nucleus/plugins/securityenforcer/index.php

   1 <?php\r
   2 \r
   3 /*\r
   4 \r
   5 Admin area for NP_SecurityEnforcer\r
   6 \r
   7 */\r
   8 \r
   9         // if your 'plugin' directory is not in the default location,\r
  10         // edit this variable to point to your site directory\r
  11         // (where config.php is)\r
  12         $strRel = '../../../';\r
  13 \r
  14         include($strRel . 'config.php');\r
  15         if (!$member->isAdmin())\r
  16                 doError('Insufficient Permissions.');\r
  17                 \r
  18         include_libs('PLUGINADMIN.php');\r
  19 \r
  20         // some functions\r
  21         \r
  22         function SE_unlockLogin($login) {\r
  23                 sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".sql_real_escape_string($login)."'");\r
  24         }\r
  25         \r
  26                 \r
  27         // checks\r
  28         \r
  29 \r
  30         \r
  31         // create the admin area page\r
  32         $oPluginAdmin = new PluginAdmin('SecurityEnforcer');\r
  33         // add styles to the <HEAD>\r
  34         $oPluginAdmin->start('');\r
  35         \r
  36         // if form to unlock is posted\r
  37         $message = '';\r
  38         if(postVar('action') == 'unlock') {\r
  39                 if (!$manager->checkTicket()) \r
  40                         doError('Invalid Ticket');\r
  41                 $logins = postVar('unlock');\r
  42                 $message = '';\r
  43                 if(is_array($logins)) {\r
  44                         foreach ($logins as $entity) {\r
  45                                 SE_unlockLogin($entity);\r
  46                                 $message .= '<br />' . $entity . _SECURITYENFORCER_ADMIN_UNLOCKED;\r
  47                         }\r
  48                 }\r
  49         }               \r
  50         $plug =& $oPluginAdmin->plugin;\r
  51 \r
  52         // page title\r
  53         echo '<h2>'._SECURITYENFORCER_ADMIN_TITLE.'</h2>';\r
  54         \r
  55         // error output\r
  56         if($message) { echo "<p><strong>"; echo $message; echo "</strong></p>"; }\r
  57                 \r
  58         // generate table from all entries in the database\r
  59         echo '<h3>'._SECURITYENFORCER_LOCKED_ENTITIES.'</h3>';\r
  60         echo '<form action="' . $oPluginAdmin->plugin->getAdminURL() . '" method="POST">';\r
  61         echo '<input type="hidden" name="action" value="unlock" />';\r
  62         $manager->addTicketHidden();\r
  63         echo '<table>';\r
  64         echo '<tr><th>'._SECURITYENFORCER_ENTITY.'</th><th>'._SECURITYENFORCER_UNLOCK.'?</th></tr>';\r
  65         echo '<tr><td colspan="2" class="submit"><input type="submit" value="'._SECURITYENFORCER_UNLOCK.'" /></td></tr>';\r
  66         // do query to get all entries, loop\r
  67         $result = sql_query("SELECT * FROM ".sql_table("plug_securityenforcer")." WHERE fails >= ".$plug->max_failed_login);\r
  68         if(sql_num_rows($result)) {\r
  69                 while($row = sql_fetch_assoc($result)) {\r
  70                         echo '<tr>';\r
  71                                 echo '<td>'.htmlspecialchars($row['login']).'</td>';\r
  72                                 echo '<td><input type="checkbox" name="unlock[]" value="'.htmlspecialchars($row['login']).'" />'._SECURITYENFORCER_UNLOCK.'</td>';\r
  73                         echo '</tr>';\r
  74                 }\r
  75         }\r
  76         else {\r
  77                 echo '<tr><td colspan="2"><strong>'._SECURITYENFORCER_ADMIN_NONE_LOCKED.'</strong></td></tr>';\r
  78         }\r
  79         echo '<tr><td colspan="2" class="submit"><input type="submit" value="'._SECURITYENFORCER_UNLOCK.'" /></td></tr>';\r
  80         echo '</table>';\r
  81         echo '</form>';\r
  82         \r
  83         $oPluginAdmin->end();\r
  84 \r
  85 ?>\r