','

'; $nav.=f_page_nav_ca($total_records, $ca_pref_dir.'centraladmin.php?process=manageusers'.($search_used? '&search_string='.f_strip_tags(trim($_GET['search_string'])): ''),$f_max_rec_on_admin,$curr_page); if(!empty($users_array)) { $cap_arrays=array($ca_lang_l['user'],f_ucfirst($ca_lang_l['details']),$ca_lang_l['access to'],$ca_lang_l['status']); $table_data=array(); $url=$ca_pref_dir."centraladmin.php?process=processuser".$ca_l_amp; foreach($users_array as $key=>$value) { if(!empty($value)) { $usr=$value['username']; $usrid=$value['id']; $user=''.$usr.''; $user.='' .'' .''; $details=$ca_span8.f_strtoupper(str_replace('"','"',un_esc($value['first_name'])))." ".f_strtoupper(str_replace('"','"',un_esc($value['surname']))).$f_br .un_esc($value['email']).""; $sv_eac='sv(\'editaccess_'.$usrid.'\');';$svc_eat='svc(\'editaccess_'.$usrid.'\');'; $sv_edet='sv(\'editdetails_'.$usrid.'\');';$svc_edet='svc(\'editdetails_'.$usrid.'\');'; $sv_epas='sv(\'editpass_'.$usrid.'\');';$svc_epas='svc(\'editpass_'.$usrid.'\');'; $access='';$range=false; if(!isset($value['access'])) $access=''.($v['type']=='0'?$ca_lang_l['view all']:$ca_lang_l['edit all']).''; else { foreach($value['access'] as $k=>$v) //ALL-write { if($v['section']=='ALL') { $access.=''.($v['type']=='0'?$ca_lang_l['view all']:$ca_lang_l['edit all']).''; } else { $sv_chr='sv(\'check_range_'.$usrid.'_'.$v['section'].'\');';$svc_chr='svc(\'check_range_'.$usrid.'_'.$v['section'].'\');'; $section_name=(isset($section_names_arr[$v['section']])? $section_names_arr[$v['section']]:''); if(empty($section_name)) $section_name=$v['section']; $href='javascript:void(0);" onclick="'.$sv_chr.$svc_eat.$svc_edet.$svc_epas; if($f_use_prot_areas) $access.=''.$section_name.' ('.f_ucfirst($ca_access_type_ex[$v['type']]).')'; else $access.=''.f_ucfirst($ca_access_type_ex['2']).' '; $access.=' ['.$ca_lang_l['check range'].'] '.$f_br; $range=true; } if(!$f_use_prot_areas) break; } } $user_nav=array($ca_lang_l['edit access']=>'javascript:void(0);" onclick="'.$sv_eac.$svc_edet.$svc_epas.($range?$svc_chr:''), $ca_lang_l['details']=>'javascript:void(0);" onclick="'.$svc_eat.$sv_edet.$svc_epas.($range?$svc_chr:''), $ca_lang_l['password']=>'javascript:void(0);" onclick="'.$svc_eat.$svc_edet.$sv_epas.($range?$svc_chr:''), $ca_lang_l['remove']=>$url."&removeuser=".$usrid.'" onclick="javascript:return confirm(\''.f_ucfirst($ca_lang_l['remove MSG']).'\')'); if($value['status']=='1') {$status_value=$ca_lang_l['active']; $status_link_label=$ca_lang_l['block']; $act='block';} else {$status_value=$ca_lang_l['blocked']; $status_link_label=$ca_lang_l['activate']; $act='activate';} $status=''.f_ucfirst($status_value).''; $status_nav=array($status_link_label=>$url."&".$act."=".$usrid); $row_data=array(array($user,$user_nav),$details,($access==''?'No access':$access),array($status, $status_nav)); $table_data[]=$row_data; } } $output.=f_admintable($nav,$cap_arrays,$table_data); } else { $table_data[]=array($ca_span8.f_ucfirst($ca_lang_l['none users']).''); $output.=f_admintable($nav,array(),$table_data); } $output=f_fmt_admin_screen($output, build_menu()); print GT($output); } function process_users() //process add/edit/remove user { global $ca_pref,$ca_lang_l,$f_fmt_span8em,$ca_site_url,$f_lf,$ca_areaarray,$f_use_prot_areas,$ca_allunamechars; $output='';$sections='';$details='';$news=''; if(isset($_POST["select_all"]) && $_POST["select_all"]=='no') { $user_id=(isset($_POST["id"]))? '_'.f_strip_tags($_POST["id"]): ''; if($f_use_prot_areas) { $a_k=0; foreach($ca_areaarray as $sec_id=>$v) // to each section from ca_areaarray --> access_type assigned { $a_type=(isset($_POST["access_type".$sec_id.$user_id])? f_strip_tags($_POST["access_type".$sec_id.$user_id]): ''); if($a_type!='-1') { $sections.=''; if($a_type=='2') { $section_range=get_prot_pages_list($sec_id,true); foreach($section_range as $key=>$val) { $pid=$val['id']; if(isset($_POST["access_to_page".$pid])) $sections.='

'; } } $sections.=''; $a_k++; } } } else { $section_range=get_prot_pages_list('',true); $sections.=''; foreach($section_range as $key=>$val) { $pid=$val['id']; if(isset($_POST["access_to_page".$pid])) $sections.='

'; } $sections.=''; } } elseif(isset($_POST["select_all"]) && $_POST["select_all"]=='yesw') {$sections.='';} //ALL-write else {$sections.='';} //ALL-read if(isset($_POST["email"]) || isset($_POST["name"]) || isset($_POST["sirname"])) //details $details.='

'; if(isset($_POST["news_for"])) //news - event manager { foreach($_POST["news_for"] as $k=>$v) { if(strpos($v,'%')!==false) {list($p,$c)=explode('%',$v);} else {$p=$v;$c='';} $news.=''; } } $flag=(isset($_POST['flag'])?$_POST['flag']:''); //action flag - add, edit... if(isset($_GET['search_string'])) { manage_users(); exit; } elseif(isset($_POST['save'])) { $usrid=(isset($_POST["id"]))? $_POST["id"]: 0; $username=(isset($_POST['username'])?$_POST['username']:''); $msg=''; if($flag=='add' && !preg_match($ca_allunamechars,$_POST['username'])) $msg=$ca_lang_l['can contain only']; elseif($flag=='add'|| $flag=='editdetails') { if(empty($_POST['username'])) $msg=$ca_lang_l['fill in'].' '.f_ucfirst($ca_lang_l['username']); elseif($_POST['username']!=$_POST['old_username'] && duplicated_user($_POST['username'])) $msg=$ca_lang_l['username exists']; elseif(!empty($_POST["email"]) && !f_validate_email($_POST["email"])) $msg=$ca_lang_l['nonvalid email']; } elseif($flag=='add'|| $flag=='editpass') { if(empty($_POST['password'])) $msg=$ca_lang_l['fill in'].' '.f_ucfirst($ca_lang_l['password']); elseif(empty($_POST['repeatedpassword'])) $msg=$ca_lang_l['repeat password']; elseif($_POST['password']!=$_POST['repeatedpassword']) $msg=$ca_lang_l['password and repeated password']; elseif(strlen(trim($_POST['password']))<5) $msg=$ca_lang_l['your password should be']; elseif(strtolower($_POST['username'])==strtolower($_POST['password'])) $msg=$ca_lang_l['username equal password']; } if($msg!='') { $msg=sprintf($f_fmt_span8em,f_ucfirst($msg)); if($flag=='add') $output.=build_add_user_form($msg); else $output.=build_edit_user_form($flag,$msg,$username); } else { if($flag=='add') db_write_user('add',$usrid,$username,crypt($_POST['password']),$sections,$details,$news); // ADD USER elseif($flag=='editpass') db_write_user('editpass',$usrid,$username,crypt($_POST['password'])); // CHANGE PASS elseif($flag=='editaccess') db_write_user('editaccess',$usrid,$username,'',$sections); // CHANGE ACCESS elseif($flag=='editdetails') db_write_user('editdetails',$usrid,$_POST['old_username'],'','',$details,$news); // CHANGE DETAILS manage_users(); exit; } } elseif(isset($_GET['removeuser'])) // REMOVE USER { $username_id=$_GET['removeuser']; db_remove_user($username_id); manage_users(); exit; } elseif(isset($_GET['activate']) || isset($_GET['block'])) // CHANGE STATUS { $usrid=(isset($_GET['activate']))? $_GET['activate']: $_GET['block']; db_write_user((isset($_GET['activate']))? 'activate': 'block',$usrid); $user_data=f_get_user($usrid,$ca_pref,'',$usrid); if(!empty($user_data['email'])) { $content=(isset($_GET['activate']))? $ca_lang_l['sr_activated_msg']: $ca_lang_l['sr_blocked_msg']; $subject=(isset($_GET['activate']))? $ca_lang_l['sr_activated_subject']: $ca_lang_l['sr_blocked_subject']; $content=str_replace(array('%%username%%','%%USERNAME%%','%%site%%'), array($user_data['username'],$user_data['username'],$ca_site_url),$content); $subject=str_replace('%%site%%',$ca_site_url,$subject); f_send_mail_ca(str_replace("##",'
',$content),str_replace("##",$f_lf,$content),$subject, $user_data['email']); } manage_users(); exit; } else $output.=build_add_user_form(); $output=f_fmt_admin_screen($output, build_menu($flag=='add'?' - '.$ca_lang_l['add user']:'')); $output=GT($output); print $output; } function check_section_range($standalone,$section_id='',$username='',$user_data='') // check section range screen { global $template_in_root,$ca_lang_l,$f_sp_pages_ids,$f_br,$ca_pref,$f_fmt_span8,$ca_access_type_ex,$ca_access_type,$ca_areaarray, $f_use_prot_areas; $section_range=get_prot_pages_list($section_id,true); $access_by_page=array(); $section_name=(isset($ca_areaarray[$section_id])? $ca_areaarray[$section_id]: ''); if($username!='') { if(!empty($user_data)) { foreach($user_data['access'] as $k=>$v) { if($v['section']==$section_id || $section_id=='') { if($v['type']=='2') {$page_access=$v['page_access'];break;} else {$a_type=$v['type'];} if($section_id!='') break; } if($section_id=='' && !$f_use_prot_areas && $v['type']!='2') { $sec_r=get_prot_pages_list($v['section'],true); foreach($sec_r as $kk=>$vv) $access_by_page[$vv['id']]=$v['type']; } } } if(isset($page_access)) foreach($page_access as $k=>$v) { $access_by_page[$v['page']]=$v['type']; } } $legend=sprintf($f_fmt_span8,($standalone)?f_ucfirst($ca_lang_l['section']).": ".$section_name:f_ucfirst($ca_lang_l['page level'])); $pro='';$unpro=''; $line='

:: %s

'; $output='

'; foreach($section_range as $k=>$v) { if($template_in_root) $fixed_url=str_replace('../','',$v['url']); elseif(strpos($v['url'],'/')!==false) $fixed_url=$v['url']; else $fixed_url='../'.$v['url']; $url=str_replace('..','',$v['url']); if($v['typeid']=='136' || $v['typeid']=='137' || $v['typeid']=='143' || $v['typeid']=='138') { if($v['protected']=='TRUE') $access_type_f=in_array($v['typeid'],$f_sp_pages_ids)? array('0'=>'view','1'=>'edit','3'=>'edit own posts','2'=>'no access'):array('0'=>'view','2'=>'no access'); else $access_type_f=array('0'=>'no access','1'=>'edit','3'=>'edit own posts'); //edit own } else { if($v['protected']=='TRUE') $access_type_f=in_array($v['typeid'],$f_sp_pages_ids)? array('0'=>'view','1'=>'edit','2'=>'no access'):array('0'=>'view','2'=>'no access'); else $access_type_f=array('0'=>'no access','1'=>'edit'); //edit own } if(!$standalone) { if(isset($access_by_page)&&isset($access_by_page[$v['id']])) $default=$access_by_page[$v['id']]; else $default=(!isset($page_access))?'2':($v['protected']=='TRUE'?'2':'0'); $combo=f_build_select('access_to_page'.$v['id'],$access_type_f,$default,'style="width: 110px"'); } elseif(isset($access_by_page)) { $combo='[ '.(isset($access_by_page[$v['id']]) && isset($access_type_f[$access_by_page[$v['id']]])? $access_type_f[$access_by_page[$v['id']]]:'no access').' ]'; } else $combo='[ '.(isset($a_type)? $ca_access_type[$a_type]: $ca_access_type_ex['2']).' ]'; if($v['protected']=='TRUE') $pro.=sprintf($line,$url,$fixed_url,$v['name'],$combo); elseif($v['protected']=='FALSE') $unpro.=sprintf($line,$url,$fixed_url,$v['name'],$combo); } $pro_label=($pro!='')?$f_br.f_ucfirst($ca_lang_l['protected pages']):''; $unpro_label=($unpro!='')?f_ucfirst($ca_lang_l['unprotected pages']):''; if($f_use_prot_areas) { $line='

%s%s'.$f_br."%s".$f_br.'%s'.$f_br.'%s

'; $output.=sprintf($line,$legend,$pro_label,$pro,$unpro_label,$unpro); } else $output.=sprintf('%s'.$f_br."%s".$f_br.'%s'.$f_br.'%s', $pro_label,$pro,$unpro_label,$unpro); return $output.'

'; } function check_pending_users($msg='') { global $ca_pref_dir,$ca_lang_l,$ca_l,$ca_l_amp,$f_lf,$f_br,$f_fmt_caption,$ca_span8,$ca_access_type_ex,$ca_access_type,$ca_site_url,$ca_areaarray; if(isset($_GET['removeuser'])) // REMOVE USER { $user_id=$_GET['removeuser']; db_remove_user($user_id,'selfreg_users'); $msg=$f_br.f_ucfirst($ca_lang_l['user removed']); } $users=db_get_users('selfreg_users'); $users_array=($users!='')?f_format_users($users):array(); if(isset($_GET['resend'])) // RE_SEND CONFIRMATION EMAIL TO USER { $user_id=$_GET['resend']; foreach($users_array as $k=>$v) { if($v['id']==$user_id) {$user_info=$v; break;} } $link=f_build_self_url('centraladmin.php').'?id='.$user_id.'&process=register'.$ca_l; $content=str_replace(array("##","%CONFIRMLINK%"),array('
',''.$link.''),$ca_lang_l['sr_email_msg']); $content=str_replace(array('%%username%%','%%USERNAME%%','%%site%%'),array($user_info['username'],$user_info['username'],$ca_site_url),$content); $content_text=str_replace("##",$f_lf,$ca_lang_l['sr_email_msg']); $content_text=str_replace("%%site%%", $ca_site_url, $content_text); $content_text=str_replace(array('%%username%%','%%USERNAME%%',"%CONFIRMLINK%"),array($user_info['username'],$user_info['username'],$link),$content_text); $subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_email_subject']); $send_to_email=$user_info["email"]; $log_data='USER:'.$user_info['username'].' EMAIL:'.$user_info["email"]; $log_msg='success'; $result=f_send_mail_ca($content,$content_text,$subject,$send_to_email); if($result=="1") { $log_msg.=", email SENT"; $msg=$f_br.f_ucfirst($ca_lang_l['email resent']).' '.f_strtoupper($user_info['username']); } else { $log_msg='fail, email FAILED ('.f_strip_tags($result).')'; $msg='Email FAILED. Try again.'; } write_log('resend',$log_data,$log_msg); } $output=($msg!=''?''.$msg.''.$f_br.$f_br: ''); if(!empty($users_array)) { $cap_arrays=array($ca_lang_l['user'],f_ucfirst($ca_lang_l['details']),$ca_lang_l['access to']); $table_data=array(); $base=f_build_self_url('centraladmin.php'); $url=$ca_pref_dir."centraladmin.php?process="; foreach($users_array as $key=>$value) { if(!empty($value)) { $usr=$value['username']; $user=''.$usr.''; $user_nav=array($ca_lang_l['confirm']=>$url."register&id=".$value['id']."&flag=admin".$ca_l_amp, $ca_lang_l['resend']=>$url."pendingreg&resend=".$value['id'].$ca_l_amp.'" onclick="javascript:return confirm(\'' .f_ucfirst($ca_lang_l['resend MSG']).' '.f_strtoupper($usr)." - ".un_esc($value['first_name'])." ".un_esc($value['surname']).'?\')', $ca_lang_l['remove']=>$url."pendingreg&removeuser=".$value['id'].$ca_l_amp.'" onclick="javascript:return confirm(\''.f_ucfirst($ca_lang_l['remove MSG']).'\')'); $details=$ca_span8.f_strtoupper(un_esc($value['first_name']))." ".f_strtoupper(un_esc($value['surname'])).$f_br .$value['email'].""; $access=''; $access=''; if(!isset($value['access'])) $access.=$ca_lang_l['view all'].''; else { foreach($value['access'] as $k=>$v) //ALL-write { if($v['section']=='ALL') $access.=($v['type']=='0'?$ca_lang_l['view all']:$ca_lang_l['edit all']).''; else { $section_name=$ca_areaarray[$v['section']]; if(empty($section_name)) $section_name=$v['section']; $access.=$section_name.' ('.f_ucfirst($ca_access_type_ex[$v['type']]).')'; } } } $row_data=array(array($user,$user_nav),$details,$access); $table_data[]=$row_data; } } $output.=f_admintable('',$cap_arrays,$table_data); } else { $table_data[]= array($ca_span8.f_ucfirst($ca_lang_l['none users']).''); $output.=f_admintable('',array(),$table_data); } $output=f_fmt_admin_screen($output, build_menu()); print GT($output); } function conf_counter() { global $ca_settings,$ca_db_settings_file,$ca_pref_dir,$ca_lang_l,$ca_l,$ca_l_amp,$f_counter_images,$template_in_root,$f_br,$f_ct,$ca_template_file; $C_UNIQUE_START_COUNT=0; $C_LOADS_START_COUNT=0; $C_GRAPHICAL=1; $C_MAX_VISIT_LENGHT=1800; $C_NUMBER_OF_DIGITS=8; $C_DISPLAY=0; //1- page loads; 0- unique $visit_len_list=array('1800'=>'30 min','3600'=>'1 h','7200'=>'2 h','10800'=>'3 h','216000'=>'6 h','432000'=>'12 h','864000'=>'24 h'); $number_digits_list=array(4=>4,5=>5,6=>6,7=>7,8=>8,9=>9,10=>10); $show_list=array('show unique visitors','show pageloads'); $counter_type=array('text','graphical'); $table_data=array(); $end=''; if(!isset($_POST['save'])) { $settings=f_GFS($ca_settings,'',''); $max_visit_len=(strpos($settings,'')!==false)?f_GFS($settings,'',''):$C_MAX_VISIT_LENGHT; $number_of_digits=(strpos($settings,'')!==false)?f_GFS($settings,'',''):$C_NUMBER_OF_DIGITS; $size=(strpos($settings,'')!==false)?f_GFS($settings,'',''):1; $display=(strpos($settings,'')!==false)?f_GFS($settings,'',''):$C_DISPLAY; $loads_start_count=(strpos($settings,'')!==false)?f_GFS($settings,'',''):$C_LOADS_START_COUNT; $unique_start_count=(strpos($settings,'')!==false)?f_GFS($settings,'',''):$C_UNIQUE_START_COUNT; $graphical=(strpos($settings,'')!==false)?f_GFS($settings,'',''):$C_GRAPHICAL; $s=(isset($_GET['size'])?$_GET['size']:$size); $rss_count=(strpos($settings,'')!==false)?f_GFS($settings,'',''):'0'; $table_data[]=array($ca_lang_l['display'], f_build_select('display',$show_list,(isset($_GET['display'])?$_GET['display']:$display))); $table_data[]=array($ca_lang_l['number of digits'], f_build_select('number_digits',$number_digits_list,(isset($_GET['num_digits'])?$_GET['num_digits']:$number_of_digits-1))); $table_data[]=array($ca_lang_l['maximum visit length'], f_build_select('max_visit_len',$visit_len_list,(isset($_GET['v_length'])?$_GET['v_length']:$max_visit_len))); $table_data[]=array($ca_lang_l['unique start offset'], f_build_input('u_st_count',(isset($_GET['u_offset'])?$_GET['u_offset']:$unique_start_count),'','','text','size="10"')); $table_data[]=array($ca_lang_l['pageloads start offset'], f_build_input('l_st_count',(isset($_GET['l_offset'])?$_GET['l_offset']:$loads_start_count),'','','text','size="10"')); $table_data[]=array($ca_lang_l['counter type'], f_build_select('graphical',$counter_type,(isset($_GET['graphical'])?$_GET['graphical']:$graphical))); $counter_type=''; $inp='

'; $cnt=count($f_counter_images)+1; for($i=1;$i<$cnt;$i++) $counter_type.=sprintf($inp,$i,($s==$i)?'checked="checked"':'',$i); $table_data[]=array('',$counter_type); $rss_count_line=''.f_ucfirst($ca_lang_l['count when RSS feed'])." "; $table_data[]=array('', $rss_count_line); $end=ca_getformbuttons(); $end.=$f_br.'

'; } else { $newsettings=''.$_POST['max_visit_len'].''.$_POST['graphical'].'' .''.($_POST['number_digits']+1).''.$_POST['size'].''.$_POST['display'].'' .''.$_POST['l_st_count'].''.$_POST['u_st_count'].''.(isset($_POST['rss_count'])?$_POST['rss_count']:0).''; $re=f_write_tagged_data('counter', $newsettings, $ca_db_settings_file, $ca_template_file); $table_data[]=array('', ''.(($re==true)?f_ucfirst($ca_lang_l['settings saved']):"Settings not saved. ERROR.").''); } $output='"; $output=f_fmt_admin_screen($output, build_menu()); $output=GT($output); print $output; } function conf_registration() { global $ca_db_settings_file,$ca_settings,$ca_pref_dir,$ca_lang_l,$ca_l_amp,$ca_access_type,$f_br,$f_ct,$f_fmt_star,$ca_template_file, $ca_areaarray, $f_navtop,$f_navend,$ca_access_type_ex,$f_use_prot_areas; $output=''; $admin_email=''; $terms_url=''; $notes=''; $access_str=''; $access=array(); $confirm_message=''; $input_size=500; $input='',''); if(strpos($settings,'')!==false) $admin_email=f_GFS($settings,'',''); if(strpos($settings,'')!==false) $terms_url=f_GFS($settings,'',''); if(strpos($settings,'')!==false) $notes=f_GFS($settings,'',''); if(strpos($settings,'')!==false) $confirm_message=f_GFS($settings,'',''); if(strpos($settings,'')!==false) $access_str=f_GFS($settings,'',''); $require_approval=f_GFS($settings,'',''); if($require_approval=='') $require_approval='0'; if($access_str!='') $temp_access=explode('|',$access_str); if(isset($temp_access)) { foreach($temp_access as $k=>$v) { $t=explode('%%',$v); $page_level_str=f_GFS($v,'(',')'); if(!empty($page_level_str)) $t[1]=str_replace('('.$page_level_str.')','',$t[1]); if($t[1]=='2') { $page_level_arr=explode(';',$page_level_str); foreach($page_level_arr as $kk=>$vv) { $value=explode('%',$vv); $page_access_arr []=array('page'=>$value[0], 'type'=>$value[1]); } $access[]=array('section'=>$t[0],'type'=>$t[1],'page_access'=>$page_access_arr); } else $access[]=array('section'=>$t[0],'type'=>$t[1]); } } $admin_email_value=(isset($_GET['admin_email'])?$_GET['admin_email']:$admin_email); $admin_mail_line=sprintf($input,'admin_email',$admin_email_value).$f_br.f_format_ca_notice($ca_lang_l['confreg_msg2']); $table_data[]=array($ca_lang_l['admin email'].$f_fmt_star, $admin_mail_line); $terms_line=sprintf($input,'terms_url',(isset($_GET['terms_url'])?$_GET['terms_url']:$terms_url)).$f_br.f_format_ca_notice($ca_lang_l['confreg_msg1']); $table_data[]=array($ca_lang_l['terms url'], $terms_line); $notes_line=''.$f_br .$f_br.f_format_ca_notice($ca_lang_l['confreg_msg5']); $table_data[]=array($ca_lang_l['notes'], $notes_line); $select_all_flag=(empty($access) || $access[0]['section']=='ALL'? true: false); $select_all_val=(!empty($access) && $select_all_flag)?$access[0]['type']:'undefined'; $checked_all_read=(empty($access) || $access[0]['section']=='ALL' && $access[0]['type']=='0'); $checked_all_write=(!empty($access) && $access[0]['section']=='ALL' && $access[0]['type']=='1'); $checked_selected=(!empty($access) && $access[0]['section']!='ALL'); $line_template='

'; $confirm_line=''.$f_br .$f_br.f_format_ca_notice($ca_lang_l['confreg_msg6']); $table_data[]=array($ca_lang_l['confirm_message'], $confirm_line); $access_line=''.f_ucfirst($ca_lang_l['view all'])."".$f_br; $access_line.=''.f_ucfirst($ca_lang_l['edit all'])."".$f_br; if(!empty($ca_areaarray)) { $access_line.=' '.f_ucfirst($ca_lang_l['page level']).' '.$f_br; } else {$access_line.=$f_br.''.f_ucfirst($ca_lang_l['adduser_msg1']).'';} $selected_sec_ids=array(); $selected_sec_access=array(); if($access!='') { foreach($access as $k=>$v) {$selected_sec_ids[]=$v['section']; $selected_sec_access[]=$v['type'];} } $access_line.='

'; if($f_use_prot_areas) { foreach($ca_areaarray as $k=>$v) { $cur_sec_id=$k; $cur_sec_name=$v; $secaccess_type=(!$checked_selected)?'2':'-1'; $index=array_search($cur_sec_id,$selected_sec_ids); if($index!==false) $secaccess_type=$selected_sec_access[$index]['type']; $access_line.=$f_br.sprintf($line_template,$cur_sec_name, f_build_select('access_type'.$cur_sec_id,$ca_access_type_ex,$secaccess_type,'onchange="javascript:tS(\''.$cur_sec_id.'\');"')); $access_line.='

'; $access_line.=check_section_range(0,$cur_sec_id,'none',array('access'=>$access)).'

'; } } else $access_line.='

'.check_section_range(0,'','none',array('access'=>$access))."

"; $access_line.='

'.$f_br.'

'.f_format_ca_notice($ca_lang_l['confreg_msg7']).$f_br.''.f_ucfirst($ca_lang_l['view']).' - '.f_ucfirst($ca_lang_l['adduser_msg2']).''.$f_br.''.f_ucfirst($ca_lang_l['edit']).' - '.f_ucfirst($ca_lang_l['adduser_msg3']).'

'; $table_data[]=array($ca_lang_l['access to'], $access_line); $require_line=''.f_ucfirst($ca_lang_l['require_approval'])." "; $table_data[]=array('', $require_line); $end=ca_getformbuttons(); $end.=$f_br.""; } else { $require_app=(isset($_POST['require_approval'])? $_POST['require_approval']: '0'); $sections=array(); if(isset($_POST["select_all"]) && $_POST["select_all"]=='no') { if($f_use_prot_areas) { foreach($ca_areaarray as $sec_id=>$v) { $a_type=(isset($_POST["access_type".$sec_id])? f_strip_tags($_POST["access_type".$sec_id]): '0'); if($a_type=='2') { $page_access_arr=array(); $section_range=get_prot_pages_list($sec_id,true); foreach($section_range as $key=>$val) { $pid=$val['id']; if(isset($_POST["access_to_page".$pid])) { $page_access_arr[]=$pid.'%'.f_strip_tags($_POST["access_to_page".$pid]); if($_POST["access_to_page".$pid]=='1' || $_POST["access_to_page".$pid]=='3') $require_app='1'; } } if(!empty($page_access_arr)) $page_access_str=implode(';',$page_access_arr); $sections[]=$sec_id.'%%'.$a_type.(!empty($page_access_str)? '('.$page_access_str.')': ''); } elseif($a_type!='-1') { $sections[]=$sec_id.'%%'.$a_type; if($a_type=='1' || $a_type=='3') $require_app='1'; } } } else { $page_access_arr=array(); $section_range=get_prot_pages_list('',true); foreach($section_range as $key=>$val) { $pid=$val['id']; if(isset($_POST["access_to_page".$pid])) $page_access_arr[]=$pid.'%'.f_strip_tags($_POST["access_to_page".$pid]); } if(!empty($page_access_arr)) $page_access_str=implode(';',$page_access_arr); $sections[]='0%%2'.(!empty($page_access_str)? '('.$page_access_str.')': ''); } } elseif(isset($_POST["select_all"]) && $_POST["select_all"]=='yesw') {$sections []= "ALL%%1"; $require_app='1'; } //ALL-write else {$sections[]= "ALL%%0";} //ALL-read $newsettings=''.$_POST['admin_email'].''.$_POST['terms_url'].''.''.$_POST['notes'].''.''.$_POST['confirm_message'].'' .''.$require_app.''.''. implode('|',$sections).''; $re=f_write_tagged_data('registration',$newsettings,$ca_db_settings_file, $ca_template_file); $table_data[]=array('', ''.(($re==true)?f_ucfirst($ca_lang_l['settings saved']):"Settings not saved. ERROR.").''); } $output=$f_navtop.''; $output.='

'.f_addentrytable($ca_lang_l['registration settings'],$table_data,$end)."

"; $output=f_fmt_admin_screen($output, build_menu(' - '.f_ucfirst($ca_lang_l['settings']))); $output=GT($output); if(!isset($_POST['save'])) { $mm='$(document).ready(function(){ $("#select_all_edit").click(function() {$("#require_approval").attr({checked:true, disabled:true}); });' .' $("#select_all_read").click(function() {$("#require_approval").attr({checked:false, disabled:false}); });' .' $("#select_all_sel").click(function() {$("#require_approval").attr({checked:false, disabled:false}); });' .' $("select").change(function() { option_val=this.options[this.selectedIndex].value; ' .' if((option_val==1) || (option_val==3)) {$("#require_approval").attr({checked:true,disabled:true});} ' .' else if((option_val==0) || (option_val==2)) {$("#require_approval").attr({checked:false,disabled:false}); $("select").each(function() { v=$(this).val(); if((v==1) || (v==3)) {$("#require_approval").attr({checked:true,disabled:true}); } }); } '.'});' .'});'; $output=f_include_script($mm,$output); } print $output; } # ----------------- build HTML functions function GT($html_output,$include_counter_flag=false,$title='',$lang_templ_page=false) { global $ca_template_file,$ca_lang_l,$f_ct,$ca_pref,$ca_lang,$template_in_root,$ca_action_id,$ca_sitemap_arr,$f_template_source, $ca_lang_template,$ca_user_actions,$f_lf; if($lang_templ_page && $ca_lang_template != '') { $ca_template=$ca_lang_template; $templ_root=(strpos($ca_template,'/')===false); if($templ_root) $ca_template='../'.$ca_template; } else { $ca_template=$ca_template_file; $templ_root=$template_in_root; } if(strpos($ca_template,'template_source')!==false) { $dm='0'; foreach($ca_sitemap_arr as $k=>$v) { if(strpos($v[1],'template_source')!==false) {$dm=$v[24]; break;} } if(in_array($ca_action_id,$ca_user_actions) && f_detect_mobile($dm)) $f_template_source=str_replace('template_source','i_template_source',$f_template_source); } $contents=f_fmt_in_template($ca_template,$html_output,'','',true,$include_counter_flag,false,(strpos($ca_template,'.php') !== false)); $contents=str_replace(f_GFSAbi($contents,'',''),''.(($title=='')?$ca_lang_l['administration panel']:$title).'', $contents); if($templ_root) $contents=str_replace('',''.$f_lf.''si",'',$contents); return $contents; } function build_login_form($ms='',$ref_url='',$user_account=array()) { global $thispage_id,$ca_lang_l,$f_sp_pages_ids,$sr_enable,$ca_l_amp,$f_http_prefix,$f_br,$f_ct,$ca_pref,$f_inter_languages_a, $f_site_languages_a,$f_loginvalidation,$ca_site_url,$f_lf,$ca_loginids,$pwchange_enable; $contents=''; $pattern=''; $lform_in_earea=false; $pageid_info=get_page_info($thispage_id); $curr_lang=$f_inter_languages_a[array_search($pageid_info[16], $f_site_languages_a)]; if($curr_lang=='' && isset($_REQUEST['lang'])) $curr_lang=f_strip_tags($_REQUEST['lang']); ca_update_language_set($curr_lang); $ca_l_amp=($curr_lang!='')? '&lang='.$curr_lang: $ca_l_amp; $r=isset($_REQUEST['r'])?'&r=1':''; $ca_l_amp.=$r; $direct_flag=(isset($_POST['loginid']) && isset($_GET['pageid']) && !isset($_GET['indexflag'])); $prot_page_info=($direct_flag)?get_page_info(f_strip_tags(trim($_POST['loginid']))):$pageid_info; $prot_page_name=$prot_page_info[1]; $prot_page_inroot=(strpos($prot_page_name,'../')===false)? true: false; $login_page_inroot=false; $doc_dir=($prot_page_inroot?'documents/':'../documents/'); foreach($ca_loginids as $k=>$v) { $login_page_info=get_page_info($v); if($login_page_info[22]==$pageid_info[22]) {$use_login_pageid=$v; break;} } if($direct_flag) { $contents=f_read_file($prot_page_name); } // login page (deprecated) elseif(isset($use_login_pageid)) // page with login form { $login_page_info=get_page_info($use_login_pageid); if(in_array($login_page_info[4],array('136','137','138','143','144','20'))) { $l_dir=(strpos($login_page_info[1],'../')===false)?'':'../'.f_GFS($login_page_info[1],'../','/').'/'; $login_page_name=$l_dir.$use_login_pageid.(f_check_protection($login_page_info) > 1? '.php': '.html'); } elseif($login_page_info[4]=='18') { $l_dir=(strpos($login_page_info[1],'../')===false)?'':'../'.f_GFS($login_page_info[1],'../','/').'/'; $login_page_name=$l_dir.($use_login_pageid+1).'.html'; } else $login_page_name=$login_page_info[1]; if(f_detect_mobile($login_page_info[24])) { if(strpos($login_page_name,'/')===false) $login_page_name='i_'.$login_page_name; else {$t_name=substr($login_page_name,strrpos($login_page_name,'/')+1); $login_page_name=str_replace($t_name,'i_'.$t_name,$login_page_name);} } $login_page_inroot=(strpos($login_page_name,'../')===false)? true: false; if($login_page_inroot && (!$prot_page_inroot || $ca_pref=='../')) $login_page_name='../'.$login_page_name; $contents=f_read_file($login_page_name); $contents=f_clear_macros($contents,$login_page_info[4]); if($prot_page_inroot) $contents=str_replace('="../','="',$contents); if(!$prot_page_inroot && $login_page_inroot) $contents=str_replace(array('href="documents/centraladmin.php?','src="','url("images','url(images','url("extimages','url(extimages'), array('href="../documents/centraladmin.php?','src="../','url("../images','url(../images','url("../extimages','url(../extimages'), $contents); } else // default login { $contents='

"; } if((!isset($_GET['pageid']) || isset($_GET['indexflag']) || $ref_url!='') && !$direct_flag) { $rep_what=f_GFSAbi($contents,'method="post" action="','">'); // login form action fixation $url_st=$doc_dir."centraladmin.php?pageid="; if(isset($_GET['indexflag'])) $rep_with=$url_st.$thispage_id."&indexflag=index".$ca_l_amp; elseif(isset($_GET['pageid']) && $ref_url!='') $rep_with=$url_st.$thispage_id.$ca_l_amp.'&ref_url='.urlencode($ref_url); else $rep_with=$prot_page_name; $contents=str_replace($rep_what,'method="post" action="'.$rep_with.'">',$contents); if(in_array($prot_page_info[4],array('136','137','138','143','144','20'))) // Special PHP pages { if(!$prot_page_inroot) $f_dir='../'.f_GFS($prot_page_info[1],'../','/').'/'; elseif(f_check_protection($prot_page_info) == 1) $f_dir='../'; else $f_dir=''; $f_dir=str_replace('//','/',$f_dir); $prot_page_name_fixed=$f_dir.$thispage_id.(f_check_protection($prot_page_info) > 1 ?'.php':'.html'); } elseif($prot_page_info[4]=='133') { if(!$prot_page_inroot) $prot_page_name_fixed=$prot_page_name; elseif(f_check_protection($prot_page_info) == 1) $prot_page_name_fixed='../'.$prot_page_name; else $prot_page_name_fixed=$prot_page_name; $prot_page_name_fixed=str_replace('//','/',$prot_page_name_fixed); } else $prot_page_name_fixed=$prot_page_name; if(f_detect_mobile($prot_page_info[24])) { if(strpos($prot_page_name_fixed,'/')===false) $prot_page_name_fixed='i_'.$prot_page_name_fixed; else { $t_name=substr($prot_page_name_fixed,strrpos($prot_page_name_fixed,'/')+1); $prot_page_name_fixed=str_replace($t_name,'i_'.$t_name,$prot_page_name_fixed); } } if(strpos($prot_page_name_fixed,'../')===false && isset($_GET['indexflag'])) $prot_page_name_fixed='../'.$prot_page_name_fixed; if(file_exists($prot_page_name_fixed)) $protpage_content=f_read_file($prot_page_name_fixed); else $protpage_content='missing'; $contents=str_replace(array(''),array(''),$contents); if(strpos($contents,'')!==false) $replace_with=f_GFS($contents,'',''); else $replace_with=f_GFS($contents,f_GFSAbi($contents,''),''); $temp=f_GFS($protpage_content,'',''); $float_login=strpos($temp,'class="frm_login"')!==false; $login_page_scripts=$float_login?'':f_GFS($contents,'',''); if(strpos($protpage_content,'')!==false) {$for_replace=f_GFS($protpage_content,'','');} else $for_replace=f_GFS($protpage_content,f_GFSAbi($protpage_content,''),''); $contents=str_replace($for_replace,$replace_with,$protpage_content); if(!isset($use_login_pageid) || $use_login_pageid!=$thispage_id) { $temp_for_js=$login_page_scripts; $login_page_scripts_new=''; $temp_for_js=str_replace(f_GFSAbi($temp_for_js,'',''),'',$temp_for_js); while(strpos($temp_for_js,''); if(strpos($contents,$script_t)===false) $login_page_scripts_new.=$script_t; $temp_for_js=str_replace($script_t,'',$temp_for_js); } while(strpos($temp_for_js,''); if(strpos($contents,$style_t)===false) $login_page_scripts_new.=$style_t; $temp_for_js=str_replace($style_t,'',$temp_for_js); } if(!empty($login_page_scripts_new)) $login_page_scripts=$login_page_scripts_new; $contents=str_replace('',$login_page_scripts.'',$contents); } $contents=str_replace(f_GFS($contents,'',''),'',$contents); $contents=preg_replace("'<\?php.*?\?>'si",'',$contents); if(strpos($prot_page_info[1],'../')===false) { $dn=dirname($_SERVER['PHP_SELF']); $url=$f_http_prefix.$_SERVER['HTTP_HOST'].str_replace('//','/',str_replace('documents','',$dn=='\\'?'':$dn).'/'); $contents=str_replace('',''.$f_lf.''); $cl='documents/centraladmin.php?pageid='; if(((strpos($earea,'action="../'.$cl)!==false) || (strpos($earea,'action="'.$cl)!==false)) && !isset($use_login_pageid)) { $lform_in_earea=true; if(strpos($earea,'action="../'.$cl)!==false) { $act=f_GFSAbi($earea,'action="../'.$cl,'"'); $earea_new=str_replace($act,'action="../'.$cl.$thispage_id.'"',$earea); } else { $act=f_GFSAbi($earea,'action="'.$cl,'"'); $earea_new=str_replace($act,'action="'.$cl.$thispage_id.'"',$earea); } $contents=str_replace($earea,$earea_new,$contents); $contents=str_replace(f_GFS($contents,'',''),$f_br.'

'.$ca_lang_l['login form msg'].'

',$contents); } if($float_login) { $contents=str_replace(f_GFS($contents,'',''),$f_br.'

'.$ca_lang_l['login form msg'].'

',$contents); while(strpos($contents,''),'',$contents); if($ref_url!='') { $ext_form_area=f_GFS($contents,'',''); $ext_form_area_new=str_replace('action="../'.$cl,'action="../documents/centraladmin.php?ref_url='.urlencode($ref_url).'&pageid=',$ext_form_area); $ext_form_area_new=str_replace('action="'.$cl,'action="documents/centraladmin.php?ref_url='.urlencode($ref_url).'&pageid=',$ext_form_area_new); $contents=str_replace($ext_form_area,$ext_form_area_new,$contents); } $contents=str_replace('float_login({});','float_login({op:true});',$contents); } } $contents=str_replace(array('GMload();','GUnload();'),array('',''),$contents); if(!$direct_flag && !$lform_in_earea && !isset($float_login)) { $cc_js_code=str_replace('%ID%','login_def',$f_loginvalidation); $contents=str_replace('',''.$cc_js_code,$contents); } $contents=f_include_jquery_moo_js($contents,$ca_site_url); return str_replace('', ''.$f_lf.'',$contents); } function build_menu($caption='') { global $ca_pref_dir,$ca_lang_l,$ca_l_amp,$f_br,$f_counter_on,$ca_action_id,$f_admin_nickname; $url_base=$ca_pref_dir.'centraladmin.php?process='; $captions=array(); $urls=array(); $indexes=array(); $captions[]=$ca_lang_l['site map']; $urls[]=$url_base."index".$ca_l_amp; $indexes[]="index"; $captions[]=$ca_lang_l['manage users']; $urls[]=$url_base."manageusers".$ca_l_amp; $indexes[]="manageusers"; if($f_counter_on){$captions[]=$ca_lang_l['counter settings']; $urls[]=$url_base."confcounter".$ca_l_amp; $indexes[]="confcounter";} $captions[]=$ca_lang_l['registration settings']; $urls[]=$url_base."confreg".$ca_l_amp; $indexes[]="confreg"; $captions[]=$ca_lang_l['settings']; $urls[]=$url_base."conflang".$ca_l_amp; $indexes[]="conflang"; $captions[]=$ca_lang_l['log']; $urls[]=$url_base."log".$ca_l_amp; $indexes[]="log"; $captions[]=$ca_lang_l['logout'].'['.($f_admin_nickname!=''?$f_admin_nickname:'admin').']'; $urls[]=$url_base."logoutadmin".$ca_l_amp; $indexes[]="logoutadmin"; $action_key=array_search(trim($ca_action_id),$indexes); if($action_key!==false) $selected=$action_key; elseif($ca_action_id=='pendingreg') {$selected=array_search('manageusers',$indexes);$caption=' - '.$ca_lang_l['unconfirmed users'];} elseif($ca_action_id=='processuser') {$selected=array_search('manageusers',$indexes);} elseif($ca_action_id=='resetcounter') $selected=array_search('confcounter',$indexes); elseif($ca_action_id=='clearlog') $selected=array_search('log',$indexes); elseif($ca_action_id=='confreglang') $selected=array_search('confreg',$indexes); else $selected=''; $output=f_admin_navigation($captions,$urls,$selected,$caption); return $output; } function build_myprofile_menu($caption='') { global $ca_pref_dir,$ca_lang_l,$ca_l_amp,$f_br,$ca_action_id,$thispage_id,$f_inter_languages_a,$ca_lang,$pwchange_enable,$profilechange_enable; f_int_start_session(); $logged_as_caadmin=f_adminCookie(); $logged_as_causer=f_userCookie(); if($logged_as_caadmin || $logged_as_causer) { $logged_user=$logged_as_caadmin? f_getAdminCookie():f_getUserCookie(); } $url_base=$ca_pref_dir.'centraladmin.php?pageid='.$thispage_id.'&username='.$logged_user.'&ref_url='.(isset($_GET['ref_url'])? urlencode($_GET['ref_url']): '').'&process='; $captions=array(); $urls=array(); $indexes=array(); $captions[]=$ca_lang_l['site map']; $urls[]=$url_base."myprofile".$ca_l_amp; $indexes[]="myprofile"; if($profilechange_enable) { $captions[]=$ca_lang_l['profile']; $urls[]=$url_base."editprofile".$ca_l_amp; $indexes[]="editprofile"; } if($pwchange_enable) { $captions[]=$ca_lang_l['change password']; $urls[]=$url_base."changepass".$ca_l_amp; $indexes[]="changepass"; } $captions[]=$ca_lang_l['logout'].'['.$logged_user.']'; $urls[]=$ca_pref_dir.'centraladmin.php?process=logout&pageid='.$thispage_id.$ca_l_amp; $indexes[]="logout"; foreach($f_inter_languages_a as $k=>$v) { $captions[]=($ca_lang==$v && isset($_COOKIE[$logged_user.'_lang']))? '['.$v.']':$v; $urls[]=$url_base.$ca_action_id.'&setlang='.$v; $indexes[]=$ca_action_id; } if(!in_array('EN',$f_inter_languages_a)) {$captions[]=($ca_lang=='EN' && isset($_COOKIE[$logged_user.'_lang']))? '['.'EN'.']':'EN'; $urls[]=$url_base.$ca_action_id.'&setlang='.'EN'; $indexes[]=$ca_action_id;} $action_key=array_search(trim($ca_action_id),$indexes); $selected=($action_key!==false)? $action_key: ''; $output=f_admin_navigation($captions,$urls,$selected,$caption); return $output; } function build_login_form_ca($msg) { global $ca_pref_dir,$ca_lang_l,$ca_l_amp,$f_ct,$f_br,$f_mobile_detected; $vert=($f_mobile_detected); $output='

'; return $output; } function build_add_user_form($msg='') { global $ca_access_type_ex,$ca_pref_dir,$ca_lang_l,$ca_l_amp,$f_br,$f_ct,$ca_pref,$f_fmt_star,$f_fmt_hidden,$ca_areaarray,$f_use_prot_areas; $buffer_id=array(); $buffer_access=array(); $username=(isset($_POST['save'])?un_esc($_POST['username']):''); $input='

'.($msg!=''? $msg.$f_br:''); $table_data[]=array($ca_lang_l['username'].$f_fmt_star, sprintf($f_fmt_hidden,'flag','add').sprintf($f_fmt_hidden,'old_username',$username).sprintf($input,'username',$username)); $table_data[]=array($ca_lang_l['name'], sprintf($input,'name',(isset($_POST['save'])?un_esc($_POST['name']):''))); $table_data[]=array($ca_lang_l['surname'], sprintf($input,'sirname',(isset($_POST['save'])?un_esc($_POST['sirname']):''))); $table_data[]=array($ca_lang_l['email'], sprintf($input,'email',(isset($_POST['save'])?$_POST['email']:''))); $table_data[]=array($ca_lang_l['password'].$f_fmt_star, sprintf($input_ps,'password')); $table_data[]=array($ca_lang_l['repeat password'].$f_fmt_star, sprintf($input_ps,'repeatedpassword')); // sections and access $select_all_flag=(isset($_POST['select_all'])? true: false); $select_all_val=($select_all_flag)?$_POST["select_all"]:'undefined'; $checked_all_read=(!$select_all_flag || $select_all_val=='yes'); $checked_all_write=($select_all_flag && $select_all_val=='yesw'); $checked_selected=($select_all_flag && $select_all_val=='no'); $line_template='

'; $access_line=''.f_ucfirst($ca_lang_l['view all'])."".$f_br; $access_line.=''.f_ucfirst($ca_lang_l['edit all'])."".$f_br; if(!empty($ca_areaarray) || !$f_use_prot_areas) { $access_line.=' '.f_ucfirst($ca_lang_l['page level']).' '.$f_br; } else {$access_line.=$f_br.''.f_ucfirst($ca_lang_l['adduser_msg1']).'';} $access_line.='

'; if($f_use_prot_areas) { foreach($ca_areaarray as $k=>$v) { $cur_sec_id=$k; $cur_sec_name=$v; $secaccess_type=(isset($_POST['access_type'.$cur_sec_id])? $_POST['access_type'.$cur_sec_id]: (!$checked_selected? '2': '-1')); $access_line.=$f_br.sprintf($line_template,$cur_sec_name, f_build_select('access_type'.$cur_sec_id,$ca_access_type_ex,$secaccess_type,'onchange="javascript:tS(\''.$cur_sec_id.'\');"')); $access_line.='

'; $access_line.=check_section_range(0,$cur_sec_id).'

'; } } else $access_line.='

'.check_section_range(0).'

'; $access_line.='

'.$f_br.'

'.f_ucfirst($ca_lang_l['view']).' - '.f_ucfirst($ca_lang_l['adduser_msg2']).$f_br .''.f_ucfirst($ca_lang_l['edit']).' - '.f_ucfirst($ca_lang_l['adduser_msg3']).'

'; $table_data[]=array($ca_lang_l['access to'], $access_line); // event manager $news_line=''; $calendar_categories=get_calendar_categories(); if(!empty($calendar_categories)) { $news_for=array(); if(isset($data['news']) && !empty($data['news'])) {foreach($data['news'] as $key=>$val) $news_for[]=$val['page'].'%'.$val['cat'];} $news_line.=$f_br; foreach($calendar_categories as $k=>$v) { $ckbox_value=$v['pageid'].'%'.$v['catid']; $news_line.=''.$v['pagename'].' - '.$v['catname'].''.$f_br; } } if(!empty($news_line)) $table_data[]=array($ca_lang_l['want to receive notification'], $news_line); $base=f_build_self_url('centraladmin.php'); $table_data[]='('.$f_fmt_star.') '.$ca_lang_l['required fields'].''.$f_br; $end=ca_getformbuttons('save',true,'onclick="document.location=\''.$base."?process=manageusers".$ca_l_amp.'\'"').$f_br; $output.=f_addentrytable($ca_lang_l['add user'],$table_data,$end); $output.="

"; return $output; } function build_edit_user_form($flag,$msg,$username,$usrid=0,$data='') //flags - add,editpass,editaccess,editdetails { global $ca_access_type_ex,$ca_pref_dir,$ca_lang_l,$ca_l_amp,$f_br,$f_ct,$ca_pref,$f_fmt_star,$f_fmt_hidden,$ca_areaarray,$f_use_prot_areas; $buffer_id=array(); $buffer_access=array(); $input=''; $span8=$span8_nobr.$f_br; $output='

'; $output.='

'; $output.=sprintf($f_fmt_hidden,'flag',$flag).($msg!=''? $msg.$f_br.$f_br:''); $output.=($flag=='editdetails'? sprintf($span8,f_ucfirst($ca_lang_l['username']).$f_fmt_star): ''); if($usrid>0) $output.=sprintf($f_fmt_hidden,'id',$usrid); $is_d=is_array($data); if($flag=='editdetails') { $creation_date=$is_d?$data['creation_date']:$_POST['creation_date']; $output.=sprintf($f_fmt_hidden,'creation_date',$creation_date); $output.=sprintf($f_fmt_hidden,'sr', ($is_d?$data['self_registered']:$_POST['sr']) ); $output.=sprintf($f_fmt_hidden,'status', ($is_d?$data['status']:$_POST['status']) ); } if($flag=='editdetails') $output.=sprintf($f_fmt_hidden,'old_username',$username).sprintf($input,'username',$username); elseif($flag=='editaccess') $output.=sprintf($f_fmt_hidden,'username',$username); else $output.=sprintf($f_fmt_hidden,'username',$username); if($flag=='editdetails') { $output.=sprintf($span8,f_ucfirst($ca_lang_l['name'])) .sprintf($input,'name',($is_d?un_esc($data['first_name']):(isset($_POST['save'])?un_esc($_POST['name']):''))); $output.=sprintf($span8,f_ucfirst($ca_lang_l['surname'])) .sprintf($input,'sirname',($is_d?un_esc($data['surname']):(isset($_POST['save'])?un_esc($_POST['sirname']):''))); $output.=sprintf($span8,f_ucfirst($ca_lang_l['email'])) .sprintf($input,'email',($is_d?$data['email']:(isset($_POST['save'])?$_POST['email']:''))); if($flag=='editdetails') { $output.=f_format_ca_notice($ca_lang_l['creation date'].': '.($creation_date!=''? date('r',f_tzone_date($creation_date)): 'NA'),true); } } if($flag=='editpass') { $output.=sprintf($span8,f_ucfirst($ca_lang_l['password']).$f_fmt_star).sprintf($input_ps,'password'); $output.=sprintf($span8,f_ucfirst($ca_lang_l['repeat password']).$f_fmt_star).sprintf($input_ps,'repeatedpassword'); } if($flag=='editaccess') // sections and access { $select_all_flag=(!$is_d && isset($_POST['select_all'])); $select_all_val=($select_all_flag)?$_POST["select_all"]:'undefined'; $checked_all_read=($flag=='editaccess' && isset($data['access'][0]) && $data['access'][0]['section']=='ALL' && $data['access'][0]['type']=='0'); $checked_all_write=($flag=='editaccess' && isset($data['access'][0]) && $data['access'][0]['section']=='ALL' && $data['access'][0]['type']=='1'); $checked_selected=($select_all_flag && $_POST["select_all"]=='no' || isset($data['access'][0]) && $data['access'][0]['section']!='ALL' || !isset($data['access'][0])); $selected_sec_flag=(isset($_POST['selected_sections'])? true: false); $line_template='

'; $output.='

'.sprintf($span8_nobr,f_ucfirst($ca_lang_l['access to'])).$f_fmt_star.''; $output.=''.f_ucfirst($ca_lang_l['view all'])."".$f_br; $output.=''.f_ucfirst($ca_lang_l['edit all'])."".$f_br; if(!empty($ca_areaarray) || !$f_use_prot_areas) { $output.=' '.f_ucfirst($ca_lang_l['page level']).' '.$f_br; } else $output.=$f_br.''.f_ucfirst($ca_lang_l['adduser_msg1']).''; $selected_sec_ids=array(); $selected_sec_access=array(); if($is_d) { foreach($data['access'] as $k=>$v) { $selected_sec_ids[]=$v['section']; $selected_sec_access[]=$v['type']; } } $output.='

'; if($f_use_prot_areas) { foreach($ca_areaarray as $k=>$v) { $cur_sec_id=$k; $cur_sec_name=$v; $secaccess_type=(!$checked_selected? '2': '-1'); if(isset($_POST['access_type'.$cur_sec_id])) $secaccess_type=$_POST['access_type'.$cur_sec_id]; elseif(isset($data[0])) { $index=array_search($cur_sec_id,$selected_sec_ids); if($index!==false) $secaccess_type=$selected_sec_access[$index]; } $output.=$f_br.sprintf($line_template,$cur_sec_name, f_build_select('access_type'.$cur_sec_id .'_'.$usrid,$ca_access_type_ex,$secaccess_type,'onchange="javascript:tS(\''.$cur_sec_id.'_'.$usrid.'\');"')); $output.='

'; $output.=check_section_range(0,$cur_sec_id,$usrid,$data)."

"; } } else $output.='

'.check_section_range(0,'',$usrid,$data)."

"; $output.='

'.$f_br.'

'.f_ucfirst($ca_lang_l['view']).' - '.f_ucfirst($ca_lang_l['adduser_msg2']) .$f_br.''.f_ucfirst($ca_lang_l['edit']).' - '.f_ucfirst($ca_lang_l['adduser_msg3']).'

'.$f_br.$f_br.'

'; } if($flag=='editdetails') // event manager { $calendar_categories=get_calendar_categories(); if(!empty($calendar_categories)) { $news_for=array(); if(isset($data['news']) && !empty($data['news'])) { foreach($data['news'] as $key=>$val) $news_for[]=$val['page'].'%'.$val['cat']; } $output.=$f_br.'

'.sprintf($span8_nobr,$ca_lang_l['want to receive notification']).''.$f_br; foreach($calendar_categories as $k=>$v) { $ckbox_value=$v['pageid'].'%'.$v['catid']; $output.=''.$v['pagename'].' - '.$v['catname'].''.$f_br; } $output.=$f_br.'

'; } } $base=f_build_self_url('centraladmin.php'); $output.=$f_br.ca_getformbuttons('save',true,'onclick="'.(($usrid>0)?'sv(\''.$flag.'_'.$usrid.'\');':'document.location=\''.$base."?process=manageusers".$ca_l_amp.'\'').'""'); $output.='

'; $output.=""; return $output; } function build_register_form($float) { global $ca_pref_dir,$ca_settings,$ca_l_amp,$f_br,$f_ct,$trtdsp,$ca_ulang_id,$f_lang_reg,$ca_action_id,$ca_lang,$f_mobile_detected; $lang_r=$f_lang_reg[$ca_ulang_id]; $settings=f_GFS($ca_settings,'',''); $sr_termsofuse_urls=f_GFS($settings,'',''); $sr_notes=f_GFS($settings,'',''); $norm_reg=($ca_action_id=='register'); $vert=(isset($_REQUEST['vert']) || $f_mobile_detected); $span8=($norm_reg?'class="rvts8"':'class="field_label"'); $input1=($norm_reg?'class="input1"':'class="field"'); $saving=isset($_POST['save']); $trtdsp='%s*'.($vert?$f_br:''); $trtdsp.=''; $output.=''; if($norm_reg)$output.=''; $val=$saving?f_sth(f_strip_tags($_POST['username'])):''; $output.=sprintf($trtdsp,$lang_r['username'],'text','username',$val,$isize).$f_ct.''; $val=$saving?f_sth(f_strip_tags($_POST['name'])):''; $output.=sprintf($trtdsp,$lang_r['name'],'text','name',$val,$isize).$f_ct.''; $val=$saving?f_sth(f_strip_tags($_POST['sirname'])):''; $output.=sprintf($trtdsp,$lang_r['surname'],'text','sirname',$val,$isize).$f_ct.''; $val=$saving?f_sth(f_strip_tags($_POST['email'])):''; $output.=sprintf($trtdsp,$lang_r['email'],'text','email',$val,$isize).$f_ct.''; $output.=sprintf($trtdsp,$lang_r['password'],'password','password','',$isize).$f_ct.''; $output.=sprintf($trtdsp,$lang_r['repeat password'],'password','repeatedpassword','',$isize).$f_ct.''; if($norm_reg) { $output.=sprintf($trtdsp,$lang_r['code'],'text','captchacode','','80').'size="4" maxlength="4"'.$f_ct.' '; $output.=''; } $trtd2=($vert)?''; } $output.=$trtd2.' '; if(isset($sr_notes) && !empty($sr_notes)) $output.=''; $calendar_categories=get_calendar_categories($ca_lang); if(!empty($calendar_categories)) //event manager { $output.=$trtd2.''.$lang_r['want to receive notification'].$f_br.' '; foreach($calendar_categories as $k=>$v) { $output.=$trtd2.''.$v['pagename'].' - '.$v['catname'].''; } $output.=$trtd2.' '; } $output.=$trtd2.'(*) '.$lang_r['required fields'].''; $output.=$trtd2.'

' .$lang_r['registration']." ".$f_br.'
':'
	'; if(!empty($sr_termsofuse_urls)) { $output.=$trtd2; $sr_agree_msg_fixed=f_ucfirst($lang_r['I agree with terms']); if($sr_termsofuse_urls!='') { $pattern=f_GFS($sr_agree_msg_fixed,'%%','%%'); $sr_agree_msg_fixed = str_replace('%%'.$pattern.'%%',''.$pattern.'',$sr_agree_msg_fixed); } else $sr_agree_msg_fixed=str_replace('%%','',$sr_agree_msg_fixed); $output.=' *'; $output.=$sr_agree_msg_fixed.'
	'.$sr_notes.'

'; return $output; } function build_forgotpass_form() { global $ca_pref_dir,$ca_l_amp,$f_br,$f_ct,$f_lang_reg,$ca_ulang_id,$ca_action_id,$f_mobile_detected; $lang_r=$f_lang_reg[$ca_ulang_id]; if($ca_action_id=='forgotpass') { $vert=($f_mobile_detected); $span8='class="rvts8"';$input1='class="input1"'; $output=$f_br.''; return $output; } else return build_forgotpass_float(); } function build_forgotpass_float() { global $ca_pref_dir,$ca_l_amp,$f_br,$f_ct,$f_lang_reg,$ca_ulang_id,$ca_action_id; $lang_r=$f_lang_reg[$ca_ulang_id]; $span8='class="field_label"'; $input1='class="field"'; $pre=(isset($_GET['root'])&&$_GET['root']=='1')?'':'../'; $vert=isset($_REQUEST['vert']); $glu=$vert?$f_br:''; $r1=''; $output=$f_br.''; return $output; } function build_editprofile_form($username,$data='',$msg='') { global $ca_pref_dir,$ca_lang_l,$ca_l_amp,$f_br,$f_ct,$f_fmt_hidden,$f_fmt_star,$ca_lang; $input='$val) $news_for[]=$val['page'].'%'.$val['cat']; } $news_line=''; foreach($calendar_categories as $k=>$v) { $ckbox_value=$v['pageid'].'%'.$v['catid']; $news_line.="".$v['pagename'].' - '.$v['catname']."".$f_br; } } $table_data[]='('.$f_fmt_star.') '.$ca_lang_l['required fields'].''; $end=ca_getformbuttons('save',false).$f_br; $output="'; return $output; } # ------------ self-registration function process_register($float) { global $sr_enable,$ca_pref,$ca_db_file,$ca_l,$ca_settings,$f_lf,$ca_template_file,$sr_notif_enabled,$f_br,$ca_site_url,$f_frmvalidation, $template_in_root,$f_lang_f,$f_lang_reg,$ca_ulang_id,$ca_lang_l,$f_uni,$ca_lang,$f_charset_lang_map,$f_cap_id,$f_captchajs,$ca_action_id, $f_frmvalidation2,$ca_allunamechars; if(!$sr_enable) { print GT($f_br.'Self-registration is not enabled for this site.'); exit; } $lang_f=$f_lang_f[$ca_ulang_id]; $lang_r=$f_lang_reg[$ca_ulang_id]; $terms_settings=f_GFS($ca_settings,'',''); $terms_settings=f_GFS($terms_settings,'',''); $errors=array(); $norm_reg=($ca_action_id=='register'); $output_is_from=false; if(isset($_POST['save'])) // send registration email { f_int_start_session(); if($norm_reg && !f_session_isset($f_cap_id) && !f_is_recaptcha_posted()) {echo "This is illegal operation. You are not allowed to register.";exit;} else { foreach($_POST as $k=>$v) {if(!is_array($v)) $_POST[$k]=trim($v);} $ccheck=isset($_POST['cc']) && $_POST['cc']=='1'; $useic=(!$f_uni && $f_charset_lang_map[$ca_lang]!='iso-8859-1' && function_exists("iconv")); $post_user=f_strip_tags($_POST['username']); if(empty($_POST['username'])) $errors[]=($ccheck?'username'.'|':'').$lang_f['Required Field']; elseif(!preg_match($ca_allunamechars,$post_user)) $errors[]=($ccheck?'username'.'|':'').$lang_r['can contain only']; elseif(duplicated_user($post_user)) $errors[]=($ccheck?'username'.'|':'').$lang_r['username exists']; if(empty($_POST['name'])) $errors[]=($ccheck?'name'.'|':'').$lang_f['Required Field']; if(empty($_POST['sirname'])) $errors[]=($ccheck?'sirname'.'|':'').$lang_f['Required Field']; if(empty($_POST['email'])) $errors[]=($ccheck?'email'.'|':'').$lang_f['Required Field']; elseif(!empty($_POST['email']) && !f_validate_email(f_strip_tags($_POST['email']))) $errors[]=($ccheck?'email'.'|':'').$lang_f['Email not valid']; if(empty($_POST['password'])) $errors[]=($ccheck?'password'.'|':'').$lang_f['Required Field']; elseif(strlen(trim($_POST['password']))<5) $errors[]=($ccheck?'password'.'|':'').$lang_r['your password should be']; elseif(empty($_POST['repeatedpassword'])) $errors[]=($ccheck?'repeatedpassword'.'|':'').$lang_r['repeat password']; elseif($_POST['password']!=$_POST['repeatedpassword']) $errors[]=($ccheck?'repeatedpassword'.'|':'').$lang_r['password and repeated password']; elseif(strtolower($post_user)==strtolower($_POST['password'])) $errors[]=($ccheck?'username'.'|':'').$lang_r['username equal password']; if($norm_reg && !f_captcha_valid()) $errors[]=($ccheck?'captchacode'.'|':'').$lang_f['Captcha Message']; if(!isset($_POST['agree']) && !empty($terms_settings)) $errors[]=($ccheck?'agree'.'|':'').$lang_r['you must agree with terms']; if(!empty($errors)) $errors[]=($ccheck?'error|':'').$lang_f['validation failed']; if($ccheck) { $errors_output=implode('|',$errors); if($useic) $errors_output=iconv($f_charset_lang_map[$ca_lang],"utf-8",$errors_output); if(count($errors)>0) { print '0'.$errors_output; exit; } else if($norm_reg) { print '1'; exit; } } if(count($errors)>0) { $output=implode($f_br,$errors).build_register_form($float); $output_is_from=true; } else { $settings=f_GFS($ca_settings,'',''); $require_approval=f_GFS($settings,'',''); if($require_approval=='') $require_approval='0'; $access=array(); $access_str=(strpos($settings,'')!==false)? f_GFS($settings,'',''): ''; if($access_str!='') $temp_access=explode('|',$access_str); if(isset($temp_access)) { foreach($temp_access as $k=>$v) { $t=explode('%%',$v); $page_level_str=f_GFS($v,'(',')'); if(!empty($page_level_str)) $t[1]=str_replace('('.$page_level_str.')','',$t[1]); if($t[1]=='2') { $page_level_arr=explode(';',$page_level_str); foreach($page_level_arr as $kk=>$vv) { $value=explode('%',$vv); $page_access_arr []=array('page'=>$value[0], 'type'=>$value[1]); } $access[]=array('section'=>$t[0],'type'=>$t[1],'page_access'=>$page_access_arr); } else $access[]=array('section'=>$t[0],'type'=>$t[1]); } } $uniqueid=md5(uniqid(mt_rand(),true)); $link=f_build_self_url('centraladmin.php').'?id='.$uniqueid.'&process=register'.$ca_l; $content=str_replace("##",'
',$ca_lang_l['sr_email_msg']); $content=str_replace(array("%CONFIRMLINK%",'%%site%%'), array(''.$link.'',$ca_site_url), $content); $content=str_replace(array("%CONFIRMLINK%",'%%site%%'), array(''.$link.'',$ca_site_url), $content); $content=str_replace(array('%%username%%','%%USERNAME%%'), array($post_user,$post_user),$content); $content_text=str_replace(array("##","%CONFIRMLINK%"), array($f_lf,$link), $ca_lang_l['sr_email_msg']); $content_text=str_replace("%%site%%", $ca_site_url, $content_text); $content_text=str_replace(array('%%username%%','%%USERNAME%%'), array($post_user,$post_user),$content_text); $subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_email_subject']); if((strpos(f_strtolower($content),'mime-version')!==false) || (strpos(f_strtolower($content),'content-type')!==false)) {$log_msg=" Registration email CAN NOT be sent - possible dangerous content"; $output=$log_msg; } $send_to_email=f_strip_tags($_POST["email"]); $sections=''; $news=''; if(empty($access)) {$sections.='';} else { foreach($access as $k=>$v) { $sections.=''; if($v['type']=='2') { foreach($v['page_access'] as $key=>$val) $sections.='

'; } $sections.=''; } } if(isset($_POST["news_for"])) //event manager { foreach($_POST["news_for"] as $k=>$v) { if(strpos($v,'%')!==false) { list($p,$c)=explode('%',$v); } else { $p=$v; $c=''; } $news.=''; } } $details='

'; $log_msg='success'; $result=f_send_mail_ca($content,$content_text,$subject,$send_to_email); if($result=="1") { db_write_user('selfreg',$uniqueid,$post_user,crypt($_POST['password']),$sections,$details,$news); //event manager $log_msg.=", email SENT"; $output = $f_br.'

'.($norm_reg?"

":'').$lang_r['registration was successful'].($norm_reg?"

":'').'

'; } else { $log_msg='fail'; //user is not actually stored into db $log_msg.=', email FAILED ('.f_strip_tags($result).')'; $output=$f_br.'Email FAILED. Try again.'; } write_log('reg','USER:'.$post_user,$log_msg); } } } elseif(isset($_GET['id'])) // confirm registration { $file_contents=' */ ?>'; if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;} flock($fp,LOCK_EX); $fsize=filesize($ca_db_file); if($fsize>0) $file_contents=fread( $fp,$fsize); $users=f_GFS($file_contents,'',''); $get_id=f_strip_tags($_GET['id']); if(strpos($file_contents,''); $username=f_GFS($_user,'username="','"'); $new_user=str_replace($get_id,$new_id,$_user); $new_user=str_replace('',$new_user.'',$file_contents); $file_contents=str_replace($_user,'',$file_contents); ftruncate($fp,0);fseek($fp,0); if(fwrite($fp,$file_contents) === FALSE) {print "Cannot write to file"; exit;} flock($fp,LOCK_UN);fclose($fp); $confirm_message=f_GFS($ca_settings,'',''); $output=$f_br."".$lang_r['registration was completed'].''.$f_br.$confirm_message; $log_msg='success'; if($sr_notif_enabled) { $users=f_GFS($file_contents,'',''); $users_arr=f_format_users($users); if(!empty($users_arr)) { foreach($users_arr as $k=>$v) if($username==$v['username']) {$user_data=$v; break;} } $content='register_id= '.f_strip_tags($_GET['id']).'
'.'username= '.$user_data['username'].'
'; $content.='name= '.un_esc($user_data['first_name']).'
'.'surname= '.un_esc($user_data['surname']).'
'; $content.='email= '.$user_data['email'].'
'.'date= '.date('Y-m-d G:i', f_tzone_date(time())).'
'; $content.='IP= '.(isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:"").'
'; $content.='HOST= '.(isset($_SERVER['REMOTE_HOST'])?$_SERVER['REMOTE_HOST']:"").'
'; $content.='OS= '.(isset($_SERVER['HTTP_USER_AGENT'])?f_define_os($_SERVER['HTTP_USER_AGENT']):"").'
'; $subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_notif_subject']); $result=f_send_mail_ca($content,str_replace('
',$f_lf,$content),$subject); if($result=="1") $log_msg.=', notification SENT'; else $log_msg.=', notification FAILED ('.f_strip_tags($result).')'; } if(!isset($_GET['flag'])) write_log('conf','USER:'.$username,$log_msg); else { write_log('confadmin','USER:'.$username,$log_msg); check_pending_users($output); exit; } } else $output=$f_br."

".$lang_r['registration was completed']."

"; } else { $output=build_register_form($float); $output_is_from=true; } if($norm_reg) { $output=GT($output,false,$lang_r['registration'],true); if($output_is_from) $output=f_include_script(str_replace('%ID%','selfreg',$f_frmvalidation),$output); $rel_path=($template_in_root?'':'../'); $output=f_include_jquery_moo_js($output,$rel_path); if(strpos($output,'class="captcha')!=false) $output=f_include_script(str_replace('%PATH%',$rel_path,$f_captchajs), $output); } else $output=str_replace('%ID%','selfreg',$f_frmvalidation2).$f_lf.$output; print $output; } function process_forgotpass() { global $f_lang_f,$ca_lang_l,$f_lang_reg,$ca_ulang_id,$ca_pref,$f_lf,$ca_db_file,$ca_page_charset,$f_br,$f_fmt_span8em,$ca_template_file,$ca_lang, $ca_db_settings_file,$ca_settings,$ca_site_url,$f_frmvalidation,$template_in_root,$f_uni,$f_charset_lang_map,$ca_action_id,$f_frmvalidation2; $lang_f=$f_lang_f[$ca_ulang_id]; $lang_r=$f_lang_reg[$ca_ulang_id]; $norm_reg=($ca_action_id=='forgotpass'); $msg=''; $errors=array(); $ca_full_script_path=f_build_self_url('centraladmin.php'); if(isset($_POST['save'])) { $ccheck=isset($_POST['cc']) && $_POST['cc']=='1'; $useic=(!$f_uni && $f_charset_lang_map[$ca_lang]!='iso-8859-1' && function_exists("iconv")); if(!empty($_POST["username"])) { $usr=f_strip_tags(trim($_POST["username"])); $user_data=f_get_user($usr,$ca_pref); } if(!empty($_POST["email"])) { $email=f_strip_tags(trim($_POST["email"])); $user_data=f_get_user('',$ca_pref,$email); } if(!isset($usr) && !isset($email)) $errors[]=($ccheck?'username'.'|':'').$lang_r['you have to fill']; elseif(isset($usr) && empty($user_data)) $errors[]=($ccheck?'username'.'|':'').$lang_r['unexisting']; elseif(isset($email) && !f_validate_email($email)) $errors[]=($ccheck?'username'.'|':'').$lang_f['Email not valid']; elseif(isset($email) || isset($usr)) { if(!isset($user_data['email']) || $user_data['email']=='') $errors[]=($ccheck?'username'.'|':'').$lang_r[isset($email)?'email not found':'no email for user']; } if($ccheck) { $errors_output=implode('|',$errors); if($useic) $errors_output=iconv($f_charset_lang_map[$ca_lang],"utf-8",$errors_output); if(count($errors)>0) { print '0'.$errors_output; exit; } else if($norm_reg) { print '1'; exit; } } if(count($errors)>0) $output=implode($f_br,$errors).build_forgotpass_form(); else { $uniqueid=md5(uniqid(mt_rand(),true)); $send_to_email=$user_data['email']; $confirm_url=$ca_full_script_path.'?process=forgotpass&confirm='.$uniqueid;$confirm_link=''.$confirm_url.''; f_write_tagged_data('fp_'.$uniqueid,$user_data['username'],$ca_db_settings_file,$ca_template_file); $content=str_replace(array('##','%%confirmlink%%','%%confirmurl%%','%%site%%','%%username%%','%%USERNAME%%'), array('
',$confirm_link,$confirm_url,$ca_site_url,$user_data['username'],$user_data['username']),$ca_lang_l['sr_forgotpass_msg0']); $content_text=str_replace("##",$f_lf,$content); $subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_forgotpass_subject0']); $result=f_send_mail_ca($content,$content_text,$subject,$send_to_email); $output=$f_br.($norm_reg?"

":'').$ca_lang_l['check email for instructions'].($norm_reg?"

":''); } } elseif(isset($_GET["confirm"])) { $uniqueid=trim(f_strip_tags($_GET["confirm"])); $new_pass=mt_rand(); $username=f_GFS($ca_settings,'',''); if(!empty($username)) { $user_data=f_get_user($username,$ca_pref); $send_to_email=$user_data['email']; $content=str_replace(array("##","%%newpassword%%",'%%site%%'),array('
',$new_pass,$ca_site_url),$ca_lang_l['sr_forgotpass_msg']); $content=str_replace(array('%%username%%','%%USERNAME%%'),array($username,$username),$content); $content_text=str_replace("##",$f_lf,$content); $subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_forgotpass_subject']); $result=f_send_mail_ca($content,$content_text,$subject,$send_to_email); if($result=="1") { if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;} flock($fp, LOCK_EX); $file_contents=fread($fp,filesize($ca_db_file)); $users=f_GFS($file_contents,'',''); $old_data=f_GFSAbi($users,''); $new_data=str_replace(f_GFSAbi($old_data,'password="','">'),'password="'.crypt($new_pass).'">',$old_data); $file_contents=str_replace($old_data,$new_data,$file_contents); ftruncate($fp,0);fseek($fp,0); if(fwrite($fp,$file_contents) === FALSE) {print "Cannot write to file"; exit; } flock($fp,LOCK_UN);fclose($fp); $log_msg="success, email SENT"; $output=$f_br.'

'.$lang_r['check email for new password'].'

'; f_write_tagged_data('fp_'.$uniqueid,'',$ca_db_settings_file,$ca_template_file,true); } else {$log_msg='success, email FAILED ('.f_strip_tags($result).')'; $output='Email FAILED. Try again.';} write_log('forgotpass','USER:'.$username,$log_msg); } else $output=$f_br.'

'.$lang_r['check email for new password'].'

'.f_ucfirst($ca_lang_l['forgotten password']).''; } else $output=build_forgotpass_form(); if($norm_reg) { $output=GT($output,false,$lang_r['forgotten password'],true); $output=f_include_script(str_replace('%ID%','forgotpass',$f_frmvalidation),$output); $output=f_include_jquery_moo_js($output,($template_in_root?'':'../')); } else $output=str_replace('%ID%','forgotpass',$f_frmvalidation2).$f_lf.$output; print $output; } function process_changepass() { global $ca_pref,$ca_lang_l,$ca_db_file,$ca_page_charset,$template_in_root,$f_br,$f_fmt_span8em,$ca_template_file; $user=(f_adminCookie())?f_sth(f_strip_tags($_REQUEST['username'])): f_getUserCookie(); $user_data=f_get_user($user,$ca_pref); $msg=array(); if(isset($_POST['save'])) { if(empty($_POST['oldpassword'])) $msg['oldpassword']=f_ucfirst($ca_lang_l['fill in']).' '.$ca_lang_l['old password']; elseif($user_data['password']!=crypt($_POST['oldpassword'],$user_data['password'])) $msg['oldpassword']=f_ucfirst($ca_lang_l['wrong old']); if(empty($_POST['newpassword'])) $msg['newpassword']=f_ucfirst($ca_lang_l['fill in']).' '.$ca_lang_l['new password']; elseif(strlen(trim($_POST['newpassword']))<5) $msg['newpassword']=f_ucfirst($ca_lang_l['your password should be']); elseif(empty($_POST['repeatedpassword'])) $msg['repeatedpassword']=f_ucfirst($ca_lang_l['repeat password']); elseif($_POST['newpassword']!=$_POST['repeatedpassword']) $msg['repeatedpassword']=f_ucfirst($ca_lang_l['password and repeated password']); if(!empty($msg)) $output=build_changepass_form($user,$msg); else { if(isset($user_data['username']) && $user_data['username']==$user) { if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;} flock($fp,LOCK_EX); $file_contents=fread($fp,filesize($ca_db_file)); $users=f_GFS($file_contents,'',''); $old_data=f_GFSAbi($users,''); $new_data=str_replace(f_GFSAbi($old_data,'password="','">'),'password="'.crypt($_POST['newpassword']).'">',$old_data); $file_contents=str_replace($old_data,$new_data,$file_contents); ftruncate($fp,0);fseek($fp,0); if(fwrite($fp,$file_contents)==FALSE) {print "Cannot write to file";exit;} flock($fp,LOCK_UN);fclose($fp); $show_msg=''.f_ucfirst($ca_lang_l['changes saved']).''; if(isset($_GET['ref_url'])) { $u=$_GET['ref_url']; if(strpos($_GET['ref_url'],'/')===false && $template_in_root==false) $u='../'.$u; } write_log('changepass','USER:'.$user,'success'); $table_data=array(); $table_data[]=array('',$show_msg); $output=f_addentrytable($ca_lang_l['change password'],$table_data); } } } else $output=build_changepass_form($user,$msg); $output=f_fmt_admin_screen($output,build_myprofile_menu()); $output=GT($output,false,'',true); print $output; exit; } function build_changepass_form($username,$msg) { global $ca_pref_dir,$ca_lang_l,$ca_l_amp,$f_br,$f_ct,$f_fmt_star; $hint=$f_br.'%s'; $table_data=array(); $table_data[]=array($ca_lang_l['old password'].$f_fmt_star,''; $end=ca_getformbuttons('save',false).$f_br; $output=''; return $output; } function process_editprofile() { global $ca_pref,$ca_lang_l,$ca_db_file,$ca_page_charset,$f_br,$f_fmt_span8em,$ca_template_file; $msg=''; if(f_adminCookie()) $user=f_sth(f_strip_tags($_REQUEST['username'])); else $user=f_getUserCookie(); $user_data=f_get_user($user,$ca_pref); if(isset($_POST['save'])) { if(empty($_POST['name'])) $msg.=$f_br.f_ucfirst($ca_lang_l['fill in']).' '.f_strtoupper($ca_lang_l['name']); if(empty($_POST['sirname']))$msg.=$f_br.f_ucfirst($ca_lang_l['fill in']).' '.f_strtoupper($ca_lang_l['surname']); if(empty($_POST['email'])) $msg.=$f_br.f_ucfirst($ca_lang_l['fill in']).' '.f_strtoupper($ca_lang_l['email']); if($msg!='') $output=build_editprofile_form($user,'',$f_br.sprintf($f_fmt_span8em,$msg)); else { if(isset($user_data['username']) && $user_data['username']==$user) { if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;} flock($fp,LOCK_EX); $file_contents=fread($fp,filesize($ca_db_file)); $users=f_GFS($file_contents,'',''); $old_data=f_GFSAbi($users,''); $new_details='

'; $new_data=str_replace(f_GFSAbi($old_data,''),$new_details,$old_data); $news=''; if(isset($_POST["news_for"])) //event manager { foreach($_POST["news_for"] as $k=>$v) { if(strpos($v,'%')!==false) list($p,$c)=explode('%',$v); else {$p=$v;$c='';} $news.=''; } } if(!empty($news)) { if(strpos($new_data,'')===false) //event manager $new_data=str_replace('',''.$news.'',$new_data); else $new_data=str_replace(f_GFSAbi($old_data,'',''),''.$news.'',$new_data); } $file_contents=str_replace($old_data,$new_data,$file_contents); ftruncate($fp,0);fseek($fp,0); if(fwrite($fp,$file_contents)==FALSE) {print "Cannot write to file"; exit;} flock($fp,LOCK_UN); fclose($fp); $show_msg=''.f_ucfirst($ca_lang_l['changes saved']).''; if(isset($_GET['ref_url'])) { $u=$_GET['ref_url']; $u=str_replace('../','',$u); //m } write_log('editprofile','USER:'.$user,'success'); if(isset($_POST['lang'])) setcookie($user.'_lang',strtoupper(f_strip_tags($_POST['lang'])), mktime(23,59,59,1,1,2037),'/'); $table_data=array(); $table_data[]=array('',$show_msg); $output=f_addentrytable($ca_lang_l['profile'],$table_data); } } } else $output=build_editprofile_form($user,$user_data); $output=f_fmt_admin_screen($output,build_myprofile_menu()); $output=GT($output,false,'',true); print $output; exit; } function get_calendar_categories($lang='') { global $f_db_folder; $categories=array(); $calendar_pages=get_pages_list('136',$lang); foreach($calendar_pages as $k=>$v) { $file_contents=''; if(strpos($v['url'],'../')===false) $v['url']='../'.$v['url']; $fp=@fopen($v['url'],'r'); if($fp) {$file_contents=fread($fp,4096); fclose($fp);} if(!empty($file_contents)) { if(strpos($file_contents,'$em_enabled=TRUE;')!==false || strpos($file_contents,'$em_enabled=true;')!==false) { $cat_ids_arr=array(); $cat_names_arr=array(); $cat_visib_arr=array(); $cal_settings=f_read_file('../'.$f_db_folder.$v['pageid'].'_settings.ezg.php'); while(strpos($cal_settings,''); settype($cat_id,'integer'); $category_info=f_GFS($cal_settings,'',''); list($name,$color,$vis,$mark,$mark_color)=explode('%%', $category_info); if($cat_id>0) {$cat_ids_arr[]=$cat_id; $cat_names_arr[]=$name; $cat_visib_arr[]=($vis=='1'?true:false);} $cal_settings=str_replace(''.$category_info.'','',$cal_settings); } if(empty($cat_ids_arr)) { $cat_ids_arr[]=1; $cat_names_arr[]="General"; $cat_visib_arr[]='yes'; } foreach($cat_names_arr as $kk=>$vv) { if(isset($cat_visib_arr[$kk]) && $cat_visib_arr[$kk]=='true' || $cat_visib_arr[$kk]==true) $categories[]= array('pageid'=>$v['pageid'],'pagename'=>$v['name'],'catid'=>$cat_ids_arr[$kk],'catname'=>str_replace('"','',$vv)); } } } } return $categories; } # ---------- DB function write_log($change,$data,$message="") { global $ca_db_activity_log,$f_db_first_line,$f_db_last_line,$f_lf; $message=str_replace($f_lf,'',$message); //remove new lines if such $time=time(); $ip=''; if(isset($_SERVER['REMOTE_ADDR'])) $ip=trim($_SERVER['REMOTE_ADDR']); elseif(isset($_SERVER['HTTP_PC_REMOTE_ADDR'])) $ip=trim($_SERVER['HTTP_PC_REMOTE_ADDR']); $typechange=array("reg"=>"Register", "conf"=>"Confirmation", "confadmin"=>"Confirmation (Admin)", "forgotpass"=>"Forgotten pass", "changepass"=>"Change pass", "editprofile"=>"Edit profile", "resend"=>"Confirmation email resend", "login"=>"Login", "logout"=>"Logout"); $currchange=$typechange[$change]; $record_line="$time => $currchange -> $data => Result: $message => $ip"; clearstatcache(); if(!file_exists($ca_db_activity_log)) $handle=@fopen($ca_db_activity_log,'w'); else $handle=@fopen($ca_db_activity_log,'a'); if(!$handle) return; else { flock($handle,LOCK_EX); if(filesize($ca_db_activity_log)==0) {$buf=$f_db_first_line.$f_lf.$record_line.$f_lf;} else {$buf=$record_line.$f_lf;} fwrite($handle,$buf); flock($handle,LOCK_UN); fclose($handle); } } function db_get_users($tag='users') { global $ca_db_file; $filename=$ca_db_file; if(!file_exists($filename)) $filename=str_replace('../','',$filename); $src=f_read_file($filename); $users=f_GFS($src,'<'.$tag.'>',''); return $users; } function db_remove_user($usr,$flag='users') { global $ca_db_file, $ca_template_file; $result=false; $updated_users=''; $users=db_get_users($flag); if($flag=='users') {if($users!='') $users_arr=f_format_users($users);} else {if($users!='') $users_arr=$users;} if(isset($users_arr) && !empty($users_arr)) { $counter=0; if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;} flock($fp, LOCK_EX); $fsize=filesize($ca_db_file); if($fsize>0) $file_contents=fread($fp,$fsize); $updated_users=str_replace(f_GFSAbi($users,''),'',$users); $file_contents=str_replace($users, $updated_users,$file_contents); ftruncate($fp, 0); fseek($fp, 0); if(fwrite($fp,$file_contents) === FALSE) {print "Cannot write to file"; exit; } flock($fp, LOCK_UN); fclose( $fp ); $result=true; } return $result; } function db_write_user($flag,$uniqueid,$username='',$pwd='',$sections='',$details='',$news='') { $users_arr=array(); $specific_user=array(); if($flag=='selfreg') {db_add_user($uniqueid,$username,$pwd,$sections,$details,$news,true);} else { $users=db_get_users(); if($users!='') $users_arr=f_format_users($users); if(!empty($users_arr)) { foreach($users_arr as $k=>$v) { if($uniqueid==$v['id']) {$id=$v['id']; break;} } } if($flag!='add' && isset($id)) db_edit_user($flag,$id,$username,$pwd,$sections,$details,$news); else { $last=array_pop($users_arr); db_add_user($last['id']+1,$username,$pwd,$sections,$details,$news); } } } function db_add_user($id,$username,$pwd,$sections,$details,$news,$self_reg=false) { global $ca_db_file, $ca_template_file; $result=false; $file_contents=' */ ?>'; $new_user=''.$sections.''. ($news!=''?''.$news.'':'').$details.''; //event manager if(!file_exists($ca_db_file)) { print f_fmt_in_template($ca_template_file,f_fmt_error_msg('MISSING_DBFILE',$ca_db_file)); exit; } else if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;} flock($fp, LOCK_EX); $fsize=filesize($ca_db_file); if($fsize>0) $file_contents=fread($fp,$fsize); if($self_reg==false) {$file_contents=str_replace('',$new_user.'',$file_contents);} else { if(strpos($file_contents,'')===false) {$file_contents=str_replace('',''.$new_user.'',$file_contents);} else {$file_contents=str_replace('',$new_user.'',$file_contents);} } if(strpos($file_contents,'/*')===FALSE) { $file_contents=str_replace('','/*',$file_contents); $file_contents=str_replace('','*/',$file_contents); } ftruncate($fp,0);fseek($fp,0); if(fwrite($fp,$file_contents) === FALSE) {print "Cannot write to file";exit;} flock($fp,LOCK_UN);fclose($fp); $result=true; } function db_edit_user($flag,$id,$username,$pwd='',$sections='',$details='',$news='') //edit user's password or access { global $ca_db_file, $ca_template_file; $users=''; $file_contents=''; $fixed=''; $users=db_get_users(); if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;} flock($fp,LOCK_EX); $fsize=filesize($ca_db_file); if($fsize>0) $file_contents=fread($fp,$fsize); $user_to_update='').''; if(strpos($user_to_update,'')===false || strpos($user_to_update,'')!==false) {$fixed=str_replace('','',$user_to_update);} else { if(strpos($user_to_update,'

0) $file_contents=fread($fp,$fsize); } if($flag=='editpass') $updated_user=str_replace(f_GFS($user_to_update,'password="','"'),$pwd,$user_to_update); elseif($flag=='editaccess') $updated_user=str_replace(f_GFS($user_to_update,'',''),$sections,$user_to_update); elseif($flag=='editdetails') { $updated_user=str_replace(f_GFSAbi($user_to_update,'

'),$details,$user_to_update); if(strpos($user_to_update,'')===false) //event manager $updated_user=str_replace('',''.$news.'',$updated_user); else $updated_user=str_replace(f_GFSAbi($user_to_update,'',''),''.$news.'',$updated_user); if(isset($_POST['old_username'])) { $old_user_name=f_GFSAbi($updated_user,'username="','"'); $updated_user=str_replace($old_user_name,'username="'.$_POST['username'].'"',$updated_user); } } elseif($flag=='activate' || $flag=='block') { $details_orig=f_GFSAbi($user_to_update,'

'); if(strpos($details_orig,'status="')!==false) {$details_new=str_replace(f_GFSAbi($details_orig,'status="','"'), 'status="'.($flag=='activate'?'1':'0').'"',$details_orig);} else {$details_new=str_replace('>', ' status="'.($flag=='activate'?'1':'0').'">',$details_orig);} $updated_user=str_replace($details_orig, $details_new, $user_to_update); } else $updated_user=$user_to_update; $file_contents=str_replace($user_to_update,$updated_user,$file_contents); ftruncate($fp,0);fseek($fp,0); if(fwrite($fp,$file_contents)===FALSE) {print "Cannot write to file";exit;} flock($fp,LOCK_UN);fclose($fp); return true; } # ----------- login/logout function login_admin() // process login admin { global $ca_admin_username,$ca_admin_pwd,$ca_lang_l,$ca_account_msg; $output=''; if(isset($_POST['login'])) { if(isset($_POST['password'])) $pass_filled=md5($_POST['password']); if(empty($_POST['username']) || empty($_POST['password'])) { $output.=build_login_form_ca("".f_ucfirst($ca_lang_l['fill in']).' '.f_ucfirst($ca_lang_l['username']).' & '.f_ucfirst($ca_lang_l['password']).""); } elseif(f_strip_tags($_POST['username'])!=$ca_admin_username || $pass_filled!=$ca_admin_pwd) { set_delay(); $output.=build_login_form_ca("".f_ucfirst($ca_lang_l['incorrect username/password']).""); } else { f_regenerate_session_id(); f_setAdminCookie($ca_admin_username); //ADMIN if(isset($_SERVER['HTTP_USER_AGENT'])) f_set_session_var( 'HTTP_USER_AGENT',md5($_SERVER['HTTP_USER_AGENT'])); set_admin_cookie(); // for counter - to ignore hits from site admin index(); exit; } } else { if(strtolower($ca_admin_username)=='admin' && ($ca_admin_pwd==md5('admin') || $ca_admin_pwd==md5('Admin') || $ca_admin_pwd==md5('ADMIN'))) {print GT($ca_account_msg); exit;} $output.=build_login_form_ca($ca_lang_l['administration panel']); } $output=GT($output,false,'',true); print $output; } function set_admin_cookie() { if(!isset($_COOKIE['visit_from_admin'])) // counter needed to ignore hits from site admin { $ts=time(); $expire_ts=mktime(23, 59, 59, date ('n',$ts), date ('j',$ts), 2037); setcookie('visit_from_admin',md5(uniqid(mt_rand(),true)),$expire_ts); } } function set_delay() { global $ca_db_delay_file; $max_exec=intval(ini_get('max_execution_time')); $delay=($max_exec>=25)?20:$max_exec-2; $ts=time(); $last_wrong_ts=$ts; if(file_exists($ca_db_delay_file) && is_writable($ca_db_delay_file)) { $fsize=filesize($ca_db_delay_file); if($fsize>0) { $fp=fopen($ca_db_delay_file,'r'); $last_wrong_ts=intval(fread($fp,$fsize)); fclose($fp); } if($ts-$last_wrong_ts<=30) sleep($delay); else sleep(1); $fp=fopen($ca_db_delay_file,'w'); flock($fp, LOCK_EX); fwrite($fp,$ts); flock($fp, LOCK_UN); fclose($fp); } elseif($ts-$last_wrong_ts<=30) sleep($delay); } function logout_user() { global $ca_settings,$f_home_page,$ca_action_id; if($ca_action_id=='logoutadmin') write_log('logout','USER:Administrator','success'); if($ca_action_id=='logout' && f_adminCookie()) write_log('logout','USER:Administrator','success'); elseif(f_userCookie()) { $user=f_getUserCookie(); write_log('logout','USER:'.$user,'success'); } f_unset_session(); $logout_redirect_url=f_GFS($ca_settings,'',''); if(!empty($logout_redirect_url)) { $redirect_page_name=(strpos($logout_redirect_url,'http')===false? 'http://': '').$logout_redirect_url; } elseif(isset($_GET['ref_url'])) { $redirect_page_name=f_strip_tags($_GET['ref_url']); } elseif(isset($_GET['pageid']) && intval($_GET['pageid'])>0) { $prot_page_info=get_page_info($_GET['pageid']); $prot_page_name=$prot_page_info[1]; $redirect_page_name=(strpos($prot_page_name,'../')===false? '../': '').$prot_page_name; } else { $pos=strpos($f_home_page,'http://'); $redirect_page_name=($pos!==false)? substr($f_home_page,$pos): '../'.$f_home_page; } f_url_redirect($redirect_page_name,false); } function user_navigation($only_username=false,$return_flag=false) { global $thispage_id,$ca_l_amp,$ca_pref,$f_sp_pages_ids; $labels=f_get_myprofile_labels($thispage_id,$ca_pref); $logged_as_label=(isset($_GET['logged_l'])? f_sth(f_strip_tags($_GET['logged_l'])): 'logged as'); $pageid_info=f_get_page_params($thispage_id,$ca_pref); $thispage_dir=(isset($pageid_info[1]) && strpos($pageid_info[1],'../')===false)?'documents/':'../documents/'; $is_admin=f_adminCookie(); $is_user=f_userCookie(); if($is_admin) $user_val=f_getAdminCookie(); elseif($is_user) $user_val=f_getUserCookie(); $heading=''; if(strtolower($logged_as_label)=='username' || $only_username) {$heading=$user_val;} elseif($is_admin || $is_user) { $ca_url=$thispage_dir.'centraladmin.php?process='; $ref_url=(isset($pageid_info[1])?$pageid_info[1]:''); $heading.=''.$labels['welcome'].' ['.$user_val.'] '; $sp_page=isset($pageid_info[4]) && in_array($pageid_info[4],$f_sp_pages_ids); if($is_admin) { if($sp_page) $heading.='| '.$labels['edit'].''; $heading.='| '.$labels['administration panel'].' ' .'| '.$labels['logout'].''; } else { if($sp_page && f_has_write_access($user_val,$pageid_info,$ca_pref)) $heading.='| '.$labels['edit'].''; $ca_detailed_url=$thispage_dir.'centraladmin.php?pageid='.$thispage_id.'&ref_url='.urlencode($ref_url).'&username='.$user_val.$ca_l_amp.'&process='; $heading.='| '.$labels['profile'].'' .'| '.$labels['logout'].''; } } if($return_flag) return $heading; else print $heading; } function user_navigation_float($return_flag=false) { global $thispage_id,$ca_l_amp,$ca_pref,$f_sp_pages_ids; $vert=isset($_REQUEST['vert']); $glu=$vert?'':' | '; $labels=f_get_myprofile_labels($thispage_id,$ca_pref); $logged_as_label=(isset($_GET['logged_l'])? f_sth(f_strip_tags($_GET['logged_l'])): 'logged as'); $pageid_info=f_get_page_params($thispage_id,$ca_pref); $thispage_dir=(isset($pageid_info[1]) && strpos($pageid_info[1],'../')===false)?'documents/':'../documents/'; $is_admin=f_adminCookie(); $is_user=f_userCookie(); if($is_admin) $user_val=f_getAdminCookie(); elseif($is_user) $user_val=f_getUserCookie(); if(strtolower($logged_as_label)=='username') $heading=$user_val; elseif($is_admin || $is_user) { $ca_url=$thispage_dir.'centraladmin.php?process='; $ref_url=(isset($pageid_info[1])?$pageid_info[1]:''); $heading='

'.$labels['welcome'].' ['.$user_val.']

'; if($is_admin) { if(isset($pageid_info[4]) && in_array($pageid_info[4],$f_sp_pages_ids)) $heading.='

'.$glu.''.$labels['edit'].'

'; $heading.='

'.$glu.''.$labels['administration panel'].'

'; $heading.='

'.$glu.''.$labels['logout'].'

'; } else { $heading=''; if(isset($pageid_info[4]) && in_array($pageid_info[4],$f_sp_pages_ids) && f_has_write_access($user_val,$pageid_info,$ca_pref)) $heading.='

'.$glu.''.$labels['edit'].'

'; $ca_detailed_url=$thispage_dir.'centraladmin.php?pageid='.$thispage_id.'&ref_url='.urlencode($ref_url).'&username='.$user_val.$ca_l_amp.'&process='; $heading.='

'.$glu.''.$labels['profile'].'

'; $heading.='

'.$glu.''.$labels['logout'].'

'; } } else $heading='

'.$labels['welcome guest'].'

'; if($return_flag) return $heading; else print $heading; } function get_userpages() { global $db,$f_sp_pages_ids,$ca_pref; $result=''; f_int_start_session("private"); if(f_adminCookie()) $result='all'; elseif(f_userCookie()) { $user_account=f_get_user(f_getUserCookie(),$ca_pref); if($user_account['access'][0]['section']=='ALL') $result='all'; else { $controlled_pages=get_prot_pages_list(''); $protected_pages=array(); $protected_pages_per_section=array(); $special_ids=array(); foreach($controlled_pages as $k=>$v) { if($v['protected']=='TRUE') $protected_pages[]=$v['id']; if(in_array($v['typeid'],$f_sp_pages_ids)) $special_ids[]=$v['id']; } foreach($user_account['access'][0]['page_access'] as $k=>$v) { $pid=intval($v['page']); if(in_array($pid,$protected_pages)) { $at=intval($v['type']); if(in_array($pid,$special_ids)) $access=($at==1)||($at==3)||($at==0); else $access=$at==0; if($access) $result.=$pid.'|'; } elseif($v['section']!='ALL' && $pid==0) //protection sections { $vs=$v['section']; if(!isset($protected_pages_per_section[$vs])) $protected_pages_per_section[$vs]=get_prot_pages_list($vs); $protected_insection=$protected_pages_per_section[$vs]; $pp_section=array();$sp_section=array(); foreach($protected_insection as $k2=>$v2) { if($v2['protected']=='TRUE') $pp_section[]=$v2['id']; if(in_array($v2['typeid'],$f_sp_pages_ids)) $sp_section[]=$v2['id']; } $at=intval($v['access_type']); if($at==0) foreach($pp_section as $k2=>$v2) $result.=$v2.'|'; foreach($special_ids as $k2=>$v2) if($at==1 || $at==3 || $at==0) $result.=$v2.'|'; } } } } if($result=='')$result='none'; return $result; } function process_admin() { global $ca_admin_username,$ca_pref,$ca_admin_pwd,$thispage_id,$version,$f_version,$f_sp_pages_ids,$ca_account_msg,$ca_db_settings_file, $ca_settings,$ca_db_file, $counter_ds_db_fname,$sr_enable,$ca_db_activity_log,$ca_template_file,$f_names_lang_sets,$ca_pref_dir,$ca_lang_l,$f_br,$f_ct,$rss_call_in_prot_page, $counter_ts_db_fname,$ca_l_amp,$f_db_first_line,$f_lf,$f_fmt_caption,$ca_span8,$f_max_rec_on_admin,$f_db_folder,$ca_lang_set_fname,$f_br,$f_ct,$template_in_root,$ca_action_id, $f_charset_lang_map,$ca_lang, $ca_reg_lang_settings_keys,$ca_reg_lang_settings_labels,$ca_loggedcheck,$ca_areaarray,$ca_logged_access,$f_navtop,$f_navend,$ca_l, $ca_myprofile_actions, $ca_site_url,$f_use_prot_areas,$f_subminiforms,$ca_other_actions,$ca_admin_actions,$ca_lang_template,$ca_user_actions,$f_uni,$f_login_cookiebased,$f_login_cookie_expire; $access_flag=false; $ca_action_id=(empty($_GET) && empty($thispage_id))?'index':''; $ca_action_id=(isset($_REQUEST['process'])?f_strip_tags($_REQUEST['process']):$ca_action_id); if($ca_action_id=='up') { echo get_userpages(); exit; } if(($ca_action_id!='') && !in_array($ca_action_id,$ca_other_actions) && !in_array($ca_action_id,$ca_admin_actions)) $ca_action_id='index'; ca_update_language_set(); $ca_lang_template=f_define_source_page($ca_pref,$ca_lang, (in_array($ca_action_id,$ca_user_actions) || in_array($ca_action_id,$ca_myprofile_actions)?true:'')); // needed here in order to define $f_mobile_detected if((in_array($ca_action_id,$ca_user_actions) || in_array($ca_action_id,$ca_myprofile_actions)) && strpos($ca_lang_template,'/')!==false) $ca_pref_dir='../documents/'; if(in_array($ca_action_id,$ca_myprofile_actions) && f_getUserCookie()=='') $ca_action_id='index'; else f_int_start_session('private'); if(isset($ca_loggedcheck) && ($ca_loggedcheck==true)) { if(f_adminCookie()) $ca_logged_access=array_keys($ca_areaarray); elseif(f_userCookie()) { $user_account=f_get_user(f_getUserCookie(),$ca_pref); if($user_account['access'][0]['section']=='ALL') { $ca_logged_access=array_keys($ca_areaarray); } else { foreach($user_account['access'] as $k=>$v) $ca_logged_access[]=$v['section']; } } else $ca_logged_access=array(); } elseif($ca_action_id=='logout' || $ca_action_id=="logoutadmin") {logout_user();} elseif($ca_action_id=="version") {echo $version.' '.$f_version;} elseif($ca_action_id=="next" || $ca_action_id=="prev") { $all_pages=get_pages_list(); $new_page=''; foreach($all_pages as $k=>$v) { if(isset($v['pageid']) && $v['pageid']==$_REQUEST['id']) { $c_lang=$v['lang']; $orig_page=$v['url']; $new_i=($ca_action_id=="next"?$k+1:$k-1); if(isset($all_pages[$new_i]['pageid'])) { if($all_pages[$new_i]['hidden']=='FALSE' && $all_pages[$new_i]['lang']==$c_lang) $new_page=$all_pages[$new_i]['url']; elseif($all_pages[$new_i]['lang']==$c_lang) { while(!isset($all_pages[$new_i]['hidden']) || $all_pages[$new_i]['hidden']=='TRUE') { if($ca_action_id=="next") $new_i++; else $new_i--; } if($all_pages[$new_i]['hidden']=='FALSE' && $all_pages[$new_i]['lang']==$c_lang) {$new_page=$all_pages[$new_i]['url'];} } } } } if(empty($new_page)) $new_page=$orig_page; $new_page=(strpos($new_page,'../')===false?'../':'').$new_page; f_url_redirect($new_page,false); exit; } elseif($ca_action_id=="register" || $ca_action_id=="register2") process_register($ca_action_id=="register2"); elseif($ca_action_id=="loggedinfo" || $ca_action_id=="loggeduser" || $ca_action_id=="logged") { if(!isset($_SERVER['HTTP_REFERER'])) {f_url_redirect("centraladmin.php?process=index",false);exit;} else { if($ca_action_id=="loggedinfo") $logged_info=user_navigation(false,true); elseif($ca_action_id=="logged") $logged_info=user_navigation_float(true); else $logged_info=user_navigation(true,true); $out=isset($_REQUEST['nodw'])?$logged_info:"\ndocument.write(' $logged_info ');\n"; echo $out; } } elseif($ca_action_id=="forgotpass" || $ca_action_id=="forgotpass2") process_forgotpass(); elseif($ca_action_id=='sitemap') { $fc=(isset($_GET['pwd']) && crypt($_GET['pwd'],'admin')=='adPTFL0iJCHec')?f_read_file($ca_pref.'sitemap.php'):''; print str_replace(array(''),array('',''),$fc);exit; } elseif(in_array($ca_action_id,$ca_admin_actions)) { $table_data=array();$end='';$menu_title='';$output=''; if(f_is_ezg_admin_notlogged()) { if(strpos($ca_lang_template,'/')!==false) $ca_pref_dir='../documents/'; login_admin(); exit; } if($ca_action_id=="index") index(); elseif($ca_action_id=="manageusers") manage_users(); elseif($ca_action_id=="processuser") process_users(); elseif($ca_action_id=="pendingreg") check_pending_users(); elseif($ca_action_id=="confcounter") conf_counter(); elseif($ca_action_id=="resetcounter") { if(isset($_GET['confirmreset']) && file_exists($counter_ts_db_fname) && (filesize($counter_ts_db_fname)!==0)) { $files=array($counter_ts_db_fname,$counter_ds_db_fname); foreach($files as $k=>$v) {$fp=fopen($v,'r+');flock($fp,LOCK_EX);ftruncate($fp,0);fseek($fp,0);flock($fp,LOCK_UN);fclose($fp);} f_write_tagged_data("counter_cookie_suffix",time(),$ca_db_settings_file,$ca_template_file); clearstatcache(); $table_data[]=array('', ''.f_ucfirst($ca_lang_l['reset done']).''); $flag=true; } else { $table_data[]=array('', ''.f_ucfirst($ca_lang_l['reset MSG1']).''); $end='$v) { if($v=='repeat password' || $v=='want to receive notification') $setting_value=$_POST[str_replace(' ','_',$v)]; else $setting_value=(isset($_POST[$v]))? str_replace($f_lf,'##',f_esc(trim($_POST[$v]))): ''; $record_line.='<'.$v.'>'.$setting_value.''; } if(!empty($record_line)) f_write_tagged_data("sr_language_".$post_lang, $record_line, $ca_db_settings_file, $ca_template_file); $table_data[]=array('', ''.f_ucfirst($ca_lang_l['settings saved']).''); $ca_settings=f_read_file($ca_db_settings_file); ca_update_language_set(); } else { $lang_set_sr=f_read_lang_set($ca_lang_set_fname,$cur_lang,'ca'); $sr_lang_l=(isset($lang_set_sr['lang_l']))? $lang_set_sr['lang_l']: $ca_lang_l; $reg_lang_set_raw=f_GFS($ca_settings,'',''); if($reg_lang_set_raw!='') { foreach($ca_reg_lang_settings_keys as $k=>$v) { if(strpos($reg_lang_set_raw,'<'.$v.'>')!==false) $sr_lang_l[$v]=f_un_esc(f_GFS($reg_lang_set_raw,'<'.$v.'>','')); } } $input='$v) { if(array_key_exists($v,$sr_lang_l)) { $label=$ca_reg_lang_settings_labels[$k]; $setting_value=str_replace('##',$f_lf,f_sth($sr_lang_l[$v])); if($v=='sr_email_msg' || $v=='sr_forgotpass_msg' || $v=='sr_forgotpass_msg0' || $v=='sr_activated_msg' || $v=='sr_blocked_msg') { $table_data[]=array($label, sprintf($area,$v,$setting_value)); } else { $table_data[]=array($label, sprintf($input,$v,$setting_value)); } } } $end=ca_getformbuttons('submit').$f_br; } $output=$f_navtop.''; $output.=f_addentrytable($ca_lang_l['registration settings'],$table_data,$end).'

'; $output=f_fmt_admin_screen($output, build_menu(' - '.f_ucfirst($ca_lang_l['language']))); $output=GT($output); if(!isset($_POST['submit'])) { $charset=f_GFS($output,'charset=','"'); $new_charset=(strpos(f_strtolower($charset),'utf')!==false)? 'UTF-8': $f_charset_lang_map[$cur_lang]; if($charset!='') $output=str_replace('charset='.$charset.'"', 'charset='.$new_charset.'"', $output); } print $output; } elseif($ca_action_id=="conflang") { $logout_redirect_url=f_GFS($ca_settings,'',''); $tzone_offset=f_GFS($ca_settings,'',''); $lang_set=f_GFS($ca_settings,'',''); if(isset($_POST['submit'])) { setcookie('ca_lang',strtoupper(f_strip_tags($_POST['lang'])), mktime(23,59,59, 1,1,2037),str_replace('http://'.$_SERVER['HTTP_HOST'],'',$ca_site_url)); f_write_tagged_data(array('language','logout_redirect_url','tzoneoffset'), array($_POST['lang'],$_POST['logout_redirect_url'],$_POST['tzone_offset']), $ca_db_settings_file, $ca_template_file); $table_data[]=array('', ''.f_ucfirst($ca_lang_l['settings saved']).''); $ca_settings=f_read_file($ca_db_settings_file); ca_update_language_set(strtoupper(f_strip_tags($_POST['lang']))); } else { $table_data[]=array($ca_lang_l['language'], f_build_select('lang',$f_names_lang_sets,strtoupper($lang_set))); $table_data[]=array($ca_lang_l['set tzone'], "Disabled!'); if(!function_exists('imagecreatetruecolor')) $table_data[]=array('GD Library',$f_br.'Disabled!'); if(!function_exists("iconv")) $table_data[]=array('Iconv Library',$f_br.'Disabled!'); $output='"; $output=f_fmt_admin_screen($output, build_menu()); print GT($output); } elseif($ca_action_id=="log") { $logcontent=array(); clearstatcache(); if(file_exists($ca_db_activity_log)) { $handle=fopen($ca_db_activity_log,'r'); while($data=fgetcsv($handle, 8192,'^')) { if($data[0]!=$f_db_first_line) { $ip=''; if(substr_count($data[0],'=>')>2) list($dt,$temp,$result,$ip)=explode('=>',$data[0]); else list($dt,$temp,$result)=explode('=>',$data[0]); list($activity,$user)=explode('->',$temp); if(strpos($user,'EMAIL:')!==false) $user=f_GFS($user,'USER:','EMAIL:'); elseif(strpos($user,'ID:')!==false) $user=f_GFS($user,'USER:','ID:'); else $user=str_replace('USER:','',$user); $logcontent[]=array('date'=>trim($dt),'activity'=>trim($activity),'user'=>str_replace($f_lf,$f_br,urldecode($user)).' '.($ip!=''?f_ip_locator($ip):''),'result'=>str_replace('Result:','',$result)); } } fclose($handle); } $output=''; if(!empty($logcontent)) { $logcontent=array_reverse($logcontent); $records_count=count($logcontent); $screen=(isset($_GET['page'])?$_GET['page']:1); $offset=($screen==1)?0:($screen-1)*$f_max_rec_on_admin; $limit_rec_to=($screen*$f_max_rec_on_admin>$records_count)?$f_max_rec_on_admin-($screen*$f_max_rec_on_admin-$records_count):$f_max_rec_on_admin; $show_records=array_slice($logcontent,$offset,$limit_rec_to); $url_part=$ca_pref_dir."centraladmin.php?process=log"; $nav=f_page_nav_ca($records_count,$url_part,$f_max_rec_on_admin,$screen); $cap_arrays=array($ca_lang_l['date'],$ca_lang_l['activity'],$ca_lang_l['user'],$ca_lang_l['result']); $table_data=array(); foreach($show_records as $key=>$value) { if(!empty($value)) { if(strpos($value['date'],':')) $date_value=$value['date']; else $date_value=date('d M Y h:i:s',f_tzone_date($value['date'])); $row_data=array($ca_span8.$date_value."",$ca_span8." :: ".$value['activity']."", $ca_span8.$value['user']."",$ca_span8." :: ".$value['result'].""); $table_data[]=$row_data; } } $append='

' .'"; $output.=f_admintable($nav,$cap_arrays,$table_data,$append); } else {$table_data[]=array('', 'Empty');$output=f_addentrytable($ca_lang_l['log'],$table_data,$end);} $output=f_fmt_admin_screen($output, build_menu()); print GT($output); } elseif($ca_action_id=="clearlog") { if(!$handle=fopen($ca_db_activity_log,'r+')){print f_fmt_in_template($ca_template_file,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_activity_log)); exit;} ftruncate($handle,0); fseek($handle,0); fclose($handle); $table_data[]=array('', ''.f_ucfirst($ca_lang_l['log file cleared']).''); $output=f_addentrytable($ca_lang_l['log'],$table_data,$end); $output=f_fmt_admin_screen($output, build_menu()); print GT($output); } elseif($ca_action_id=="export") { $output=''; $users=db_get_users(); if($users!='') {$users_array=f_format_users($users);} else {$users_array=array();} if(count($users_array)>1) { foreach ($users_array as $key => $row) { $name[$key]=$row['username']; } $name_lower=array_map('strtolower',$name); array_multisort($name_lower,SORT_ASC,$users_array); } if(!empty($users_array)) { $field_names=array('username','name','sirname','email','creation_date','self-registered'); foreach($field_names as $k=>$v) { $output.=($k==0?'':',').'"'.f_sth(urldecode($v)).'"'; } $output.=$f_lf; foreach($users_array as $key=>$value) { $rec=array_keys($value); $output.='"'.f_sth(urldecode($value['username'])).'"'; $output.=',"'.un_esc(urldecode($value['first_name'])).'"'; $output.=',"'.un_esc(urldecode($value['surname'])).'"'; $output.=',"'.f_sth(urldecode($value['email'])).'"'; $output.=',"'.$value['creation_date'].'"'; $output.=',"'.(isset($value['self_registered']) && $value['self_registered']=='1'? 'Yes': 'No').'"'; $output.=',"'.(isset($value['status']) && $value['status']=='1'? 'Active': 'Blocked').'"'; $output.=$f_lf; } } f_sendFileHeaders('users_export.csv'); print $output; exit; } } elseif(in_array($ca_action_id,$ca_myprofile_actions)) // my profile { $output=''; $user=f_getUserCookie(); $access_myprofile=$user!=''; if($access_myprofile) { $user_data=f_get_user($user,$ca_pref); $page_data=get_page_info($thispage_id); if(isset($_GET['setlang'])) { setcookie($user.'_lang',strtoupper(f_strip_tags($_GET['setlang'])), mktime(23,59,59, 1,1,2037),str_replace('http://'.$_SERVER['HTTP_HOST'],'',$ca_site_url)); ca_update_language_set(strtoupper(f_strip_tags($_GET['setlang']))); } if($ca_action_id=="changepass") {process_changepass();exit;} elseif($ca_action_id=="editprofile") {process_editprofile();exit;} elseif($ca_action_id=="myprofile") { $all_edit_access=(isset($user_data['access']) && $user_data['access'][0]['section']=='ALL' && $user_data['access'][0]['type']=='1'); $all_view_access=(isset($user_data['access']) && $user_data['access'][0]['section']=='ALL' && $user_data['access'][0]['type']=='0'); $pages_list=get_pages_list(); $cap_arrays=array($ca_lang_l['page name'],$ca_lang_l['admin link']); $lang_flag=''; foreach($pages_list as $k=>$v) { $edit_flag=$all_edit_access; $view_flag=($all_edit_access || $all_view_access); $page_text=''; $admin_text=''; if(!empty($v['name']) && !isset($v['id']) && isset($pages_list[$k+1]['lang']) && $pages_list[$k+1]['lang']!=$lang_flag) { $row_data=''.$pages_list[$k+1]['lang'].''; $table_data[]=$row_data; $lang_flag=$pages_list[$k+1]['lang']; } foreach($user_data['access'] as $u_k=>$u_access_v) { $is_sec=(isset($v['section']) && $v['section']==$u_access_v['section']); if(isset($v['section']) && ($is_sec || !$f_use_prot_areas)) { if($is_sec && $u_access_v['type']=='0') $view_flag=true; elseif($is_sec && $u_access_v['type']=='1') {$edit_flag=true;$view_flag=true;} elseif($u_access_v['type']=='2' && isset($u_access_v['page_access'])) { foreach($u_access_v['page_access'] as $key=>$val) { if($v['pageid']==$val['page']) { if($val['type']=='1' || $val['type']=='3') {$edit_flag=true;$view_flag=true;} elseif($val['type']=='0') $view_flag=true; break; } } } if($is_sec) break; } } if(count($v)==1) {$cnt=0;$cat=$v['name'];} if(isset($v['id'])) { $key_sf=array_search($v['pageid'],$f_subminiforms); if($key_sf!==false) {$v['adminurl']=(strpos($v['url'],'../')!==false?f_GFSAbi($v['url'],'../','/'):'').'newsletter_'.$key_sf.'.php?action=index';} $ca_ctrl=(in_array($v['id'],$f_sp_pages_ids) || $v['editable']=='TRUE' || $key_sf!==false); if($ca_ctrl && $edit_flag || $v['protected']=='TRUE' && $view_flag) { if($cnt==0) { $row_data=''.$cat.''; $table_data[]=$row_data; } if($template_in_root) { $v_url=str_replace('../','',$v['url']); $supage_url=str_replace('../','',$v['subpage_url']); } else { $v_url=(strpos($v['url'],'../')===false?'../':'').$v['url']; $supage_url=(strpos($v['subpage_url'],'../'===false)?'../':'').$v['subpage_url']; } $page_text.=$ca_span8; if($v['subpage']=='1') $page_text.=' - '; else $page_text.=':: '; $page_text.=$v['name'].''; if($edit_flag && $ca_ctrl) { if($template_in_root) $admin_url=str_replace('../','',$v['adminurl']); else $admin_url=(strpos($v['adminurl'],'../')===false)?'../'. $v['adminurl']:$v['adminurl']; $admin_text.=$ca_span8."["; $admin_text.=$ca_lang_l['edit']."".$ca_span8."]"; } $row_data=array($page_text,$admin_text); $table_data[]=$row_data; $cnt++; } } } } $output=f_admintable('',$cap_arrays,$table_data); } $output=f_fmt_admin_screen($output, build_myprofile_menu()); print GT($output,false,'',true); exit; } else { if(empty($_POST) && empty($thispage_id) && !isset($_GET['pageid'])) {f_url_redirect("centraladmin.php?process=index",false);exit;} $ca_miniform=(isset($_GET['pageid']) && !isset($_POST['loginid']) && !isset($_GET['indexflag']) && !isset($_GET['ref_url']) && !empty($_POST)); $float_login=isset($_POST['redirect_to']); //are we trying to login? $wewantlogin=(isset($_POST['pv_username']) && isset($_POST['pv_password'])); if($wewantlogin) { $pv_username=trim(f_strip_tags($_POST['pv_username'])); $pv_password=trim($_POST['pv_password']); $pass_filled=md5($pv_password); if(strtolower($ca_admin_username)=='admin' && strtolower($ca_admin_username)==strtolower($pv_username) && ($ca_admin_pwd==md5('admin') || $ca_admin_pwd==md5('Admin') || $ca_admin_pwd==md5('ADMIN')) && ($ca_admin_pwd==md5(strtolower($pv_password)) || $ca_admin_pwd==md5(ucfirst($pv_password)) || $ca_admin_pwd==md5(strtoupper($pv_password)))) { print GT($ca_account_msg); exit; } $isitadmin=($pv_username==$ca_admin_username); } else $isitadmin=f_adminCookie(); if(isset($_GET['pageid']) && isset($_POST['loginid']) || $ca_miniform) // when login page or miniform is directly accessed { $cur_section=(isset($_POST['loginid']))? f_strip_tags($_POST['loginid']): ''; if(!isset($pv_username) || !isset($pv_password) || $pv_username=='' || $pv_password=='') error('1',false); if(intval($_GET['pageid'])==0 && $thispage_id=="0") //login page accessed directly, not from admin link { $controlled_pages=get_prot_pages_list($cur_section); $protected_pages=array(); $special_ids=array(); foreach($controlled_pages as $k=>$v) { if($v['protected']=='TRUE' || in_array($v['typeid'],$f_sp_pages_ids)) $protected_pages[]=$v['id']; if(in_array($v['typeid'],$f_sp_pages_ids)) $special_ids[]=$v['id']; } if(empty($protected_pages) && isset($_POST['loginid'])) // for login pages - will be removed later { $controlled_pages=get_prot_pages_list(); foreach($controlled_pages as $k=>$v) { if($v['protected']=='TRUE' || in_array($v['typeid'],$f_sp_pages_ids)) $protected_pages[]=$v['id']; if(in_array($v['typeid'],$f_sp_pages_ids)) $special_ids[]=$v['id']; } } $redirect_to_page=''; $user_account=f_get_user($pv_username,$ca_pref); if($pv_username==$ca_admin_username && $ca_admin_pwd==$pass_filled) $redirect_to_page=(isset($protected_pages[0]))?$protected_pages[0]:'admin'; elseif(empty($user_account)) error('2',true,$user_account); else { if($user_account['username']==$pv_username && $user_account['password']==crypt($pv_password,$user_account['password'])) { if($user_account['access'][0]['section']!='ALL') { foreach($user_account['access'] as $k=>$v) { if($cur_section==$v['section'] || $_GET['pageid']=="0" || !$f_use_prot_areas) { if($v['type']!='2') { foreach($controlled_pages as $kkk=>$vvv) {if(($vvv['protected']=='TRUE' || in_array($vvv['typeid'],$f_sp_pages_ids)) && $vvv['section']==$v['section']) {$redirect_to_page=$vvv['id']; break;} } } elseif(isset($v['page_access'])) { foreach($v['page_access'] as $key=>$val) { if(in_array($val['page'],$protected_pages)) { if(($val['type']=='1' && in_array($val['page'],$special_ids)) || ($val['type']=='0' && !(in_array($val['page'],$special_ids)))) {$redirect_to_page=$val['page']; break;} } } } } } } elseif(isset($protected_pages[0])) $redirect_to_page=$protected_pages[0]; } else error('3',true,$user_account); } if(empty($redirect_to_page)) {print GT($f_br."The system doesn't know where to redirect you.");exit;} else { $prot_page_info=get_page_info($redirect_to_page); $thispage_id=str_replace('','', trim($prot_page_info[10])); } } if(!isset($pv_username) || !isset($pv_password) || $pv_username=='' || $pv_password=='') error('4',false); else { $prot_page_info=get_page_info($thispage_id); $user_account=f_get_user($pv_username,$ca_pref); if(f_check_protection($prot_page_info) > 1 && f_has_read_access($user_account,$prot_page_info)==false) { if($ca_admin_username!=$pv_username || $ca_admin_pwd!=$pass_filled) {error('5',true,$user_account);} } } } $prot_page_info=get_page_info($thispage_id); $prot_page_name=$prot_page_info[1]; if($rss_call_in_prot_page && in_array($prot_page_info[4],array('136','137','138','143','144'))) // public rss when page is protected { $rss_settings_dir=$ca_pref.$f_db_folder; if($prot_page_info[4]=='144') $rss_public_on=f_read_file($rss_settings_dir.$thispage_id."_db_guestbook.ezg.php"); elseif($prot_page_info[4]=='136') $rss_public_on=f_read_file($rss_settings_dir.$thispage_id."_settings.ezg.php"); else $rss_public_on=f_read_file($rss_settings_dir.$thispage_id."_blocked_ips.ezg.php"); $rss_public_on=f_GFS($rss_public_on,'',''); } //start of actual pwd protection check if(isset($rss_public_on) && $rss_public_on=='1') $access_flag=true; elseif(f_is_ezg_admin_notlogged()) { if(f_userCookie()) $user_account=f_get_user(f_getUserCookie(),$ca_pref); if((!f_userCookie()) || f_has_read_access($user_account,$prot_page_info)==false) { if(!isset($pv_username) && !isset($pv_password)) { if(strtolower($ca_admin_username)=='admin' && ($ca_admin_pwd==md5('admin') || $ca_admin_pwd==md5('Admin') || $ca_admin_pwd==md5('ADMIN'))) {print GT($ca_account_msg); exit;} $ref_url=(isset($_GET['ref_url']))?f_strip_tags($_GET['ref_url']):''; if(!isset($user_account)) $user_account=array(); $contents=build_login_form('',$ref_url,$user_account); print $contents; exit; } elseif(!isset($pv_username) || !isset($pv_password) || $pv_username=='' || $pv_password=='') error('6',false); elseif($isitadmin) //is it admin? { if($pass_filled==$ca_admin_pwd) { f_regenerate_session_id(); f_setAdminCookie($ca_admin_username); write_log('login', 'USER:Administrator', 'success'); if(isset($_SERVER['HTTP_USER_AGENT'])) f_set_session_var( 'HTTP_USER_AGENT',md5($_SERVER['HTTP_USER_AGENT'])); set_admin_cookie(); // for counter - to ignore hits from site admin $access_flag=true; } else //wrong username or password { if(!isset($user_account)) $user_account=array(); error('7',true,$user_account); } } else //user { $user_account=f_get_user($pv_username,$ca_pref); if(empty($user_account)) error('8',true,$user_account); else { if($user_account['status']!='1') error('12',true,$user_account); else { $log_check=$user_account['password']==crypt($pv_password,$user_account['password']); if($log_check) { f_regenerate_session_id(); f_setUserCookie($user_account['username']); write_log('login', 'USER:'.$pv_username, 'success'); if($f_login_cookiebased) { f_set_longtime_login_cookie($user_account, time()+$f_login_cookie_expire*24*60*60); } $access_flag=true; } else error('8',true,$user_account); //wrong username or password } } } } else $access_flag=true; } else $access_flag=true; //end of actual pwd protection check if(isset($_REQUEST['pv_username']) && isset($_POST['cc']) && $_POST['cc']=='1') {print '1'; exit;} if(isset($_GET['pageid']) && $access_flag) { if($access_flag==true) { $load_page=$prot_page_name; if(isset($_GET['indexflag']) || f_check_protection($prot_page_info)==1) { $username=isset($pv_username)?$pv_username:(isset($user_account['username'])?$user_account['username']:''); $writeaccess_flag=$isitadmin || f_has_write_access($username,$prot_page_info,$ca_pref); if(!$writeaccess_flag) { if($float_login) $load_page=$prot_page_name; else $load_page=(strpos($prot_page_name,'../')===false?'documents/':'').'centraladmin.php?process=myprofile'; } elseif($prot_page_info[4]=='143' && strpos($prot_page_info[1],'?flag=podcast')!==false) $load_page=$prot_page_name.'&action=index'; elseif($prot_page_info[4]=='133') { $dir=(strpos($prot_page_info[1],'../')===false)?'':'../'.f_GFS($prot_page_info[1],'../','/').'/'; $load_page=$dir.'newsletter_'.str_replace('','',$prot_page_info[10]).'.php?action=subscribers'; } elseif($prot_page_info[4]=='20') { if(f_session_isset('cur_pwd'.intval($_GET['pageid']))) $r_with='action=remcookie'; else $r_with='action=doedit'; if(strpos($prot_page_name,'action=show')!==false) $load_page=str_replace('action=show',$r_with,$prot_page_name); else $load_page=$prot_page_name.'?'.$r_with; } else $load_page=$prot_page_name.'?action=index'; } if(isset($redirect_to_page) && $redirect_to_page=='admin') $load_page='../documents/centraladmin.php?process=index'; if(isset($_GET['ref_url'])) $load_page=f_strip_tags($_GET['ref_url']); //event manager if(strpos($prot_page_name,'../')===false) {$load_page='../'.$load_page;} f_url_redirect($load_page,false); exit; } } } } process_admin(); ?>

' .sprintf($fmt_label,f_ucfirst($ca_lang_l['last 30']).' '.$mon_caption. ' ('.$tot.' '.$h_lbl.')') .$f_br.$f_br. $f_br.f_vChart($gr,570,250,$labels,0).'
' .sprintf($fmt_label,f_ucfirst($ca_lang_l['last year']).' ' .($dd['mon']!=12? ($today['year']-1).' - ': '').$today['year']. ' ('.$tot.' '.$h_lbl.')').$f_br.$f_br. $f_br.f_vChart($gr,570,200,$labels,1).'
' .sprintf($fmt_label,f_ucfirst($ca_lang_l['browser'])).$f_br.$f_br.f_hChart($gr,250,count($gr)*15).'	' .sprintf($fmt_label,f_ucfirst($ca_lang_l['resolution'])).$f_br.$f_br.f_hChart($gr,260,count($gr)*15,110).'
' .sprintf($fmt_label,f_ucfirst($ca_lang_l['os'])).$f_br.$f_br.f_hChart($gr,250,count($gr)*15).'

	".f_ucfirst($ca_lang_l['protected area'])."".$f_br."
".f_ucfirst($ca_lang_l['username']).'
".f_ucfirst($ca_lang_l['password']).'

	'.$f_br.'' .$ca_lang_l['forgot q'].' '; if($sr_enable) { $contents.=' '.$ca_lang_l['member q'].' '; } $contents.="

'.$msg.$f_br.$f_br.'
'.f_ucfirst($ca_lang_l['username']).''.($vert?$f_br:'	').'
'.f_ucfirst($ca_lang_l['password']).''.($vert?$f_br:'	').'
'.($vert?'':'	').'

' .' '.$lang_r['forgotten password'].' '.$f_br .''.$lang_r['forgot password message'].$f_br.$f_br.'
'.f_ucfirst($lang_r['username']).''.($vert?$f_br:'	') .'
'.f_ucfirst($lang_r['email']).''.($vert?$f_br:'	') .'
'.($vert?'':'	').'

'.$err_msg.$f_br.$f_br.'

'.$msg.$f_br.$f_br.'

' .$lang_r['registration']."

'.$lang_r['forgotten password'].'

":'').$lang_r['registration was successful'].($norm_reg?"

".$lang_r['registration was completed']."

":'').$ca_lang_l['check email for instructions'].($norm_reg?"

'.$lang_r['check email for new password'].'

'.$lang_r['check email for new password'].'