Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 1385) +++ branches/2.8.x/CHANGELOG (revision 1386) @@ -12,6 +12,8 @@ ------------------------------------- 2.8.2 ------------------------------------- 16 Jan-2011 Build 1385 Frank Heyne (FrankH) +! update headerinfos +16 Jan-2011 Build 1385 Frank Heyne (FrankH) # Security fix to filter out droplets from user input in news and form modules 16 Jan-2011 Build 1384 Dietmar Woellbrink (Luisehahne) ! Security fix in admin/pages Index: branches/2.8.x/wb/admin/groups/save.php =================================================================== --- branches/2.8.x/wb/admin/groups/save.php (revision 1385) +++ branches/2.8.x/wb/admin/groups/save.php (revision 1386) @@ -29,7 +29,7 @@ $admin = new admin('Access', 'groups_modify'); // Create new database object -$database = new database(); +// $database = new database(); // Check if group group_id is a valid number and doesnt equal 1 if(!isset($_POST['group_id']) OR !is_numeric($_POST['group_id']) OR $_POST['group_id'] == 1) { Index: branches/2.8.x/wb/admin/groups/index.php =================================================================== --- branches/2.8.x/wb/admin/groups/index.php (revision 1385) +++ branches/2.8.x/wb/admin/groups/index.php (revision 1386) @@ -1,198 +1,197 @@ -set_file('page', 'groups.htt'); -$template->set_block('page', 'main_block', 'main'); -$template->set_block('main_block', 'manage_users_block', 'users'); -// insert urls -$template->set_var(array( - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'WB_PATH' => WB_PATH, - 'THEME_URL' => THEME_URL - ) -); - -// Get existing value from database -$database = new database(); -$query = "SELECT group_id,name FROM ".TABLE_PREFIX."groups WHERE group_id != '1'"; -$results = $database->query($query); -if($database->is_error()) { - $admin->print_error($database->get_error(), 'index.php'); -} - -// Insert values into the modify/remove menu -$template->set_block('main_block', 'list_block', 'list'); -if($results->numRows() > 0) { - // Insert first value to say please select - $template->set_var('VALUE', ''); - $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); - $template->parse('list', 'list_block', true); - // Loop through groups - while($group = $results->fetchRow()) { - $template->set_var('VALUE', $group['group_id']); - $template->set_var('NAME', $group['name']); - $template->parse('list', 'list_block', true); - } -} else { - // Insert single value to say no groups were found - $template->set_var('NAME', $TEXT['NONE_FOUND']); - $template->parse('list', 'list_block', true); -} - -// Insert permissions values -if($admin->get_permission('groups_add') != true) { - $template->set_var('DISPLAY_ADD', 'hide'); -} -if($admin->get_permission('groups_modify') != true) { - $template->set_var('DISPLAY_MODIFY', 'hide'); -} -if($admin->get_permission('groups_delete') != true) { - $template->set_var('DISPLAY_DELETE', 'hide'); -} - -// Insert language headings -$template->set_var(array( - 'HEADING_MODIFY_DELETE_GROUP' => $HEADING['MODIFY_DELETE_GROUP'], - 'HEADING_ADD_GROUP' => $HEADING['ADD_GROUP'] - ) -); -// Insert language text and messages -$template->set_var(array( - 'TEXT_MODIFY' => $TEXT['MODIFY'], - 'TEXT_DELETE' => $TEXT['DELETE'], - 'TEXT_MANAGE_USERS' => ( $admin->get_permission('users') == true ) ? $TEXT['MANAGE_USERS']: "", - 'CONFIRM_DELETE' => $MESSAGE['GROUPS']['CONFIRM_DELETE'] - ) -); -if ( $admin->get_permission('users') == true ) $template->parse("users", "manage_users_block", true); -// Parse template object -$template->parse('main', 'main_block', false); -$template->pparse('output', 'page'); - -// Setup template for add group form -$template = new Template(THEME_PATH.'/templates'); -$template->set_file('page', 'groups_form.htt'); -$template->set_block('page', 'main_block', 'main'); -$template->set_var('DISPLAY_EXTRA', 'display:none;'); -$template->set_var('ACTION_URL', ADMIN_URL.'/groups/add.php'); -$template->set_var('SUBMIT_TITLE', $TEXT['ADD']); -$template->set_var('ADVANCED_ACTION', 'index.php'); - -// Tell the browser whether or not to show advanced options -if ( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) { - $template->set_var('DISPLAY_ADVANCED', ''); - $template->set_var('DISPLAY_BASIC', 'display:none;'); - $template->set_var('ADVANCED', 'yes'); - $template->set_var('ADVANCED_BUTTON', '<< '.$TEXT['HIDE_ADVANCED']); -} else { - $template->set_var('DISPLAY_ADVANCED', 'display:none;'); - $template->set_var('DISPLAY_BASIC', ''); - $template->set_var('ADVANCED', 'no'); - $template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].' >>'); -} - -// Insert permissions values -if($admin->get_permission('groups_add') != true) { - $template->set_var('DISPLAY_ADD', 'hide'); -} - -// Insert values into module list -$template->set_block('main_block', 'module_list_block', 'module_list'); -$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`'); -if($result->numRows() > 0) { - while($addon = $result->fetchRow()) { - $template->set_var('VALUE', $addon['directory']); - $template->set_var('NAME', $addon['name']); - $template->parse('module_list', 'module_list_block', true); - } -} - -// Insert values into template list -$template->set_block('main_block', 'template_list_block', 'template_list'); -$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`'); -if($result->numRows() > 0) { - while($addon = $result->fetchRow()) { - $template->set_var('VALUE', $addon['directory']); - $template->set_var('NAME', $addon['name']); - $template->parse('template_list', 'template_list_block', true); - } -} - -// Insert language text and messages -$template->set_var(array( - 'TEXT_RESET' => $TEXT['RESET'], - 'TEXT_ACTIVE' => $TEXT['ACTIVE'], - 'TEXT_DISABLED' => $TEXT['DISABLED'], - 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], - 'TEXT_USERNAME' => $TEXT['USERNAME'], - 'TEXT_PASSWORD' => $TEXT['PASSWORD'], - 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], - 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], - 'TEXT_EMAIL' => $TEXT['EMAIL'], - 'TEXT_GROUP' => $TEXT['GROUP'], - 'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'], - 'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'], - 'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'], - 'TEXT_NAME' => $TEXT['NAME'], - 'SECTION_PAGES' => $MENU['PAGES'], - 'SECTION_MEDIA' => $MENU['MEDIA'], - 'SECTION_MODULES' => $MENU['MODULES'], - 'SECTION_TEMPLATES' => $MENU['TEMPLATES'], - 'SECTION_SETTINGS' => $MENU['SETTINGS'], - 'SECTION_LANGUAGES' => $MENU['LANGUAGES'], - 'SECTION_USERS' => $MENU['USERS'], - 'SECTION_GROUPS' => $MENU['GROUPS'], - 'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'], - 'TEXT_VIEW' => $TEXT['VIEW'], - 'TEXT_ADD' => $TEXT['ADD'], - 'TEXT_LEVEL' => $TEXT['LEVEL'], - 'TEXT_MODIFY' => $TEXT['MODIFY'], - 'TEXT_DELETE' => $TEXT['DELETE'], - 'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'], - 'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'], - 'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'], - 'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'], - 'TEXT_RENAME' => $TEXT['RENAME'], - 'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'], - 'TEXT_BASIC' => $TEXT['BASIC'], - 'TEXT_ADVANCED' => $TEXT['ADVANCED'], - 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], - 'CHECKED' => ' checked="checked"', - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'WB_PATH' => WB_PATH, - 'THEME_URL' => THEME_URL - ) - ); - -// Parse template for add group form -$template->parse('main', 'main_block', false); -$template->pparse('output', 'page'); - -// Print the admin footer -$admin->print_footer(); - +set_file('page', 'groups.htt'); +$template->set_block('page', 'main_block', 'main'); +$template->set_block('main_block', 'manage_users_block', 'users'); +// insert urls +$template->set_var(array( + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'THEME_URL' => THEME_URL + ) +); + +// Get existing value from database +// $database = new database(); +$query = "SELECT group_id,name FROM ".TABLE_PREFIX."groups WHERE group_id != '1'"; +$results = $database->query($query); +if($database->is_error()) { + $admin->print_error($database->get_error(), 'index.php'); +} + +// Insert values into the modify/remove menu +$template->set_block('main_block', 'list_block', 'list'); +if($results->numRows() > 0) { + // Insert first value to say please select + $template->set_var('VALUE', ''); + $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); + $template->parse('list', 'list_block', true); + // Loop through groups + while($group = $results->fetchRow()) { + $template->set_var('VALUE', $group['group_id']); + $template->set_var('NAME', $group['name']); + $template->parse('list', 'list_block', true); + } +} else { + // Insert single value to say no groups were found + $template->set_var('NAME', $TEXT['NONE_FOUND']); + $template->parse('list', 'list_block', true); +} + +// Insert permissions values +if($admin->get_permission('groups_add') != true) { + $template->set_var('DISPLAY_ADD', 'hide'); +} +if($admin->get_permission('groups_modify') != true) { + $template->set_var('DISPLAY_MODIFY', 'hide'); +} +if($admin->get_permission('groups_delete') != true) { + $template->set_var('DISPLAY_DELETE', 'hide'); +} + +// Insert language headings +$template->set_var(array( + 'HEADING_MODIFY_DELETE_GROUP' => $HEADING['MODIFY_DELETE_GROUP'], + 'HEADING_ADD_GROUP' => $HEADING['ADD_GROUP'] + ) +); +// Insert language text and messages +$template->set_var(array( + 'TEXT_MODIFY' => $TEXT['MODIFY'], + 'TEXT_DELETE' => $TEXT['DELETE'], + 'TEXT_MANAGE_USERS' => ( $admin->get_permission('users') == true ) ? $TEXT['MANAGE_USERS']: "", + 'CONFIRM_DELETE' => $MESSAGE['GROUPS']['CONFIRM_DELETE'] + ) +); +if ( $admin->get_permission('users') == true ) $template->parse("users", "manage_users_block", true); +// Parse template object +$template->parse('main', 'main_block', false); +$template->pparse('output', 'page'); + +// Setup template for add group form +$template = new Template(THEME_PATH.'/templates'); +$template->set_file('page', 'groups_form.htt'); +$template->set_block('page', 'main_block', 'main'); +$template->set_var('DISPLAY_EXTRA', 'display:none;'); +$template->set_var('ACTION_URL', ADMIN_URL.'/groups/add.php'); +$template->set_var('SUBMIT_TITLE', $TEXT['ADD']); +$template->set_var('ADVANCED_ACTION', 'index.php'); + +// Tell the browser whether or not to show advanced options +if ( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) { + $template->set_var('DISPLAY_ADVANCED', ''); + $template->set_var('DISPLAY_BASIC', 'display:none;'); + $template->set_var('ADVANCED', 'yes'); + $template->set_var('ADVANCED_BUTTON', '<< '.$TEXT['HIDE_ADVANCED']); +} else { + $template->set_var('DISPLAY_ADVANCED', 'display:none;'); + $template->set_var('DISPLAY_BASIC', ''); + $template->set_var('ADVANCED', 'no'); + $template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].' >>'); +} + +// Insert permissions values +if($admin->get_permission('groups_add') != true) { + $template->set_var('DISPLAY_ADD', 'hide'); +} + +// Insert values into module list +$template->set_block('main_block', 'module_list_block', 'module_list'); +$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`'); +if($result->numRows() > 0) { + while($addon = $result->fetchRow()) { + $template->set_var('VALUE', $addon['directory']); + $template->set_var('NAME', $addon['name']); + $template->parse('module_list', 'module_list_block', true); + } +} + +// Insert values into template list +$template->set_block('main_block', 'template_list_block', 'template_list'); +$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`'); +if($result->numRows() > 0) { + while($addon = $result->fetchRow()) { + $template->set_var('VALUE', $addon['directory']); + $template->set_var('NAME', $addon['name']); + $template->parse('template_list', 'template_list_block', true); + } +} + +// Insert language text and messages +$template->set_var(array( + 'TEXT_RESET' => $TEXT['RESET'], + 'TEXT_ACTIVE' => $TEXT['ACTIVE'], + 'TEXT_DISABLED' => $TEXT['DISABLED'], + 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], + 'TEXT_USERNAME' => $TEXT['USERNAME'], + 'TEXT_PASSWORD' => $TEXT['PASSWORD'], + 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], + 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], + 'TEXT_EMAIL' => $TEXT['EMAIL'], + 'TEXT_GROUP' => $TEXT['GROUP'], + 'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'], + 'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'], + 'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'], + 'TEXT_NAME' => $TEXT['NAME'], + 'SECTION_PAGES' => $MENU['PAGES'], + 'SECTION_MEDIA' => $MENU['MEDIA'], + 'SECTION_MODULES' => $MENU['MODULES'], + 'SECTION_TEMPLATES' => $MENU['TEMPLATES'], + 'SECTION_SETTINGS' => $MENU['SETTINGS'], + 'SECTION_LANGUAGES' => $MENU['LANGUAGES'], + 'SECTION_USERS' => $MENU['USERS'], + 'SECTION_GROUPS' => $MENU['GROUPS'], + 'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'], + 'TEXT_VIEW' => $TEXT['VIEW'], + 'TEXT_ADD' => $TEXT['ADD'], + 'TEXT_LEVEL' => $TEXT['LEVEL'], + 'TEXT_MODIFY' => $TEXT['MODIFY'], + 'TEXT_DELETE' => $TEXT['DELETE'], + 'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'], + 'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'], + 'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'], + 'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'], + 'TEXT_RENAME' => $TEXT['RENAME'], + 'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'], + 'TEXT_BASIC' => $TEXT['BASIC'], + 'TEXT_ADVANCED' => $TEXT['ADVANCED'], + 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], + 'CHECKED' => ' checked="checked"', + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'WB_PATH' => WB_PATH, + 'THEME_URL' => THEME_URL + ) + ); + +// Parse template for add group form +$template->parse('main', 'main_block', false); +$template->pparse('output', 'page'); + +// Print the admin footer +$admin->print_footer(); + ?> \ No newline at end of file Index: branches/2.8.x/wb/admin/groups/add.php =================================================================== --- branches/2.8.x/wb/admin/groups/add.php (revision 1385) +++ branches/2.8.x/wb/admin/groups/add.php (revision 1386) @@ -29,7 +29,7 @@ $admin = new admin('Access', 'groups_add'); // Create new database object -$database = new database(); +// $database = new database(); // Gather details entered $group_name = $admin->get_post('group_name'); Index: branches/2.8.x/wb/admin/templates/uninstall.php =================================================================== --- branches/2.8.x/wb/admin/templates/uninstall.php (revision 1385) +++ branches/2.8.x/wb/admin/templates/uninstall.php (revision 1386) @@ -146,7 +146,7 @@ } // Update pages that use this template with default template -$database = new database(); +// $database = new database(); $database->query("UPDATE ".TABLE_PREFIX."pages SET template = '".DEFAULT_TEMPLATE."' WHERE template = '$file'"); // Print success message Index: branches/2.8.x/wb/admin/pages/intro.php =================================================================== --- branches/2.8.x/wb/admin/pages/intro.php (revision 1385) +++ branches/2.8.x/wb/admin/pages/intro.php (revision 1386) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Create new admin object require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); Index: branches/2.8.x/wb/admin/pages/move_down.php =================================================================== --- branches/2.8.x/wb/admin/pages/move_down.php (revision 1385) +++ branches/2.8.x/wb/admin/pages/move_down.php (revision 1386) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - require('../../config.php'); // Get id Index: branches/2.8.x/wb/admin/pages/save.php =================================================================== --- branches/2.8.x/wb/admin/pages/save.php (revision 1385) +++ branches/2.8.x/wb/admin/pages/save.php (revision 1386) @@ -40,6 +40,7 @@ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php'); exit(); } +$js_back = "javascript: history.go(-1);"; // Get perms $sql = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` '; Index: branches/2.8.x/wb/admin/pages/move_up.php =================================================================== --- branches/2.8.x/wb/admin/pages/move_up.php (revision 1385) +++ branches/2.8.x/wb/admin/pages/move_up.php (revision 1386) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - require('../../config.php'); // Get id Index: branches/2.8.x/wb/admin/pages/intro2.php =================================================================== --- branches/2.8.x/wb/admin/pages/intro2.php (revision 1385) +++ branches/2.8.x/wb/admin/pages/intro2.php (revision 1386) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Get posted content if(!isset($_POST['content'])) { header("Location: intro".PAGE_EXTENSION.""); Index: branches/2.8.x/wb/admin/pages/restore.php =================================================================== --- branches/2.8.x/wb/admin/pages/restore.php (revision 1385) +++ branches/2.8.x/wb/admin/pages/restore.php (revision 1386) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Get page id if(!isset($_GET['page_id']) OR !is_numeric($_GET['page_id'])) { header("Location: index.php"); Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 1385) +++ branches/2.8.x/wb/admin/interface/version.php (revision 1386) @@ -52,6 +52,6 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.2.RC4'); -if(!defined('REVISION')) define('REVISION', '1385'); +if(!defined('REVISION')) define('REVISION', '1386'); ?> Index: branches/2.8.x/wb/admin/users/users.php =================================================================== --- branches/2.8.x/wb/admin/users/users.php (revision 1385) +++ branches/2.8.x/wb/admin/users/users.php (revision 1386) @@ -1,196 +1,196 @@ -query("SELECT * FROM ".TABLE_PREFIX."users WHERE user_id = '".$_POST['user_id']."'"); - $user = $results->fetchRow(); - - // Setup template object - $template = new Template(THEME_PATH.'/templates'); - $template->set_file('page', 'users_form.htt'); - $template->set_block('page', 'main_block', 'main'); - $template->set_var( array( - 'ACTION_URL' => ADMIN_URL.'/users/save.php', - 'SUBMIT_TITLE' => $TEXT['SAVE'], - 'USER_ID' => $user['user_id'], - 'USERNAME' => $user['username'], - 'DISPLAY_NAME' => $user['display_name'], - 'EMAIL' => $user['email'], - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'WB_PATH' => WB_PATH, - 'THEME_URL' => THEME_URL - ) - ); - - $template->set_var('FTAN', $admin->getFTAN()); - if($user['active'] == 1) { - $template->set_var('ACTIVE_CHECKED', ' checked="checked"'); - } else { - $template->set_var('DISABLED_CHECKED', ' checked="checked"'); - } - // Add groups to list - $template->set_block('main_block', 'group_list_block', 'group_list'); - $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name"); - if($results->numRows() > 0) { - $template->set_var('ID', ''); - $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); - $template->set_var('SELECTED', ''); - $template->parse('group_list', 'group_list_block', true); - while($group = $results->fetchRow()) { - $template->set_var('ID', $group['group_id']); - $template->set_var('NAME', $group['name']); - if(in_array($group['group_id'], explode(",",$user['groups_id']))) { - $template->set_var('SELECTED', ' selected="selected"'); - } else { - $template->set_var('SELECTED', ''); - } - $template->parse('group_list', 'group_list_block', true); - } - } - - // Only allow the user to add a user to the Administrators group if they belong to it - if(in_array(1, $admin->get_groups_id())) - { - $template->set_var('ID', '1'); - $users_groups = $admin->get_groups_name(); - $template->set_var('NAME', $users_groups[1]); - - $in_group = FALSE; - foreach($admin->get_groups_id() as $cur_gid){ - if (in_array($cur_gid, explode(",", $user['groups_id']))) { - $in_group = TRUE; - } - } - - if($in_group) { - $template->set_var('SELECTED', ' selected="selected"'); - } else { - $template->set_var('SELECTED', ''); - } - $template->parse('group_list', 'group_list_block', true); - } else { - if($results->numRows() == 0) { - $template->set_var('ID', ''); - $template->set_var('NAME', $TEXT['NONE_FOUND']); - $template->set_var('SELECTED', ' selected="selected"'); - $template->parse('group_list', 'group_list_block', true); - } - } - - // Generate username field name - $username_fieldname = 'username_'; - $salt = "abchefghjkmnpqrstuvwxyz0123456789"; - srand((double)microtime()*1000000); - $i = 0; - while ($i <= 7) { - $num = rand() % 33; - $tmp = substr($salt, $num, 1); - $username_fieldname = $username_fieldname . $tmp; - $i++; - } - - // Work-out if home folder should be shown - if(!HOME_FOLDERS) { - $template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;'); - } - - // Include the WB functions file - require_once(WB_PATH.'/framework/functions.php'); - - // Add media folders to home folder list - $template->set_block('main_block', 'folder_list_block', 'folder_list'); - foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) - { - $template->set_var('NAME', str_replace(WB_PATH, '', $name)); - $template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)); - if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) { - $template->set_var('SELECTED', ' selected="selected"'); - } else { - $template->set_var('SELECTED', ' '); - } - $template->parse('folder_list', 'folder_list_block', true); - } - - // Insert language text and messages - $template->set_var(array( - 'TEXT_RESET' => $TEXT['RESET'], - 'TEXT_ACTIVE' => $TEXT['ACTIVE'], - 'TEXT_DISABLED' => $TEXT['DISABLED'], - 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], - 'TEXT_USERNAME' => $TEXT['USERNAME'], - 'TEXT_PASSWORD' => $TEXT['PASSWORD'], - 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], - 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], - 'TEXT_EMAIL' => $TEXT['EMAIL'], - 'TEXT_GROUP' => $TEXT['GROUP'], - 'TEXT_NONE' => $TEXT['NONE'], - 'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], - 'USERNAME_FIELDNAME' => $username_fieldname, - 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], - 'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER'] - ) - ); - - // Parse template object - $template->parse('main', 'main_block', false); - $template->pparse('output', 'page'); -} elseif($_POST['action'] == 'delete') { - // Print header - $admin = new admin('Access', 'users_delete'); - // Delete the user - $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE user_id = '".$_POST['user_id']."' LIMIT 1"); - if($database->is_error()) { - $admin->print_error($database->get_error()); - } else { - $admin->print_success($MESSAGE['USERS']['DELETED']); - } -} - -// Print admin footer -$admin->print_footer(); - +query("SELECT * FROM ".TABLE_PREFIX."users WHERE user_id = '".$_POST['user_id']."'"); + $user = $results->fetchRow(); + + // Setup template object + $template = new Template(THEME_PATH.'/templates'); + $template->set_file('page', 'users_form.htt'); + $template->set_block('page', 'main_block', 'main'); + $template->set_var( array( + 'ACTION_URL' => ADMIN_URL.'/users/save.php', + 'SUBMIT_TITLE' => $TEXT['SAVE'], + 'USER_ID' => $user['user_id'], + 'USERNAME' => $user['username'], + 'DISPLAY_NAME' => $user['display_name'], + 'EMAIL' => $user['email'], + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'WB_PATH' => WB_PATH, + 'THEME_URL' => THEME_URL + ) + ); + + $template->set_var('FTAN', $admin->getFTAN()); + if($user['active'] == 1) { + $template->set_var('ACTIVE_CHECKED', ' checked="checked"'); + } else { + $template->set_var('DISABLED_CHECKED', ' checked="checked"'); + } + // Add groups to list + $template->set_block('main_block', 'group_list_block', 'group_list'); + $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name"); + if($results->numRows() > 0) { + $template->set_var('ID', ''); + $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); + $template->set_var('SELECTED', ''); + $template->parse('group_list', 'group_list_block', true); + while($group = $results->fetchRow()) { + $template->set_var('ID', $group['group_id']); + $template->set_var('NAME', $group['name']); + if(in_array($group['group_id'], explode(",",$user['groups_id']))) { + $template->set_var('SELECTED', ' selected="selected"'); + } else { + $template->set_var('SELECTED', ''); + } + $template->parse('group_list', 'group_list_block', true); + } + } + + // Only allow the user to add a user to the Administrators group if they belong to it + if(in_array(1, $admin->get_groups_id())) + { + $template->set_var('ID', '1'); + $users_groups = $admin->get_groups_name(); + $template->set_var('NAME', $users_groups[1]); + + $in_group = FALSE; + foreach($admin->get_groups_id() as $cur_gid){ + if (in_array($cur_gid, explode(",", $user['groups_id']))) { + $in_group = TRUE; + } + } + + if($in_group) { + $template->set_var('SELECTED', ' selected="selected"'); + } else { + $template->set_var('SELECTED', ''); + } + $template->parse('group_list', 'group_list_block', true); + } else { + if($results->numRows() == 0) { + $template->set_var('ID', ''); + $template->set_var('NAME', $TEXT['NONE_FOUND']); + $template->set_var('SELECTED', ' selected="selected"'); + $template->parse('group_list', 'group_list_block', true); + } + } + + // Generate username field name + $username_fieldname = 'username_'; + $salt = "abchefghjkmnpqrstuvwxyz0123456789"; + srand((double)microtime()*1000000); + $i = 0; + while ($i <= 7) { + $num = rand() % 33; + $tmp = substr($salt, $num, 1); + $username_fieldname = $username_fieldname . $tmp; + $i++; + } + + // Work-out if home folder should be shown + if(!HOME_FOLDERS) { + $template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;'); + } + + // Include the WB functions file + require_once(WB_PATH.'/framework/functions.php'); + + // Add media folders to home folder list + $template->set_block('main_block', 'folder_list_block', 'folder_list'); + foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) + { + $template->set_var('NAME', str_replace(WB_PATH, '', $name)); + $template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)); + if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) { + $template->set_var('SELECTED', ' selected="selected"'); + } else { + $template->set_var('SELECTED', ' '); + } + $template->parse('folder_list', 'folder_list_block', true); + } + + // Insert language text and messages + $template->set_var(array( + 'TEXT_RESET' => $TEXT['RESET'], + 'TEXT_ACTIVE' => $TEXT['ACTIVE'], + 'TEXT_DISABLED' => $TEXT['DISABLED'], + 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], + 'TEXT_USERNAME' => $TEXT['USERNAME'], + 'TEXT_PASSWORD' => $TEXT['PASSWORD'], + 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], + 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], + 'TEXT_EMAIL' => $TEXT['EMAIL'], + 'TEXT_GROUP' => $TEXT['GROUP'], + 'TEXT_NONE' => $TEXT['NONE'], + 'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], + 'USERNAME_FIELDNAME' => $username_fieldname, + 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], + 'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER'] + ) + ); + + // Parse template object + $template->parse('main', 'main_block', false); + $template->pparse('output', 'page'); +} elseif($_POST['action'] == 'delete') { + // Print header + $admin = new admin('Access', 'users_delete'); + // Delete the user + $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE user_id = '".$_POST['user_id']."' LIMIT 1"); + if($database->is_error()) { + $admin->print_error($database->get_error()); + } else { + $admin->print_success($MESSAGE['USERS']['DELETED']); + } +} + +// Print admin footer +$admin->print_footer(); + ?> \ No newline at end of file Index: branches/2.8.x/wb/admin/users/index.php =================================================================== --- branches/2.8.x/wb/admin/users/index.php (revision 1385) +++ branches/2.8.x/wb/admin/users/index.php (revision 1386) @@ -1,203 +1,203 @@ -set_file('page', 'users.htt'); -$template->set_block('page', 'main_block', 'main'); -$template->set_block("main_block", "manage_groups_block", "groups"); -$template->set_var('ADMIN_URL', ADMIN_URL); - -// Get existing value from database -$database = new database(); -$query = "SELECT user_id, username, display_name FROM ".TABLE_PREFIX."users WHERE user_id != '1' ORDER BY display_name,username"; -$results = $database->query($query); -if($database->is_error()) { - $admin->print_error($database->get_error(), 'index.php'); -} - -// Insert values into the modify/remove menu -$template->set_block('main_block', 'list_block', 'list'); -if($results->numRows() > 0) { - // Insert first value to say please select - $template->set_var('VALUE', ''); - $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); - $template->parse('list', 'list_block', true); - // Loop through users - while($user = $results->fetchRow()) { - $template->set_var('VALUE', $user['user_id']); - $template->set_var('NAME', $user['display_name'].' ('.$user['username'].')'); - $template->parse('list', 'list_block', true); - } -} else { - // Insert single value to say no users were found - $template->set_var('NAME', $TEXT['NONE_FOUND']); - $template->parse('list', 'list_block', true); -} - -// Insert permissions values -if($admin->get_permission('users_add') != true) { - $template->set_var('DISPLAY_ADD', 'hide'); -} -if($admin->get_permission('users_modify') != true) { - $template->set_var('DISPLAY_MODIFY', 'hide'); -} -if($admin->get_permission('users_delete') != true) { - $template->set_var('DISPLAY_DELETE', 'hide'); -} - -// Insert language headings -$template->set_var(array( - 'HEADING_MODIFY_DELETE_USER' => $HEADING['MODIFY_DELETE_USER'], - 'HEADING_ADD_USER' => $HEADING['ADD_USER'] - ) -); -// insert urls -$template->set_var(array( - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'WB_PATH' => WB_PATH, - 'THEME_URL' => THEME_URL - ) -); -// Insert language text and messages -$template->set_var(array( - 'TEXT_MODIFY' => $TEXT['MODIFY'], - 'TEXT_DELETE' => $TEXT['DELETE'], - 'TEXT_MANAGE_GROUPS' => ( $admin->get_permission('groups') == true ) ? $TEXT['MANAGE_GROUPS'] : "**", - 'CONFIRM_DELETE' => $MESSAGE['USERS']['CONFIRM_DELETE'] - ) -); -if ( $admin->get_permission('groups') == true ) $template->parse("groups", "manage_groups_block", true); -// Parse template object -$template->parse('main', 'main_block', false); -$template->pparse('output', 'page'); - -// Setup template for add user form -$template = new Template(THEME_PATH.'/templates'); -$template->set_file('page', 'users_form.htt'); -$template->set_block('page', 'main_block', 'main'); -$template->set_var('DISPLAY_EXTRA', 'display:none;'); -$template->set_var('ACTIVE_CHECKED', ' checked="checked"'); -$template->set_var('ACTION_URL', ADMIN_URL.'/users/add.php'); -$template->set_var('SUBMIT_TITLE', $TEXT['ADD']); -$template->set_var('FTAN', $admin->getFTAN()); -// insert urls -$template->set_var(array( - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'WB_PATH' => WB_PATH, - 'THEME_URL' => THEME_URL - ) -); - -// Add groups to list -$template->set_block('main_block', 'group_list_block', 'group_list'); -$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1'"); -if($results->numRows() > 0) { - $template->set_var('ID', ''); - $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); - $template->set_var('SELECTED', ' selected="selected"'); - $template->parse('group_list', 'group_list_block', true); - while($group = $results->fetchRow()) { - $template->set_var('ID', $group['group_id']); - $template->set_var('NAME', $group['name']); - $template->set_var('SELECTED', ''); - $template->parse('group_list', 'group_list_block', true); - } -} -// Only allow the user to add a user to the Administrators group if they belong to it -if(in_array(1, $admin->get_groups_id())) { - $users_groups = $admin->get_groups_name(); - $template->set_var('ID', '1'); - $template->set_var('NAME', $users_groups[1]); - $template->set_var('SELECTED', ''); - $template->parse('group_list', 'group_list_block', true); -} else { - if($results->numRows() == 0) { - $template->set_var('ID', ''); - $template->set_var('NAME', $TEXT['NONE_FOUND']); - $template->parse('group_list', 'group_list_block', true); - } -} - -// Insert permissions values -if($admin->get_permission('users_add') != true) { - $template->set_var('DISPLAY_ADD', 'hide'); -} - -// Generate username field name -$username_fieldname = 'username_'; -$salt = "abchefghjkmnpqrstuvwxyz0123456789"; -srand((double)microtime()*1000000); -$i = 0; -while ($i <= 7) { - $num = rand() % 33; - $tmp = substr($salt, $num, 1); - $username_fieldname = $username_fieldname . $tmp; - $i++; -} - -// Work-out if home folder should be shown -if(!HOME_FOLDERS) { - $template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;'); -} - -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); - -// Add media folders to home folder list -$template->set_block('main_block', 'folder_list_block', 'folder_list'); -foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) { - $template->set_var('NAME', str_replace(WB_PATH, '', $name)); - $template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)); - $template->set_var('SELECTED', ' '); - $template->parse('folder_list', 'folder_list_block', true); -} - -// Insert language text and messages -$template->set_var(array( - 'TEXT_RESET' => $TEXT['RESET'], - 'TEXT_ACTIVE' => $TEXT['ACTIVE'], - 'TEXT_DISABLED' => $TEXT['DISABLED'], - 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], - 'TEXT_USERNAME' => $TEXT['USERNAME'], - 'TEXT_PASSWORD' => $TEXT['PASSWORD'], - 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], - 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], - 'TEXT_EMAIL' => $TEXT['EMAIL'], - 'TEXT_GROUP' => $TEXT['GROUP'], - 'TEXT_NONE' => $TEXT['NONE'], - 'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], - 'USERNAME_FIELDNAME' => $username_fieldname, - 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'] - ) - ); - -// Parse template for add user form -$template->parse('main', 'main_block', false); -$template->pparse('output', 'page'); - -$admin->print_footer(); - +set_file('page', 'users.htt'); +$template->set_block('page', 'main_block', 'main'); +$template->set_block("main_block", "manage_groups_block", "groups"); +$template->set_var('ADMIN_URL', ADMIN_URL); + +// Get existing value from database +// $database = new database(); +$query = "SELECT user_id, username, display_name FROM ".TABLE_PREFIX."users WHERE user_id != '1' ORDER BY display_name,username"; +$results = $database->query($query); +if($database->is_error()) { + $admin->print_error($database->get_error(), 'index.php'); +} + +// Insert values into the modify/remove menu +$template->set_block('main_block', 'list_block', 'list'); +if($results->numRows() > 0) { + // Insert first value to say please select + $template->set_var('VALUE', ''); + $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); + $template->parse('list', 'list_block', true); + // Loop through users + while($user = $results->fetchRow()) { + $template->set_var('VALUE', $user['user_id']); + $template->set_var('NAME', $user['display_name'].' ('.$user['username'].')'); + $template->parse('list', 'list_block', true); + } +} else { + // Insert single value to say no users were found + $template->set_var('NAME', $TEXT['NONE_FOUND']); + $template->parse('list', 'list_block', true); +} + +// Insert permissions values +if($admin->get_permission('users_add') != true) { + $template->set_var('DISPLAY_ADD', 'hide'); +} +if($admin->get_permission('users_modify') != true) { + $template->set_var('DISPLAY_MODIFY', 'hide'); +} +if($admin->get_permission('users_delete') != true) { + $template->set_var('DISPLAY_DELETE', 'hide'); +} + +// Insert language headings +$template->set_var(array( + 'HEADING_MODIFY_DELETE_USER' => $HEADING['MODIFY_DELETE_USER'], + 'HEADING_ADD_USER' => $HEADING['ADD_USER'] + ) +); +// insert urls +$template->set_var(array( + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'WB_PATH' => WB_PATH, + 'THEME_URL' => THEME_URL + ) +); +// Insert language text and messages +$template->set_var(array( + 'TEXT_MODIFY' => $TEXT['MODIFY'], + 'TEXT_DELETE' => $TEXT['DELETE'], + 'TEXT_MANAGE_GROUPS' => ( $admin->get_permission('groups') == true ) ? $TEXT['MANAGE_GROUPS'] : "**", + 'CONFIRM_DELETE' => $MESSAGE['USERS']['CONFIRM_DELETE'] + ) +); +if ( $admin->get_permission('groups') == true ) $template->parse("groups", "manage_groups_block", true); +// Parse template object +$template->parse('main', 'main_block', false); +$template->pparse('output', 'page'); + +// Setup template for add user form +$template = new Template(THEME_PATH.'/templates'); +$template->set_file('page', 'users_form.htt'); +$template->set_block('page', 'main_block', 'main'); +$template->set_var('DISPLAY_EXTRA', 'display:none;'); +$template->set_var('ACTIVE_CHECKED', ' checked="checked"'); +$template->set_var('ACTION_URL', ADMIN_URL.'/users/add.php'); +$template->set_var('SUBMIT_TITLE', $TEXT['ADD']); +$template->set_var('FTAN', $admin->getFTAN()); +// insert urls +$template->set_var(array( + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'WB_PATH' => WB_PATH, + 'THEME_URL' => THEME_URL + ) +); + +// Add groups to list +$template->set_block('main_block', 'group_list_block', 'group_list'); +$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1'"); +if($results->numRows() > 0) { + $template->set_var('ID', ''); + $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); + $template->set_var('SELECTED', ' selected="selected"'); + $template->parse('group_list', 'group_list_block', true); + while($group = $results->fetchRow()) { + $template->set_var('ID', $group['group_id']); + $template->set_var('NAME', $group['name']); + $template->set_var('SELECTED', ''); + $template->parse('group_list', 'group_list_block', true); + } +} +// Only allow the user to add a user to the Administrators group if they belong to it +if(in_array(1, $admin->get_groups_id())) { + $users_groups = $admin->get_groups_name(); + $template->set_var('ID', '1'); + $template->set_var('NAME', $users_groups[1]); + $template->set_var('SELECTED', ''); + $template->parse('group_list', 'group_list_block', true); +} else { + if($results->numRows() == 0) { + $template->set_var('ID', ''); + $template->set_var('NAME', $TEXT['NONE_FOUND']); + $template->parse('group_list', 'group_list_block', true); + } +} + +// Insert permissions values +if($admin->get_permission('users_add') != true) { + $template->set_var('DISPLAY_ADD', 'hide'); +} + +// Generate username field name +$username_fieldname = 'username_'; +$salt = "abchefghjkmnpqrstuvwxyz0123456789"; +srand((double)microtime()*1000000); +$i = 0; +while ($i <= 7) { + $num = rand() % 33; + $tmp = substr($salt, $num, 1); + $username_fieldname = $username_fieldname . $tmp; + $i++; +} + +// Work-out if home folder should be shown +if(!HOME_FOLDERS) { + $template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;'); +} + +// Include the WB functions file +require_once(WB_PATH.'/framework/functions.php'); + +// Add media folders to home folder list +$template->set_block('main_block', 'folder_list_block', 'folder_list'); +foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) { + $template->set_var('NAME', str_replace(WB_PATH, '', $name)); + $template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)); + $template->set_var('SELECTED', ' '); + $template->parse('folder_list', 'folder_list_block', true); +} + +// Insert language text and messages +$template->set_var(array( + 'TEXT_RESET' => $TEXT['RESET'], + 'TEXT_ACTIVE' => $TEXT['ACTIVE'], + 'TEXT_DISABLED' => $TEXT['DISABLED'], + 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], + 'TEXT_USERNAME' => $TEXT['USERNAME'], + 'TEXT_PASSWORD' => $TEXT['PASSWORD'], + 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], + 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], + 'TEXT_EMAIL' => $TEXT['EMAIL'], + 'TEXT_GROUP' => $TEXT['GROUP'], + 'TEXT_NONE' => $TEXT['NONE'], + 'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], + 'USERNAME_FIELDNAME' => $username_fieldname, + 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'] + ) + ); + +// Parse template for add user form +$template->parse('main', 'main_block', false); +$template->pparse('output', 'page'); + +$admin->print_footer(); + ?> \ No newline at end of file Index: branches/2.8.x/wb/admin/modules/uninstall.php =================================================================== --- branches/2.8.x/wb/admin/modules/uninstall.php (revision 1385) +++ branches/2.8.x/wb/admin/modules/uninstall.php (revision 1386) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Setup admin object require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); Index: branches/2.8.x/wb/admin/modules/details.php =================================================================== --- branches/2.8.x/wb/admin/modules/details.php (revision 1385) +++ branches/2.8.x/wb/admin/modules/details.php (revision 1386) @@ -1,147 +1,140 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -// Include the config file -require('../../config.php'); -require_once(WB_PATH .'/framework/functions.php'); -require_once(WB_PATH.'/framework/class.admin.php'); -// No print admin header -$admin = new admin('Addons', 'modules_view', false); - -// Get module name -if(!isset($_POST['file']) OR $_POST['file'] == "") -{ - header("Location: index.php"); - exit(0); -} -else -{ - $file = preg_replace("/\W/", "", $admin->add_slashes($_POST['file'])); // fix secunia 2010-92-1 -} - -// Check if the module exists -if(!file_exists(WB_PATH.'/modules/'.$file)) { - header("Location: index.php"); - exit(0); -} - -// Print admin header -$admin = new admin('Addons', 'modules_view'); - -// Setup module object -$template = new Template(THEME_PATH.'/templates'); -$template->set_file('page', 'modules_details.htt'); -$template->set_block('page', 'main_block', 'main'); - -// Insert values -$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'module' AND directory = '$file'"); -if($result->numRows() > 0) { - $module = $result->fetchRow(); -} - -// check if a module description exists for the displayed backend language -$tool_description = false; -if(function_exists('file_get_contents') && file_exists(WB_PATH.'/modules/'.$file.'/languages/'.LANGUAGE .'.php')) { - // read contents of the module language file into string - $data = @file_get_contents(WB_PATH .'/modules/' .$file .'/languages/' .LANGUAGE .'.php'); - // use regular expressions to fetch the content of the variable from the string - $tool_description = get_variable_content('module_description', $data, false, false); - // replace optional placeholder {WB_URL} with value stored in config.php - if($tool_description !== false && strlen(trim($tool_description)) != 0) { - $tool_description = str_replace('{WB_URL}', WB_URL, $tool_description); - } else { - $tool_description = false; - } -} -if($tool_description !== false) { - // Override the module-description with correct desription in users language - $module['description'] = $tool_description; -} - -$template->set_var(array( - 'NAME' => $module['name'], - 'AUTHOR' => $module['author'], - 'DESCRIPTION' => $module['description'], - 'VERSION' => $module['version'], - 'DESIGNED_FOR' => $module['platform'], - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'WB_PATH' => WB_PATH, - 'THEME_URL' => THEME_URL - ) - ); - -switch ($module['function']) { - case NULL: - $type_name = $TEXT['UNKNOWN']; - break; - case 'page': - $type_name = $TEXT['PAGE']; - break; - case 'wysiwyg': - $type_name = $TEXT['WYSIWYG_EDITOR']; - break; - case 'tool': - $type_name = $TEXT['ADMINISTRATION_TOOL']; - break; - case 'admin': - $type_name = $TEXT['ADMIN']; - break; - case 'administration': - $type_name = $TEXT['ADMINISTRATION']; - break; - case 'snippet': - $type_name = $TEXT['CODE_SNIPPET']; - break; - default: - $type_name = $TEXT['UNKNOWN']; -} -$template->set_var('TYPE', $type_name); - -// Insert language headings -$template->set_var(array( - 'HEADING_MODULE_DETAILS' => $HEADING['MODULE_DETAILS'] - ) - ); -// Insert language text and messages -$template->set_var(array( - 'TEXT_NAME' => $TEXT['NAME'], - 'TEXT_TYPE' => $TEXT['TYPE'], - 'TEXT_AUTHOR' => $TEXT['AUTHOR'], - 'TEXT_VERSION' => $TEXT['VERSION'], - 'TEXT_DESIGNED_FOR' => $TEXT['DESIGNED_FOR'], - 'TEXT_DESCRIPTION' => $TEXT['DESCRIPTION'], - 'TEXT_BACK' => $TEXT['BACK'] - ) - ); - -// Parse module object -$template->parse('main', 'main_block', false); -$template->pparse('output', 'page'); - -// Print admin footer -$admin->print_footer(); - +add_slashes($_POST['file'])); // fix secunia 2010-92-1 +} + +// Check if the module exists +if(!file_exists(WB_PATH.'/modules/'.$file)) { + header("Location: index.php"); + exit(0); +} + +// Print admin header +$admin = new admin('Addons', 'modules_view'); + +// Setup module object +$template = new Template(THEME_PATH.'/templates'); +$template->set_file('page', 'modules_details.htt'); +$template->set_block('page', 'main_block', 'main'); + +// Insert values +$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'module' AND directory = '$file'"); +if($result->numRows() > 0) { + $module = $result->fetchRow(); +} + +// check if a module description exists for the displayed backend language +$tool_description = false; +if(function_exists('file_get_contents') && file_exists(WB_PATH.'/modules/'.$file.'/languages/'.LANGUAGE .'.php')) { + // read contents of the module language file into string + $data = @file_get_contents(WB_PATH .'/modules/' .$file .'/languages/' .LANGUAGE .'.php'); + // use regular expressions to fetch the content of the variable from the string + $tool_description = get_variable_content('module_description', $data, false, false); + // replace optional placeholder {WB_URL} with value stored in config.php + if($tool_description !== false && strlen(trim($tool_description)) != 0) { + $tool_description = str_replace('{WB_URL}', WB_URL, $tool_description); + } else { + $tool_description = false; + } +} +if($tool_description !== false) { + // Override the module-description with correct desription in users language + $module['description'] = $tool_description; +} + +$template->set_var(array( + 'NAME' => $module['name'], + 'AUTHOR' => $module['author'], + 'DESCRIPTION' => $module['description'], + 'VERSION' => $module['version'], + 'DESIGNED_FOR' => $module['platform'], + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'WB_PATH' => WB_PATH, + 'THEME_URL' => THEME_URL + ) + ); + +switch ($module['function']) { + case NULL: + $type_name = $TEXT['UNKNOWN']; + break; + case 'page': + $type_name = $TEXT['PAGE']; + break; + case 'wysiwyg': + $type_name = $TEXT['WYSIWYG_EDITOR']; + break; + case 'tool': + $type_name = $TEXT['ADMINISTRATION_TOOL']; + break; + case 'admin': + $type_name = $TEXT['ADMIN']; + break; + case 'administration': + $type_name = $TEXT['ADMINISTRATION']; + break; + case 'snippet': + $type_name = $TEXT['CODE_SNIPPET']; + break; + default: + $type_name = $TEXT['UNKNOWN']; +} +$template->set_var('TYPE', $type_name); + +// Insert language headings +$template->set_var(array( + 'HEADING_MODULE_DETAILS' => $HEADING['MODULE_DETAILS'] + ) + ); +// Insert language text and messages +$template->set_var(array( + 'TEXT_NAME' => $TEXT['NAME'], + 'TEXT_TYPE' => $TEXT['TYPE'], + 'TEXT_AUTHOR' => $TEXT['AUTHOR'], + 'TEXT_VERSION' => $TEXT['VERSION'], + 'TEXT_DESIGNED_FOR' => $TEXT['DESIGNED_FOR'], + 'TEXT_DESCRIPTION' => $TEXT['DESCRIPTION'], + 'TEXT_BACK' => $TEXT['BACK'] + ) + ); + +// Parse module object +$template->parse('main', 'main_block', false); +$template->pparse('output', 'page'); + +// Print admin footer +$admin->print_footer(); + ?> \ No newline at end of file Index: branches/2.8.x/wb/admin/logout/index.php =================================================================== --- branches/2.8.x/wb/admin/logout/index.php (revision 1385) +++ branches/2.8.x/wb/admin/logout/index.php (revision 1386) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - require('../../config.php'); // delete remember key of current user from database Index: branches/2.8.x/wb/account/password.php =================================================================== --- branches/2.8.x/wb/account/password.php (revision 1385) +++ branches/2.8.x/wb/account/password.php (revision 1386) @@ -1,62 +1,62 @@ -get_user_id()."' AND password = '".md5($current_password)."'"; -$results = $database->query($query); - -// Validate values -if($results->numRows() == 0) { - $wb->print_error($MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'], $js_back, false); -} -if(strlen($new_password) < 3) { - $wb->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back, false); -} -if($new_password != $new_password2) { - $wb->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back, false); -} - -// MD5 the password -$md5_password = md5($new_password); - -// Update the database -$database = new database(); -$query = "UPDATE ".TABLE_PREFIX."users SET password = '$md5_password' WHERE user_id = '".$wb->get_user_id()."'"; -$database->query($query); -if($database->is_error()) { - $wb->print_error($database->get_error, 'index.php', false); -} else { - $wb->print_success($MESSAGE['PREFERENCES']['PASSWORD_CHANGED'], WB_URL.'/account/preferences.php'); -} - - +get_user_id()."' AND password = '".md5($current_password)."'"; +$results = $database->query($query); + +// Validate values +if($results->numRows() == 0) { + $wb->print_error($MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'], $js_back, false); +} +if(strlen($new_password) < 3) { + $wb->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back, false); +} +if($new_password != $new_password2) { + $wb->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back, false); +} + +// MD5 the password +$md5_password = md5($new_password); + +// Update the database +// $database = new database(); +$query = "UPDATE ".TABLE_PREFIX."users SET password = '$md5_password' WHERE user_id = '".$wb->get_user_id()."'"; +$database->query($query); +if($database->is_error()) { + $wb->print_error($database->get_error, 'index.php', false); +} else { + $wb->print_success($MESSAGE['PREFERENCES']['PASSWORD_CHANGED'], WB_URL.'/account/preferences.php'); +} + + ?> \ No newline at end of file Index: branches/2.8.x/wb/account/details.php =================================================================== --- branches/2.8.x/wb/account/details.php (revision 1385) +++ branches/2.8.x/wb/account/details.php (revision 1386) @@ -1,70 +1,70 @@ -add_slashes(strip_tags($wb->get_post('display_name'))); -$language = $wb->get_post_escaped('language'); -$timezone = $wb->get_post_escaped('timezone')*60*60; -$date_format = $wb->get_post_escaped('date_format'); -$time_format = $wb->get_post_escaped('time_format'); - -// Create a javascript back link -$js_back = "javascript: history.go(-1);"; - -// Update the database -$database = new database(); -$query = "UPDATE ".TABLE_PREFIX."users SET display_name = '$display_name', language = '$language', timezone = '$timezone', date_format = '$date_format', time_format = '$time_format' WHERE user_id = '".$wb->get_user_id()."'"; -$database->query($query); -if($database->is_error()) { - $wb->print_error($database->get_error,'index.php',false); -} else { - $wb->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED'], WB_URL.'/account/preferences.php'); - $_SESSION['DISPLAY_NAME'] = $display_name; - $_SESSION['LANGUAGE'] = $language; - // Update date format - if($date_format != '') { - $_SESSION['DATE_FORMAT'] = $date_format; - if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); } - } else { - $_SESSION['USE_DEFAULT_DATE_FORMAT'] = true; - if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); } - } - // Update time format - if($time_format != '') { - $_SESSION['TIME_FORMAT'] = $time_format; - if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); } - } else { - $_SESSION['USE_DEFAULT_TIME_FORMAT'] = true; - if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); } - } - // Update timezone - if($timezone != '-72000') { - $_SESSION['TIMEZONE'] = $timezone; - if(isset($_SESSION['USE_DEFAULT_TIMEZONE'])) { unset($_SESSION['USE_DEFAULT_TIMEZONE']); } - } else { - $_SESSION['USE_DEFAULT_TIMEZONE'] = true; - if(isset($_SESSION['TIMEZONE'])) { unset($_SESSION['TIMEZONE']); } - } -} - +add_slashes(strip_tags($wb->get_post('display_name'))); +$language = $wb->get_post_escaped('language'); +$timezone = $wb->get_post_escaped('timezone')*60*60; +$date_format = $wb->get_post_escaped('date_format'); +$time_format = $wb->get_post_escaped('time_format'); + +// Create a javascript back link +$js_back = "javascript: history.go(-1);"; + +// Update the database +// $database = new database(); +$query = "UPDATE ".TABLE_PREFIX."users SET display_name = '$display_name', language = '$language', timezone = '$timezone', date_format = '$date_format', time_format = '$time_format' WHERE user_id = '".$wb->get_user_id()."'"; +$database->query($query); +if($database->is_error()) { + $wb->print_error($database->get_error,'index.php',false); +} else { + $wb->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED'], WB_URL.'/account/preferences.php'); + $_SESSION['DISPLAY_NAME'] = $display_name; + $_SESSION['LANGUAGE'] = $language; + // Update date format + if($date_format != '') { + $_SESSION['DATE_FORMAT'] = $date_format; + if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); } + } else { + $_SESSION['USE_DEFAULT_DATE_FORMAT'] = true; + if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); } + } + // Update time format + if($time_format != '') { + $_SESSION['TIME_FORMAT'] = $time_format; + if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); } + } else { + $_SESSION['USE_DEFAULT_TIME_FORMAT'] = true; + if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); } + } + // Update timezone + if($timezone != '-72000') { + $_SESSION['TIMEZONE'] = $timezone; + if(isset($_SESSION['USE_DEFAULT_TIMEZONE'])) { unset($_SESSION['USE_DEFAULT_TIMEZONE']); } + } else { + $_SESSION['USE_DEFAULT_TIMEZONE'] = true; + if(isset($_SESSION['TIMEZONE'])) { unset($_SESSION['TIMEZONE']); } + } +} + ?> \ No newline at end of file Index: branches/2.8.x/wb/account/email.php =================================================================== --- branches/2.8.x/wb/account/email.php (revision 1385) +++ branches/2.8.x/wb/account/email.php (revision 1386) @@ -1,58 +1,58 @@ -get_post('current_password'); -$email = $wb->get_post('email'); - -// Create a javascript back link -$js_back = "javascript: history.go(-1);"; - -// Get existing password -$database = new database(); -$query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'"; -$results = $database->query($query); - -// Validate values -if($results->numRows() == 0) { - $wb->print_error($MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'], $js_back, false); -} -// Validate values -if(!$wb->validate_email($email)) { - $wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false); -} - -$email = $wb->add_slashes($email); - -// Update the database -$database = new database(); -$query = "UPDATE ".TABLE_PREFIX."users SET email = '$email' WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'"; -$database->query($query); -if($database->is_error()) { - $wb->print_error($database->get_error,'index.php', false); -} else { - $wb->print_success($MESSAGE['PREFERENCES']['EMAIL_UPDATED'], WB_URL.'/account/preferences.php'); - $_SESSION['EMAIL'] = $email; -} - +get_post('current_password'); +$email = $wb->get_post('email'); + +// Create a javascript back link +$js_back = "javascript: history.go(-1);"; + +// Get existing password +// $database = new database(); +$query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'"; +$results = $database->query($query); + +// Validate values +if($results->numRows() == 0) { + $wb->print_error($MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'], $js_back, false); +} +// Validate values +if(!$wb->validate_email($email)) { + $wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false); +} + +$email = $wb->add_slashes($email); + +// Update the database +// $database = new database(); +$query = "UPDATE ".TABLE_PREFIX."users SET email = '$email' WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'"; +$database->query($query); +if($database->is_error()) { + $wb->print_error($database->get_error,'index.php', false); +} else { + $wb->print_success($MESSAGE['PREFERENCES']['EMAIL_UPDATED'], WB_URL.'/account/preferences.php'); + $_SESSION['EMAIL'] = $email; +} + ?> \ No newline at end of file Index: branches/2.8.x/wb/account/signup2.php =================================================================== --- branches/2.8.x/wb/account/signup2.php (revision 1385) +++ branches/2.8.x/wb/account/signup2.php (revision 1386) @@ -1,129 +1,129 @@ -get_post_escaped('username'))); -$display_name = strip_tags($wb->get_post_escaped('display_name')); -$email = $wb->get_post('email'); - -// Create a javascript back link -$js_back = "javascript: history.go(-1);"; - -// Check values -if($groups_id == "") { - $wb->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back, false); -} -if(strlen($username) < 3) { - $wb->print_error($MESSAGE['USERS']['USERNAME_TOO_SHORT'], $js_back, false); -} -if($email != "") { - if($wb->validate_email($email) == false) { - $wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false); - } -} else { - $wb->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back, false); -} - -$email = $wb->add_slashes($email); - -// Captcha -if(ENABLED_CAPTCHA) { - if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){ - // Check for a mismatch - if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) { - $wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false); - } - } else { - $wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false); - } -} -if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); } - -// Generate a random password then update the database with it -$new_pass = ''; -$salt = "abchefghjkmnpqrstuvwxyz0123456789"; -srand((double)microtime()*1000000); -$i = 0; -while ($i <= 7) { - $num = rand() % 33; - $tmp = substr($salt, $num, 1); - $new_pass = $new_pass . $tmp; - $i++; -} -$md5_password = md5($new_pass); - -// Check if username already exists -$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'"); -if($results->numRows() > 0) { - $wb->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back, false); -} - -// Check if the email already exists -$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($email)."'"); -if($results->numRows() > 0) { - if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) { - $wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false); - } else { - $wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false); - } -} - -// MD5 supplied password -$md5_password = md5($new_pass); - -// Inser the user into the database -$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,email) VALUES ('$groups_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$email')"; -$database->query($query); - -if($database->is_error()) { - // Error updating database - $message = $database->get_error(); -} else { - // Setup email to send - $mail_to = $email; - $mail_subject = $MESSAGE['SIGNUP2']['SUBJECT_LOGIN_INFO']; - - // Replace placeholders from language variable with values - $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}'); - $replace = array($display_name, WEBSITE_TITLE, $username, $new_pass); - $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2']['BODY_LOGIN_INFO']); - - // Try sending the email - if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { - $display_form = false; - $wb->print_success($MESSAGE['FORGOT_PASS']['PASSWORD_RESET'], WB_URL.'/account/login.php'); - } else { - $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE username = '$username'"); - $wb->print_error($MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'], $js_back, false); - } -} - -?> +get_post_escaped('username'))); +$display_name = strip_tags($wb->get_post_escaped('display_name')); +$email = $wb->get_post('email'); + +// Create a javascript back link +$js_back = "javascript: history.go(-1);"; + +// Check values +if($groups_id == "") { + $wb->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back, false); +} +if(strlen($username) < 3) { + $wb->print_error($MESSAGE['USERS']['USERNAME_TOO_SHORT'], $js_back, false); +} +if($email != "") { + if($wb->validate_email($email) == false) { + $wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false); + } +} else { + $wb->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back, false); +} + +$email = $wb->add_slashes($email); + +// Captcha +if(ENABLED_CAPTCHA) { + if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){ + // Check for a mismatch + if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) { + $wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false); + } + } else { + $wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false); + } +} +if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); } + +// Generate a random password then update the database with it +$new_pass = ''; +$salt = "abchefghjkmnpqrstuvwxyz0123456789"; +srand((double)microtime()*1000000); +$i = 0; +while ($i <= 7) { + $num = rand() % 33; + $tmp = substr($salt, $num, 1); + $new_pass = $new_pass . $tmp; + $i++; +} +$md5_password = md5($new_pass); + +// Check if username already exists +$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'"); +if($results->numRows() > 0) { + $wb->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back, false); +} + +// Check if the email already exists +$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($email)."'"); +if($results->numRows() > 0) { + if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) { + $wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false); + } else { + $wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false); + } +} + +// MD5 supplied password +$md5_password = md5($new_pass); + +// Inser the user into the database +$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,email) VALUES ('$groups_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$email')"; +$database->query($query); + +if($database->is_error()) { + // Error updating database + $message = $database->get_error(); +} else { + // Setup email to send + $mail_to = $email; + $mail_subject = $MESSAGE['SIGNUP2']['SUBJECT_LOGIN_INFO']; + + // Replace placeholders from language variable with values + $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}'); + $replace = array($display_name, WEBSITE_TITLE, $username, $new_pass); + $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2']['BODY_LOGIN_INFO']); + + // Try sending the email + if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { + $display_form = false; + $wb->print_success($MESSAGE['FORGOT_PASS']['PASSWORD_RESET'], WB_URL.'/account/login.php'); + } else { + $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE username = '$username'"); + $wb->print_error($MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'], $js_back, false); + } +} + +?> Index: branches/2.8.x/wb/framework/class.wbmailer.php =================================================================== --- branches/2.8.x/wb/framework/class.wbmailer.php (revision 1385) +++ branches/2.8.x/wb/framework/class.wbmailer.php (revision 1386) @@ -1,114 +1,115 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -/* - -wbmailer class - -This class is a subclass of the PHPMailer class and replaces the mail() function of PHP - -*/ - -// Include PHPMailer class -require_once(WB_PATH."/include/phpmailer/class.phpmailer.php"); - -class wbmailer extends PHPMailer -{ - // new websitebaker mailer class (subset of PHPMailer class) - // setting default values - - function wbmailer() { - // set mailer defaults (PHP mail function) - $db_wbmailer_routine = "phpmail"; - $db_wbmailer_smtp_host = ""; - $db_wbmailer_default_sendername = "WB Mailer"; - $db_server_email = SERVER_EMAIL; - - // get mailer settings from database - $database = new database(); - $query = "SELECT * FROM " .TABLE_PREFIX. "settings"; - $results = $database->query($query); - while($setting = $results->fetchRow()) { - if ($setting['name'] == "wbmailer_routine") { $db_wbmailer_routine = $setting['value']; } - if ($setting['name'] == "wbmailer_smtp_host") { $db_wbmailer_smtp_host = $setting['value']; } - if ($setting['name'] == "wbmailer_smtp_auth") { $db_wbmailer_smtp_auth = (bool)$setting['value']; } - if ($setting['name'] == "wbmailer_smtp_username") { $db_wbmailer_smtp_username = $setting['value']; } - if ($setting['name'] == "wbmailer_smtp_password") { $db_wbmailer_smtp_password = $setting['value']; } - if ($setting['name'] == "wbmailer_default_sendername") { $db_wbmailer_default_sendername = $setting['value']; } - if ($setting['name'] == "server_email") { $db_server_email = $setting['value']; } - } - - // set method to send out emails - if($db_wbmailer_routine == "smtp" AND strlen($db_wbmailer_smtp_host) > 5) { - // use SMTP for all outgoing mails send by Website Baker - $this->IsSMTP(); - $this->Host = $db_wbmailer_smtp_host; - // check if SMTP authentification is required - if ($db_wbmailer_smtp_auth == "true" && strlen($db_wbmailer_smtp_username) > 1 && strlen($db_wbmailer_smtp_password) > 1) { - // use SMTP authentification - $this->SMTPAuth = true; // enable SMTP authentification - $this->Username = $db_wbmailer_smtp_username; // set SMTP username - $this->Password = $db_wbmailer_smtp_password; // set SMTP password - } - } else { - // use PHP mail() function for outgoing mails send by Website Baker - $this->IsMail(); - } - - // set language file for PHPMailer error messages - if(defined("LANGUAGE")) { - $this->SetLanguage(strtolower(LANGUAGE),"language"); // english default (also used if file is missing) - } - - // set default charset - if(defined('DEFAULT_CHARSET')) { - $this->CharSet = DEFAULT_CHARSET; - } else { - $this->CharSet='utf-8'; - } - + + Copyright (C) 2004-2009, Ryan Djurovich + + Website Baker is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + Website Baker is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with Website Baker; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +/* + +wbmailer class + +This class is a subclass of the PHPMailer class and replaces the mail() function of PHP + +*/ + +// Include PHPMailer class +require_once(WB_PATH."/include/phpmailer/class.phpmailer.php"); + +class wbmailer extends PHPMailer +{ + // new websitebaker mailer class (subset of PHPMailer class) + // setting default values + + function wbmailer() { + global $database; + // set mailer defaults (PHP mail function) + $db_wbmailer_routine = "phpmail"; + $db_wbmailer_smtp_host = ""; + $db_wbmailer_default_sendername = "WB Mailer"; + $db_server_email = SERVER_EMAIL; + + // get mailer settings from database + // $database = new database(); + $query = "SELECT * FROM " .TABLE_PREFIX. "settings"; + $results = $database->query($query); + while($setting = $results->fetchRow()) { + if ($setting['name'] == "wbmailer_routine") { $db_wbmailer_routine = $setting['value']; } + if ($setting['name'] == "wbmailer_smtp_host") { $db_wbmailer_smtp_host = $setting['value']; } + if ($setting['name'] == "wbmailer_smtp_auth") { $db_wbmailer_smtp_auth = (bool)$setting['value']; } + if ($setting['name'] == "wbmailer_smtp_username") { $db_wbmailer_smtp_username = $setting['value']; } + if ($setting['name'] == "wbmailer_smtp_password") { $db_wbmailer_smtp_password = $setting['value']; } + if ($setting['name'] == "wbmailer_default_sendername") { $db_wbmailer_default_sendername = $setting['value']; } + if ($setting['name'] == "server_email") { $db_server_email = $setting['value']; } + } + + // set method to send out emails + if($db_wbmailer_routine == "smtp" AND strlen($db_wbmailer_smtp_host) > 5) { + // use SMTP for all outgoing mails send by Website Baker + $this->IsSMTP(); + $this->Host = $db_wbmailer_smtp_host; + // check if SMTP authentification is required + if ($db_wbmailer_smtp_auth == "true" && strlen($db_wbmailer_smtp_username) > 1 && strlen($db_wbmailer_smtp_password) > 1) { + // use SMTP authentification + $this->SMTPAuth = true; // enable SMTP authentification + $this->Username = $db_wbmailer_smtp_username; // set SMTP username + $this->Password = $db_wbmailer_smtp_password; // set SMTP password + } + } else { + // use PHP mail() function for outgoing mails send by Website Baker + $this->IsMail(); + } + + // set language file for PHPMailer error messages + if(defined("LANGUAGE")) { + $this->SetLanguage(strtolower(LANGUAGE),"language"); // english default (also used if file is missing) + } + + // set default charset + if(defined('DEFAULT_CHARSET')) { + $this->CharSet = DEFAULT_CHARSET; + } else { + $this->CharSet='utf-8'; + } + // set default sender name - if($this->FromName == 'Root User') { - if(isset($_SESSION['DISPLAY_NAME'])) { - $this->FromName = $_SESSION['DISPLAY_NAME']; // FROM NAME: display name of user logged in - } else { - $this->FromName = $db_wbmailer_default_sendername; // FROM NAME: set default name - } + if($this->FromName == 'Root User') { + if(isset($_SESSION['DISPLAY_NAME'])) { + $this->FromName = $_SESSION['DISPLAY_NAME']; // FROM NAME: display name of user logged in + } else { + $this->FromName = $db_wbmailer_default_sendername; // FROM NAME: set default name + } } - - /* - some mail provider (lets say mail.com) reject mails send out by foreign mail - relays but using the providers domain in the from mail address (e.g. myname@mail.com) - */ - $this->From = $db_server_email; // FROM MAIL: (server mail) - - // set default mail formats - $this->IsHTML(true); - $this->WordWrap = 80; - $this->Timeout = 30; - } -} - + + /* + some mail provider (lets say mail.com) reject mails send out by foreign mail + relays but using the providers domain in the from mail address (e.g. myname@mail.com) + */ + $this->From = $db_server_email; // FROM MAIL: (server mail) + + // set default mail formats + $this->IsHTML(true); + $this->WordWrap = 80; + $this->Timeout = 30; + } +} + ?> \ No newline at end of file Index: branches/2.8.x/wb/framework/class.order.php =================================================================== --- branches/2.8.x/wb/framework/class.order.php (revision 1385) +++ branches/2.8.x/wb/framework/class.order.php (revision 1386) @@ -120,7 +120,7 @@ // Get new number for order function get_new($cf_value) { global $database; - $database = new database(); + // $database = new database(); // Get last order $query_last = "SELECT ".$this->order_field." FROM ".$this->table." WHERE ".$this->common_field." = '$cf_value' ORDER BY ".$this->order_field." DESC LIMIT 1"; $get_last = $database->query($query_last); Index: branches/2.8.x/wb/pages/index.php =================================================================== --- branches/2.8.x/wb/pages/index.php (revision 1385) +++ branches/2.8.x/wb/pages/index.php (revision 1386) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - $no_intro = true; require('../config.php'); require(WB_PATH.'/index.php'); Index: branches/2.8.x/wb/search/index.php =================================================================== --- branches/2.8.x/wb/search/index.php (revision 1385) +++ branches/2.8.x/wb/search/index.php (revision 1386) @@ -1,56 +1,56 @@ -query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'template' LIMIT 1"); -$fetch_template = $query_template->fetchRow(); -$template = $fetch_template['value']; -if($template != '') { - define('TEMPLATE', $template); -} -unset($template); - -//Get the referrer page ID if it exists -if(isset($_REQUEST['referrer']) && is_numeric($_REQUEST['referrer']) && intval($_REQUEST['referrer']) > 0) { - define('REFERRER_ID', intval($_REQUEST['referrer'])); -} else { - define('REFERRER_ID', 0); -} - -// Include index (wrapper) file -require(WB_PATH.'/index.php'); - +query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'template' LIMIT 1"); +$fetch_template = $query_template->fetchRow(); +$template = $fetch_template['value']; +if($template != '') { + define('TEMPLATE', $template); +} +unset($template); + +//Get the referrer page ID if it exists +if(isset($_REQUEST['referrer']) && is_numeric($_REQUEST['referrer']) && intval($_REQUEST['referrer']) > 0) { + define('REFERRER_ID', intval($_REQUEST['referrer'])); +} else { + define('REFERRER_ID', 0); +} + +// Include index (wrapper) file +require(WB_PATH.'/index.php'); + ?> \ No newline at end of file Index: branches/2.8.x/wb/modules/wysiwyg/languages/RU.php =================================================================== --- branches/2.8.x/wb/modules/wysiwyg/languages/RU.php (revision 1385) +++ branches/2.8.x/wb/modules/wysiwyg/languages/RU.php (revision 1386) @@ -1,31 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - function wysiwyg_search($func_vars) { extract($func_vars, EXTR_PREFIX_ALL, 'func'); Index: branches/2.8.x/wb/modules/captcha_control/tool.php =================================================================== --- branches/2.8.x/wb/modules/captcha_control/tool.php (revision 1385) +++ branches/2.8.x/wb/modules/captcha_control/tool.php (revision 1386) @@ -1,196 +1,197 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -// direct access prevention -defined('WB_PATH') OR die(header('Location: ../index.php')); - -// check if module language file exists for the language set by the user (e.g. DE, EN) -if(!file_exists(WB_PATH .'/modules/captcha_control/languages/'.LANGUAGE .'.php')) { - // no module language file exists for the language set by the user, include default module language file EN.php - require_once(WB_PATH .'/modules/captcha_control/languages/EN.php'); -} else { - // a module language file exists for the language defined by the user, load it - require_once(WB_PATH .'/modules/captcha_control/languages/'.LANGUAGE .'.php'); -} - -$table = TABLE_PREFIX.'mod_captcha_control'; - -// check if data was submitted -if(isset($_POST['save_settings'])) { - // get configuration settings - $enabled_captcha = ($_POST['enabled_captcha'] == '1') ? '1' : '0'; - $enabled_asp = ($_POST['enabled_asp'] == '1') ? '1' : '0'; - $captcha_type = $admin->add_slashes($_POST['captcha_type']); - - // update database settings - $database->query("UPDATE $table SET - enabled_captcha = '$enabled_captcha', - enabled_asp = '$enabled_asp', - captcha_type = '$captcha_type' - "); - - // save text-captchas - if($captcha_type == 'text') { // ct_text - $text_qa=$admin->add_slashes($_POST['text_qa']); - if(!preg_match('/### .*? ###/', $text_qa)) { - $database->query("UPDATE $table SET ct_text = '$text_qa'"); - } - } - - // check if there is a database error, otherwise say successful - if($database->is_error()) { - $admin->print_error($database->get_error(), $js_back); - } else { - $admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/admintools/tool.php?tool=captcha_control'); - } - -} else { - - // include captcha-file - require_once(WB_PATH .'/include/captcha/captcha.php'); - - // load text-captchas - $text_qa=''; - if($query = $database->query("SELECT ct_text FROM $table")) { - $data = $query->fetchRow(); - $text_qa = $data['ct_text']; - } - if($text_qa == '') - $text_qa = $MOD_CAPTCHA_CONTROL['CAPTCHA_TEXT_DESC']; - -// script to load image -?> - -query("SELECT * FROM $table")) { - $data = $query->fetchRow(); - $enabled_captcha = $data['enabled_captcha']; - $enabled_asp = $data['enabled_asp']; - $captcha_type = $data['captcha_type']; - } else { - // something went wrong, use dummy value - $enabled_captcha = '1'; - $enabled_asp = '1'; - $captcha_type = 'calc_text'; - } - - // write out heading - echo '

' .$MOD_CAPTCHA_CONTROL['HEADING'] .'

'; - - // output the form with values from the database - echo '

' .$MOD_CAPTCHA_CONTROL['HOWTO'] .'

'; -?> -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:
: - -
  - captcha_example -
: - -
: - - name="enabled_captcha" value="1" /> - - name="enabled_captcha" value="0" /> -
 

:
: - - name="enabled_asp" value="1" /> - - name="enabled_asp" value="0" /> -
 
- -
- + Copyright (C) 2004-2009, Ryan Djurovich + + Website Baker is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + Website Baker is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with Website Baker; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +// direct access prevention +defined('WB_PATH') OR die(header('Location: ../index.php')); + +// check if module language file exists for the language set by the user (e.g. DE, EN) +if(!file_exists(WB_PATH .'/modules/captcha_control/languages/'.LANGUAGE .'.php')) { + // no module language file exists for the language set by the user, include default module language file EN.php + require_once(WB_PATH .'/modules/captcha_control/languages/EN.php'); +} else { + // a module language file exists for the language defined by the user, load it + require_once(WB_PATH .'/modules/captcha_control/languages/'.LANGUAGE .'.php'); +} + +$table = TABLE_PREFIX.'mod_captcha_control'; +$js_back = "javascript: history.go(-1);"; + +// check if data was submitted +if(isset($_POST['save_settings'])) { + // get configuration settings + $enabled_captcha = ($_POST['enabled_captcha'] == '1') ? '1' : '0'; + $enabled_asp = ($_POST['enabled_asp'] == '1') ? '1' : '0'; + $captcha_type = $admin->add_slashes($_POST['captcha_type']); + + // update database settings + $database->query("UPDATE $table SET + enabled_captcha = '$enabled_captcha', + enabled_asp = '$enabled_asp', + captcha_type = '$captcha_type' + "); + + // save text-captchas + if($captcha_type == 'text') { // ct_text + $text_qa=$admin->add_slashes($_POST['text_qa']); + if(!preg_match('/### .*? ###/', $text_qa)) { + $database->query("UPDATE $table SET ct_text = '$text_qa'"); + } + } + + // check if there is a database error, otherwise say successful + if($database->is_error()) { + $admin->print_error($database->get_error(), $js_back); + } else { + $admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/admintools/tool.php?tool=captcha_control'); + } + +} else { + + // include captcha-file + require_once(WB_PATH .'/include/captcha/captcha.php'); + + // load text-captchas + $text_qa=''; + if($query = $database->query("SELECT ct_text FROM $table")) { + $data = $query->fetchRow(); + $text_qa = $data['ct_text']; + } + if($text_qa == '') + $text_qa = $MOD_CAPTCHA_CONTROL['CAPTCHA_TEXT_DESC']; + +// script to load image +?> + +query("SELECT * FROM $table")) { + $data = $query->fetchRow(); + $enabled_captcha = $data['enabled_captcha']; + $enabled_asp = $data['enabled_asp']; + $captcha_type = $data['captcha_type']; + } else { + // something went wrong, use dummy value + $enabled_captcha = '1'; + $enabled_asp = '1'; + $captcha_type = 'calc_text'; + } + + // write out heading + echo '

' .$MOD_CAPTCHA_CONTROL['HEADING'] .'

'; + + // output the form with values from the database + echo '

' .$MOD_CAPTCHA_CONTROL['HOWTO'] .'

'; +?> +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
:
: + +
  + captcha_example +
: + +
: + + name="enabled_captcha" value="1" /> + + name="enabled_captcha" value="0" /> +
 

:
: + + name="enabled_asp" value="1" /> + + name="enabled_asp" value="0" /> +
 
+ +
+ \ No newline at end of file