Файл: admin.php
Строк: 806
<?
session_set_cookie_params(86400);
session_start();
$full_home_path = dirname(__FILE__);
if ($_GET["test"] == "1") {
$extensionsError = false;
print "<B>Check PHP Extensions:</b><BR><BR>";
ob_start();
phpinfo();
$res = ob_get_clean();
$res = mb_strtolower(str_replace(' ',' ',$res));
print "zend... ";
if (preg_match("/zend\s*optimizer\s+(v\d+.\d+.\d+)?/i", $res, $m) or preg_match("/zend guard loader (v\d+.\d+),/i", $res, $m)) {print "$m[1]"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "<BR>";
print "curl... ";
if (function_exists("curl_version")) { $v=curl_version(); print "v".$v[version]; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "dom... ";
if (class_exists("DomDocument")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "gd... ";
if (function_exists("gd_info")) { $v=gd_info(); print $v["GD Version"]; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "imap... ";
if (function_exists("imap_open")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "mbstring... ";
if (function_exists("mb_internal_encoding")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "mcrypt... ";
if (function_exists("mcrypt_cbc")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "mysql... ";
if (function_exists("mysql_connect")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "iconv... ";
if (function_exists("iconv")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "openssl... ";
if (function_exists("openssl_verify")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "soap... ";
if (class_exists("SoapClient")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "sockets... ";
if (function_exists("socket_create")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "xml... ";
if (function_exists("xml_parser_create")) { print "ok"; } else { $extensionsError = true; print "<font color=red><B>NO</B></font>";}
print "<BR>";
print "<BR><B>Check Permissions:</b><BR><BR>";
$dir = $full_home_path."/_rootfiles/";
$perm = fileperms($dir); $perm = substr(sprintf('%o', $perm), -3);
print "Dir ".$dir."... ".$perm."... "; if ($perm == "777") { print "ok"; } else { print "<font color=red><B>BAD</B> (need 777)</font>";}
print "<BR>";
$dir = $full_home_path."/_rootimages/banners/";
$perm = fileperms($dir); $perm = substr(sprintf('%o', $perm), -3);
print "Dir ".$dir."... ".$perm."... "; if ($perm == "777") { print "ok"; } else { print "<font color=red><B>BAD</B> (need 777)</font>";}
print "<BR>";
$dir = $full_home_path."/_rootimages/avatars/";
$perm = fileperms($dir); $perm = substr(sprintf('%o', $perm), -3);
print "Dir ".$dir."... ".$perm."... "; if ($perm == "777") { print "ok"; } else { print "<font color=red><B>BAD</B> (need 777)</font>";}
print "<BR>";
$dir = $full_home_path."/_rootlogs/";
$perm = fileperms($dir); $perm = substr(sprintf('%o', $perm), -3);
print "Dir ".$dir."... ".$perm."... "; if ($perm == "777") { print "ok"; } else { print "<font color=red><B>BAD</B> (need 777)</font>";}
print "<BR>";
$dir = $full_home_path."/_roottemp/";
$perm = fileperms($dir); $perm = substr(sprintf('%o', $perm), -3);
print "Dir ".$dir."... ".$perm."... "; if ($perm == "777") { print "ok"; } else { print "<font color=red><B>BAD</B> (need 777)</font>";}
print "<BR>";
}
require_once($full_home_path.'/_rootload.php');
$font_head='#EAEAEA'; # Цвет фона строки заголовка таблицы
$font_headm='#cae0c4'; # Цвет фона строки заголовка таблицы при наведении мышки
$font_row1='#FAFAFA'; # Цвет фона строки №1 с данными
$font_row = $font_row1;
$font_row2='#EFEFEF'; # Цвет фона строки №2 с данными
$styleHelp='font-size: 11px; color: gray; margin-top: 0'; # Стиль текста подсказок в редактировании профайла
$_do[]="addons";
$_do[]="bills";
$_do[]="billskv";
$_do[]="catalog";
$_do[]="catalogsettings";
$_do[]="clients";
$_do[]="currency";
$_do[]="domains";
$_do[]="editbill";
$_do[]="editbillkv";
$_do[]="editor";
$_do[]="editorder";
$_do[]="fullinfo";
$_do[]="history";
$_do[]="mailsend";
$_do[]="money";
$_do[]="news";
$_do[]="orders";
$_do[]="profile";
$_do[]="registrators";
$_do[]="security";
$_do[]="settings";
$_do[]="show_tpl";
$_do[]="specialcosts";
$_do[]="tarifs";
$_do[]="tickets";
$_do[]="utils";
$_do[]="zones";
$_do[]="gotobilling";
$_do[]="stats";
$_do[]="userlogs";
$_do[]="multilanguage";
$_do[]="maillogs";
$_do[]="usersettings";
$_do[]="coupons";
$_do[]="showimage";
$_do[]="shopsettings";
$_do[]="shop";
$_do[]="avdeskinfo";
$_do[]="faq";
$_do[]="testimonials";
$_do[]="domainscerts";
$_do[]="gotoaccount";
$_do[]="smsgateways";
$_do[]="smslogs";
$_do[]="ticketsettings";
$_do[]="getfile";
$_do[]="apilogs";
$_do[]="whoislogs";
$_do[]="import";
$_do[]="partnersettings";
$pages_without_headfoot[] = "show_tpl";
$pages_without_headfoot[] = "gotobilling";
$pages_without_headfoot[] = "showimage";
$pages_without_headfoot[] = "avdeskinfo";
$pages_without_headfoot[] = "gotoaccount";
$pages_without_headfoot[] = "getfile";
mconnect();
if ($do == "logout" and !$pass) {
adminLogOut();
mclose();
Header("Location: ?");
exit;
}
if ($pass) {
if (!adminLogOn($login, $pass)) {
$admin = GetAdminByLogin($login);
if ($admin->id) {
writeAdminLog("Неудачная попытка входа [$ip]",$admin->id);
}
$yesadminheader=''; include $full_home_path.'/_rootinc/adminhead.inc.php'; $admincluded=1;
print "<BR><center><font color=red>Не правильно введён логин или пароль.</font></center>";
} else {
writeAdminLog("Успешный вход [$ip]");
}
}
EnableLanguages(1);
GetCurrentAdminCurrency();
if (!$admincluded) {
$yesadminheader='';
if (!in_array($do,$pages_without_headfoot)) { include $full_home_path.'/_rootinc/adminhead.inc.php'; }
}
if (!IsIPInIPs($ip,GetSetting("admin_ip"))) {adminLogOut(); print "<BR><center><font color=red>Access Denied. Go away!"; include $full_home_path.'/_rootinc/adminfoot.inc.php'; mclose(); exit;}
if (!$yesadminheader and !in_array($do,$pages_without_headfoot)) {print "<BR><center><font color=red>Ошибка!!! Невозможно выполннить скрипт, т.к. зафиксировано вмешательство в его код!"; include $full_home_path.'/_rootinc/adminfoot.inc.php'; mclose(); exit;}
if (!validateAdmin()) {
$admins=@mysql_query("SELECT id FROM admin_users") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
if (mysql_num_rows($admins) == 0) {
$admin_exists = False;
if ($do == "createadmin") {
print "<BR>";
if ($new_login == "") { print "Не указан логин.<BR>"; }
else if ($new_pass == "") { print "Не указан пароль.<BR>"; }
else if ($new_pass2 == "") { print "Не подтверждён пароль.<BR>"; }
else if ($new_pass != $new_pass2) { print "Пароль подтверждён неправильно.<BR>"; }
else if (strlen($new_pass) < 6) { print "Пароль не может быть короче 6 символов.<BR>"; }
else if ($new_email == "") { print "Не указан E-Mail адрес.<BR>"; }
else if ($new_name == "") { print "Не указано Ваше имя.<BR>"; }
else {
@mysql_query("INSERT INTO admin_users (login,password,name,email) VALUES('$new_login','".crypt($new_pass)."','$new_name','$new_email')") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
$admin_exists = True;
SetSetting("manager_email", $new_email);
SetSetting("support_email", $new_email);
print "Логин и пароль администратора успешно созданы.<BR>Вам необходимо пройти авторизацию.<BR><BR>";
}
}
if (!$admin_exists) {
?>
<center><BR>
Перед началом работы необходимо создать логин и пароль администратора.<BR><BR>
<B>Создание логина и пароля администратора:</b><BR><BR>
<form method=post>
<input type=hidden name=do value=createadmin>
<table>
<tr><td>Логин:</td><td><input type=text name=new_login value="<? print $new_login?>"></tr></td>
<tr><td>Пароль:</td><td><input type=password name=new_pass></td></tr>
<tr><td>Ещё раз пароль:</td><td><input type=password name=new_pass2></td></tr>
<tr><td>E-Mail:</td><td><input type=text name=new_email value="<? print $new_email?>"></tr></td>
<tr><td>Ваше имя:</td><td><input type=text name=new_name value="<? print $new_name?>"></tr></td>
</table>
<script>document.forms[0].new_login.focus();</script>
<br><input type=submit value=Создать><BR><BR>
* Длина пароля должна быть не менее 6 символов.
</form>
<?
}
} else {
$admin_exists = True;
}
if ($admin_exists) {
?>
<center><BR>
<B>Введите логин и пароль:</b><BR><BR>
<form method=post>
<table>
<tr><td>Логин:</td><td><input type=text name=login></tr></td>
<tr><td>Пароль:</td><td><input type=password name=pass></td></tr>
</table>
<script>document.forms[0].login.focus();</script>
<br><input type=submit value=Войти>
</form>
<?
}
include $full_home_path.'/_rootinc/adminfoot.inc.php';
mclose();
exit;
}
if ($lti) {
$licenseId = $lti;
}
if ($ltd) {
$licenseEnd = round(($ltd-time())/60/60/24,1);
if ($licenseEnd <= 15 and !in_array($do,$pages_without_headfoot)) print "<center><font color=red>Внимание! До истечения срока действия Вашей лицензии осталось дней: $licenseEnd<BR>Для продления лицензии обратитесь к разработчику.</font></center><BR>";
}
if ($ltr and $ltr[0] != "null") {
$licenseMainDomain = $ltr[0];
$licenseAddonDomains = $ltr[1]; $licenseAddonDomains = @mb_split("::",$licenseAddonDomains); $licenseAddonDomains = @join(", ", $licenseAddonDomains);
}
if ($ltq and $ltq[0] != "null") {
$licenseMainIp = $ltq[0];
$licenseAddonIps = $ltq[1]; $licenseAddonIps = @mb_split("::",$licenseAddonIps); $licenseAddonIps = @join(", ", $licenseAddonIps);
}
if (!$do) {
if ($sub == "uploadavatar") {
if ($_FILES['userfile']['name']) {
if ($_FILES['userfile']['name'] != '' and $_FILES['userfile']['type'] != '' and $_FILES['userfile']['tmp_name'] != '') {
preg_match("/^(.+).([^.]+)$/ui",$_FILES['userfile']['name'],$arr);
$filename=$arr[1]; $fileext=$arr[2];
$newfile="admin_avatar_".$_SESSION["adminId"].".".$fileext;
$file=$full_home_path."/_rootimages/avatars/".$newfile;
@unlink($file);
if (move_uploaded_file($_FILES['userfile']['tmp_name'],$file)) {
@chmod($file, 0777);
$_SESSION["adminAvatar"] = $newfile;
@mysql_query("update admin_users set avatar='$newfile' where id='".$_SESSION["adminId"]."'") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
}
}
}
}
if ($sub == "deleteavatar") {
@unlink($full_home_path."/_rootimages/avatars/".$_SESSION["adminAvatar"]);
@mysql_query("update admin_users set avatar='' where id='".$_SESSION["adminId"]."'") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
}
getfont();
getfont();
if ($_SESSION["adminLastDate"] and $_SESSION["adminLastIp"]) {
$adminLastDateArray = mb_split(" ",$_SESSION["adminLastDate"]);
$adminLastD = myDate($adminLastDateArray[0]);
$adminLastT = $adminLastDateArray[1];
$adminLastI = $_SESSION["adminLastIp"];
$adminLastH = @gethostbyaddr($adminLastI); if ($adminLastH) { $adminLastH = " (".$adminLastH.")"; }
?>
<table>
<tr>
<td valign=top>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Здравствуйте, <? print $_SESSION["adminName"]?></b></td></tr>
<? if (!$_SESSION["disallowLastSeen"]) { ?>
<tr><td bgcolor=<? print $font_row?>>
<Strong>Ваш последний вход:</strong> <? print $adminLastD?> <strong>в</strong> <? print $adminLastT?> <strong>с IP:</strong> <? print $adminLastI.$adminLastH?><BR><BR>
</td></tr>
<? } ?>
<tr><td align=center onclick="myShow('s1');" onmouseover="this.bgColor='<? print $font_headm?>'; this.style.cursor='pointer'" onmouseout="this.bgColor='<? print $font_head?>'" bgcolor=<? print $font_head?>><B>Ваш аватар</b></td></tr>
<tr><td bgcolor=<? print $font_row?>>
<div id="s1" style="display: none;">
<table width=100% border=0><tr><td width=20>
<?
if ($_SESSION["adminAvatar"] and file_exists($full_home_path."/_rootimages/avatars/".$_SESSION["adminAvatar"])) {
print "<a href="?sub=deleteavatar"><img src="./_rootimages/avatars/".$_SESSION["adminAvatar"]."" alt="Удалить аватар"></a>";
} else {
print "<img src="./_rootimages/ticket_admin.gif">";
}
?>
</td><td align=center>
<form method=post enctype="multipart/form-data">
<input type=hidden name=sub value=uploadavatar>
<input type=file name=userfile size=7><BR>
<input type=submit value=Загрузить>
</form>
</td></tr></table>
</div>
</td></tr>
</table>
</td>
<td width=20></td>
<td valign=top>
<? if (!$_SESSION["disallowLicenseInfo"]) { ?>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Лицензия</b></td></tr>
<tr><td bgcolor=<? print $font_row?>>
<? if (isset($licenseId)) { ?><strong>ID лицензии:</strong> <? print $licenseId?><BR><? } ?>
<? if (isset($licenseEnd)) { ?><Strong>Срок лицензии:</strong> <? print $licenseEnd?> дн.<BR><? } ?>
<? if (isset($licenseMainDomain)) { ?><Strong>Осноной домен:</strong> <? print $licenseMainDomain?><BR><? } ?>
<? if (isset($licenseAddonDomains)) { ?><Strong>Доп. домены:</strong> <? print $licenseAddonDomains?><BR><? } ?>
<? if (isset($licenseMainIp)) { ?><Strong>Осноной IP:</strong> <? print $licenseMainIp?><BR><? } ?>
<? if (isset($licenseAddonIps)) { ?><Strong>Доп. IPs:</strong> <? print $licenseAddonIps?><BR><? } ?>
</td></tr>
</table>
<? } ?>
</td>
<td></td>
</tr>
</table><BR>
<? } ?>
<table border=0>
<tr>
<? if (checkAdminAccess("billsRead")) { ?>
<td>
<form method=post>
<input type=hidden name=do value=editbill>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Редактировать счет</b></td></tr>
<tr><td bgcolor=<? print $font_row?>>Счет № <input type=text name=id size=2> <input type=submit value=OK></td></tr>
</table>
</form>
</td>
<td width=20></td>
<? } ?>
<? if (checkAdminAccess("ticketsRead")) { ?>
<td>
<form method=post>
<input type=hidden name=do value=tickets>
<input type=hidden name=sub value=view>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Перейти к тикету</b></td></tr>
<tr><td bgcolor=<? print $font_row?>>ID# <input type=text name=id size=2> <input type=submit value=OK></td></tr>
</table>
</form>
</td>
<td width=20></td>
<? } ?>
<? if (checkAdminAccess("clientsRead")) { ?>
<td>
<form method=post>
<input type=hidden name=do value=fullinfo>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Информация по клиенту</b></td></tr>
<tr><td bgcolor=<? print $font_row?>>ID/Логин <input type=text name=id size=5> <input type=submit value=OK></td></tr>
</table>
</form>
</td>
<td width=20></td>
<? } ?>
<? if (checkAdminAccess("clientProfileRead")) { ?>
<td>
<form method=post>
<input type=hidden name=do value=profile>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Профайл клиента</b></td></tr>
<tr><td bgcolor=<? print $font_row?>>ID/Логин <input type=text name=id size=5> <input type=submit value=OK></td></tr>
</table>
</form>
</td>
<td width=20></td>
<? } ?>
<? if (checkAdminAccess("clientHistoryRead")) { ?>
<td>
<form method=post>
<input type=hidden name=do value=history>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>История клиента</b></td></tr>
<tr><td bgcolor=<? print $font_row?>>ID/Логин <input type=text name=uid size=5> <input type=submit value=OK></td></tr>
</table>
</form>
</td>
<? } ?>
</tr>
</table><BR><BR>
<table border=0>
<tr>
<? if (checkAdminAccess("ordersRead")) { ?>
<td>
<form method=post>
<input type=hidden name=do value=orders>
<input type=hidden name=show value=all>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Поиск по заказам</b></td></tr>
<tr><td bgcolor=<? print $font_row?>><select name=param><option value=domain selected>Домен:</option><option value=comment>Комментарий клиента:</option><option value=remark>Заметки для админа:</option><option value=remarkUser>Заметки для клиента:</option><option value=ipaddr>IP-адрес:</option><option value=serverlogin>Логин на сервере:</option></select> <input type=text name=search size=12> <input type=submit value=OK></td></tr>
</table>
</form>
</td>
<td width=20></td>
<? } ?>
<? if (checkAdminAccess("domainsRead")) { ?>
<td>
<form method=post>
<input type=hidden name=do value=domains>
<input type=hidden name=show value=all>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Поиск по доменам</b></td></tr>
<tr><td bgcolor=<? print $font_row?>><select name=param><option value=domain selected>Домен:</option><option value=remark>Комментарий:</option></select> <input type=text name=search size=12> <input type=submit value=OK></td></tr>
</table>
</form>
</td>
<td width=20></td>
<? } ?>
<? if (checkAdminAccess("clientsRead")) { ?>
<td>
<form method=post>
<input type=hidden name=do value=clients>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Поиск по клиентам</b></td></tr>
<tr><td bgcolor=<? print $font_row?>><select name=param><option value=u.id>ID:</option><option value=u.login selected>Логин:</option><option value=u.email>E-Mail:</option><option value=p.surname>Фамилия:</option><option value=u.remark>Заметки:</option></select> <input type=text name=search size=12> <input type=submit value=OK></td></tr>
</table>
</form>
</td>
<? } ?>
</tr>
</table><BR><BR>
<table border=0>
<tr>
<? if (checkAdminAccess("ticketsRead")) { ?>
<td>
<table width=370>
<tr><td align=center bgcolor=<? print $font_head?>><B>Поиск по тикетам</b></td></tr>
<tr><td bgcolor=<? print $font_row?>><form method=post><input type=hidden name=do value=tickets><input type=hidden name=status value=all><input type=hidden name=department value=0><input type=hidden name=uid value=<? print $uid?>><select name=param><option value=subjectmessages>Тема и сообщения:</option><option value=subject>Тема:</option><option value=messages>Сообщения:</option></select> <input type=text name=search size=20> <input type=submit value=Найти></form></td></tr>
</table>
</td>
<td width=20></td>
<? } ?>
<? if (checkAdminAccess("sUserLogsRead")) { ?>
<td>
<form method=post>
<input type=hidden name=do value=userlogs>
<table>
<tr><td align=center bgcolor=<? print $font_head?>><B>Логи админа</b></td></tr>
<tr><td bgcolor=<? print $font_row?>>ID/Логин <input type=text name=aid size=5> <input type=submit value=OK></td></tr>
</table>
</form>
</td>
<? } ?>
</tr>
</table><BR><BR>
<?
} else if (in_array($do,$_do) and !preg_match("/W/iu",$do)) {
require $full_home_path."/_rootadmin/_$do.inc.php";
}
if (!in_array($do,$pages_without_headfoot)) { include $full_home_path.'/_rootinc/adminfoot.inc.php'; }
mclose();
?>