1 <?php
2 $currDir = dirname(__FILE__);
3 require("{$currDir}/incCommon.php");
4 $GLOBALS['page_title'] = $Translation['admin settings'];
5 include("{$currDir}/incHeader.php");
6
7 if(isset($_POST['saveChanges'])){
8 // csrf check
9 if(!csrf_token(true)){
10 ?>
11 <div class="alert alert-danger">
12 <?php echo $Translation['invalid security token'] ; ?>
13 </div>
14 <?php
15 include("{$currDir}/incFooter.php");
16 }
17
18 // apply undo_magic_quotes to all input
19 $post = @array_map('undo_magic_quotes', $_POST);
20
21 // validate inputs
22 $errors = array();
23
24 // if admin username changed, check if the new username already exists
25 $adminUsername = makeSafe(strtolower($post['adminUsername']));
26 if($adminConfig['adminUsername'] != strtolower($post['adminUsername']) && sqlValue("select count(1) from membership_users where lcase(memberID)='$adminUsername'")){
27 $errors[] = $Translation['unique admin username error'] ;
28 }
29
30 // if anonymous username changed, check if the new username already exists
31 $anonymousMember = makeSafe(strtolower($post['anonymousMember']));
32 if($adminConfig['anonymousMember'] != strtolower($post['anonymousMember']) && sqlValue("select count(1) from membership_users where lcase(memberID)='$anonymousMember'")){
33 $errors[] = $Translation['unique anonymous username error'];
34 }
35
36 // if anonymous group name changed, check if the new group name already exists
37 $anonymousGroup = makeSafe($post['anonymousGroup']);
38 if($adminConfig['anonymousGroup'] != $post['anonymousGroup'] && sqlValue("select count(1) from membership_groups where name='$anonymousGroup'")){
39 $errors[] = $Translation['unique anonymous group name error'];
40 }
41
42 $adminPassword = $post['adminPassword'];
43 if($adminPassword != '' && $adminPassword == $post['confirmPassword']){
44 $adminPassword = md5($adminPassword);
45 }elseif($adminPassword != '' && $adminPassword != $post['confirmPassword']){
46 $errors[] = $Translation['admin password mismatch'];
47 }else{
48 $adminPassword = $adminConfig['adminPassword'];
49 }
50
51 if(!isEmail($post['senderEmail'])){
52 $errors[] = $Translation['invalid sender email'];
53 }
54
55 if(count($errors)){
56 ?>
57 <div class="alert alert-danger">
58 <?php echo $Translation['errors occurred'] ; ?>
59 <ul><li><?php echo implode('</li><li>', $errors); ?></li></ul>
60 <?php echo $Translation['go back'] ; ?>
61 </div>
62 <?php
63 include("{$currDir}/incFooter.php");
64 }
65
66 $new_config = array(
67 'dbServer' => config('dbServer'),
68 'dbUsername' => config('dbUsername'),
69 'dbPassword' => config('dbPassword'),
70 'dbDatabase' => config('dbDatabase'),
71
72 'adminConfig' => array(
73 'adminUsername' => strtolower($post['adminUsername']),
74 'adminPassword' => $adminPassword,
75 'notifyAdminNewMembers' => intval($post['notifyAdminNewMembers']),
76 'defaultSignUp' => intval($post['visitorSignup']),
77 'anonymousGroup' => $post['anonymousGroup'],
78 'anonymousMember' => strtolower($post['anonymousMember']),
79 'groupsPerPage' => (intval($post['groupsPerPage']) > 0 ? intval($post['groupsPerPage']) : $adminConfig['groupsPerPage']),
80 'membersPerPage' => (intval($post['membersPerPage']) > 0 ? intval($post['membersPerPage']) : $adminConfig['membersPerPage']),
81 'recordsPerPage' => (intval($post['recordsPerPage']) > 0 ? intval($post['recordsPerPage']) : $adminConfig['recordsPerPage']),
82 'custom1' => $post['custom1'],
83 'custom2' => $post['custom2'],
84 'custom3' => $post['custom3'],
85 'custom4' => $post['custom4'],
86 'MySQLDateFormat' => $post['MySQLDateFormat'],
87 'PHPDateFormat' => $post['PHPDateFormat'],
88 'PHPDateTimeFormat' => $post['PHPDateTimeFormat'],
89 'senderName' => $post['senderName'],
90 'senderEmail' => $post['senderEmail'],
91 'approvalSubject' => $post['approvalSubject'],
92 'approvalMessage' => $post['approvalMessage'],
93 'hide_twitter_feed' => ($post['hide_twitter_feed'] ? true : false),
94 'maintenance_mode_message' => $post['maintenance_mode_message'],
95 'mail_function' => in_array($post['mail_function'], array('smtp', 'mail')) ? $post['mail_function'] : 'mail',
96 'smtp_server' => $post['smtp_server'],
97 'smtp_encryption' => in_array($post['smtp_encryption'], array('ssl', 'tls')) ? $post['smtp_encryption'] : '',
98 'smtp_port' => intval($post['smtp_port']) > 0 ? intval($post['smtp_port']) : 25,
99 'smtp_user' => $post['smtp_user'],
100 'smtp_pass' => $post['smtp_pass']
101 )
102 );
103
104 // save changes
105 $save_result = save_config($new_config);
106 if($save_result === true){
107 // update admin member
108 sql( "update membership_users set memberID='$adminUsername', passMD5='$adminPassword', email='{$post['senderEmail']}', comments=concat_ws('', comments, '\\n', '".str_replace ( "<DATE>" , @date('Y-m-d') , $Translation['record updated automatically'] ) ."') where lcase(memberID)='" . makeSafe(strtolower($adminConfig['adminUsername'])) . "'" , $eo);
109 $_SESSION['memberID'] = $_SESSION['adminUsername'] = strtolower($post['adminUsername']);
110
111 // update anonymous group name if changed
112 if($adminConfig['anonymousGroup'] != $post['anonymousGroup']){
113 sql("update membership_groups set name='$anonymousGroup' where name='" . addslashes($adminConfig['anonymousGroup']) . "'", $eo);
114 }
115
116 // update anonymous username if changed
117 if($adminConfig['anonymousMember'] != $post['anonymousMember']){
118 sql("update membership_users set memberID='$anonymousMember' where memberID='" . addslashes($adminConfig['anonymousMember']) . "'", $eo);
119 }
120
121 // display status
122 echo "<div class=\"alert alert-success\"><h2>{$Translation['admin settings saved']}</h2></div>";
123 }else{
124 // display status
125 echo "<div class=\"alert alert-danger\"><h2>" . str_replace('<ERROR>', $save_result['error'], $Translation['admin settings not saved']) . "</h2></div>";
126 }
127
128 // exit
129 include("{$currDir}/incFooter.php");
130 }
131
132 function settings_textbox($name, $label, $value, $hint = '', $type = 'text'){
133 ob_start();
134 ?>
135 <div class="form-group">
136 <label for="<?php echo $name; ?>" class="col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label"><?php echo $label; ?></label>
137 <div class="col-sm-8 col-md-9 col-lg-6">
138 <input type="<?php echo $type; ?>" name="<?php echo $name; ?>" id="<?php echo $name; ?>" value="<?php echo html_attr($value); ?>" class="form-control">
139 <?php if($hint){ ?>
140 <span class="help-block"><?php echo $hint; ?></span>
141 <?php } ?>
142 </div>
143 </div>
144 <?php
145 $out = ob_get_contents();
146 ob_end_clean();
147
148 return $out;
149 }
150
151 function settings_textarea($name, $label, $value, $height = 6, $hint = ''){
152 ob_start();
153 ?>
154 <div class="form-group">
155 <label for="<?php echo $name; ?>" class="col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label"><?php echo $label; ?></label>
156 <div class="col-sm-8 col-md-9 col-lg-6">
157 <textarea rows="<?php echo abs($height); ?>" name="<?php echo $name; ?>" id="<?php echo $name; ?>" class="form-control"><?php echo html_attr(str_replace(array('\r', '\n'), array("", "\n"), $value)); ?></textarea>
158 <?php if($hint){ ?>
159 <span class="help-block"><?php echo $hint; ?></span>
160 <?php } ?>
161 </div>
162 </div>
163 <?php
164 $out = ob_get_contents();
165 ob_end_clean();
166
167 return $out;
168 }
169
170 function settings_radiogroup($name, $label, $value, $options){
171 ob_start();
172 ?>
173 <div class="form-group">
174 <label class="col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label"><?php echo $label; ?></label>
175 <div class="col-sm-8 col-md-9 col-lg-6">
176 <?php foreach($options as $val => $display){ ?>
177 <div class="radio">
178 <label>
179 <input type="radio"
180 name="<?php echo $name; ?>"
181 id="<?php echo $name; ?><?php echo html_attr($val); ?>"
182 value="<?php echo html_attr($val); ?>"
183 <?php if($value == $val){ ?>checked<?php } ?>
184 >
185 <?php echo $display; ?>
186 </label>
187 </div>
188 <?php } ?>
189 </div>
190 </div>
191 <?php
192 $out = ob_get_contents();
193 ob_end_clean();
194
195 return $out;
196 }
197
198 function settings_checkbox($name, $label, $value, $set_value, $hint = ''){
199 ob_start();
200 ?>
201 <div class="form-group">
202 <label class="col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label"></label>
203 <div class="col-sm-8 col-md-9 col-lg-6">
204 <div class="checkbox">
205 <label>
206 <input type="checkbox"
207 name="<?php echo $name; ?>"
208 id="<?php echo $name; ?>"
209 value="<?php echo html_attr($value); ?>"
210 <?php if($value == $set_value){ ?>checked<?php } ?>
211 >
212 <?php echo $label; ?>
213 </label>
214 </div>
215 <?php if($hint){ ?>
216 <span class="help-block"><?php echo $hint; ?></span>
217 <?php } ?>
218 </div>
219 </div>
220 <?php
221 $out = ob_get_contents();
222 ob_end_clean();
223
224 return $out;
225 }
226
227 ?>
228
229 <div class="page-header"><h1><?php echo $Translation['admin settings'] ; ?></h1></div>
230
231 <form method="post" action="pageSettings.php" class="form-horizontal">
232 <?php echo csrf_token(); ?>
233
234 <?php echo settings_textbox('adminUsername', $Translation['admin username'], $adminConfig['adminUsername']); ?>
235 <?php echo settings_textbox('adminPassword', $Translation['admin password'], '', $Translation['change admin password'], 'password'); ?>
236 <?php echo settings_textbox('confirmPassword', $Translation['confirm password'], '', '', 'password'); ?>
237
238 <?php
239 echo settings_radiogroup(
240 'notifyAdminNewMembers',
241 $Translation['admin notifications'],
242 intval($adminConfig['notifyAdminNewMembers']),
243 array(
244 0 => $Translation['no email notifications'],
245 1 => $Translation['member waiting approval'],
246 2 => $Translation['new sign-ups']
247 )
248 );
249 ?>
250
251 <?php echo settings_textbox('custom1', $Translation['members custom field 1'], $adminConfig['custom1']); ?>
252 <?php echo settings_textbox('custom2', $Translation['members custom field 2'], $adminConfig['custom2']); ?>
253 <?php echo settings_textbox('custom3', $Translation['members custom field 3'], $adminConfig['custom3']); ?>
254 <?php echo settings_textbox('custom4', $Translation['members custom field 4'], $adminConfig['custom4']); ?>
255
256 <?php echo settings_textbox('approvalSubject', $Translation['member approval email subject'], $adminConfig['approvalSubject'], $Translation['member approval email subject control']); ?>
257 <?php echo settings_textarea('approvalMessage', $Translation['member approval email message'], $adminConfig['approvalMessage']); ?>
258
259 <?php echo settings_textbox('MySQLDateFormat', $Translation['MySQL date'], $adminConfig['MySQLDateFormat'], $Translation['MySQL reference']); ?>
260 <?php echo settings_textbox('PHPDateFormat', $Translation['PHP short date'], $adminConfig['PHPDateFormat'], $Translation['PHP manual']); ?>
261 <?php echo settings_textbox('PHPDateTimeFormat', $Translation['PHP long date'], $adminConfig['PHPDateTimeFormat'], $Translation['PHP manual']); ?>
262
263 <?php echo settings_textbox('groupsPerPage', $Translation['groups per page'], $adminConfig['groupsPerPage']); ?>
264 <?php echo settings_textbox('membersPerPage', $Translation['members per page'], $adminConfig['membersPerPage']); ?>
265 <?php echo settings_textbox('recordsPerPage', $Translation['records per page'], $adminConfig['recordsPerPage']); ?>
266
267 <?php
268 echo settings_radiogroup(
269 'visitorSignup',
270 $Translation['default sign-up mode'],
271 intval($adminConfig['defaultSignUp']),
272 array(
273 0 => $Translation['no sign-up allowed'],
274 1 => $Translation['admin approve members'],
275 2 => $Translation['automatically approve members']
276 )
277 );
278 ?>
279
280 <?php echo settings_textbox('anonymousGroup', $Translation['anonymous group'], $adminConfig['anonymousGroup']); ?>
281 <?php echo settings_textbox('anonymousMember', $Translation['anonymous user name'], $adminConfig['anonymousMember']); ?>
282
283 <?php echo settings_checkbox('hide_twitter_feed', $Translation['hide twitter feed'], '1', $adminConfig['hide_twitter_feed'], $Translation['twitter feed']); ?>
284 <?php echo settings_textarea('maintenance_mode_message', $Translation['maintenance mode message'], $adminConfig['maintenance_mode_message']); ?>
285
286 <hr>
287 <div id="mail-settings" style="height: 5em;"></div>
288
289 <?php echo settings_textbox('senderEmail', $Translation['sender email'], $adminConfig['senderEmail'], $Translation['sender name and email'] . ' ' . $Translation['email messages']); ?>
290 <?php echo settings_textbox('senderName', $Translation['sender name'], $adminConfig['senderName']); ?>
291 <?php
292 echo settings_radiogroup(
293 'mail_function',
294 $Translation['mail_function'],
295 thisOr($adminConfig['mail_function'], 'mail'),
296 array(
297 'mail' => 'PHP mail()',
298 'smtp' => 'SMTP'
299 )
300 );
301 ?>
302 <?php echo settings_textbox('smtp_server', $Translation['smtp_server'], $adminConfig['smtp_server']); ?>
303 <?php
304 echo settings_radiogroup(
305 'smtp_encryption',
306 $Translation['smtp_encryption'],
307 $adminConfig['smtp_encryption'],
308 array(
309 '' => $Translation['none'],
310 'ssl' => 'SSL',
311 'tls' => 'TLS'
312 )
313 );
314 ?>
315 <?php echo settings_textbox('smtp_port', $Translation['smtp_port'], $adminConfig['smtp_port'], $Translation['smtp_port_hint']); ?>
316 <?php echo settings_textbox('smtp_user', $Translation['smtp_user'], $adminConfig['smtp_user']); ?>
317 <?php echo settings_textbox('smtp_pass', $Translation['smtp_pass'], $adminConfig['smtp_pass'], '', 'password'); ?>
318
319 <div class="form-group">
320 <label class="col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label"></label>
321 <div class="col-sm-8 col-md-9 col-lg-6">
322 <button type="submit" name="saveChanges" value="1" onclick="return jsValidateAdminSettings();" class="btn btn-primary btn-lg"><i class="glyphicon glyphicon-ok"></i> <?php echo $Translation['save changes']; ?></button>
323 <a href="pageSettings.php" class="btn btn-warning btn-lg hspacer-md"><i class="glyphicon glyphicon-remove"></i> <?php echo $Translation['cancel']; ?></a>
324 </div>
325 </div>
326
327 </form>
328
329 <div style="height: 600px;"></div>
330
331 <style>
332 .form-group{
333 margin-bottom: 1.5em;
334 }
335 </style>
336
337 <script>
338 $j(function(){
339 // circumvent browser auto-completion of password field
340 setTimeout(function(){ $j('#adminPassword').val(''); }, 500);
341
342 // hide/show SMTP settings based on mail_function value
343 var mail_function_observer = function(){
344 var mail_function = 'mail';
345 if($j('#mail_functionsmtp').prop('checked')) mail_function = 'smtp';
346
347 if(mail_function == 'smtp'){
348 $j('#smtp_server, #smtp_port, #smtp_user, #smtp_pass, [name=smtp_encryption]')
349 .prop('readonly', false)
350 .removeClass('text-muted bg-muted')
351 .parents('.form-group')
352 .removeClass('text-muted');
353 }else{
354 $j('#smtp_server, #smtp_port, #smtp_user, #smtp_pass, [name=smtp_encryption]')
355 .prop('readonly', true)
356 .addClass('text-muted bg-muted')
357 .parents('.form-group')
358 .addClass('text-muted');
359 }
360 };
361
362 $j('#mail_functionsmtp, #mail_functionmail').click(mail_function_observer);
363 mail_function_observer();
364 });
365 </script>
366
367 <?php
368 include("{$currDir}/incFooter.php");
369 ?>
