Create New Item
Item Type
File
Folder
Item Name
Search file in folder and subfolders...
Are you sure want to rename?
File Manager
/
Prog
/
File explorer
/
08
/
include
:
admin.php
Advanced Search
Upload
New Item
Settings
Back
Back Up
Advanced Editor
Save
<?php // ensure this file is being included by a parent file if( !defined( '_JEXEC' ) && !defined( '_VALID_MOS' ) ) die( 'Restricted access' ); /** * @version $Id: admin.php 242 2015-08-19 06:29:26Z soeren $ * @package eXtplorer * @copyright soeren 2007-2015 * @author The eXtplorer project (http://extplorer.net) * @author The The QuiX project (http://quixplorer.sourceforge.net) * @license * @version $Id: admin.php 242 2015-08-19 06:29:26Z soeren $ * The contents of this file are subject to the Mozilla Public License * Version 1.1 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the * License for the specific language governing rights and limitations * under the License. * * Alternatively, the contents of this file may be used under the terms * of the GNU General Public License Version 2 or later (the "GPL"), in * which case the provisions of the GPL are applicable instead of * those above. If you wish to allow use of your version of this file only * under the terms of the GPL and not to allow others to use * your version of this file under the MPL, indicate your decision by * deleting the provisions above and replace them with the notice and * other provisions required by the GPL. If you do not delete * the provisions above, a recipient may use your version of this file * under either the MPL or the GPL." * */ /** * Comment: * Administrative Functions * * * /** * Creates a form to manage users + passwords * * @param boolean $admin * @param string $dir */ function admin($admin, $dir) { if( $GLOBALS["permissions"] < 7 || $_SESSION['credentials_extplorer']['username'] == 'admin' && $_SESSION['credentials_extplorer']['password'] == extEncodePassword('admin') ) { $activeTab = '0'; } else { $activeTab = '1'; } ?> { "xtype": "tabpanel", "width": "450", "id": "dialog_tabpanel", "dialogtitle": "<?php echo ext_Lang::msg('actadmin') ?>", "listeners": { "afterrender": { fn: function(cmp) { cmp.activate(<?php echo $activeTab ?>); } } }, "items": [{ "xtype": "form", "id": "passform", "autoHeight": "true", "headerAsText": false, "labelWidth": 125, "url":"<?php echo basename( $GLOBALS['script_name']) ?>", "title": "<?php echo ext_Lang::msg('actchpwd', true) ?>", "frame": true, "items": [{ "xtype": "textfield", "fieldLabel": "<?php echo ext_Lang::msg( 'miscoldpass', true ) ?>", "name": "oldpwd", "inputType": "password", "allowBlank":false }, { "xtype": "textfield", "fieldLabel": "<?php echo ext_Lang::msg( 'miscnewpass', true ) ?>", "name": "newpwd1", "hiddenName": "newpwd1", "inputType": "password", "allowBlank":false }, { "xtype": "textfield", "fieldLabel": "<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>", "name": "newpwd2", "hiddenName": "newpwd2", "inputType": "password", "allowBlank":false }], "buttons": [{ "text": "<?php echo ext_Lang::msg( 'btnchange', true ) ?>", "handler": function() { frm = Ext.getCmp("passform").getForm(); if(frm.findField('newpwd1').getValue() != frm.findField('newpwd2').getValue() ) { Ext.Msg.alert("Error!", "<?php echo ext_Lang::msg('miscnopassmatch', true ); ?>"); return false; } if(frm.findField('oldpwd').getValue() ==frm.findField('newpwd1').getValue()) { Ext.Msg.alert("Error!", "<?php echo ext_Lang::err('miscnopassdiff', true ); ?>"); return false; } statusBarMessage( "Please wait...", true ); frm.submit({ //reset: true, reset: false, "success": function(form, action) { statusBarMessage( action.result.message, false, true ); Ext.getCmp("dialog").destroy(); }, "failure": function(form, action) { if( !action.result ) return; Ext.MessageBox.alert("Error!", action.result.error); statusBarMessage( action.result.error, false, false ); }, "scope": Ext.getCmp("passform"), // add some vars to the request, similar to hidden fields "params": { option: "com_extplorer", "action": "admin", "action2": "chpwd", "token": "<?php echo ext_getToken() ?>" } }) } }] <?php if($admin) { ?> },{ "xtype": "form", "id": "userlist", "autoHeight": "true", "headerAsText": false, "labelWidth": 125, "url":"<?php echo basename( $GLOBALS['script_name']) ?>", title: "<?php echo ext_Lang::msg('actusers', true) ?>", "frame": true, "items": [{ <?php $cnt=count($GLOBALS["users"]); for($i=0;$i<$cnt;++$i) { // Username & Home dir: $user=$GLOBALS["users"][$i][0]; if(strlen($user)>15) $user=substr($user,0,12)."..."; $home=$GLOBALS["users"][$i][2]; if(strlen($home)>30) $home=substr($home,0,27)."..."; ?> "xtype": "radio", "name": "nuser", "inputValue": "<?php echo $GLOBALS["users"][$i][0] ?>", "fieldLabel": "<?php echo $user ?>", "boxLabel": "<?php echo '<strong>Homedir:</strong> '.$home.'; ' .($GLOBALS["users"][$i][4] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]).'; ' .$GLOBALS["users"][$i][6].'; ' .($GLOBALS["users"][$i][7] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]); ?>" } <?php echo $i+1<$cnt ? ', {' : ''; } ?> ], "buttons": [{ "text": "<?php echo ext_Lang::msg( 'btnadd', true ) ?>", "handler": function() { Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>", "params": { "option": "com_extplorer","action": "admin","action2": "adduser", "token": "<?php echo ext_getToken() ?>" }, "callback": function(oElement, bSuccess, oResponse) { if( !bSuccess ) { Ext.Msg.alert( "Ajax communication failure!"); } if( oResponse && oResponse.responseText ) { try{ json = Ext.decode( oResponse.responseText ); if( json.error && typeof json.error != 'xml' ) { Ext.Msg.alert( "<?php echo ext_Lang::err('error', true ) ?>", json.error ); dialog.destroy(); return false; } } catch(e) { return false; } Ext.getCmp("dialog_tabpanel").add( json ); Ext.getCmp("dialog_tabpanel").activate(json.id); Ext.getCmp("dialog").syncSize(); } } }); } }, { "text": "<?php echo ext_Lang::msg( 'btnedit', true ) ?>", "handler": function() { frm = Ext.getCmp("userlist").getForm(); try { theUser = frm.findField(0).getGroupValue(); } catch(e) { Ext.Msg.alert( "Error", "<?php echo ext_Lang::err('miscselitems', true ) ?>" ); return; } Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>", "params": { option: "com_extplorer","action": "admin","action2": "edituser","nuser":theUser, "token": "<?php echo ext_getToken() ?>" }, "callback": function(oElement, bSuccess, oResponse) { if( !bSuccess ) { Ext.Msg.alert( "Ajax communication failure!"); } if( oResponse && oResponse.responseText ) { try{ json = Ext.decode( oResponse.responseText ); if( json.error && typeof json.error != 'xml' ) { Ext.Msg.alert( "<?php echo ext_Lang::err('error', true ) ?>", json.error ); dialog.destroy(); return false; } } catch(e) { return false; } Ext.getCmp("dialog_tabpanel").add( json ); Ext.getCmp("dialog_tabpanel").activate(json.id); Ext.getCmp("dialog").syncSize(); } } }); } }, { "text": "<?php echo ext_Lang::msg( 'btnremove', true ) ?>", "handler": function() { frm = Ext.getCmp("userlist").getForm(); try { theUser = frm.findField(0).getGroupValue(); } catch(e) { Ext.Msg.alert( "Error", "<?php echo ext_Lang::err('miscselitems', true ) ?>" ); return; } Ext.Msg.confirm( "", String.format( "<?php echo ext_Lang::err('miscdeluser', true ) ?>", theUser ), function( btn ) { if( btn != 'yes') return; statusBarMessage( "Please wait...", true ); frm.submit({ "success": function(form, action) { statusBarMessage( action.result.message, false, true ); }, "failure": function(form, action) { if( !action.result ) return; Ext.MessageBox.alert("Error!", action.result.error); statusBarMessage( action.result.error, false, false ); }, "scope": Ext.getCmp("userlist").getForm(), // add some vars to the request, similar to hidden fields "params": { "option": "com_extplorer", "action": "admin", "action2": "rmuser", "user": theUser, "token": "<?php echo ext_getToken() ?>" } }); }); } } ] <?php } ?> }] } <?php } //------------------------------------------------------------------------------ function changepwd($dir) { // Change Password if( !ext_checkToken($GLOBALS['__POST']["token"]) ) { ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.'); } if($GLOBALS['__POST']["newpwd1"]!=$GLOBALS['__POST']["newpwd2"]) { ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnopassmatch"]); } $data=ext_find_user( $GLOBALS['__SESSION']['credentials_extplorer']['username'],null ); // Username not existing if( $data === NULL ) { ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnouserpass"]); } require_once( _EXT_PATH.'/libraries/PasswordHash.php'); $hasher = new PasswordHash(8, FALSE); $result = $hasher->CheckPassword($GLOBALS['__POST']["oldpwd"], $data[1]); if(!$result) { $data=ext_find_user($GLOBALS['__SESSION']['credentials_extplorer']['username'],md5(stripslashes($GLOBALS['__POST']["oldpwd"]))); if($data==NULL) { ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnouserpass"]); } } $data[1]=extEncodePassword(stripslashes($GLOBALS['__POST']["newpwd1"])); if(!ext_update_user($data[0],$data)) { ext_Result::sendResult('changepwd', false, $data[0].": ".$GLOBALS["error_msg"]["chpass"]); } require_once(_EXT_PATH.'/include/authentication/extplorer.php'); $auth = new ext_extplorer_authentication(); $auth->onAuthenticate(array('username'=>$data[0],'password'=>$data[1])); ext_Result::sendResult('changepwd', true, ext_Lang::msg('change_password_success')); } //------------------------------------------------------------------------------ function adduser($dir) { // Add User if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true" && ext_checkToken($GLOBALS['__POST']["token"]) ) { $user=stripslashes($GLOBALS['__POST']["nuser"]); if($user=="" || $GLOBALS['__POST']["home_dir"]=="") { ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscfieldmissed"]); } if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) { ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscnopassmatch"]); } $data=ext_find_user($user,NULL); if($data!=NULL) { ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["miscuserexist"]); } $data=array($user,extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"])), stripslashes($GLOBALS['__POST']["home_dir"]),stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"],stripslashes($GLOBALS['__POST']["no_access"]), $GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]); if(!ext_add_user($data)) { ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["adduser"]); } ext_Result::sendResult('adduser', true, $user.": The user has been added"); return; } show_userform(); } //------------------------------------------------------------------------------ function edituser($dir) { // Edit User $user=stripslashes($GLOBALS['__POST']["nuser"]); $data=ext_find_user($user,NULL); if( !ext_checkToken($GLOBALS['__POST']["token"]) ) { ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.'); } if($data==NULL) { ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["miscnofinduser"]); } if($self=($user==$GLOBALS['__SESSION']['credentials_extplorer']['username'])) $dir=""; if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") { $nuser=stripslashes($GLOBALS['__POST']["nuser"]); if($nuser=="" || $GLOBALS['__POST']["home_dir"]=="") { ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscfieldmissed"]); } if(isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"]=="on") { if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscnopassmatch"]); $pass=extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"])); } else { $pass=$data[1]; } if($self) $GLOBALS['__POST']["active"]=1; $data=array($nuser,$pass,stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]),$GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]),$GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]); if(!ext_update_user($user,$data)) { ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["saveuser"]); } /*if($self) { activate_user($nuser,NULL); }*/ ext_Result::sendResult('edituser', true, $user.": ".ext_Lang::msg('User Profile has been updated')); } show_userform( $data); } function show_userform( $data = null ) { if( $data == null ) { $data = array('', '', '', '', '', '', '' ); } $formname = @$data[0] ? 'frmedituser' : 'frmadduser'; ?> { "xtype": "form", "id" : "<?php echo $formname ?>", "renderTo": Ext.getCmp("dialog_tabpanel").getEl(), "hidden": true, "closable":true, "autoHeight": "true", "labelWidth": 125, "url":"<?php echo basename( $GLOBALS['script_name']) ?>", "title": "<?php if( !empty( $data[0] )) { printf($GLOBALS["messages"]["miscedituser"],$data[0]); } else { echo $GLOBALS["messages"]["miscadduser"]; } ?>" , items: [{ "xtype": "textfield", "fieldLabel": "<?php echo ext_Lang::msg( 'miscusername', true ) ?>", "name": "nuser", "value": "<?php echo @$data[0] ?>", "width":175, "allowBlank":false },{ "xtype": "textfield", "fieldLabel": "<?php echo ext_Lang::msg( 'miscconfpass', true ) ?>", "name": "pass1", "inputType": "password", "width":175 }, { "xtype": "textfield", "fieldLabel": "<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>", "name": "pass2", "inputType": "password", "width":175 }, <?php if( !empty($data[0])) { ?> { "xtype": "checkbox", "fieldLabel": "<?php echo ext_Lang::msg( 'miscchpass', true ) ?>", "name": "chpass", "hiddenValue": "true" }, <?php } ?> { "xtype": "textfield", "fieldLabel": "<?php echo ext_Lang::msg( 'mischomedir', true ) ?>", "name": "home_dir", "value": "<?php echo !empty($data[2]) ? $data[2] : $_SERVER['DOCUMENT_ROOT'] ?>", "width":175, "allowBlank":false }, { "xtype": "textfield", "fieldLabel": "<?php echo ext_Lang::msg( 'mischomeurl', true ) ?>", "name": "home_url", "value": "<?php echo !empty($data[3]) ? $data[3] : $GLOBALS["home_url"] ?>", "width":175, "allowBlank":false },{ "xtype": "combo", "fieldLabel": "<?php echo ext_Lang::msg( 'miscshowhidden', true ) ?>", "store": [ ["1", "<?php echo ext_Lang::msg( array('miscyesno' => 0), true ) ?>"], ["0", "<?php echo ext_Lang::msg( array('miscyesno' => 1), true ) ?>"] ], "hiddenName": "show_hidden", "disableKeyFilter": true, "value": "<?php echo ( !empty($data[4]) ? $data[4] : (int)$data[4] ) ?>", "editable": false, "triggerAction": "all", "mode": "local", "allowBlank": false, "selectOnFocus":true }, { "xtype": "textfield", "fieldLabel": "<?php echo ext_Lang::msg( 'mischidepattern', true ) ?>", "name": "no_access", "value": "<?php echo @$data[5] ?>", "width":175, "allowBlank":true }, { "xtype": "combo", "fieldLabel": "<?php echo ext_Lang::msg( 'miscperms', true ) ?>", "store": [<?php $permvalues = array(0,1,2,3,7); $permcount = count($GLOBALS["messages"]["miscpermnames"]); for($i=0;$i<$permcount;++$i) { if( $permvalues[$i]==7) $index = 4; else $index = $i; echo '["'.$permvalues[$i].'", "'.ext_lang::msg( array('miscpermnames' => $index)).'" ]'."\n"; if( $i+1<$permcount) echo ','; } ?> ], "hiddenName": "permissions", "disableKeyFilter": true, "value": "<?php echo (int)@$data[6] ?>", "editable": false, "triggerAction": "all", "mode": "local" }, { "xtype": "combo", "fieldLabel": "<?php echo ext_Lang::msg( 'miscactive', true ) ?>", "store": [ ["1", "<?php echo ext_Lang::msg( array('miscyesno' => 0), true ) ?>"], ["0", "<?php echo ext_Lang::msg( array('miscyesno' => 1), true ) ?>"] ], "hiddenName": "active", "disableKeyFilter": true, "value": "<?php echo ( !empty($data[7]) ? $data[7] : 0 ) ?>", "disabled": <?php echo !empty($self) ? 'true' : 'false' ?>, "editable": false, "triggerAction": "all", "mode": "local", "allowBlank": false, "selectOnFocus":true } ], "buttons": [ { "text": "<?php echo ext_Lang::msg( 'btnsave', true ) ?>", "handler": function() { userform = Ext.getCmp("<?php echo $formname ?>").getForm(); if(userform.findField('nuser').getValue()=="" || userform.findField('home_dir').getValue()=="") { Ext.Msg.alert('Status', "<?php echo ext_Lang::err('miscfieldmissed', true ); ?>"); return false; } if( userform.findField('chpass') ) { if(userform.findField('chpass').getValue() && userform.findField('pass1').getValue() != userform.findField('pass2').getValue()) { Ext.Msg.alert('Status', "<?php echo ext_Lang::err('miscnopassmatch', true ); ?>"); return false; } } statusBarMessage( 'Please wait...', true ); userform.submit({ "success": function(form, action) { statusBarMessage( action.result.message, false, true ); Ext.getCmp("dialog_tabpanel").remove("<?php echo $formname ?>"); }, "failure": function(form, action) { if( !action.result ) return; Ext.Msg.alert('Error!', action.result.error); statusBarMessage( action.result.error, false, true ); }, "scope": userform, // add some vars to the request, similar to hidden fields "params": {option: 'com_extplorer', user: "<?php echo @$data[0] ?>", "action": 'admin', "action2": "<?php echo @$data[0] ? 'edituser' : 'adduser' ?>", "confirm": "true", "token": "<?php echo ext_getToken() ?>" } }) } },{ "text": "<?php echo ext_Lang::msg( 'btncancel', true ) ?>", "handler": function() { Ext.getCmp("dialog_tabpanel").remove("<?php echo $formname ?>"); } }] } <?php } //------------------------------------------------------------------------------ function removeuser($dir) { // Remove User $user=stripslashes($GLOBALS['__POST']["user"]); if( !ext_checkToken($GLOBALS['__POST']["token"]) ) { ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.'); } if($user==$GLOBALS['__SESSION']['credentials_extplorer']['username']) { ext_Result::sendResult('removeuser', false, $GLOBALS["error_msg"]["miscselfremove"]); } if(!ext_remove_user($user)) { ext_Result::sendResult('removeuser', false, $user.": ".$GLOBALS["error_msg"]["deluser"]); } ext_Result::sendResult('removeuser', true, $user." was successfully removed." ); } //------------------------------------------------------------------------------ function ext_show_admin($dir) { // Execute Admin Action $pwd=(($GLOBALS["permissions"]&2)==2); $admin=(($GLOBALS["permissions"]&4)==4); if(!$GLOBALS["require_login"]) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["miscnofunc"]); if(!$pwd && !$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]); if(isset($GLOBALS['__GET']["action2"])) $action2 = $GLOBALS['__GET']["action2"]; elseif(isset($GLOBALS['__POST']["action2"])) $action2 = $GLOBALS['__POST']["action2"]; else $action2=""; switch($action2) { case "chpwd": changepwd($dir); break; case "adduser": if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]); adduser($dir); break; case "edituser": if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]); edituser($dir); break; case "rmuser": if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]); removeuser($dir); break; default: admin($admin,$dir); } } //------------------------------------------------------------------------------