/ - Diff - WB 2.08.x - Tracking

     ! = Update/Change
     ------------------------------------- 2.8.2 -------------------------------------
 Feb-2011 Build 1425 Dietmar Woellbrink (Luisehahne)
     ! redefined wrong admin backlinks
 Jan-2011 Build 1424 Werner v.d.Decken(DarkViper)
     # typo fix and simplify used_octets calculation
 Jan-2011 Build 1423 Werner v.d.Decken(DarkViper)

     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Access', 'groups_modify');
     // Create a javascript back link
     $js_back = ADMIN_URL.'/groups/index.php';
     if (!$admin->checkFTAN())
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
     	exit();
+    }
-...
     // Gather details entered
     $group_name = $admin->get_post_escaped('group_name');
     // Create a javascript back link
     $js_back = "javascript: history.go(-1);";
     // Check values
     if($group_name == "") {
     	$admin->print_error($MESSAGE['GROUPS']['GROUP_NAME_BLANK'], $js_back);

     <?php
     /**
+     *
      * @category        admin
      * @package         groups
      * @author          WebsiteBaker Project
      * @copyright       2004-2009, Ryan Djurovich
      * @copyright       2009-2011, Website Baker Org. e.V.
      * @link			http://www.websitebaker2.org/
      * @license         http://www.gnu.org/licenses/gpl.html
      * @platform        WebsiteBaker 2.8.x
      * @requirements    PHP 5.2.2 and higher
      * @version         $Id$
      * @filesource		$HeadURL$
      * @lastmodified    $Date$
+     *
      */
     // Include config file and admin class file
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     // Create new database object
     // $database = new database();
     if(!isset($_POST['action']) OR ($_POST['action'] != "modify" AND $_POST['action'] != "delete")) {
     	header("Location: index.php");
     	exit(0);
+    }
     // Set parameter 'action' as alternative to javascript mechanism
     if(isset($_POST['modify']))
     	$_POST['action'] = "modify";
     if(isset($_POST['delete']))
     	$_POST['action'] = "delete";
     // Check if group group_id is a valid number and doesnt equal 1
     if(!isset($_POST['group_id']) OR !is_numeric($_POST['group_id']) OR $_POST['group_id'] == 1) {
     	header("Location: index.php");
     	exit(0);
+    }
     if($_POST['action'] == 'modify') {
     	// Create new admin object
     	$admin = new admin('Access', 'groups_modify', false);
     	if (!$admin->checkFTAN())
+    	{
     		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
     		exit();
+    	}
     	// Print header
     	$admin->print_header();
     	// Get existing values
     	$results = $database->query("SELECT * FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."'");
     	$group = $results->fetchRow();
     	// Setup template object
     	$template = new Template(THEME_PATH.'/templates');
     	$template->set_file('page', 'groups_form.htt');
     	$template->set_block('page', 'main_block', 'main');
     	$template->set_var(	array(
     							'ACTION_URL' => ADMIN_URL.'/groups/save.php',
     							'SUBMIT_TITLE' => $TEXT['SAVE'],
     							'GROUP_ID' => $group['group_id'],
     							'GROUP_NAME' => $group['name'],
     							'ADVANCED_ACTION' => 'groups.php',
     							'FTAN' => $admin->getFTAN()
     						));
     	// Tell the browser whether or not to show advanced options
     	if( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) {
     		$template->set_var('DISPLAY_ADVANCED', '');
     		$template->set_var('DISPLAY_BASIC', 'display:none;');
     		$template->set_var('ADVANCED', 'yes');
     		$template->set_var('ADVANCED_BUTTON', '&lt;&lt; '.$TEXT['HIDE_ADVANCED']);
     	} else {
     		$template->set_var('DISPLAY_ADVANCED', 'display:none;');
     		$template->set_var('DISPLAY_BASIC', '');
     		$template->set_var('ADVANCED', 'no');
     		$template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].'  &gt;&gt;');
+    	}
     	// Explode system permissions
     	$system_permissions = explode(',', $group['system_permissions']);
     	// Check system permissions boxes
     	foreach($system_permissions AS $name) {
     			$template->set_var($name.'_checked', ' checked="checked"');
+    	}
     	// Explode module permissions
     	$module_permissions = explode(',', $group['module_permissions']);
     	// Explode template permissions
     	$template_permissions = explode(',', $group['template_permissions']);
     	// Insert values into module list
     	$template->set_block('main_block', 'module_list_block', 'module_list');
     	$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`');
     	if($result->numRows() > 0) {
     		while($addon = $result->fetchRow()) {
     			$template->set_var('VALUE', $addon['directory']);
     			$template->set_var('NAME', $addon['name']);
     			if(!is_numeric(array_search($addon['directory'], $module_permissions))) {
     				$template->set_var('CHECKED', ' checked="checked"');
     			} else {
     				$template->set_var('CHECKED', '');
+    			}
     			$template->parse('module_list', 'module_list_block', true);
+    		}
+    	}
     	// Insert values into template list
     	$template->set_block('main_block', 'template_list_block', 'template_list');
     	$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`');
     	if($result->numRows() > 0) {
     		while($addon = $result->fetchRow()) {
     			$template->set_var('VALUE', $addon['directory']);
     			$template->set_var('NAME', $addon['name']);
     			if(!is_numeric(array_search($addon['directory'], $template_permissions))) {
     				$template->set_var('CHECKED', ' checked="checked"');
     			} else {
     				$template->set_var('CHECKED', '');
+    			}
     			$template->parse('template_list', 'template_list_block', true);
+    		}
+    	}
     	// Insert language text and messages
     	$template->set_var(array(
     				'TEXT_RESET' => $TEXT['RESET'],
     				'TEXT_ACTIVE' => $TEXT['ACTIVE'],
     				'TEXT_DISABLED' => $TEXT['DISABLED'],
     				'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
     				'TEXT_USERNAME' => $TEXT['USERNAME'],
     				'TEXT_PASSWORD' => $TEXT['PASSWORD'],
     				'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
     				'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
     				'TEXT_EMAIL' => $TEXT['EMAIL'],
     				'TEXT_GROUP' => $TEXT['GROUP'],
     				'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'],
     				'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'],
     				'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'],
     				'TEXT_NAME' => $TEXT['NAME'],
     				'SECTION_PAGES' => $MENU['PAGES'],
     				'SECTION_MEDIA' => $MENU['MEDIA'],
     				'SECTION_MODULES' => $MENU['MODULES'],
     				'SECTION_TEMPLATES' => $MENU['TEMPLATES'],
     				'SECTION_LANGUAGES' => $MENU['LANGUAGES'],
     				'SECTION_SETTINGS' => $MENU['SETTINGS'],
     				'SECTION_USERS' => $MENU['USERS'],
     				'SECTION_GROUPS' => $MENU['GROUPS'],
     				'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'],
     				'TEXT_VIEW' => $TEXT['VIEW'],
     				'TEXT_ADD' => $TEXT['ADD'],
     				'TEXT_LEVEL' => $TEXT['LEVEL'],
     				'TEXT_MODIFY' => $TEXT['MODIFY'],
     				'TEXT_DELETE' => $TEXT['DELETE'],
     				'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'],
     				'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'],
     				'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'],
     				'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'],
     				'TEXT_RENAME' => $TEXT['RENAME'],
     				'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'],
     				'TEXT_BASIC' => $TEXT['BASIC'],
     				'TEXT_ADVANCED' => $TEXT['ADVANCED'],
     				'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'],
     				'HEADING_MODIFY_GROUP' => $HEADING['MODIFY_GROUP'],
     			));
     	// Parse template object
     	$template->parse('main', 'main_block', false);
     	$template->pparse('output', 'page');
     } elseif($_POST['action'] == 'delete') {
     	// Create new admin object
     	$admin = new admin('Access', 'groups_delete', false);
     	if (!$admin->checkFTAN())
+    	{
     		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
     		exit();
+    	}
     	// Print header
     	$admin->print_header();
     	// Delete the group
     	$database->query("DELETE FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."' LIMIT 1");
     	if($database->is_error()) {
     		$admin->print_error($database->get_error());
     	} else {
     		// Delete users in the group
     		$database->query("DELETE FROM ".TABLE_PREFIX."users WHERE group_id = '".$_POST['group_id']."'");
     		if($database->is_error()) {
     			$admin->print_error($database->get_error());
     		} else {
     			$admin->print_success($MESSAGE['GROUPS']['DELETED']);
+    		}
+    	}
+    }
     // Print admin footer
     $admin->print_footer();
     <?php
     /**
+     *
      * @category        admin
      * @package         groups
      * @author          WebsiteBaker Project
      * @copyright       2004-2009, Ryan Djurovich
      * @copyright       2009-2011, Website Baker Org. e.V.
      * @link			http://www.websitebaker2.org/
      * @license         http://www.gnu.org/licenses/gpl.html
      * @platform        WebsiteBaker 2.8.x
      * @requirements    PHP 5.2.2 and higher
      * @version         $Id$
      * @filesource		$HeadURL$
      * @lastmodified    $Date$
+     *
      */
     // Include config file and admin class file
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     // Create new database object
     // $database = new database();
     if(!isset($_POST['action']) OR ($_POST['action'] != "modify" AND $_POST['action'] != "delete")) {
     	header("Location: index.php");
     	exit(0);
+    }
     // Set parameter 'action' as alternative to javascript mechanism
     if(isset($_POST['modify']))
     	$_POST['action'] = "modify";
     if(isset($_POST['delete']))
     	$_POST['action'] = "delete";
     // Check if group group_id is a valid number and doesnt equal 1
     if(!isset($_POST['group_id']) OR !is_numeric($_POST['group_id']) OR $_POST['group_id'] == 1) {
     	header("Location: index.php");
     	exit(0);
+    }
     if($_POST['action'] == 'modify') {
     	// Create new admin object
     	$admin = new admin('Access', 'groups_modify', false);
     /*  */
     	if (!$admin->checkFTAN())
+    	{
     		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
     		exit();
+    	}
     	// Print header
     	$admin->print_header();
     	// Get existing values
     	$results = $database->query("SELECT * FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."'");
     	$group = $results->fetchRow();
     	// Setup template object
     	$template = new Template(THEME_PATH.'/templates');
     	$template->set_file('page', 'groups_form.htt');
     	$template->set_block('page', 'main_block', 'main');
     	$template->set_var(	array(
     							'ACTION_URL' => ADMIN_URL.'/groups/save.php',
     							'SUBMIT_TITLE' => $TEXT['SAVE'],
     							'GROUP_ID' => $group['group_id'],
     							'GROUP_NAME' => $group['name'],
     							'ADVANCED_ACTION' => 'groups.php',
     							'FTAN' => $admin->getFTAN()
     						));
     	// Tell the browser whether or not to show advanced options
     	if( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) {
     		$template->set_var('DISPLAY_ADVANCED', '');
     		$template->set_var('DISPLAY_BASIC', 'display:none;');
     		$template->set_var('ADVANCED', 'yes');
     		$template->set_var('ADVANCED_BUTTON', '&lt;&lt; '.$TEXT['HIDE_ADVANCED']);
     	} else {
     		$template->set_var('DISPLAY_ADVANCED', 'display:none;');
     		$template->set_var('DISPLAY_BASIC', '');
     		$template->set_var('ADVANCED', 'no');
     		$template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].'  &gt;&gt;');
+    	}
     	// Explode system permissions
     	$system_permissions = explode(',', $group['system_permissions']);
     	// Check system permissions boxes
     	foreach($system_permissions AS $name) {
     			$template->set_var($name.'_checked', ' checked="checked"');
+    	}
     	// Explode module permissions
     	$module_permissions = explode(',', $group['module_permissions']);
     	// Explode template permissions
     	$template_permissions = explode(',', $group['template_permissions']);
     	// Insert values into module list
     	$template->set_block('main_block', 'module_list_block', 'module_list');
     	$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`');
     	if($result->numRows() > 0) {
     		while($addon = $result->fetchRow()) {
     			$template->set_var('VALUE', $addon['directory']);
     			$template->set_var('NAME', $addon['name']);
     			if(!is_numeric(array_search($addon['directory'], $module_permissions))) {
     				$template->set_var('CHECKED', ' checked="checked"');
     			} else {
     				$template->set_var('CHECKED', '');
+    			}
     			$template->parse('module_list', 'module_list_block', true);
+    		}
+    	}
     	// Insert values into template list
     	$template->set_block('main_block', 'template_list_block', 'template_list');
     	$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`');
     	if($result->numRows() > 0) {
     		while($addon = $result->fetchRow()) {
     			$template->set_var('VALUE', $addon['directory']);
     			$template->set_var('NAME', $addon['name']);
     			if(!is_numeric(array_search($addon['directory'], $template_permissions))) {
     				$template->set_var('CHECKED', ' checked="checked"');
     			} else {
     				$template->set_var('CHECKED', '');
+    			}
     			$template->parse('template_list', 'template_list_block', true);
+    		}
+    	}
     	// Insert language text and messages
     	$template->set_var(array(
     				'TEXT_RESET' => $TEXT['RESET'],
     				'TEXT_ACTIVE' => $TEXT['ACTIVE'],
     				'TEXT_DISABLED' => $TEXT['DISABLED'],
     				'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
     				'TEXT_USERNAME' => $TEXT['USERNAME'],
     				'TEXT_PASSWORD' => $TEXT['PASSWORD'],
     				'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
     				'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
     				'TEXT_EMAIL' => $TEXT['EMAIL'],
     				'TEXT_GROUP' => $TEXT['GROUP'],
     				'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'],
     				'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'],
     				'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'],
     				'TEXT_NAME' => $TEXT['NAME'],
     				'SECTION_PAGES' => $MENU['PAGES'],
     				'SECTION_MEDIA' => $MENU['MEDIA'],
     				'SECTION_MODULES' => $MENU['MODULES'],
     				'SECTION_TEMPLATES' => $MENU['TEMPLATES'],
     				'SECTION_LANGUAGES' => $MENU['LANGUAGES'],
     				'SECTION_SETTINGS' => $MENU['SETTINGS'],
     				'SECTION_USERS' => $MENU['USERS'],
     				'SECTION_GROUPS' => $MENU['GROUPS'],
     				'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'],
     				'TEXT_VIEW' => $TEXT['VIEW'],
     				'TEXT_ADD' => $TEXT['ADD'],
     				'TEXT_LEVEL' => $TEXT['LEVEL'],
     				'TEXT_MODIFY' => $TEXT['MODIFY'],
     				'TEXT_DELETE' => $TEXT['DELETE'],
     				'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'],
     				'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'],
     				'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'],
     				'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'],
     				'TEXT_RENAME' => $TEXT['RENAME'],
     				'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'],
     				'TEXT_BASIC' => $TEXT['BASIC'],
     				'TEXT_ADVANCED' => $TEXT['ADVANCED'],
     				'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'],
     				'HEADING_MODIFY_GROUP' => $HEADING['MODIFY_GROUP'],
     			));
     	// Parse template object
     	$template->parse('main', 'main_block', false);
     	$template->pparse('output', 'page');
     } elseif($_POST['action'] == 'delete') {
     	// Create new admin object
     	$admin = new admin('Access', 'groups_delete', false);
     /*  */
     	if (!$admin->checkFTAN())
+    	{
     		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
     		exit();
+    	}
     	// Print header
     	$admin->print_header();
     	// Delete the group
     	$database->query("DELETE FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."' LIMIT 1");
     	if($database->is_error()) {
     		$admin->print_error($database->get_error());
     	} else {
     		// Delete users in the group
     		$database->query("DELETE FROM ".TABLE_PREFIX."users WHERE group_id = '".$_POST['group_id']."'");
     		if($database->is_error()) {
     			$admin->print_error($database->get_error());
     		} else {
     			$admin->print_success($MESSAGE['GROUPS']['DELETED']);
+    		}
+    	}
+    }
     // Print admin footer
     $admin->print_footer();
     ?>

     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Access', 'groups_add');
     // Create a javascript back link
     $js_back = ADMIN_URL.'/groups/index.php';
     if (!$admin->checkFTAN())
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
     	exit();
+    }
     // Gather details entered
     $group_name = $admin->get_post('group_name');
     // Create a javascript back link
     $js_back = "javascript: history.go(-1);";
     // Check values
     if($group_name == "") {
     	$admin->print_error($MESSAGE['GROUPS']['GROUP_NAME_BLANK'], $js_back);

branches/2.8.x/wb/admin/media/rename2.php
23	23
24	24	if (!$admin->checkFTAN())
25	25	{
26		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
	26	$admin->print_error('RN5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
27	27	exit();
28	28	}
29	29
...	...
54	54	// Get the temp id
55	55	$file_id = $admin->checkIDKEY('id', false, 'POST');
56	56	if (!$file_id) {
57		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
	57	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
58	58	}
59	59
60	60	// Get home folder not to show

     <?php
     /**
+     *
      * @category        admin
      * @package         admintools
      * @author          WebsiteBaker Project
      * @copyright       2004-2009, Ryan Djurovich
      * @copyright       2009-2011, Website Baker Org. e.V.
      * @link			http://www.websitebaker2.org/
      * @license         http://www.gnu.org/licenses/gpl.html
      * @platform        WebsiteBaker 2.8.x
      * @requirements    PHP 5.2.2 and higher
      * @version         $Id$
      * @filesource		$HeadURL:  $
      * @lastmodified    $Date:  $
+     *
      */
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Media', 'media', false);
     // Include the WB functions file
     require_once(WB_PATH.'/framework/functions.php');
     // check if theme language file exists for the language set by the user (e.g. DE, EN)
     if(!file_exists(THEME_PATH .'/languages/'.LANGUAGE .'.php')) {
     	// no theme language file exists for the language set by the user, include default theme language file EN.php
     	require_once(THEME_PATH .'/languages/EN.php');
     } else {
     	// a theme language file exists for the language defined by the user, load it
     	require_once(THEME_PATH .'/languages/'.LANGUAGE .'.php');
+    }
     //Save post vars to the parameters file
     if ( !is_null($admin->get_post_escaped("save"))) {
     	if (!$admin->checkFTAN())
+    	{
     		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
     		exit();
+    	}
     	//Check for existing settings entry, if not existing, create a record first!
     	if (!$database->query ( "SELECT * FROM ".TABLE_PREFIX."settings where `name`='mediasettings'" )) {
     		$database->query ( "INSERT INTO ".TABLE_PREFIX."settings (`name`,`value`) VALUES ('mediasettings','')" );
+    	}
     	$dirs = directory_list(WB_PATH.MEDIA_DIRECTORY);
     	$dirs[] = WB_PATH.MEDIA_DIRECTORY;
     	foreach($dirs AS $name) {
     		$r = str_replace(WB_PATH, '', $name);
     		$r = str_replace(array('/',' '),'_',$r);
     		$w = (int)$admin->get_post_escaped($r.'-w');
     		$h = (int)$admin->get_post_escaped($r.'-h');
     		$pathsettings[$r]['width']=$w;
     		$pathsettings[$r]['height']=$h;
+    	}
     	$pathsettings['global']['admin_only'] = ($admin->get_post_escaped('admin_only')!=''?'checked':'');
     	$pathsettings['global']['show_thumbs'] = ($admin->get_post_escaped('show_thumbs')!=''?'checked':'');
     	$fieldSerialized = serialize($pathsettings);
     	$database->query ( "UPDATE ".TABLE_PREFIX."settings SET `value` = '$fieldSerialized' WHERE `name`='mediasettings'" );
     	header ("Location: browse.php");
+    }
     include ('parameters.php');
     if ($_SESSION['GROUP_ID'] != 1 && $pathsettings['global']['admin_only']) {
     	echo "Sorry, settings not available";
     	exit();
+    }
     // Read data to display
     $caller = "setparameter";
     $template = new Template(THEME_PATH.'/templates');
     $template->set_file('page', 'setparameter.htt');
     $template->set_block('page', 'main_block', 'main');
     if ($_SESSION['GROUP_ID'] != 1) {
     	$template->set_var('DISPLAY_ADMIN', 'hide');
+    }
     $template->set_var(array(
     					'TEXT_HEADER' => $TEXT['TEXT_HEADER'],
     					'SAVE_TEXT' => $TEXT['SAVE'],
     					'BACK' => $TEXT['BACK'],
+    				)
     			);
     $template->set_block('main_block', 'list_block', 'list');
     $row_bg_color = '';
     $dirs = directory_list(WB_PATH.MEDIA_DIRECTORY);
     $dirs[] = WB_PATH.MEDIA_DIRECTORY;
     $array_lowercase = array_map('strtolower', $dirs);
     array_multisort($array_lowercase, SORT_ASC, SORT_STRING, $dirs);
     foreach($dirs AS $name) {
     	$relative = str_replace(WB_PATH, '', $name);
     	$safepath = str_replace(array('/',' '),'_',$relative);
     	$cur_width = $cur_height = '';
     	if (isset($pathsettings[$safepath]['width'])) $cur_width = $pathsettings[$safepath]['width'];
     	if (isset($pathsettings[$safepath]['height'])) $cur_height = $pathsettings[$safepath]['height'];
     	$cur_width = ($cur_width ? (int)$cur_width : '-');
     	$cur_height = ($cur_height ? (int)$cur_height : '-');
     	if($row_bg_color == 'DEDEDE') $row_bg_color = 'EEEEEE';
     	else $row_bg_color = 'DEDEDE';
     	$template->set_var(array(
     								'ADMIN_URL' => ADMIN_URL,
     								'PATH_NAME' => $relative,
     								'WIDTH' => $TEXT['WIDTH'],
     								'HEIGHT' => $TEXT['HEIGHT'],
     								'FIELD_NAME_W' => $safepath.'-w',
     								'FIELD_NAME_H' => $safepath.'-h',
     								'CUR_WIDTH' => $cur_width,
     								'CUR_HEIGHT' => $cur_height,
     								'SETTINGS' => $TEXT['SETTINGS'],
     								'ADMIN_ONLY' => $TEXT['ADMIN_ONLY'],
     								'ADMIN_ONLY_SELECTED' => $pathsettings['global']['admin_only'],
     								'NO_SHOW_THUMBS' => $TEXT['NO_SHOW_THUMBS'],
     								'NO_SHOW_THUMBS_SELECTED' => $pathsettings['global']['show_thumbs'],
     								'ROW_BG_COLOR' => $row_bg_color,
     								'FTAN' => $admin->getFTAN()
+    							)
     					);
     	$template->parse('list', 'list_block', true);
+    }
     $template->parse('main', 'main_block', false);
     $template->pparse('output', 'page');
     <?php
     /**
+     *
      * @category        admin
      * @package         admintools
      * @author          WebsiteBaker Project
      * @copyright       2004-2009, Ryan Djurovich
      * @copyright       2009-2011, Website Baker Org. e.V.
      * @link			http://www.websitebaker2.org/
      * @license         http://www.gnu.org/licenses/gpl.html
      * @platform        WebsiteBaker 2.8.x
      * @requirements    PHP 5.2.2 and higher
      * @version         $Id$
      * @filesource		$HeadURL:  $
      * @lastmodified    $Date:  $
+     *
      */
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Media', 'media', false);
     // Include the WB functions file
     require_once(WB_PATH.'/framework/functions.php');
     // check if theme language file exists for the language set by the user (e.g. DE, EN)
     if(!file_exists(THEME_PATH .'/languages/'.LANGUAGE .'.php')) {
     	// no theme language file exists for the language set by the user, include default theme language file EN.php
     	require_once(THEME_PATH .'/languages/EN.php');
     } else {
     	// a theme language file exists for the language defined by the user, load it
     	require_once(THEME_PATH .'/languages/'.LANGUAGE .'.php');
+    }
     //Save post vars to the parameters file
     if ( !is_null($admin->get_post_escaped("save"))) {
     	if (!$admin->checkFTAN())
+    	{
     		$admin->print_error('SP5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
     		exit();
+    	}
     	//Check for existing settings entry, if not existing, create a record first!
     	if (!$database->query ( "SELECT * FROM ".TABLE_PREFIX."settings where `name`='mediasettings'" )) {
     		$database->query ( "INSERT INTO ".TABLE_PREFIX."settings (`name`,`value`) VALUES ('mediasettings','')" );
+    	}
     	$dirs = directory_list(WB_PATH.MEDIA_DIRECTORY);
     	$dirs[] = WB_PATH.MEDIA_DIRECTORY;
     	foreach($dirs AS $name) {
     		$r = str_replace(WB_PATH, '', $name);
     		$r = str_replace(array('/',' '),'_',$r);
     		$w = (int)$admin->get_post_escaped($r.'-w');
     		$h = (int)$admin->get_post_escaped($r.'-h');
     		$pathsettings[$r]['width']=$w;
     		$pathsettings[$r]['height']=$h;
+    	}
     	$pathsettings['global']['admin_only'] = ($admin->get_post_escaped('admin_only')!=''?'checked':'');
     	$pathsettings['global']['show_thumbs'] = ($admin->get_post_escaped('show_thumbs')!=''?'checked':'');
     	$fieldSerialized = serialize($pathsettings);
     	$database->query ( "UPDATE ".TABLE_PREFIX."settings SET `value` = '$fieldSerialized' WHERE `name`='mediasettings'" );
     	header ("Location: browse.php");
+    }
     include ('parameters.php');
     if ($_SESSION['GROUP_ID'] != 1 && $pathsettings['global']['admin_only']) {
     	echo "Sorry, settings not available";
     	exit();
+    }
     // Read data to display
     $caller = "setparameter";
     $template = new Template(THEME_PATH.'/templates');
     $template->set_file('page', 'setparameter.htt');
     $template->set_block('page', 'main_block', 'main');
     if ($_SESSION['GROUP_ID'] != 1) {
     	$template->set_var('DISPLAY_ADMIN', 'hide');
+    }
     $template->set_var(array(
     					'TEXT_HEADER' => $TEXT['TEXT_HEADER'],
     					'SAVE_TEXT' => $TEXT['SAVE'],
     					'BACK' => $TEXT['BACK'],
+    				)
     			);
     $template->set_block('main_block', 'list_block', 'list');
     $row_bg_color = '';
     $dirs = directory_list(WB_PATH.MEDIA_DIRECTORY);
     $dirs[] = WB_PATH.MEDIA_DIRECTORY;
     $array_lowercase = array_map('strtolower', $dirs);
     array_multisort($array_lowercase, SORT_ASC, SORT_STRING, $dirs);
     foreach($dirs AS $name) {
     	$relative = str_replace(WB_PATH, '', $name);
     	$safepath = str_replace(array('/',' '),'_',$relative);
     	$cur_width = $cur_height = '';
     	if (isset($pathsettings[$safepath]['width'])) $cur_width = $pathsettings[$safepath]['width'];
     	if (isset($pathsettings[$safepath]['height'])) $cur_height = $pathsettings[$safepath]['height'];
     	$cur_width = ($cur_width ? (int)$cur_width : '-');
     	$cur_height = ($cur_height ? (int)$cur_height : '-');
     	if($row_bg_color == 'DEDEDE') $row_bg_color = 'EEEEEE';
     	else $row_bg_color = 'DEDEDE';
     	$template->set_var(array(
     								'ADMIN_URL' => ADMIN_URL,
     								'PATH_NAME' => $relative,
     								'WIDTH' => $TEXT['WIDTH'],
     								'HEIGHT' => $TEXT['HEIGHT'],
     								'FIELD_NAME_W' => $safepath.'-w',
     								'FIELD_NAME_H' => $safepath.'-h',
     								'CUR_WIDTH' => $cur_width,
     								'CUR_HEIGHT' => $cur_height,
     								'SETTINGS' => $TEXT['SETTINGS'],
     								'ADMIN_ONLY' => $TEXT['ADMIN_ONLY'],
     								'ADMIN_ONLY_SELECTED' => $pathsettings['global']['admin_only'],
     								'NO_SHOW_THUMBS' => $TEXT['NO_SHOW_THUMBS'],
     								'NO_SHOW_THUMBS_SELECTED' => $pathsettings['global']['show_thumbs'],
     								'ROW_BG_COLOR' => $row_bg_color,
     								'FTAN' => $admin->getFTAN()
+    							)
     					);
     	$template->parse('list', 'list_block', true);
+    }
     $template->parse('main', 'main_block', false);
     $template->pparse('output', 'page');
     ?>

     // Check to see if it contains ../
     if (!check_media_path($directory)) {
     	$admin->print_header();
     	// $admin->print_header();
     	$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']);
+    }
     if(!file_exists(WB_PATH.MEDIA_DIRECTORY.$directory)) {
     	$admin->print_header();
     	// $admin->print_header();
     	$admin->print_error($MESSAGE['MEDIA']['DIR_DOES_NOT_EXIST']);
+    }

     // Get the temp id
     $file_id = $admin->checkIDKEY('id', false, 'GET');
     if (!$file_id) {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL,false);
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL.'/admin/media/browse.php?dir=',false);
+    }
     // Get home folder not to show

branches/2.8.x/wb/admin/media/create.php
37	37
38	38	if (!$admin->checkFTAN())
39	39	{
40		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
	40	$admin->print_error('CR5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
41	41	exit();
42	42	}
43	43

     if (!$admin->checkFTAN())
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
     	$admin->print_error('UP5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
     	exit();
+    }
-...
     require_once(WB_PATH.'/framework/functions.php');
     // Check to see if target contains ../
     if (!check_media_path($target, false)) {
     	$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
     if (!check_media_path($target, false))
+    {
     	$admin->print_error('TD5::'.$MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
+    }
     // Create relative path of the target location for the file

     // Get the temp id
     $file_id = $admin->checkIDKEY('id', false, 'GET');
     if (!$file_id) {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
+    }
     // Get home folder not to show

branches/2.8.x/wb/admin/templates/uninstall.php
37	37
38	38	if( !$admin->checkFTAN() )
39	39	{
40		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
	40	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
41	41	exit();
42	42	}
43	43

branches/2.8.x/wb/admin/templates/details.php
24	24
25	25	if( !$admin->checkFTAN() )
26	26	{
27		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
	27	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
28	28	exit();
29	29	}
30	30

branches/2.8.x/wb/admin/templates/install.php
32	32
33	33	if( !$admin->checkFTAN() )
34	34	{
35		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
	35	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
36	36	exit();
37	37	}
38	38

     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Pages', 'pages_modify');
     if (!$admin->checkFTAN())
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
     	exit();
+    }
     // Get page & section id
     if(!isset($_POST['page_id']) || !is_numeric($_POST['page_id'])) {
     	header("Location: index.php");
-...
     	$section_id = intval($_POST['section_id']);
+    }
     // $js_back = "javascript: history.go(-1);";
     $js_back = ADMIN_URL.'/pages/modify.php?page_id='.$page_id
     if (!$admin->checkFTAN())
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back );
     	exit();
+    }
     /*
     if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
+    {
-...
+    }
     */
     $js_back = "javascript: history.go(-1);";
     // Get perms
     $sql  = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` ';
     $sql .= 'WHERE `page_id` = '.$page_id;
-...
     // Check if there is a db error, otherwise say successful
     if($database->is_error())
+    {
     	$admin->print_error($database->get_error(), $js_back);
     	$admin->print_error($database->get_error(), ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] );
     } else {
     	$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] );
+    }

branches/2.8.x/wb/admin/pages/sections_save.php
33	33
34	34	if (!$admin->checkFTAN())
35	35	{
36		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
	36	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],ADMIN_URL.'/pages/sections.php?page_id='.$page_id);
37	37	exit();
38	38	}
39	39

     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Pages', 'pages_settings');
     if (!$admin->checkFTAN())
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
     	exit();
+    }
     // Get page id
     if(!isset($_POST['page_id']) || !is_numeric($_POST['page_id']))
+    {
-...
     } else {
     	$page_id = $_POST['page_id'];
+    }
     $pagetree_url = ADMIN_URL.'/pages/index.php';
     $target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
     if (!$admin->checkFTAN())
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$target_url);
     	exit();
+    }
     /*
     if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
+    {
-...
     /* END page "access file" code */
     $pagetree_url = ADMIN_URL.'/pages/index.php';
     $target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
     //$pagetree_url = ADMIN_URL.'/pages/index.php';
     //$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
     // Check if there is a db error, otherwise say successful
     if($database->is_error())
+    {

branches/2.8.x/wb/admin/pages/add.php
23	23
24	24	if (!$admin->checkFTAN())
25	25	{
26		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
	26	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
27	27	exit();
28	28	}
29	29

branches/2.8.x/wb/admin/interface/version.php
52	52
53	53	// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
54	54	if(!defined('VERSION')) define('VERSION', '2.8.2.RC5');
55		if(!defined('REVISION')) define('REVISION', '1424');
	55	if(!defined('REVISION')) define('REVISION', '1425');
56	56
57	57	?>

branches/2.8.x/wb/admin/settings/save.php
33	33	$admin = new admin('Settings', 'settings_advanced');
34	34	}
35	35
	36	// Create a javascript back link
	37	$js_back = ADMIN_URL.'/settings/index.php'.$advanced;
	38
36	39	if( !$admin->checkFTAN() )
37	40	{
38		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
	41	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back );
39	42	exit();
40	43	}
41	44
42		// Create a javascript back link
43		$js_back = "javascript: history.go(-1);";
44
45	45	// Ensure that the specified default email is formally valid
46	46	if(isset($_POST['server_email']))
47	47	{
...	...
189	189	if (!$database->query($sql))
190	190	{
191	191	if($database->is_error()) {
192		$admin->print_error($database->get_error, ADMIN_URL.'/settings/index.php'.$advanced);
	192	$admin->print_error($database->get_error, $js_back );
193	193	}
194	194	}
195	195	}
...	...
201	201	$res_search = $database->query($sql);
202	202
203	203	if($database->is_error()) {
204		$admin->print_error($database->is_error(), ADMIN_URL.'/settings/index.php'.$advanced);
	204	$admin->print_error($database->is_error(), $js_back );
205	205	}
206	206
207	207	while($search_setting = $res_search->fetchRow())
...	...
229	229
230	230	// Check if there was an error updating the db
231	231	if($database->is_error()) {
232		$admin->print_error($database->get_error, ADMIN_URL.'/settings/index.php'.$advanced);
	232	$admin->print_error($database->get_error, $js_back );
233	233	} else {
234		$admin->print_success($MESSAGE['SETTINGS']['SAVED'], ADMIN_URL.'/settings/index.php'.$advanced);
	234	$admin->print_success($MESSAGE['SETTINGS']['SAVED'], $js_back );
235	235	}
236	236	$admin->print_footer();
237	237

     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Access', 'users_modify');
     // Create a javascript back link
     $js_back = ADMIN_URL.'/users/index.php';
     // Create new database object
     //$database = new database();
     if( !$admin->checkFTAN() )
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
     	exit();
+    }
-...
     $email = $admin->get_post_escaped('email');
     $home_folder = $admin->get_post_escaped('home_folder');
     // Create a javascript back link
     $js_back = "javascript: history.go(-1);";
     // Check values
     if($groups_id == "") {
     	$admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back);
-...
+    }
     $database->query($query);
     if($database->is_error()) {
     	$admin->print_error($database->get_error());
     	$admin->print_error($database->get_error(),$js_back);
     } else {
     	$admin->print_success($MESSAGE['USERS']['SAVED']);
+    }

     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Access', 'users_add');
     // Create a javascript back link
     $js_back = ADMIN_URL.'/users/index.php';
     // Create new database object
     //$database = new database();
     if( !$admin->checkFTAN() )
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
     	exit();
+    }
-...
     $home_folder = $admin->get_post_escaped('home_folder');
     $default_language = DEFAULT_LANGUAGE;
     // Create a javascript back link
     $js_back = 'javascript: history.go(-1);';
     // Check values
     if($groups_id == '') {
     	$admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back);

     <?php
     /**
+     *
      * @category        admin
      * @package         preferences
      * @author          Independend-Software-Team
      * @author          WebsiteBaker Project
      * @copyright       2004-2009, Ryan Djurovich
      * @copyright       2009-2011, Website Baker Org. e.V.
      * @link			http://www.websitebaker2.org/
      * @license         http://www.gnu.org/licenses/gpl.html
      * @platform        WebsiteBaker 2.8.x
      * @requirements    PHP 5.2.2 and higher
      * @version         $Id$
      * @filesource		$HeadURL$
      * @lastmodified    $Date$
+     *
      */
     // Print admin header
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Preferences');
     $js_back = "javascript: history.go(-1);"; // Create a javascript back link
     function save_preferences( &$admin, &$database)
+    {
     	global $MESSAGE;
     	$err_msg = array();
     	$min_pass_length = 6;
     // first check form-tan
     	if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; }
     // Get entered values and validate all
     	// remove any dangerouse chars from display_name
     	$display_name     = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));
     	$display_name     = ( $display_name == '' ? $admin->get_display_name() : $display_name );
     	// check that display_name is unique in whoole system (prevents from User-faking)
     	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
     	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
     	if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['USERNAME_TAKEN']; }
     // language must be 2 upercase letters only
     	$language         = strtoupper($admin->get_post('language'));
     	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
     // timezone must be between -12 and +13  or -20 as system_default
     	$timezone         = $admin->get_post('timezone');
     	$timezone         = (is_numeric($timezone) ? $timezone : -20);
     	$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
     // date_format must be a key from /interface/date_formats
     	$date_format      = $admin->get_post('date_format');
     	$date_format_key  = str_replace(' ', '|', $date_format);
     	$user_time = true;
     	include( ADMIN_PATH.'/interface/date_formats.php' );
     	$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
     	$date_format = ($date_format == 'system_default' ? '' : $date_format);
     	unset($DATE_FORMATS);
     // time_format must be a key from /interface/time_formats
     	$time_format      = $admin->get_post('time_format');
     	$time_format_key  = str_replace(' ', '|', $time_format);
     	$user_time = true;
     	include( ADMIN_PATH.'/interface/time_formats.php' );
     	$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
     	$time_format = ($time_format == 'system_default' ? '' : $time_format);
     	unset($TIME_FORMATS);
     // email should be validatet by core
     	$email            = ( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
     	if( !$admin->validate_email($email) )
+    	{
     		$email = '';
     		$err_msg[] = $MESSAGE['USERS']['INVALID_EMAIL'];
     	}else {
     	// check that email is unique in whoole system
     		$email = $admin->add_slashes($email);
     		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
     		$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
     		if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['EMAIL_TAKEN']; }
+    	}
     // receive password vars and calculate needed action
     	$current_password = $admin->get_post('current_password');
     	$current_password = ($current_password == null ? '' : $current_password);
     	$new_password_1   = $admin->get_post('new_password_1');
     	$new_password_1   = (($new_password_1 == null || $new_password_1 == '') ? '' : $new_password_1);
     	$new_password_2   = $admin->get_post('new_password_2');
     	$new_password_2   = (($new_password_2 == null || $new_password_2 == '') ? '' : $new_password_2);
     	if($current_password == '')
+    	{
     		$err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
     	}else {
     	// if new_password is empty, still let current one
     		if( $new_password_1 == '' )
+    		{
     			$new_password_1 = $current_password;
     			$new_password_2 = $current_password;
+    		}
     	// is password lenght matching min_pass_lenght ?
     		if( $new_password_1 != $current_password )
+    		{
     			if( strlen($new_password_1) < $min_pass_length )
+    			{
     				$err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
+    			}
     			$pattern = '/[^'.$admin->password_chars.']/';
     			if( preg_match($pattern, $new_password_1) )
+    			{
     				$err_msg[] = $MESSAGE['PREFERENCES']['INVALID_CHARS'];
+    			}
+    		}
     	// is password lenght matching min_pass_lenght ?
     		if( $new_password_1 != $current_password && strlen($new_password_1) < $min_pass_length )
+    		{
     			$err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
+    		}
     	// password_1 matching password_2 ?
     		if( $new_password_1 != $new_password_2 )
+    		{
     			$err_msg[] = $MESSAGE['USERS']['PASSWORD_MISMATCH'];
+    		}
+    	}
     	$current_password = md5($current_password);
     	$new_password_1   = md5($new_password_1);
     	$new_password_2   = md5($new_password_2);
     // if no validation errors, try to update the database, otherwise return errormessages
     	if(sizeof($err_msg) == 0)
+    	{
     		$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
     		$sql .= 'SET `display_name` = "'.$display_name.'", ';
     		$sql .=     '`password` = "'.$new_password_1.'", ';
     		$sql .=     '`email` = "'.$email.'", ';
     		$sql .=     '`language` = "'.$language.'", ';
     		$sql .=     '`timezone` = "'.$timezone.'", ';
     		$sql .=     '`date_format` = "'.$date_format.'", ';
     		$sql .=     '`time_format` = "'.$time_format.'" ';
     		$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `password` = "'.$current_password.'"';
     		if( $database->query($sql) )
+    		{
     			$sql_info = mysql_info($database->db_handle);
     			if(preg_match('/matched: *([1-9][0-9]*)/i', $sql_info) != 1)
     			{  // if the user_id and password dosn't match
     				$err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
     			}else {
     				// update successfull, takeover values into the session
     				$_SESSION['DISPLAY_NAME'] = $display_name;
     				$_SESSION['LANGUAGE'] = $language;
     				$_SESSION['TIMEZONE'] = $timezone;
     				$_SESSION['EMAIL'] = $email;
     				// Update date format
     				if($date_format != '') {
     					$_SESSION['DATE_FORMAT'] = $date_format;
     					if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
     				} else {
     					$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
     					if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
+    				}
     				// Update time format
     				if($time_format != '') {
     					$_SESSION['TIME_FORMAT'] = $time_format;
     					if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
     				} else {
     					$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
     					if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
+    				}
+    			}
     		}else {
     			$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
+    		}
+    	}
     	return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );
+    }
     $retval = save_preferences($admin, $database);
     if( $retval == '')
+    {
     	$admin->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED']);
     	$admin->print_footer();
     }else {
     	$admin->print_error($retval, $js_back);
+    }
     <?php
     /**
+     *
      * @category        admin
      * @package         preferences
      * @author          Independend-Software-Team
      * @author          WebsiteBaker Project
      * @copyright       2004-2009, Ryan Djurovich
      * @copyright       2009-2011, Website Baker Org. e.V.
      * @link			http://www.websitebaker2.org/
      * @license         http://www.gnu.org/licenses/gpl.html
      * @platform        WebsiteBaker 2.8.x
      * @requirements    PHP 5.2.2 and higher
      * @version         $Id$
      * @filesource		$HeadURL$
      * @lastmodified    $Date$
+     *
      */
     // Print admin header
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Preferences');
     // $js_back = "javascript: history.go(-1);"; // Create a javascript back link
     function save_preferences( &$admin, &$database)
+    {
     	global $MESSAGE;
     	$err_msg = array();
     	$min_pass_length = 6;
     // first check form-tan
     	if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; }
     // Get entered values and validate all
     	// remove any dangerouse chars from display_name
     	$display_name     = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));
     	$display_name     = ( $display_name == '' ? $admin->get_display_name() : $display_name );
     	// check that display_name is unique in whoole system (prevents from User-faking)
     	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
     	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
     	if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['USERNAME_TAKEN']; }
     // language must be 2 upercase letters only
     	$language         = strtoupper($admin->get_post('language'));
     	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
     // timezone must be between -12 and +13  or -20 as system_default
     	$timezone         = $admin->get_post('timezone');
     	$timezone         = (is_numeric($timezone) ? $timezone : -20);
     	$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
     // date_format must be a key from /interface/date_formats
     	$date_format      = $admin->get_post('date_format');
     	$date_format_key  = str_replace(' ', '|', $date_format);
     	$user_time = true;
     	include( ADMIN_PATH.'/interface/date_formats.php' );
     	$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
     	$date_format = ($date_format == 'system_default' ? '' : $date_format);
     	unset($DATE_FORMATS);
     // time_format must be a key from /interface/time_formats
     	$time_format      = $admin->get_post('time_format');
     	$time_format_key  = str_replace(' ', '|', $time_format);
     	$user_time = true;
     	include( ADMIN_PATH.'/interface/time_formats.php' );
     	$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
     	$time_format = ($time_format == 'system_default' ? '' : $time_format);
     	unset($TIME_FORMATS);
     // email should be validatet by core
     	$email            = ( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
     	if( !$admin->validate_email($email) )
+    	{
     		$email = '';
     		$err_msg[] = $MESSAGE['USERS']['INVALID_EMAIL'];
     	}else {
     	// check that email is unique in whoole system
     		$email = $admin->add_slashes($email);
     		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
     		$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
     		if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['EMAIL_TAKEN']; }
+    	}
     // receive password vars and calculate needed action
     	$current_password = $admin->get_post('current_password');
     	$current_password = ($current_password == null ? '' : $current_password);
     	$new_password_1   = $admin->get_post('new_password_1');
     	$new_password_1   = (($new_password_1 == null || $new_password_1 == '') ? '' : $new_password_1);
     	$new_password_2   = $admin->get_post('new_password_2');
     	$new_password_2   = (($new_password_2 == null || $new_password_2 == '') ? '' : $new_password_2);
     	if($current_password == '')
+    	{
     		$err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
     	}else {
     	// if new_password is empty, still let current one
     		if( $new_password_1 == '' )
+    		{
     			$new_password_1 = $current_password;
     			$new_password_2 = $current_password;
+    		}
     	// is password lenght matching min_pass_lenght ?
     		if( $new_password_1 != $current_password )
+    		{
     			if( strlen($new_password_1) < $min_pass_length )
+    			{
     				$err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
+    			}
     			$pattern = '/[^'.$admin->password_chars.']/';
     			if( preg_match($pattern, $new_password_1) )
+    			{
     				$err_msg[] = $MESSAGE['PREFERENCES']['INVALID_CHARS'];
+    			}
+    		}
     	// is password lenght matching min_pass_lenght ?
     		if( $new_password_1 != $current_password && strlen($new_password_1) < $min_pass_length )
+    		{
     			$err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
+    		}
     	// password_1 matching password_2 ?
     		if( $new_password_1 != $new_password_2 )
+    		{
     			$err_msg[] = $MESSAGE['USERS']['PASSWORD_MISMATCH'];
+    		}
+    	}
     	$current_password = md5($current_password);
     	$new_password_1   = md5($new_password_1);
     	$new_password_2   = md5($new_password_2);
     // if no validation errors, try to update the database, otherwise return errormessages
     	if(sizeof($err_msg) == 0)
+    	{
     		$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
     		$sql .= 'SET `display_name` = "'.$display_name.'", ';
     		$sql .=     '`password` = "'.$new_password_1.'", ';
     		$sql .=     '`email` = "'.$email.'", ';
     		$sql .=     '`language` = "'.$language.'", ';
     		$sql .=     '`timezone` = "'.$timezone.'", ';
     		$sql .=     '`date_format` = "'.$date_format.'", ';
     		$sql .=     '`time_format` = "'.$time_format.'" ';
     		$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `password` = "'.$current_password.'"';
     		if( $database->query($sql) )
+    		{
     			$sql_info = mysql_info($database->db_handle);
     			if(preg_match('/matched: *([1-9][0-9]*)/i', $sql_info) != 1)
     			{  // if the user_id and password dosn't match
     				$err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
     			}else {
     				// update successfull, takeover values into the session
     				$_SESSION['DISPLAY_NAME'] = $display_name;
     				$_SESSION['LANGUAGE'] = $language;
     				$_SESSION['TIMEZONE'] = $timezone;
     				$_SESSION['EMAIL'] = $email;
     				// Update date format
     				if($date_format != '') {
     					$_SESSION['DATE_FORMAT'] = $date_format;
     					if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
     				} else {
     					$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
     					if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
+    				}
     				// Update time format
     				if($time_format != '') {
     					$_SESSION['TIME_FORMAT'] = $time_format;
     					if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
     				} else {
     					$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
     					if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
+    				}
+    			}
     		}else {
     			$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
+    		}
+    	}
     	return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );
+    }
     $retval = save_preferences($admin, $database);
     if( $retval == '')
+    {
     	$admin->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED']);
     	$admin->print_footer();
     }else {

Project

General

Profile

WB 2.08.x

Revision 1425

Added by Luisehahne almost 15 years ago