<?php
require_once dirname(__FILE__).'/accesscheck.php';
$start = sprintf('%d', !empty($_GET['start']) ? $_GET['start'] : 0);
echo PageLinkActionButton('admins', s('List of Administrators'), "start=$start");
require dirname(__FILE__).'/structure.php';
$struct = $DBstruct['admin'];
$id = !empty($_REQUEST['id']) ? sprintf('%d', $_REQUEST['id']) : 0;
$find = isset($_REQUEST['find']) ? $_REQUEST['find'] : '';
$start = isset($_GET['start']) ? sprintf('%d', $_GET['start']) : 0;
echo '<hr /><br />';
if (!isSuperUser()) {
echo Error(s('No Access'));
return;
}
if (!empty($_POST['change'])) {
if (!verifyToken()) { //# csrf check, should be added in more places
echo Error(s('No Access'));
return;
}
if (empty($_POST['id'])) {
// Check if fields login name and email are present
if (!is_null($_POST['loginname']) && $_POST['loginname'] !== '' && !is_null($_POST['email']) && $_POST['email'] !== '') {
if (validateEmail($_POST['email'])) {
// new one
$result = Sql_query(sprintf('SELECT count(*) FROM %s WHERE namelc="%s" OR email="%s"',
$tables['admin'], strtolower(normalize($_POST['loginname'])),
strtolower(normalize($_POST['email']))));
$totalres = Sql_fetch_Row($result);
$total = $totalres[0];
if (!$total) {
if (isset($_REQUEST['adminpassword'])) {
$adminpass = $_REQUEST['adminpassword'];
} else {
$adminpass = random_bytes(32);
}
Sql_Query(sprintf('insert into %s (loginname,namelc,password,email,created) values("%s","%s","%s","%s",now())',
$tables['admin'], strtolower(normalize($_POST['loginname'])),
strtolower(normalize($_POST['loginname'])), encryptPass($adminpass),
sql_escape($_POST['email'])));
$id = Sql_Insert_Id($tables['admin'], 'id');
} else {
$id = 0;
}
} else {
//# email doesn't validate
$id = 0;
}
} else {
$id = 0;
}
} else {
$id = sprintf('%d', $_POST['id']);
//#17388 - disallow changing an admin email to an already existing one
if (!empty($_POST['email'])) {
$exists = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"', $tables['admin'],
sql_escape($_POST['email'])));
if (!empty($exists[0]) && $exists[0] != $id) {
Error(s('Cannot save admin, that email address already exists for another admin'));
echo PageLinkButton('admin&id='.$id, s('Back to edit admin'));
return;
}
}
}
if ($id) {
echo '<div class="actionresult">';
reset($struct);
$_POST['email'] = htmlspecialchars(strip_tags($_POST['email']));
foreach ($struct as $key => $val) {
$a = $b = '';
if (strstr($val[1], ':')) {
list($a, $b) = explode(':', $val[1]);
}
if ($a != 'sys' && isset($_POST[$key])) {
Sql_Query("update {$tables['admin']} set $key = \"".addslashes($_POST[$key])."\" where id = $id");
}
}
if (!empty($_POST['updatepassword'])) {
//Send token email.
echo sendAdminPasswordToken($id).'<br/>';
}
if (isset($_POST['attribute']) && is_array($_POST['attribute'])) {
foreach ($_POST['attribute'] as $key => $val) {
Sql_Query(sprintf('replace into %s (adminid,adminattributeid,value)
values(%d,%d,"%s")', $tables['admin_attribute'], $id, $key, addslashes($val)));
}
}
$privs = array(
'subscribers' => !empty($_POST['subscribers']),
'campaigns' => !empty($_POST['campaigns']),
'statistics' => !empty($_POST['statistics']),
'settings' => !empty($_POST['settings']),
);
Sql_Query(sprintf('update %s set modified=now(), modifiedby = "%s", privileges = "%s" where id = %d',
$GLOBALS['tables']['admin'], adminName($_SESSION['logindetails']['id']), sql_escape(serialize($privs)),
$id));
echo s('Changes saved');
echo '</div>';
} else {
Error(s('Error adding new admin, login name and/or email not inserted, email not valid or admin already exists'));
}
}
if (!empty($_GET['delete'])) {
$delete = sprintf('%d', $_GET['delete']);
// delete the index in delete
echo s('Deleting')." $delete ..\n";
if ($delete != $_SESSION['logindetails']['id']) {
$adminName = $admin_auth->adminName($delete);
$deleterName = $admin_auth->adminName($_SESSION['logindetails']['id']);
logEvent(s('Administrator %s deleted by %s', $adminName, $deleterName));
Sql_query(sprintf('delete from %s where id = %d', $GLOBALS['tables']['admin'], $delete));
Sql_query(sprintf('delete from %s where adminid = %d', $GLOBALS['tables']['admin_attribute'], $delete));
echo '..'.s('Done');
} else {
echo '..'.s('Failed, you cannot delete yourself');
}
echo "<br /><hr/><br />\n";
}
echo '<div class="panel">';
if ($id) {
$addAdmin = false;
echo '<h3>'.s('Edit Administrator').': ';
$result = Sql_query("SELECT * FROM {$tables['admin']} where id = $id");
$data = sql_fetch_assoc($result);
echo htmlentities($data['loginname']).'</h3>';
if ($data['id'] != $_SESSION['logindetails']['id'] && $accesslevel == 'all') {
printf("<br /><a href=\"javascript:deleteRec('%s');\">Delete</a> %s\n", PageURL2('admin', '', "delete=$id"),
htmlentities($data['loginname']));
}
} else {
$addAdmin = true;
$data = array();
echo '<h3>'.s('Add a new Administrator').'</h3>';
}
echo '<div class="content">';
//var_dump($data);
echo formStart(' class="adminAdd"');
printf('<input type="hidden" name="id" value="%d" /><table class="adminDetails" border="1">', $id);
if (isset($data['privileges'])) {
$privileges = unserialize($data['privileges']);
} else {
$privileges = array();
}
reset($struct);
foreach ($struct as $key => $val) {
$a = $b = '';
if (empty($data[$key])) {
$data[$key] = '';
}
if (strstr($val[1], ':')) {
list($a, $b) = explode(':', $val[1]);
}
if ($a == 'sys') {
switch ($b) {
case 'Privileges':
break;
case 'Password':
//If key is 'password' and the passwords are encrypted, locate two radio buttons to allow an update.
$changeAdminPass = !empty($_SESSION['firstinstall']);
if ($addAdmin===true){
echo ' <tr>
<td>'.s('Choose how to set password').'</td>
<td>
<input type="radio" id="passwordoption1" name="passwordoption" value="1" checked="checked">'.s('Send email').'
<input type="radio" id= "passwordoption0" name="passwordoption" value="0" >'.s('Create password').'
</td>
</tr>
<tr id="passrow">
<td>
<label for="adminpassword">'.s('Create password').'</label>
</td>
<td>
<input type="password" name="adminpassword" id="adminpassword" value="" >
<span id= "shortpassword">'.s('Password must be at least 8 characters').'</span>
</td>
</tr>
<tr id="confirmrow">
<td>
<label for="confirmpassword">'.s('Confirm password').'</label>
</td>
<td>
<input type="password" name="confirmpassword" id="confirmpassword" value="">
<span id= "notmatching">'.s('Not matching').'</span>
</td>
</tr>';
}
if ($changeAdminPass) {
$checkNo = '';
$checkYes = 'checked="checked"';
} else {
$checkYes = '';
$checkNo = 'checked="checked"';
}
if ($addAdmin===false) {
printf('<tr><td>%s (%s)</td><td>%s<input type="radio" name="updatepassword" value="1" %s>%s</input>
<input type="radio" name="updatepassword" value="0" %s>%s</input></td></tr>
',
s('Password'), s('hidden'),
s('Update it?'),
$checkYes, s('Yes'), $checkNo, s('No'));
}
break;
default:
if ($addAdmin) {
break;
}
switch ($key) {
case 'created':
$value = formatDateTime($data[$key]);
break;
case 'modified':
$value = formatDateTime($data[$key]);
break;
case 'passwordchanged':
$value = formatDate($data[$key]);
break;
default:
$value = htmlentities($data[$key]);
}
printf('<tr><td>%s</td><td>%s</td></tr>', s($b), $value);
}
} elseif ($key == 'loginname' && $data[$key] == 'admin') {
printf('<tr><td>'.s('Login Name').'</td><td>admin</td>');
echo '<td><input type="hidden" name="loginname" value="admin" /></td></tr>';
} elseif ($key == 'superuser' || $key == 'disabled') {
if ($accesslevel == 'all') {
//If key is 'superuser' or 'disable' locate a boolean combo box.
printf('<tr><td>%s</td><td>', s($val[1]));
printf('<select name="%s" size="1">', $key);
echo '<option value="1" '.(!empty($data[$key]) ? ' selected="selected"' : '').'>'.s('Yes').'</option>';
echo '<option value="0" '.(empty($data[$key]) ? ' selected="selected"' : '').'>'.s('No').'</option></select>';
echo '</td></tr>'."\n";
}
} elseif (!empty($val[1]) && !strpos($key, '_')) {
printf('<tr><td>%s</td><td><input type="text" name="%s" value="%s" size="30" /></td></tr>'."\n",
s($val[1]), $key, htmlspecialchars(stripslashes($data[$key])));
}
}
$res = Sql_Query("select
{$tables['adminattribute']}.id,
{$tables['adminattribute']}.name,
{$tables['adminattribute']}.type,
{$tables['adminattribute']}.tablename from
{$tables['adminattribute']}
order by {$tables['adminattribute']}.listorder");
while ($row = Sql_fetch_array($res)) {
if ($id) {
$val_req = Sql_Fetch_Row_Query("select value from {$tables['admin_attribute']}
where adminid = $id and adminattributeid = $row[id]");
if (isset($val_req[0])) {
$row['value'] = $val_req[0];
} else {
$row['value'] = '';
}
} else {
$row['value'] = '';
}
if ($row['type'] == 'checkbox') { // admins can only have hidden or textline
$checked_index_req = Sql_Fetch_Row_Query("select id from $table_prefix".'adminattr_'.$row['tablename'].' where name = "Checked"');
$checked_index = $checked_index_req[0];
$checked = $checked_index == $row['value'] ? 'checked="checked"' : '';
printf('<tr><td>%s</td><td><input class="attributeinput" type="hidden" name="cbattribute[]" value="%d" />
<input class="attributeinput" type="checkbox" name="attribute[%d]" value="Checked" %s /></td></tr>' ."\n",
htmlentities($row['name']), $row['id'], $row['id'], $checked);
} else {
printf('<tr><td>%s</td><td><input class="attributeinput" type="text" name="attribute[%d]" value="%s" size="30" /></td></tr>'."\n",
htmlentities($row['name']), $row['id'], htmlentities($row['value']));
}
}
echo '<tr><td colspan="2">';
$checked = array();
foreach ($privileges as $section => $allowed) {
if (!empty($allowed)) {
$checked[$section] = 'checked="checked"';
} else {
$checked[$section] = '';
}
}
echo '<div id="privileges">
' .s('Privileges').':
<label for="subscribers"><input type="checkbox" name="subscribers" ' .$checked['subscribers'].' />'.s('Manage subscribers').'</label>
<label for="campaigns"><input type="checkbox" name="campaigns" ' .$checked['campaigns'].'/>'.s('Send Campaigns').'</label>
<label for="statistics"><input type="checkbox" name="statistics" ' .$checked['statistics'].'/>'.s('View Statistics').'</label>
<label for="settings"><input type="checkbox" name="settings" ' .$checked['settings'].'/>'.s('Change Settings').'</label>
</div>';
echo '</td></tr>';
if (!empty($_POST['passwordoption'])) {
echo sendAdminPasswordToken($id).'<br/>';
}
echo '<tr><td colspan="2"><input class="submit" type="submit" name="change" id ="savechanges" value="' . s('Save Changes') . '" /></td></tr></table>';
echo '</div>'; // content
echo '</div>'; // panel
echo '</form>';
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| PEAR | Folder | 0755 |
|
|
| PHPMailer | Folder | 0755 |
|
|
| PHPMailer6 | Folder | 0755 |
|
|
| actions | Folder | 0755 |
|
|
| css | Folder | 0755 |
|
|
| data | Folder | 0755 |
|
|
| help | Folder | 0755 |
|
|
| images | Folder | 0755 |
|
|
| inc | Folder | 0755 |
|
|
| info | Folder | 0755 |
|
|
| js | Folder | 0755 |
|
|
| locale | Folder | 0755 |
|
|
| onyxrss | Folder | 0755 |
|
|
| plugins | Folder | 0755 |
|
|
| tests | Folder | 0755 |
|
|
| ui | Folder | 0755 |
|
|
| .gitignore | File | 20 B | 0644 |
|
| .htaccess | File | 489 B | 0644 |
|
| .minceconf | File | 994 B | 0644 |
|
| AnalyticsQuery.php | File | 985 B | 0644 |
|
| CsvReader.php | File | 1.27 KB | 0644 |
|
| EmailSender.php | File | 477 B | 0644 |
|
| Updater.php | File | 193 B | 0644 |
|
| about.php | File | 7.4 KB | 0644 |
|
| accesscheck.php | File | 715 B | 0644 |
|
| addprefix.php | File | 1.01 KB | 0644 |
|
| adduser.php | File | 46 B | 0644 |
|
| admin.php | File | 12.77 KB | 0644 |
|
| adminattributes.php | File | 7.46 KB | 0644 |
|
| admins.php | File | 5.16 KB | 0644 |
|
| analytics.php | File | 2.84 KB | 0644 |
|
| attributes.php | File | 26.2 KB | 0644 |
|
| blacklistemail.php | File | 1.22 KB | 0644 |
|
| bounce.php | File | 11.14 KB | 0644 |
|
| bouncemgt.php | File | 1.44 KB | 0644 |
|
| bouncerule.php | File | 4.27 KB | 0644 |
|
| bouncerules.php | File | 6.33 KB | 0644 |
|
| bounces.php | File | 7.57 KB | 0644 |
|
| catlists.php | File | 3.34 KB | 0644 |
|
| checkbouncerules.php | File | 1.43 KB | 0644 |
|
| checki18n.php | File | 3.13 KB | 0644 |
|
| checkprerequisites.php | File | 1.62 KB | 0644 |
|
| class.image.inc | File | 3.9 KB | 0644 |
|
| class.phplistmailer.php | File | 30.73 KB | 0644 |
|
| class.phplistmailerbase.php | File | 1.67 KB | 0644 |
|
| community.php | File | 3.5 KB | 0644 |
|
| communityfeed.php | File | 2.36 KB | 0644 |
|
| configure.php | File | 7.85 KB | 0644 |
|
| connect.php | File | 89.86 KB | 0644 |
|
| convertstats.php | File | 5.83 KB | 0644 |
|
| converttoutf8.php | File | 3.78 KB | 0644 |
|
| cron.php | File | 3.34 KB | 0644 |
|
| date.php | File | 7.65 KB | 0644 |
|
| dbcheck.php | File | 3.7 KB | 0644 |
|
| defaultFrontendTexts.php | File | 9.79 KB | 0644 |
|
| defaultconfig.php | File | 30.66 KB | 0644 |
|
| defaultplugin.php | File | 31.59 KB | 0644 |
|
| defaults.php | File | 3.64 KB | 0644 |
|
| defaultsystemtemplate.php | File | 15.29 KB | 0644 |
|
| defaulttest.php | File | 1.23 KB | 0644 |
|
| dlusers.php | File | 235 B | 0644 |
|
| domainbounces.php | File | 507 B | 0644 |
|
| domainstats.php | File | 371 B | 0644 |
|
| editattributes.php | File | 8.78 KB | 0644 |
|
| editlist.php | File | 7.4 KB | 0644 |
|
| eventlog.php | File | 4.68 KB | 0644 |
|
| export.php | File | 6.86 KB | 0644 |
|
| exportuserdata.php | File | 8.26 KB | 0644 |
|
| fckphplist.php | File | 49.84 KB | 0644 |
|
| gchart.php | File | 903 B | 0644 |
|
| generatebouncerules.php | File | 5.51 KB | 0644 |
|
| home.php | File | 6.56 KB | 0644 |
|
| hostedprocessqueuesetup.php | File | 3.09 KB | 0644 |
|
| htaccess | File | 311 B | 0644 |
|
| image.php | File | 2.01 KB | 0644 |
|
| import.php | File | 2.75 KB | 0644 |
|
| import1.php | File | 11.09 KB | 0644 |
|
| import2.php | File | 34.16 KB | 0644 |
|
| import3.php | File | 22.72 KB | 0644 |
|
| import4.php | File | 16.86 KB | 0644 |
|
| importadmin.php | File | 17.08 KB | 0644 |
|
| importsimple.php | File | 7.32 KB | 0644 |
|
| index.php | File | 32.82 KB | 0644 |
|
| info.php | File | 1.07 KB | 0644 |
|
| init.php | File | 27.36 KB | 0644 |
|
| initialise.php | File | 12.05 KB | 0644 |
|
| initlanguages.php | File | 867 B | 0644 |
|
| languages.php | File | 21.37 KB | 0644 |
|
| lib.php | File | 86.79 KB | 0644 |
|
| list.php | File | 11.32 KB | 0644 |
|
| listbounces.php | File | 4.13 KB | 0644 |
|
| login.php | File | 6.39 KB | 0644 |
|
| logout.php | File | 865 B | 0644 |
|
| massremove.php | File | 2.55 KB | 0644 |
|
| mclicks.php | File | 7.28 KB | 0644 |
|
| members.php | File | 19.99 KB | 0644 |
|
| mergeduplicates.php | File | 4.48 KB | 0644 |
|
| message.php | File | 9.08 KB | 0644 |
|
| messages.php | File | 26.27 KB | 0644 |
|
| minify.txt | File | 201 B | 0644 |
|
| msgbounces.php | File | 3.4 KB | 0644 |
|
| msgstatus.php | File | 1.27 KB | 0644 |
|
| mviews.php | File | 6.27 KB | 0644 |
|
| mysql.inc | File | 40 B | 0644 |
|
| mysqli.inc | File | 14.02 KB | 0644 |
|
| pageaction.php | File | 1.11 KB | 0644 |
|
| phpListAdminAuthentication.php | File | 6.82 KB | 0644 |
|
| pluginlib.php | File | 9.43 KB | 0644 |
|
| plugins.php | File | 17.78 KB | 0644 |
|
| preparesend.php | File | 669 B | 0644 |
|
| processbounces.php | File | 35.36 KB | 0644 |
|
| processqueue.php | File | 3.71 KB | 0644 |
|
| readtestmail.php | File | 11.59 KB | 0644 |
|
| reconcileusers.php | File | 27.71 KB | 0644 |
|
| redirecttoupdater.php | File | 187 B | 0644 |
|
| reindex.php | File | 1.82 KB | 0644 |
|
| rsslib.php | File | 3.17 KB | 0644 |
|
| runcommand.php | File | 583 B | 0644 |
|
| send.php | File | 6.17 KB | 0644 |
|
| send_core.php | File | 63.91 KB | 0644 |
|
| sendemaillib.php | File | 69.84 KB | 0644 |
|
| sendprepared.php | File | 4.87 KB | 0644 |
|
| sessionlib.php | File | 2.7 KB | 0644 |
|
| setpermissions.php | File | 2.08 KB | 0644 |
|
| setup.php | File | 2.56 KB | 0644 |
|
| spage.php | File | 4.35 KB | 0644 |
|
| spageedit.php | File | 19.08 KB | 0644 |
|
| statsmgt.php | File | 1.23 KB | 0644 |
|
| statsoverview.php | File | 6.19 KB | 0644 |
|
| stresstest.php | File | 4.82 KB | 0644 |
|
| structure.php | File | 29.21 KB | 0644 |
|
| subscribelib2.php | File | 70.22 KB | 0644 |
|
| subscriberstats.php | File | 617 B | 0644 |
|
| suppressionlist.php | File | 1.71 KB | 0644 |
|
| system.php | File | 795 B | 0644 |
|
| systemstats.php | File | 5.73 KB | 0644 |
|
| template.php | File | 16.4 KB | 0644 |
|
| templates.php | File | 3.01 KB | 0644 |
|
| tests.php | File | 1.67 KB | 0644 |
|
| uclicks.php | File | 6.74 KB | 0644 |
|
| update.php | File | 187 B | 0644 |
|
| updateLib.php | File | 2.2 KB | 0644 |
|
| updatetlds.php | File | 358 B | 0644 |
|
| updatetranslation.php | File | 2.51 KB | 0644 |
|
| upgrade.php | File | 23.82 KB | 0644 |
|
| user.php | File | 23.08 KB | 0644 |
|
| usercheck.php | File | 2.55 KB | 0644 |
|
| userclicks.php | File | 11.57 KB | 0644 |
|
| userhistory.php | File | 8.25 KB | 0644 |
|
| usermgt.php | File | 1.9 KB | 0644 |
|
| users.php | File | 19.3 KB | 0644 |
|
| vCard.php | File | 1.9 KB | 0644 |
|
| viewmessage.php | File | 635 B | 0644 |
|
| viewtemplate.php | File | 1.86 KB | 0644 |
|
| vote.php | File | 38 B | 0644 |
|