Initial checkin
This commit is contained in:
commit
d75eb444fc
4304 changed files with 369634 additions and 0 deletions
1
inc/.gitignore
vendored
Normal file
1
inc/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
config.inc.php
|
426
inc/SimpleOpenID.class.php
Normal file
426
inc/SimpleOpenID.class.php
Normal file
|
@ -0,0 +1,426 @@
|
|||
<?php
|
||||
/*
|
||||
FREE TO USE
|
||||
Simple OpenID PHP Class
|
||||
Latest update by Remy Sharp / http://remysharp.com (fixes)
|
||||
Contributed by http://www.fivestores.com/
|
||||
Updated by http://extremeswank.com/
|
||||
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||||
|
||||
This Class was written to make easy for you to integrate OpenID on your website.
|
||||
This is just a client, which checks for user's identity. This Class Requires CURL Module.
|
||||
It should be easy to use some other HTTP Request Method, but remember, often OpenID servers
|
||||
are using SSL.
|
||||
We need to be able to perform SSL Verification on the background to check for valid signature.
|
||||
|
||||
HOW TO USE THIS CLASS:
|
||||
STEP 1)
|
||||
$openid = new SimpleOpenID;
|
||||
:: SET IDENTITY ::
|
||||
$openid->SetIdentity($_POST['openid_url']);
|
||||
:: SET RETURN URL ::
|
||||
$openid->SetApprovedURL('http://www.yoursite.com/return.php'); // Script which handles a response from OpenID Server
|
||||
:: SET TRUST ROOT ::
|
||||
$openid->SetTrustRoot('http://www.yoursite.com/');
|
||||
:: FETCH SERVER URL FROM IDENTITY PAGE :: [Note: It is recomended to cache this (Session, Cookie, Database)]
|
||||
$openid->GetOpenIDServer(); // Returns false if server is not found
|
||||
:: REDIRECT USER TO OPEN ID SERVER FOR APPROVAL ::
|
||||
|
||||
:: (OPTIONAL) SET OPENID SERVER ::
|
||||
$openid->SetOpenIDServer($server_url); // If you have cached previously this, you don't have to call GetOpenIDServer and set value this directly
|
||||
|
||||
STEP 2)
|
||||
Once user gets returned we must validate signature
|
||||
:: VALIDATE REQUEST ::
|
||||
true|false = $openid->ValidateWithServer();
|
||||
|
||||
ERRORS:
|
||||
array = $openid->GetError(); // Get latest Error code
|
||||
|
||||
FIELDS:
|
||||
OpenID allowes you to retreive a profile. To set what fields you'd like to get use (accepts either string or array):
|
||||
$openid->SetRequiredFields(array('email','fullname','dob','gender','postcode','country','language','timezone'));
|
||||
or
|
||||
$openid->SetOptionalFields('postcode');
|
||||
|
||||
IMPORTANT TIPS:
|
||||
OPENID as is now, is not trust system. It is a great single-sign on method. If you want to
|
||||
store information about OpenID in your database for later use, make sure you handle url identities
|
||||
properly.
|
||||
For example:
|
||||
https://steve.myopenid.com/
|
||||
https://steve.myopenid.com
|
||||
http://steve.myopenid.com/
|
||||
http://steve.myopenid.com
|
||||
... are representing one single user. Some OpenIDs can be in format openidserver.com/users/user/ - keep this in mind when storing identities
|
||||
|
||||
To help you store an OpenID in your DB, you can use function:
|
||||
$openid_db_safe = $openid->OpenID_Standarize($upenid);
|
||||
This may not be comatible with current specs, but it works in current enviroment. Use this function to get openid
|
||||
in one format like steve.myopenid.com (without trailing slashes and http/https).
|
||||
Use output to insert Identity to database. Don't use this for validation - it may fail.
|
||||
|
||||
*/
|
||||
|
||||
class SimpleOpenID{
|
||||
var $openid_url_identity;
|
||||
var $openid_url_type;
|
||||
var $openid_url_orig;
|
||||
var $URLs = array();
|
||||
var $error = array();
|
||||
var $fields = array();
|
||||
|
||||
function SimpleOpenID(){
|
||||
if (!function_exists('curl_exec')) {
|
||||
die('Error: Class SimpleOpenID requires curl extension to work');
|
||||
}
|
||||
}
|
||||
function SetOpenIDServer($a){
|
||||
$this->URLs['openid_server'] = $a;
|
||||
}
|
||||
function SetTrustRoot($a){
|
||||
$this->URLs['trust_root'] = $a;
|
||||
}
|
||||
function SetCancelURL($a){
|
||||
$this->URLs['cancel'] = $a;
|
||||
}
|
||||
function SetApprovedURL($a){
|
||||
$this->URLs['approved'] = $a;
|
||||
}
|
||||
function SetPolicyURL($a) {
|
||||
$this->URLs['policyurl'] = $a;
|
||||
}
|
||||
function SetRequiredFields($a){
|
||||
if (is_array($a)){
|
||||
$this->fields['required'] = $a;
|
||||
}else{
|
||||
$this->fields['required'][] = $a;
|
||||
}
|
||||
}
|
||||
function SetOptionalFields($a){
|
||||
if (is_array($a)){
|
||||
$this->fields['optional'] = $a;
|
||||
}else{
|
||||
$this->fields['optional'][] = $a;
|
||||
}
|
||||
}
|
||||
function SetIdentity($a){ // Set Identity URL
|
||||
$this->openid_url_orig = $a;
|
||||
$this->openid_url_type = 1;
|
||||
|
||||
$xriprefixes = array("xri://", "xri://\$ip*", "xri://\$dns*");
|
||||
$inameprefixes = array("=", "@", "+", "$", "!");
|
||||
|
||||
foreach ($inameprefixes as $prefix) {
|
||||
if (substr($a, 0, 1) == $prefix) {
|
||||
$this->openid_url_type = 2;
|
||||
$this->openid_url_identity = $a;
|
||||
return;
|
||||
}
|
||||
}
|
||||
foreach ($xriprefixes as $prefix) {
|
||||
if(substr($a, 0, strlen($prefix)) == $prefix) {
|
||||
$a = substr($a, strlen($prefix), strlen($a)-strlen($prefix));
|
||||
$this->openid_url_type = 2;
|
||||
$this->openid_url_identity = $a;
|
||||
return;
|
||||
}
|
||||
}
|
||||
if(substr($a, 0, 7) != 'http://') {
|
||||
$a = 'http://'.$a;
|
||||
// RS change - append a slash - Wordpress example remysharp.wordpress.com - not found + slash = ok.
|
||||
if (substr($a, -1) != '/') $a .= '/';
|
||||
$this->openid_url_type = 1;
|
||||
$this->openid_url_identity = $a;
|
||||
return;
|
||||
}
|
||||
$this->openid_url_identity = $a;
|
||||
}
|
||||
function GetIdentity(){ // Get Identity
|
||||
return $this->openid_url_identity;
|
||||
}
|
||||
function GetError(){
|
||||
$e = $this->error;
|
||||
return array('code'=>$e[0],'description'=>$e[1]);
|
||||
}
|
||||
|
||||
function ErrorStore($code, $desc = null){
|
||||
$errs['OPENID_NOSERVERSFOUND'] = 'Cannot find OpenID Server using this identity.';
|
||||
if ($desc == null){
|
||||
$desc = $errs[$code];
|
||||
}
|
||||
$this->error = array($code,$desc);
|
||||
}
|
||||
|
||||
function IsError(){
|
||||
if (count($this->error) > 0){
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function splitResponse($response) {
|
||||
$r = array();
|
||||
$response = explode("\n", $response);
|
||||
foreach($response as $line) {
|
||||
$line = trim($line);
|
||||
if ($line != "") {
|
||||
@list($key, $value) = explode(":", $line, 2);
|
||||
$r[trim($key)] = trim($value);
|
||||
}
|
||||
}
|
||||
return $r;
|
||||
}
|
||||
|
||||
function OpenID_Standarize($openid_identity){
|
||||
if ($this->openid_url_type == 2) {
|
||||
return $openid_identity;
|
||||
}
|
||||
|
||||
$u = parse_url(strtolower(trim($openid_identity)));
|
||||
if ($u['path'] == '/'){
|
||||
$u['path'] = '';
|
||||
}
|
||||
if(substr($u['path'],-1,1) == '/'){
|
||||
$u['path'] = substr($u['path'], 0, strlen($u['path'])-1);
|
||||
}
|
||||
if (isset($u['query'])){ // If there is a query string, then use identity as is
|
||||
return $u['host'] . $u['path'] . '?' . $u['query'];
|
||||
}else{
|
||||
return $u['host'] . $u['path'];
|
||||
}
|
||||
}
|
||||
|
||||
function array2url($arr){ // converts associated array to URL Query String
|
||||
if (!is_array($arr)){
|
||||
return false;
|
||||
}
|
||||
$query = '';
|
||||
foreach($arr as $key => $value){
|
||||
$query .= $key . "=" . $value . "&";
|
||||
}
|
||||
return $query;
|
||||
}
|
||||
function CURL_Request($url, $method="GET", $params = "") { // Remember, SSL MUST BE SUPPORTED
|
||||
if (is_array($params)) $params = $this->array2url($params);
|
||||
|
||||
if ($this->openid_url_type == 2) { $url = 'http://xri.net/'.$url; }
|
||||
|
||||
if ($method == 'GET' && $params != '') {
|
||||
// mod the URL - but first check whether there's existing args - RS change
|
||||
if (stripos($url, '?')) {
|
||||
$url .= '&' . $params;
|
||||
} else {
|
||||
$url .= '?' . $params;
|
||||
}
|
||||
}
|
||||
|
||||
$curl = curl_init($url);
|
||||
|
||||
@curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
|
||||
curl_setopt($curl, CURLOPT_HEADER, true);
|
||||
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($curl, CURLOPT_HTTPGET, ($method == "GET"));
|
||||
curl_setopt($curl, CURLOPT_POST, ($method == "POST"));
|
||||
|
||||
if ($this->openid_url_type == 2) {
|
||||
$headers = array("Accept: application/xrds+xml");
|
||||
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
|
||||
}
|
||||
|
||||
if ($method == "POST") curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
|
||||
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
||||
$response = curl_exec($curl);
|
||||
|
||||
if (curl_errno($curl) == 0){
|
||||
$response;
|
||||
}else{
|
||||
$this->ErrorStore('OPENID_CURL', curl_error($curl));
|
||||
}
|
||||
return $response;
|
||||
}
|
||||
|
||||
function HTML2OpenIDServer($content) {
|
||||
$get = array();
|
||||
// Get details of their OpenID server and (optional) delegate
|
||||
$reg1 = '/<link[^>]*rel="openid.server"[^>]*href="([^"]+)"[^>]*\/?>/i';
|
||||
$reg2 = '/<link[^>]*href="([^"]+)"[^>]*rel="openid.server"[^>]*\/?>/i';
|
||||
|
||||
preg_match_all($reg1, $content, $matches1);
|
||||
preg_match_all($reg1, $content, $matches2);
|
||||
|
||||
// match on non-xhtml - RS change
|
||||
preg_match_all(preg_replace('/"/', "'", $reg1), $content, $matches3);
|
||||
preg_match_all(preg_replace('/"/', "'", $reg2), $content, $matches4);
|
||||
|
||||
$servers = array_merge($matches1[1], $matches2[1], $matches3[1], $matches4[1]);
|
||||
|
||||
$reg1 = '/<link[^>]*rel="openid.delegate"[^>]*href="([^"]+)"[^>]*\/?>/i';
|
||||
$reg2 = '/<link[^>]*href="([^"]+)"[^>]*rel="openid.delegate"[^>]*\/?>/i';
|
||||
|
||||
preg_match_all($reg1, $content, $matches1);
|
||||
preg_match_all($reg2, $content, $matches2);
|
||||
preg_match_all(preg_replace('/"/', "'", $reg1), $content, $matches3);
|
||||
preg_match_all(preg_replace('/"/', "'", $reg2), $content, $matches4);
|
||||
$delegates = array_merge($matches1[1], $matches2[1], $matches3[1], $matches4[1]);
|
||||
|
||||
if (count($servers) == 0 && count($delegates) == 0) {
|
||||
preg_match_all('/<meta[^>]*http-equiv="X-XRDS-Location"[^>]*content="([^"]+)"[^>]*\/>/i', $content, $matches3);
|
||||
preg_match_all('/<meta[^>]*content="([^"]+)"[^>]*http-equiv="X-XRDS-Location"[^>]*\/>/i', $content, $matches4);
|
||||
if ($matches3[1][0] != "") { $url = $matches3[1][0]; }
|
||||
else if ($matches4[1][0] != "") { $url = $matches4[1][0]; }
|
||||
if ($url != "") {
|
||||
$response = $this->CURL_Request($url);
|
||||
list($servers, $delegates) = $this->XRDS2OpenIDServer($response);
|
||||
}
|
||||
}
|
||||
|
||||
$ret = array($servers, $delegates);
|
||||
return $ret;
|
||||
}
|
||||
|
||||
function XRDS2OpenIDServer($content) {
|
||||
$arrcon = explode("\n", $content);
|
||||
$services = array();
|
||||
$delegates = array();
|
||||
$i=0;
|
||||
while ($i < count($arrcon)) {
|
||||
if (substr(trim($arrcon[$i]),0,8) == "<Service") {
|
||||
$servstr = "";
|
||||
while (substr(trim($arrcon[$i]),0,10) != "</Service>") {
|
||||
$servstr = $servstr . trim($arrcon[$i]) . "\n";
|
||||
$i++;
|
||||
}
|
||||
$services[] = $servstr;
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
|
||||
$matches1 = array();
|
||||
$matches2 = array();
|
||||
|
||||
foreach ($services as $service) {
|
||||
if (strstr($service, "http://openid.net/signon/1.")) {
|
||||
preg_match_all('/<URI[^>]*>([^<]+)<\/URI>/i', $service, $matches1);
|
||||
preg_match_all('/<openid:Delegate[^>]*>([^<]+)<\/openid:Delegate>/i', $service, $matches2);
|
||||
}
|
||||
}
|
||||
$servers = $matches1[1];
|
||||
$delegates = $matches2[1];
|
||||
$ret = array($servers, $delegates);
|
||||
return $ret;
|
||||
}
|
||||
|
||||
function CheckHeadersForXRDS($content) {
|
||||
$arrcon = explode("\n", $content);
|
||||
$i = 0;
|
||||
while ($i < count($arrcon)) {
|
||||
if (substr($arrcon[$i],0,16) == "X-XRDS-Location:") {
|
||||
$keyval = explode(':', $arrcon[$i], 2);
|
||||
$newurl = trim($keyval[1]);
|
||||
return $newurl;
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
return "";
|
||||
}
|
||||
|
||||
function GetOpenIDServer(){
|
||||
$response = $this->CURL_Request($this->openid_url_identity);
|
||||
$xrds_url = $this->CheckHeadersForXRDS($response);
|
||||
if ($xrds_url != "") {
|
||||
$response = $this->CURL_Request($xrds_url);
|
||||
list($servers, $delegates) = $this->XRDS2OpenIDServer($response);
|
||||
}
|
||||
else if ($this->openid_url_type == 1) {
|
||||
list($servers, $delegates) = $this->HTML2OpenIDServer($response);
|
||||
}
|
||||
else if ($this->openid_url_type == 2) {
|
||||
list($servers, $delegates) = $this->XRDS2OpenIDServer($response);
|
||||
}
|
||||
|
||||
if (count($servers) == 0){
|
||||
$this->ErrorStore('OPENID_NOSERVERSFOUND');
|
||||
return false;
|
||||
}
|
||||
if ($delegates[0] != ""){
|
||||
$this->openid_url_identity = $delegates[0];
|
||||
}
|
||||
$this->SetOpenIDServer($servers[0]);
|
||||
return $servers[0];
|
||||
}
|
||||
|
||||
function GetRedirectURL(){
|
||||
$params = array();
|
||||
$params['openid.return_to'] = urlencode($this->URLs['approved']);
|
||||
$params['openid.mode'] = 'checkid_setup';
|
||||
$params['openid.identity'] = urlencode($this->openid_url_identity);
|
||||
$params['openid.trust_root'] = urlencode($this->URLs['trust_root']);
|
||||
|
||||
if (count($this->fields['required']) > 0){
|
||||
$params['openid.sreg.required'] = implode(',',$this->fields['required']);
|
||||
}
|
||||
if (count($this->fields['optional']) > 0){
|
||||
$params['openid.sreg.optional'] = implode(',',$this->fields['optional']);
|
||||
}
|
||||
$params['openid.sreg.policy_url'] = urlencode($this->URLs['policyurl']);
|
||||
|
||||
$join = stripos($this->URLs['openid_server'], '?') ? '&' : '?';
|
||||
|
||||
return $this->URLs['openid_server'] . $join. $this->array2url($params);
|
||||
}
|
||||
|
||||
function Redirect(){
|
||||
$redirect_to = $this->GetRedirectURL();
|
||||
if (headers_sent()){ // Use JavaScript to redirect if content has been previously sent (not recommended, but safe)
|
||||
echo '<script language="JavaScript" type="text/javascript">window.location=\'';
|
||||
echo $redirect_to;
|
||||
echo '\';</script>';
|
||||
}else{ // Default Header Redirect
|
||||
header('Location: ' . $redirect_to);
|
||||
}
|
||||
}
|
||||
|
||||
function ValidateWithServer(){
|
||||
$params = array(
|
||||
'openid.assoc_handle' => urlencode($_GET['openid_assoc_handle']),
|
||||
'openid.signed' => urlencode($_GET['openid_signed']),
|
||||
'openid.sig' => urlencode($_GET['openid_sig'])
|
||||
);
|
||||
// Send only required parameters to confirm validity
|
||||
$arr_signed = explode(",",str_replace('sreg.','sreg_',$_GET['openid_signed']));
|
||||
for ($i=0; $i<count($arr_signed); $i++){
|
||||
$s = str_replace('sreg_','sreg.', $arr_signed[$i]);
|
||||
$c = $_GET['openid_' . $arr_signed[$i]];
|
||||
// if ($c != ""){
|
||||
$params['openid.' . $s] = urlencode($c);
|
||||
// }
|
||||
}
|
||||
$params['openid.mode'] = "check_authentication";
|
||||
$openid_server = $this->GetOpenIDServer();
|
||||
|
||||
// print "<pre>";
|
||||
// print_r($_GET);
|
||||
// print_r($params);
|
||||
// print_r($openid_server);
|
||||
// print "</pre>";
|
||||
|
||||
if ($openid_server == false){
|
||||
return false;
|
||||
}
|
||||
// RS change - GET => POST http://openid.net/specs/openid-authentication-1_1.html#mode_check_authentication
|
||||
$response = $this->CURL_Request($openid_server,'POST',$params);
|
||||
$data = $this->splitResponse($response);
|
||||
|
||||
|
||||
if ($data['is_valid'] == "true") {
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
104
inc/admin.class.php
Normal file
104
inc/admin.class.php
Normal file
|
@ -0,0 +1,104 @@
|
|||
<?php
|
||||
/**
|
||||
* Project: astat - simple site engine
|
||||
* File: /inc/admin.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/admin.class.php $
|
||||
* @copyright 2009 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package astat core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id: admin.class.php 57 2009-07-10 19:34:56Z genuineparts $
|
||||
*/
|
||||
|
||||
$module["admin"]["name"]="Admin Class";
|
||||
$module["admin"]["ver"]="0.2.4";
|
||||
class admin {
|
||||
|
||||
var $module_=array();
|
||||
|
||||
function create_admin_nav(){
|
||||
global $config, $db, $panel, $core, $session;
|
||||
$root = $_SERVER['DOCUMENT_ROOT'] . $config["path"];
|
||||
include_once dirname(dirname(__FILE__)).'/class_templates/admin_module.template.php';
|
||||
foreach($core->mod_ as $key=>$val){
|
||||
if(file_exists($root."/modules/".$val["file"]."/" . $val["file"] . ".module.php")){
|
||||
include_once $root.'/modules/'.$val["file"].'/' . $val["file"]. '.module.php';
|
||||
$class="module_".$val["file"];
|
||||
if(class_exists($class)){
|
||||
$this->module_[$val["file"]] = new $class();
|
||||
if(is_array($this->module_[$val["file"]]->admin_panels())){
|
||||
if($session->userdata[$val["file"].'_admin']==1){
|
||||
$panel->menu_item("group_only",$val["name"]);
|
||||
foreach($this->module_[$val["file"]]->admin_panels() as $key => $val){
|
||||
if(isset($val[2])){
|
||||
$panel->menu_item($val[0],$val[1],$val[2]);
|
||||
}else{
|
||||
$panel->menu_item($val[0],$val[1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function get_panel($task){
|
||||
global $config, $panel, $userinfo, $tpl, $error, $session, $meta, $mod;
|
||||
$root = $_SERVER['DOCUMENT_ROOT'] . $config["path"];
|
||||
if (strpos($task, '://') !== FALSE || strpos($task, '../') !== FALSE){
|
||||
$panel->content="Unser System hat festgestellt das ein XSS Versuch erfolgt ist.<br />Wir haben alle Daten geloggt und eine E-Mail an den Administrator wurde versandt.<br />Im übrigen kannst du deine Versuche aufgeben XSS und SQL-Injections werden IMMER abgefangen.";
|
||||
$panel->title="Fehler.";
|
||||
$panel->parse_page();
|
||||
return;
|
||||
}else{
|
||||
$module=explode("_",$task,2);
|
||||
if(isset($module[1]) && $module[1]!=""){
|
||||
$right=$module[1];
|
||||
$include=$root."/modules/".$module[1]."/admin/" . $module[0] . ".apnl.php";
|
||||
}else{
|
||||
$right=$task;
|
||||
$include=$root."/admin/".$task . ".apnl.php";
|
||||
}
|
||||
if($session->userdata[$right.'_admin']==1){
|
||||
if(file_exists($include)){
|
||||
include $include;
|
||||
include_once dirname(dirname(__FILE__)).'/class_templates/admin_module.template.php';
|
||||
$class=$task."_panel";
|
||||
if(class_exists($class)){
|
||||
$content = new $class();
|
||||
$content->output();
|
||||
$panel->meta.= $content->meta();
|
||||
$panel->parse_page();
|
||||
}
|
||||
}else{
|
||||
$panel->content="Das Panel konnte nicht gefunden werden.";
|
||||
$panel->title="Fehler.";
|
||||
$panel->parse_page();
|
||||
}
|
||||
}else{
|
||||
$panel->content="You have not the necessary rights to view this page.";
|
||||
$panel->title="Error.";
|
||||
$panel->parse_page();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
111
inc/ajax.class.php
Normal file
111
inc/ajax.class.php
Normal file
|
@ -0,0 +1,111 @@
|
|||
<?php
|
||||
/**
|
||||
* Project: astat - simple site engine
|
||||
* File: /inc/ajax.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/ajax.class.php $
|
||||
* @copyright 2009 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package astat core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id: ajax.class.php 31 2009-06-20 20:41:07Z genuineparts $
|
||||
*/
|
||||
|
||||
$module["core"]["name"]="Ajax Class";
|
||||
$module["core"]["ver"]="0.6.0";
|
||||
|
||||
use Smarty\Smarty;
|
||||
|
||||
class ajax{
|
||||
var $db;
|
||||
var $log;
|
||||
var $tpl;
|
||||
|
||||
function __construct(& $db,& $log,& $tpl) {
|
||||
global $config;
|
||||
$this->log = & $log;
|
||||
$this->db = & $db;
|
||||
$this->tpl = & $tpl;
|
||||
}
|
||||
|
||||
|
||||
function get_ajax_module($task,$subtask=""){
|
||||
global $config, $userdata, $core, $db, $userinfo, $tpl, $error, $session, $meta, $mod, $plugin;
|
||||
include dirname(dirname(__FILE__)).'/class_templates/ajax_module.template.php';
|
||||
$content="";
|
||||
if (strpos($task, '://') !== FALSE || strpos($task, '../') !== FALSE){
|
||||
$this->tpl->assign('messagetitle',"Intruder Alert!");
|
||||
$this->tpl->assign('message', "Unser System hat festgestellt das ein XSS Versuch erfolgt ist.<br />Wir haben alle Daten geloggt und eine E-Mail an den Administrator wurde versandt.");
|
||||
if($config["logging"])
|
||||
$this->log->write("XSS ATTACK: Someone tried calling ".$task."!",1);
|
||||
|
||||
return $tpl->fetch('message.tpl',"INTRUDER");
|
||||
}elseif((file_exists("modules/".$task."/" . $task . ".ajax.php") && is_array($core->mod_[$task]) )|| $task==""){
|
||||
if($task!=""){
|
||||
include 'modules/'.$task.'/' . $task. '.ajax.php';
|
||||
|
||||
if(class_exists($task)){
|
||||
$mod = new $task();
|
||||
$root = $_SERVER['DOCUMENT_ROOT'] . $config["path"];
|
||||
if(isset($config["theme"]) && is_dir($root . '/modules/'.$task.'/templates/'.$config["theme"]) && !$mod -> uses_default_templates){
|
||||
$mod -> tpl-> setTemplateDir($root . '/modules/'.$task.'/templates/'.$config["theme"]);
|
||||
}elseif($mod -> uses_default_templates){
|
||||
if(isset($config["theme"]) && is_dir($root . '/themes/'.$config["theme"])){
|
||||
$mod -> tpl-> setTemplateDir($root . '/themes/'.$config["theme"]);
|
||||
|
||||
}else{
|
||||
$mod -> tpl-> setTemplateDir($root . '/themes/default');
|
||||
}
|
||||
}else{
|
||||
$mod -> tpl-> setTemplateDir($root . '/modules/'.$task.'/templates/default');
|
||||
}
|
||||
|
||||
if($subtask!=""){
|
||||
$subtask="sub_".$subtask;
|
||||
|
||||
if(!is_callable(array($mod,$subtask))){
|
||||
if($config["logging"])
|
||||
$this->log->write("FATAL ERROR: Modul ".$task." was found, but does not contain FUNCTION ".$subtask."!",1);
|
||||
|
||||
return $error->http_error("404");
|
||||
}else{
|
||||
$content.=$mod->$subtask();
|
||||
}
|
||||
}else{
|
||||
$content.=$mod->ajax();
|
||||
}
|
||||
}else{
|
||||
if($config["logging"])
|
||||
$this->log->write("FATAL ERROR: Modul ".$task." was found, but does not contain CLASS ".$task."!",1);
|
||||
|
||||
return $error->http_error("404");
|
||||
}
|
||||
}
|
||||
|
||||
}else{
|
||||
if($config["logging"])
|
||||
$this->log->write("Modul ".$task." not found!",2);
|
||||
|
||||
return $error->http_error("404");
|
||||
|
||||
}
|
||||
echo $content;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
?>
|
101
inc/cache.class.php
Normal file
101
inc/cache.class.php
Normal file
|
@ -0,0 +1,101 @@
|
|||
<?php
|
||||
/**
|
||||
* Project: beFramed
|
||||
* File: /inc/cache.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.jaud.be
|
||||
* @copyright 2025 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package beFramed Core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
/*
|
||||
Already defined by PHP. I'll leave it here for Info
|
||||
define("LOG_EMERG", 0);
|
||||
define("LOG_ALERT", 1);
|
||||
define("LOG_CRIT", 2);
|
||||
define("LOG_ERR", 3);
|
||||
define("LOG_WARNING", 4);
|
||||
define("LOG_INFO", 6);
|
||||
define("LOG_DEBUG", 7);
|
||||
*/
|
||||
$module["cache"]["name"]="Cache Class";
|
||||
$module["cache"]["ver"]="0.9.10";
|
||||
class cache {
|
||||
var $server;
|
||||
var $prefix;
|
||||
var $obj;
|
||||
var $port;
|
||||
var $exp;
|
||||
/////////////////////////////////////////
|
||||
// Module data
|
||||
/////////////////////////////////////////
|
||||
|
||||
//
|
||||
// __construct
|
||||
//
|
||||
// Buid logger
|
||||
//
|
||||
function __construct() {
|
||||
global $config, $logger;
|
||||
$this->server=$config['MEMCACHE_SERVER'];
|
||||
$this->port=$config['MEMCACHE_PORT'];
|
||||
$this->prefix=$config['MEMCACHE_PREFIX'];
|
||||
$this->exp=$config['MEMCACHE_EXPIRATION'];
|
||||
$this->obj = new Memcached($this->prefix);
|
||||
$con = $this->connect($this->server,$this->port);
|
||||
if(!$con){
|
||||
return false;
|
||||
}else{
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
public function connect($host , $port){
|
||||
$servers = $this->obj->getServerList();
|
||||
if(is_array($servers)) {
|
||||
foreach ($servers as $server) {
|
||||
if($server['host'] == $host and $server['port'] == $port){
|
||||
return true;
|
||||
} else {
|
||||
return $this->obj->addServer($host , $port);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function __destruct() {
|
||||
$this->obj->quit();
|
||||
}
|
||||
|
||||
function set($key,$var,$expiration=null){
|
||||
if($expriation=null){
|
||||
$expriation=$this->exp;
|
||||
}
|
||||
$this->obj->set($this->prefix.$key,$var,$expiration);
|
||||
}
|
||||
|
||||
|
||||
function get($key){
|
||||
return $this->obj->get($this->prefix.$key);
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
109
inc/captcha.class.php
Normal file
109
inc/captcha.class.php
Normal file
|
@ -0,0 +1,109 @@
|
|||
<?php
|
||||
/**
|
||||
* (c) 2025 BeCast
|
||||
* -------------------------------------
|
||||
* Filename: captcha.class.php
|
||||
* Purpose: Capthca Handling
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
|
||||
* MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
$module["module"]["name"]="Captcha Class";
|
||||
$module["module"]["ver"]="1.0.0";
|
||||
class captcha{
|
||||
|
||||
function getCaptcha(){
|
||||
global $config;
|
||||
if($config['captcha']==1) {
|
||||
return '<label data-mcaptcha_url="https://'.$config['mcaptcha_url'].'/widget/?sitekey='.$config['mcaptcha_sitekey'].'" for="mcaptcha__token" id="mcaptcha__token-label">mCaptcha authorization token.<a href="https://mcaptcha.org/docs/user-manual/how-to-mcaptcha-without-js/">Instructions</a>.<input type="text" name="mcaptcha__token" id="mcaptcha__token" /></label><div id="mcaptcha__widget-container"></div> <script src="https://unpkg.com/@mcaptcha/vanilla-glue@0.1.0-rc2/dist/index.js"></script>';
|
||||
} else if ($config['captcha']==2) {
|
||||
return '<script src="https://www.google.com/recaptcha/api.js"></script><div class="g-recaptcha" data-sitekey="'.$config['recaptcha_sitekey'].'"></div>';
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
function validate($response){
|
||||
global $config,$functions;
|
||||
if($config['captcha']==1) {
|
||||
if(isset($response['mcaptcha__token']) && $response['mcaptcha__token']!=''){
|
||||
$token = $response['mcaptcha__token'];
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
$data = array(
|
||||
'token' => $token,
|
||||
'key' => $config['mcaptcha_sitekey'],
|
||||
'secret' => $config['mcaptcha_secret']
|
||||
);
|
||||
$json = json_encode($data);
|
||||
$url = 'https://'.$config['mcaptcha_url'].'/api/v1/pow/siteverify';
|
||||
$ch = curl_init($url);
|
||||
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
|
||||
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
|
||||
'Content-Type: application/json',
|
||||
'Content-Length: ' . strlen($json)
|
||||
));
|
||||
$fh=curl_exec($ch);
|
||||
|
||||
// schließe den cURL-Handle und gebe die Systemresourcen frei
|
||||
curl_close($ch);
|
||||
if(!$fh){
|
||||
return false;
|
||||
}else{
|
||||
$cresp = json_decode($fh, true);
|
||||
if($cresp["valid"] === true){
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}else if($config['captcha']==2) {
|
||||
if(isset($response['g-recaptcha-response']) && $response['g-recaptcha-response']!=''){
|
||||
$data = $response['g-recaptcha-response'];
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
$ch = curl_init();
|
||||
|
||||
// setze die URL und andere Optionen
|
||||
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify?secret=".$config['recaptcha_secret']."&response=".$data."&remoteip=".$functions->get_ip());
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
|
||||
// führe die Aktion aus und gebe die Daten an den Browser weiter
|
||||
$fh=curl_exec($ch);
|
||||
|
||||
// schließe den cURL-Handle und gebe die Systemresourcen frei
|
||||
curl_close($ch);
|
||||
if(!$fh){
|
||||
return false;
|
||||
}else{
|
||||
$cresp = json_decode($fh, true);
|
||||
if($cresp["success"] === true){
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
44
inc/config.default.inc.php
Normal file
44
inc/config.default.inc.php
Normal file
|
@ -0,0 +1,44 @@
|
|||
<?php
|
||||
/**
|
||||
* (c) 2009 BeCast
|
||||
* -------------------------------------
|
||||
* Filename: config.defult.inc.php
|
||||
* Purpose: Configuration
|
||||
* CVS Header: $Header$
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
|
||||
* MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
// your Database Server (most likely localhost)
|
||||
$config["host"] = "localhost";
|
||||
// your Database Username
|
||||
$config["user"] = "bcWe";
|
||||
// your Database Password
|
||||
$config["pass"] = "MyPassword";
|
||||
// your Database
|
||||
$config["db"] = "bcWe";
|
||||
// your Database Prefix
|
||||
$config["prefix"]="be_";
|
||||
// your Database Sytem
|
||||
$config["db_class"]="mysqli";
|
||||
$config['MEMCACHE_SERVER'] = '127.0.0.1';
|
||||
$config['MEMCACHE_PORT'] = '11211';
|
||||
$config['MEMCACHE_PREFIX'] = 'bcWe';
|
||||
$config['MEMCACHE_EXPIRATION'] = '50000';
|
||||
|
||||
define('INSTALLED', FALSE);
|
||||
define("CHARSET", "UTF-8");
|
||||
define("DEBUG", FALSE);
|
||||
?>
|
706
inc/core.class.php
Normal file
706
inc/core.class.php
Normal file
|
@ -0,0 +1,706 @@
|
|||
<?php
|
||||
/**
|
||||
* Project: astat - simple site engine
|
||||
* File: /inc/core.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.astat.org SVN: $URL: http://svn.becast.at/astat/trunk/inc/core.class.php $
|
||||
* @copyright 2025 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package astat core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id: core.class.php 154 2012-03-27 21:50:46Z genuineparts $
|
||||
*/
|
||||
|
||||
$module['core']['name']='Core Class';
|
||||
$module['core']['ver']='0.9.81';
|
||||
|
||||
class Core{
|
||||
|
||||
/**
|
||||
*
|
||||
* Database Connection
|
||||
*
|
||||
* @var object
|
||||
*/
|
||||
var $db;
|
||||
|
||||
/**
|
||||
*
|
||||
* Logging Class
|
||||
*
|
||||
* @var object
|
||||
*/
|
||||
var $log;
|
||||
|
||||
/**
|
||||
*
|
||||
* Template Class
|
||||
*
|
||||
* @var object
|
||||
*/
|
||||
var $tpl;
|
||||
|
||||
/**
|
||||
*
|
||||
* loaded Modules
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
var $mod_=array();
|
||||
|
||||
/**
|
||||
*
|
||||
* Sidebar Modules
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
var $nav=array();
|
||||
|
||||
/**
|
||||
*
|
||||
* Major Version
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
var $ver_major='1';
|
||||
|
||||
/**
|
||||
*
|
||||
* Minor Version
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
var $ver_minor='0';
|
||||
|
||||
/**
|
||||
*
|
||||
* Revision
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
var $ver_rev='0';
|
||||
|
||||
/**
|
||||
*
|
||||
* Codename
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
var $ver_codename='Antiochos';
|
||||
|
||||
/**
|
||||
*
|
||||
* Navbits
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
var $navbits=array();
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param Database
|
||||
* @param Log
|
||||
* @param Template
|
||||
*/
|
||||
function __construct(& $db,& $log,& $tpl) {
|
||||
global $config;
|
||||
$this->log = & $log;
|
||||
$this->db = & $db;
|
||||
$this->tpl = & $tpl;
|
||||
$this->nav['left']=TRUE;
|
||||
$this->nav['right']=TRUE;
|
||||
$this -> add_navbit($config['sitetitle'],$config['path'].'/index.php');
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads all installed modules from the database
|
||||
*
|
||||
*/
|
||||
function load_modules(){
|
||||
global $config, $db;
|
||||
$result = $db->query("SELECT * FROM " . $config['prefix'] . "module");
|
||||
while ($row = $db->fetch_array($result)){
|
||||
$this->mod_[$row['file']] = $row;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates the Sidebar
|
||||
*
|
||||
* @param string The side for which the Content should be rendered (l=left, r=right)
|
||||
* @return false|string
|
||||
*/
|
||||
function create_nav($side){
|
||||
global $config, $cache, $db, $session, $lang, $plugin;
|
||||
$navrow = '';
|
||||
$navtpl= $this->tpl;
|
||||
$root = $_SERVER['DOCUMENT_ROOT'] . $config['path'];
|
||||
if($navtpl-> isCached('navmain.tpl','navmain'.$side)){
|
||||
$compilednav = $navtpl-> fetch('navmain.tpl','navmain'.$side);
|
||||
return $compilednav;
|
||||
}else{
|
||||
$nav = $cache->read('sidebar');
|
||||
if($nav==FALSE){
|
||||
$cache->update_sidebars();
|
||||
$nav = $cache->read('sidebar');
|
||||
}
|
||||
if($nav[$side] != NULL){
|
||||
foreach($nav[$side] as $row){
|
||||
$nav_title = $row['name'];
|
||||
$nav_content = $row['content'];
|
||||
$nav_file = $row['file'];
|
||||
if($nav_file == ''){
|
||||
preg_match_all ('{right=\"(?P<value>.*?)\"}',$nav_content,$regs);
|
||||
if(is_array($regs)){
|
||||
foreach($regs['value'] as $reg){
|
||||
if($session->userdata[$reg]){
|
||||
$nav_content=preg_replace("/\{right=\"".$reg."\"\}(.*?)\{\/right\}/si","\\1",$nav_content);
|
||||
}else{
|
||||
$nav_content=preg_replace("/\{right=\"".$reg."\"\}(.*?)\{\/right\}/si","",$nav_content);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($session->userdata['uid']!=0){
|
||||
$nav_content=preg_replace("/\{logged_in\}(.*?)\{\/logged_in\}/si","\\1",$nav_content);
|
||||
$nav_content=preg_replace("/\{logged_out\}(.*?)\{\/logged_out\}/si","",$nav_content);
|
||||
}else{
|
||||
$nav_content=preg_replace("/\{logged_in\}(.*?)\{\/logged_in\}/si","",$nav_content);
|
||||
$nav_content=preg_replace("/\{logged_out\}(.*?)\{\/logged_out\}/si","\\1",$nav_content);
|
||||
}
|
||||
if($session->userdata['allow_grimdark']!=0){
|
||||
$nav_content=preg_replace("/\{allow_gd\}(.*?)\{\/allow_gd\}/si","\\1",$nav_content);
|
||||
}else{
|
||||
$nav_content=preg_replace("/\{allow_gd\}(.*?)\{\/allow_gd\}/si","",$nav_content);
|
||||
}
|
||||
|
||||
if(trim($nav_content)!=''){
|
||||
$navtpl->assign('navtitle', $nav_title);
|
||||
$navtpl->assign('navcontent', $nav_content);
|
||||
$navrow .= $navtpl->fetch('nav.tpl');
|
||||
}
|
||||
|
||||
|
||||
}elseif(file_exists($root.'/nav_modules/nav_' . $nav_file .'.php')){
|
||||
$navtpl->assign('navtitle', $nav_title);
|
||||
$navtpl->assign('navcontent', $nav_content);
|
||||
// include a Navigation Module. The Navigation Module MUST return a variable $navcontent
|
||||
include($root.'/nav_modules/nav_' . $nav_file .'.php');
|
||||
}
|
||||
}
|
||||
|
||||
$navtpl->assign('nav', $navrow);
|
||||
|
||||
if($side=='l'){
|
||||
$sidename='leftside';
|
||||
}else{
|
||||
$sidename='rightside';
|
||||
}
|
||||
|
||||
$navtpl->assign('sidename', $sidename);
|
||||
$compilednav = $navtpl->fetch('navmain.tpl','navmain'.$side);
|
||||
$plugin->run_hook('nav_finish',array(&$compilednav));
|
||||
return $compilednav;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Outputs a Message
|
||||
*
|
||||
* @param string $title The title of the message
|
||||
* @param string $message The message
|
||||
* @param bool $redirect Should the user be redirected
|
||||
* @param string $url The redirect URL
|
||||
* @param integer $time The Time in seconds until the user gets redirected
|
||||
* @param bool $minimal Should the Sidebars not get rendered
|
||||
*
|
||||
*/
|
||||
|
||||
function message($title,$message,$redirect=FALSE,$url='',$time=4,$minimal=FALSE,$fetch_page=TRUE){
|
||||
global $config, $userdata, $userinfo, $tpl, $session, $lang, $meta;
|
||||
if(!isset($session->userdata) && $fetch_page){
|
||||
$session->page_begin('Message', FALSE);
|
||||
}
|
||||
|
||||
if($url!='' && $redirect){
|
||||
$tpl->assign('message', $message.'<br /><a href="'.$url.'">'.$lang->_('CLICKREDIRECT').'</a>');
|
||||
}elseif($url!='' && !$redirect){
|
||||
$tpl->assign('message', $message.'<br /><a href="'.$url.'">'.$lang->_('CLICKCONTINUE').'</a>');
|
||||
}else{
|
||||
$tpl->assign('message', $message);
|
||||
}
|
||||
$tpl->assign('messagetitle', $title);
|
||||
if($redirect && $url!=''){
|
||||
if(substr( $url, 0, 4 ) != "http") {
|
||||
$url = '//'.$config['domain'].$config['path'].$url;
|
||||
}
|
||||
$meta.='<meta http-equiv="refresh" content="'.$time.';URL='.$url.'" />';
|
||||
}
|
||||
$this->make_page($tpl->fetch('message.tpl'),$minimal);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Outputs a Message
|
||||
*
|
||||
* @deprec 0.8.60 - 2009/06/20
|
||||
* @param string $title The title of the message
|
||||
* @param string $message The message
|
||||
* @param bool $redirect Should the user be redirected
|
||||
* @param string $url The redirect URL
|
||||
* @param integer $time The Time in seconds until the user gets redirected
|
||||
*
|
||||
*/
|
||||
function redirect_message($title,$message,$redirect=FALSE,$url='',$time=4){
|
||||
$this->message($title,$message,$redirect,$url,$time,TRUE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a Navbit
|
||||
*
|
||||
* @param string $title The title of the navbit
|
||||
* @param string $url The navbit url
|
||||
*
|
||||
*/
|
||||
function add_navbit($title,$url=''){
|
||||
$this->navbits[]=array('name'=>$title,'url'=>$url);
|
||||
}
|
||||
|
||||
/**
|
||||
* Clears Navbits
|
||||
*
|
||||
*/
|
||||
function clear_navbits(){
|
||||
unset($this->navbits);
|
||||
}
|
||||
|
||||
/**
|
||||
* get Navbits
|
||||
*
|
||||
* @returns string
|
||||
*
|
||||
*/
|
||||
function get_navbits(){
|
||||
foreach($this->navbits as $key => $nav){
|
||||
if(isset($this->navbits[$key+1])){
|
||||
if($nav['url']==''){
|
||||
$bit='<span class="navbit">'.$nav['name'].'</span>';
|
||||
}else{
|
||||
$bit='<a href="'.$nav['url'].'"><span class="navbit">'.$nav['name'].'</span></a>';
|
||||
}
|
||||
}else{
|
||||
if($nav['url']==''){
|
||||
$bit='<span class="active_navbit">'.$nav['name'].'</span>';
|
||||
}else{
|
||||
$bit='<a href="'.$nav['url'].'"><span class="active_navbit">'.$nav['name'].'</span></a>';
|
||||
}
|
||||
}
|
||||
|
||||
if(!$navs){
|
||||
$navs=$bit;
|
||||
}else{
|
||||
$navs.=' / '.$bit;
|
||||
}
|
||||
}
|
||||
|
||||
return $navs;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a module and renders the main content
|
||||
*
|
||||
* @param string $task The name of the module
|
||||
* @param string $subtask The name of the subfunction
|
||||
* @return void|string
|
||||
*
|
||||
*/
|
||||
function get_module($task,$subtask=''){
|
||||
global $config, $userdata, $db, $cache, $tpl, $error, $session, $meta, $mod, $footer, $plugin;
|
||||
$content='';
|
||||
include dirname(dirname(__FILE__)).'/class_templates/page_module.template.php';
|
||||
if (strpos($task, '://') !== FALSE || strpos($task, '../') !== FALSE){
|
||||
$tpl->assign('messagetitle','Intruder Alert!');
|
||||
$tpl->assign('message', 'The System has caught a possible attack. The Admins have been informed.');
|
||||
if($config['logging'])
|
||||
$this->log->write('XSS ATTACK: Someone tried calling '.$task.'!',1);
|
||||
|
||||
return $tpl->fetch('message.tpl','INTRUDER');
|
||||
}elseif((file_exists('modules/'.$task.'/' . $task . '.output.php') && is_array($this->mod_[$task]) )|| $task==''){
|
||||
if($config['startmodule'] == $task){
|
||||
$result=$db->query("SELECT * FROM `".$config['prefix']."navigation` WHERE `side`='m' ORDER BY `sort`");
|
||||
}else{
|
||||
$result=$db->query("SELECT * FROM `".$config['prefix']."navigation` WHERE `side`='m' AND `valid`='E' ORDER BY `sort`");
|
||||
}
|
||||
while($row=$db->fetch_array($result)){
|
||||
|
||||
if($row['name']=='maincontent'){
|
||||
if($task!=''){
|
||||
include 'modules/'.$task.'/' . $task. '.output.php';
|
||||
if($config['logging'])
|
||||
$this->log->write($task.' called.');
|
||||
|
||||
if(class_exists($task)){
|
||||
$mod = new $task();
|
||||
$mod->get=$_GET;
|
||||
$mod->post=$_POST;
|
||||
$mod->files=$_FILES;
|
||||
$mod->request=$_REQUEST;
|
||||
if(isset($_SESSION)){
|
||||
$mod->session=$_SESSION;
|
||||
}
|
||||
$mod->cookie=$_COOKIE;
|
||||
$root = $_SERVER['DOCUMENT_ROOT'] . $config['path'];
|
||||
if(isset($config['theme']) && $config['theme']!='' && is_dir($root . '/modules/'.$task.'/templates/'.$config['theme']) && !$mod -> uses_default_templates){
|
||||
$mod -> tpl-> setTemplateDir($root . '/modules/'.$task.'/templates/'.$config['theme']);
|
||||
}elseif($mod -> uses_default_templates){
|
||||
if(isset($config['theme']) && $config['theme']!='' && is_dir($root . '/themes/'.$config['theme'])){
|
||||
$mod -> tpl-> setTemplateDir($root . '/themes/'.$config['theme']);
|
||||
|
||||
}else{
|
||||
$mod -> tpl-> setTemplateDir($root . '/themes/default');
|
||||
}
|
||||
}else{
|
||||
$mod -> tpl-> setTemplateDir($root . '/modules/'.$task.'/templates/default');
|
||||
}
|
||||
|
||||
$meta.= $mod->redirect;
|
||||
if($subtask!=''){
|
||||
$submeta='meta_'.$subtask;
|
||||
$subfooter='footer_'.$subtask;
|
||||
$subtask='output_'.$subtask;
|
||||
|
||||
if(!is_callable(array($mod,$subtask))){
|
||||
if($config['logging'])
|
||||
$this->log->write('FATAL ERROR: Modul '.$task.' was found, but does not contain FUNCTION '.$subtask.'!',1);
|
||||
|
||||
return $error->http_error('404');
|
||||
}else{
|
||||
if(!is_callable(array($mod,$submeta))){
|
||||
$meta.= $mod->meta();
|
||||
}else{
|
||||
$meta.= $mod->$submeta();
|
||||
}
|
||||
if(!is_callable(array($mod,$subfooter))){
|
||||
$footer.= $mod->footer();
|
||||
}else{
|
||||
$footer.= $mod->$subfooter();
|
||||
}
|
||||
$content.=$mod->$subtask();
|
||||
}
|
||||
}else{
|
||||
$meta.= $mod->meta();
|
||||
$footer.= $mod->footer();
|
||||
$content.=$mod->output();
|
||||
}
|
||||
}else{
|
||||
if($config['logging'])
|
||||
$this->log->write('FATAL ERROR: Modul '.$task.' was found, but does not contain CLASS '.$task.'!',1);
|
||||
|
||||
return $error->http_error('404');
|
||||
}
|
||||
}
|
||||
}else{
|
||||
if($row['file']!=''){
|
||||
$file_content=$plugin->run_hook($row['file'],array(&$tpl));
|
||||
$content.=$file_content;
|
||||
}else{
|
||||
preg_match_all ('{right=\"(?P<value>.*?)\"}',$row['content'],$regs);
|
||||
if(is_array($regs)){
|
||||
foreach($regs['value'] as $reg){
|
||||
if($session->userdata[$reg]){
|
||||
$nav_content=preg_replace("/\{right=\"".$reg."\"\}(.*?)\{\/right\}/si","\\1",$row['content']);
|
||||
}else{
|
||||
$nav_content=preg_replace("/\{right=\"".$reg."\"\}(.*?)\{\/right\}/si","",$row['content']);
|
||||
}
|
||||
}
|
||||
}
|
||||
$session->page_begin('content', false);
|
||||
if($session->userdata['uid']!=0){
|
||||
$row['content']=preg_replace("/\{logged_in\}(.*?)\{\/logged_in\}/si","\\1",$row['content']);
|
||||
$row['content']=preg_replace("/\{logged_out\}(.*?)\{\/logged_out\}/si","",$row['content']);
|
||||
}else{
|
||||
$row['content']=preg_replace("/\{logged_in\}(.*?)\{\/logged_in\}/si","",$row['content']);
|
||||
$row['content']=preg_replace("/\{logged_out\}(.*?)\{\/logged_out\}/si","\\1",$row['content']);
|
||||
}
|
||||
if($session->userdata['allow_grimdark']!=0){
|
||||
$row['content']=preg_replace("/\{allow_gd\}(.*?)\{\/allow_gd\}/si","\\1",$row['content']);
|
||||
}else{
|
||||
$row['content']=preg_replace("/\{allow_gd\}(.*?)\{\/allow_gd\}/si","",$row['content']);
|
||||
}
|
||||
$content.=$row['content'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}else{
|
||||
if($config['logging'])
|
||||
$this->log->write('Modul '.$task.' not found!',2);
|
||||
|
||||
return $error->http_error('404');
|
||||
}
|
||||
$this->make_page($content);
|
||||
}
|
||||
|
||||
function makeDownload($file, $dir, $type) {
|
||||
$fullPath=$dir.$file;
|
||||
// Must be fresh start
|
||||
if( headers_sent())
|
||||
die('Headers Sent');
|
||||
|
||||
// Required for some browsers
|
||||
if(ini_get('zlib.output_compression'))
|
||||
ini_set('zlib.output_compression', 'Off');
|
||||
|
||||
// File Exists?
|
||||
|
||||
if( file_exists($fullPath) ){
|
||||
|
||||
// Parse Info / Get Extension
|
||||
$fsize = filesize($fullPath);
|
||||
$path_parts = pathinfo($fullPath);
|
||||
$ext = strtolower($path_parts["extension"]);
|
||||
|
||||
// Determine Content Type
|
||||
switch ($ext) {
|
||||
case "pdf": $ctype="application/pdf"; break;
|
||||
case "exe": $ctype="application/octet-stream"; break;
|
||||
case "zip": $ctype="application/zip"; break;
|
||||
case "doc": $ctype="application/msword"; break;
|
||||
case "xls": $ctype="application/vnd.ms-excel"; break;
|
||||
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
|
||||
case "apk": $ctype='application/vnd.android.package-archive'; break;
|
||||
case "gif": $ctype="image/gif"; break;
|
||||
case "png": $ctype="image/png"; break;
|
||||
case "jpeg":
|
||||
case "jpg": $ctype="image/jpg"; break;
|
||||
default: $ctype="application/force-download";
|
||||
}
|
||||
|
||||
header("Pragma: no-cache"); // required
|
||||
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
|
||||
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
|
||||
header("Content-Description: File Transfer");
|
||||
header("Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0");
|
||||
header("Content-Type: $ctype");
|
||||
header("Content-Disposition: attachment; filename=\"".basename($fullPath)."\";" );
|
||||
header("Content-Transfer-Encoding: binary");
|
||||
header("Content-Length: ".$fsize);
|
||||
ob_clean();
|
||||
readfile( $fullPath );
|
||||
flush();
|
||||
} else {
|
||||
die('File Not Found');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Renders the Page
|
||||
*
|
||||
* @param string $content The content for the page
|
||||
* @param bool $minimal Render the Page in a minaml mode (e.g. for redirect)
|
||||
* @param string $minimal_tpl Custom minimal template
|
||||
* @param string $header_tpl Custom header template
|
||||
* @param string $footer_tpl Custom footer template
|
||||
* @return void
|
||||
*
|
||||
*/
|
||||
|
||||
function make_page($content, $minimal=FALSE,$minimal_tpl='minimal_index.tpl',$header_tpl='header.tpl',$footer_tpl='footer.tpl'){
|
||||
global $config, $session, $start, $tpl, $db, $meta, $footer, $mod, $plugin,$plugin_content;
|
||||
$plugin->run_hook('frontpage_start',array(&$tpl));
|
||||
if($config['p3p_active']==1){
|
||||
header('P3P: CP="'.$config['p3p_string'].'"');
|
||||
}
|
||||
$tpl -> assign("path",$config["path"]."/");
|
||||
$tpl -> assign("themepath",'/themes/'.$config['theme']);
|
||||
$tpl -> assign('sitetitle', $config['sitetitle']);
|
||||
if(isset($mod->titleaddon) && $mod->titleaddon!=''){
|
||||
$tpl -> assign('titleaddon', ' - '.$mod->titleaddon);
|
||||
}
|
||||
$tpl -> assign('navbits',$this -> get_navbits());
|
||||
$tpl -> assign('meta', $meta);
|
||||
|
||||
if($header_tpl!=''){
|
||||
$header=$tpl->fetch($header_tpl);
|
||||
$tpl -> assign('header', $header);
|
||||
}
|
||||
|
||||
if(!$minimal){
|
||||
if($this->nav['right']){
|
||||
$rightnav = $this->create_nav('r');
|
||||
$tpl -> assign('rightnav', $rightnav);
|
||||
}
|
||||
if($this->nav['left']){
|
||||
$leftnav = $this->create_nav('l');
|
||||
$tpl -> assign('leftnav', $leftnav);
|
||||
}
|
||||
$plugin->run_hook('frontpage_middle',array(&$tpl));
|
||||
$tpl -> assign('content', $content);
|
||||
$tpl -> display('index.tpl');
|
||||
}else{
|
||||
$tpl -> assign('content', $content);
|
||||
$tpl -> display($minimal_tpl);
|
||||
}
|
||||
$tpl->assign('queries', $db->querys());
|
||||
$tpl->assign('user', $session->userdata);
|
||||
$tpl->assign('memory', number_format((@memory_get_usage()/1048576),2).' Mb');
|
||||
$tpl->assign('version', $this->ver_major.'.'.$this->ver_minor.'.'.$this->ver_rev.' - '.$this->ver_codename);
|
||||
$tpl -> assign('footer', $footer);
|
||||
$end = getTime();
|
||||
$tpl->assign('gentime',round($end - $start,4));
|
||||
if($footer_tpl!=''){
|
||||
$tpl->display($footer_tpl);
|
||||
}
|
||||
$plugin->run_hook('frontpage_end',array(&$tpl));
|
||||
exit();
|
||||
}
|
||||
|
||||
/**
|
||||
* Uploads a file
|
||||
*
|
||||
* @param string $filename The name for the file
|
||||
* @param string $tmpname The name of the Temporary (read uploaded) File
|
||||
* @param integer $maxwidth Maximal width of the image
|
||||
* @param integer $maxheight Maximal height of the image
|
||||
* @param bool $resize Resize the image if its bigger
|
||||
* @param bool $keep_ratio Keep the Height to Width ratio when resizing
|
||||
* @return bool|string
|
||||
*
|
||||
*/
|
||||
function upload_file($filename, $tmpname, $maxwidth=160, $maxheight=160, $resize=FALSE, $keep_ratio=TRUE){
|
||||
global $config, $lang;
|
||||
if(file_exists($tmpname)){
|
||||
$sizes = getimagesize($tmpname);
|
||||
$aspect_ratio = $sizes[1]/$sizes[0];
|
||||
if ($sizes[1] <= $maxheight && $sizes[0] <= $maxwidth){
|
||||
$new_width = $sizes[0];
|
||||
$new_height = $sizes[1];
|
||||
}elseif(!$resize){
|
||||
return sprintf($lang->_('PICSIZE'),$maxwidth,$maxheight);
|
||||
}elseif($keep_ratio){
|
||||
$new_height = $maxheight;
|
||||
$new_width = abs($new_height/$aspect_ratio);
|
||||
if($new_width > $maxwidth){
|
||||
$new_width = $maxwidth;
|
||||
$new_height = abs($new_width*$aspect_ratio);
|
||||
}
|
||||
}else{
|
||||
$new_width = $maxwidth;
|
||||
$new_height = $maxheight;
|
||||
}
|
||||
|
||||
$destimg=ImageCreateTrueColor($new_width,$new_height);
|
||||
|
||||
if(!$destimg)
|
||||
return $lang->_('PICNOCREATE');
|
||||
|
||||
/**
|
||||
*
|
||||
* Needed to fix PNG Background Transparency
|
||||
*/
|
||||
imagealphablending($destimg, false);
|
||||
imagesavealpha($destimg, true);
|
||||
|
||||
$srcimg= $this->imagecreatefromfile($tmpname);
|
||||
|
||||
if(!$srcimg)
|
||||
return $lang->_('PICNOCREATE');
|
||||
|
||||
$cpy=ImageCopyResized($destimg,$srcimg,0,0,0,0,$new_width,$new_height,ImageSX($srcimg),ImageSY($srcimg));
|
||||
|
||||
if(!$cpy)
|
||||
return $lang->_('NORESIZE');
|
||||
|
||||
$out=$this->imageoutput($sizes[2],$destimg,$filename);
|
||||
|
||||
if(!$out)
|
||||
return $lang->_('CANTSAVEPIC');
|
||||
|
||||
imagedestroy($destimg);
|
||||
imagedestroy($srcimg);
|
||||
return TRUE;
|
||||
}else{
|
||||
return $tmpname.' - '.$lang->_('FILENOEXIST');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function imagecreatefromfile($path){
|
||||
$info = @getimagesize($path);
|
||||
|
||||
if(!$info)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$functions = array(
|
||||
IMAGETYPE_GIF => 'imagecreatefromgif',
|
||||
IMAGETYPE_JPEG => 'imagecreatefromjpeg',
|
||||
IMAGETYPE_PNG => 'imagecreatefrompng',
|
||||
IMAGETYPE_WBMP => 'imagecreatefromwbmp',
|
||||
IMAGETYPE_XBM => 'imagecreatefromwxbm',
|
||||
);
|
||||
|
||||
if(!$functions[$info[2]])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!function_exists($functions[$info[2]]))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return $functions[$info[2]]($path);
|
||||
}
|
||||
|
||||
function imageoutput($userfile_type, $image, $imgout=NULL){
|
||||
|
||||
$functions = array(
|
||||
IMAGETYPE_GIF => 'imagegif',
|
||||
IMAGETYPE_JPEG => 'imagejpeg',
|
||||
IMAGETYPE_PNG => 'imagepng',
|
||||
IMAGETYPE_WBMP => 'imagewbmp',
|
||||
IMAGETYPE_XBM => 'imagewxbm',
|
||||
);
|
||||
|
||||
if(!$functions[$userfile_type])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!function_exists($functions[$userfile_type]))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if($functions[$userfile_type]=='imagejpeg'){
|
||||
return $functions[$userfile_type]($image, $imgout,100);
|
||||
}elseif($functions[$userfile_type]=='imagepng'){
|
||||
return $functions[$userfile_type]($image, $imgout,0);
|
||||
}else{
|
||||
return $functions[$userfile_type]($image, $imgout);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
?>
|
113
inc/datacache.class.php
Normal file
113
inc/datacache.class.php
Normal file
|
@ -0,0 +1,113 @@
|
|||
<?php
|
||||
$module["datacache"]["name"]="Datacache Module";
|
||||
$module["datacache"]["ver"]="0.1.0";
|
||||
/**
|
||||
* Project: astat - simple site engine
|
||||
* File: /inc/datacache.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.astat.org SVN: $URL$
|
||||
* @copyright 2010 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package astat core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
class datacache {
|
||||
|
||||
var $data = array();
|
||||
var $expires = array();
|
||||
|
||||
function __construct(){
|
||||
global $config, $db;
|
||||
$res=$db->query('SELECT `cache`,`content`,`expire` FROM `' . $config['prefix'] . 'datacache`');
|
||||
while($row=$db->fetch_object($res)){
|
||||
$this->data[$row->cache]=@unserialize(base64_decode($row->content));
|
||||
$this->expires[$row->cache]=$row->expire;
|
||||
}
|
||||
}
|
||||
|
||||
//Fetch userdata
|
||||
function read($cache){
|
||||
global $config, $db;
|
||||
if(isset($this->data[$cache]) && $this->data[$cache]){
|
||||
return $this->data[$cache];
|
||||
}else{
|
||||
$res=$db->query('SELECT `cache`,`content` FROM `' . $config['prefix'] . 'datacache` WHERE `cache`=\''.$db->escape($cache).'\' LIMIT 1') or die($db->error());
|
||||
$row=$db->fetch_row($res);
|
||||
if(!$row[0]){
|
||||
$data=false;
|
||||
}else{
|
||||
$data = @unserialize(base64_decode($row[1]));
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
function set($name,$data,$expires=0){
|
||||
global $db,$config;
|
||||
$data=base64_encode(serialize($data));
|
||||
$test=$this->read($name);
|
||||
if($test){
|
||||
$res=$db->query('UPDATE `' . $config['prefix'] . 'datacache` SET `content`=\''.$data.'\',`expire`=\''.$expires.'\' WHERE `cache`=\''.$db->escape($name).'\'');
|
||||
if($res){
|
||||
return true;
|
||||
}
|
||||
}else{
|
||||
$res=$db->query('INSERT INTO `' . $config['prefix'] . 'datacache` (`cache`,`content`,`expire`) VALUES (\''.$db->escape($name).'\',\''.$data.'\',\''.$expires.'\')');
|
||||
if($res){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function is_expired($name){
|
||||
global $db,$config;
|
||||
if(isset($this->expires[$name])){
|
||||
if($this->expires[$name]<time() && $this->expires[$name]!=0){
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
$res=$db->query('SELECT `cache` FROM `' . $config['prefix'] . 'datacache` WHERE `cache`=\''.$db->escape($name).'\' AND `expire`< \''.time().'\' AND `expire`<>\'0\' LIMIT 1');
|
||||
$row=$db->fetch_row($res);
|
||||
if($row[0]){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function update_sidebars(){
|
||||
global $db,$config;
|
||||
|
||||
$res = $db->query('SELECT `name`, `content`, `file` FROM `' . $config['prefix'] . 'navigation` WHERE `side`=\'l\' ORDER BY `sort`');
|
||||
while ($row=$db->fetch_row($res)){
|
||||
$nav['l'][]=array('name'=>$row[0],'content'=>$row[1],'file'=>$row[2]);
|
||||
}
|
||||
|
||||
$res = $db->query('SELECT `name`, `content`, `file` FROM `' . $config['prefix'] . 'navigation` WHERE `side`=\'r\' ORDER BY `sort`');
|
||||
while ($row=$db->fetch_row($res)){
|
||||
$nav['r'][]=array('name'=>$row[0],'content'=>$row[1],'file'=>$row[2]);
|
||||
}
|
||||
$this->set('sidebar',$nav);
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
67
inc/error.class.php
Normal file
67
inc/error.class.php
Normal file
|
@ -0,0 +1,67 @@
|
|||
<?php
|
||||
/**
|
||||
* Project: astat - simple site engine
|
||||
* File: /inc/error.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.astat.org SVN: $URL$
|
||||
* @copyright 2009 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package astat core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
$module["error"]["name"]="Error Class";
|
||||
$module["error"]["ver"]="0.9.0";
|
||||
|
||||
class errorhandler{
|
||||
var $type;
|
||||
|
||||
function http_error($type){
|
||||
global $core,$session;
|
||||
$session->page_begin("Error", FALSE);
|
||||
switch($type){
|
||||
case 401:
|
||||
header("HTTP/1.1 401 Unauthorized");
|
||||
return $core->message('Error 401 - Nicht Authorisiert!', 'Du bist nicht Authorisiert um hierauf zuzugreifen.',FALSE);
|
||||
break;
|
||||
case 403:
|
||||
header("HTTP/1.1 403 Forbidden");
|
||||
header("Status: 403 Forbidden");
|
||||
return $core->message("Error 403 - Verboten", "Der Zugriff ist Verboten.",FALSE);
|
||||
break;
|
||||
case 404:
|
||||
default:
|
||||
header("HTTP/1.1 404 Not Found");
|
||||
header("Status: 404 Not Found");
|
||||
return $core->message('Error 404 - Nicht gefunden', 'Die von Dir angeforderte Seite konnte nicht gefunden werden.<br />Wenn Du dies für einen Fehler hältst informiere bitte das Team!',FALSE);
|
||||
break;
|
||||
case 500:
|
||||
header("HTTP/1.1 500 Internal Server Error");
|
||||
header("Status: 500 Internal Server Error");
|
||||
header("Retry-After: 120");
|
||||
return $core->message('Error 500 - Interner Serverfehler', 'Der Server kann die Anfrage wegen eines Fehlers nicht beantworten.',FALSE);
|
||||
break;
|
||||
case 503:
|
||||
header("HTTP/1.1 503 Service Temporarily Unavailable");
|
||||
header("Status: 503 Service Temporarily Unavailable");
|
||||
header("Retry-After: 120");
|
||||
return $core->message("Error 503 - Dienst nicht verfügbar", "Der Dienst ist zurzeit nicht verfügbar. Grund könnten Wartungsarbeiten oder Kapazitätsprobleme sein, bitte versuche es später erneut.",FALSE);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
356
inc/functions.class.php
Normal file
356
inc/functions.class.php
Normal file
|
@ -0,0 +1,356 @@
|
|||
<?php
|
||||
$module["functions"]["name"]="Functions Module";
|
||||
$module["functions"]["ver"]="1.0.0";
|
||||
/**
|
||||
* Project: astat - simple site engine
|
||||
* File: /inc/sessions.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/sessions.class.php $
|
||||
* @copyright 2010 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package astat core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id: sessions.class.php 129 2010-02-21 22:04:51Z genuineparts $
|
||||
*/
|
||||
class functions {
|
||||
|
||||
function my_inet_pton($ip)
|
||||
{
|
||||
if(function_exists('inet_pton'))
|
||||
{
|
||||
return @inet_pton($ip);
|
||||
}
|
||||
else
|
||||
{
|
||||
/**
|
||||
* Replace inet_pton()
|
||||
*
|
||||
* @category PHP
|
||||
* @package PHP_Compat
|
||||
* @license LGPL - http://www.gnu.org/licenses/lgpl.html
|
||||
* @copyright 2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
|
||||
* @link http://php.net/inet_pton
|
||||
* @author Arpad Ray <arpad@php.net>
|
||||
* @version $Revision: 269597 $
|
||||
*/
|
||||
$r = ip2long($ip);
|
||||
if($r !== false && $r != -1)
|
||||
{
|
||||
return pack('N', $r);
|
||||
}
|
||||
|
||||
$delim_count = substr_count($ip, ':');
|
||||
if($delim_count < 1 || $delim_count > 7)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$r = explode(':', $ip);
|
||||
$rcount = count($r);
|
||||
if(($doub = array_search('', $r, 1)) !== false)
|
||||
{
|
||||
$length = (!$doub || $doub == $rcount - 1 ? 2 : 1);
|
||||
array_splice($r, $doub, $length, array_fill(0, 8 + $length - $rcount, 0));
|
||||
}
|
||||
|
||||
$r = array_map('hexdec', $r);
|
||||
array_unshift($r, 'n*');
|
||||
$r = call_user_func_array('pack', $r);
|
||||
|
||||
return $r;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts a packed internet address to a human readable representation
|
||||
*
|
||||
* @param string $ip IP in 32bit or 128bit binary format
|
||||
* @return string IP in human readable format
|
||||
*/
|
||||
function my_inet_ntop($ip)
|
||||
{
|
||||
if(function_exists('inet_ntop'))
|
||||
{
|
||||
return @inet_ntop($ip);
|
||||
}
|
||||
else
|
||||
{
|
||||
/**
|
||||
* Replace inet_ntop()
|
||||
*
|
||||
* @category PHP
|
||||
* @package PHP_Compat
|
||||
* @license LGPL - http://www.gnu.org/licenses/lgpl.html
|
||||
* @copyright 2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
|
||||
* @link http://php.net/inet_ntop
|
||||
* @author Arpad Ray <arpad@php.net>
|
||||
* @version $Revision: 269597 $
|
||||
*/
|
||||
switch(strlen($ip))
|
||||
{
|
||||
case 4:
|
||||
list(,$r) = unpack('N', $ip);
|
||||
return long2ip($r);
|
||||
case 16:
|
||||
$r = substr(chunk_split(bin2hex($ip), 4, ':'), 0, -1);
|
||||
$r = preg_replace(
|
||||
array('/(?::?\b0+\b:?){2,}/', '/\b0+([^0])/e'),
|
||||
array('::', '(int)"$1"?"$1":"0$1"'),
|
||||
$r);
|
||||
return $r;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function get_ip(){
|
||||
global $config;
|
||||
$ip = strtolower($_SERVER['REMOTE_ADDR']);
|
||||
|
||||
if($config['ip_forwarded_check'])
|
||||
{
|
||||
$addresses = array();
|
||||
|
||||
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
{
|
||||
$addresses = explode(',', strtolower($_SERVER['HTTP_X_FORWARDED_FOR']));
|
||||
}
|
||||
elseif(isset($_SERVER['HTTP_X_REAL_IP']))
|
||||
{
|
||||
$addresses = explode(',', strtolower($_SERVER['HTTP_X_REAL_IP']));
|
||||
}
|
||||
|
||||
if(is_array($addresses))
|
||||
{
|
||||
foreach($addresses as $val)
|
||||
{
|
||||
$val = trim($val);
|
||||
// Validate IP address and exclude private addresses
|
||||
if($this->my_inet_ntop($this->my_inet_pton($val)) == $val && !preg_match("#^(10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.|fe80:|fe[c-f][0-f]:|f[c-d][0-f]{2}:)#", $val))
|
||||
{
|
||||
$ip = $val;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(!$ip)
|
||||
{
|
||||
if(isset($_SERVER['HTTP_CLIENT_IP']))
|
||||
{
|
||||
$ip = strtolower($_SERVER['HTTP_CLIENT_IP']);
|
||||
}
|
||||
}
|
||||
|
||||
return $ip;
|
||||
}
|
||||
|
||||
function my_rand($min=0, $max=PHP_INT_MAX){
|
||||
// backward compatibility
|
||||
if($min === null || $max === null || $max < $min)
|
||||
{
|
||||
$min = 0;
|
||||
$max = PHP_INT_MAX;
|
||||
}
|
||||
|
||||
if(version_compare(PHP_VERSION, '7.0', '>='))
|
||||
{
|
||||
try
|
||||
{
|
||||
$result = random_int($min, $max);
|
||||
} catch (Exception $e) {
|
||||
}
|
||||
|
||||
if(isset($result))
|
||||
{
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
||||
$seed = $this->secure_seed_rng();
|
||||
|
||||
$distance = $max - $min;
|
||||
return $min + floor($distance * ($seed / PHP_INT_MAX) );
|
||||
}
|
||||
|
||||
function random_str($length=8, $complex=false){
|
||||
$set = array_merge(range(0, 9), range('A', 'Z'), range('a', 'z'));
|
||||
$str = array();
|
||||
|
||||
// Complex strings have always at least 3 characters, even if $length < 3
|
||||
if($complex == true)
|
||||
{
|
||||
// At least one number
|
||||
$str[] = $set[$this->my_rand(0, 9)];
|
||||
|
||||
// At least one big letter
|
||||
$str[] = $set[$this->my_rand(10, 35)];
|
||||
|
||||
// At least one small letter
|
||||
$str[] = $set[$this->my_rand(36, 61)];
|
||||
|
||||
$length -= 3;
|
||||
}
|
||||
|
||||
for($i = 0; $i < $length; ++$i)
|
||||
{
|
||||
$str[] = $set[$this->my_rand(0, 61)];
|
||||
}
|
||||
|
||||
// Make sure they're in random order and convert them to a string
|
||||
shuffle($str);
|
||||
|
||||
return implode($str);
|
||||
}
|
||||
|
||||
function secure_seed_rng(){
|
||||
$bytes = PHP_INT_SIZE;
|
||||
|
||||
do
|
||||
{
|
||||
|
||||
$output = $this->secure_binary_seed_rng($bytes);
|
||||
|
||||
// convert binary data to a decimal number
|
||||
if ($bytes == 4)
|
||||
{
|
||||
$elements = unpack('i', $output);
|
||||
$output = abs($elements[1]);
|
||||
}
|
||||
else
|
||||
{
|
||||
$elements = unpack('N2', $output);
|
||||
$output = abs($elements[1] << 32 | $elements[2]);
|
||||
}
|
||||
|
||||
} while($output > PHP_INT_MAX);
|
||||
|
||||
return $output;
|
||||
}
|
||||
|
||||
function secure_binary_seed_rng($bytes){
|
||||
$output = null;
|
||||
|
||||
if(version_compare(PHP_VERSION, '7.0', '>='))
|
||||
{
|
||||
try
|
||||
{
|
||||
$output = random_bytes($bytes);
|
||||
} catch (Exception $e) {
|
||||
}
|
||||
}
|
||||
|
||||
if(strlen($output) < $bytes)
|
||||
{
|
||||
if(@is_readable('/dev/urandom') && ($handle = @fopen('/dev/urandom', 'rb')))
|
||||
{
|
||||
$output = @fread($handle, $bytes);
|
||||
@fclose($handle);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return $output;
|
||||
}
|
||||
|
||||
if(strlen($output) < $bytes)
|
||||
{
|
||||
if(function_exists('mcrypt_create_iv'))
|
||||
{
|
||||
if (DIRECTORY_SEPARATOR == '/')
|
||||
{
|
||||
$source = MCRYPT_DEV_URANDOM;
|
||||
}
|
||||
else
|
||||
{
|
||||
$source = MCRYPT_RAND;
|
||||
}
|
||||
|
||||
$output = @mcrypt_create_iv($bytes, $source);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return $output;
|
||||
}
|
||||
|
||||
if(strlen($output) < $bytes)
|
||||
{
|
||||
if(function_exists('openssl_random_pseudo_bytes'))
|
||||
{
|
||||
// PHP <5.3.4 had a bug which makes that function unusable on Windows
|
||||
if ((DIRECTORY_SEPARATOR == '/') || version_compare(PHP_VERSION, '5.3.4', '>='))
|
||||
{
|
||||
$output = openssl_random_pseudo_bytes($bytes, $crypto_strong);
|
||||
if ($crypto_strong == false)
|
||||
{
|
||||
$output = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return $output;
|
||||
}
|
||||
|
||||
if(strlen($output) < $bytes)
|
||||
{
|
||||
if(class_exists('COM'))
|
||||
{
|
||||
try
|
||||
{
|
||||
$CAPI_Util = new COM('CAPICOM.Utilities.1');
|
||||
if(is_callable(array($CAPI_Util, 'GetRandom')))
|
||||
{
|
||||
$output = $CAPI_Util->GetRandom($bytes, 0);
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return $output;
|
||||
}
|
||||
|
||||
if(strlen($output) < $bytes)
|
||||
{
|
||||
// Close to what PHP basically uses internally to seed, but not quite.
|
||||
$unique_state = microtime().@getmypid();
|
||||
|
||||
$rounds = ceil($bytes / 16);
|
||||
|
||||
for($i = 0; $i < $rounds; $i++)
|
||||
{
|
||||
$unique_state = md5(microtime().$unique_state);
|
||||
$output .= md5($unique_state);
|
||||
}
|
||||
|
||||
$output = substr($output, 0, ($bytes * 2));
|
||||
|
||||
$output = pack('H*', $output);
|
||||
|
||||
return $output;
|
||||
}
|
||||
else
|
||||
{
|
||||
return $output;
|
||||
}
|
||||
}
|
||||
}
|
82
inc/lang.class.php
Normal file
82
inc/lang.class.php
Normal file
|
@ -0,0 +1,82 @@
|
|||
<?php
|
||||
/**
|
||||
* Project: astat - simple site engine
|
||||
* File: /inc/lang.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.astat.org SVN: $URL: $
|
||||
* @copyright 2025 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package astat core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
$module["lang"]["name"]="Language Class";
|
||||
$module["lang"]["ver"]="0.1.1";
|
||||
|
||||
class lang{
|
||||
var $langname=array('de'=>'Deutsch','en'=>'English');
|
||||
var $language;
|
||||
var $languagedir;
|
||||
var $lf;
|
||||
|
||||
function __construct($languagedir='/languages/'){
|
||||
$this->languagedir = dirname(dirname(__FILE__)).'/languages/';
|
||||
}
|
||||
|
||||
function setlang($language){
|
||||
global $config, $error, $db, $log, $core, $plugin, $lang;
|
||||
unset($this->language);
|
||||
unset($this->lf);
|
||||
if(!$language || $language==''){
|
||||
$language=$config['lang'];
|
||||
if(!$language){
|
||||
$this->language='en';
|
||||
}else{
|
||||
$this->language=$language;
|
||||
}
|
||||
}else{
|
||||
$this->language=$language;
|
||||
}
|
||||
include_once $this->languagedir.$this->language.'.lang.php';
|
||||
$this->lf=$lf;
|
||||
}
|
||||
|
||||
function getlanguages(){
|
||||
$langdir = $this->languagedir;
|
||||
$langs = opendir($langdir);
|
||||
$i=0;
|
||||
while ($lang = readdir($langs)) {
|
||||
if (preg_match('/^.*?\.lang.php$/', $lang)) {
|
||||
$langfile[$i]['short']=substr($lang,0,2);
|
||||
$langfile[$i]['name']=$this->langname[$langfile[$i]['short']];
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
@closedir($langs);
|
||||
return($langfile);
|
||||
}
|
||||
|
||||
function _($string){
|
||||
if(isset($this->lf[$string])){
|
||||
return($this->lf[$string]);
|
||||
}else{
|
||||
return($string);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
115
inc/logger.class.php
Normal file
115
inc/logger.class.php
Normal file
|
@ -0,0 +1,115 @@
|
|||
<?php
|
||||
/**
|
||||
* Project: astat - simple site engine
|
||||
* File: /inc/logger.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/logger.class.php $
|
||||
* @copyright 2009 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package astat core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id: logger.class.php 91 2009-10-22 20:47:08Z genuineparts $
|
||||
*/
|
||||
|
||||
$module["logger"]["name"]="Logging Class";
|
||||
$module["logger"]["ver"]="0.2.1";
|
||||
/*
|
||||
Already defined by PHP. I'll leave it here for Info
|
||||
define("LOG_EMERG", 0);
|
||||
define("LOG_ALERT", 1);
|
||||
define("LOG_CRIT", 2);
|
||||
define("LOG_ERR", 3);
|
||||
define("LOG_WARNING", 4);
|
||||
define("LOG_INFO", 6);
|
||||
define("LOG_DEBUG", 7);
|
||||
*/
|
||||
|
||||
class logger {
|
||||
var $type="file";
|
||||
var $logfile;
|
||||
var $level=LOG_ERR;
|
||||
var $filelink;
|
||||
|
||||
function __construct($type="file", $logfile='/logs/logfile.log', $level=LOG_INFO) {
|
||||
global $core, $config, $db;
|
||||
$this->type=$type;
|
||||
$this->logfile=$logfile;
|
||||
$this->level=$level;
|
||||
switch($this->type){
|
||||
case "syslog":
|
||||
openlog("astatlog", LOG_ODELAY , LOG_USER);
|
||||
break;
|
||||
case "SQL":
|
||||
if(!is_object($db)){
|
||||
$this->type="file";
|
||||
$this->filelink=$this->open_file($this->logfile);
|
||||
}
|
||||
break;
|
||||
case "file":
|
||||
default:
|
||||
if($this->logfile==""){
|
||||
$this->logfile='/logs/logfile.log';
|
||||
}
|
||||
$this->filelink=$this->open_file($this->logfile);
|
||||
break;
|
||||
}
|
||||
$this->write("File Logging instanziert.", LOG_DEBUG);
|
||||
}
|
||||
|
||||
function __destruct() {
|
||||
$this->close($this->filelink);
|
||||
}
|
||||
|
||||
function open_file($file){
|
||||
global $core, $config, $db;
|
||||
$filelink = fopen($file, "a");
|
||||
return $filelink;
|
||||
}
|
||||
|
||||
|
||||
function close(){
|
||||
if($this->type=="file")
|
||||
fclose($this->filelink);
|
||||
}
|
||||
|
||||
function write($text,$level=LOG_INFO,$line="",$file=""){
|
||||
global $db, $config;
|
||||
if($level<=$this->level){
|
||||
$timestamp = date("d.m.Y, H:i:s",time());
|
||||
$date = date("d.m.Y",time());
|
||||
$time = date("H:i:s",time());
|
||||
$ip = $_SERVER["REMOTE_ADDR"];
|
||||
switch ($this->type) {
|
||||
case "syslog":
|
||||
syslog($level, '<' . $timestamp . '> '.$text.' IP: ' . $ip .' FILE: '. $file . ' LINE:' . $line);
|
||||
break;
|
||||
case "SQL":
|
||||
$db->query("INSERT INTO ".$config["prefix"] . "logs (date,time,ip,file,line,text) VALUES ('".$date."','".$time."','".$ip."','".$file."','".$line."','".$text."')");
|
||||
break;
|
||||
case "file":
|
||||
default:
|
||||
$log = "<" . $timestamp . ">;" . $ip . ";" . $file . ";" . $line . ";" . $text . "\r\n";
|
||||
fwrite($this->filelink, $log);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
?>
|
111
inc/mail.class.php
Normal file
111
inc/mail.class.php
Normal file
|
@ -0,0 +1,111 @@
|
|||
<?php
|
||||
|
||||
$module["mail"]["name"]="Mail Class";
|
||||
$module["mail"]["ver"]="0.7.2";
|
||||
|
||||
class mail {
|
||||
var $errstr;
|
||||
var $headers;
|
||||
var $textbody;
|
||||
var $htmlbody;
|
||||
var $attachments;
|
||||
var $boundary;
|
||||
var $semi_rand;
|
||||
|
||||
// Default constructor, sets up default header and boundary.
|
||||
function __construct() {
|
||||
$this->attachments = array();
|
||||
$this->semi_rand = md5(time());
|
||||
$this->boundary = '==becast_'.$this->semi_rand ;
|
||||
$this->headers = array(
|
||||
'From' => 'BeCast WebEngine Mail Class <noreply@becast.at>',
|
||||
'MIME-Version' => '1.0',
|
||||
'Content-Type' => "multipart/mixed; boundary=\"".$this->boundary."\""
|
||||
);
|
||||
$this->bodytext("Body");
|
||||
}
|
||||
|
||||
// For debugging purposes you can display the body you are about
|
||||
// to send.
|
||||
function get_body() {
|
||||
$retval = $textbody;
|
||||
$retval .= $htmlbody;
|
||||
foreach($this->attachments as $tblck)
|
||||
$retval .= $tblck;
|
||||
|
||||
return $retval;
|
||||
}
|
||||
|
||||
// Convert the values in the header array into the correct format.
|
||||
function get_header() {
|
||||
$retval = "";
|
||||
foreach($this->headers as $key => $value)
|
||||
$retval .= "$key: $value\n";
|
||||
|
||||
return $retval;
|
||||
}
|
||||
|
||||
// Add your own header entry or modify a header.
|
||||
function set_header($name, $value) {
|
||||
$this->headers[$name] = $value;
|
||||
}
|
||||
|
||||
// Attach a file to the message.
|
||||
function attachfile($file, $type = "application/octetstream") {
|
||||
if(!($fd = fopen($file, "r"))) {
|
||||
$this->errstr = "Error opening ".$file." for reading.";
|
||||
return 0;
|
||||
}
|
||||
$_buf = fread($fd, filesize($file));
|
||||
fclose($fd);
|
||||
|
||||
$fname = $file;
|
||||
for($x = strlen($file); $x > 0; $x--)
|
||||
if($file[$x] == "/")
|
||||
$fname = substr($file, $x, strlen($file) - $x);
|
||||
|
||||
// Convert to base64 becuase mail attachments are not binary safe.
|
||||
$_buf = chunk_split(base64_encode($_buf));
|
||||
|
||||
$this->attachments[$file] = "--" . $this->boundary . "\n";
|
||||
$this->attachments[$file] .= "Content-Type: ".$type."; name=\"".$fname."\"\n";
|
||||
$this->attachments[$file] .= "Content-Transfer-Encoding: base64\n";
|
||||
$this->attachments[$file] .= "Content-Disposition: attachment; " .
|
||||
"filename=\"".$fname."\"\n\n";
|
||||
$this->attachments[$file] .= $_buf;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
function bodytext($text) {
|
||||
$this->textbody = "--" . $this->boundary . "\n";
|
||||
$this->textbody .= "Content-Type: text/plain; charset=utf-8\n";
|
||||
$this->textbody .= "Content-Transfer-Encoding: base64\n\n";
|
||||
$this->textbody .= base64_encode($text);
|
||||
}
|
||||
|
||||
function htmltext($text) {
|
||||
$this->htmlbody = "\n--" . $this->boundary . "\n";
|
||||
$this->htmlbody .= "Content-Type: text/html; charset=utf-8\n";
|
||||
$this->htmlbody .= "Content-Transfer-Encoding: base64\n\n";
|
||||
$this->htmlbody .= base64_encode($text);
|
||||
}
|
||||
|
||||
function clear_bodytext() { $this->textbody = ""; }
|
||||
function clear_htmltext() { $this->htmlbody = ""; }
|
||||
function get_error() { return $this->errstr; }
|
||||
|
||||
// Send the headers and body using php's built in mail.
|
||||
function sendmail($to = "root@localhost", $subject = "kein Betreff") {
|
||||
if(isset($this->textbody)) $_body .= $this->textbody;
|
||||
if(isset($this->htmlbody)) $_body .= $this->htmlbody;
|
||||
|
||||
foreach($this->attachments as $tblck)
|
||||
$_body .= $tblck;
|
||||
|
||||
$_body .= "\n--$this->boundary--";
|
||||
|
||||
mail($to, '=?utf-8?B?'.base64_encode($subject).'?=', $_body, $this->get_header());
|
||||
}
|
||||
}
|
||||
?>
|
252
inc/panel.class.php
Normal file
252
inc/panel.class.php
Normal file
|
@ -0,0 +1,252 @@
|
|||
<?php
|
||||
/**
|
||||
* Project: BeCast Webengine - simple site engine
|
||||
* File: /inc/panel.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.becast.at
|
||||
* @copyright 2009 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package BeCast Webengine core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id: panel.class.php 128 2010-02-21 22:03:37Z genuineparts $
|
||||
*/
|
||||
|
||||
$module["panel"]["name"]="Panel Class";
|
||||
$module["panel"]["ver"]="0.3.4";
|
||||
class panel {
|
||||
var $sidebar="";
|
||||
var $page="";
|
||||
var $bodyext="";
|
||||
var $title="";
|
||||
var $content="";
|
||||
var $meta="";
|
||||
var $form="";
|
||||
var $foot="";
|
||||
var $head="";
|
||||
var $menu_items ="";
|
||||
|
||||
function page($additional_title="",$meta=""){
|
||||
global $config,$db,$core;
|
||||
return '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>'.$config['sitetitle'].'</title>
|
||||
<link rel="stylesheet" type="text/css" href="admin.css" />
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
'.$this->meta.'
|
||||
</head>
|
||||
<body '.$this->bodyext.'>
|
||||
<div id="container">
|
||||
'.$this->menu().'
|
||||
<div id="content">
|
||||
'.$this->page.'
|
||||
</div>
|
||||
<div id="footer">
|
||||
© 2016 - 2025 Becast.at | mySQL Queries: '.$db->querys().'
|
||||
<br/>
|
||||
Powered by
|
||||
<a href="http://www.becast.at">BeCast WebEngine</a>
|
||||
'.$core->ver_major.'.'.$core->ver_minor.".".$core->ver_rev.' - '.$core->ver_codename.'
|
||||
</div>
|
||||
</div>
|
||||
'.$this->foot.'
|
||||
</body>
|
||||
</html>';
|
||||
}
|
||||
|
||||
function parse_page(){
|
||||
$this->page.="<h2>".$this->title."</h2>
|
||||
<p>".$this->content."</p>";
|
||||
$this->title="";
|
||||
$this->content="";
|
||||
echo $this->page();
|
||||
exit();
|
||||
}
|
||||
|
||||
function menu_item($panel,$text, $img=""){
|
||||
global $config, $userdata, $userinfo, $session, $meta;
|
||||
if($panel=="group_only"){
|
||||
$this->menu_items.="<li><strong>".$text."</strong></li>";
|
||||
}elseif($panel=="admin_home"){
|
||||
$this->menu_items.="<li><a href=\"".$config["path"]."/admin/index.php\"><img src=\"".$config["path"]."/admin/images/icons/".$img.".png\" /> ".$text."</a></li>";
|
||||
}elseif($panel=="page_home"){
|
||||
$this->menu_items.="<li><a href=\"".$config["path"]."/index.php\"><img src=\"".$config["path"]."/admin/images/icons/".$img.".png\" /> ".$text."</a></li>";
|
||||
}else{
|
||||
if($img!=""){
|
||||
$this->menu_items.="<li><a href=\"".$config["path"]."/admin/index.php?panel=".$panel."\"><img src=\"".$config["path"]."/admin/images/icons/".$img.".png\" /> ".$text."</a></li>";
|
||||
}else{
|
||||
$this->menu_items.="<li><a href=\"".$config["path"]."/admin/index.php?panel=".$panel."\">".$text."</a></li>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function admin_message($title,$message,$redirect=FALSE,$panel="",$time="4"){
|
||||
global $config,$session,$lang;
|
||||
$session->page_begin("Admin Message", True);
|
||||
if($panel!="" && $redirect){
|
||||
$this->content=$message."<br /><a href=\"".$config["path"]."/admin/index.php?panel=".$panel."\">".$lang->_('CLICKREDIRECT')."</a>";
|
||||
}elseif($panel!="" && !$redirect){
|
||||
$this->content=$message."<br /><a href=\"".$config["path"]."/admin/index.php?panel=".$panel."\">".$lang->_('CLICKCONTINUE')."</a>";
|
||||
}else{
|
||||
$this->content=$message;
|
||||
}
|
||||
if($redirect && $panel!="")
|
||||
$this->meta.="<meta http-equiv=\"refresh\" content=\"".$time."; URL=".$config["path"]."/admin/index.php?panel=".$panel."\" />";
|
||||
$this->title=$title;
|
||||
$this->parse_page();
|
||||
|
||||
}
|
||||
|
||||
function menu(){
|
||||
|
||||
return '<div id="menu">
|
||||
<ul>'.$this->menu_items.'</ul></div>';
|
||||
|
||||
}
|
||||
|
||||
function form ($args = array(),$return=FALSE,$extra=""){
|
||||
|
||||
$method = $args["method"] ? $args["method"] : 'post';
|
||||
$action = $args["action"] ? $args["action"] : $_SERVER['PHP_SELF'];
|
||||
$form = '<form action="' .$action. '" method="' .$method. '"' .$extra. '>';
|
||||
if(!$return){
|
||||
$this->content .= $form;
|
||||
}else{
|
||||
return $form;
|
||||
}
|
||||
}
|
||||
function formClose ()
|
||||
{
|
||||
|
||||
$form = '</form>';
|
||||
if(!$return){
|
||||
$this->content .= $form;
|
||||
}else{
|
||||
return $form;
|
||||
}
|
||||
}
|
||||
|
||||
function button ($text = '', $name='', $extra='', $return=FALSE)
|
||||
{
|
||||
|
||||
$fld = '<input type="button" name="'.$name.'" value="'.$text.'" ' .$extra. ' />';
|
||||
if(!$return){
|
||||
$this->content .= $fld;
|
||||
}else{
|
||||
return $fld;
|
||||
}
|
||||
}
|
||||
|
||||
function radio ($args=array(),$extra="",$return=FALSE)
|
||||
{
|
||||
$name = $args["name"] ? $args["name"] : 'radiobutton';
|
||||
$value = $args["value"];
|
||||
if($value!=""){
|
||||
$extra .= ' value="'.$value.'"';
|
||||
}
|
||||
$fld=$this->radioOrCheck ("radio",$name,$extra,$return);
|
||||
if($return){
|
||||
return $fld;
|
||||
}
|
||||
}
|
||||
function checkbox ($args=array(),$extra="",$return=FALSE)
|
||||
{
|
||||
$name = $args["name"] ? $args["name"] : 'checkbox';
|
||||
$value = $args["value"];
|
||||
if($value!=""){
|
||||
$extra .= ' value="'.$value.'"';
|
||||
}
|
||||
$fld=$this->radioOrCheck ("checkbox",$name,$extra,$return);
|
||||
if($return){
|
||||
return $fld;
|
||||
}
|
||||
}
|
||||
/* private */
|
||||
function radioOrCheck ($type,$name="",$extra="",$return=FALSE)
|
||||
{
|
||||
$fld = '<input type="'.$type.'" name="'.$name.'" ' .$extra. ' />';
|
||||
if(!$return){
|
||||
$this->content .= $fld;
|
||||
}else{
|
||||
return $fld;
|
||||
}
|
||||
}
|
||||
|
||||
function field ($args=array(),$extra="",$return=FALSE)
|
||||
{
|
||||
$typ = $args["typ"] ? $args["typ"] : 'text';
|
||||
$name = $args["name"] ? $args["name"] : 'textfield';
|
||||
$value = $args["value"] ? $args["value"] : '';
|
||||
$fld = '<input type="' .$typ. '" name="' .$name. '" value="' .$value. '"' .$extra. ' />'; // html: form field
|
||||
if(!$return){
|
||||
$this->content .= $fld;
|
||||
}else{
|
||||
return $fld;
|
||||
}
|
||||
}
|
||||
function submit ($args=array(),$extra="",$return=FALSE)
|
||||
{
|
||||
$name = $args["name"] ? $args["name"] : 'submit';
|
||||
$fld = '<input type="submit" name="'.$name.'" ' .$extra. ' />'; // html: form submit button
|
||||
if(!$return){
|
||||
$this->content .= $fld;
|
||||
}else{
|
||||
return $fld;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
$args[value] used for default text (as in "field" function)
|
||||
*/
|
||||
function textarea ($args = array(),$extra="",$return=FALSE)
|
||||
{
|
||||
$name = $args["name"] ? $args["name"] : 'field';
|
||||
$rows = $args["rows"] ? $args["rows"] : '3';
|
||||
$cols = $args["cols"] ? $args["cols"] : '30';
|
||||
$text = $args["value"] ? $args["value"] : '';
|
||||
|
||||
$fld = '<textarea name="' .$name. '" rows="' .$rows. '" cols="' .$cols. '"' .$extra. '>' .$text. '</textarea>';
|
||||
if(!$return){
|
||||
$this->content .= $fld;
|
||||
}else{
|
||||
return $fld;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
$values = array containing values (key = processing value, data = displaying value)
|
||||
*/
|
||||
function select ($values=array(),$selected="",$name="",$extra="",$return=FALSE)
|
||||
{
|
||||
$fld='<select name="'.$name.'" '.$extra.'>';
|
||||
foreach($values as $name=>$val){
|
||||
if($val==$selected){
|
||||
$fld.='<option value="'.$val.'" selected="selected">'.$name.'</option>';
|
||||
}else{
|
||||
$fld.='<option value="'.$val.'">'.$name.'</option>';
|
||||
}
|
||||
}
|
||||
$fld.="</select>";
|
||||
if(!$return){
|
||||
$this->content .= $fld;
|
||||
}else{
|
||||
return $fld;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
99
inc/plugin.class.php
Normal file
99
inc/plugin.class.php
Normal file
|
@ -0,0 +1,99 @@
|
|||
<?php
|
||||
/**
|
||||
* (c) 2025 BeCast
|
||||
* -------------------------------------
|
||||
* Filename: plugin.class.php
|
||||
* Purpose: Plugin Handling
|
||||
* CVS Header: $Header$
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
|
||||
* MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
$module["module"]["name"]="Plugin Class";
|
||||
$module["module"]["ver"]="0.1.1";
|
||||
class plugins{
|
||||
|
||||
var $hooks;
|
||||
var $current_hook;
|
||||
var $plugin_=array();
|
||||
|
||||
function load_plugins($region='G'){
|
||||
global $config, $db;
|
||||
$result = $db->query("SELECT * FROM " . $config["prefix"] . "module");
|
||||
while ($row = $db->fetch_array($result)){
|
||||
$this->plugin_[$row["file"]] = $row;
|
||||
if($row["module"]=""){
|
||||
//$plugin="$
|
||||
}else{
|
||||
|
||||
}
|
||||
//include_once();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function use_hook($name,$function,$order=20,$file="") {
|
||||
if(is_array($function)){
|
||||
$fname=serialize($function);
|
||||
}else{
|
||||
$fname=$function;
|
||||
}
|
||||
if(!empty($this->hooks[$name][$order][$fname]) && is_array($this->hooks[$name][$order][$fname])){
|
||||
return true;
|
||||
}
|
||||
|
||||
$this->hooks[$name][$order][$fname] = array(
|
||||
"function" => $function,
|
||||
"file" => $file
|
||||
);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
function run_hook($name,$variables=array()) {
|
||||
if(array_key_exists($name,$this->hooks)){
|
||||
if(!is_array($this->hooks[$name]))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
$this->current_hook = $name;
|
||||
ksort($this->hooks[$name]);
|
||||
foreach($this->hooks[$name] as $priority => $hooks)
|
||||
{
|
||||
if(is_array($hooks))
|
||||
{
|
||||
foreach($hooks as $hook)
|
||||
{
|
||||
if($hook['file'])
|
||||
{
|
||||
require_once $hook['file'];
|
||||
}
|
||||
if(!is_array($variables))
|
||||
$variables=array();
|
||||
|
||||
$return = call_user_func_array($hook['function'], $variables);
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->current_hook = '';
|
||||
return $return;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
?>
|
396
inc/sessions.class.php
Normal file
396
inc/sessions.class.php
Normal file
|
@ -0,0 +1,396 @@
|
|||
<?php
|
||||
$module["session"]["name"]="Sessionmanagement Module";
|
||||
$module["session"]["ver"]="0.9.1";
|
||||
/**
|
||||
* Project: astat - simple site engine
|
||||
* File: /inc/sessions.class.php
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/sessions.class.php $
|
||||
* @copyright 2010 becast.at
|
||||
* @author Bernhard Jaud <bernhard at becast dot at>
|
||||
* @package astat core
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
* @version $Id: sessions.class.php 129 2010-02-21 22:04:51Z genuineparts $
|
||||
*/
|
||||
class session {
|
||||
|
||||
var $sid = 0;
|
||||
var $uid = 0;
|
||||
var $ip = '';
|
||||
var $packip = '';
|
||||
var $userdata = array();
|
||||
var $useragent = '';
|
||||
|
||||
function page_begin($page = "UNDEFINED", $needlogin = TRUE){
|
||||
global $config, $db, $log, $core, $lang, $plugin, $functions;
|
||||
$plugin->run_hook('page_begin_start',array('page'=>$page,'needlogin'=>$needlogin));
|
||||
if($this->userdata['uid']==0 || !$this->userdata['uid']){
|
||||
$this->ip = $functions->get_ip();
|
||||
$this->packip = $functions->my_inet_pton($this->ip);
|
||||
$this->useragent = $_SERVER["HTTP_USER_AGENT"];
|
||||
|
||||
//Check if the User has a Cookie
|
||||
if (isset($_COOKIE[$config["cookiename"] . "_sid"])){
|
||||
//Retireve Data from Cookie
|
||||
$sid = $_COOKIE[$config["cookiename"] . "_sid"];
|
||||
$sid = $db->escape(base64_decode($sid));
|
||||
$data = $db->fetch_array($db->query("SELECT sid,uid FROM `" . $config["prefix"] . "sessions` WHERE `sid`='".$sid."' AND `ip`=".$db->escape_binary($this->packip)));
|
||||
|
||||
if($data['sid']){
|
||||
$this->sid=$data['sid'];
|
||||
$this->uid=$data['uid'];
|
||||
}else{
|
||||
$this->sid=0;
|
||||
$this->uid=0;
|
||||
}
|
||||
}
|
||||
|
||||
//Something's rotten. Still no SID.
|
||||
if(!$this->sid){
|
||||
//This is some strange behavior, log it with low priority.
|
||||
if($config["logging"])
|
||||
$log->write("SID not set.",5,__LINE__,__FILE__);
|
||||
|
||||
$this->sid = 0;
|
||||
$this->uid = 0;
|
||||
}
|
||||
|
||||
// If there is a Cookie log the user in (if he isn't already)
|
||||
if (isset($_COOKIE[$config["cookiename"] . "_base"])){
|
||||
$cookiedata = $_COOKIE[$config["cookiename"] . "_base"];
|
||||
$cookiedata = explode("_",base64_decode($cookiedata),2);
|
||||
$this->load_data($cookiedata[0],$cookiedata[1]);
|
||||
}
|
||||
|
||||
if($this->userdata['active']==2){
|
||||
$additional_message = '';
|
||||
if($this->userdata['bio']!=""){
|
||||
$additional_message = '<br />'.$lang->_('REASON').' '.$this->userdata['bio'];
|
||||
}
|
||||
//$this->destroy_session($session->sid);
|
||||
|
||||
$this->userdata['uid']=0;
|
||||
|
||||
$this->setcookie($config['cookiename'] . '_base', 0, time()-3600, $config['path'],$config['domain']);
|
||||
$core->message($lang->_('BANNED'),$lang->_('YOUHAVEBEENBANNED').$additional_message);
|
||||
}
|
||||
|
||||
// Still no Userdata, its a Guest
|
||||
if(!isset($this->userdata['uid'])){
|
||||
if(!empty($this->sid)){
|
||||
$this->update_session($this->sid);
|
||||
$this->userdata['uid']=0;
|
||||
}else{
|
||||
$this->create_session();
|
||||
$this->userdata['uid']=0;
|
||||
}
|
||||
}
|
||||
|
||||
$this->setcookie($config["cookiename"] . "_sid",base64_encode($this->sid),0,"/",$config['domain'],true);
|
||||
}
|
||||
$plugin->run_hook('page_begin_end',array('data'=>$this));
|
||||
|
||||
|
||||
if($needlogin != FALSE && $this->userdata["uid"]==0){
|
||||
header("LOCATION://" . $_SERVER["HTTP_HOST"] . $config['path'] . "/index.php?fail=needlogin");
|
||||
}
|
||||
}
|
||||
|
||||
//Fetch userdata
|
||||
function load_data($uid, $loginkey){
|
||||
global $db,$config, $log, $plugin, $lang;
|
||||
|
||||
$plugin->run_hook('load_data_start',array('loginkey'=>$loginkey,'uid'=>$uid, 'data'=>$this));
|
||||
$result = $db->query("SELECT * FROM `" . $config["prefix"] . "users` u LEFT JOIN `" . $config["prefix"] . "role` r ON r.id=u.role WHERE u.`uid`='" . intval($uid) . "' and u.`loginkey`='" . $db->escape($loginkey) . "' LIMIT 1");
|
||||
$this->userdata=$db->fetch_array($result);
|
||||
$result = $db->query("SELECT * FROM `" . $config["prefix"] . "roleset` rs LEFT JOIN `" . $config["prefix"] . "role_values` rv ON rv.id=rs.role_value_id WHERE rs.role_id='".$this->userdata["role"]."'");
|
||||
|
||||
while($row=$db->fetch_array($result)){
|
||||
$this->userdata[$row["name"]]=$row["value"];
|
||||
}
|
||||
if(!$this->userdata['uid']){
|
||||
|
||||
if($config["logging"])
|
||||
$log->write("No User found. UID: " .$uid,4,__LINE__,__FILE__);
|
||||
|
||||
unset($this->userdata);
|
||||
$this->uid=0;
|
||||
return false;
|
||||
}
|
||||
|
||||
if($uid!=$this->userdata['uid'] || $loginkey!=$this->userdata['loginkey']){
|
||||
|
||||
if($config["logging"]){
|
||||
$log->write("HACK ATTEMPT. Cookie Spoof. UID: " .$uid,1,__LINE__,__FILE__);
|
||||
}
|
||||
unset($this->userdata);
|
||||
$this->uid=0;
|
||||
return false;
|
||||
}
|
||||
if($this->userdata['uid']!=0){
|
||||
if($this->userdata['lastip'] != $this->packip && array_key_exists('lastip', $this->userdata)){
|
||||
$lastip_add = ", lastip=".$db->escape_binary($this->packip);
|
||||
}
|
||||
else
|
||||
{
|
||||
$lastip_add = '';
|
||||
}
|
||||
|
||||
$time = time();
|
||||
if($time - $this->userdata['lastactive'] > 900){
|
||||
$db->query("UPDATE `" . $config["prefix"] . "users` SET `lastvisit`='" . $this->userdata['lastactive'] . "', `lastactive`='" . $time . "'".$lastip_add." WHERE `uid`='" . $uid . "'");
|
||||
//$mybb->user['lastvisit'] = $mybb->user['lastactive'];
|
||||
}
|
||||
else
|
||||
{
|
||||
$timespent = $time - $this->userdata['lastactive'];
|
||||
$db->query("UPDATE `" . $config["prefix"] . "users` SET `lastactive`='" . $time . "'".$lastip_add." WHERE `uid`='" . $uid . "'");
|
||||
}
|
||||
}
|
||||
if(!empty($this->sid)){
|
||||
$this->update_session($this->sid, $this->userdata['uid']);
|
||||
}else{
|
||||
$this->create_session($this->userdata['uid']);
|
||||
}
|
||||
$lang->setlang($this->userdata['lang']);
|
||||
$plugin->run_hook('load_data_end',array('data'=>$this));
|
||||
}
|
||||
|
||||
function setcookie($name,$data,$validto=0,$path=NULL,$domain=NULL,$httponly=false,$https=true)
|
||||
{
|
||||
if($domain!=''){
|
||||
// Fix the domain to accept domains with and without 'www.'.
|
||||
if (strtolower( substr($domain, 0, 4) ) == 'www.' ){
|
||||
$domain = substr($domain, 4);
|
||||
}else{
|
||||
$domain = $domain;
|
||||
}
|
||||
// Add the dot prefix to ensure compatibility with subdomains
|
||||
if ( substr($domain, 0, 1) != '.' ){
|
||||
$domain = '.'.$domain;
|
||||
}
|
||||
}
|
||||
if((isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS'])) || $https){
|
||||
$https = true;
|
||||
}
|
||||
$arr_cookie_options = array (
|
||||
'expires' => $validto,
|
||||
'path' => $path,
|
||||
'domain' => $domain, // leading dot for compatibility or use subdomain
|
||||
'secure' => $https, // or false
|
||||
'httponly' => $httponly, // or false
|
||||
'samesite' => 'Strict' // None || Lax || Strict
|
||||
);
|
||||
setcookie($name, $data, $arr_cookie_options);
|
||||
}
|
||||
|
||||
function update_session($sid, $uid=''){
|
||||
global $db,$config, $plugin, $lang;
|
||||
$plugin->run_hook('update_session_start', array('sid'=>$sid,'uid'=>$uid, 'data'=>$this));
|
||||
if($uid){
|
||||
$sessiondata['uid'] = $uid;
|
||||
$db->query("UPDATE `" . $config["prefix"] . "users` SET `lastvisit`='".time()."' WHERE `uid`='".$uid."'");
|
||||
}else{
|
||||
$sessiondata['uid'] = 0;
|
||||
$lang->setlang($config['lang']);
|
||||
}
|
||||
|
||||
$sid = $db->escape($sid);
|
||||
$db->query("UPDATE `" . $config["prefix"] . "sessions` SET `uid`='".$sessiondata['uid']."',`time`='".time()."',`ip`=".$db->escape_binary($this->packip).", `useragent`='".$db->escape($this->useragent)."' WHERE `sid`='".$sid."'");
|
||||
$timeout=time()-1800;
|
||||
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `time`<='".$timeout."'");
|
||||
$plugin->run_hook('update_session_end');
|
||||
}
|
||||
|
||||
function create_session($uid=0){
|
||||
global $db,$config, $plugin, $lang, $functions;
|
||||
$plugin->run_hook('create_session_start', array('uid'=>$uid, 'data'=>$this));
|
||||
if($uid > 0){
|
||||
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `uid`='".intval($uid)."'");
|
||||
$sessiondata['uid'] = $uid;
|
||||
}else{
|
||||
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `ip`=".$db->escape_binary($this->packip));
|
||||
$sessiondata['uid'] = 0;
|
||||
$lang->setlang($config['lang']);
|
||||
}
|
||||
|
||||
$sessiondata['sid'] = md5($functions->random_str(50));
|
||||
$db->query("INSERT INTO `" . $config["prefix"] . "sessions` (`sid`,`uid`,`time`,`useragent`,`ip`) VALUES ('".$sessiondata['sid']."','".$sessiondata['uid']."','".time()."','".$db->escape($this->useragent)."',".$db->escape_binary($this->packip).")");
|
||||
$db->query("UPDATE `" . $config["prefix"] . "users` SET `lastvisit`='".time()."' WHERE `uid`='".$uid."'");
|
||||
$this->sid = $sessiondata['sid'];
|
||||
$this->uid = $sessiondata['uid'];
|
||||
$plugin->run_hook('create_session_end');
|
||||
}
|
||||
|
||||
function destroy_session($sid)
|
||||
{
|
||||
global $db,$config, $plugin;
|
||||
$plugin->run_hook('destroy_session_start', array('data'=>$this));
|
||||
if($sid !=""){
|
||||
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `sid`='".$db->escape($sid)."'");
|
||||
}else{
|
||||
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `ip`=".$db->escape_binary($this->packip));
|
||||
}
|
||||
unset($this->userdata);
|
||||
$this->setcookie($config["cookiename"] . '_sid','',-3600,'/',true);
|
||||
$this->sid = 0;
|
||||
$this->uid = 0;
|
||||
$plugin->run_hook('destroy_session_end');
|
||||
}
|
||||
|
||||
function check_login($username='',$password='',$openid='')
|
||||
{
|
||||
global $db,$config, $plugin, $lang, $core;
|
||||
$plugin->run_hook('check_login_start', array('data'=>$this));
|
||||
if($username!='' && $password!=''){
|
||||
$username = $db->escape($username);
|
||||
$result = $db->query("SELECT `uid`,`salt` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$username."' AND `active`>'0' LIMIT 1");
|
||||
if ($db->num_rows ($result) > 0){
|
||||
// There is a user
|
||||
$data=$db->fetch_array($result);
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
$pass = hash('sha256',$db->escape($data['salt'].$password));
|
||||
$result = $db->query("SELECT `uid`,`loginkey`,`active`,`bio` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$username."' AND `password`='".$pass."' AND `active`>'0' LIMIT 1");
|
||||
if ($db->num_rows ($result) > 0){
|
||||
// There is a user
|
||||
$data=$db->fetch_array($result);
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
if($data['active']==2){
|
||||
$additional_message = '';
|
||||
if($data['bio']!=""){
|
||||
$additional_message = '<br />'.$lang->_('REASON').' '.$data['bio'];
|
||||
}
|
||||
unset($data);
|
||||
|
||||
$this->setcookie($config['cookiename'] . '_base', 0, time()-3600, $config['path'],$config['domain']);
|
||||
$core->message($lang->_('BANNED'),$lang->_('YOUHAVEBEENBANNED').$additional_message);
|
||||
return 'BANNED';
|
||||
}
|
||||
$uid = $data['uid'];
|
||||
$key = $data['loginkey'];
|
||||
$this->login($uid,$key);
|
||||
return $uid;
|
||||
}elseif($openid!=''){
|
||||
$identity=$db->escape($openid);
|
||||
$result = $db->query("SELECT `uid`,`loginkey` FROM `" . $config['prefix'] . "users` WHERE `openid_identity` = '".$identity."' AND `active`='1' LIMIT 1");
|
||||
if ($db->num_rows ($result) > 0){
|
||||
// There is a user
|
||||
$data=$db->fetch_array($result);
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
$uid = $data['uid'];
|
||||
$key = $data['loginkey'];
|
||||
$this->login($uid,$key);
|
||||
return $uid;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function login($uid,$key)
|
||||
{
|
||||
global $db,$config, $plugin;
|
||||
$plugin->run_hook('logon_start', array('data'=>$this));
|
||||
$cookiedata['uid'] = $uid;
|
||||
$cookiedata['loginkey'] = $key;
|
||||
$cookiedata = base64_encode($cookiedata['uid'] .'_'. $cookiedata['loginkey']);
|
||||
if(isset($_POST['remember']) && $_POST['remember']){
|
||||
$this->setcookie($config['cookiename'] . '_base', $cookiedata, time() + 60 * 60 * 24 * 365, $config['path'],$config['domain'],true);
|
||||
}else{
|
||||
$this->setcookie($config['cookiename'] . '_base', $cookiedata, 0, $config['path'],$config['domain'],true);
|
||||
}
|
||||
$this->create_session($uid);
|
||||
$plugin->run_hook('logon_end');
|
||||
}
|
||||
|
||||
function get_users_with_right($right, $value)
|
||||
{
|
||||
global $db,$config;
|
||||
$result = $db->query("SELECT u.* FROM `" . $config["prefix"] . "users` u LEFT JOIN `" . $config["prefix"] . "role` r ON u.`role`=r.`id` LEFT JOIN `" . $config["prefix"] . "roleset` rs ON rs.`role_id`=r.`id` LEFT JOIN `" . $config["prefix"] . "role_values` rv ON rv.`id`=rs.`role_value_id` WHERE rv.`name`='".$db->escape($right)."' AND rs.`value`='".$db->escape($value)."'");
|
||||
while($row=$db->fetch_array($result)){
|
||||
$return[]=$row;
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
function generate_Key($length=8){
|
||||
|
||||
$dummy = array_merge(range('0', '9'), range('a', 'z'), range('A', 'Z'));
|
||||
|
||||
mt_srand((double)microtime()*1000000);
|
||||
|
||||
for ($i = 1; $i <= (count($dummy)*2); $i++){
|
||||
$swap = mt_rand(0,count($dummy)-1);
|
||||
$tmp = $dummy[$swap];
|
||||
$dummy[$swap] = $dummy[0];
|
||||
$dummy[0] = $tmp;
|
||||
}
|
||||
|
||||
return substr(implode('',$dummy),0,$length);
|
||||
|
||||
}
|
||||
|
||||
function sanitize_username($username){
|
||||
global $config;
|
||||
$username = trim($username);
|
||||
$username = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $username);
|
||||
$username = str_replace(array(chr(160), chr(173), chr(0xCA), chr(8238), chr(8237), chr(8203),"]","[","/","\\"), array("", "-", "", "", "", "","","","",""), $username);
|
||||
// Remove multiple spaces from the username
|
||||
$username = preg_replace("#\s{2,}#", "", $username);
|
||||
return $username;
|
||||
}
|
||||
|
||||
function verify_username($username){
|
||||
global $config;
|
||||
|
||||
// Check if the username is not empty.
|
||||
if($username == '')
|
||||
{
|
||||
return "Username empty.";
|
||||
}
|
||||
|
||||
// Check if the username belongs to the list of banned usernames.
|
||||
$banned=explode("\n",$config['banned_usernames']);
|
||||
if(is_array($banned)){
|
||||
foreach($banned as $banned_username){
|
||||
$banned_username = str_replace('*', '(.*)', trim($banned_username));
|
||||
if(preg_match("#\b{$banned_username}\b#i", $username)){
|
||||
return "Forbidden Username:".$banned_username;
|
||||
}
|
||||
}
|
||||
}
|
||||
// Check for certain characters in username (<, >, &, commas and slashes)
|
||||
if(strpos($username, ".") !== false || strpos($username, ":") !== false || strpos($username, " ") !== false || strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || strpos($username, ")") !== false || strpos($username, "(") !== false || strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || strpos($username, "~") !== false)
|
||||
{
|
||||
return "Forbidden Chars in Username";
|
||||
}
|
||||
|
||||
// Check if the username is of the correct length.
|
||||
if(($config['maxnamelength'] != 0 && strlen($username) > $config['maxnamelength']) || ($config['minnamelength'] != 0 && strlen($username) < $config['minnamelength']))
|
||||
{
|
||||
return sprintf('The username must be %s Chars minimum and can be %s Chars long at max.',$config['minnamelength'],$config['maxnamelength']);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
?>
|
Loading…
Add table
Add a link
Reference in a new issue