/** * Is used as error handler * * @param int $level Error level * @param null|string $string Error message */ function trigger($level, $string = null) { if (!$this->error) { return; } $string = xap($string); $dump = 'null'; $debug_backtrace = debug_backtrace(); if (isset($debug_backtrace[0]['file'], $debug_backtrace[0]['file'])) { $file = $debug_backtrace[0]['file']; $line = $debug_backtrace[0]['line']; } else { $file = $debug_backtrace[1]['file']; $line = $debug_backtrace[1]['line']; } if (DEBUG) { $dump = _json_encode($debug_backtrace); } unset($debug_backtrace); $log_file = LOGS . '/' . date('d-m-Y') . '_' . strtr(date_default_timezone_get(), '/', '_'); $time = date('d-m-Y h:i:s') . ' [' . microtime(true) . ']'; switch ($level) { case E_USER_ERROR: case E_ERROR: ++$this->num; file_put_contents($log_file, "E {$time} {$string} Occurred: {$file}:{$line} Dump: {$dump}\n", LOCK_EX | FILE_APPEND); unset($dump); $this->errors_list[] = "E {$time} {$string} Occurred: {$file}:{$line}"; error_code(500); /** * If Index instance exists - execution will be stopped there, otherwise in Page instance */ Index::instance(true)->__finish(); Page::instance()->error(); break; case E_USER_WARNING: case E_WARNING: ++$this->num; file_put_contents($log_file, "W {$time} {$string} Occurred: {$file}:{$line} Dump: {$dump}\n", LOCK_EX | FILE_APPEND); unset($dump); $this->errors_list[] = "W {$time} {$string} Occurred: {$file}:{$line}"; break; default: file_put_contents($log_file, "N {$time} {$string} Occurred: {$file}:{$line} Dump: {$dump}\n", LOCK_EX | FILE_APPEND); unset($dump); $this->errors_list[] = "N {$time} {$string} Occurred: {$file}:{$line}"; break; } /** * If too many non-critical errors - also stop execution */ if ($this->num >= 100) { /** * If Index instance exists - execution will be stopped there, otherwise in Page instance */ Index::instance(true)->__finish(); Page::instance()->error(); } }
if (!isset($_POST['stream_code'], $_POST['lat'], $_POST['lng'])) { error_code(400); return; } $User = User::instance(); if (!in_array(STREAMER_GROUP, $User->get_groups())) { error_code(403); return; } $stream_code = trim($_POST['stream_code']); if (preg_match('/ustream.tv\\/(channel|embed)\\/([0-9]+)/', $stream_code, $m)) { $stream_code = "https://www.ustream.tv/embed/{$m['2']}"; } elseif (preg_match('/(youtube.com\\/embed\\/|youtube.com\\/watch\\?v=)([0-9a-z\\-]+)/i', $stream_code, $m)) { $stream_code = "https://www.youtube.com/embed/{$m['2']}"; } elseif ($stream_code != '') { error_code(400); return; } $User->set_data('stream_url', $stream_code); $Events = Events::instance(); $event = $User->get_data('stream_event'); if ($event) { $Events->del($event); } if ($stream_code) { $event = Events::instance()->add(STREAM_CATEGORY, 120, $_POST['lat'], $_POST['lng'], 0, "stream:{$stream_code}", 'urgent', 2, 30, ''); if (!$event) { error_code(500); } $User->set_data('stream_event', $event); }
*/ if (!$Config->server['referer']['local'] || !$Config->server['ajax'] || !isset($_POST['verify_hash'], $_POST['new_password']) || !$User->user()) { sleep(1); error_code(403); return; } elseif (!$_POST['new_password']) { error_code(400); $Page->error($L->please_type_new_password); return; } elseif (hash('sha224', $User->password_hash . $User->get_session()) != $_POST['verify_hash']) { error_code(400); $Page->error($L->wrong_current_password); return; } elseif (($new_password = xor_string($_POST['new_password'], $User->password_hash)) == $User->password_hash) { error_code(400); $Page->error($L->current_new_password_equal); return; } if ($new_password == hash('sha512', hash('sha512', '') . Core::instance()->public_key)) { error_code(400); $Page->error($L->please_type_new_password); return; } $id = $User->id; if ($User->set('password_hash', $new_password)) { $User->add_session($id); $Page->json('OK'); } else { error_code(400); $Page->error($L->change_password_server_error); }
<?php /** * @package CleverStyle CMS * @subpackage System module * @category modules * @author Nazar Mokrynskyi <*****@*****.**> * @copyright Copyright (c) 2011-2014, Nazar Mokrynskyi * @license MIT License, see license.txt */ namespace cs; $User = User::instance(); if ($User->guest()) { error_code(403); return; } $fields = ['id', 'login', 'username', 'language', 'timezone', 'avatar']; $Page = Page::instance(); $id = $User->id; $Page->json($User->get($fields, $id));
/** * Error pages processing * * @param null|string|string[] $custom_text Custom error text instead of text like "404 Not Found", * or array with two elements: [error, error_description] * @param bool $json Force JSON return format */ function error($custom_text = null, $json = false) { static $error_showed = false; if ($error_showed) { return; } $error_showed = true; if (!defined('ERROR_CODE')) { error_code(500); } if (defined('API') && !API && ERROR_CODE == 403 && _getcookie('sign_out')) { header('Location: ' . Config::instance()->base_url(), true, 302); $this->Content = ''; exit; } interface_off(); $error = code_header(ERROR_CODE); if (is_array($custom_text)) { $error = $custom_text[0]; $error_description = $custom_text[1]; } else { $error_description = $custom_text ?: $error; } if (defined('API') && API || $json) { if ($json) { header('Content-Type: application/json; charset=utf-8', true); interface_off(); } $this->json(['error' => $error, 'error_description' => $error_description]); } else { ob_start(); if (!_include_once(THEMES . "/{$this->theme}/error.html", false) && !_include_once(THEMES . "/{$this->theme}/error.php", false)) { echo "<!doctype html>\n" . h::title(code_header($error)) . ($error_description ?: $error); } $this->Content = ob_get_clean(); } $this->__finish(); exit; }
<?php /** * @package Package * @category modules * @author Nazar Mokrynskyi <*****@*****.**> * @copyright Copyright (c) 2014, Nazar Mokrynskyi * @license MIT License, see license.txt */ namespace cs; $rc = Config::instance()->route; if (!isset($rc[0])) { return; } switch ($rc[0]) { case 'profile': case path(Language::instance()->profile): error_code(404); }
/** * Initialization: loading of module structure, including of necessary module files, inclusion of save file */ protected function init() { $Config = Config::instance(); $L = Language::instance(); $Page = Page::instance(); $User = User::instance(); /** * Some routing preparations */ $rc_path =& $this->route_path; $rc_ids =& $this->route_ids; foreach ($Config->route as &$item) { if (is_numeric($item)) { $rc_ids[] =& $item; } else { $rc_path[] =& $item; } } unset($item, $rc_path, $rc_ids); $rc =& $this->route_path; if ($Config->core['simple_admin_mode'] && file_exists(MFOLDER . '/index_simple.json')) { $structure_file = 'index_simple.json'; } else { $structure_file = 'index.json'; } if (file_exists(MFOLDER . "/{$structure_file}")) { $this->structure = file_get_json(MFOLDER . "/{$structure_file}"); if (is_array($this->structure)) { foreach ($this->structure as $item => $value) { if (!is_array($value)) { $item = $value; } if ($User->get_permission($this->permission_group, $item)) { $this->parts[] = $item; if (isset($rc[0]) && $item == $rc[0] && is_array($value)) { foreach ($value as $subpart) { if ($User->get_permission($this->permission_group, "{$item}/{$subpart}")) { $this->subparts[] = $subpart; } elseif (isset($rc[1]) && $rc[1] == $subpart) { error_code(403); return; } } } } elseif ($rc[0] == $item) { error_code(403); return; } } unset($item, $value, $subpart); } } elseif (API && !file_exists(MFOLDER . '/index.php') && !file_exists(MFOLDER . "/index.{$this->request_method}.php")) { error_code(404); return; } unset($structure_file); _include_once(MFOLDER . '/index.php', false); if (API && $this->request_method) { _include_once(MFOLDER . "/index.{$this->request_method}.php", false); } if ($this->stop || defined('ERROR_CODE')) { return; } if ($this->parts) { if (!isset($rc[0]) || $rc[0] == '') { if (API) { return; } $rc[0] = $this->parts[0]; if (isset($this->structure[$rc[0]]) && is_array($this->structure[$rc[0]])) { $this->subparts = $this->structure[$rc[0]]; } } elseif ($rc[0] != '' && !empty($this->parts) && !in_array($rc[0], $this->parts)) { error_code(404); return; } /** * Saving of changes */ if (IN_ADMIN && !_include_once(MFOLDER . "/{$rc['0']}/{$this->savefile}.php", false)) { _include_once(MFOLDER . "/{$this->savefile}.php", false); } IN_ADMIN && $this->title_auto && $Page->title($L->administration); if (!$this->api && $this->title_auto) { $Page->title($L->{HOME ? 'home' : MODULE}); } if (!$this->api) { if (!HOME && $this->title_auto) { $Page->title($L->{$rc}[0]); } } /** * Warning if site is closed */ if (!$Config->core['site_mode']) { $Page->warning(get_core_ml_text('closed_title')); } _include_once(MFOLDER . "/{$rc['0']}.php", false); if (API && $this->request_method) { _include_once(MFOLDER . "/{$rc['0']}.{$this->request_method}.php", false); } if ($this->stop || defined('ERROR_CODE')) { return; } if ($this->subparts) { if (!isset($rc[1]) || $rc[1] == '' && !empty($this->subparts)) { if (API) { return; } $rc[1] = $this->subparts[0]; } elseif ($rc[1] != '' && !empty($this->subparts) && !in_array($rc[1], $this->subparts)) { error_code(404); return; } if (!$this->api) { if (!HOME && $this->title_auto) { $Page->title($L->{$rc}[1]); } if ($this->action === null) { $this->action = (IN_ADMIN ? 'admin/' : '') . MODULE . "/{$rc['0']}/{$rc['1']}"; } } _include_once(MFOLDER . "/{$rc['0']}/{$rc['1']}.php", false); if (API && $this->request_method) { _include_once(MFOLDER . "/{$rc['0']}/{$rc['1']}.{$this->request_method}.php", false); } if ($this->stop || defined('ERROR_CODE')) { return; } } elseif (!$this->api && $this->action === null) { $this->action = (IN_ADMIN ? 'admin/' : '') . MODULE . "/{$rc['0']}"; } unset($rc); if ($this->post_title && $this->title_auto) { $Page->title($this->post_title); } } elseif (!$this->api) { IN_ADMIN && $Page->title($L->administration); if (!$this->api && $this->title_auto) { $Page->title($L->{HOME ? 'home' : MODULE}); } if ($this->action === null) { $this->action = $Config->server['relative_address']; } _include_once(MFOLDER . "/{$this->savefile}.php", false); } }
<?php // Database class folder path define('DBPATH', dirname(__FILE__) . '/database/'); // erro reporting error_reporting(E_ALL); // get db environment variables require_once DBPATH . 'config.php'; // include all databse classes require_once DBPATH . 'index.php'; // include all databse classes require_once DBPATH . 'function.php'; //check up to exsist of DB class if (!class_exists('DB')) { error_code('can not find db class.', __FILE__, __LINE__); } //global db variable $db = require_db(); // proceeding for request from mobile require_once DBPATH . 'controlDB.php';
/** * Loading of base system configuration, creating of missing directories */ protected function construct() { if (!file_exists(CONFIG . '/main.json')) { error_code(500); Page::instance()->error(h::p('Config file not found, is system installed properly?') . h::a('How to install CleverStyle CMS', ['href' => 'https://github.com/nazar-pc/CleverStyle-CMS/wiki/Installation'])); exit; } $this->config = file_get_json_nocomments(CONFIG . '/main.json'); _include_once(CONFIG . '/main.php', false); defined('DEBUG') || define('DEBUG', false); define('DOMAIN', $this->config['domain']); date_default_timezone_set($this->config['timezone']); if ($clangs = Cache::instance()->{'languages/clangs'}) { if (is_array($clangs) && !empty($clangs)) { $clang = explode('/', trim($_SERVER['REQUEST_URI'], '/'), 2)[0]; if (in_array($clang, $clangs)) { $this->set('language', array_flip($clangs)[$clang]); define('FIXED_LANGUAGE', true); } unset($clang); } } unset($clangs); if (!is_dir(STORAGE)) { @mkdir(STORAGE, 0755); file_put_contents(STORAGE . '/.htaccess', 'Allow From All'); } if (!is_dir(CACHE)) { @mkdir(CACHE, 0700); } if (!is_dir(PCACHE)) { @mkdir(PCACHE, 0755); file_put_contents(PCACHE . '/.htaccess', '<FilesMatch "\\.(css|js)$"> Allow From All </FilesMatch> <ifModule mod_expires.c> ExpiresActive On ExpiresDefault "access plus 1 month" </ifModule> <ifModule mod_headers.c> Header set Cache-Control "max-age=2592000, public" </ifModule> AddEncoding gzip .js AddEncoding gzip .css '); } if (!is_dir(LOGS)) { @mkdir(LOGS, 0700); } if (!is_dir(TEMP)) { @mkdir(TEMP, 0755); file_put_contents(TEMP . '/.htaccess', 'Allow From All'); } if (isset($_SERVER['CONTENT_TYPE']) && strpos($_SERVER['CONTENT_TYPE'], 'application/json') === 0) { $_POST = _json_decode(@file_get_contents('php://input')) ?: []; $_REQUEST = array_merge($_REQUEST, $_POST); } elseif (in_array(strtolower($_SERVER['REQUEST_METHOD']), ['head', 'put', 'delete'])) { if (isset($_SERVER['CONTENT_TYPE']) && strpos($_SERVER['CONTENT_TYPE'], 'application/x-www-form-urlencoded') === 0) { @parse_str(file_get_contents('php://input'), $_POST); $_REQUEST = array_merge($_REQUEST, $_POST); } } $this->constructed = true; }