Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG (revision 1424)
+++ branches/2.8.x/CHANGELOG (revision 1425)
@@ -11,6 +11,8 @@
! = Update/Change
------------------------------------- 2.8.2 -------------------------------------
+03 Feb-2011 Build 1425 Dietmar Woellbrink (Luisehahne)
+! redefined wrong admin backlinks
31 Jan-2011 Build 1424 Werner v.d.Decken(DarkViper)
# typo fix and simplify used_octets calculation
30 Jan-2011 Build 1423 Werner v.d.Decken(DarkViper)
Index: branches/2.8.x/wb/admin/groups/save.php
===================================================================
--- branches/2.8.x/wb/admin/groups/save.php (revision 1424)
+++ branches/2.8.x/wb/admin/groups/save.php (revision 1425)
@@ -21,9 +21,12 @@
require_once(WB_PATH.'/framework/class.admin.php');
$admin = new admin('Access', 'groups_modify');
+// Create a javascript back link
+$js_back = ADMIN_URL.'/groups/index.php';
+
if (!$admin->checkFTAN())
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
exit();
}
@@ -38,9 +41,6 @@
// Gather details entered
$group_name = $admin->get_post_escaped('group_name');
-// Create a javascript back link
-$js_back = "javascript: history.go(-1);";
-
// Check values
if($group_name == "") {
$admin->print_error($MESSAGE['GROUPS']['GROUP_NAME_BLANK'], $js_back);
Index: branches/2.8.x/wb/admin/groups/groups.php
===================================================================
--- branches/2.8.x/wb/admin/groups/groups.php (revision 1424)
+++ branches/2.8.x/wb/admin/groups/groups.php (revision 1425)
@@ -1,200 +1,201 @@
-checkFTAN())
- {
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
- exit();
- }
- // Print header
- $admin->print_header();
- // Get existing values
- $results = $database->query("SELECT * FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."'");
- $group = $results->fetchRow();
- // Setup template object
- $template = new Template(THEME_PATH.'/templates');
- $template->set_file('page', 'groups_form.htt');
- $template->set_block('page', 'main_block', 'main');
- $template->set_var( array(
- 'ACTION_URL' => ADMIN_URL.'/groups/save.php',
- 'SUBMIT_TITLE' => $TEXT['SAVE'],
- 'GROUP_ID' => $group['group_id'],
- 'GROUP_NAME' => $group['name'],
- 'ADVANCED_ACTION' => 'groups.php',
- 'FTAN' => $admin->getFTAN()
- ));
- // Tell the browser whether or not to show advanced options
- if( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) {
- $template->set_var('DISPLAY_ADVANCED', '');
- $template->set_var('DISPLAY_BASIC', 'display:none;');
- $template->set_var('ADVANCED', 'yes');
- $template->set_var('ADVANCED_BUTTON', '<< '.$TEXT['HIDE_ADVANCED']);
- } else {
- $template->set_var('DISPLAY_ADVANCED', 'display:none;');
- $template->set_var('DISPLAY_BASIC', '');
- $template->set_var('ADVANCED', 'no');
- $template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].' >>');
- }
-
- // Explode system permissions
- $system_permissions = explode(',', $group['system_permissions']);
- // Check system permissions boxes
- foreach($system_permissions AS $name) {
- $template->set_var($name.'_checked', ' checked="checked"');
- }
- // Explode module permissions
- $module_permissions = explode(',', $group['module_permissions']);
- // Explode template permissions
- $template_permissions = explode(',', $group['template_permissions']);
-
- // Insert values into module list
- $template->set_block('main_block', 'module_list_block', 'module_list');
- $result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`');
- if($result->numRows() > 0) {
- while($addon = $result->fetchRow()) {
- $template->set_var('VALUE', $addon['directory']);
- $template->set_var('NAME', $addon['name']);
- if(!is_numeric(array_search($addon['directory'], $module_permissions))) {
- $template->set_var('CHECKED', ' checked="checked"');
- } else {
- $template->set_var('CHECKED', '');
- }
- $template->parse('module_list', 'module_list_block', true);
- }
- }
-
- // Insert values into template list
- $template->set_block('main_block', 'template_list_block', 'template_list');
- $result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`');
- if($result->numRows() > 0) {
- while($addon = $result->fetchRow()) {
- $template->set_var('VALUE', $addon['directory']);
- $template->set_var('NAME', $addon['name']);
- if(!is_numeric(array_search($addon['directory'], $template_permissions))) {
- $template->set_var('CHECKED', ' checked="checked"');
- } else {
- $template->set_var('CHECKED', '');
- }
- $template->parse('template_list', 'template_list_block', true);
- }
- }
-
- // Insert language text and messages
- $template->set_var(array(
- 'TEXT_RESET' => $TEXT['RESET'],
- 'TEXT_ACTIVE' => $TEXT['ACTIVE'],
- 'TEXT_DISABLED' => $TEXT['DISABLED'],
- 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
- 'TEXT_USERNAME' => $TEXT['USERNAME'],
- 'TEXT_PASSWORD' => $TEXT['PASSWORD'],
- 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
- 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
- 'TEXT_EMAIL' => $TEXT['EMAIL'],
- 'TEXT_GROUP' => $TEXT['GROUP'],
- 'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'],
- 'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'],
- 'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'],
- 'TEXT_NAME' => $TEXT['NAME'],
- 'SECTION_PAGES' => $MENU['PAGES'],
- 'SECTION_MEDIA' => $MENU['MEDIA'],
- 'SECTION_MODULES' => $MENU['MODULES'],
- 'SECTION_TEMPLATES' => $MENU['TEMPLATES'],
- 'SECTION_LANGUAGES' => $MENU['LANGUAGES'],
- 'SECTION_SETTINGS' => $MENU['SETTINGS'],
- 'SECTION_USERS' => $MENU['USERS'],
- 'SECTION_GROUPS' => $MENU['GROUPS'],
- 'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'],
- 'TEXT_VIEW' => $TEXT['VIEW'],
- 'TEXT_ADD' => $TEXT['ADD'],
- 'TEXT_LEVEL' => $TEXT['LEVEL'],
- 'TEXT_MODIFY' => $TEXT['MODIFY'],
- 'TEXT_DELETE' => $TEXT['DELETE'],
- 'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'],
- 'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'],
- 'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'],
- 'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'],
- 'TEXT_RENAME' => $TEXT['RENAME'],
- 'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'],
- 'TEXT_BASIC' => $TEXT['BASIC'],
- 'TEXT_ADVANCED' => $TEXT['ADVANCED'],
- 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'],
- 'HEADING_MODIFY_GROUP' => $HEADING['MODIFY_GROUP'],
- ));
-
- // Parse template object
- $template->parse('main', 'main_block', false);
- $template->pparse('output', 'page');
-} elseif($_POST['action'] == 'delete') {
- // Create new admin object
- $admin = new admin('Access', 'groups_delete', false);
-
- if (!$admin->checkFTAN())
- {
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
- exit();
- }
-
- // Print header
- $admin->print_header();
- // Delete the group
- $database->query("DELETE FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."' LIMIT 1");
- if($database->is_error()) {
- $admin->print_error($database->get_error());
- } else {
- // Delete users in the group
- $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE group_id = '".$_POST['group_id']."'");
- if($database->is_error()) {
- $admin->print_error($database->get_error());
- } else {
- $admin->print_success($MESSAGE['GROUPS']['DELETED']);
- }
- }
-}
-
-// Print admin footer
-$admin->print_footer();
-
+checkFTAN())
+ {
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+ exit();
+ }
+
+ // Print header
+ $admin->print_header();
+ // Get existing values
+ $results = $database->query("SELECT * FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."'");
+ $group = $results->fetchRow();
+ // Setup template object
+ $template = new Template(THEME_PATH.'/templates');
+ $template->set_file('page', 'groups_form.htt');
+ $template->set_block('page', 'main_block', 'main');
+ $template->set_var( array(
+ 'ACTION_URL' => ADMIN_URL.'/groups/save.php',
+ 'SUBMIT_TITLE' => $TEXT['SAVE'],
+ 'GROUP_ID' => $group['group_id'],
+ 'GROUP_NAME' => $group['name'],
+ 'ADVANCED_ACTION' => 'groups.php',
+ 'FTAN' => $admin->getFTAN()
+ ));
+ // Tell the browser whether or not to show advanced options
+ if( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) {
+ $template->set_var('DISPLAY_ADVANCED', '');
+ $template->set_var('DISPLAY_BASIC', 'display:none;');
+ $template->set_var('ADVANCED', 'yes');
+ $template->set_var('ADVANCED_BUTTON', '<< '.$TEXT['HIDE_ADVANCED']);
+ } else {
+ $template->set_var('DISPLAY_ADVANCED', 'display:none;');
+ $template->set_var('DISPLAY_BASIC', '');
+ $template->set_var('ADVANCED', 'no');
+ $template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].' >>');
+ }
+
+ // Explode system permissions
+ $system_permissions = explode(',', $group['system_permissions']);
+ // Check system permissions boxes
+ foreach($system_permissions AS $name) {
+ $template->set_var($name.'_checked', ' checked="checked"');
+ }
+ // Explode module permissions
+ $module_permissions = explode(',', $group['module_permissions']);
+ // Explode template permissions
+ $template_permissions = explode(',', $group['template_permissions']);
+
+ // Insert values into module list
+ $template->set_block('main_block', 'module_list_block', 'module_list');
+ $result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`');
+ if($result->numRows() > 0) {
+ while($addon = $result->fetchRow()) {
+ $template->set_var('VALUE', $addon['directory']);
+ $template->set_var('NAME', $addon['name']);
+ if(!is_numeric(array_search($addon['directory'], $module_permissions))) {
+ $template->set_var('CHECKED', ' checked="checked"');
+ } else {
+ $template->set_var('CHECKED', '');
+ }
+ $template->parse('module_list', 'module_list_block', true);
+ }
+ }
+
+ // Insert values into template list
+ $template->set_block('main_block', 'template_list_block', 'template_list');
+ $result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`');
+ if($result->numRows() > 0) {
+ while($addon = $result->fetchRow()) {
+ $template->set_var('VALUE', $addon['directory']);
+ $template->set_var('NAME', $addon['name']);
+ if(!is_numeric(array_search($addon['directory'], $template_permissions))) {
+ $template->set_var('CHECKED', ' checked="checked"');
+ } else {
+ $template->set_var('CHECKED', '');
+ }
+ $template->parse('template_list', 'template_list_block', true);
+ }
+ }
+
+ // Insert language text and messages
+ $template->set_var(array(
+ 'TEXT_RESET' => $TEXT['RESET'],
+ 'TEXT_ACTIVE' => $TEXT['ACTIVE'],
+ 'TEXT_DISABLED' => $TEXT['DISABLED'],
+ 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
+ 'TEXT_USERNAME' => $TEXT['USERNAME'],
+ 'TEXT_PASSWORD' => $TEXT['PASSWORD'],
+ 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
+ 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
+ 'TEXT_EMAIL' => $TEXT['EMAIL'],
+ 'TEXT_GROUP' => $TEXT['GROUP'],
+ 'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'],
+ 'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'],
+ 'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'],
+ 'TEXT_NAME' => $TEXT['NAME'],
+ 'SECTION_PAGES' => $MENU['PAGES'],
+ 'SECTION_MEDIA' => $MENU['MEDIA'],
+ 'SECTION_MODULES' => $MENU['MODULES'],
+ 'SECTION_TEMPLATES' => $MENU['TEMPLATES'],
+ 'SECTION_LANGUAGES' => $MENU['LANGUAGES'],
+ 'SECTION_SETTINGS' => $MENU['SETTINGS'],
+ 'SECTION_USERS' => $MENU['USERS'],
+ 'SECTION_GROUPS' => $MENU['GROUPS'],
+ 'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'],
+ 'TEXT_VIEW' => $TEXT['VIEW'],
+ 'TEXT_ADD' => $TEXT['ADD'],
+ 'TEXT_LEVEL' => $TEXT['LEVEL'],
+ 'TEXT_MODIFY' => $TEXT['MODIFY'],
+ 'TEXT_DELETE' => $TEXT['DELETE'],
+ 'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'],
+ 'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'],
+ 'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'],
+ 'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'],
+ 'TEXT_RENAME' => $TEXT['RENAME'],
+ 'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'],
+ 'TEXT_BASIC' => $TEXT['BASIC'],
+ 'TEXT_ADVANCED' => $TEXT['ADVANCED'],
+ 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'],
+ 'HEADING_MODIFY_GROUP' => $HEADING['MODIFY_GROUP'],
+ ));
+
+ // Parse template object
+ $template->parse('main', 'main_block', false);
+ $template->pparse('output', 'page');
+} elseif($_POST['action'] == 'delete') {
+ // Create new admin object
+ $admin = new admin('Access', 'groups_delete', false);
+/* */
+ if (!$admin->checkFTAN())
+ {
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+ exit();
+ }
+
+ // Print header
+ $admin->print_header();
+ // Delete the group
+ $database->query("DELETE FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."' LIMIT 1");
+ if($database->is_error()) {
+ $admin->print_error($database->get_error());
+ } else {
+ // Delete users in the group
+ $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE group_id = '".$_POST['group_id']."'");
+ if($database->is_error()) {
+ $admin->print_error($database->get_error());
+ } else {
+ $admin->print_success($MESSAGE['GROUPS']['DELETED']);
+ }
+ }
+}
+
+// Print admin footer
+$admin->print_footer();
+
?>
\ No newline at end of file
Index: branches/2.8.x/wb/admin/groups/add.php
===================================================================
--- branches/2.8.x/wb/admin/groups/add.php (revision 1424)
+++ branches/2.8.x/wb/admin/groups/add.php (revision 1425)
@@ -21,9 +21,12 @@
require_once(WB_PATH.'/framework/class.admin.php');
$admin = new admin('Access', 'groups_add');
+// Create a javascript back link
+$js_back = ADMIN_URL.'/groups/index.php';
+
if (!$admin->checkFTAN())
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
exit();
}
@@ -30,9 +33,6 @@
// Gather details entered
$group_name = $admin->get_post('group_name');
-// Create a javascript back link
-$js_back = "javascript: history.go(-1);";
-
// Check values
if($group_name == "") {
$admin->print_error($MESSAGE['GROUPS']['GROUP_NAME_BLANK'], $js_back);
Index: branches/2.8.x/wb/admin/media/rename2.php
===================================================================
--- branches/2.8.x/wb/admin/media/rename2.php (revision 1424)
+++ branches/2.8.x/wb/admin/media/rename2.php (revision 1425)
@@ -23,7 +23,7 @@
if (!$admin->checkFTAN())
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
+ $admin->print_error('RN5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
exit();
}
@@ -54,7 +54,7 @@
// Get the temp id
$file_id = $admin->checkIDKEY('id', false, 'POST');
if (!$file_id) {
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// Get home folder not to show
Index: branches/2.8.x/wb/admin/media/setparameter.php
===================================================================
--- branches/2.8.x/wb/admin/media/setparameter.php (revision 1424)
+++ branches/2.8.x/wb/admin/media/setparameter.php (revision 1425)
@@ -1,131 +1,131 @@
-get_post_escaped("save"))) {
- if (!$admin->checkFTAN())
- {
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
- exit();
- }
-
- //Check for existing settings entry, if not existing, create a record first!
- if (!$database->query ( "SELECT * FROM ".TABLE_PREFIX."settings where `name`='mediasettings'" )) {
- $database->query ( "INSERT INTO ".TABLE_PREFIX."settings (`name`,`value`) VALUES ('mediasettings','')" );
- }
- $dirs = directory_list(WB_PATH.MEDIA_DIRECTORY);
- $dirs[] = WB_PATH.MEDIA_DIRECTORY;
- foreach($dirs AS $name) {
- $r = str_replace(WB_PATH, '', $name);
- $r = str_replace(array('/',' '),'_',$r);
- $w = (int)$admin->get_post_escaped($r.'-w');
- $h = (int)$admin->get_post_escaped($r.'-h');
- $pathsettings[$r]['width']=$w;
- $pathsettings[$r]['height']=$h;
- }
- $pathsettings['global']['admin_only'] = ($admin->get_post_escaped('admin_only')!=''?'checked':'');
- $pathsettings['global']['show_thumbs'] = ($admin->get_post_escaped('show_thumbs')!=''?'checked':'');
- $fieldSerialized = serialize($pathsettings);
- $database->query ( "UPDATE ".TABLE_PREFIX."settings SET `value` = '$fieldSerialized' WHERE `name`='mediasettings'" );
- header ("Location: browse.php");
-}
-
-include ('parameters.php');
-if ($_SESSION['GROUP_ID'] != 1 && $pathsettings['global']['admin_only']) {
- echo "Sorry, settings not available";
- exit();
-}
-
-// Read data to display
-$caller = "setparameter";
-
-$template = new Template(THEME_PATH.'/templates');
-$template->set_file('page', 'setparameter.htt');
-$template->set_block('page', 'main_block', 'main');
-if ($_SESSION['GROUP_ID'] != 1) {
- $template->set_var('DISPLAY_ADMIN', 'hide');
-}
-$template->set_var(array(
- 'TEXT_HEADER' => $TEXT['TEXT_HEADER'],
- 'SAVE_TEXT' => $TEXT['SAVE'],
- 'BACK' => $TEXT['BACK'],
- )
- );
-
-
-$template->set_block('main_block', 'list_block', 'list');
-$row_bg_color = '';
-$dirs = directory_list(WB_PATH.MEDIA_DIRECTORY);
-$dirs[] = WB_PATH.MEDIA_DIRECTORY;
-
-$array_lowercase = array_map('strtolower', $dirs);
-array_multisort($array_lowercase, SORT_ASC, SORT_STRING, $dirs);
-
-foreach($dirs AS $name) {
- $relative = str_replace(WB_PATH, '', $name);
- $safepath = str_replace(array('/',' '),'_',$relative);
- $cur_width = $cur_height = '';
- if (isset($pathsettings[$safepath]['width'])) $cur_width = $pathsettings[$safepath]['width'];
- if (isset($pathsettings[$safepath]['height'])) $cur_height = $pathsettings[$safepath]['height'];
- $cur_width = ($cur_width ? (int)$cur_width : '-');
- $cur_height = ($cur_height ? (int)$cur_height : '-');
-
- if($row_bg_color == 'DEDEDE') $row_bg_color = 'EEEEEE';
- else $row_bg_color = 'DEDEDE';
-
- $template->set_var(array(
- 'ADMIN_URL' => ADMIN_URL,
- 'PATH_NAME' => $relative,
- 'WIDTH' => $TEXT['WIDTH'],
- 'HEIGHT' => $TEXT['HEIGHT'],
- 'FIELD_NAME_W' => $safepath.'-w',
- 'FIELD_NAME_H' => $safepath.'-h',
- 'CUR_WIDTH' => $cur_width,
- 'CUR_HEIGHT' => $cur_height,
- 'SETTINGS' => $TEXT['SETTINGS'],
- 'ADMIN_ONLY' => $TEXT['ADMIN_ONLY'],
- 'ADMIN_ONLY_SELECTED' => $pathsettings['global']['admin_only'],
- 'NO_SHOW_THUMBS' => $TEXT['NO_SHOW_THUMBS'],
- 'NO_SHOW_THUMBS_SELECTED' => $pathsettings['global']['show_thumbs'],
- 'ROW_BG_COLOR' => $row_bg_color,
- 'FTAN' => $admin->getFTAN()
- )
- );
- $template->parse('list', 'list_block', true);
-}
-
-$template->parse('main', 'main_block', false);
-$template->pparse('output', 'page');
-
-
+get_post_escaped("save"))) {
+ if (!$admin->checkFTAN())
+ {
+ $admin->print_error('SP5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
+ exit();
+ }
+
+ //Check for existing settings entry, if not existing, create a record first!
+ if (!$database->query ( "SELECT * FROM ".TABLE_PREFIX."settings where `name`='mediasettings'" )) {
+ $database->query ( "INSERT INTO ".TABLE_PREFIX."settings (`name`,`value`) VALUES ('mediasettings','')" );
+ }
+ $dirs = directory_list(WB_PATH.MEDIA_DIRECTORY);
+ $dirs[] = WB_PATH.MEDIA_DIRECTORY;
+ foreach($dirs AS $name) {
+ $r = str_replace(WB_PATH, '', $name);
+ $r = str_replace(array('/',' '),'_',$r);
+ $w = (int)$admin->get_post_escaped($r.'-w');
+ $h = (int)$admin->get_post_escaped($r.'-h');
+ $pathsettings[$r]['width']=$w;
+ $pathsettings[$r]['height']=$h;
+ }
+ $pathsettings['global']['admin_only'] = ($admin->get_post_escaped('admin_only')!=''?'checked':'');
+ $pathsettings['global']['show_thumbs'] = ($admin->get_post_escaped('show_thumbs')!=''?'checked':'');
+ $fieldSerialized = serialize($pathsettings);
+ $database->query ( "UPDATE ".TABLE_PREFIX."settings SET `value` = '$fieldSerialized' WHERE `name`='mediasettings'" );
+ header ("Location: browse.php");
+}
+
+include ('parameters.php');
+if ($_SESSION['GROUP_ID'] != 1 && $pathsettings['global']['admin_only']) {
+ echo "Sorry, settings not available";
+ exit();
+}
+
+// Read data to display
+$caller = "setparameter";
+
+$template = new Template(THEME_PATH.'/templates');
+$template->set_file('page', 'setparameter.htt');
+$template->set_block('page', 'main_block', 'main');
+if ($_SESSION['GROUP_ID'] != 1) {
+ $template->set_var('DISPLAY_ADMIN', 'hide');
+}
+$template->set_var(array(
+ 'TEXT_HEADER' => $TEXT['TEXT_HEADER'],
+ 'SAVE_TEXT' => $TEXT['SAVE'],
+ 'BACK' => $TEXT['BACK'],
+ )
+ );
+
+
+$template->set_block('main_block', 'list_block', 'list');
+$row_bg_color = '';
+$dirs = directory_list(WB_PATH.MEDIA_DIRECTORY);
+$dirs[] = WB_PATH.MEDIA_DIRECTORY;
+
+$array_lowercase = array_map('strtolower', $dirs);
+array_multisort($array_lowercase, SORT_ASC, SORT_STRING, $dirs);
+
+foreach($dirs AS $name) {
+ $relative = str_replace(WB_PATH, '', $name);
+ $safepath = str_replace(array('/',' '),'_',$relative);
+ $cur_width = $cur_height = '';
+ if (isset($pathsettings[$safepath]['width'])) $cur_width = $pathsettings[$safepath]['width'];
+ if (isset($pathsettings[$safepath]['height'])) $cur_height = $pathsettings[$safepath]['height'];
+ $cur_width = ($cur_width ? (int)$cur_width : '-');
+ $cur_height = ($cur_height ? (int)$cur_height : '-');
+
+ if($row_bg_color == 'DEDEDE') $row_bg_color = 'EEEEEE';
+ else $row_bg_color = 'DEDEDE';
+
+ $template->set_var(array(
+ 'ADMIN_URL' => ADMIN_URL,
+ 'PATH_NAME' => $relative,
+ 'WIDTH' => $TEXT['WIDTH'],
+ 'HEIGHT' => $TEXT['HEIGHT'],
+ 'FIELD_NAME_W' => $safepath.'-w',
+ 'FIELD_NAME_H' => $safepath.'-h',
+ 'CUR_WIDTH' => $cur_width,
+ 'CUR_HEIGHT' => $cur_height,
+ 'SETTINGS' => $TEXT['SETTINGS'],
+ 'ADMIN_ONLY' => $TEXT['ADMIN_ONLY'],
+ 'ADMIN_ONLY_SELECTED' => $pathsettings['global']['admin_only'],
+ 'NO_SHOW_THUMBS' => $TEXT['NO_SHOW_THUMBS'],
+ 'NO_SHOW_THUMBS_SELECTED' => $pathsettings['global']['show_thumbs'],
+ 'ROW_BG_COLOR' => $row_bg_color,
+ 'FTAN' => $admin->getFTAN()
+ )
+ );
+ $template->parse('list', 'list_block', true);
+}
+
+$template->parse('main', 'main_block', false);
+$template->pparse('output', 'page');
+
+
?>
\ No newline at end of file
Index: branches/2.8.x/wb/admin/media/browse.php
===================================================================
--- branches/2.8.x/wb/admin/media/browse.php (revision 1424)
+++ branches/2.8.x/wb/admin/media/browse.php (revision 1425)
@@ -82,12 +82,12 @@
// Check to see if it contains ../
if (!check_media_path($directory)) {
- $admin->print_header();
+ // $admin->print_header();
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']);
}
if(!file_exists(WB_PATH.MEDIA_DIRECTORY.$directory)) {
- $admin->print_header();
+ // $admin->print_header();
$admin->print_error($MESSAGE['MEDIA']['DIR_DOES_NOT_EXIST']);
}
Index: branches/2.8.x/wb/admin/media/delete.php
===================================================================
--- branches/2.8.x/wb/admin/media/delete.php (revision 1424)
+++ branches/2.8.x/wb/admin/media/delete.php (revision 1425)
@@ -39,7 +39,7 @@
// Get the temp id
$file_id = $admin->checkIDKEY('id', false, 'GET');
if (!$file_id) {
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL,false);
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL.'/admin/media/browse.php?dir=',false);
}
// Get home folder not to show
Index: branches/2.8.x/wb/admin/media/create.php
===================================================================
--- branches/2.8.x/wb/admin/media/create.php (revision 1424)
+++ branches/2.8.x/wb/admin/media/create.php (revision 1425)
@@ -37,7 +37,7 @@
if (!$admin->checkFTAN())
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
+ $admin->print_error('CR5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
exit();
}
Index: branches/2.8.x/wb/admin/media/upload.php
===================================================================
--- branches/2.8.x/wb/admin/media/upload.php (revision 1424)
+++ branches/2.8.x/wb/admin/media/upload.php (revision 1425)
@@ -35,7 +35,7 @@
if (!$admin->checkFTAN())
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
+ $admin->print_error('UP5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
exit();
}
@@ -43,8 +43,9 @@
require_once(WB_PATH.'/framework/functions.php');
// Check to see if target contains ../
-if (!check_media_path($target, false)) {
- $admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
+if (!check_media_path($target, false))
+{
+ $admin->print_error('TD5::'.$MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
}
// Create relative path of the target location for the file
Index: branches/2.8.x/wb/admin/media/rename.php
===================================================================
--- branches/2.8.x/wb/admin/media/rename.php (revision 1424)
+++ branches/2.8.x/wb/admin/media/rename.php (revision 1425)
@@ -38,7 +38,7 @@
// Get the temp id
$file_id = $admin->checkIDKEY('id', false, 'GET');
if (!$file_id) {
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// Get home folder not to show
Index: branches/2.8.x/wb/admin/templates/uninstall.php
===================================================================
--- branches/2.8.x/wb/admin/templates/uninstall.php (revision 1424)
+++ branches/2.8.x/wb/admin/templates/uninstall.php (revision 1425)
@@ -37,7 +37,7 @@
if( !$admin->checkFTAN() )
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
exit();
}
Index: branches/2.8.x/wb/admin/templates/details.php
===================================================================
--- branches/2.8.x/wb/admin/templates/details.php (revision 1424)
+++ branches/2.8.x/wb/admin/templates/details.php (revision 1425)
@@ -24,7 +24,7 @@
if( !$admin->checkFTAN() )
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
exit();
}
Index: branches/2.8.x/wb/admin/templates/install.php
===================================================================
--- branches/2.8.x/wb/admin/templates/install.php (revision 1424)
+++ branches/2.8.x/wb/admin/templates/install.php (revision 1425)
@@ -32,7 +32,7 @@
if( !$admin->checkFTAN() )
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
exit();
}
Index: branches/2.8.x/wb/admin/pages/save.php
===================================================================
--- branches/2.8.x/wb/admin/pages/save.php (revision 1424)
+++ branches/2.8.x/wb/admin/pages/save.php (revision 1425)
@@ -22,12 +22,6 @@
require_once(WB_PATH.'/framework/class.admin.php');
$admin = new admin('Pages', 'pages_modify');
-if (!$admin->checkFTAN())
-{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
- exit();
-}
-
// Get page & section id
if(!isset($_POST['page_id']) || !is_numeric($_POST['page_id'])) {
header("Location: index.php");
@@ -43,6 +37,15 @@
$section_id = intval($_POST['section_id']);
}
+// $js_back = "javascript: history.go(-1);";
+$js_back = ADMIN_URL.'/pages/modify.php?page_id='.$page_id
+
+if (!$admin->checkFTAN())
+{
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back );
+ exit();
+}
+
/*
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
{
@@ -57,8 +60,6 @@
}
*/
-$js_back = "javascript: history.go(-1);";
-
// Get perms
$sql = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` ';
$sql .= 'WHERE `page_id` = '.$page_id;
@@ -111,7 +112,7 @@
// Check if there is a db error, otherwise say successful
if($database->is_error())
{
- $admin->print_error($database->get_error(), $js_back);
+ $admin->print_error($database->get_error(), ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] );
} else {
$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] );
}
Index: branches/2.8.x/wb/admin/pages/sections_save.php
===================================================================
--- branches/2.8.x/wb/admin/pages/sections_save.php (revision 1424)
+++ branches/2.8.x/wb/admin/pages/sections_save.php (revision 1425)
@@ -33,7 +33,7 @@
if (!$admin->checkFTAN())
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],ADMIN_URL.'/pages/sections.php?page_id='.$page_id);
exit();
}
Index: branches/2.8.x/wb/admin/pages/settings2.php
===================================================================
--- branches/2.8.x/wb/admin/pages/settings2.php (revision 1424)
+++ branches/2.8.x/wb/admin/pages/settings2.php (revision 1425)
@@ -22,12 +22,6 @@
require_once(WB_PATH.'/framework/class.admin.php');
$admin = new admin('Pages', 'pages_settings');
-if (!$admin->checkFTAN())
-{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
- exit();
-}
-
// Get page id
if(!isset($_POST['page_id']) || !is_numeric($_POST['page_id']))
{
@@ -36,7 +30,15 @@
} else {
$page_id = $_POST['page_id'];
}
+$pagetree_url = ADMIN_URL.'/pages/index.php';
+$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
+if (!$admin->checkFTAN())
+{
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$target_url);
+ exit();
+}
+
/*
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
{
@@ -310,8 +312,8 @@
/* END page "access file" code */
-$pagetree_url = ADMIN_URL.'/pages/index.php';
-$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
+//$pagetree_url = ADMIN_URL.'/pages/index.php';
+//$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
// Check if there is a db error, otherwise say successful
if($database->is_error())
{
Index: branches/2.8.x/wb/admin/pages/add.php
===================================================================
--- branches/2.8.x/wb/admin/pages/add.php (revision 1424)
+++ branches/2.8.x/wb/admin/pages/add.php (revision 1425)
@@ -23,7 +23,7 @@
if (!$admin->checkFTAN())
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
exit();
}
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php (revision 1424)
+++ branches/2.8.x/wb/admin/interface/version.php (revision 1425)
@@ -52,6 +52,6 @@
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
if(!defined('VERSION')) define('VERSION', '2.8.2.RC5');
-if(!defined('REVISION')) define('REVISION', '1424');
+if(!defined('REVISION')) define('REVISION', '1425');
?>
Index: branches/2.8.x/wb/admin/settings/save.php
===================================================================
--- branches/2.8.x/wb/admin/settings/save.php (revision 1424)
+++ branches/2.8.x/wb/admin/settings/save.php (revision 1425)
@@ -33,15 +33,15 @@
$admin = new admin('Settings', 'settings_advanced');
}
+// Create a javascript back link
+$js_back = ADMIN_URL.'/settings/index.php'.$advanced;
+
if( !$admin->checkFTAN() )
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back );
exit();
}
-// Create a javascript back link
-$js_back = "javascript: history.go(-1);";
-
// Ensure that the specified default email is formally valid
if(isset($_POST['server_email']))
{
@@ -189,7 +189,7 @@
if (!$database->query($sql))
{
if($database->is_error()) {
- $admin->print_error($database->get_error, ADMIN_URL.'/settings/index.php'.$advanced);
+ $admin->print_error($database->get_error, $js_back );
}
}
}
@@ -201,7 +201,7 @@
$res_search = $database->query($sql);
if($database->is_error()) {
- $admin->print_error($database->is_error(), ADMIN_URL.'/settings/index.php'.$advanced);
+ $admin->print_error($database->is_error(), $js_back );
}
while($search_setting = $res_search->fetchRow())
@@ -229,9 +229,9 @@
// Check if there was an error updating the db
if($database->is_error()) {
- $admin->print_error($database->get_error, ADMIN_URL.'/settings/index.php'.$advanced);
+ $admin->print_error($database->get_error, $js_back );
} else {
- $admin->print_success($MESSAGE['SETTINGS']['SAVED'], ADMIN_URL.'/settings/index.php'.$advanced);
+ $admin->print_success($MESSAGE['SETTINGS']['SAVED'], $js_back );
}
$admin->print_footer();
Index: branches/2.8.x/wb/admin/users/save.php
===================================================================
--- branches/2.8.x/wb/admin/users/save.php (revision 1424)
+++ branches/2.8.x/wb/admin/users/save.php (revision 1425)
@@ -21,11 +21,15 @@
require_once(WB_PATH.'/framework/class.admin.php');
$admin = new admin('Access', 'users_modify');
+
+// Create a javascript back link
+$js_back = ADMIN_URL.'/users/index.php';
+
// Create new database object
//$database = new database();
if( !$admin->checkFTAN() )
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
exit();
}
@@ -48,9 +52,6 @@
$email = $admin->get_post_escaped('email');
$home_folder = $admin->get_post_escaped('home_folder');
-// Create a javascript back link
-$js_back = "javascript: history.go(-1);";
-
// Check values
if($groups_id == "") {
$admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back);
@@ -106,7 +107,7 @@
}
$database->query($query);
if($database->is_error()) {
- $admin->print_error($database->get_error());
+ $admin->print_error($database->get_error(),$js_back);
} else {
$admin->print_success($MESSAGE['USERS']['SAVED']);
}
Index: branches/2.8.x/wb/admin/users/add.php
===================================================================
--- branches/2.8.x/wb/admin/users/add.php (revision 1424)
+++ branches/2.8.x/wb/admin/users/add.php (revision 1425)
@@ -21,11 +21,14 @@
require_once(WB_PATH.'/framework/class.admin.php');
$admin = new admin('Access', 'users_add');
+// Create a javascript back link
+$js_back = ADMIN_URL.'/users/index.php';
+
// Create new database object
//$database = new database();
if( !$admin->checkFTAN() )
{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
exit();
}
@@ -42,9 +45,6 @@
$home_folder = $admin->get_post_escaped('home_folder');
$default_language = DEFAULT_LANGUAGE;
-// Create a javascript back link
-$js_back = 'javascript: history.go(-1);';
-
// Check values
if($groups_id == '') {
$admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back);
Index: branches/2.8.x/wb/admin/preferences/save.php
===================================================================
--- branches/2.8.x/wb/admin/preferences/save.php (revision 1424)
+++ branches/2.8.x/wb/admin/preferences/save.php (revision 1425)
@@ -1,179 +1,179 @@
-checkFTAN()){ $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; }
-// Get entered values and validate all
- // remove any dangerouse chars from display_name
- $display_name = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));
- $display_name = ( $display_name == '' ? $admin->get_display_name() : $display_name );
- // check that display_name is unique in whoole system (prevents from User-faking)
- $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
- $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
- if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['USERNAME_TAKEN']; }
-// language must be 2 upercase letters only
- $language = strtoupper($admin->get_post('language'));
- $language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
-// timezone must be between -12 and +13 or -20 as system_default
- $timezone = $admin->get_post('timezone');
- $timezone = (is_numeric($timezone) ? $timezone : -20);
- $timezone = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
-// date_format must be a key from /interface/date_formats
- $date_format = $admin->get_post('date_format');
- $date_format_key = str_replace(' ', '|', $date_format);
- $user_time = true;
- include( ADMIN_PATH.'/interface/date_formats.php' );
- $date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
- $date_format = ($date_format == 'system_default' ? '' : $date_format);
- unset($DATE_FORMATS);
-// time_format must be a key from /interface/time_formats
- $time_format = $admin->get_post('time_format');
- $time_format_key = str_replace(' ', '|', $time_format);
- $user_time = true;
- include( ADMIN_PATH.'/interface/time_formats.php' );
- $time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
- $time_format = ($time_format == 'system_default' ? '' : $time_format);
- unset($TIME_FORMATS);
-// email should be validatet by core
- $email = ( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
- if( !$admin->validate_email($email) )
- {
- $email = '';
- $err_msg[] = $MESSAGE['USERS']['INVALID_EMAIL'];
- }else {
- // check that email is unique in whoole system
- $email = $admin->add_slashes($email);
- $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
- $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
- if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['EMAIL_TAKEN']; }
- }
-// receive password vars and calculate needed action
- $current_password = $admin->get_post('current_password');
- $current_password = ($current_password == null ? '' : $current_password);
- $new_password_1 = $admin->get_post('new_password_1');
- $new_password_1 = (($new_password_1 == null || $new_password_1 == '') ? '' : $new_password_1);
- $new_password_2 = $admin->get_post('new_password_2');
- $new_password_2 = (($new_password_2 == null || $new_password_2 == '') ? '' : $new_password_2);
- if($current_password == '')
- {
- $err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
- }else {
- // if new_password is empty, still let current one
- if( $new_password_1 == '' )
- {
- $new_password_1 = $current_password;
- $new_password_2 = $current_password;
- }
-
- // is password lenght matching min_pass_lenght ?
- if( $new_password_1 != $current_password )
- {
- if( strlen($new_password_1) < $min_pass_length )
- {
- $err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
- }
- $pattern = '/[^'.$admin->password_chars.']/';
- if( preg_match($pattern, $new_password_1) )
- {
- $err_msg[] = $MESSAGE['PREFERENCES']['INVALID_CHARS'];
- }
- }
- // is password lenght matching min_pass_lenght ?
- if( $new_password_1 != $current_password && strlen($new_password_1) < $min_pass_length )
- {
- $err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
- }
- // password_1 matching password_2 ?
- if( $new_password_1 != $new_password_2 )
- {
- $err_msg[] = $MESSAGE['USERS']['PASSWORD_MISMATCH'];
- }
- }
- $current_password = md5($current_password);
- $new_password_1 = md5($new_password_1);
- $new_password_2 = md5($new_password_2);
-// if no validation errors, try to update the database, otherwise return errormessages
- if(sizeof($err_msg) == 0)
- {
- $sql = 'UPDATE `'.TABLE_PREFIX.'users` ';
- $sql .= 'SET `display_name` = "'.$display_name.'", ';
- $sql .= '`password` = "'.$new_password_1.'", ';
- $sql .= '`email` = "'.$email.'", ';
- $sql .= '`language` = "'.$language.'", ';
- $sql .= '`timezone` = "'.$timezone.'", ';
- $sql .= '`date_format` = "'.$date_format.'", ';
- $sql .= '`time_format` = "'.$time_format.'" ';
- $sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `password` = "'.$current_password.'"';
- if( $database->query($sql) )
- {
- $sql_info = mysql_info($database->db_handle);
- if(preg_match('/matched: *([1-9][0-9]*)/i', $sql_info) != 1)
- { // if the user_id and password dosn't match
- $err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
- }else {
- // update successfull, takeover values into the session
- $_SESSION['DISPLAY_NAME'] = $display_name;
- $_SESSION['LANGUAGE'] = $language;
- $_SESSION['TIMEZONE'] = $timezone;
- $_SESSION['EMAIL'] = $email;
- // Update date format
- if($date_format != '') {
- $_SESSION['DATE_FORMAT'] = $date_format;
- if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
- } else {
- $_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
- if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
- }
- // Update time format
- if($time_format != '') {
- $_SESSION['TIME_FORMAT'] = $time_format;
- if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
- } else {
- $_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
- if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
- }
- }
- }else {
- $err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
- }
- }
- return ( (sizeof($err_msg) > 0) ? implode('
', $err_msg) : '' );
-}
-$retval = save_preferences($admin, $database);
-if( $retval == '')
-{
- $admin->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED']);
- $admin->print_footer();
-}else {
- $admin->print_error($retval, $js_back);
-}
-
+checkFTAN()){ $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; }
+// Get entered values and validate all
+ // remove any dangerouse chars from display_name
+ $display_name = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));
+ $display_name = ( $display_name == '' ? $admin->get_display_name() : $display_name );
+ // check that display_name is unique in whoole system (prevents from User-faking)
+ $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
+ $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
+ if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['USERNAME_TAKEN']; }
+// language must be 2 upercase letters only
+ $language = strtoupper($admin->get_post('language'));
+ $language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
+// timezone must be between -12 and +13 or -20 as system_default
+ $timezone = $admin->get_post('timezone');
+ $timezone = (is_numeric($timezone) ? $timezone : -20);
+ $timezone = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
+// date_format must be a key from /interface/date_formats
+ $date_format = $admin->get_post('date_format');
+ $date_format_key = str_replace(' ', '|', $date_format);
+ $user_time = true;
+ include( ADMIN_PATH.'/interface/date_formats.php' );
+ $date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
+ $date_format = ($date_format == 'system_default' ? '' : $date_format);
+ unset($DATE_FORMATS);
+// time_format must be a key from /interface/time_formats
+ $time_format = $admin->get_post('time_format');
+ $time_format_key = str_replace(' ', '|', $time_format);
+ $user_time = true;
+ include( ADMIN_PATH.'/interface/time_formats.php' );
+ $time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
+ $time_format = ($time_format == 'system_default' ? '' : $time_format);
+ unset($TIME_FORMATS);
+// email should be validatet by core
+ $email = ( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
+ if( !$admin->validate_email($email) )
+ {
+ $email = '';
+ $err_msg[] = $MESSAGE['USERS']['INVALID_EMAIL'];
+ }else {
+ // check that email is unique in whoole system
+ $email = $admin->add_slashes($email);
+ $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
+ $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
+ if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['EMAIL_TAKEN']; }
+ }
+// receive password vars and calculate needed action
+ $current_password = $admin->get_post('current_password');
+ $current_password = ($current_password == null ? '' : $current_password);
+ $new_password_1 = $admin->get_post('new_password_1');
+ $new_password_1 = (($new_password_1 == null || $new_password_1 == '') ? '' : $new_password_1);
+ $new_password_2 = $admin->get_post('new_password_2');
+ $new_password_2 = (($new_password_2 == null || $new_password_2 == '') ? '' : $new_password_2);
+ if($current_password == '')
+ {
+ $err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
+ }else {
+ // if new_password is empty, still let current one
+ if( $new_password_1 == '' )
+ {
+ $new_password_1 = $current_password;
+ $new_password_2 = $current_password;
+ }
+
+ // is password lenght matching min_pass_lenght ?
+ if( $new_password_1 != $current_password )
+ {
+ if( strlen($new_password_1) < $min_pass_length )
+ {
+ $err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
+ }
+ $pattern = '/[^'.$admin->password_chars.']/';
+ if( preg_match($pattern, $new_password_1) )
+ {
+ $err_msg[] = $MESSAGE['PREFERENCES']['INVALID_CHARS'];
+ }
+ }
+ // is password lenght matching min_pass_lenght ?
+ if( $new_password_1 != $current_password && strlen($new_password_1) < $min_pass_length )
+ {
+ $err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
+ }
+ // password_1 matching password_2 ?
+ if( $new_password_1 != $new_password_2 )
+ {
+ $err_msg[] = $MESSAGE['USERS']['PASSWORD_MISMATCH'];
+ }
+ }
+ $current_password = md5($current_password);
+ $new_password_1 = md5($new_password_1);
+ $new_password_2 = md5($new_password_2);
+// if no validation errors, try to update the database, otherwise return errormessages
+ if(sizeof($err_msg) == 0)
+ {
+ $sql = 'UPDATE `'.TABLE_PREFIX.'users` ';
+ $sql .= 'SET `display_name` = "'.$display_name.'", ';
+ $sql .= '`password` = "'.$new_password_1.'", ';
+ $sql .= '`email` = "'.$email.'", ';
+ $sql .= '`language` = "'.$language.'", ';
+ $sql .= '`timezone` = "'.$timezone.'", ';
+ $sql .= '`date_format` = "'.$date_format.'", ';
+ $sql .= '`time_format` = "'.$time_format.'" ';
+ $sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `password` = "'.$current_password.'"';
+ if( $database->query($sql) )
+ {
+ $sql_info = mysql_info($database->db_handle);
+ if(preg_match('/matched: *([1-9][0-9]*)/i', $sql_info) != 1)
+ { // if the user_id and password dosn't match
+ $err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
+ }else {
+ // update successfull, takeover values into the session
+ $_SESSION['DISPLAY_NAME'] = $display_name;
+ $_SESSION['LANGUAGE'] = $language;
+ $_SESSION['TIMEZONE'] = $timezone;
+ $_SESSION['EMAIL'] = $email;
+ // Update date format
+ if($date_format != '') {
+ $_SESSION['DATE_FORMAT'] = $date_format;
+ if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
+ } else {
+ $_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
+ if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
+ }
+ // Update time format
+ if($time_format != '') {
+ $_SESSION['TIME_FORMAT'] = $time_format;
+ if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
+ } else {
+ $_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
+ if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
+ }
+ }
+ }else {
+ $err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
+ }
+ }
+ return ( (sizeof($err_msg) > 0) ? implode('
', $err_msg) : '' );
+}
+$retval = save_preferences($admin, $database);
+if( $retval == '')
+{
+ $admin->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED']);
+ $admin->print_footer();
+}else {
+ $admin->print_error($retval);
+}
+
?>
\ No newline at end of file
Index: branches/2.8.x/wb/admin/addons/reload.php
===================================================================
--- branches/2.8.x/wb/admin/addons/reload.php (revision 1424)
+++ branches/2.8.x/wb/admin/addons/reload.php (revision 1425)
@@ -1,144 +1,144 @@
- $key) {
- if (!isset($_POST[$key])) unset($post_check[$index]);
-}
-if (count($post_check) == 0) die(header('Location: index.php?advanced'));
-
-/**
- * check if user has permissions to access this file
- */
-// include WB configuration file and WB admin class
-require_once('../../config.php');
-require_once('../../framework/class.admin.php');
-
-// check user permissions for admintools (redirect users with wrong permissions)
-$admin = new admin('Admintools', 'admintools', false, false);
-if ($admin->get_permission('admintools') == false) die(header('Location: ../../index.php'));
-
-if (!$admin->checkFTAN())
-{
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
- exit();
-}
-
-// check if the referer URL if available
-$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
- (isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : '');
-
-// if referer is set, check if script was invoked from "admin/modules/index.php"
-$required_url = ADMIN_URL . '/addons/index.php';
-if ($referer != '' && (!(strpos($referer, $required_url) !== false || strpos($referer, $required_url) !== false)))
- die(header('Location: ../../index.php'));
-
-// include WB functions file
-require_once(WB_PATH . '/framework/functions.php');
-
-// load WB language file
-require_once(WB_PATH . '/languages/' . LANGUAGE .'.php');
-
-// create Admin object with admin header
-$admin = new admin('Addons', '', true, false);
-$js_back = ADMIN_URL . '/addons/index.php?advanced';
-
-/**
- * Reload all specified Addons
- */
-$msg = array();
-$table = TABLE_PREFIX . 'addons';
-
-foreach ($post_check as $key) {
- switch ($key) {
- case 'reload_modules':
- if ($handle = opendir(WB_PATH . '/modules')) {
- // delete modules from database
- $sql = "DELETE FROM `$table` WHERE `type` = 'module'";
- $database->query($sql);
-
- // loop over all modules
- while(false !== ($file = readdir($handle))) {
- if ($file != '' && substr($file, 0, 1) != '.' && $file != 'admin.php' && $file != 'index.php') {
- load_module(WB_PATH . '/modules/' . $file);
- }
- }
- closedir($handle);
- // add success message
- $msg[] = $MESSAGE['ADDON']['MODULES_RELOADED'];
-
- } else {
- // provide error message and stop
- $admin->print_error($MESSAGE['ADDON']['ERROR_RELOAD'], $js_back);
- }
- break;
-
- case 'reload_templates':
- if ($handle = opendir(WB_PATH . '/templates')) {
- // delete templates from database
- $sql = "DELETE FROM `$table` WHERE `type` = 'template'";
- $database->query($sql);
-
- // loop over all templates
- while(false !== ($file = readdir($handle))) {
- if($file != '' AND substr($file, 0, 1) != '.' AND $file != 'index.php') {
- load_template(WB_PATH . '/templates/' . $file);
- }
- }
- closedir($handle);
- // add success message
- $msg[] = $MESSAGE['ADDON']['TEMPLATES_RELOADED'];
-
- } else {
- // provide error message and stop
- $admin->print_error($MESSAGE['ADDON']['ERROR_RELOAD'], $js_back);
- }
- break;
-
- case 'reload_languages':
- if ($handle = opendir(WB_PATH . '/languages/')) {
- // delete languages from database
- $sql = "DELETE FROM `$table` WHERE `type` = 'language'";
- $database->query($sql);
-
- // loop over all languages
- while(false !== ($file = readdir($handle))) {
- if ($file != '' && substr($file, 0, 1) != '.' && $file != 'index.php') {
- load_language(WB_PATH . '/languages/' . $file);
- }
- }
- closedir($handle);
- // add success message
- $msg[] = $MESSAGE['ADDON']['LANGUAGES_RELOADED'];
-
- } else {
- // provide error message and stop
- $admin->print_error($MESSAGE['ADDON']['ERROR_RELOAD'], $js_back);
- }
- break;
- }
-}
-
-// output success message
-$admin->print_success(implode($msg, '
'), $js_back);
-$admin->print_footer();
-
+ $key) {
+ if (!isset($_POST[$key])) unset($post_check[$index]);
+}
+if (count($post_check) == 0) die(header('Location: index.php?advanced'));
+
+/**
+ * check if user has permissions to access this file
+ */
+// include WB configuration file and WB admin class
+require_once('../../config.php');
+require_once('../../framework/class.admin.php');
+
+// check user permissions for admintools (redirect users with wrong permissions)
+$admin = new admin('Admintools', 'admintools', false, false);
+
+if ($admin->get_permission('admintools') == false) die(header('Location: ../../index.php'));
+
+// check if the referer URL if available
+$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
+ (isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : '');
+// if referer is set, check if script was invoked from "admin/modules/index.php"
+$required_url = ADMIN_URL . '/addons/index.php';
+if ($referer != '' && (!(strpos($referer, $required_url) !== false || strpos($referer, $required_url) !== false)))
+ die(header('Location: ../../index.php'));
+
+// include WB functions file
+require_once(WB_PATH . '/framework/functions.php');
+
+// load WB language file
+require_once(WB_PATH . '/languages/' . LANGUAGE .'.php');
+
+// create Admin object with admin header
+$admin = new admin('Addons', '', true, false);
+$js_back = ADMIN_URL . '/addons/index.php?advanced';
+
+if (!$admin->checkFTAN())
+{
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
+ exit();
+}
+
+/**
+ * Reload all specified Addons
+ */
+$msg = array();
+$table = TABLE_PREFIX . 'addons';
+
+foreach ($post_check as $key) {
+ switch ($key) {
+ case 'reload_modules':
+ if ($handle = opendir(WB_PATH . '/modules')) {
+ // delete modules from database
+ $sql = "DELETE FROM `$table` WHERE `type` = 'module'";
+ $database->query($sql);
+
+ // loop over all modules
+ while(false !== ($file = readdir($handle))) {
+ if ($file != '' && substr($file, 0, 1) != '.' && $file != 'admin.php' && $file != 'index.php') {
+ load_module(WB_PATH . '/modules/' . $file);
+ }
+ }
+ closedir($handle);
+ // add success message
+ $msg[] = $MESSAGE['ADDON']['MODULES_RELOADED'];
+
+ } else {
+ // provide error message and stop
+ $admin->print_error($MESSAGE['ADDON']['ERROR_RELOAD'], $js_back);
+ }
+ break;
+
+ case 'reload_templates':
+ if ($handle = opendir(WB_PATH . '/templates')) {
+ // delete templates from database
+ $sql = "DELETE FROM `$table` WHERE `type` = 'template'";
+ $database->query($sql);
+
+ // loop over all templates
+ while(false !== ($file = readdir($handle))) {
+ if($file != '' AND substr($file, 0, 1) != '.' AND $file != 'index.php') {
+ load_template(WB_PATH . '/templates/' . $file);
+ }
+ }
+ closedir($handle);
+ // add success message
+ $msg[] = $MESSAGE['ADDON']['TEMPLATES_RELOADED'];
+
+ } else {
+ // provide error message and stop
+ $admin->print_error($MESSAGE['ADDON']['ERROR_RELOAD'], $js_back);
+ }
+ break;
+
+ case 'reload_languages':
+ if ($handle = opendir(WB_PATH . '/languages/')) {
+ // delete languages from database
+ $sql = "DELETE FROM `$table` WHERE `type` = 'language'";
+ $database->query($sql);
+
+ // loop over all languages
+ while(false !== ($file = readdir($handle))) {
+ if ($file != '' && substr($file, 0, 1) != '.' && $file != 'index.php') {
+ load_language(WB_PATH . '/languages/' . $file);
+ }
+ }
+ closedir($handle);
+ // add success message
+ $msg[] = $MESSAGE['ADDON']['LANGUAGES_RELOADED'];
+
+ } else {
+ // provide error message and stop
+ $admin->print_error($MESSAGE['ADDON']['ERROR_RELOAD'], $js_back);
+ }
+ break;
+ }
+}
+
+// output success message
+$admin->print_success(implode($msg, '
'), $js_back);
+$admin->print_footer();
+
?>
\ No newline at end of file
Index: branches/2.8.x/wb/admin/login/forgot/index.php
===================================================================
--- branches/2.8.x/wb/admin/login/forgot/index.php (revision 1424)
+++ branches/2.8.x/wb/admin/login/forgot/index.php (revision 1425)
@@ -1,164 +1,163 @@
-query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name = 'title'");
-$results = $results->fetchRow();
-$website_title = $results['value'];
-
-// Check if the user has already submitted the form, otherwise show it
-if(isset($_POST['email']) AND $_POST['email'] != "") {
-
- $email = htmlspecialchars($_POST['email'],ENT_QUOTES);
-
- // Check if the email exists in the database
- $query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'";
- $results = $database->query($query);
- if($results->numRows() > 0) {
-
- // Get the id, username, email, and last_reset from the above db query
- $results_array = $results->fetchRow();
-
- // Check if the password has been reset in the last 2 hours
- $last_reset = $results_array['last_reset'];
- $time_diff = time()-$last_reset; // Time since last reset in seconds
- $time_diff = $time_diff/60/60; // Time since last reset in hours
- if($time_diff < 2) {
-
- // Tell the user that their password cannot be reset more than once per hour
- $message = $MESSAGE['FORGOT_PASS']['ALREADY_RESET'];
-
- } else {
-
- $old_pass = $results_array['password'];
-
- // Generate a random password then update the database with it
- $new_pass = '';
- $salt = "abchefghjkmnpqrstuvwxyz0123456789";
- srand((double)microtime()*1000000);
- $i = 0;
- while ($i <= 7) {
- $num = rand() % 33;
- $tmp = substr($salt, $num, 1);
- $new_pass = $new_pass . $tmp;
- $i++;
- }
-
- $database->query("UPDATE ".TABLE_PREFIX."users SET password = '".md5($new_pass)."', last_reset = '".time()."' WHERE user_id = '".$results_array['user_id']."'");
-
- if($database->is_error()) {
- // Error updating database
- $message = $database->get_error();
- } else {
- // Setup email to send
- $mail_to = $email;
- $mail_subject = $MESSAGE['SIGNUP2']['SUBJECT_LOGIN_INFO'];
-
- // Replace placeholders from language variable with values
- $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
- $replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
- $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2']['BODY_LOGIN_FORGOT']);
-
- // Try sending the email
- if($admin->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
- $message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET'];
- $display_form = false;
- } else {
- $database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
- $message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'];
- }
- }
-
- }
-
- } else {
- // Email doesn't exist, so tell the user
- $message = $MESSAGE['FORGOT_PASS']['EMAIL_NOT_FOUND'];
- // and delete the wrong Email
- $email = '';
- }
-
-} else {
- $email = '';
-}
-
-if(!isset($message)) {
- $message = $MESSAGE['FORGOT_PASS']['NO_DATA'];
- $message_color = '000000';
-} else {
- $message_color = 'FF0000';
-}
-
-// Setup the template
-$template = new Template(THEME_PATH.'/templates');
-$template->set_file('page', 'login_forgot.htt');
-$template->set_block('page', 'main_block', 'main');
-if(defined('FRONTEND')) {
- $template->set_var('ACTION_URL', 'forgot.php');
-} else {
- $template->set_var('ACTION_URL', 'index.php');
-}
-$template->set_var('EMAIL', $email);
-
-if(isset($display_form)) {
- $template->set_var('DISPLAY_FORM', 'display:none;');
-}
-
-$template->set_var(array(
- 'SECTION_FORGOT' => $MENU['FORGOT'],
- 'MESSAGE_COLOR' => $message_color,
- 'MESSAGE' => $message,
- 'WB_URL' => WB_URL,
- 'ADMIN_URL' => ADMIN_URL,
- 'THEME_URL' => THEME_URL,
- 'LANGUAGE' => strtolower(LANGUAGE),
- 'TEXT_EMAIL' => $TEXT['EMAIL'],
- 'TEXT_SEND_DETAILS' => $TEXT['SEND_DETAILS'],
- 'TEXT_HOME' => $TEXT['HOME'],
- 'TEXT_NEED_TO_LOGIN' => $TEXT['NEED_TO_LOGIN']
- )
- );
-
-if(defined('FRONTEND')) {
- $template->set_var('LOGIN_URL', WB_URL.'/account/login.php');
-} else {
- $template->set_var('LOGIN_URL', ADMIN_URL);
-}
-$template->set_var('INTERFACE_URL', ADMIN_URL.'/interface');
-
-if(defined('DEFAULT_CHARSET')) {
- $charset=DEFAULT_CHARSET;
-} else {
- $charset='utf-8';
-}
-
-$template->set_var('CHARSET', $charset);
-
-$template->parse('main', 'main_block', false);
-$template->pparse('output', 'page');
-
+query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name = 'title'");
+$results = $results->fetchRow();
+$website_title = $results['value'];
+
+// Check if the user has already submitted the form, otherwise show it
+if(isset($_POST['email']) AND $_POST['email'] != "") {
+
+ $email = htmlspecialchars($_POST['email'],ENT_QUOTES);
+
+ // Check if the email exists in the database
+ $query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'";
+ $results = $database->query($query);
+ if($results->numRows() > 0) {
+
+ // Get the id, username, email, and last_reset from the above db query
+ $results_array = $results->fetchRow();
+
+ // Check if the password has been reset in the last 2 hours
+ $last_reset = $results_array['last_reset'];
+ $time_diff = time()-$last_reset; // Time since last reset in seconds
+ $time_diff = $time_diff/60/60; // Time since last reset in hours
+ if($time_diff < 2) {
+
+ // Tell the user that their password cannot be reset more than once per hour
+ $message = $MESSAGE['FORGOT_PASS']['ALREADY_RESET'];
+
+ } else {
+
+ $old_pass = $results_array['password'];
+
+ // Generate a random password then update the database with it
+ $new_pass = '';
+ $salt = "abchefghjkmnpqrstuvwxyz0123456789";
+ srand((double)microtime()*1000000);
+ $i = 0;
+ while ($i <= 7) {
+ $num = rand() % 33;
+ $tmp = substr($salt, $num, 1);
+ $new_pass = $new_pass . $tmp;
+ $i++;
+ }
+
+ $database->query("UPDATE ".TABLE_PREFIX."users SET password = '".md5($new_pass)."', last_reset = '".time()."' WHERE user_id = '".$results_array['user_id']."'");
+
+ if($database->is_error()) {
+ // Error updating database
+ $message = $database->get_error();
+ } else {
+ // Setup email to send
+ $mail_to = $email;
+ $mail_subject = $MESSAGE['SIGNUP2']['SUBJECT_LOGIN_INFO'];
+
+ // Replace placeholders from language variable with values
+ $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
+ $replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
+ $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2']['BODY_LOGIN_FORGOT']);
+
+ // Try sending the email
+ if($admin->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
+ $message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET'];
+ $display_form = false;
+ } else {
+ $database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
+ $message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'];
+ }
+ }
+
+ }
+
+ } else {
+ // Email doesn't exist, so tell the user
+ $message = $MESSAGE['FORGOT_PASS']['EMAIL_NOT_FOUND'];
+ // and delete the wrong Email
+ $email = '';
+ }
+
+} else {
+ $email = '';
+}
+
+if(!isset($message)) {
+ $message = $MESSAGE['FORGOT_PASS']['NO_DATA'];
+ $message_color = '000000';
+} else {
+ $message_color = 'FF0000';
+}
+
+// Setup the template
+$template = new Template(THEME_PATH.'/templates');
+$template->set_file('page', 'login_forgot.htt');
+$template->set_block('page', 'main_block', 'main');
+if(defined('FRONTEND')) {
+ $template->set_var('ACTION_URL', 'forgot.php');
+} else {
+ $template->set_var('ACTION_URL', 'index.php');
+}
+$template->set_var('EMAIL', $email);
+
+if(isset($display_form)) {
+ $template->set_var('DISPLAY_FORM', 'display:none;');
+}
+
+$template->set_var(array(
+ 'SECTION_FORGOT' => $MENU['FORGOT'],
+ 'MESSAGE_COLOR' => $message_color,
+ 'MESSAGE' => $message,
+ 'WB_URL' => WB_URL,
+ 'ADMIN_URL' => ADMIN_URL,
+ 'THEME_URL' => THEME_URL,
+ 'LANGUAGE' => strtolower(LANGUAGE),
+ 'TEXT_EMAIL' => $TEXT['EMAIL'],
+ 'TEXT_SEND_DETAILS' => $TEXT['SEND_DETAILS'],
+ 'TEXT_HOME' => $TEXT['HOME'],
+ 'TEXT_NEED_TO_LOGIN' => $TEXT['NEED_TO_LOGIN']
+ )
+ );
+
+if(defined('FRONTEND')) {
+ $template->set_var('LOGIN_URL', WB_URL.'/account/login.php');
+} else {
+ $template->set_var('LOGIN_URL', ADMIN_URL);
+}
+$template->set_var('INTERFACE_URL', ADMIN_URL.'/interface');
+
+if(defined('DEFAULT_CHARSET')) {
+ $charset=DEFAULT_CHARSET;
+} else {
+ $charset='utf-8';
+}
+
+$template->set_var('CHARSET', $charset);
+
+$template->parse('main', 'main_block', false);
+$template->pparse('output', 'page');
+
?>
\ No newline at end of file
Index: branches/2.8.x/wb/admin/login/index.php
===================================================================
--- branches/2.8.x/wb/admin/login/index.php (revision 1424)
+++ branches/2.8.x/wb/admin/login/index.php (revision 1425)
@@ -1,63 +1,63 @@
- "3",
- 'WARNING_URL' => THEME_URL."/templates/warning.html",
- 'USERNAME_FIELDNAME' => $username_fieldname,
- 'PASSWORD_FIELDNAME' => $password_fieldname,
- 'REMEMBER_ME_OPTION' => SMART_LOGIN,
- 'MIN_USERNAME_LEN' => "2",
- 'MIN_PASSWORD_LEN' => "2",
- 'MAX_USERNAME_LEN' => "30",
- 'MAX_PASSWORD_LEN' => "30",
- 'LOGIN_URL' => ADMIN_URL."/login/index.php",
- 'DEFAULT_URL' => ADMIN_URL."/start/index.php",
- 'TEMPLATE_DIR' => THEME_PATH."/templates",
- 'TEMPLATE_FILE' => "login.htt",
- 'FRONTEND' => false,
- 'FORGOTTEN_DETAILS_APP' => ADMIN_URL."/login/forgot/index.php",
- 'USERS_TABLE' => TABLE_PREFIX."users",
- 'GROUPS_TABLE' => TABLE_PREFIX."groups",
- )
- );
-
+ "3",
+ 'WARNING_URL' => THEME_URL."/templates/warning.html",
+ 'USERNAME_FIELDNAME' => $username_fieldname,
+ 'PASSWORD_FIELDNAME' => $password_fieldname,
+ 'REMEMBER_ME_OPTION' => SMART_LOGIN,
+ 'MIN_USERNAME_LEN' => "2",
+ 'MIN_PASSWORD_LEN' => "2",
+ 'MAX_USERNAME_LEN' => "30",
+ 'MAX_PASSWORD_LEN' => "30",
+ 'LOGIN_URL' => ADMIN_URL."/login/index.php",
+ 'DEFAULT_URL' => ADMIN_URL."/start/index.php",
+ 'TEMPLATE_DIR' => THEME_PATH."/templates",
+ 'TEMPLATE_FILE' => "login.htt",
+ 'FRONTEND' => false,
+ 'FORGOTTEN_DETAILS_APP' => ADMIN_URL."/login/forgot/index.php",
+ 'USERS_TABLE' => TABLE_PREFIX."users",
+ 'GROUPS_TABLE' => TABLE_PREFIX."groups",
+ )
+ );
+
?>
\ No newline at end of file
Index: branches/2.8.x/wb/account/password.php
===================================================================
--- branches/2.8.x/wb/account/password.php (revision 1424)
+++ branches/2.8.x/wb/account/password.php (revision 1425)
@@ -24,15 +24,15 @@
$new_password = $_POST['new_password'];
$new_password2 = $_POST['new_password2'];
+// Create a javascript back link
+$js_back = WB_URL.'/account/preferences.php';
+
if (!$wb->checkFTAN())
{
- $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
+ $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
exit();
}
-// Create a javascript back link
-$js_back = "javascript: history.go(-1);";
-
// Get existing password
// $database = new database();
$query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'";
@@ -42,6 +42,7 @@
if($results->numRows() == 0) {
$wb->print_error($MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'], $js_back, false);
}
+
if(strlen($new_password) < 3) {
$wb->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back, false);
}
@@ -57,9 +58,9 @@
$query = "UPDATE ".TABLE_PREFIX."users SET password = '$md5_password' WHERE user_id = '".$wb->get_user_id()."'";
$database->query($query);
if($database->is_error()) {
- $wb->print_error($database->get_error, 'index.php', false);
+ $wb->print_error($database->get_error, $js_back, false);
} else {
- $wb->print_success($MESSAGE['PREFERENCES']['PASSWORD_CHANGED'], WB_URL.'/account/preferences.php');
+ $wb->print_success($MESSAGE['PREFERENCES']['PASSWORD_CHANGED']);
}
?>
\ No newline at end of file
Index: branches/2.8.x/wb/account/details.php
===================================================================
--- branches/2.8.x/wb/account/details.php (revision 1424)
+++ branches/2.8.x/wb/account/details.php (revision 1425)
@@ -19,6 +19,15 @@
// Must include code to stop this file being access directly
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
+// Create a javascript back link
+$js_back = WB_URL.'/account/preferences.php';
+
+if (!$wb->checkFTAN())
+{
+ $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
+ exit();
+}
+
// Get and sanitize entered values
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));
$language = strtoupper($wb->get_post('language'));
@@ -43,23 +52,14 @@
$time_format = ($time_format == 'system_default' ? '' : $time_format);
unset($TIME_FORMATS);
-if (!$wb->checkFTAN())
-{
- $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
- exit();
-}
-
-// Create a javascript back link
-$js_back = "javascript: history.go(-1);";
-
// Update the database
// $database = new database();
$query = "UPDATE ".TABLE_PREFIX."users SET display_name = '$display_name', language = '$language', timezone = '$timezone', date_format = '$date_format', time_format = '$time_format' WHERE user_id = '".$wb->get_user_id()."'";
$database->query($query);
if($database->is_error()) {
- $wb->print_error($database->get_error,'index.php',false);
+ $wb->print_error($database->get_error,$js_back,false);
} else {
- $wb->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED'], WB_URL.'/account/preferences.php');
+ $wb->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED'] );
$_SESSION['DISPLAY_NAME'] = $display_name;
$_SESSION['LANGUAGE'] = $language;
// Update date format
Index: branches/2.8.x/wb/account/email.php
===================================================================
--- branches/2.8.x/wb/account/email.php (revision 1424)
+++ branches/2.8.x/wb/account/email.php (revision 1425)
@@ -23,15 +23,15 @@
$current_password = $wb->get_post('current_password');
$email = $wb->get_post('email');
+// Create a javascript back link
+$js_back = WB_URL.'/account/preferences.php';
+
if (!$wb->checkFTAN())
{
- $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
+ $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
exit();
}
-// Create a javascript back link
-$js_back = "javascript: history.go(-1);";
-
// Get existing password
// $database = new database();
$query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'";
@@ -53,9 +53,9 @@
$query = "UPDATE ".TABLE_PREFIX."users SET email = '$email' WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'";
$database->query($query);
if($database->is_error()) {
- $wb->print_error($database->get_error,'index.php', false);
+ $wb->print_error($database->get_error,$js_back, false);
} else {
- $wb->print_success($MESSAGE['PREFERENCES']['EMAIL_UPDATED'], WB_URL.'/account/preferences.php');
+ $wb->print_success($MESSAGE['PREFERENCES']['EMAIL_UPDATED']);
$_SESSION['EMAIL'] = $email;
}
Index: branches/2.8.x/wb/account/signup2.php
===================================================================
--- branches/2.8.x/wb/account/signup2.php (revision 1424)
+++ branches/2.8.x/wb/account/signup2.php (revision 1425)
@@ -32,15 +32,15 @@
$display_name = strip_tags($wb->get_post_escaped('display_name'));
$email = $wb->get_post('email');
+// Create a javascript back link
+$js_back = WB_URL.'/account/signup.php';
+
if (!$wb->checkFTAN())
{
- $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
+ $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
exit();
}
-// Create a javascript back link
-$js_back = "javascript: history.go(-1);";
-
// Check values
if($groups_id == "") {
$wb->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back, false);
@@ -123,7 +123,7 @@
// Try sending the email
if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
$display_form = false;
- $wb->print_success($MESSAGE['FORGOT_PASS']['PASSWORD_RESET'], WB_URL.'/account/login.php');
+ $wb->print_success($MESSAGE['FORGOT_PASS']['PASSWORD_RESET'], WB_URL.'/account/login.php' );
} else {
$database->query("DELETE FROM ".TABLE_PREFIX."users WHERE username = '$username'");
$wb->print_error($MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'], $js_back, false);
Index: branches/2.8.x/wb/templates/wb_theme/templates/header.htt
===================================================================
--- branches/2.8.x/wb/templates/wb_theme/templates/header.htt (revision 1424)
+++ branches/2.8.x/wb/templates/wb_theme/templates/header.htt (revision 1425)
@@ -7,6 +7,12 @@
+
+
+
+
+
+
{BACKEND_MODULE_CSS}