Beispiel #1
0
 /**
  * Constructor.
  * @param {array} $files Uploaded file(s).
  */
 public function __construct($files)
 {
     $numItems = count($files['tmp_name']);
     for ($i = 0; $i < $numItems; $i++) {
         $error = $files['error'][$i];
         // File input in form for which no file has been selected
         if ($error == UPLOAD_ERR_NO_FILE) {
             continue;
         }
         // Something actually went wrong with an upload
         if ($error != UPLOAD_ERR_OK) {
             $msg = sprintf('[%s] Upload error for file <code>%s</code>: %s', get_class(), htmlspecialchars($files['name'][$i]), self::getUploadErrorString($error));
             ae_Log::error($msg);
             $json = str_replace('\\/', '/', json_encode($files));
             ae_Log::debug('File ' . $i . ': ' . $json);
             continue;
         }
         $type = self::getMIMEType($files['tmp_name'][$i], $files['type'][$i]);
         $m = new ae_MediaModel();
         $m->setName($files['name'][$i]);
         $m->setTmpName($files['tmp_name'][$i]);
         $m->setDatetime(date('Y-m-d H:i:s'));
         $m->setType($type);
         $m->setUserId(ae_Security::getCurrentUserId());
         $m->setStatus(ae_MediaModel::STATUS_AVAILABLE);
         $m->setMetaInfo(self::getMetaInfo($m));
         $this->items[] = $m;
     }
 }
Beispiel #2
0
 public function testSetPasswordHash()
 {
     $u = new ae_UserModel();
     $hash = ae_Security::hash('test pwd');
     $u->setPasswordHash($hash);
     $this->assertTrue($u->getPasswordHash() === $hash);
     $u->setPasswordHash(123456);
     $this->assertTrue($u->getPasswordHash() === '123456');
     $this->setExpectedException('Exception');
     $u->setPasswordHash('');
 }
Beispiel #3
0
 public function testSanitizing()
 {
     $before = '';
     $after = '';
     $this->assertEquals(ae_Security::sanitizeHTML($before), $after);
     $before = '<strong>test</strong>';
     $after = '<strong>test</strong>';
     $this->assertEquals(ae_Security::sanitizeHTML($before), $after);
     $before = '<b>lorem</b> <strong>ipsum dolor</strong> sit <em>amet</em>';
     $after = '&lt;b&gt;lorem&lt;/b&gt; <strong>ipsum dolor</strong> sit <em>amet</em>';
     $this->assertEquals(ae_Security::sanitizeHTML($before), $after);
     $before = 'I am <iframe src="http://evil" />! <script>Oooh!</script>';
     $after = 'I am &lt;iframe src="http://evil" /&gt;! &lt;script&gt;Oooh!&lt;/script&gt;';
     $this->assertEquals(ae_Security::sanitizeHTML($before), $after);
 }
Beispiel #4
0
<?php

require_once '../../core/autoload.php';
require_once '../../core/config.php';
if (!isset($_POST['username'], $_POST['userpwd'])) {
    header('Location: ../index.php');
}
$query = '
	SELECT COUNT( u_id ) as hits, u_id, u_pwd, u_status
	FROM `' . AE_TABLE_USERS . '`
	WHERE u_name_intern = :name
';
$params = array(':name' => $_POST['username']);
$result = ae_Database::query($query, $params);
$u = $result[0];
// Reject: Account is suspended
if ($u['hits'] == '1' && $u['u_status'] != ae_UserModel::STATUS_ACTIVE) {
    header('Location: ../index.php?error=account_suspended&username='******'username']));
    exit;
} else {
    if ($u['hits'] == '1' && $u['u_id'] >= 0 && ae_Security::verify($_POST['userpwd'], $u['u_pwd'])) {
        ae_Security::login($result[0]['u_id']);
        header('Location: ../admin.php');
        exit;
    }
}
if (ae_Log::hasMessages()) {
    ae_Log::printAll();
} else {
    header('Location: ../index.php?error=nomatch&username='******'username']));
}
Beispiel #5
0
<?php

require_once '../core/autoload.php';
require_once '../core/config.php';
if (!ae_Security::isLoggedIn()) {
    header('Location: index.php?error=not_logged_in');
    exit;
}
$area = 'dashboard';
if (!isset($_GET['area'])) {
    $area = 'dashboard';
} else {
    if (!ae_Security::isValidArea($_GET['area'])) {
        $msg = sprintf('Area "%s" is not a valid area.', htmlspecialchars($_GET['area']));
        ae_Log::warning($msg);
    } else {
        $area = $_GET['area'];
    }
}
$sb = new ae_SiteBuilder();
include_once 'sb_params.php';
?>
<!DOCTYPE html>

<html>
<?php 
$sb->render('templates/head.php', $paramsHead);
?>
<body>

<?php 
Beispiel #6
0
<?php

require_once '../../core/autoload.php';
require_once '../../core/config.php';
if (!ae_Security::isLoggedIn()) {
    header('Location: ../index.php?error=not_logged_in');
    exit;
}
if (!isset($_GET['status'])) {
    header('Location: ../admin.php?error=no_status_given');
    exit;
}
$mainArea = 'manage';
if (isset($_GET['category']) && ae_Validate::id($_GET['category'])) {
    $area = 'category';
    $model = new ae_CategoryModel();
} else {
    if (isset($_GET['cofilter']) && ae_Validate::id($_GET['cofilter'])) {
        $area = 'cofilter';
        $mainArea = 'settings';
        $model = new ae_CommentfilterModel();
    } else {
        if (isset($_GET['comment']) && ae_Validate::id($_GET['comment'])) {
            $area = 'comment';
            $model = new ae_CommentModel();
        } else {
            if (isset($_GET['media']) && ae_Validate::id($_GET['media'])) {
                $area = 'media';
                $mainArea = 'media';
                $model = new ae_MediaModel();
                $model->setMediaPath('../../media/');
Beispiel #7
0
    /**
     * Save the page to DB. If an ID is set, it will update
     * the page, otherwise it will create a new one.
     * @param  {boolean}   $forceInsert If set to TRUE and an ID has been set, the model will be saved
     *                                  as new entry instead of updating. (Optional, default is FALSE.)
     * @return {boolean}                TRUE, if saving is successful, FALSE otherwise.
     * @throws {Exception}              If $forceInsert is TRUE, but no valid ID is set.
     */
    public function save($forceInsert = FALSE)
    {
        if ($this->datetime == '0000-00-00 00:00:00') {
            $this->setDatetime(date('Y-m-d H:i:s'));
        }
        if (!ae_Validate::id($this->userId)) {
            $this->setUserId(ae_Security::getCurrentUserId());
        }
        if ($this->permalink == '') {
            $this->setPermalink($this->title);
        }
        $params = array(':title' => $this->title, ':permalink' => $this->permalink, ':content' => $this->content, ':datetime' => $this->datetime, ':user' => $this->userId, ':comments' => $this->commentsStatus, ':status' => $this->status);
        // Create new page
        if ($this->id === FALSE && !$forceInsert) {
            $stmt = '
				INSERT INTO `' . AE_TABLE_PAGES . '` (
					pa_title,
					pa_permalink,
					pa_content,
					pa_datetime,
					pa_user,
					pa_comments,
					pa_status
				) VALUES (
					:title,
					:permalink,
					:content,
					:datetime,
					:user,
					:comments,
					:status
				)
			';
        } else {
            if ($this->id !== FALSE && $forceInsert) {
                $stmt = '
				INSERT INTO `' . AE_TABLE_PAGES . '` (
					pa_id,
					pa_title,
					pa_permalink,
					pa_content,
					pa_datetime,
					pa_user,
					pa_comments,
					pa_status
				) VALUES (
					:id,
					:title,
					:permalink,
					:content,
					:datetime,
					:user,
					:comments,
					:status
				)
			';
                $params[':id'] = $this->id;
            } else {
                if ($this->id !== FALSE) {
                    $stmt = '
				UPDATE `' . AE_TABLE_PAGES . '` SET
					pa_title = :title,
					pa_permalink = :permalink,
					pa_content = :content,
					pa_datetime = :datetime,
					pa_edit = :editDatetime,
					pa_user = :user,
					pa_comments = :comments,
					pa_status = :status
				WHERE
					pa_id = :id
			';
                    $params[':id'] = $this->id;
                    $params[':editDatetime'] = date('Y-m-d H:i:s');
                } else {
                    $msg = sprintf('[%s] Supposed to insert new page with set ID, but no ID has been set.', get_class());
                    throw new Exception($msg);
                }
            }
        }
        if (ae_Database::query($stmt, $params) === FALSE) {
            return FALSE;
        }
        // If a new page was created, get the new ID
        if ($this->id === FALSE) {
            $this->setId($this->getLastInsertedId());
        }
        return TRUE;
    }
Beispiel #8
0
if (ini_get('register_globals')) {
    ini_set('register_globals', 0);
}
// URL constant
$protocol = 'http://';
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
    $protocol = 'https://';
}
$url = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$url = explode('/', $url);
array_pop($url);
if (defined('IS_RSS')) {
    array_pop($url);
}
$url = $protocol . implode('/', $url) . '/';
define('URL', $url);
unset($url);
// Initialize some needed classes
ae_Timer::start('total');
ae_Log::init($logSettings);
if (ae_Database::connect($dbSettings) === FALSE) {
    $path = 'themes/error-msg-db.php';
    $path = file_exists($path) ? $path : '../' . $path;
    include $path;
    exit;
}
ae_Security::init($securitySettings);
ae_Settings::load();
// Constants used in themes and the RSS feed
define('THEME', ae_Settings::get('theme'));
define('THEME_PATH', URL . 'themes/' . THEME . '/');
Beispiel #9
0
<?php

require_once '../../core/autoload.php';
require_once '../../core/config.php';
ae_Security::logout();
header('Location: ../index.php?success=logout');
Beispiel #10
0
/**
 * Create the user.
 * @return {int} ID of the new user.
 */
function createUser()
{
    if (!isset($_POST['user-name-internal'], $_POST['user-name-external'], $_POST['user-permalink'], $_POST['user-password'])) {
        header('Location: ../admin.php?error=missing_data_for_user');
        exit;
    }
    $permalink = trim($_POST['user-permalink']);
    $status = isset($_POST['user-status-suspended']) ? ae_UserModel::STATUS_SUSPENDED : ae_UserModel::STATUS_ACTIVE;
    $user = new ae_UserModel();
    if (isset($_POST['edit-id'])) {
        if (!$user->load($_POST['edit-id'])) {
            return FALSE;
        }
    }
    $user->setNameInternal($_POST['user-name-internal']);
    $user->setNameExternal($_POST['user-name-external']);
    if ($permalink != '') {
        $user->setPermalink($permalink);
    }
    if ($_POST['user-password'] !== '') {
        $user->setPasswordHash(ae_Security::hash($_POST['user-password']));
    }
    $user->setStatus($status);
    $user->save();
    return $user->getId();
}
Beispiel #11
0
try {
    $co->setPostId($_POST['comment-post']);
} catch (Exception $exc) {
    header('Location: ../?p=' . $_POST['comment-post'] . '&error=invalid_data#comment-form');
    exit;
}
// Forgivable errors with default values for fallback
try {
    $co->setAuthorName($_POST['comment-author-name']);
    $co->setAuthorEmail($_POST['comment-author-email']);
    $co->setAuthorUrl($url);
    $co->setAuthorIp($_SERVER['REMOTE_ADDR']);
    $co->setContent($content);
    $co->setStatus(COMMENT_DEFAULT_STATUS);
    if (ae_Security::isLoggedIn()) {
        $co->setUserId(ae_Security::getCurrentUserId());
    }
    $filter = array('LIMIT' => FALSE, 'WHERE' => 'cf_status = :status');
    $params = array(':status' => ae_CommentfilterModel::STATUS_ACTIVE);
    $cfList = new ae_CommentfilterList($filter, $params, FALSE);
    $keep = $cfList->applyFilters($co);
    if (!$keep) {
        header('Location: ../?p=' . $_POST['comment-post'] . '&error=comment_deleted_by_filter');
        exit;
    }
    $co->save();
} catch (Exception $exc) {
    header('Location: ../?p=' . $_POST['comment-post'] . '&error=failed_to_save#comment-form');
    exit;
}
header('Location: ../?p=' . $_POST['comment-post'] . '&saved#comment-' . $co->getId());