....................................../////.===Shadow-Here===./////................................................ > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < ------------------------------------------------------------------------------------------------------------------- /////////////////////////////////////////////////////////////////////////////////////////////////////////////////// RIFF¤ WEBPVP8 ˜ ðÑ *ôô>‘HŸK¥¤"§£±¨àð enü¹%½_F‘åè¿2ºQú³íªú`N¿­3ÿƒügµJžaÿ¯ÿ°~¼ÎùnúîÞÖô•òíôÁÉß®Sm¥Ü/ ‡ó˜f£Ùà<˜„xëJ¢Ù€SO3x<ªÔ©4¿+ç¶A`q@Ì“Úñè™ÍÿJÌ´ª-˜ÆtÊÛL]Ïq*‘Ý”ì#ŸÌÏãY]@ê`¿ /ªfkØB4·®£ó z—Üw¥Pxù–ÞLШKÇN¾AkÙTf½è'‰g gÆv›Øuh~ a˜Z— ïj*á¥t d£“uÒ ¨`K˜¹ßþ]b>˜]_ÏÔ6W—è2r4x•íÖ…"ƒÖNîä!¦å Ú}ýxGøÌ —@ ;ÆÚŠ=ɾ1ý8lªË¥ô ^yf®Œ¢u&2©nÙÇ›ñÂñŒ³ aPo['½»øFùà­+4ê“$!lövlüÞ=;N®3ð‚õ›DÉKòÞ>ÄÍ ¥ˆuߤ#ˆ$6ù™¥îŠ‡y’ÍB¼ çxÛ;X"WL£R÷͝*ó-¶Zu}º.s¸sšXqù–DþÿvªhüïwyŸ ¯é³lÀ:KCûÄ£Ëá\…­ ~—ýóî ¼ûûÜTÓüÇy…ŽÆvc»¾×U ñ¸žþоP÷¦ó:Ò¨¨5;Ð#&#ÖúñläÿÁœ GxÉ­/ñ‡áQðìYÉtÒwŽ¼GÔ´zàÒò ð*ëzƒ•4~H]Ø‹f ñÓÈñ`NåWçs'ÆÏW^ø¹!XžµmQ5ÃËoLœÎ: ÞËÍ¥J ù…î èo£ßPÎñ¶ž8.Œ]ʵ~5›ÙË-ù*8ÙÖß±~ ©¹rÓê‚j¶d¸{^Q'˜±Crß ÚH—#¥¥QlÀ×ëã‡DÜ«èî þ&Çæžî;ŽÏºò6ÒLÃXy&ZŒ'j‚¢Ù€IßÚù+–MGi‰*jE€‘JcÜ ÓÌ EÏÚj]o˜ Þr <¾U ûŪæÍ/šÝH¥˜b”¼ ÁñßX GP›ï2›4WŠÏà×£…íÓk†¦H·ÅíMh–*nó÷à]ÁjCº€b7<ب‹¨5車bp2:Á[UªM„QŒçiNMa#<5›áËó¸HýÊ"…×Éw¹¦ì2º–x<›»a±¸3Weü®FÝ⑱ö–î–³|LPÈ~çð~Çå‡|º kD¢µÏàÆAI %1À% ¹Ò – ”ϝS¦‰4&¶£°à Öý”û_Ò Áw°A«Å€?mÇÛgHÉ/8)á¾ÛìáöŽP í¨PŸNÙµº¦‡§Ùš"ÿ«>+ªÕ`Ê÷‡‚ß Õû˜þãÇ-PÍ.¾XV‘€ dÜ"þ4¹ ±Oú‘©t¥¦FªÄÃÄ•b‚znýu½—#cDs˜ÃiÑOˆñ×QO=*IAÊ,¶ŽZƒ;‡wøXè%EÐk:F±Ú” .Ѽ+Áu&Ç`."pÈÉw o&¿dE6‘’EqTuK@Ì¥ã™À(Êk(h‰,H}RÀIXÛš3µ1©_OqÚÒJAñ$ÊÙÜ;D3çŒ[þùœh¬Ã³™ö6ç†NY".Ú‰ï[ªŸŒ '²Ð öø_¨ÂÉ9u鶳ÒŠõTàîMØ#û¯gN‡bÙ놚X„ö …ÉeüÌ^J ‹€.œ$Æ)βÄeæW#óüßĺŸ€ ÀzwV 9oä»f4V*uB «Ë†¹ì¯žR霓æHXa=&“I4K;¯ç‹h×·"UŠ~<•â•ªVêª&ÍSÃÆÅ?ÔqÎ*mTM ˜›µwêd#[C¡©§‘D<©àb†–ÁœøvH/,í:¯( ²£|4-„Æövv„Yͼ™^Á$ˆ„¢Û[6yB.åH*V¨æ?$=˜Ñ€•î¦ñ·­(VlŸ‘ nÀt8W÷´Bûba?q9ú¶Xƒl«ÿ\ù¶’þòUÐj/õ¢Ìµ³g$ƒÎR!¸»|Oߍë’BhîÚÑ¢ñåŒJ„®„£2Ð3•ô02Nt…!£Í]Ïc½Qÿ?ˆ<&ÃA¾Ú,JˆijÌ#5yz„‰Î|ÊŽ5QÏ:‹ÐaóVÔxW—CpeÏzÐïíçôÿÅ_[hãsÐ_/ŽTÝ?BîˆííV$<¿i>²F¬_Eß¿ †bÊŒº­ÿ®Z H“C}”¬,Mp ý/Bá£w>˜YV°aƒúh+cŠ- r/[%|üUMHäQ°X»|û/@|°¥Ð !BÔ Ç¢Ä©š+Õì D«7ìN¶ŽðÔ " ƶ’ÖçtA‰Û×}{tþz­¾GÍ›k¹OEJR$ Â׃ «ëÁ"oÉôž$oUK(Ä)Ãz³Ê-‹êN[Ò3Œñbï8P 4ƒ×q¢bo|?<ÛX¬òÄÍ°L–±›(™ûG?ýË©ÚÄ–ÂDØÐ_Ç¡ô ¾–ÄÏø ×e8Ë©$ÄF¹Å‹ì[©óìl:F¾f´‹‹Xì²ï®\¬ôùƒ ÿat¥óèÒùHß0äe‚;ü×h:ÆWðHž=Ã8骣"kœ'Y?³}Tûè€>?0l›e1Lòñ„aæKÆw…hÖŠùW…ÈÆÄ0ši·›[pcwËþñiêíY/~-Á5˜!¿†A›™Mÿþ(±“t@â“ö2­´TG5yé]çå僳 .·ÍïçÝ7UÚ±Ð/Nè»,_Ï ùdj7\ï Wì4›„»c¸àešg#ÒÊ⥭áØo5‘?ÌdÝô¯ ¹kzsƒ=´#ëÉK›Ø´±-¥eW?‡çßtòTã…$Ý+qÿ±ƒ÷_3Ô¥í÷:æ–ž<·Ö‡‰Å¢ š‡%Ô—utÌÈìðžgÖÀz²À—ï÷Óîäõ{K'´È÷³yaÏÁjƒô}ž§®æÊydÕÈë5¯èˆõvÕ©ã*çD„ “z„Ó‡^^xÂ3M§A´JG‚öï 3W'ˆ.OvXè¡ÊÕª?5º7†˜(˜Ç¶#çê’¶!ÌdZK§æ 0fãaN]òY³RV ™î$®K2R¨`W!1Ôó\;Ý ýB%qæK•&ÓÈe9È0êI±žeŸß -ú@žQr¦ ö4»M¼Áè¹µmw 9 EÆE_°2ó„ŸXKWÁ×Hóì^´²GѝF©óäR†¦‰ç"V»eØ<3ùd3ÿÚ¤Žú“Gi" —‘_ÙËÎ~Üö¯¥½Î»üŸEÚŽåmÞþí ;ÞólËΦMzA"Âf(´òá;Éï(/7½ûñÌ­cïÕçлþÝz¾-ÍvÑ“pH­–ðÓj$¸Äû¤‚‘ãUBË-n“2åPkS5&‹Â|+g^œ®Ì͆d!OïäîU«c;{Û!ÅŽ«ëZ9Ókóˆ]¯ƒ›né `ÇÒ+tÆš (ØKá¾—=3œ®•vuMñg²\ï Ec€ 05±d™‡×iÇ×›UúvÌ¢£Èþ¡ÕØô¶ßÎA"ß±#Ö²ˆÊŸ¦*Ä~ij|àø.-¼'»Ú¥£h ofº¦‡VsR=N½„Î v˜Z*SÌ{=jÑB‹tê…;’HžH¯8–îDù8ñ¢|Q•bÛçš–‹m³“ê¨ åÏ^m¬Žãþ©ïêO‡½6] µÆ„Ooòü ²x}N¦Ë3ïé¿»€›HA˜m%çÞ/¿í7Fø“‹léUk)É°Œµ8Q8›:ÀŠeT*šõ~ôڝG6 ¢}`ùH­–”¡k ‰P1>š†®9z11!X wKfmÁ¦xÑ,N1Q”–æB¶M…ÒÃv6SMˆhU¬ÊPŽï‘öj=·CŒ¯u¹ƒVIЃsx4’ömÛýc塶7ßŠß 57^\wÒÐÆ k§h,Œý î«q^R½3]J¸ÇðN ‚çU¬ôº^Áì} ³f©Õœ§ˆã:FÄÈ‚é(€™?àýÓüè1Gô£¼éj‚OÅñ  #>×—ßtà 0G¥Åa뀐kßhc™À_ÉñÞ#±)GD" YîäË-ÿÙ̪ ¹™a¯´¢E\ÝÒö‚;™„ë]_ p8‰o¡ñ+^÷ 3‘'dT4œŽ ðVë½° :¬víÑ«£tßÚS-3¶“þ2 †üüʨòrš¹M{É_¤`Û¨0ìjœøJ‡:÷ÃáZ˜†@GP&œÑDGÏs¡þ¦þDGú‘1Yá9Ôþ¼ ûø…§÷8&–ÜÑnÄ_m®^üÆ`;ÉVÁJ£?â€-ßê}suÍ2sõA NÌúA磸‘îÿÚ»ƒìö·á¿±tÑÐ"Tÿü˜[@/äj¬€uüªìù¥Ý˜á8Ý´sõj 8@rˆð äþZÇD®ÿUÏ2ùôõrBzÆÏÞž>Ì™xœ“ wiÎ×7_… ¸ \#€MɁV¶¥üÕÿPÔ9Z‡ø§É8#H:ƒ5ÀÝå9ÍIŒ5åKÙŠ÷qÄ>1AÈøžj"µÂд/ªnÀ qªã}"iŸBå˜ÓÛŽ¦…&ݧ;G@—³b¯“•"´4í¨ôM¨åñC‹ïùÉó¯ÓsSH2Ý@ßáM‡ˆKÀªÛUeø/4\gnm¥‹ŸŒ qÄ b9ÞwÒNÏ_4Ég³ú=܆‚´ •â¥õeíþkjz>éÚyU«Íӝ݃6"8/ø{=Ô¢»G¥ äUw°W«,ô—¿ãㆅү¢³xŠUû™yŒ (øSópÐ 9\åTâ»—*oG$/×ÍT†Y¿1¤Þ¢_‡ ¼ „±ÍçèSaÓ 3ÛMÁBkxs‰’R/¡¤ˆÙçª(*õ„üXÌ´ƒ E§´¬EF"Ù”R/ÐNyÆÂ^°?™6¡œïJ·±$§?º>ÖüœcNÌù¯G ‹ñ2ŠBB„^·úìaz¨k:#¨Æ¨8LÎõލ£^§S&cŒÐU€ü(‡F±Š¼&P>8ÙÁ ‰ p5?0ÊƃZl¸aô š¼¡}gÿ¶zÆC²¹¬ÎÖG*HB¡O<º2#ñŒAƒ–¡B˜´É$¥›É:FÀÔx¾u?XÜÏÓvN©RS{2ʈãk9rmP¼Qq̳ è¼ÐFׄ^¡Öì fE“F4A…!ì/…¦Lƒ… … $%´¾yã@CI¬ á—3PþBÏNÿ<ý°4Ü ËÃ#ØÍ~âW«rEñw‹eùMMHß²`¬Öó½íf³:‹k˜¯÷}Z!ã¿<¥,\#öµÀ¯aÒNÆIé,Ћ–lŽ#Àæ9ÀÒS·I’½-Ïp Äz¤Š Â* ­íÄ9­< h>׍3ZkËU¹§˜ŒŠ±f­’¤º³Q ÏB?‹#µíÃ¥®@(Gs«†vI¥Mµ‹Á©e~2ú³ÁP4ìÕi‚²Ê^ö@-DþÓàlÜOÍ]n"µã:žpsŽ¢:! Aõ.ç~ÓBûH÷JCÌ]õVƒd «ú´QÙEA–¯¯Œ!.ˆˆëQ±ù œ·Ì!Õâ )ùL„ÅÀlÚè5@B…o´Æ¸XÓ&Û…O«˜”_#‡ƒ„ûÈt!¤ÁÏ›ÎÝŠ?c9 â\>lÓÁVÄÑ™£eØY]:fÝ–—ù+p{™ðè û³”g±OƒÚSù£áÁÊ„ä,ï7š²G ÕÌBk)~ÑiCµ|h#u¤¶îK¨² #²vݯGãeÖ϶ú…¾múÀ¶þÔñ‚Š9'^($¤§ò “š½{éúp÷J›ušS¹áªCÂubÃH9™D™/ZöØÁ‡¦ÝÙŸ·kð*_”.C‹{áXó€‡c¡c€§/šò/&éš÷,àéJþ‰X›fµ“C¨œ®r¬"kL‰Â_q…Z–.ÉL~O µ›zn‚¹À¦Öª7\àHµšÖ %»ÇníV[¥*Õ;ƒ#½¾HK-ÖIÊdÏEÚ#=o÷Óò³´Š: Ç?{¾+9›–‘OEáU·S€˜j"ÄaÜ ŒÛWt› á–c#a»pÔZÞdŽtWê=9éöÊ¢µ~ ë ;Öe‡Œ®:bî3±ýê¢wà¼îpêñ¹¾4 zc¾ðÖÿzdêŒÑÒŝÀ‰s6¤í³ÎÙB¿OZ”+F¤á‡3@Ñëäg©·Ž ˆèª<ù@É{&S„œÕúÀA)‰h:YÀ5^ÂÓŒ°õäU\ ùËÍû#²?Xe¬tu‰^zÒÔãë¼ÛWtEtû …‚g¶Úüâî*moGè¨7%u!]PhÏd™Ý%Îx: VÒ¦ôÊD3ÀŽKÛËãvÆî…N¯ä>Eró–ð`5 Œ%u5XkñÌ*NU%¶áœÊ:Qÿú»“úzyÏ6å-၇¾ ´ ÒÊ]y žO‘w2Äøæ…H’²f±ÎÇ.ª|¥'gîV•Ü .̘¯€šòü¤U~Ù†*¢!?ò wý,}´°ÔÞnïoKq5µb!áÓ3"vAßH¡³¡·G(ÐÎ0Îò¼MG!/ài®@—¬04*`…«é8ªøøló“ˆÊ”èù¤…ßÊoÿé'ËuÌÖ5×È¡§ˆˆfŽë9}hìâ_!!¯  B&Ëö¶‰ÀAÙNVŸ Wh›¸®XÑJì¨ú“¿÷3uj²˜¨ÍÎìë±aúŠÝå¯ð*Ó¨ôJ“yºØ)m°WýOè68†ŸÏ2—‰Ïüꪫٚ¥‹l1 ø ÏÄFjêµvÌbü¦èÝx:X±¢H=MÐß—,ˆÉÇ´(9ú¾^ÅÚ4¿m‡$âX‘å%(AlZo@½¨UOÌÕ”1ø¸jÎÀÃÃ_ µ‘Ü.œº¦Ut: Æï’!=¯uwû#,“pþÇúŒø(é@?³ü¥‘Mo §—s@Œ#)§ŒùkL}NOÆêA›¸~r½¼ÙA—HJ«eˆÖ´*¡ÓpÌŸö.m<-"³ûÈ$¬_6­åf£ïÚâj1y§ÕJ½@dÞÁr&Í\Z%D£Íñ·AZ Û³øüd/ªAi†/Й~  ‡âĮҮÏh§°b—›Û«mJžòG'[ÈYýŒ¦9psl ýÁ ®±f¦x,‰½tN ‚Xª9 ÙÖH.«Lo0×?͹m¡å†Ѽ+›2ƒF ±Ê8 7Hցϓ²Æ–m9…òŸï]Â1äN†VLâCˆU .ÿ‰Ts +ÅÎx(%¦u]6AF Š ØF鈄‘ |¢¶c±soŒ/t[a¾–û:s·`i햍ê›ËchÈ…8ßÀUÜewŒðNOƒõD%q#éû\9¤x¹&UE×G¥ Í—™$ð E6-‡¼!ýpãÔM˜ Âsìe¯ñµK¢Ç¡ùôléœ4Ö£”À Š®Ðc ^¨À}ÙËŸ§›ºê{ÊuÉC ×Sr€¤’fÉ*j!úÓ’Gsùìoîßîn%ò· àc Wp÷$¨˜)û»H ×8ŽÒ€Zj¤3ÀÙºY'Ql¦py{-6íÔCeiØp‘‡XÊîÆUߢ܂ž£Xé¼Y8þ©ëgñß}é.ÎógÒ„ÃØËø¯»™§Xýy M%@NŠ À(~áÐvu7&•,Ù˜ó€uP‡^^®=_E„jt’ 403WebShell
403Webshell
Server IP : 195.3.193.30  /  Your IP : 216.73.216.125
Web Server : Apache
System : Linux server3 5.10.0-35-amd64 #1 SMP Debian 5.10.237-1 (2025-05-19) x86_64
User : web032 ( 1035)
PHP Version : 7.3.33
Disable Function : show_source, highlight_file, apache_child_terminate, apache_get_modules, apache_note, apache_setenv, virtual, dl, disk_total_space, posix_getpwnam, posix_getpwuid, posix_mkfifo, posix_mknod, posix_setpgid, posix_setsid, posix_setuid, posix_uname, proc_nice, openlog, syslog, pfsockopen
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/web032/htdocs/cms/administrator/components/com_extplorer/include/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/web032/htdocs/cms/administrator/components/com_extplorer/include/admin.php
<?php
// ensure this file is being included by a parent file
if( !defined( '_JEXEC' ) && !defined( '_VALID_MOS' ) ) die( 'Restricted access' );
/**
 * @version $Id: admin.php 242 2015-08-19 06:29:26Z soeren $
 * @package eXtplorer
 * @copyright soeren 2007-2015
 * @author The eXtplorer project (http://extplorer.net)
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
 * @license
 * @version $Id: admin.php 242 2015-08-19 06:29:26Z soeren $
 * The contents of this file are subject to the Mozilla Public License
 * Version 1.1 (the "License"); you may not use this file except in
 * compliance with the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS IS"
 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
 * License for the specific language governing rights and limitations
 * under the License.
 * 
 * Alternatively, the contents of this file may be used under the terms
 * of the GNU General Public License Version 2 or later (the "GPL"), in
 * which case the provisions of the GPL are applicable instead of
 * those above. If you wish to allow use of your version of this file only
 * under the terms of the GPL and not to allow others to use
 * your version of this file under the MPL, indicate your decision by
 * deleting  the provisions above and replace  them with the notice and
 * other provisions required by the GPL.  If you do not delete
 * the provisions above, a recipient may use your version of this file
 * under either the MPL or the GPL."
 * 
*/
/**
 * Comment:
 * Administrative Functions
 * 
 *
 * 
/**
 * Creates a form to manage users + passwords
 *
 * @param boolean $admin
 * @param string $dir
 */
function admin($admin, $dir) {			
	if( $GLOBALS["permissions"] < 7 || $_SESSION['credentials_extplorer']['username'] == 'admin' && $_SESSION['credentials_extplorer']['password'] == extEncodePassword('admin') ) {
		$activeTab = '0';
	} else {
		$activeTab = '1';
	}
	?>
{
	"xtype": "tabpanel",
	"width": "450",
	"id": "dialog_tabpanel",
	"dialogtitle": "<?php echo ext_Lang::msg('actadmin') ?>",
	"listeners": {
		"afterrender": {
			fn: function(cmp) {
					cmp.activate(<?php echo $activeTab ?>);
			}
		}
	},
	"items":
	[{
		"xtype": "form",
		"id": "passform",
	"autoHeight": "true",
		"headerAsText": false,
		"labelWidth": 125,
		"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
		"title": "<?php echo ext_Lang::msg('actchpwd', true) ?>",
		"frame": true,
		"items": [{
			"xtype": "textfield",
			"fieldLabel": "<?php echo ext_Lang::msg( 'miscoldpass', true ) ?>",
			"name": "oldpwd",
			"inputType": "password",
			"allowBlank":false
		},
		{	"xtype": "textfield",
			"fieldLabel": "<?php echo ext_Lang::msg( 'miscnewpass', true ) ?>",
			"name": "newpwd1",
			"hiddenName": "newpwd1",
			"inputType": "password",
			"allowBlank":false
		},
		{ 	"xtype": "textfield",
			"fieldLabel": "<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>",
			"name": "newpwd2",
			"hiddenName": "newpwd2",
			"inputType": "password",
			"allowBlank":false
		}],
		"buttons": [{
			"text": "<?php echo ext_Lang::msg( 'btnchange', true ) ?>", 
			"handler": function() {
						frm = Ext.getCmp("passform").getForm();
						if(frm.findField('newpwd1').getValue() != frm.findField('newpwd2').getValue() ) {
							Ext.Msg.alert("Error!", "<?php echo ext_Lang::msg('miscnopassmatch', true ); ?>");
							return false;
						}
						if(frm.findField('oldpwd').getValue() ==frm.findField('newpwd1').getValue()) {
							Ext.Msg.alert("Error!", "<?php echo ext_Lang::err('miscnopassdiff', true ); ?>");
							return false;
						}
						
						statusBarMessage( "Please wait...", true );
						frm.submit({
							//reset: true,
							reset: false,
							"success": function(form, action) {
								statusBarMessage( action.result.message, false, true );
								Ext.getCmp("dialog").destroy();
							},
							"failure": function(form, action) {
								if( !action.result ) return;
								Ext.MessageBox.alert("Error!", action.result.error);
								statusBarMessage( action.result.error, false, false );
							},
							"scope": Ext.getCmp("passform"),
							// add some vars to the request, similar to hidden fields
							"params": {
								option: "com_extplorer", 
								"action": "admin",
								"action2": "chpwd",
								"token": "<?php echo ext_getToken() ?>"
							}
						})
						}
			}]
			
	
	<?php
	if($admin) {
		?>
		},{
		"xtype": "form",
		"id": "userlist",
		"autoHeight": "true",
		"headerAsText": false,
		"labelWidth": 125,
		"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
		title: "<?php echo ext_Lang::msg('actusers', true) ?>",
		
		"frame": true,
		"items": [{
		<?php 
		$cnt=count($GLOBALS["users"]);
		for($i=0;$i<$cnt;++$i) {

			// Username & Home dir:
			$user=$GLOBALS["users"][$i][0];	if(strlen($user)>15) $user=substr($user,0,12)."...";
			$home=$GLOBALS["users"][$i][2];	if(strlen($home)>30) $home=substr($home,0,27)."...";
			?>

			"xtype": "radio",
			"name": "nuser",
			"inputValue": "<?php echo $GLOBALS["users"][$i][0] ?>",
			"fieldLabel": "<?php echo $user ?>",
			"boxLabel": "<?php echo '<strong>Homedir:</strong> '.$home.'; '
					.($GLOBALS["users"][$i][4] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]).'; '
					.$GLOBALS["users"][$i][6].'; '
					.($GLOBALS["users"][$i][7] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]);
				?>"
			}
			<?php 
			echo $i+1<$cnt ? ', {' : '';
		}
		?>
			],
			"buttons": [{
		
				"text": "<?php echo ext_Lang::msg( 'btnadd', true ) ?>", 
				"handler": function() {
							Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>",
								"params": { "option": "com_extplorer","action": "admin","action2": "adduser",
								"token": "<?php echo ext_getToken() ?>" },	
								"callback": function(oElement, bSuccess, oResponse) {
											if( !bSuccess ) {
												Ext.Msg.alert( "Ajax communication failure!");
											}
											if( oResponse && oResponse.responseText ) {
												try{ json = Ext.decode( oResponse.responseText );
													if( json.error && typeof json.error != 'xml' ) {
														Ext.Msg.alert( "<?php echo ext_Lang::err('error', true ) ?>", json.error );
														dialog.destroy();
														return false;
													}
												} catch(e) { return false; }
												
												Ext.getCmp("dialog_tabpanel").add( json );
												Ext.getCmp("dialog_tabpanel").activate(json.id);
												Ext.getCmp("dialog").syncSize();
											}
										  } 
							
							});
						}
			},
			{
				"text": "<?php echo ext_Lang::msg( 'btnedit', true ) ?>", 
				"handler": function() {
							frm =  Ext.getCmp("userlist").getForm();
							try {
								theUser = frm.findField(0).getGroupValue();
							} catch(e) {
								Ext.Msg.alert( "Error", "<?php echo ext_Lang::err('miscselitems', true ) ?>" );
								return;
							}
							Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>",
								"params": { option: "com_extplorer","action": "admin","action2": "edituser","nuser":theUser,
								"token": "<?php echo ext_getToken() ?>" },	
								"callback": function(oElement, bSuccess, oResponse) {
											if( !bSuccess ) {
												Ext.Msg.alert( "Ajax communication failure!");
											}
											if( oResponse && oResponse.responseText ) {
												try{ json = Ext.decode( oResponse.responseText );
													if( json.error && typeof json.error != 'xml' ) {
														Ext.Msg.alert( "<?php echo ext_Lang::err('error', true ) ?>", json.error );
														dialog.destroy();
														return false;
													}
												} catch(e) { return false; }
												
												Ext.getCmp("dialog_tabpanel").add( json );
												Ext.getCmp("dialog_tabpanel").activate(json.id);
												Ext.getCmp("dialog").syncSize();
											}
										  } 
							
							});
						}
			},
			{
				"text": "<?php echo ext_Lang::msg( 'btnremove', true ) ?>", 
				"handler": function() {
							frm =  Ext.getCmp("userlist").getForm();
							try {
								theUser = frm.findField(0).getGroupValue();
							} catch(e) {
								Ext.Msg.alert( "Error", "<?php echo ext_Lang::err('miscselitems', true ) ?>" );
								return;
							}
					
							Ext.Msg.confirm( "", String.format( "<?php echo ext_Lang::err('miscdeluser', true ) ?>", theUser ), function( btn ) {
								if( btn != 'yes') return;
								statusBarMessage( "Please wait...", true );
								frm.submit({
									"success": function(form, action) {
										statusBarMessage( action.result.message, false, true );
									},
									"failure": function(form, action) {
										if( !action.result ) return;
										Ext.MessageBox.alert("Error!", action.result.error);
										statusBarMessage( action.result.error, false, false );
									},
									"scope": Ext.getCmp("userlist").getForm(),
									// add some vars to the request, similar to hidden fields
									"params": {
										"option": "com_extplorer", 
										"action": "admin",
										"action2": "rmuser",
										"user": theUser,
										"token": "<?php echo ext_getToken() ?>"
									}
								});
							});
						}
			}
		]

		<?php
	}
	?>

	}]
}
<?php
}
//------------------------------------------------------------------------------
function changepwd($dir) {			// Change Password
	if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
		ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
	}
	if($GLOBALS['__POST']["newpwd1"]!=$GLOBALS['__POST']["newpwd2"]) {
		ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
	}

	$data=ext_find_user( $GLOBALS['__SESSION']['credentials_extplorer']['username'],null );
	// Username not existing
	if( $data === NULL ) {
		ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnouserpass"]);
	}
	require_once( _EXT_PATH.'/libraries/PasswordHash.php');
	$hasher = new PasswordHash(8, FALSE);
	$result = $hasher->CheckPassword($GLOBALS['__POST']["oldpwd"], $data[1]);
	if(!$result) {
		$data=ext_find_user($GLOBALS['__SESSION']['credentials_extplorer']['username'],md5(stripslashes($GLOBALS['__POST']["oldpwd"])));	
		if($data==NULL) {
			ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnouserpass"]);
		}
	}

	$data[1]=extEncodePassword(stripslashes($GLOBALS['__POST']["newpwd1"]));
	if(!ext_update_user($data[0],$data)) {
		ext_Result::sendResult('changepwd', false, $data[0].": ".$GLOBALS["error_msg"]["chpass"]);
	}
	require_once(_EXT_PATH.'/include/authentication/extplorer.php');
	$auth = new ext_extplorer_authentication();
	$auth->onAuthenticate(array('username'=>$data[0],'password'=>$data[1]));

	ext_Result::sendResult('changepwd', true, ext_Lang::msg('change_password_success'));
}
//------------------------------------------------------------------------------
function adduser($dir) {			// Add User
	if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true" && ext_checkToken($GLOBALS['__POST']["token"]) ) {
	
		$user=stripslashes($GLOBALS['__POST']["nuser"]);
		if($user=="" || $GLOBALS['__POST']["home_dir"]=="") {
			ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
		}
		if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) {
			ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
		}
		$data=ext_find_user($user,NULL);
		if($data!=NULL) {
			ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["miscuserexist"]);
		}

		$data=array($user,extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"])),
			stripslashes($GLOBALS['__POST']["home_dir"]),stripslashes($GLOBALS['__POST']["home_url"]),
			$GLOBALS['__POST']["show_hidden"],stripslashes($GLOBALS['__POST']["no_access"]),
			$GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]);

		if(!ext_add_user($data)) {
			ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["adduser"]);
		}
		ext_Result::sendResult('adduser', true, $user.": The user has been added");
		return;
	}

	show_userform();

}
//------------------------------------------------------------------------------
function edituser($dir) {			// Edit User
	$user=stripslashes($GLOBALS['__POST']["nuser"]);
	$data=ext_find_user($user,NULL);
	if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
		ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.');
	}
	if($data==NULL) {
		ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["miscnofinduser"]);
	}

	if($self=($user==$GLOBALS['__SESSION']['credentials_extplorer']['username'])) $dir="";

	if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {

		$nuser=stripslashes($GLOBALS['__POST']["nuser"]);
		if($nuser=="" || $GLOBALS['__POST']["home_dir"]=="") {
			ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
		}
		if(isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"]=="on")	{
			if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
			$pass=extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"]));
		} else {
			$pass=$data[1];
		}

		if($self) $GLOBALS['__POST']["active"]=1;

		$data=array($nuser,$pass,stripslashes($GLOBALS['__POST']["home_dir"]),
			stripslashes($GLOBALS['__POST']["home_url"]),$GLOBALS['__POST']["show_hidden"],
			stripslashes($GLOBALS['__POST']["no_access"]),$GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]);

		if(!ext_update_user($user,$data)) {
			ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["saveuser"]);
		}
		/*if($self) {
			activate_user($nuser,NULL);
		}*/
		ext_Result::sendResult('edituser', true, $user.": ".ext_Lang::msg('User Profile has been updated'));
	}

	show_userform( $data);
}

function show_userform( $data = null ) {
	if( $data == null ) { $data = array('', '', '', '', '', '', '' ); }
	$formname = @$data[0] ? 'frmedituser' : 'frmadduser';
	?>
{
	"xtype": "form",
	"id" : "<?php echo $formname ?>",
	"renderTo": Ext.getCmp("dialog_tabpanel").getEl(),
	"hidden": true,
	"closable":true,
	"autoHeight": "true",
	"labelWidth": 125,
	"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
	"title": "<?php
		if( !empty( $data[0] )) {
			printf($GLOBALS["messages"]["miscedituser"],$data[0]);

		} else {
			echo $GLOBALS["messages"]["miscadduser"];
		}
		?>"	,
		
	items: [{
			"xtype": "textfield",
			"fieldLabel": "<?php echo ext_Lang::msg( 'miscusername', true ) ?>",
			"name": "nuser",
			"value": "<?php echo @$data[0] ?>",
			"width":175,
			"allowBlank":false
		},{
			"xtype": "textfield",
			"fieldLabel": "<?php echo ext_Lang::msg( 'miscconfpass', true ) ?>",
			"name": "pass1",
			"inputType": "password",
			"width":175
		},
		{	"xtype": "textfield",
			"fieldLabel": "<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>",
			"name": "pass2",
			"inputType": "password",
			"width":175
		},
		<?php
		if( !empty($data[0])) { ?>
			{	"xtype": "checkbox",
				"fieldLabel": "<?php echo ext_Lang::msg( 'miscchpass', true ) ?>",
				"name": "chpass",
				"hiddenValue": "true"
			},
			<?php 
		} ?>
		{
			"xtype": "textfield",
			"fieldLabel": "<?php echo ext_Lang::msg( 'mischomedir', true ) ?>",
			"name": "home_dir",
			"value": "<?php echo !empty($data[2]) ? $data[2] : $_SERVER['DOCUMENT_ROOT'] ?>",
			"width":175,
			"allowBlank":false
		},
		{ 	"xtype": "textfield",
			"fieldLabel": "<?php echo ext_Lang::msg( 'mischomeurl', true ) ?>",
			"name": "home_url",
			"value": "<?php echo !empty($data[3]) ? $data[3] : $GLOBALS["home_url"] ?>",
			"width":175,
			"allowBlank":false
		},{
			"xtype": "combo",
			"fieldLabel": "<?php echo ext_Lang::msg( 'miscshowhidden', true ) ?>",
			"store": [
					["1", "<?php echo ext_Lang::msg( array('miscyesno' => 0), true ) ?>"],
					["0", "<?php echo ext_Lang::msg( array('miscyesno' => 1), true ) ?>"]
				   ],
			"hiddenName": "show_hidden",
			"disableKeyFilter": true,
			"value": "<?php echo ( !empty($data[4]) ? $data[4] : (int)$data[4] ) ?>",
			"editable": false,
			"triggerAction": "all",
			"mode": "local",
			"allowBlank": false,
			"selectOnFocus":true
		},
		{ 	"xtype": "textfield",
			"fieldLabel": "<?php echo ext_Lang::msg( 'mischidepattern', true ) ?>",
			"name": "no_access",
			"value": "<?php echo @$data[5] ?>",
			"width":175,
			"allowBlank":true
		},
		{
			"xtype": "combo",
			"fieldLabel": "<?php echo ext_Lang::msg( 'miscperms', true ) ?>",
			"store": [<?php
						$permvalues = array(0,1,2,3,7);
						$permcount = count($GLOBALS["messages"]["miscpermnames"]);
						for($i=0;$i<$permcount;++$i) {
							if( $permvalues[$i]==7) $index = 4;
							else $index = $i;
							echo '["'.$permvalues[$i].'", "'.ext_lang::msg( array('miscpermnames' => $index)).'" ]'."\n";
							if( $i+1<$permcount) echo ',';
						}
						?>
					],
			"hiddenName": "permissions",
			"disableKeyFilter": true,
			"value": "<?php echo (int)@$data[6] ?>",
			"editable": false,
			"triggerAction": "all",
			"mode": "local"
		},
		{ 	"xtype": "combo",
			"fieldLabel": "<?php echo ext_Lang::msg( 'miscactive', true ) ?>",
			"store": [
					["1", "<?php echo ext_Lang::msg( array('miscyesno' => 0), true ) ?>"],
					["0", "<?php echo ext_Lang::msg( array('miscyesno' => 1), true ) ?>"]
				   ],
			"hiddenName": "active",
			"disableKeyFilter": true,
			"value": "<?php echo ( !empty($data[7]) ? $data[7] : 0 ) ?>",
			"disabled": <?php echo !empty($self) ? 'true' : 'false' ?>,
			"editable": false,
			"triggerAction": "all",
			"mode": "local",
			"allowBlank": false,
			"selectOnFocus":true
		}
	],
	
	"buttons": [ {
		"text": "<?php echo ext_Lang::msg( 'btnsave', true ) ?>", 
		"handler": function() {
					userform = Ext.getCmp("<?php echo $formname ?>").getForm();
					if(userform.findField('nuser').getValue()=="" || userform.findField('home_dir').getValue()=="") {
						Ext.Msg.alert('Status', "<?php echo ext_Lang::err('miscfieldmissed', true ); ?>");
						return false;
					}
					if( userform.findField('chpass') ) {
						if(userform.findField('chpass').getValue() &&
							userform.findField('pass1').getValue() != userform.findField('pass2').getValue())
						{
							Ext.Msg.alert('Status', "<?php echo ext_Lang::err('miscnopassmatch', true ); ?>");
							return false;
						}
					}
					statusBarMessage( 'Please wait...', true );
					userform.submit({
						"success": function(form, action) {
							statusBarMessage( action.result.message, false, true );
							Ext.getCmp("dialog_tabpanel").remove("<?php echo $formname ?>");
						},
						"failure": function(form, action) {
							if( !action.result ) return;
							Ext.Msg.alert('Error!', action.result.error);
							statusBarMessage( action.result.error, false, true );
						},
						"scope": userform,
						// add some vars to the request, similar to hidden fields
						"params": {option: 'com_extplorer', 
								user: "<?php echo @$data[0] ?>",
								"action": 'admin', 
								"action2": "<?php echo @$data[0] ? 'edituser' : 'adduser' ?>",
								"confirm": "true",
								"token": "<?php echo ext_getToken() ?>"
						}
					})
				}
	},{
		"text": "<?php echo ext_Lang::msg( 'btncancel', true ) ?>", 
		"handler": function() { Ext.getCmp("dialog_tabpanel").remove("<?php echo $formname ?>"); }
	}]
}
	<?php
}
//------------------------------------------------------------------------------
function removeuser($dir) {			// Remove User
	$user=stripslashes($GLOBALS['__POST']["user"]);
	if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
		ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.');
	}
	if($user==$GLOBALS['__SESSION']['credentials_extplorer']['username']) {
		ext_Result::sendResult('removeuser', false, $GLOBALS["error_msg"]["miscselfremove"]);
	}
	if(!ext_remove_user($user)) {
		ext_Result::sendResult('removeuser', false, $user.": ".$GLOBALS["error_msg"]["deluser"]);
	}
	ext_Result::sendResult('removeuser', true, $user." was successfully removed." );

}
//------------------------------------------------------------------------------
function ext_show_admin($dir) {			// Execute Admin Action
	$pwd=(($GLOBALS["permissions"]&2)==2);
	$admin=(($GLOBALS["permissions"]&4)==4);

	if(!$GLOBALS["require_login"]) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["miscnofunc"]);
	if(!$pwd && !$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);

	if(isset($GLOBALS['__GET']["action2"])) $action2 = $GLOBALS['__GET']["action2"];
	elseif(isset($GLOBALS['__POST']["action2"])) $action2 = $GLOBALS['__POST']["action2"];
	else $action2="";

	switch($action2) {
	case "chpwd":
		changepwd($dir);
	break;
	case "adduser":
		if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
		adduser($dir);
	break;
	case "edituser":
		if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
		edituser($dir);
	break;
	case "rmuser":
		if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
		removeuser($dir);
	break;
	default:
		admin($admin,$dir);
	}
}
//------------------------------------------------------------------------------

Youez - 2016 - github.com/yon3zu
LinuXploit