File: /home/icsla/.trash/rteitel.com/documents/centraladmin.php
<?php
$version="ezgenerator centraladmin 4.6";
/*
centraladmin.php
http://www.ezgenerator.com
Copyright (c) 2004-2010 Image-line
*/
$pref=(file_exists('sitemap.php'))?'':'../';
include($pref.'documents/htmlMimeMail.php');
include_once($pref.'ezg_data/functions.php');
$admin_username="admin";
$admin_pwd="21232f297a57a5a743894a0e4a801fc3";
$ca_db_dir=$pref.$f_db_folder;
$ca_db_file=$ca_db_dir.'centraladmin.ezg.php';
$ca_db_settings_file=$ca_db_dir.'centraladmin_conf.ezg.php'; // settings file --> counter,self-reg and other settings
$ca_db_activity_log=$ca_db_dir.'centraladmin_reglog.ezg.php'; // log file
$ca_db_delay_file=$ca_db_dir.'centraladmin_sec.ezg.php';
$counter_ts_db_fname=$ca_db_dir.'counter_totals_db.ezg.php';
$counter_ds_db_fname=$ca_db_dir.'counter_db.ezg.php';
$ca_lang_set_fname=$pref.'ezg_data/ca_lang_set.txt';
$ca_sitemap_file=$pref.'sitemap.php';
$sp_pages_ids=array('20','21','133','136','137','138','143','144','181','190');
$ima_array=array('15|20','15|18','15|19','9|13','15|13','12|14','6|7');
$set_login_cookie=false;
$rss_call_in_prot_page=false;
if(isset($thispage_id) && isset($_GET['action']) && $_GET['action']=='rss') $rss_call_in_prot_page=true; // public rss when page is protected
if(!isset($thispage_id)) {$thispage_id=(isset($_GET['pageid'])? intval($_GET['pageid']): ''); }
$ca_template_file='documents/template_source.html';
if(!file_exists($pref.$ca_template_file)) $ca_template_file='index.html';
$template_in_root=false;
$pref_dir='../documents/';
if(strpos($ca_template_file,'.html')!==false && strpos($ca_template_file,'http://')===false)
{
$ca_template_file_f=$pref.$ca_template_file;
if(strpos($ca_template_file,'/')===false) {$template_in_root=true; $pref_dir='documents/';}
}
else
{
$ca_template_file_f=f_define_source_page($pref);
if(strpos($ca_template_file_f,'/')===false) {$ca_template_file_f='../'.$ca_template_file_f; $template_in_root=true;$pref_dir='documents/';}
}
$sr_enable=false;
$sr_notif_enabled=true;
$ca_settings=f_read_file($ca_db_settings_file);
$ca_available_lang_sets=array('DA'=>'Danish','NL'=>'Dutch','EN'=>'English','FR'=>'French','DE'=>'German','IS'=>'Icelandic','IT'=>'Italian','NO'=>'Norwegian','PL'=>'Polish','PT'=>'Portuguese','RU'=>'Russian','SL'=>'Slovenian','ES'=>'Spanish','SV'=>'Swedish','CS'=>'Czech');
$ca_reg_lang_settings_keys=array('username','name','surname','email','password','repeat password','code','registration','sr_agree_msg','want to get', 'sr_success_msg','sr_confirm_msg', 'sr_email_msg', 'sr_email_subject','sr_notif_subject','sr_already_confirmed','sr_forgotpass_note', 'sr_forgotpass_fill_either', 'sr_forgotpass_no_email','sr_forgotpass_msg3', 'sr_forgotpass_msg0', 'sr_forgotpass_subject0', 'sr_forgotpass_msg2', 'sr_forgotpass_subject', 'sr_forgotpass_msg', 'sr_forgotpass_illegal','sr_activated_subject','sr_activated_msg', 'sr_blocked_subject','sr_blocked_msg');
$ca_reg_lang_settings_labels=array('username','name','surname','email','password','repeat password','code','registration', 'I agree with terms of use','I want to receive newsletter for','registration was successful','registration was confirmed','registration email message','registration email subject','registration notification subject','registration already confirmed', 'forgot password message 1','forgot password error message', 'email not found message','forgot password message 2','forgot password confirm email message','forgot password confirm email subject', 'forgot password message 3', 'forgot password email subject', 'forgot password email message', 'forgot password already confirmed','activation email subject','activation email message','blocked account email subject','blocked account email message');
$ca_lang_l=array(); $ca_lang_set='';
ca_update_language_set();
$ca_l=($ca_lang_set=='EN'?'':'lang='.$ca_lang_set);
$ca_nav_labels=array('first'=>$ca_lang_l['first'], 'prev'=>$ca_lang_l['prev'], 'next'=>$ca_lang_l['next'], 'last'=>$ca_lang_l['last']);
$ca_account_msg='<div align="left">'.$f_br.'<span class="rvts4"><em style="color:red;">Username & Password are not set for your Central Admin account.</em></span> '.$f_br.$f_br.'<span class="rvts8">To SOLVE the problem, go to <em style="color:red;">EZGenerator >> menu Extra >> Project Settings >> Central Admin</em> and set <em style="color:red;">Username & Password</em>.</div>';
$ca_user_msg='ADMIN & ADMIN is not secure combination and thus is not allowed. Please, type new one!';
$ca_mail_msg='<div align="left">'.$f_br.'<span class="rvts4"><em style="color:red;">Admin e-mail address not defined.</em></span> '.$f_br.$f_br.'<span class="rvts8">To SOLVE the problem, go to <em style="color:red;">Central Admin >> Registration Settings</em> and define <em style="color:red;">Admin Email!</em></span>';
$ca_span8='<span class="rvts8">';
$trtdsp='<tr><td align="left">'.$ca_span8;
$ca_sitemap_arr=f_get_sitemap($pref);
$access_type=array('0'=>$ca_lang_l['view'],'1'=>$ca_lang_l['edit']);
$access_type_ex=array('0'=>$ca_lang_l['view'],'1'=>$ca_lang_l['edit'],'2'=>$ca_lang_l['page level']);
$ca_charset_lang_map=array('DA'=>'iso-8859-1','NL'=>'iso-8859-1','EN'=>'iso-8859-1','FR'=>'iso-8859-1','DE'=>'iso-8859-1','IS'=>'iso-8859-1','NO'=>'iso-8859-1','PT'=>'iso-8859-1','RU'=>'Windows-1251','SL'=>'windows-1250','ES'=>'iso-8859-1','SV'=>'iso-8859-1','CS'=>'windows-1250');
$ca_site_url=str_replace('documents/centraladmin.php','',f_build_self_url('centraladmin.php'));
function ca_update_language_set()
{
global $ca_settings,$ca_lang_set,$ca_lang_l,$ca_lang_set_fname,$ca_available_lang_sets,$ca_default_reg_settings,$ca_reg_lang_settings_keys;
$ca_lang_set=f_GFS($ca_settings,'<language>','</language>');
if(isset($_REQUEST['lang'])) $ca_lang_set=strtoupper(f_strip_tags($_REQUEST['lang']));
elseif($ca_lang_set!='') $ca_lang_set=strtoupper($ca_lang_set);
elseif(isset($_COOKIE['ca_lang'])) $ca_lang_set=strtoupper(f_strip_tags($_COOKIE['ca_lang']));
else $ca_lang_set='EN';
if(!array_key_exists($ca_lang_set, $ca_available_lang_sets)) $ca_lang_set='EN';
$lang_set_updated=f_read_lang_set($ca_lang_set_fname,$ca_lang_set,'ca');
if(isset($lang_set_updated['lang_l'])) $ca_lang_l=$lang_set_updated['lang_l'];
$reg_lang_set_raw=f_GFS($ca_settings,'<sr_language_'.$ca_lang_set.'>','</sr_language_'.$ca_lang_set.'>');
if($reg_lang_set_raw!='')
{
foreach($ca_reg_lang_settings_keys as $k=>$v)
{
if(strpos($reg_lang_set_raw,'<'.$v.'>')!==false) $ca_lang_l[$v]=f_un_esc(f_GFS($reg_lang_set_raw,'<'.$v.'>','</'.$v.'>'));
}
}
}
function un_esc($s) {return htmlspecialchars(str_replace(array('\\\\','\\\'','%%%'),array('\\','\'','"'),$s),ENT_QUOTES);}
function esc($s) {return (get_magic_quotes_gpc()?str_replace('\"','%%%',$s):str_replace(array('\\','\'','"'),array('\\\\','\\\'','%%%'),$s));}
function get_page_info($page_id) // gets info for protected page
{
global $ca_sitemap_arr,$thispage_id,$f_br;
$page=array();
foreach($ca_sitemap_arr as $k=>$v) {if($v[10]=='<id>'.$page_id) {$page=$v;break;}}
if(empty($page))
{
if($thispage_id==$page_id)
{
if(isset($_POST['loginid']))
{
foreach($ca_sitemap_arr as $k=>$v) {if(isset($v[10]) && $v[6]=='TRUE' && $v[7]==f_strip_tags($_POST['loginid'])) {$page=$v;break;}}
if(empty($page)) { foreach($ca_sitemap_arr as $k=>$v){if(isset($v[10]) && $v[6]=='TRUE' && $v[4]=='136') {$page=$v;break;}} }
if(empty($page))
{
print GT($f_br."<span class='rvts8'><b>This Login page is not associated with any protected page. The system doesn't know where to redirect you.".$f_br."You have to go to EZG and protect certain page with this Login page.</b></span>"); exit;
}
}
}
else {echo "ERROR: the <b>Protected page</b> you are trying to access uses <b>Login</b> page that does not exist anymore! Please, go to protected page <b>Page Settings</b> panel and set existing page as <b>Login</b> page, or contact the site administrator.";exit; }
}
return $page;
}
function get_pages_list($type_id='')
{
global $sp_pages_ids,$pref;
$pages=array();
$ca_sitemap_arr_cats_incl=f_get_sitemap($pref,true);
foreach($ca_sitemap_arr_cats_incl as $k=>$v)
{
$buffer=array();
$p_name=strpos($v[0],'#')!==false && strpos($v[0],'#')==0? str_replace('#','',$v[0]): $v[0];
if(isset($v[10]) && strpos($v[10],'<id>')!==false)
{
$buffer['name']= trim($p_name);
$buffer['id']= trim($v[4]);
$buffer['url']= $v[1];
$buffer['protected']= $v[6];
$buffer['section']=$v[7];
$buffer['subpage']=$v[3];
$buffer['frames']=$v[15];
$buffer['subpage_url']=$v[18];
$buffer['pageid']= str_replace('<id>','',$v[10]);
if(in_array($v[4],$sp_pages_ids))
{
if($v[4]=='133') { $buffer['adminurl']='../subscribe/subscribe_'.str_replace('<id>','',$v[10]).'.php?action=subscribers';}
elseif($v[4]=='143'&&strpos($v[1],'?flag=podcast')!==false) {$buffer['adminurl']=$v[1].'&action=index';}
elseif($v[4]=='190')$buffer['adminurl']=$v[1].'?action=login';
elseif($v[4]=='181')
{
if(strpos($v[1],'/')===false) $v[1]='../'.$v[1];
if(strpos($v[1],'action=list')!==false) $buffer['adminurl']=str_replace('action=list','action=login',$v[1]);
else $buffer['adminurl']=$v[1].'?action=login';
}
elseif($v[4]=='21')
{
if(strpos($v[1],'/')===false) $v[1]='../'.$v[1];
if(strpos($v[1],'action=list')!==false) $buffer['adminurl']=str_replace('action=list','action=orders',$v[1]);
else $buffer['adminurl']=$v[1].'?action=orders';
}
elseif($v[4]=='20')
{
if(strpos($v[1],'/')===false) $v[1]='../'.$v[1];
$new_action=($v[7]!='' && $v[7]!='-1' || $v[6]=='TRUE')?'action=doedit':'action=login';
if(strpos($v[1],'action=show')!==false) $buffer['adminurl']=str_replace('action=show',$new_action,$v[1]);
else $buffer['adminurl']=$v[1].'?'.$new_action;
}
else {$buffer ['adminurl']=$v[1].'?action=index';}
}
}
else {$buffer=array('name'=>trim($p_name)); }
if($type_id=='' || isset($buffer['id']) && $buffer['id']==$type_id) { $pages[]=$buffer; }
}
return $pages;
}
function get_prot_pages_list($section_id='')
{
global $ca_sitemap_arr;
$pages=array();
foreach($ca_sitemap_arr as $k=>$v)
{
if(strpos($v[10],'<id>')!==false)
{
$p_name=strpos($v[0],'#')!==false && strpos($v[0],'#')==0? str_replace('#','',trim($v[0])): trim($v[0]);
$ca_control= ($v[7]!='' && $v[7]!='-1' || $v[6]=='TRUE');
if($ca_control && ($section_id=='' || $v[7]==$section_id))
{
$temp=array('name'=>$p_name,'url'=>$v[1],'typeid'=>$v[4],'section'=>$v[7],'protected'=>$v[6],'id'=>str_replace('<id>','',$v[10]));
$pages[]=$temp;
}
}
}
return $pages;
}
function get_sections_list()
{
global $ca_sitemap_arr;
$sections=array();
foreach($ca_sitemap_arr as $k=>$v) { if(strpos($v[10],'<id>')!==false) {if($v[4]=='22') $sections[]=$v;} }
return $sections;
}
function get_section_name($section_id='')
{
global $ca_sitemap_arr;
$sections_name='';
foreach($ca_sitemap_arr as $k=>$v)
{
if(strpos($v[10],'<id>')!==false)
{
if(empty($section_id) && $v[4]=='22') { $id=str_replace('<id>','',$v[10]);$sections_name[$id]=$v[8]; }
if($v[4]=='22' && strpos($v[10],'<id>'.$section_id.'|')!==false) {$sections_name=$v[8];break;}
}
}
return $sections_name;
}
function duplicated_user($user)
{
global $admin_username;
$existing_users_arr=array();
$existing_users=db_get_users();
$selfreg_users=db_get_users('selfreg_users');
$user=strtolower($user);
if(strtolower($admin_username)==$user) return true;
if(strpos(strtolower($existing_users),'username="'.$user.'"')!==false) return true;
elseif(strpos(strtolower($selfreg_users),'username="'.$user.'"')!==false) return true;
else return false;
}
function error($user_account=array())
{
global $ca_lang_l,$f_br;
if(isset($_GET['ref_url']) && $_GET['ref_url']!='')
$contents=build_login_form('',f_strip_tags($_GET['ref_url']),$user_account); //event manager
else $contents=build_login_form('','',$user_account);
if(strpos($contents,'<!--[error_message]')!==false)
{
$pattern=f_GFS($contents,'[error_message]','[/error_message]');
if(!empty($user_account) && $user_account['details']['status']=='0') $pattern=ucfirst($ca_lang_l['blocked_err_msg']);
if($pattern!='')
{
if(isset($_GET['extcall'])) $pattern="<div class='rvps1'><h5>".$pattern."</h5></div>";
else
{
$pattern='<div class="rvps1"><h5>'.$pattern.$f_br.$f_br.'</h5></div>';
$contents=str_replace(f_GFSAbi($contents,'<!--[error_message]','-->'),$pattern,$contents);
}
}
else
{
$pattern='<div class="rvps1"><h5>'.$ca_lang_l['use correct username'].$f_br.$f_br.'</h5></div>';
$contents=str_replace(f_GFSAbi($contents,'<!--[error_message]','-->'),$pattern,$contents);
}
}
else {$contents=str_replace('<!--page-->','<!--page-->'.'Error occured. '.$ca_lang_l['use correct username'],$contents);}
if(isset($_GET['extcall'])) $contents=GT($pattern);
echo $contents;
exit;
}
function hChart($data,$width,$height,$offs=100) //graph
{
ksort($data);
$grid=true;$width-=$offs;$grid_w=$width/10;
$colors=array('#e88','#b55');
$ret='<div style="position:relative;width:'.($width+$offs).'px;height:'.$height.'px;">';
$h=$height/count($data);
if($grid)
{
for($i=0;$i<11;$i++)
{
$ret.='<div style="height:'.$height.'px;border-left: 1px solid #eee;width:1px;position:absolute;left:'.(($i*$grid_w) + $offs).'px;"></div>';
$ret.='<div style="height:2px;border-left: 1px solid #333;width: 1px;position:absolute;left:'.(($i*$grid_w) + $offs).'px;bottom:0px;"></div>';
}
}
$t=0;$cp=0;$md=max($data);$tot=0;
foreach($data as $k=>$v)$tot+=$v;
if($tot!=0)
{ $i=0;
foreach($data as $k=>$v)
{
$color=$colors[$i% count($colors)];$pc=($v/$tot)*100;
$ret.='<div style="background: '.$color.';position:absolute;width:'.($v/$md*($width)).'px;height:'.$h.'px;top:'.$t.'px;left:'.$offs.'px;"></div>';
$ret.='<div style="position:absolute;left:0px;top:'.($t+2).'px;"><span class="rvts8">'.$k.'</span></div>';
$ret.='<div style="position:absolute;left:'.($offs-40).'px;top:'.($t+2).'px;"><span class="rvts8">'.number_format($pc,1).'%</span></div>';
$t+=$h; $i++;
}
}
$ret.='</div>';
return $ret;
}
function vChart($data,$width,$height,$labels)
{
global $f_br;
$colors=array('#e88','#b55');$cd=count($data);
$ret='<div style="position:relative;width:'.$width.'px; height:'.$height.'px;">';
$w=max(1,floor(($width-$cd)/$cd));
$width=($w+1)*$cd;
$grid_h=$height/10;
for($i=0;$i<11;$i++)
{
$ret.='<div style="height:1px;border-top: 1px solid #eee;width:'.$width.'px;position:absolute;left:0px;top:'.$i*$grid_h.'px"></div>';
$ret.='<div style="height:1px;border-top: 1px solid #333;width:2px;position:absolute;left:0px;top:'.$i*$grid_h.'px"></div>';
}
$i=0;
foreach($data as $k=>$value)
{
if($value!=0) $ret.='<div style="background: '.$colors[$i%count($colors)].';position:absolute;width:'.($w).'px;height:'.($value/max($data)*$height).'px;left:'.($i*$w + $i).'px;bottom:0px;"></div>';
if($value!=0) $ret.='<div style="position:absolute;text-align:center;width:'.($w).'px;left:'.($i*$w + $i).'px;bottom:'.(($value/max($data)*$height)+1).'px;"><span class="rvts8" style="font:9px tahoma">'.$value.'</span></div>';
$i++;
}
$i=0;
foreach($labels as $k=>$v) { $ret.='<div style="position:absolute;text-align:center;width:'.($w).'px;left:'.($i*$w + $i).'px;bottom:-20px;"><span class="rvts8" style="font-size:10px">'.$v.'</span></div>'; $i++;}
$ret.='</div>'.$f_br.$f_br;
return $ret;
}
// ------------- admin
function index($action_id) // site map screen
{
global $sp_pages_ids,$counter_ts_db_fname,$counter_ds_db_fname,$pref_dir,$template_in_root,$ca_lang_l,$ca_l,$f_br,
$f_fmt_caption,$ca_span8,$f_max_chars,$ca_nav_labels,$f_max_rec_on_admin,$f_month_names;
$output='';$day=86400;
$os=array('other','Win95','Win98','WinNT','W2000','XP','W2003','Vista','Linux','Mac','Windows','Windows 7');
$browsers=array('other','IE','Opera','Firefox','Netscape','AOL','Safari','Konqueror','IE5','IE6','IE7','Opera7','Opera8','Firefox 1','Firefox 2','Netscape 6', 'Netscape 7','Firefox 3','Chrome','IE8');
$counter_on=file_exists($counter_ts_db_fname)&&(filesize($counter_ts_db_fname)!==0);
$fmt_label='<span class="rvts8" style="font-size:10px;font-variant:small-caps"><b>%s</b></span>';
if(isset($_GET['stat']) && $_GET['stat']=='detailed') // COUNTER detailed stat
{
$pg=(isset($_GET['pid']))?intval($_GET['pid']):'';
$br_stat=array();$os_stat=array();$res_stat=array();//graphs
foreach($browsers as $k=>$v) $br_stat[$k]=0;
foreach($os as $k=>$v) $os_stat[$k]=0;
$query_st_time=f_microtime_float();
$d=time();$d+=$day;
$dd=getdate($d);
$now=mktime(0,0,0,$dd['mon'],$dd['mday'],$dd['year']);
$today=getdate($now-$day);
$days_in_mon=f_days_in_month($today['mon'],$today['year']);
$month_stat=array_fill(0,$days_in_mon,0);$year_stat=array_fill(0,12,0);$last30_stat=array_fill(0,30,0); // V graphs
$last30_d=array();
$offset=$today['mday']-30;$mon_caption=$f_month_names[$today['mon']-1];
if($offset<0)
{
$days_in_prev_m=f_days_in_month($today['mon']-1,$today['year']);
for($i=$days_in_prev_m-abs($offset)+1; $i<=$days_in_prev_m; $i++) $last30_d[]=$i;
for($i=1;$i<=$today['mday']; $i++) $last30_d[]=$i;
$mon_caption=$f_month_names[(($today['mon']-2)==-1?11:$today['mon']-2)].' - '.$f_month_names[$today['mon']-1];
}
else for($i=$offset;$i<=$today['mday'];$i++) $last30_d[]=$i;
$month_offsets=array();
$month_offsets[12]=$now-($today['mday']*$day);
$month_ids[12]=$today['mon'];
$cc=1;
for($i=11;$i>0;$i--)
{
$month_ids[$i]=(($today['mon']-$cc)>0)?$today['mon']-$cc:12+($today['mon']-$cc);
$mj=(($today['mon']-$cc)>0)?$today['year']:$today['year']-1;
$month_offsets[$i]=$month_offsets[$i+1]-(f_days_in_month($month_ids[$i],$mj)*$day);
$cc++;
}
if(file_exists($counter_ds_db_fname)&&(filesize($counter_ds_db_fname)>0))
{
$fp=fopen($counter_ds_db_fname, 'r');
$php_start_line=fgetcsv($fp,$f_max_chars);
$query_st_time=f_microtime_float();
$year_ago=$now-$day*355;
$month_ago=$now-$day*30;
while($data=fgetcsv($fp,$f_max_chars,'|'))
{
if($data[0]==$pg || $pg=='') //graphs
{
if($data[1]>$year_ago)
{
foreach($month_offsets as $k=>$v) if($data[1]>$v) {$year_stat[$k-1]+=1;break;}
if($data[1]>$month_ago)
{
$br_stat[$data[4]]+=1;
$os_stat[$data[5]]+=1;
if(strpos($data[6], 'screen.width')!=false) $data[6]='1024x768';
$res_stat[$data[6]]=(isset($res_stat[$data[6]]))?$res_stat[$data[6]]+1:1;
$dday=(int)floor(($data[1]-$month_ago)/$day);
$last30_stat[$dday]+=1;
}
}
}
}
fclose($fp);
}
if(isset($_GET['pid']))
{
$get_purl=f_strip_tags($_GET['purl']);
if($template_in_root) $purl=str_replace('../','',$get_purl);
else $purl=(strpos($_GET['purl'], '../')===false)?'../'.$get_purl:$get_purl;
}
$output.=f_fmt_admin_title(ucfirst($ca_lang_l['graph stat']).' '.(isset($_GET['pid'])?' <a target="_blank" class="rvts12" href="'.$get_purl.'" title="'.$purl.'">'.f_strip_tags($_GET['pname']).'</a> page':'')).$f_br.$f_br;
//graphs
$output.='<table class="atable" cellpadding="3" align="center"><tr valign="bottom">';
$gr=array(); $labels=array();$tot=0;
foreach($last30_stat as $k=>$v) {$gr[$k+1]=$v;$labels[$k]=$last30_d[$k]; $tot+=$v;}
$output.='<tr><td align="left" class="news_bg" valign="bottom" colspan="2" style="padding-bottom:10px;">'.sprintf($fmt_label,ucfirst($ca_lang_l['last 30']).' '.$mon_caption. ' ('.$tot.' hits)')
.$f_br.$f_br. $f_br.vChart($gr,570,250,$labels).'</td></tr>';
$gr=array(); $labels=array();$tot=0;
foreach($year_stat as $k=>$v){$gr[$f_month_names[$month_ids[$k+1]-1]]=$v; $labels[$k]=substr($f_month_names[$month_ids[$k+1]-1],0,3);$tot+=$v;}
$output.='<td class="news_bg" align="left" valign="bottom" colspan="2" style="padding-bottom:10px;">'.sprintf($fmt_label,ucfirst($ca_lang_l['last year']).' '
.($dd['mon']!=12? ($today['year']-1).' - ': '').$today['year']. ' ('.$tot.' hits)').$f_br.$f_br. $f_br.vChart($gr,570,200,$labels).'</td>';
$md=max($br_stat)/50;$other=0;$gr=array();
foreach($br_stat as $k=>$v) {if($v<$md) $other+=$v;else $gr[$browsers[$k]]=$v;}
$gr['other']=$other;
$output.='<tr><td align="left" class="news_bg" valign="top" style="width:auto">'.sprintf($fmt_label,ucfirst($ca_lang_l['browser'])).$f_br.$f_br.hChart($gr,250,count($gr)*15).'</td>';
$md=(!empty($res_stat))?max($res_stat)/100:0;
$other=0;$gr=array();
foreach($res_stat as $k=>$v) {if($v<$md) $other+=$v;else $gr[$k]=$v;}
$gr['other']=$other;
$output.='<td align="left" class="news_bg" style="width:auto" rowspan="2" valign="top">' .sprintf($fmt_label,ucfirst($ca_lang_l['resolution'])).$f_br.$f_br.hChart($gr,260,count($gr)*15,110).'</td></tr><tr>';
$md=max($os_stat)/200;$other=0;$gr=array();
foreach($os_stat as $k=>$v) {if($v<$md) $other+=$v;else $gr[$os[$k]]=$v;} //
$gr['other']=$other;
$output.='<td align="left" class="news_bg" valign="top" style="width:auto;">' .sprintf($fmt_label,ucfirst($ca_lang_l['os'])).$f_br.$f_br.hChart($gr,250,count($gr)*15).'</td></tr></table>';
$url_part=$pref_dir."centraladmin.php?process=index&stat=olddetailed&".$ca_l."&"
.(isset($_GET['pid'])? "&pid=".intval($_GET['pid'])."&purl=".$purl."&pname=".f_strip_tags($_GET['pname']): '');
$output.=$f_br.$f_br.'<a class="rvts12" href="'.$url_part.'" alt="'.$v[7].'" title="'.$v[7].'">'.$ca_lang_l['detailed stat'].'</a>';
$output=$output.$f_br.$f_br.'<span class="rvts8" style="font-size: 9px">Page created in: '.round(f_microtime_float() - $query_st_time,4).' seconds</span>';
//end graphs
}
elseif(isset($_GET['stat']) && $_GET['stat']=='olddetailed') // old detailed stat
{
$records=array();
$all_records=array();
$screen=(isset($_GET['page'])? intval($_GET['page']): 1);
$p=(isset($_GET['pid']))? intval($_GET['pid']):'';
$records_count=0;
if(file_exists($counter_ds_db_fname)&&(filesize($counter_ds_db_fname)>0))
{
$fp=fopen($counter_ds_db_fname, 'r');
$php_start_line=fgetcsv($fp, $f_max_chars);
if($p!='') {$pos=ftell($fp); $p_pos=array();}
while($data=fgetcsv($fp, $f_max_chars,'|'))
{
if(strpos($data[0],'<?'.'php echo "hi"; exit; /*')===false)
{
if($p!='') { if($data[0]==$p) {$p_pos[]=$pos; $records_count++;} }
else {$records_count++;}
if($p!='') $pos=ftell($fp);
}
}
rewind($fp);
$offset=($screen==1)?0:($screen-1)*$f_max_rec_on_admin;
$limit_rec_to=($screen*$f_max_rec_on_admin>$records_count)?$f_max_rec_on_admin-($screen*$f_max_rec_on_admin-$records_count):$f_max_rec_on_admin;
$offset=$records_count-$offset-$limit_rec_to;
$line=0;
if($p=='')
{
while($data=fgetcsv($fp, $f_max_chars,'|'))
{
if(strpos($data[0],'<?'.'php echo "hi"; exit; /*')===false)
{
if(($line>=$offset)&&($line<$offset+$limit_rec_to))$records[]=$data;$line++;
if($line>$offset+$limit_rec_to)break;
}
}
}
else
{
$p_pos=array_slice($p_pos,$offset,$limit_rec_to);
foreach($p_pos as $k=>$pos) { fseek($fp,$pos); $data=fgetcsv($fp, $f_max_chars,'|'); $records[]=$data; }
}
fclose($fp);
$records=array_reverse($records);
}
if(isset($_GET['pid']))
{
$get_purl=f_strip_tags($_GET['purl']);
if($template_in_root) $purl=str_replace('../','',$get_purl);
else $purl=(strpos($_GET['purl'], '../')===false)?'../'.$get_purl:$get_purl;
}
$url_part=$pref_dir."centraladmin.php?process=index&stat=olddetailed&".$ca_l."&"
.(isset($_GET['pid'])? "&pid=".intval($_GET['pid'])."&purl=".$purl."&pname=".f_strip_tags($_GET['pname']): '');
$output.=f_fmt_admin_title(ucfirst($ca_lang_l['detailed stat']).' '.(isset($_GET['pid'])?' <a class="rvts12" href="'.$get_purl.'" title="'.$purl.'">'.f_strip_tags($_GET['pname']).'</a> page':'')).$f_br.$f_br;
$nav=f_page_navigation($records_count, $url_part, $f_max_rec_on_admin, $screen, $ca_lang_l['of'], "class='rvts12'", $ca_nav_labels);
$cap_arrays=array($ca_lang_l['date'],$ca_lang_l['time'],$ca_lang_l['browser'],$ca_lang_l['os'],$ca_lang_l['resolution'],$ca_lang_l['host']."/".strtoupper($ca_lang_l['ip']) ."/".ucfirst($ca_lang_l['referrer']));
$table_data=array();
foreach($records as $k=>$v)
{
$fixed_date=f_tzone_date($v[1]);
$row_data=array($ca_span8.date ('j M y',$fixed_date)."</span>",$ca_span8.date ('H:i:s',$fixed_date)."</span>",
$ca_span8.$browsers[$v[4]]."</span>",$ca_span8.$os[$v[5]]."</span>",$ca_span8.$v[6]."</span>",
$ca_span8.$v[3].' ('.f_ip_locator($v[2]).') '
.(isset($v[7]) && $v[7]!='NA'?'<a class="rvts12" href="'.$v[7].'" alt="'.$v[7].'" title="'.$v[7].'">'.ucfirst($ca_lang_l['referrer']).'</a>':$ca_lang_l['na']).'</span>');
$table_data[]=$row_data;
}
$output.=f_admintable($nav,$cap_arrays,$table_data);
}
else //sitemap page
{
$pages_list=get_pages_list();
$counter_stat=f_read_tagged_data($counter_ts_db_fname,'totals'); // counter data
$cap_arrays=array($ca_lang_l['page name'],$ca_lang_l['admin link'],$ca_lang_l['protected'],$ca_lang_l['ca controlled']);
if($counter_on) $cap_arrays[]=$ca_lang_l['pageloads'];
$table_data=array();
foreach($pages_list as $k=>$v)
{
$page_text=''; $admin_text=''; $prot_text=''; $ca_text=''; $counter_text='';
if(isset($v['id']))
{
if($template_in_root)
{
$v_url=str_replace('../','',$v['url']);
$supage_url=str_replace('../','',$v['subpage_url']);
}
else
{
$v_url=(strpos($v['url'],'../')===false?'../':'').$v['url'];
$supage_url=(strpos($v['subpage_url'],'../'===false)?'../':'').$v['subpage_url'];
}
$page_text.=$ca_span8;
if($v['subpage']=='1')
$page_text.=" - </span><a target='_blank' class='rvts8' style='text-decoration:none' href='".($v['frames']=='0' && $v['subpage']=='1'?$supage_url:$v_url)."'>";
else
$page_text.=":: </span><a target='_blank' class='rvts8' style='text-decoration:none;' href='".($v['frames']=='0' && !empty($v['subpage_url'])?$supage_url:$v_url)."'>";
$page_text.=$v['name']."</a>";
if(in_array($v['id'],$sp_pages_ids))
{
if($template_in_root) $admin_url=str_replace('../','',$v['adminurl']);
else $admin_url=(strpos($v['adminurl'],'../')===false)?'../'. $v['adminurl']:$v['adminurl'];
$admin_text.=$ca_span8."[</span><a class='rvts12' href='".$admin_url.'&'.$ca_l."'>";
$admin_text.=($v['id']=='20')?$ca_lang_l['edit']:$ca_lang_l['admin'];
$admin_text.="</a>".$ca_span8."]</span>";
}
$prot_text=$ca_span8.($v['protected']=='TRUE'? '[X]': '')."</span>";
$ca_text=$ca_span8.(in_array($v['id'],$sp_pages_ids) || $v['protected']=='TRUE'? '[X]': '')."</span>";
if($counter_on) $counter_text=get_loads($counter_stat,$v['pageid'],$v_url,$v['name']); // counter
$row_data=array($page_text,$admin_text,$prot_text,$ca_text); if($counter_on) $row_data[]=$counter_text;
$table_data[]=$row_data;
}
else
{
$row_data='<span class="rvts9" style="font-variant:small-caps;letter-spacing: 3px;">'.$v['name'].'</span>';
$table_data[]=$row_data;
}
}
$tell_a_url='href="'.$pref_dir.'tell_friend.php?action=admin';
$page_text=$ca_span8.':: </span><a class="rvts8" style="text-decoration:none;" '.$tell_a_url.'">'.ucfirst($ca_lang_l['tell a friend admin'])."</a>";
$admin_text.=$ca_span8.'[</span><a class="rvts12" '.$tell_a_url.'">'.$ca_lang_l['admin']."</a>".$ca_span8."]</span>";
$prot_text=''; $ca_text=$ca_span8.'[X]</span>'; $counter_text='';
$row_data=array($page_text,$admin_text,$prot_text,$ca_text); if($counter_on) $row_data[]=$counter_text;
$table_data[]=$row_data;
$page_text=''; $admin_text=''; $prot_text=''; $ca_text='';
if($counter_on)
{
$counter_text=$ca_span8.ucfirst($ca_lang_l['total pageloads']).": ".f_GFS($counter_stat,'<loads>','</loads>') ."</span> ".(f_GFS($counter_stat,'<loads>','</loads>')!='0'?$ca_span8."[</span><a class='rvts12' href='".$pref_dir."centraladmin.php?process=index&stat=detailed&".$ca_l."'>".$ca_lang_l['details']."</a>".$ca_span8."]</span>":'')
.$f_br.$ca_span8.ucfirst($ca_lang_l['unique visitors']).": ".f_GFS($counter_stat,'<unique>','</unique>')."</span>"
.$f_br.$ca_span8.ucfirst($ca_lang_l['first time visitors']).": ".f_GFS($counter_stat,'<first>','</first>')."</span>"
.$f_br.$ca_span8.ucfirst($ca_lang_l['returning visitors']).": ".f_GFS($counter_stat,'<returning>','</returning>')."</span>";
}
$row_data=array('',$admin_text,$prot_text,$ca_text); if($counter_on) $row_data[]=$counter_text;
$table_data[]=$row_data;
$output.=f_admintable('',$cap_arrays,$table_data);
}
$output=f_fmt_admin_screen($output, build_menu($action_id));
print GT($output);
}
function get_loads($counter_stat,$page_id,$page_url,$page_title) // COUNTER get page loads
{
global $pref_dir,$ca_lang_l,$ca_l,$ca_span8;
if(strpos($counter_stat, '<l_'.$page_id.'>')!==false)
$page_total='<div style="width:70%;text-align:left;float:left;"><span class="rvts8">'.f_GFS($counter_stat, '<l_'.$page_id.'>','</l_'.$page_id.'>').'</span></div><div style="text-align:right;"><span class="rvts8">[</span><a class="rvts12" href="'.$pref_dir.'centraladmin.php?process=index&stat=detailed&'.$ca_l.'&pid='.$page_id.'&purl='.$page_url.'&pname='.$page_title. '">'.$ca_lang_l['details'].$ca_span8.'</a><span class="rvts8">]</span></div>';
else $page_total='<span class="rvts8">'.$ca_lang_l['na'].'</span>';
return $page_total;
}
function manage_users($action_id)
{
global $access_type,$pref,$pref_dir,$ca_lang_l,$ca_l,$access_type_ex,$f_br,$f_fmt_caption,$f_ct, $ca_span8,$f_max_rec_on_admin,$ca_nav_labels;
$output='';
$curr_page=(isset($_GET['page'])? intval($_GET['page']): 1);
$search_used=(isset($_GET['search_string']) && !empty($_GET['search_string'])? true: false);
if($search_used)
{
$search_string=strtolower(f_strip_tags(trim($_GET['search_string'])));
$all_users=f_get_all_users($pref);
$users_array=array();
foreach($all_users as $k=>$v)
{
if(strpos(strtolower(f_sth(urldecode($v['username']))),$search_string)!==false || strpos(strtolower(f_sth(urldecode($v['details']['name']))),$search_string)!==false || strpos(strtolower(f_sth(urldecode($v['details']['email']))),$search_string)!==false || strpos(strtolower(f_sth(urldecode($v['details']['sirname']))),$search_string)!==false)
{$users_array[]=$v;}
}
}
else { $users=db_get_users(); $users_array=($users!='')?f_format_users($users):array(); }
$total_records=count($users_array);
if($total_records>1)
{
foreach($users_array as $key => $row) $name[$key]=$row['username'];
$name_lower=array_map('strtolower',$name);
array_multisort($name_lower,SORT_ASC,$users_array);
}
$users_array=array_slice($users_array,($curr_page-1)*$f_max_rec_on_admin,$f_max_rec_on_admin);
$section_names_arr=get_section_name();
$cap_arrays=array(); $table_data=array();
$base=f_build_self_url('centraladmin.php');
$nav='<script language="javascript" type="text/javascript"> function showSearchResult(){'
.' var search=document.getElementsByName("search_string")[0].value;document.location="'.$base .'?process=manageusers&search_string="+search; } </script> ';
$nav.='<div><div style="float:left;"><input class="input1" type="button" value=" '.ucfirst($ca_lang_l['add user']).' " onclick="document.location=\''.$base.'?process=processuser&'.$ca_l.'\'"'.$f_ct.' <input class="input1" type="button" value=" '.ucfirst($ca_lang_l['unconfirmed users']).' " onclick="document.location=\''.$base.'?process=pendingreg&'.$ca_l.'\'"'.$f_ct.' <input class="input1" type="button" value=" '.ucfirst($ca_lang_l['export']).' " onclick="document.location=\''.$base.'?process=export&'.$ca_l .'\'"'.$f_ct.$f_br.$f_br.'</div><div style="text-align:right;"> <input class="input1" type="text" name="search_string" value="" style="width:120px" maxlength="50"'.$f_ct.' <input class="input1" type="button" name="search" value="'.ucfirst($ca_lang_l['search']).'" onclick="showSearchResult();"' .$f_ct.'</div></div><div style="clear:both;"></div>';
$nav.=f_page_navigation($total_records, $pref_dir.'centraladmin.php?process=manageusers'.($search_used? '&search_string='.f_strip_tags(trim($_GET['search_string'])): ''), $f_max_rec_on_admin, $curr_page, $ca_lang_l['of'], "class='rvts12'", $ca_nav_labels);
if(!empty($users_array))
{
$cap_arrays=array($ca_lang_l['user'],ucfirst($ca_lang_l['details']),$ca_lang_l['access to'],$ca_lang_l['status']);
$table_data=array();
$url=$pref_dir."centraladmin.php?process=processuser&".$ca_l;
foreach($users_array as $key=>$value)
{
if(!empty($value))
{
$usr=$value['username']; $usrid=$value['id'];
$user='<span class="rvts8">'.$usr.'</span>';
$user.='<div id="editaccess_'.$usrid.'" style="padding-top:10px;display:none;">'
.build_edit_user_form('editaccess','',$usr,$value['access'],$usrid,$value).'</div>'
.'<div id="editdetails_'.$usrid.'" style="padding-top:10px;display:none;">'
.build_edit_user_form('editdetails','',$usr,$value,$usrid,$value).'</div>'
.'<div id="editpass_'.$usrid.'" style="padding-top:10px;display:none;">'
.build_edit_user_form('editpass','',$usr,'',$usrid,$value).'</div>';
$details=$ca_span8.strtoupper(str_replace('"','"',un_esc($value['details']['name'])))." ".strtoupper(str_replace('"','"',un_esc($value['details']['sirname']))).$f_br .un_esc($value['details']['email'])."</span>";
$sv_eac='sv(\'editaccess_'.$usrid.'\');';$svc_eat='svc(\'editaccess_'.$usrid.'\');';
$sv_edet='sv(\'editdetails_'.$usrid.'\');';$svc_edet='svc(\'editdetails_'.$usrid.'\');';
$sv_epas='sv(\'editpass_'.$usrid.'\');';$svc_epas='svc(\'editpass_'.$usrid.'\');';
$access='';$range=false;
if(!isset($value['access']))
$access='<span class="rvts8">'.strtoupper($ca_lang_l['all']).' ('.ucfirst($access_type[$v['type']]).')</span>';
else
{
foreach($value['access'] as $k=>$v) //ALL-write
{
if($v['section']=='ALL')
{ $access.='<span class="rvts8">'.strtoupper($ca_lang_l['all']).' ('.ucfirst($access_type_ex[$v['type']]).')</span>'; }
else
{
$sv_chr='sv(\'check_range_'.$usrid.'_'.$v['section'].'\');';$svc_chr='svc(\'check_range_'.$usrid.'_'.$v['section'].'\');';
$section_name=$section_names_arr[$v['section']];
if(empty($section_name)) $section_name=$v['section'];
$href='javascript:void(0);" onclick="'.$sv_chr.$svc_eat.$svc_edet.$svc_epas;
$access.='<span class="rvts8">'.$section_name.' ('.ucfirst($access_type_ex[$v['type']]).')</span>';
$access.='<div id="check_range_'.$usrid.'_'.$v['section'].'" style="padding-top:10px;display:none;">'. check_section_range(1,$v['section'],$usr,$value).' </div> <span class="rvts8">[</span><a class="rvts12" href="'.$href.'">'.$ca_lang_l['check range'].'</a><span class="rvts8">]</span> '.$f_br;
$range=true;
}
}
}
$user_nav=array($ca_lang_l['edit access']=>'javascript:void(0);" onclick="'.$sv_eac.$svc_edet.$svc_epas.($range?$svc_chr:''),
$ca_lang_l['details']=>'javascript:void(0);" onclick="'.$svc_eat.$sv_edet.$svc_epas.($range?$svc_chr:''),
$ca_lang_l['password']=>'javascript:void(0);" onclick="'.$svc_eat.$svc_edet.$sv_epas.($range?$svc_chr:''),
$ca_lang_l['remove']=>$url."&removeuser=".$usrid.'" onclick="javascript:return confirm(\''.ucfirst($ca_lang_l['remove MSG']).'\')');
if($value['details']['status']=='1') {$status_value=$ca_lang_l['active']; $status_link_label=$ca_lang_l['block']; $act='block';}
else {$status_value=$ca_lang_l['blocked']; $status_link_label=$ca_lang_l['activate']; $act='activate';}
$status='<span class="rvts8">'.ucfirst($status_value).'</span>';
$status_nav=array($status_link_label=>$url."&".$act."=".$usrid);
$row_data=array(array($user,$user_nav),$details,$access,array($status, $status_nav));
$table_data[]=$row_data;
}
}
$output.=f_admintable($nav,$cap_arrays,$table_data);
}
else $output.=f_admintable($nav,$cap_arrays,$table_data)."<div align='center'>".$ca_span8.ucfirst($ca_lang_l['none users'])."</div>";
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output);
print $output;
}
function process_users($action_id) //process add/edit/remove user
{
global $pref,$ca_lang_l,$ca_user_msg,$f_fmt_span8em,$ca_site_url,$f_lf;
$output='';$sections='';$details='';$news='';
if(isset($_POST["select_all"]) && $_POST["select_all"]=='no')
{
if(isset($_POST["selected_sections"]))
{
foreach($_POST["selected_sections"] as $k=>$v) // to each section from section_list --> access_type assigned
{
$user_id=(isset($_POST["id"]))? '_'.f_strip_tags($_POST["id"]): '';
$a_type=(isset($_POST["access_type".$v.$user_id])? f_strip_tags($_POST["access_type".$v.$user_id]): '');
$sections.='<access id="'.($k+1).'" section="'.$v.'" type="'.$a_type.'">';
if($a_type=='2')
{
$section_range=get_prot_pages_list($v);
foreach($section_range as $key=>$val)
{
$pid=$val['id'];
if(isset($_POST["access_to_page".$pid]))
$sections.='<p id="'.($key+1).'" page="'.$pid.'" type="'.f_strip_tags($_POST["access_to_page".$pid]).'">';
}
}
$sections.='</access>';
}
}
else {$sections.='<access id="1" section="ALL" type="0"></access>';}
}
elseif(isset($_POST["select_all"]) && $_POST["select_all"]=='yesw') {$sections.='<access id="1" section="ALL" type="1"></access>';} //ALL-write
else {$sections.='<access id="1" section="ALL" type="0"></access>';} //ALL-read
if(isset($_POST["email"]) || isset($_POST["name"]) || isset($_POST["sirname"])) //details
$details.='<details email="'.f_strip_tags($_POST["email"]).'" name="'.esc($_POST["name"]).'" sirname="'.esc($_POST["sirname"]).'"';
else $details.='<details email="" name="" sirname=""';
$details.=(isset($_POST["creation_date"]))?' date="'.$_POST["creation_date"].'"':' date="'.mktime().'"';
$details.=(isset($_POST["sr"])?' sr="'.$_POST["sr"].'"':' sr="0"');
$details.=(isset($_POST["status"])?' status="'.$_POST["status"].'"':' status="1"').'></details>';
if(isset($_POST["news_for"])) //news - event manager
{
foreach($_POST["news_for"] as $k=>$v)
{
if(strpos($v,'%')!==false) {list($p,$c)=explode('%',$v);} else {$p=$v;$c='';}
$news.='<news id="'.($k+1).'" page="'.$p.'" cat="'.$c.'"></news>';
}
}
if(isset($_GET['search_string'])) { manage_users($action_id); exit; }
elseif(isset($_POST['save']))
{
$usrid=(isset($_POST["id"]))? $_POST["id"]: 0;
$username=(isset($_POST['username'])?$_POST['username']:''); $msg='';
$flag=(isset($_POST['flag'])?$_POST['flag']:''); //action flag - add, edit...
if($flag=='add' && !preg_match("/^[A-Za-z_0-9]+$/",$_POST['username'])) $msg=$ca_lang_l['can contain only'];
elseif(($flag=='add'|| $flag=='editdetails') && empty($_POST['username'])) $msg=$ca_lang_l['fill in'].' '.ucfirst($ca_lang_l['username']);
elseif(($flag=='add'|| $flag=='editdetails' && $_POST['username']!=$_POST['old_username']) && duplicated_user($_POST['username']))
$msg=$ca_lang_l['username exists'];
elseif(($flag=='editpass'||$flag=='add') && empty($_POST['password'])) $msg=$ca_lang_l['fill in'].' '.ucfirst($ca_lang_l['password']);
elseif(($flag=='add'|| $flag=='editpass') && empty($_POST['repeatedpassword'])) $msg=$ca_lang_l['repeat password'];
elseif(($flag=='add'|| $flag=='editpass') && $_POST['password']!=$_POST['repeatedpassword']) $msg=$ca_lang_l['password and repeated password'];
elseif( ($flag=='add'|| $flag=='editpass') && strlen(trim($_POST['password']))<5) $msg=$ca_lang_l['your password should be'];
elseif(($flag=='add'|| $flag=='editpass') && strtolower($_POST['username'])=='admin' && strtolower($_POST['password'])=='admin')
$msg=$ca_user_msg;
elseif(($flag=='add'|| $flag=='editaccess') && $_POST["select_all"]=='no' && !isset($_POST["selected_sections"]))
$msg=$ca_lang_l['select access'];
elseif(($flag=='add'|| $flag=='editdetails') && !empty($_POST["email"]) && !f_validate_email($_POST["email"]))
$msg=$ca_lang_l['nonvalid email'];
if($msg!='')
{
$msg=sprintf($f_fmt_span8em,ucfirst($msg));
if($flag=='add') $output.=build_add_user_form($msg); else $output.=build_edit_user_form($flag,$msg,$username);
}
else
{
if($flag=='add') db_write_user('add',$usrid,$username,crypt($_POST['password']),$sections,$details,$news); // ADD USER
elseif($flag=='editpass') db_write_user('editpass',$usrid,$username,crypt($_POST['password'])); // CHANGE PASS
elseif($flag=='editaccess') db_write_user('editaccess',$usrid,$username,'',$sections); // CHANGE ACCESS
elseif($flag=='editdetails') db_write_user('editdetails',$usrid,$_POST['old_username'],'','',$details,$news); // CHANGE DETAILS
manage_users($action_id);
exit;
}
}
elseif(isset($_GET['removeuser'])) // REMOVE USER
{
$username_id=$_GET['removeuser'];
db_remove_user($username_id);
manage_users($action_id);
exit;
}
elseif(isset($_GET['activate']) || isset($_GET['block'])) // CHANGE STATUS
{
$usrid=(isset($_GET['activate']))? $_GET['activate']: $_GET['block'];
db_write_user((isset($_GET['activate']))? 'activate': 'block',$usrid);
$user_data=f_get_user($usrid,$pref,'',$usrid);
if(!empty($user_data['details']['email']))
{
$content=(isset($_GET['activate']))? $ca_lang_l['sr_activated_msg']: $ca_lang_l['sr_blocked_msg'];
$subject=(isset($_GET['activate']))? $ca_lang_l['sr_activated_subject']: $ca_lang_l['sr_blocked_subject'];
$content=str_replace(array('%%username%%','%%USERNAME%%','%%site%%'), array($user_data['username'],$user_data['username'],$ca_site_url),$content);
$subject=str_replace('%%site%%',$ca_site_url,$subject);
send_mail_ca(str_replace("##",'<br>',$content),str_replace("##",$f_lf,$content),$subject, $user_data['details']['email']);
}
manage_users($action_id);
exit;
}
else $output.=build_add_user_form();
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output);
print $output;
}
function check_section_range($standalone,$section_id,$username='',$user_data='') // check section range screen
{
global $template_in_root,$ca_lang_l,$sp_pages_ids,$f_br,$pref,$f_fmt_span8,$access_type_ex,$access_type;
$section_range=get_prot_pages_list($section_id);
$section_name=get_section_name($section_id);
if($username!='')
{
if(!empty($user_data))
{
foreach($user_data['access'] as $k=>$v)
{
if($v['section']==$section_id) { if($v['type']=='2') {$page_access=$v['page_access'];} else {$a_type=$v['type'];} break; }
}
}
if(isset($page_access)) foreach($page_access as $k=>$v) { $access_by_page[$v['page']]=$v['type']; }
}
$legend=sprintf($f_fmt_span8,($standalone)?ucfirst($ca_lang_l['section']).": ".$section_name:ucfirst($ca_lang_l['access on page']));
$pro='';$unpro='';
$line='<div style="position:relative;"><div style="padding-left:10px;min-height:18px;">:: <a class="rvts12" target="_blank" title="%s" href="%s">%s</a></div><div style="position:absolute;right:0px;width:120px;top:0px" align="right">%s</div></div>';
$output='<div style="width:285px;"><div style="padding-left:15px;" align="left">';
foreach($section_range as $k=>$v)
{
if($template_in_root) $fixed_url=str_replace('../','',$v['url']);
elseif(strpos($v['url'],'/')!==false) $fixed_url=$v['url'];
else $fixed_url='../'.$v['url'];
$url=str_replace('..','',$v['url']);
if($v['typeid']=='137' || $v['typeid']=='143')
{
if($v['protected']=='TRUE')
$access_type_f=in_array($v['typeid'],$sp_pages_ids)? array('0'=>'view','1'=>'edit','3'=>'edit own posts','2'=>'no access'):array('0'=>'view','2'=>'no access');
else $access_type_f=array('0'=>'no access','1'=>'edit','3'=>'edit own posts'); //edit own
}
else
{
if($v['protected']=='TRUE')
$access_type_f=in_array($v['typeid'],$sp_pages_ids)? array('0'=>'view','1'=>'edit','2'=>'no access'):array('0'=>'view','2'=>'no access');
else $access_type_f=array('0'=>'no access','1'=>'edit'); //edit own
}
if(!$standalone)
{
if(isset($access_by_page)&&isset($access_by_page[$v['id']])) $default=$access_by_page[$v['id']];
else $default=(!isset($page_access))?'1':($v['protected']=='TRUE'?'2':'0');
$combo=f_build_select('access_to_page'.$v['id'],$access_type_f,$default,'style="width: 110px"');
}
elseif(isset($access_by_page)) { $combo='<span class="rvts8">[ '.(isset($access_by_page[$v['id']]) && isset($access_type_f[$access_by_page[$v['id']]])? $access_type_f[$access_by_page[$v['id']]]: $access_type['1']).' ]</span>'; }
else $combo='<span class="rvts8">[ '.(isset($a_type)? $access_type[$a_type]: $access_type_ex['2']).' ]</span>';
if($v['protected']=='TRUE') $pro.=sprintf($line,$url,$fixed_url,$v['name'],$combo);
elseif($v['protected']=='FALSE') $unpro.=sprintf($line,$url,$fixed_url,$v['name'],$combo);
}
$pro_label=($pro!='')?$f_br.ucfirst($ca_lang_l['protected pages']):'';
$unpro_label=($unpro!='')?ucfirst($ca_lang_l['unprotected pages']):'';
$line='<fieldset style="padding:3px;"><legend>%s</legend><span class="rvts8">%s</span>'.$f_br."%s".$f_br.'<span class="rvts8">%s</span>'.$f_br.'%s</fieldset>';
$output.=sprintf($line,$legend,$pro_label,$pro,$unpro_label,$unpro);
return $output.'</div></div>';
}
function check_pending_users($action_id,$msg='')
{
global $pref_dir,$ca_lang_l,$ca_l,$f_lf,$f_br,$f_fmt_caption,$ca_span8,$access_type_ex,$access_type,$ca_site_url;
if(isset($_GET['removeuser'])) // REMOVE USER
{
$user_id=$_GET['removeuser'];
db_remove_user($user_id,'selfreg_users');
$msg=$f_br.ucfirst($ca_lang_l['user removed']);
}
$users=db_get_users('selfreg_users');
$users_array=($users!='')?f_format_users($users):array();
if(isset($_GET['resend'])) // RE_SEND CONFIRMATION EMAIL TO USER
{
$user_id=$_GET['resend'];
foreach($users_array as $k=>$v) { if($v['id']==$user_id) {$user_info=$v; break;} }
$link=f_build_self_url('centraladmin.php').'?id='.$user_id.'&process=register&'.$ca_l;
$content=str_replace(array("##","%CONFIRMLINK%"),array('<br>','<a href="'.$link.'">'.$link.'</a>'),$ca_lang_l['sr_email_msg']);
$content=str_replace(array('%%username%%','%%USERNAME%%','%%site%%'),array($v['username'],$v['username'],$ca_site_url),$content);
$content_text=str_replace("##",$f_lf,$ca_lang_l['sr_email_msg']);
$content_text=str_replace("%%site%%", $ca_site_url, $content_text);
$content_text=str_replace(array('%%username%%','%%USERNAME%%',"%CONFIRMLINK%"),array($v['username'],$v['username'],$link),$content_text);
$subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_email_subject']);
$send_to_email=$v["details"]["email"];
$log_data='USER:'.$v['username'].' EMAIL:'.$v["details"]["email"];
$log_msg='success';
$result=send_mail_ca($content,$content_text,$subject,$send_to_email);
if($result)
{
$log_msg.=", email SENT";
$msg=$f_br.ucfirst($ca_lang_l['email resent']).' '.strtoupper($v['username']);
}
else { $log_msg.=", email FAILED"; $msg='Email FAILED. Try again.'; }
write_log('resend',$log_data,$log_msg);
}
$output=f_fmt_admin_title($ca_lang_l['unconfirmed users']).($msg!=''? $f_br.'<span class="rvts8">'.$msg.'</span>': '').$f_br.$f_br;
if(!empty($users_array))
{
$cap_arrays=array($ca_lang_l['user'],ucfirst($ca_lang_l['details']),$ca_lang_l['access to']);
$table_data=array(); $base=f_build_self_url('centraladmin.php');
$url=$pref_dir."centraladmin.php?process=";
foreach($users_array as $key=>$value)
{
if(!empty($value))
{
$usr=$value['username'];
$user='<span class="rvts8">'.$usr.'</span>';
$user_nav=array($ca_lang_l['confirm']=>$url."register&id=".$value['id']."&flag=admin&".$ca_l,
$ca_lang_l['resend']=>$url."pendingreg&resend=".$value['id']."&".$ca_l.'" onclick="javascript:return confirm(\'' .ucfirst($ca_lang_l['resend MSG']).' '.strtoupper($usr)." - ".un_esc($value['details']['name'])." ".un_esc($value['details']['sirname']).'?\')', $ca_lang_l['remove']=>$url."pendingreg&removeuser=".$value['id']."&".$ca_l.'" onclick="javascript:return confirm(\''.ucfirst($ca_lang_l['remove MSG']).'\')');
$details=$ca_span8.strtoupper(un_esc($value['details']['name']))." ".strtoupper(un_esc($value['details']['sirname'])).$f_br .$value['details']['email']."</span>";
$access=''; $access='<span class="rvts8">';
if(!isset($value['access'])) {$access.=strtoupper($ca_lang_l['all']).' ('.ucfirst($access_type[$v['type']]).')</span>';}
else
{
foreach($value['access'] as $k=>$v) //ALL-write
{
if($v['section']=='ALL') {$access.=ucfirst($access_type_ex[$v['type']]).' '.ucfirst($ca_lang_l['all']).'</span>'; }
else
{
$section_name=get_section_name ($v['section']);
if(empty($section_name)) $section_name=$v['section'];
$access.=$section_name.' ('.ucfirst($access_type_ex[$v['type']]).')</span>';
//$access.='<div id="check_range_'.$usr.'" style="padding-top:10px;display:none;">'
//.check_section_range(1,$v['section'],$usr,$value).'</div> <span class="rvts8">[</span><a class="rvts12" href="'.$href.'">'.$ca_lang_l['check range'].'</a><span class="rvts8">]</span> '.$f_br;
//$access_nav[$ca_lang_l['check range']]='javascript:void(0);" onclick="sv(\'check_range_'.$usr.'\')"';
}
}
}
$row_data=array(array($user,$user_nav),$details,$access);
$table_data[]=$row_data;
}
}
$output.=f_admintable('',$cap_arrays,$table_data);
}
else $output.=$ca_span8.ucfirst($ca_lang_l['none users'])."</span>";
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output);
print $output;
}
function conf_counter($action_id)
{
global $ca_settings,$ca_db_settings_file,$pref_dir,$ca_lang_l,$ca_l,$ima_array,$template_in_root,$f_br,$f_ct,$ca_template_file_f;
$C_UNIQUE_START_COUNT=0; $C_LOADS_START_COUNT=0; $C_GRAPHICAL=1;
$C_MAX_VISIT_LENGHT=1800; $C_NUMBER_OF_DIGITS=8; $C_DISPLAY=0; //1- page loads; 0- unique
$visit_len_list=array('1800'=>'30 min','3600'=>'1 h','7200'=>'2 h','10800'=>'3 h','216000'=>'6 h','432000'=>'12 h','864000'=>'24 h');
$number_digits_list=array(4=>4,5=>5,6=>6,7=>7,8=>8,9=>9,10=>10);
$show_list=array('show unique visitors','show pageloads');
$counter_type=array('text','graphical');
if(!isset($_POST['save']))
{
$settings=f_GFS($ca_settings,'<counter>','</counter>');
$max_visit_len=(strpos($settings,'<max_visit_len>')!==false)?f_GFS($settings,'<max_visit_len>','</max_visit_len>'):$C_MAX_VISIT_LENGHT;
$number_of_digits=(strpos($settings,'<number_digits>')!==false)?f_GFS($settings,'<number_digits>','</number_digits>'):$C_NUMBER_OF_DIGITS;
$size=(strpos($settings,'<size>')!==false)?f_GFS($settings,'<size>','</size>'):1;
$display=(strpos($settings,'<display>')!==false)?f_GFS($settings,'<display>','</display>'):$C_DISPLAY;
$loads_start_count=(strpos($settings,'<loads_start_value>')!==false)?f_GFS($settings,'<loads_start_value>','</loads_start_value>'):$C_LOADS_START_COUNT;
$unique_start_count=(strpos($settings,'<unique_start_value>')!==false)?f_GFS($settings,'<unique_start_value>','</unique_start_value>'):$C_UNIQUE_START_COUNT;
$graphical=(strpos($settings,'<graphical>')!==false)?f_GFS($settings,'<graphical>','</graphical>'):$C_GRAPHICAL;
$s=(isset($_GET['size'])?$_GET['size']:$size);
$table_data=array();
$output='<form name="frm" action="'.$pref_dir.'centraladmin.php?process=confcounter&'.$ca_l.'" method="post"><div style="width:350px;margin:0 auto;text-align:left">';
$table_data[]=array($ca_lang_l['display'], f_build_select('display',$show_list,(isset($_GET['display'])?$_GET['display']:$display)));
$table_data[]=array($ca_lang_l['number of digits'], f_build_select('number_digits',$number_digits_list,(isset($_GET['num_digits'])?$_GET['num_digits']:$number_of_digits-1)));
$table_data[]=array($ca_lang_l['maximum visit length'], f_build_select('max_visit_len',$visit_len_list,(isset($_GET['v_length'])?$_GET['v_length']:$max_visit_len)));
$table_data[]=array($ca_lang_l['unique start offset'], f_build_input('u_st_count',(isset($_GET['u_offset'])?$_GET['u_offset']:$unique_start_count),'','','text','size="10"'));
$table_data[]=array($ca_lang_l['pageloads start offset'], f_build_input('l_st_count',(isset($_GET['l_offset'])?$_GET['l_offset']:$loads_start_count),'','','text','size="10"'));
$table_data[]=array($ca_lang_l['counter type'], f_build_select('graphical',$counter_type,(isset($_GET['graphical'])?$_GET['graphical']:$graphical)));
$counter_type='';
$inp='<div style="text-align:left;height:25px;padding-left:10px;"><input type="radio" name="size" value="%s" %s'.$f_ct.'<img style="position:absolute;" src="'.($template_in_root? '': '../').'ezg_data/c%s.gif" alt=""'.$f_ct.'</div>';
$cnt=count($ima_array)+1;for($i=1;$i<$cnt;$i++) $counter_type.=sprintf($inp,$i,($s==$i)?'checked="checked"':'',$i);
$table_data[]=array('',$counter_type);
$end=$f_br.'<input class="input1" name="save" type="submit" value="'.ucfirst($ca_lang_l['submit']).'"'.$f_ct." <input class='input1' type='button' value=' ".ucfirst($ca_lang_l['cancel'])." ' onclick=\"javascript:history.back();\"".$f_ct;
$end.=$f_br.$f_br."<span class='rvts8'>:: </span><a class='rvts12' href='".$pref_dir."centraladmin.php?process=resetcounter&".$ca_l."'>" .$ca_lang_l['reset counter']."</a><span class='rvts8'> ::</span>";
$table_data[]=$end;
$output.=f_addentrytable($ca_lang_l['counter settings'],$table_data);
$output.="</div></form>";
}
else
{
$newsettings='<max_visit_len>'.$_POST['max_visit_len'].'</max_visit_len><graphical>'.$_POST['graphical'].'</graphical>'
.'<number_digits>'.($_POST['number_digits']+1).'</number_digits><size>'.$_POST['size'].'</size><display>'.$_POST['display'].'</display>'
.'<loads_start_value>'.$_POST['l_st_count'].'</loads_start_value><unique_start_value>'.$_POST['u_st_count'].'</unique_start_value>';
$re=f_write_tagged_data('counter', $newsettings, $ca_db_settings_file, $ca_template_file_f);
$output='<span class="rvts8">'.(($re==true)?ucfirst($ca_lang_l['settings saved']):"Settings not saved. ERROR.").'</span>'.$f_br.$f_br;
$output.="</span>".$f_br.$f_br;
}
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output);
print $output;
}
function conf_registration($action_id)
{
global $ca_db_settings_file,$ca_settings,$pref_dir,$ca_lang_l,$ca_l,$access_type,$access_type_ex,$f_br,$f_ct,$f_fmt_star,$ca_template_file_f;
$output=''; $admin_email=''; $terms_url=''; $notes=''; $access_str=''; $access=array(); $confirm_message=''; $input_size=500;
$input='<input class="input1" type="text" name="%s" value="%s" style="width:'.$input_size.'px" maxlength="255"'.$f_ct.$f_br;
if(!isset($_POST['save']))
{
$settings=f_GFS($ca_settings,'<registration>','</registration>');
if(strpos($settings,'<admin_email>')!==false) $admin_email=f_GFS($settings,'<admin_email>','</admin_email>');
if(strpos($settings,'<terms_url>')!==false) $terms_url=f_GFS($settings,'<terms_url>','</terms_url>');
if(strpos($settings,'<notes>')!==false) $notes=f_GFS($settings,'<notes>','</notes>');
if(strpos($settings,'<confirm_message>')!==false) $confirm_message=f_GFS($settings,'<confirm_message>','</confirm_message>');
$require_approval=f_GFS($settings,'<require_approval>','</require_approval>'); if($require_approval=='') $require_approval='0';
if(strpos($settings,'<access>')!==false) $access_str=f_GFS($settings,'<access>','</access>');
if($access_str!='') $temp_access=explode('|',$access_str);
if(isset($temp_access))
{
foreach($temp_access as $k=>$v)
{
$t=explode('%%',$v);
$page_level_str=f_GFS($v,'(',')');
if(!empty($page_level_str)) $t[1]=str_replace('('.$page_level_str.')','',$t[1]);
if($t[1]=='2')
{
$page_level_arr=explode(';',$page_level_str);
foreach($page_level_arr as $kk=>$vv)
{
$value=explode('%',$vv);
$page_access_arr []=array('page'=>$value[0], 'type'=>$value[1]);
}
$access[]=array('section'=>$t[0],'type'=>$t[1],'page_access'=>$page_access_arr);
}
else $access[]=array('section'=>$t[0],'type'=>$t[1]);
}
}
$admin_email_value=(isset($_GET['admin_email'])?$_GET['admin_email']:$admin_email);
$table_data=array();
$table_data[]=f_admin_navigation(array($ca_lang_l['settings'], $ca_lang_l['language']), array($pref_dir.'centraladmin.php?process=confreg',$pref_dir.'centraladmin.php?process=confreglang'),0);
$output.='<form name="frm" action="'.$pref_dir.'centraladmin.php?process=confreg&'.$ca_l.'" method="post">';
$output.='<div style="width:500px;margin:0 auto;text-align:left">';
$admin_mail_line=sprintf($input,'admin_email',$admin_email_value).$f_br.'<span class="rvts8"><i>'.(empty($admin_email_value)? "<em style='color:red;'>":'').ucfirst($ca_lang_l['confreg_msg2']).(empty($admin_email_value)? "</em>":'').'</i></span>';
$table_data[]=array($ca_lang_l['admin email'].$f_fmt_star, $admin_mail_line);
$terms_line=sprintf($input,'terms_url',(isset($_GET['terms_url'])?$_GET['terms_url']:$terms_url)).$f_br.'<span class="rvts8"><i>'.ucfirst($ca_lang_l['confreg_msg1']).'</i></span>';
$table_data[]=array($ca_lang_l['terms url'], $terms_line);
$notes_line='<textarea class="input1" name="notes" style="width:'.$input_size.'px" cols="20" rows="5">'.(isset($_GET['notes'])?$_GET['notes']:$notes). '</textarea>'.$f_br.$f_br.'<span class="rvts8"><i>'.ucfirst($ca_lang_l['confreg_msg5']).'</i></span>';
$table_data[]=array($ca_lang_l['notes'], $notes_line);
$confirm_line='<textarea class="input1" name="confirm_message" style="width:'.$input_size.'px" cols="20" rows="5">'.(isset($_GET['confirm_message'])?$_GET['confirm_message']:$confirm_message). '</textarea>'.$f_br.$f_br.'<span class="rvts8"><i>'.ucfirst($ca_lang_l['confreg_msg6']).'</i></span>';
$table_data[]=array($ca_lang_l['confirm_message'], $confirm_line);
$select_all_flag=(empty($access) || $access[0]['section']=='ALL'? true: false);
$select_all_val=(!empty($access) && $select_all_flag)?$access[0]['type']:'undefined';
$checked_all_read=(empty($access) || $access[0]['section']=='ALL' && $access[0]['type']=='0');
$checked_all_write=(!empty($access) && $access[0]['section']=='ALL' && $access[0]['type']=='1');
$checked_selected=(!empty($access) && $access[0]['section']!='ALL');
$selected_sec_flag=(isset($_POST['selected_sections'])? true: false);
$section_id=array();
$section_access=array();
$access_line='<input type="radio" name="select_all" value="yes" '.($checked_all_read? 'checked="checked"': '')
.' onclick="javascript:hide_div(\'selected_holder\');"'.$f_ct.' <span class="rvts8">'.ucfirst($ca_lang_l['view all'])."</span>".$f_br;
$access_line.='<input type="radio" name="select_all" value="yesw" '.($checked_all_write? 'checked="checked"': '')
.' onclick="javascript:hide_div(\'selected_holder\');"'.$f_ct.' <span class="rvts8">'.ucfirst($ca_lang_l['edit all'])."</span>".$f_br;
$section_list=get_sections_list();
if(!empty($section_list))
{
$access_line.='<input type="radio" name="select_all" value="no" '.($checked_selected? 'checked="checked"': '').' onclick="javascript:show_div(\'selected_holder\');"'.$f_ct.'<span class="rvts8"> '.ucfirst($ca_lang_l['selected']).' </span>'.$f_br;
}
else {$access_line.=$f_br.'<span class="rvts8">'.ucfirst($ca_lang_l['adduser_msg1']).'</span>';}
$selected_sec_ids=array();
if($access!='') {foreach($access as $k=>$v) {$selected_sec_ids[]=$v['section']; $selected_sec_access[]=$v['type'];} }
elseif(!empty($_POST["selected_sections"]))
{ foreach($_POST["selected_sections"] as $k=>$v) {$selected_sec_ids[]=$v; $selected_sec_access[]=$_POST["access_type".$v];} }
$access_line.='<div id="selected_holder" style="display:'.($checked_selected?'block':'none').';">';
foreach($section_list as $k=>$v)
{
$cur_sec_id=str_replace('<id>','',$v[10]); $cur_sec_name=$v[8];
$secaccess_type=(!$checked_selected)? '2': '0';
$index=array_search($cur_sec_id,$selected_sec_ids);
if($index!==false) $secaccess_type=$selected_sec_access[$index]['type'];
$access_line.='<div style="padding:5px 15px;"><input type="checkbox" name="selected_sections[]" style="vertical-align:middle;" value="'.$cur_sec_id.'"';
if(!$checked_selected || in_array($cur_sec_id,$selected_sec_ids) || $selected_sec_flag && in_array($cur_sec_id,$_POST["selected_sections"])) {$access_line.=' checked="checked"';}
$access_line.=$f_ct.' <span class="rvts8">'.$cur_sec_name."</span>  "
.f_build_select('access_type'.$cur_sec_id,$access_type_ex,$secaccess_type,'onchange="javascript:tS(\''.$cur_sec_id.'\');"').'</div>';
$access_line.='<div id="section'.$cur_sec_id.'" style="display:'.(($secaccess_type=='2')?"block":"none").'">';
$access_line.=check_section_range(0,$cur_sec_id,'none',array('access'=>$access)).'</div>';
}
$access_line.=$f_br.'<span class="rvts8"><i>'.ucfirst($ca_lang_l['confreg_msg7']).'</i></span>'.$f_br.'<span class="rvts8"><b>'.ucfirst($ca_lang_l['view']).'</b></span><span class="rvts8"> - '.ucfirst($ca_lang_l['adduser_msg2']).'</span>'.$f_br.'<span class="rvts8"><b>'.ucfirst($ca_lang_l['edit']).'</b></span><span class="rvts8"> - '.ucfirst($ca_lang_l['adduser_msg3']).'</span>';
$table_data[]=array($ca_lang_l['access to'], $access_line);
$require_line='<input type="checkbox" name="require_approval" style="vertical-align:middle;" value="1"'.($require_approval=='1'?' checked="checked"': '') .$f_ct.' <span class="rvts8">'.ucfirst($ca_lang_l['require_approval'])."</span> ";
$table_data[]=array('', $require_line);
$table_data[]=$f_br.'<input class="input1" name="save" type="submit" value="'.ucfirst($ca_lang_l['submit']).'"'.$f_ct.' <input class="input1" type="button" value=" '.ucfirst($ca_lang_l['cancel']).' " onclick="javascript:history.back();"'.$f_ct.$f_br.$f_br;
$output.=f_addentrytable($ca_lang_l['registration settings'],$table_data);
$output.="</div></form>";
$output.="</div></form><script language=\"javascript\" type=\"text/javascript\">function tS(id){if(document.getElementById('access_type'+id).selectedIndex==2) document.getElementById('section'+id).style.display='block'; else document.getElementById('section'+id).style.display='none'; } function show_div(id){document.getElementById(id).style.display='block';} function hide_div(id){document.getElementById(id).style.display='none';}</script>";
}
else
{
$newsettings='<admin_email>'.$_POST['admin_email'].'</admin_email><terms_url>'.$_POST['terms_url'].'</terms_url>'.'<notes>'.$_POST['notes'].'</notes>'.'<confirm_message>'.$_POST['confirm_message'].'</confirm_message>'
.'<require_approval>'.(isset($_POST['require_approval'])? $_POST['require_approval']: '0').'</require_approval>';
$sections=array();
if(isset($_POST["select_all"]) && $_POST["select_all"]=='no')
{
if(isset($_POST["selected_sections"]))
{
foreach($_POST["selected_sections"] as $k=>$v)
{
$a_type=(isset($_POST["access_type".$v])? f_strip_tags($_POST["access_type".$v]): '0');
if($a_type=='2')
{
$page_access_arr=array();
$section_range=get_prot_pages_list($v);
foreach($section_range as $key=>$val)
{
$pid=$val['id'];
if(isset($_POST["access_to_page".$pid]))
$page_access_arr[]=$pid.'%'.f_strip_tags($_POST["access_to_page".$pid]);
}
if(!empty($page_access_arr)) $page_access_str=implode(';',$page_access_arr);
$sections[]=$v.'%%'.$a_type.(!empty($page_access_str)? '('.$page_access_str.')': '');
}
else $sections[]=$v.'%%'.$a_type;
}
}
else $sections[]="ALL%%0";
}
elseif(isset($_POST["select_all"]) && $_POST["select_all"]=='yesw') {$sections []= "ALL%%1";} //ALL-write
else {$sections[]= "ALL%%0";} //ALL-read
$newsettings.='<access>'. implode('|',$sections).'</access>';
$re=f_write_tagged_data('registration',$newsettings,$ca_db_settings_file, $ca_template_file_f);
$output.='<span class="rvts8">'.(($re==true)?ucfirst($ca_lang_l['settings saved']):"Settings not saved. ERROR.")."</span>".$f_br.$f_br;
}
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output);
print $output;
}
# ----------------- build HTML functions
function GT($html_output,$include_counter_flag=false)
{
global $ca_template_file_f, $ca_lang_l, $template_in_root, $f_ct;
$contents=f_fmt_in_template($ca_template_file_f,$html_output,'','',true,$include_counter_flag);
$contents=str_replace(f_GFSAbi($contents,'<title>','</title>'), '<title>'.$ca_lang_l['CENTRAL ADMIN'].'</title>', $contents);
if($template_in_root)
{
$contents=str_replace('</title>','</title> <base href="'.str_replace('documents/centraladmin.php','',f_build_self_url('centraladmin.php')).'"'.$f_ct,$contents);
}
$contents=f_removeAreas($contents);
return $contents;
}
function build_login_form($ms='',$ref_url='',$user_account=array())
{
global $thispage_id,$ca_lang_l,$sp_pages_ids,$sr_enable,$ca_l,$f_http_prefix,$f_br,$f_ct;
$lister_array=array('21','130','140','181','190');
$contents=''; $pattern=''; $pageid_info=get_page_info($thispage_id);
$direct_flag=(isset($_POST['loginid']) && isset($_GET['pageid']) && !isset($_GET['indexflag']));
$prot_page_info=($direct_flag)?get_page_info(f_strip_tags(trim($_POST['loginid']))):$pageid_info;
$prot_page_name=$prot_page_info[1];
$prot_page_inroot=(strpos($prot_page_name,'../')===false)? true: false;
$doc_dir=($prot_page_inroot)?'documents/':'../documents/';
$login_in_root=($direct_flag && $prot_page_inroot)?true:false;
if($login_in_root) $prot_page_name='../'.$prot_page_name;
if($direct_flag) // when login page directly accessed
{ $contents=f_read_file($prot_page_name); if($login_in_root) $contents=str_replace('</title>','</title> <base href="'.str_replace('documents/centraladmin.php','',f_build_self_url('centraladmin.php')).'"'.$f_ct,$contents);}
elseif(isset($prot_page_info[7]) && !empty($prot_page_info[7])) // when protected page (with login defined) is accessed
{
$login_page_info=get_page_info($prot_page_info[7]);
if(in_array($prot_page_info[4],$lister_array)) $login_page_name=$login_page_info[1];
elseif(!in_array($prot_page_info[4],$sp_pages_ids) && ($prot_page_inroot)) {$login_page_name=str_replace('../','',$login_page_info[1]);}
elseif(in_array($prot_page_info[4],array('133','136','137','138','143','144','20')) &&($prot_page_info[6]=='TRUE')&&($prot_page_inroot))
{$login_page_name=str_replace('../','',$login_page_info[1]);}
else {$login_page_name=$login_page_info[1];}
$contents=f_read_file($login_page_name);
if($prot_page_inroot) $contents=str_replace('../','',$contents);
if($ref_url!='') //event manager
{
if(!empty($user_account) && $user_account['details']['status']=='0') $ms=ucfirst($ca_lang_l['blocked_err_msg']);
$contents=str_replace(f_GFSAbi($contents,'[/error_message]','-->'),'[/error_message]--><div align="center"><span class="rvts8"><b>'.$ms.$f_br.$f_br.'</b></span></div>',$contents);
$contents=str_replace(f_GFSAbi($contents,'centraladmin.php?pageid=','"'),
'centraladmin.php?pageid='.$thispage_id.($ref_url!=''?'&ref_url='.urlencode($ref_url):'').'"', $contents);
}
elseif(isset($_GET['indexflag']))
{ $contents=str_replace(f_GFSAbi($contents,'centraladmin.php?pageid=','"'),
'centraladmin.php?pageid='.$thispage_id.(isset($_GET['indexflag'])?'&indexflag=index':'').'"', $contents);}
}
else // when protected page (without login) is accessed
{
if(!empty($user_account) && $user_account['details']['status']=='0') $err_msg=ucfirst($ca_lang_l['blocked_err_msg']);
else $err_msg=$ca_lang_l['use correct username'];
$contents='<!--page--><!--[error_message]'.$err_msg.'[/error_message]-->'
.'<form name="login" method="post" action="'.$doc_dir.'centraladmin.php?pageid='.$thispage_id.'&'.$ca_l;
$contents.=($ref_url!=''?'&ref_url='.urlencode($ref_url):'').'">'; //event manager
$contents.=$f_br."<table align='center'><tr><td></td><td><span class='rvts8'><b>".ucfirst($ca_lang_l['ca login'])."</b></span>".$f_br." </td></tr>"."<tr><td><span class='rvts8'>".ucfirst($ca_lang_l['username'])."</span></td>"
."<td><input class='input1' type='text' name='pv_username' style='width:180px'".$f_ct."</td></tr>"
."<tr><td><span class='rvts8'>".ucfirst($ca_lang_l['password'])."</span></td>"
."<td><input class='input1' type='password' name='pv_password' style='width:180px'".$f_ct."</td></tr>"
."<tr><td></td><td><input class='input1' type='submit' name='REQUEST_SEND' value='".ucfirst($ca_lang_l['login'])."'".$f_ct."</td></tr>";
if($sr_enable)
{
$contents.='<tr><td></td><td><p> '.$f_br.'<a class="rvts12" href="'.$doc_dir.'centraladmin.php?process=forgotpass&'.$ca_l.'">'
.$ca_lang_l['forgot q'].'</a></p><p class="rvps1"><span class="rvts8"> </span></p><p><a class="rvts12" href="' .$doc_dir.'centraladmin.php?process=register&'.$ca_l.'">'.$ca_lang_l['member q'].'</a></p></td></tr>';
}
$contents.="</table></form><!--/page-->";
}
if((!isset($_GET['pageid']) || isset($_GET['indexflag']) || $ref_url!='') && !$direct_flag || in_array($pageid_info[4],$lister_array))
{
$pattern=f_GFS($contents,'method="post" action="','">'); // login form action fixation
if($pattern=='') $pattern=f_GFS($contents,'method=post action=','>');
if(isset($_GET['indexflag'])) {$r_with=$doc_dir."centraladmin.php?pageid=".$thispage_id."&indexflag=index&".$ca_l;}
elseif(isset($_GET['pageid']) && (in_array($pageid_info[4],$lister_array) || $ref_url!='') )
{
$r_with=$doc_dir."centraladmin.php?pageid=";
if(in_array($pageid_info[4],$lister_array)) $r_with.=intval($_GET['pageid'])."&".$ca_l;
else $r_with.=$thispage_id."&".$ca_l.'&ref_url='.urlencode($ref_url);
}
else $r_with=$prot_page_name;
$contents=str_replace($pattern,$r_with,$contents);
if(in_array($prot_page_info[4],array('136','137','138','143','144','20'))) // Special PHP pages
{
if(!$prot_page_inroot) $f_dir='../'.f_GFS($prot_page_info[1],'../','/').'/';
elseif($prot_page_info[6]!=='TRUE') $f_dir='../';
else $f_dir='';
$f_dir=str_replace('//','/',$f_dir);
$prot_page_name_fixed=($prot_page_info[15]=='0' && $prot_page_info[3]=='1')?$f_dir.'SUB_':$f_dir;
$prot_page_name_fixed.=$thispage_id.($prot_page_info[6]=='TRUE'?'.php':'.html');
}
elseif(in_array($prot_page_info[4],$lister_array)) // shop and lister pages
{
$f_dir='../'.f_GFS($prot_page_info[1],'../','/').'/';
$prot_page_name_fixed=($prot_page_info[15]=='0' && $prot_page_info[3]=='1')?$f_dir.'SUB_':$f_dir;
$prot_page_name_fixed.=$thispage_id.'.html';
}
elseif($prot_page_info[4]=='133')
{
if(!$prot_page_inroot) $prot_page_name_fixed=$prot_page_name;
elseif($prot_page_info[6]!=='TRUE') $prot_page_name_fixed='../'.$prot_page_name;
else $prot_page_name_fixed=$prot_page_name;
$prot_page_name_fixed=str_replace('//','/',$prot_page_name_fixed);
}
else $prot_page_name_fixed=$prot_page_name;
if(strpos($prot_page_name_fixed,'../')===false && isset($_GET['indexflag'])) $prot_page_name_fixed='../'.$prot_page_name_fixed;
if(file_exists($prot_page_name_fixed)) $protpage_content=f_read_file($prot_page_name_fixed);
else $protpage_content='<html><head><link type="text/css" href="../documents/textstyles_nf.css" rel="stylesheet"'.$f_ct.'</head><BODY>missing</BODY></html>';
$contents=str_replace(array('<BODY','</BODY>'),array('<body','</body>'),$contents);
if(strpos($contents,'<!--page-->')!==false) $replace_with=f_GFS($contents,'<!--page-->','<!--/page-->');
else $replace_with=f_GFS($contents,f_GFSAbi($contents,'<body','>'),'</body>');
$login_page_scripts=f_GFS($contents,'<!--scripts-->','<!--endscripts-->');
if(strpos($protpage_content,'<!--page-->')!==false) {$for_replace=f_GFS($protpage_content,'<!--page-->','<!--/page-->');}
else $for_replace=f_GFS($protpage_content,f_GFSAbi($protpage_content,'<body','>'),'</body>');
$contents=str_replace($for_replace,$replace_with,$protpage_content);
$contents=str_replace(f_GFS($contents,'<!--counter-->','<!--/counter-->'),'',$contents);
$contents=str_replace('<!--endscripts-->',$login_page_scripts.'<!--endscripts-->',$contents);
$contents=preg_replace("'<\?php.*?\?>'si",'',$contents);
if(strpos($prot_page_info[1],'../')===false)
{
$url=$f_http_prefix.$_SERVER['HTTP_HOST'].str_replace('//','/',str_replace('documents','',dirname($_SERVER['PHP_SELF'])).'/');
$contents=str_replace('</title>','</title> <base href="'.$url.'"'.$f_ct,$contents);
}
}
//for Miro
if(isset($prot_page_info[7]))
$contents = preg_replace("'<!--".$prot_page_info[7].".*?".$prot_page_info[7]."-->'si",'',$contents);
$contents=str_replace(array('GMload();','GUnload();'),array('',''),$contents);
return $contents;
}
function build_menu($action_id)
{
global $pref_dir,$ca_lang_l,$ca_l,$f_br;
$url_base=$pref_dir.'centraladmin.php?process=';
$captions=array(); $urls=array(); $indexes=array();
$captions[]=$ca_lang_l['site map']; $urls[]=$url_base."index&".$ca_l; $indexes[]="index";
$captions[]=$ca_lang_l['manage users']; $urls[]=$url_base."manageusers&".$ca_l; $indexes[]="manageusers";
$captions[]=$ca_lang_l['counter settings']; $urls[]=$url_base."confcounter&".$ca_l; $indexes[]="confcounter";
$captions[]=$ca_lang_l['registration settings']; $urls[]=$url_base."confreg&".$ca_l; $indexes[]="confreg";
$captions[]=$ca_lang_l['settings']; $urls[]=$url_base."conflang&".$ca_l; $indexes[]="conflang";
$captions[]=$ca_lang_l['log']; $urls[]=$url_base."log&".$ca_l; $indexes[]="log";
$captions[]=$ca_lang_l['logout'].'[ADMIN]'; $urls[]=$url_base."logoutadmin&".$ca_l; $indexes[]="logoutadmin";
$action_key=array_search(trim($action_id),$indexes);
if($action_key!==false) $selected=$action_key;
elseif(in_array($action_id,array('processuser', 'pendingreg'))) $selected=array_search('manageusers',$indexes);
elseif($action_id=='resetcounter') $selected=array_search('confcounter',$indexes);
elseif($action_id=='clearlog') $selected=array_search('log',$indexes);
elseif($action_id=='confreglang') $selected=array_search('confreg',$indexes);
else $selected='';
$output=f_admin_navigation($captions,$urls,$selected);
return $output;
}
function build_login_form_ca($msg)
{
global $pref_dir,$ca_lang_l,$ca_l,$f_ct;
$output='<div align="center"><form method="post" action="'.$pref_dir.'centraladmin.php?process=index&'.$ca_l.'">';
$output.='<table align="center"><tr><td colspan="2"><span class="rvts8"><b>'.$msg.'</b></span></td></tr><tr><td><span class="rvts8">'
.ucfirst($ca_lang_l['username']).'</span></td><td><input class="input1" type="text" name="username" style="width:180px"'.$f_ct.'</td></tr>'
.'<tr><td><span class="rvts8">'.ucfirst($ca_lang_l['password']).'</span></td><td><input class="input1" type="password" name="password" style="width:180px"'.$f_ct.'</td></tr>';
$output.='<tr><td></td><td><input class="input1" type="submit" name="login" value="'.$ca_lang_l['login'].'"'.$f_ct.' </td></tr></table></form></div>';
return $output;
}
function build_add_user_form($msg='')
{
global $access_type_ex,$pref_dir,$ca_lang_l,$ca_l,$f_br,$f_ct,$pref,$f_fmt_star,$f_fmt_hidden;
$buffer_id=array();
$buffer_access=array();
$username=(isset($_POST['save'])?un_esc($_POST['username']):'');
$input='<input class="input1" type="text" name="%s" value="%s" style="width:280px" maxlength="255"'.$f_ct.$f_br;
$input_ps='<input class="input1" type="password" name="%s" style="width:280px" maxlength="50"'.$f_ct.$f_br;
$table_data=array();
$output='<form action="'.$pref_dir."centraladmin.php?process=processuser&".$ca_l.'" method="post"><div style="margin: 0 auto;width:300px;text-align:left;">'.($msg!=''? $msg.$f_br:'');
$table_data[]=array($ca_lang_l['username'].$f_fmt_star, sprintf($f_fmt_hidden,'flag','add').sprintf($f_fmt_hidden,'old_username',$username).sprintf($input,'username',$username));
$table_data[]=array($ca_lang_l['name'], sprintf($input,'name',(isset($_POST['save'])?un_esc($_POST['name']):'')));
$table_data[]=array($ca_lang_l['surname'], sprintf($input,'sirname',(isset($_POST['save'])?un_esc($_POST['sirname']):'')));
$table_data[]=array($ca_lang_l['email'], sprintf($input,'email',(isset($_POST['save'])?$_POST['email']:'')));
$table_data[]=array($ca_lang_l['password'].$f_fmt_star, sprintf($input_ps,'password'));
$table_data[]=array($ca_lang_l['repeat password'].$f_fmt_star, sprintf($input_ps,'repeatedpassword'));
$access_line=ca_build_access_block();
$table_data[]=array($ca_lang_l['access to'], $access_line);
// event manager
$news_line='';
$calendar_categories=get_calendar_categories();
if(!empty($calendar_categories))
{
$news_for=array();
if(isset($data['news']) && !empty($data['news'])) {foreach($data['news'] as $key=>$val) $news_for[]=$val['page'].'%'.$val['cat'];}
$news_line.=$f_br;
foreach($calendar_categories as $k=>$v)
{
$ckbox_value=$v['pageid'].'%'.$v['catid'];
$news_line.='<input type="checkbox" name="news_for[]" value="'.$ckbox_value.'" style="vertical-align: middle;" '.
(in_array($ckbox_value,$news_for)? 'checked="checked" ': '').$f_ct.' <span class="rvts8">'.$v['pagename'].' - '.$v['catname'].'</span>'.$f_br;
}
}
if(!empty($news_line)) $table_data[]=array($ca_lang_l['want to get'], $news_line);
$base=f_build_self_url('centraladmin.php');
$end='<span class="rvts8">('.$f_fmt_star.') '.$ca_lang_l['required fields'].'</span>'.$f_br;
$end.=$f_br.'<input class="input1" name="save" type="submit" value=" '.ucfirst($ca_lang_l['submit']).' "'.$f_ct
.' <input class="input1" type="button" value=" '.ucfirst($ca_lang_l['cancel']);
$end.=' " onclick="document.location=\''.$base."?process=manageusers&".$ca_l.'\'"'.$f_ct.$f_br.$f_br;
$table_data[]=$end;
$output.=f_addentrytable($ca_lang_l['add user'],$table_data);
$output.="</div></form><script language=\"javascript\" type=\"text/javascript\">function tS(id){if(document.getElementById('access_type'+id).selectedIndex==2) document.getElementById('section'+id).style.display='block'; else document.getElementById('section'+id).style.display='none'; } function show_div(id){document.getElementById(id).style.display='block';} function hide_div(id){document.getElementById(id).style.display='none';}</script>";
return $output;
}
function ca_build_access_block()
{
global $ca_lang_l, $access_type_ex, $f_br, $f_ct;
$select_all_flag=(isset($_POST['select_all'])? true: false);
$select_all_val=($select_all_flag)?$_POST["select_all"]:'undefined';
$checked_all_read=(!$select_all_flag || $select_all_val=='yes');
$checked_all_write=($select_all_flag && $select_all_val=='yesw');
$checked_selected=($select_all_flag && $select_all_val=='no');
$selected_sec_flag=(isset($_POST['selected_sections'])? true: false);
$section_id=array();
$section_access=array();
$access_line='<input type="radio" name="select_all" value="yes" '.($checked_all_read? 'checked="checked"': '')
.' onclick="javascript:hide_div(\'selected_holder\');"'.$f_ct.' <span class="rvts8">'.ucfirst($ca_lang_l['view all'])."</span>".$f_br;
$access_line.='<input type="radio" name="select_all" value="yesw" '.($checked_all_write? 'checked="checked"': '')
.' onclick="javascript:hide_div(\'selected_holder\');"'.$f_ct.' <span class="rvts8">'.ucfirst($ca_lang_l['edit all'])."</span>".$f_br;
$section_list=get_sections_list();
if(!empty($section_list))
{
$access_line.='<input type="radio" name="select_all" value="no" '.($checked_selected? 'checked="checked"': '').' onclick="javascript:show_div(\'selected_holder\');"'.$f_ct.'<span class="rvts8"> '.ucfirst($ca_lang_l['selected']).' </span>'.$f_br;
}
else {$access_line.=$f_br.'<span class="rvts8">'.ucfirst($ca_lang_l['adduser_msg1']).'</span>';}
$selected_sec_ids=array();
if($checked_selected && $selected_sec_flag && !empty($_POST["selected_sections"]))
{
foreach($_POST["selected_sections"] as $k=>$v) {$selected_sec_ids[]=$v;$selected_sec_access[]=$_POST["access_type".$v];}
}
$access_line.='<div id="selected_holder" style="display:'.($checked_selected?'block':'none').';">';
foreach($section_list as $k=>$v)
{
$cur_sec_id=str_replace('<id>','',$v[10]); $cur_sec_name=$v[8]; $secaccess_type=(!$checked_selected)? '2': '0';
$index=array_search($cur_sec_id,$selected_sec_ids);
if($index!==false) $secaccess_type=$selected_sec_access[$index];
$access_line.='<div style="padding:5px 15px;"><input type="checkbox" name="selected_sections[]" style="vertical-align:middle;" value="'.$cur_sec_id.'"';
if(!$checked_selected || in_array($cur_sec_id,$selected_sec_ids) || $selected_sec_flag && in_array($cur_sec_id,$_POST["selected_sections"])) {$access_line.=' checked="checked"';}
$access_line.=$f_ct.' <span class="rvts8">'.$cur_sec_name."</span>  "
.f_build_select('access_type'.$cur_sec_id,$access_type_ex,$secaccess_type,'onchange="javascript:tS(\''.$cur_sec_id.'\');"').'</div>';
$access_line.='<div id="section'.$cur_sec_id.'" style="display:'.(($secaccess_type=='2')?"block":"none").'">';
$access_line.=check_section_range(0,$cur_sec_id).'</div>';
}
$access_line.='</div>'.$f_br.'<span class="rvts8"><b>'.ucfirst($ca_lang_l['view']).'</b></span><span class="rvts8"> - ' .ucfirst($ca_lang_l['adduser_msg2']).$f_br .'</span><span class="rvts8"><b>'.ucfirst($ca_lang_l['edit']).'</b></span><span class="rvts8"> - ' .ucfirst($ca_lang_l['adduser_msg3']).'</span>';
return $access_line;
}
function build_edit_user_form($flag,$msg='',$username='',$data='',$usrid=0,$user_data='') //flags - add,editpass,editaccess,editdetails
{
global $access_type_ex,$pref_dir,$ca_lang_l,$ca_l,$f_br,$f_ct,$pref,$f_fmt_star,$f_fmt_hidden;
$buffer_id=array();
$buffer_access=array();
$input='<input class="input1" type="text" name="%s" value="%s" style="width:280px" maxlength="255"'.$f_ct.$f_br;
$input_ps='<input class="input1" type="password" name="%s" style="width:280px" maxlength="50"'.$f_ct.$f_br;
$span8_nobr='<span class="rvts8" style="font-size:10px;font-weight:bold;line-height:16px;">'.ucfirst('%s')."</span>";
$span8=$span8_nobr.$f_br;
$output='<div style="margin: 0 auto;width:300px;text-align:left">';
$output.='<form action="'.$pref_dir."centraladmin.php?process=processuser&".$ca_l.'" method="post">';
$output.=sprintf($f_fmt_hidden,'flag',$flag).($msg!=''? $msg.$f_br.$f_br:'');
$output.=($flag=='editdetails'? sprintf($span8,ucfirst($ca_lang_l['username']).$f_fmt_star): '');
if($usrid>0) $output.=sprintf($f_fmt_hidden,'id',$usrid);
if($flag=='editdetails')
{
$creation_date=($data!=''?$data['details']['creation_date']:$_POST['creation_date']);
$output.=sprintf($f_fmt_hidden,'creation_date',$creation_date);
$output.=sprintf($f_fmt_hidden,'sr', ($data!=''?$data['details']['sr']:$_POST['sr']) );
$output.=sprintf($f_fmt_hidden,'status', ($data!=''?$data['details']['status']:$_POST['status']) );
}
if($flag=='editdetails') $output.=sprintf($f_fmt_hidden,'old_username',$username).sprintf($input,'username',$username);
elseif($flag=='editaccess') $output.=sprintf($f_fmt_hidden,'username',$username);
else $output.=sprintf($f_fmt_hidden,'username',$username);
if($flag=='editdetails')
{
$output.=sprintf($span8,ucfirst($ca_lang_l['name']))
.sprintf($input,'name',($data!=''?un_esc($data['details']['name']):(isset($_POST['save'])?un_esc($_POST['name']):'')));
$output.=sprintf($span8,ucfirst($ca_lang_l['surname']))
.sprintf($input,'sirname',($data!=''?un_esc($data['details']['sirname']):(isset($_POST['save'])?un_esc($_POST['sirname']):'')));
$output.=sprintf($span8,ucfirst($ca_lang_l['email']))
.sprintf($input,'email',($data!=''?$data['details']['email']:(isset($_POST['save'])?$_POST['email']:'')));
if($flag=='editdetails') { $output.='<span class="rvts8"><i>'.ucfirst($ca_lang_l['creation date']).': '.($creation_date!=''? date('r',f_tzone_date($creation_date)): 'NA').'</i></span>'.$f_br;}
}
if($flag=='editpass')
{
$output.=sprintf($span8,ucfirst($ca_lang_l['password']).$f_fmt_star).sprintf($input_ps,'password');
$output.=sprintf($span8,ucfirst($ca_lang_l['repeat password']).$f_fmt_star).sprintf($input_ps,'repeatedpassword');
}
if($flag=='editaccess') // sections and access
{
$select_all_flag=($data=='' && isset($_POST['select_all'])? true: false);
$select_all_val=($select_all_flag)?$_POST["select_all"]:'undefined';
$checked_all_read=($flag=='editaccess' && $data!='' && $data[0]['section']=='ALL');
$checked_all_write=($flag=='editaccess' && $data!='' && $data[0]['section']=='ALL' && $data[0]['type']=='1');
$checked_selected=($select_all_flag && $_POST["select_all"]=='no' || $data!='' && $data[0]['section']!='ALL');
$selected_sec_flag=(isset($_POST['selected_sections'])? true: false);
$section_id=array();
$section_access=array();
$output.='<fieldset style="padding:3px;"><legend>'.sprintf($span8_nobr,ucfirst($ca_lang_l['access to'])).$f_fmt_star.'</legend>';
$output.='<input type="radio" name="select_all" value="yes" '.($checked_all_read? 'checked="checked"': '')
.' onclick="javascript:hide_div(\'selected_holder_'.$usrid.'\');"'.$f_ct.' <span class="rvts8">'.ucfirst($ca_lang_l['view all'])."</span>".$f_br;
$output.='<input type="radio" name="select_all" value="yesw" '.($checked_all_write? 'checked="checked"': '')
.' onclick="javascript:hide_div(\'selected_holder_'.$usrid.'\');"'.$f_ct.' <span class="rvts8">'.ucfirst($ca_lang_l['edit all'])."</span>".$f_br;
$section_list=get_sections_list();
if(!empty($section_list))
{
$output.='<input type="radio" name="select_all" value="no" '.($checked_selected? 'checked="checked"': '').' onclick="javascript:show_div(\'selected_holder_'.$usrid.'\');"'.$f_ct. '<span class="rvts8"> '.ucfirst($ca_lang_l['selected']).' </span>'.$f_br;
}
else {$output.=$f_br.'<span class="rvts8">'.ucfirst($ca_lang_l['adduser_msg1']).'</span>';}
$selected_sec_ids=array();
if($data!='') { foreach($data as $k=>$v) {$selected_sec_ids[]=$v['section']; $selected_sec_access[]=$v['type'];} }
elseif($selected_sec_flag && !empty($_POST["selected_sections"]))
{ foreach($_POST["selected_sections"] as $k=>$v) {$selected_sec_ids[]=$v;$selected_sec_access[]=$_POST["access_type".$v];} }
$output.='<div id="selected_holder_'.$usrid.'" style="display:'.($checked_selected?'block':'none').';">';
foreach($section_list as $k=>$v)
{
$cur_sec_id=str_replace('<id>','',$v[10]); $cur_sec_name=$v[8]; $secaccess_type=(!$checked_selected)? '2': '0';
if($flag=='editaccess')
{
$index=array_search($cur_sec_id,$selected_sec_ids);
if($index!==false) $secaccess_type=$selected_sec_access[$index];
}
$output.='<div style="padding: 5px 15px;"><input type="checkbox" name="selected_sections[]" style="vertical-align:middle;" value="'.$cur_sec_id.'" ';
if(!$checked_selected || in_array($cur_sec_id,$selected_sec_ids) || $selected_sec_flag && in_array($cur_sec_id,$_POST["selected_sections"]))
{$output.=' checked="checked"';}
$output.=$f_ct.' <span class="rvts8">'.$cur_sec_name."</span>  "
.f_build_select('access_type'.$cur_sec_id.'_'.$usrid,$access_type_ex,$secaccess_type,'onchange="javascript:tS(\''.$cur_sec_id.'_'.$usrid.'\');"').'</div>';
$output.='<div id="section'.$cur_sec_id.'_'.$usrid.'" style="display:'.(($secaccess_type=='2')?"block":"none").'">';
$output.=check_section_range(0,$cur_sec_id,$usrid,$user_data)."</div>";
}
$output.='</div>';
$output.=$f_br.'<span class="rvts8"><b>'.ucfirst($ca_lang_l['view']).'</b></span><span class="rvts8"> - '.ucfirst($ca_lang_l['adduser_msg2']) .$f_br.'</span><span class="rvts8"><b>'.ucfirst($ca_lang_l['edit']).'</b></span><span class="rvts8"> - '.ucfirst($ca_lang_l['adduser_msg3']).'</span>'.$f_br.$f_br.'</fieldset>';
}
if($flag=='editdetails') // event manager
{
$calendar_categories=get_calendar_categories();
if(!empty($calendar_categories))
{
$news_for=array();
if(isset($data['news']) && !empty($data['news']))
{
foreach($data['news'] as $key=>$val) $news_for[]=$val['page'].'%'.$val['cat'];
}
$output.=$f_br.'<fieldset style="padding:3px;width:270px;"><legend>'.sprintf($span8_nobr,$ca_lang_l['want to get']).'</legend>'.$f_br;
foreach($calendar_categories as $k=>$v)
{
$ckbox_value=$v['pageid'].'%'.$v['catid'];
$output.='<input type="checkbox" name="news_for[]" value="'.$ckbox_value.'" style="vertical-align: middle;" '.
(in_array($ckbox_value,$news_for)? 'checked="checked" ': '').$f_ct.' <span class="rvts8">'.$v['pagename'].' - '.$v['catname'].'</span>'.$f_br;
}
$output.=$f_br.'</fieldset>';
}
}
$base=f_build_self_url('centraladmin.php');
$output.=$f_br.'<input class="input1" name="save" type="submit" value=" '.ucfirst($ca_lang_l['submit']).' "'.$f_ct
.' <input class="input1" type="button" value=" '.ucfirst($ca_lang_l['cancel']);
if($usrid>0) $output.=' " onclick="sv(\''.$flag.'_'.$usrid.'\');"'.$f_ct;
else $output.=' " onclick="document.location=\''.$base."?process=manageusers&".$ca_l.'\'"'.$f_ct;
$output.='</form></div>';
$output.="<script language=\"javascript\" type=\"text/javascript\">function tS(id){if(document.getElementById('access_type'+id).selectedIndex==2) document.getElementById('section'+id).style.display='block'; else document.getElementById('section'+id).style.display='none'; } function show_div(id){document.getElementById(id).style.display='block';} function hide_div(id){document.getElementById(id).style.display='none';}</script>";
return $output;
}
function build_register_form($msg='',$data='')
{
global $pref_dir,$ca_lang_l,$ca_settings,$ca_l,$f_br,$f_ct,$trtdsp;
$sr_termsofuse_urls='';
$settings=f_GFS($ca_settings,'<registration>','</registration>');
if(strpos($settings,'<terms_url>')!==false) $sr_termsofuse_urls=f_GFS($settings,'<terms_url>','</terms_url>');
if(strpos($settings,'<notes>')!==false) $sr_notes=f_GFS($settings,'<notes>','</notes>');
if($sr_termsofuse_urls!='')
{
if(strpos($sr_termsofuse_urls,'../')!==false && strpos($pref_dir,'../')===false)
{$sr_termsofuse_urls=str_replace('../','',$sr_termsofuse_urls);}
}
$output=$f_br."<form action='".$pref_dir."centraladmin.php?process=register&".$ca_l.(isset($_GET['charset'])?'&charset='.f_sth(f_strip_tags($_GET['charset'])):'')."' method='post'>";
$output.="<div align='center'><table width='50%'><tr><td colspan='2' align='center'><span class='rvts8'><b>".ucfirst($ca_lang_l['registration']).$msg."</b></span><span class='rvts8'>".$f_br.$f_br."</span></td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['username'])."*</span></td><td align='left'><input class='input1' type='text' name='username' value='".($data!=''?un_esc($data['username']):(isset($_POST['save'])?f_sth(f_strip_tags($_POST['username'])):''))."' style='width:240px' maxlength='50'".$f_ct."</td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['name'])."*</span></td><td align='left'><input class='input1' type='text' name='name' value='" .($data!=''?un_esc($data['name']):(isset($_POST['save'])?f_sth(f_strip_tags($_POST['name'])):''))."' style='width:240px' maxlength='50'".$f_ct."</td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['surname'])."*</span></td><td align='left'><input class='input1' type='text' name='sirname' value='".($data!=''?un_esc($data['sirname']):(isset($_POST['save'])?f_sth(f_strip_tags($_POST['sirname'])):''))."' style='width:240px' maxlength='50'".$f_ct."</td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['email'])."*</span></td><td align='left'><input class='input1' type='text' name='email' value='".($data!=''?$data['email']:(isset($_POST['save'])?f_sth(f_strip_tags($_POST['email'])):''))."' style='width:240px' maxlength='50'".$f_ct."</td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['password'])."*</span></td><td align='left'><input class='input1' type='password' name='password' value='' style='width:240px' maxlength='50'".$f_ct."</td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['repeat password'])."*</span></td><td align='left'><input class='input1' type='password' name='repeatedpassword' style='width:240px' maxlength='50'".$f_ct."</td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['code'])."*</span></td><td align='left'><input class='input1' type='text' name='code' value='' size='4' maxlength='4'".$f_ct." ";
if(f_is_able_build_img())
{
$output.='<img src="'.$pref_dir.'centraladmin.php?process=captcha&'.$ca_l.'" border="0" alt="" style="vertical-align: middle;"'.$f_ct;
}
else $output.="<span class='rvts0'><b>".f_generate_captcha_code2()."</b></span>";
$sr_agree_msg_fixed = ucfirst($ca_lang_l['sr_agree_msg']);
if($sr_termsofuse_urls!='')
{
$pattern=f_GFS($sr_agree_msg_fixed,'%%','%%');
$sr_agree_msg_fixed = str_replace('%%'.$pattern.'%%','<a class="rvts12" href="'.$sr_termsofuse_urls.'">'.$pattern.'</a>',$sr_agree_msg_fixed);
}
else $sr_agree_msg_fixed=str_replace('%%','',$sr_agree_msg_fixed);
$output.="</td></tr><tr><td></td>";
$output.="<td align='left'><input type='checkbox' name='agree' value='agree' style='vertical-align: middle;'".$f_ct." <span class='rvts8'> *";
$output.=$sr_agree_msg_fixed."</span></td></tr><tr><td></td><td><span class='rvts8'> </span></td></tr>";
if(isset($sr_notes) && !empty($sr_notes))
$output.="<tr><td></td><td align='left'><span class='rvts8'>".$sr_notes."</span></td></tr>";
$calendar_categories=get_calendar_categories();
if(!empty($calendar_categories)) //event manager
{
$output.="<tr><td></td><td align='left'><span class='rvts8'><b>".$ca_lang_l['want to get'].$f_br." </b></span></td></tr>";
foreach($calendar_categories as $k=>$v)
{
$output.="<tr><td></td><td align='left'><input type='checkbox' name='news_for[]' value='".$v['pageid'].'%'.$v['catid']."' style='vertical-align: middle;'".$f_ct." <span class='rvts8'>".$v['pagename'].' - '.$v['catname']."</span></td></tr>";
}
$output.=" <tr><td></td><td><span class='rvts8'> </span></td></tr>";
}
$output.="<tr><td></td><td align='left'><span class='rvts8'>(*) ".$ca_lang_l['required fields']."</span></td></tr>";
$output.="<tr><td></td><td align='left'><input class='input1' name='save' type='submit' value=' ".ucfirst($ca_lang_l['submit'])." '".$f_ct."</td></tr>";
$output.="</table></div></form>";
return $output;
}
function build_forgotpass_form($msg='')
{
global $pref_dir,$ca_lang_l,$ca_l,$f_br,$f_ct;
$output=$f_br.'<form action="'.$pref_dir.'centraladmin.php?process=forgotpass&'.$ca_l.'" method="post">';
$output.='<div style="margin: 0 auto;width:40%"><table><tr><td colspan="2" style="text-align:center;"><span class="rvts10">'.ucfirst($ca_lang_l['forgotten password']).' '.$msg.'</span>'.$f_br.$f_br.'<span class="rvts8">' .ucfirst($ca_lang_l['sr_forgotpass_note']).$f_br.$f_br.'</span></td></tr>';
$output.='<tr><td><span class="rvts8">'.ucfirst($ca_lang_l['username']).'</span></td><td><input class="input1" type="text" name="username" value="'.(isset($_POST['submit'])?f_sth(f_strip_tags($_POST['username'])):'').'" style="width:220px" maxlength="50"'.$f_ct.'</td></tr>';
$output.='<tr><td><span class="rvts8">'.ucfirst($ca_lang_l['email']).'</span></td><td><input class="input1" type="text" name="email" value="'.(isset($_POST['submit'])?f_sth(f_strip_tags($_POST['email'])):'').'" style="width:220px" maxlength="50"'.$f_ct.'</td></tr>';
$output.='<tr><td></td><td><input class="input1" name="submit" type="submit" value=" '.ucfirst($ca_lang_l['submit']).' "'.$f_ct.'</td></tr></table></div></form>';
return $output;
}
function build_changepass_form($username,$msg='')
{
global $pref_dir,$ca_lang_l,$ca_l,$f_br,$f_ct;
$output=$f_br."<form action='".$pref_dir."centraladmin.php?process=changepass&".$ca_l."&pageid=".$_GET['pageid'] ."&ref_url=".$_GET['ref_url']."' method='post'>";
$output.="<div align='center'><table width='340px'><tr><td colspan='2' align='center'><span class='rvts8'><b>".ucfirst($ca_lang_l['change password']).' '.$msg."</b></span><input type='hidden' name='username' value='".$username."'".$f_ct."</td></tr>";
$output.="<tr><td><span class='rvts8'>".ucfirst($ca_lang_l['old password'])."*</span></td><td align='right'><input class='input1' type='password' name='oldpassword' value='' style='width:220px' maxlength='50'".$f_ct."</td></tr>";
$output.="<tr><td><span class='rvts8'>".ucfirst($ca_lang_l['new password'])."*</span></td><td align='right'><input class='input1' type='password' name='newpassword' value='' style='width:220px' maxlength='50'".$f_ct."</td></tr>";
$output.="<tr><td><span class='rvts8'>".ucfirst($ca_lang_l['repeat password'])."*</span></td><td align='right'><input class='input1' type='password' name='repeatedpassword' style='width:220px' maxlength='50'".$f_ct."</td></tr>";
$output.="<tr><td colspan='2' align='right'><span class='rvts8'>(*) ".$ca_lang_l['required fields']."</span></td></tr>";
$output.="<tr><td colspan='2' align='right'><input class='input1' name='submit' type='submit' value=' ".ucfirst($ca_lang_l['submit'])." '".$f_ct."</td></tr>";
$output.="</table></div></form>";
return $output;
}
function build_editprofile_form($username,$data='',$msg='')
{
global $pref_dir,$ca_lang_l,$ca_l,$f_br,$f_ct,$trtdsp;
$output=$f_br."<form action='".$pref_dir."centraladmin.php?process=editprofile&pageid=".$_GET['pageid'] ."&ref_url=".$_GET['ref_url'].'&'.$ca_l."' method='post'>";
$creation_date=($data!=''?$data['details']['creation_date']:$_POST['creation_date']);
$output.="<input type='hidden' name='creation_date' value='".$creation_date."'".$f_ct;
$sr=($data!=''?$data['details']['sr']:$_POST['sr']);
$output.="<input type='hidden' name='sr' value='".$sr."'".$f_ct;
$status=($data!=''?$data['details']['status']:$_POST['status']);
$output.="<input type='hidden' name='status' value='".$status."'".$f_ct;
$output.="<div align='center'><table width='340px'><tr><td colspan='2' align='center'><span class='rvts8'><b>".ucfirst($ca_lang_l['edit profile']).' '.$msg."</b></span><input type='hidden' name='username' value='".$username."'".$f_ct."</td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['name'])."*</span></td><td align='right'><input class='input1' type='text' name='name' value='" .($data!=''?un_esc($data['details']['name']):(isset($_POST['save'])?un_esc($_POST['name']):''))."' style='width:220px'".$f_ct."</td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['surname'])."*</span></td><td align='right'><input class='input1' type='text' name='sirname' value='".($data!=''?un_esc($data['details']['sirname']):(isset($_POST['save'])?un_esc($_POST['sirname']):''))."' style='width:220px'".$f_ct."</td></tr>";
$output.=$trtdsp.ucfirst($ca_lang_l['email'])."*</span></td><td align='right'><input class='input1' type='text' name='email' value='".($data!=''?$data['details']['email']:(isset($_POST['save'])?$_POST['email']:''))."' style='width:220px'".$f_ct."</td></tr>";
$calendar_categories=get_calendar_categories();
if(!empty($calendar_categories))
{
$news_for=array();
if(isset($data['news']) && !empty($data['news']))
{
foreach($data['news'] as $key=>$val) $news_for[]=$val['page'].'%'.$val['cat'];
}
$output.='<tr><td colspan="2" align="left" width="380px"><fieldset style="padding:3px;"><legend><span class="rvts8">'.ucfirst($ca_lang_l['want to get']).' </span></legend>'.$f_br;
foreach($calendar_categories as $k=>$v)
{
$ckbox_value=$v['pageid'].'%'.$v['catid'];
$output.="<input type='checkbox' name='news_for[]' value='".$ckbox_value."' style='vertical-align: middle;' ".
(in_array($ckbox_value,$news_for)? "checked='checked' ": "").$f_ct." <span class='rvts8'>".$v['pagename'].' - '.$v['catname']."</span>".$f_br;
}
$output.=$f_br.'</fieldset></td></tr>';
}
$output.="<tr><td colspan='2' align='right'><span class='rvts8'>(*) ".$ca_lang_l['required fields']."</span></td></tr>";
$output.="<tr><td colspan='2' align='right'><input class='input1' name='submit' type='submit' value=' ".ucfirst($ca_lang_l['submit'])." '".$f_ct."</td></tr>";
$output.="</table></div></form>";
return $output;
}
# ------------ self-registration
function process_register($action_id,$ms='')
{
global $ca_db_file,$ca_lang_l,$ca_l,$ca_settings,$f_lf,$ca_template_file_f,$sr_notif_enabled,$ca_user_msg,$f_br,$f_fmt_span8em,$ca_site_url;
$err_msg='';
if(isset($_POST['save'])) // send registration email
{
if(!isset($_SESSION)) {f_int_start_session();}
if(!isset($_SESSION['CAPTCHA_CODE'])) {echo "This is illegal operation. You are not allowed to register.";exit;}
else
{
foreach($_POST as $k=>$v) {if(!is_array($v)) $_POST[$k]=trim($v);}
$post_user=f_strip_tags($_POST['username']);
if(empty($_POST['username'])) $err_msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['username']);
elseif(!preg_match("/^[A-Za-z_0-9]+$/",$post_user)) $err_msg.=$f_br.ucfirst($ca_lang_l['can contain only']);
elseif(duplicated_user($post_user)) $err_msg.=$f_br.ucfirst($ca_lang_l['username exists']);
if(empty($_POST['name'])) $err_msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['name']);
if(empty($_POST['sirname'])) $err_msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['surname']);
if(empty($_POST['email'])) $err_msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['email']);
elseif(!empty($_POST["email"]) && !f_validate_email(f_strip_tags($_POST["email"]))) $err_msg.=$f_br.ucfirst($ca_lang_l['nonvalid email']);
if(empty($_POST['password'])) $err_msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['password']);
elseif(strlen(trim($_POST['password']))<5) $err_msg.=$f_br.ucfirst($ca_lang_l['your password should be']);
elseif(empty($_POST['repeatedpassword'])) $err_msg.=$f_br.ucfirst($ca_lang_l['repeat password']);
elseif($_POST['password']!=$_POST['repeatedpassword']) $err_msg.=$f_br.ucfirst($ca_lang_l['password and repeated password']);
elseif(strtolower($post_user)=='admin' && strtolower($_POST['password'])=='admin') $err_msg.=$f_br.$ca_user_msg;
if(empty($_POST['code']) || md5(strtoupper($_POST['code']))!= $_SESSION['CAPTCHA_CODE'])
$err_msg.=$f_br.strtoupper($ca_lang_l['code']).' '.$ca_lang_l['field should match the text on the right'];
if(!isset($_POST['agree'])) $err_msg.=$f_br.ucfirst($ca_lang_l['agree with terms']);
if($err_msg!='') $output=build_register_form($f_br.sprintf($f_fmt_span8em,$err_msg));
else
{
$settings=f_GFS($ca_settings,'<registration>','</registration>');
$require_approval=f_GFS($settings,'<require_approval>','</require_approval>'); if($require_approval=='') $require_approval='0';
$access=array();
$access_str=(strpos($settings,'<access>')!==false)? f_GFS($settings,'<access>','</access>'): '';
if($access_str!='') $temp_access=explode('|',$access_str);
if(isset($temp_access))
{
foreach($temp_access as $k=>$v)
{
$t=explode('%%',$v);
$page_level_str=f_GFS($v,'(',')');
if(!empty($page_level_str)) $t[1]=str_replace('('.$page_level_str.')','',$t[1]);
if($t[1]=='2')
{
$page_level_arr=explode(';',$page_level_str);
foreach($page_level_arr as $kk=>$vv)
{
$value=explode('%',$vv);
$page_access_arr []=array('page'=>$value[0], 'type'=>$value[1]);
}
$access[]=array('section'=>$t[0],'type'=>$t[1],'page_access'=>$page_access_arr);
}
else $access[]=array('section'=>$t[0],'type'=>$t[1]);
}
}
$uniqueid=md5(uniqid(mt_rand(),true));
$link=f_build_self_url('centraladmin.php').'?id='.$uniqueid.'&process=register&'.$ca_l;
$content=str_replace("##",'<br>',$ca_lang_l['sr_email_msg']);
$content=str_replace(array("%CONFIRMLINK%",'%%site%%'), array('<a href="'.$link.'">'.$link.'</a>',$ca_site_url), $content);
$content=str_replace(array("%CONFIRMLINK%",'%%site%%'), array('<a href="'.$link.'">'.$link.'</a>',$ca_site_url), $content);
$content=str_replace(array('%%username%%','%%USERNAME%%'), array($post_user,$post_user),$content);
$content_text=str_replace(array("##","%CONFIRMLINK%"), array($f_lf,$link), $ca_lang_l['sr_email_msg']);
$content_text=str_replace("%%site%%", $ca_site_url, $content_text);
$content_text=str_replace(array('%%username%%','%%USERNAME%%'), array($post_user,$post_user),$content_text);
$subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_email_subject']);
if((strpos(strtolower($content),'mime-version')!==false) || (strpos(strtolower($content),'content-type')!==false))
{$log_msg=" Registration email CAN NOT be sent - possible dangerous content"; $output=$log_msg; }
$send_to_email=f_strip_tags($_POST["email"]);
$sections='';
$news='';
if(empty($access)) {$sections.='<access id="1" section="ALL" type="0"></access>';}
else
{
foreach($access as $k=>$v)
{
$sections.='<access id="'.($k+1).'" section="'.$v['section'].'" type="'.$v['type'].'">';
if($v['type']=='2')
{
foreach($v['page_access'] as $key=>$val)
{ $sections.='<p id="'.($key+1).'" page="'.$val['page'].'" type="'.$val['type'].'">'; }
}
$sections.='</access>';
}
}
if(isset($_POST["news_for"])) //event manager
{
foreach($_POST["news_for"] as $k=>$v)
{
if(strpos($v,'%')!==false) { list($p,$c)=explode('%',$v); }
else { $p=$v; $c=''; }
$news.='<news id="'.($k+1).'" page="'.$p.'" cat="'.$c.'"></news>';
}
}
$details='<details email="'.f_strip_tags($_POST["email"]).'" name="'.esc(f_strip_tags($_POST["name"])).'" sirname="' .esc(f_strip_tags($_POST["sirname"])).'" sr="1"'.($require_approval=='1'? ' status="0"': ' status="1"').'></details>';
$log_msg='success';
$result=send_mail_ca($content,$content_text,$subject,$send_to_email);
if($result)
{
db_write_user('selfreg',$uniqueid,$post_user,crypt($_POST['password']),$sections,$details,$news); //event manager
$log_msg.=", email SENT"; $output = $f_br.'<div align="center"><h5>'.$ca_lang_l['sr_success_msg'].'</h5></div>';
}
else {$log_msg.=", email FAILED"; $output=$f_br.'Email FAILED. Try again.';}
write_log('reg','USER:'.$post_user,$log_msg);
if(isset($_SESSION['CAPTCHA_CODE'])) $_SESSION['CAPTCHA_CODE']='';
}
}
}
elseif(isset($_GET['id'])) // confirm registration
{
$file_contents='<?php echo "hi"; exit; /*<users> </users>*/ ?>';
if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file_f,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;}
flock($fp,LOCK_EX);
$fsize=filesize($ca_db_file);
if($fsize>0) $file_contents=fread( $fp,$fsize);
$users=f_GFS($file_contents,'<users>','</users>');
$get_id=f_strip_tags($_GET['id']);
if(strpos($file_contents,'<user id="'.$get_id)!==false)
{
if($users!='') {$users_arr=f_format_users($users); $last=array_pop($users_arr);$new_id=$last['id']+1;}
else {$new_id=1; }
$_user=f_GFSAbi($file_contents,'<user id="'.$get_id.'"','</user>');
$username=f_GFS($_user,'username="','"');
$new_user=str_replace($get_id,$new_id,$_user);
$new_user=str_replace('<details','<details date="'.mktime().'"',$new_user); // creation date
$file_contents=str_replace('</users>',$new_user.'</users>',$file_contents);
$file_contents=str_replace($_user,'',$file_contents);
ftruncate($fp,0);fseek($fp,0);
if(fwrite($fp,$file_contents) === FALSE) {print "Cannot write to file"; exit;}
flock($fp,LOCK_UN);fclose($fp);
$confirm_message=f_GFS($ca_settings,'<confirm_message>','</confirm_message>');
$output=$f_br."<span class='rvts8'>".$ca_lang_l['sr_confirm_msg'].'</span>'.$f_br.$confirm_message;
$log_msg='success';
if($sr_notif_enabled)
{
$users=f_GFS($file_contents,'<users>','</users>');
$users_arr=f_format_users($users);
if(!empty($users_arr)) { foreach($users_arr as $k=>$v) if($username==$v['username']) {$user_data=$v; break;} }
$content='register_id= '.f_strip_tags($_GET['id']).'<br>'.'username= '.$user_data['username'].'<br>';
$content.='name= '.un_esc($user_data['details']['name']).'<br>'.'surname= '.un_esc($user_data['details']['sirname']).'<br>';
$content.='email= '.$user_data['details']['email'].'<br>'.'date= '.date('Y-m-d G:i', f_tzone_date(mktime())).'<br>';
$content.='IP= '.(isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:"").'<br>';
$content.='HOST= '.(isset($_SERVER['REMOTE_HOST'])?$_SERVER['REMOTE_HOST']:"").'<br>';
$content.='OS= '.(isset($_SERVER['HTTP_USER_AGENT'])?f_define_os($_SERVER['HTTP_USER_AGENT']):"").'<br>';
$subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_notif_subject']);
$result=send_mail_ca($content,str_replace('<br>',$f_lf,$content),$subject);
if($result) $log_msg.=", notification SENT";
else $log_msg.=", notification FAILED";
}
if(!isset($_GET['flag'])) write_log('conf','USER:'.$username,$log_msg);
else {write_log('confadmin','USER:'.$username,$log_msg); check_pending_users($action_id,$output); exit; }
}
else $output=$f_br."<h5>".$ca_lang_l['sr_already_confirmed']."</h5>";
}
else $output=build_register_form($ms);
$output=GT($output);
print $output;
}
function process_forgotpass()
{
global $pref,$ca_lang_l,$f_lf,$ca_db_file,$ca_page_charset,$f_br,$f_fmt_span8em,$ca_template_file_f,$ca_db_settings_file,$ca_settings,$ca_site_url;
$msg='';
$ca_full_script_path=f_build_self_url('centraladmin.php');
if(isset($_POST['submit']))
{
if(!empty($_POST["username"])) { $usr=f_strip_tags(trim($_POST["username"])); $user_data=f_get_user($usr,$pref); }
if(!empty($_POST["email"])) { $email=f_strip_tags(trim($_POST["email"])); $user_data=f_get_user('',$pref,$email); }
if(!isset($usr) && !isset($email)) $msg.=$f_br.ucfirst($ca_lang_l['sr_forgotpass_fill_either']);
elseif(isset($usr) && empty($user_data)) $msg.=$f_br.ucfirst($ca_lang_l['unexisting']);
elseif(isset($email) && !f_validate_email($email)) $msg.=$f_br.ucfirst($ca_lang_l['nonvalid email']);
elseif(isset($email) || isset($usr))
{
if(!isset($user_data['details']['email']) || $user_data['details']['email']=='')
$msg.=$f_br.ucfirst($ca_lang_l[isset($email)?'sr_forgotpass_no_email':'no email for user']);
}
if($msg!='') $body_section=build_forgotpass_form($f_br.sprintf($f_fmt_span8em,$msg));
else
{
$uniqueid=md5(uniqid(mt_rand(),true)); $send_to_email=$user_data['details']['email'];
$confirm_url=$ca_full_script_path.'?process=forgotpass&confirm='.$uniqueid;$confirm_link='<a href="'.$confirm_url.'">'.$confirm_url.'</a>';
f_write_tagged_data('fp_'.$uniqueid,$user_data['username'],$ca_db_settings_file,$ca_template_file_f);
$content=str_replace(array('##','%%confirmlink%%','%%confirmurl%%','%%site%%','%%username%%','%%USERNAME%%'), array('<br>',$confirm_link,$confirm_url,$ca_site_url,$user_data['username'],$user_data['username']),$ca_lang_l['sr_forgotpass_msg0']);
$content_text=str_replace("##",$f_lf,$content);
$subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_forgotpass_subject0']);
$result=send_mail_ca($content,$content_text,$subject,$send_to_email);
$body_section=$f_br.'<h5>'.$ca_lang_l['sr_forgotpass_msg3'].'</h5>';
}
}
elseif(isset($_GET["confirm"]))
{
$uniqueid=trim(f_strip_tags($_GET["confirm"])); $new_pass=mt_rand();
$username=f_GFS($ca_settings,'<fp_'.$uniqueid.'>','</fp_'.$uniqueid.'>');
if(!empty($username))
{
$user_data=f_get_user($username,$pref);
$send_to_email=$user_data['details']['email'];
$content=str_replace(array("##","%%newpassword%%",'%%site%%'),array('<br>',$new_pass,$ca_site_url),$ca_lang_l['sr_forgotpass_msg']);
$content=str_replace(array('%%username%%','%%USERNAME%%'),array($username,$username),$content);
$content_text=str_replace("##",$f_lf,$content);
$subject=str_replace('%%site%%',$ca_site_url,$ca_lang_l['sr_forgotpass_subject']);
$result=send_mail_ca($content,$content_text,$subject,$send_to_email);
if($result)
{
if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file_f,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;}
flock($fp, LOCK_EX);
$file_contents=fread($fp,filesize($ca_db_file));
$users=f_GFS($file_contents,'<users>','</users>');
$old_data=f_GFSAbi($users,'<user id="'.$user_data['id'].'"','</user>');
$new_data=str_replace(f_GFSAbi($old_data,'password="','">'),'password="'.crypt($new_pass).'">',$old_data);
$file_contents=str_replace($old_data,$new_data,$file_contents);
ftruncate($fp,0);fseek($fp,0);
if(fwrite($fp,$file_contents) === FALSE) {print "Cannot write to file"; exit; }
flock($fp,LOCK_UN);fclose($fp);
$log_msg="success, email SENT"; $body_section=$f_br.'<h5>'.$ca_lang_l['sr_forgotpass_msg2'].'</h5>';
f_write_tagged_data('fp_'.$uniqueid,'',$ca_db_settings_file,$ca_template_file_f,true);
}
else {$log_msg='success, email FAILED'; $body_section='Email FAILED. Try again.';}
write_log('forgotpass','USER:'.$username,$log_msg);
}
else $body_section=$f_br.'<h5>'.ucfirst($ca_lang_l['sr_forgotpass_illegal']).'</h5> <a class="rvts12" href="'.$ca_full_script_path.'?process=forgotpass'.'">'.ucfirst($ca_lang_l['forgotten password']).'</a>';
}
else $body_section=build_forgotpass_form();
$body_section=GT($body_section);
print $body_section;
}
function process_changepass()
{
global $pref,$ca_lang_l,$ca_db_file,$ca_page_charset,$template_in_root,$f_br,$f_fmt_span8em,$ca_template_file_f;
$msg='';
if(isset($_SESSION['SID_ADMIN'])) $user=f_sth(f_strip_tags($_REQUEST['username']));
else $user=f_get_session_var_str('cur_user');
$user_data=f_get_user($user,$pref);
if(isset($_POST['submit']))
{
if(empty($_POST['oldpassword'])) $msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['old password']);
elseif($user_data['password']!=crypt($_POST['oldpassword'],$user_data['password'])) $msg.=$f_br.ucfirst($ca_lang_l['wrong old']);
if(empty($_POST['newpassword'])) $msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['new password']);
elseif(strlen(trim($_POST['newpassword']))<5) $msg.=$f_br.ucfirst($ca_lang_l['your password should be']);
elseif(empty($_POST['repeatedpassword'])) $msg.=$f_br.ucfirst($ca_lang_l['repeat password']);
elseif($_POST['newpassword']!=$_POST['repeatedpassword']) $msg.=$f_br.ucfirst($ca_lang_l['password and repeated password']);
if($msg!='') $body_section=build_changepass_form($user,$f_br.sprintf($f_fmt_span8em,$msg)); //m
else
{
if(isset($user_data['username']) && $user_data['username']==$user) //m
{
if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file_f,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;}
flock($fp,LOCK_EX);
$file_contents=fread($fp,filesize($ca_db_file));
$users=f_GFS($file_contents,'<users>','</users>');
$old_data=f_GFSAbi($users,'<user id="'.$user_data['id'].'"','</user>');
$new_data=str_replace(f_GFSAbi($old_data,'password="','">'),'password="'.crypt($_POST['newpassword']).'">',$old_data);
$file_contents=str_replace($old_data,$new_data,$file_contents);
ftruncate($fp,0);fseek($fp,0);
if(fwrite($fp,$file_contents)==FALSE) {print "Cannot write to file";exit;}
flock($fp,LOCK_UN);fclose($fp);
$body_section=$f_br.'<h5>'.ucfirst($ca_lang_l['password changed']).'.</h5>'.$f_br;
if(isset($_GET['ref_url']))
{
$u=$_GET['ref_url'];
if(strpos($_GET['ref_url'],'/')===false && $template_in_root==false) $u='../'.$u;
$body_section.='<a class="rvts12" href="'.urldecode($u).'">'.ucfirst($ca_lang_l['back to page']).'</a>';
}
write_log('changepass','USER:'.$user,'success');
}
}
}
else $body_section=build_changepass_form($user);
$body_section=GT($body_section);
print $body_section;
exit;
}
function process_editprofile()
{
global $pref,$ca_lang_l,$ca_db_file,$ca_page_charset,$f_br,$f_fmt_span8em,$ca_template_file_f;
$msg='';
if (isset($_SESSION['SID_ADMIN'])) $user=f_sth(f_strip_tags($_REQUEST['username']));
else $user=f_get_session_var_str('cur_user');
$user_data=f_get_user($user,$pref);
if(isset($_POST['submit']))
{
if(empty($_POST['name'])) $msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['name']);
if(empty($_POST['sirname']))$msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['surname']);
if(empty($_POST['email'])) $msg.=$f_br.ucfirst($ca_lang_l['fill in']).' '.strtoupper($ca_lang_l['email']);
if($msg!='') $body_section=build_editprofile_form($user,'',$f_br.sprintf($f_fmt_span8em,$msg));
else
{
if(isset($user_data['username']) && $user_data['username']==$user)
{
if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file_f,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;}
flock($fp,LOCK_EX);
$file_contents=fread($fp,filesize($ca_db_file));
$users=f_GFS($file_contents,'<users>','</users>');
$old_data=f_GFSAbi($users,'<user id="'.$user_data['id'].'"','</user>');
$new_details='<details email="'.$_POST["email"].'" name="'.$_POST["name"].'" sirname="'.$_POST["sirname"]
.'" date="'.$_POST["creation_date"].'" sr="'.$_POST["sr"].'" status="'.$_POST["status"].'"></details>';
$new_data=str_replace(f_GFSAbi($old_data,'<details','</details>'),$new_details,$old_data);
$news='';
if(isset($_POST["news_for"])) //event manager
{
foreach($_POST["news_for"] as $k=>$v)
{
if(strpos($v,'%')!==false) list($p,$c)=explode('%',$v);
else {$p=$v;$c='';}
$news.='<news id="'.($k+1).'" page="'.$p.'" cat="'.$c.'"></news>';
}
}
if(!empty($news))
{
if(strpos($new_data,'</news_data>')===false) //event manager
$new_data=str_replace('</details>','</details><news_data>'.$news.'</news_data>',$new_data);
else
$new_data=str_replace(f_GFSAbi($old_data,'<news_data>','</news_data>'),'<news_data>'.$news.'</news_data>',$new_data);
}
$file_contents=str_replace($old_data,$new_data,$file_contents);
ftruncate($fp,0);fseek($fp,0);
if(fwrite($fp,$file_contents)==FALSE) {print "Cannot write to file"; exit; }
flock($fp,LOCK_UN); fclose($fp);
$body_section=$f_br.'<h5>'.'Profile edited'.'.</h5>'.$f_br;
if(isset($_GET['ref_url']))
{
$u=$_GET['ref_url'];
$u=str_replace('../','',$u); //m
$body_section.='<a class="rvts12" href="'.urldecode($u).'">'.ucfirst($ca_lang_l['back to page']).'</a>';
}
write_log('editprofile','USER:'.$user,'success');
}
}
}
else {$body_section=build_editprofile_form($user,$user_data);}
$body_section=GT($body_section);
print $body_section; exit;
}
function send_mail_ca($content_html,$content_text,$subject,$send_to_email='')
{
global $ca_settings,$ca_lang_l,$ca_mail_msg,$f_sendmail_from,$f_site_charsets;
$res=false;
$sr_admin_email='your@email.here';
$settings=f_GFS($ca_settings,'<registration>','</registration>');
if(strpos($settings,'<admin_email>')!==false) $sr_admin_email=f_GFS($settings,'<admin_email>','</admin_email>');
if(strpos($sr_admin_email,'your@email.here')!==false || $sr_admin_email=='') { print GT($ca_mail_msg); exit; }
else
{
$send_to=($send_to_email!='')? array($send_to_email): array($sr_admin_email);
$from=($f_sendmail_from=='')? $sr_admin_email: $f_sendmail_from;
$page_charset=(isset($_GET['charset'])? $_GET['charset']: ''); if(strpos($f_site_charsets,'UTF-8')!==false) $page_charset='UTF-8';
$res=f_sendMail($send_to,$from,$content_html,$content_text,$subject,$page_charset);
}
return $res;
}
function get_calendar_categories()
{
global $f_db_folder;
$categories=array();
$calendar_pages=get_pages_list ('136');
foreach($calendar_pages as $k=>$v)
{
$cat=array();
$fp=@fopen($v['url'],'r');
if($fp) {$file_contents=fread($fp,4096); fclose($fp);}
if(isset($file_contents) && !empty($file_contents))
{
if(strpos($file_contents,'$em_enabled=TRUE;')!==false || strpos($file_contents,'$em_enabled=true;')!==false)
{
$cal_settings=f_read_file('../'.$f_db_folder.$v['pageid'].'_settings.ezg.php');
while(strpos($cal_settings,'<cat_')!==false)
{
$cat_id=f_GFS($cal_settings,'<cat_','>'); settype($cat_id, 'integer');
$category_info=f_GFS($cal_settings,'<cat_'.$cat_id.'>','</cat_'.$cat_id.'>');
list($name,$color,$vis,$mark,$mark_color)=explode('%%', $category_info);
$cat_ids_arr[]=$cat_id; $cat_names_arr[]=$name; $cat_visib_arr[]=($vis=='1'?true:false);
$cal_settings=str_replace('<cat_'.$cat_id.'>'.$category_info.'</cat_'.$cat_id.'>','', $cal_settings);
}
if(!isset($cat_ids_arr) || empty($cat_ids_arr))
{
$cat_names=f_GFS($file_contents,'$category_name=array(',');'); $cat_names_arr=explode(',',$cat_names);
$cat_ids=f_GFS($file_contents,'$category_id=array(',');'); $cat_ids_arr=explode(',',$cat_ids);
$cat_visib=f_GFS($file_contents,'$category_vis=array(',');'); $cat_visib_arr=explode(',',$cat_visib);
}
foreach($cat_names_arr as $kk=>$vv)
{
if($kk>0 && isset($cat_visib_arr[$kk]) && $cat_visib_arr[$kk]=='true' || $cat_visib_arr[$kk]==true)
$categories[]= array('pageid'=>$v['pageid'],'pagename'=>$v['name'],'catid'=>$cat_ids_arr[$kk],'catname'=>str_replace('"','',$vv));
}
$file_content='';
}
}
}
return $categories;
}
# ---------- DB
function write_log($change,$data,$message="")
{
global $ca_db_activity_log, $f_db_first_line, $f_db_last_line, $f_lf;
$time=mktime();
$typechange=array("reg"=>"Register", "conf"=>"Confirmation", "confadmin"=>"Confirmation (Admin)", "forgotpass"=>"Forgotten pass", "changepass"=>"Change pass", "editprofile"=>"Edit profile", "resend"=>"Confirmation email resend", "login"=>"Login", "logout"=>"Logout");
$currchange=$typechange[$change];
$record_line="$time => $currchange -> $data => Result: $message";
clearstatcache();
if(!file_exists($ca_db_activity_log)) $handle=@fopen($ca_db_activity_log,'w');
else $handle=@fopen($ca_db_activity_log,'a');
if(!$handle) return;
else
{
flock($handle,LOCK_EX);
if(filesize($ca_db_activity_log)==0) {$buf=$f_db_first_line.$f_lf.$record_line.$f_lf;}
else {$buf=$record_line.$f_lf;}
fwrite($handle,$buf); flock($handle,LOCK_UN); fclose($handle);
}
}
function db_get_users($tag='users')
{
global $ca_db_file;
$filename=$ca_db_file;
if(!file_exists($filename)) $filename=str_replace('../','',$filename);
$src=f_read_file($filename);
$users=f_GFS($src,'<'.$tag.'>','</'.$tag.'>');
return $users;
}
function db_remove_user($usr,$flag='users')
{
global $ca_db_file, $ca_template_file_f;
$result=false;
$updated_users='';
$users=db_get_users($flag);
if($flag=='users') {if($users!='') $users_arr=f_format_users($users);}
else {if($users!='') $users_arr=$users;}
if(isset($users_arr) && !empty($users_arr))
{
$counter=0;
if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file_f,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;}
flock($fp, LOCK_EX);
$fsize=filesize($ca_db_file);
if($fsize>0) $file_contents=fread($fp,$fsize);
$updated_users=str_replace(f_GFSAbi($users,'<user id="'.$usr.'"','</user>'),'',$users);
$file_contents=str_replace($users, $updated_users,$file_contents);
ftruncate($fp, 0);
fseek($fp, 0);
if(fwrite($fp,$file_contents) === FALSE) {print "Cannot write to file"; exit; }
flock($fp, LOCK_UN);
fclose( $fp );
$result=true;
}
return $result;
}
function db_write_user($flag,$uniqueid,$username='',$pwd='',$sections='',$details='',$news='')
{
$users_arr=array();
$specific_user=array();
if($flag=='selfreg') {db_add_user($uniqueid,$username,$pwd,$sections,$details,$news,true);}
else
{
$users=db_get_users();
if($users!='') $users_arr=f_format_users($users);
if(!empty($users_arr))
{
foreach($users_arr as $k=>$v) { if($uniqueid==$v['id']) {$id=$v['id']; break;} }
}
if($flag!='add' && isset($id)) db_edit_user($flag,$id,$username,$pwd,$sections,$details,$news);
else { $last=array_pop($users_arr); db_add_user($last['id']+1,$username,$pwd,$sections,$details,$news); }
}
}
function db_add_user($id,$username,$pwd,$sections,$details,$news,$self_reg=false)
{
global $ca_db_file, $ca_template_file_f;
$result=false;
$file_contents='<?php echo "hi"; exit; /*<users> </users>*/ ?>';
$new_user='<user id="'.$id.'" username="'.$username.'" password="'.$pwd.'"><access_data>'.$sections.'</access_data>'. ($news!=''?'<news_data>'.$news.'</news_data>':'').$details.'</user>'; //event manager
if(!file_exists($ca_db_file)) { print f_fmt_in_template($ca_template_file_f,f_fmt_error_msg('MISSING_DBFILE',$ca_db_file)); exit; }
else if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file_f,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;}
flock($fp, LOCK_EX);
$fsize=filesize($ca_db_file);
if($fsize>0) $file_contents=fread($fp,$fsize);
if($self_reg==false) {$file_contents=str_replace('</users>',$new_user.'</users>',$file_contents);}
else
{
if(strpos($file_contents,'<selfreg_users>')===false)
{$file_contents=str_replace('</users>','</users><selfreg_users>'.$new_user.'</selfreg_users>',$file_contents);}
else {$file_contents=str_replace('</selfreg_users>',$new_user.'</selfreg_users>',$file_contents);}
}
if(strpos($file_contents,'/*<users>')===FALSE)
{
$file_contents=str_replace('<users>','/*<users>',$file_contents);
$file_contents=str_replace('</users>','</users>*/',$file_contents);
}
ftruncate($fp,0);fseek($fp,0);
if(fwrite($fp,$file_contents) === FALSE) {print "Cannot write to file"; exit; }
flock($fp,LOCK_UN);fclose($fp);
$result=true;
}
function db_edit_user($flag,$id,$username,$pwd='',$sections='',$details='',$news='') //edit user's password or access
{
global $ca_db_file, $ca_template_file_f;
$users=''; $file_contents=''; $fixed='';
$users=db_get_users();
if(!$fp=fopen($ca_db_file,'r+')) {print f_fmt_in_template($ca_template_file_f,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_file)); exit;}
flock($fp,LOCK_EX);
$fsize=filesize($ca_db_file);
if($fsize>0) $file_contents=fread($fp,$fsize);
$user_to_update='<user id="'.$id.'" '.f_GFS($users,'<user id="'.$id.'" ','</user>').'</user>';
if(strpos($user_to_update,'</access_data>')===false || strpos($user_to_update,'<user id="'.($id+1).'"')!==false)
{
$fixed=$user_to_update;
if(strpos($user_to_update,'</access><access_data>')!==false) {$fixed=str_replace('</access><access_data>','</access></access_data>',$user_to_update);}
else
{
if(strpos($user_to_update,'<user id="'.($id+1).'"')!==false)
{
$fixed=str_replace('<user id="'.($id+1).'"','</access_data> <details email="" name="" sirname="" date=""></details> </user> <user id="'.($id+1).'"',$user_to_update);
}
}
$file_contents=str_replace($user_to_update,$fixed,$file_contents);
ftruncate($fp,0);fseek($fp,0);
if(fwrite($fp,$file_contents)===FALSE) {print "Cannot write to file"; exit;}
flock($fp,LOCK_UN);fclose( $fp );
$users=db_get_users();
if(!$fp=fopen($ca_db_file,'r+')) {print "Cannot open file"; exit;}
flock($fp,LOCK_EX);
$fsize=filesize($ca_db_file);
if($fsize>0) $file_contents=fread($fp,$fsize);
}
if($flag=='editpass') $updated_user=str_replace(f_GFS($user_to_update,'password="','"'),$pwd,$user_to_update);
elseif($flag=='editaccess') $updated_user=str_replace(f_GFS($user_to_update,'<access_data>','</access_data>'),$sections,$user_to_update);
elseif($flag=='editdetails')
{
$updated_user=str_replace(f_GFSAbi($user_to_update,'<details ','></details>'),$details,$user_to_update);
if(strpos($user_to_update,'</news_data>')===false) //event manager
$updated_user=str_replace('</details>','</details><news_data>'.$news.'</news_data>',$updated_user);
else
$updated_user=str_replace(f_GFSAbi($user_to_update,'<news_data>','</news_data>'),'<news_data>'.$news.'</news_data>',$updated_user);
if(isset($_POST['old_username']))
{
$old_user_name=f_GFSAbi($updated_user,'username="','"');
$updated_user=str_replace($old_user_name,'username="'.$_POST['username'].'"',$updated_user);
}
}
elseif($flag=='activate' || $flag=='block')
{
$details_orig=f_GFSAbi($user_to_update,'<details ','>');
if(strpos($details_orig,'status="')!==false)
{$details_new=str_replace(f_GFSAbi($details_orig,'status="','"'), 'status="'.($flag=='activate'?'1':'0').'"',$details_orig);}
else {$details_new=str_replace('>', ' status="'.($flag=='activate'?'1':'0').'">',$details_orig);}
$updated_user=str_replace($details_orig, $details_new, $user_to_update);
}
else $updated_user=$user_to_update;
$file_contents=str_replace($user_to_update,$updated_user,$file_contents);
ftruncate($fp,0);fseek($fp,0);
if(fwrite($fp,$file_contents)===FALSE) {print "Cannot write to file";exit;}
flock($fp,LOCK_UN);fclose($fp);
return true;
}
# ----------- login/logout
function login_admin($action_id) // process login admin
{
global $admin_username,$admin_pwd,$ca_lang_l,$ca_account_msg;
$output='';
$user=$admin_username; $pass=$admin_pwd;
if(isset($_POST['login']))
{
if(isset($_POST['password'])) $pass_filled=md5($_POST['password']);
if(empty($_POST['username']) || empty($_POST['password']))
{
$output.=build_login_form_ca("<em style='color:red;'>".ucfirst($ca_lang_l['fill in']).' '.ucfirst($ca_lang_l['username']).' & '.ucfirst($ca_lang_l['password'])."</em>");
}
elseif(f_strip_tags($_POST['username'])!=$user || $pass_filled!=$pass)
{
set_delay();
$output.=build_login_form_ca("<em style='color:red;'>".ucfirst($ca_lang_l['incorrect username/password'])."</em>");
}
else
{
f_set_session_var('SID_ADMIN',$user); //ADMIN
if(isset($_SERVER['HTTP_USER_AGENT'])) f_set_session_var( 'HTTP_USER_AGENT',md5($_SERVER['HTTP_USER_AGENT']));
set_admin_cookie(); // for counter - to ignore hits from site admin
index($action_id); exit;
}
}
else
{
if(strtolower($user)=='admin' && ($pass==md5('admin') || $pass==md5('Admin') || $pass==md5('ADMIN'))) { print GT($ca_account_msg); exit; }
$output.=build_login_form_ca($ca_lang_l['CENTRAL ADMIN']);
}
$output=GT($output);
print $output;
}
function set_admin_cookie()
{
if(!isset($_COOKIE['visit_from_admin'])) // counter needed to ignore hits from site admin
{
$ts=mktime();
$expire_ts=mktime(23, 59, 59, date ('n',$ts), date ('j',$ts), 2037);
setcookie('visit_from_admin',md5(uniqid(mt_rand(),true)),$expire_ts);
}
}
function set_delay()
{
global $ca_db_delay_file;
$max_exec=ini_get('max_execution_time'); settype($max_exec,'integer');
$delay=($max_exec>=12 || $max_exec<3)?10:$max_exec-2;
$ts=mktime(); $last_wrong_ts=$ts;
if(file_exists($ca_db_delay_file) && is_writable($ca_db_delay_file))
{
$fsize=filesize($ca_db_delay_file);
if($fsize>0)
{
$fp=fopen($ca_db_delay_file,'r');
$last_wrong_ts=fread($fp,$fsize);
settype($last_wrong_ts,'integer');
fclose($fp);
}
if($ts-$last_wrong_ts<=30) sleep($delay);
$fp=fopen($ca_db_delay_file,'w');
flock($fp, LOCK_EX); fwrite($fp,$ts);
flock($fp, LOCK_UN); fclose($fp);
}
elseif($ts-$last_wrong_ts<=30) sleep($delay);
}
function logout_user($action_id)
{
global $ca_template_file,$ca_settings;
if($action_id=='logoutadmin') write_log('logout','USER:Administrator','success');
if($action_id=='logout' && isset($_SESSION['SID_ADMIN'])) write_log('logout','USER:Administrator','success');
elseif(isset($_SESSION['cur_user'])) { $user=f_get_session_var_str('cur_user'); write_log('logout','USER:'.$user,'success'); }
f_unset_session();
$logout_redirect_url=f_GFS($ca_settings,'<logout_redirect_url>','</logout_redirect_url>');
if(!empty($logout_redirect_url)) { $redirect_page_name=(strpos($logout_redirect_url,'http')===false? 'http://': '').$logout_redirect_url; }
elseif(isset($_GET['ref_url'])) { $redirect_page_name=f_strip_tags($_GET['ref_url']); }
elseif(isset($_GET['pageid']))
{
$prot_page_info=get_page_info($_GET['pageid']); $prot_page_name=$prot_page_info[1];
if(strpos($prot_page_name,'../')===false) { $redirect_page_name='../'.$prot_page_name; }
else $redirect_page_name=$prot_page_name;
}
else
{
$pos=strpos($ca_template_file,'http://');
if($pos!==false) {$redirect_page_name=substr($ca_template_file,$pos);}
else {$redirect_page_name='../'.$ca_template_file;}
}
f_url_redirect($redirect_page_name,false);
}
function user_navigation($logged_as_label='',$ca_label='',$logout_label='',$change_label='',$profile_label='',$return_flag=false)
{
global $thispage_id,$ca_l;
$thispage_dir='';
$logged_as_caadmin=isset($_SESSION['SID_ADMIN']);
$logged_as_causer=isset($_SESSION['cur_user']);
if($logged_as_caadmin) $user_val=f_get_session_var_str('SID_ADMIN');
elseif($logged_as_causer) $user_val=f_get_session_var_str('cur_user');
$prot_page_info=get_page_info($thispage_id);
if(strpos($prot_page_info[1],'../')===false) {$thispage_dir='documents/';}
else {$thispage_dir='../documents/';}
$heading='';
if(strtolower($logged_as_label)=='username' && $ca_label=='' && $logout_label=='' && $change_label=='') { $heading=$user_val; }
else
{
$ca_url=$thispage_dir.'centraladmin.php?process=';
$ref_url=$prot_page_info[1];
if($logged_as_caadmin)
{
$heading.='<span class="rvts8">'.$logged_as_label.' ['.$user_val.'] </span> ';
$heading.=':: <a class="rvts12" href="'.$ca_url.'index&'.$ca_l.'">'.$ca_label.'</a> ';
$heading.=':: <a class="rvts12" href="'.$ca_url.'logoutadmin&pageid='.$thispage_id.'&'.$ca_l.'">'.$logout_label.'</a>';
}
elseif($logged_as_causer)
{
$heading.='<span class="rvts8">'.$logged_as_label.' ['.$user_val.'] </span> ';
$heading.=':: <a class="rvts12" href="'.$ca_url.'logout&pageid='.$thispage_id.'&'.$ca_l.'">'.$logout_label.'</a>';
}
if($logged_as_causer)
{
$ca_detailed_url=$thispage_dir.'centraladmin.php?pageid='.$thispage_id.'&ref_url='.urlencode($ref_url)
.'&username='.$user_val.'&'.$ca_l.'&process=';
$heading.=' :: <a class="rvts12" href="'.$ca_detailed_url.'changepass">'.$change_label.'</a>';
$heading.=' :: <a class="rvts12" href="'.$ca_detailed_url.'editprofile">'.$profile_label.'</a>';
}
}
if($return_flag) return $heading;
else print $heading;
}
function scramble_string($string)
{
$result='';
$str_len=strlen($string);
for($i=0; $i<$str_len; $i++) { $result.=Chr(Ord($string[$i])+(($i && 1)+1));}
return $result;
}
function descramble_string($string)
{
$result='';
$str_len=strlen($string);
for($i=0; $i<$str_len; $i++) { $result.=Chr(Ord($string[$i])-(($i && 1)+1)); }
return $result;
}
function process_admin()
{
global $admin_username,$admin_pwd,$thispage_id,$version,$f_version,$sp_pages_ids,$ca_account_msg,$ca_template_file_f,$ca_sitemap_file,
$ca_db_settings_file,$ca_settings,$ca_db_file,$counter_ds_db_fname,$sr_enable,$ca_db_activity_log,$ca_template_file_f,$ca_l,$ca_available_lang_sets,$pref_dir,$ca_lang_l,$set_login_cookie,$f_br,$f_ct,$rss_call_in_prot_page,$pref,$counter_ts_db_fname,$ca_lang_l,$ca_l,$f_db_first_line, $f_lf,$f_fmt_caption,$ca_span8,$ca_nav_labels,$f_max_rec_on_admin,$f_db_folder, $ca_lang_set_fname,$f_br,$f_ct,$template_in_root;
global $ca_available_lang_sets,$ca_charset_lang_map,$ca_lang_set,$ca_reg_lang_settings_keys,$ca_reg_lang_settings_labels;
$access_flag=false;
$other_actions=array("logout","logoutadmin","version","register","captcha","loggedinfo","forgotpass","sitemap","changepass","editprofile");
$admin_actions= array("index","manageusers","processuser","loginadmin","confcounter","resetcounter","log","clearlog","confreg", "pendingreg","conflang","export","confreglang");
$action_id=(empty($_GET) && empty($thispage_id))?'index':'';
$action_id=(isset($_REQUEST['process'])?f_strip_tags($_REQUEST['process']):$action_id);
if(($action_id!='') && !in_array($action_id, $other_actions) && !in_array($action_id, $admin_actions)) $action_id='index';
if($ca_settings=='')
{
f_db_convert($pref."documents/centraladmin.ezg.php",$ca_db_file,false);
f_db_convert($pref."documents/centraladmin_conf.ezg.php",$ca_db_settings_file);
$ca_settings=f_read_file($ca_db_settings_file);
ca_update_language_set();
}
if(empty($_SESSION)) {f_int_start_session(); header("Cache-control: private");}
if($action_id=='logout' || $action_id=="logoutadmin") logout_user($action_id);
elseif($action_id=="version") echo $version.' '.$f_version;
elseif($action_id=="register")
{
if($sr_enable)process_register($action_id);
else {print GT($f_br.'<span class="rvts8"><b>Sorry, self-registration is not enabled for this site.</b></span>');exit;}
}
elseif($action_id=="captcha") f_draw_captcha2('../');
elseif($action_id=="loggedinfo")
{
if(!isset($_SERVER['HTTP_REFERER'])) {f_url_redirect("centraladmin.php?process=index",false);exit;}
else
{
$logged_as_label=(isset($_GET['logged_l'])? f_sth(f_strip_tags($_GET['logged_l'])): 'logged as');
$ca_label=(isset($_GET['ca_l'])? f_sth(f_strip_tags($_GET['ca_l'])): 'central admin');
$logout_label=(isset($_GET['logout_l'])? f_sth(f_strip_tags($_GET['logout_l'])): 'logout');
$change_label=(isset($_GET['change_l'])? f_sth(f_strip_tags($_GET['change_l'])): 'change password');
$profile_label=(isset($_GET['profile_l'])? f_sth(f_strip_tags($_GET['profile_l'])): 'edit profile');
$logged_info=user_navigation($logged_as_label,$ca_label,$logout_label,$change_label,$profile_label,true);
echo "\ndocument.write(' $logged_info ');\n";
}
}
elseif($action_id=="forgotpass") process_forgotpass();
elseif($action_id=='sitemap')
{
$fc=(isset($_GET['pwd']) && crypt('admin',$_GET['pwd'])=='llRanR22sJYds')?f_read_file($ca_sitemap_file):'';
print str_replace(array('<?php echo "hi"; exit; /*','*/ ?>'),array('',''),$fc);exit;
}
elseif(in_array($action_id,$admin_actions))
{
if(!f_is_logged('SID_ADMIN') || f_is_logged('HTTP_USER_AGENT') && $_SESSION['HTTP_USER_AGENT']!=md5($_SERVER['HTTP_USER_AGENT']) )
{
if(function_exists('session_regenerate_id') && version_compare(phpversion(),"4.3.3",">=") ) session_regenerate_id();
login_admin($action_id); exit;
}
if($action_id=="index") index($action_id);
elseif($action_id=="loginadmin") login_admin($action_id);
elseif($action_id=="manageusers") manage_users($action_id);
elseif($action_id=="processuser") process_users($action_id);
elseif($action_id=="pendingreg") check_pending_users($action_id);
elseif($action_id=="confcounter") conf_counter($action_id);
elseif($action_id=="resetcounter")
{
if(isset($_GET['confirmreset']) && file_exists($counter_ts_db_fname) && (filesize($counter_ts_db_fname)!==0))
{
$files=array($counter_ts_db_fname,$counter_ds_db_fname);
foreach($files as $k=>$v) {$fp=fopen($v,'r+');flock($fp,LOCK_EX);ftruncate($fp,0);fseek($fp,0);flock($fp,LOCK_UN);fclose($fp);}
f_write_tagged_data("counter_cookie_suffix", mktime(), $ca_db_settings_file, $ca_template_file_f);
clearstatcache();
$output="<span class='rvts8'>".ucfirst($ca_lang_l['reset done'])."</span>".$f_br.$f_br;
$flag=true;
}
else
{
$output=f_fmt_admin_title(ucfirst($ca_lang_l['reset counter'])).$f_br.$f_br."<span class='rvts8'>".ucfirst($ca_lang_l['reset MSG1'])."</span>".$f_br.$f_br;
$output.="<a class='rvts12' href='".$pref_dir."centraladmin.php?process=resetcounter&confirmreset=confirm&".$ca_l."' onclick=\"javascript:return confirm('".ucfirst($ca_lang_l['reset MSG2'])."')\">".$ca_lang_l['confirm counter reset']."</a>".$f_br.$f_br;
$flag=false;
}
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output,$flag);
print $output;
}
elseif($action_id=="confreg") conf_registration($action_id);
elseif($action_id=="confreglang")
{
$cur_lang=(isset($_GET['sr_lang'])? $_GET['sr_lang']:'EN');
if(isset($_POST['submit']))
{
$post_lang=$_POST['language']; $record_line='';
foreach($ca_reg_lang_settings_keys as $k=>$v)
{
if($v=='repeat password' || $v=='want to get') $setting_value=$_POST[str_replace(' ','_',$v)];
else $setting_value=(isset($_POST[$v]))? str_replace($f_lf,'##',f_esc(trim($_POST[$v]))): '';
$record_line.='<'.$v.'>'.$setting_value.'</'.$v.'>';
}
if(!empty($record_line)) f_write_tagged_data("sr_language_".$post_lang, $record_line, $ca_db_settings_file, $ca_template_file_f);
$output='<span class="rvts8">'.ucfirst($ca_lang_l['settings saved']).'</span>';
$ca_settings=f_read_file($ca_db_settings_file);
ca_update_language_set();
}
else
{
$lang_set_sr=f_read_lang_set($ca_lang_set_fname,$cur_lang,'ca');
if(isset($lang_set_sr['lang_l'])) $sr_lang_l=$lang_set_sr['lang_l']; else $sr_lang_l=$ca_lang_l;
$reg_lang_set_raw=f_GFS($ca_settings,'<sr_language_'.$cur_lang.'>','</sr_language_'.$cur_lang.'>');
if($reg_lang_set_raw!='')
{
foreach($ca_reg_lang_settings_keys as $k=>$v)
{
if(strpos($reg_lang_set_raw,'<'.$v.'>')!==false) $sr_lang_l[$v]=f_un_esc(f_GFS($reg_lang_set_raw,'<'.$v.'>','</'.$v.'>'));
}
}
$input='<input class="input1" type="text" name="%s" value="%s" style="width:500px" maxlength="250"'.$f_ct;
$area='<textarea class="input1" name="%s" cols="35" rows="7" style="width:500px">%s</textarea>';
$jstring='onchange="document.location=\''.($template_in_root?f_build_self_url('centraladmin.php'):'centraladmin.php').'?process=confreglang&sr_lang=\' + this.options[this.selectedIndex].value;"';
$table_data=array();
$table_data[]=f_admin_navigation(array($ca_lang_l['settings'], $ca_lang_l['language']), array($pref_dir.'centraladmin.php?process=confreg',$pref_dir.'centraladmin.php?process=confreglang'),1);
$table_data[]=array($ca_lang_l['language'],f_build_select("language",$ca_available_lang_sets,$cur_lang,'','key',$jstring));
foreach($ca_reg_lang_settings_keys as $k=>$v)
{
if(array_key_exists($v,$sr_lang_l))
{
$label=$ca_reg_lang_settings_labels[$k];
$setting_value=str_replace('##',$f_lf,f_sth($sr_lang_l[$v]));
if($v=='sr_success_msg' || $v=='sr_email_msg' || $v=='sr_forgotpass_note' || $v=='sr_forgotpass_msg' || $v=='sr_forgotpass_msg0' || $v=='sr_forgotpass_illegal' || $v=='sr_activated_msg' || $v=='sr_blocked_msg')
{ $table_data[]=array($label, sprintf($area,$v,$setting_value)); }
else { $table_data[]=array($label, sprintf($input,$v,$setting_value)); }
}
}
$table_data[]=$f_br.'<input class="input1" name="submit" type="submit" value=" '.ucfirst($ca_lang_l['submit']).' "'.$f_ct." <input class='input1' type='button' value=' ".ucfirst($ca_lang_l['cancel'])." ' onclick=\"javascript:history.back();\"".$f_ct.$f_br.$f_br;
$output='<div style="width:500px;margin:0 auto;text-align:left"><form method="post" action="'.$pref_dir.'centraladmin.php?process=confreglang">';
$output.=f_addentrytable($ca_lang_l['registration settings'], $table_data).'</form></div>';
}
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output);
if(!isset($_POST['submit']))
{
$charset=f_GFS($output,'charset=','"');
$new_charset=(strpos(strtolower($charset),'utf')!==false)? 'UTF-8': $ca_charset_lang_map[$cur_lang];
if($charset!='') $output=str_replace('charset='.$charset.'"', 'charset='.$new_charset.'"', $output);
}
print $output;
}
elseif($action_id=="conflang")
{
$logout_redirect_url=f_GFS($ca_settings,'<logout_redirect_url>','</logout_redirect_url>');
$tzone_offset=f_GFS($ca_settings,'<tzoneoffset>','</tzoneoffset>');
$lang_set=f_GFS($ca_settings,'<language>','</language>');
if(isset($_POST['submit']))
{
f_write_tagged_data(array('language','logout_redirect_url','tzoneoffset'), array($_POST['lang'],$_POST['logout_redirect_url'],$_POST['tzone_offset']), $ca_db_settings_file, $ca_template_file_f);
$output='<span class="rvts8">'.ucfirst($ca_lang_l['settings saved']).'</span>';
$ca_settings=f_read_file($ca_db_settings_file);
}
else
{
$table_data=array();
$output='<form action="'.$pref_dir.'centraladmin.php?process=conflang" method="post"><div style="width:350px;margin:0 auto;text-align:left">';
$table_data[]=array($ca_lang_l['language'], f_build_select('lang',$ca_available_lang_sets,strtoupper($lang_set)));
$table_data[]=array($ca_lang_l['set tzone'], "<input class='input1' name='tzone_offset' type='text' value='".$tzone_offset."' size='3'".$f_ct);
$table_data[]=array($ca_lang_l['redirect page'], "<input class='input1' type='text' name='logout_redirect_url' style='width:350px' value='".$logout_redirect_url."'".$f_ct.$f_br.$f_br.'<span class="rvts8"><i>'.ucfirst($ca_lang_l['redirect page msg']).'</i></span>');
$table_data[]=$f_br."<input class='input1' name='submit' type='submit' value=' ".ucfirst($ca_lang_l['submit'])." '".$f_ct." <input class='input1' type='button' value=' ".ucfirst($ca_lang_l['cancel'])." ' onclick=\"javascript:history.back();\"".$f_ct.$f_br.$f_br;
$output.=f_addentrytable($ca_lang_l['settings'],$table_data);
$output.="</div></form>";
}
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output);
print $output;
}
elseif($action_id=="log")
{
$logcontent=array();
clearstatcache();
if(file_exists($ca_db_activity_log))
{
$handle=fopen($ca_db_activity_log,'r');
while($data=fgetcsv($handle, 8192,'%'))
{
if($data[0]!=$f_db_first_line)
{
list($dt,$temp,$result)=explode('=>',$data[0]);
list($activity,$user)=explode('->',$temp);
if(strpos($user,'EMAIL:')!==false) $user=f_GFS($user,'USER:','EMAIL:');
elseif(strpos($user,'ID:')!==false) $user=f_GFS($user,'USER:','ID:');
else $user=str_replace('USER:','',$user);
$logcontent[]=array('date'=>trim($dt),'activity'=>trim($activity),'user'=>$user, 'result'=>str_replace('Result:','',$result));
}
}
fclose($handle);
}
$output='';
if(!empty($logcontent))
{
$logcontent=array_reverse($logcontent);
$records_count=count($logcontent);
$screen=(isset($_GET['page'])? $_GET['page']:1);
$offset=($screen==1)?0:($screen-1)*$f_max_rec_on_admin;
$limit_rec_to=($screen*$f_max_rec_on_admin>$records_count)?$f_max_rec_on_admin-($screen*$f_max_rec_on_admin-$records_count):$f_max_rec_on_admin;
$show_records=array_slice($logcontent,$offset,$limit_rec_to);
$url_part=$pref_dir."centraladmin.php?process=log";
$nav=f_page_navigation($records_count, $url_part, $f_max_rec_on_admin, $screen, $ca_lang_l['of'], "class='rvts12'", $ca_nav_labels);
$cap_arrays=array($ca_lang_l['date'],$ca_lang_l['activity'],$ca_lang_l['user'],$ca_lang_l['result']);
$table_data=array();
foreach($show_records as $key=>$value)
{
if(!empty($value))
{
if(strpos($value['date'],':')) $date_value=$value['date'];
else $date_value=date('d M Y h:i:s',f_tzone_date($value['date']));
$row_data=array($ca_span8.$date_value."</span>",$ca_span8." :: ".$value['activity']."</span>", $ca_span8.$value['user']."</span>",$ca_span8." :: ".$value['result']."</span>");
$table_data[]=$row_data;
}
}
$append=$f_br.'<form method="post" action="'.$pref_dir.'centraladmin.php?process=clearlog&'.$ca_l.'">'
.'<input class="input1" type="submit" value=" '.ucfirst($ca_lang_l['clear log']).' " onclick="javascript:return confirm(\''.ucfirst($ca_lang_l['clear log MSG']).'\')"'.$f_ct."</form>";
$output.=f_admintable($nav,$cap_arrays,$table_data,$append);
}
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output);
print $output;
}
elseif($action_id=="clearlog")
{
if(!$handle=fopen($ca_db_activity_log,'r+')){print f_fmt_in_template($ca_template_file_f,f_fmt_error_msg('DBFILE_NEEDCHMOD',$ca_db_activity_log)); exit;}
ftruncate($handle,0); fseek($handle,0); fclose($handle);
$output="<span class='rvts8'>".ucfirst($ca_lang_l['log file cleared'])."</span>".$f_br.$f_br;
$output=f_fmt_admin_screen($output, build_menu($action_id));
$output=GT($output);
print $output;
}
elseif($action_id=="export")
{
$output='';
$users=db_get_users();
if($users!='') {$users_array=f_format_users($users);}
else {$users_array=array();}
if(count($users_array)>1)
{
foreach ($users_array as $key => $row) { $name[$key]=$row['username']; }
$name_lower=array_map('strtolower',$name);
array_multisort($name_lower,SORT_ASC,$users_array);
}
if(!empty($users_array))
{
$field_names=array('username','name','sirname','email','creation_date','self-registered');
foreach($field_names as $k=>$v) { $output.=($k==0?'':',').'"'.f_sth(urldecode($v)).'"'; }
$output.=$f_lf;
foreach($users_array as $key=>$value)
{
$rec=array_keys($value);
$output.='"'.f_sth(urldecode($value['username'])).'"';
$output.=',"'.un_esc(urldecode($value['details']['name'])).'"';
$output.=',"'.un_esc(urldecode($value['details']['sirname'])).'"';
$output.=',"'.f_sth(urldecode($value['details']['email'])).'"';
$output.=',"'.$value['details']['creation_date'].'"';
$output.=',"'.(isset($value['details']['sr']) && $value['details']['sr']=='1'? 'Yes': 'No').'"';
$output.=',"'.(isset($value['details']['status']) && $value['details']['status']=='1'? 'Active': 'Blocked').'"';
$output.=$f_lf;
}
}
header("Pragma: public"); header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public"); header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"users_export.csv\";");
header("Content-Transfer-Encoding: binary");
print $output; exit;
}
}
else
{
if(empty($_POST) && empty($thispage_id) && !isset($_GET['pageid'])) {f_url_redirect("centraladmin.php?process=index",false);exit;}
$user=$admin_username;
$pass=$admin_pwd;
if(isset($_POST['pv_username'])) $pv_username=trim(f_strip_tags($_POST['pv_username']));
if(isset($_POST['pv_password'])) $pv_password=trim($_POST['pv_password']);
if(isset($_POST['pv_username']) && isset($_POST['pv_password'])) $pass_filled=md5($pv_password);
if(isset($_GET['pageid']) && isset($_POST['loginid'])) // when login page is directly accessed
{
$cur_section=f_strip_tags($_POST['loginid']);
if($_GET['pageid']=="0" && $thispage_id=="0")
{
$controlled_pages=get_prot_pages_list($cur_section); $protected_pages=array();
foreach($controlled_pages as $k=>$v) { if($v['protected']=='TRUE') $protected_pages[]=$v['id']; }
if(!empty($protected_pages))
{
$redirect_to_page='';
$user_account=f_get_user($pv_username,$pref);
if($user==$pv_username && $pass==$pass_filled) $redirect_to_page=$protected_pages[0];
elseif(!empty($user_account))
{
$user_password=$user_account['password'];
if($user_account['username']==$pv_username && $user_password==crypt($pv_password,$user_password))
{
if($user_account['access'][0]['section']!='ALL')
{
foreach($user_account['access'] as $k=>$v)
{
if($cur_section==$v['section'])
{
if($v['type']!='2') {$redirect_to_page=$protected_pages[0]; break; }
elseif(isset($v['page_access']))
{
foreach($v['page_access'] as $key=>$val)
{
if($val['type']=='0' && in_array($val['page'],$protected_pages))
{$redirect_to_page=$val['page']; break; }
}
}
}
}
}
else { $redirect_to_page=$protected_pages[0]; }
}
else { set_delay(); error($user_account);}
}
else { set_delay(); error($user_account);}
}
if(empty($redirect_to_page))
{
$output=GT($f_br."<span class='rvts8'><b>This Login page is not associated with any protected page. The system doesn't know where to redirect you.".$f_br."You have to go to EZG and protect certain page with this Login page.</b></span>");
print $output; exit;
}
else
{
$prot_page_info=get_page_info($redirect_to_page);
$thispage_id=str_replace('<id>','', trim($prot_page_info[10]));
}
}
if(!isset($pv_username) || !isset($pv_password) ) { set_delay(); error();}
elseif(strtolower($user)=='admin' && strtolower($user)==strtolower($pv_username) && ($pass==md5('admin') || $pass==md5('Admin') || $pass==md5('ADMIN')) && ($pass==md5(strtolower($pv_password)) || $pass==md5(ucfirst($pv_password)) || $pass==md5(strtoupper($pv_password)))) { print GT($ca_account_msg); exit; }
else
{
$prot_page_info=get_page_info($thispage_id);
$user_account=f_get_user($pv_username,$pref);
if(f_has_read_access($user_account,$prot_page_info)==false)
{
if($user!=$pv_username || $pass!=$pass_filled) {set_delay(); error($user_account);}
}
}
}
$prot_page_info=get_page_info($thispage_id);
$prot_page_name=$prot_page_info[1];
if($rss_call_in_prot_page && in_array($prot_page_info[4],array('136','137','138','143','144'))) // public rss when page is protected
{
$rss_settings_dir=$pref.$f_db_folder;
if($prot_page_info[4]=='144') $rss_public_on=f_read_file($rss_settings_dir.$thispage_id."_db_guestbook.ezg.php");
elseif($prot_page_info[4]=='136') $rss_public_on=f_read_file($rss_settings_dir.$thispage_id."_settings.ezg.php");
else $rss_public_on=f_read_file($rss_settings_dir.$thispage_id."_blocked_ips.ezg.php");
$rss_public_on=f_GFS($rss_public_on,'<public_rss>','</public_rss>');
}
//start of actual pwd protection check
if(isset($rss_public_on) && $rss_public_on=='1') {$access_flag=true;}
elseif(!f_is_logged('SID_ADMIN') || f_is_logged('HTTP_USER_AGENT') && $_SESSION['HTTP_USER_AGENT']!=md5($_SERVER['HTTP_USER_AGENT']) || isset($_GET['ref_url']))
{
if(isset($_SESSION['cur_user'])) $user_account=f_get_user($_SESSION['cur_user'],$pref);
if(!isset($_SESSION['cur_user']) || f_has_read_access($user_account,$prot_page_info)==false)
{
if(!isset($pv_username) && !isset($pv_password))
{
$ms='';
if(isset($_GET['ref_url']) && strpos($_GET['ref_url'],'action=register')!==false)
$ms='Identify yourself with username and password before registering for event.';
elseif(isset($_GET['ref_url'])
&& (strpos($_GET['ref_url'],'action=chregister')!==false||strpos($_GET['ref_url'],'action=clregister')!==false))
$ms='Identify yourself with username and password before changing or canceling your registration.';
elseif(isset($_GET['ref_url']) && strpos($_GET['ref_url'],'event_id=')!==false)
$ms='Identify yourself with username and password before checking attendees list.';
$ref_url=(isset($_GET['ref_url'])? f_strip_tags($_GET['ref_url']): ''); //event manager
if(strtolower($user)=='admin' && ($pass==md5('admin') || $pass==md5('Admin') || $pass==md5('ADMIN')))
{print GT($ca_account_msg); exit;}
if(!isset($user_account)) $user_account=array();
$contents=build_login_form($ms,$ref_url,$user_account);
$error_pattern=f_GFSAbi($contents,'<!--[error_message]','-->');
if($error_pattern!='') $contents=str_replace($error_pattern,'',$contents);
print $contents; exit;
}
else
{
if(!isset($pv_username) || !isset($pv_password) ) error();
$user_account=f_get_user($pv_username,$pref);
if(f_has_read_access($user_account,$prot_page_info,$pv_password,false)==true)
{
if(function_exists('session_regenerate_id') && version_compare(phpversion(),"4.3.3",">=") ) session_regenerate_id();
f_set_session_var('cur_user',$pv_username);
write_log('login', 'USER:'.$pv_username, 'success');
if($set_login_cookie==true) {setcookie("logged",$pv_username, time()+60*60*24);}
//if(isset($_POST['remember'])) {setcookie("vid", md5($pv_username), time()+14*24*60*60);}
$access_flag=true;
}
else
{
if($user!=$pv_username || $pass!=$pass_filled) {set_delay(); error($user_account); } //wrong username or password
if($user==$pv_username && $pass==$pass_filled)
{
if(function_exists('session_regenerate_id') && version_compare(phpversion(),"4.3.3",">=") ) {session_regenerate_id();}
f_set_session_var('SID_ADMIN',$pv_username);
write_log('login', 'USER:Administrator', 'success');
if($set_login_cookie==true) { setcookie("logged","admin",time()+60*60*24); }
if(isset($_SERVER['HTTP_USER_AGENT'])) { f_set_session_var( 'HTTP_USER_AGENT',md5($_SERVER['HTTP_USER_AGENT'])); }
set_admin_cookie(); // for counter - to ignore hits from site admin
$access_flag=true;
}
}
}
}
else $access_flag=true;
}
else $access_flag=true; //end of actual pwd protection check
if($access_flag)
{
if($action_id=="changepass") process_changepass();
elseif($action_id=="editprofile") process_editprofile();
}
if(isset($_GET['pageid']))
{
if($access_flag==true)
{
$load_page=$prot_page_name;
if(isset($_GET['indexflag']) || $prot_page_info[6]=='FALSE')
{
if($prot_page_info[4]=='143' && strpos($prot_page_info[1],'?flag=podcast')!==false)
{$load_page=$prot_page_name.'&action=index&'.$ca_l;}
elseif($prot_page_info[4]=='133')
{$load_page=(strpos($prot_page_info[1],'../')!==false? '../':''). 'subscribe/subscribe_'.str_replace('<id>','',$prot_page_info[10]).'.php?action=subscribers&'.$ca_l;}
elseif($prot_page_info[4]=='20')
{
if(isset($_SESSION['cur_pwd'.intval($_GET['pageid'])])) $r_with='action=remcookie';
else $r_with='action=doedit';
if(strpos($prot_page_name,'action=show')!==false)
$load_page=str_replace('action=show',$r_with,$prot_page_name);
else $load_page=$prot_page_name.'?'.$r_with;
}
elseif($prot_page_info[4]=='21')
{
if(strpos($prot_page_name,'action=list')!==false)
$load_page=str_replace('action=list','action=orders',$prot_page_name);
else $load_page=$prot_page_name.'?action=orders';
}
elseif($prot_page_info[4]=='181')
{
if(strpos($prot_page_name,'action=list')!==false)
$load_page=str_replace('action=list','action=login',$prot_page_name);
else $load_page=$prot_page_name.'?action=login';
}
elseif($prot_page_info[4]=='190') $load_page=$prot_page_name.'?action=login';
else {$load_page=$prot_page_name.'?action=index&'.$ca_l;}
}
elseif($prot_page_info[15]=='0' && ($prot_page_info[3]=='1' || $prot_page_info[3]=='0' && strpos($prot_page_info[1],'/SUB_')!==false) ) // FRAMES and SUBPAGE
{
if($prot_page_info[7]>0)
{
$login_page_info=get_page_info($prot_page_info[7]);
if(strpos($prot_page_info[1],'/SUB_')!==false)
{
if(isset($login_page_info[3]) && $login_page_info[3]=='0') $load_page=str_replace('SUB_','',$load_page);
}
elseif(in_array($prot_page_info[4],$sp_pages_ids))
{
if(isset($login_page_info[3]) && $login_page_info[3]=='0') $load_page=str_replace('<id>','',$prot_page_info[10]).'.php';
}
}
}
if(isset($_GET['ref_url'])) $load_page=f_strip_tags($_GET['ref_url']); //event manager
if(strpos($prot_page_name,'../')===false) {$load_page='../'.$load_page;}
f_url_redirect($load_page,false); exit;
}
}
}
}
process_admin();
?>