Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Other - Discussion
Poll
want it?
Hell yeah!!!
85%
 85%  [ 6 ]
Hell no!!!
14%
 14%  [ 1 ]
Total Votes : 7


Author Message
wHiTeHaT
Life Cycles Becoming CPU Cycles



Joined: Jul 18, 2004
Posts: 579

PostPosted: Tue Jun 11, 2013 4:44 pm Reply with quote

a overlook of the current admin module maker's code:

Code:


<?php
if ( !defined('ADMIN_FILE') )
{
   die ("Access Denied");
}
global $prefix, $db, $admin_file, $name;

if (is_mod_admin('admin')) {
   switch($op) {

   case 'ModuleMaker':
       InstallModuleMaker();
      break;

   case 'MakeModuleGroup':
       MakeModuleGroup();
      break;
   
   case 'SubmitModuleGroup':
       csrf_check();
       SubmitModuleGroup($group_name, $group_content);
      break;   
   
   case 'EditModuleMakerGroup':
        EditModuleMakerGroup($gid);
      break;   

   case 'EditModuleMakerModule':
        EditModuleMakerModule($mid);
      break;
   
   case 'RenameModuleMakerGroup':
        RenameModuleMakerGroup($gid);
      break;
      
      
   case 'RenameModuleMakerModule':
        RenameModuleMakerModule($mid);
      break;
      
   case 'MakeModuleDir':
      csrf_check();
      MakeModuleDir($module_name, $module_content, $selected_group);
      break;
   
   case 'SaveEditedModuleMakerGroup':
      csrf_check();
       SaveEditedModuleMakerGroup($group_id, $group_name, $group_content, $old_group_name);
       break;
   
   case 'SaveRenamedModuleMakerGroup':
      csrf_check();
       SaveRenamedModuleMakerGroup($group_id, $group_name, $old_group_name);
       break;   
   
   case 'DeleteModuleMakerGroup':
         DeleteModuleMakerGroup($gid);
        break;   
   
   case 'SaveEditedModuleMakerModule':
      csrf_check();
       SaveEditedModuleMakerModule($module_id, $module_name, $module_content, $old_module_name);
       break;
   
   case 'SaveRenamedModuleMakerModule':
      csrf_check();
       SaveRenamedModuleMakerModule($module_id, $module_name, $old_module_name);
       break;   
   
    case 'DeleteModuleMakerModule':
         DeleteModuleMakerModule($mid);
        break;      
   }
   
      
} else {
   echo 'Access Denied';
}

function InstallModuleMaker() {
   global $admin,$prefix, $db, $admin_file;

$table = $prefix . '_mmmodule_names';
if($db->sql_numrows($db->sql_query('SHOW TABLES LIKE \'' . $table . '\''))==1) {
    MakeModuleGroup();
}else{
 $db->sql_query('CREATE TABLE ' . $prefix . '_mmmodule_names ( module_id INT NOT NULL AUTO_INCREMENT,PRIMARY KEY(module_id) , module_name VARCHAR(30))');
 $db->sql_query('CREATE TABLE ' . $prefix . '_mmmodule_to_group ( module_id VARCHAR(30), group_id VARCHAR(30))');
 $db->sql_query('CREATE TABLE ' . $prefix . '_mmmodule_groups (group_id INT NOT NULL AUTO_INCREMENT,PRIMARY KEY(group_id) , group_name VARCHAR(30))');
 MakeModuleGroup();
 }
}
function MakeModuleGroup() {
   global $admin,$prefix, $db, $admin_file;
   Load_Modulemaker_Modules ();
   include_once('header.php');
      echo '<div id="comments">'
        .'<h2>Hoofd Modules en Sub-Modules</h2>'
        .'<ul class="commentlist">'
        .'<li class="comment_even">';   
   GraphicAdmin();
   ListModuleGroups();

   echo "<br /><br /><form method=\"post\" action=\"".$admin_file.".php\">"
      //."<span class=\"option thick\">Hoofd Module Naam</span><br /><br /><br />"
      ."<span class=\"option thick\">Hoofd Module Naam : </span><input type=\"text\" name=\"group_name\" size=\"30\" maxlength=\"100\" /><br /><br />"
        ."<span class=\"option thick\">Inhoud Hoofd-Module: </span><br /><br />";
      wysiwyg_textarea('group_content', '', 'PHPNukeAdmin', '60', '15');
   echo "<input type=\"hidden\" name=\"op\" value=\"SubmitModuleGroup\" />"
       //."<button type=\"button\" onclick=\"BrowseServer('txtId');\">Pick Image</button><input type=\"text\" id=\"txtId\"/>"
      ."<input type=\"submit\" value=\"" . _ADD . "\" /><br />"
      ."</form>";
      echo '</li>'
         .'</ul>'
         . '</div>';
   MakeModule();
   include_once('footer.php');
   }

function ListModuleGroups() {
    global $admin,$prefix, $db, $admin_file;
    OpenTable();
    //echo '<div><b>Hoofd Modules en Sub-Modules:</b></div><br />';

    $result = $db->sql_query("SELECT g.group_name,g. group_id, GROUP_CONCAT(m.module_name SEPARATOR '::') modules
    from " . $prefix . "_mmmodule_groups g
        LEFT JOIN " . $prefix . "_mmmodule_to_group m2g ON g.group_id = m2g.group_id
        LEFT JOIN " . $prefix . "_mmmodule_names m ON m2g.module_id = m.module_id
    GROUP BY g.group_id");

    while($row = $db->sql_fetchrow($result)) {
            $group_name = $row['group_name'];
         $gid = $row['group_id'];
            if (!empty($row['modules'])) {
                $module_name = $row['modules'];
            } else {
                $module_name = '';
            }
            echo '<div>(<a href="' , $admin_file , '.php?op=EditModuleMakerGroup&amp;gid=' , $gid , '">' , _EDIT , '</a>'
            , '-<a href="' , $admin_file , '.php?op=DeleteModuleMakerGroup&amp;gid=' , $gid , '">' , _DELETE , '</a>'
            , '-<a href="' , $admin_file , '.php?op=RenameModuleMakerGroup&amp;gid=' , $gid , '">' , _RENAME , '</a>)<a href="modules.php?name='.htmlentities($group_name). '">'.htmlentities($group_name). '</a> -->' . htmlentities($module_name).'</div>';
        }
    CloseTable();
}
function ListModules() {
   global $admin,$prefix, $db, $admin_file;
   OpenTable();
   //echo '<div><b>Sub-Modules :</b></div><br />';
   $result = $db->sql_query("SELECT * from " . $prefix . "_mmmodule_names order by module_id");
   while($row = $db->sql_fetchrow($result)) {
         $module_name = $row['module_name'];
         $mid = $row['module_id'];
         echo '<div>(<a href="' , $admin_file , '.php?op=EditModuleMakerModule&amp;mid=' , $mid , '">' , _EDIT , '</a>'
            , '-<a href="' , $admin_file , '.php?op=DeleteModuleMakerModule&amp;mid=' , $mid , '">' , _DELETE , '</a>'
            ,'-<a href="' , $admin_file , '.php?op=RenameModuleMakerModule&amp;mid=' , $mid , '">' , _RENAME , '</a>)<a href="modules.php?name='.htmlentities($module_name). '">'.htmlentities($module_name).'</a></div>';
      }
   CloseTable();
}
function SubmitModuleGroup($group_name, $group_content) {
   global $admin_file, $db, $prefix;
   $result = $db->sql_query("SELECT group_id from " . $prefix . "_mmmodule_groups where group_name='$group_name'");
   $numrows = $db->sql_numrows($result);
   if ($numrows>0) {
   include_once("header.php");
      GraphicAdmin();
      OpenTable();
      echo "<br /><div class='text-center'><span class=\"option\">"
         ."<span class='thick'>" . _ERRORTHECATEGORY . " $group_name " . _ALREADYEXIST . "</span><br /><br />"
         ."" . _GOBACK . "<br /><br /></span></div>";
      CloseTable();
      include_once("footer.php");
   } else {
   $group_name   = stripslashes(FixQuotes($group_name)); // 2.30.01 Mantis 1328 - Palbin
    $group_content   = stripslashes(FixQuotes($group_content)); // 2.30.01 Mantis 1328 - Palbin
      $db->sql_query("insert into " . $prefix . "_mmmodule_groups values (NULL, '$group_name', '$group_content')");
   mkdir ("./modules/" . $group_name, 0777);
   
   $DefaultPagename = "index";
   $newEmptyHtmlFile = './modules/'.$group_name.'/'.$DefaultPagename.".html";
   
   $newEmptyHtmlmodule_content = '';
   
   $newPhpFile = './modules/'.$group_name.'/'.$DefaultPagename.".php";
   
    $newPhpmodule_content =  "<?php\n";
    $newPhpmodule_content .=  "if ( !defined('MODULE_FILE') )\n";
    $newPhpmodule_content .= "{\n";
    $newPhpmodule_content .= "die('You can\'t access this file directly...');\n";
    $newPhpmodule_content .="}\n";
    $newPhpmodule_content .="require_once('mainfile.php');\n";
    $newPhpmodule_content .="\$module_name = basename(dirname(__FILE__));\n";
    $newPhpmodule_content .="get_lang(\$module_name);\n";
    $newPhpmodule_content .="global \$db, \$prefix, \$module_name;\n";
    $newPhpmodule_content .="include_once 'header.php';\n";
    $newPhpmodule_content .="OpenTable();\n";
   
   $newPhpmodule_content .="\$group_module_result = \$db->sql_query(\"SELECT group_content FROM \" . \$prefix . \"_mmmodule_groups WHERE group_name = '\$module_name'\"); \n";
    $newPhpmodule_content .="while(\$group_row = \$db->sql_fetchrow(\$group_module_result)) { \n";
    $newPhpmodule_content .="\$content .= '<div>' . \$group_row['group_content'] . '</div>'; \n";
    $newPhpmodule_content .="} \n";
   
   $newPhpmodule_content .="\$result = \$db->sql_query(\"SELECT m.module_id, m.module_name, m.module_content FROM \" . \$prefix . \"_mmmodule_names m, \" . \$prefix . \"_mmmodule_to_group m2g, \" . \$prefix . \"_mmmodule_groups g WHERE m.module_id = m2g.module_id and m2g.group_id = g.group_id and g.group_name = '\$module_name' \");\n";   
   $newPhpmodule_content .="while(\$row = \$db->sql_fetchrow(\$result)) {\n";   
   $newPhpmodule_content .="\$content .= '<div style=\"display:none\" id=\"' . \$row['module_name'] . '\" class=\"content-item\">' . \$row['module_content'] . '</div>';\n";
   $newPhpmodule_content .="} \n";
   $newPhpmodule_content .="echo \$content;\n";
   
   $newPhpmodule_content .="CloseTable();\n";
    $newPhpmodule_content .="include_once('footer.php');\n";
    $newPhpmodule_content .=  "?>\n";
   
   file_put_contents($newEmptyHtmlFile,$newEmptyHtmlmodule_content);
   file_put_contents($newPhpFile,$newPhpmodule_content);      
      Header("Location: ".$admin_file.".php?op=MakeModuleGroup");
   }
}
   
function MakeModule() {
   global $admin,$prefix, $db, $admin_file;
   //OpenTable();
   echo '<div id="comments">'
        .'<h2>Sub-Modules :</h2>'
        .'<ul class="commentlist">'
        .'<li class="comment_even">';
   echo '<br />';
   ListModules();
   echo '<br />';   
   echo "<form method=\"post\" action=\"".$admin_file.".php\">";
      $result = $db->sql_query("SELECT group_id, group_name from " . $prefix . "_mmmodule_groups order by group_name");
      echo "<span class=\"option thick\">Selecteer Hoofd Module: </span><select name=\"selected_group\">";
      $selection="<option value=\"0\">Standaard</option>";

      while($row = $db->sql_fetchrow($result)) {
         $group_id = $row['group_id'];
         $group_name = $row['group_name'];
         $selection.="<option value=\"$group_id\">".htmlentities($group_name)."</option>";
         //echo "<option value=\"$group_id\">".htmlentities($group_name)."</option>";
      }
      echo $selection;
      echo "</select><br/><br />"      
      ."<span class=\"option thick\">Naam Sub-Module: </span><input type=\"text\" name=\"module_name\" size=\"30\" maxlength=\"100\" /><br /><br />"
      ."<span class=\"option thick\">Inhoud Sub-Module: </span><br /><br />";
      wysiwyg_textarea('module_content', '', 'PHPNukeAdmin', '60', '15');
      echo "<input type=\"hidden\" name=\"op\" value=\"MakeModuleDir\" />"
      ."<input type=\"submit\" value=\"" . _ADD . "\" /><br />"
      ."</form>";
      
   echo '</li>'
         .'</ul>'
         . '</div>';      
   //CloseTable();
   }
   
   function MakeModuleDir($module_name, $module_content, $selected_group) {
   global $admin_file, $db, $prefix;
   $result = $db->sql_query("SELECT module_id from " . $prefix . "_mmmodule_names where module_name='$module_name'");
   $numrows = $db->sql_numrows($result);
   if ($numrows>0) {
   include_once("header.php");
      GraphicAdmin();
      OpenTable();
      echo "<br /><div class='text-center'><span class=\"option\">"
         ."<span class='thick'>" . _ERRORTHECATEGORY . " $module_name " . _ALREADYEXIST . "</span><br /><br />"
         ."" . _GOBACK . "<br /><br /></span></div>";
      CloseTable();
      include_once("footer.php");
   } else {

   $module_name   = stripslashes(FixQuotes($module_name));
   $module_content   = stripslashes(FixQuotes($module_content));
   if ($selected_group == 0){
   $db->sql_query("insert into " . $prefix . "_mmmodule_names values (NULL, '$module_name', '$module_content')");
   }else{
   $db->sql_query("insert into " . $prefix . "_mmmodule_names values (NULL, '$module_name', '$module_content')");
    $new_module_id = $db->sql_nextid();
    $db->sql_query("insert into " . $prefix . "_mmmodule_to_group values ('$new_module_id', '$selected_group')");
    }
   
   mkdir("./modules/" . $module_name, 0777);
   
   $DefaultPagename = "index";
   $newEmptyHtmlFile = './modules/'.$module_name.'/'.$DefaultPagename.".html";
   
   $newEmptyHtmlmodule_content = '';
   
   $newPhpFile = './modules/'.$module_name.'/'.$DefaultPagename.".php";
   
    $newPhpmodule_content =  "<?php\n";
    $newPhpmodule_content .=  "if ( !defined('MODULE_FILE') )\n";
    $newPhpmodule_content .= "{\n";
    $newPhpmodule_content .= "die('You can\'t access this file directly...');\n";
    $newPhpmodule_content .="}\n";
    $newPhpmodule_content .="require_once('mainfile.php');\n";
    $newPhpmodule_content .="\$module_name = basename(dirname(__FILE__));\n";
    $newPhpmodule_content .="get_lang(\$module_name);\n";
    $newPhpmodule_content .="global \$db, \$prefix, \$module_name;\n";
    $newPhpmodule_content .="include_once 'header.php';\n";
    $newPhpmodule_content .="OpenTable();\n";
   $newPhpmodule_content .="\$result = \$db->sql_query(\"SELECT module_content FROM \" . \$prefix . \"_mmmodule_names WHERE module_name = '\$module_name'\"); \n";
    $newPhpmodule_content .="while(\$row = \$db->sql_fetchrow(\$result)) { \n";
    $newPhpmodule_content .="\$content .= '<div>' . \$row['module_content'] . '</div>'; \n";
    $newPhpmodule_content .="} \n";
   $newPhpmodule_content .="echo \$content;\n";

    $newPhpmodule_content .="CloseTable();\n";
    $newPhpmodule_content .="include_once('footer.php');\n";
    $newPhpmodule_content .=  "?>\n";
   
   file_put_contents($newEmptyHtmlFile,$newEmptyHtmlmodule_content);
   file_put_contents($newPhpFile,$newPhpmodule_content);         

    Header("Location: ".$admin_file.".php?op=ModuleMaker");
}
   }

function Load_Modulemaker_Modules (){
global $prefix, $db;
// Begin - Add new modules
   $handle=opendir('modules');
   //$groupsLoaded = file_exists('modules/Groups')?TRUE:FALSE; //RN0000476
   $modlist = array ();
   while ($file = readdir($handle)) {
      if (stristr($file, '.')) continue 1;  //RN0000515
      $modlist[] = $file;
   }
   closedir($handle);
   $numFiles = sizeof($modlist);
   for ($i=0; $i < $numFiles; $i++) {
      if (empty($modlist[$i])) continue 1;
      if ($db->sql_fetchrow($db->sql_query('SELECT mid FROM '.$prefix.'_modules WHERE title=\''.$modlist[$i].'\''))) continue 1;

      $db->sql_query('INSERT INTO '.$prefix.'_modules VALUES (NULL, \''.$modlist[$i].'\', \''.str_replace('_', ' ', $modlist[$i]).'\', 0, 0, \'\', 0, 0, \'\')');
   }
// End - Add new modules
}
function EditModuleMakerGroup($gid){

   global $prefix, $db, $admin_file;
   include_once("header.php");
   GraphicAdmin();
   OpenTable();
   echo "<div class='text-center'><span class=\"title thick\">" . _WEBLINKSADMIN . "</span></div>";
   CloseTable();
   echo "<br />";

   OpenTable();
   echo "<div class='text-center'><span class=\"option thick\">" . _MODCATEGORY . "</span></div><br /><br />";
   
      $row = $db->sql_fetchrow($db->sql_query("SELECT group_name, group_content from " . $prefix . "_mmmodule_groups where group_id='$gid'"));
      $group_name = $row['group_name'];
      $old_group_name = $row['group_name'];
      $group_content = $row['group_content'];
      
      echo "<form action=\"".$admin_file.".php\" method=\"post\">"
         ."" . _NAME . ": <input type=\"text\" name=\"group_name\" value=\"$group_name\" disabled /><br />"
         ."" . _DESCRIPTION . ":<br />";
         wysiwyg_textarea('group_content', $group_content, 'PHPNukeAdmin', '60', '15');

         echo "<input type=\"hidden\" name=\"old_group_name\" value=\"$old_group_name\" /><input type=\"hidden\" name=\"group_id\" value=\"$gid\" />"
         ."<input type=\"hidden\" name=\"op\" value=\"SaveEditedModuleMakerGroup\" />"
         ."<input type=\"submit\" value=\"" . _SAVECHANGES . "\" />"
         ."</form>";
         

   CloseTable();
   include_once("footer.php");
}

function SaveEditedModuleMakerGroup($group_id, $group_name, $group_content, $old_group_name) {
   global $admin_file, $db, $prefix;
   $group_id = intval($group_id);
   $old_group_name = stripslashes(FixQuotes($old_group_name));
   $group_name = stripslashes(FixQuotes($group_name));
   $group_content = stripslashes(FixQuotes($group_content));


   $db->sql_query("update " . $prefix . "_mmmodule_groups set group_name='$group_name', group_content='$group_content' where group_id='$group_id'");
sleep(1);
   //rename('./modules/'.$old_group_name,'./modules/'.$group_name);
   Header("Location: ".$admin_file.".php?op=ModuleMaker");

}
function EditModuleMakerModule($mid){

   global $prefix, $db, $admin_file;
   include_once("header.php");
   GraphicAdmin();
   OpenTable();
   echo "<div class='text-center'><span class=\"title thick\">" . _WEBLINKSADMIN . "</span></div>";
   CloseTable();
   echo "<br />";
   
   OpenTable();
   echo "<div class='text-center'><span class=\"option thick\">" . _MODCATEGORY . "</span></div><br /><br />";
   
      $row = $db->sql_fetchrow($db->sql_query("SELECT module_name, module_content from " . $prefix . "_mmmodule_names where module_id='$mid'"));
      $module_name = $row['module_name'];
      $old_module_name = $row['module_name'];
      $module_content = $row['module_content'];
      echo '--->' . $gid;
      echo "<form action=\"".$admin_file.".php\" method=\"post\">"
         ."" . _NAME . ": <input type=\"text\" name=\"module_name\" value=\"$module_name\" disabled /><br />"
         ."" . _DESCRIPTION . ":<br />";
         wysiwyg_textarea('module_content', $module_content, 'PHPNukeAdmin', '60', '15');

         echo "<input type=\"hidden\" name=\"old_module_name\" value=\"$old_module_name\" /><input type=\"hidden\" name=\"module_id\" value=\"$mid\" />"
         ."<input type=\"hidden\" name=\"op\" value=\"SaveEditedModuleMakerModule\" />"
         ."<input type=\"submit\" value=\"" . _SAVECHANGES . "\" />"
         ."</form>";
         

   CloseTable();
   include_once("footer.php");
}
function SaveEditedModuleMakerModule($module_id, $module_name, $module_content, $old_module_name) {
   global $admin_file, $db, $prefix;
   $module_id = intval($module_id);
   $old_module_name = stripslashes(FixQuotes($old_module_name));
   $module_name = stripslashes(FixQuotes($module_name));
   $module_content = stripslashes(FixQuotes($module_content));
   
   $db->sql_query("update " . $prefix . "_mmmodule_names set module_content='$module_content' where module_id='$module_id'");
sleep(1);
   //rename('./modules/'.$old_module_name,'./modules/'.$module_name);
   Header("Location: ".$admin_file.".php?op=ModuleMaker");

}

function DeleteModuleMakerGroup($gid){
global $admin_file, $db, $prefix;
$row = $db->sql_fetchrow($db->sql_query("SELECT group_name from " . $prefix . "_mmmodule_groups where group_id='$gid'"));
$group_name = $row['group_name'];
//sleep(1);
$dir = './modules/'.$group_name;
deleteDirectory($dir);
   $db->sql_query("DELETE FROM " . $prefix . "_mmmodule_groups where group_id='$gid'");
   $db->sql_query("DELETE FROM " . $prefix . "_mmmodule_to_group where group_id='$gid'");
Header("Location: ".$admin_file.".php?op=ModuleMaker");
}

function DeleteModuleMakerModule($mid){
global $admin_file, $db, $prefix;
$row = $db->sql_fetchrow($db->sql_query("SELECT module_name from " . $prefix . "_mmmodule_names where module_id='$mid'"));
$module_name = $row['module_name'];

$dir = './modules/'.$module_name;
deleteDirectory($dir);
   $db->sql_query("DELETE FROM " . $prefix . "_mmmodule_names where module_id='$mid'");
   $db->sql_query("DELETE FROM " . $prefix . "_mmmodule_to_group where module_id='$mid'");
Header("Location: ".$admin_file.".php?op=ModuleMaker");
}
function RenameModuleMakerGroup($gid){
global $admin_file, $db, $prefix;
   include_once("header.php");
   GraphicAdmin();
   
   OpenTable();
   echo "<div class='text-center'><span class=\"option thick\">" . _MODCATEGORY . "</span></div><br /><br />";
   
      $row = $db->sql_fetchrow($db->sql_query("SELECT group_name from " . $prefix . "_mmmodule_groups where group_id='$gid'"));
      $group_name = $row['group_name'];
      $old_group_name = $row['group_name'];
      echo "<form action=\"".$admin_file.".php\" method=\"post\">"
         ."" . _NAME . ": <input type=\"text\" name=\"group_name\" value=\"$group_name\" /><br />";

         echo "<input type=\"hidden\" name=\"old_group_name\" value=\"$old_group_name\" /><input type=\"hidden\" name=\"group_id\" value=\"$gid\" />"
         ."<input type=\"hidden\" name=\"op\" value=\"SaveRenamedModuleMakerGroup\" />"
         ."<input type=\"submit\" value=\"" . _SAVECHANGES . "\" />"
         ."</form>";
   
   CloseTable();
   include_once("footer.php");
}
function SaveRenamedModuleMakerGroup($group_id, $group_name, $old_group_name){
   global $admin_file, $db, $prefix;
   $group_id = intval($group_id);
   $old_group_name = stripslashes(FixQuotes($old_group_name));
   $group_name = stripslashes(FixQuotes($group_name));
   $group_content = stripslashes(FixQuotes($group_content));
   $result = $db->sql_query("SELECT group_id from " . $prefix . "_mmmodule_groups where group_name='$group_name'");
   $numrows = $db->sql_numrows($result);
   if ($numrows>0) {
   include_once("header.php");
      GraphicAdmin();
      OpenTable();
      echo "<br /><div class='text-center'><span class=\"option\">"
         ."<span class='thick'>" . _ERRORTHECATEGORY . " $group_name " . _ALREADYEXIST . "</span><br /><br />"
         ."" . _GOBACK . "<br /><br /></span></div>";
      CloseTable();
      include_once("footer.php");
   } else {
   $db->sql_query("update " . $prefix . "_mmmodule_groups set group_name='$group_name' where group_id='$group_id'");
sleep(1);
   rename('./modules/'.$old_group_name,'./modules/'.$group_name);
   Header("Location: ".$admin_file.".php?op=ModuleMaker");
   }
   }
   
function RenameModuleMakerModule($mid){
global $prefix, $db, $admin_file;
   include_once("header.php");
   GraphicAdmin();
   
   OpenTable();
   echo "<div class='text-center'><span class=\"option thick\">" . _MODCATEGORY . "</span></div><br /><br />";
   
      $row = $db->sql_fetchrow($db->sql_query("SELECT module_name from " . $prefix . "_mmmodule_names where module_id='$mid'"));
      $module_name = $row['module_name'];
      $old_module_name = $row['module_name'];
      echo "<form action=\"".$admin_file.".php\" method=\"post\">"
         ."" . _NAME . ": <input type=\"text\" name=\"module_name\" value=\"$module_name\" /><br />";

         echo "<input type=\"hidden\" name=\"old_module_name\" value=\"$old_module_name\" /><input type=\"hidden\" name=\"module_id\" value=\"$mid\" />"
         ."<input type=\"hidden\" name=\"op\" value=\"SaveRenamedModuleMakerModule\" />"
         ."<input type=\"submit\" value=\"" . _SAVECHANGES . "\" />"
         ."</form>";
   
   CloseTable();
   include_once("footer.php");
}
function SaveRenamedModuleMakerModule($module_id, $module_name, $old_module_name) {
   global $admin_file, $db, $prefix;
   $module_id = intval($module_id);
   $old_module_name = stripslashes(FixQuotes($old_module_name));
   $module_name = stripslashes(FixQuotes($module_name));
   $result = $db->sql_query("SELECT module_id from " . $prefix . "_mmmodule_names where module_name='$module_name'");
   $numrows = $db->sql_numrows($result);
   if ($numrows>0) {
   include_once("header.php");
      GraphicAdmin();
      OpenTable();
      echo "<br /><div class='text-center'><span class=\"option\">"
         ."<span class='thick'>" . _ERRORTHECATEGORY . " $module_name " . _ALREADYEXIST . "</span><br /><br />"
         ."" . _GOBACK . "<br /><br /></span></div>";
      CloseTable();
      include_once("footer.php");
   } else {
   $db->sql_query("update " . $prefix . "_mmmodule_names set module_name='$module_name' where module_id='$module_id'");
sleep(1);
   rename('./modules/'.$old_module_name,'./modules/'.$module_name);
   Header("Location: ".$admin_file.".php?op=ModuleMaker");
}
}
function deleteDirectory($dir) {
    if (!file_exists($dir)) return true;
    if (!is_dir($dir)) return unlink($dir);
    foreach (scandir($dir) as $item) {
        if ($item == '.' || $item == '..') continue;
        if (!deleteDirectory($dir.DIRECTORY_SEPARATOR.$item)) return false;
    }
    return rmdir($dir);
}   
?>
 
View user's profile Send private message Send e-mail
neralex
Site Admin



Joined: Aug 22, 2007
Posts: 1772

PostPosted: Tue Jun 11, 2013 5:06 pm Reply with quote

Filterings for db-inserts and db-updates are outdated and no (real)escaping for text based input found! There are no checks if is a id numeric or not. You must do more as only cast a string to a integer. Here should be a check before you are 'allow' the sql-query. In this case you can run a sql-query with a wrong value and then you are creating a wrong result in the database and you could creating php and sql errors. With a utf-8 charset you get bad values with specialchars like 'öüä' etc in the database and to filter your loaded db-content with htmlentities will not work correctly. You must also make sure that your input have no html, if you don't need it, before you are storing the value in the db. All fields they are filled with the editor should also have a check to filter out not allowed html tags.

_________________
Github: RavenNuke 
View user's profile Send private message
hicuxunicorniobestbuildpc
The Mouse Is Extension Of Arm



Joined: Aug 13, 2009
Posts: 1122

PostPosted: Tue Jun 11, 2013 5:45 pm Reply with quote

Isn't that better to use single quotes instead of mixing double quotes with single quotes?. We should get rid of ?> at the end right?

I would change these lines
Code:
echo "<div class='text-center'><span class=\"option thick\">" . _MODCATEGORY . "</span></div><br /><br />";


for this one. I think it is easy than use the slash all the time.
Code:
echo '<div class="text-center"><span class="option thick">' . _MODCATEGORY . '</span></div><br /><br />';
 
View user's profile Send private message
neralex







PostPosted: Tue Jun 11, 2013 5:51 pm Reply with quote

That is better and brings also more speed! Because every 'masking' of code like \"xxx\" needs extra time. Single quotes for php code are in the most cases the better choice. In big files like your admin module you should use it how hicuxunicorniobestbuildpc has it typed. And yes for sure - for all inlcuded files you don't need the php end-tag.
 
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Thu Jun 13, 2013 7:13 am Reply with quote

Another little speed tweak is changing the concatenations in the echo from "." to ", ". Yes, you read that correctly. Smile So something like this (this is specific to echo):

Code:
echo '<div class="text-center"><span class="option thick">', _MODCATEGORY,  '</span></div><br /><br />';

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
neralex







PostPosted: Thu Jun 13, 2013 1:04 pm Reply with quote

Yes that brings really speed, in big files is it awesome. I have seen it for while ago in some RN modules and i believe palbin has posted this link to the comma vs. period using in echo.
[ Only registered users can see links on this board! Get registered or login! ]

But it works only with echo...
 
hicuxunicorniobestbuildpc







PostPosted: Thu Jun 13, 2013 4:10 pm Reply with quote

nice Montego, I didn't know such a small change brings speed. Amazing but if we all need to change that in all modules then we have to change a lot. lol

Do we need to use this comma only in text?

Question Montego from Download module.

Code:
if (!defined('IN_NSN_GD')) { echo 'Access Denied'; die(); }

$lid = isset($lid) ? intval($lid) : 0;
$pagetitle = '- ' . _DL_REPORTBROKEN;
include_once 'header.php';
menu(1);
echo '<br />';
title(_DL_REPORTBROKEN);
OpenTable();
echo '<div align="center">';
echo '<form action="modules.php?name=', $module_name, '" method="post">';
echo '<input type="hidden" name="lid" value="', $lid, '" /><input type="hidden" name="op" value="brokendownloadS" />';
echo '<p>', _DL_THANKSBROKEN, '<br />', _DL_SECURITYBROKEN, '</p>';
echo '<input type="submit" value="', _DL_REPORTBROKEN, '" /></form>';
echo '</div>';
CloseTable();
include_once 'footer.php';



I notice in the in the beginning you are using period but after that u use comma. Can I change this one

Code:
$pagetitle = '- ' . _DL_REPORTBROKEN;


to replace it for this one?

Code:
$pagetitle = '- ' , _DL_REPORTBROKEN;
 
neralex







PostPosted: Thu Jun 13, 2013 5:21 pm Reply with quote

hicuxunicorniobestbuildpc, you are going offtopic right now again and this is not a echo. Rolling Eyes
[ Only registered users can see links on this board! Get registered or login! ]
 
montego







PostPosted: Sat Jun 15, 2013 9:04 am Reply with quote

hicuxunicorniobestbuildpc, as neralex has stated and as I did as well, this only applies to echo.

<RN DISCLAIMER>
Also, folks, keep in mind that although we have made a ton of changes in *nuke for RN over the years to get away from double-quotes where as much as possible, there was not a specific effort designed to go after all of them. Even in my own coding, especially where speed isn't a concern (like administration pages because they are very low volume access), my time is valuable and I focused on what needed to be focused on at the time.

The same applies with the commas vs. periods in most of the echo statements. There was no mass change done (can't be done in mass). Conversions will just occur over time as time and energy permits.
</RN DISCLAIMER>
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Sat Jun 15, 2013 3:48 pm Reply with quote

And because I'm lazy and have failing eyesight, I still use a period, because I find it easier to read when scanning scode.
 
View user's profile Send private message Send e-mail
wHiTeHaT







PostPosted: Tue Jul 02, 2013 2:37 pm Reply with quote

A little screen shot update of the current development for the ModuleMakerModule:

On first load (sample modules within):
Icons on left:
Edit/delete/rename/copy/blocks.
Icon on right:
unlimited sub modules.
Image

TODO

*copy not coded yet
*rename go be removed and implemented to edit.

Clicking the blocks icon (the colored one):

Image


Create a module:
Use blocktemplate; in this specific case only show blocks to right.



Image
 
wHiTeHaT







PostPosted: Sun Aug 11, 2013 10:22 am Reply with quote

Just finished the prototype for the create modules add-on.
It is named ModuleMaker

ModuleMaker also replaces the default admin modules.

ModuleMaker has all the functionality of the default modules script (admin.php?op=modules).

You can choose when adding a new module if it is a virtual or physical module.
With physical i mean the standard modules that comes with ravennuke.

To let the add-on work it requires some changes to default files like:
-(roots) modules.php
-(roots) index.php
-mainfile.php
-includes/jquery/nukeNAV.php

To give it some glitter i used FontAwesome

Virtual modules are simply static pages that holds HTML content.
Of course you can also use javascript within.
A simple test i did for the colorbox, to load a video file and some images.

If you interested to give it a try send me a pm or add me to skype : the_whitehat
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Other - Discussion

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©