PageRenderTime 60ms CodeModel.GetById 12ms RepoModel.GetById 1ms app.codeStats 1ms

/authman/index.php

https://bitbucket.org/dahlo/roster
PHP | 8054 lines | 5919 code | 1256 blank | 879 comment | 1416 complexity | c525aa1c23a95d0f9d0fae8dfef1e79d MD5 | raw file
Possible License(s): LGPL-2.1 
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * AuthMan Free
    5. 

  5.  *
    6. 

  6.  * @copyright  Copyright (c) 2008 Authman Inc. (http://www.authman.com)
    7. 

  7.  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
    8. 

  8.  * @link       http://www.authman.com
    9. 

  9.  * @version    1.0.0
    10. 

  10.  */
    11. 

  11. 

  12. ini_set('zlib.output_compression','Off');
    13. 

  13. define('AUTHMAN_DIR', dirname(__FILE__));
    14. 

  14. 

  15. 

  16. 

  17. /**
    18. 

  18.  * AuthMan Class (Free Version)
    19. 

  19.  *
    20. 

  20.  * @copyright  Copyright (c) 2008 Authman Inc. (http://www.authman.com)
    21. 

  21.  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
    22. 

  22.  * @link       http://www.authman.com
    23. 

  23.  */
    24. 

  24. class Authman
    25. 

  25. {
    26. 

  26. 	/**
    27. 

  27.      * Class version, const
    28. 

  28.      *
    29. 

  29.      * @access private 
    30. 

  30.      */
    31. 

  31. 	var $AUTHMAN_VERSION = '1.1.0';
    32. 

  32. 

  33. 	/**
    34. 

  34.      * Apache ServerRoot
    35. 

  35.      *
    36. 

  36.      * @access private 
    37. 

  37.      * @var string
    38. 

  38.      */
    39. 

  39. 	var $_serverRoot = '/etc/httpd';
    40. 

  40. 

  41. 	/**
    42. 

  42.      * Authman directory
    43. 

  43.      *
    44. 

  44.      * private @var string
    45. 

  45.      */
    46. 

  46. 	var $_basePath;
    47. 

  47. 

  48. 	/**
    49. 

  49.      * Default Ini file
    50. 

  50.      *
    51. 

  51.      * @access private 
    52. 

  52.      * @var string
    53. 

  53.      */
    54. 

  54. 	var $_iniFile = 'config/config.ini';
    55. 

  55. 

  56. 	/**
    57. 

  57.      * Config settings
    58. 

  58.      *
    59. 

  59.      * @access private 
    60. 

  60.      * @var array
    61. 

  61.      */
    62. 

  62. 	var $_configArray = array('language'      => 'english',
    63. 

  63. 								  'login'         => 'admin',
    64. 

  64. 								  'password'      => 'admin',
    65. 

  65. 								  'demo'          => 0,
    66. 

  66. 								  'manual_edit'   => 1,
    67. 

  67. 								  'access_file'   => '.htaccess',
    68. 

  68. 								  'authuser_file' => '.htpasswd',
    69. 

  69. 								  'authname'      => 'Protected by Authman',
    70. 

  70. 								  'allowsignup'   => 0,
    71. 

  71.                                   'autoapprove'   => 0,
    72. 

  72. 								  'encryption'    =>'md5');
    73. 

  73. 

  74. 	/**
    75. 

  75.      * Language array
    76. 

  76.      *
    77. 

  77.      * @access private 
    78. 

  78.      * @var array
    79. 

  79.      */
    80. 

  80. 	var $_langArray = array('messages'=>array(),
    81. 

  81. 								'warnings'=>array(),
    82. 

  82. 								'errors'=>array());
    83. 

  83. 

  84. 	/**
    85. 

  85.      * File Paths
    86. 

  86.      *
    87. 

  87.      * @access private 
    88. 

  88.      * @var array
    89. 

  89.      */
    90. 

  90. 	var $_filePathsArray = array('configfile'=>null,
    91. 

  91. 									 'langfile'=>null,
    92. 

  92. 									 'accessfile'=>null,
    93. 

  93. 									 'authadminfile'=>null,
    94. 

  94. 									 'authuserfile' =>null,
    95. 

  95. 									 'authgroupfile'=>null,
    96. 

  96. 									 'accessfile_dist'=>null,
    97. 

  97. 									 'authuserfile_dist' =>null,
    98. 

  98. 									 'authgroupfile_dist'=>null,
    99. 

  99. 									 'signupfile'=>null);
    100. 

  100. 

  101. 	/**
    102. 

  102.      * Raw File Contents (by url hash)
    103. 

  103.      * 
    104. 

  104.      * @access private 
    105. 

  105.      * @var array
    106. 

  106.      */
    107. 

  107. 	var $_fileContentsArray = array();
    108. 

  108. 

  109. 	/**
    110. 

  110.      * Parsed File Data (by url hash)
    111. 

  111.      * 
    112. 

  112.      * @access private 
    113. 

  113.      * @var array
    114. 

  114.      */
    115. 

  115. 	var $_fileDataArray = array();
    116. 

  116. 

  117. 	/**
    118. 

  118.      * Access Rules Information (by url hash)
    119. 

  119.      * 
    120. 

  120.      * @access private 
    121. 

  121.      * @var array
    122. 

  122.      */
    123. 

  123. 	var $_accessRulesArray = array();
    124. 

  124. 

  125. 	/**
    126. 

  126. 	 * Runtime variables
    127. 

  127. 	 * 
    128. 

  128.      * @access private 
    129. 

  129.      * @var array
    130. 

  130. 	 */
    131. 

  131. 	var $_runtimeArray = null;
    132. 

  132. 

  133. 	/**
    134. 

  134.      * Error message
    135. 

  135.      *
    136. 

  136.      * @access private 
    137. 

  137.      * @var string
    138. 

  138.      */
    139. 

  139. 	var $_error = null;
    140. 

  140. 

  141.     /**
    142. 

  142.      * @access private
    143. 

  143.      * @var array
    144. 

  144.      */
    145. 

  145. 	var $_tplsArray = array();
    146. 

  146. 

  147. 	/**
    148. 

  148.      * Authman Constructor
    149. 

  149.      *
    150. 

  150.      * @access public
    151. 

  151.      * @params array|null $config
    152. 

  152.      * @return void
    153. 

  153.      */
    154. 

  154. 	function Authman( $config=array() )
    155. 

  155. 	{
    156. 

  156. 		// base prefix
    157. 

  157. 		$this->_basePath = dirname(__FILE__);
    158. 

  158. 

  159. 

  160. 		// overwrite ini file name
    161. 

  161. 		if (isset($config['ini'])) {
    162. 

  162. 			$this->_iniFile = $config['ini'];
    163. 

  163. 		}
    164. 

  164. 

  165. 		// loading ini file
    166. 

  166. 		$iniFilePath = $this->makePath( $this->_basePath, $this->_iniFile );
    167. 

  167. 		$this->_filePathsArray[ 'configfile' ] = $iniFilePath;
    168. 

  168. 		if (is_file($iniFilePath) && is_readable($iniFilePath) ) {
    169. 

  169. 			$cfg = @parse_ini_file( $iniFilePath, false );
    170. 

  170. 			if (isset($cfg)) {
    171. 

  171. 				$this->_configArray = array_merge($this->_configArray, $cfg);
    172. 

  172. 			}
    173. 

  173. 		}
    174. 

  174. 

  175. 		// overwrite language
    176. 

  176. 		if (isset($config['language'])) {
    177. 

  177. 			$this->_configArray['language'] = $config['language'];
    178. 

  178. 		}
    179. 

  179. 

  180. 		// loading language file
    181. 

  181. 		$langFilePath = $this->makePath($this->_basePath . DIRECTORY_SEPARATOR . 'languages',
    182. 

  182. 		$this->_configArray['language'] . '.lng' );
    183. 

  183. 		$this->_filePathsArray[ 'langfile' ] = $langFilePath;
    184. 

  184. 

  185. 		if (!is_file($langFilePath) || !is_readable($langFilePath) ) {
    186. 

  186. 			// we will trying load default language file
    187. 

  187. 			$langFilePath = $this->makePath($this->_basePath . DIRECTORY_SEPARATOR . 'languages',
    188. 

  188. 			'english.lng' );
    189. 

  189. 		}
    190. 

  190. 

  191. 		if (is_file($langFilePath) && is_readable($langFilePath) ) {
    192. 

  192. 			$this->_langArray = array_merge($this->_langArray, @parse_ini_file($langFilePath, true));
    193. 

  193. 		}
    194. 

  194. 

  195. 		// set access file path
    196. 

  196. 		$path = $this->makePath( $this->_basePath . DIRECTORY_SEPARATOR . '..',
    197. 

  197. 		$this->_configArray['access_file'] );
    198. 

  198. 		$this->_filePathsArray[ 'accessfile' ] = $path;
    199. 

  199. 		#if (is_file($path) && is_readable($path)) {
    200. 

  200. 		$this->readFileByType( 'accessfile' );
    201. 

  201. 		#}
    202. 

  202. 

  203. 		// set admin htpasswd file path
    204. 

  204. 		$basedir = $this->_basePath . DIRECTORY_SEPARATOR . 'var';
    205. 

  205. 

  206. 		$path = $this->makePath( $basedir, '.htadmin' );
    207. 

  207. 		$this->_filePathsArray[ 'authadminfile' ] = $path;
    208. 

  208. 

  209. 		// set default file paths
    210. 

  210. 		$path = $this->makePath( $basedir, 'htaccess_dist' );
    211. 

  211. 		$this->_filePathsArray[ 'accessfile_dist' ] = $path;
    212. 

  212. 

  213. 		$path = $this->makePath( $basedir, 'htpasswd_dist' );
    214. 

  214. 		$this->_filePathsArray[ 'authuserfile_dist' ] = $path;
    215. 

  215. 

  216. 		$path = $this->makePath( $basedir, 'htgroup_dist' );
    217. 

  217. 		$this->_filePathsArray[ 'authgroupfile_dist' ] = $path;
    218. 

  218. 

  219. 		$path = $this->makePath( $basedir, 'signups' );
    220. 

  220. 		$this->_filePathsArray[ 'signupfile' ] = $path;
    221. 

  221. 		// loading runtime stats
    222. 

  222. 	}
    223. 

  223. 

  224. 	/**
    225. 

  225.      * Return class version
    226. 

  226.      *
    227. 

  227.      * @access public 
    228. 

  228.      * @return string
    229. 

  229.      */
    230. 

  230. 	function getVersion()
    231. 

  231. 	{
    232. 

  232. 		return $this->AUTHMAN_VERSION;
    233. 

  233. 	}
    234. 

  234. 

  235. 	/**
    236. 

  236.      * Return true if demo mode is on
    237. 

  237.      *
    238. 

  238.      * @access public
    239. 

  239.      * @return string
    240. 

  240.      */
    241. 

  241. 	function isDemo()
    242. 

  242. 	{
    243. 

  243. 		return $this->_configArray['demo'] == 1;
    244. 

  244. 	}
    245. 

  245. 

  246. 	/**
    247. 

  247.      * Return true if menual edit is allowed
    248. 

  248.      *
    249. 

  249.      * @access public
    250. 

  250.      * @return string
    251. 

  251.      */
    252. 

  252. 	function isManualEdit()
    253. 

  253. 	{
    254. 

  254. 		return $this->_configArray['manual_edit'] == 1;
    255. 

  255. 	}
    256. 

  256. 

  257.     /**
    258. 

  258.      * Return configuration value by name
    259. 

  259.      *
    260. 

  260.      * @access public
    261. 

  261.      * @param string $name
    262. 

  262.      * @return string
    263. 

  263.      */
    264. 

  264. 	function getConfigValue( $name )
    265. 

  265. 	{
    266. 

  266. 		if (!isset($name) || !isset($this->_configArray[$name])) {
    267. 

  267. 			return false;
    268. 

  268. 		}
    269. 

  269. 

  270. 		return $this->_configArray[$name];
    271. 

  271. 	}
    272. 

  272. 

  273. 	/***************************************************************************
    274. 

  274. 	* Member zone related functions
    275. 

  275. 	**************************************************************************/
    276. 

  276. 

  277.     /**
    278. 

  278.      * Logging as user
    279. 

  279.      *
    280. 

  280.      * @access public
    281. 

  281.      * @param string $username
    282. 

  282.      * @param string encpass
    283. 

  283.      * @return bool
    284. 

  284.      */
    285. 

  285. 	function loginAs( $username, $encpass )
    286. 

  286. 	{
    287. 

  287. 		$_SESSION['am_u'] = base64_encode( $username );
    288. 

  288. 		$_SESSION['am_c'] = md5( $encpass );
    289. 

  289. 	
    290. 

  290. 		$user = $this->fetchRecordByType( 'authuserfile', $username );
    291. 

  291. 		if (false == $user) {
    292. 

  292. 			$user = $this->fetchRecordByType( 'authadminfile', $username, true );
    293. 

  293. 			if (false == $user) {
    294. 

  294. 				return false;
    295. 

  295. 			}
    296. 

  296. 		
    297. 

  297. 			$err = $this->getError();
    298. 

  298. 	        $this->setRuntimeValue('lastloggedin_ts', time());
    299. 

  299. 	        $this->setRuntimeValue('lastloggedin_ip', $_SERVER['REMOTE_ADDR'], true);
    300. 

  300. 			$this->setError($err);
    301. 

  301. 		}
    302. 

  302. 		
    303. 

  303. 		return true;
    304. 

  304. 	}	
    305. 

  305. 	
    306. 

  306. 	/**
    307. 

  307.      * Return authenticated user data 
    308. 

  308.      *
    309. 

  309.      * @access public
    310. 

  310.      * @return array|false 
    311. 

  311.      */
    312. 

  312. 	function getAuthenticatedUser()
    313. 

  313. 	{
    314. 

  314. 		// checking session cookie
    315. 

  315. 		$isadmin = false;
    316. 

  316. 		$user = null;
    317. 

  317. 		$username = $codedpass = $rawpass = null;
    318. 

  318. 		
    319. 

  319. 		if (isset($_SESSION) && isset($_SESSION['am_u']) 
    320. 

  320. 		                     && isset($_SESSION['am_c'])) {
    321. 

  321. 

  322. 			$username = base64_decode($_SESSION['am_u']);
    323. 

  323. 			$codedpass  = $_SESSION['am_c']; // md5
    324. 

  324. 		} else if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    325. 

  325. 			$username = $_SERVER['PHP_AUTH_USER'];
    326. 

  326. 			$rawpass  = $_SERVER['PHP_AUTH_PW'];
    327. 

  327. 		}
    328. 

  328. 		if (!isset($username) || $username=='') {
    329. 

  329. 			return false;
    330. 

  330. 		}
    331. 

  331. 		
    332. 

  332. 		// checking admins first
    333. 

  333. 		$user = $this->fetchRecordByType('authadminfile', $username, true);
    334. 

  334. 		if ($user) {
    335. 

  335. 			$isadmin = true;
    336. 

  336. 		} else {
    337. 

  337. 			$user = $this->fetchRecordByType('authuserfile', $username);
    338. 

  338. 		}
    339. 

  339. 

  340. 		if (false == $user || !isset($user['pass'])) {
    341. 

  341. 			return false;
    342. 

  342. 		}
    343. 

  343. 		
    344. 

  344. 		if (isset($rawpass)) {
    345. 

  345. 			$encpass = $this->htcrypt($rawpass, $user['pass']);
    346. 

  346. 			if ($encpass != $user['pass']) {
    347. 

  347. 				return false;
    348. 

  348. 			}
    349. 

  349. 		} else if (md5($user['pass']) != $codedpass) {
    350. 

  350. 			return false;
    351. 

  351. 		}
    352. 

  352. 		
    353. 

  353. 		$user['isadmin'] = $isadmin;
    354. 

  354. 		return $user;
    355. 

  355. 	}
    356. 

  356. 

  357. 	/**
    358. 

  358.      * Return true if user is authenticated
    359. 

  359.      *
    360. 

  360.      * @access public
    361. 

  361.      * @return bool
    362. 

  362.      */
    363. 

  363. 	function isAuthenticated()
    364. 

  364. 	{
    365. 

  365. 		return false == $this->getAuthenticatedUser() ? false : true;
    366. 

  366. 	}
    367. 

  367. 

  368.     /**
    369. 

  369.     * Return true if user is authenticated by basic auth method
    370. 

  370.     * 
    371. 

  371.     * @access public
    372. 

  372.     * @return bool
    373. 

  373.     */
    374. 

  374.     function isAuthenticatedByBasicAuth()
    375. 

  375.     {
    376. 

  376.         $user = $this->getAuthenticatedUser();
    377. 

  377.         if (false == $user) {
    378. 

  378.             return false;
    379. 

  379.         }
    380. 

  380.         
    381. 

  381.         if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
    382. 

  382.             return false;
    383. 

  383.         }
    384. 

  384.         
    385. 

  385.         $encpass = $this->htcrypt($_SERVER['PHP_AUTH_PW'], $user['pass']);
    386. 

  386.         if ($encpass != $user['pass']) {
    387. 

  387.                 return false;
    388. 

  388.         }
    389. 

  389.         
    390. 

  390.         return true;
    391. 

  391.     }
    392. 

  392. 

  393. 	/**
    394. 

  394.      * Return true if current authenticated user has administrator priviledges
    395. 

  395.      *
    396. 

  396.      * @access public
    397. 

  397.      * @return bool
    398. 

  398.      */
    399. 

  399. 	function isAdmin()
    400. 

  400. 	{
    401. 

  401. 		$user = $this->getAuthenticatedUser();
    402. 

  402. 		if (false == $user) {
    403. 

  403. 			return false;
    404. 

  404. 		}
    405. 

  405. 		return isset($user['isadmin']) && $user['isadmin'] ? true : false;
    406. 

  406. 	}
    407. 

  407. 

  408. 	/***************************************************************************
    409. 

  409. 	* Crypt Utilties
    410. 

  410. 	**************************************************************************/
    411. 

  411. 

  412. 	/**
    413. 

  413.      * Encrypt text with crypt function
    414. 

  414.      *
    415. 

  415.      * @access public
    416. 

  416.      * @param string $text
    417. 

  417.      * @param string|null $salt
    418. 

  418.      * @param string|null $prefix
    419. 

  419.      * @return string
    420. 

  420.      */
    421. 

  421. 	function encrypt_saltcrypt( $text, $salt='', $prefix='' )
    422. 

  422. 	{
    423. 

  423. 		if ($salt == 'DES') {
    424. 

  424. 			$salt = CRYPT_STD_DES == 1 ? 'r1' : '';
    425. 

  425. 		}
    426. 

  426. 

  427. 		if ($salt == 'EXT_DES') {
    428. 

  428. 			$salt = CRYPT_EXT_DES == 1 ? '_J9..pre' : '';
    429. 

  429. 		}
    430. 

  430. 

  431. 		if ($salt == 'MD5') {
    432. 

  432. 			$salt = CRYPT_MD5 == 1 ? '$1$pre$' : '';
    433. 

  433. 		}
    434. 

  434. 

  435. 		if ($salt == '') {
    436. 

  436. 			mt_srand((double)microtime()*1000000);
    437. 

  437. 

  438. 			for ($i=0; $i<CRYPT_SALT_LENGTH; $i++)
    439. 

  439. 			$salt .= substr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./",
    440. 

  440. 			mt_rand() & 63, 1);
    441. 

  441. 		}
    442. 

  442. 

  443. 		return $prefix . crypt($text, $salt);
    444. 

  444. 	}
    445. 

  445. 

  446. 	/**
    447. 

  447.      * Encrypt text with crypt function
    448. 

  448.      *
    449. 

  449.      * @access public
    450. 

  450.      * @param string $text
    451. 

  451.      * @param string|null $salt
    452. 

  452.      * @return string
    453. 

  453.      */
    454. 

  454. 	function htcrypt( $text, $salt=null ) 
    455. 

  455. 	{
    456. 

  456. 		$method = $this->_configArray['encryption'];
    457. 

  457. 		if (isset($salt) && substr($salt, 0, 6) == '$apr1$') {
    458. 

  458. 			$method = 'md5';
    459. 

  459. 			$salt = substr($salt, 6);
    460. 

  460. 		}
    461. 

  461. 		
    462. 

  462. 		// apr1-md5
    463. 

  463. 		if ($method == 'md5') {
    464. 

  464. 			if (CRYPT_MD5 == 1) {
    465. 

  465. 				return $this->crypt_apr1_md5($text, $salt);
    466. 

  466. 			}
    467. 

  467. 		}
    468. 

  468. 		
    469. 

  469. 		// DES
    470. 

  470. 		if (!isset($salt)) {
    471. 

  471. 			mt_srand((double)microtime()*1000000);
    472. 

  472. 			for ($i=0; $i<CRYPT_SALT_LENGTH; $i++) {
    473. 

  473. 				$salt .= substr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./", mt_rand() & 63, 1);
    474. 

  474. 			}
    475. 

  475. 		}
    476. 

  476. 				
    477. 

  477. 		return crypt($text, $salt);
    478. 

  478. 	}
    479. 

  479. 

  480.     /**
    481. 

  481.      * Encryption function
    482. 

  482.      *
    483. 

  483.      * @access public
    484. 

  484.      * @param string $plainpasswd
    485. 

  485.      * @param string $salt
    486. 

  486.      * @return string
    487. 

  487.      */
    488. 

  488. 	function crypt_apr1_md5($plainpasswd, $salt) {
    489. 

  489. 		if (!isset($salt)) {
    490. 

  490. 		    $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
    491. 

  491. 		} else {
    492. 

  492. 			$salt = substr($salt, 0, 8);
    493. 

  493. 		}
    494. 

  494. 		    
    495. 

  495. 	    $len = strlen($plainpasswd);
    496. 

  496. 	    $text = $plainpasswd.'$apr1$'.$salt;
    497. 

  497. 	    $bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd));
    498. 

  498. 	    for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
    499. 

  499. 	    for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; }
    500. 

  500. 	    $bin = pack("H32", md5($text));
    501. 

  501. 	    for($i = 0; $i < 1000; $i++) {
    502. 

  502. 	        $new = ($i & 1) ? $plainpasswd : $bin;
    503. 

  503. 	        if ($i % 3) $new .= $salt;
    504. 

  504. 	        if ($i % 7) $new .= $plainpasswd;
    505. 

  505. 	        $new .= ($i & 1) ? $bin : $plainpasswd;
    506. 

  506. 	        $bin = pack("H32", md5($new));
    507. 

  507. 	    }
    508. 

  508. 	    $tmp = '';
    509. 

  509. 	    for ($i = 0; $i < 5; $i++) {
    510. 

  510. 	        $k = $i + 6;
    511. 

  511. 	        $j = $i + 12;
    512. 

  512. 	        if ($j == 16) $j = 5;
    513. 

  513. 	        $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
    514. 

  514. 	    }
    515. 

  515. 	    $tmp = chr(0).chr(0).$bin[11].$tmp;
    516. 

  516. 	    $tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
    517. 

  517. 	    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
    518. 

  518. 	    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
    519. 

  519. 	    return "$"."apr1"."$".$salt."$".$tmp;
    520. 

  520. 	}
    521. 

  521. 	
    522. 

  522. 	/***************************************************************************
    523. 

  523. 	* File System Utilties
    524. 

  524. 	**************************************************************************/
    525. 

  525. 

  526. 	/**
    527. 

  527.      * Construct path from base path and file name
    528. 

  528.      *
    529. 

  529.      * @access public
    530. 

  530.      * @param string $basePath
    531. 

  531.      * @param string $fileName
    532. 

  532.      * @param string|null $dirsep
    533. 

  533.      * @return string
    534. 

  534.      */
    535. 

  535. 	function makePath($basePath, $fileName, $dirsep=DIRECTORY_SEPARATOR)
    536. 

  536. 	{
    537. 

  537. 		// Windows
    538. 

  538. 		if (preg_match('/^[A-Z]:\\\/i', $fileName)) {
    539. 

  539. 			return $this->getNormalizedPath( $fileName );
    540. 

  540. 		}
    541. 

  541. 		// Unix and other
    542. 

  542. 		if (substr($fileName,0,1)=='/' || substr($fileName,0,1)==$dirsep) {
    543. 

  543. 			return $this->getNormalizedPath( $fileName );
    544. 

  544. 		}
    545. 

  545. 

  546. 		return $this->getNormalizedPath( $basePath . $dirsep . $fileName );
    547. 

  547. 	}
    548. 

  548. 

  549. 	/**
    550. 

  550.      * Normalize given path
    551. 

  551.      *
    552. 

  552.      * @access public
    553. 

  553.      * @param mixed $path
    554. 

  554.      * @param string|null $dirsep
    555. 

  555.      * @return mixed
    556. 

  556.      */
    557. 

  557. 	function getNormalizedPath( $path, $dirsep=DIRECTORY_SEPARATOR )
    558. 

  558. 	{
    559. 

  559.         if (is_array($path)) {
    560. 

  560.             $pathArray = array();
    561. 

  561.             foreach($path as $p) {
    562. 

  562.                 $pathArray[] = $this->getNormalizedPath($p, $dirsep);
    563. 

  563.             }
    564. 

  564.             return $pathArray;
    565. 

  565.         }
    566. 

  566.         
    567. 

  567. 		$prefix = '';
    568. 

  568. 		
    569. 

  569.         // if not Windows
    570. 

  570. 		if (!preg_match('/^[A-Z]:\\\/i', $path)) {
    571. 

  571. 			$prefix = $dirsep;
    572. 

  572. 		}
    573. 

  573. 

  574. 		$path = str_replace('/',  $dirsep, $path);
    575. 

  575. 		$path = str_replace('\\', $dirsep, $path);
    576. 

  576. 

  577. 		$parts = explode($dirsep, $path);
    578. 

  578. 

  579. 		$todown=0;
    580. 

  580. 		for ($i = count($parts)-1; $i >= 0; $i--) {
    581. 

  581. 			if (empty($parts[$i]) || $parts[$i] == '.') {
    582. 

  582. 				array_splice( $parts, $i, 1);
    583. 

  583. 				continue;
    584. 

  584. 			}
    585. 

  585. 			if ($parts[$i] == '..') {
    586. 

  586. 				array_splice( $parts, $i, 1);
    587. 

  587. 				if ($i > 0) {
    588. 

  588. 					$todown++;
    589. 

  589. 				}
    590. 

  590. 				continue;
    591. 

  591. 			}
    592. 

  592. 			if ($todown) {
    593. 

  593. 				# warning: not works for complex paths like /root/path/../path/../../the/end
    594. 

  594. 				array_splice( $parts, $i-($todown-1), $todown);
    595. 

  595. 				$todown = 0;
    596. 

  596. 			}
    597. 

  597. 		}
    598. 

  598. 

  599. 		return $prefix . implode( $dirsep, $parts );
    600. 

  600. 	}
    601. 

  601. 

  602. 	/**
    603. 

  603.      * Return full path to a file specified by type
    604. 

  604.      * 
    605. 

  605.      * @access public
    606. 

  606.      * @param string $filetype
    607. 

  607.      * @param string|null $dir
    608. 

  608.      * @return string
    609. 

  609.      */
    610. 

  610. 	function getPathByType( $filetype, $dir=DIRECTORY_SEPARATOR )
    611. 

  611. 	{
    612. 

  612. 		$ln = strtolower($filetype);
    613. 

  613. 

  614. 		if ($ln == 'protecteddirectory') {
    615. 

  615. 			return $this->getNormalizedPath($this->_basePath . $dir . '..');
    616. 

  616. 		}
    617. 

  617. 

  618. 		if ($ln == 'phpmailer') {
    619. 

  619. 			return implode($dir, array($this->_basePath, 'contrib',
    620. 

  620. 			               'phpmailer', 'class.phpmailer.php'));
    621. 

  621. 		}
    622. 

  622. 		if ($ln == 'tinymcejs') {
    623. 

  623. 			return implode($dir, array($this->_basePath,
    624. 

  624. 			               'contrib', 'tinymce', 'jscripts',
    625. 

  625. 			               'tiny_mce', 'tiny_mce.js'));
    626. 

  626. 		}
    627. 

  627.         if ($ln == 'magpierss') {
    628. 

  628.             return implode($dir, array($this->_basePath, 'contrib',
    629. 

  629.                            'magpierss', 'rss_fetch.inc'));
    630. 

  630.         }
    631. 

  631. 		if (!isset($this->_filePathsArray[$filetype])) {
    632. 

  632. 			return false;
    633. 

  633. 		}
    634. 

  634. 

  635. 		return $this->_filePathsArray[$filetype];
    636. 

  636. 	}
    637. 

  637. 

  638.     /**
    639. 

  639.      * Return default file path by type
    640. 

  640.      *
    641. 

  641.      * @access public
    642. 

  642.      * @param string $filetype
    643. 

  643.      * @return string
    644. 

  644.      */
    645. 

  645. 	function getDefaultFilePathByType( $filetype )
    646. 

  646. 	{
    647. 

  647. 		if ($filetype == 'authuserfile') {
    648. 

  648. 			return dirname($this->getPathByType('accessfile'))
    649. 

  649. 			. DIRECTORY_SEPARATOR
    650. 

  650. 			. $this->getConfigValue('authuser_file');
    651. 

  651. 		}
    652. 

  652. 		return false;
    653. 

  653. 	}
    654. 

  654. 

  655.     /**
    656. 

  656.      * Returns url by type 
    657. 

  657.      *
    658. 

  658.      * @access public
    659. 

  659.      * @param string $filetype
    660. 

  660.      * @param string|null $fulurl
    661. 

  661.      * @return strung
    662. 

  662.      */
    663. 

  663. 	function getUrlByType( $filetype, $fullurl=false )
    664. 

  664. 	{
    665. 

  665. 		// base uri
    666. 

  666. 		$server = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
    667. 

  667. 		$port   = isset($_SERVER['SERVER_PORT']) ? $_SERVER['SERVER_PORT'] : 80;
    668. 

  668. 

  669. 		$uri_self = $_SERVER['PHP_SELF'];
    670. 

  670. 		$uri = dirname($uri_self);
    671. 

  671. 

  672. 		if ($filetype == 'base') {
    673. 

  673. 			$uri .= '/';
    674. 

  674. 		}
    675. 

  675. 		if ($filetype == 'protected') {
    676. 

  676. 			$uri = $this->getNormalizedPath($uri . '/../', '/');
    677. 

  677. 		}
    678. 

  678. 		if ($filetype == 'errordocument401') {
    679. 

  679. 			$uri = $uri_self .'?page=401';
    680. 

  680. 		}
    681. 

  681. 

  682. 		if ($filetype == 'login') {
    683. 

  683. 			$uri = $uri_self .'?page=login';
    684. 

  684. 		}
    685. 

  685. 

  686. 		if ($filetype == 'tinymcejs') {
    687. 

  687. 			$uri .= '/contrib/tinymce/jscripts/tiny_mce/tiny_mce.js';
    688. 

  688. 		}
    689. 

  689. 

  690. 		if (!$fullurl) {
    691. 

  691. 			return $uri;
    692. 

  692. 		}
    693. 

  693. 

  694. 		return 'http://'.$server . ($port != 80 ? ':'.$port : '') . $uri;
    695. 

  695. 	}
    696. 

  696. 

  697.     /**
    698. 

  698.      * Set file path
    699. 

  699.      *
    700. 

  700.      * @access public
    701. 

  701.      * @param string $filetype
    702. 

  702.      * @param string $filepath
    703. 

  703.      * @return void
    704. 

  704.      */
    705. 

  705. 	function setFilePathByType( $filetype, $filepath )
    706. 

  706. 	{
    707. 

  707. 		if (!isset($filepath)) {
    708. 

  708. 			return false;
    709. 

  709. 		}
    710. 

  710. 		$hash = md5( $filepath );
    711. 

  711. 

  712. 		$this->_fileContentsArray[ $hash ] = null;
    713. 

  713. 		$this->_fileDataArray[ $hash ] = null;
    714. 

  714. 		$this->_filePathsArray[ $filetype ] = $filepath;
    715. 

  715. 	}
    716. 

  716. 

  717. 	/**
    718. 

  718.      * Return temporary file name
    719. 

  719.      *
    720. 

  720.      * @access public
    721. 

  721.      * @return string
    722. 

  722.      */
    723. 

  723. 	function getTempFilePath()
    724. 

  724. 	{
    725. 

  725. 		return $this->_basePath . DIRECTORY_SEPARATOR . 't_' . time() . rand(0, 1000);
    726. 

  726. 	}
    727. 

  727. 

  728. 	/***************************************************************************
    729. 

  729. 	* String functions
    730. 

  730. 	**************************************************************************/
    731. 

  731. 

  732. 

  733. 	/***************************************************************************
    734. 

  734. 	* Disk Level File Operations
    735. 

  735. 	**************************************************************************/
    736. 

  736. 

  737.     /**
    738. 

  738.      * Write default deny file to disk
    739. 

  739.      *
    740. 

  740.      * @access private
    741. 

  741.      * @param string $filePath
    742. 

  742.      * @return bool
    743. 

  743.      */
    744. 

  744. 	function writeDenyFile( $filePath )
    745. 

  745. 	{
    746. 

  746. 		$fh = @fopen($filePath, 'w');
    747. 

  747. 		if (false == $fh) {
    748. 

  748. 			return false;
    749. 

  749. 		}
    750. 

  750. 		@fwrite($fh, "# Automatically Created by Autman Free\n");
    751. 

  751. 		@fwrite($fh, "order deny,allow\n");
    752. 

  752. 		@fwrite($fh, "deny from all\n");
    753. 

  753. 		@fclose($fh);
    754. 

  754. 

  755. 		return true;
    756. 

  756. 	}
    757. 

  757. 

  758. 	/**
    759. 

  759.      * Read and parse file 
    760. 

  760.      *
    761. 

  761.      * @access private
    762. 

  762.      * @param string $filetype
    763. 

  763.      * @return bool 
    764. 

  764.      */
    765. 

  765. 	function readFileByType( $filetype )
    766. 

  766. 	{
    767. 

  767. 		$path = $this->getPathByType( $filetype );
    768. 

  768. 		if (false == $path) {
    769. 

  769. 			return false;
    770. 

  770. 		}
    771. 

  771. 

  772. 		$hash = md5($path);
    773. 

  773. 		$this->_fileContentsArray[$hash] = array();
    774. 

  774. 		$this->_fileDataArray[$hash] = array();
    775. 

  775. 

  776. 		if (!is_file($path)) {
    777. 

  777. 			$this->setError( $this->E('NOSUCHFILE', $path) );
    778. 

  778. 			return false;
    779. 

  779. 		}
    780. 

  780. 

  781. 		if (is_file($path) && !is_readable($path)) {
    782. 

  782. 			$this->setError( $this->E('FILENOTREADBLE', $path) );
    783. 

  783. 			return false;
    784. 

  784. 		}
    785. 

  785. 

  786. 		$fh = @fopen($path, 'r');
    787. 

  787. 		if (false == $fh) {
    788. 

  788. 			$this->setError( $this->E('FILEOPENFAILED', $path) );
    789. 

  789. 			return false;
    790. 

  790. 		}
    791. 

  791. 

  792. 		$contents = $buf = null;
    793. 

  793. 		$maxbytes = 2048000;
    794. 

  794. 		$bytes = 0;
    795. 

  795. 		while (!feof($fh) && $bytes < $maxbytes && ($buf = fread($fh, $maxbytes-$bytes))) {
    796. 

  796. 			$contents .= $buf;
    797. 

  797. 		}
    798. 

  798. 

  799. 		fclose($fh);
    800. 

  800. 

  801. 		return $this->setFileContentsByType( $filetype, $contents );
    802. 

  802. 	}
    803. 

  803. 

  804. 	/**
    805. 

  805.      * Save file 
    806. 

  806.      *
    807. 

  807.      * @access public
    808. 

  808.      * @param string $filetype
    809. 

  809.      * @param bool|null $saveRawData
    810. 

  810.      * @param string|null $contents
    811. 

  811.      * @return bool 
    812. 

  812.      */
    813. 

  813. 	function saveFileByType( $filetype, $saveRawData=false, $contents=null, $parseTemplates=false )
    814. 

  814. 	{
    815. 

  815. 		$path = $this->getPathByType( $filetype );
    816. 

  816. 		if (!$path) {
    817. 

  817. 			return false;
    818. 

  818. 		}
    819. 

  819. 

  820. 		if (!isset($contents)) {
    821. 

  821. 			$contents = $this->getFileContentsByType( $filetype, $saveRawData, $parseTemplates );
    822. 

  822. 		}
    823. 

  823. 

  824. 		// Saving in DEMO mode is disabled
    825. 

  825. 		if ($this->isDemo()) {
    826. 

  826. 			$this->setError( $this->W('DEMOISON') );
    827. 

  827. 			return false;
    828. 

  828. 		}
    829. 

  829. 

  830. 		if (!is_file($path) && !is_writable(dirname($path))) {
    831. 

  831. 			$this->setError( $this->E('DIRNOTWRITABLE', dirname($path)) );
    832. 

  832. 			return false;
    833. 

  833. 		}
    834. 

  834. 

  835. 		if (is_file($path) && !is_writable($path)) {
    836. 

  836. 			$this->setError( $this->E('FILENOTWRITABLE', $path) );
    837. 

  837. 			return false;
    838. 

  838. 		}
    839. 

  839. 

  840. 		$fh = @fopen($path, 'w');
    841. 

  841. 		if (!$fh) {
    842. 

  842. 			$this->setError( $this->E('FILEOPENFAILED', $path) );
    843. 

  843. 			return false;
    844. 

  844. 		}
    845. 

  845. 

  846. 		if ($contents != '') {
    847. 

  847. 			if (!fwrite($fh, $contents)) {
    848. 

  848. 				$this->setError( $this->E('WRITEFAILED', $path) );
    849. 

  849. 				return false;
    850. 

  850. 			}
    851. 

  851. 		}
    852. 

  852. 

  853. 		@fclose($fh);
    854. 

  854. 

  855. 		if (!$this->readFileByType( $filetype )) {
    856. 

  856. 			return false;
    857. 

  857. 		}
    858. 

  858. 

  859. 		return true;
    860. 

  860. 	}
    861. 

  861. 

  862.     /**
    863. 

  863.      * Reset protected directory
    864. 

  864.      *
    865. 

  865.      * @access public
    866. 

  866.      * @retrun bool
    867. 

  867.      */
    868. 

  868. 	function resetProtectedDirectory()
    869. 

  869. 	{
    870. 

  870. 		$src = $this->getPathByType( 'accessfile_dist');
    871. 

  871. 		$dst = $this->getPathByType( 'accessfile' );
    872. 

  872. 

  873. 		if (false == $this->copyFile( $src, $dst )) {
    874. 

  874. 			return false;
    875. 

  875. 		}
    876. 

  876. 		$this->readFileByType( 'accessfile' );
    877. 

  877. 

  878. 		$result = true;
    879. 

  879. 

  880. 		$filesArray = array('authuserfile'); // , 'authgroupfile');
    881. 

  881. 		foreach ($filesArray as $file) {
    882. 

  882. 			$src = $this->getPathByType( $file . '_dist');
    883. 

  883. 			$dst = $this->getPathByType( $file );
    884. 

  884. 

  885. 			if (isset($src) && isset($dst) && is_file($src)) {
    886. 

  886. 				if (false == $this->copyFile( $src, $dst )) {
    887. 

  887. 					$result = false;
    888. 

  888. 				}
    889. 

  889. 			}
    890. 

  890. 		}
    891. 

  891. 

  892. 		return $result;
    893. 

  893. 	}
    894. 

  894. 

  895.     /**
    896. 

  896.      * Copy file 
    897. 

  897.      *
    898. 

  898.      * @access public
    899. 

  899.      * @param string $src
    900. 

  900.      * @param string $dst
    901. 

  901.      * @return bool
    902. 

  902.      */
    903. 

  903. 	function copyFile( $src, $dst )
    904. 

  904. 	{
    905. 

  905. 		if ($src == false) {
    906. 

  906. 			$this->setError( $this->E('INVALIDREQUEST') . ' [source]');
    907. 

  907. 			return false;
    908. 

  908. 		}
    909. 

  909. 		if ($dst == false) {
    910. 

  910. 			$this->setError( $this->E('INVALIDREQUEST') . ' [destination]');
    911. 

  911. 			return false;
    912. 

  912. 		}
    913. 

  913. 

  914. 		// Saving in DEMO mode is disabled
    915. 

  915. 		if ($this->isDemo()) {
    916. 

  916. 			$this->setError( $this->W('DEMOISON') );
    917. 

  917. 			return false;
    918. 

  918. 		}
    919. 

  919. 

  920. 		if (!is_file($dst) && !is_writable(dirname($dst))) {
    921. 

  921. 			$this->setError( $this->E('DIRNOTWRITABLE', dirname($dst)) );
    922. 

  922. 			return false;
    923. 

  923. 		}
    924. 

  924. 

  925. 		if (is_file($dst) && !is_writable($dst)) {
    926. 

  926. 			$this->setError( $this->E('FILENOTWRITABLE', $dst) );
    927. 

  927. 			return false;
    928. 

  928. 		}
    929. 

  929. 

  930. 		if (!is_file($src) || !is_readable($src)) {
    931. 

  931. 			$this->setError( $this->E('FILENOTREADBLE', $src) );
    932. 

  932. 			return false;
    933. 

  933. 		}
    934. 

  934. 

  935. 		if (false == copy( $src, $dst )) {
    936. 

  936. 			$this->setError( $this->E('FILECOPYFAILED', $src) );
    937. 

  937. 			return false;
    938. 

  938. 		}
    939. 

  939. 

  940. 		return true;
    941. 

  941. 	}
    942. 

  942. 

  943. 	/***************************************************************************
    944. 

  944. 	* Contents
    945. 

  945. 	**************************************************************************/
    946. 

  946. 

  947. 	/**
    948. 

  948.      * Return file contents
    949. 

  949.      *
    950. 

  950.      * @access public
    951. 

  951.      * @param string $filetype
    952. 

  952.      * @param bool|null $getRawData
    953. 

  953.      * @return string
    954. 

  954.      */
    955. 

  955. 	function getFileContentsByType( $filetype, $getRawData=false, $parseTemplates=false )
    956. 

  956. 	{
    957. 

  957. 		$path = $this->getPathByType( $filetype );
    958. 

  958. 		if (false == $path) {
    959. 

  959. 			return false;
    960. 

  960. 		}
    961. 

  961. 		$hash = md5( $path );
    962. 

  962. 

  963. 		if (false == $getRawData) {
    964. 

  964. 			$data = $this->getFileDataByType( $filetype );
    965. 

  965. 			$text = '';
    966. 

  966. 

  967. 			// build contents from parsed data
    968. 

  968. 			if ($filetype == 'accessfile') {
    969. 

  969. 

  970. 				if ($parseTemplates) {
    971. 

  971. 					foreach ($data as $k=>$v) {
    972. 

  972. 						$data[$k] = preg_replace('/%PROTECTEDDIRECTORY%/', $am->getPathByType('protecteddirectory'), $v);
    973. 

  973. 					}
    974. 

  974. 				}
    975. 

  975. 				$text = implode("\n", $data);
    976. 

  976. 

  977. 			} else if (($filetype=='authuserfile' || $filetype=='authadminfile' ||
    978. 

  978. 			            $filetype=='signupfile') && is_array($data)) {
    979. 

  979. 

  980. 				foreach ($data as $user) {
    981. 

  981. 					if (isset($user['pass_raw'])) {
    982. 

  982. //						$pass = $this->encrypt_saltcrypt( $user['pass_raw'], 'DES' );
    983. 

  983. 						$pass = $this->htcrypt( $user['pass_raw'] ); // salt automatically generated
    984. 

  984. 					} else {
    985. 

  985. 						$pass = $user['pass'];
    986. 

  986. 					}
    987. 

  987. 

  988. 					$text .= $user['name'] . ':' . $pass;
    989. 

  989. 					if (isset($user['info']) || isset($user['email'])) {
    990. 

  990. 						$text .= ':';
    991. 

  991. 						$text .= isset($user['info']) ? $user['info'] . ':' : '';
    992. 

  992. 						if (isset($user['email'])) {
    993. 

  993. 							$text .= $user['email'];
    994. 

  994. 						}
    995. 

  995. 					}
    996. 

  996. 

  997. 					if ($filetype=='signupfile') {
    998. 

  998. 						$text .= ':' . (isset($user['ts']) ? $user['ts'] : '');
    999. 

  999. 						$text .= ':' . (isset($user['remoteaddr']) ? $user['remoteaddr'] : '');
    1000. 

  1000. 						$text .= ':' . (isset($user['referer']) ? $user['referer'] : '');
    1001. 

  1001. 					}
    1002. 

  1002. 

  1003. 					$text .= "\n";
    1004. 

  1004. 				}
    1005. 

  1005. 			}
    1006. 

  1006. 

  1007. 			return $text;
    1008. 

  1008. 		}
    1009. 

  1009. 

  1010. 		/* fetching raw data */
    1011. 

  1011. 

  1012. 		if (!isset($this->_fileContentsArray[ $hash ])) {
    1013. 

  1013. 			if (false == $this->readFileByType( $filetype )) {
    1014. 

  1014. 				return false;
    1015. 

  1015. 			}
    1016. 

  1016. 		}
    1017. 

  1017. 

  1018. 		if (!isset($this->_fileContentsArray[ $hash ])) {
    1019. 

  1019. 			return '';
    1020. 

  1020. 		}
    1021. 

  1021. 

  1022.         if (!is_array($this->_fileContentsArray[$hash])) {
    1023. 

  1023.             return $this->_fileContentsArray[$hash];
    1024. 

  1024.         }
    1025. 

  1025.         
    1026. 

  1026. 		return implode("\n", $this->_fileContentsArray[$hash]); 
    1027. 

  1027. 	}
    1028. 

  1028. 

  1029. 	/**
    1030. 

  1030.      * Parse files
    1031. 

  1031.      *
    1032. 

  1032.      * @access public
    1033. 

  1033.      * @param string $filetype
    1034. 

  1034.      * @param string $contents
    1035. 

  1035.      * @return bool
    1036. 

  1036.      */
    1037. 

  1037. 	function parseFileContentsByType( $filetype, $contents )
    1038. 

  1038. 	{
    1039. 

  1039. 		$path = $this->getPathByType( $filetype );
    1040. 

  1040. 		if (false == $path) {
    1041. 

  1041. 			$this->setError( $this->W('NOTDEFINED', $filetype) );
    1042. 

  1042. 			return false;
    1043. 

  1043. 		}
    1044. 

  1044. 		$hash = md5( $path );
    1045. 

  1045. 

  1046. 		$this->_fileDataArray[$hash] = array();
    1047. 

  1047.         $this->_accessRulesArray[$hash] = array('order'=>null);
    1048. 

  1048. 

  1049. 		$lArray = split("[\n\r]+", $contents);
    1050. 

  1050. 

  1051. 		// no data
    1052. 

  1052. 		if (count($lArray) < 0) {
    1053. 

  1053. 			return true;
    1054. 

  1054. 		}
    1055. 

  1055. 

  1056. 		if ($filetype == 'accessfile') {
    1057. 

  1057. 			$rows = array();
    1058. 

  1058. 			$hash = md5( $this->getPathByType( $filetype ) );
    1059. 

  1059. 

  1060. 			foreach($lArray as $l) {
    1061. 

  1061. 				if (preg_match('/^\s*Auth(User|Group)File\s+(.+)/i', $l, $matches)) {
    1062. 

  1062. 					$authfiletype = 'auth' . strtolower($matches[1]) . 'file';
    1063. 

  1063. 					$path = $this->makePath( $this->_serverRoot, $matches[2] );
    1064. 

  1064. 					$this->_filePathsArray[ $authfiletype ] = $path;
    1065. 

  1065. 				}
    1066. 

  1066. 

  1067. 				if (preg_match('/^\s*AuthType\s+(.+)/i', $l, $matches)) {
    1068. 

  1068. 					$val = strtolower(trim($matches[1]));
    1069. 

  1069. 					$val = stripslashes($val);
    1070. 

  1070. 					$this->_accessRulesArray[$hash]['authtype'] = $val;
    1071. 

  1071. 				}
    1072. 

  1072. 

  1073. 				if (preg_match('/^\s*AuthName\s+"?(.+?)"?\s*$/i', $l, $matches)) {
    1074. 

  1074. 					$val = trim($matches[1]);
    1075. 

  1075. 					$val = stripslashes( $val );
    1076. 

  1076. 					$this->_accessRulesArray[$hash]['authname'] = $val;
    1077. 

  1077. 				}
    1078. 

  1078.                 
    1079. 

  1079.                 // ip/domain access rules
    1080. 

  1080.                 if (preg_match('/^\s*Order\s+(Allow|Deny),\s*(Allow|Deny)\s*$/i', $l, $matches)) {
    1081. 

  1081.                     $this->_accessRulesArray[$hash]['order'] = strtolower($matches[2]);
    1082. 

  1082.                 }
    1083. 

  1083.                 if (preg_match('/^\s*(allow|deny)\s+from\s+(.+)$/i', $l, $matches)) {
    1084. 

  1084.                     foreach(explode(' ', $matches[2]) as $s) {
    1085. 

  1085.                         $s = trim($s);
    1086. 

  1086.                         if (empty($s)) {
    1087. 

  1087.                             continue;
    1088. 

  1088.                         }
    1089. 

  1089.                         $rule = strtolower($matches[1]);
    1090. 

  1090.                         $this->_accessRulesArray[$hash][$rule][] = $s;
    1091. 

  1091.                     }
    1092. 

  1092.                 }
    1093. 

  1093. 

  1094.                 // error document rules
    1095. 

  1095. 				if (preg_match('/^\s*ErrorDocument\s+401\s+(.+)$/i', $l, $matches)) {
    1096. 

  1096. 					$val = trim($matches[1]);
    1097. 

  1097. 					$this->_accessRulesArray[$hash]['errordocument401'] = $val;
    1098. 

  1098. 				}
    1099. 

  1099. 				$rows[] = $l;
    1100. 

  1100. 			}
    1101. 

  1101. 

  1102. 			$this->_fileDataArray[$hash] = $rows;
    1103. 

  1103. 		}
    1104. 

  1104. 

  1105. 		if ($filetype=='authuserfile' || $filetype=='authadminfile' || $filetype=='signupfile') {
    1106. 

  1106. 			$users = array();
    1107. 

  1107. 			foreach($lArray as $l) {
    1108. 

  1108. 				if (preg_match('/^\s*#/', $l)) {
    1109. 

  1109. 					continue;
    1110. 

  1110. 				}
    1111. 

  1111. 

  1112. 				$ldArray = split(':', $l);
    1113. 

  1113. 				if (count($ldArray) < 2) {
    1114. 

  1114. 					continue;
    1115. 

  1115. 				}
    1116. 

  1116. 

  1117. 				$data = array('name'  => $ldArray[0],
    1118. 

  1118. 				'pass'  => $ldArray[1],
    1119. 

  1119. 				'info'  => isset($ldArray[2]) ? $ldArray[2] : null,
    1120. 

  1120. 				'email' => isset($ldArray[3]) ? $ldArray[3] : null);
    1121. 

  1121. 

  1122. 				if ($filetype == 'signupfile') {
    1123. 

  1123. 					$data['ts']         = isset($ldArray[4]) ? $ldArray[4]: null;
    1124. 

  1124. 					$data['remoteaddr'] = isset($ldArray[5]) ? $ldArray[5] : null;
    1125. 

  1125. 					$data['referer']    = implode(':', array_slice($ldArray, 6));
    1126. 

  1126. 				}
    1127. 

  1127. 

  1128. 				$users[] = $data;
    1129. 

  1129. 			}
    1130. 

  1130. 

  1131. 			$this->_fileDataArray[$hash] = $users;
    1132. 

  1132. 		}
    1133. 

  1133. 

  1134. 		if ($filetype == 'authgroupfile') {
    1135. 

  1135. 		}
    1136. 

  1136. 

  1137. 

  1138. 		return true;
    1139. 

  1139. 	}
    1140. 

  1140. 

  1141. 	/**
    1142. 

  1142.      * Set, Parse given file contents and optionaly Save it 
    1143. 

  1143.      *
    1144. 

  1144.      * @access public
    1145. 

  1145.      * @param string $filetype
    1146. 

  1146.      * @param string $contents
    1147. 

  1147.      * @param bool|null $saveData
    1148. 

  1148.      * @param bool|null $saveRawData
    1149. 

  1149.      * @return bool
    1150. 

  1150.      */
    1151. 

  1151. 	function setFileContentsByType( $filetype, $contents, $saveData=false, $saveRawData=false )
    1152. 

  1152. 	{
    1153. 

  1153. 		$path = $this->getPathByType( $filetype );
    1154. 

  1154. 		if (false == $path) {
    1155. 

  1155. 			$this->setError( $this->W('NOTDEFINED', $filetype) );
    1156. 

  1156. 			return false;
    1157. 

  1157. 		}
    1158. 

  1158. 		$hash = md5( $path );
    1159. 

  1159. 

  1160. 		$this->_fileContentsArray[$hash] = $contents;
    1161. 

  1161. 

  1162. 		// parse contents
    1163. 

  1163. 		if (false == $this->parseFileContentsByType( $filetype, $contents )) {
    1164. 

  1164. 			return false;
    1165. 

  1165. 		}
    1166. 

  1166. 

  1167. 		if ($saveData) {
    1168. 

  1168. 			if (false == $saveRawData) {
    1169. 

  1169. 				// build contents from parsed data
    1170. 

  1170. 			}
    1171. 

  1171. 

  1172. 			if (false == $this->saveFileByType( $filetype, $contents )) {
    1173. 

  1173. 				return false;
    1174. 

  1174. 			}
    1175. 

  1175. 		}
    1176. 

  1176. 

  1177. 		return true;
    1178. 

  1178. 	}
    1179. 

  1179. 

  1180. 	/***************************************************************************
    1181. 

  1181. 	* File Data Routes
    1182. 

  1182. 	**************************************************************************/
    1183. 

  1183. 

  1184. 	/**
    1185. 

  1185.      * Return parsed data
    1186. 

  1186.      *
    1187. 

  1187.      * @access public
    1188. 

  1188.      * @param string $filetype
    1189. 

  1189.      * @return array
    1190. 

  1190.      */
    1191. 

  1191. 	function getFileDataByType( $filetype )
    1192. 

  1192. 	{
    1193. 

  1193. 		$path = $this->getPathByType( $filetype );
    1194. 

  1194. 		if (false == $path) {
    1195. 

  1195. 			$this->setError( $this->W('NOTDEFINED', $filetype) );
    1196. 

  1196. 			return false;
    1197. 

  1197. 		}
    1198. 

  1198. 

  1199. 		$hash = md5( $path );
    1200. 

  1200. 

  1201. 		// not readed yet
    1202. 

  1202. 		if (!isset( $this->_fileDataArray[$hash] )) {
    1203. 

  1203. 			if (false == $this->readFileByType( $filetype )) {
    1204. 

  1204. 				return false;
    1205. 

  1205. 			}
    1206. 

  1206. 		}
    1207. 

  1207. 

  1208. 		return $this->_fileDataArray[$hash];
    1209. 

  1209. 	}
    1210. 

  1210. 

  1211. 	function getDefaultRecordsBytype( $filetype )
    1212. 

  1212. 	{
    1213. 

  1213. 		if ($filetype == 'authadminfile') {
    1214. 

  1214. 			$pass_raw = $this->_configArray['password'];
    1215. 

  1215. 			return array(array('name'=>$this->_configArray['login'],
    1216. 

  1216. 			                   //'pass'=>$this->encrypt_saltcrypt( $pass_raw, 'DES' ),
    1217. 

  1217. 			                   'pass'=>$this->htcrypt($pass_raw, 'adminpass'),
    1218. 

  1218. 			                   'pass_raw'=>$pass_raw,
    1219. 

  1219. 			                   'info'=>'Administration',
    1220. 

  1220. 			                   'email'=>'support'));
    1221. 

  1221. 		}
    1222. 

  1222. 

  1223. 		return array();
    1224. 

  1224. 	}
    1225. 

  1225. 

  1226. 	/**
    1227. 

  1227.      * Update file record
    1228. 

  1228.      *
    1229. 

  1229.      * @access public
    1230. 

  1230.      * @param string $filetype
    1231. 

  1231.      * @param string|null $sortby
    1232. 

  1232.      * @param int|null $limit
    1233. 

  1233.      * @param int|null $offset
    1234. 

  1234.      * @return array
    1235. 

  1235.      */
    1236. 

  1236. 	function getRecordsByType( $filetype, $sortby=null, $limit=99999, $offset=0, $where=false )
    1237. 

  1237. 	{
    1238. 

  1238. 		$recArray = $this->getFileDataByType( $filetype );
    1239. 

  1239. 		if (false == $recArray) {
    1240. 

  1240. 			// return default values
    1241. 

  1241. 			return $this->getDefaultRecordsByType( $filetype );
    1242. 

  1242. 		}
    1243. 

  1243. 

  1244. 		if (false != $where && !is_array($where)) {
    1245. 

  1245. 			$where = array($where);
    1246. 

  1246. 		}
    1247. 

  1247. 

  1248. 		// TODO sortby
    1249. 

  1249. 

  1250. 		// limit, offset
    1251. 

  1251. 		$outArray = array();
    1252. 

  1252. 		for ($i=$offset; $i < count($recArray); ++$i) {
    1253. 

  1253. 			if ($i-$offset >= $limit) {
    1254. 

  1254. 				break;
    1255. 

  1255. 			}
    1256. 

  1256. 			
    1257. 

  1257. 			$rec = $recArray[$i];
    1258. 

  1258. 			
    1259. 

  1259. 			// filtering
    1260. 

  1260. 			if (false != $where) {
    1261. 

  1261. 				$valid = false;
    1262. 

  1262. 				foreach ($where as $field=>$patten) {
    1263. 

  1263. 					foreach($rec as $k=>$v) {
    1264. 

  1264. 						if (!is_int($field) && strcasecmp($field, $k) != 0) {
    1265. 

  1265. 							continue;
    1266. 

  1266. 						}
    1267. 

  1267. 						if (preg_match("/$patten/i", $v)) {
    1268. 

  1268. 							$valid = true;
    1269. 

  1269. 							break;
    1270. 

  1270. 						}
    1271. 

  1271. 					}
    1272. 

  1272. 					if ($valid) {
    1273. 

  1273. 						break;
    1274. 

  1274. 					}
    1275. 

  1275. 				}
    1276. 

  1276. 				if (!$valid) {
    1277. 

  1277. 					continue;
    1278. 

  1278. 				}
    1279. 

  1279. 			}
    1280. 

  1280. 

  1281. 			$outArray[] = $recArray[$i];
    1282. 

  1282. 		}
    1283. 

  1283. 

  1284. 		return $outArray;
    1285. 

  1285. 	}
    1286. 

  1286. 

  1287. 	function getTotalByType( $filetype, $where=false )
    1288. 

  1288. 	{
    1289. 

  1289. 		$recArray = $this->getFileDataByType( $filetype );
    1290. 

  1290. 		if (false == $recArray) {
    1291. 

  1291. 			if ($filetype == 'authadminfile') {
    1292. 

  1292. 				return 1;
    1293. 

  1293. 			}
    1294. 

  1294. 			return 0;
    1295. 

  1295. 		}
    1296. 

  1296. 

  1297. 		if (false == $where) {
    1298. 

  1298. 			return count($recArray);
    1299. 

  1299. 		}
    1300. 

  1300. 		
    1301. 

  1301. 		if (!is_array($where)) {
    1302. 

  1302. 			$where = array($where);
    1303. 

  1303. 		}
    1304. 

  1304. 		
    1305. 

  1305. 		$count = 0;
    1306. 

  1306. 				
    1307. 

  1307. 		foreach($recArray as $rec) {
    1308. 

  1308. 			$valid = false;
    1309. 

  1309. 			foreach ($where as $field=>$patten) {
    1310. 

  1310. 				foreach($rec as $k=>$v) {
    1311. 

  1311. 					if (!is_int($field) && strcasecmp($field, $k) != 0) {
    1312. 

  1312. 						continue;
    1313. 

  1313. 					}
    1314. 

  1314. 					if (preg_match("/$patten/i", $v)) {
    1315. 

  1315. 						$valid = true;
    1316. 

  1316. 						break;
    1317. 

  1317. 					}
    1318. 

  1318. 				}
    1319. 

  1319. 				if ($valid) {
    1320. 

  1320. 					break;
    1321. 

  1321. 				}
    1322. 

  1322. 			}
    1323. 

  1323. 			if (!$valid) {
    1324. 

  1324. 				continue;
    1325. 

  1325. 			}
    1326. 

  1326. 			
    1327. 

  1327. 			$count++;
    1328. 

  1328. 		}
    1329. 

  1329. 

  1330. 		return $count;
    1331. 

  1331. 	}
    1332. 

  1332. 

  1333. 	/**
    1334. 

  1334.      * Fetch record by Id
    1335. 

  1335.      *
    1336. 

  1336.      * @access public
    1337. 

  1337.      * @param string $filetype
    1338. 

  1338.      * @param string $recordId
    1339. 

  1339.      * @param bool $checkDefault
    1340. 

  1340.      * @return string|array|bool
    1341. 

  1341.      */
    1342. 

  1342. 	function fetchRecordByType( $filetype, $recordId, $checkDefault=false )
    1343. 

  1343. 	{
    1344. 

  1344. 		$dataArray = $this->getFileDataByType( $filetype );
    1345. 

  1345. 		if (false == $dataArray || count($dataArray) < 1) {
    1346. 

  1346. 			if (false == $checkDefault) {
    1347. 

  1347. 				return false;
    1348. 

  1348. 			}
    1349. 

  1349. 

  1350. 			$dataArray = $this->getDefaultRecordsByType( $filetype );
    1351. 

  1351. 		}
    1352. 

  1352. 

  1353. 		if (is_null($recordId)) {
    1354. 

  1354. 			// reset first record for authadminfile
    1355. 

  1355. 			if ($filetype == 'authadminfile') {
    1356. 

  1356. 				return $this->getDefaultRecordsByType( $filetype );
    1357. 

  1357. 			}
    1358. 

  1358. 			return false;
    1359. 

  1359. 		}
    1360. 

  1360. 

  1361. 		$found = false;
    1362. 

  1362. 

  1363. 		foreach( $dataArray as $rec ) {
    1364. 

  1364. 			if ($filetype == 'accessfile') {
    1365. 

  1365. 				if ($recordId == 'errordocument401') {
    1366. 

  1366. 					if (preg_match('/^\s*ErrorDocument\s+401\s+/i', $rec)) {
    1367. 

  1367. 						$found = $rec;
    1368. 

  1368. 						break;
    1369. 

  1369. 					}
    1370. 

  1370. 				} else if (preg_match('/^\s*'.$recordId.'(\s+.+)?\s*$/i', $rec)) {
    1371. 

  1371. 					$found = $rec;
    1372. 

  1372. 					break;
    1373. 

  1373. 				}
    1374. 

  1374. 				continue;
    1375. 

  1375. 			}
    1376. 

  1376. 

  1377. 			if (isset($rec['name']) && strcmp($recordId, $rec['name'])==0) {
    1378. 

  1378. 				$found = $rec;
    1379. 

  1379. 				break;
    1380. 

  1380. 			}
    1381. 

  1381. 		}
    1382. 

  1382. 

  1383. 		return $found;
    1384. 

  1384. 	}
    1385. 

  1385. 

  1386. 	/**
    1387. 

  1387.      * Check record by Id
    1388. 

  1388.      *
    1389. 

  1389.      * @access public
    1390. 

  1390.      * @param string $filetype
    1391. 

  1391.      * @param string $recordId
    1392. 

  1392.      * @return bool
    1393. 

  1393.      */
    1394. 

  1394. 	function isRecordByType( $filetype, $recordId )
    1395. 

  1395. 	{
    1396. 

  1396. 		$rec = $this->fetchRecordByType($filetype, $recordId);
    1397. 

  1397. 		return $rec == false ? false : true;
    1398. 

  1398. 	}
    1399. 

  1399. 

  1400. 	/**
    1401. 

  1401.      * Update record in file
    1402. 

  1402.      *
    1403. 

  1403.      * @access public
    1404. 

  1404.      * @param string $filetype
    1405. 

  1405.      * @param string $recordId
    1406. 

  1406.      * @param array data
    1407. 

  1407.      * @return bool
    1408. 

  1408.      */
    1409. 

  1409. 	function updateRecordByType( $filetype, $recordId, $data )
    1410. 

  1410. 	{
    1411. 

  1411. 		$path = $this->getPathByType( $filetype );
    1412. 

  1412. 		if (false == $path) {
    1413. 

  1413. 			$this->setError( $this->W('NOTDEFINED', $filetype) );
    1414. 

  1414. 			return false;
    1415. 

  1415. 		}
    1416. 

  1416. 		$hash = md5( $path );
    1417. 

  1417. 

  1418. 		if (!is_array($this->_fileDataArray[$hash])) {
    1419. 

  1419. 			$this->_fileDataArray[$hash] = null;
    1420. 

  1420. 		}
    1421. 

  1421. 

  1422. 		if ($filetype == 'accessfile') {
    1423. 

  1423. 			$found = false;
    1424. 

  1424. 			$recordId = strtolower($recordId);
    1425. 

  1425. 

  1426. 			foreach ($this->_fileDataArray[$hash] as $id=>$rec) {
    1427. 

  1427. 				$rec = trim($rec);
    1428. 

  1428. 				$args = isset($data[$recordId]) ? $data[$recordId] : '';
    1429. 

  1429. 

  1430. 				if ($recordId == 'errordocument401') {
    1431. 

  1431. 					if (preg_match('/^(\s*ErrorDocument\s+401)\s+/i', $rec, $matches)) {
    1432. 

  1432. 						if (!isset($data)) {
    1433. 

  1433. 							unset( $this->_fileDataArray[$hash][$id] );
    1434. 

  1434. 							continue;
    1435. 

  1435. 						}
    1436. 

  1436. 

  1437. 						$this->_fileDataArray[$hash][$id] = $matches[1] . ' ' . $args;
    1438. 

  1438. 					}
    1439. 

  1439. 

  1440.                 // remove all allow or deny commands
    1441. 

  1441.                 } else if (preg_match('/^\s*'.$recordId.'\s+from\s+.*$/i', $rec)) {
    1442. 

  1442.                     unset( $this->_fileDataArray[$hash][$id] );
    1443. 

  1443. 

  1444.                 } else if (preg_match('/^(\s*'.$recordId.')(.*)$/i', $rec, $matches)) {
    1445. 

  1445. 

  1446. 					if (!isset($data)) {
    1447. 

  1447. 						unset( $this->_fileDataArray[$hash][$id] );
    1448. 

  1448. 						continue;
    1449. 

  1449. 					}
    1450. 

  1450. 

  1451. 					if ($recordId == 'authname') {
    1452. 

  1452. 						$this->_fileDataArray[$hash][$id] = $matches[1] . ' "' . addSlashes($args) . '"';
    1453. 

  1453. 					} else if ($recordId == 'authuserfile') {
    1454. 

  1454. 						$this->_fileDataArray[$hash][$id] = $matches[1] . ' ' . $args;
    1455. 

  1455. 					} else if ($recordId == 'authtype') {
    1456. 

  1456. 						$this->_fileDataArray[$hash][$id] = $matches[1] . ' basic';
    1457. 

  1457.                     } else if ($recordId == 'order') {
    1458. 

  1458.                         $this->_fileDataArray[$hash][$id] = 'Order ' . ($args=='deny' ? 'Allow,Deny' : 'Deny,Allow');
    1459. 

  1459. 					}
    1460. 

  1460. 

  1461. 					$found = true;
    1462. 

  1462. 					break;
    1463. 

  1463.                 }
    1464. 

  1464. 			}
    1465. 

  1465.             
    1466. 

  1466.             // special case: allow or deny commands
    1467. 

  1467.             if ($recordId == 'allow' || $recordId == 'deny') {
    1468. 

  1468.                 foreach($data as $item) {
    1469. 

  1469.                     $this->_fileDataArray[$hash][] = $recordId . ' from ' . $item;
    1470. 

  1470.                 }
    1471. 

  1471.             }
    1472. 

  1472.             
    1473. 

  1473. 			return $found;
    1474. 

  1474. 		}
    1475. 

  1475. 

  1476.         // other types
    1477. 

  1477. 		foreach ($this->_fileDataArray[$hash] as $id=>$rec) {
    1478. 

  1478. 			if (is_null($recordId) || isset($rec['name']) && strcmp($recordId, $rec['name'])==0) {
    1479. 

  1479. 

  1480. 				if (is_null($data)) {
    1481. 

  1481. 					unset( $this->_fileDataArray[$hash][$id] );
    1482. 

  1482. 

  1483. 				} else if (is_array($data)) {
    1484. 

  1484. 					foreach ($data as $k=>$v) {
    1485. 

  1485. 						$this->_fileDataArray[$hash][$id][$k] = $v;
    1486. 

  1486. 					}
    1487. 

  1487. 				}
    1488. 

  1488. 

  1489. 				break;
    1490. 

  1490. 			}
    1491. 

  1491. 		}
    1492. 

  1492. 

  1493. 		return true;
    1494. 

  1494. 	}
    1495. 

  1495. 

  1496. 	/**
    1497. 

  1497.      * Update file record
    1498. 

  1498.      *
    1499. 

  1499.      * @access public
    1500. 

  1500.      * @param string $filetype
    1501. 

  1501.      * @param array $data
    1502. 

  1502.      * @param string $curRecordId
    1503. 

  1503.      * @param bool|null $saveFile
    1504. 

  1504.      * @param bool|null $saveForce
    1505. 

  1505.      * @return bool
    1506. 

  1506.      */
    1507. 

  1507. 	function setRecordByType( $filetype, $curRecordId, $data, $saveFile=false, $saveForce=false )
    1508. 

  1508. 	{
    1509. 

  1509. 		$path = $this->getPathByType( $filetype );
    1510. 

  1510. 		if (false == $path) {
    1511. 

  1511. 			$this->setError( $this->W('NOTDEFINED', $filetype) );
    1512. 

  1512. 			return false;
    1513. 

  1513. 		}
    1514. 

  1514. 		$hash = md5( $path );
    1515. 

  1515. 

  1516. 		if (false != $this->isRecordByType( $filetype, $curRecordId )) {
    1517. 

  1517. 			// replaceing
    1518. 

  1518. 			$this->updateRecordByType( $filetype, $curRecordId, $data );
    1519. 

  1519. 

  1520. 		} else if (is_array($data)) {
    1521. 

  1521. 

  1522. 			// inserting
    1523. 

  1523. 			if ($filetype == 'accessfile') {
    1524. 

  1524. 				$args = isset($data[$curRecordId]) ? $data[$curRecordId] : '';
    1525. 

  1525. 				$hasAddedBy = false;
    1526. 

  1526. 

  1527. 				foreach( $this->_fileDataArray[$hash] as $rec) {
    1528. 

  1528. 					if (preg_match('/^# added by authman/i', $rec)) {
    1529. 

  1529. 						$hasAddedBy = true;
    1530. 

  1530. 					}
    1531. 

  1531. 				}
    1532. 

  1532. 				if (!$hasAddedBy) {
    1533. 

  1533. 					$this->_fileDataArray[$hash][] = "# Added By Authman";
    1534. 

  1534. 				}
    1535. 

  1535. 

  1536. 				if ($curRecordId == 'authname') {
    1537. 

  1537. 					$this->_fileDataArray[$hash][] = 'AuthName "' . $args . '"';
    1538. 

  1538. 				} else if ($curRecordId == 'authtype') {
    1539. 

  1539. 					$this->_fileDataArray[$hash][] = 'AuthType ' . $args;
    1540. 

  1540. 				} else if ($curRecordId == 'require') {
    1541. 

  1541. 					$this->_fileDataArray[$hash][] = 'require ' . $args;
    1542. 

  1542. 				} else if ($curRecordId == 'authuserfile') {
    1543. 

  1543. 					$this->_fileDataArray[$hash][] = 'AuthUserFile ' . $args;
    1544. 

  1544. 				} else if ($curRecordId == 'errordocument401') {
    1545. 

  1545. 					$this->_fileDataArray[$hash][] = 'ErrorDocument 401 ' . $args;
    1546. 

  1546.                 } else if ($curRecordId == 'order') {
    1547. 

  1547.                     $this->_fileDataArray[$hash][] = 'Order ' . ($args=='deny' ? 'Allow,Deny' : 'Deny,Allow');
    1548. 

  1548.                 } else if ($curRecordId == 'allow' || $curRecordId == 'deny') {
    1549. 

  1549.                     foreach($data as $item) {
    1550. 

  1550.                         $this->_fileDataArray[$hash][] = $curRecordId . ' from ' . $item;
    1551. 

  1551.                     }
    1552. 

  1552. 				} else {
    1553. 

  1553. 					$this->_fileDataArray[$hash][] = '# '. $curRecordId . ' "' . $args . '"';
    1554. 

  1554. 				}
    1555. 

  1555. 

  1556. 				// other files types
    1557. 

  1557. 			} else {
    1558. 

  1558. 				$this->_fileDataArray[$hash][] = $data;
    1559. 

  1559. 			}
    1560. 

  1560. 		}
    1561. 

  1561. 

  1562. 		if ($saveFile) {
    1563. 

  1563. 			$strerr = null;
    1564. 

  1564. 

  1565. 			// save parsed data
    1566. 

  1566. 			if (false == $this->saveFileByType( $filetype, false )) {
    1567. 

  1567. 				$strerr = $this->getError();
    1568. 

  1568. 			}
    1569. 

  1569. 

  1570. 			$this->readFileByType( $filetype );
    1571. 

  1571. 

  1572. 			if (isset($strerr)) {
    1573. 

  1573. 				$this->setError($strerr);
    1574. 

  1574. 				return false;
    1575. 

  1575. 			}
    1576. 

  1576. 		}
    1577. 

  1577. 

  1578. 		return true;
    1579. 

  1579. 	}
    1580. 

  1580. 

  1581. 	/**
    1582. 

  1582.      * Clear all records from the file
    1583. 

  1583.      *
    1584. 

  1584.      * @access public
    1585. 

  1585.      * @param string $filetype
    1586. 

  1586.      * @param bool|null $saveFile
    1587. 

  1587.      * @return bool
    1588. 

  1588.      */
    1589. 

  1589. 	function clearAllRecordsByType( $filetype, $saveFile=false )
    1590. 

  1590. 	{
    1591. 

  1591. 		$path = $this->getPathByType( $filetype );
    1592. 

  1592. 		if (false == $path) {
    1593. 

  1593. 			$this->setError( $this->W('NOTDEFINED', $filetype) );
    1594. 

  1594. 			return false;
    1595. 

  1595. 		}
    1596. 

  1596. 		$hash = md5( $path );
    1597. 

  1597. 

  1598. 		$this->_fileDataArray[$hash] = array();
    1599. 

  1599. 

  1600. 		if ($saveFile) {
    1601. 

  1601. 			$strerr = null;
    1602. 

  1602. 

  1603. 			// save _RAW_ data
    1604. 

  1604. 			if (false == $this->saveFileByType( $filetype, true, '' )) {
    1605. 

  1605. 				$strerr = $this->getError();
    1606. 

  1606. 			}
    1607. 

  1607. 

  1608. 			$this->readFileByType( $filetype );
    1609. 

  1609. 

  1610. 			if (isset($strerr)) {
    1611. 

  1611. 				$this->setError($strerr);
    1612. 

  1612. 				return false;
    1613. 

  1613. 			}
    1614. 

  1614. 		}
    1615. 

  1615. 

  1616. 		return true;
    1617. 

  1617. 	}
    1618. 

  1618. 

  1619. 	function getAccessRuleByType( $filetype, $ruleName )
    1620. 

  1620. 	{
    1621. 

  1621. 		$hash = md5( $this->getPathByType( $filetype ) );
    1622. 

  1622. 

  1623. 		if (!isset($this->_accessRulesArray[$hash])) {
    1624. 

  1624. 			return false;
    1625. 

  1625. 		}
    1626. 

  1626. 

  1627. 		$ruleName = strtolower($ruleName);
    1628. 

  1628. 

  1629. 		if (!isset($this->_accessRulesArray[$hash][$ruleName])) {
    1630. 

  1630. 			return false;
    1631. 

  1631. 		}
    1632. 

  1632. 

  1633. 		return $this->_accessRulesArray[$hash][$ruleName];
    1634. 

  1634. 	}
    1635. 

  1635. 

  1636. 	/***************************************************************************
    1637. 

  1637. 	*
    1638. 

  1638. 	**************************************************************************/
    1639. 

  1639. 

  1640.     /**
    1641. 

  1641.      * Get template list
    1642. 

  1642.      *
    1643. 

  1643.      * @access public
    1644. 

  1644.      * @return array
    1645. 

  1645.      */
    1646. 

  1646. 	function getTemplates()
    1647. 

  1647. 	{
    1648. 

  1648. 		$this->_tplsArray = array();
    1649. 

  1649. 

  1650. 		$tplPath = $this->_basePath . DIRECTORY_SEPARATOR . 'templates';
    1651. 

  1651. 		$dh = @opendir( $tplPath );
    1652. 

  1652. 		if (false == $dh) {
    1653. 

  1653. 			return $this->_tplsArray;
    1654. 

  1654. 		}
    1655. 

  1655. 

  1656. 		while ($e = readdir($dh)) {
    1657. 

  1657. 			if ($e == '.' || $e == '..') {
    1658. 

  1658. 				continue;
    1659. 

  1659. 			}
    1660. 

  1660. 

  1661. 			if (!preg_match('/^(.+)\.tpl(\.dist)?$/i', $e, $matches)) {
    1662. 

  1662. 				continue;
    1663. 

  1663. 			}
    1664. 

  1664. 

  1665. 			$tplId = $matches[1];
    1666. 

  1666.             $tplDefault = isset($matches[2]) && $matches[2] == '.dist';
    1667. 

  1667.         
    1668. 

  1668. 			$filePath = $tplPath . DIRECTORY_SEPARATOR . $e;
    1669. 

  1669. 			$fh = @fopen($filePath, 'r');
    1670. 

  1670. 			if (false == $fh) {
    1671. 

  1671. 				continue;
    1672. 

  1672. 			}
    1673. 

  1673. 

  1674. 			$data = array();
    1675. 

  1675. 			while ($l = fgets($fh)) {
    1676. 

  1676. 				$data[] = $l;
    1677. 

  1677. 			}
    1678. 

  1678. 			@fclose($fh);
    1679. 

  1679. 

  1680. 			$role = 'undefinied';
    1681. 

  1681. 			if (preg_match('/^(useradd|useredit|userdel|userfgt|userrcv|memberaa|memberdel|memberreq)$/i', $tplId, $matches)) {
    1682. 

  1682. 				$role = strtolower($matches[1]);
    1683. 

  1683. 			}
    1684. 

  1684. 

  1685. 			$tArray = array('path'=>$filePath,
    1686. 

  1686. 			                'id'=>$tplId,
    1687. 

  1687. 			                'role'=>$role,
    1688. 

  1688. 			                'name'=>trim($data[0]),
    1689. 

  1689. 			                'type'=>( trim($data[1]) == 'html' ? 'html' : 'plaintext' ),
    1690. 

  1690. 			                'subject'=>trim($data[2]),
    1691. 

  1691. 			                'contents'=>join('', array_slice($data, 3)) );
    1692. 

  1692.                             
    1693. 

  1693.             if (!$tplDefault || !array_key_exists($tplId, $this->_tplsArray)) {
    1694. 

  1694. 			    $this->_tplsArray[ $tplId ] = $tArray;
    1695. 

  1695.             }
    1696. 

  1696. 		}
    1697. 

  1697. 

  1698. 		closedir($dh);
    1699. 

  1699. 

  1700. 		return $this->_tplsArray;
    1701. 

  1701. 	}
    1702. 

  1702. 

  1703. 	function getTemplateById( $id )
    1704. 

  1704. 	{
    1705. 

  1705. 		if (!isset($id) || $id=='') {
    1706. 

  1706. 			return false;
    1707. 

  1707. 		}
    1708. 

  1708. 

  1709. 		$templates = $this->getTemplates();
    1710. 

  1710. 

  1711. 		if (false==$templates || !isset($templates[$id])) {
    1712. 

  1712. 			return false;
    1713. 

  1713. 		}
    1714. 

  1714. 		return $templates[$id];
    1715. 

  1715. 	}
    1716. 

  1716. 

  1717. 	function getTemplateByRole( $role )
    1718. 

  1718. 	{
    1719. 

  1719. 		$res = false;
    1720. 

  1720. 

  1721. 		$templates = $this->getTemplates();
    1722. 

  1722. 		foreach($templates as $id=>$tpl) {
    1723. 

  1723. 			if ($tpl['role'] == $role) {
    1724. 

  1724. 				$res = $tpl;
    1725. 

  1725. 			}
    1726. 

  1726. 		}
    1727. 

  1727. 

  1728. 		return $res;
    1729. 

  1729. 	}
    1730. 

  1730. 

  1731. 	function saveTemplateAs( $id, $data, $force=false )
    1732. 

  1732. 	{
    1733. 

  1733. 		if (!isset($id) || $id=='' || !is_array($data)) {
    1734. 

  1734. 			$this->setError( $this->E('INVALIDREQUEST') );
    1735. 

  1735. 			return false;
    1736. 

  1736. 		}
    1737. 

  1737. 

  1738. 		// Saving in DEMO mode is disabled
    1739. 

  1739. 		if ($this->isDemo()) {
    1740. 

  1740. 			$this->setError( $this->W('DEMOISON') );
    1741. 

  1741. 			return false;
    1742. 

  1742. 		}
    1743. 

  1743. 

  1744. 		$path = $this->_basePath . DIRECTORY_SEPARATOR . 'templates';
    1745. 

  1745. 

  1746. 		if (!is_dir($path)) {
    1747. 

  1747. 			if (false == @mkdir($path, 0755)) {
    1748. 

  1748. 				$this->setError( $this->E('MKDIRFAILED', $path) );
    1749. 

  1749. 				return false;
    1750. 

  1750. 			}
    1751. 

  1751. 

  1752. 			$denyPath = $path . DIRECTORY_SEPARATOR
    1753. 

  1753. 			          . $this->_configArray['access_file'];
    1754. 

  1754. 			$this->writeDenyFile( $denyPath );
    1755. 

  1755. 		}
    1756. 

  1756. 

  1757. 		$id = $this->getNormalizedPath( $id );
    1758. 

  1758. 		$filePath = $path . $id . '.tpl';
    1759. 

  1759. 

  1760. 		if (is_file($filePath) && false == $force) {
    1761. 

  1761. 			$this->setError( $this->E('FILEEXISTS', $filePath) );
    1762. 

  1762. 			return false;
    1763. 

  1763. 		}
    1764. 

  1764. 

  1765. 		if (is_file($filePath) && !is_writable($filePath)) {
    1766. 

  1766. 			$this->setError( $this->W('FILEWRITABLE') );
    1767. 

  1767. 			return false;
    1768. 

  1768. 		}
    1769. 

  1769. 

  1770. 		$fh = @fopen($filePath, 'w');
    1771. 

  1771. 		if (false == $fh) {
    1772. 

  1772. 			$this->setError( $this->E('FILEOPENFAILED', $filePath) );
    1773. 

  1773. 			return false;
    1774. 

  1774. 		}
    1775. 

  1775. 

  1776. 		@fwrite($fh, $data['name'] . "\n");
    1777. 

  1777. 		@fwrite($fh, $data['type'] . "\n");
    1778. 

  1778. 		@fwrite($fh, $data['subject'] . "\n");
    1779. 

  1779. 		@fwrite($fh, $data['contents'] . "\n");
    1780. 

  1780. 

  1781. 		@fclose($fh);
    1782. 

  1782. 

  1783. 		return true;
    1784. 

  1784. 	}
    1785. 

  1785. 

  1786.     /**
    1787. 

  1787.     * @desc Delete e-mail template
    1788. 

  1788.     * 
    1789. 

  1789.     * @access public
    1790. 

  1790.     * @param string $id
    1791. 

  1791.     * @param bool $force
    1792. 

  1792.     * @return bool
    1793. 

  1793.     */
    1794. 

  1794. 	function deleteTemplate( $id, $force=false )
    1795. 

  1795. 	{
    1796. 

  1796. 		// Deleting in DEMO mode is disabled
    1797. 

  1797. 		if ($this->isDemo()) {
    1798. 

  1798. 			$this->setError( $this->W('DEMOISON') );
    1799. 

  1799. 			return false;
    1800. 

  1800. 		}
    1801. 

  1801. 

  1802. 		// Check if
    1803. 

  1803. 		$template = $this->getTemplateById( $id );
    1804. 

  1804. 		if (false == $template) {
    1805. 

  1805. 			$this->setError( $this->E('TPLNOTFOUND', $id) );
    1806. 

  1806. 			return false;
    1807. 

  1807. 		}
    1808. 

  1808. 

  1809. 		if ($force == false) {
    1810. 

  1810. 			if ($template['role'] != 'undefinied') {
    1811. 

  1811. 				$this->setError( $this->E('TPLISSYSTEM') );
    1812. 

  1812. 				return false;
    1813. 

  1813. 			}
    1814. 

  1814. 		}
    1815. 

  1815. 

  1816. 		$path = $this->_basePath . DIRECTORY_SEPARATOR . 'templates';
    1817. 

  1817. 		$filePath = $path . DIRECTORY_SEPARATOR . $id . '.tpl';
    1818. 

  1818. 

  1819. 		if (!is_file($filePath)) {
    1820. 

  1820. 			$this->setError( $this->E('NOSUCHFILE', $filePath) );
    1821. 

  1821. 			return false;
    1822. 

  1822. 		}
    1823. 

  1823. 

  1824. 		if (false == @unlink($filePath)) {
    1825. 

  1825. 			$this->setError( $this->E('FILEDELFAILED', $filePath) );
    1826. 

  1826. 			return false;
    1827. 

  1827. 		}
    1828. 

  1828. 

  1829. 		return true;
    1830. 

  1830. 	}
    1831. 

  1831. 

  1832. 	/***************************************************************************
    1833. 

  1833. 	* E-mail routes
    1834. 

  1834. 	**************************************************************************/
    1835. 

  1835. 

  1836. 	/**
    1837. 

  1837. 	 * Send e-mail to the user
    1838. 

  1838. 	 *
    1839. 

  1839.      * @access public
    1840. 

  1840. 	 * @param string|array $templateId
    1841. 

  1841. 	 * @param array $userArray
    1842. 

  1842. 	 * @return bool
    1843. 

  1843. 	 */
    1844. 

  1844. 	function sendMail( $templateId, $userArray )
    1845. 

  1845. 	{
    1846. 

  1846. 		if (false == $this->hasFeature('PHPMailer')) {
    1847. 

  1847. 			$this->setError(  'SendMail: ' . $this->W('SENDMAILFAIL_INSTALLPHPMAILER'));
    1848. 

  1848. 			return false;
    1849. 

  1849. 		}
    1850. 

  1850. 

  1851. 		// no spam here
    1852. 

  1852. 		if ($this->isDemo()) {
    1853. 

  1853. 			$this->setError( 'SendMail: ' . $this->W('DEMOISON') );
    1854. 

  1854. 			return false;
    1855. 

  1855. 		}
    1856. 

  1856. 

  1857. 		if (is_array($templateId)) {
    1858. 

  1858. 			$tplArray = $templateId;
    1859. 

  1859. 			$templateId = 'manual';
    1860. 

  1860. 		} else {
    1861. 

  1861. 			$tplArray = $this->getTemplateById( $templateId );
    1862. 

  1862. 			if (false == $tplArray) {
    1863. 

  1863. 				$this->setError( 'SendMail: ' . $this->E('INCORRECTARGS') . ' [template]' );
    1864. 

  1864. 				return false;
    1865. 

  1865. 			}
    1866. 

  1866. 		}
    1867. 

  1867. 

  1868. 		if (!isset($userArray['email']) || $userArray['email'] == '') {
    1869. 

  1869. 			$this->setError( 'SendMail: ' . $this->E('INCORRECTARGS') . ' [email]' );
    1870. 

  1870. 			return false;
    1871. 

  1871. 		}
    1872. 

  1872. 

  1873. 		$args = array('PROTECTEDURL'=> $this->getUrlByType('protected', true),
    1874. 

  1874. 		              'BASEURL'     => $this->getUrlByType('base', true),
    1875. 

  1875. 	 	              'MEMBERURL'   => $this->getUrlByType('login', true),
    1876. 

  1876. 		              'REMOTEADDR'  => $_SERVER['REMOTE_ADDR'],
    1877. 

  1877. 		              'DATETIME'    => gmdate('D dS \of M Y H:i:s e') );
    1878. 

  1878. 

  1879. 		list($admin) = $this->getRecordsByType( 'authadminfile', null, 1, 0 );
    1880. 

  1880. 

  1881. 		$args['ADMINREALNAME'] = $admin['info'] != '' ? $admin['info'] : "Administrator";
    1882. 

  1882. 		$args['ADMINEMAIL']    = $admin['email'] != '' ? $admin['email'] : "postmaster@localhost";
    1883. 

  1883. 

  1884. 		foreach($userArray as $k=>$v) {
    1885. 

  1885. 			$kk = 'USER' . strtoupper($k);
    1886. 

  1886. 			$args[$kk] = $v;
    1887. 

  1887. 		}
    1888. 

  1888. 		$args['USERREALNAME'] = isset($userArray['info']) && $userArray['info'] != ''
    1889. 

  1889. 		? $userArray['info'] : $userArray['name'];
    1890. 

  1890. 		$args['USERPASSWORD'] = isset($userArray['pass_raw']) && $userArray['pass_raw'] != '' ? $userArray['pass_raw'] : '[ENCRYPTED: '. $userArray['pass'] .']';
    1891. 

  1891. 

  1892. 		$subject = $tplArray['subject'];
    1893. 

  1893. 		$body    = $tplArray['contents'];
    1894. 

  1894. 

  1895. 		foreach(array('subject', 'body') as $vname) {
    1896. 

  1896. 			foreach( $args as $k=>$v ) {
    1897. 

  1897. 				$$vname = str_replace('%'.$k.'%', $v, $$vname);
    1898. 

  1898. 			}
    1899. 

  1899. 		}
    1900. 

  1900. 

  1901. 		// sending
    1902. 

  1902. 		include_once( $this->getPathByType('PHPMailer') );
    1903. 

  1903. 

  1904. 		$mail = new PHPMailer();
    1905. 

  1905. 		$mail->CharSet = "UTF-8";
    1906. 

  1906. 

  1907. 		// from administrator
    1908. 

  1908. 		$mail->FromName   = $args['ADMINREALNAME'];
    1909. 

  1909. 		$mail->From       = $args['ADMINEMAIL'];
    1910. 

  1910. 		$mail->AddReplyTo($args['ADMINEMAIL'], $args['ADMINREALNAME']);
    1911. 

  1911. 

  1912. 		$isHtml = $tplArray['type'] == 'html';
    1913. 

  1913. 		if ($templateId=='memberdel' || $templateId=='memberaa') {
    1914. 

  1914. 			$mail->AddAddress($args['ADMINEMAIL'], $args['ADMINREALNAME']);
    1915. 

  1915. 		} else {
    1916. 

  1916. 			if (!isset($args['USEREMAIL']) || $args['USEREMAIL']=='') {
    1917. 

  1917. 				if ($isHtml) {
    1918. 

  1918. 					$body = '<p><strong>USER ' . $userArray['name'] . ' have not E-mail address</strong></p><br />' . $body;
    1919. 

  1919. 				} else {
    1920. 

  1920. 					$body = 'USER ' . $userArray['name'] . " have not E-mail address\n" . $body;
    1921. 

  1921. 				}
    1922. 

  1922. 				$mail->AddAddress($args['ADMINEMAIL'], $args['ADMINREALNAME']);
    1923. 

  1923. 

  1924. 			} else {
    1925. 

  1925. 				$mail->AddAddress($args['USEREMAIL'], $args['USERREALNAME']);
    1926. 

  1926. 			}
    1927. 

  1927. 		}
    1928. 

  1928. 

  1929. 		$mail->Subject = $subject;
    1930. 

  1930. 		$mail->Body    = $body;
    1931. 

  1931. 

  1932. 		if ($isHtml) {
    1933. 

  1933. 			$mail->IsHTML( true );
    1934. 

  1934. 			$mail->AltBody = "To view the message, please use an HTML compatible email viewer!";
    1935. 

  1935. 		}
    1936. 

  1936. 

  1937. 		if (false == $mail->Send()) {
    1938. 

  1938. 			$this->setError(  'SendMail: ' . $mail->ErrorInfo );
    1939. 

  1939. 			return false;
    1940. 

  1940. 		}
    1941. 

  1941. 

  1942. 		return true;
    1943. 

  1943. 	}
    1944. 

  1944. 

  1945. 	function hasFeature( $feature )
    1946. 

  1946. 	{
    1947. 

  1947. 		$ln = strtolower($feature);
    1948. 

  1948. 

  1949. 		if ($ln == 'phpmailer' || $ln == 'tinymcejs' || $ln = 'magpierss') {
    1950. 

  1950. 			$filePath = $this->getPathByType( $ln );
    1951. 

  1951. 

  1952. 			if (!is_file($filePath) || !is_readable($filePath)) {
    1953. 

  1953. 				return false;
    1954. 

  1954. 			}
    1955. 

  1955. 			return true;
    1956. 

  1956. 		}
    1957. 

  1957. 

  1958. 		return true;
    1959. 

  1959. 	}
    1960. 

  1960. 

  1961. 	/***************************************************************************
    1962. 

  1962. 	* Messages/Warnings/Errors Reporting
    1963. 

  1963. 	**************************************************************************/
    1964. 

  1964. 

  1965. 	/**
    1966. 

  1966.      * Messages wrapper
    1967. 

  1967.      *
    1968. 

  1968.      * @access public
    1969. 

  1969.      * @return string
    1970. 

  1970.      */
    1971. 

  1971. 	function M()
    1972. 

  1972. 	{
    1973. 

  1973. 		$args = func_get_args();
    1974. 

  1974. 		return $this->getMessage( 'messages', $args );
    1975. 

  1975. 	}
    1976. 

  1976. 

  1977. 	/**
    1978. 

  1978.      * Warnings wrapper
    1979. 

  1979.      *
    1980. 

  1980.      * @access public
    1981. 

  1981.      * @return string
    1982. 

  1982.      */
    1983. 

  1983. 	function W()
    1984. 

  1984. 	{
    1985. 

  1985. 		$args = func_get_args();
    1986. 

  1986. 		return $this->getMessage( 'warnings', $args );
    1987. 

  1987. 	}
    1988. 

  1988. 

  1989. 	/**
    1990. 

  1990.      * Errors wrapper
    1991. 

  1991.      *
    1992. 

  1992.      * @access public
    1993. 

  1993.      * @return string
    1994. 

  1994.      */
    1995. 

  1995. 	function E()
    1996. 

  1996. 	{
    1997. 

  1997. 		$args = func_get_args();
    1998. 

  1998. 		return $this->getMessage( 'errors', $args );
    1999. 

  1999. 	}
    2000. 

  2000. 

  2001. 	/**
    2002. 

  2002.      * Return formated message 
    2003. 

  2003.      *
    2004. 

  2004.      * @access private
    2005. 

  2005.      * @param string $type 
    2006. 

  2006.      * @param array $args
    2007. 

  2007.      * @return string
    2008. 

  2008.      */
    2009. 

  2009. 	function getMessage( $type, $args )
    2010. 

  2010. 	{
    2011. 

  2011. 		$fmt = strtoupper(array_shift($args));
    2012. 

  2012. 

  2013. 		if (isset($this->_langArray[$type]) && isset($this->_langArray[$type][$fmt])) {
    2014. 

  2014. 			$s = vsprintf( $this->_langArray[$type][$fmt], $args);
    2015. 

  2015. 		} else {
    2016. 

  2016. 			$s = '[' . $type . ': ' . $fmt;
    2017. 

  2017. 			if (count($args)) {
    2018. 

  2018. 				$s .= ':';
    2019. 

  2019. 				foreach ($args as $t) {
    2020. 

  2020. 					$s .= ' ' . $t;
    2021. 

  2021. 				}
    2022. 

  2022. 			}
    2023. 

  2023. 			$s .= ']';
    2024. 

  2024. 		}
    2025. 

  2025. 

  2026. 		return $s;
    2027. 

  2027. 	}
    2028. 

  2028. 

  2029. 	/**
    2030. 

  2030.      * Set error message
    2031. 

  2031.      *
    2032. 

  2032.      * @access protected
    2033. 

  2033.      * @param string|null
    2034. 

  2034.      */
    2035. 

  2035. 	function setError( $error=null )
    2036. 

  2036. 	{
    2037. 

  2037. 		$this->_error = $error;
    2038. 

  2038. 

  2039. 		if (!isset($error)) {
    2040. 

  2040. 			return;
    2041. 

  2041. 		}
    2042. 

  2042. 

  2043. 		if (isset($php_errormsg))
    2044. 

  2044. 		$this->_error .= ': ' . $php_errormsg;
    2045. 

  2045. 

  2046. 		return;
    2047. 

  2047. 	}
    2048. 

  2048. 

  2049. 	/**
    2050. 

  2050.      * Return true if error string is set
    2051. 

  2051.      *
    2052. 

  2052.      * @access public
    2053. 

  2053.      * @return bool
    2054. 

  2054.      */
    2055. 

  2055. 	function isError()
    2056. 

  2056. 	{
    2057. 

  2057. 		return $this->_error == '' ? false : true;
    2058. 

  2058. 	}
    2059. 

  2059. 

  2060. 	/**
    2061. 

  2061.      * Get error message
    2062. 

  2062.      *
    2063. 

  2063.      * @access public
    2064. 

  2064.      * @return string
    2065. 

  2065.      */
    2066. 

  2066. 	function getError()
    2067. 

  2067. 	{
    2068. 

  2068. 		if (!isset($this->_error)) {
    2069. 

  2069. 			return $this->M('UNKNOWNERROR');
    2070. 

  2070. 		}
    2071. 

  2071. 

  2072. 		return $this->_error;
    2073. 

  2073. 	}
    2074. 

  2074. 

  2075. 	/**
    2076. 

  2076.      * Clear error variable
    2077. 

  2077.      *
    2078. 

  2078.      * @access public
    2079. 

  2079.      * @return void
    2080. 

  2080.      */
    2081. 

  2081. 	function clearError()
    2082. 

  2082. 	{
    2083. 

  2083. 		$this->_error = null;
    2084. 

  2084. 	}
    2085. 

  2085. 

  2086. 	/**
    2087. 

  2087.      * Return runtime errors and warnings
    2088. 

  2088.      *
    2089. 

  2089.      * @access public
    2090. 

  2090.      * @param bool $onlyCritical (default is false)
    2091. 

  2091.      * @return array
    2092. 

  2092.      */
    2093. 

  2093.     function getRuntimeErrors( $onlyCritical=false )
    2094. 

  2094.     {
    2095. 

  2095. 		$wArray = array();
    2096. 

  2096. 

  2097. 		// 1001 Config file doesn't exist
    2098. 

  2098. 		//      Recoverable: Yes
    2099. 

  2099. 		//      Action: start configuration wizard
    2100. 

  2100. 		$configPath = $this->_filePathsArray['configfile'];
    2101. 

  2101. 		if (!is_file($configPath)) {
    2102. 

  2102. 			$wArray[] = array('errno'=>1001,
    2103. 

  2103. 			'message'=>'Configuration file does not exist: ' . $configPath,
    2104. 

  2104. 			'recover'=>false, // true
    2105. 

  2105. 			'critial'=>false);
    2106. 

  2106. 		}
    2107. 

  2107. 

  2108. 		// 1002 Config file is not readble
    2109. 

  2109. 		//      Recoverable: No
    2110. 

  2110. 		//      Recomendation: change file rights manually
    2111. 

  2111. 		if (is_file($configPath) && !is_readable($configPath)) {
    2112. 

  2112. 			$wArray[] = array('errno'=>1002,
    2113. 

  2113. 			'recover'=>false,
    2114. 

  2114. 			'message'=>'Configuration file is not readable: ' . $configPath,
    2115. 

  2115. 			'critial'=>false);
    2116. 

  2116. 		}
    2117. 

  2117. 

  2118. 		// 1003 Language file doesn't exist
    2119. 

  2119. 		//      Recoverable: Yes
    2120. 

  2120. 		//      Action: download language file
    2121. 

  2121. 		//      Recomendation: or change config settings
    2122. 

  2122. 		$langFilePath = $this->_filePathsArray['langfile'];
    2123. 

  2123. 		if (!is_file($langFilePath)) {
    2124. 

  2124. 			$wArray[] = array('errno'=>1003,
    2125. 

  2125.             'recover'=>false, // true
    2126. 

  2126. 			'message'=>'Language file does not exist: ' . $langFilePath);
    2127. 

  2127. 		}
    2128. 

  2128. 

  2129. 		// 1004 Default (English) Language file doesn't exist
    2130. 

  2130. 		//      Recoverable: Yes
    2131. 

  2131. 		//      Action: download default language file
    2132. 

  2132. 		$langFilePath = $this->makePath($this->_basePath . DIRECTORY_SEPARATOR . 'languages',
    2133. 

  2133. 		'english.lng' );
    2134. 

  2134. 		if (!is_file($langFilePath)) {
    2135. 

  2135. 			$mesg = 'Default language (ENGLISH) file does not exist: ' . $langFilePath;
    2136. 

  2136. 

  2137. 			$wArray[] = array('errno'=>1004,
    2138. 

  2138.             'recover'=>false, // true
    2139. 

  2139. 			'message'=>$mesg,
    2140. 

  2140. 			'critical'=>true);
    2141. 

  2141. 		}
    2142. 

  2142. 

  2143. 		// File languages/.htaccess does not exist
    2144. 

  2144. 		// File templates/.htaccess does not exist
    2145. 

  2145. 		// File config/.htaccess does not exist
    2146. 

  2146. 

  2147.         if (!$onlyCritical) {
    2148. 

  2148.             return $wArray;
    2149. 

  2149.         }
    2150. 

  2150. 

  2151.         $cArray = array();
    2152. 

  2152.         foreach($wArray as $wItem) {
    2153. 

  2153.             if (!isset($wItem['critical']) || !$wItem['critical']) {
    2154. 

  2154.                 continue;
    2155. 

  2155.             }
    2156. 

  2156.             $cArray[] = $wItem;
    2157. 

  2157.         }
    2158. 

  2158.         return $cArray;
    2159. 

  2159. 	}
    2160. 

  2160. 

  2161. 	/***************************************************************************
    2162. 

  2162. 	* Runtime Variables
    2163. 

  2163. 	**************************************************************************/
    2164. 

  2164. 	function hasRuntimeValue( $name )
    2165. 

  2165. 	{
    2166. 

  2166. 		if (!isset($this->_runtimeArray)) {
    2167. 

  2167. 			// loading runtime variables
    2168. 

  2168. 			if (false == $this->loadRuntime()) {
    2169. 

  2169. 				return false;
    2170. 

  2170. 			}
    2171. 

  2171. 		}
    2172. 

  2172. 		if (!array_key_exists($name, $this->_runtimeArray)) {
    2173. 

  2173. 			return false;
    2174. 

  2174. 		}
    2175. 

  2175. 		return true;
    2176. 

  2176. 	}
    2177. 

  2177. 

  2178.     function loadRuntime()
    2179. 

  2179.     {
    2180. 

  2180. 		$this->_runtimeArray = array();
    2181. 

  2181. 

  2182. 		$basedir = $this->_basePath . DIRECTORY_SEPARATOR . 'var';
    2183. 

  2183. 		$filePath = $this->makePath( $basedir, 'runtime.ini' );
    2184. 

  2184. 

  2185. 		if (is_file($filePath) && is_readable($filePath)) {
    2186. 

  2186. 			$rt = @parse_ini_file( $filePath );
    2187. 

  2187. 			if ($rt != false) {
    2188. 

  2188. 				$this->_runtimeArray = $rt;
    2189. 

  2189. 			}
    2190. 

  2190. 		}
    2191. 

  2191. 

  2192. 		return true;
    2193. 

  2193. 	}
    2194. 

  2194. 

  2195. 	function getRuntimeValue( $name )
    2196. 

  2196. 	{
    2197. 

  2197. 		if (false == $this->hasRuntimeValue($name)) {
    2198. 

  2198. 			return false;
    2199. 

  2199. 		}
    2200. 

  2200. 		return $this->_runtimeArray[$name];
    2201. 

  2201. 	}
    2202. 

  2202. 

  2203.     function setRuntimeValue( $name, $value, $saveFile=false )
    2204. 

  2204.     {
    2205. 

  2205.         if (is_string($value)) {
    2206. 

  2206.             $value = trim($value, "\r\n");
    2207. 

  2207.         }
    2208. 

  2208. 

  2209. 		if ($this->hasRuntimeValue($name) && $this->getRuntimeValue( $name ) == $value) {
    2210. 

  2210. 			return true;
    2211. 

  2211. 		}
    2212. 

  2212. 

  2213. 		if (is_null($value)) {
    2214. 

  2214. 			if (!isset($this->_runtimeArray[$name])) {
    2215. 

  2215. 				return true;
    2216. 

  2216. 			}
    2217. 

  2217. 			unset($this->_runtimeArray[$name]);
    2218. 

  2218. 		} else {
    2219. 

  2219. 			$this->_runtimeArray[$name] = $value;
    2220. 

  2220. 		}
    2221. 

  2221. 

  2222. 		if (false == $saveFile) {
    2223. 

  2223. 			return true;
    2224. 

  2224. 		}
    2225. 

  2225. 

  2226. 		// Saving in DEMO mode is disabled
    2227. 

  2227. 		if ($this->isDemo()) {
    2228. 

  2228. 			//$this->setError( $this->W('DEMOISON') );
    2229. 

  2229. 			//return false;
    2230. 

  2230.             return true;
    2231. 

  2231. 		}
    2232. 

  2232. 

  2233. 		$basedir = $this->_basePath . DIRECTORY_SEPARATOR . 'var';
    2234. 

  2234. 		$filePath = $this->makePath( $basedir, 'runtime.ini' );
    2235. 

  2235. 

  2236. 		if (!is_dir($basedir)) {
    2237. 

  2237. 			if (false == @mkdir($basedir, 0755)) {
    2238. 

  2238. 				$this->setError( $this->E('MKDIRFAILED', $basedir) );
    2239. 

  2239. 				return false;
    2240. 

  2240. 			}
    2241. 

  2241. 

  2242. 			$denyPath = $basedir . DIRECTORY_SEPARATOR
    2243. 

  2243. 			          . $this->_configArray['access_file'];
    2244. 

  2244. 			$this->writeDenyFile( $denyPath );
    2245. 

  2245. 		}
    2246. 

  2246. 

  2247. 		if (!is_file($filePath) && !is_writable($basedir)) {
    2248. 

  2248. 			$this->setError( $this->E('DIRNOTWRITABLE', $basedir) );
    2249. 

  2249. 			return false;
    2250. 

  2250. 		}
    2251. 

  2251. 

  2252. 		if (is_file($filePath) && !is_writable($filePath)) {
    2253. 

  2253. 			$this->setError( $this->E('FILENOTWRITABLE', $path) );
    2254. 

  2254. 			return false;
    2255. 

  2255. 		}
    2256. 

  2256. 

  2257. 		$fh = @fopen($filePath, 'w');
    2258. 

  2258. 		if (false == $fh) {
    2259. 

  2259. 			$this->setError( $this->E('FILEOPENFAILED', $filePath) );
    2260. 

  2260. 			return false;
    2261. 

  2261. 		}
    2262. 

  2262. 

  2263. 		@fwrite($fh, "# Automatically Created by Autman Free\n");
    2264. 

  2264. 		@fwrite($fh, "[runtime]\n");
    2265. 

  2265. 

  2266. 		foreach( $this->_runtimeArray as $k=>$v) {
    2267. 

  2267. 			@fwrite($fh, $k .'=' );
    2268. 

  2268. 			if (is_bool($v)) {
    2269. 

  2269. 				@fwrite($fh, $value ? '"1"' : '"0"');
    2270. 

  2270. 			} else {
    2271. 

  2271. 				@fwrite($fh, '"'.$v.'"');
    2272. 

  2272. 			}
    2273. 

  2273. 

  2274. 			@fwrite($fh, "\n");
    2275. 

  2275. 		}
    2276. 

  2276. 

  2277. 		@fclose($fh);
    2278. 

  2278. 

  2279. 		return true;
    2280. 

  2280. 	}
    2281. 

  2281.     
    2282. 

  2282.     /***************************************************************************
    2283. 

  2283.     * RSS, NEWs
    2284. 

  2284.     **************************************************************************/
    2285. 

  2285.     /**
    2286. 

  2286.      * Returns RSS product news as HTML code
    2287. 

  2287.      * 
    2288. 

  2288.      * @access public
    2289. 

  2289.      * @params void
    2290. 

  2290.      * @return string
    2291. 

  2291.      */
    2292. 

  2292.     function newsFetchAsHTML() 
    2293. 

  2293.     {
    2294. 

  2294.         $text = '';
    2295. 

  2295.         
    2296. 

  2296.         if (!$this->hasFeature('magpierss')) {
    2297. 

  2297.             return 'Server does not support this feature';
    2298. 

  2298.         }
    2299. 

  2299. 

  2300.         $disableCaching = false;
    2301. 

  2301. 

  2302.         $cachedir = $this->_basePath . DIRECTORY_SEPARATOR . 'var' 
    2303. 

  2303.                   . DIRECTORY_SEPARATOR . 'cache'; 
    2304. 

  2304. 

  2305.         if (!defined('MAGPIE_CACHE_DIR')) {
    2306. 

  2306.             define('MAGPIE_CACHE_DIR', $cachedir);
    2307. 

  2307.         }
    2308. 

  2308.         
    2309. 

  2309.         // increase default cache time (1h) up to 24h
    2310. 

  2310.         if (!defined('MAGPIE_CACHE_AGE')) {
    2311. 

  2311.             define('MAGPIE_CACHE_AGE', 3600*24); 
    2312. 

  2312.         }
    2313. 

  2313.             
    2314. 

  2314.         if (!is_dir($cachedir)) {
    2315. 

  2315.             if (!@mkdir($cachedir, 0755)) {
    2316. 

  2316.                 $disableCaching = true;
    2317. 

  2317.             } else {
    2318. 

  2318.                 $denyPath = $cachedir . DIRECTORY_SEPARATOR
    2319. 

  2319.                           . $this->_configArray['access_file'];
    2320. 

  2320.                 $this->writeDenyFile( $denyPath );
    2321. 

  2321.             }
    2322. 

  2322.         }
    2323. 

  2323.         if (!is_dir($cachedir) && !is_writable($cachedir)) {
    2324. 

  2324.             $disableCaching = true;
    2325. 

  2325.         }
    2326. 

  2326. 

  2327.         if ($disableCaching) {
    2328. 

  2328.             define('MAGPIE_CACHE_ON', false);
    2329. 

  2329.         }
    2330. 

  2330. 

  2331.         include_once( $this->getPathByType('magpierss') ); // rss_fetch.inc
    2332. 

  2332.         
    2333. 

  2333.         $url = 'http://www.authman.com/rss/free/';
    2334. 

  2334.         #$rss = fetch_rss( $url );
    2335. 

  2335.         if (!$rss) {
    2336. 

  2336.             return 'Sorry, disable due to timeout';
    2337. 

  2337.         }
    2338. 

  2338.         
    2339. 

  2339.         foreach ( $rss->items as $item ) {
    2340. 

  2340.             $text .= '<div id="item">';
    2341. 

  2341.             $text .= sprintf('<div id="title"><a href="%s" base="_top">%s</a></div>',
    2342. 

  2342.                              $item['link'], $item['title']);
    2343. 

  2343.             if (isset($item['content']) && isset($item['content']['encoded'])) {
    2344. 

  2344.                 $description  = $item['content']['encoded'];
    2345. 

  2345.             } else {
    2346. 

  2346.                 $description  = '<pre>' . $item['description'] .'</pre>';
    2347. 

  2347.             }
    2348. 

  2348.             $text .= '<div id="description">' . $description . '</div>';
    2349. 

  2349.             $text .= '</div>';
    2350. 

  2350.         }
    2351. 

  2351.             
    2352. 

  2352.         return $text;
    2353. 

  2353.     }
    2354. 

  2354. }
    2355. 

  2355. // the end of authman class
    2356. 

  2356. 

  2357. 

  2358. /**
    2359. 

  2359.  * Users and group management
    2360. 

  2360.  *
    2361. 

  2361.  * @return void
    2362. 

  2362.  */
    2363. 

  2363. function showPage_users()
    2364. 

  2364. {
    2365. 

  2365. 	global $am;
    2366. 

  2366. 

  2367. 	// Checking access rights
    2368. 

  2368. 	if (!$am->isAdmin()) {
    2369. 

  2369. 		$_SESSION['durl'] = $_SERVER['REQUEST_URI'];
    2370. 

  2370. 		showPage_401( true );
    2371. 

  2371. 		exit;
    2372. 

  2372. 	}
    2373. 

  2373. 

  2374. 	$error = $message = null;
    2375. 

  2375. 	$action = getParam('action', null, 'attribute');
    2376. 

  2376. 

  2377.     // ------------- Ajax Actions ----------------    
    2378. 

  2378.         
    2379. 

  2379. 	// Ajax Acitons: Sending email to an user
    2380. 

  2380. 	if ($action == 'mailtouser') {
    2381. 

  2381. 		$body = getParam('body', null, 'htmlcode');
    2382. 

  2382. 		$subject = getParam('subject', 'Subject not set', 'subject');
    2383. 

  2383. 		
    2384. 

  2384. 		// building pseudo-template
    2385. 

  2385. 		$templateArray = array('role'=>'undefinied',
    2386. 

  2386. 		                       'type'=>getParam('type', 'plaintext', 'attribute'),
    2387. 

  2387. 							   'subject'=>$subject,
    2388. 

  2388. 							   'contents'=>$body);
    2389. 

  2389. 

  2390. 		$userData = array();
    2391. 

  2391. 		
    2392. 

  2392. 		$username = getParam('username', null, 'username');
    2393. 

  2393. 		if (!isset($username) || $username == '') {
    2394. 

  2394. 			$error = $am->E('INVALIDREQUEST') . ' [username]';
    2395. 

  2395. 		}
    2396. 

  2396. 

  2397. 		// checking for special username: SELECTED
    2398. 

  2398. 		if (!isset($error)) {
    2399. 

  2399. 			if (getParam('username') == 'SELECTED') {
    2400. 

  2400. 				$usernames = getParam('usernames', null, 'username');
    2401. 

  2401. 				if (!is_array($usernames)) {
    2402. 

  2402. 					$error = $am->E('INVALIDREQUEST') . ' [usernames]';
    2403. 

  2403. 				}
    2404. 

  2404. 			} else {
    2405. 

  2405. 				$usernames = array($username);
    2406. 

  2406. 			}
    2407. 

  2407. 		}
    2408. 

  2408. 		
    2409. 

  2409. 		// real sending emal to the user(s)
    2410. 

  2410. 		if (!isset($error)) {			
    2411. 

  2411. 			foreach($usernames as $uname) {
    2412. 

  2412. 				if (!($userData = $am->fetchRecordByType('authuserfile', $uname))) {
    2413. 

  2413. 					$error = $am->E('USERNOTEXISTS', $uname);
    2414. 

  2414. 					break;
    2415. 

  2415. 				}
    2416. 

  2416. 			
    2417. 

  2417. 				if (!$am->sendMail($templateArray, $userData)) {
    2418. 

  2418. 					$error = $am->E('SENDINGFAILED') . ': ' . $am->getError();
    2419. 

  2419. 					break;
    2420. 

  2420. 				}
    2421. 

  2421. 			}
    2422. 

  2422. 		}
    2423. 

  2423. 				
    2424. 

  2424. 		// follow-up
    2425. 

  2425. 		if (!isset($error)) {
    2426. 

  2426.             $message = $am->M('INFO_EMAILSENT');
    2427. 

  2427. 	    }
    2428. 

  2428. 

  2429.         if (!isset($error)) {
    2430. 

  2430.             echo '<div class="message">' . fmt_message($message) . "</div>\n";
    2431. 

  2431.         } else {
    2432. 

  2432.             echo '<div class="warning">' . fmt_message($error) . "</div>\n";
    2433. 

  2433.         }
    2434. 

  2434.         
    2435. 

  2435. 		return;
    2436. 

  2436. 	}
    2437. 

  2437. 

  2438.     // Ajax Acitons: Checking given username
    2439. 

  2439. 	if ($action == 'checkusername') {
    2440. 

  2440. 		$username = getParam('username', null, 'username');
    2441. 

  2441. 

  2442. 		if ($am->isRecordByType('authuserfile', $username)) {
    2443. 

  2443. 			echo 'USERFOUND';
    2444. 

  2444. 		} else {
    2445. 

  2445. 			echo 'NOSUCHUSER';
    2446. 

  2446. 		}
    2447. 

  2447. 		return;
    2448. 

  2448. 	}
    2449. 

  2449. 	
    2450. 

  2450. 	// ------------- General variables ----------------
    2451. 

  2451. 

  2452. 	$limit = 10;
    2453. 

  2453. 	if (hasParam('limit')) {
    2454. 

  2454. 		$limit  = getParam('limit', 10, 'int');
    2455. 

  2455. 		$_SESSION['user_limit'] = $limit;
    2456. 

  2456. 	} else if (isset($_SESSION['user_limit'])) {
    2457. 

  2457. 		$limit = $_SESSION['user_limit'];
    2458. 

  2458. 	}
    2459. 

  2459. 

  2460. 	$p = 1;
    2461. 

  2461. 	if (hasParam('p')) {
    2462. 

  2462. 		$p = getParam('p', 1, 'int' );
    2463. 

  2463. 		$_SESSION['user_p'] = $p;
    2464. 

  2464. 	} else if (isset($_SESSION['user_p'])) {
    2465. 

  2465. 		$p = $_SESSION['user_p'];
    2466. 

  2466. 	}
    2467. 

  2467. 

  2468. 	if (empty($limit)) {
    2469. 

  2469. 		$p = 1;
    2470. 

  2470. 	}
    2471. 

  2471. 

  2472. 	$offset = ($p-1) * $limit;
    2473. 

  2473. 

  2474. 	// ------------- Actions ----------------
    2475. 

  2475. 

  2476. 	// Action: Add user
    2477. 

  2477. 	if ($action == 'adduser') {
    2478. 

  2478. 		$username = getParam('username', null, 'username');
    2479. 

  2479.         if (!isset($username) || $username == '') {
    2480. 

  2480. 			$error = $am->E('INVALIDREQUEST') . ' [username]';
    2481. 

  2481. 		
    2482. 

  2482.         } else if ($am->isRecordByType('authuserfile', $username)) {
    2483. 

  2483. 			$error = $am->E('USEREXISTS', $username);
    2484. 

  2484. 		}
    2485. 

  2485. 

  2486. 		$password = getParam('password', null, 'password');
    2487. 

  2487. 		if (!isset($error))  {
    2488. 

  2488. 			if ($password == '') {
    2489. 

  2489. 				$error = $am->E('INVALIDREQUEST') . ' [password]';
    2490. 

  2490. 			} else if (strlen($password) < 4) {
    2491. 

  2491. 				$error = $am->E('PASSWORDTOOSHORT', 4);
    2492. 

  2492. 			}
    2493. 

  2493. 		}
    2494. 

  2494. 		
    2495. 

  2495. 		$data = array('name'    => $username,
    2496. 

  2496. 		              'pass_raw'=> $password,
    2497. 

  2497. 		              'info'    => getParam('realname', null, 'field'),
    2498. 

  2498. 		              'email'   => getParam('email', null, 'email'));
    2499. 

  2499. 

  2500. 		if (!isset($error)) {
    2501. 

  2501. 			if (!$am->setRecordByType('authuserfile', null,  $data, true)) {
    2502. 

  2502. 				$error = $am->E('USERINSERTFAILED', $username)
    2503. 

  2503. 				       . ': ' . $am->getError();
    2504. 

  2504. 			}
    2505. 

  2505. 		}
    2506. 

  2506. 

  2507. 		if (!isset($error)) {
    2508. 

  2508. 			$message = $am->M('USERINSSUCCESS', $username);
    2509. 

  2509. 			$action = 'updateuser';
    2510. 

  2510. 		}
    2511. 

  2511. 

  2512. 		// sending notification via e-mail
    2513. 

  2513. 		$am->setRuntimeValue('useradd_sendmail', hasParam('sendmail'), true);
    2514. 

  2514. 		if (!isset($error) && hasParam('sendmail')) {
    2515. 

  2515. 			$template = getParam('template', 'useradd', 'attribute');
    2516. 

  2516. 

  2517. 			if (false == $am->sendMail($template, $data )) {
    2518. 

  2518. 				$error = $am->getError();
    2519. 

  2519. 			}
    2520. 

  2520. 		}
    2521. 

  2521. 

  2522. 	// Action: Edit user
    2523. 

  2523. 	} else if ($action == 'updateuser') {
    2524. 

  2524. 		$oldusername = getParam('oldusername', null, 'username');
    2525. 

  2525. 		if (!$am->isRecordByType('authuserfile', $oldusername)) {
    2526. 

  2526. 			$error = $am->E('INVALIDREQUEST') . ' [curusername]';
    2527. 

  2527. 		}
    2528. 

  2528. 

  2529. 		$username = getParam('username', null, 'username');
    2530. 

  2530. 		if (!isset($username) || $username == '') {
    2531. 

  2531. 			$error = $am->E('INVALIDREQUEST') . ' [username]';
    2532. 

  2532. 		}
    2533. 

  2533. 

  2534. 		if ($oldusername != $username && $am->isRecordByType('authuserfile', $username)) {
    2535. 

  2535. 			$error = $am->E('USEREXISTS', $username);
    2536. 

  2536. 		}
    2537. 

  2537. 

  2538. 		$data = array('name' =>$username,
    2539. 

  2539. 			          'info' =>getParam('realname', null, 'field'),
    2540. 

  2540.             		  'email'=>getParam('email', null, 'email'));
    2541. 

  2541. 

  2542. 		if (hasParam('password')) {
    2543. 

  2543. 			$pass = getParam('password', null, 'password');
    2544. 

  2544. 			if (isset($pass) && $pass != '') {
    2545. 

  2545. 				$data['pass_raw'] = $pass;
    2546. 

  2546. 			}
    2547. 

  2547. 		}
    2548. 

  2548. 

  2549. 		if (!isset($error)) {
    2550. 

  2550. 			if (!$am->setRecordByType( 'authuserfile', $oldusername, $data, true)) {
    2551. 

  2551. 				$error = $am->E('USERUPDATEFAILED', $username) 
    2552. 

  2552.                        . ': ' . $am->getError();
    2553. 

  2553. 			}
    2554. 

  2554. 		}
    2555. 

  2555. 

  2556. 		if (!isset($error)) {
    2557. 

  2557. 			$message = $am->M('USERUPDSUCCESS', $username);
    2558. 

  2558. 		}
    2559. 

  2559. 		
    2560. 

  2560. 		// sending notification e-mail
    2561. 

  2561. 		$am->setRuntimeValue('useredit_sendmail', hasParam('sendmail'), true);
    2562. 

  2562. 		if (!isset($error) && hasParam('sendmail')) {
    2563. 

  2563. 			$template = getParam('template', 'useredit', 'attribute');
    2564. 

  2564. 

  2565. 			if (!$am->sendMail($template, $data)) {
    2566. 

  2566. 				$error = $am->getError();
    2567. 

  2567. 			}
    2568. 

  2568. 		}
    2569. 

  2569. 			
    2570. 

  2570. 	// Action: Delete user
    2571. 

  2571. 	} else if ($action == 'deleteuser') {
    2572. 

  2572. 		$username = getParam('username', null, 'username');
    2573. 

  2573. 		if (!$am->isRecordByType('authuserfile', $username)) {
    2574. 

  2574. 			$error = $am->E('USERNOTEXISTS', $username);
    2575. 

  2575. 		}
    2576. 

  2576. 

  2577. 		if (!isset($error)) {
    2578. 

  2578. 			if (!$am->setRecordByType('authuserfile', $username, null, true)) {
    2579. 

  2579. 				$error = $am->E('USERDELETEFAILED', $username)
    2580. 

  2580. 				       . ': ' . $am->getError();
    2581. 

  2581. 			}
    2582. 

  2582. 		}
    2583. 

  2583. 		if (!isset($error)) {
    2584. 

  2584. 			$message = $am->M('USERDELETED', $username);
    2585. 

  2585. 		}
    2586. 

  2586. 	
    2587. 

  2587. 	// Action: delete selected users
    2588. 

  2588. 	} else if ($action == 'deleteselusers') {
    2589. 

  2589. 		$usernames = getParam('usernames', null, 'username');
    2590. 

  2590. 		foreach($usernames as $username) {
    2591. 

  2591. 

  2592. 			if (!$am->isRecordByType('authuserfile', $username)) {
    2593. 

  2593. 				$error = $am->E('USERNOTEXISTS', $username);
    2594. 

  2594. 				break;
    2595. 

  2595. 			}
    2596. 

  2596. 

  2597. 			if (!$am->setRecordByType('authuserfile', $username, null, true)) {
    2598. 

  2598. 				$error = $am->E('USERDELETEFAILED', $username) 
    2599. 

  2599.                        . ': ' . $am->getError();
    2600. 

  2600. 				break;
    2601. 

  2601. 			}
    2602. 

  2602. 

  2603. 		}
    2604. 

  2604. 		if (!isset($error)) {
    2605. 

  2605. 			$message = $am->M('USERSSELDELETED');
    2606. 

  2606. 		}
    2607. 

  2607. 

  2608. 	// Action: Delete All Users
    2609. 

  2609. 	} else if ($action == 'deleteallusers') {
    2610. 

  2610. 

  2611. 		if (!isset($error)) {
    2612. 

  2612. 			if (false == $am->clearAllRecordsByType( 'authuserfile', true )) {
    2613. 

  2613. 				$error = $am->E('USERSDELALLFAILED') . ': ' . $am->getError();
    2614. 

  2614. 			}
    2615. 

  2615. 		}
    2616. 

  2616. 		if (!isset($error)) {
    2617. 

  2617. 			$message = $am->M('USERSALLDELETED');
    2618. 

  2618. 		}
    2619. 

  2619. 	
    2620. 

  2620. 	}
    2621. 

  2621. 

  2622.     // ------------- HTML Preparing ----------------
    2623. 

  2623. 

  2624. 	$searchtext = '';
    2625. 

  2625. 	if (hasParam('searchtext')) {
    2626. 

  2626. 		$searchtext = getParam('searchtext', null, 'field');
    2627. 

  2627. 		$_SESSION['searchtext'] = $searchtext;
    2628. 

  2628. 	} else if (isset($_SESSION['searchtext'])) {
    2629. 

  2629. 		$searchtext = $_SESSION['searchtext'];
    2630. 

  2630. 	}
    2631. 

  2631. 	
    2632. 

  2632. 	$usersArray = $am->getRecordsByType('authuserfile', 'name', $limit, $offset, $searchtext);
    2633. 

  2633. 	$groupsArray = $am->getRecordsByType('authgroupfile', 'g_name');
    2634. 

  2634. 

  2635. 	web_header( $am->M('SUBTITLE_USERS') );
    2636. 

  2636. 	web_menu();
    2637. 

  2637. 	echo '<div id="righty">';
    2638. 

  2638. 

  2639. 	// ------------- Information ----------------
    2640. 

  2640. 

  2641. 	echo '<div class="pagenotes">';
    2642. 

  2642. 	echo '<h4>' . $am->M('SUBTITLE_USERS') . '</h4>';
    2643. 

  2643. 

  2644. 	echo '<div><div class="name">AuthUserFile</div>';
    2645. 

  2645. 	echo '<div class="value">'; 
    2646. 

  2646. 	$file = $am->getPathByType('authuserfile');
    2647. 

  2647. 	echo $file == '' ? $am->W('NOTDEFINED', 'AuthUserFile') : $file;
    2648. 

  2648. 	echo '</div></div>';
    2649. 

  2649. 

  2650. 	echo '<div><div class="name">' . $am->M('TOTALMEMBERS') . '</div>';
    2651. 

  2651. 	echo '<div class="value">' . $am->getTotalByType('authuserfile', $searchtext) . '</div></div>';
    2652. 

  2652. 

  2653. 	echo '</div>';
    2654. 

  2654. 

  2655. 	// ------------- Message ----------------
    2656. 

  2656. 	web_message( $message, $error );
    2657. 

  2657. 	
    2658. 

  2658. ?>
    2659. 

  2659. <h1><?php echo $am->M('SUBTITLE_USERS') ?></h1>
    2660. 

  2660. 

  2661.  <?php
    2662. 

  2662. $authuserfile = $am->getPathByType('authuserfile');
    2663. 

  2663. if (false == $authuserfile) {
    2664. 

  2664.     echo '<div class="block">';
    2665. 

  2665.     echo $am->M('NOTES_NODEFAUTHUSERFILE');
    2666. 

  2666. 	echo '</div>';
    2667. 

  2667. }
    2668. 

  2668.  ?>
    2669. 

  2669.  
    2670. 

  2670.  <div id="userSearch">
    2671. 

  2671.     <form id="userSearch_form" name="userSearch_form">
    2672. 

  2672. 	<fieldset>
    2673. 

  2673.  		<input id="userSearch_searchtext" type="text" name="searchtext" maxlength="255" class="required" value="<?php echo $searchtext ?>" />
    2674. 

  2674.     	<input type="hidden" name="page" value="users" />
    2675. 

  2675.         <input type="hidden" name="action" value="search" />
    2676. 

  2676.         <input type="submit" id="userMail_submit" name="submit" value="<?php echo $am->M('BTN_FILTER') ?>" />
    2677. 

  2677.  		<input type="submit" id="userMail_submit" name="submit" value="<?php echo $am->M('BTN_RESET') ?>" onClick="javascript:$($(userSearch_form).searchtext).value = ''; return true;" />
    2678. 

  2678. 	</fieldset>
    2679. 

  2679.     </form>
    2680. 

  2680.  </div>
    2681. 

  2681.  <div class="spacer30"></div>
    2682. 

  2682.  	
    2683. 

  2683. <!-- USERS add form -->
    2684. 

  2684. <div id="userAdd" style="display: none;">
    2685. 

  2685.     <form id="userAdd_form" name="userAdd_form">
    2686. 

  2686. 

  2687.     <div id="userAdd_checkUsername" style="float:right;"></div>
    2688. 

  2688.     <p id="userAdd_form_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    2689. 

  2689. 

  2690.     <fieldset>
    2691. 

  2691.     <legend><?php echo $am->M('LEGEND_USERNEW') ?></legend>
    2692. 

  2692.         <div>
    2693. 

  2693.             <label for="username" class="required"><?php echo $am->M('FIELD_USERNAME') ?></label>
    2694. 

  2694.             <input id="userAdd_username" type="text" name="username" maxlength="255" class="required" />
    2695. 

  2695.             <input id="userAdd_check" name="check" type="button" value="<?php echo $am->M('CHECK') ?>" onclick="javascript:usersCheckUsername('userAdd');" />
    2696. 

  2696.         </div>
    2697. 

  2697.         <div>
    2698. 

  2698.         <label for="password" class="required"><?php echo $am->M('FIELD_PASSWORD') ?></label>
    2699. 

  2699.             <input id="userAdd_password" type="text" name="password" maxlength="255" class="required" />
    2700. 

  2700.             <input type="button" value="<?php echo $am->M('GENERATE') ?>" onclick="javascript:mainGeneratePassword('userAdd');" />
    2701. 

  2701.         </div>
    2702. 

  2702.         <div>
    2703. 

  2703.         	<label for="realname"><?php echo $am->M('FIELD_REALNAME') ?></label>
    2704. 

  2704.             <input id="userAdd_realname" type="text" name="realname" size="40" maxlength="255" />
    2705. 

  2705.         </div>
    2706. 

  2706.         <div>
    2707. 

  2707.         <label for="email"><?php echo $am->M('FIELD_EMAIL') ?></label>
    2708. 

  2708.             <input id="userAdd_email" type="text" name="email" size="40" maxlength="255" />
    2709. 

  2709.         </div>
    2710. 

  2710.         
    2711. 

  2711.         <div class="dashed"></div>
    2712. 

  2712. <?php
    2713. 

  2713.         $sendMail = true;
    2714. 

  2714.         if (!$am->hasFeature('PHPMailer')) {
    2715. 

  2715. 	        $sendMail = false;
    2716. 

  2716. 

  2717.         } else if ($am->hasRuntimeValue('useradd_sendmail') &&
    2718. 

  2718.                    $am->getRuntimeValue('useradd_sendmail') != "1") {
    2719. 

  2719. 	        $sendMail = false;
    2720. 

  2720.         }
    2721. 

  2721. ?>        
    2722. 

  2722.         <div>
    2723. 

  2723.         	<label for="sendmail"><?php echo $am->M('FIELD_WELCOMEEMAIL') ?></label>
    2724. 

  2724.             <input type="checkbox" id="userAdd_sendmail" name="sendmail" value="1" 
    2725. 

  2725.                    <?php if ($sendMail) { echo ' checked="checked" '; } ?>
    2726. 

  2726.                    onClick="javascript:usersOnChangeSendMail('userAdd');" /> <?php echo $am->M('SEND') ?>
    2727. 

  2727.         </div>
    2728. 

  2728. <?php 
    2729. 

  2729.         if (!$am->hasFeature('PHPMailer')) {        
    2730. 

  2730. 		    echo '<div class="block">';
    2731. 

  2731. 		    echo $am->W('SENDMAILFAIL_INSTALLPHPMAILER');
    2732. 

  2732. 		    echo '</div>';
    2733. 

  2733.         }
    2734. 

  2734. ?>	 
    2735. 

  2735.         <div id="userAdd_showtemplate" style="display:<?php echo $sendMail ? 'block' : 'none' ?>;">
    2736. 

  2736.         	<label for="template"><?php echo $am->M('FIELD_EMAILTEMPLATE') ?></label>
    2737. 

  2737.         	<select id="userAdd_template" name="template">
    2738. 

  2738.         		<option value=""><?php echo $am->M('SELECTONE') ?></option>
    2739. 

  2739. <?php 
    2740. 

  2740.         		foreach ($am->getTemplates() as $id=>$tpl) {
    2741. 

  2741.         			echo '<option value="' . addslashes($id).'"';
    2742. 

  2742.         			if ($tpl['role'] == 'useradd') {
    2743. 

  2743.         				echo ' selected="selected"';
    2744. 

  2744.         			}
    2745. 

  2745.         			echo '>';
    2746. 

  2746.         			echo $tpl['name'] . '</option>';
    2747. 

  2747.         		}
    2748. 

  2748. ?>
    2749. 

  2749.         	</select>
    2750. 

  2750.         </div>        
    2751. 

  2751.     </fieldset>
    2752. 

  2752.     
    2753. 

  2753.     <div class="buttonrow">
    2754. 

  2754.         <input type="hidden" name="action" value="adduser" />
    2755. 

  2755.         <input type="hidden" name="page" value="users" />
    2756. 

  2756.         <?php echo htmlSubmit('submit'); ?>
    2757. 

  2757.         <?php echo htmlReset('reset', 'onClick="javascript:usersResetForm(\'userAdd\'); return false;"' ); ?>
    2758. 

  2758.         <input type="submit" id="userAdd_cancel" name="cancel" value="<?php echo $am->M('CANCEL') ?>" onClick="javascript:usersShowForm('userAdd','hide'); return false;" />
    2759. 

  2759.     </div>
    2760. 

  2760.     </form>
    2761. 

  2761. </div>
    2762. 

  2762. <!-- end of USERS add form -->
    2763. 

  2763. 

  2764. <!-- USERS edit form -->
    2765. 

  2765. <div id="userEdit" style="display: none;">
    2766. 

  2766.     <form id="userEdit_form" name="userEdit_form">
    2767. 

  2767.     <p id="userEdit_form_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    2768. 

  2768.     <fieldset>
    2769. 

  2769.        <legend><?php echo $am->M('LEGEND_USEREDIT') ?></legend>
    2770. 

  2770. 

  2771.         <div>
    2772. 

  2772.         <label for="username" class="required"><?php echo $am->M('FIELD_USERNAME') ?></label>
    2773. 

  2773.             <input id="userEdit_username" name="username" type="text" maxlength="255" class="required" />
    2774. 

  2774.         </div>
    2775. 

  2775.         <div>
    2776. 

  2776.         <label for="password"><?php echo $am->M('FIELD_NEWPASSWORD') ?></label>
    2777. 

  2777.             <input id="userEdit_password" name="password" type="text" maxlength="255" />
    2778. 

  2778.             <input type="button" value="<?php echo $am->M('GENERATE') ?>" onclick="javascript:mainGeneratePassword('userEdit');" />
    2779. 

  2779.         </div>
    2780. 

  2780.         <div>
    2781. 

  2781.         <label for="realname"><?php echo $am->M('FIELD_REALNAME') ?></label>
    2782. 

  2782.             <input id="userEdit_realname" name="realname" type="text" size="40" maxlength="255" />
    2783. 

  2783.         </div>
    2784. 

  2784.         <div>
    2785. 

  2785.         <label for="email"><?php echo $am->M('FIELD_EMAIL') ?></label>
    2786. 

  2786.             <input id="userEdit_email" name="email" type="text" size="40" maxlength="255" />
    2787. 

  2787.         </div>
    2788. 

  2788. 

  2789.         <div class="dashed"></div>
    2790. 

  2790. <?php
    2791. 

  2791.         # by default sending email is off
    2792. 

  2792.         $sendMail = false;
    2793. 

  2793.         if (!$am->hasFeature('PHPMailer')) {
    2794. 

  2794. 	        $sendMail = false;
    2795. 

  2795. 

  2796.         } else if ($am->hasRuntimeValue('useredit_sendmail') && 
    2797. 

  2797.                    $am->getRuntimeValue('useredit_sendmail') == "1") {
    2798. 

  2798. 	        $sendMail = true;
    2799. 

  2799.         }
    2800. 

  2800. ?> 
    2801. 

  2801. 	    <div>
    2802. 

  2802.         	<label for="sendmail"><?php echo $am->M('FIELD_UPDATEEMAIL') ?></label>
    2803. 

  2803.             <input type="checkbox" id="userEdit_sendmail" name="sendmail" value="1" 
    2804. 

  2804.                    <?php if ($sendMail) { echo ' checked="checked" '; } ?>
    2805. 

  2805.                    onClick="javascript:usersOnChangeSendMail('userEdit');" /> <?php echo $am->M('SEND') ?>
    2806. 

  2806.         </div>
    2807. 

  2807. <?php 
    2808. 

  2808.         if (!$am->hasFeature('PHPMailer')) {        
    2809. 

  2809. 		    echo '<div class="block">';
    2810. 

  2810. 		    echo $am->W('SENDMAILFAIL_INSTALLPHPMAILER');
    2811. 

  2811. 		    echo '</div>';
    2812. 

  2812.         }
    2813. 

  2813. ?>	 
    2814. 

  2814.         <div id="userEdit_showtemplate" style="display:<?php echo $sendMail ? 'block' : 'none' ?>;">
    2815. 

  2815.         	<label for="template"><?php echo $am->M('FIELD_EMAILTEMPLATE') ?></label>
    2816. 

  2816.         	<select id="userEdit_template" name="template">
    2817. 

  2817.         		<option value=""><?php echo $am->M('SELECTONE') ?></option>
    2818. 

  2818. <?php 
    2819. 

  2819.         		foreach ($am->getTemplates() as $id=>$tpl) {
    2820. 

  2820.         			echo '<option value="' .addslashes($id).'"';
    2821. 

  2821.         			if ($tpl['role'] == 'useredit') {
    2822. 

  2822.         				echo ' selected="selected"';
    2823. 

  2823.         			}
    2824. 

  2824.         			echo '>';
    2825. 

  2825.         			echo $tpl['name'] . '</option>';
    2826. 

  2826.         		}
    2827. 

  2827. ?>
    2828. 

  2828.         	</select>
    2829. 

  2829.         </div>  
    2830. 

  2830.         
    2831. 

  2831.     </fieldset>
    2832. 

  2832.     
    2833. 

  2833.     <div class="buttonrow">
    2834. 

  2834.         <input type="hidden" id="userEdit_oldusername" name="oldusername" value="" />
    2835. 

  2835. 

  2836.         <input type="hidden" name="action" value="updateuser" />
    2837. 

  2837.         <input type="hidden" name="page" value="users" />
    2838. 

  2838. 

  2839.         <?php echo htmlSubmit('submit'); ?>
    2840. 

  2840.         <?php echo htmlReset('reset', 'onClick="javascript:usersResetForm(\'userEdit\'); return false;"' ); ?>
    2841. 

  2841. 

  2842.         <input type="submit" id="userEdit_cancel" name="cancel" value="<?php echo $am->M('CANCEL') ?>" onClick="javascript:usersShowForm('userEdit',''); return false;" />
    2843. 

  2843.     </div>
    2844. 

  2844.     </form>
    2845. 

  2845. </div>
    2846. 

  2846. <!-- end of USERS edit form -->
    2847. 

  2847.         
    2848. 

  2848. <!-- USER delete form -->
    2849. 

  2849. <div id="userDelete" style="display: none;">
    2850. 

  2850.     <form id="userDelete_form" name="userDelete">
    2851. 

  2851.     <fieldset>
    2852. 

  2852.     <legend><?php echo $am->M('LEGEND_USERDELETE') ?></legend>
    2853. 

  2853.        <p id="userDelete_form_msg" class="formmessage"><?php echo $am->M('Q_USERDELETE'); ?></p>
    2854. 

  2854.     </fieldset>
    2855. 

  2855.     <div class="buttonrow">
    2856. 

  2856.         <input type="hidden" name="username" value="" />
    2857. 

  2857.         <input type="hidden" name="page" value="users" />
    2858. 

  2858.         <input type="hidden" name="action" value="deleteuser" />
    2859. 

  2859.         <input type="submit" id="userDelete_submit" name="submit" value="<?php echo $am->M('CONFIRM') ?>" />
    2860. 

  2860.         <input type="submit" id="userDelete_cancel" name="cancel" value="<?php echo $am->M('CANCEL') ?>" onClick="javascript:usersShowForm('userDelete','hide'); return false;" />
    2861. 

  2861.     </div>
    2862. 

  2862.     </form>
    2863. 

  2863. </div>
    2864. 

  2864. <!-- end of USER delete form -->
    2865. 

  2865.      
    2866. 

  2866. <!-- USERS delete selected form -->
    2867. 

  2867. <div id="usersDelSel" style="display: none;">
    2868. 

  2868.     <form id="usersDelSel_form" name="usersDelSel">
    2869. 

  2869.     <fieldset>
    2870. 

  2870.     <legend><?php echo $am->M('LEGEND_USERDELSEL') ?></legend>
    2871. 

  2871.        <p id="usersDelSel_form_msg" class="formmessage"><?php echo $am->M('Q_USERDELSEL'); ?></p>
    2872. 

  2872.     </fieldset>
    2873. 

  2873.     <div class="buttonrow">
    2874. 

  2874.         <input type="hidden" name="page" value="users" />
    2875. 

  2875.         <input type="hidden" name="action" value="deleteselusers" />
    2876. 

  2876.         <input type="submit" id="usersDelSel_submit" name="submit" value="<?php echo $am->M('CONFIRM') ?>" />
    2877. 

  2877.         <input type="submit" id="usersDelSel_cancel" name="cancel" value="<?php echo $am->M('CANCEL') ?>" onClick="javascript:usersShowForm('usersDelSel','hide'); return false;" />
    2878. 

  2878.     </div>
    2879. 

  2879.     </form>
    2880. 

  2880. </div>
    2881. 

  2881. <!-- end of USERS delete selected form -->
    2882. 

  2882. 

  2883. <!-- USERS delete all form -->
    2884. 

  2884. <div id="usersDelAll" style="display: none;">
    2885. 

  2885.     <form id="usersDelAll_form" name="usersDelSel">
    2886. 

  2886.     <fieldset>
    2887. 

  2887.     <legend><?php echo $am->M('LEGEND_USERDELALL') ?></legend>
    2888. 

  2888.        <p id="usersDelAll_form_msg" class="formmessage"><?php echo $am->M('Q_USERDELALL'); ?></p>
    2889. 

  2889.     </fieldset>
    2890. 

  2890.     <div class="buttonrow">
    2891. 

  2891.         <input type="hidden" name="page" value="users" />
    2892. 

  2892.         <input type="hidden" name="action" value="deleteallusers" />
    2893. 

  2893.         <input type="submit" id="usersDelAll_submit" name="submit" value="<?php echo $am->M('CONFIRM') ?>" />
    2894. 

  2894.         <input type="submit" id="usersDelAll_cancel" name="cancel" value="<?php echo $am->M('CANCEL') ?>" onClick="javascript:usersShowForm('usersDelAll','hide'); return false;" />
    2895. 

  2895.     </div>
    2896. 

  2896.     </form>
    2897. 

  2897. </div>
    2898. 

  2898. <!-- end of USERS delete all form -->
    2899. 

  2899.    
    2900. 

  2900. <!-- USERS userMail form -->
    2901. 

  2901. <div id="userMail" style="display: none;">
    2902. 

  2902.     <form id="userMail_form" name="userMail">
    2903. 

  2903.     <fieldset>
    2904. 

  2904.       <legend><?php echo $am->M('LEGEND_BASETEMPLATESEL') ?></legend>
    2905. 

  2905.       <div>
    2906. 

  2906.         <label for="templateid" class=""><?php echo $am->M('FIELD_BASETPLNAME') ?></label>
    2907. 

  2907.         <select id="templateid" onChange="javascript:usersOnChangeTemplate( 'userMail', this.value );">
    2908. 

  2908.             <option id="userMail_default_templateid" value=""><?php echo $am->M('OPTS_CUSTOMEMAIL') ?></option>
    2909. 

  2909.             <option value="">------</option>
    2910. 

  2910. <?php
    2911. 

  2911. 		$tplsArray = $am->getTemplates();		
    2912. 

  2912.         foreach($tplsArray as $id=>$tpl) {
    2913. 

  2913.             print '<option value="' . addslashes($id) . '">' . $tpl['name'] . '</option>';
    2914. 

  2914.         }
    2915. 

  2915. ?>
    2916. 

  2916.         </select>
    2917. 

  2917.       </div>
    2918. 

  2918.     </fieldset>
    2919. 

  2919. 	
    2920. 

  2920. 	<p id="userMail_form_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    2921. 

  2921. 

  2922.     <!-- subject, body etc -->
    2923. 

  2923.     <fieldset>
    2924. 

  2924.       <legend><?php echo $am->M('LEGEND_MAILSEND') ?></legend>
    2925. 

  2925.       <div>
    2926. 

  2926.         <label for="userMail_mailto" class=""><?php echo $am->M('FIELD_MAILTO') ?></label>
    2927. 

  2927.         <span id="userMail_mailto"></span>
    2928. 

  2928.       </div>
    2929. 

  2929.       <div>
    2930. 

  2930.         <label for="subject" class="required"><?php echo $am->M('FIELD_MAILSUBJECT') ?></label>
    2931. 

  2931.         <input id="userMail_subject" name="subject" type="text" maxlength="255" class="required" />
    2932. 

  2932.       </div>
    2933. 

  2933.       <div>
    2934. 

  2934.         <label for="type" class="required"><?php echo $am->M('FIELD_MAILTYPE') ?></label>
    2935. 

  2935.         <input checked="checked" onClick="javascript:usersOnChangeTemplateType('userMail');" type="radio" class="required" id="userMail_type" name="type" value="plaintext" />PlainText
    2936. 

  2936.         <input onClick="javascript:usersOnChangeTemplateType('userMail');" type="radio" class="required" id="userMail_type" name="type" value="html" />HTML
    2937. 

  2937.       </div>
    2938. 

  2938.       <div>
    2939. 

  2939.         <label for="body" class="required"><?php echo $am->M('FIELD_MAILBODY') ?></label>
    2940. 

  2940.       </div>
    2941. 

  2941.       <div>
    2942. 

  2942.           <textarea class="htmlcontent required" id="userMail_body" name="body" wrap="off"></textarea>
    2943. 

  2943.           <div id='userMail_templatevar'>
    2944. 

  2944.                 <?php echo $am->M('INSERT') . ': ';  echo htmlSelectTemplateVar('userMail_body'); ?>
    2945. 

  2945.           </div>      
    2946. 

  2946.       </div>
    2947. 

  2947.     </fieldset>
    2948. 

  2948.     <div class="buttonrow">
    2949. 

  2949.         <div id="userMail_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('SENDING') ?></span></div>
    2950. 

  2950.         <input type="hidden" name="username" value="" />
    2951. 

  2951.     	<input type="hidden" name="page" value="users" />
    2952. 

  2952.         <input type="hidden" name="action" value="mailtouser" />
    2953. 

  2953.         <input type="submit" id="userMail_submit" name="submit" value="<?php echo $am->M('BTN_SEND') ?>" />
    2954. 

  2954.         <input type="submit" id="userMail_clear" name="clear" value="<?php echo $am->M('BTN_CLEAR') ?>" onClick="javascript:usersResetForm('userMail'); return false;" />
    2955. 

  2955.         <input type="submit" id="userMail_cancel" name="cancel" value="<?php echo $am->M('BTN_CANCEL') ?>" onClick="javascript:usersShowForm('userMail','hide'); return false;" />
    2956. 

  2956.     </div>
    2957. 

  2957.     </form>
    2958. 

  2958. </div>
    2959. 

  2959. <!-- end of USERS userMail form -->
    2960. 

  2960. 

  2961. <div class="spacer30"></div>
    2962. 

  2962. 

  2963. <?php
    2964. 

  2964.     $prefix = 'index.php?page=users&';
    2965. 

  2965.     web_stepper( $prefix, $am->getTotalByType('authuserfile', $searchtext), $limit, $p);
    2966. 

  2966. ?>
    2967. 

  2967. 

  2968.     <form id="usersList" name="usersList" method="post" action="index.php">
    2969. 

  2969.     <table class="list">
    2970. 

  2970.         <tr class="header">
    2971. 

  2971.             <th><input type="checkbox" name="usernames" value="" onClick="javascript:usersCheckUsers();"/></th>
    2972. 

  2972.             <th><?php echo $am->M('FIELD_USERNAME') ?></th>
    2973. 

  2973.             <th><?php echo $am->M('FIELD_REALNAME') ?></th>
    2974. 

  2974.             <th><?php echo $am->M('FIELD_EMAIL') ?></th>
    2975. 

  2975.             <th>Action</th>
    2976. 

  2976.         </tr>
    2977. 

  2977. 

  2978. <?php
    2979. 

  2979.         foreach ($usersArray as $user) {
    2980. 

  2980. 	        $uname = addslashes($user['name']);
    2981. 

  2981. 		        
    2982. 

  2982. 	        print '<tr>';
    2983. 

  2983. 	        print '<td id="check"><input type="checkbox" name="usernames[]" value="' . $uname . '" /></td>';
    2984. 

  2984. 	        print '<td id="name">' . $user['name'] . '</td>';
    2985. 

  2985. 	        print '<td>'. $user['info'] .'&nbsp;</td>';
    2986. 

  2986. 	        print '<td>';
    2987. 

  2987. 	        if (isset($user['email']) && $user['email'] != '') {
    2988. 

  2988. 		        echo '<a href="javascript:usersShowForm(\'userMail\', \''.$uname.'\');"> '. $user['email'] . '</a>';
    2989. 

  2989. 	        } else { 
    2990. 

  2990. 		        echo $user['email'];
    2991. 

  2991. 	        }
    2992. 

  2992. 	        print '&nbsp;</td>';
    2993. 

  2993. 	        print '<td id="action"><a href="javascript:usersShowForm(\'userEdit\', \''.$uname.'\');"><img src="images/edit.gif" border="0" alt="Edit"></a>';
    2994. 

  2994. 	        print ' | <a href="javascript:usersShowForm(\'userDelete\', \''.$uname.'\');"><img src="images/decline.gif" border="0" alt="Delete"></a></td>';
    2995. 

  2995. 	        print '</tr>';
    2996. 

  2996.         }
    2997. 

  2997. ?>
    2998. 

  2998.     </table>
    2999. 

  2999. 

  3000.     <div class="listActions">
    3001. 

  3001.         <div class="listLeft">
    3002. 

  3002.         <select id="groupaction" onChange="javascript:usersShowForm(this.value, 'show'); $('deflistUserActions').selected=true;">
    3003. 

  3003.             <option id="deflistUserActions" value=""><?php echo $am->M('SELECTACTION') ?></option>
    3004. 

  3004.             <option value="usersMailSel" class="yellow-item"><?php echo $am->M('SENDMAILSEL') ?></option>
    3005. 

  3005.             <option value="usersDelSel" class="warn-item"><?php echo $am->M('DELETESELECTED') ?></option>
    3006. 

  3006.             <option value="usersDelAll" class="warn-item"><?php echo $am->M('DELETEALL') ?></option>
    3007. 

  3007.         </select>
    3008. 

  3008.         </div>
    3009. 

  3009. 

  3010.         <div class="listRight">
    3011. 

  3011.         <a href="javascript:usersShowForm('userAdd','show');"><?php echo $am->M('ADDNEWUSER') ?></a>
    3012. 

  3012.         </div>
    3013. 

  3013.     </div>
    3014. 

  3014. 

  3015.     <input type="hidden" name="page" value="users" />
    3016. 

  3016.     <input type="hidden" name="action" value="" />
    3017. 

  3017.     </form>
    3018. 

  3018.     <div class="spacer30"></div>
    3019. 

  3019.     
    3020. 

  3020. <?php if ($am->hasFeature('tinymcejs')) { ?>
    3021. 

  3021. <script type="text/javascript" xml:space="preserve">
    3022. 

  3022. //<![CDATA[
    3023. 

  3023. 	tinyMCE.init({
    3024. 

  3024. 	    mode : "none",
    3025. 

  3025.         <?php if ($am->isDemo()) { echo "plugins : \"noneditable\",\n"; } ?>
    3026. 

  3026. 	    theme : "simple"
    3027. 

  3027. 	});
    3028. 

  3028. //]]>
    3029. 

  3029. </script>
    3030. 

  3030. <?php } ?>
    3031. 

  3031.     
    3032. 

  3032. <?php
    3033. 

  3033. print "\n<script type=\"text/javascript\" xml:space=\"preserve\">\n//<![CDATA[\n";
    3034. 

  3034. print "var users = new Array();\n";
    3035. 

  3035. foreach ($usersArray as $user) {
    3036. 

  3036. 	$uname = addslashes($user['name']);
    3037. 

  3037. 

  3038. 	print 'users["'.$uname.'"] = new Array();' . "\n";
    3039. 

  3039. 	foreach ($user as $k=>$v) {
    3040. 

  3040. 		if ($k == 'pass' || $k == 'pass_raw') {
    3041. 

  3041. 			continue;
    3042. 

  3042. 		}
    3043. 

  3043. 		echo ' users["'.$uname.'"]["'.$k.'"] = "'. addslashes($v) . '";' . "\n";
    3044. 

  3044. 	}
    3045. 

  3045. }
    3046. 

  3046. 

  3047. echo getJsArray('emailTemplates');
    3048. 

  3048. 

  3049. // ------------- EDIT USERS - JS values --------------
    3050. 

  3050. if ($action == 'updateuser' && hasParam('username')) {
    3051. 

  3051. 	$uname = addslashes( getParam('username', null, 'username') );
    3052. 

  3052. 	echo "usersShowForm('userEdit', '" . $uname . "');\n";
    3053. 

  3053. }
    3054. 

  3054. 

  3055. // ------------- ADD USER - JS values --------------
    3056. 

  3056. if ($action == 'adduser' && isset($error)) {
    3057. 

  3057. 	echo "usersShowForm('userAdd', 'show');\n";
    3058. 

  3058. }
    3059. 

  3059. 

  3060. print "//]]>\n</script>\n";
    3061. 

  3061. echo '</div>'; // righty
    3062. 

  3062. web_footer();
    3063. 

  3063. }
    3064. 

  3064. /* the end of 'users' module */
    3065. 

  3065. 

  3066. 

  3067. /**
    3068. 

  3068.  * Manage new user requests
    3069. 

  3069.  * 
    3070. 

  3070.  * @return void
    3071. 

  3071.  */
    3072. 

  3072. function showPage_signups()
    3073. 

  3073. {
    3074. 

  3074. 	global $am;
    3075. 

  3075. 

  3076. 	// Checking access rights
    3077. 

  3077. 	if (!$am->isAdmin()) {
    3078. 

  3078. 		$_SESSION['durl'] = $_SERVER['REQUEST_URI'];
    3079. 

  3079. 		showPage_401( true );
    3080. 

  3080. 		exit;
    3081. 

  3081. 	}
    3082. 

  3082. 

  3083. 	$error = $message = null;
    3084. 

  3084. 	$action = getParam('action', null, 'attribute');
    3085. 

  3085. 

  3086.     // ------------- Ajax Actions ----------------    
    3087. 

  3087. 

  3088. 	// Ajax Action: checkusername
    3089. 

  3089. 	if ($action == 'checkusername') {
    3090. 

  3090. 		$username = getParam('username', null, 'username');
    3091. 

  3091. 

  3092. 		if ($am->isRecordByType('authuserfile', $username)) {
    3093. 

  3093. 			echo 'USERFOUND';
    3094. 

  3094. 		} else {
    3095. 

  3095. 			echo 'NOSUCHUSER';
    3096. 

  3096. 		}
    3097. 

  3097. 		return;
    3098. 

  3098. 	}
    3099. 

  3099. 	
    3100. 

  3100. 	
    3101. 

  3101. 	// ------------- General variables ----------------
    3102. 

  3102. 

  3103. 	$limit = 10;
    3104. 

  3104. 	if (hasParam('limit')) {
    3105. 

  3105. 		$limit  = getParam('limit', 10, 'int');
    3106. 

  3106. 		$_SESSION['user_limit'] = $limit;
    3107. 

  3107. 	} else if (isset($_SESSION['user_limit'])) {
    3108. 

  3108. 		$limit = $_SESSION['user_limit'];
    3109. 

  3109. 	}
    3110. 

  3110. 

  3111. 	$p = 1;
    3112. 

  3112. 	if (hasParam('p')) {
    3113. 

  3113. 		$p = getParam('p', 1, 'int' );
    3114. 

  3114. 		$_SESSION['user_p'] = $p;
    3115. 

  3115. 	} else if (isset($_SESSION['user_p'])) {
    3116. 

  3116. 		$p = $_SESSION['user_p'];
    3117. 

  3117. 	}
    3118. 

  3118. 

  3119. 	if (empty($limit)) {
    3120. 

  3120. 		$p = 1;
    3121. 

  3121. 	}
    3122. 

  3122. 

  3123. 	$offset = ($p-1) * $limit;
    3124. 

  3124. 

  3125. 	// ------------- Actions ----------------
    3126. 

  3126. 

  3127. 	// Action: approve
    3128. 

  3128. 	if ($action == 'approve') {
    3129. 

  3129. 		
    3130. 

  3130. 		$username = getParam('username', null, 'username');
    3131. 

  3131. 		if (!isset($username) || $username == '') {
    3132. 

  3132. 			$error = $am->E('INVALIDREQUEST') . ' [username]';
    3133. 

  3133. 		} else if ($am->isRecordByType('authuserfile', $username)) {
    3134. 

  3134. 			$error = $am->E('USEREXISTS', $username);
    3135. 

  3135. 		}
    3136. 

  3136. 

  3137. 		$password = getParam('password', null, 'password');
    3138. 

  3138. 		if (empty($password)) {
    3139. 

  3139. 			$error = $am->E('INVALIDREQUEST') . ' [password]';
    3140. 

  3140. 		}
    3141. 

  3141. 

  3142. 		$data = array('name'=>$username,
    3143. 

  3143. 		              'pass_raw'=>$password,
    3144. 

  3144. 		              'info'=>getParam('realname', null, 'field'),
    3145. 

  3145. 		              'email'=>getParam('email', null, 'email'));
    3146. 

  3146. 

  3147. 		if (!isset($error)) {
    3148. 

  3148. 			if (false == $am->setRecordByType( 'authuserfile', null,  $data, true )) {
    3149. 

  3149. 				$error = $am->E('USERINSERTFAILED', $username)
    3150. 

  3150. 				       . ': ' . $am->getError();
    3151. 

  3151. 			}
    3152. 

  3152. 		}
    3153. 

  3153. 

  3154. 		if (!isset($error)) {
    3155. 

  3155. 			if (!$am->setRecordByType('signupfile', $username, null, true)) {
    3156. 

  3156. 				$error = $am->E('USERDELETEFAILED', $username) 
    3157. 

  3157. 				       .  ': ' . $am->getError();
    3158. 

  3158. 			}
    3159. 

  3159. 		}
    3160. 

  3160. 				
    3161. 

  3161. 		if (!isset($error)) {
    3162. 

  3162. 			$message = $am->M('USERINSSUCCESS', $username);
    3163. 

  3163. 			$action = false;
    3164. 

  3164. 		}
    3165. 

  3165. 

  3166. 		// sending notification e-mail
    3167. 

  3167. 		$am->setRuntimeValue('useradd_sendmail', hasParam('sendmail'), true);
    3168. 

  3168. 		if (!isset($error) && hasParam('sendmail')) {
    3169. 

  3169. 			$template = getParam('template', 'useradd', 'attribute');
    3170. 

  3170. 

  3171. 			if (false == $am->sendMail($template, $data )) {
    3172. 

  3172. 				$error = $am->getError();
    3173. 

  3173. 			}
    3174. 

  3174. 		}
    3175. 

  3175. 		
    3176. 

  3176. 	// Action: delete
    3177. 

  3177. 	} else if ($action == 'delete') {
    3178. 

  3178. 

  3179. 		$username = getParam('username', null, 'username');
    3180. 

  3180. 		if (!$am->isRecordByType('signupfile', $username)) {
    3181. 

  3181. 			$error = $am->E('USERNOTEXISTS', $username);
    3182. 

  3182. 		}
    3183. 

  3183. 

  3184. 		if (!isset($error)) {
    3185. 

  3185. 			if (false == $am->setRecordByType( 'signupfile', $username, null, true )) {
    3186. 

  3186. 				$error = $am->E('USERDELETEFAILED', $username) .
    3187. 

  3187. 				': ' . $am->getError();
    3188. 

  3188. 			}
    3189. 

  3189. 		}
    3190. 

  3190. 		if (!isset($error)) {
    3191. 

  3191. 			$message = $am->M('MSG_SIGNUPUSERDELETED', $username);
    3192. 

  3192. 		}
    3193. 

  3193. 	
    3194. 

  3194. 	// Action: delete selected users
    3195. 

  3195. 	} else if ($action == 'deleteselected') {
    3196. 

  3196. 		$usernames = getParam('usernames', null, 'username');
    3197. 

  3197. 		foreach($usernames as $username) {
    3198. 

  3198. 

  3199. 			if (!$am->isRecordByType('signupfile', $username)) {
    3200. 

  3200. 				$error = $am->E('USERNOTEXISTS', $username);
    3201. 

  3201. 				break;
    3202. 

  3202. 			}
    3203. 

  3203. 

  3204. 			if (false == $am->setRecordByType('signupfile', $username, null, true)) {
    3205. 

  3205. 				$error = $am->E('USERDELETEFAILED', $username) .  ': ' . $am->getError();
    3206. 

  3206. 				break;
    3207. 

  3207. 			}
    3208. 

  3208. 

  3209. 		}
    3210. 

  3210. 		if (!isset($error)) {
    3211. 

  3211. 			$message = $am->M('USERSSELDELETED');
    3212. 

  3212. 		}
    3213. 

  3213. 

  3214. 	// Action: delete ALL
    3215. 

  3215. 	} else if ($action == 'deleteall') {
    3216. 

  3216. 

  3217. 		if (!isset($error)) {
    3218. 

  3218. 			if (false == $am->clearAllRecordsByType('signupfile', true)) {
    3219. 

  3219. 				$error = $am->E('SIGNUPUSERSDELALLFAILED') 
    3220. 

  3220. 				       . ': ' . $am->getError();
    3221. 

  3221. 			}
    3222. 

  3222. 		}
    3223. 

  3223. 		if (!isset($error)) {
    3224. 

  3224. 			$message = $am->M('MSG_SIGNUPUSERSALLDELETED');
    3225. 

  3225. 		}
    3226. 

  3226. 	
    3227. 

  3227. 	}
    3228. 

  3228. 

  3229. 	$signupsArray = $am->getRecordsByType( 'signupfile', 'name', $limit, $offset );
    3230. 

  3230. 

  3231. 	web_header( $am->M('SUBTITLE_SIGNUPS'));
    3232. 

  3232. 	web_menu();
    3233. 

  3233. 	echo '<div id="righty">';
    3234. 

  3234. 

  3235. 	// ------------- Information ----------------
    3236. 

  3236. 	echo '<div class="pagenotes">';
    3237. 

  3237. 	echo '<h4>' . $am->M('SUBTITLE_SIGNUPS') . '</h4>';
    3238. 

  3238. 

  3239. 	echo '<div><div class="name">' . $am->M('SINGUPREQUESTS') . '</div>';
    3240. 

  3240. 	echo '<div class="value">' . $am->getTotalByType('signupfile') . '</div></div>';
    3241. 

  3241. 

  3242. 	echo '</div>';
    3243. 

  3243. 

  3244. 	// ------------- Message ----------------
    3245. 

  3245. 	web_message( $message, $error );
    3246. 

  3246. 	
    3247. 

  3247. ?>
    3248. 

  3248.     <h1><?php echo $am->M('SUBTITLE_SIGNUPS') ?></h1>
    3249. 

  3249. 

  3250.  <?php
    3251. 

  3251.     $file = $am->getPathByType('signupfile');
    3252. 

  3252.     if (false == $file) {
    3253. 

  3253.     	echo '<div class="block">';
    3254. 

  3254.     	echo 'No signup file found';
    3255. 

  3255. 		echo '</div>';
    3256. 

  3256.     }
    3257. 

  3257.  ?>
    3258. 

  3258.  	<div class="spacer30"></div>
    3259. 

  3259.  	
    3260. 

  3260.  	
    3261. 

  3261.     <!-- approve / add form -->
    3262. 

  3262.     <div id="approve_container" style="display: none;">
    3263. 

  3263.     <form id="approve" name="approve" method="post">
    3264. 

  3264. 

  3265.     <fieldset>
    3266. 

  3266.     <legend><?php echo $am->M('LEGEND_SIGNUPINFORMATION') ?></legend>
    3267. 

  3267.         
    3268. 

  3268.         <div>
    3269. 

  3269.             <label for="datetime"><?php echo $am->M('FIELD_DATETIME') ?></label>
    3270. 

  3270.             <span id="approve_datetime" name="datetime"></span>
    3271. 

  3271.         </div>
    3272. 

  3272. 

  3273.         <div>
    3274. 

  3274.             <label for="remoteaddr"><?php echo $am->M('FIELD_REMOTEADDR') ?></label>
    3275. 

  3275.             <span id="approve_remoteaddr" name="remoteaddr"></span>
    3276. 

  3276.         </div>
    3277. 

  3277.         
    3278. 

  3278.         <div>
    3279. 

  3279.             <label for="referer"><?php echo $am->M('FIELD_REFERER') ?></label>
    3280. 

  3280.             <span id="approve_referer" name="referer"></span>
    3281. 

  3281.         </div>
    3282. 

  3282. 

  3283.     </fieldset>
    3284. 

  3284. 

  3285.     <div id="approve_checkusername" style="float:right;"></div>
    3286. 

  3286.     <p id="approve_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    3287. 

  3287. 

  3288.     
    3289. 

  3289.     <fieldset>
    3290. 

  3290.     <legend><?php echo $am->M('LEGEND_SIGNUPAPPROVE') ?></legend>
    3291. 

  3291.     
    3292. 

  3292.         <div>
    3293. 

  3293.             <label for="username" class="required"><?php echo $am->M('FIELD_USERNAME') ?></label>
    3294. 

  3294.             <input id="approve_username" type="text" name="username" maxlength="255" class="required" />
    3295. 

  3295.             <input id="approve_check" name="check" type="button" value="<?php echo $am->M('CHECK') ?>" onclick="javascript:mainCheckUsername2('approve');" />
    3296. 

  3296.         </div>
    3297. 

  3297.         <div>
    3298. 

  3298.         <label for="password" class="required"><?php echo $am->M('FIELD_PASSWORD') ?></label>
    3299. 

  3299.             <input id="approve_password" type="text" name="password" maxlength="255" class="required" />
    3300. 

  3300.             <input type="button" value="<?php echo $am->M('GENERATE') ?>" onclick="javascript:mainGeneratePassword2('approve');" />
    3301. 

  3301.         </div>
    3302. 

  3302.         <div>
    3303. 

  3303.         	<label for="realname"><?php echo $am->M('FIELD_REALNAME') ?></label>
    3304. 

  3304.             <input id="approve_realname" type="text" name="realname" size="40" maxlength="255" />
    3305. 

  3305.         </div>
    3306. 

  3306.         <div>
    3307. 

  3307.         <label for="email"><?php echo $am->M('FIELD_EMAIL') ?></label>
    3308. 

  3308.             <input id="approve_email" type="text" name="email" size="40" maxlength="255" />
    3309. 

  3309.         </div>
    3310. 

  3310.         
    3311. 

  3311.         <div class="dashed"></div>
    3312. 

  3312. <?php
    3313. 

  3313. $sendMail = true;
    3314. 

  3314. if (false == $am->hasFeature('PHPMailer')) {
    3315. 

  3315. 	$sendMail = false;
    3316. 

  3316. 

  3317. } else if ($am->hasRuntimeValue('useradd_sendmail') && $am->getRuntimeValue('useradd_sendmail') != "1") {
    3318. 

  3318. 	$sendMail = false;
    3319. 

  3319. }
    3320. 

  3320. ?>        
    3321. 

  3321.         <div>
    3322. 

  3322.         	<label for="sendmail"><?php echo $am->M('FIELD_WELCOMEEMAIL') ?></label>
    3323. 

  3323.             <input type="checkbox" id="approve_sendmail" name="sendmail" value="1" 
    3324. 

  3324.                    <?php if ($sendMail) { echo ' checked="checked" '; } ?>
    3325. 

  3325.                    onClick="javascript:mainOnChangeSendMail2('approve');" /> <?php echo $am->M('SEND') ?>
    3326. 

  3326.         </div>
    3327. 

  3327. 

  3328. <?php if (false == $am->hasFeature('PHPMailer')) {        
    3329. 

  3329. 		echo '<div class="block">';
    3330. 

  3330. 		echo $am->W('SENDMAILFAIL_INSTALLPHPMAILER');
    3331. 

  3331. 		echo '</div>';
    3332. 

  3332.       }
    3333. 

  3333. ?>	 
    3334. 

  3334.        
    3335. 

  3335.         <div id="approve_showtemplate" style="display:<?php echo $sendMail ? 'block' : 'none' ?>;">
    3336. 

  3336.         	<label for="template"><?php echo $am->M('FIELD_EMAILTEMPLATE') ?></label>
    3337. 

  3337.         	<select id="approve_template" name="template">
    3338. 

  3338.         		<option value=""><?php echo $am->M('SELECTONE') ?></option>
    3339. 

  3339.         		<?php 
    3340. 

  3340.         		foreach ($am->getTemplates() as $id=>$tpl) {
    3341. 

  3341.         			echo '<option value="' . addslashes($id).'"';
    3342. 

  3342.         			if ($tpl['role'] == 'useradd') {
    3343. 

  3343.         				echo ' selected="selected"';
    3344. 

  3344.         			}
    3345. 

  3345.         			echo '>';
    3346. 

  3346.         			echo $tpl['name'] . '</option>';
    3347. 

  3347.         		}
    3348. 

  3348.         		?>
    3349. 

  3349.         	</select>
    3350. 

  3350.         </div>        
    3351. 

  3351.     </fieldset>
    3352. 

  3352.     
    3353. 

  3353.     <div class="buttonrow">
    3354. 

  3354.         <input type="hidden" name="action" value="approve" />
    3355. 

  3355.         <input type="hidden" name="page" value="signups" />
    3356. 

  3356.         <?php echo htmlSubmit('submit'); ?>
    3357. 

  3357.         <?php echo htmlReset('reset', 'onClick="javascript:signupsResetForm(\'approve\'); return false;"' ); ?>
    3358. 

  3358.         <?php echo htmlInput('submit', 'approve_cancel', $am->M('CANCEL'), "onClick=\"javascript:signupsShowForm('approve','hide'); return false;\"") ?>
    3359. 

  3359.     </div>
    3360. 

  3360.     </form>
    3361. 

  3361. 

  3362.     <div class="spacer30"></div>
    3363. 

  3363.     </div>
    3364. 

  3364.     <!-- end of approve / add form -->
    3365. 

  3365. 

  3366.             
    3367. 

  3367.     <!-- Signup delete form -->
    3368. 

  3368.     <div id="delete_container" style="display: none;">
    3369. 

  3369.     <form id="delete" name="delete">
    3370. 

  3370.     <fieldset>
    3371. 

  3371.     <legend><?php echo $am->M('LEGEND_SIGNUPDELETE') ?></legend>
    3372. 

  3372.        <p id="delete_msg" class="formmessage"><?php echo $am->M('Q_SIGNUPDELETE'); ?></p>
    3373. 

  3373.     </fieldset>
    3374. 

  3374.     <div class="buttonrow">
    3375. 

  3375.         <input type="hidden" name="username" value="" />
    3376. 

  3376.         <input type="hidden" name="page" value="signups" />
    3377. 

  3377.         <input type="hidden" name="action" value="delete" />
    3378. 

  3378.         <input type="submit" name="submit" value="<?php echo $am->M('CONFIRM') ?>" />
    3379. 

  3379.         <input type="submit" name="cancel" value="<?php echo $am->M('CANCEL') ?>" onClick="javascript:signupsShowForm('delete','hide'); return false;" />
    3380. 

  3380.     </div>
    3381. 

  3381.     </form>
    3382. 

  3382. 

  3383.     <div class="spacer30"></div>
    3384. 

  3384.     </div>
    3385. 

  3385.     <!-- end of Signup delete form -->
    3386. 

  3386.      
    3387. 

  3387.     <!-- USERS delete selected form -->
    3388. 

  3388.     <div id="deleteselected_container" style="display: none;">
    3389. 

  3389.     <form id="deleteselected" name="deleteselected" method="post">
    3390. 

  3390.     <fieldset>
    3391. 

  3391.     <legend><?php echo $am->M('LEGEND_USERDELSEL') ?></legend>
    3392. 

  3392.        <p id="deleteselected_msg" class="formmessage"><?php echo $am->M('Q_USERDELSEL'); ?></p>
    3393. 

  3393.     </fieldset>
    3394. 

  3394.     <div class="buttonrow">
    3395. 

  3395.         <input type="hidden" name="page" value="signups" />
    3396. 

  3396.         <input type="hidden" name="action" value="deleteselected" />
    3397. 

  3397.         <input type="submit" name="submit" value="<?php echo $am->M('CONFIRM') ?>" />
    3398. 

  3398.         <input type="submit" name="cancel" value="<?php echo $am->M('CANCEL') ?>" onClick="javascript:signupsShowForm('deleteselected','hide'); return false;" />
    3399. 

  3399.     </div>
    3400. 

  3400.     </form>
    3401. 

  3401.     <div class="spacer30"></div>
    3402. 

  3402.     </div>
    3403. 

  3403.     <!-- end of USERS delete selected form -->
    3404. 

  3404. 

  3405.     <!-- USERS delete all form -->
    3406. 

  3406.     <div id="deleteall_container" style="display: none;">
    3407. 

  3407.     <form id="deleteall" name="deleteall" method="post">
    3408. 

  3408.     <fieldset>
    3409. 

  3409.     <legend><?php echo $am->M('LEGEND_SIGNUPUSERDELALL') ?></legend>
    3410. 

  3410.        <p id="deleteall_msg" class="formmessage"><?php echo $am->M('Q_USERDELALL'); ?></p>
    3411. 

  3411.     </fieldset>
    3412. 

  3412.     <div class="buttonrow">
    3413. 

  3413.         <input type="hidden" name="page" value="signups" />
    3414. 

  3414.         <input type="hidden" name="action" value="deleteall" />
    3415. 

  3415.         <input type="submit" name="submit" value="<?php echo $am->M('CONFIRM') ?>" />
    3416. 

  3416.         <input type="submit" name="cancel" value="<?php echo $am->M('CANCEL') ?>" onClick="javascript:signupsShowForm('deleteall','hide'); return false;" />
    3417. 

  3417.     </div>
    3418. 

  3418.     </form>
    3419. 

  3419.     <div class="spacer30"></div>
    3420. 

  3420.     </div>
    3421. 

  3421.     <!-- end of USERS delete all form -->
    3422. 

  3422.    
    3423. 

  3423. 

  3424. <?php
    3425. 

  3425. $prefix = 'index.php?page=signups&';
    3426. 

  3426. web_stepper( $prefix, $am->getTotalByType('signupfile'), $limit, $p);
    3427. 

  3427. ?>
    3428. 

  3428. 

  3429.     <form id="usersList" name="usersList" method="post" action="index.php">
    3430. 

  3430.     <table class="list">
    3431. 

  3431.         <tr class="header">
    3432. 

  3432.             <th><input type="checkbox" name="usernames" value="" onClick="javascript:usersCheckUsers();"/></th>
    3433. 

  3433.             <th><?php echo $am->M('FIELD_USERNAME') ?></th>
    3434. 

  3434.             <th><?php echo $am->M('FIELD_REALNAME') ?></th>
    3435. 

  3435.             <th><?php echo $am->M('FIELD_EMAIL') ?></th>
    3436. 

  3436.             <th><?php echo $am->M('FIELD_REMOTEADDR') ?></th>
    3437. 

  3437.             <th>Action</th>
    3438. 

  3438.         </tr>
    3439. 

  3439. 

  3440. <?php
    3441. 

  3441. foreach ($signupsArray as $data) {
    3442. 

  3442. 	$uname = addslashes($data['name']);
    3443. 

  3443. 		
    3444. 

  3444. 	print '<tr>';
    3445. 

  3445. 	print '<td id="check"><input type="checkbox" name="usernames[]" value="' . $uname . '" /></td>';
    3446. 

  3446. 	print '<td id="name">' . $data['name'] . '</td>';
    3447. 

  3447. 	print '<td>'. $data['info'] .'&nbsp;</td>';
    3448. 

  3448. 	print '<td>';
    3449. 

  3449. 	echo $data['email'];
    3450. 

  3450. 	print '&nbsp;</td>';
    3451. 

  3451. 	
    3452. 

  3452. 	// remoteaddr
    3453. 

  3453. 	echo '<td>';
    3454. 

  3454. 	echo $data['remoteaddr'];
    3455. 

  3455. 	// echo '<br />';
    3456. 

  3456. 	// echo htmlspecialchars($data['referer']);
    3457. 

  3457. 	echo '</td>';
    3458. 

  3458. 	
    3459. 

  3459. 	print '<td id="action"><a href="javascript:signupsShowForm(\'approve\', \''.$uname.'\');"><img src="images/approve.gif" border="0" alt="Approve"></a>';
    3460. 

  3460. 	print ' | <a href="javascript:signupsShowForm(\'delete\', \''.$uname.'\');"><img src="images/decline.gif" border="0" alt="Decline"></a></td>';
    3461. 

  3461. 	print '</tr>';
    3462. 

  3462. }
    3463. 

  3463. 

  3464. ?>
    3465. 

  3465.     </table>
    3466. 

  3466. 

  3467.     <div class="listActions">
    3468. 

  3468.         <div class="listLeft">
    3469. 

  3469.         <select id="groupaction" onChange="javascript:signupsShowForm(this.value, 'show'); $('deflistActions').selected=true;">
    3470. 

  3470.             <option id="deflistActions" value=""><?php echo $am->M('SELECTACTION') ?></option>
    3471. 

  3471.             <option value="">-------------------</option>
    3472. 

  3472.             <option value="deleteselected"><?php echo $am->M('DELETESELECTED') ?></option>
    3473. 

  3473.             <?php if (count($signupsArray) > 0) { ?>
    3474. 

  3474.             	<option value="deleteall"><?php echo $am->M('DELETEALL') ?></option>
    3475. 

  3475.             <?php } ?>
    3476. 

  3476.         </select>
    3477. 

  3477.         </div>
    3478. 

  3478.     </div>
    3479. 

  3479. 

  3480.     <input type="hidden" name="page" value="signups" />
    3481. 

  3481.     <input type="hidden" name="action" value="" />
    3482. 

  3482.     </form>
    3483. 

  3483. 

  3484.     <div class="spacer30"></div>
    3485. 

  3485.     
    3486. 

  3486.    
    3487. 

  3487. <?php
    3488. 

  3488. print "\n<script type=\"text/javascript\" xml:space=\"preserve\">\n//<![CDATA[\n";
    3489. 

  3489. print "var signups = new Array();\n";
    3490. 

  3490. foreach ($signupsArray as $data) {
    3491. 

  3491. 	$uname = addslashes($data['name']);
    3492. 

  3492. 

  3493. 	print 'signups["'.$uname.'"] = new Array();' . "\n";
    3494. 

  3494. 	foreach ($data as $k=>$v) {
    3495. 

  3495. 		if ($k == 'referer') {
    3496. 

  3496. 			$v = strlen($v) > 40 ? substr($v, 0, 40) . '...' : $v;
    3497. 

  3497. 		}
    3498. 

  3498. 		if ($k == 'ts') {
    3499. 

  3499. 			$v = gmdate('D, d M Y H:i:s', $v) . ' GMT';
    3500. 

  3500. 		}
    3501. 

  3501.  		echo ' signups["'.$uname.'"]["'.$k.'"] = "'. addslashes($v) . '";' . "\n";
    3502. 

  3502. 	}
    3503. 

  3503. }
    3504. 

  3504. 

  3505. // ------------- EDIT Signup JS values --------------
    3506. 

  3506. if ($action == 'approve' && hasParam('username')) {
    3507. 

  3507. 	$uname = addslashes( getParam('username', null, 'username') );
    3508. 

  3508. 	echo "signupsShowForm('approve', '" . $uname . "');\n";
    3509. 

  3509. }
    3510. 

  3510. 

  3511. print "//]]>\n</script>\n";
    3512. 

  3512. echo '</div>'; // righty
    3513. 

  3513. web_footer();
    3514. 

  3514. }
    3515. 

  3515. /* the end of signups module */
    3516. 

  3516. 

  3517. 

  3518. /**
    3519. 

  3519.  * System Operations
    3520. 

  3520.  *
    3521. 

  3521.  * @return void
    3522. 

  3522.  */
    3523. 

  3523. function showPage_settings()
    3524. 

  3524. {
    3525. 

  3525.     global $am;
    3526. 

  3526. 

  3527.     if (!$am->isAdmin( true )) {
    3528. 

  3528.     	$_SESSION['durl'] = $_SERVER['REQUEST_URI'];
    3529. 

  3529.         showPage_401();
    3530. 

  3530.         exit;
    3531. 

  3531.     }
    3532. 

  3532. 

  3533.     $message = $error = null;
    3534. 

  3534.     $action = getParam('action', null, 'attribute');
    3535. 

  3535. 

  3536.     ### ADMIN: update
    3537. 

  3537.     if ($action == 'updateadmin') {
    3538. 

  3538. 

  3539.         $username = getParam('username', null, 'username');
    3540. 

  3540.         if ($username == '') {
    3541. 

  3541.             $error = $am->E('INVALIDREQUEST');
    3542. 

  3542.         }
    3543. 

  3543. 

  3544.         if (!isset($error)) {
    3545. 

  3545.             list($admin) = $am->getRecordsByType( 'authadminfile', null, 1, 0 );
    3546. 

  3546. 

  3547.             $data = $admin;
    3548. 

  3548. 

  3549.             $data['name'] = $username;
    3550. 

  3550.             $data['info'] = getParam('realname', null, 'field');
    3551. 

  3551.             $data['email'] = getParam('email', null, 'email');
    3552. 

  3552. 

  3553.             if (hasParam('password')) {
    3554. 

  3554.                 $rawpass = getParam('password', null, 'password');
    3555. 

  3555.                 if (isset($rawpass) && $rawpass != '') {
    3556. 

  3556.                     $data['pass'] = $am->htcrypt($rawpass);
    3557. 

  3557.                 }
    3558. 

  3558.             }
    3559. 

  3559. 

  3560.             # update / insert
    3561. 

  3561.             if (!$am->setRecordByType( 'authadminfile', null, $data, true, true )) {
    3562. 

  3562.                 $error = $am->E('ADMINUPDATEFAILED', $username).': '.$am->getError();
    3563. 

  3563.             }
    3564. 

  3564.         }
    3565. 

  3565. 

  3566.         if (!isset($error)) {
    3567. 

  3567.             $am->loginAs( $data['name'], $data['pass']);
    3568. 

  3568.         	$message = $am->M('ADMINUPDSUCCESS', $username);
    3569. 

  3569.         }
    3570. 

  3570.     }
    3571. 

  3571. 

  3572.     ### ADMIN: download file
    3573. 

  3573.     if ($action == 'downloadfile') {
    3574. 

  3574.         $filetype = getParam('filetype', null, 'attribute');
    3575. 

  3575. 

  3576.         $contents = $am->getFileContentsByType($filetype, true); // raw
    3577. 

  3577.         if (!$am->isError()) {
    3578. 

  3578.             header('Content-Type: text/plain');
    3579. 

  3579.             header('Content-Disposition: attachment; filename='.$filetype.'.txt');
    3580. 

  3580. 

  3581.             echo $contents;
    3582. 

  3582.             return;
    3583. 

  3583.         }
    3584. 

  3584.         $error = $am->getError();
    3585. 

  3585.     }
    3586. 

  3586.   
    3587. 

  3587.     ### ADMIN: download apache files
    3588. 

  3588.     if ($action == 'downloadapache') {
    3589. 

  3589. 

  3590.         $zip_path = '/usr/bin/zip';
    3591. 

  3591.         if (!is_file($zip_path) || !is_executable($zip_path)) {
    3592. 

  3592.             $error = 'ZIP archiver not found';
    3593. 

  3593.         }
    3594. 

  3594. 

  3595.         $filesArray = array($am->getPathByType('accessfile'),
    3596. 

  3596.                             $am->getPathByType('authadminfile'),
    3597. 

  3597.                             $am->getPathByType('authuserfile'),
    3598. 

  3598.                             $am->getPathByType('accessfile_dist'),
    3599. 

  3599.                             $am->getPathByType('authuserfile_dist'));
    3600. 

  3600. //                            $am->getPathByType('authgroupfile'),
    3601. 

  3601. //                            $am->getPathByType('authgroupfile_dist'));
    3602. 

  3602. 

  3603.         $zip_file = $am->getTempFilePath() . '.zip';
    3604. 

  3604. 

  3605.         ob_start();
    3606. 

  3606.         foreach ($filesArray as $filepath) {
    3607. 

  3607.             $cmd = $zip_path . ' -u ' . $zip_file . ' ' . $filepath;
    3608. 

  3608.             
    3609. 

  3609.             $retval = null;
    3610. 

  3610.             passthru( $cmd, $retval );
    3611. 

  3611.         }
    3612. 

  3612.         // $val = ob_get_contents();
    3613. 

  3613.         ob_end_clean();
    3614. 

  3614. 

  3615.         if (!isset($error)) {
    3616. 

  3616.             header('Content-Type: application/x-zip-compressed');
    3617. 

  3617.             header('Content-Disposition: attachment; filename=authman_files.zip');
    3618. 

  3618.             header('Content-Transfer-Encoding: binary');
    3619. 

  3619. 

  3620.             readfile( $zip_file );
    3621. 

  3621.             unlink( $zip_file );
    3622. 

  3622. 

  3623.             return;
    3624. 

  3624.         }
    3625. 

  3625.     }
    3626. 

  3626.  
    3627. 

  3627.     ### ADMIN: update file (ajax)
    3628. 

  3628.     if ($action == 'savefile') {
    3629. 

  3629.         $filetype = getParam('filetype', null, 'attribute');
    3630. 

  3630.         $contents = getParam('contents', null, 'htmlcode');
    3631. 

  3631. 

  3632.         $filepath = $am->getPathByType($filetype);
    3633. 

  3633.         // save contents as raw data
    3634. 

  3634.         if (!isset($error)) {
    3635. 

  3635.             $results = $am->setFileContentsByType( $filetype, $contents, true, true); 
    3636. 

  3636.             if (!$results) {
    3637. 

  3637.                 $error = $am->getError();
    3638. 

  3638.             }
    3639. 

  3639.         }
    3640. 

  3640. 

  3641.         if (!isset($error)) {
    3642. 

  3642.                 $message = $am->M('FILEUPDSUCCESS', $filepath);
    3643. 

  3643.         }
    3644. 

  3644. 

  3645.         if (!isset($error)) {
    3646. 

  3646.             print '<div class="message">' . fmt_message($message) . "</div>\n";
    3647. 

  3647.         } else {
    3648. 

  3648.             print '<div class="warning">' . fmt_message($error) . "</div>\n";
    3649. 

  3649.         }
    3650. 

  3650. 

  3651.         return; // ajax only
    3652. 

  3652.     }
    3653. 

  3653.   
    3654. 

  3654.     ### ADMIN: reset protected (ajax)
    3655. 

  3655.     if ($action == 'resetprotected') {
    3656. 

  3656.         if (false == $am->resetProtectedDirectory()) {
    3657. 

  3657.             $error = $am->getError();
    3658. 

  3658.         }
    3659. 

  3659.        
    3660. 

  3660.         if (!isset($error)) {
    3661. 

  3661.             $message = $am->M('REBLDSUCCESS');
    3662. 

  3662.         }
    3663. 

  3663. 

  3664.         if (!isset($error)) {
    3665. 

  3665.             print '<div class="message">' . fmt_message($message) . "</div>\n";
    3666. 

  3666.         } else {
    3667. 

  3667.             print '<div class="warning">' . fmt_message($error) . "</div>\n";
    3668. 

  3668.         }
    3669. 

  3669. 

  3670.         exit;
    3671. 

  3671.     }
    3672. 

  3672.    
    3673. 

  3673.     ### ADMIN: adding & updating email template
    3674. 

  3674.     if ($action == 'addtemplate' || $action == 'updatetemplate') {
    3675. 

  3675.         if ($action == 'updatetemplate') {
    3676. 

  3676.             $templateid = getParam('templateid', null, 'field');
    3677. 

  3677. 

  3678.             if (!isset($templateid) || $templateid=='') {
    3679. 

  3679.                 $error = $am->E('INVALIDREQUEST') . ' [templateid]';
    3680. 

  3680.             }
    3681. 

  3681.         } else {
    3682. 

  3682.             $templateid = time();
    3683. 

  3683.         }
    3684. 

  3684. 

  3685.         $name    = getParam('templatename', null, 'field');
    3686. 

  3686.         $type    = getParam('templatetype', null, 'attribute');
    3687. 

  3687.         $subject = getParam('templatesubject', null, 'subject');
    3688. 

  3688.         $body    = getParam('templatebody', null, 'htmlcode');
    3689. 

  3689. 

  3690.         if (!isset($error)) {  
    3691. 

  3691.             if (!isset($name) || $name=='') {
    3692. 

  3692.                 $error = $am->E('INVALIDREQUEST') . ' [name]';
    3693. 

  3693.             } else if (!isset($type) || $type=='') {
    3694. 

  3694.                 $error = $am->E('INVALIDREQUEST') . ' [type]';
    3695. 

  3695.             }
    3696. 

  3696.         }
    3697. 

  3697. 

  3698. 

  3699.         if (!isset($error)) {  
    3700. 

  3700.             $data = array('name'=>$name,
    3701. 

  3701.                           'type'=>$type,
    3702. 

  3702.                           'contents'=>$body,
    3703. 

  3703.                           'subject'=>$subject);
    3704. 

  3704. 

  3705.             $force = $action == 'updatetemplate';
    3706. 

  3706.             if (false == $am->saveTemplateAs( $templateid, $data, $force )) {
    3707. 

  3707.                 $error = $am->getError();
    3708. 

  3708.             }
    3709. 

  3709.         }
    3710. 

  3710. 

  3711.         if (!isset($error)) {  
    3712. 

  3712.             if ($action == 'addtemplate') {
    3713. 

  3713.                 $action = 'updatetemplate';
    3714. 

  3714.                 $message = $am->M('MSG_TPLCREATED');
    3715. 

  3715.             } else {
    3716. 

  3716.                 $message = $am->M('MSG_TPLUPDATED');
    3717. 

  3717.             }
    3718. 

  3718.         }
    3719. 

  3719. 

  3720.     }
    3721. 

  3721. 

  3722.     ### ADMIN: adding & updating email template
    3723. 

  3723.     if ($action == 'deletetemplate') {
    3724. 

  3724. 

  3725.         $templateid = getParam('templateid', null, 'field');
    3726. 

  3726.         if (!isset($templateid) || $templateid=='') {
    3727. 

  3727.             $error = $am->E('INVALIDREQUEST') . ' [templateid]';
    3728. 

  3728.         }
    3729. 

  3729. 

  3730.         if (false  == $am->deleteTemplate( $templateid )) {
    3731. 

  3731.             $error = $am->getError();
    3732. 

  3732.         }
    3733. 

  3733. 

  3734.         if (isset($error)) {  
    3735. 

  3735.             $action = 'updatetemplate';
    3736. 

  3736.         } else {
    3737. 

  3737.             $templateid = null;
    3738. 

  3738.             $message = $am->M('MSG_TPLDELETED');
    3739. 

  3739.         }
    3740. 

  3740.     }
    3741. 

  3741. 

  3742.     $tplsArray = $am->getTemplates();
    3743. 

  3743. 

  3744.     web_header( $am->M('SUBTITLE_SETTINGS') );
    3745. 

  3745.     web_menu();
    3746. 

  3746. ?>
    3747. 

  3747. <div id="righty">
    3748. 

  3748. 

  3749. <!-- Top Page Notes -->
    3750. 

  3750. <div class="pagenotes">
    3751. 

  3751.   <h4><?php echo $am->M('SUBTITLE_SETTINGS') ?></h4>
    3752. 

  3752. 

  3753.   <div><div class="name"><?php echo $am->M('PROTECTEDDIRECTORY') ?></div>
    3754. 

  3754.   <div class="value"><?php echo $am->getPathByType('protecteddirectory') ?></div></div>
    3755. 

  3755. 

  3756.   <div><div class="name">SystemAuthFile</div>
    3757. 

  3757.   <div class="value"><?php echo $am->getPathByType('authadminfile') ?></div></div>
    3758. 

  3758. </div>
    3759. 

  3759. 

  3760. <!-- Submenu -->
    3761. 

  3761. <div id="#menuright" class="actions">
    3762. 

  3762.   <ul>
    3763. 

  3763.     <li><a href="javascript:void(0);" onClick="javascript:setsShowForm('editAdmin','show');"><?php echo $am->M('MENU_EDITADMIN') ?></a></li>
    3764. 

  3764.     <li><a href="javascript:void(0);" onClick="javascript:setsShowForm('chooseTpl','show');"><?php echo $am->M('MENU_EMAILTPLS') ?></a></li>
    3765. 

  3765.     <li><a href="javascript:void(0);" onClick="javascript:setsShowForm('downFiles','show');"><?php echo $am->M('MENU_DOWNLOAD') ?></a></li>
    3766. 

  3766.     <li><a href="javascript:void(0);" onClick="javascript:setsShowForm('prefFiles','show');"><?php echo $am->M('MENU_PREFFILES') ?></a></li>
    3767. 

  3767.     <li><a href="javascript:void(0);" onClick="javascript:setsShowForm('resetProtected','show');"><?php echo $am->M('MENU_PROTDIR') ?></a></li>
    3768. 

  3768.   </ul>
    3769. 

  3769. </div>
    3770. 

  3770. 

  3771. <!-- Page Message -->
    3772. 

  3772. <?php
    3773. 

  3773. web_message( $message, $error );
    3774. 

  3774. ?>
    3775. 

  3775. 

  3776. <!-- Settings FORM: EDIT ADMIN Account -->
    3777. 

  3777. <div id="editAdmin" style="display: none;">
    3778. 

  3778.   <h1><?php echo $am->M('EDITADMIN') ?></h1>
    3779. 

  3779.   <form id="editAdmin_form" name="editAdmin_form" method="post">
    3780. 

  3780.   <p id="editAdmin_form_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    3781. 

  3781. 

  3782.   <fieldset>
    3783. 

  3783.     <legend>Account Details</legend>
    3784. 

  3784.     <div>
    3785. 

  3785.       <label for="username" class="required"><?php echo $am->M('FIELD_USERNAME') ?></label>
    3786. 

  3786.       <input id="username" type="text" name="username" maxlength="255" class="required" />
    3787. 

  3787.     </div>
    3788. 

  3788.     <div>
    3789. 

  3789.       <label for="password"><?php echo $am->M('FIELD_NEWPASSWORD') ?></label>
    3790. 

  3790.       <input id="password" type="text" name="password" maxlength="255" />
    3791. 

  3791.       <input type="button" value="<?php echo $am->M('GENERATE') ?>" onclick="javascript:mainGeneratePassword('editAdmin');" />
    3792. 

  3792.     </div>
    3793. 

  3793.     <div>
    3794. 

  3794.       <label for="realname"><?php echo $am->M('FIELD_REALNAME') ?></label>
    3795. 

  3795.       <input id="realname" type="text" name="realname" size="40" maxlength="255" />
    3796. 

  3796.     </div>
    3797. 

  3797.     <div>
    3798. 

  3798.       <label for="email"><?php echo $am->M('FIELD_EMAIL') ?></label>
    3799. 

  3799.       <input id="email" type="text" name="email" size="40" maxlength="255" />
    3800. 

  3800.     </div>
    3801. 

  3801.   </fieldset>
    3802. 

  3802. 

  3803.   <div class="buttonrow">
    3804. 

  3804.       <div id="editAdmin_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" />
    3805. 

  3805.         <span><?php echo $am->M('SAVING') ?></span>
    3806. 

  3806.       </div>
    3807. 

  3807.       <input type="hidden" name="page" value="settings" />
    3808. 

  3808.       <input type="hidden" name="action" value="updateadmin" />
    3809. 

  3809.       <?php echo htmlSubmit('submit') ?>
    3810. 

  3810.       <?php echo htmlReset('reset', 'onClick="javascript:setsResetForm(\'editAdmin\'); return false;"') ?>
    3811. 

  3811.       <input type="submit" id="cancel" value="<?php echo $am->M('CANCEL') ?>" 
    3812. 

  3812.              onClick="javascript:setsShowForm('editAdmin','hide'); return false;" />
    3813. 

  3813.   </div>
    3814. 

  3814. 

  3815.   </form>
    3816. 

  3816. </div>
    3817. 

  3817. 

  3818. <!-- Settings FORM: DOWNLOAD Apache Files -->
    3819. 

  3819. <div id="downFiles" style="display: none;">
    3820. 

  3820.   <h1><?php echo $am->M('DOWNLOADFILES') ?></h1>
    3821. 

  3821.   <div class="block">
    3822. 

  3822.   <?php 
    3823. 

  3823.       echo '<a href="index.php?page=settings&action=downloadapache">';
    3824. 

  3824.       echo  $am->M('CLICKHERE') .'</a> '. $am->M('TODOWNAPACHEFILES');
    3825. 

  3825.   ?>
    3826. 

  3826.   </div>
    3827. 

  3827. </div>
    3828. 

  3828. 

  3829. <!-- Settings Form: Prefered Files (ajax) -->
    3830. 

  3830. <div id="prefFiles" style="display: none;">
    3831. 

  3831. <h1><?php echo $am->M('PREFFILES') ?></h1>
    3832. 

  3832. 

  3833.     <div class="block"><?php echo $am->M('DESCR_PREFFILES') ?></div>
    3834. 

  3834. 

  3835.     <!-- DIST: ACCESS FILE -->
    3836. 

  3836.     <form id="daccessfile_form" name="daccessfile_form" onSubmit="javascript:setsPrefFilesUpdate('daccessfile');return false;" method="post">
    3837. 

  3837. <?php
    3838. 

  3838.         $filepath = $am->getPathByType('accessfile_dist');
    3839. 

  3839. 

  3840.         print '<div id="daccessfile_message">';
    3841. 

  3841.         if (false == $filepath) {
    3842. 

  3842.             print '<div class="warning">' . $am->W('NOTDEFINED', 'AccessFile (prefered)') . '</div>';
    3843. 

  3843.         }
    3844. 

  3844.         print '</div>';
    3845. 

  3845. ?>
    3846. 

  3846.     <fieldset>
    3847. 

  3847.     <legend>AccessFile</legend>
    3848. 

  3848.         <div><textarea class="filecontent" name="contents" id="daccessfile_contents" 
    3849. 

  3849.             wrap="off"><?php echo $am->getFileContentsByType('accessfile_dist', true); ?></textarea>
    3850. 

  3850.         </div>
    3851. 

  3851.         <div class="fieldnotes"><?php echo $am->M('PREFFILERESTAS', $am->getPathByType('accessfile')) ?></div>
    3852. 

  3852.     </fieldset>
    3853. 

  3853.     <div class="buttonrow">
    3854. 

  3854.         <div id="daccessfile_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('SAVING') ?></span></div>
    3855. 

  3855.         <input type="hidden" name="filetype" value="accessfile_dist">
    3856. 

  3856.         <input type="hidden" name="ajax" value="1">
    3857. 

  3857.         <input type="hidden" name="action" value="savefile">
    3858. 

  3858.         <input type="hidden" name="page" value="settings">
    3859. 

  3859.         <?php echo htmlSubmit('daccessfile_submit') ?>
    3860. 

  3860.         <?php echo htmlReset('daccessfile_reset') ?>
    3861. 

  3861. <?php if (is_file($am->getPathByType('accessfile_dist'))) { ?>
    3862. 

  3862.         | <a href="javascript:setsPrefFilesDownload('accessfile_dist');"><?php echo $am->M('DOWNLOAD') ?></a>
    3863. 

  3863. <?php } else { ?>
    3864. 

  3864.         | <strong style="color: red;">File not found</strong>
    3865. 

  3865. <?php } ?>
    3866. 

  3866.     </div>
    3867. 

  3867.     </form>
    3868. 

  3868.     
    3869. 

  3869. 	<div class="spacer30"></div>
    3870. 

  3870.     
    3871. 

  3871.     <!-- DIST: AUTH USER FILE -->
    3872. 

  3872.     <form id="dauthuserfile_form" name="dauthuserfile_form" onSubmit="javascript:setsPrefFilesUpdate('dauthuserfile');return false;" method="post">
    3873. 

  3873. <?php
    3874. 

  3874.         $filepath = $am->getPathByType('authuserfile_dist');
    3875. 

  3875. 

  3876.         print '<div id="dauthuserfile_message">';
    3877. 

  3877.         if (false == $filepath) {
    3878. 

  3878.             print '<div class="warning">' . $am->W('NOTDEFINED', 'AccessFile (prefered)') . '</div>';
    3879. 

  3879.         }
    3880. 

  3880.         print '</div>';
    3881. 

  3881. ?>
    3882. 

  3882.     <fieldset>
    3883. 

  3883.     <legend>AuthUserFile</legend>
    3884. 

  3884.     <div><textarea class="filecontent" name="contents" id="dauthuserfile_contents" 
    3885. 

  3885.                    wrap="off"><?php echo $am->getFileContentsByType('authuserfile_dist', true); ?></textarea>
    3886. 

  3886.     </div>
    3887. 

  3887.     <div class="fieldnotes">
    3888. 

  3888.     	<?php 
    3889. 

  3889.     		echo $am->M('PREFFILERESTAS', $am->getPathByType('authuserfile'));
    3890. 

  3890.     		echo '<br />' . $am->M('DEPENSONACCESSFILE');
    3891. 

  3891.     	?></div>
    3892. 

  3892.     </fieldset>
    3893. 

  3893.     <div class="buttonrow">
    3894. 

  3894.         <div id="dauthuserfile_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('SAVING') ?></span></div>
    3895. 

  3895.         <input type="hidden" name="filetype" value="authuserfile_dist">
    3896. 

  3896.         <input type="hidden" name="ajax" value="1">
    3897. 

  3897.         <input type="hidden" name="action" value="savefile">
    3898. 

  3898.         <input type="hidden" name="page" value="settings">
    3899. 

  3899.         <?php echo htmlSubmit('dauthuserfile_submit') ?>
    3900. 

  3900.         <?php echo htmlReset('dauthuserfile_reset') ?>
    3901. 

  3901. <?php if (is_file($am->getPathByType('authuserfile_dist'))) { ?>
    3902. 

  3902.         | <a href="javascript:setsPrefFilesDownload('authuserfile_dist');"><?php echo $am->M('DOWNLOAD') ?></a>
    3903. 

  3903. <?php } else { ?>
    3904. 

  3904.         | <strong style="color: red;">File not found</strong>
    3905. 

  3905. <?php } ?>        
    3906. 

  3906.     </div>
    3907. 

  3907.     </form>
    3908. 

  3908. 

  3909. 	<div class="spacer30"></div>
    3910. 

  3910.     
    3911. 

  3911.     <!-- DIST: AUTH GROUP FILE -->
    3912. 

  3912. <!--
    3913. 

  3913.     <form id="dauthgroupfile_form" name="dauthgroupfile_form" onSubmit="javascript:setsPrefFilesUpdate('dauthgroupfile');return false;">
    3914. 

  3914. <?php
    3915. 

  3915.         $filepath = $am->getPathByType('authgroupfile_dist');
    3916. 

  3916. 

  3917.         print '<div id="dauthgroupfile_message">';
    3918. 

  3918.         if (false == $filepath) {
    3919. 

  3919.             print '<div class="warning">' . $am->W('NOTDEFINED', 'AccessFile (prefered)') . '</div>';
    3920. 

  3920.         } else if (!is_file($filepath)) {
    3921. 

  3921.             print '<div class="warning">' . $am->E('NOSUCHFILE', $filepath) . '</div>';
    3922. 

  3922.         }
    3923. 

  3923.         print '</div>';
    3924. 

  3924. ?>
    3925. 

  3925.     <fieldset>
    3926. 

  3926.         <legend>AuthGroupFile</legend>
    3927. 

  3927.         <div><textarea class="filecontent" name="contents" id="dauthgroupfile_contents" 
    3928. 

  3928.                        wrap="off"><?php echo $am->getFileContentsByType('authgroupfile_dist', true); ?></textarea>
    3929. 

  3929.         </div>
    3930. 

  3930.         <div class="fieldnotes"><?php echo $am->M('PREFFILERESTAS', $am->getPathByType('authgroupfile')) ?></div>
    3931. 

  3931.     </fieldset>
    3932. 

  3932.     <div class="buttonrow">
    3933. 

  3933.         <div id="dauthgroupfile_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('SAVING') ?></span></div>
    3934. 

  3934.         <input type="hidden" name="filetype" value="authgroupfile_dist">
    3935. 

  3935.         <input type="hidden" name="ajax" value="1">
    3936. 

  3936.         <input type="hidden" name="action" value="savefile">
    3937. 

  3937.         <input type="hidden" name="page" value="settings">
    3938. 

  3938.         <?php echo htmlSubmit('dauthgroupfile_submit') ?>
    3939. 

  3939.         <?php echo htmlReset('dauthgroupfile_reset') ?>
    3940. 

  3940.         | <a href="javascript:setsPrefFilesDownload('authgroupfile_dist');"><?php echo $am->M('DOWNLOAD') ?></a>
    3941. 

  3941.     </div>
    3942. 

  3942.     </form>
    3943. 

  3943. -->
    3944. 

  3944. 

  3945. </div>
    3946. 

  3946. 

  3947. <!-- Settings Form: Reset Protected Directory (ajax) -->
    3948. 

  3948. <div id="resetProtected" style="display: none;">
    3949. 

  3949.     <h1><?php echo $am->M('REBLPROTDIR') ?></h1>
    3950. 

  3950.     <div class="block"><?php echo $am->M('DESCR_REBLDPROTDIR') ?></div>
    3951. 

  3951. 

  3952.     <form id="resetProtected_form" name="resetProtected_form" method="post">
    3953. 

  3953.     <fieldset>
    3954. 

  3954.         <legend><?php echo $am->M('NOTES') ?></legend>
    3955. 

  3955.         <?php echo $am->M('NOTES_REBLDPROTDIR') ?>
    3956. 

  3956.     </fieldset>
    3957. 

  3957.     <div class="buttonrow">
    3958. 

  3958.         <div id="resetProtected_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('SAVING') ?></span></div>
    3959. 

  3959.         <input type="hidden" name="ajax" value="1" />
    3960. 

  3960.         <input type="hidden" name="page" value="settings" />
    3961. 

  3961.         <input type="hidden" name="action" value="resetprotected" />
    3962. 

  3962.         <?php echo htmlInput( 'submit', 'resetProtected_submit', $am->M('CONFIRM') ) ?>
    3963. 

  3963.         <?php echo htmlInput( 'submit', 'resetProtected_cancel', $am->M('CANCEL'), 'onClick="javascript:setsShowForm(\'resetProtected\',\'hide\'); return false;"') ?>
    3964. 

  3964.     </div>
    3965. 

  3965.     </form>
    3966. 

  3966. </div>
    3967. 

  3967. 

  3968. <!-- Settings Form: Edit Email Templates -->
    3969. 

  3969. <div id="chooseTpl" style="display: none;">
    3970. 

  3970.     <h1><?php echo $am->M('EDITEMAILTPLS') ?></h1>
    3971. 

  3971.     <form id="chooseTpl_form" name="chooseTpl_form">
    3972. 

  3972.     <fieldset>
    3973. 

  3973.       <legend><?php echo $am->M('LEGEND_TEMPLATESEL') ?></legend>
    3974. 

  3974.       <div>
    3975. 

  3975.         <label for="templateid" class="required"><?php echo $am->M('FIELD_TPLNAME') ?></label>
    3976. 

  3976.         <select id="templateid" onChange="javascript:setsOnChangeTemplate( this.value );">
    3977. 

  3977.             <option id="chooseTpl_default" value=""><?php echo $am->M('SELECTONE') ?></option>
    3978. 

  3978. <?php
    3979. 

  3979.         foreach($tplsArray as $id=>$tpl) {
    3980. 

  3980.             print '<option value="' . $id . '">' . $tpl['name'] . '</option>';
    3981. 

  3981.         }
    3982. 

  3982. ?>
    3983. 

  3983.         </select>
    3984. 

  3984.         | <a href="javascript:setsOnNewTemplate();">Add New</a>
    3985. 

  3985.       </div>
    3986. 

  3986.     </fieldset>
    3987. 

  3987.     </form>
    3988. 

  3988.     
    3989. 

  3989.     <div class="spacer30"></div>
    3990. 

  3990. </div>
    3991. 

  3991. 

  3992. <div id="addTpl" style="display: none;">
    3993. 

  3993.     <form id="addTpl_form" name="addTpl_form" method="post" method="post">
    3994. 

  3994.     <p id="addTpl_form_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    3995. 

  3995.     <fieldset>
    3996. 

  3996.       <legend><?php echo $am->M('LEGEND_TEMPLATENEW') ?></legend>
    3997. 

  3997.       <div>
    3998. 

  3998.         <label for="templatename" class="required"><?php echo $am->M('FIELD_TPLNAME') ?></label>
    3999. 

  3999.         <input id="templatename" name="templatename" type="text" maxlength="255" class="required" />
    4000. 

  4000.       </div>
    4001. 

  4001.       <div>
    4002. 

  4002.         <label for="type" class="required"><?php echo $am->M('FIELD_TPLTYPE') ?></label>
    4003. 

  4003.         <input onClick="javascript:setsOnChangeTemplateType('addTpl');" type="radio" class="required" id="templatetype" name="templatetype" value="plaintext" checked="checked" />PlainText
    4004. 

  4004.         <input onClick="javascript:setsOnChangeTemplateType('addTpl');" type="radio" class="required" id="templatetype" name="templatetype" value="html" />HTML
    4005. 

  4005.       </div>
    4006. 

  4006. 

  4007.       <div>
    4008. 

  4008.         <label for="templatesubject" class=""><?php echo $am->M('FIELD_TPLSUBJECT') ?></label>
    4009. 

  4009.         <input id="templatesubject" name="templatesubject" type="text" maxlength="255" class="" />
    4010. 

  4010.       </div>
    4011. 

  4011. 

  4012.       <div>
    4013. 

  4013.         <label for="templatebody" class=""><?php echo $am->M('FIELD_TPLBODY') ?></label>
    4014. 

  4014.       </div>
    4015. 

  4015.       <div>
    4016. 

  4016.             <textarea class="htmlcontent" id="addTpl_templatebody" name="templatebody" wrap="off"></textarea>
    4017. 

  4017.       </div>
    4018. 

  4018.       <div id='addTpl_templatevar'>
    4019. 

  4019.             <?php echo $am->M('INSERT') . ': ';  echo htmlSelectTemplateVar('addTpl_templatebody'); ?>
    4020. 

  4020.       </div>      
    4021. 

  4021.     </fieldset>
    4022. 

  4022.     <div class="buttonrow">
    4023. 

  4023.         <input type="hidden" name="page" value="settings" />
    4024. 

  4024.         <input type="hidden" name="action" value="addtemplate" />
    4025. 

  4025.         <?php echo htmlSubmit('submit') ?>
    4026. 

  4026.         <input type="submit" id="cancel" value="<?php echo $am->M('CANCEL') ?>" 
    4027. 

  4027.                onClick="javascript:setsShowForm('addTpl','hide'); return false;" />
    4028. 

  4028.     </div>
    4029. 

  4029.     </form>
    4030. 

  4030. </div>
    4031. 

  4031. 

  4032. <div id="editTpl" style="display: none;">
    4033. 

  4033.     <form id="editTpl_form" name="editTpl_form" method="post">
    4034. 

  4034.     <p id="editTpl_form_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    4035. 

  4035.     <fieldset>
    4036. 

  4036.       <legend><?php echo $am->M('LEGEND_TEMPLATEEDIT') ?></legend>
    4037. 

  4037.       <div>
    4038. 

  4038.         <label for="templatename" class="required"><?php echo $am->M('FIELD_TPLNAME') ?></label>
    4039. 

  4039.         <input id="templatename" name="templatename" type="text" maxlength="255" class="required" />
    4040. 

  4040.       </div>
    4041. 

  4041.       <div>
    4042. 

  4042.         <label for="type" class="required"><?php echo $am->M('FIELD_TPLTYPE') ?></label>
    4043. 

  4043.         <input onClick="javascript:setsOnChangeTemplateType('editTpl');" type="radio" class="required" id="templatetype" name="templatetype" value="plaintext" />PlainText
    4044. 

  4044.         <input onClick="javascript:setsOnChangeTemplateType('editTpl');" type="radio" class="required" id="templatetype" name="templatetype" value="html" />HTML
    4045. 

  4045.       </div>
    4046. 

  4046. 

  4047.       <div>
    4048. 

  4048.         <label for="templatesubject" class=""><?php echo $am->M('FIELD_TPLSUBJECT') ?></label>
    4049. 

  4049.         <input id="templatesubject" name="templatesubject" type="text" maxlength="255" class="" />
    4050. 

  4050.       </div>
    4051. 

  4051. 

  4052.       <div>
    4053. 

  4053.         <label for="templatebody" class=""><?php echo $am->M('FIELD_TPLBODY') ?></label>
    4054. 

  4054.       </div>
    4055. 

  4055.       <div>
    4056. 

  4056.             <textarea class="htmlcontent" id="editTpl_templatebody" name="templatebody" wrap="off"></textarea>
    4057. 

  4057.       </div>
    4058. 

  4058.       <div id='editTpl_templatevar'>
    4059. 

  4059.             <?php echo $am->M('INSERT') . ': ';  echo htmlSelectTemplateVar('editTpl_templatebody'); ?>
    4060. 

  4060.       </div>
    4061. 

  4061.     </fieldset>
    4062. 

  4062. 

  4063.     <div class="buttonrow">
    4064. 

  4064.         <div id="editTpl_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('SAVING') ?></span></div>
    4065. 

  4065.         <input type="hidden" id="templateid" name="templateid" value="" />
    4066. 

  4066.         <input type="hidden" name="page" value="settings" />
    4067. 

  4067.         <input type="hidden" name="action" value="updatetemplate" />
    4068. 

  4068.         <?php echo htmlSubmit('submit') ?>
    4069. 

  4069.         <?php echo htmlReset('reset', 'onClick="javascript:setsResetForm(\'editTpl\'); return false;"') ?>
    4070. 

  4070.         <?php echo htmlInput( 'submit', 'delete_submit', $am->M('BTN_DELETE'), 'onClick="javascript:return setsOnDeleteTemplate();"' ) ?>
    4071. 

  4071.         <input type="submit" id="cancel" value="<?php echo $am->M('CANCEL') ?>" 
    4072. 

  4072.                onClick="javascript:setsShowForm('editTpl','hide'); return false;" />
    4073. 

  4073.     </div>
    4074. 

  4074.     </form>
    4075. 

  4075. </div>
    4076. 

  4076. 

  4077. 

  4078. <div class="spacer30"></div>
    4079. 

  4079. 

  4080. <?php if ($am->hasFeature('tinymcejs')) { ?>
    4081. 

  4081. <script type="text/javascript" xml:space="preserve">
    4082. 

  4082. //<![CDATA[
    4083. 

  4083. 	tinyMCE.init({
    4084. 

  4084. 	    mode : "none",
    4085. 

  4085.         <?php if ($am->isDemo()) { echo "plugins : \"noneditable\",\n"; } ?>
    4086. 

  4086. 	    theme : "simple"
    4087. 

  4087. 	});
    4088. 

  4088. //]]>
    4089. 

  4089. </script>
    4090. 

  4090. <?php } ?>
    4091. 

  4091. 

  4092. <script type="text/javascript" xml:space="preserve">
    4093. 

  4093. //<![CDATA[
    4094. 

  4094. <?php
    4095. 

  4095.     // Javascript code: updateadmin 
    4096. 

  4096.     if ($action == 'updateadmin' && (isset($error) || isset($message))) {
    4097. 

  4097.         print "setsShowForm('editAdmin','show');\n";
    4098. 

  4098.     }
    4099. 

  4099. 

  4100.     echo getJsArray('emailTemplates');
    4101. 

  4101.     
    4102. 

  4102.     // Edit template js
    4103. 

  4103.     if ($action == 'updatetemplate' && isset($templateid) && (isset($error) || isset($message))) {
    4104. 

  4104.         print "setsSetChooseTpl('$templateid');\n";
    4105. 

  4105.         print "setsShowForm('editTpl','" . $templateid . "');\n";
    4106. 

  4106.     }
    4107. 

  4107. 

  4108.     // Add template js
    4109. 

  4109.     if ($action == 'addtemplate' && isset($error)) {
    4110. 

  4110.         print "setsShowForm('addTpl','show');\n";
    4111. 

  4111.     }
    4112. 

  4112.   
    4113. 

  4113.     // Delete template js
    4114. 

  4114.     if ($action == 'deletetemplate' && (isset($error) || isset($message))) {
    4115. 

  4115.         print "setsShowForm('chooseTpl','show');\n";
    4116. 

  4116.     }
    4117. 

  4117. ?>
    4118. 

  4118. //]]>
    4119. 

  4119. </script>
    4120. 

  4120. 

  4121. <!-- end of righty -->
    4122. 

  4122. </div>
    4123. 

  4123. 

  4124. <?php
    4125. 

  4125.     web_footer();
    4126. 

  4126. }
    4127. 

  4127. /* the end of the settings module */
    4128. 

  4128. 

  4129. 

  4130. /**
    4131. 

  4131.  * Files module
    4132. 

  4132.  * Edit raw file: .htaccess, .htpasswd
    4133. 

  4133.  *
    4134. 

  4134.  * @return void
    4135. 

  4135.  */
    4136. 

  4136. function showPage_files()
    4137. 

  4137. {
    4138. 

  4138.     global $am;
    4139. 

  4139. 

  4140.     // check access rights
    4141. 

  4141.     if (!$am->isAdmin()) {
    4142. 

  4142.     	$_SESSION['durl'] = $_SERVER['REQUEST_URI'];
    4143. 

  4143.         showPage_401( true );
    4144. 

  4144.         exit;
    4145. 

  4145.     }
    4146. 

  4146. 

  4147.     $message = $error = null;
    4148. 

  4148.     $action = getParam('action', null, 'attribute');
    4149. 

  4149.     
    4150. 

  4150.     // Action: 'downloadfile': download raw file
    4151. 

  4151.     if ($action == 'downloadfile') {
    4152. 

  4152.         $filetype = getParam('filetype', null, 'attribute');
    4153. 

  4153. 

  4154.         $contents = $am->getFileContentsByType($filetype, true); 
    4155. 

  4155.         if (!$am->isError()) {
    4156. 

  4156.             header('Content-Type: text/plain');
    4157. 

  4157.             header('Content-Disposition: attachment; filename='.$filetype.'.txt');
    4158. 

  4158. 

  4159.             echo $contents;
    4160. 

  4160.             return;
    4161. 

  4161.         }
    4162. 

  4162.         $error = $am->getError();
    4163. 

  4163.     }
    4164. 

  4164. 

  4165.     // Action: 'savefile': save raw file
    4166. 

  4166.     if ($action == 'savefile') {
    4167. 

  4167.         $filetype = getParam('filetype', null, 'attribute');
    4168. 

  4168.         $contents = getParam('contents', null, 'htmlcode');
    4169. 

  4169. 

  4170.         $filepath = $am->getPathByType($filetype);
    4171. 

  4171. 

  4172.         if (!$am->isManualEdit()) {
    4173. 

  4173.             $error = $am->W('MANUALEDITOFF');
    4174. 

  4174.         }
    4175. 

  4175.  
    4176. 

  4176.         // save contents as raw data
    4177. 

  4177.         if (!isset($error)) {
    4178. 

  4178.             $results = $am->setFileContentsByType( $filetype, $contents, true, true); 
    4179. 

  4179.             if (!$results) {
    4180. 

  4180.                 $error = $am->getError();
    4181. 

  4181.             }
    4182. 

  4182.         }
    4183. 

  4183. 

  4184.         if (!isset($error)) {
    4185. 

  4185.             $message = $am->M('FILEUPDSUCCESS', $filepath);
    4186. 

  4186.         }
    4187. 

  4187. 

  4188.         // authuserfile and authgroupfile are updated via ajax request
    4189. 

  4189.         if ($filetype == 'authuserfile' || $filetype == 'authgroupfile') {
    4190. 

  4190.             if (empty($error)) {
    4191. 

  4191.                 print '<div class="message">' . fmt_message($message) . "</div>\n";
    4192. 

  4192.             } else {
    4193. 

  4193.                 print '<div class="warning">' . fmt_message($error) . "</div>\n";
    4194. 

  4194.             }
    4195. 

  4195.             return;
    4196. 

  4196.         }
    4197. 

  4197. 

  4198.     }
    4199. 

  4199.    
    4200. 

  4200.     web_header( $am->M('SUBTITLE_FILES') );
    4201. 

  4201.     web_menu();
    4202. 

  4202. ?>
    4203. 

  4203.     <div id="righty">
    4204. 

  4204. 

  4205.     <div class="pagenotes">
    4206. 

  4206.     <h4><?php echo $am->M('SUBTITLE_FILES') ?></h4>
    4207. 

  4207.         <div><div class="name">DocumentRoot</div>
    4208. 

  4208.         <div class="value"><?php echo $_SERVER['DOCUMENT_ROOT']; ?></div></div>
    4209. 

  4209.         
    4210. 

  4210.         <div><div class="name">IP Address</div>
    4211. 

  4211.         <div class="value"><?php echo $_SERVER['REMOTE_ADDR']; ?></div></div>
    4212. 

  4212.     </div>
    4213. 

  4213. <?php  
    4214. 

  4214.     // ------------- Message ----------------
    4215. 

  4215.     web_message( $message, $error );
    4216. 

  4216. 

  4217.     // ------------- AccessFile ----------------
    4218. 

  4218.     $filepath = $am->getPathByType('accessfile');
    4219. 

  4219.     print '<div id="accessfile_message">';
    4220. 

  4220.     if (!is_file($filepath)) {
    4221. 

  4221.         print '<div class="block">';
    4222. 

  4222.         print '<img src="images/icon_warning.gif" width="20" height="20" align="left" />';
    4223. 

  4223.         print $am->M('NOTES_NOACCESSFILE', $filepath);
    4224. 

  4224.         print '</div>';
    4225. 

  4225.     } 
    4226. 

  4226.     print '</div>';
    4227. 

  4227. ?>
    4228. 

  4228.     <form id="accessfile_form" name="accessfile_form" method="post" action="index.php">
    4229. 

  4229.     <fieldset>
    4230. 

  4230.         <legend>AccessFile</legend>
    4231. 

  4231.         <div>
    4232. 

  4232.             <textarea wrap="off" name="contents" id="accessfile_contents" 
    4233. 

  4233.                 <?php echo $am->isDemo() || !$am->isManualEdit() ?  ' readonly' : ''; ?>
    4234. 

  4234.                 class="filecontent"><?php echo $am->getFileContentsByType('accessfile', true); ?></textarea>
    4235. 

  4235.         </div>
    4236. 

  4236.         <div class="fieldnotes">File: <?php echo $filepath ?></div>
    4237. 

  4237.     </fieldset>
    4238. 

  4238.     <div class="buttonrow">
    4239. 

  4239.         <input type="hidden" name="filetype" value="accessfile">
    4240. 

  4240.         <input type="hidden" name="action" value="savefile">
    4241. 

  4241.         <input type="hidden" name="page" value="files">
    4242. 

  4242. <?php 
    4243. 

  4243.     if ($am->isManualEdit()) {
    4244. 

  4244.         echo htmlSubmit('accessfile_submit');
    4245. 

  4245.         echo htmlReset('accessfile_reset');
    4246. 

  4246.         if (is_file($filepath)) {
    4247. 

  4247.             echo '| <a href="javascript:filesDownload(\'accessfile\');">' . $am->M('DOWNLOAD') . '</a>';
    4248. 

  4248.         }
    4249. 

  4249.     }
    4250. 

  4250. ?>
    4251. 

  4251.     </div>
    4252. 

  4252.     </form>
    4253. 

  4253. 

  4254.     <div class="spacer30"></div>
    4255. 

  4255. <?php
    4256. 

  4256. 

  4257.     $filepath = $am->getPathByType('authuserfile');
    4258. 

  4258. 

  4259.     print '<div id="authuserfile_message">';
    4260. 

  4260.     if (false == $filepath) {
    4261. 

  4261.         print '<div class="block">';
    4262. 

  4262.         print $am->M('NOTES_NOAUTHFILEDEF', 'AuthUserFile');
    4263. 

  4263.         print '</div>';
    4264. 

  4264. 

  4265.     } else if (!is_file($filepath)) {
    4266. 

  4266.         print '<div class="block">'. $am->E('NOSUCHFILE', $filepath) .'</div>';
    4267. 

  4267.     }
    4268. 

  4268.     print '</div>';
    4269. 

  4269. 

  4270.     if (false != $filepath) {
    4271. 

  4271. ?>
    4272. 

  4272.     <form id="authuserfile_form" name="authuserfile_form" method="post" action="index.php">
    4273. 

  4273.     <fieldset>
    4274. 

  4274.         <legend>AuthUserFile</legend>
    4275. 

  4275.         <div>
    4276. 

  4276.             <textarea wrap="off" name="contents" id="authuserfile_contents" 
    4277. 

  4277.                 <?php echo $am->isDemo() || !$am->isManualEdit() ?  ' readonly' : 'onKeyUp="javascript:filesOnChangeContents(\'authuserfile\');"'; ?>
    4278. 

  4278.                 class="filecontent"><?php echo $am->getFileContentsByType('authuserfile', true); ?></textarea>
    4279. 

  4279.         </div>
    4280. 

  4280.         <div class="fieldnotes">File: <?php echo $filepath ?></div>
    4281. 

  4281.     </fieldset>
    4282. 

  4282.     <div class="buttonrow">
    4283. 

  4283.         <div id="authuserfile_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('SAVING') ?></span></div>
    4284. 

  4284.         <input type="hidden" name="filetype" value="authuserfile" />
    4285. 

  4285.         <input type="hidden" name="action" value="savefile" />
    4286. 

  4286.         <input type="hidden" name="page" value="files" />
    4287. 

  4287. <?php 
    4288. 

  4288.     if ($am->isManualEdit()) {
    4289. 

  4289.         echo htmlSubmit('authuserfile_submit', 'onClick="javascript:filesUpdateContents(\'authuserfile\'); return false;"');
    4290. 

  4290.         echo htmlReset('authuserfile_reset');
    4291. 

  4291.         if (is_file($filepath)) {
    4292. 

  4292.             echo '| <a href="javascript:filesDownload(\'authuserfile\');">' . $am->M('DOWNLOAD') . '</a>';
    4293. 

  4293.         }
    4294. 

  4294.     }
    4295. 

  4295. ?>
    4296. 

  4296.     </div>
    4297. 

  4297.     </form>
    4298. 

  4298. <?php
    4299. 

  4299.     }
    4300. 

  4300.     // ------------- Auth Group ----------------
    4301. 

  4301.     echo '<!--';
    4302. 

  4302. 

  4303.     $filepath = $am->getPathByType('authgroupfile');
    4304. 

  4304. 

  4305.     print '<div id="authgroupfile_message">';
    4306. 

  4306.     if (false == $filepath) {
    4307. 

  4307.         print '<div class="warning">'. $am->w('NOTDEFINED', 'AuthGroupFile') .'</div>';
    4308. 

  4308. 

  4309.     } else if (!is_file($filepath)) {
    4310. 

  4310.         print '<div class="warning">'. $am->E('NOSUCHFILE', $filepath) .'</div>';
    4311. 

  4311.     }
    4312. 

  4312.     print '</div>';
    4313. 

  4313. 

  4314.     if (false != $filepath) {
    4315. 

  4315. ?>
    4316. 

  4316.     <form id="authgroupfile_form" name="authgroupfile_form" method="post" action="index.php">
    4317. 

  4317.     <fieldset>
    4318. 

  4318.         <legend>AuthGroupFile</legend>
    4319. 

  4319.         <div>
    4320. 

  4320.             <textarea wrap="off" nowrap name="contents" id="authgroupfile_contents" 
    4321. 

  4321.                 <?php echo $am->isDemo() || !$am->isManualEdit() ?  ' readonly' : 'onKeyUp="javascript:filesOnChangeContents(\'authgroupfile\');"'; ?>
    4322. 

  4322.                 class="filecontent"><?php echo $am->getFileContentsByType('authgroupfile', true); ?></textarea>
    4323. 

  4323.         </div>
    4324. 

  4324.         <div class="fieldnotes">File: <?php echo $filepath ?></div>
    4325. 

  4325.     </fieldset>
    4326. 

  4326.     <div class="buttonrow">
    4327. 

  4327.         <div id="authgroupfile_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('SAVING') ?></span></div>
    4328. 

  4328.         <input type="hidden" name="filetype" value="authgroupfile" />
    4329. 

  4329.         <input type="hidden" name="action" value="savefile" />
    4330. 

  4330.         <input type="hidden" name="page" value="files" />
    4331. 

  4331.         <input type="submit" id="authgroupfile_submit" 
    4332. 

  4332.         <?php
    4333. 

  4333.             echo 'value="'.(is_file($filepath) ? $am->M('UPDATEFILE') : $am->M('CREATEFILE')).'"';
    4334. 

  4334.             echo $am->isDemo() || !$am->isManualEdit() ?  ' disabled' : '';
    4335. 

  4335.         ?> onClick="javascript:filesUpdateContents('authgroupfile'); return false;" />
    4336. 

  4336.         <input type="reset"  id="authgroupfile_reset" 
    4337. 

  4337.         <?php
    4338. 

  4338.             echo 'value="' . $am->M('RESET') . '"'; 
    4339. 

  4339.             echo $am->isDemo() || !$am->isManualEdit() ?  ' disabled' : '';
    4340. 

  4340.         ?>/> 
    4341. 

  4341. 

  4342.         | <a href="javascript:filesDownload('authgroupfile');"><?php echo $am->M('DOWNLOAD') ?></a>
    4343. 

  4343. 

  4344.     </div>
    4345. 

  4345.     </form>
    4346. 

  4346. <?php
    4347. 

  4347.     }
    4348. 

  4348.     echo '-->';
    4349. 

  4349. 

  4350.     echo '<div class="spacer30"></div>';
    4351. 

  4351.     echo '</div>'; // righty
    4352. 

  4352.     web_footer();
    4353. 

  4353. }
    4354. 

  4354. /* the end of files module */
    4355. 

  4355. 

  4356. 

  4357. /**
    4358. 

  4358.  * Access module
    4359. 

  4359.  *
    4360. 

  4360.  * @return void
    4361. 

  4361.  */
    4362. 

  4362. function showPage_access()
    4363. 

  4363. {
    4364. 

  4364.     global $am;
    4365. 

  4365. 

  4366.     // check access rights
    4367. 

  4367.     if (!$am->isAdmin()) {
    4368. 

  4368.     	$_SESSION['durl'] = $_SERVER['REQUEST_URI'];
    4369. 

  4369.         showPage_401( true );
    4370. 

  4370.         exit;
    4371. 

  4371.     }
    4372. 

  4372. 

  4373.     $message = $error = null;
    4374. 

  4374.     $action = getParam('action', null, 'attribute');
    4375. 

  4375. 

  4376.     // Ajax Action: updateaccess
    4377. 

  4377.     if ($action == 'updateaccess') {
    4378. 

  4378.         $filepath = $am->getPathByType( 'accessfile' );
    4379. 

  4379. 

  4380.         $authtype = getParam('authtype', null, 'attribute');
    4381. 

  4381.         if ($authtype != 'basic') {
    4382. 

  4382.             $error = $am->E('INVALIDREQUEST') . ' [authtype]';
    4383. 

  4383.         }
    4384. 

  4384. 

  4385.         // RequireRules
    4386. 

  4386.         $requireargs = 'valid-user';
    4387. 

  4387.         
    4388. 

  4388.         // authname
    4389. 

  4389.         if (!isset($error)) {
    4390. 

  4390. 	        $authname = getParam('authname', null, 'htmlcode');
    4391. 

  4391. 	        if ($authname == '') {
    4392. 

  4392. 	            $error = $am->E('INVALIDREQUEST') . ' [authname]';
    4393. 

  4393. 	        }
    4394. 

  4394.         }
    4395. 

  4395.         
    4396. 

  4396.         // authuserfile
    4397. 

  4397.         if (!isset($error)) {
    4398. 

  4398. 	        $authuserfile = getParam('authuserfile', null, 'filepath');
    4399. 

  4399. 	        if ($authuserfile == '' && hasParam('defauthuserfile')) {
    4400. 

  4400. 	        	$authuserfile = $am->getDefaultFilePathByType('authuserfile');	
    4401. 

  4401. 	        }
    4402. 

  4402. 		    $am->setFilePathByType('authuserfile', $authuserfile);
    4403. 

  4403.              
    4404. 

  4404.              if (!is_file($authuserfile) && !hasParam('createmissingfiles')) {
    4405. 

  4405.                  $error = $am->E('NOSUCHFILE', $authuserfile);
    4406. 

  4406.              }
    4407. 

  4407.         }
    4408. 

  4408.         
    4409. 

  4409.         // error document 401
    4410. 

  4410.         if (!isset($error)) {
    4411. 

  4411.         	$errordocument401 = null;
    4412. 

  4412.         	if (hasParam('enableerrordocument401')) {
    4413. 

  4413. 		        $errordocument401 = getParam('errordocument401', null, 'url');
    4414. 

  4414. 		        if ($errordocument401=='' && hasParam('deferrordocument401')) {
    4415. 

  4415. 		        	$errordocument401 = $am->getUrlByType('errordocument401');	
    4416. 

  4416. 		        }
    4417. 

  4417.         	}
    4418. 

  4418. 			$am->setFilePathByType('errordocument401', $errordocument401);
    4419. 

  4419.         }
    4420. 

  4420.         
    4421. 

  4421.         // ip/domain access rules
    4422. 

  4422.         $order = getParam('order', null, 'attribute');
    4423. 

  4423.         if ($order != 'deny' && $order != 'allow') {
    4424. 

  4424.             $order  = null;
    4425. 

  4425.         }
    4426. 

  4426.         
    4427. 

  4427.         if (!isset($error)) {
    4428. 

  4428. 	        $am->setRecordByType( 'accessfile', 'require', array('require'=>$requireargs));
    4429. 

  4429. 

  4430. 	        $authArray = array('authtype', 'authname', 'authuserfile', 'errordocument401', 'order');
    4431. 

  4431.             foreach( $authArray as $auth) {
    4432. 

  4432.             	if (!isset($$auth) || $$auth=='') {
    4433. 

  4433. 	                $am->setRecordByType( 'accessfile', $auth, null );
    4434. 

  4434.             	} else {
    4435. 

  4435.                 	$am->setRecordByType( 'accessfile', $auth, array($auth=>$$auth));
    4436. 

  4436.             	}
    4437. 

  4437.             }
    4438. 

  4438. 

  4439.             // ip/domain access rules            
    4440. 

  4440.             $allowRecs = getParam('access_allow');
    4441. 

  4441.             if (is_array($allowRecs) && count($allowRecs)) {
    4442. 

  4442.                 $am->setRecordByType( 'accessfile', 'allow', $allowRecs);
    4443. 

  4443.             }
    4444. 

  4444.             
    4445. 

  4445.             $denyRecs = getParam('access_deny');
    4446. 

  4446.             if (is_array($denyRecs) && count($denyRecs)) {
    4447. 

  4447.                 $am->setRecordByType( 'accessfile', 'deny',  $denyRecs);
    4448. 

  4448.             }
    4449. 

  4449.         }
    4450. 

  4450.         
    4451. 

  4451.         // creating empty files
    4452. 

  4452.         if (!isset($error) && hasParam('createmissingfiles')) {
    4453. 

  4453.             $authuserfile = $am->getPathBytype('authuserfile');
    4454. 

  4454.             if (!is_file($authuserfile) && !$am->saveFileByType( 'authuserfile' )) {
    4455. 

  4455.                 $error  = $am->getError();
    4456. 

  4456.             }
    4457. 

  4457.         }
    4458. 

  4458.         
    4459. 

  4459.         // saving
    4460. 

  4460.         if (!isset($error)) {
    4461. 

  4461.             if (!$am->saveFileByType( 'accessfile' )) {
    4462. 

  4462.                 $error  = $am->getError();
    4463. 

  4463.             }
    4464. 

  4464.         }
    4465. 

  4465.         
    4466. 

  4466.         if (isset($error)) {
    4467. 

  4467.             print '<div class="warning">' . fmt_message($error) . "</div>\n";
    4468. 

  4468.             return;
    4469. 

  4469.         }
    4470. 

  4470.         
    4471. 

  4471.         $message = $am->M('FILEUPDSUCCESS', $filepath);
    4472. 

  4472.         print '<div class="message">' . fmt_message($message) . "</div>\n";
    4473. 

  4473.         return; // ajax
    4474. 

  4474.     }
    4475. 

  4475. 

  4476.     web_header( $am->M('SUBTITLE_ACCESS') );
    4477. 

  4477.     web_menu();
    4478. 

  4478. ?>
    4479. 

  4479.     <div id="righty">
    4480. 

  4480.   
    4481. 

  4481.     <!-- Top page information -->
    4482. 

  4482.     <div class="pagenotes">
    4483. 

  4483.     <h4><?php echo $am->M('SUBTITLE_ACCESS') ?></h4>
    4484. 

  4484.     <div><div class="name">AccessFile</div>
    4485. 

  4485.     <div class="value"><?php echo $am->getPathByType('accessfile') ?></div></div>
    4486. 

  4486.     <div><div class="name">IP Address</div>
    4487. 

  4487.     <div class="value"><?php echo $_SERVER['REMOTE_ADDR']; ?></div></div>
    4488. 

  4488.     </div>
    4489. 

  4489.     
    4490. 

  4490. <?php
    4491. 

  4491. 

  4492.     // ------------- Message ----------------
    4493. 

  4493.     web_message( $message, $error );
    4494. 

  4494.     
    4495. 

  4495.     $noaccessfile = false;
    4496. 

  4496.     
    4497. 

  4497.     $accessFilePath = $am->getPathByType('accessfile');
    4498. 

  4498.     if (!is_file($accessFilePath)) {
    4499. 

  4499.     	echo '<div id="noaccessfile_msg" class="block">';
    4500. 

  4500.         echo '<img src="images/icon_warning.gif" width="20" height="20" align="left" />';
    4501. 

  4501.     	echo $am->M('NOTES_NOACCESSFILE', $accessFilePath);
    4502. 

  4502. 		echo '</div>';
    4503. 

  4503. 		$noaccessfile = true;
    4504. 

  4504.     } else {
    4505. 

  4505.     	echo '<div id="noaccessfile_msg" class="block" style="display:none;"></div>';
    4506. 

  4506.     }
    4507. 

  4507. ?>
    4508. 

  4508. 

  4509.     <form id="edit_form" name="edit_form" onSubmit="javascript:accessOnSubmit('edit_form'); return false;">
    4510. 

  4510.     
    4511. 

  4511. <!-- ACCESS RULES -->
    4512. 

  4512.     <fieldset>
    4513. 

  4513.       <legend><?php echo $am->M('LEGEND_ACCESSRULES') ?></legend>
    4514. 

  4514. 

  4515.       <div>
    4516. 

  4516.         <label for="authtype" class="required">AuthType</label>
    4517. 

  4517.         <select id="authtype" name="authtype">
    4518. 

  4518.             <option value="basic" class="cyan-item" selected="selected">Basic</option>
    4519. 

  4519.         </select>
    4520. 

  4520.       </div>
    4521. 

  4521. 

  4522. <?php
    4523. 

  4523. 	$authname =  $am->getAccessRuleByType('accessfile', 'authname');
    4524. 

  4524. 	if ($noaccessfile || !isset($authname) || $authname=='') {
    4525. 

  4525. 		$authname = $am->getConfigValue('authname');
    4526. 

  4526. 	}
    4527. 

  4527. ?>
    4528. 

  4528.       <div>
    4529. 

  4529.         <label for="authname" class="required">AuthName</label>
    4530. 

  4530.         <input id="authname" type="text" name="authname" size="40" maxlength="255" class="required" 
    4531. 

  4531.             value="<?php echo htmlEncode($authname) ?>" />
    4532. 

  4532.       </div>
    4533. 

  4533. 

  4534.       <div>
    4535. 

  4535.         <label for="required" class="required">Require Policy</label>
    4536. 

  4536.         <select id="require" name="require" class="required">
    4537. 

  4537.             <option value="valid-user" class="green-item"><?php echo $am->M('REQUIRE_ALLVALIDUSERS') ?></option>
    4538. 

  4538.         </select>
    4539. 

  4539.       </div>
    4540. 

  4540. 

  4541. <?php
    4542. 

  4542. 	$def_authuserfile = $am->getDefaultFilePathByType('authuserfile');	
    4543. 

  4543. 	$authuserfile = htmlEncode($am->getPathByType('authuserfile'));
    4544. 

  4544. 	if ($noaccessfile) {
    4545. 

  4545. 		$authuserfile = $def_authuserfile;
    4546. 

  4546. 	}
    4547. 

  4547. ?>
    4548. 

  4548.     
    4549. 

  4549.       <div>
    4550. 

  4550.         <label for="authuserfile" class="required">AuthUserFile</label>
    4551. 

  4551.         <input id="authuserfile" type="text" name="authuserfile" size="40" maxlength="255" class="required" 
    4552. 

  4552.                <?php if ($def_authuserfile==$authuserfile) { echo " disabled "; } ?>
    4553. 

  4553. 			   value="<?php echo $authuserfile ?>" />
    4554. 

  4554.         <nobr>
    4555. 

  4555.         <input type="checkbox" id="defauthuserfile" name="defauthuserfile" value="1"
    4556. 

  4556. 			   <?php if ($def_authuserfile==$authuserfile) { echo " checked=\"checked\" "; } ?> 
    4557. 

  4557.                onClick="javascript:accessOnDefAuthUserFile('edit_form');" /> <?php echo $am->M('USEDEFAULT') ?>
    4558. 

  4558.         </nobr>
    4559. 

  4559.       </div>
    4560. 

  4560.     </fieldset>
    4561. 

  4561. 

  4562. <!-- MISSING FILES -->    
    4563. 

  4563.     <fieldset>
    4564. 

  4564.        <legend><?php echo $am->M('LEGEND_MISSINGFILES') ?></legend>     
    4565. 

  4565.         <div>
    4566. 

  4566.             <label for="createmissingfiles" class=""><?php echo $am->M('FIELD_MISSINGFILES') ?></label>
    4567. 

  4567.             <input type="checkbox" id="createmissingfiles" name="createmissingfiles" value="1"
    4568. 

  4568.              <?php if (!hasParam('createmissingfiles')) { echo ' checked="checked"'; } ?> />
    4569. 

  4569.              <?php echo $am->M('FLDNOTES_MISSINGFILES') ?>
    4570. 

  4570.         </div>
    4571. 

  4571.     </fieldset> 
    4572. 

  4572. 

  4573. <!-- IP/DOMAIN Access rules -->    
    4574. 

  4574.     <fieldset>
    4575. 

  4575.        <legend><?php echo $am->M('LEGEND_IPDOMAINRULES') ?></legend>     
    4576. 

  4576.         <div>
    4577. 

  4577.             <label for="order" class="optional"><?php echo $am->M('FIELD_DEFAULTRULE') ?></label>
    4578. 

  4578.             <select name="order" id="order" class="optional">
    4579. 

  4579.                 <option value="">| Not set... </option>
    4580. 

  4580.                 <option <?php 
    4581. 

  4581.                         if ($am->getAccessRuleByType('accessfile', 'order') == 'allow') {
    4582. 

  4582.                             echo ' selected="selected" ';
    4583. 

  4583.                         } ?>  
    4584. 

  4584.                         style="background: #efe;" value="allow">Allow from all</option>
    4585. 

  4585.                 <option <?php 
    4586. 

  4586.                         if ($am->getAccessRuleByType('accessfile', 'order') == 'deny') {
    4587. 

  4587.                             echo ' selected="selected" ';
    4588. 

  4588.                         } ?>
    4589. 

  4589.                         style="background: #fee;" value="deny">Deny from all</option>
    4590. 

  4590.             </select>
    4591. 

  4591.             <a id="help-order" href="javascript:void(0);" onClick="$('access-order-description').show(); $('help-order').hide();"><img src="images/help.png" alt="Help" /></a>
    4592. 

  4592.         </div>
    4593. 

  4593. 

  4594.         <div id="access-order-description" class="block-help" style="display: none;">
    4595. 

  4595.             Controls the default access state and the order in which Allow and Deny are evaluated.
    4596. 

  4596.             <a target="_blank" class="linkexternal" href="http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order">more</a>
    4597. 

  4597.         </div>
    4598. 

  4598. <div>
    4599. 

  4599. <table width="100%">
    4600. 

  4600. <tr>
    4601. 

  4601. <td><?php echo $am->M('FIELD_ALLOWEDHOSTS') ?></td>
    4602. 

  4602. <td><?php echo $am->M('FIELD_DENIEDHOSTS') ?></td>
    4603. 

  4603. </tr>
    4604. 

  4604. <td width="50%"><select id="access_allow" name="access_allow[]" size="5" multiple class="optional" style='width: 100%; background: #efe;' onChange='accessListChoose("access_allow");'>
    4605. 

  4605.                 <option value="">-- add new --</option>
    4606. 

  4606.             </select>
    4607. 

  4607. </td>
    4608. 

  4608. <td width="50%"><select id="access_deny" name="access_deny[]" size="5" multiple class="optional" style='width: 100%; background: #fee;' onChange='accessListChoose("access_deny");'>
    4609. 

  4609.                 <option value="">-- add new --</option>
    4610. 

  4610.             </select>
    4611. 

  4611. </td>
    4612. 

  4612. </tr>
    4613. 

  4613. 

  4614. <tr>
    4615. 

  4615. <td>
    4616. 

  4616.     <input id="access_allow_edit" name="access_allow_edit" type="text" />
    4617. 

  4617.     <a href="javascript:void(0);" onClick="javascript:accessListEdit('access_allow'); return false;"><img src="images/approve.gif" alt="Approve" /></a>
    4618. 

  4618.     <a href="javascript:void(0);" onClick="javascript:accessListDelete('access_allow'); return false;"><img src="images/decline.gif" alt="Delete" /></a>
    4619. 

  4619. </td>
    4620. 

  4620. <td>
    4621. 

  4621.     <input id="access_deny_edit" name="access_deny_edit" type="text" />
    4622. 

  4622.     <a href="javascript:void(0);" onClick="javascript:accessListEdit('access_deny'); return false;"><img src="images/approve.gif" alt="Approve" /></a>
    4623. 

  4623.     <a href="javascript:void(0);" onClick="javascript:accessListDelete('access_deny'); return false;"><img src="images/decline.gif" alt="Delete" /></a>
    4624. 

  4624. </td>
    4625. 

  4625. </tr>
    4626. 

  4626. 

  4627. </table>
    4628. 

  4628. </div>
    4629. 

  4629.     </fieldset> 
    4630. 

  4630. 

  4631. <script type="text/javascript" language="javascript">
    4632. 

  4632. <?php 
    4633. 

  4633. $allowRecs = $am->getAccessRuleByType('accessfile', 'allow');
    4634. 

  4634. if (is_array($allowRecs)) {
    4635. 

  4635.     foreach ($allowRecs as $k=>$v) {
    4636. 

  4636.         echo '$(\'access_allow\').options[ $(\'access_allow\').options.length ] = ';
    4637. 

  4637.         echo ' new Option( "' . addslashes($v) . '", "' . addslashes($v) . '", false );';
    4638. 

  4638.     }
    4639. 

  4639. }
    4640. 

  4640. $denyRecs = $am->getAccessRuleByType('accessfile', 'deny');
    4641. 

  4641. if (is_array($denyRecs)) {
    4642. 

  4642.     foreach ($denyRecs as $k=>$v) {
    4643. 

  4643.         echo '$(\'access_deny\').options[ $(\'access_deny\').options.length ] = ';
    4644. 

  4644.         echo ' new Option( "' . addslashes($v) . '", "' . addslashes($v) . '", false );';
    4645. 

  4645.     }
    4646. 

  4646. }
    4647. 

  4647. ?>
    4648. 

  4648. </script>
    4649. 

  4649.             
    4650. 

  4650. 

  4651. <!-- 401 handler -->    
    4652. 

  4652.     <fieldset>
    4653. 

  4653.        <legend><?php echo $am->M('LEGEND_HANDLER401') ?></legend>     
    4654. 

  4654. <?php
    4655. 

  4655. 	// ErrorDocument 401 <path>
    4656. 

  4656. 	$deferrordocument401 = $am->getUrlByType('errordocument401');	
    4657. 

  4657. 	$errordocument401 = htmlEncode($am->getAccessRuleByType('accessfile', 'errordocument401'));
    4658. 

  4658. 	if ($noaccessfile) {
    4659. 

  4659. 		$errordocument401 = $deferrordocument401;
    4660. 

  4660. 	}
    4661. 

  4661. ?>
    4662. 

  4662.       <div>
    4663. 

  4663.         <label for="enableerrordocument401" class=""><?php echo $am->M('FIELD_HANDLER401') ?></label>
    4664. 

  4664.         <input type="checkbox" id="enableerrordocument401" name="enableerrordocument401" value="1"
    4665. 

  4665. 			   <?php if ($errordocument401!='') { echo " checked=\"checked\" "; } ?> 
    4666. 

  4666.                onClick="javascript:accessOnEnableErrorDocument401('edit_form');" /> <?php echo $am->M('ENABLE') ?>
    4667. 

  4667.       </div>
    4668. 

  4668. 

  4669.       <div id="editErrordocument401" style="display:<?php echo ($errordocument401=='' ?'none' : 'block') ?>;">
    4670. 

  4670. <?php
    4671. 

  4671. 	if ($errordocument401 == '') {
    4672. 

  4672. 		$errordocument401 = $deferrordocument401;
    4673. 

  4673. 	}
    4674. 

  4674. ?>
    4675. 

  4675.         <label for="errordocument401" class=""><?php echo $am->M('FIELD_LOCATION401') ?></label>
    4676. 

  4676.         <input type="text" id="errordocument401" name="errordocument401" size="40" maxlength="255" class="" 
    4677. 

  4677.                <?php if ($deferrordocument401==$errordocument401) { echo " disabled "; } ?>
    4678. 

  4678. 			   value="<?php echo $errordocument401 ?>" />
    4679. 

  4679. 

  4680.         <nobr>
    4681. 

  4681.         <input type="checkbox" id="deferrordocument401" name="deferrordocument401" value="1"
    4682. 

  4682. 			   <?php if ($deferrordocument401==$errordocument401) { echo " checked=\"checked\" "; } ?> 
    4683. 

  4683.                onClick="javascript:accessOnDefErrorDocument401('edit_form');" /> <?php echo $am->M('USEDEFAULT') ?>
    4684. 

  4684.         </nobr>
    4685. 

  4685.       </div>
    4686. 

  4686.             
    4687. 

  4687.     </fieldset>
    4688. 

  4688. 

  4689.     <div class="buttonrow">
    4690. 

  4690.         <div id="edit_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('SAVING') ?></span></div>
    4691. 

  4691.         <input type="hidden" name="page" value="access" />
    4692. 

  4692.         <input type="hidden" name="action" value="updateaccess" />
    4693. 

  4693.         <?php echo htmlSubmit('submit') ?>
    4694. 

  4694.         <?php echo htmlReset('reset') ?>
    4695. 

  4695.     </div>
    4696. 

  4696.     </form>
    4697. 

  4697. 

  4698.     <div class="spacer30"></div>
    4699. 

  4699.     
    4700. 

  4700. <?php
    4701. 

  4701.     echo '</div>'; // righty
    4702. 

  4702.     web_footer();
    4703. 

  4703. }
    4704. 

  4704. /* the end of 'access' module */
    4705. 

  4705. 

  4706. 

  4707. /**
    4708. 

  4708.  * Output support information
    4709. 

  4709.  *
    4710. 

  4710.  * @return void
    4711. 

  4711.  */
    4712. 

  4712. function showPage_support()
    4713. 

  4713. {
    4714. 

  4714.     global $am;
    4715. 

  4715. 

  4716.     // check access rights
    4717. 

  4717.     if (!$am->isAuthenticated()) {
    4718. 

  4718.     	$_SESSION['durl'] = $_SERVER['REQUEST_URI'];
    4719. 

  4719.         showPage_401( true );
    4720. 

  4720.         exit;
    4721. 

  4721.     }
    4722. 

  4722. 

  4723.     $message = $error = null;
    4724. 

  4724.     $action = getParam('action', null, 'attribute');
    4725. 

  4725.     
    4726. 

  4726.     // ------------- Ajax Actions ----------------    
    4727. 

  4727. 

  4728.     // Ajax Action: send email to administrator 
    4729. 

  4729.     if ($action == 'supportrequest' && !$am->isAdmin()) {
    4730. 

  4730. 		$userData = $am->getAuthenticatedUser();
    4731. 

  4731. 		
    4732. 

  4732. 		$userData['requestsubject'] = getParam('subject', null, 'subject');
    4733. 

  4733. 		$userData['requestbody'] = getParam('body', null, array('htmlcode','max4k'));
    4734. 

  4734. 		
    4735. 

  4735. 		// sending email to adminitrator
    4736. 

  4736. 		if (!$am->sendMail('memberreq', $userData)) {
    4737. 

  4737. 			$error = $am->getError();
    4738. 

  4738. 		}
    4739. 

  4739. 		
    4740. 

  4740.         if (isset($error)) {
    4741. 

  4741.             echo '<div class="warning">' . fmt_message($error) . "</div>\n";
    4742. 

  4742.         } else {
    4743. 

  4743.             $message = $am->M('INFO_EMAILSENT');
    4744. 

  4744.             echo '<div class="message">' . fmt_message($message) . "</div>\n";
    4745. 

  4745.         }
    4746. 

  4746.         exit;
    4747. 

  4747. 	}
    4748. 

  4748.    
    4749. 

  4749.     web_header( $am->M('SUBTITLE_SUPPORT') );
    4750. 

  4750.     web_menu();
    4751. 

  4751.     echo '<div id="righty">'; // righty
    4752. 

  4752. 

  4753.     // ------------- Information ----------------
    4754. 

  4754.     echo '<div class="pagenotes">';
    4755. 

  4755.     echo '<h4>' . $am->M('SUBTITLE_SUPPORT') . '</h4>';
    4756. 

  4756. 

  4757.     echo '<div><div class="name">'.$am->M('PROJECTHOMEPAGE').'</div>';
    4758. 

  4758.     echo '<div class="value"><a target="_blank" href="http://www.authman.com/">www.authman.com</a></div></div>';
    4759. 

  4759. 

  4760.     echo '<div><div class="name">'.$am->M('VERSION').'</div>';
    4761. 

  4761.     echo '<div class="value">' . $am->getVersion() . '</div></div>';
    4762. 

  4762.     echo '</div>';
    4763. 

  4763. 

  4764.     // ------------- Message ----------------
    4765. 

  4765.     web_message( $message, $error );
    4766. 

  4766. 

  4767.     // ------------- AccessFile ----------------
    4768. 

  4768.     $filepath = $am->getPathByType('accessfile');
    4769. 

  4769.     print '<div id="accessfile_message">';
    4770. 

  4770.     if (!is_file($filepath)) {
    4771. 

  4771.         print '<div class="block">';
    4772. 

  4772.         print $am->E('NOSUCHFILE', $filepath);
    4773. 

  4773.         print '</div>';
    4774. 

  4774.     } 
    4775. 

  4775.     print '</div>';
    4776. 

  4776. ?>
    4777. 

  4777. 

  4778. <?php if ($am->isAuthenticated() && !$am->isAdmin()) { ?>
    4779. 

  4779. <!-- Support FORM: contact request -->
    4780. 

  4780. <div id="supportRequest_container" style="display: block;">
    4781. 

  4781.     <h1><?php echo $am->M('SUBTITLE_SUPPORTREQUEST') ?></h1>
    4782. 

  4782. 

  4783.     <p id="supportRequest_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    4784. 

  4784.       
    4785. 

  4785.     <form id="supportRequest" name="supportRequest" onSubmit="javascript:return supportOnSubmitForm(this);">
    4786. 

  4786.     <fieldset>
    4787. 

  4787.     <legend><?php echo $am->M('LEGEND_SUPPORTREQUEST') ?></legend>
    4788. 

  4788. 

  4789.       <div>
    4790. 

  4790.         <label for="subject" class="required"><?php echo $am->M('FIELD_MAILSUBJECT') ?></label>
    4791. 

  4791.         <input name="subject" type="text" maxlength="255" class="required" />
    4792. 

  4792.       </div>
    4793. 

  4793. 

  4794.       <div>
    4795. 

  4795.         <label for="body" class="required"><?php echo $am->M('FIELD_MAILBODY') ?></label>
    4796. 

  4796.       </div> 
    4797. 

  4797.       
    4798. 

  4798.       <div><textarea name="body" class="filecontent required" wrap="off"></textarea>
    4799. 

  4799.       </div>
    4800. 

  4800. 	               
    4801. 

  4801.     </fieldset>
    4802. 

  4802.     <div class="buttonrow">
    4803. 

  4803.           <div id="supportRequest_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" />
    4804. 

  4804.             <span><?php echo $am->M('SAVING') ?></span>
    4805. 

  4805.           </div>
    4806. 

  4806.         <input type="hidden" name="page" value="support" />
    4807. 

  4807.         <input type="hidden" name="action" value="supportrequest" />
    4808. 

  4808. 	    <?php echo htmlInput('submit', 'supportRequest_submit', $am->M('SUBMIT')) ?>
    4809. 

  4809. 	    <?php echo htmlReset('supportRequest_reset', 'onclick="javascript:supportResetForm(\'supportRequest\');"') ?>
    4810. 

  4810. 

  4811.     </div>
    4812. 

  4812.     </form>
    4813. 

  4813. <div class="spacer30"></div>
    4814. 

  4814. </div>
    4815. 

  4815. <!-- end of contact form -->	
    4816. 

  4816. <?php } // authenticated and not admin ?>
    4817. 

  4817. 

  4818. <?php if ($am->isAdmin()) { ?>
    4819. 

  4819.     <h1><?php echo $am->M('SUBTITLE_SOFTWARESUPPORT') ?></h1>
    4820. 

  4820.     <?php echo $am->M('ADMIN_SUPPORT_TEXT') ?>
    4821. 

  4821.     <div class="spacer30"></div>
    4822. 

  4822.     <div class="block">
    4823. 

  4823.         <a href="http://www.authman.com/bugtrack" target="_blank"><?php echo $am->M('ADMIN_SUPPORT_SUBMITBUG') ?></a>
    4824. 

  4824.     </div>
    4825. 

  4825.     <div class="spacer30"></div>
    4826. 

  4826. <?php } ?>
    4827. 

  4827. 	
    4828. 

  4828. </div>
    4829. 

  4829. <?php
    4830. 

  4830.     web_footer();
    4831. 

  4831. }
    4832. 

  4832. /* the end of 'support' module */
    4833. 

  4833. 

  4834. 

  4835. /**
    4836. 

  4836.  * Member Settings
    4837. 

  4837.  *
    4838. 

  4838.  * @return void
    4839. 

  4839.  */
    4840. 

  4840. function showPage_edit()
    4841. 

  4841. {
    4842. 

  4842.     global $am;
    4843. 

  4843. 

  4844.     // Checking access rights
    4845. 

  4845.     if (!$am->isAuthenticated()) {
    4846. 

  4846.     	$_SESSION['durl'] = $_SERVER['REQUEST_URI'];
    4847. 

  4847.         showPage_401();
    4848. 

  4848.         exit;
    4849. 

  4849.     }
    4850. 

  4850. 

  4851.     // This module is for members only
    4852. 

  4852.     if ($am->isAdmin()) {
    4853. 

  4853.     	showPage_users();
    4854. 

  4854.     	exit;
    4855. 

  4855.     }
    4856. 

  4856. 

  4857.     $message = $error = null;
    4858. 

  4858.     $action = getParam('action', null, 'attribute');
    4859. 

  4859. 

  4860.     // ------------- Ajax Actions ----------------
    4861. 

  4861. 

  4862.     // Ajax Action: Update member account 
    4863. 

  4863.     if ($action == 'update') {
    4864. 

  4864.     	$userData = $am->getAuthenticatedUser();
    4865. 

  4865. 

  4866.         if (!isset($error)) {
    4867. 

  4867.             $userData['info'] = getParam('realname', null, 'field');
    4868. 

  4868.             $userData['email'] = getParam('email', null, 'email');
    4869. 

  4869. 

  4870.             if (hasParam('password')) {
    4871. 

  4871.                 $rawpass = getParam('password', null, 'password');
    4872. 

  4872.                 if (isset($rawpass) && $rawpass != '') {
    4873. 

  4873.                     // we can't set pass_raw because "login as" function will fail
    4874. 

  4874.                     $userData['pass'] = $am->htcrypt($rawpass);
    4875. 

  4875.                 }
    4876. 

  4876.             }
    4877. 

  4877. 

  4878.             # update / insert
    4879. 

  4879.             if (!$am->setRecordByType('authuserfile', $userData['name'],
    4880. 

  4880.                                       $userData, true)) {
    4881. 

  4881.                 $error = $am->E('MEMBERUPDATEFAILED')
    4882. 

  4882.                        . ': ' . $am->getError();
    4883. 

  4883.             }
    4884. 

  4884.         }
    4885. 

  4885. 

  4886.         if (!isset($error) && hasParam('password')) {
    4887. 

  4887.     		$am->loginAs($userData['name'], $userData['pass']);
    4888. 

  4888.         }
    4889. 

  4889. 

  4890.         if (isset($error)) {
    4891. 

  4891.             echo '<div class="warning">' . fmt_message($error) . "</div>\n";
    4892. 

  4892.             exit;
    4893. 

  4893.         }
    4894. 

  4894. 

  4895.         $message = $am->M('MEMBERUPDSUCCESS');
    4896. 

  4896.         echo '<div class="message">' . fmt_message($message) . "</div>\n";
    4897. 

  4897.         exit;
    4898. 

  4898. 

  4899.     }
    4900. 

  4900. 

  4901.     web_header( $am->M('SUBTITLE_MEMBEREDIT') );
    4902. 

  4902.     web_menu();
    4903. 

  4903. 

  4904.     $userData = $am->getAuthenticatedUser();
    4905. 

  4905. 

  4906. ?>
    4907. 

  4907. <div id="righty">
    4908. 

  4908. 

  4909. <h1><?php echo $am->M('SUBTITLE_MEMBEREDIT') ?></h1>
    4910. 

  4910. 

  4911. 

  4912. <!-- Page Message -->
    4913. 

  4913. <?php web_message( $message, $error ); ?>
    4914. 

  4914. 

  4915. <!-- Member Settings FORM: EDIT Account -->
    4916. 

  4916. <div id="memberEdit_container" style="display: display;">
    4917. 

  4917.   <form id="memberEdit" name="memberEdit" method="post" onSubmit="javascript:return memberOnSubmitForm(this);">
    4918. 

  4918.   <p id="memberEdit_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    4919. 

  4919. 

  4920.   <fieldset>
    4921. 

  4921.     <legend><?php echo $am->M('LEGEND_MEMBEREDIT') ?></legend>
    4922. 

  4922.     <div>
    4923. 

  4923.       <label for="username" class=""><?php echo $am->M('FIELD_USERNAME') ?></label>
    4924. 

  4924.       <?php echo htmlspecialchars($userData['name']) ?>
    4925. 

  4925.     </div>
    4926. 

  4926.     <div>
    4927. 

  4927.       <label for="password"><?php echo $am->M('FIELD_NEWPASSWORD') ?></label>
    4928. 

  4928.       <input id="memberEdit_password" type="text" name="password" maxlength="255" />
    4929. 

  4929.       <input type="button" value="<?php echo $am->M('GENERATE') ?>" onclick="javascript:mainGeneratePassword2('memberEdit');" />
    4930. 

  4930.     </div>
    4931. 

  4931.     <div>
    4932. 

  4932.       <label for="realname" class="required"><?php echo $am->M('FIELD_REALNAME') ?></label>
    4933. 

  4933.       <input id="memberEdit_realname" type="text" name="realname" size="40" maxlength="255"  class="required" value="<?php echo htmlspecialchars($userData['info']) ?>" />
    4934. 

  4934.     </div>
    4935. 

  4935.     <div>
    4936. 

  4936.       <label for="email" class="required"><?php echo $am->M('FIELD_EMAIL') ?></label>
    4937. 

  4937.       <input id="memberEdit_email" type="text" name="email" size="40" maxlength="255" class="required" value="<?php echo htmlspecialchars($userData['email']) ?>" />
    4938. 

  4938.     </div>
    4939. 

  4939.   </fieldset>
    4940. 

  4940. 

  4941.   <div class="buttonrow">
    4942. 

  4942.       <div id="memberEdit_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" />
    4943. 

  4943.         <span><?php echo $am->M('SAVING') ?></span>
    4944. 

  4944.       </div>
    4945. 

  4945.       <input type="hidden" name="page" value="edit" />
    4946. 

  4946.       <input type="hidden" name="action" value="update" />
    4947. 

  4947.       <?php echo htmlSubmit('submit') ?>
    4948. 

  4948.       <?php echo htmlReset('reset') ?>
    4949. 

  4949.   </div>
    4950. 

  4950. 

  4951.   </form>
    4952. 

  4952. </div>
    4953. 

  4953. <div class="spacer30"></div>
    4954. 

  4954. <!-- end of member edit form -->
    4955. 

  4955. 

  4956. <!-- end of righty -->
    4957. 

  4957. </div>
    4958. 

  4958. 

  4959. <?php
    4960. 

  4960.     web_footer();
    4961. 

  4961. }
    4962. 

  4962. /* the end of 'member' module */
    4963. 

  4963. 

  4964. /**
    4965. 

  4965.  * Delete Member Account
    4966. 

  4966.  *
    4967. 

  4967.  * @return void
    4968. 

  4968.  */
    4969. 

  4969. function showPage_remove()
    4970. 

  4970. {
    4971. 

  4971.     global $am;
    4972. 

  4972. 

  4973.     // Checking access rights
    4974. 

  4974.     if (!$am->isAuthenticated()) {
    4975. 

  4975.     	$_SESSION['durl'] = $_SERVER['REQUEST_URI'];
    4976. 

  4976.         showPage_401();
    4977. 

  4977.         exit;
    4978. 

  4978.     }
    4979. 

  4979. 

  4980.     // This module is for members only
    4981. 

  4981.     if ($am->isAdmin()) {
    4982. 

  4982.     	showPage_users();
    4983. 

  4983.     	exit;
    4984. 

  4984.     }
    4985. 

  4985. 

  4986.     $message = $error = null;
    4987. 

  4987.     $action = getParam('action', null, 'attribute');
    4988. 

  4988. 

  4989.     // Member action: delete account
    4990. 

  4990.     if ($action == 'remove') {
    4991. 

  4991.     	$userData = $am->getAuthenticatedUser();
    4992. 

  4992. 

  4993. 		if (!isset($error)) {
    4994. 

  4994. 			// removing
    4995. 

  4995. 			if (!$am->setRecordByType('authuserfile', $userData['name'],
    4996. 

  4996. 			                          null, true )) {
    4997. 

  4997. 				$error = $am->E('USERDELETEFAILED', $userData['name'])
    4998. 

  4998. 				       . ': ' . $am->getError();
    4999. 

  4999. 			}
    5000. 

  5000. 

  5001. 			// sending email to adminitrator
    5002. 

  5002. 			if (!$am->sendMail('memberdel', $userData)) {
    5003. 

  5003. 				$am->clearError();
    5004. 

  5004. 			}
    5005. 

  5005. 		}
    5006. 

  5006. 

  5007. 		if (!isset($error)) {
    5008. 

  5008. 			showPage_logout();
    5009. 

  5009. 			exit;
    5010. 

  5010. 		}
    5011. 

  5011.     }
    5012. 

  5012. 

  5013.     web_header( $am->M('SUBTITLE_MEMBERDELETE') );
    5014. 

  5014.     web_menu();
    5015. 

  5015. 

  5016. 

  5017. ?>
    5018. 

  5018. <div id="righty">
    5019. 

  5019. 

  5020. <h1><?php echo $am->M('SUBTITLE_MEMBERDELETE') ?></h1>
    5021. 

  5021. 

  5022. <!-- Page Message -->
    5023. 

  5023. <?php web_message( $message, $error ); ?>
    5024. 

  5024. 

  5025. <!-- Member settings FORM: delete -->
    5026. 

  5026. <div id="memberDelete_container" style="display: display;">
    5027. 

  5027. 

  5028. <form id="memberDelete" name="memberDelete" method="post">
    5029. 

  5029. <fieldset>
    5030. 

  5030. <legend><?php echo $am->M('LEGEND_MEMBERDELETE') ?></legend>
    5031. 

  5031.    <p id="memberDelete_msg" class="formmessage"><?php echo $am->M('Q_MEMBERDELETE'); ?></p>
    5032. 

  5032. </fieldset>
    5033. 

  5033. <div class="buttonrow">
    5034. 

  5034.     <input type="hidden" name="page" value="remove" />
    5035. 

  5035.     <input type="hidden" name="action" value="remove" />
    5036. 

  5036.     <input type="submit" id="submit" name="submit" value="<?php echo $am->M('CONFIRM') ?>" />
    5037. 

  5037.     <input type="submit" id="cancel" name="cancel" value="<?php echo $am->M('CANCEL') ?>"
    5038. 

  5038.        onClick="javascript:document.location='index.php?page=home'; return false;" />
    5039. 

  5039. </div>
    5040. 

  5040. </form>
    5041. 

  5041. 

  5042. </div>
    5043. 

  5043. <div class="spacer30"></div>
    5044. 

  5044. <!-- end of member delete form -->
    5045. 

  5045. 

  5046. <!-- end of righty -->
    5047. 

  5047. </div>
    5048. 

  5048. 

  5049. <?php
    5050. 

  5050.     web_footer();
    5051. 

  5051. }
    5052. 

  5052. /* the end of 'remove' module */
    5053. 

  5053. 

  5054. /**
    5055. 

  5055.  * Member Password Recovering (step 1)
    5056. 

  5056.  *
    5057. 

  5057.  * @return void
    5058. 

  5058.  */
    5059. 

  5059. function showPage_forgot()
    5060. 

  5060. {
    5061. 

  5061.     global $am;
    5062. 

  5062. 

  5063.     $message = $error = null;
    5064. 

  5064.     $action = getParam('action', null, 'attribute');
    5065. 

  5065. 

  5066.     // Checking access rights  
    5067. 

  5067.     if ($am->isAuthenticated()) {
    5068. 

  5068.     	header("Location: index.php?page=home");
    5069. 

  5069.         exit;
    5070. 

  5070.     }
    5071. 

  5071. 

  5072.     // This module is for members only      
    5073. 

  5073.     if (!$am->hasFeature('phpmailer')) {
    5074. 

  5074.     	$error = $am->M('PASSRECOVERDISABLED');
    5075. 

  5075.     }
    5076. 

  5076. 

  5077.     // Member action: recover password
    5078. 

  5078.     if ($action == 'recover' && !isset($error)) {
    5079. 

  5079.     	$username = getParam('username', null, 'username');
    5080. 

  5080. 

  5081. 		$userData = $am->fetchRecordByType('authuserfile', $username, false);
    5082. 

  5082. 		if (false == $userData) {
    5083. 

  5083.     		$error = $am->E('INCORRECTARGS');
    5084. 

  5084. 		}
    5085. 

  5085. 

  5086. 		$email = getParam('email', null, 'email');
    5087. 

  5087.     	if (!isset($error)) {
    5088. 

  5088.     		if ($email == '') {
    5089. 

  5089. 		    	$error = $am->E('INCORRECTARGS');
    5090. 

  5090.     		} else if (strcasecmp($userData['email'], $email) != 0) {
    5091. 

  5091. 				$error = $am->E('INCORRECTARGS');
    5092. 

  5092.     		}
    5093. 

  5093.     	}
    5094. 

  5094. 

  5095.     	// sending email request to the user
    5096. 

  5096.     	if (!isset($error)) {
    5097. 

  5097.     		// $userData['hashofname'] = md5( $userData['name'] );
    5098. 

  5098.     		$userData['hashofpass'] = md5( $userData['pass'] );
    5099. 

  5099. 			if (!$am->sendMail('userfgt', $userData)) {
    5100. 

  5100. 				$error = $am->getError();
    5101. 

  5101. 			}
    5102. 

  5102.     	}
    5103. 

  5103. 

  5104.     	if (!isset($error)) {
    5105. 

  5105. 	    	$message = $am->M('INFO_EMAILSENT');
    5106. 

  5106.     	}
    5107. 

  5107.     }
    5108. 

  5108. 

  5109.     web_header( $am->M('SUBTITLE_FORGOT') );
    5110. 

  5110.     web_menu();
    5111. 

  5111. 

  5112. ?>
    5113. 

  5113. <div id="righty">
    5114. 

  5114. 

  5115. <h1><?php echo $am->M('SUBTITLE_FORGOT') ?></h1>
    5116. 

  5116. 

  5117. <!-- Page Message -->
    5118. 

  5118. <?php web_message( $message, $error ); ?>
    5119. 

  5119. 

  5120. <!-- Anonymous FORM: recover password -->
    5121. 

  5121. <div id="forgot_container" style="display: <?php echo ($action=='' && !isset($error) && isset($message)) ? 'none' : 'block' ?>;">
    5122. 

  5122. 

  5123. <p id="forgot_msg" class="formmessage"><?php echo $am->M('NOTES_FORGOT'); ?></p>
    5124. 

  5124. 

  5125. <form id="forgot" name="forgot" method="post" nSubmit="javascript:return memberOnSubmitForm(this);">
    5126. 

  5126. <fieldset>
    5127. 

  5127. <legend><?php echo $am->M('LEGEND_FORGOT') ?></legend>
    5128. 

  5128. 

  5129.     <div>
    5130. 

  5130.       <label for="username" class="required"><?php echo $am->M('FIELD_USERNAME') ?></label>
    5131. 

  5131.       <input type="text" name="username"  maxlength="255"  class="required" value="<?php echo getParam('username',null,'htmlspecialchars') ?>" />
    5132. 

  5132.     </div>
    5133. 

  5133. 

  5134.     <div>
    5135. 

  5135.       <label for="email" class="required"><?php echo $am->M('FIELD_EMAIL') ?></label>
    5136. 

  5136.       <input type="text" name="email" maxlength="255" class="required" value="<?php echo getParam('email',null,'htmlspecialchars') ?>" />
    5137. 

  5137.     </div>
    5138. 

  5138. 

  5139. 

  5140. </fieldset>
    5141. 

  5141. <div class="buttonrow">
    5142. 

  5142.     <input type="hidden" name="page" value="forgot" />
    5143. 

  5143.     <input type="hidden" name="action" value="recover" />
    5144. 

  5144.     <input type="submit" id="submit" name="submit" value="<?php echo $am->M('CONFIRM') ?>" />
    5145. 

  5145.     <input type="submit" id="cancel" name="cancel" value="<?php echo $am->M('CANCEL') ?>"
    5146. 

  5146.        onClick="javascript:document.location='index.php?page=home'; return false;" />
    5147. 

  5147. </div>
    5148. 

  5148. </form>
    5149. 

  5149. 

  5150. </div>
    5151. 

  5151. <!-- end of recover form -->
    5152. 

  5152. 

  5153. <div class="spacer30"></div>
    5154. 

  5154. 

  5155. <!-- end of righty -->
    5156. 

  5156. </div>
    5157. 

  5157. 

  5158. <?php
    5159. 

  5159.     web_footer();
    5160. 

  5160. }
    5161. 

  5161. /* the end of 'forgot' module */
    5162. 

  5162. 

  5163. /**
    5164. 

  5164.  * Member Password Recovernig (step 2)
    5165. 

  5165.  *
    5166. 

  5166.  * @return void
    5167. 

  5167.  */
    5168. 

  5168. function showPage_recover()
    5169. 

  5169. {
    5170. 

  5170.     global $am;
    5171. 

  5171. 

  5172.     $message = $error = null;
    5173. 

  5173.     $action = getParam('action', null, 'attribute');
    5174. 

  5174. 

  5175.     if ($am->isAuthenticated()) {
    5176. 

  5176.     	header("Location: index.php?page=home");
    5177. 

  5177.         exit;
    5178. 

  5178.     }
    5179. 

  5179. 

  5180.     if (!$am->hasFeature('phpmailer')) {
    5181. 

  5181.     	$error = $am->M('PASSRECOVERDISABLED');
    5182. 

  5182.     }
    5183. 

  5183. 

  5184.     // Member action: recover password
    5185. 

  5185.     if (hasParam('username') && hasParam('key')) {
    5186. 

  5186.     	$username = getParam('username', null, 'username');
    5187. 

  5187. 		$userData = $am->fetchRecordByType('authuserfile', $username, false);
    5188. 

  5188. 		if (false == $userData) {
    5189. 

  5189.     		$error = $am->E('INCORRECTARGS');
    5190. 

  5190. 		}
    5191. 

  5191. 

  5192.     	$key = getParam('key');
    5193. 

  5193.     	if (!isset($key) || $key == '') {
    5194. 

  5194. 	    	$error = $am->E('INCORRECTARGS');
    5195. 

  5195.     	}
    5196. 

  5196. 

  5197.     	if ($key != md5($userData['pass'])) {
    5198. 

  5198.     		$error = $am->E('INCORRECTARGS');
    5199. 

  5199.     	}
    5200. 

  5200. 

  5201.     	// password generator
    5202. 

  5202. 		$totalChar = 6; // number of chars in the password
    5203. 

  5203. 		$salt = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789";  // salt to select chars from
    5204. 

  5204. 		$password=""; // set the inital variable
    5205. 

  5205. 		for ($i=0;$i<$totalChar;$i++) {
    5206. 

  5206.             $password = $password . substr ($salt, rand() % strlen($salt), 1);
    5207. 

  5207. 		}
    5208. 

  5208.     	$pass_enc = $am->htcrypt( $password );
    5209. 

  5209. 

  5210.     	$userData['pass'] = $pass_enc;
    5211. 

  5211. 		$userData['pass_raw'] = $password;
    5212. 

  5212. 

  5213. 		if (!isset($error)) {
    5214. 

  5214.     		// updating user
    5215. 

  5215. 			if (!$am->setRecordByType('authuserfile', $username,
    5216. 

  5216. 			                          $userData, true )) {
    5217. 

  5217. 				$error = $am->E('USERUPDATEFAILED', $username)
    5218. 

  5218. 				       . ': ' . $am->getError();
    5219. 

  5219. 			}
    5220. 

  5220.     	}
    5221. 

  5221. 

  5222.     	if (!isset($error)) {
    5223. 

  5223. 	    	// sending email to the user
    5224. 

  5224. 			if (!$am->sendMail('userrcv', $userData)) {
    5225. 

  5225. 				$error = $am->getError();
    5226. 

  5226. 			}
    5227. 

  5227.     	}
    5228. 

  5228. 

  5229.     	if (!isset($error)) {
    5230. 

  5230. 			// logging in as $username
    5231. 

  5231. 			$am->loginAs($username, $pass_enc);
    5232. 

  5232. 

  5233.     		// redirecting
    5234. 

  5234.         	unset($_SESSION['durl']);
    5235. 

  5235.     		redirect_header('index.php?page=home', 2, $am->M('MSG_PASSWORDRECOVERED'));
    5236. 

  5236. 

  5237.             exit;
    5238. 

  5238.     	}
    5239. 

  5239.     }
    5240. 

  5240. 

  5241.     web_header( $am->M('SUBTITLE_RECOVER') );
    5242. 

  5242.     web_menu();
    5243. 

  5243. 

  5244. ?>
    5245. 

  5245. <div id="righty">
    5246. 

  5246. 

  5247. <h1><?php echo $am->M('SUBTITLE_RECOVER') ?></h1>
    5248. 

  5248. 

  5249. <!-- Page Message -->
    5250. 

  5250. <?php web_message( $message, $error ); ?>
    5251. 

  5251. 

  5252. <!-- Anonymous FORM: recover password -->
    5253. 

  5253. <div id="recover_container" style="display: block;">
    5254. 

  5254. 

  5255. <p id="recover_msg" class="formmessage"><?php echo $am->M('NOTES_RECOVER'); ?></p>
    5256. 

  5256. 

  5257. <form id="recover" name="recover" method="post" onSubmit="javascript:return memberOnSubmitForm(this);">
    5258. 

  5258. <fieldset>
    5259. 

  5259. <legend><?php echo $am->M('LEGEND_RECOVER') ?></legend>
    5260. 

  5260. 

  5261.     <div>
    5262. 

  5262.       <label for="username" class="required"><?php echo $am->M('FIELD_USERNAME') ?></label>
    5263. 

  5263.       <input type="text" name="username"  maxlength="255"  class="required" value="<?php echo getParam('username',null,'htmlspecialchars') ?>" />
    5264. 

  5264.     </div>
    5265. 

  5265. 

  5266.     <div>
    5267. 

  5267.       <label for="key" class="required">Key</label>
    5268. 

  5268.       <input type="text" name="key" maxlength="255" class="required" value="<?php echo getParam('key',null,'htmlspecialchars') ?>" />
    5269. 

  5269.     </div>
    5270. 

  5270. 

  5271. 

  5272. </fieldset>
    5273. 

  5273. <div class="buttonrow">
    5274. 

  5274.     <input type="hidden" name="page" value="recover" />
    5275. 

  5275.     <input type="hidden" name="action" value="recover" />
    5276. 

  5276.     <input type="submit" name="submit" value="<?php echo $am->M('CONFIRM') ?>" />
    5277. 

  5277.     <input type="submit" name="cancel" value="<?php echo $am->M('CANCEL') ?>"
    5278. 

  5278.        onClick="javascript:document.location='index.php?page=home'; return false;" />
    5279. 

  5279. </div>
    5280. 

  5280. </form>
    5281. 

  5281. 

  5282. </div>
    5283. 

  5283. <!-- end of recover form -->
    5284. 

  5284. 

  5285. <div class="spacer30"></div>
    5286. 

  5286. 

  5287. <!-- end of righty -->
    5288. 

  5288. </div>
    5289. 

  5289. 

  5290. <?php
    5291. 

  5291.     web_footer();
    5292. 

  5292. }
    5293. 

  5293. /* the end of 'recover' module */
    5294. 

  5294. 

  5295. /**
    5296. 

  5296.  * Show login form
    5297. 

  5297.  *
    5298. 

  5298.  * @return void
    5299. 

  5299.  */
    5300. 

  5300. function showPage_adminpassword()
    5301. 

  5301. {
    5302. 

  5302.     global $am;
    5303. 

  5303.     $error = $message = null;
    5304. 

  5304.     $action = getParam('action', null, 'attribute');
    5305. 

  5305. 

  5306.     if (!$am->isAdmin()) {
    5307. 

  5307.     	$_SESSION['durl'] = $_SERVER['REQUEST_URI'];
    5308. 

  5308.         showPage_401( true );
    5309. 

  5309.         exit;
    5310. 

  5310.     }
    5311. 

  5311. 

  5312. 	list($admin) = $am->getRecordsByType('authadminfile', null, 1, 0);
    5313. 

  5313. 

  5314.     if ($action == 'skip') {
    5315. 

  5315.         if (isset($_SESSION['durl']) && $_SESSION['durl'] != '') {
    5316. 

  5316. 	    	$durl = $_SESSION['durl'];
    5317. 

  5317. 	    	unset($_SESSION['durl']);
    5318. 

  5318. 	    	redirect_header( $durl, 1, $am->M('LOGGINGIN') );
    5319. 

  5319. 	    }
    5320. 

  5320. 

  5321.         showPage_home();
    5322. 

  5322.         exit;
    5323. 

  5323.     }
    5324. 

  5324. 

  5325.     if ($action == 'change') {
    5326. 

  5326.         $npassword = getParam('npassword', null, 'password');
    5327. 

  5327.         $npassword2 = getParam('npassword2', null, 'password');
    5328. 

  5328. 

  5329.         if (!isset($error)) {
    5330. 

  5330.         	if (!isset($npassword) || $npassword=='') {
    5331. 

  5331.             	$error = $am->E('INVUSERORPASS');
    5332. 

  5332.             } else if (strlen($npassword) < 4) {
    5333. 

  5333.                 $error = $am->E('PASSWORDTOOSHORT', 4);
    5334. 

  5334.         	} else if (strcmp($npassword, $npassword2)!=0) {
    5335. 

  5335.             	$error = $am->W('PASSWORDSMISSMATCHED');
    5336. 

  5336.         	}
    5337. 

  5337.         }
    5338. 

  5338. 

  5339.         if (!isset($error)) {
    5340. 

  5340. 			$admin['pass_raw'] = $npassword;
    5341. 

  5341. 

  5342. 			# update / insert
    5343. 

  5343.             if (!$am->setRecordByType('authadminfile', null, $admin, true, true)) {
    5344. 

  5344.                 $error = $am->E('ADMINUPDATEFAILED', $admin['name'])
    5345. 

  5345.                        . ': ' . $am->getError();
    5346. 

  5346.             }
    5347. 

  5347.         }
    5348. 

  5348. 

  5349.         if (!isset($error)) {
    5350. 

  5350.             $pass_enc = $am->htcrypt( $npassword );
    5351. 

  5351. 

  5352.             $am->loginAs($admin['name'], $pass_enc);
    5353. 

  5353. 

  5354.             if (isset($_SESSION['durl']) && $_SESSION['durl'] != '') {
    5355. 

  5355.             	$durl = $_SESSION['durl'];
    5356. 

  5356.             	unset($_SESSION['durl']);
    5357. 

  5357.             	redirect_header( $durl, 1, $am->M('ADMINUPDSUCCESS', $data['name']));
    5358. 

  5358.             }
    5359. 

  5359. 

  5360.             redirect_header( 'index.php?page=home', 1, $am->M('ADMINUPDSUCCESS', $data['name']));
    5361. 

  5361.         }
    5362. 

  5362.     }
    5363. 

  5363. 

  5364.     web_header( $am->M('ADMINCHANGEPASSWORD') );
    5365. 

  5365.     // web_menu();
    5366. 

  5366. 

  5367.     echo '<div id="righty">'; // righty
    5368. 

  5368. 

  5369.     echo '<h3>' . $am->M('ADMINCHANGEPASSWORD') . '</h3>';
    5370. 

  5370. 

  5371.     // ------------- Message ----------------
    5372. 

  5372.     web_message( $message, $error );
    5373. 

  5373. 

  5374. ?>
    5375. 

  5375. 

  5376.  	<div class="block">
    5377. 

  5377.  	  <img src="images/icon_warning.gif" width="20" height="20" align="left" />
    5378. 

  5378.  	  <?php echo $am->M('NOTES_ADMINHASDEFAULTPASSWORD') ?>
    5379. 

  5379.  	</div>
    5380. 

  5380. 

  5381.     <form id="adminpassword" name="adminpassword" action="index.php" method="post" onSubmit="javascript:return homeOnSubmitForm(this);">
    5382. 

  5382.     <p id="adminpassword_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    5383. 

  5383.     <fieldset>
    5384. 

  5384.         <legend><?php echo $am->M('ADMINCHANGEPASSWORD') ?></legend>
    5385. 

  5385. 

  5386.         <div>
    5387. 

  5387.             <label for="npassword" class="required"><?php echo $am->M('FIELD_PASSWORD') ?></label>
    5388. 

  5388.             <input id="npassword" type="password" name="npassword" maxlength="255" class="required"
    5389. 

  5389.                    value="<?php echo getParam('npassword') ?>" />
    5390. 

  5390.         </div>
    5391. 

  5391.         <div>
    5392. 

  5392.             <label for="npassword2" class="required"><?php echo $am->M('FIELD_PASSWORD2') ?></label>
    5393. 

  5393.             <input id="npassword2" type="password" name="npassword2" maxlength="255" class="required"
    5394. 

  5394.                    value="<?php echo getParam('npassword2') ?>" />
    5395. 

  5395.         </div>
    5396. 

  5396.     </fieldset>
    5397. 

  5397. 

  5398.     <div class="buttonrow">
    5399. 

  5399.         <input type="hidden" name="action" value="change" />
    5400. 

  5400.         <input type="hidden" name="page" value="adminpassword" />
    5401. 

  5401.         <?php echo htmlInput('submit', 'submit', $am->M('BTN_CONFIRM')) ?>
    5402. 

  5402.         <?php echo htmlInput('reset', 'reset', $am->M('BTN_RESET')) ?>
    5403. 

  5403.     </div>
    5404. 

  5404.     </form>
    5405. 

  5405.     <div class="spacer30"></div>
    5406. 

  5406. 

  5407.     <div><a href="index.php?page=adminpassword&action=skip"><?php echo $am->M('CHANGEPASSWORDLATER') ?></a></div>
    5408. 

  5408. 

  5409.     <div class="spacer30"></div>
    5410. 

  5410. <?php
    5411. 

  5411. 

  5412.     echo '</div>'; // righty
    5413. 

  5413.     web_footer();
    5414. 

  5414. }
    5415. 

  5415. 

  5416. /* the end of 'adminpassword' module */
    5417. 

  5417. 

  5418. if (!function_exists("htmlspecialchars_decode")) {
    5419. 

  5419.     function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) {
    5420. 

  5420.         return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style)));
    5421. 

  5421.     }
    5422. 

  5422. }
    5423. 

  5423. 

  5424. /**
    5425. 

  5425.  * Ajax module
    5426. 

  5426.  *
    5427. 

  5427.  * @return void
    5428. 

  5428.  */
    5429. 

  5429. function showPage_ajax()
    5430. 

  5430. {
    5431. 

  5431. 	global $am;
    5432. 

  5432. 	
    5433. 

  5433.     $action = getParam('action', null, 'attribute');
    5434. 

  5434.     if ($action == 'fix') {
    5435. 

  5435.         echo 'TODO';
    5436. 

  5436.         return;
    5437. 

  5437.     }
    5438. 

  5438.     
    5439. 

  5439.     if ($action == 'checkupdate') {
    5440. 

  5440.     	$url = "http://www.authman.com/vc/free";
    5441. 

  5441.     	$fh = @fopen($url, "r");
    5442. 

  5442.     	if (false == $fh) {
    5443. 

  5443.     		echo 'Request failed: ' . $url;
    5444. 

  5444.     		return;
    5445. 

  5445.     	}
    5446. 

  5446.     	
    5447. 

  5447.     	$version = fread($fh, 256);
    5448. 

  5448.     	if (false == $version) {
    5449. 

  5449.     		echo 'Communication failed';
    5450. 

  5450.     		return;
    5451. 

  5451.     	}
    5452. 

  5452. 

  5453.     	$iversion = version2int( $version );
    5454. 

  5454.     	if (false == $iversion) {
    5455. 

  5455.     		echo $version;
    5456. 

  5456.     		return;
    5457. 

  5457.     	}
    5458. 

  5458.     	
    5459. 

  5459.     	if ($iversion > version2int($am->getVersion())) {
    5460. 

  5460.     		$am->setRuntimeValue('updateavailable', $version);
    5461. 

  5461.  	    	echo '<div>' . $am->M('MSG_UPDATE_AVAILABLE', $version, 'http://www.authman.com/download/free') . '</div>';
    5462. 

  5462.     	} else {
    5463. 

  5463.     		$am->setRuntimeValue('updateavailable', null);
    5464. 

  5464. 	    	echo '<div>' . $am->M('MSG_UPDATE_NONEED') . '</div>';
    5465. 

  5465.     	}
    5466. 

  5466.     	$am->setRuntimeValue('updatechecked_ts', time(), true);
    5467. 

  5467.     	
    5468. 

  5468.     	return;
    5469. 

  5469.     }
    5470. 

  5470.     
    5471. 

  5471.     if ($action=='setshowmembernews') {
    5472. 

  5472.         $val = (bool)getParam('value', false, 'intval');
    5473. 

  5473.         $am->setRuntimeValue('showmembernews', $val, true);
    5474. 

  5474.         echo 'DONE';
    5475. 

  5475.         return;
    5476. 

  5476.     }
    5477. 

  5477. 

  5478.     if ($action=='getnews') {
    5479. 

  5479.         echo $am->newsFetchAsHTML();        
    5480. 

  5480.         return;
    5481. 

  5481.     }
    5482. 

  5482. }
    5483. 

  5483. 

  5484. function version2int( $version ) 
    5485. 

  5485. {
    5486. 

  5486. 	$version = trim($version);
    5487. 

  5487. 

  5488. 	$matches = array();
    5489. 

  5489. 	
    5490. 

  5490. 	if (!preg_match('/^(\d+)\.(\d+)\.(\d+)$/', $version, $matches)) {
    5491. 

  5491. 		return false;
    5492. 

  5492. 	}
    5493. 

  5493. 	
    5494. 

  5494. 	return intval( sprintf('%d%03d%03d', 
    5495. 

  5495. 						isset($matches[1]) ? $matches[1] : 0, 
    5496. 

  5496. 						isset($matches[2]) ? $matches[2] : 0,
    5497. 

  5497. 						isset($matches[3]) ? $matches[3] : 0)); 
    5498. 

  5498. }
    5499. 

  5499. 	     
    5500. 

  5500. ################################################################################
    5501. 

  5501. ### HOME
    5502. 

  5502. ################################################################################
    5503. 

  5503. function showPage_home()
    5504. 

  5504. {
    5505. 

  5505.     global $am;
    5506. 

  5506.     
    5507. 

  5507.     $message = $error = null;
    5508. 

  5508. 

  5509.     if ($am->isAuthenticated()) {
    5510. 

  5510.         web_header( $am->M('SUBTITLE_HOME') );
    5511. 

  5511.     } else {
    5512. 

  5512.         web_header();
    5513. 

  5513.     }
    5514. 

  5514. 

  5515.    
    5516. 

  5516.     web_menu();
    5517. 

  5517.     echo '<div id="righty">';
    5518. 

  5518.     
    5519. 

  5519. 	// ----- Anonymous -------------------------------------
    5520. 

  5520.     if (!$am->isAuthenticated()) {
    5521. 

  5521.         echo '<h1>' . $am->M('WELCOME') . '</h1>';
    5522. 

  5522.         web_message( $message, $error );
    5523. 

  5523.         echo '<div>' . $am->M('WELCOME_DEFAULT') . '</div>';
    5524. 

  5524.         if ($am->isDemo()) {
    5525. 

  5525.             echo '<br />';
    5526. 

  5526.             echo '<div><span id="demonote">' . $am->M('WELCOME_DEFAULT_DEMO') . '</span></div>';
    5527. 

  5527.         }
    5528. 

  5528.         echo '<div class="spacer30"></div>';
    5529. 

  5529.         echo '<div class="block">';
    5530. 

  5530.         echo '<ul>';
    5531. 

  5531.         echo '<li><a href="index.php?page=login">' . $am->M('CLICKHERE') .'</a> ' . $am->M('TOLOGIN') . '</li>';
    5532. 

  5532.         echo '<li><a href="../">' . $am->M('CLICKHERE') . '</a> ' . $am->M('TOPROTECTED') . '</li>';
    5533. 

  5533.         echo '</ul>';
    5534. 

  5534.         echo '</div>';
    5535. 

  5535. 

  5536. 	// ----- Member -------------------------------------
    5537. 

  5537. 	} else if (!$am->isAdmin()) {
    5538. 

  5538.         echo '<div class="pagenotes">';
    5539. 

  5539.         echo '<h4>' . $am->M('SUBTITLE_HOME') . '</h4>';		
    5540. 

  5540.         echo '<div><div class="name">' . $am->M('PROTECTEDDIRECTORY') . '</div>';
    5541. 

  5541.         echo '<div class="value">' . $am->getUrlByType('protected', true) . '</div></div>';
    5542. 

  5542.         echo '</div>';
    5543. 

  5543. 

  5544.         echo '<h1>' . $am->M('WELCOME') . '</h1>';
    5545. 

  5545.         web_message( $message, $error );
    5546. 

  5546.         echo '<div>' . $am->M('WELCOME_MEMBER') . '</div>';
    5547. 

  5547.         echo '<div class="spacer30"></div>';
    5548. 

  5548. 

  5549.     // ----- Administrator -------------------------------------
    5550. 

  5550. 	} else {
    5551. 

  5551. 		
    5552. 

  5552. 		// ------------- Information ----------------
    5553. 

  5553.         echo '<div class="pagenotes">';
    5554. 

  5554.         echo '<h4>' . $am->M('SUBTITLE_HOME') . '</h4>';
    5555. 

  5555. 

  5556.         $rtErrors = $am->getRuntimeErrors();
    5557. 

  5557.         if (count($rtErrors)) {
    5558. 

  5558. 

  5559.             $rtCriticals = $am->getRuntimeErrors( true );
    5560. 

  5560. 

  5561.             echo '<div><div class="name">'. $am->M('RUNTIMEWARNINGS') .'</div>';
    5562. 

  5562.             echo '<div class="value">';
    5563. 

  5563. 

  5564.             print 'Found ';
    5565. 

  5565.             if (count($rtCriticals)) {
    5566. 

  5566.                 print count($rtCriticals) . ' critical errors';
    5567. 

  5567.                 print ', ';
    5568. 

  5568.             }
    5569. 

  5569.             print (count($rtErrors)-count($rtCriticals)) . ' warnings';
    5570. 

  5570. 

  5571.             echo '</div></div>';
    5572. 

  5572.         }
    5573. 

  5573. 

  5574.         echo '<div><div class="name">' . $am->M('VERSION') . '</div>';
    5575. 

  5575.         echo '<div class="value">' . $am->getVersion();
    5576. 

  5576.         
    5577. 

  5577.         $updateavailable = $am->getRuntimeValue('updateavailable');
    5578. 

  5578.         if (isset($updateavailable) && $updateavailable != '') {
    5579. 

  5579.         	echo ' [' . $am->M('UPDATEAVAILABLE', $updateavailable) . ']';
    5580. 

  5580.         }        
    5581. 

  5581.         echo '</div></div>';
    5582. 

  5582.         
    5583. 

  5583.         echo '<div><div class="name">' . $am->M('TOTALMEMBERS') . '</div>';
    5584. 

  5584.         echo '<div class="value"><a href="index.php?page=users">';
    5585. 

  5585.         echo $am->getTotalByType('authuserfile');
    5586. 

  5586.         echo '</a>';
    5587. 

  5587. 

  5588.         $newcount = $am->getTotalByType('signupfile');
    5589. 

  5589.         if ($newcount > 0 || $am->getConfigValue('allowsignup')) {
    5590. 

  5590. 	        echo ' ' . $am->M('AND') . ' ';
    5591. 

  5591.             if ($newcount) {
    5592. 

  5592.                 echo '<a href="index.php?page=signups">' . $newcount . '</a>';
    5593. 

  5593.             } else {
    5594. 

  5594.                 echo '0';
    5595. 

  5595.             }
    5596. 

  5596.             echo ' ' . $am->M('AWAITINGCONFIRM') . ' ';
    5597. 

  5597.         }
    5598. 

  5598.         echo '</div></div>';
    5599. 

  5599.         
    5600. 

  5600. 		echo '<div><div class="name">' . $am->M('LASTLOGGEDIN') . '</div>';
    5601. 

  5601. 		if ($am->hasRuntimeValue('lastloggedin_ts')) {
    5602. 

  5602. 			echo '<div class="value">';
    5603. 

  5603. 			echo gmdate('D, d M Y H:i:s', $am->getRuntimeValue('lastloggedin_ts')) . ' GMT';
    5604. 

  5604. 			if ($am->hasRuntimeValue('lastloggedin_ip')) {
    5605. 

  5605. 				echo ' ' . $am->M('FROM') . ' ' .  $am->getRuntimeValue('lastloggedin_ip');
    5606. 

  5606. 			}
    5607. 

  5607. 			echo '</div></div>';
    5608. 

  5608. 		} else {
    5609. 

  5609. 			echo '<div class="value">' . $am->M('NOAVAILABLE') . '</div></div>';
    5610. 

  5610. 		}
    5611. 

  5611. 

  5612. 		
    5613. 

  5613.         echo '</div>';
    5614. 

  5614. 	    
    5615. 

  5615.         echo '<h1>' . $am->M('WELCOME') . '</h1>';
    5616. 

  5616.         echo '<div>' . $am->M('WELCOME_ADMIN') . '</div>';
    5617. 

  5617.         echo '<div class="spacer30"></div>';
    5618. 

  5618. 	    web_message( $message, $error );
    5619. 

  5619. 

  5620.         
    5621. 

  5621.         // rss, news and updates
    5622. 

  5622.         if ($am->hasFeature('magpierss')) {
    5623. 

  5623.             ?>
    5624. 

  5624.             <div id="home-news">
    5625. 

  5625.             <div id="home-news-caption">Authman.com News</div>
    5626. 

  5626.             <div id="home-news-content" style="display:none;">
    5627. 

  5627.                <?php echo $am->M('LOADING') ?>
    5628. 

  5628.             </div>
    5629. 

  5629. 

  5630.             <div id="home-news-action">
    5631. 

  5631.             <div id="news_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('LOADING') ?></span></div>
    5632. 

  5632.             <div id="home-news-hide" style="display:none;"><a href="javascript:void(0)" onClick="javascript:homeShowNews(false,true);return false;"><?php echo $am->M('BTN_HIDENEWS') ?></a></div>
    5633. 

  5633.             <div id="home-news-show" style="display:none;"><a href="javascript:void(0)" onClick="javascript:homeShowNews(true,true);return false;"><?php echo $am->M('BTN_SHOWNEWS') ?></a></div>
    5634. 

  5634.             </div>
    5635. 

  5635.             
    5636. 

  5636.             </div>
    5637. 

  5637.             <div class="spacer30"></div>
    5638. 

  5638.             <?php
    5639. 

  5639.         }
    5640. 

  5640.    
    5641. 

  5641.         // signup requests
    5642. 

  5642.         $newcount = $am->getTotalByType('signupfile');
    5643. 

  5643.         if ($newcount > 0) {
    5644. 

  5644.             echo '<div class="block">';
    5645. 

  5645.             echo $am->M('MSG_AWAITINGCONFIRM', $newcount);
    5646. 

  5646.             echo '</div>';
    5647. 

  5647.             
    5648. 

  5648.             echo '<div class="spacer30"></div>';
    5649. 

  5649.         }
    5650. 

  5650.         
    5651. 

  5651. 	    // software update 
    5652. 

  5652. ?>
    5653. 

  5653. 		<form>
    5654. 

  5654. 		<fieldset>
    5655. 

  5655. 		<div>
    5656. 

  5656. 			<?php echo $am->M('NOTES_SOFTUPDATES') ?>
    5657. 

  5657. 		</div>
    5658. 

  5658. <?php 
    5659. 

  5659. 		$showUpdate = $am->hasRuntimeValue('updateavailable')
    5660. 

  5660.                     && $am->getRuntimeValue('updateavailable') != '';
    5661. 

  5661. 		
    5662. 

  5662. 		echo '<div id="update_msg" class="block" style="display:';
    5663. 

  5663. 		echo $showUpdate ? 'block' : 'none';
    5664. 

  5664. 		echo ';">';
    5665. 

  5665. 

  5666. 		if ($showUpdate) {
    5667. 

  5667. 	    	echo '<div>';
    5668. 

  5668. 		    echo $am->M('UPDATEAVAILABLE', 
    5669. 

  5669. 		                 $am->getRuntimeValue('updateavailable'));
    5670. 

  5670. 	    	echo '</div>';
    5671. 

  5671. 	    	
    5672. 

  5672. 		    if ($am->hasRuntimeValue('updatechecked_ts')) {
    5673. 

  5673. 	    		echo '<div>';
    5674. 

  5674. 	    		echo $am->M('UPDATECHECKED', date('D dS \of M Y', 
    5675. 

  5675. 		    		        $am->getRuntimeValue('lastloggedin_ts')));
    5676. 

  5676. 		    	echo '</div>';
    5677. 

  5677. 			}
    5678. 

  5678. 	    }
    5679. 

  5679. 		echo '</div>';
    5680. 

  5680. ?>
    5681. 

  5681. 		</fieldset>
    5682. 

  5682. 			
    5683. 

  5683. 	    <div class="buttonrow">
    5684. 

  5684. 			<div id="update_loading" class="saving" style="display:none"><img src="images/loadinfo.gif" width="16" height="16" /> <span><?php echo $am->M('CHECKING') ?></span></div>
    5685. 

  5685. 			<input type="submit" value="Check Update" onClick="javascript:homeCheckUpdate(); return false;"/>
    5686. 

  5686. 		</div>
    5687. 

  5687. 		</form>
    5688. 

  5688.         <div class="spacer30"></div>
    5689. 

  5689. <?php
    5690. 

  5690. 	    // the end of software update
    5691. 

  5691. 

  5692.         $rtCriticals = $am->getRuntimeErrors( true );
    5693. 

  5693.         foreach ($rtCriticals as $rtErr) {
    5694. 

  5694.             print '<div class="warning">';
    5695. 

  5695.             print  fmt_message($rtErr['message']);
    5696. 

  5696.             print  ' [#'.$rtErr['errno'].'] ';
    5697. 

  5697.             if (isset($rtErr['recover']) && $rtErr['recover']) {
    5698. 

  5698.                 $url = 'javascript:fixAction('.$rtErr['errno'].');';
    5699. 

  5699.                 print '<div id="fixaction_'.$rtErr['errno'].'">';
    5700. 

  5700.                 print ' <div class="fixit"><a href="' . $url . '">'.$am->M('FIXIT').'</a></div>';
    5701. 

  5701.                 print '</div>';
    5702. 

  5702.             }
    5703. 

  5703.             print '</div>';
    5704. 

  5704.         }
    5705. 

  5705.     } // the end of admin section
    5706. 

  5706.     
    5707. 

  5707.     echo '<div class="spacer30"></div>';
    5708. 

  5708.     echo '</div>'; // righty
    5709. 

  5709.     web_footer();
    5710. 

  5710. 

  5711.     // rss, news and updates
    5712. 

  5712.     if ($am->hasFeature('magpierss')) {
    5713. 

  5713.         // show news if runtime variable shownews isn't set or is equal 1
    5714. 

  5714.         $showNews = !$am->hasRuntimeValue('showmembernews') || (bool)$am->getRuntimeValue('showmembernews');
    5715. 

  5715.         print '<script type="text/javascript">';
    5716. 

  5716.         print 'homeShowNews(' . ($showNews ? 'true' : 'false') . ', false);';
    5717. 

  5717.         print '</script>';
    5718. 

  5718.     }    
    5719. 

  5719. }
    5720. 

  5720.                                 
    5721. 

  5721. ################################################################################
    5722. 

  5722. ### Other pages
    5723. 

  5723. ################################################################################
    5724. 

  5724. 

  5725. /**
    5726. 

  5726.  * Show login form
    5727. 

  5727.  *
    5728. 

  5728.  * @return void
    5729. 

  5729.  */
    5730. 

  5730. function showPage_login()
    5731. 

  5731. {
    5732. 

  5732.     global $am;
    5733. 

  5733.     $error = $message = null;
    5734. 

  5734.     $action = getParam('action', null, 'attribute');
    5735. 

  5735. 

  5736.     $username = isset($_SESSION['am_u']) ? base64_decode($_SESSION['am_u']) : '';
    5737. 

  5737. 

  5738.     if ($action == 'login' && !$am->isAuthenticated()) {
    5739. 

  5739.         $username = getParam('username', null, 'username');
    5740. 

  5740.         $password = getParam('password', null, 'password');
    5741. 

  5741. 

  5742.         if (!isset($password) || $password=='') {
    5743. 

  5743.             $error = $am->E('INVUSERORPASS');
    5744. 

  5744.         }
    5745. 

  5745. 

  5746.         if (!isset($error)) {
    5747. 

  5747.             if ($am->isDemo() && $username=='admin' && $password=='admin') {
    5748. 

  5748.                 list($user) = $am->getRecordsByType('authadminfile', null, 1, 0);  
    5749. 

  5749. 

  5750.             } else {
    5751. 

  5751.                 $user = $am->fetchRecordByType('authuserfile', $username);
    5752. 

  5752.                 if (false == $user) {
    5753. 

  5753.                     $user = $am->fetchRecordByType('authadminfile', $username, true);
    5754. 

  5754.                 }
    5755. 

  5755.             }
    5756. 

  5756.             
    5757. 

  5757.             if (false == $user) {
    5758. 

  5758.                 $error = $am->E('INVUSERORPASS');
    5759. 

  5759.             }
    5760. 

  5760.         }
    5761. 

  5761. 

  5762.         // password checking
    5763. 

  5763.         if (!isset($error)) {       
    5764. 

  5764.             if ($am->isDemo() && $username=='admin' && $password=='admin') {
    5765. 

  5765.                 // it's ok to login as admin / admin
    5766. 

  5766.             } else {
    5767. 

  5767.                 $pass_enc = $am->htcrypt( $password, $user['pass'] );
    5768. 

  5768.                 if ($user['pass'] != $pass_enc) {
    5769. 

  5769.                     $error = $am->E('INVUSERORPASS');
    5770. 

  5770.                 }
    5771. 

  5771.             }
    5772. 

  5772.         }
    5773. 

  5773. 

  5774.         if (!isset($error)) {
    5775. 

  5775.             // logging in
    5776. 

  5776.             $am->loginAs( $user['name'], $user['pass'] );
    5777. 

  5777.             
    5778. 

  5778.             if (!($am->isDemo() && $username=='admin' && $password=='admin')) {
    5779. 

  5779.                 // check for default password
    5780. 

  5780.         	    if ($am->isAdmin() && strcmp($password, 'admin')==0) {
    5781. 

  5781.         		    showPage_adminpassword();
    5782. 

  5782.         		    exit;
    5783. 

  5783.         	    }
    5784. 

  5784.             } 
    5785. 

  5785.             		
    5786. 

  5786.             if (isset($_SESSION['durl']) && $_SESSION['durl'] != '') {
    5787. 

  5787.             	$durl = $_SESSION['durl'];
    5788. 

  5788.             	unset($_SESSION['durl']);
    5789. 

  5789.             	redirect_header( $durl, 1, $am->M('LOGGINGIN') );
    5790. 

  5790.             }
    5791. 

  5791. 

  5792.             showPage_home();
    5793. 

  5793.             exit;
    5794. 

  5794.         }
    5795. 

  5795.     }
    5796. 

  5796. 

  5797.     web_header( $am->M('LOGGINGIN') );
    5798. 

  5798.     web_menu();
    5799. 

  5799. 

  5800.     echo '<div id="righty">'; // righty
    5801. 

  5801. 

  5802.     echo '<h3>' . $am->M('LOGGINGIN') . '</h3>';
    5803. 

  5803. 

  5804.     // ------------- Message ----------------
    5805. 

  5805.     web_message( $message, $error );
    5806. 

  5806. 

  5807.     if ($am->isAuthenticated()) {
    5808. 

  5808.     	$user = $am->getAuthenticatedUser();
    5809. 

  5809. ?>
    5810. 

  5810. 	<div class="block">
    5811. 

  5811. 		<?php echo $am->M('LOGGEDASALREADY', $user['name']) ?>
    5812. 

  5812. 	</div>
    5813. 

  5813. 	<div class="spacer30"></div>
    5814. 

  5814. 		
    5815. 

  5815. <?php
    5816. 

  5816.     } else {
    5817. 

  5817. 

  5818.         if ($am->isDemo()) {
    5819. 

  5819.             echo '<br />';
    5820. 

  5820.             echo '<div><span id="demonote">' . $am->M('WELCOME_DEFAULT_DEMO') . '</span></div>';
    5821. 

  5821.         }
    5822. 

  5822. ?>
    5823. 

  5823. 

  5824.     <form id="login_form" name="login_form" action="index.php" method="post">
    5825. 

  5825.     <p id="login_form_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    5826. 

  5826.     <fieldset>
    5827. 

  5827.         <legend><?php echo $am->M('LOGGINGIN') ?></legend>
    5828. 

  5828. 

  5829.         <?php 
    5830. 

  5830.         $password = '';
    5831. 

  5831.         if ($am->isDemo() && hasParam('demoadmin') && !hasParam('username') && !hasParam('password')) {
    5832. 

  5832.                 $username = $password = 'admin';
    5833. 

  5833.         }
    5834. 

  5834.         ?>
    5835. 

  5835.         
    5836. 

  5836.         <div>
    5837. 

  5837.             <label for="username" class="required"><?php echo $am->M('FIELD_USERNAME') ?></label>
    5838. 

  5838.             <input id="username" type="text" name="username" maxlength="255" class="required" value="<?php echo $username ?>" />
    5839. 

  5839.         </div>
    5840. 

  5840. 

  5841.         <div>
    5842. 

  5842.             <label for="password" class="required"><?php echo $am->M('FIELD_PASSWORD') ?></label>
    5843. 

  5843.             <input id="password" type="password" name="password" maxlength="255" class="required" value="<?php echo $password ?>" />
    5844. 

  5844.         </div>
    5845. 

  5845.     </fieldset>
    5846. 

  5846. 

  5847.     <div class="buttonrow">
    5848. 

  5848.         <input type="hidden" name="action" value="login" />
    5849. 

  5849.         <input type="hidden" name="page" value="login" />
    5850. 

  5850.         <?php echo htmlInput('submit', 'submit', $am->M('SUBMIT')) ?>
    5851. 

  5851.     </div>
    5852. 

  5852.     </form>
    5853. 

  5853.     <div class="spacer30"></div>
    5854. 

  5854.     
    5855. 

  5855.     <div class="block">
    5856. 

  5856.     <ul>
    5857. 

  5857. <?php if ($am->getConfigValue('allowsignup')) { ?>
    5858. 

  5858.         <li><a href="index.php?page=signup"><?php echo $am->M('SIGNUPLINK') ?></a></li>
    5859. 

  5859. <?php } ?>
    5860. 

  5860.         <li><a href="index.php?page=forgot"><?php echo $am->M('FORGOTLINK') ?></a></li>
    5861. 

  5861.     </ul>
    5862. 

  5862.     </div>
    5863. 

  5863.     <div class="spacer30"></div>
    5864. 

  5864. <?php
    5865. 

  5865.     } // not isAuthenticated
    5866. 

  5866.     
    5867. 

  5867.     echo '</div>'; // righty
    5868. 

  5868.     web_footer();
    5869. 

  5869. }
    5870. 

  5870. 

  5871. 

  5872. /**
    5873. 

  5873.  * Show signup form
    5874. 

  5874.  *
    5875. 

  5875.  * @return void
    5876. 

  5876.  */
    5877. 

  5877. function showPage_signup()
    5878. 

  5878. {
    5879. 

  5879.     global $am;
    5880. 

  5880.     $error = $message = null;
    5881. 

  5881.     $action = getParam('action', null, 'attribute');
    5882. 

  5882. 

  5883.     if (!$am->getConfigValue('allowsignup')) {
    5884. 

  5884.     	$error = $am->W('SIGNUPDISABLED');
    5885. 

  5885.     }
    5886. 

  5886.     
    5887. 

  5887.     if ($action == 'signup' && !isset($error) && !$am->isAuthenticated()) {
    5888. 

  5888.         $username = getParam('username', null, 'username');
    5889. 

  5889. 		if (!isset($username) || $username == '') {
    5890. 

  5890. 			$error = $am->E('INVALIDREQUEST') . ' [username]';
    5891. 

  5891.             
    5892. 

  5892. 		} else if ($am->isRecordByType('authuserfile', $username)) {
    5893. 

  5893. 			$error = $am->E('USEREXISTS', $username);
    5894. 

  5894.             
    5895. 

  5895. 		} else if ($am->isRecordByType('signupfile', $username)) {
    5896. 

  5896. 			$error = $am->E('USEREXISTS', $username);
    5897. 

  5897. 		}
    5898. 

  5898. 

  5899. 		$password = getParam('password', null, 'password');
    5900. 

  5900. 		if (!isset($error) && $password != '') {
    5901. 

  5901. 			if (strlen($password) < 4) {
    5902. 

  5902. 				$error = $am->E('PASSWORDTOOSHORT', 4);
    5903. 

  5903. 			}
    5904. 

  5904. 		}
    5905. 

  5905.         
    5906. 

  5906.         // auto approve signup
    5907. 

  5907.         if (!isset($error) && $am->getConfigValue('autoapprove')) {
    5908. 

  5908.             $data = array('name'=>$username,
    5909. 

  5909.                           'pass_raw'=>$password,
    5910. 

  5910.                           'info'=>getParam('realname', null, 'field'),
    5911. 

  5911.                           'email'=>getParam('email', null, 'email'));            
    5912. 

  5912.         
    5913. 

  5913.             if (!$am->setRecordByType( 'authuserfile', null,  $data, true )) {
    5914. 

  5914.                 $error = $am->E('USERINSERTFAILED', $username) . ': ' . $am->getError();
    5915. 

  5915.             }
    5916. 

  5916.             
    5917. 

  5917.             // notify administrator
    5918. 

  5918.             if (!isset($error) && !$am->sendMail('memberaa', $data )) {
    5919. 

  5919.                 $error = $am->getError();
    5920. 

  5920.             }
    5921. 

  5921.             // notify user
    5922. 

  5922.             if (!isset($error) && !$am->sendMail('useradd', $data)) {
    5923. 

  5923.                 $error = $am->getError();
    5924. 

  5924.             }        
    5925. 

  5925.             
    5926. 

  5926.             if (!isset($error)) {
    5927. 

  5927.                 redirect_header($am->getUrlByType('protected', true), 6, $am->M('NOTES_SIGNUPAUTOAPPROVE'));
    5928. 

  5928.             }            
    5929. 

  5929.         }
    5930. 

  5930. 

  5931.         // pre-moderated signup
    5932. 

  5932. 		if (!isset($error) && !$am->getConfigValue('autoapprove')) {
    5933. 

  5933. 			$referer = isset($_SERVER['HTTP_REFERER']) ? 
    5934. 

  5934. 			           $_SERVER['HTTP_REFERER'] : '';
    5935. 

  5935. 			
    5936. 

  5936. 	        $data = array('name'=>$username,
    5937. 

  5937. 				 	      'pass'=>$password,
    5938. 

  5938. 	                      'info'=>getParam('realname', null, 'field'),
    5939. 

  5939.   						  'email'=>getParam('email', null, 'email'),
    5940. 

  5940. 	                      'ts'=>time(),
    5941. 

  5941. 	                      'referer'=>$referer,
    5942. 

  5942. 	                      'remoteaddr'=>$_SERVER['REMOTE_ADDR']);
    5943. 

  5943. 

  5944. 			if (!$am->setRecordByType('signupfile', null,  $data, true)) {
    5945. 

  5945. 				$error = $am->E('SIGNUPINSERTFAILED', $username)
    5946. 

  5946. 			 	       . ': ' . $am->getError();
    5947. 

  5947. 			}
    5948. 

  5948. 		}
    5949. 

  5949. 		
    5950. 

  5950. 		if (!isset($error)) {
    5951. 

  5951. 			redirect_header( 'index.php?op=home', 10, $am->M('NOTES_SIGNUPWAITRESPONSE'));
    5952. 

  5952. 		}
    5953. 

  5953.     }
    5954. 

  5954. 

  5955.     web_header( $am->M('SUBTITLE_SIGNUP') );
    5956. 

  5956.     web_menu( true );
    5957. 

  5957. 

  5958.     echo '<div id="righty">'; // righty
    5959. 

  5959. 

  5960.     echo '<h3>' . $am->M('SUBTITLE_SIGNUP') . '</h3>';
    5961. 

  5961. 

  5962.     // ------------- Message ----------------
    5963. 

  5963.     web_message( $message, $error );
    5964. 

  5964. 

  5965.     if ($am->isAuthenticated()) {
    5966. 

  5966.     	$user = $am->getAuthenticatedUser();
    5967. 

  5967. ?>
    5968. 

  5968. 	<div class="block">
    5969. 

  5969. 		<?php echo $am->M('LOGGEDASALREADY', $user['name']) ?>
    5970. 

  5970. 	</div>
    5971. 

  5971. 	<div class="spacer30"></div>
    5972. 

  5972. 		
    5973. 

  5973. <?php
    5974. 

  5974.     } else {    
    5975. 

  5975. ?>
    5976. 

  5976. 	<div id="signup_container">
    5977. 

  5977.     <form id="signup" name="signup" action="index.php?page=signup" method="post" 
    5978. 

  5978.           onSubmit="javascript:return homeOnSubmitForm(this);">
    5979. 

  5979.     <p id="signup_msg" class="formmessage"><?php echo $am->M('FILLFIELDS'); ?></p>
    5980. 

  5980.     <fieldset>
    5981. 

  5981.         <legend><?php echo $am->M('LEGEND_SIGNUP') ?></legend>
    5982. 

  5982. 

  5983.         <div>
    5984. 

  5984.             <label for="username" class="required"><?php echo $am->M('FIELD_USERNAME') ?></label>
    5985. 

  5985.             <input id="signup_username" type="text" name="username" maxlength="255" class="required" 
    5986. 

  5986. 				   value="<?php echo getParam('username', null, 'htmlspecialchars') ?>"
    5987. 

  5987.         </div>
    5988. 

  5988. 

  5989. 		<div>
    5990. 

  5990.             <label for="password" class=""><?php echo $am->M('FIELD_PASSWORD') ?></label>
    5991. 

  5991.             <input id="signup_password" type="text" name="password" maxlength="255" class="" 
    5992. 

  5992.                    value="<?php echo getParam('password', null, 'htmlspecialchars') ?>" />
    5993. 

  5993.         </div>
    5994. 

  5994.                 
    5995. 

  5995.         <div>
    5996. 

  5996.             <label for="realname" class="required"><?php echo $am->M('FIELD_REALNAME') ?></label>
    5997. 

  5997.             <input id="signup_realname" type="text" name="realname" maxlength="255" class="required" 
    5998. 

  5998.                    value="<?php echo getParam('realname', null, 'htmlspecialchars') ?>" />
    5999. 

  5999.         </div>
    6000. 

  6000.                 
    6001. 

  6001.         <div>
    6002. 

  6002.             <label for="email" class="required"><?php echo $am->M('FIELD_EMAIL') ?></label>
    6003. 

  6003.             <input id="signup_email" type="text" name="email" maxlength="255" class="required"
    6004. 

  6004.                    value="<?php echo getParam('email', null, 'htmlspecialchars') ?>"
    6005. 

  6005.         </div>
    6006. 

  6006.     </fieldset>
    6007. 

  6007. 

  6008.     <div class="buttonrow">
    6009. 

  6009.         <input type="hidden" name="action" value="signup" />
    6010. 

  6010.         <input type="hidden" name="page" value="signup" />
    6011. 

  6011.         <?php echo htmlInput('submit', 'submit', $am->M('SUBMIT')) ?>
    6012. 

  6012.     </div>
    6013. 

  6013.     </form>
    6014. 

  6014. 	</div>
    6015. 

  6015. 

  6016.     <div class="spacer30"></div>
    6017. 

  6017. <?php
    6018. 

  6018.     } // is not authenticated
    6019. 

  6019.     
    6020. 

  6020.     echo '</div>'; // righty
    6021. 

  6021.     web_footer();
    6022. 

  6022. }
    6023. 

  6023. 

  6024. /**
    6025. 

  6025.  * Logging out
    6026. 

  6026.  *
    6027. 

  6027.  * @return void
    6028. 

  6028.  */
    6029. 

  6029. function showPage_logout()
    6030. 

  6030. {
    6031. 

  6031.     if (isset($_SESSION['am_c'])) {
    6032. 

  6032.         unset($_SESSION['am_c']);
    6033. 

  6033.     }
    6034. 

  6034. 

  6035.     global $am;
    6036. 

  6036.     
    6037. 

  6037.     if ($am->isAuthenticatedByBasicAuth()) {
    6038. 

  6038.         redirect_header('index.php?page=home', 4, $am->M('MSG_NOLOGOUTBASICAUTH'));
    6039. 

  6039.     }
    6040. 

  6040.     
    6041. 

  6041.     redirect_header('index.php?page=home', 1, $am->M('LOGGEDOUT'));
    6042. 

  6042.     exit;
    6043. 

  6043. }
    6044. 

  6044. 

  6045. /**
    6046. 

  6046.  * Show 404 error
    6047. 

  6047.  *
    6048. 

  6048.  * @return void
    6049. 

  6049.  */
    6050. 

  6050. function showPage_404()
    6051. 

  6051. {
    6052. 

  6052.     global $am;
    6053. 

  6053. 

  6054.     web_header( '404 ERROR');
    6055. 

  6055.     web_menu();
    6056. 

  6056. 

  6057.     echo '<div id="righty">'; // righty
    6058. 

  6058. 

  6059.     echo $am->W('PAGENOTFOUND');
    6060. 

  6060. 

  6061.     echo '<div class="block">';
    6062. 

  6062.     echo '<a href="index.php">' . $am->M('CLICKHERE') . '</a> To Return to Index Page';
    6063. 

  6063.     echo '</div>';
    6064. 

  6064. 

  6065.     echo '<div class="spacer30"></div>';
    6066. 

  6066.     
    6067. 

  6067.     echo '</div>'; // righty
    6068. 

  6068.     web_footer();
    6069. 

  6069. }
    6070. 

  6070. 

  6071. /**
    6072. 

  6072.  * Show 401 error
    6073. 

  6073.  *
    6074. 

  6074.  * @return void
    6075. 

  6075.  */
    6076. 

  6076. function showPage_401( $showMenu=false )
    6077. 

  6077. {
    6078. 

  6078.     global $am;
    6079. 

  6079.     // $error = $message = null;
    6080. 

  6080. 

  6081.     web_header( $am->M('TITLE_AUTHREQUIRED'), $am->getUrlByType('base',true));
    6082. 

  6082.     
    6083. 

  6083.     if ($showMenu) {
    6084. 

  6084.     	web_menu();
    6085. 

  6085.     }
    6086. 

  6086. 

  6087.     echo '<div id="righty">'; // righty
    6088. 

  6088. 

  6089.     echo '<h1>' . $am->M('TITLE_AUTHREQUIRED') . '</h1>';
    6090. 

  6090.     echo '<p>' . $am->M('NOTES_AUTHREQUIRED') . '</p>';
    6091. 

  6091. 

  6092.     echo '<div class="block">';
    6093. 

  6093.     echo '<ul>';
    6094. 

  6094.     echo '<li><a href="index.php?page=login">' . $am->M('CLICKHERE') .'</a> ' . $am->M('TOLOGIN') . '</li>';
    6095. 

  6095.     echo '<li><a href="../">' . $am->M('CLICKHERE') . '</a> ' . $am->M('TOPROTECTED') . '</li>';
    6096. 

  6096.     echo '</ul>';
    6097. 

  6097.     echo '</div>';
    6098. 

  6098.     echo '<div class="spacer30"></div>';
    6099. 

  6099.     
    6100. 

  6100.     if ($am->getConfigValue('allowsignup')) { 
    6101. 

  6101.         echo '<div class="block">';
    6102. 

  6102.         echo '<ul>';
    6103. 

  6103.         echo '<li><a href="index.php?page=signup">' . $am->M('SIGNUPLINK') . '</a></li>';
    6104. 

  6104.         echo '<li><a href="index.php?page=forgot">' . $am->M('FORGOTLINK') . '</a></li>';
    6105. 

  6105.         echo '</ul>';
    6106. 

  6106.         echo '</div>';
    6107. 

  6107.         echo '<div class="spacer30"></div>';
    6108. 

  6108.     }
    6109. 

  6109. 

  6110.     echo '</div>'; // righty
    6111. 

  6111.     web_footer();
    6112. 

  6112. }
    6113. 

  6113. 

  6114. 

  6115. /**
    6116. 

  6116.  * Shows page header
    6117. 

  6117.  *
    6118. 

  6118.  * @param string $title
    6119. 

  6119.  * @return void
    6120. 

  6120.  */
    6121. 

  6121. function web_header( $title=null, $basePath='', $optHeaders=array() )
    6122. 

  6122. {
    6123. 

  6123.     global $am;
    6124. 

  6124. 

  6125. ?>
    6126. 

  6126. <html>
    6127. 

  6127. <head>
    6128. 

  6128. <title><?php echo (isset($title) ? $title : $am->M('TITLE')) . ' - ' ?>AuthMan Free</title>
    6129. 

  6129.   <?php foreach($optHeaders as $hdr) { print trim($hdr) . "\n"; } ?>
    6130. 

  6130.   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    6131. 

  6131.   <meta http-equiv="pragma" content="no-cache" />
    6132. 

  6132.   <meta http-equiv="expires" content="-1" />
    6133. 

  6133.   <meta name="keywords" content="htaccess,htpasswd,user accounts,web applications,software,site access,secure password,user authentication,script,subscriptions,website software,authman,subscription software,web application,website security,site administration,authman.com,security authentication,web site management,web site management system,php,ajax,protection,security,password,management,membership,login,htaccess management,htpasswd management,subscription script,apache,registration" />
    6134. 

  6134.   <meta name="description" content="AuthMan Free is authentication/password protection and membership management system written in PHP and licensed under the GNU GPL. It uses .htpasswd and .htaccess files to protect any web directory. Installation is easy and programming knowledge does not required." />
    6135. 

  6135. <?php if ($basePath != '') { echo "  <base href=\"" . $basePath . "\" />\n"; } ?>
    6136. 

  6136.   <link rel="stylesheet" href="<?php echo $basePath ?>authman.css" type="text/css" />
    6137. 

  6137.   <link rel="shortcut icon" href="<?php echo $basePath ?>images/favicon.ico" type="image/x-icon" />
    6138. 

  6138.   <script type="text/javascript" src="<?php echo $basePath ?>prototype.js" xml:space="preserve"></script>
    6139. 

  6139. <?php 
    6140. 

  6140. if ($am->hasFeature('tinymcejs')) {
    6141. 

  6141. 	$tinymceUri = $am->getUrlByType('tinymcejs');
    6142. 

  6142.     echo '  <script type="text/javascript" src="' . $tinymceUri . '" xml:space="preserve"></script>';
    6143. 

  6143.     echo "\n";
    6144. 

  6144. } 
    6145. 

  6145. ?>
    6146. 

  6146. <script language="Javascript" type="text/javascript" xml:space="preserve">
    6147. 

  6147. //<![CDATA[
    6148. 

  6148. <?php 
    6149. 

  6149. 

  6150. 

  6151. /**
    6152. 

  6152.  * Get Javascript Code
    6153. 

  6153.  *
    6154. 

  6154.  * @return string
    6155. 

  6155.  *
    6156. 

  6156.  */
    6157. 

  6157. function getJavascript()
    6158. 

  6158. {
    6159. 

  6159.     global $am;
    6160. 

  6160.     list($admin) = $am->getRecordsByType('authadminfile', null, 1, 0);
    6161. 

  6161. 

  6162. ?>// general js
    6163. 

  6163. function mainCleanMessage()
    6164. 

  6164. {
    6165. 

  6165.     $('mainmessage').innerHTML = '';
    6166. 

  6166. }
    6167. 

  6167. function mainShowMessage( text )
    6168. 

  6168. {
    6169. 

  6169.     $('mainmessage').innerHTML = text;
    6170. 

  6170.     setTimeout( 'mainCleanMessage();', 5000 );
    6171. 

  6171. }
    6172. 

  6172. function getRandomNum(lbound, ubound) {
    6173. 

  6173.     return (Math.floor(Math.random() * (ubound - lbound)) + lbound);
    6174. 

  6174. }
    6175. 

  6175. function getRandomChar(number, lower) {
    6176. 

  6176.     var numberChars = "0123456789";
    6177. 

  6177.     var lowerChars = "abcdefghijklmnopqrstuvwxyz";
    6178. 

  6178.     var charSet = '';
    6179. 

  6179.     if (number == true)
    6180. 

  6180.         charSet += numberChars;
    6181. 

  6181.     if (lower == true)
    6182. 

  6182.         charSet += lowerChars;
    6183. 

  6183.     return charSet.charAt(getRandomNum(0, charSet.length));
    6184. 

  6184. }
    6185. 

  6185. 

  6186. function mainGeneratePassword( fname )
    6187. 

  6187. {
    6188. 

  6188.     var newPass = getRandomChar(false, true);
    6189. 

  6189. 

  6190.     for (var idx = 1; idx < 8; ++idx)
    6191. 

  6191.         newPass = newPass + getRandomChar(true, true);
    6192. 

  6192. 

  6193.     $($(fname + '_form').password).value = newPass;
    6194. 

  6194. }
    6195. 

  6195. 

  6196. function mainGeneratePassword2( fname )
    6197. 

  6197. {
    6198. 

  6198.     var newPass = getRandomChar(false, true);
    6199. 

  6199. 

  6200.     for (var idx = 1; idx < 8; ++idx)
    6201. 

  6201.         newPass = newPass + getRandomChar(true, true);
    6202. 

  6202. 

  6203.     $($(fname).password).value = newPass;
    6204. 

  6204. }
    6205. 

  6205. 

  6206. function fixAction( code ) {
    6207. 

  6207.     new Ajax.Updater('fixaction_'+code, 'index.php?page=ajax&action=fix&errno='+code);
    6208. 

  6208. }
    6209. 

  6209. 

  6210. function mainCheckUsername2( fname )
    6211. 

  6211. {
    6212. 

  6212. 	var uname = $F( $(fname).username );
    6213. 

  6213.     if (uname == "") {
    6214. 

  6214.         alert("<?php echo $am->W('EMPTYUSERNAME') ?>");
    6215. 

  6215.         return;
    6216. 

  6216.     }
    6217. 

  6217. 

  6218.     var msg = $( fname + '_checkusername' );
    6219. 

  6219. 

  6220.     var requrl = 'index.php?page=users&action=checkusername&username='+uname;
    6221. 

  6221. 

  6222.     var req = new Ajax.Request( requrl,
    6223. 

  6223.             {
    6224. 

  6224.                 method: 'get',
    6225. 

  6225.                 onLoading: function()
    6226. 

  6226.                 {
    6227. 

  6227.                     $($(fname).check).disable();
    6228. 

  6228.                     msg.update('<img src="images/loadinfo.gif"> Checking ...').style.color = 'black';
    6229. 

  6229.                 },
    6230. 

  6230.                 onSuccess: function( transport )
    6231. 

  6231.                 { 
    6232. 

  6232.                     var response = transport.responseText || "no response text";
    6233. 

  6233.                     $($(fname).check).enable();
    6234. 

  6234.                     if (response == "USERFOUND") {
    6235. 

  6235.                         msg.update('<?php echo $am->E('USEREXISTS', ''); ?>').style.color = 'red';
    6236. 

  6236.                     } else {
    6237. 

  6237.                         msg.update('<?php echo $am->M('USERNAMEFREE'); ?>').style.color = 'green';
    6238. 

  6238.                     }                    
    6239. 

  6239.                 },
    6240. 

  6240.                 onFailure: function()
    6241. 

  6241.                 { 
    6242. 

  6242.                     $($(fname).check).enable();
    6243. 

  6243.                     msg.update('<?php echo $am->E('UPDATEFAILED'); ?>').style.color = 'red';
    6244. 

  6244.                 } 
    6245. 

  6245.             }
    6246. 

  6246.         );
    6247. 

  6247.     return;
    6248. 

  6248. }
    6249. 

  6249. 

  6250. function mainOnChangeSendMail2( fname )
    6251. 

  6251. {
    6252. 

  6252. 	if ( $($(fname).sendmail).checked ) {
    6253. 

  6253. 		$(fname + '_showtemplate').show();
    6254. 

  6254. 	} else {
    6255. 

  6255. 		$(fname + '_showtemplate').hide();
    6256. 

  6256. 	}
    6257. 

  6257. }
    6258. 

  6258. 

  6259. function mainInsertAtCursor(myField, myValue) {
    6260. 

  6260.     if (myValue == '') {
    6261. 

  6261.         return;
    6262. 

  6262.     }
    6263. 

  6263. 

  6264.     //IE support
    6265. 

  6265.     if (document.selection) {
    6266. 

  6266.         try {
    6267. 

  6267.             myField.focus();
    6268. 

  6268.         } catch (e) { }
    6269. 

  6269.         
    6270. 

  6270.         sel = document.selection.createRange();
    6271. 

  6271.         sel.text = myValue;
    6272. 

  6272.     }
    6273. 

  6273.     
    6274. 

  6274.     //MOZILLA/NETSCAPE support
    6275. 

  6275.     else if (myField.selectionStart || myField.selectionStart == '0') {
    6276. 

  6276.                      
    6277. 

  6277.         var startPos = myField.selectionStart;
    6278. 

  6278.         var endPos = myField.selectionEnd;
    6279. 

  6279.         myField.value = myField.value.substring(0, startPos)
    6280. 

  6280.                       + myValue
    6281. 

  6281.                       + myField.value.substring(endPos, myField.value.length);
    6282. 

  6282.     
    6283. 

  6283.     } else {
    6284. 

  6284.         myField.value += myValue;
    6285. 

  6285.     }
    6286. 

  6286. }
    6287. 

  6287. 

  6288. // ----------------------------------------------------------------------------
    6289. 

  6289. // HOME
    6290. 

  6290. // ----------------------------------------------------------------------------
    6291. 

  6291. 

  6292. function homeCheckUpdate() {
    6293. 

  6293. 	var params = 'page=ajax&action=checkupdate';
    6294. 

  6294.     var req = new Ajax.Request( 'index.php', 
    6295. 

  6295.     {
    6296. 

  6296.     	method: 'post', parameters: params,
    6297. 

  6297.         onLoading: function()
    6298. 

  6298.         {
    6299. 

  6299. 			$('update_loading').show();
    6300. 

  6300.         },
    6301. 

  6301.         onSuccess: function( transport )
    6302. 

  6302.         { 
    6303. 

  6303. 			$('update_loading').hide();
    6304. 

  6304. 

  6305. 			if (transport.responseText == '') {
    6306. 

  6306. 	            mainShowMessage( '<div class="warning">No response</div>' );
    6307. 

  6307. 			} else {
    6308. 

  6308.             	$('update_msg').show();
    6309. 

  6309.             	$('update_msg').update( transport.responseText );
    6310. 

  6310. 			}
    6311. 

  6311.         },
    6312. 

  6312.         onFailure: function()
    6313. 

  6313.         { 
    6314. 

  6314. 			$('update_loading').hide();
    6315. 

  6315.             mainShowMessage( '<div class="warning">checkiung failed</div>' );
    6316. 

  6316.         } 
    6317. 

  6317.     });
    6318. 

  6318. }
    6319. 

  6319. 

  6320. function homeOnSubmitForm(fObj)
    6321. 

  6321. {
    6322. 

  6322. 	if (typeof fObj == 'string') {
    6323. 

  6323. 		fObj = $(fObj);
    6324. 

  6324. 	}
    6325. 

  6325.     var fname = fObj.name;
    6326. 

  6326.     
    6327. 

  6327.     if (fname == 'signup') {
    6328. 

  6328.         var valid =  $(fObj.username).present()  
    6329. 

  6329.                   && $(fObj.realname).present() 
    6330. 

  6330.                   && $(fObj.email).present(); 
    6331. 

  6331. 

  6332.         if (!valid) {
    6333. 

  6333.             $(fname+'_msg').update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    6334. 

  6334.             return false;
    6335. 

  6335.         }
    6336. 

  6336.         $(fname+'_msg').update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    6337. 

  6337. 

  6338.         return true;
    6339. 

  6339.     }
    6340. 

  6340.     
    6341. 

  6341.     if (fname == 'adminpassword') {
    6342. 

  6342.         var valid =  $($(fname).npassword).present()  
    6343. 

  6343.                   && $($(fname).npassword2).present();
    6344. 

  6344.                   
    6345. 

  6345.         if (!valid) {
    6346. 

  6346.             $(fname+'_msg').update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    6347. 

  6347.             return false;
    6348. 

  6348.         }
    6349. 

  6349. 

  6350.         var pass = $F($(fname).npassword);
    6351. 

  6351.         if (pass.length < 4) {
    6352. 

  6352.             $(fname+'_msg').update('<?php echo $am->E('PASSWORDTOOSHORT', 4) ?>').style.color = 'red';
    6353. 

  6353.         	return false;
    6354. 

  6354.         }        
    6355. 

  6355.         
    6356. 

  6356.         var pass2 = $F($(fname).npassword2);
    6357. 

  6357.         if (pass != pass2) {
    6358. 

  6358.             $(fname+'_msg').update('<?php echo $am->W('PASSWORDSMISSMATCHED') ?>').style.color = 'red';
    6359. 

  6359.         	return false;
    6360. 

  6360.         }
    6361. 

  6361.         $(fname+'_msg').update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    6362. 

  6362. 

  6363.         return true;
    6364. 

  6364.     }
    6365. 

  6365. 

  6366.     return false;
    6367. 

  6367. }
    6368. 

  6368. 

  6369. <?php if ($am->hasFeature('magpierss')) { ?>
    6370. 

  6370. function homeShowNews( doShow, doSave )
    6371. 

  6371. {
    6372. 

  6372.     if (doShow) {
    6373. 

  6373.         $('home-news-content').show();
    6374. 

  6374. 

  6375. //        $('home-news-hide').show();
    6376. 

  6376. //        $('home-news-show').hide();
    6377. 

  6377. 

  6378.         new Ajax.Updater('home-news-content', 'index.php?page=ajax&action=getnews');
    6379. 

  6379.         
    6380. 

  6380.     } else {
    6381. 

  6381.         $('home-news-content').hide();
    6382. 

  6382.         
    6383. 

  6383. //        $('home-news-hide').hide();
    6384. 

  6384. //        $('home-news-show').show();
    6385. 

  6385.     }
    6386. 

  6386.     
    6387. 

  6387.     if (!doSave) {
    6388. 

  6388.         return false;
    6389. 

  6389.     }    
    6390. 

  6390.     
    6391. 

  6391.     params = 'page=ajax&action=setshowmembernews&value=' + (doShow?1:0);
    6392. 

  6392.     new Ajax.Request( 'index.php', 
    6393. 

  6393.     {
    6394. 

  6394.         method: 'post', parameters: params,
    6395. 

  6395.         onLoading: function() { $('news_loading').show(); },
    6396. 

  6396.         onSuccess: function( transport ) { $('news_loading').hide(); },
    6397. 

  6397.         onFailure: function() {  $('update_loading').hide(); }
    6398. 

  6398.     });
    6399. 

  6399.     
    6400. 

  6400.     return false;
    6401. 

  6401. }
    6402. 

  6402. <?php } ?>
    6403. 

  6403. 

  6404. // ----------------------------------------------------------------------------
    6405. 

  6405. // USERS
    6406. 

  6406. // ----------------------------------------------------------------------------
    6407. 

  6407. 

  6408. var usersCheckUsersFlag = false;
    6409. 

  6409. function usersCheckUsers( fields )
    6410. 

  6410. {
    6411. 

  6411.     usersCheckUsersFlag = usersCheckUsersFlag ? false : true;
    6412. 

  6412. 	$('usersList').getInputs("checkbox","usernames[]").find(function(e) {
    6413. 

  6413. 		if (usersCheckUsersFlag) {
    6414. 

  6414. 			e.writeAttribute('checked', 'checked');
    6415. 

  6415. 		} else {
    6416. 

  6416. 			e.writeAttribute('checked', null);
    6417. 

  6417. 		}		
    6418. 

  6418.     });
    6419. 

  6419.     return;
    6420. 

  6420. }
    6421. 

  6421. 

  6422. function usersShowForm( fname, opt )
    6423. 

  6423. {
    6424. 

  6424. 	if (fname == "") {
    6425. 

  6425. 		return false;
    6426. 

  6426. 	}
    6427. 

  6427. 	
    6428. 

  6428. 	if (fname == 'usersMailSel') {
    6429. 

  6429. 		fname = 'userMail';
    6430. 

  6430. 		opt = 'SELECTED';
    6431. 

  6431. 	}
    6432. 

  6432. 	
    6433. 

  6433. 	if (opt == '' || opt == 'hide') {
    6434. 

  6434. 		$(fname).hide();
    6435. 

  6435. 	} else {
    6436. 

  6436.         $(fname).show();
    6437. 

  6437.         $(fname + '_form').onsubmit = usersOnSubmitForm;
    6438. 

  6438. 	 
    6439. 

  6439.     	var f = $(fname + '_form');
    6440. 

  6440. 

  6441. 	  	if (fname == 'userEdit') {
    6442. 

  6442. 			$(f.oldusername).value = opt;
    6443. 

  6443. 	    
    6444. 

  6444. 	  	} else if (fname == 'userDelete') {
    6445. 

  6445.        		$(f.username).value = opt;
    6446. 

  6446. 		
    6447. 

  6447. 	  	} else if (fname == 'userMail') {
    6448. 

  6448.     		$(f.username).value = opt;
    6449. 

  6449. 

  6450. 	    	// set mailto field
    6451. 

  6451. 	    	if (opt == 'SELECTED') {
    6452. 

  6452. 	    		// to selected users
    6453. 

  6453. 	    		$mailtotext = 'Selected Users';
    6454. 

  6454. 	    	} else {
    6455. 

  6455. 	    		// to one user 
    6456. 

  6456. 				$mailtotext = users[opt]["name"];
    6457. 

  6457. 				if (users[opt]["info"] != "") {
    6458. 

  6458. 					$mailtotext = users[opt]["name"];
    6459. 

  6459. 				}
    6460. 

  6460. 				$mailtotext = '&quot;' + $mailtotext +'&quot; &lt;'+  users[opt]["email"] +'&gt;';
    6461. 

  6461. 			}
    6462. 

  6462. 			$(fname + '_mailto').innerHTML = $mailtotext;
    6463. 

  6463. 		}
    6464. 

  6464.     
    6465. 

  6465. 		usersResetForm( fname );
    6466. 

  6466. 

  6467.     }
    6468. 

  6468. 

  6469.     var els = new Array("userEdit","userAdd","userDelete","usersDelSel","usersDelAll","userMail");
    6470. 

  6470.     for (var i=0,len=els.length; i < len; ++i) {
    6471. 

  6471.         if (fname != els[i])
    6472. 

  6472.             $(els[i]).hide();
    6473. 

  6473.     }
    6474. 

  6474. }
    6475. 

  6475. 

  6476. function usersOnSubmitForm()
    6477. 

  6477. {
    6478. 

  6478.     var form = this.identify();
    6479. 

  6479.     var msg = $(form + '_msg');
    6480. 

  6480. 

  6481.     if (form == 'userEdit_form') {
    6482. 

  6482.         var valid = $(this.username).present();
    6483. 

  6483.         
    6484. 

  6484.         // sendmail -> check email address
    6485. 

  6485. 		if ( $(this.sendmail).checked ) {
    6486. 

  6486.         	valid = valid && $(this.email).present() && $F(this.template) != "";
    6487. 

  6487.         }
    6488. 

  6488.         
    6489. 

  6489.         if (!valid) {
    6490. 

  6490.             msg.update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    6491. 

  6491.             return false;
    6492. 

  6492.         }
    6493. 

  6493. 

  6494.         return true;
    6495. 

  6495.     } // end of userEdit_form
    6496. 

  6496. 

  6497.     if (form == 'userAdd_form') {
    6498. 

  6498.         var valid = $(this.username).present() && $(this.password).present();
    6499. 

  6499. 

  6500.         // sendmail -> check email address
    6501. 

  6501. 		if ( $(this.sendmail).checked ) {
    6502. 

  6502.         	valid = valid && $(this.email).present() && $F(this.template) != "";
    6503. 

  6503.         }
    6504. 

  6504. 

  6505.         if (!valid) {
    6506. 

  6506.             msg.update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    6507. 

  6507.             return false;
    6508. 

  6508.         }
    6509. 

  6509. 

  6510.         return true;
    6511. 

  6511.     } // end of userAdd_form
    6512. 

  6512. 

  6513.     if (form == 'userDelete_form') {
    6514. 

  6514.     	return true;
    6515. 

  6515.     }
    6516. 

  6516. 

  6517.     if (form == 'usersDelSel_form') {
    6518. 

  6518.     	var count = 0;
    6519. 

  6519.         $('usersList').getInputs("checkbox","usernames[]").find(function(e) {
    6520. 

  6520.         	if (e.checked) {
    6521. 

  6521.         		count++;
    6522. 

  6522.         	}
    6523. 

  6523.         });
    6524. 

  6524.        	if (count < 1) {
    6525. 

  6525.        		alert('<?php echo $am->W('SELUSERSFIRST') ?>');
    6526. 

  6526.        		return false;
    6527. 

  6527.        	}
    6528. 

  6528.     	
    6529. 

  6529.        	$($('usersList').action).value = 'deleteselusers';
    6530. 

  6530.        	$('usersList').submit();
    6531. 

  6531.         return false;
    6532. 

  6532.     }
    6533. 

  6533. 

  6534.     if (form == 'usersDelAll_form') {
    6535. 

  6535.     	return true;
    6536. 

  6536.     }
    6537. 

  6537. 

  6538.     // Sending e-mail to the user, ajax
    6539. 

  6539.     if (form == 'userMail_form') {
    6540. 

  6540.     	var valid = $(this.subject).present() && $(this.body).present();
    6541. 

  6541. 

  6542.         if (!valid) {
    6543. 

  6543.             msg.update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    6544. 

  6544.             return false;
    6545. 

  6545.         } else {
    6546. 

  6546. 	        msg.update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    6547. 

  6547.         }
    6548. 

  6548. 

  6549.         var params = $(form).serialize(false);
    6550. 

  6550.         
    6551. 

  6551.         opt = $($(form).username).value;
    6552. 

  6552.         if (opt == 'SELECTED') {
    6553. 

  6553. 	    	var count = 0;
    6554. 

  6554. 	        $('usersList').getInputs("checkbox","usernames[]").find(function(e) {
    6555. 

  6555. 	        	if (e.checked) {
    6556. 

  6556. 	        		count++;
    6557. 

  6557. 	        		params += '&usernames[]=' + e.value;
    6558. 

  6558. 	        	}
    6559. 

  6559. 	        });        
    6560. 

  6560. 	       	if (count < 1) {
    6561. 

  6561. 	       		alert('<?php echo $am->W('SELUSERSFIRST') ?>');
    6562. 

  6562. 	       		return false;
    6563. 

  6563. 	       	}
    6564. 

  6564.         }
    6565. 

  6565.             
    6566. 

  6566.         var req = new Ajax.Request( 'index.php',
    6567. 

  6567.             { 
    6568. 

  6568.                 method: 'post',
    6569. 

  6569.                 parameters: params,
    6570. 

  6570.                 onLoading: function()
    6571. 

  6571.                 {
    6572. 

  6572. 					$('userMail_loading').show();
    6573. 

  6573.                 },
    6574. 

  6574.                 onSuccess: function( transport )
    6575. 

  6575.                 { 
    6576. 

  6576.                     $('userMail_loading').hide();
    6577. 

  6577.                     mainShowMessage( transport.responseText || '<div class="warning">No response received</div>' );
    6578. 

  6578.                 	// usersResetForm( 'userMail' );
    6579. 

  6579.                 },
    6580. 

  6580.                 onFailure: function()
    6581. 

  6581.                 { 
    6582. 

  6582.                     $('userMail_loading').hide();
    6583. 

  6583.                     mainShowMessage( '<div class="warning">form failed</div>' );
    6584. 

  6584.                 } 
    6585. 

  6585.             }
    6586. 

  6586.         );
    6587. 

  6587.     	return false;
    6588. 

  6588.     }
    6589. 

  6589.     
    6590. 

  6590.     return false;
    6591. 

  6591. }
    6592. 

  6592. 

  6593. function usersResetForm( fname )
    6594. 

  6594. {
    6595. 

  6595.     var f = $(fname + '_form');
    6596. 

  6596. 

  6597.     if (fname == 'userEdit') {
    6598. 

  6598.         var opt = $F(f.oldusername);
    6599. 

  6599. 

  6600.         $(f.username).value = opt;
    6601. 

  6601.         $(f.realname).value = opt == "" ? "" : users[opt]['info'];
    6602. 

  6602.         $(f.password).value = "";
    6603. 

  6603.         $(f.email).value    = opt == "" ? "" : users[opt]['email'];
    6604. 

  6604. 

  6605.         var msg = $(fname + '_form_msg');
    6606. 

  6606.         msg.update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    6607. 

  6607. 

  6608.     } else if (fname == 'userAdd') {
    6609. 

  6609. 	    $(f.username).value = "";
    6610. 

  6610.         $(f.realname).value = "";
    6611. 

  6611.         $(f.email).value    = "";
    6612. 

  6612.         
    6613. 

  6613.         // auto generate new password 
    6614. 

  6614.         mainGeneratePassword( fname );
    6615. 

  6615. 

  6616.         $(f.check).enable();
    6617. 

  6617.         $(fname + '_checkUsername').innerHTML = '';
    6618. 

  6618. 

  6619.         var msg = $(fname + '_form_msg');
    6620. 

  6620.         msg.update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    6621. 

  6621. 

  6622.     } else if (fname == 'userDelete') {
    6623. 

  6623.     	// nothing to do
    6624. 

  6624.     } else if (fname == 'usersDelSel') {
    6625. 

  6625.     	// nothing to do
    6626. 

  6626.     } else if (fname == 'usersDelAll') {
    6627. 

  6627.     	// nothing to do
    6628. 

  6628.     	
    6629. 

  6629.     } else if (fname == 'userMail') {
    6630. 

  6630. 

  6631.     	// set values (remove controls)
    6632. 

  6632. <?php if ($am->hasFeature('tinymcejs')) { ?>
    6633. 

  6633.         if (tinyMCE.getInstanceById(fname+'_body') != null) {
    6634. 

  6634.             tinyMCE.execCommand('mceRemoveControl', false, fname+'_body');
    6635. 

  6635.         }
    6636. 

  6636. <?php } ?>    
    6637. 

  6637. 

  6638.     	$($(fname+'_form').subject).value = '';
    6639. 

  6639.     	$($(fname+'_form').body).value = '';
    6640. 

  6640.     	
    6641. 

  6641.     	// set type to plaintext
    6642. 

  6642. 		$(fname+'_form').getInputs('radio','type').find(function(e)
    6643. 

  6643. 		{
    6644. 

  6644. 			if (e.value == 'plaintext') { e.checked = true; }
    6645. 

  6645. 		});
    6646. 

  6646. 

  6647.         var msg = $(fname + '_form_msg');
    6648. 

  6648.         msg.update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    6649. 

  6649.     }
    6650. 

  6650. 

  6651. }
    6652. 

  6652. 

  6653. function usersCheckUsername( fname )
    6654. 

  6654. {
    6655. 

  6655.     var f = $(fname + '_form');
    6656. 

  6656.     if ($F(f.username) == "") {
    6657. 

  6657.         alert("<?php echo $am->W('EMPTYUSERNAME') ?>");
    6658. 

  6658.         return;
    6659. 

  6659.     }
    6660. 

  6660. 

  6661.     var msg = $(fname + '_checkUsername');
    6662. 

  6662. 

  6663.     var requrl = 'index.php?page=users&action=checkusername&username='+$F(f.username);
    6664. 

  6664.     var req = new Ajax.Request( requrl,
    6665. 

  6665.             {
    6666. 

  6666.                 method: 'get',
    6667. 

  6667.                 onLoading: function()
    6668. 

  6668.                 {
    6669. 

  6669.                     $(f.check).disable();
    6670. 

  6670.                     msg.update('<img src="images/loadinfo.gif"> Checking ...').style.color = 'black';
    6671. 

  6671.                 },
    6672. 

  6672.                 onSuccess: function( transport )
    6673. 

  6673.                 { 
    6674. 

  6674.                     var response = transport.responseText || "no response text";
    6675. 

  6675. 

  6676.                     $(f.check).enable();
    6677. 

  6677.                     if (response == "USERFOUND") {
    6678. 

  6678.                         msg.update('<?php echo $am->E('USEREXISTS', ''); ?>').style.color = 'red';
    6679. 

  6679.                     } else {
    6680. 

  6680.                         msg.update('<?php echo $am->M('USERNAMEFREE'); ?>').style.color = 'green';
    6681. 

  6681.                     }
    6682. 

  6682.                 },
    6683. 

  6683.                 onFailure: function()
    6684. 

  6684.                 { 
    6685. 

  6685.                     $(f.check).enable();
    6686. 

  6686.                     msg.update('<?php echo $am->E('UPDATEFAILED'); ?>').style.color = 'red';
    6687. 

  6687.                 } 
    6688. 

  6688.             }
    6689. 

  6689.         );
    6690. 

  6690. 

  6691.     return;
    6692. 

  6692. }
    6693. 

  6693. 

  6694. function usersOnDeleteGroup( groupname )
    6695. 

  6695. {
    6696. 

  6696.     if (!confirm("<?php echo $am->M('Q_DELETEGROUP') ?>")) {
    6697. 

  6697.         return;
    6698. 

  6698.     }
    6699. 

  6699. 

  6700.     var url = 'index.php?page=users&groupname='+groupname+'&action=deletegroup';
    6701. 

  6701.     document.location = url;
    6702. 

  6702. }
    6703. 

  6703. 

  6704. function usersOnChangeSendMail( fname )
    6705. 

  6705. {
    6706. 

  6706. 	var f = $(fname + '_form');
    6707. 

  6707. 	
    6708. 

  6708. 	if ( $(f.sendmail).checked ) {
    6709. 

  6709. 		$(fname + '_showtemplate').show();
    6710. 

  6710. 	} else {
    6711. 

  6711. 		$(fname + '_showtemplate').hide();
    6712. 

  6712. 	}
    6713. 

  6713. }
    6714. 

  6714. 

  6715. // Mailing
    6716. 

  6716. function usersOnChangeTemplate( fname, opt )
    6717. 

  6717. {
    6718. 

  6718. 	var f = $(fname+'_form');
    6719. 

  6719. 	
    6720. 

  6720. 	// reset select 
    6721. 

  6721. 	$(fname + '_default_templateid').selected = true;
    6722. 

  6722. 

  6723. 	if (opt == '') {
    6724. 

  6724. 		return false;
    6725. 

  6725. 	}
    6726. 

  6726. 	
    6727. 

  6727. 	// set values (remove controls)
    6728. 

  6728. <?php if ($am->hasFeature('tinymcejs')) { ?>
    6729. 

  6729.         if (tinyMCE.getInstanceById(fname+'_body') != null) {
    6730. 

  6730.             tinyMCE.execCommand('mceRemoveControl', false, fname+'_body');
    6731. 

  6731.         }
    6732. 

  6732. <?php } ?>    
    6733. 

  6733. 

  6734.     $(f).getInputs("radio","type").find(function(e)
    6735. 

  6735.     {
    6736. 

  6736.         if (e.value == emailTemplates[opt]["type"]) {
    6737. 

  6737.             e.checked = true;
    6738. 

  6738.         }
    6739. 

  6739.     });
    6740. 

  6740. 

  6741. 	$(f.subject).value = emailTemplates[opt]["subject"];
    6742. 

  6742. 	$(f.body).value = emailTemplates[opt]["contents"];
    6743. 

  6743. 

  6744. 	usersOnChangeTemplateType( fname );
    6745. 

  6745. 

  6746. 	return false;
    6747. 

  6747. }
    6748. 

  6748. 

  6749. // Changing html -> plaintext or plaintext -> html
    6750. 

  6750. function usersOnChangeTemplateType( fname )
    6751. 

  6751. {
    6752. 

  6752. <?php if (false == $am->hasFeature('tinymcejs')) { ?>
    6753. 

  6753. 	// no tiny mce found
    6754. 

  6754. 	return false;
    6755. 

  6755. <?php }?>
    6756. 

  6756. 

  6757. 	var res = $(fname+'_form').getInputs('radio','type').find(function(e){return e.checked;});
    6758. 

  6758.     if (res == null) {
    6759. 

  6759.         alert('No type selected');
    6760. 

  6760.         return false;
    6761. 

  6761.     }
    6762. 

  6762.     
    6763. 

  6763.     var typename = $F(res);
    6764. 

  6764.     var id = fname + '_body';
    6765. 

  6765.     
    6766. 

  6766.     if (typename == 'html') {
    6767. 

  6767.         if (tinyMCE.getInstanceById(id) == null) {
    6768. 

  6768.             tinyMCE.execCommand('mceAddControl', false, id);
    6769. 

  6769.         }
    6770. 

  6770.     } else {
    6771. 

  6771.         if (tinyMCE.getInstanceById(id) != null) {
    6772. 

  6772.             tinyMCE.execCommand('mceRemoveControl', false, id);
    6773. 

  6773.         }
    6774. 

  6774.     }
    6775. 

  6775.     
    6776. 

  6776.     return true;
    6777. 

  6777. }
    6778. 

  6778. 

  6779. // ----------------------------------------------------------------------------
    6780. 

  6780. // ACCESS RULES
    6781. 

  6781. // ----------------------------------------------------------------------------
    6782. 

  6782. 

  6783. function accessOnSubmit( fname ) 
    6784. 

  6784. {
    6785. 

  6785.     accessListSelect( 'access_allow' );
    6786. 

  6786.     accessListSelect( 'access_deny' );
    6787. 

  6787.     
    6788. 

  6788.     var params = $(fname).serialize(false);
    6789. 

  6789. 

  6790.     accessListDeselect( 'access_allow' );
    6791. 

  6791.     accessListDeselect( 'access_deny' );
    6792. 

  6792.     
    6793. 

  6793.     var req = new Ajax.Request( 'index.php', { method: 'post', parameters: params,
    6794. 

  6794.             onLoading: function() {
    6795. 

  6795.                 $('edit_loading').show();
    6796. 

  6796.             },
    6797. 

  6797.             onSuccess: function( transport ) { 
    6798. 

  6798.                 $('edit_loading').hide();
    6799. 

  6799.                 $('noaccessfile_msg').hide();
    6800. 

  6800.                 mainShowMessage( transport.responseText || '<div class="warning">No response</div>' );
    6801. 

  6801.             },
    6802. 

  6802.             onFailure: function() { 
    6803. 

  6803.                 $('edit_loading').hide();
    6804. 

  6804.                 mainShowMessage( '<div class="warning">ajax updating failed</div>' );
    6805. 

  6805.             } 
    6806. 

  6806.     });
    6807. 

  6807. 

  6808.     return false;
    6809. 

  6809. }
    6810. 

  6810. 

  6811. function accessOnEnableErrorDocument401( fname ) 
    6812. 

  6812. {
    6813. 

  6813. 	if ($($(fname).enableerrordocument401).checked) {
    6814. 

  6814. 		$('editErrordocument401').show();
    6815. 

  6815. 	} else {
    6816. 

  6816. 		$('editErrordocument401').hide();
    6817. 

  6817. 	}
    6818. 

  6818. }
    6819. 

  6819. 

  6820. function accessOnDefErrorDocument401( fname )
    6821. 

  6821. {
    6822. 

  6822. 	if ($($(fname).deferrordocument401).checked) {
    6823. 

  6823. 		$($(fname).errordocument401).value = '<?php
    6824. 

  6824. 			echo htmlEncode($am->getUrlByType('errordocument401'),true,true) 
    6825. 

  6825. 		?>';
    6826. 

  6826. 		$($(fname).errordocument401).disable();
    6827. 

  6827. 	} else {
    6828. 

  6828. 		$($(fname).errordocument401).enable();
    6829. 

  6829. 	}
    6830. 

  6830. 	return false;
    6831. 

  6831. }
    6832. 

  6832. 

  6833. function accessOnDefAuthUserFile( fname )
    6834. 

  6834. {
    6835. 

  6835. 	if ($($(fname).defauthuserfile).checked) {
    6836. 

  6836. 		$($(fname).authuserfile).value = '<?php
    6837. 

  6837. 			echo htmlEncode($am->getDefaultFilePathByType('authuserfile'),true,true) 
    6838. 

  6838. 		?>';
    6839. 

  6839. 		$($(fname).authuserfile).disable();
    6840. 

  6840. 	} else {
    6841. 

  6841. 		$($(fname).authuserfile).enable();
    6842. 

  6842. 	}
    6843. 

  6843. 	return false;
    6844. 

  6844. }
    6845. 

  6845. 

  6846. // List operations
    6847. 

  6847. function accessListChoose( listId )
    6848. 

  6848. {
    6849. 

  6849.     var editId = listId + '_edit';
    6850. 

  6850.     var idx = $(listId).selectedIndex;
    6851. 

  6851.     if (idx < 0) {
    6852. 

  6852.         // $(editId).disable();
    6853. 

  6853.         $(editId).value = '';
    6854. 

  6854.         return;
    6855. 

  6855.     }
    6856. 

  6856.     // $(editId).enable();
    6857. 

  6857.     $(editId).value = $(listId).options[idx].value;
    6858. 

  6858. }
    6859. 

  6859. 

  6860. function accessListSelect( listId )
    6861. 

  6861. {
    6862. 

  6862.     for (var i = $(listId).options.length; i > 1; --i) {
    6863. 

  6863.         $(listId).options[i-1].selected = true;
    6864. 

  6864.     }
    6865. 

  6865. }
    6866. 

  6866. 

  6867. function accessListDeselect( listId )
    6868. 

  6868. {
    6869. 

  6869.     for (var i = $(listId).options.length; i > 0; --i) {
    6870. 

  6870.         if ($(listId).options[i-1].selected) {
    6871. 

  6871.             $(listId).options[i-1].selected = false;
    6872. 

  6872.         }
    6873. 

  6873.     }    
    6874. 

  6874. }
    6875. 

  6875. 

  6876. function accessListEdit( listId )        
    6877. 

  6877. {
    6878. 

  6878.     var editId = listId + '_edit';
    6879. 

  6879.     var idx = $(listId).selectedIndex;
    6880. 

  6880. 

  6881.     if ($F(editId) == '') {
    6882. 

  6882.         alert('Enter data first');
    6883. 

  6883.         return accessListChoose( listId );
    6884. 

  6884.     }
    6885. 

  6885.     
    6886. 

  6886.     if (idx <= 0) {
    6887. 

  6887.         // adding new item
    6888. 

  6888.         idx = $(listId).options.length;
    6889. 

  6889.     }
    6890. 

  6890.     $(listId).options[idx] = new Option( $F(editId), $F(editId) );
    6891. 

  6891.     
    6892. 

  6892.     $(editId).value = '';
    6893. 

  6893.     // $(editId).disable();
    6894. 

  6894.     
    6895. 

  6895.     accessListDeselect( listId );
    6896. 

  6896. }
    6897. 

  6897. 

  6898. function accessListDelete( listId )
    6899. 

  6899. {
    6900. 

  6900.     var editId = listId + '_edit';
    6901. 

  6901.     $(editId).value = '';
    6902. 

  6902.     // $(editId).disable();
    6903. 

  6903. 

  6904.     // 0 is registered for create new item action
    6905. 

  6905.     for (var i = $(listId).options.length; i > 0; --i) {
    6906. 

  6906.         if (i > 1 && $(listId).options[i-1].selected) {
    6907. 

  6907.             $(listId).options[i-1] = null;
    6908. 

  6908.             continue;
    6909. 

  6909.         }
    6910. 

  6910.         if ($(listId).options[i-1].selected) {
    6911. 

  6911.             $(listId).options[i-1].selected = false;
    6912. 

  6912.         }
    6913. 

  6913.     }
    6914. 

  6914. }
    6915. 

  6915. 

  6916. // ----------------------------------------------------------------------------
    6917. 

  6917. // FILES
    6918. 

  6918. // ----------------------------------------------------------------------------
    6919. 

  6919. 

  6920. function filesUpdateContents( filetype )
    6921. 

  6921. {
    6922. 

  6922.     var params = $(filetype+'_form').serialize(false);
    6923. 

  6923.     var req = new Ajax.Request( 'index.php', { method: 'post', parameters: params,
    6924. 

  6924.             onLoading: function()
    6925. 

  6925.             {
    6926. 

  6926.                 $(filetype + '_loading').show();
    6927. 

  6927.                 $(filetype + '_submit').disable();
    6928. 

  6928.                 $(filetype + '_reset').disable();
    6929. 

  6929. 

  6930.                 $(filetype + '_message').hide();
    6931. 

  6931.             },
    6932. 

  6932.             onSuccess: function( transport )
    6933. 

  6933.             { 
    6934. 

  6934.                 $(filetype + '_submit').enable();
    6935. 

  6935.                 $(filetype + '_reset').enable();
    6936. 

  6936.                 $(filetype + '_loading').hide();
    6937. 

  6937. 

  6938.                 mainShowMessage( transport.responseText || 'No response' );
    6939. 

  6939.             },
    6940. 

  6940.             onFailure: function()
    6941. 

  6941.             { 
    6942. 

  6942.                 mainShowMessage( '<div class="warning">'+filetype+': ajax updating failed</div>' );
    6943. 

  6943. 

  6944.                 $(filetype + '_submit').enable();
    6945. 

  6945.                 $(filetype + '_reset').enable();
    6946. 

  6946.                 $(filetype + '_loading').hide();
    6947. 

  6947.             } 
    6948. 

  6948.         }
    6949. 

  6949.     );
    6950. 

  6950. 

  6951.     return false;
    6952. 

  6952. }
    6953. 

  6953. 

  6954. function filesOnChangeContents( filetype )
    6955. 

  6955. {
    6956. 

  6956.     $(filetype + '_loading').hide();
    6957. 

  6957.     $(filetype + '_submit').enable();
    6958. 

  6958.     $(filetype + '_reset').enable();
    6959. 

  6959. }
    6960. 

  6960. function filesDownload( filetype )
    6961. 

  6961. {
    6962. 

  6962.     // IE way
    6963. 

  6963.     //var contents = escape( $(filetype+'_contents').value );
    6964. 

  6964.     //mydoc = document.open();
    6965. 

  6965.     //mydoc.write(contents);
    6966. 

  6966.     //mydoc.execCommand("saveAs", true, filetype+".txt");
    6967. 

  6967.     //mydoc.close();
    6968. 

  6968. 

  6969.     document.location = 'index.php?page=files&action=downloadfile&filetype='+filetype;
    6970. 

  6970. }
    6971. 

  6971. 

  6972. // ----------------------------------------------------------------------------
    6973. 

  6973. // SETTINGS
    6974. 

  6974. // ----------------------------------------------------------------------------
    6975. 

  6975. 

  6976. function setsShowForm( fname, opt )
    6977. 

  6977. {
    6978. 

  6978.     if (opt == '' || opt == 'hide') {
    6979. 

  6979.         $(fname).hide();
    6980. 

  6980.     } else {
    6981. 

  6981.         $(fname).show();
    6982. 

  6982. 

  6983.         if (fname=='editAdmin' || fname=='chooseTpl' || fname=='addTpl' || fname=='editTpl') {
    6984. 

  6984.             setsResetForm( fname );
    6985. 

  6985.         }
    6986. 

  6986. 

  6987.         if (fname=='editAdmin' || fname=='resetProtected' || fname=='addTpl' || fname=='editTpl') {
    6988. 

  6988.             var f = $(fname + '_form');
    6989. 

  6989.             $(f).onsubmit = setsOnSubmitForm;
    6990. 

  6990.         }
    6991. 

  6991.     }
    6992. 

  6992. 

  6993.     var els = new Array("editAdmin", "downFiles", "resetProtected", "prefFiles");
    6994. 

  6994.     for (var i=0,len=els.length; i < len; ++i) {
    6995. 

  6995.         if (fname != els[i]) {
    6996. 

  6996.             $(els[i]).hide();
    6997. 

  6997.         }
    6998. 

  6998.     }
    6999. 

  6999. 

  7000.     if (fname == "chooseTpl" && opt != 'hide' ||
    7001. 

  7001.         fname == "addTpl" && opt=='hide' ||
    7002. 

  7002.         fname == "editTpl" && opt=='hide') {
    7003. 

  7003.         $('chooseTpl').show();
    7004. 

  7004.         setsResetForm('chooseTpl');
    7005. 

  7005. 

  7006.     } else if (fname == "addTpl" && opt!='hide') {
    7007. 

  7007.         $('chooseTpl').show();
    7008. 

  7008.         $('addTpl').show();
    7009. 

  7009.         $('editTpl').hide();
    7010. 

  7010.     } else if (fname == "editTpl" && opt!='' && opt!='hide') {
    7011. 

  7011.         $('chooseTpl').show();
    7012. 

  7012.         $('addTpl').hide();
    7013. 

  7013.         $('editTpl').show();
    7014. 

  7014.     } else {
    7015. 

  7015.         $('chooseTpl').hide();
    7016. 

  7016.         $('addTpl').hide();
    7017. 

  7017.         $('editTpl').hide();
    7018. 

  7018.     }
    7019. 

  7019. }
    7020. 

  7020. 

  7021. function setsResetForm( fname )
    7022. 

  7022. {
    7023. 

  7023.     var f = $(fname + '_form');
    7024. 

  7024. 

  7025.     if (fname == 'editAdmin') {
    7026. 

  7026.         $(f.username).value = "<?php echo addslashes($admin['name']) ?>";
    7027. 

  7027.         $(f.realname).value = "<?php echo addslashes($admin['info']) ?>";
    7028. 

  7028.         $(f.password).value = "<?php echo isset($admin['pass_raw']) ? addslashes($admin['pass_raw']) : '' ?>";
    7029. 

  7029.         $(f.email).value    = "<?php echo addslashes($admin['email']) ?>";
    7030. 

  7030. 

  7031.         var msg = $(fname + '_form_msg');
    7032. 

  7032.         msg.update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    7033. 

  7033.     }
    7034. 

  7034. 

  7035.     if (fname=='chooseTpl' || fname=='addTpl') {
    7036. 

  7036.         $('chooseTpl_default').selected = true;
    7037. 

  7037.     }
    7038. 

  7038. 

  7039.     if (fname=='addTpl') {
    7040. 

  7040.         var msg = $(fname + '_form_msg');
    7041. 

  7041.         msg.update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    7042. 

  7042.         setsOnChangeTemplateType( fname ) ;
    7043. 

  7043.     }
    7044. 

  7044. 

  7045.     if (fname=='editTpl') {
    7046. 

  7046.         var cf = $('chooseTpl_form');
    7047. 

  7047.         var opt = $(cf.templateid).value.toString();
    7048. 

  7048. 

  7049.         if (opt != '') {
    7050. 

  7050.             $(f.templateid).value = opt;
    7051. 

  7051.             $(f.templatename).value = emailTemplates[opt]["name"];
    7052. 

  7052.             $(f.templatesubject).value = emailTemplates[opt]["subject"];
    7053. 

  7053.             // type
    7054. 

  7054.             $('editTpl_form').getInputs("radio","templatetype").find(function(e)
    7055. 

  7055.             {
    7056. 

  7056.                 if (e.value == emailTemplates[opt]["type"]) {
    7057. 

  7057.                     // e.writeAttribute('checked', 'checked');
    7058. 

  7058.                     e.checked = true;
    7059. 

  7059.                 }
    7060. 

  7060.             });
    7061. 

  7061. 

  7062.             // enable / disable delete button for system templates
    7063. 

  7063.             if (emailTemplates[opt]['role'] == 'undefinied') {
    7064. 

  7064.             	$(f.delete_submit).enable();
    7065. 

  7065.             } else {
    7066. 

  7066.             	$(f.delete_submit).disable();
    7067. 

  7067.             }
    7068. 

  7068.             
    7069. 

  7069. <?php if ($am->hasFeature('tinymcejs')) { ?>
    7070. 

  7070.             if (tinyMCE.getInstanceById(fname + '_templatebody') != null) {
    7071. 

  7071.                 tinyMCE.execCommand('mceRemoveControl', false, fname + '_templatebody');
    7072. 

  7072.             }
    7073. 

  7073. <?php } ?>
    7074. 

  7074.             $(fname + '_templatebody').value = emailTemplates[opt]["contents"];
    7075. 

  7075. 

  7076.             setsOnChangeTemplateType( fname );
    7077. 

  7077.         }
    7078. 

  7078.     }
    7079. 

  7079. 

  7080. }
    7081. 

  7081. 

  7082. function setsOnSubmitForm()
    7083. 

  7083. {
    7084. 

  7084.     var fname = this.identify();
    7085. 

  7085. 

  7086.     if (fname == 'editAdmin_form') {
    7087. 

  7087.         var valid = $(this.username).present();
    7088. 

  7088.         var msg = $(fname + '_msg');
    7089. 

  7089. 

  7090.         if (!valid) {
    7091. 

  7091.             msg.update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    7092. 

  7092.             return false;
    7093. 

  7093.         }
    7094. 

  7094. 

  7095.         return true;
    7096. 

  7096.     } 
    7097. 

  7097. 

  7098.     if (fname == 'resetProtected_form') {
    7099. 

  7099.         var params = $(fname).serialize(false);
    7100. 

  7100.         var req = new Ajax.Request( 'index.php',
    7101. 

  7101.             { 
    7102. 

  7102.                 method: 'post',
    7103. 

  7103.                 parameters: params,
    7104. 

  7104.                 onLoading: function()
    7105. 

  7105.                 {
    7106. 

  7106.                     $('resetProtected_loading').show();
    7107. 

  7107.                 },
    7108. 

  7108.                 onSuccess: function( transport )
    7109. 

  7109.                 { 
    7110. 

  7110.                     $('resetProtected_loading').hide();
    7111. 

  7111.                     mainShowMessage( transport.responseText || '<div class="warning">No response received</div>' );
    7112. 

  7112.                 },
    7113. 

  7113.                 onFailure: function()
    7114. 

  7114.                 { 
    7115. 

  7115.                     $('resetProtected_loading').hide();
    7116. 

  7116. 

  7117.                     mainShowMessage( '<div class="warning">form updating failed</div>' );
    7118. 

  7118.                 } 
    7119. 

  7119.             }
    7120. 

  7120.         );
    7121. 

  7121. 

  7122.         return false;
    7123. 

  7123.     }
    7124. 

  7124. 

  7125.     if (fname=='addTpl_form' || fname=='editTpl_form') {
    7126. 

  7126.         var valid = $(this.templatename).present();
    7127. 

  7127.         var msg = $(fname + '_msg');
    7128. 

  7128. 

  7129.         if (!valid) {
    7130. 

  7130.             msg.update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    7131. 

  7131.             return false;
    7132. 

  7132.         }
    7133. 

  7133.         return true;
    7134. 

  7134.     } 
    7135. 

  7135. 

  7136.     return false;
    7137. 

  7137. }
    7138. 

  7138. 

  7139. function setsPrefFilesUpdate( filetype )
    7140. 

  7140. {
    7141. 

  7141.     var params = $(filetype+'_form').serialize(false);
    7142. 

  7142.     var req = new Ajax.Request( 'index.php',
    7143. 

  7143.         { 
    7144. 

  7144.             method: 'post',
    7145. 

  7145.             parameters: params,
    7146. 

  7146.             onLoading: function()
    7147. 

  7147.             {
    7148. 

  7148.                 $(filetype + '_loading').show();
    7149. 

  7149.                 $(filetype + '_message').hide();
    7150. 

  7150.             },
    7151. 

  7151.             onSuccess: function( transport )
    7152. 

  7152.             { 
    7153. 

  7153.                 $(filetype + '_loading').hide();
    7154. 

  7154.                 mainShowMessage( transport.responseText || '<div class="warning">No response received</div>' );
    7155. 

  7155.             },
    7156. 

  7156.             onFailure: function()
    7157. 

  7157.             { 
    7158. 

  7158.                 $(filetype + '_loading').hide();
    7159. 

  7159.                 mainShowMessage( '<div class="warning">'+filetype+': updating failed</div>' );
    7160. 

  7160.             } 
    7161. 

  7161.         }
    7162. 

  7162.     );
    7163. 

  7163.     return false;
    7164. 

  7164. }
    7165. 

  7165. 

  7166. function setsPrefFilesDownload( filetype )
    7167. 

  7167. {
    7168. 

  7168.     document.location = 'index.php?page=settings&action=downloadfile&filetype='+filetype;
    7169. 

  7169. }
    7170. 

  7170. 

  7171. function setsOnNewTemplate( val )
    7172. 

  7172. {
    7173. 

  7173.     setsShowForm('addTpl', 'show');
    7174. 

  7174. }
    7175. 

  7175. 

  7176. function setsOnChangeTemplate( val )
    7177. 

  7177. {
    7178. 

  7178.     if (val == '') {
    7179. 

  7179.         setsShowForm('editTpl', 'hide');
    7180. 

  7180.         setsShowForm('chooseTpl', 'show');
    7181. 

  7181.         return;
    7182. 

  7182.     }
    7183. 

  7183.     setsShowForm('editTpl', val);
    7184. 

  7184. }
    7185. 

  7185. 

  7186. function setsOnChangeTemplateType( fname  ) 
    7187. 

  7187. {
    7188. 

  7188. <?php if (false == $am->hasFeature('tinymcejs')) { ?>
    7189. 

  7189. 	// no tiny mce found
    7190. 

  7190. 	return false;
    7191. 

  7191. <?php }?>
    7192. 

  7192.     var res = $(fname+'_form').getInputs('radio','templatetype').find(function(e){return e.checked;});
    7193. 

  7193.     if (res == null) {
    7194. 

  7194.         alert('No type selected');
    7195. 

  7195.         return false;
    7196. 

  7196.     }
    7197. 

  7197.     var typename = $F(res);
    7198. 

  7198.     
    7199. 

  7199.     var id = fname + '_templatebody';
    7200. 

  7200.     if (typename == 'html') {
    7201. 

  7201.         if (tinyMCE.getInstanceById(id) == null) {
    7202. 

  7202.             tinyMCE.execCommand('mceAddControl', false, id);
    7203. 

  7203.         }
    7204. 

  7204.         // $(fname + '_templatevar').hide();
    7205. 

  7205.     } else {
    7206. 

  7206.         if (tinyMCE.getInstanceById(id) != null) {
    7207. 

  7207.             tinyMCE.execCommand('mceRemoveControl', false, id);
    7208. 

  7208.         }
    7209. 

  7209.         // $(fname + '_templatevar').show();
    7210. 

  7210.     }
    7211. 

  7211.     
    7212. 

  7212.     return true;
    7213. 

  7213. }
    7214. 

  7214. 

  7215. function setsSetChooseTpl( id ) 
    7216. 

  7216. {
    7217. 

  7217.     var f = $('chooseTpl_form');
    7218. 

  7218.     $(f.templateid).select("option").each( function(e) {
    7219. 

  7219.         if (e.value == id ) {
    7220. 

  7220.         	e.selected = true;
    7221. 

  7221.         }
    7222. 

  7222.     });
    7223. 

  7223.     $('chooseTpl').show();
    7224. 

  7224. }
    7225. 

  7225. 

  7226. function setsOnDeleteTemplate() 
    7227. 

  7227. {
    7228. 

  7228.     if (!confirm("<?php echo $am->M('Q_DELETETEMPLATE'); ?>")) {
    7229. 

  7229.         return false;
    7230. 

  7230.     }
    7231. 

  7231. 

  7232.     var f = $('editTpl_form');
    7233. 

  7233.     $(f.action).value = 'deletetemplate';
    7234. 

  7234.     return true;
    7235. 

  7235. }
    7236. 

  7236. 

  7237. // ----------------------------------------------------------------------------
    7238. 

  7238. // MEMBER
    7239. 

  7239. // ----------------------------------------------------------------------------
    7240. 

  7240. 

  7241. function memberOnSubmitForm( fObj )
    7242. 

  7242. {
    7243. 

  7243. 	if (typeof fObj == 'string') {
    7244. 

  7244. 		fObj = $(fObj);
    7245. 

  7245. 	}
    7246. 

  7246.     var fname = fObj.name;
    7247. 

  7247.     
    7248. 

  7248.     if (fname == 'memberEdit') {
    7249. 

  7249.         var valid = $(fObj.realname).present() && $(fObj.email).present(); 
    7250. 

  7250.         if (!valid) {
    7251. 

  7251.             $(fname+'_msg').update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    7252. 

  7252.             return false;
    7253. 

  7253.         }
    7254. 

  7254.         $(fname+'_msg').update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    7255. 

  7255. 

  7256.         var params = $(fname).serialize(false);
    7257. 

  7257.         var req = new Ajax.Request( 'index.php',
    7258. 

  7258.             { 
    7259. 

  7259.                 method: 'post',
    7260. 

  7260.                 parameters: params,
    7261. 

  7261.                 onLoading: function()
    7262. 

  7262.                 {
    7263. 

  7263.                     $(fname+'_loading').show();
    7264. 

  7264.                 },
    7265. 

  7265.                 onSuccess: function( transport )
    7266. 

  7266.                 { 
    7267. 

  7267.                     $(fname+'_loading').hide();
    7268. 

  7268.                     mainShowMessage( transport.responseText || '<div class="warning">No response received</div>' );
    7269. 

  7269.                     $($(fname).password).value = '';
    7270. 

  7270.                 },
    7271. 

  7271.                 onFailure: function()
    7272. 

  7272.                 { 
    7273. 

  7273.                     $(fname+'_loading').hide();
    7274. 

  7274.                     mainShowMessage( '<div class="warning">updating failed</div>' );
    7275. 

  7275.                 } 
    7276. 

  7276.             }
    7277. 

  7277.         );
    7278. 

  7278. 

  7279.         return false;
    7280. 

  7280.     }
    7281. 

  7281.     
    7282. 

  7282.     if (fname == 'forgot') {
    7283. 

  7283.         var valid = $(fObj.username).present() && $(fObj.email).present();
    7284. 

  7284.         if (!valid) {
    7285. 

  7285.             $(fname+'_msg').update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    7286. 

  7286.             return false;
    7287. 

  7287.         }
    7288. 

  7288.         
    7289. 

  7289.         $(fname+'_msg').update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black'; 
    7290. 

  7290.         
    7291. 

  7291.         return true;
    7292. 

  7292.     }
    7293. 

  7293.     
    7294. 

  7294.     if (fname == 'recover') {
    7295. 

  7295.         var valid = $(fObj.username).present() && $(fObj.key).present();
    7296. 

  7296.         if (!valid) {
    7297. 

  7297.             $(fname+'_msg').update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    7298. 

  7298.             return false;
    7299. 

  7299.         }
    7300. 

  7300.         
    7301. 

  7301.         $(fname+'_msg').update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black'; 
    7302. 

  7302.         
    7303. 

  7303.         return true;
    7304. 

  7304.     }
    7305. 

  7305.         
    7306. 

  7306.     return false;
    7307. 

  7307. }
    7308. 

  7308. 

  7309. // ----------------------------------------------------------------------------
    7310. 

  7310. // SUPPORT
    7311. 

  7311. // ----------------------------------------------------------------------------
    7312. 

  7312. 

  7313. function supportResetForm( id )
    7314. 

  7314. {
    7315. 

  7315.     var fname = typeof(id) == 'object' ? id.name : id; 
    7316. 

  7316.     
    7317. 

  7317.     if (fname == 'supportRequest') {
    7318. 

  7318.         $(fname+'_msg').update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    7319. 

  7319.         
    7320. 

  7320.         $($(fname).subject).value = "";
    7321. 

  7321.         $($(fname).body).value = "";
    7322. 

  7322.     }
    7323. 

  7323.     
    7324. 

  7324.     return false;
    7325. 

  7325. }
    7326. 

  7326. 

  7327. function supportOnSubmitForm(fObj)
    7328. 

  7328. {
    7329. 

  7329. 	if (typeof fObj == 'string') {
    7330. 

  7330. 		fObj = $(fObj);
    7331. 

  7331. 	}
    7332. 

  7332.     var fname = fObj.name;
    7333. 

  7333.     
    7334. 

  7334.     if (fname == 'supportRequest') {
    7335. 

  7335.         var valid = $(fObj.subject).present() && $(fObj.body).present(); 
    7336. 

  7336.         var msg = $(fname + '_msg');
    7337. 

  7337. 

  7338.         if (!valid) {
    7339. 

  7339.             msg.update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    7340. 

  7340.             return false;
    7341. 

  7341.         }
    7342. 

  7342.         msg.update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    7343. 

  7343. 

  7344.         var params = $(fname).serialize(false);
    7345. 

  7345.         
    7346. 

  7346.         var req = new Ajax.Request( 'index.php',
    7347. 

  7347.             { 
    7348. 

  7348.                 method: 'post',
    7349. 

  7349.                 parameters: params,
    7350. 

  7350.                 onLoading: function()
    7351. 

  7351.                 {
    7352. 

  7352.                     $(fname+'_loading').show();
    7353. 

  7353.                 },
    7354. 

  7354.                 onSuccess: function( transport )
    7355. 

  7355.                 { 
    7356. 

  7356.                     $(fname+'_loading').hide();
    7357. 

  7357.                     mainShowMessage( transport.responseText || '<div class="warning">No response received</div>' );
    7358. 

  7358.                     supportResetForm( fname );
    7359. 

  7359.                 },
    7360. 

  7360.                 onFailure: function()
    7361. 

  7361.                 { 
    7362. 

  7362.                     $(fname+'_loading').hide();
    7363. 

  7363.                     mainShowMessage( '<div class="warning">updating failed</div>' );
    7364. 

  7364.                 } 
    7365. 

  7365.             }
    7366. 

  7366.         );
    7367. 

  7367. 

  7368.         return false;
    7369. 

  7369.     }
    7370. 

  7370. 

  7371.     return false;
    7372. 

  7372. }
    7373. 

  7373. 

  7374. // ----------------------------------------------------------------------------
    7375. 

  7375. // SIGNUPS
    7376. 

  7376. // ----------------------------------------------------------------------------
    7377. 

  7377. 

  7378. function signupsShowForm( fname, opt )
    7379. 

  7379. {
    7380. 

  7380.     if (opt == '' || opt == 'hide') {
    7381. 

  7381.         $(fname+'_container').hide();
    7382. 

  7382.     } else {
    7383. 

  7383.         $(fname+'_container').show();
    7384. 

  7384. 

  7385.         if (fname == 'approve' || fname == 'delete') {
    7386. 

  7386. 	        $($(fname).username).value = opt;
    7387. 

  7387.         }
    7388. 

  7388. 

  7389.         signupsResetForm( fname );
    7390. 

  7390.         $(fname).onsubmit = signupsOnSubmitForm;
    7391. 

  7391.     }
    7392. 

  7392. 

  7393.     var els = new Array("approve", "delete", "deleteall", "deleteselected");
    7394. 

  7394.     for (var i=0,len=els.length; i < len; ++i) {
    7395. 

  7395.         if (fname != els[i]) {
    7396. 

  7396.             $(els[i]+'_container').hide();
    7397. 

  7397.         }
    7398. 

  7398.     }
    7399. 

  7399. }
    7400. 

  7400. 

  7401. function signupsResetForm( fname )
    7402. 

  7402. {
    7403. 

  7403.     if (fname == 'approve') {
    7404. 

  7404. 

  7405. 	    var uname = $F($(fname).username);
    7406. 

  7406.         $($(fname).realname).value = signups[uname]['info'];
    7407. 

  7407.         $($(fname).password).value = signups[uname]['pass'];
    7408. 

  7408.         $($(fname).email).value    = signups[uname]['email'];
    7409. 

  7409. 

  7410.         $(fname+'_datetime').innerHTML = signups[uname]['ts'];
    7411. 

  7411.         $(fname+'_remoteaddr').innerHTML = signups[uname]['remoteaddr'];
    7412. 

  7412.         $(fname+'_referer').innerHTML = signups[uname]['referer'];
    7413. 

  7413.         
    7414. 

  7414.         var msg = $(fname + '_msg');
    7415. 

  7415.         msg.update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    7416. 

  7416.     }
    7417. 

  7417.     
    7418. 

  7418.     return true;
    7419. 

  7419. }
    7420. 

  7420. 

  7421. function signupsOnSubmitForm( event )
    7422. 

  7422. {
    7423. 

  7423. 	if (typeof event == 'string') {
    7424. 

  7424. 		fObj = $(fObj);
    7425. 

  7425. 	} else {
    7426. 

  7426. 		fObj = this;
    7427. 

  7427. 	}
    7428. 

  7428.     
    7429. 

  7429. 	var fname = fObj.identify();
    7430. 

  7430.     
    7431. 

  7431.  	if (fname == 'delete' || fname == 'deleteall') {
    7432. 

  7432.  		return true;
    7433. 

  7433.     }
    7434. 

  7434. 

  7435.     if (fname == 'deleteselected') {
    7436. 

  7436.     	var count = 0;
    7437. 

  7437.         $('usersList').getInputs("checkbox","usernames[]").find(function(e) {
    7438. 

  7438.         	if (e.checked) {
    7439. 

  7439.         		count++;
    7440. 

  7440.         	}
    7441. 

  7441.         });
    7442. 

  7442.        	if (count < 1) {
    7443. 

  7443.        		alert('<?php echo $am->W('SELUSERSFIRST') ?>');
    7444. 

  7444.        		return false;
    7445. 

  7445.        	}
    7446. 

  7446.     	
    7447. 

  7447.        	$($('usersList').action).value = 'deleteselected';
    7448. 

  7448.        	$('usersList').submit();
    7449. 

  7449.         return false;
    7450. 

  7450.     }    
    7451. 

  7451. 

  7452.     if (fname == 'approve') {
    7453. 

  7453.         var valid =  $($(fname).username).present() && $($(fname).password).present();
    7454. 

  7454. 

  7455.         if (!valid) {
    7456. 

  7456.             $(fname+'_msg').update('<?php echo $am->W('FILLOUTALL') ?>').style.color = 'red';
    7457. 

  7457.             return false;
    7458. 

  7458.         }
    7459. 

  7459.         $(fname+'_msg').update('<?php echo $am->M('FILLFIELDS'); ?>').style.color = 'black';
    7460. 

  7460.     	
    7461. 

  7461.     	return true;
    7462. 

  7462.     }
    7463. 

  7463. 

  7464.     return false;
    7465. 

  7465. }
    7466. 

  7466. 

  7467. <?php
    7468. 

  7468. }
    7469. 

  7469. 

  7470. /**
    7471. 

  7471.  * Return Javascript Array
    7472. 

  7472.  *
    7473. 

  7473.  * @param $string $type
    7474. 

  7474.  * @return $string
    7475. 

  7475.  */
    7476. 

  7476. function getJsArray( $type )
    7477. 

  7477. {
    7478. 

  7478. 	global $am;
    7479. 

  7479. 	
    7480. 

  7480. 	$s = '// JS code: ' . $type . "\n";
    7481. 

  7481. 	
    7482. 

  7482. 	if ($type == 'emailTemplates') {
    7483. 

  7483. 		$tplsArray = $am->getTemplates();
    7484. 

  7484. 			
    7485. 

  7485. 	    $s .= "var emailTemplates = new Array();\n";
    7486. 

  7486. 	    foreach ($tplsArray as $id=>$tpl) {
    7487. 

  7487. 	        $id = addslashes($id);
    7488. 

  7488. 	
    7489. 

  7489. 	        $s .= "emailTemplates[\"$id\"] = new Array();\n";
    7490. 

  7490. 	        foreach ($tpl as $k=>$v) {
    7491. 

  7491. 	            $v = $v != '' ? addslashes($v) : '';
    7492. 

  7492. 

  7493. 	            $v = preg_replace("/(\n|\r\n)/", "\\n", $v);
    7494. 

  7494. 	            $s .= " emailTemplates[\"$id\"][\"$k\"] = \"$v\";\n";
    7495. 

  7495. 	        }
    7496. 

  7496. 	    }
    7497. 

  7497. 	}
    7498. 

  7498. 	
    7499. 

  7499. 	return $s;
    7500. 

  7500. }
    7501. 

  7501. 

  7502. // end of js
    7503. 

  7503. getJavascript();
    7504. 

  7504. ?>
    7505. 

  7505. //]]>
    7506. 

  7506. </script>
    7507. 

  7507. </head>
    7508. 

  7508. <body>
    7509. 

  7509. <div id="wrapper">
    7510. 

  7510.   <?php 
    7511. 

  7511.     if ($am->isAuthenticated()) {
    7512. 

  7512.         $user = $am->getAuthenticatedUser();
    7513. 

  7513.         $info = isset($user['info']) && $user['info'] != '' ? $user['info'] : $user['name'];
    7514. 

  7514. 

  7515.         echo '<div id="headermember">';
    7516. 

  7516.         echo $am->M('LOGGEDAS', $info) . ', ';
    7517. 

  7517.         echo '<a href="http://fakeuser:fakepass@roster.biosupport.se/logout/index.php">' . $am->M('CLICKHERE') . '</a> ';
    7518. 

  7518.         echo $am->M('TOLOGOUT');  
    7519. 

  7519.         echo '</div>';
    7520. 

  7520.     }
    7521. 

  7521.   ?>
    7522. 

  7522. 

  7523.  <div id="header">
    7524. 

  7524.   <div id="site_logo"> AuthMan <span class="high">Free</span> </div>
    7525. 

  7525. <!--  <div id="languages"><a href="">How to change language</a></div> -->
    7526. 

  7526.  </div>
    7527. 

  7527. 

  7528.  <div id="content">
    7529. 

  7529. 

  7530.  <?php
    7531. 

  7531.     if ($am->isDemo()) {
    7532. 

  7532.         print '<div id="demomessage">'.$am->M('NOTES_DEMOMODE').'</div>';
    7533. 

  7533.     }
    7534. 

  7534. }
    7535. 

  7535. 

  7536. /**
    7537. 

  7537.  * Shows footer
    7538. 

  7538.  *
    7539. 

  7539.  * @return void
    7540. 

  7540.  */
    7541. 

  7541. function web_footer()
    7542. 

  7542. {
    7543. 

  7543. ?>
    7544. 

  7544.  </div> <!-- end of content div -->
    7545. 

  7545.  <div id="footer">Powered by <a href="http://www.authman.com">AuthMan Free</a> &copy; 2008 Authman.com. All rights reserved.</div>
    7546. 

  7546. </body>
    7547. 

  7547. </html>
    7548. 

  7548. <?php
    7549. 

  7549. }
    7550. 

  7550. 

  7551. /**
    7552. 

  7552.  * Shows main menu
    7553. 

  7553.  *  
    7554. 

  7554.  * @return void
    7555. 

  7555.  */
    7556. 

  7556. function web_menu()
    7557. 

  7557. {
    7558. 

  7558.     global $am;
    7559. 

  7559. 

  7560.     echo '<div id="lefty"><ul>';
    7561. 

  7561. 

  7562.     echo '<li><a href="index.php?page=home">' . $am->M('MENU_HOME') .'</a></li>';
    7563. 

  7563. 

  7564.     if (!$am->isAuthenticated()) {
    7565. 

  7565.         echo '<li><a href="index.php?page=login">' . $am->M('MENU_LOGIN') .'</a></li>';
    7566. 

  7566.         
    7567. 

  7567.         if ($am->getConfigValue('allowsignup')) {
    7568. 

  7568. 	        echo '<li><a href="index.php?page=signup">' . $am->M('MENU_SIGNUP') .'</a></li>';    }
    7569. 

  7569.     	}
    7570. 

  7570.     
    7571. 

  7571.     if ($am->isAuthenticated()) {
    7572. 

  7572. 	    if (!$am->isAdmin()) {
    7573. 

  7573.     	    echo '<li><a href="index.php?page=edit">' . $am->M('MENU_MEMBEREDIT') . '</a></li>';
    7574. 

  7574.     	    echo '<li><a href="index.php?page=remove">' . $am->M('MENU_MEMBERDELETE') . '</a></li>';
    7575. 

  7575. 	    }
    7576. 

  7576.     }
    7577. 

  7577.     if ($am->isAdmin()) {
    7578. 

  7578.         echo '<li><a href="index.php?page=access">' . $am->M('MENU_ACCESS') . '</a></li>';
    7579. 

  7579.         echo '<li><a href="index.php?page=users">' . $am->M('MENU_USERS') . '</a></li>';
    7580. 

  7580.         echo '<li><a href="index.php?page=files">' . $am->M('MENU_FILES') . '</a></li>';
    7581. 

  7581. //        echo '<li><a href="index.php?page=mailing">' . $am->M('MENU_MAILING') . '</a></li>';
    7582. 

  7582.         echo '<li><a href="index.php?page=settings">' . $am->M('MENU_SETTINGS') . '</a></li>';
    7583. 

  7583.     }
    7584. 

  7584. 

  7585.     if ($am->isAuthenticated()) {
    7586. 

  7586. 	    echo '<li><a href="index.php?page=support">' . $am->M('MENU_SUPPORT') . '</a></li>';
    7587. 

  7587. 	    if (!$am->isAdmin()) {
    7588. 

  7588.     	    echo '<li><a href="http://fakeuser:fakepass@roster.biosupport.se/logout/index.php">' . $am->M('MENU_LOGOUT') . '</a></li>';
    7589. 

  7589. 	    }
    7590. 

  7590.     }
    7591. 

  7591.         
    7592. 

  7592.     echo '</ul></div>';
    7593. 

  7593. }
    7594. 

  7594. 

  7595. function fmt_message( $msg )
    7596. 

  7596. {
    7597. 

  7597.     if (!isset($msg)) {
    7598. 

  7598.         return false;
    7599. 

  7599.     }
    7600. 

  7600. 

  7601.     $sout = '';
    7602. 

  7602.     foreach (split("[\r\n\t ]+", $msg) as $s) {
    7603. 

  7603.         if (strlen($s) > 30) {
    7604. 

  7604. 

  7605.             if (substr($s,0,1)=='/') {
    7606. 

  7606.                 $ss = strstr( substr($s,-40), '/' );
    7607. 

  7607.                 if ($ss == false || strlen($ss) < 10) {
    7608. 

  7608.                     $s = '<u>...</u>' . substr($s, -30);
    7609. 

  7609.                 } else {
    7610. 

  7610.                     $s = '<u>...</u>' . $ss;
    7611. 

  7611.                 }
    7612. 

  7612. 

  7613.             } else if (substr($s,1,2)==':\\') {
    7614. 

  7614.                 $ss = strstr( substr($s,-40), '\\' );
    7615. 

  7615.                 if ($ss == false || strlen($ss) < 10) {
    7616. 

  7616.                     $s = '<u>...</u>' . substr($s, -30);
    7617. 

  7617.                 } else {
    7618. 

  7618.                     $s = '<u>...</u>' . $ss;
    7619. 

  7619.                 }
    7620. 

  7620.                                 
    7621. 

  7621.             } else {
    7622. 

  7622.                 $s = substr($s, 0, 30) . '<u>.</u>';
    7623. 

  7623.             }
    7624. 

  7624. 

  7625.         }
    7626. 

  7626.         $sout .= ' ' . $s;
    7627. 

  7627.     }
    7628. 

  7628.     return $sout;
    7629. 

  7629. }
    7630. 

  7630. 

  7631. function web_message( $msg, $err )
    7632. 

  7632. {
    7633. 

  7633.     print '<div id="mainmessage">';
    7634. 

  7634.     $count = 0;
    7635. 

  7635.     if (isset($msg)) {
    7636. 

  7636.         if (!is_array($msg)) {
    7637. 

  7637.             $msg = array( $msg );
    7638. 

  7638.         }
    7639. 

  7639. 

  7640.         foreach($msg as $text) {
    7641. 

  7641.             if (isset($text)) {
    7642. 

  7642.                 print '<div class="message">' . fmt_message($text) . '</div>';
    7643. 

  7643.                 $count++;
    7644. 

  7644.             }
    7645. 

  7645.         }
    7646. 

  7646.     }
    7647. 

  7647. 

  7648.     if (isset($err)) {
    7649. 

  7649.         if (!is_array($err)) {
    7650. 

  7650.             $err= array( $err);
    7651. 

  7651.         }
    7652. 

  7652. 

  7653.         foreach($err as $text) {
    7654. 

  7654.             if (isset($text)) {
    7655. 

  7655.                 print '<div class="warning">' . fmt_message($text) . '</div>';
    7656. 

  7656.                 $count++;
    7657. 

  7657.             }
    7658. 

  7658.         }
    7659. 

  7659.     }
    7660. 

  7660. 

  7661.     print '</div>';
    7662. 

  7662. 

  7663.     if ($count) {
    7664. 

  7664.         print "\n<script type=\"text/javascript\" xml:space=\"preserve\">\n//<![CDATA[\n";
    7665. 

  7665.         print "setTimeout(\"mainCleanMessage();\",5000);"; 
    7666. 

  7666.         print "//]]>\n</script>\n";
    7667. 

  7667.     }
    7668. 

  7668. }
    7669. 

  7669. 

  7670. ################################################################################
    7671. 

  7671. function web_stepper( $prefixurl, $total, $limit=10, $page=1 )
    7672. 

  7672. {
    7673. 

  7673.     global $am;
    7674. 

  7674. 

  7675.     if (empty($limit)) {
    7676. 

  7676.         $total_pages = 1;
    7677. 

  7677.         $page = 1;
    7678. 

  7678. 

  7679.         $last = $total;
    7680. 

  7680.         $offset = 0;
    7681. 

  7681. 

  7682.     } else {
    7683. 

  7683.         $total_pages = ceil( $total / $limit );
    7684. 

  7684.         if ($total_pages < 1)
    7685. 

  7685.             $total_pages = 1;
    7686. 

  7686. 

  7687.         if ($page > $total_pages)
    7688. 

  7688.             $page = $total_pages;
    7689. 

  7689. 

  7690.         $last = $page * $limit;
    7691. 

  7691.         if ($last > $total)
    7692. 

  7692.             $last = $total;
    7693. 

  7693. 

  7694.         $offset = ($page-1) * $limit;
    7695. 

  7695.         if ($offset > $last)
    7696. 

  7696.             $offset = $last;
    7697. 

  7697.     }
    7698. 

  7698. 

  7699.     print '<div class="stepper">';
    7700. 

  7700. 

  7701.     // Showing N-N of N   Records <select> per page
    7702. 

  7702.     print '<div class="pageinfo">';
    7703. 

  7703.     print $am->M('STEPPER', ($total > 0 ? $offset+1 : 0), $last, $total);
    7704. 

  7704. 

  7705.     echo ' ' . $am->M('WITH') . ' ';
    7706. 

  7706. 

  7707.     $values = array(10=>10, 20=>20, 50=>50, '< all >'=>999999);
    7708. 

  7708.     print "<select id=\"limit\" name=\"limit\" onChange=\"document.location='".$prefixurl."p=1&limit='+\$F($(limit));\">\n";
    7709. 

  7709.     foreach($values as $t=>$i) {
    7710. 

  7710.         printf(" <option value=\"%d\"%s>%s</option>\n", $i, ($limit == $i ? ' selected=selected' : ''), $t);
    7711. 

  7711.     }
    7712. 

  7712.     print "</select>" . $am->M('RECORDSPERPAGE');
    7713. 

  7713.     print '</div>';
    7714. 

  7714. 

  7715.     // 1 2 3 ...
    7716. 

  7716.     print '<div class="pages">';
    7717. 

  7717.     if ($page > 1)
    7718. 

  7718.         printf('<a href="%sp=%d">%s</a>', $prefixurl, $page-1, '&lt;');
    7719. 

  7719. 

  7720.     $prev_p = null; 
    7721. 

  7721.     for ($p = 1; $p <= $total_pages; $p++) {
    7722. 

  7722. 

  7723.         if ($p == $page) {
    7724. 

  7724.             printf('<a class="active" href="%sp=%d">%d</a>', $prefixurl, $p, $p);
    7725. 

  7725.             $prev_p = $p;
    7726. 

  7726.             continue;
    7727. 

  7727.         }
    7728. 

  7728. 

  7729.         if ($p<3 || $p > $total_pages-2 || $p > $page-2 && $p < $page+2) {
    7730. 

  7730.             printf('<a href="%sp=%d">%d</a>', $prefixurl, $p, $p);
    7731. 

  7731.             $prev_p = $p;
    7732. 

  7732.             continue;
    7733. 

  7733.         } 
    7734. 

  7734.         
    7735. 

  7735.         if ($prev_p) // && $prev_p+1 != $p) 
    7736. 

  7736.         { 
    7737. 

  7737.             print '<span>...</span>';
    7738. 

  7738.             $prev_p = null;
    7739. 

  7739.         }
    7740. 

  7740.     }
    7741. 

  7741.     if ($page < $total_pages)
    7742. 

  7742.         printf('<a href="%sp=%d">%s</a>', $prefixurl, $page+1, '&gt;');
    7743. 

  7743.     print '</div>';
    7744. 

  7744. 

  7745.     print '</div>';
    7746. 

  7746. }
    7747. 

  7747. 

  7748. /**
    7749. 

  7749.  * Header redirect wrapper
    7750. 

  7750.  *
    7751. 

  7751.  * @param string $url
    7752. 

  7752.  * @param int $time default 3
    7753. 

  7753.  * @param string $message
    7754. 

  7754.  * @return void
    7755. 

  7755.  */
    7756. 

  7756. function redirect_header($url, $time = 3, $message = '')
    7757. 

  7757. {
    7758. 

  7758.     define("_IFNOTRELOAD","If the page does not automatically reload, please click <a href='%s'>here</a>");
    7759. 

  7759. 

  7760.     if (!defined("ENT_QUOTES")) { 
    7761. 

  7761.     	define("ENT_QUOTES", 3);
    7762. 

  7762.     }
    7763. 

  7763.     
    7764. 

  7764.     $url = preg_replace("/&amp;/i", '&', htmlspecialchars($url, ENT_QUOTES));
    7765. 

  7765.     $headers = array(
    7766. 

  7766.     	'<meta http-equiv="Refresh" content="'.$time.'; url='.$url.'" />'
    7767. 

  7767.     );
    7768. 

  7768. 

  7769.     web_header( 'REDIRECT MESSAGE', null, $headers );
    7770. 

  7770.        
    7771. 

  7771.     echo '<div id="righty">'; // righty
    7772. 

  7772.     echo '<div align="center">
    7773. 

  7773.           <div class="redirect">
    7774. 

  7774.           <span>'.$message.'</span>
    7775. 

  7775.           <hr />
    7776. 

  7776.           <p>'.sprintf(_IFNOTRELOAD, $url).'</p>
    7777. 

  7777.           </div>
    7778. 

  7778.           </div>';
    7779. 

  7779.     echo '</div>'; // righty        
    7780. 

  7780. 

  7781.     web_footer();
    7782. 

  7782.     exit();
    7783. 

  7783. }
    7784. 

  7784. ################################################################################
    7785. 

  7785. 

  7786. function htmlDecode( $val, $addSlashes=false )
    7787. 

  7787. {
    7788. 

  7788. 	$val = trim($val);
    7789. 

  7789. 	$val = @html_entity_decode($val, ENT_COMPAT, 'UTF-8');
    7790. 

  7790. 	if ($addSlashes) {
    7791. 

  7791. 		$val = addslashes($val);
    7792. 

  7792. 	}
    7793. 

  7793. 	return $val;
    7794. 

  7794. }
    7795. 

  7795. 

  7796. function htmlEncode( $val, $addSlashes=false, $quoteBackSlashes=false )
    7797. 

  7797. {
    7798. 

  7798. 	$val = @htmlentities($val, ENT_COMPAT, 'UTF-8');
    7799. 

  7799. 	if ($addSlashes) {
    7800. 

  7800. 		$val = addSlashes($val);		
    7801. 

  7801. 	}
    7802. 

  7802. 	if ($quoteBackSlashes) {
    7803. 

  7803. 		$val = preg_replace('/[\\\]/', '\\\\', $val);
    7804. 

  7804. 	}
    7805. 

  7805. 	return $val;
    7806. 

  7806. }
    7807. 

  7807. 

  7808. /**
    7809. 

  7809. * Return true if there is variable with given name
    7810. 

  7810. * 
    7811. 

  7811. * @param string $name
    7812. 

  7812. * @return bool
    7813. 

  7813. */
    7814. 

  7814. function hasParam( $name )
    7815. 

  7815. {
    7816. 

  7816.     if (array_key_exists($name, $_GET)) {
    7817. 

  7817.         return true;
    7818. 

  7818.     }
    7819. 

  7819. 

  7820.     if (array_key_exists($name, $_POST)) {
    7821. 

  7821.         return true;
    7822. 

  7822.     }
    7823. 

  7823. 

  7824.     return false;
    7825. 

  7825. }
    7826. 

  7826. 

  7827. /**
    7828. 

  7828.  * Return GET or POST variable.
    7829. 

  7829.  *
    7830. 

  7830.  * @param string $name
    7831. 

  7831.  * @param string $default
    7832. 

  7832.  * @param mixed $filters
    7833. 

  7833.  * @return mixed
    7834. 

  7834.  */
    7835. 

  7835. function getParam( $name, $default=null, $filters=array() )
    7836. 

  7836. {
    7837. 

  7837.     global $am;
    7838. 

  7838.     
    7839. 

  7839.     $val = null;
    7840. 

  7840. 

  7841.     if (array_key_exists($name, $_POST)) {
    7842. 

  7842.         $val = $_POST[$name];
    7843. 

  7843.     } else if (array_key_exists($name, $_GET)) {
    7844. 

  7844.         $val = $_GET[$name];
    7845. 

  7845.     }
    7846. 

  7846. 

  7847.     if (!isset($val)) {
    7848. 

  7848.         return addslashes($default);
    7849. 

  7849.     }
    7850. 

  7850. 

  7851.     if (is_array($val)) {
    7852. 

  7852.     	foreach( $val as $k=>$v ) {
    7853. 

  7853.     		$val[$k] = get_magic_quotes_gpc() ? stripslashes($v) : $v;
    7854. 

  7854.     	}
    7855. 

  7855.     } else {
    7856. 

  7856.     	$val = get_magic_quotes_gpc() ? stripslashes($val) : $val;
    7857. 

  7857.     }
    7858. 

  7858.     
    7859. 

  7859.     if (!is_array($filters)) {
    7860. 

  7860.         $filters = array($filters);
    7861. 

  7861.     }
    7862. 

  7862.     
    7863. 

  7863.     $realFilters = array();
    7864. 

  7864.     
    7865. 

  7865.     foreach($filters as $f) {
    7866. 

  7866.         if ($f == 'field') {
    7867. 

  7867.             $realFilters[] = 'trim';
    7868. 

  7868.             $realFilters[] = '_htmldecode';
    7869. 

  7869.             $realFilters[] = 'strip_tags';
    7870. 

  7870.             $realFilters[] = 'not2dots';
    7871. 

  7871.             $realFilters[] = 'max255';
    7872. 

  7872.         } elseif ($f == 'username') {
    7873. 

  7873.             $realFilters[] = 'trim';
    7874. 

  7874.             $realFilters[] = '_htmldecode';
    7875. 

  7875.             $realFilters[] = 'strip_tags';
    7876. 

  7876.             $realFilters[] = 'not2dots';
    7877. 

  7877.             $realFilters[] = 'strtolower';
    7878. 

  7878.             $realFilters[] = 'max255';
    7879. 

  7879.         } elseif ($f == 'password') {
    7880. 

  7880.             $realFilters[] = 'trim';
    7881. 

  7881.             $realFilters[] = 'max255';
    7882. 

  7882.         } elseif ($f == 'email') {
    7883. 

  7883.             $realFilters[] = 'trim';
    7884. 

  7884.             $realFilters[] = '_htmldecode';
    7885. 

  7885.             $realFilters[] = 'strip_tags';
    7886. 

  7886.             $realFilters[] = 'not2dots';
    7887. 

  7887.             $realFilters[] = 'max255';
    7888. 

  7888.         } elseif ($f == 'subject') {
    7889. 

  7889.             $realFilters[] = 'trim';
    7890. 

  7890.             $realFilters[] = 'strip_tags';
    7891. 

  7891.             $realFilters[] = 'htmlspecialchars_decode';
    7892. 

  7892.             $realFilters[] = 'max255';
    7893. 

  7893.         } elseif ($f == 'attr' || $f == 'attribute') {
    7894. 

  7894.             $realFilters[] = 'strtolower';
    7895. 

  7895.         } elseif ($f == 'htmlcode') {
    7896. 

  7896.             $realFilters[] = 'trim';
    7897. 

  7897.             $realFilters[] = '_htmldecode';
    7898. 

  7898.         } elseif ($f == 'url') {
    7899. 

  7899.             $realFilters[] = 'trim';
    7900. 

  7900.             $realFilters[] = '_htmldecode';
    7901. 

  7901.             $realFilters[] = 'strip_tags';
    7902. 

  7902.         } elseif ($f == 'filepath') {
    7903. 

  7903.             $realFilters[] = 'trim';
    7904. 

  7904.             $realFilters[] = '_htmldecode';
    7905. 

  7905.             $realFilters[] = 'strip_tags';
    7906. 

  7906.             $realFilters[] = '_path';
    7907. 

  7907.         } else {
    7908. 

  7908.             $realFilters[] = $f;
    7909. 

  7909.         }
    7910. 

  7910.     }
    7911. 

  7911.     
    7912. 

  7912.     foreach($realFilters as $fname) {
    7913. 

  7913.         if ($fname == 'alpha') {
    7914. 

  7914.             $val = preg_replace('/[^a-z\_]+/i', '', $val);
    7915. 

  7915. 

  7916.         } else if ($fname == 'alnum') {
    7917. 

  7917.             $val = preg_replace('/[^a-z0-9\_]+/i', '', $val);
    7918. 

  7918.         
    7919. 

  7919.         } else if ($fname == 'not2dots') {
    7920. 

  7920.             $val = preg_replace('/[:]+/i', '', $val);
    7921. 

  7921. 

  7922.         } else if ($fname == '_htmldecode') {
    7923. 

  7923.            if (is_array($val)) {
    7924. 

  7924.                 foreach ($val as $k=>$v) {
    7925. 

  7925.                     $val[$k] = @html_entity_decode($v, ENT_COMPAT, 'UTF-8');
    7926. 

  7926.                 }
    7927. 

  7927.             } else {
    7928. 

  7928.                 $val = @html_entity_decode($val, ENT_COMPAT, 'UTF-8');
    7929. 

  7929.             }
    7930. 

  7930. 

  7931.         } else if ($fname == '_path') {
    7932. 

  7932.             $val = $am->getNormalizedPath( $val );
    7933. 

  7933. 

  7934.         } else if ($fname == 'max255') {
    7935. 

  7935.             if (is_array($val)) {
    7936. 

  7936.                 foreach ($val as $k=>$v) {
    7937. 

  7937.                     $val[$k] = substr($v, 0, 255);
    7938. 

  7938.                 }
    7939. 

  7939.             } else {
    7940. 

  7940.                 $val = substr($val, 0, 255);
    7941. 

  7941.             }
    7942. 

  7942.             
    7943. 

  7943.         } else if ($fname == 'max4k') {
    7944. 

  7944.             if (is_array($val)) {
    7945. 

  7945.                 foreach ($val as $k=>$v) {
    7946. 

  7946.                     $val[$k] = substr($v, 0, 4096);
    7947. 

  7947.                 }
    7948. 

  7948.             } else {
    7949. 

  7949.                 $val = substr($val, 0, 4096);
    7950. 

  7950.             }
    7951. 

  7951. 

  7952.         } else if (function_exists($fname)) {
    7953. 

  7953.         	if (!is_array($val)) {
    7954. 

  7954.             	$val = call_user_func($fname, $val);
    7955. 

  7955.         	} else {
    7956. 

  7956.         		foreach($val as $k=>$v) {
    7957. 

  7957. 	            	$val[$k] = call_user_func($fname, $v);
    7958. 

  7958.         		}
    7959. 

  7959.         	}
    7960. 

  7960.     	}
    7961. 

  7961.     }
    7962. 

  7962. 

  7963.     return $val;
    7964. 

  7964. }
    7965. 

  7965. ################################################################################
    7966. 

  7966. function htmlSubmit( $id, $opts=null ) 
    7967. 

  7967. {
    7968. 

  7968.     global $am;
    7969. 

  7969.     return htmlInput( 'submit', $id, $am->M('SAVECHANGES'), $opts );
    7970. 

  7970. }
    7971. 

  7971. function htmlReset( $id, $opts=null ) 
    7972. 

  7972. {
    7973. 

  7973.     global $am;
    7974. 

  7974.     return htmlInput( 'reset', $id, $am->M('RESET'), $opts );
    7975. 

  7975. }
    7976. 

  7976. function htmlInput( $type, $id, $title, $opts=null, $disableInDemo=false ) 
    7977. 

  7977. {
    7978. 

  7978.     global $am;
    7979. 

  7979. 

  7980.     $html = '<input type="' . $type . '"';
    7981. 

  7981.     if ($am->isDemo() && $disableInDemo) {
    7982. 

  7982.         $html .= ' disabled ';
    7983. 

  7983.     }
    7984. 

  7984.     if (isset($opts)) {
    7985. 

  7985.         $html .= ' ' . $opts;
    7986. 

  7986.     }
    7987. 

  7987. 

  7988.     $html .= " id=\"$id\" value=\"$title\" />";
    7989. 

  7989. 

  7990.     return $html;
    7991. 

  7991. }
    7992. 

  7992. 

  7993. function htmlSelectTemplateVar( $dst ) 
    7994. 

  7994. {
    7995. 

  7995.     global $am;
    7996. 

  7996.     
    7997. 

  7997.     echo '<select onchange="javascript:mainInsertAtCursor($(\''.$dst.'\'), this.value); $(\''.$dst.'_deftvar\').selected=true;">
    7998. 

  7998.                 <option id="'.$dst.'_deftvar" value="">' . $am->M('SELECTONE') . '</option>
    7999. 

  7999.                 <option value="%DATETIME%">Current Date/Time (GMT)</option>
    8000. 

  8000.                 <option value="%REMOTEADDR%">Remote IP address</option>
    8001. 

  8001.                 <option value="%PROTECTEDURL%">URL of protected directory</option>
    8002. 

  8002.                 <option value="%MEMBERURL%">Member URL</option>
    8003. 

  8003.                 <option value="">-------| User Variables |-------</option>
    8004. 

  8004.                 <option value="%USERNAME%">Username</option>
    8005. 

  8005.                 <option value="%USERREALNAME%">Real name</option>
    8006. 

  8006.                 <option value="%USERPASSWORD%">User\'s password</option>
    8007. 

  8007.                 <option value="%USERMAIL%">E-mail address of the user</option>
    8008. 

  8008.                 <option value="">-------| Special variables |-------</option>
    8009. 

  8009.                 <option value="%USERREQUESTSUBJECT%">Request Subject (contact form)</option>
    8010. 

  8010.                 <option value="%USERREQUESTBODY%">Request Body (contact form)</option>
    8011. 

  8011.                 <option value="%USERHASHOFPASS%">Used in password recovery form</option>
    8012. 

  8012.             </select>';
    8013. 

  8013.     return;
    8014. 

  8014. }
    8015. 

  8015.             
    8016. 

  8016. ################################################################################
    8017. 

  8017. function utils_strip_path( $path, $dirsep = DIRECTORY_SEPARATOR )
    8018. 

  8018. {
    8019. 

  8019.     $path = str_replace('\\', '/', $path);
    8020. 

  8020.     $path = preg_replace('/\/\.+/', '', $path );
    8021. 

  8021. 

  8022.     if ($dirsep != '/') {
    8023. 

  8023.         $path = str_replace('/',  $dirsep, $path);
    8024. 

  8024.    }
    8025. 

  8025. 

  8026.     return $path;
    8027. 

  8027. }
    8028. 

  8028. 

  8029. ##############################################################################
    8030. 

  8030. 

  8031. header('Pragma: public');
    8032. 

  8032. header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
    8033. 

  8033. header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
    8034. 

  8034. header('Cache-Control: no-store, no-cache, must-revalidate'); 
    8035. 

  8035. header('Cache-Control: pre-check=0, post-check=0, max-age=0');
    8036. 

  8036. header('Pragma: no-cache');
    8037. 

  8037. 

  8038. session_start();
    8039. 

  8039. 

  8040. global $am;
    8041. 

  8041. $am = new Authman();
    8042. 

  8042. 

  8043. $page = getParam('page', 'home', 'attribute');
    8044. 

  8044. 

  8045. $fn = 'showPage_'.$page;
    8046. 

  8046. if (function_exists($fn)) {
    8047. 

  8047.     call_user_func( $fn );
    8048. 

  8048. } else {
    8049. 

  8049.     showPage_404();
    8050. 

  8050. }
    8051. 

  8051. 

  8052. exit;
    8053. 

  8053. 

  8054. /* the end of the file */
    8055. 

  8055.