checkFTAN() ) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back ); } // After check print the header $admin->print_header(); // Ensure that the specified default email is formally valid if(isset($_POST['server_email'])) { $_POST['server_email'] = strip_tags($_POST['server_email']); // // $pattern = '/^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*@([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*\.(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})(\.([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?\r/im'; // $pattern = '/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,6}))$/'; // if(false == preg_match($pattern, $_POST['server_email'])) if(!$admin->validate_email($_POST['server_email'])) { $admin->print_error($MESSAGE['USERS_INVALID_EMAIL']. '
Email: '.htmlentities($_POST['server_email']).'', $js_back); } } if($admin->StripCodeFromText($admin->get_post('wbmailer_routine'))=='smtp') { $checkSmtpHost = (($admin->StripCodeFromText($admin->get_post('wbmailer_smtp_host'))=='') ? false : true); // $checkSmtpHost = (isset($_POST['wbmailer_smtp_host']) && ($_POST['wbmailer_smtp_host']=='') ? false : true); $checkSmtpUser = (($admin->StripCodeFromText($admin->get_post('wbmailer_smtp_username'))=='') ? false : true); // $checkSmtpUser = (isset($_POST['wbmailer_smtp_username']) && ($_POST['wbmailer_smtp_username']=='') ? false : true); $checkSmtpPassword = (($admin->StripCodeFromText($admin->get_post('wbmailer_smtp_password'))=='') ? false : true); // $checkSmtpPassword = (isset($_POST['wbmailer_smtp_password']) && ($_POST['wbmailer_smtp_password']=='') ? false : true); if(!$checkSmtpHost || !$checkSmtpUser || !$checkSmtpPassword) { $admin->print_error($TEXT['REQUIRED'].' '.$TEXT['WBMAILER_SMTP_AUTH']. '
'.$MESSAGE['GENERIC_FILL_IN_ALL'].'', $js_back); } } // Work-out file mode if($advanced == '') { $file_mode = STRING_FILE_MODE; $dir_mode = STRING_DIR_MODE; // Check if should be set to 777 or left alone // if(isset($_POST['world_writeable']) && $_POST['world_writeable'] == 'true') // { // $file_mode = '0777'; // $dir_mode = '0777'; // } else { // $file_mode = STRING_FILE_MODE; // $dir_mode = STRING_DIR_MODE; // } } else { $file_mode = STRING_FILE_MODE; $dir_mode = STRING_DIR_MODE; if($admin->get_user_id()=='1') { // Work-out the octal value for file mode $u = 0; if(isset($_POST['file_u_r']) && $_POST['file_u_r'] == 'true') { $u = $u+4; } if(isset($_POST['file_u_w']) && $_POST['file_u_w'] == 'true') { $u = $u+2; } if(isset($_POST['file_u_e']) && $_POST['file_u_e'] == 'true') { $u = $u+1; } $g = 0; if(isset($_POST['file_g_r']) && $_POST['file_g_r'] == 'true') { $g = $g+4; } if(isset($_POST['file_g_w']) && $_POST['file_g_w'] == 'true') { $g = $g+2; } if(isset($_POST['file_g_e']) && $_POST['file_g_e'] == 'true') { $g = $g+1; } $o = 0; if(isset($_POST['file_o_r']) && $_POST['file_o_r'] == 'true') { $o = $o+4; } if(isset($_POST['file_o_w']) && $_POST['file_o_w'] == 'true') { $o = $o+2; } if(isset($_POST['file_o_e']) && $_POST['file_o_e'] == 'true') { $o = $o+1; } $file_mode = "0".$u.$g.$o; // Work-out the octal value for dir mode $u = 0; if(isset($_POST['dir_u_r']) && $_POST['dir_u_r'] == 'true') { $u = $u+4; } if(isset($_POST['dir_u_w']) && $_POST['dir_u_w'] == 'true') { $u = $u+2; } if(isset($_POST['dir_u_e']) && $_POST['dir_u_e'] == 'true') { $u = $u+1; } $g = 0; if(isset($_POST['dir_g_r']) && $_POST['dir_g_r'] == 'true') { $g = $g+4; } if(isset($_POST['dir_g_w']) && $_POST['dir_g_w'] == 'true') { $g = $g+2; } if(isset($_POST['dir_g_e']) && $_POST['dir_g_e'] == 'true') { $g = $g+1; } $o = 0; if(isset($_POST['dir_o_r']) && $_POST['dir_o_r'] == 'true') { $o = $o+4; } if(isset($_POST['dir_o_w']) && $_POST['dir_o_w'] == 'true') { $o = $o+2; } if(isset($_POST['dir_o_e']) && $_POST['dir_o_e'] == 'true') { $o = $o+1; } $dir_mode = "0".$u.$g.$o; } } $allow_tags_in_fields = array( 'website_header', 'website_footer', 'website_signature' ); $allow_empty_values = array( 'website_header', 'website_footer', 'website_signature', 'wysiwyg_style', 'pages_directory', 'page_icon_dir', 'rename_files_on_upload', 'page_spacer', 'website_signature', 'page_icon_dir', 'modules_upgrade_list' ); $disallow_in_fields = array( 'pages_directory', 'media_directory', 'wb_version' ); $StripCodeFromInput = array( 'website_title', 'website_description', 'website_keywords', 'wysiwyg_style', 'search_module_order', 'search_max_excerpt', 'search_time_limit', 'pages_directory', 'page_icon_dir', 'media_directory', 'page_extension', 'rename_files_on_upload', 'page_spacer', 'page_icon_dir', 'modules_upgrade_list' ); $bRebuildAccessFiles = ( (isset( $_POST['rebuild_access_files']) && ( $_POST['rebuild_access_files'] == true )) ? true : false ) ; // Query current settings in the db, then loop through them and update the db with the new value $settings = array(); $old_settings = array(); // Query current settings in the db, then loop through them to get old values $sql = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'settings`'; $sql .= 'ORDER BY `name`'; if($res_settings = $database->query($sql)) { $passed = false; while($setting = $res_settings->fetchRow()) { $setting_name = $setting['name']; $old_settings[$setting_name] = $setting['value']; $value = $admin->get_post($setting_name); $value = isset($_POST[$setting_name]) ? $value : $old_settings[$setting_name] ; switch ($setting_name) { case 'default_timezone': $value=$value*60*60; $passed = true; break; case 'string_dir_mode': $value=$dir_mode; $passed = true; break; case 'string_file_mode': $value=$file_mode; $passed = true; break; case 'sec_anchor': $value = $admin->StripCodeFromText($value); $value=(($value=='') ? 'section_' : $value); $passed = true; break; case 'pages_directory': $value = $admin->StripCodeFromText($value); $bNewPageFile = ( ( $value!= $old_settings['pages_directory'] ) ? true : false ); $passed = $bNewPageFile; $sGetId = '&id='.$bNewPageFile; // if(!is_dir(WB_PATH.$value) && is_writable(WB_PATH)) { // $passed = make_dir(WB_PATH.$value); // } $value = (($passed == true) ? $value : $old_settings['pages_directory']); $sPageDirectory = $value; break; case 'wbmailer_smtp_auth': // $value = isset($_POST[$setting_name]) ? $_POST[$setting_name] : '' ; $value = true ; $passed = true; break; default : $passed = in_array($setting_name, $allow_empty_values); if(in_array($setting_name, $StripCodeFromInput) ) { $value = $admin->StripCodeFromText($value); } break; } if (!in_array($setting_name, $allow_tags_in_fields)) { $value = strip_tags($value); } if ( !in_array($value, $disallow_in_fields) && (isset($_POST[$setting_name]) || $passed == true) ) { $value = trim($admin->add_slashes($value)); $sql = 'UPDATE `'.TABLE_PREFIX.'settings` '; $sql .= 'SET `value` = \''.($value).'\' '; // mysql_escape_string $sql .= 'WHERE `name` != \'wb_version\' '; $sql .= 'AND `name` = \''.$setting_name.'\' '; if (!$database->query($sql)) { if($database->is_error()) { $admin->print_error($database->get_error, $js_back ); } } } } if(($bRebuildAccessFiles==true) && ($_POST['modules_upgrade_list']!='') && ($sPageDirectory==$old_settings['pages_directory']) ) { rebuild_all_accessfiles(); $aModuleList = ( explode(',', $_POST['modules_upgrade_list'])); upgrade_modules($aModuleList); } } $StripCodeFromISearch = array( 'search_module_order', 'search_max_excerpt', 'search_time_limit', ); // Query current search settings in the db, then loop through them and update the db with the new value $sql = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'search` '; $sql .= 'WHERE `extra` = ""'; $res_search = $database->query($sql); if($database->is_error()) { $admin->print_error($database->is_error(), $js_back ); } while($search_setting = $res_search->fetchRow()) { $old_value = $search_setting['value']; $setting_name = $search_setting['name']; $post_name = 'search_'.$setting_name; // hold old value if post is empty // check search template $value = ($admin->get_post($post_name)); if(in_array($post_name, $StripCodeFromISearch) ) { $value = $admin->StripCodeFromText($value); } $value = ( ($value == '') && ($setting_name != 'template') ) ? $old_value : $value; // $value = ( ($admin->get_post($post_name) == '') && ($setting_name == 'template') ) ? DEFAULT_TEMPLATE : $admin->get_post($post_name); if(isset($value)) { $value = $admin->add_slashes($value); $sql = 'UPDATE `'.TABLE_PREFIX.'search` '; $sql .= 'SET `value` = "'.$value.'" '; $sql .= 'WHERE `name` = "'.$setting_name.'" '; $sql .= 'AND `extra` = ""'; if($database->query($sql)) { } $sql_info = mysql_info($database->db_handle); } } // Check if there was an error updating the db if($database->is_error()) { $admin->print_error($database->get_error, $js_back ); } else { $admin->print_success($MESSAGE['SETTINGS_SAVED'], $js_back ); } $admin->print_footer();