groups'] = $user_info['mod_cache']['gq'] != '0=1'; $context['can_moderate_approvals'] = $modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']); // Everyone using this area must be allowed here! if (!$context['can_moderate_boards'] && !$context['can_moderate_groups'] && !$context['can_moderate_approvals']) { isAllowedTo('access_mod_center'); } // We're gonna want a menu of some kind. require_once $sourcedir . '/Subs-Menu.php'; // Load the language, and the template. loadLanguage('ModerationCenter'); loadTemplate(false, 'admin'); $context['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array(); $context['robot_no_index'] = true; // This is the menu structure - refer to Subs-Menu.php for the details. $moderation_areas = array('main' => array('title' => $txt['mc_main'], 'areas' => array('index' => array('label' => $txt['moderation_center'], 'function' => 'ModerationHome'), 'settings' => array('label' => $txt['mc_settings'], 'function' => 'ModerationSettings'), 'modlogoff' => array('label' => $txt['mc_logoff'], 'function' => 'ModEndSession', 'enabled' => empty($modSettings['securityDisable_moderate'])), 'notice' => array('file' => 'ModerationCenter.php', 'function' => 'ShowNotice', 'select' => 'index'))), 'logs' => array('title' => $txt['mc_logs'], 'areas' => array('modlog' => array('label' => $txt['modlog_view'], 'enabled' => !empty($modSettings['modlog_enabled']) && $context['can_moderate_boards'], 'file' => 'Modlog.php', 'function' => 'ViewModlog'), 'warnings' => array('label' => $txt['mc_warnings'], 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && $context['can_moderate_boards'], 'function' => 'ViewWarnings', 'subsections' => array('log' => array($txt['mc_warning_log']), 'templates' => array($txt['mc_warning_templates'], 'issue_warning'))))), 'posts' => array('title' => $txt['mc_posts'], 'enabled' => $context['can_moderate_boards'] || $context['can_moderate_approvals'], 'areas' => array('postmod' => array('label' => $txt['mc_unapproved_posts'], 'enabled' => $context['can_moderate_approvals'], 'file' => 'PostModeration.php', 'function' => 'PostModerationMain', 'custom_url' => $scripturl . '?action=moderate;area=postmod', 'subsections' => array('posts' => array($txt['mc_unapproved_replies']), 'topics' => array($txt['mc_unapproved_topics']))), 'attachmod' => array('label' => $txt['mc_unapproved_attachments'], 'enabled' => $context['can_moderate_approvals'], 'file' => 'PostModeration.php', 'function' => 'PostModerationMain', 'custom_url' => $scripturl . '?action=moderate;area=attachmod;sa=attachments'), 'reports' => array('label' => $txt['mc_reported_posts'], 'enabled' => $context['can_moderate_boards'], 'file' => 'ModerationCenter.php', 'function' => 'ReportedPosts', 'subsections' => array('open' => array($txt['mc_reportedp_active']), 'closed' => array($txt['mc_reportedp_closed']))))), 'groups' => array('title' => $txt['mc_groups'], 'enabled' => $context['can_moderate_groups'], 'areas' => array('userwatch' => array('label' => $txt['mc_watched_users_title'], 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && $context['can_moderate_boards'], 'function' => 'ViewWatchedUsers', 'subsections' => array('member' => array($txt['mc_watched_users_member']), 'post' => array($txt['mc_watched_users_post']))), 'groups' => array('label' => $txt['mc_group_requests'], 'file' => 'Groups.php', 'function' => 'Groups', 'custom_url' => $scripturl . '?action=moderate;area=groups;sa=requests'), 'viewgroups' => array('label' => $txt['mc_view_groups'], 'file' => 'Groups.php', 'function' => 'Groups')))); // Make sure the administrator has a valid session... validateSession('moderate'); // I don't know where we're going - I don't know where we've been... $menuOptions = array('action' => 'moderate', 'disable_url_session_check' => true); $mod_include_data = createMenu($moderation_areas, $menuOptions); unset($moderation_areas); // We got something - didn't we? DIDN'T WE! if ($mod_include_data == false) { fatal_lang_error('no_access', false); } // Retain the ID information in case required by a subaction. $context['moderation_menu_id'] = $context['max_menu_id']; $context['moderation_menu_name'] = 'menu_data_' . $context['moderation_menu_id']; // What a pleasant shortcut - even tho we're not *really* on the admin screen who cares... $context['admin_area'] = $mod_include_data['current_area']; // Build the link tree. $context['linktree'][] = array('url' => $scripturl . '?action=moderate', 'name' => $txt['moderation_center']); if (isset($mod_include_data['current_area']) && $mod_include_data['current_area'] != 'index') { $context['linktree'][] = array('url' => $scripturl . '?action=moderate;area=' . $mod_include_data['current_area'], 'name' => $mod_include_data['label']); } if (!empty($mod_include_data['current_subsection']) && $mod_include_data['subsections'][$mod_include_data['current_subsection']][0] != $mod_include_data['label']) { $context['linktree'][] = array('url' => $scripturl . '?action=moderate;area=' . $mod_include_data['current_area'] . ';sa=' . $mod_include_data['current_subsection'], 'name' => $mod_include_data['subsections'][$mod_include_data['current_subsection']][0]); } // Now - finally - the bit before the encore - the main performance of course! if (!$dont_call) { if (isset($mod_include_data['file'])) { require_once $sourcedir . '/' . $mod_include_data['file']; } $mod_include_data['function'](); } }
/** * Prepare menu, make checks, load files, and create moderation menu. * This can be called from the class, or from outside, to * set up moderation menu. */ public function prepareModcenter() { global $txt, $context, $scripturl, $modSettings, $user_info, $options; // Don't run this twice... and don't conflict with the admin bar. if (isset($context['admin_area'])) { return; } $context['can_moderate_boards'] = $user_info['mod_cache']['bq'] != '0=1'; $context['can_moderate_groups'] = $user_info['mod_cache']['gq'] != '0=1'; $context['can_moderate_approvals'] = $modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']); // Everyone using this area must be allowed here! if (!$context['can_moderate_boards'] && !$context['can_moderate_groups'] && !$context['can_moderate_approvals']) { isAllowedTo('access_mod_center'); } // We're gonna want a menu of some kind. require_once SUBSDIR . '/Menu.subs.php'; // Load the language, and the template. loadLanguage('ModerationCenter'); loadTemplate(false, 'admin'); $context['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array(); $context['robot_no_index'] = true; // Moderation counts for things that this moderator can take care of require_once SUBSDIR . '/Moderation.subs.php'; $mod_counts = loadModeratorMenuCounts(); // This is the menu structure - refer to subs/Menu.subs.php for the details. $moderation_areas = array('main' => array('title' => $txt['mc_main'], 'areas' => array('index' => array('label' => $txt['moderation_center'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_moderationHome', 'icon' => 'transparent.png', 'class' => 'admin_img_home'), 'settings' => array('label' => $txt['mc_settings'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_moderationSettings', 'icon' => 'transparent.png', 'class' => 'admin_img_features'), 'modlogoff' => array('label' => $txt['mc_logoff'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_modEndSession', 'enabled' => empty($modSettings['securityDisable_moderate']), 'icon' => 'transparent.png', 'class' => 'admin_img_exit'), 'notice' => array('controller' => 'ModerationCenter_Controller', 'function' => 'action_showNotice', 'select' => 'index', 'icon' => 'transparent.png', 'class' => 'admin_img_news'))), 'logs' => array('title' => $txt['mc_logs'], 'areas' => array('modlog' => array('label' => $txt['modlog_view'], 'enabled' => !empty($modSettings['modlog_enabled']) && $context['can_moderate_boards'], 'file' => 'Modlog.controller.php', 'dir' => ADMINDIR, 'controller' => 'Modlog_Controller', 'function' => 'action_log', 'icon' => 'transparent.png', 'class' => 'admin_img_logs'), 'warnings' => array('label' => $txt['mc_warnings'], 'enabled' => in_array('w', $context['admin_features']) && !empty($modSettings['warning_enable']) && $context['can_moderate_boards'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_viewWarnings', 'icon' => 'transparent.png', 'class' => 'admin_img_reports', 'subsections' => array('log' => array($txt['mc_warning_log']), 'templates' => array($txt['mc_warning_templates'], 'issue_warning'))))), 'posts' => array('title' => $txt['mc_posts'] . (!empty($mod_counts['pt_total']) ? ' [' . $mod_counts['pt_total'] . ']' : ''), 'enabled' => $context['can_moderate_boards'] || $context['can_moderate_approvals'], 'areas' => array('postmod' => array('label' => $txt['mc_unapproved_posts'] . (!empty($mod_counts['postmod']) ? ' [' . $mod_counts['postmod'] . ']' : ''), 'enabled' => $context['can_moderate_approvals'], 'file' => 'PostModeration.controller.php', 'controller' => 'PostModeration_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_posts', 'custom_url' => $scripturl . '?action=moderate;area=postmod', 'subsections' => array('posts' => array($txt['mc_unapproved_replies']), 'topics' => array($txt['mc_unapproved_topics']))), 'emailmod' => array('label' => $txt['mc_emailerror'] . (!empty($mod_counts['emailmod']) ? ' [' . $mod_counts['emailmod'] . ']' : ''), 'enabled' => !empty($modSettings['maillist_enabled']) && allowedTo('approve_emails'), 'file' => 'ManageMaillist.controller.php', 'dir' => ADMINDIR, 'function' => 'UnapprovedEmails', 'icon' => 'transparent.png', 'class' => 'admin_img_mail', 'custom_url' => $scripturl . '?action=admin;area=maillist;sa=emaillist'), 'attachmod' => array('label' => $txt['mc_unapproved_attachments'] . (!empty($mod_counts['attachments']) ? ' [' . $mod_counts['attachments'] . ']' : ''), 'enabled' => $context['can_moderate_approvals'], 'file' => 'PostModeration.controller.php', 'controller' => 'PostModeration_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_attachment', 'custom_url' => $scripturl . '?action=moderate;area=attachmod;sa=attachments'), 'reports' => array('label' => $txt['mc_reported_posts'] . (!empty($mod_counts['reports']) ? ' [' . $mod_counts['reports'] . ']' : ''), 'enabled' => $context['can_moderate_boards'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_reportedPosts', 'icon' => 'transparent.png', 'class' => 'admin_img_reports', 'subsections' => array('open' => array($txt['mc_reportedp_active'] . (!empty($mod_counts['reports']) ? ' [' . $mod_counts['reports'] . ']' : '')), 'closed' => array($txt['mc_reportedp_closed']))))), 'groups' => array('title' => $txt['mc_groups'] . (!empty($mod_counts['mg_total']) ? ' [' . $mod_counts['mg_total'] . ']' : ''), 'enabled' => $context['can_moderate_groups'], 'areas' => array('userwatch' => array('label' => $txt['mc_watched_users_title'], 'enabled' => in_array('w', $context['admin_features']) && !empty($modSettings['warning_enable']) && $context['can_moderate_boards'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_viewWatchedUsers', 'icon' => 'transparent.png', 'class' => 'admin_img_permissions', 'subsections' => array('member' => array($txt['mc_watched_users_member']), 'post' => array($txt['mc_watched_users_post']))), 'groups' => array('label' => $txt['mc_group_requests'] . (!empty($mod_counts['groupreq']) ? ' [' . $mod_counts['groupreq'] . ']' : ''), 'file' => 'Groups.controller.php', 'controller' => 'Groups_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_regcenter', 'custom_url' => $scripturl . '?action=moderate;area=groups;sa=requests'), 'members' => array('enabled' => allowedTo('moderate_forum'), 'label' => $txt['mc_member_requests'] . (!empty($mod_counts['memberreq']) ? ' [' . $mod_counts['memberreq'] . ']' : ''), 'file' => 'ManageMembers.controller.php', 'controller' => 'ManageMembers_Controller', 'function' => 'action_approve', 'icon' => 'transparent.png', 'class' => 'admin_img_members', 'custom_url' => $scripturl . '?action=admin;area=viewmembers;sa=browse;type=approve'), 'viewgroups' => array('label' => $txt['mc_view_groups'], 'file' => 'Groups.controller.php', 'controller' => 'Groups_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_membergroups')))); // Make sure the administrator has a valid session... validateSession('moderate'); // I don't know where we're going - I don't know where we've been... $menuOptions = array('action' => 'moderate', 'hook' => 'moderation', 'disable_url_session_check' => true, 'default_include_dir' => CONTROLLERDIR); $mod_include_data = createMenu($moderation_areas, $menuOptions); unset($moderation_areas); // We got something - didn't we? DIDN'T WE! if ($mod_include_data == false) { fatal_lang_error('no_access', false); } // Retain the ID information in case required by a subaction. $context['moderation_menu_id'] = $context['max_menu_id']; $context['moderation_menu_name'] = 'menu_data_' . $context['moderation_menu_id']; $context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['moderation_center'], 'help' => '', 'description' => sprintf($txt['mc_description'], $context['user']['name'], $scripturl . '?action=moderate;area=settings')); // What a pleasant shortcut - even tho we're not *really* on the admin screen who cares... $context['admin_area'] = $mod_include_data['current_area']; // Build the link tree. $context['linktree'][] = array('url' => $scripturl . '?action=moderate', 'name' => $txt['moderation_center']); if (isset($mod_include_data['current_area']) && $mod_include_data['current_area'] != 'index') { $context['linktree'][] = array('url' => $scripturl . '?action=moderate;area=' . $mod_include_data['current_area'], 'name' => $mod_include_data['label']); } if (!empty($mod_include_data['current_subsection']) && $mod_include_data['subsections'][$mod_include_data['current_subsection']][0] != $mod_include_data['label']) { $context['linktree'][] = array('url' => $scripturl . '?action=moderate;area=' . $mod_include_data['current_area'] . ';sa=' . $mod_include_data['current_subsection'], 'name' => $mod_include_data['subsections'][$mod_include_data['current_subsection']][0]); } // Finally, store this, so that if we're called from the class, it can use it. $this->_mod_include_data = $mod_include_data; }
/** * Set up the context for the announce topic function (action=announce). * This function is called before the flow is redirected to action_selectgroup() or action_send(). * * checks the topic announcement permissions and loads the announcement template. * requires the announce_topic permission. * uses the Announce template and Post language file. */ public function pre_dispatch() { global $context, $txt, $topic; isAllowedTo('announce_topic'); validateSession(); if (empty($topic)) { fatal_lang_error('topic_gone', false); } loadLanguage('Post'); loadTemplate('Announce'); $context['page_title'] = $txt['announce_topic']; }
/** * @param $session_db array('user_id' => id, 'current' => 'hash_of_current_time_on_db', 'expire' => 'hash_of_expire_at_on_db') * @param $current_time String of current DateTime * @return True if session between has_current_time and $hash_expire_at */ public function isValidSession($session_db, $current_time) { if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } if (validateSession($user_id, $current_time, $expire_at, $hash_expire_at)) { return true; } else { session_destroy(); return false; } }
/** * The main admin handling function. * * What it does: * - It initialises all the basic context required for the admin center. * - It passes execution onto the relevant admin section. * - If the passed section is not found it shows the admin home page. * - Accessed by ?action=admin. */ public function action_index() { global $txt, $context, $scripturl, $modSettings, $settings; // Make sure the administrator has a valid session... validateSession(); // Load the language and templates.... loadLanguage('Admin'); loadTemplate('Admin', 'admin'); loadJavascriptFile('admin.js', array(), 'admin_script'); // The Admin functions require Jquery UI .... $modSettings['jquery_include_ui'] = true; // No indexing evil stuff. $context['robot_no_index'] = true; // Need these to do much require_once SUBSDIR . '/Menu.subs.php'; require_once SUBSDIR . '/Action.class.php'; // Define the menu structure - see subs/Menu.subs.php for details! $admin_areas = array('forum' => array('title' => $txt['admin_main'], 'permission' => array('admin_forum', 'manage_permissions', 'moderate_forum', 'manage_membergroups', 'manage_bans', 'send_mail', 'edit_news', 'manage_boards', 'manage_smileys', 'manage_attachments'), 'areas' => array('index' => array('label' => $txt['admin_center'], 'controller' => 'Admin_Controller', 'function' => 'action_home', 'icon' => 'transparent.png', 'class' => 'admin_img_administration'), 'credits' => array('label' => $txt['support_credits_title'], 'controller' => 'Admin_Controller', 'function' => 'action_credits', 'icon' => 'transparent.png', 'class' => 'admin_img_support'), 'maillist' => array('label' => $txt['mail_center'], 'file' => 'ManageMaillist.controller.php', 'controller' => 'ManageMaillist_Controller', 'function' => 'action_index', 'icon' => 'mail.png', 'class' => 'admin_img_mail', 'permission' => array('approve_emails', 'admin_forum'), 'enabled' => in_array('pe', $context['admin_features']), 'subsections' => array('emaillist' => array($txt['mm_emailerror'], 'approve_emails'), 'emailfilters' => array($txt['mm_emailfilters'], 'admin_forum'), 'emailparser' => array($txt['mm_emailparsers'], 'admin_forum'), 'emailtemplates' => array($txt['mm_emailtemplates'], 'approve_emails'), 'emailsettings' => array($txt['mm_emailsettings'], 'admin_forum'))), 'news' => array('label' => $txt['news_title'], 'file' => 'ManageNews.controller.php', 'controller' => 'ManageNews_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_news', 'permission' => array('edit_news', 'send_mail', 'admin_forum'), 'subsections' => array('editnews' => array($txt['admin_edit_news'], 'edit_news'), 'mailingmembers' => array($txt['admin_newsletters'], 'send_mail'), 'settings' => array($txt['settings'], 'admin_forum'))), 'packages' => array('label' => $txt['package'], 'file' => 'Packages.controller.php', 'controller' => 'Packages_Controller', 'function' => 'action_index', 'permission' => array('admin_forum'), 'icon' => 'transparent.png', 'class' => 'admin_img_packages', 'subsections' => array('browse' => array($txt['browse_packages']), 'installed' => array($txt['installed_packages']), 'perms' => array($txt['package_file_perms']), 'options' => array($txt['package_settings']), 'servers' => array($txt['download_packages']), 'upload' => array($txt['upload_packages']))), 'packageservers' => array('label' => $txt['package_servers'], 'file' => 'PackageServers.controller.php', 'controller' => 'PackageServers_Controller', 'function' => 'action_index', 'permission' => array('admin_forum'), 'icon' => 'transparent.png', 'class' => 'admin_img_packages', 'hidden' => true), 'search' => array('controller' => 'Admin_Controller', 'function' => 'action_search', 'permission' => array('admin_forum'), 'select' => 'index'), 'adminlogoff' => array('controller' => 'Admin_Controller', 'function' => 'action_endsession', 'label' => $txt['admin_logoff'], 'enabled' => empty($modSettings['securityDisable']), 'icon' => 'transparent.png', 'class' => 'admin_img_exit'))), 'config' => array('title' => $txt['admin_config'], 'permission' => array('admin_forum'), 'areas' => array('corefeatures' => array('label' => $txt['core_settings_title'], 'file' => 'CoreFeatures.controller.php', 'controller' => 'CoreFeatures_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_corefeatures'), 'featuresettings' => array('label' => $txt['modSettings_title'], 'file' => 'ManageFeatures.controller.php', 'controller' => 'ManageFeatures_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_features', 'subsections' => array('basic' => array($txt['mods_cat_features']), 'layout' => array($txt['mods_cat_layout']), 'pmsettings' => array($txt['personal_messages']), 'karma' => array($txt['karma'], 'enabled' => in_array('k', $context['admin_features'])), 'likes' => array($txt['likes'], 'enabled' => in_array('l', $context['admin_features'])), 'mention' => array($txt['mention']), 'sig' => array($txt['signature_settings_short']), 'profile' => array($txt['custom_profile_shorttitle'], 'enabled' => in_array('cp', $context['admin_features'])))), 'serversettings' => array('label' => $txt['admin_server_settings'], 'file' => 'ManageServer.controller.php', 'controller' => 'ManageServer_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_server', 'subsections' => array('general' => array($txt['general_settings']), 'database' => array($txt['database_paths_settings']), 'cookie' => array($txt['cookies_sessions_settings']), 'cache' => array($txt['caching_settings']), 'loads' => array($txt['load_balancing_settings']), 'phpinfo' => array($txt['phpinfo_settings']))), 'securitysettings' => array('label' => $txt['admin_security_moderation'], 'file' => 'ManageSecurity.controller.php', 'controller' => 'ManageSecurity_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_security', 'subsections' => array('general' => array($txt['mods_cat_security_general']), 'spam' => array($txt['antispam_title']), 'badbehavior' => array($txt['badbehavior_title']), 'moderation' => array($txt['moderation_settings_short'], 'enabled' => !empty($modSettings['warning_enable'])))), 'theme' => array('label' => $txt['theme_admin'], 'file' => 'ManageThemes.controller.php', 'controller' => 'ManageThemes_Controller', 'function' => 'action_index', 'custom_url' => $scripturl . '?action=admin;area=theme', 'icon' => 'transparent.png', 'class' => 'admin_img_themes', 'subsections' => array('admin' => array($txt['themeadmin_admin_title']), 'list' => array($txt['themeadmin_list_title']), 'reset' => array($txt['themeadmin_reset_title']), 'themelist' => array($txt['themeadmin_edit_title'], 'active' => array('edit', 'browse')), 'edit' => array($txt['themeadmin_edit_title'], 'enabled' => false), 'browse' => array($txt['themeadmin_edit_title'], 'enabled' => false))), 'current_theme' => array('label' => $txt['theme_current_settings'], 'file' => 'ManageThemes.controller.php', 'controller' => 'ManageThemes_Controller', 'function' => 'action_index', 'custom_url' => $scripturl . '?action=admin;area=theme;sa=list;th=' . $settings['theme_id'], 'icon' => 'transparent.png', 'class' => 'admin_img_current_theme'), 'languages' => array('label' => $txt['language_configuration'], 'file' => 'ManageLanguages.controller.php', 'controller' => 'ManageLanguages_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_languages', 'subsections' => array('edit' => array($txt['language_edit']), 'settings' => array($txt['language_settings']))), 'addonsettings' => array('label' => $txt['admin_modifications'], 'file' => 'AddonSettings.controller.php', 'controller' => 'AddonSettings_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_modifications', 'subsections' => array('general' => array($txt['mods_cat_modifications_misc']))))), 'layout' => array('title' => $txt['layout_controls'], 'permission' => array('manage_boards', 'admin_forum', 'manage_smileys', 'manage_attachments', 'moderate_forum'), 'areas' => array('manageboards' => array('label' => $txt['admin_boards'], 'file' => 'ManageBoards.controller.php', 'controller' => 'ManageBoards_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_boards', 'permission' => array('manage_boards'), 'subsections' => array('main' => array($txt['boardsEdit']), 'newcat' => array($txt['mboards_new_cat']), 'settings' => array($txt['settings'], 'admin_forum'))), 'postsettings' => array('label' => $txt['manageposts'], 'file' => 'ManagePosts.controller.php', 'controller' => 'ManagePosts_Controller', 'function' => 'action_index', 'permission' => array('admin_forum'), 'icon' => 'transparent.png', 'class' => 'admin_img_posts', 'subsections' => array('posts' => array($txt['manageposts_settings']), 'bbc' => array($txt['manageposts_bbc_settings']), 'censor' => array($txt['admin_censored_words']), 'topics' => array($txt['manageposts_topic_settings']))), 'smileys' => array('label' => $txt['smileys_manage'], 'file' => 'ManageSmileys.controller.php', 'controller' => 'ManageSmileys_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_smiley', 'permission' => array('manage_smileys'), 'subsections' => array('editsets' => array($txt['smiley_sets']), 'addsmiley' => array($txt['smileys_add'], 'enabled' => !empty($modSettings['smiley_enable'])), 'editsmileys' => array($txt['smileys_edit'], 'enabled' => !empty($modSettings['smiley_enable'])), 'setorder' => array($txt['smileys_set_order'], 'enabled' => !empty($modSettings['smiley_enable'])), 'editicons' => array($txt['icons_edit_message_icons'], 'enabled' => !empty($modSettings['messageIcons_enable'])), 'settings' => array($txt['settings']))), 'manageattachments' => array('label' => $txt['attachments_avatars'], 'file' => 'ManageAttachments.controller.php', 'controller' => 'ManageAttachments_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_attachment', 'permission' => array('manage_attachments'), 'subsections' => array('browse' => array($txt['attachment_manager_browse']), 'attachments' => array($txt['attachment_manager_settings']), 'avatars' => array($txt['attachment_manager_avatar_settings']), 'attachpaths' => array($txt['attach_directories']), 'maintenance' => array($txt['attachment_manager_maintenance']))), 'managesearch' => array('label' => $txt['manage_search'], 'file' => 'ManageSearch.controller.php', 'controller' => 'ManageSearch_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_search', 'permission' => array('admin_forum'), 'subsections' => array('weights' => array($txt['search_weights']), 'method' => array($txt['search_method']), 'managesphinx' => array($txt['search_sphinx']), 'settings' => array($txt['settings']))), 'managecalendar' => array('label' => $txt['manage_calendar'], 'file' => 'ManageCalendar.controller.php', 'controller' => 'ManageCalendar_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_calendar', 'permission' => array('admin_forum'), 'enabled' => in_array('cd', $context['admin_features']), 'subsections' => array('holidays' => array($txt['manage_holidays'], 'admin_forum', 'enabled' => !empty($modSettings['cal_enabled'])), 'settings' => array($txt['calendar_settings'], 'admin_forum'))), 'managedrafts' => array('label' => $txt['manage_drafts'], 'file' => 'ManageDrafts.controller.php', 'controller' => 'ManageDrafts_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_logs', 'permission' => array('admin_forum'), 'enabled' => in_array('dr', $context['admin_features'])))), 'members' => array('title' => $txt['admin_manage_members'], 'permission' => array('moderate_forum', 'manage_membergroups', 'manage_bans', 'manage_permissions', 'admin_forum'), 'areas' => array('viewmembers' => array('label' => $txt['admin_users'], 'file' => 'ManageMembers.controller.php', 'controller' => 'ManageMembers_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_members', 'permission' => array('moderate_forum'), 'subsections' => array('all' => array($txt['view_all_members']), 'search' => array($txt['mlist_search']))), 'membergroups' => array('label' => $txt['admin_groups'], 'file' => 'ManageMembergroups.controller.php', 'controller' => 'ManageMembergroups_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_membergroups', 'permission' => array('manage_membergroups'), 'subsections' => array('index' => array($txt['membergroups_edit_groups'], 'manage_membergroups'), 'add' => array($txt['membergroups_new_group'], 'manage_membergroups'), 'settings' => array($txt['settings'], 'admin_forum'))), 'permissions' => array('label' => $txt['edit_permissions'], 'file' => 'ManagePermissions.controller.php', 'controller' => 'ManagePermissions_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_permissions', 'permission' => array('manage_permissions'), 'subsections' => array('index' => array($txt['permissions_groups'], 'manage_permissions'), 'board' => array($txt['permissions_boards'], 'manage_permissions'), 'profiles' => array($txt['permissions_profiles'], 'manage_permissions'), 'postmod' => array($txt['permissions_post_moderation'], 'manage_permissions', 'enabled' => $modSettings['postmod_active']), 'settings' => array($txt['settings'], 'admin_forum'))), 'ban' => array('label' => $txt['ban_title'], 'file' => 'ManageBans.controller.php', 'controller' => 'ManageBans_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_ban', 'permission' => 'manage_bans', 'subsections' => array('list' => array($txt['ban_edit_list']), 'add' => array($txt['ban_add_new']), 'browse' => array($txt['ban_trigger_browse']), 'log' => array($txt['ban_log']))), 'regcenter' => array('label' => $txt['registration_center'], 'file' => 'ManageRegistration.controller.php', 'controller' => 'ManageRegistration_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_regcenter', 'permission' => array('admin_forum', 'moderate_forum'), 'subsections' => array('register' => array($txt['admin_browse_register_new'], 'moderate_forum'), 'agreement' => array($txt['registration_agreement'], 'admin_forum'), 'reservednames' => array($txt['admin_reserved_set'], 'admin_forum'), 'settings' => array($txt['settings'], 'admin_forum'))), 'sengines' => array('label' => $txt['search_engines'], 'enabled' => in_array('sp', $context['admin_features']), 'file' => 'ManageSearchEngines.controller.php', 'controller' => 'ManageSearchEngines_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_engines', 'permission' => 'admin_forum', 'subsections' => array('stats' => array($txt['spider_stats']), 'logs' => array($txt['spider_logs']), 'spiders' => array($txt['spiders']), 'settings' => array($txt['settings']))), 'paidsubscribe' => array('label' => $txt['paid_subscriptions'], 'enabled' => in_array('ps', $context['admin_features']), 'file' => 'ManagePaid.controller.php', 'controller' => 'ManagePaid_Controller', 'icon' => 'transparent.png', 'class' => 'admin_img_paid', 'function' => 'action_index', 'permission' => 'admin_forum', 'subsections' => array('view' => array($txt['paid_subs_view']), 'settings' => array($txt['settings']))))), 'maintenance' => array('title' => $txt['admin_maintenance'], 'permission' => array('admin_forum'), 'areas' => array('maintain' => array('label' => $txt['maintain_title'], 'file' => 'Maintenance.controller.php', 'controller' => 'Maintenance_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_maintain', 'subsections' => array('routine' => array($txt['maintain_sub_routine'], 'admin_forum'), 'database' => array($txt['maintain_sub_database'], 'admin_forum'), 'members' => array($txt['maintain_sub_members'], 'admin_forum'), 'topics' => array($txt['maintain_sub_topics'], 'admin_forum'), 'hooks' => array($txt['maintain_sub_hooks_list'], 'admin_forum'), 'attachments' => array($txt['maintain_sub_attachments'], 'admin_forum'))), 'logs' => array('label' => $txt['logs'], 'file' => 'AdminLog.controller.php', 'controller' => 'AdminLog_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_logs', 'subsections' => array('errorlog' => array($txt['errlog'], 'admin_forum', 'enabled' => !empty($modSettings['enableErrorLogging']), 'url' => $scripturl . '?action=admin;area=logs;sa=errorlog;desc'), 'adminlog' => array($txt['admin_log'], 'admin_forum', 'enabled' => in_array('ml', $context['admin_features'])), 'modlog' => array($txt['moderation_log'], 'admin_forum', 'enabled' => in_array('ml', $context['admin_features'])), 'banlog' => array($txt['ban_log'], 'manage_bans'), 'spiderlog' => array($txt['spider_logs'], 'admin_forum', 'enabled' => in_array('sp', $context['admin_features'])), 'tasklog' => array($txt['scheduled_log'], 'admin_forum'), 'badbehaviorlog' => array($txt['badbehavior_log'], 'admin_forum', 'enabled' => !empty($modSettings['badbehavior_enabled']), 'url' => $scripturl . '?action=admin;area=logs;sa=badbehaviorlog;desc'), 'pruning' => array($txt['pruning_title'], 'admin_forum'))), 'scheduledtasks' => array('label' => $txt['maintain_tasks'], 'file' => 'ManageScheduledTasks.controller.php', 'controller' => 'ManageScheduledTasks_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_scheduled', 'subsections' => array('tasks' => array($txt['maintain_tasks'], 'admin_forum'), 'tasklog' => array($txt['scheduled_log'], 'admin_forum'))), 'mailqueue' => array('label' => $txt['mailqueue_title'], 'file' => 'ManageMail.controller.php', 'controller' => 'ManageMail_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_mail', 'subsections' => array('browse' => array($txt['mailqueue_browse'], 'admin_forum'), 'settings' => array($txt['mailqueue_settings'], 'admin_forum'))), 'reports' => array('enabled' => in_array('rg', $context['admin_features']), 'label' => $txt['generate_reports'], 'file' => 'Reports.controller.php', 'controller' => 'Reports_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_reports'), 'repairboards' => array('label' => $txt['admin_repair'], 'file' => 'RepairBoards.controller.php', 'controller' => 'RepairBoards_Controller', 'function' => 'action_repairboards', 'select' => 'maintain', 'hidden' => true)))); // Any files to include for administration? call_integration_include_hook('integrate_admin_include'); $menuOptions = array('hook' => 'admin', 'default_include_dir' => ADMINDIR); // Actually create the menu! $admin_include_data = createMenu($admin_areas, $menuOptions); unset($admin_areas); // Nothing valid? if ($admin_include_data == false) { fatal_lang_error('no_access', false); } // Build the link tree. $context['linktree'][] = array('url' => $scripturl . '?action=admin', 'name' => $txt['admin_center']); if (isset($admin_include_data['current_area']) && $admin_include_data['current_area'] != 'index') { $context['linktree'][] = array('url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => $admin_include_data['label']); } if (!empty($admin_include_data['current_subsection']) && $admin_include_data['subsections'][$admin_include_data['current_subsection']][0] != $admin_include_data['label']) { $context['linktree'][] = array('url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';sa=' . $admin_include_data['current_subsection'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => $admin_include_data['subsections'][$admin_include_data['current_subsection']][0]); } // Make a note of the Unique ID for this menu. $context['admin_menu_id'] = $context['max_menu_id']; $context['admin_menu_name'] = 'menu_data_' . $context['admin_menu_id']; // Where in the admin are we? $context['admin_area'] = $admin_include_data['current_area']; // Now - finally - call the right place! if (isset($admin_include_data['file'])) { require_once $admin_include_data['file']; } callMenu($admin_include_data); }
function EnableCoreFeatures() { global $context, $smcFunc, $sourcedir, $modSettings, $txt; $context['xml_data'] = array(); // Just in case, maybe we don't need it loadLanguage('Errors'); // We need (at least) this to ensure that mod files are included if (!empty($modSettings['integrate_admin_include'])) { $admin_includes = explode(',', $modSettings['integrate_admin_include']); foreach ($admin_includes as $include) { $include = strtr(trim($include), array('$boarddir' => $boarddir, '$sourcedir' => $sourcedir, '$themedir' => $settings['theme_dir'])); if (file_exists($include)) { require_once $include; } } } $errors = array(); $returns = array(); $tokens = array(); if (allowedTo('admin_forum')) { $validation = validateSession(); if (empty($validation)) { require_once $sourcedir . '/ManageSettings.php'; $result = ModifyCoreFeatures(); if (empty($result)) { $id = isset($_POST['feature_id']) ? $_POST['feature_id'] : ''; if (!empty($id) && isset($context['features'][$id])) { $feature = $context['features'][$id]; $returns[] = array('value' => !empty($_POST['feature_' . $id]) && $feature['url'] ? '<a href="' . $feature['url'] . '">' . $feature['title'] . '</a>' : $feature['title']); createToken('admin-core', 'post'); $tokens = array(array('value' => $context['admin-core_token'], 'attributes' => array('type' => 'token_var')), array('value' => $context['admin-core_token_var'], 'attributes' => array('type' => 'token'))); } else { $errors[] = array('value' => $txt['feature_no_exists']); } } else { $errors[] = array('value' => $txt[$result]); } } else { $errors[] = array('value' => $txt[$validation]); } } else { $errors[] = array('value' => $txt['cannot_admin_forum']); } $context['sub_template'] = 'generic_xml'; $context['xml_data'] = array('corefeatures' => array('identifier' => 'corefeature', 'children' => $returns), 'tokens' => array('identifier' => 'token', 'children' => $tokens), 'errors' => array('identifier' => 'error', 'children' => $errors)); }
/** * Function to handle HTTP-GET-requests. * @param Array, $requestData are the requested data */ function get(array $requestData) { $logger = Logger::getLogger(basename(__FILE__)); if (validateSession()) { $logger->info("Session is valid."); header(HTTP_VERSION . ' ' . HTTP_200); return; } else { $headers = getallheaders(); if (isset($headers['sid'])) { session_write_close(); session_id($headers['sid']); session_start(); if (validateSession()) { header(HTTP_VERSION . ' ' . HTTP_200); return; } } $logger->info("Session is invalid."); header(HTTP_VERSION . ' ' . HTTP_401); } }
<?php session_start(); require "../mysql_config.php"; require "getLists.php"; mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die('Could not connect to MySQL server.'); mysql_select_db(DB_DATABASE); mysql_query("SET NAMES 'utf8'"); validateSession("../admin/autos.php"); if ($_GET["confirm"] == 1) { $abfrage = "SELECT personenid, adminid FROM Person, Admin WHERE email LIKE '" . $_SESSION["username"] . "' AND personenid=adminid;"; $ergebnis = mysql_query($abfrage); $row = mysql_fetch_array($ergebnis); if (mysql_num_rows($ergebnis) == 0) { header('Location: ../admin/autos.php'); } $id = $_GET["id"]; $abfrage = "DELETE FROM Auto WHERE id='{$id}'"; // echo $abfrage; mysql_query($abfrage); header("Location: ../admin/autos.php"); } ?> <script type="text/javascript"> var txt; var r = confirm("Das Auto wird jetzt gel\u00f6scht!"); if (r == true) { window.location = window.location.href+"&confirm=1"; } else { window.location = "../admin/autos.php";
function GetPicklistValues($username, $sessionid, $tablename) { global $current_user, $log, $adb; if (!validateSession($username, $sessionid)) { return null; } require_once "modules/Users/Users.php"; $seed_user = new Users(); $user_id = $seed_user->retrieve_user_id($username); $current_user = $seed_user; $current_user->retrieve_entity_info($user_id, 'Users'); require_once "include/utils/UserInfoUtil.php"; $roleid = fetchUserRole($user_id); checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php'); require 'user_privileges/user_privileges_' . $current_user->id . '.php'; if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { $query = "select " . $adb->sql_escape_string($tablename) . " from vtiger_" . $adb->sql_escape_string($tablename); $result1 = $adb->pquery($query, array()); for ($i = 0; $i < $adb->num_rows($result1); $i++) { $output[$i] = decode_html($adb->query_result($result1, $i, $tablename)); } } else { if (isPermitted("HelpDesk", "EditView") == "yes" && CheckFieldPermission($tablename, 'HelpDesk') == 'true') { $query = "select " . $adb->sql_escape_string($tablename) . " from vtiger_" . $adb->sql_escape_string($tablename) . " inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_" . $adb->sql_escape_string($tablename) . ".picklist_valueid where roleid=? and picklistid in (select picklistid from vtiger_" . $adb->sql_escape_string($tablename) . " ) order by sortid"; $result1 = $adb->pquery($query, array($roleid)); for ($i = 0; $i < $adb->num_rows($result1); $i++) { $output[$i] = decode_html($adb->query_result($result1, $i, $tablename)); } } else { $output[] = 'Not Accessible'; } } return $output; }
function get_service_list_values($id, $modulename, $sessionid, $only_mine = 'true') { require_once 'modules/Services/Services.php'; require_once 'include/utils/UserInfoUtil.php'; $adb = PearDatabase::getInstance(); $log = vglobal('log'); $log->debug("Entering customer portal Function get_service_list_values"); $check = checkModuleActive($modulename); if ($check == false) { return array("#MODULE INACTIVE#"); } $user = new Users(); $userid = getPortalUserid(); $current_user = $user->retrieveCurrentUserInfoFromFile($userid); //To avoid SQL injection we are type casting as well as bound the id variable $id = (int) vtlib_purify($id); $entity_ids_list = array(); $show_all = show_all($modulename); if (!validateSession($id, $sessionid)) { return null; } if ($only_mine == 'true' || $show_all == 'false') { array_push($entity_ids_list, $id); } else { $contactquery = "SELECT contactid, parentid FROM vtiger_contactdetails " . " INNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_contactdetails.contactid" . " AND vtiger_crmentity.deleted = 0 " . " WHERE (parentid = (SELECT parentid FROM vtiger_contactdetails WHERE contactid = ?) AND parentid != 0) OR contactid = ?"; $contactres = $adb->pquery($contactquery, array($id, $id)); $no_of_cont = $adb->num_rows($contactres); for ($i = 0; $i < $no_of_cont; $i++) { $cont_id = $adb->query_result($contactres, $i, 'contactid'); $acc_id = $adb->query_result($contactres, $i, 'parentid'); if (!in_array($cont_id, $entity_ids_list)) { $entity_ids_list[] = $cont_id; } if (!in_array($acc_id, $entity_ids_list) && $acc_id != '0') { $entity_ids_list[] = $acc_id; } } } $focus = new Services(); $focus->filterInactiveFields('Services'); foreach ($focus->list_fields as $fieldlabel => $values) { foreach ($values as $table => $fieldname) { $fields_list[$fieldlabel] = $fieldname; } } $fields_list['Related To'] = 'entityid'; $query = array(); $params = array(); $query[] = "select vtiger_service.*," . "case when vtiger_crmentityrel.crmid != vtiger_service.serviceid then vtiger_crmentityrel.crmid else vtiger_crmentityrel.relcrmid end as entityid, " . "'' as setype from vtiger_service " . "inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_service.serviceid " . "left join vtiger_crmentityrel on (vtiger_crmentityrel.relcrmid=vtiger_service.serviceid or vtiger_crmentityrel.crmid=vtiger_service.serviceid) " . "where vtiger_crmentity.deleted = 0 and " . "( vtiger_crmentityrel.crmid in (" . generateQuestionMarks($entity_ids_list) . ") OR " . "(vtiger_crmentityrel.relcrmid in (" . generateQuestionMarks($entity_ids_list) . ") AND vtiger_crmentityrel.module = 'Services')" . ")"; $params[] = array($entity_ids_list, $entity_ids_list); $checkQuotes = checkModuleActive('Quotes'); if ($checkQuotes == true) { $query[] = "select distinct vtiger_service.*,\n\t\t\tvtiger_quotes.accountid as entityid,\n\t\t\t'Accounts' as setype\n\t\t\tfrom vtiger_quotes INNER join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_quotes.quoteid\n\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_quotes.quoteid\n\t\t\tleft join vtiger_service on vtiger_service.serviceid = vtiger_inventoryproductrel.productid\n\t\t\twhere vtiger_inventoryproductrel.productid = vtiger_service.serviceid AND vtiger_crmentity.deleted=0 and accountid in (" . generateQuestionMarks($entity_ids_list) . ")"; $params[] = array($entity_ids_list); } $checkInvoices = checkModuleActive('Invoice'); if ($checkInvoices == true) { $query[] = "select distinct vtiger_service.*, vtiger_invoice.accountid as entityid, 'Accounts' as setype\n\t\t\tfrom vtiger_invoice\n\t\t\tINNER join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_invoice.invoiceid\n\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_invoice.invoiceid\n\t\t\tleft join vtiger_service on vtiger_service.serviceid = vtiger_inventoryproductrel.productid\n\t\t\twhere vtiger_inventoryproductrel.productid = vtiger_service.serviceid AND vtiger_crmentity.deleted=0 and accountid in (" . generateQuestionMarks($entity_ids_list) . ")"; $params[] = array($entity_ids_list, $entity_ids_list); } $ServicesfieldVisibilityPermissions = array(); foreach ($fields_list as $fieldlabel => $fieldname) { $ServicesfieldVisibilityPermissions[$fieldname] = getFieldVisibilityPermission('Services', $current_user->id, $fieldname); } $fieldValuesToRound = array('unit_price', 'commissionrate'); for ($k = 0; $k < count($query); $k++) { $res[$k] = $adb->pquery($query[$k], $params[$k]); $noofdata[$k] = $adb->num_rows($res[$k]); if ($noofdata[$k] == 0) { $output[$k][$modulename]['data'] = ''; } for ($j = 0; $j < $noofdata[$k]; $j++) { $i = 0; foreach ($fields_list as $fieldlabel => $fieldname) { $fieldper = $ServicesfieldVisibilityPermissions[$fieldname]; if ($fieldper == '1' && $fieldname != 'entityid') { continue; } $output[$k][$modulename]['head'][0][$i]['fielddata'] = Vtiger_Language_Handler::getTranslatedString($fieldlabel, 'Services', vglobal('default_language')); $fieldvalue = $adb->query_result($res[$k], $j, $fieldname); $fieldid = $adb->query_result($res[$k], $j, 'serviceid'); if (in_array($fieldname, $fieldValuesToRound)) { $fieldvalue = round($fieldvalue, 2); } if ($fieldname == 'entityid') { $crmid = $fieldvalue; $module = $adb->query_result($res[$k], $j, 'setype'); if ($module == '') { $module = $adb->query_result($adb->pquery("SELECT setype FROM vtiger_crmentity WHERE crmid = ?", array($crmid)), 0, 'setype'); } if ($crmid != '' && $module != '') { $fieldvalues = getEntityName($module, array($crmid)); if ($module == 'Contacts') { $fieldvalue = '<a href="index.php?module=Contacts&action=index&id=' . $crmid . '">' . $fieldvalues[$crmid] . '</a>'; } elseif ($module == 'Accounts') { $fieldvalue = '<a href="index.php?module=Accounts&action=index&id=' . $crmid . '">' . $fieldvalues[$crmid] . '</a>'; } } else { $fieldvalue = ''; } } if ($fieldname == 'servicename') { $fieldvalue = '<a href="index.php?module=Services&action=index&id=' . $fieldid . '">' . $fieldvalue . '</a>'; } if ($fieldname == 'unit_price') { $sym = getCurrencySymbol($res[$k], $j, 'currency_id'); $fieldvalue = $sym . $fieldvalue; } $output[$k][$modulename]['data'][$j][$i]['fielddata'] = $fieldvalue; $i++; } } } $log->debug("Exiting customerportal function get_product_list_values....."); return $output; }
function DeleteClndr($username, $session, $crmid) { if (!validateSession($username, $session)) { return null; } global $current_user; require_once 'modules/Users/Users.php'; require_once 'modules/Calendar/Activity.php'; $seed_user = new Users(); $user_id = $seed_user->retrieve_user_id($username); $current_user = $seed_user; $current_user->retrieve_entity_info($user_id, "Users"); $clndr = new Activity(); $clndr->id = $crmid; $clndr->mark_deleted($clndr->id); return $clndr->id; }
function TPadminIndex($tpsub = '', $module_admin = false) { global $txt, $context, $scripturl, $smcFunc; if (loadLanguage('TPortalAdmin') == false) { loadLanguage('TPortalAdmin', 'english'); } if ($module_admin) { // make sure tpadmin is still active $_GET['action'] = 'tpadmin'; } $context['admin_tabs'] = array(); $context['admin_header']['tp_news'] = $txt['tp-adminnews1']; $context['admin_header']['tp_settings'] = $txt['tp-adminheader1']; $context['admin_header']['tp_articles'] = $txt['tp-articles']; $context['admin_header']['tp_blocks'] = $txt['tp-adminpanels']; $context['admin_header']['tp_modules'] = $txt['tp-modules']; $context['admin_header']['tp_menubox'] = $txt['tp-menumanager']; $context['admin_header']['custom_modules'] = $txt['custom_modules']; if (allowedTo('tp_settings')) { $context['admin_tabs']['tp_news'] = array('news' => array('title' => $txt['tp-adminnews1'], 'description' => $txt['tp-adminnews2'], 'href' => $scripturl . '?action=tpadmin;sa=news', 'is_selected' => $tpsub == 'news')); } if (allowedTo('tp_settings')) { $context['admin_tabs']['tp_settings'] = array('settings' => array('title' => $txt['tp-settings'], 'description' => $txt['tp-settingdesc1'], 'href' => $scripturl . '?action=tpadmin;sa=settings', 'is_selected' => $tpsub == 'settings'), 'frontpage' => array('title' => $txt['tp-frontpage'], 'description' => $txt['tp-frontpagedesc1'], 'href' => $scripturl . '?action=tpadmin;sa=frontpage', 'is_selected' => $tpsub == 'frontpage')); } if (allowedTo('tp_articles')) { $context['admin_tabs']['tp_articles'] = array('articles' => array('title' => $txt['tp-articles'], 'description' => $txt['tp-articledesc1'], 'href' => $scripturl . '?action=tpadmin;sa=articles', 'is_selected' => substr($tpsub, 0, 11) == 'editarticle' || in_array($tpsub, array('articles', 'addarticle', 'addarticle_php', 'addarticle_bbc', 'addarticle_import', 'strays'))), 'categories' => array('title' => $txt['tp-tabs5'], 'description' => $txt['tp-articledesc2'], 'href' => $scripturl . '?action=tpadmin;sa=categories', 'is_selected' => in_array($tpsub, array('categories', 'addcategory', 'clist'))), 'artsettings' => array('title' => $txt['tp-settings'], 'description' => $txt['tp-articledesc3'], 'href' => $scripturl . '?action=tpadmin;sa=artsettings', 'is_selected' => $tpsub == 'artsettings'), 'submission' => array('title' => (isset($context['TPortal']['submissions']) && $context['TPortal']['submissions']) > 0 ? $txt['tp-tabs4'] . ' [' . $context['TPortal']['submissions'] . ']' : $txt['tp-tabs4'], 'description' => $txt['tp-articledesc4'], 'href' => $scripturl . '?action=tpadmin;sa=submission', 'is_selected' => $tpsub == 'submission'), 'icons' => array('title' => $txt['tp-adminicons'], 'description' => $txt['tp-articledesc5'], 'href' => $scripturl . '?action=tpadmin;sa=articons', 'is_selected' => $tpsub == 'articons')); } if (allowedTo('tp_blocks')) { $context['admin_tabs']['tp_blocks'] = array('panelsettings' => array('title' => $txt['tp-allpanels'], 'description' => $txt['tp-paneldesc1'], 'href' => $scripturl . '?action=tpadmin;sa=panels', 'is_selected' => $tpsub == 'panels'), 'blocks' => array('title' => $txt['tp-allblocks'], 'description' => $txt['tp-blocksdesc1'], 'href' => $scripturl . '?action=tpadmin;sa=blocks', 'is_selected' => $tpsub == 'blocks' && !isset($_GET['latest']) && !isset($_GET['overview'])), 'blockoverview' => array('title' => $txt['tp-blockoverview'], 'description' => '', 'href' => $scripturl . '?action=tpadmin;sa=blocks;overview', 'is_selected' => $tpsub == 'blocks' && isset($_GET['overview']))); } if (allowedTo('tp_settings')) { $context['admin_tabs']['tp_modules'] = array('modules' => array('title' => $txt['tp-modules'], 'description' => $txt['tp-moduledesc1'], 'href' => $scripturl . '?action=tpadmin;sa=modules', 'is_selected' => $tpsub == 'modules' && !isset($_GET['import']) && !isset($_GET['tags']))); } // collect modules and their permissions $result = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_modules WHERE 1', array()); if ($smcFunc['db_num_rows']($result) > 0) { while ($row = $smcFunc['db_fetch_assoc']($result)) { $context['TPortal']['admmodules'][] = $row; } $smcFunc['db_free_result']($result); } if (allowedTo('tp_blocks')) { $context['admin_tabs']['tp_menubox'] = array('menubox' => array('title' => $txt['tp-menumanager'], 'description' => '', 'href' => $scripturl . '?action=tpadmin;sa=menubox', 'is_selected' => in_array($tpsub, array('menubox', 'linkmanager'))), 'addmenu' => array('title' => isset($_GET['mid']) ? $txt['tp-addmenuitem'] : $txt['tp-addmenu'], 'description' => '', 'href' => isset($_GET['mid']) && is_numeric($_GET['mid']) ? $scripturl . '?action=tpadmin;sa=addmenu;mid=' . $_GET['mid'] : $scripturl . '?action=tpadmin;sa=addmenu;fullmenu', 'is_selected' => in_array($tpsub, array('addmenu')))); } TPsetupAdminAreas(); validateSession(); }
/** * Check that the session is active and valid for the user passed. * @param string $userid * @return User or Error */ function validateUserSession($userid) { global $USER, $LNG; $validateSession = validateSession($userid); if (strcmp($validateSession, $LNG->CORE_SESSION_OK) != 0) { $ERROR = new error(); $ERROR->createValidateSessionError($validateSession); return $ERROR; } $user = $USER; return $user; }
function ModifyProfile2() { global $txt, $modSettings; global $cookiename, $context; global $sourcedir, $scripturl, $db_prefix; global $ID_MEMBER, $user_info; global $context, $newpassemail, $user_profile, $validationCode; loadLanguage('Profile'); /* Set allowed sub-actions. The format of $sa_allowed is as follows: $sa_allowed = array( 'sub-action' => array(permission_array_for_editing_OWN_profile, permission_array_for_editing_ANY_profile, session_validation_method[, require_password]), ... ); */ $sa_allowed = array('account' => array(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own'), array('manage_membergroups', 'profile_identity_any'), 'post', true), 'forumProfile' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'theme' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'notification' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'pmprefs' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'deleteAccount' => array(array('profile_remove_any', 'profile_remove_own'), array('profile_remove_any'), 'post', true), 'activateAccount' => array(array(), array('moderate_forum'), 'get')); // Is the current sub-action allowed? if (empty($_REQUEST['sa']) || !isset($sa_allowed[$_REQUEST['sa']])) { fatal_lang_error(453, false); } checkSession($sa_allowed[$_REQUEST['sa']][2]); // Start with no updates and no errors. $profile_vars = array(); $post_errors = array(); // Normally, don't send an email. $newpassemail = false; // Clean up the POST variables. $_POST = htmltrim__recursive($_POST); $_POST = stripslashes__recursive($_POST); $_POST = htmlspecialchars__recursive($_POST); $_POST = addslashes__recursive($_POST); // Search for the member being edited and put the information in $user_profile. $memberResult = loadMemberData((int) $_REQUEST['userID'], false, 'profile'); if (!is_array($memberResult)) { fatal_lang_error(453, false); } list($memID) = $memberResult; // Are you modifying your own, or someone else's? if ($ID_MEMBER == $memID) { $context['user']['is_owner'] = true; } else { $context['user']['is_owner'] = false; validateSession(); } // Check profile editing permissions. isAllowedTo($sa_allowed[$_REQUEST['sa']][$context['user']['is_owner'] ? 0 : 1]); // If this is yours, check the password. if ($context['user']['is_owner'] && !empty($sa_allowed[$_REQUEST['sa']][3])) { // You didn't even enter a password! if (trim($_POST['oldpasswrd']) == '') { $post_errors[] = 'no_password'; } // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password $_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd']))); // Does the integration want to check passwords? $good_password = false; if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) { if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) { $good_password = true; } } // Bad password!!! if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) { $post_errors[] = 'bad_password'; } } // No need for the sub action array. unset($sa_allowed); // If the user is an admin - see if they are resetting someones username. if ($user_info['is_admin'] && isset($_POST['memberName'])) { // We'll need this... require_once $sourcedir . '/Subs-Auth.php'; // Do the reset... this will send them an email too. resetPassword($memID, $_POST['memberName']); } // Change the IP address in the database. if ($context['user']['is_owner']) { $profile_vars['memberIP'] = "'{$user_info['ip']}'"; } // Now call the sub-action function... if (isset($_POST['sa']) && $_POST['sa'] == 'deleteAccount') { deleteAccount2($profile_vars, $post_errors, $memID); if (empty($post_errors)) { redirectexit(); } } else { saveProfileChanges($profile_vars, $post_errors, $memID); } // There was a problem, let them try to re-enter. if (!empty($post_errors)) { // Load the language file so we can give a nice explanation of the errors. loadLanguage('Errors'); $context['post_errors'] = $post_errors; $_REQUEST['sa'] = $_POST['sa']; $_REQUEST['u'] = $memID; return ModifyProfile($post_errors); } if (!empty($profile_vars)) { // If we've changed the password, notify any integration that may be listening in. if (isset($profile_vars['passwd']) && isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) { call_user_func($modSettings['integrate_reset_pass'], $user_profile[$memID]['memberName'], $user_profile[$memID]['memberName'], $_POST['passwrd1']); } updateMemberData($memID, $profile_vars); } // What if this is the newest member? if ($modSettings['latestMember'] == $memID) { updateStats('member'); } elseif (isset($profile_vars['realName'])) { updateSettings(array('memberlist_updated' => time())); } // If the member changed his/her birthdate, update calendar statistics. if (isset($profile_vars['birthdate']) || isset($profile_vars['realName'])) { updateStats('calendar'); } // Send an email? if ($newpassemail) { require_once $sourcedir . '/Subs-Post.php'; // Send off the email. sendmail($_POST['emailAddress'], $txt['activate_reactivate_title'] . ' ' . $context['forum_name'], "{$txt['activate_reactivate_mail']}\n\n" . "{$scripturl}?action=activate;u={$memID};code={$validationCode}\n\n" . "{$txt['activate_code']}: {$validationCode}\n\n" . $txt[130]); // Log the user out. db_query("\n\t\t\tDELETE FROM {$db_prefix}log_online\n\t\t\tWHERE ID_MEMBER = {$memID}", __FILE__, __LINE__); $_SESSION['log_time'] = 0; $_SESSION['login_' . $cookiename] = serialize(array(0, '', 0)); if (isset($_COOKIE[$cookiename])) { $_COOKIE[$cookiename] = ''; } loadUserSettings(); $context['user']['is_logged'] = false; $context['user']['is_guest'] = true; // Send them to the done-with-registration-login screen. loadTemplate('Register'); $context += array('page_title' => &$txt[79], 'sub_template' => 'after', 'description' => &$txt['activate_changed_email']); return; } elseif ($context['user']['is_owner']) { // Log them back in. if (isset($_POST['passwrd1']) && $_POST['passwrd1'] != '') { require_once $sourcedir . '/Subs-Auth.php'; setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt'])); } loadUserSettings(); writeLog(); } // Back to same subaction page.. redirectexit('action=profile;u=' . $memID . ';sa=' . $_REQUEST['sa'], isset($_POST['passwrd1']) && $context['server']['needs_login_fix'] || $context['browser']['is_ie'] && isset($_FILES['attachment'])); }
function adminIndex($area) { global $txt, $context, $scripturl, $sc, $modSettings, $user_info, $settings; // Load the language and templates.... loadLanguage('Admin'); loadTemplate('Admin'); // Admin area 'Main'. $context['admin_areas']['forum'] = array('title' => $txt[427], 'areas' => array('index' => '<a href="' . $scripturl . '?action=admin">' . $txt[208] . '</a>', 'credits' => '<a href="' . $scripturl . '?action=admin;credits">' . $txt['support_credits_title'] . '</a>')); if (allowedTo(array('edit_news', 'send_mail', 'admin_forum'))) { $context['admin_areas']['forum']['areas']['news'] = '<a href="' . $scripturl . '?action=news">' . $txt['news_title'] . '</a>'; } if (allowedTo('admin_forum')) { $context['admin_areas']['forum']['areas']['manage_packages'] = '<a href="' . $scripturl . '?action=packages">' . $txt['package1'] . '</a>'; } // Admin area 'Configuration'. if (allowedTo('admin_forum')) { $context['admin_areas']['config'] = array('title' => $txt[428], 'areas' => array('edit_mods_settings' => '<a href="' . $scripturl . '?action=featuresettings">' . $txt['modSettings_title'] . '</a>', 'edit_settings' => '<a href="' . $scripturl . '?action=serversettings;sesc=' . $sc . '">' . $txt[222] . '</a>', 'edit_theme_settings' => '<a href="' . $scripturl . '?action=theme;sa=settings;th=' . $settings['theme_id'] . ';sesc=' . $sc . '">' . $txt['theme_current_settings'] . '</a>', 'manage_themes' => '<a href="' . $scripturl . '?action=theme;sa=admin;sesc=' . $sc . '">' . $txt['theme_admin'] . '</a>')); } // Admin area 'Forum'. if (allowedTo(array('manage_boards', 'admin_forum', 'manage_smileys', 'manage_attachments', 'moderate_forum'))) { $context['admin_areas']['layout'] = array('title' => $txt['layout_controls'], 'areas' => array()); if (allowedTo('manage_boards')) { $context['admin_areas']['layout']['areas']['manage_boards'] = '<a href="' . $scripturl . '?action=manageboards">' . $txt[4] . '</a>'; } if (allowedTo(array('admin_forum', 'moderate_forum'))) { $context['admin_areas']['layout']['areas']['posts_and_topics'] = '<a href="' . $scripturl . '?action=postsettings">' . $txt['manageposts'] . '</a>'; } if (allowedTo('admin_forum')) { $context['admin_areas']['layout']['areas']['manage_calendar'] = '<a href="' . $scripturl . '?action=managecalendar">' . $txt['manage_calendar'] . '</a>'; $context['admin_areas']['layout']['areas']['manage_search'] = '<a href="' . $scripturl . '?action=managesearch">' . $txt['manage_search'] . '</a>'; } if (allowedTo('manage_smileys')) { $context['admin_areas']['layout']['areas']['manage_smileys'] = '<a href="' . $scripturl . '?action=smileys">' . $txt['smileys_manage'] . '</a>'; } if (allowedTo('manage_attachments')) { $context['admin_areas']['layout']['areas']['manage_attachments'] = '<a href="' . $scripturl . '?action=manageattachments">' . $txt['smf201'] . '</a>'; } } // Admin area 'Members'. if (allowedTo(array('moderate_forum', 'manage_membergroups', 'manage_bans', 'manage_permissions', 'admin_forum'))) { $context['admin_areas']['members'] = array('title' => $txt[426], 'areas' => array()); if (allowedTo('moderate_forum')) { $context['admin_areas']['members']['areas']['view_members'] = '<a href="' . $scripturl . '?action=viewmembers">' . $txt[5] . '</a>'; } if (allowedTo('manage_membergroups')) { $context['admin_areas']['members']['areas']['edit_groups'] = '<a href="' . $scripturl . '?action=membergroups;">' . $txt[8] . '</a>'; } if (allowedTo('manage_permissions')) { $context['admin_areas']['members']['areas']['edit_permissions'] = '<a href="' . $scripturl . '?action=permissions">' . $txt['edit_permissions'] . '</a>'; } if (allowedTo(array('admin_forum', 'moderate_forum'))) { $context['admin_areas']['members']['areas']['registration_center'] = '<a href="' . $scripturl . '?action=regcenter">' . $txt['registration_center'] . '</a>'; } if (allowedTo('manage_bans')) { $context['admin_areas']['members']['areas']['ban_members'] = '<a href="' . $scripturl . '?action=ban">' . $txt['ban_title'] . '</a>'; } } // Admin area 'Maintenance Controls'. if (allowedTo('admin_forum')) { $context['admin_areas']['maintenance'] = array('title' => $txt[501], 'areas' => array('maintain_forum' => '<a href="' . $scripturl . '?action=maintain">' . $txt['maintain_title'] . '</a>', 'generate_reports' => '<a href="' . $scripturl . '?action=reports">' . $txt['generate_reports'] . '</a>', 'view_errors' => '<a href="' . $scripturl . '?action=viewErrorLog;desc">' . $txt['errlog1'] . '</a>')); if (!empty($modSettings['modlog_enabled'])) { $context['admin_areas']['maintenance']['areas']['view_moderation_log'] = '<a href="' . $scripturl . '?action=modlog">' . $txt['modlog_view'] . '</a>'; } } // Make sure the administrator has a valid session... validateSession(); // Figure out which one we're in now... foreach ($context['admin_areas'] as $id => $section) { if (isset($section[$area])) { $context['admin_section'] = $id; } } $context['admin_area'] = $area; // obExit will know what to do! $context['template_layers'][] = 'admin'; }
function char_edit() { global $context, $smcFunc, $txt, $sourcedir, $user_info, $modSettings; // If they don't have permission to be here, goodbye. if (!$context['character']['editable']) { redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character']); } $context['character']['title_editable'] = !empty($modSettings['titlesEnable']) && allowedTo('admin_forum'); $context['sub_template'] = 'edit_char'; loadJavascriptFile('chars.js', array('default_theme' => true), 'chars'); $context['character']['groups_editable'] = false; if (allowedTo('manage_membergroups') && !$context['character']['is_main']) { $context['character']['groups_editable'] = true; profileLoadCharGroups(); } require_once $sourcedir . '/Subs-Post.php'; require_once $sourcedir . '/Profile-Modify.php'; profileLoadSignatureData(); $context['form_errors'] = []; if (isset($_POST['edit_char'])) { validateSession(); validateToken('edit-char' . $context['character']['id_character'], 'post'); $changes = []; $new_name = !empty($_POST['char_name']) ? $smcFunc['htmlspecialchars'](trim($_POST['char_name']), ENT_QUOTES) : ''; if ($new_name == '') { $context['form_errors'][] = $txt['char_error_character_must_have_name']; } elseif ($new_name != $context['character']['character_name']) { // Check if the name already exists. $result = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}characters WHERE character_name LIKE {string:new_name} AND id_character != {int:char}', array('new_name' => $new_name, 'char' => $context['character']['id_character'])); list($matching_names) = $smcFunc['db_fetch_row']($result); $smcFunc['db_free_result']($result); if ($matching_names) { $context['form_errors'][] = $txt['char_error_duplicate_character_name']; } else { $changes['character_name'] = $new_name; } } if ($context['character']['title_editable']) { $new_title = isset($_POST['char_title']) ? $_POST['char_title'] : ''; preparsecode($new_title); if ($new_title != $context['character']['char_title']) { $changes['char_title'] = $new_title; } } if ($context['character']['groups_editable']) { // Editing groups is a little bit complicated. $new_id_group = isset($_POST['id_group'], $context['member_groups'][$_POST['id_group']]) && $context['member_groups'][$_POST['id_group']]['can_be_primary'] ? (int) $_POST['id_group'] : $context['character']['main_char_group']; $new_char_groups = []; if (isset($_POST['additional_groups']) && is_array($_POST['additional_groups'])) { foreach ($_POST['additional_groups'] as $id_group) { if (!isset($context['member_groups'][$id_group])) { continue; } if (!$context['member_groups'][$id_group]['can_be_additional']) { continue; } if ($id_group == $new_id_group) { continue; } $new_char_groups[] = (int) $id_group; } } $new_char_groups = implode(',', $new_char_groups); if ($new_id_group != $context['character']['main_char_group']) { $changes['main_char_group'] = $new_id_group; } if ($new_char_groups != $context['character']['char_groups']) { $changes['char_groups'] = $new_char_groups; } } $new_age = !empty($_POST['age']) ? $smcFunc['htmlspecialchars'](trim($_POST['age']), ENT_QUOTES) : ''; if ($new_age != $context['character']['age']) { $changes['age'] = $new_age; } $new_avatar = !empty($_POST['avatar']) ? trim($_POST['avatar']) : ''; $validatable_avatar = strpos($new_avatar, 'http') !== 0 ? 'http://' . $new_avatar : $new_avatar; // filter_var doesn't like // URLs if ($new_avatar != $context['character']['avatar']) { if (filter_var($validatable_avatar, FILTER_VALIDATE_URL)) { $size = get_avatar_url_size($new_avatar); if (!$size) { $context['form_errors'][] = $txt['char_error_avatar_link_invalid']; } elseif (!empty($modSettings['avatar_max_width_external'])) { if ($size[0] > $modSettings['avatar_max_width_external'] || $size[1] > $modSettings['avatar_max_height_external']) { $txt['char_error_avatar_oversize'] = sprintf($txt['char_error_avatar_oversize'], $size[0], $size[1], $modSettings['avatar_max_width_external'], $modSettings['avatar_max_height_external']); $context['form_errors'][] = $txt['char_error_avatar_oversize']; } else { $changes['avatar'] = $new_avatar; } } else { $changes['avatar'] = $new_avatar; } } elseif ($new_avatar != '') { $context['form_errors'][] = $txt['char_error_avatar_must_be_real_url']; } } $new_sig = !empty($_POST['char_signature']) ? $smcFunc['htmlspecialchars']($_POST['char_signature'], ENT_QUOTES) : ''; $valid_sig = profileValidateSignature($new_sig); if ($valid_sig === true) { $changes['signature'] = $new_sig; } else { $context['form_errors'][] = $valid_sig; } if (!empty($changes) && empty($context['form_errors'])) { if ($context['character']['is_main']) { if (isset($changes['character_name'])) { updateMemberData($context['id_member'], array('real_name' => $changes['character_name'])); } } if (!empty($modSettings['userlog_enabled'])) { $rows = []; foreach ($changes as $key => $new_value) { $change_array = array('previous' => $context['character'][$key], 'new' => $changes[$key], 'applicator' => $context['user']['id'], 'member_affected' => $context['id_member'], 'id_character' => $context['character']['id_character'], 'character_name' => !empty($changes['character_name']) ? $changes['character_name'] : $context['character']['character_name']); if ($key == 'main_char_group') { $change_array['previous'] = $context['member_groups'][$context['character'][$key]]['name']; $change_array['new'] = $context['member_groups'][$changes[$key]]['name']; } if ($key == 'char_groups') { $previous = []; $new = []; foreach (explode(',', $context['character']['char_groups']) as $id_group) { if (isset($context['member_groups'][$id_group])) { $previous[] = $context['member_groups'][$id_group]['name']; } } foreach (explode(',', $changes['char_groups']) as $id_group) { if (isset($context['member_groups'][$id_group])) { $new[] = $context['member_groups'][$id_group]['name']; } } $change_array['previous'] = implode(', ', $previous); $change_array['new'] = implode(', ', $new); } $rows[] = array('id_log' => 2, 'log_time' => time(), 'id_member' => $context['id_member'], 'ip' => $user_info['ip'], 'action' => $context['character']['is_main'] && $key == 'character_name' ? 'real_name' : 'char_' . $key, 'id_board' => 0, 'id_topic' => 0, 'id_msg' => 0, 'extra' => json_encode($change_array)); } if (!empty($rows)) { $smcFunc['db_insert']('insert', '{db_prefix}log_actions', array('id_log' => 'int', 'log_time' => 'int', 'id_member' => 'int', 'ip' => 'inet', 'action' => 'string', 'id_board' => 'int', 'id_topic' => 'int', 'id_msg' => 'int', 'extra' => 'string'), $rows, []); } } updateCharacterData($context['character']['id_character'], $changes); $_SESSION['char_updated'] = true; redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character'] . ';sa=edit'); } // Put the new values back in for the form $context['character'] = array_merge($context['character'], $changes); if (isset($changes['main_char_group']) || isset($changes['char_groups'])) { foreach (array_keys($context['member_groups']) as $id_group) { $context['member_groups']['is_primary'] = $id_group == $new_id_group; $context['member_groups']['is_additional'] = in_array($id_group, $new_char_groups); } } } $form_value = !empty($context['character']['signature']) ? $context['character']['signature'] : ''; // Get it ready for the editor. $form_value = un_preparsecode($form_value); censorText($form_value); $form_value = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_value); $context['character']['char_title_raw'] = un_preparsecode($context['character']['char_title']); require_once $sourcedir . '/Subs-Editor.php'; $editorOptions = array('id' => 'char_signature', 'value' => $form_value, 'disable_smiley_box' => false, 'labels' => [], 'height' => '200px', 'width' => '80%', 'preview_type' => 0, 'required' => true); create_control_richedit($editorOptions); addInlineJavascript(' function update_preview() { if ($("#avatar").val() == "") { $("#avatar_preview").html(' . JavaScriptEscape($txt['no_avatar_yet']) . '); } else { $("#avatar_preview").html(\'<img src="\' + $("#avatar").val() + \'" class="avatar" alt="" />\'); } } $(document).ready(function() { update_preview(); }); $("#avatar").on("blur", function() { update_preview(); });', true); createToken('edit-char' . $context['character']['id_character'], 'post'); $context['char_updated'] = !empty($_SESSION['char_updated']); unset($_SESSION['char_updated']); }
if (isset($_GET['reset'])) { header('Location: ./?session=' . $_GET['session']); } if (isset($_GET['del']) && strtolower($_GET['del']) === 'delete') { $dbConnection = new mysqli('localhost', 'chronoWrite', 'password', 'chronosynk'); $stmt = $dbConnection->prepare('delete from session where sessionID = ?'); $stmt->bind_param('i', $_GET['session']); $stmt->execute(); header('Location: /chronosynk/sessions/'); } if (isset($_GET['editSession'])) { include_once $_SERVER['DOCUMENT_ROOT'] . '/chronosynk/includes/methods.php'; $dbConnection = new mysqli('localhost', 'chronoWrite', 'password', 'chronosynk'); //start prepared statement //$title, $description, $startDate, $startHour, $startMinute, $startPeriod, $endDate, $endHour, $endMinute, $endPeriod, $visibility, $cap) $validate = validateSession($_GET['title'], $_GET['description'], $_GET['startDate'], $_GET['startHour'], $_GET['startMinute'], $_GET['startPeriod'], $_GET['endDate'], $_GET['endHour'], $_GET['endMinute'], $_GET['endPeriod'], $_GET['visibility'], $_GET['cap']); $formatInputToDateTime = 'm/d/Y h i A'; if (!$validate['startDate']) { $startDate = date_format(date_create_from_format($formatInputToDateTime, $_GET['startDate'] . ' ' . $_GET['startHour'] . ' ' . $_GET['startMinute'] . ' ' . $_GET['startPeriod']), 'Y/m/d H:i:s'); } if (!$validate['endDate']) { $endDate = date_format(date_create_from_format($formatInputToDateTime, $_GET['endDate'] . ' ' . $_GET['endHour'] . ' ' . $_GET['endMinute'] . ' ' . $_GET['endPeriod']), 'Y/m/d H:i:s'); } $valid = true; $editSessionErrMsg = ''; for ($i = 0; $i < sizeof($validate['fields']); $i++) { if (!empty($validate[$validate['fields'][$i]])) { $editSessionErrMsg .= $validate[$validate['fields'][$i]] . '<br/>'; $valid = false; } }
/** * A menu to easily access different areas of the PM section * * @param string $area */ function messageIndexBar($area) { global $txt, $context, $scripturl, $sourcedir, $sc, $modSettings, $settings, $user_info, $options; $pm_areas = array('folders' => array('title' => $txt['pm_messages'], 'areas' => array('send' => array('label' => $txt['new_message'], 'custom_url' => $scripturl . '?action=pm;sa=send', 'permission' => allowedTo('pm_send')), 'inbox' => array('label' => $txt['inbox'], 'custom_url' => $scripturl . '?action=pm'), 'sent' => array('label' => $txt['sent_items'], 'custom_url' => $scripturl . '?action=pm;f=sent'), 'drafts' => array('label' => $txt['drafts_show'], 'custom_url' => $scripturl . '?action=pm;sa=showpmdrafts', 'permission' => allowedTo('pm_draft'), 'enabled' => !empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled'])))), 'labels' => array('title' => $txt['pm_labels'], 'areas' => array()), 'actions' => array('title' => $txt['pm_actions'], 'areas' => array('search' => array('label' => $txt['pm_search_bar_title'], 'custom_url' => $scripturl . '?action=pm;sa=search'), 'prune' => array('label' => $txt['pm_prune'], 'custom_url' => $scripturl . '?action=pm;sa=prune'))), 'pref' => array('title' => $txt['pm_preferences'], 'areas' => array('manlabels' => array('label' => $txt['pm_manage_labels'], 'custom_url' => $scripturl . '?action=pm;sa=manlabels'), 'manrules' => array('label' => $txt['pm_manage_rules'], 'custom_url' => $scripturl . '?action=pm;sa=manrules'), 'settings' => array('label' => $txt['pm_settings'], 'custom_url' => $scripturl . '?action=pm;sa=settings')))); // Handle labels. if (empty($context['currently_using_labels'])) { unset($pm_areas['labels']); } else { // Note we send labels by id as it will have less problems in the querystring. $unread_in_labels = 0; foreach ($context['labels'] as $label) { if ($label['id'] == -1) { continue; } // Count the amount of unread items in labels. $unread_in_labels += $label['unread_messages']; // Add the label to the menu. $pm_areas['labels']['areas']['label' . $label['id']] = array('label' => $label['name'] . (!empty($label['unread_messages']) ? ' (<strong>' . $label['unread_messages'] . '</strong>)' : ''), 'custom_url' => $scripturl . '?action=pm;l=' . $label['id'], 'unread_messages' => $label['unread_messages'], 'messages' => $label['messages']); } if (!empty($unread_in_labels)) { $pm_areas['labels']['title'] .= ' (' . $unread_in_labels . ')'; } } $pm_areas['folders']['areas']['inbox']['unread_messages'] =& $context['labels'][-1]['unread_messages']; $pm_areas['folders']['areas']['inbox']['messages'] =& $context['labels'][-1]['messages']; if (!empty($context['labels'][-1]['unread_messages'])) { $pm_areas['folders']['areas']['inbox']['label'] .= ' (<strong>' . $context['labels'][-1]['unread_messages'] . '</strong>)'; $pm_areas['folders']['title'] .= ' (' . $context['labels'][-1]['unread_messages'] . ')'; } // Do we have a limit on the amount of messages we can keep? if (!empty($context['message_limit'])) { $bar = round($user_info['messages'] * 100 / $context['message_limit'], 1); $context['limit_bar'] = array('messages' => $user_info['messages'], 'allowed' => $context['message_limit'], 'percent' => $bar, 'bar' => $bar > 100 ? 100 : (int) $bar, 'text' => sprintf($txt['pm_currently_using'], $user_info['messages'], $bar)); } require_once $sourcedir . '/Subs-Menu.php'; // What page is this, again? $current_page = $scripturl . '?action=pm' . (!empty($_REQUEST['sa']) ? ';sa=' . $_REQUEST['sa'] : '') . (!empty($context['folder']) ? ';f=' . $context['folder'] : '') . (!empty($context['current_label_id']) ? ';l=' . $context['current_label_id'] : ''); // Set a few options for the menu. $menuOptions = array('current_area' => $area, 'disable_url_session_check' => true); // Actually create the menu! $pm_include_data = createMenu($pm_areas, $menuOptions); unset($pm_areas); // No menu means no access. if (!$pm_include_data && (!$user_info['is_guest'] || validateSession())) { fatal_lang_error('no_access', false); } // Make a note of the Unique ID for this menu. $context['pm_menu_id'] = $context['max_menu_id']; $context['pm_menu_name'] = 'menu_data_' . $context['pm_menu_id']; // Set the selected item. $current_area = $pm_include_data['current_area']; $context['menu_item_selected'] = $current_area; // Set the template for this area and add the profile layer. if (!WIRELESS && !isset($_REQUEST['xml'])) { $context['template_layers'][] = 'pm'; } }
$query = 'insert all '; for ($i = 0; $i < sizeof($tags); $i++) { $query .= 'into tag (' }// INTO suppliers (supplier_id, supplier_name) VALUES (1000, 'IBM') $stmt = $dbConnection->prepare(''); }*/ //header('Location: ./'); } } //code to search through sessions if (isset($_GET['search'])) { //'title', 'description', 'sSDate', 'sSHr', 'sSMin', 'sSPer', 'sEDate', 'sEHr', 'sEMin', 'sEPer', 'cap', 'visibility', 'tags'); //parameters that don't need validated are given bogus information such as aaaaa since searching for a title does not need to be 5-50 characters $validate = validateSession('aaaaa', '', $_GET['sSDate'], $_GET['sSHr'], $_GET['sSMin'], $_GET['sSPer'], $_GET['sEDate'], $_GET['sEHr'], $_GET['sEMin'], $_GET['sEPer'], 0, $_GET['cap']); $formatInputToDateTime = 'm/d/Y h i a'; if (!$validate['startDate']) { $startDate = date_format(date_create_from_format($formatInputToDateTime, $_GET['sSDate'] . ' ' . $_GET['sSHr'] . ' ' . $_GET['sSMin'] . ' ' . $_GET['sSPer']), 'Y-m-d H:i:s'); } if (!$validate['endDate']) { $endDate = date_format(date_create_from_format($formatInputToDateTime, $_GET['sEDate'] . ' ' . $_GET['sEHr'] . ' ' . $_GET['sEMin'] . ' ' . $_GET['sEPer']), 'Y-m-d H:i:s'); } //if start/end dates are blank, dont send error message if (empty($_GET['startDate'])) { $validate['startDate'] = ''; } if (empty($_GET['endDate'])) { $validate['endDate'] = ''; } $valid = true;
<?php session_start(); require "../mysql_config.php"; require "getLists.php"; mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die('Could not connect to MySQL server.'); mysql_select_db(DB_DATABASE); mysql_query("SET NAMES 'utf8'"); validateSession("../admin/hotels.php"); if ($_GET["confirm"] == 1) { $id = $_GET["id"]; $abfrage = "DELETE FROM Hotel WHERE id='{$id}'"; // echo $abfrage; mysql_query($abfrage); header("Location: ../admin/hotels.php"); } ?> <script type="text/javascript"> var txt; var r = confirm("Das Hotel wird jetzt gel\u00f6scht!"); if (r == true) { window.location = window.location.href+"&confirm=1"; } else { window.location = "../admin/hotels.php"; } </script>
function ModifyProfile($post_errors = array()) { global $txt, $scripturl, $user_info, $context, $sourcedir, $user_profile, $cur_profile; global $modSettings, $memberContext, $profile_vars, $smcFunc, $post_errors, $options, $user_settings; // Don't reload this as we may have processed error strings. if (empty($post_errors)) { loadLanguage('Profile'); } loadTemplate('Profile'); require_once $sourcedir . '/Subs-Menu.php'; // Did we get the user by name... if (isset($_REQUEST['user'])) { $memberResult = loadMemberData($_REQUEST['user'], true, 'profile'); } elseif (!empty($_REQUEST['u'])) { $memberResult = loadMemberData((int) $_REQUEST['u'], false, 'profile'); } else { $memberResult = loadMemberData($user_info['id'], false, 'profile'); } // Check if loadMemberData() has returned a valid result. if (!is_array($memberResult)) { fatal_lang_error('not_a_user', false); } // If all went well, we have a valid member ID! list($memID) = $memberResult; $context['id_member'] = $memID; $cur_profile = $user_profile[$memID]; // Let's have some information about this member ready, too. loadMemberContext($memID); $context['member'] = $memberContext[$memID]; // Is this the profile of the user himself or herself? $context['user']['is_owner'] = $memID == $user_info['id']; /* Define all the sections within the profile area! We start by defining the permission required - then SMF takes this and turns it into the relevant context ;) Possible fields: For Section: string $title: Section title. array $areas: Array of areas within this section. For Areas: string $label: Text string that will be used to show the area in the menu. string $file: Optional text string that may contain a file name that's needed for inclusion in order to display the area properly. string $custom_url: Optional href for area. string $function: Function to execute for this section. bool $enabled: Should area be shown? string $sc: Session check validation to do on save - note without this save will get unset - if set. bool $hidden: Does this not actually appear on the menu? bool $password: Whether to require the user's password in order to save the data in the area. array $subsections: Array of subsections, in order of appearance. array $permission: Array of permissions to determine who can access this area. Should contain arrays $own and $any. */ $profile_areas = array('info' => array('title' => $txt['profileInfo'], 'areas' => array('summary' => array('label' => $txt['summary'], 'file' => 'Profile-View.php', 'function' => 'summary', 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'statistics' => array('label' => $txt['statPanel'], 'file' => 'Profile-View.php', 'function' => 'statPanel', 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'showposts' => array('label' => $txt['showPosts'], 'file' => 'Profile-View.php', 'function' => 'showPosts', 'subsections' => array('messages' => array($txt['showMessages'], array('profile_view_own', 'profile_view_any')), 'topics' => array($txt['showTopics'], array('profile_view_own', 'profile_view_any')), 'attach' => array($txt['showAttachments'], array('profile_view_own', 'profile_view_any'))), 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'permissions' => array('label' => $txt['showPermissions'], 'file' => 'Profile-View.php', 'function' => 'showPermissions', 'permission' => array('own' => 'manage_permissions', 'any' => 'manage_permissions')), 'tracking' => array('label' => $txt['trackUser'], 'file' => 'Profile-View.php', 'function' => 'tracking', 'subsections' => array('activity' => array($txt['trackActivity'], 'moderate_forum'), 'ip' => array($txt['trackIP'], 'moderate_forum'), 'edits' => array($txt['trackEdits'], 'moderate_forum')), 'permission' => array('own' => 'moderate_forum', 'any' => 'moderate_forum')), 'viewwarning' => array('label' => $txt['profile_view_warnings'], 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && $cur_profile['warning'] && $context['user']['is_owner'] && !empty($modSettings['warning_show']), 'file' => 'Profile-View.php', 'function' => 'viewWarning', 'permission' => array('own' => 'profile_view_own', 'any' => 'issue_warning')))), 'edit_profile' => array('title' => $txt['profileEdit'], 'areas' => array('account' => array('label' => $txt['account'], 'file' => 'Profile-Modify.php', 'function' => 'account', 'enabled' => $context['user']['is_admin'] || $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])), 'sc' => 'post', 'password' => true, 'permission' => array('own' => array('profile_identity_any', 'profile_identity_own', 'manage_membergroups'), 'any' => array('profile_identity_any', 'manage_membergroups'))), 'forumprofile' => array('label' => $txt['forumprofile'], 'file' => 'Profile-Modify.php', 'function' => 'forumProfile', 'sc' => 'post', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own', 'profile_title_own', 'profile_title_any'), 'any' => array('profile_extra_any', 'profile_title_any'))), 'theme' => array('label' => $txt['theme'], 'file' => 'Profile-Modify.php', 'function' => 'theme', 'sc' => 'post', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'authentication' => array('label' => $txt['authentication'], 'file' => 'Profile-Modify.php', 'function' => 'authentication', 'enabled' => !empty($modSettings['enableOpenID']) || !empty($cur_profile['openid_uri']), 'sc' => 'post', 'hidden' => empty($modSettings['enableOpenID']) && empty($cur_profile['openid_uri']), 'password' => true, 'permission' => array('own' => array('profile_identity_any', 'profile_identity_own'), 'any' => array('profile_identity_any'))), 'notification' => array('label' => $txt['notification'], 'file' => 'Profile-Modify.php', 'function' => 'notification', 'sc' => 'post', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'pmprefs' => array('label' => $txt['pmprefs'], 'file' => 'Profile-Modify.php', 'function' => 'pmprefs', 'enabled' => allowedTo(array('profile_extra_own', 'profile_extra_any')), 'sc' => 'post', 'permission' => array('own' => array('pm_read'), 'any' => array('profile_extra_any'))), 'ignoreboards' => array('label' => $txt['ignoreboards'], 'file' => 'Profile-Modify.php', 'function' => 'ignoreboards', 'enabled' => !empty($modSettings['allow_ignore_boards']), 'sc' => 'post', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'lists' => array('label' => $txt['editBuddyIgnoreLists'], 'file' => 'Profile-Modify.php', 'function' => 'editBuddyIgnoreLists', 'enabled' => !empty($modSettings['enable_buddylist']) && $context['user']['is_owner'], 'sc' => 'post', 'subsections' => array('buddies' => array($txt['editBuddies']), 'ignore' => array($txt['editIgnoreList'])), 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array())), 'groupmembership' => array('label' => $txt['groupmembership'], 'file' => 'Profile-Modify.php', 'function' => 'groupMembership', 'enabled' => !empty($modSettings['show_group_membership']) && $context['user']['is_owner'], 'sc' => 'request', 'permission' => array('own' => array('profile_view_own'), 'any' => array('manage_membergroups'))))), 'profile_action' => array('title' => $txt['profileAction'], 'areas' => array('sendpm' => array('label' => $txt['profileSendIm'], 'custom_url' => $scripturl . '?action=pm;sa=send', 'permission' => array('own' => array(), 'any' => array('pm_send'))), 'issuewarning' => array('label' => $txt['profile_issue_warning'], 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && (!$context['user']['is_owner'] || $context['user']['is_admin']), 'file' => 'Profile-Actions.php', 'function' => 'issueWarning', 'permission' => array('own' => array('issue_warning'), 'any' => array('issue_warning'))), 'banuser' => array('label' => $txt['profileBanUser'], 'custom_url' => $scripturl . '?action=admin;area=ban;sa=add', 'enabled' => $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])), 'permission' => array('own' => array(), 'any' => array('manage_bans'))), 'subscriptions' => array('label' => $txt['subscriptions'], 'file' => 'Profile-Actions.php', 'function' => 'subscriptions', 'enabled' => !empty($modSettings['paid_enabled']), 'permission' => array('own' => array('profile_view_own'), 'any' => array('moderate_forum'))), 'deleteaccount' => array('label' => $txt['deleteAccount'], 'file' => 'Profile-Actions.php', 'function' => 'deleteAccount', 'sc' => 'post', 'password' => true, 'permission' => array('own' => array('profile_remove_any', 'profile_remove_own'), 'any' => array('profile_remove_any'))), 'activateaccount' => array('file' => 'Profile-Actions.php', 'function' => 'activateAccount', 'sc' => 'get', 'permission' => array('own' => array(), 'any' => array('moderate_forum')))))); // Let them modify profile areas easily. call_integration_hook('integrate_profile_areas', array(&$profile_areas)); // Do some cleaning ready for the menu function. $context['password_areas'] = array(); $current_area = isset($_REQUEST['area']) ? $_REQUEST['area'] : ''; foreach ($profile_areas as $section_id => $section) { // Do a bit of spring cleaning so to speak. foreach ($section['areas'] as $area_id => $area) { // If it said no permissions that meant it wasn't valid! if (empty($area['permission'][$context['user']['is_owner'] ? 'own' : 'any'])) { $profile_areas[$section_id]['areas'][$area_id]['enabled'] = false; } else { $profile_areas[$section_id]['areas'][$area_id]['permission'] = $area['permission'][$context['user']['is_owner'] ? 'own' : 'any']; } // Password required - only if not on OpenID. if (!empty($area['password'])) { $context['password_areas'][] = $area_id; } } } // Is there an updated message to show? if (isset($_GET['updated'])) { $context['profile_updated'] = $txt['profile_updated_own']; } // Set a few options for the menu. $menuOptions = array('disable_url_session_check' => true, 'current_area' => $current_area, 'extra_url_parameters' => array('u' => $context['id_member'])); // Actually create the menu! $profile_include_data = createMenu($profile_areas, $menuOptions); // No menu means no access. if (!$profile_include_data && (!$user_info['is_guest'] || validateSession())) { fatal_lang_error('no_access', false); } // Make a note of the Unique ID for this menu. $context['profile_menu_id'] = $context['max_menu_id']; $context['profile_menu_name'] = 'menu_data_' . $context['profile_menu_id']; // Set the selected item - now it's been validated. $current_area = $profile_include_data['current_area']; $context['menu_item_selected'] = $current_area; // Before we go any further, let's work on the area we've said is valid. Note this is done here just in case we every compromise the menu function in error! $context['completed_save'] = false; $security_checks = array(); $found_area = false; foreach ($profile_areas as $section_id => $section) { // Do a bit of spring cleaning so to speak. foreach ($section['areas'] as $area_id => $area) { // Is this our area? if ($current_area == $area_id) { // This can't happen - but is a security check. if (isset($section['enabled']) && $section['enabled'] == false || isset($area['enabled']) && $area['enabled'] == false) { fatal_lang_error('no_access', false); } // Are we saving data in a valid area? if (isset($area['sc']) && isset($_REQUEST['save'])) { $security_checks['session'] = $area['sc']; $context['completed_save'] = true; } // Does this require session validating? if (!empty($area['validate'])) { $security_checks['validate'] = true; } // Permissions for good measure. if (!empty($profile_include_data['permission'])) { $security_checks['permission'] = $profile_include_data['permission']; } // Either way got something. $found_area = true; } } } // Oh dear, some serious security lapse is going on here... we'll put a stop to that! if (!$found_area) { fatal_lang_error('no_access', false); } // Release this now. unset($profile_areas); // Now the context is setup have we got any security checks to carry out additional to that above? if (isset($security_checks['session'])) { checkSession($security_checks['session']); } if (isset($security_checks['validate'])) { validateSession(); } if (isset($security_checks['permission'])) { isAllowedTo($security_checks['permission']); } // File to include? if (isset($profile_include_data['file'])) { require_once $sourcedir . '/' . $profile_include_data['file']; } // Make sure that the area function does exist! if (!isset($profile_include_data['function']) || !function_exists($profile_include_data['function'])) { destroyMenu(); fatal_lang_error('no_access', false); } // Build the link tree. $context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''), 'name' => sprintf($txt['profile_of_username'], $context['member']['name'])); if (!empty($profile_include_data['label'])) { $context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'], 'name' => $profile_include_data['label']); } if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label']) { $context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'], 'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0]); } // Set the template for this area and add the profile layer. $context['sub_template'] = $profile_include_data['function']; $context['template_layers'][] = 'profile'; // All the subactions that require a user password in order to validate. $check_password = $context['user']['is_owner'] && in_array($profile_include_data['current_area'], $context['password_areas']); $context['require_password'] = $check_password && empty($user_settings['openid_uri']); // If we're in wireless then we have a cut down template... if (WIRELESS && $context['sub_template'] == 'summary' && WIRELESS_PROTOCOL != 'wap') { $context['sub_template'] = WIRELESS_PROTOCOL . '_profile'; } // These will get populated soon! $post_errors = array(); $profile_vars = array(); // Right - are we saving - if so let's save the old data first. if ($context['completed_save']) { // If it's someone elses profile then validate the session. if (!$context['user']['is_owner']) { validateSession(); } // Clean up the POST variables. $_POST = htmltrim__recursive($_POST); $_POST = htmlspecialchars__recursive($_POST); if ($check_password) { // If we're using OpenID try to revalidate. if (!empty($user_settings['openid_uri'])) { require_once $sourcedir . '/Subs-OpenID.php'; smf_openID_revalidate(); } else { // You didn't even enter a password! if (trim($_POST['oldpasswrd']) == '') { $post_errors[] = 'no_password'; } // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password $_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']); // Does the integration want to check passwords? $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true); // Bad password!!! if (!$good_password && $user_info['passwd'] != sha1(strtolower($cur_profile['member_name']) . $_POST['oldpasswrd'])) { $post_errors[] = 'bad_password'; } // Warn other elements not to jump the gun and do custom changes! if (in_array('bad_password', $post_errors)) { $context['password_auth_failed'] = true; } } } // Change the IP address in the database. if ($context['user']['is_owner']) { $profile_vars['member_ip'] = $user_info['ip']; } // Now call the sub-action function... if ($current_area == 'activateaccount') { if (empty($post_errors)) { activateAccount($memID); } } elseif ($current_area == 'deleteaccount') { if (empty($post_errors)) { deleteAccount2($profile_vars, $post_errors, $memID); redirectexit(); } } elseif ($current_area == 'groupmembership' && empty($post_errors)) { $msg = groupMembership2($profile_vars, $post_errors, $memID); // Whatever we've done, we have nothing else to do here... redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=groupmembership' . (!empty($msg) ? ';msg=' . $msg : '')); } elseif ($current_area == 'authentication') { authentication($memID, true); } elseif (in_array($current_area, array('account', 'forumprofile', 'theme', 'pmprefs'))) { saveProfileFields(); } else { $force_redirect = true; // Ensure we include this. require_once $sourcedir . '/Profile-Modify.php'; saveProfileChanges($profile_vars, $post_errors, $memID); } // There was a problem, let them try to re-enter. if (!empty($post_errors)) { // Load the language file so we can give a nice explanation of the errors. loadLanguage('Errors'); $context['post_errors'] = $post_errors; } elseif (!empty($profile_vars)) { // If we've changed the password, notify any integration that may be listening in. if (isset($profile_vars['passwd'])) { call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2'])); } updateMemberData($memID, $profile_vars); // What if this is the newest member? if ($modSettings['latestMember'] == $memID) { updateStats('member'); } elseif (isset($profile_vars['real_name'])) { updateSettings(array('memberlist_updated' => time())); } // If the member changed his/her birthdate, update calendar statistics. if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name'])) { updateSettings(array('calendar_updated' => time())); } // Anything worth logging? if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled'])) { $log_changes = array(); foreach ($context['log_changes'] as $k => $v) { $log_changes[] = array('action' => $k, 'id_log' => 2, 'log_time' => time(), 'id_member' => $memID, 'ip' => $user_info['ip'], 'extra' => serialize(array_merge($v, array('applicator' => $user_info['id'])))); } $smcFunc['db_insert']('', '{db_prefix}log_actions', array('action' => 'string', 'id_log' => 'int', 'log_time' => 'int', 'id_member' => 'int', 'ip' => 'string-16', 'extra' => 'string-65534'), $log_changes, array('id_action')); } // Have we got any post save functions to execute? if (!empty($context['profile_execute_on_save'])) { foreach ($context['profile_execute_on_save'] as $saveFunc) { $saveFunc(); } } // Let them know it worked! $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : sprintf($txt['profile_updated_else'], $cur_profile['member_name']); // Invalidate any cached data. cache_put_data('member_data-profile-' . $memID, null, 0); } } // Have some errors for some reason? if (!empty($post_errors)) { // Set all the errors so the template knows what went wrong. foreach ($post_errors as $error_type) { $context['modify_error'][$error_type] = true; } } elseif (!empty($profile_vars) && $context['user']['is_owner']) { redirectexit('action=profile;area=' . $current_area . ';updated'); } elseif (!empty($force_redirect)) { redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area); } // Call the appropriate subaction function. $profile_include_data['function']($memID); // Set the page title if it's not already set... if (!isset($context['page_title'])) { $context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : ''); } }
function SwitchBoard() { global $db_prefix, $modSettings; // A board cannot be switched when local permissions are disabled. if (empty($modSettings['permission_enable_by_board'])) { redirectexit('action=permissions'); } // Security above all. checkSession('get'); validateSession(); $_GET['boardid'] = (int) $_GET['boardid']; // Make sure the board exists and can be switched to $_GET['to']. $request = db_query("\n\t\tSELECT ID_BOARD\n\t\tFROM {$db_prefix}boards\n\t\tWHERE ID_BOARD = {$_GET['boardid']}\n\t\t\tAND permission_mode = " . ($_GET['to'] == 'local' ? '0' : '1') . "\n\t\tLIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) != 1) { if ($_GET['to'] == 'local') { PermissionIndex(); } else { redirectexit('action=permissions'); } return; } mysql_free_result($request); // Copy the global permissions to the specific board. if ($_GET['to'] == 'local') { $request = db_query("\n\t\t\tSELECT ID_GROUP, permission, addDeny\n\t\t\tFROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_BOARD = 0", __FILE__, __LINE__); $insertRows = array(); while ($row = mysql_fetch_assoc($request)) { $insertRows[] = "({$row['ID_GROUP']}, {$_GET['boardid']}, '{$row['permission']}', {$row['addDeny']})"; } mysql_free_result($request); // Reset the current local permissions. db_query("\n\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_BOARD = {$_GET['boardid']}", __FILE__, __LINE__); if (!empty($insertRows)) { db_query("\n\t\t\t\tINSERT INTO {$db_prefix}board_permissions\n\t\t\t\t\t(ID_GROUP, ID_BOARD, permission, addDeny)\n\t\t\t\tVALUES " . implode(",\n\t\t\t\t\t", $insertRows), __FILE__, __LINE__); } } else { db_query("\n\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_BOARD = {$_GET['boardid']}", __FILE__, __LINE__); } // Update the board setting. db_query("\n\t\tUPDATE {$db_prefix}boards\n\t\tSET permission_mode = " . ($_GET['to'] == 'local' ? '1' : '0') . "\n\t\tWHERE ID_BOARD = {$_GET['boardid']}\n\t\tLIMIT 1", __FILE__, __LINE__); if ($_GET['to'] == 'local') { PermissionByBoard(); } else { redirectexit('action=permissions;sa=board'); } }
/** * Change filed for any CRM Entity * * @param arrya $input_array input data * @return string true or false */ function change_entity_field($input_array) { global $adb, $log; $adb->println("Inside customer portal function change_entity_field"); $adb->println($input_array); $contact_id = $input_array['id']; $session_id = $input_array['sessionid']; $module = $input_array['module']; $entity_id = $input_array['entityid']; $field_name = $input_array['fieldname']; $field_value = $input_array['fieldvalue']; global $current_user; $current_user->id = getPortalUserid(); require_once "modules/{$module}/{$module}.php"; if (!validateSession($contact_id, $session_id)) { return null; } $entity = CRMEntity::getInstance($module); if ($entity_id > 0) { $entity->retrieve_entity_info($entity_id, $module); $entity->column_fields[$field_name] = $field_value; if ($module == 'SalesOrder' || $module == 'Invoice' || $module == 'PurchaseOrder' || $module == 'Quotes') { // in ajax save we should not call update related products // function, because this will delete all the existing product values $_REQUEST['ajxaction'] = 'DETAILVIEW'; } $entity->save($module, $entity_id); if ($entity->column_fields["record_id"] == $entity->id) { $adb->println("{$module} from Portal is saved with id => " . $entity->id); return array($entity->id); } } $adb->println("There may be error in saving the {$module}"); return null; }
function isAllowedTo($permission, $boards = null) { global $user_info, $txt; static $heavy_permissions = array('admin_forum', 'manage_attachments', 'manage_smileys', 'manage_boards', 'edit_news', 'moderate_forum', 'manage_bans', 'manage_membergroups', 'manage_permissions'); // Make it an array, even if a string was passed. $permission = is_array($permission) ? $permission : array($permission); // Check the permission and return an error... if (!allowedTo($permission, $boards)) { // Pick the last array entry as the permission shown as the error. $error_permission = array_shift($permission); // If they are a guest, show a login. (because the error might be gone if they do!) if ($user_info['is_guest']) { loadLanguage('Errors'); is_not_guest($txt['cannot_' . $error_permission]); } // Clear the action because they aren't really doing that! $_GET['action'] = ''; $_GET['board'] = ''; $_GET['topic'] = ''; writeLog(true); fatal_lang_error('cannot_' . $error_permission, false); // Getting this far is a really big problem, but let's try our best to prevent any cases... trigger_error('Hacking attempt...', E_USER_ERROR); } // If you're doing something on behalf of some "heavy" permissions, validate your session. // (take out the heavy permissions, and if you can't do anything but those, you need a validated session.) if (!allowedTo(array_diff($permission, $heavy_permissions), $boards)) { validateSession(); } }
include "../includes/classes.php"; require_once getLanguage(null, !empty($_GET['lang']) ? $_GET['lang'] : $_COOKIE['lang'], 2); session_start(); $db = new mysqli($CONF['host'], $CONF['user'], $CONF['pass'], $CONF['name']); if ($db->connect_errno) { echo "Failed to connect to MySQL: (" . $db->connect_errno . ") " . $db->connect_error; } $db->set_charset("utf8"); $resultSettings = $db->query(getSettings()); $settings = $resultSettings->fetch_assoc(); // The theme complete url $CONF['theme_url'] = $CONF['theme_path'] . '/' . $settings['theme']; if (isset($_POST['id'])) { $feed = new feed(); $feed->db = $db; $feed->url = $CONF['url']; if (isset($_SESSION['username']) && isset($_SESSION['password']) || isset($_COOKIE['username']) && isset($_COOKIE['password'])) { $loggedIn = new loggedIn(); $loggedIn->db = $db; $loggedIn->url = $CONF['url']; $loggedIn->username = isset($_SESSION['username']) ? $_SESSION['username'] : $_COOKIE['username']; $loggedIn->password = isset($_SESSION['password']) ? $_SESSION['password'] : $_COOKIE['password']; $verify = $loggedIn->verify(); $feed->user = $verify; $feed->username = $verify['username']; $feed->id = $verify['idu']; } if (validateSession('download', 10)) { $feed->addDownload($_POST['id']); } }
function get_user_columns($user_name, $session) { if (!validateSession($user_name, $session)) { return null; } global $current_user; require_once 'modules/Users/Users.php'; $seed_user = new Users(); $user_id = $seed_user->retrieve_user_id($user_name); $current_user = $seed_user; $current_user->retrieve_entity_info($user_id, 'Users'); $user = new Users(); return $user->getColumnNames_User(); }
/** * Reorders the message icons from a drag/drop event */ public function action_messageiconorder() { global $context, $txt; // Initilize $context['xml_data'] = array(); $errors = array(); $order = array(); // Seems these will be needed loadLanguage('Errors'); loadLanguage('ManageSmileys'); require_once SUBSDIR . '/MessageIcons.subs.php'; // You have to be allowed to do this $validation_token = validateToken('admin-sort', 'post', true, false); $validation_session = validateSession(); if (empty($validation_session) && $validation_token === true) { // No questions that we are reordering if (isset($_POST['order']) && $_POST['order'] == 'reorder') { // Get the current list of icons. $message_icons = fetchMessageIconsDetails(); $view_order = 0; $iconInsert = array(); // The field ids arrive in 1-n view order, so we simply build an update array foreach ($_POST['list_message_icon_list'] as $id) { $iconInsert[] = array($id, $message_icons[$id]['board_id'], $message_icons[$id]['title'], $message_icons[$id]['filename'], $view_order); $view_order++; } // With the replace set if (!empty($iconInsert)) { updateMessageIcon($iconInsert); sortMessageIconTable(); } else { $errors[] = array('value' => $txt['no_sortable_items']); } } $order[] = array('value' => $txt['icons_reordered']); } else { if (!empty($validation_session)) { $errors[] = array('value' => $txt[$validation_session]); } if (empty($validation_token)) { $errors[] = array('value' => $txt['token_verify_fail']); } } // New generic token for use createToken('admin-sort', 'post'); $tokens = array(array('value' => $context['admin-sort_token'], 'attributes' => array('type' => 'token')), array('value' => $context['admin-sort_token_var'], 'attributes' => array('type' => 'token_var'))); // Return the response $context['sub_template'] = 'generic_xml'; $context['xml_data'] = array('orders' => array('identifier' => 'order', 'children' => $order), 'tokens' => array('identifier' => 'token', 'children' => $tokens), 'errors' => array('identifier' => 'error', 'children' => $errors)); }
<?php include "../util/config.php"; include "../util/screen.php"; include "../util/session_mgr.php"; $action = $_GET["action"]; $server = urldecode($_GET["server"]); validateSession(); mysql_connect($sqlserver, $sqluser, $sqlpass); mysql_select_db('Together'); $serverInfo = mysql_query("SELECT * FROM Servers WHERE name='" . $server . "'"); if (mysql_num_rows($serverInfo) > 0) { if ($action == "start") { if (mysql_result($serverInfo, 0, 2) != "") { startScreenWithNameAndCmd(mysql_result($serverInfo, 0, 1), mysql_result($serverInfo, 0, 4), mysql_result($serverInfo, 0, 2)); } else { startScreenWithNameAndCmd(mysql_result($serverInfo, 0, 1), mysql_result($serverInfo, 0, 4)); } } else { if ($action == "stop") { sendCmdToScreen(mysql_result($serverInfo, 0, 1), mysql_result($serverInfo, 0, 5)); } } } if ($action == "delete") { mysql_query("DELETE FROM Servers WHERE name='" . $server . "'"); } if ($action == "hide") { mysql_query("UPDATE Servers SET visible='0' WHERE name='" . $server . "'"); } if ($action == "show") {
function AnnounceTopic() { global $context, $txt, $topic; isAllowedTo('announce_topic'); validateSession(); if (empty($topic)) { fatal_lang_error('topic_gone', false); } loadLanguage('Post'); loadTemplate('Post'); $subActions = array('selectgroup' => 'AnnouncementSelectMembergroup', 'send' => 'AnnouncementSend'); $context['page_title'] = $txt['announce_topic']; // Call the function based on the sub-action. $subActions[isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'selectgroup'](); }