diff -r def792dd9b1b -r 1e2c9819ede3 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Fri Dec 18 09:39:18 2009 -0500 +++ b/plugins/SpecialAdmin.php Fri Dec 18 19:06:49 2009 -0500 @@ -1060,28 +1060,28 @@ { if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1') { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_uploads', '1'); } else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_uploads', '0'); } if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1') { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_imagemagick', '1'); } else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_imagemagick', '0'); @@ -1096,14 +1096,14 @@ } if(isset($_POST['file_history']) && getConfig('file_history') != '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('file_history', '1'); } else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('file_history', '0'); @@ -1115,7 +1115,7 @@ $_POST['imagemagick_path'] = '/usr/bin/convert'; $old = getConfig('imagemagick_path'); $oldnew = "{$old}||{$_POST['imagemagick_path']}"; - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',\'' . $db->escape($oldnew) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ',\'' . $db->escape($oldnew) . '\');'); if ( !$q ) $db->_die(); setConfig('imagemagick_path', $_POST['imagemagick_path']); @@ -1266,191 +1266,6 @@ auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - if(isset($_GET['action'])) - { - if ( !isset($_GET['plugin']) ) - { - echo '
No plugin specified.
'; - } - else if ( !preg_match('/^[A-z0-9_\.-]+\.php$/', $_GET['plugin']) ) - { - echo '
Hacking attempt
'; - } - else - { - $plugin =& $_GET['plugin']; - switch($_GET['action']) - { - case "enable": - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");'); - if ( !$q ) - $db->_die(); - setConfig("plugin_$plugin", '1'); - break; - case "disable": - if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') ) - { - echo('

' . $lang->get('acppl_err_heading') . '

-

' . $lang->get('acppl_err_demo_plugin') . '

'); - break; - } - if ( !in_array($plugin, $plugins->system_plugins) ) - { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");'); - if ( !$q ) - $db->_die(); - setConfig("plugin_$plugin", '0'); - } - else - { - echo '

' . $lang->get('acppl_err_heading') . '

-

' . $lang->get('acppl_err_system_plugin') . '

'; - } - break; - case "reimport": - $plugin_id = substr($plugin, 0, -4); - if ( isset($plugins->loaded_plugins[$plugin_id]) ) - { - // plugin file is safe, call import - $lang->import_plugin( ENANO_ROOT . "/plugins/$plugin" ); - echo '
' . $lang->get('acppl_msg_reimport_success') . '
'; - } - break; - } - } - } - $dir = './plugins/'; - $plugin_list = Array(); - $system = Array(); - $show_system = ( isset($_GET['show_system']) && $_GET['show_system'] == 'yes' ); - - if (is_dir($dir)) - { - if ($dh = opendir($dir)) - { - while (($file = readdir($dh)) !== false) - { - if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php') - { - unset($thelist); - if ( in_array($file, $plugins->system_plugins) ) - { - if ( !$show_system ) - continue; - $thelist =& $system; - } - else - { - $thelist =& $plugin_list; - } - $f = file_get_contents($dir . $file); - $f = explode("\n", $f); - $f = array_slice($f, 2, 7); - $f[0] = substr($f[0], 13, strlen($f[0])); - $f[1] = substr($f[1], 12, strlen($f[1])); - $f[2] = substr($f[2], 13, strlen($f[2])); - $f[3] = substr($f[3], 8, strlen($f[3])); - $f[4] = substr($f[4], 9, strlen($f[4])); - $f[5] = substr($f[5], 12, strlen($f[5])); - $thelist[$file] = Array(); - $thelist[$file]['name'] = $f[0]; - $thelist[$file]['uri'] = $f[1]; - $thelist[$file]['desc'] = $f[2]; - $thelist[$file]['auth'] = $f[3]; - $thelist[$file]['vers'] = $f[4]; - $thelist[$file]['aweb'] = $f[5]; - - if ( preg_match('/^[a-z0-9]+_[a-z0-9_]+$/', $thelist[$file]['name']) ) - $thelist[$file]['name'] = $lang->get($thelist[$file]['name']); - - if ( preg_match('/^[a-z0-9]+_[a-z0-9_]+$/', $thelist[$file]['desc']) ) - $thelist[$file]['desc'] = $lang->get($thelist[$file]['desc']); - - } - } - closedir($dh); - } - else - { - echo '
' . $lang->get('acppl_err_open_dir') . '
'; - return; - } - } - else - { - echo '
' . $lang->get('acppl_err_missing_dir') . '
'; - return; - } - echo('
- - - - - - - - '); - $plugin_files_1 = array_keys($plugin_list); - $plugin_files_2 = array_keys($system); - $plugin_files = array_values(array_merge($plugin_files_1, $plugin_files_2)); - $cls = 'row2'; - for ( $i = 0; $i < sizeof($plugin_files); $i++ ) - { - $cls = ( $cls == 'row2' ) ? 'row3' : 'row2'; - $this_plugin = ( isset($system[$plugin_files[$i]]) ) ? $system[$plugin_files[$i]] : $plugin_list[$plugin_files[$i]]; - $is_system = ( @$system[$plugin_files[$i]] ); - $bgcolor = ''; - if ( $is_system && $cls == 'row2' ) - $bgcolor = ' style="background-color: #FFD8D8;"'; - else if ( $is_system && $cls == 'row3' ) - $bgcolor = ' style="background-color: #FFD0D0;"'; - echo ' - - - - - - '; - } - $showhide_link = ( $show_system ) ? - '' . $lang->get('acppl_btn_hide_system') . '' : - '' . $lang->get('acppl_btn_show_system') . '' ; - echo ''; - echo '
' . $lang->get('acppl_col_filename') . '' . $lang->get('acppl_col_name') . '' . $lang->get('acppl_col_description') . '' . $lang->get('acppl_col_author') . '' . $lang->get('acppl_col_version') . '
'.$plugin_files[$i].''.$this_plugin['name'].''.$this_plugin['desc'].''.$this_plugin['auth'].''.$this_plugin['vers'].''; - if ( !in_array($plugin_files[$i], $plugins->system_plugins) ) - { - if ( getConfig('plugin_'.$plugin_files[$i]) == '1' ) - { - echo '' . $lang->get('acppl_btn_disable') . ''; - echo ' | '; - echo '' . $lang->get('acppl_btn_reimport') . ''; - } - else - { - echo '' . $lang->get('acppl_btn_enable') . ''; - } - } - else - { - echo $lang->get('acppl_lbl_system_plugin'); - } - echo '
'.$showhide_link.'
'; -} -*/ - function page_Admin_DBBackup() { global $db, $session, $paths, $template, $plugins; // Common objects @@ -1496,7 +1311,7 @@ $tables = array_merge($base, $add); // Log it! - $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); + $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,author_uid,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($session->username).'\',' . $session->user_id . ', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); if ( !$e ) $db->_die();