/**
* Constructor.
* @param {array} $files Uploaded file(s).
*/
public function __construct($files)
{
$numItems = count($files['tmp_name']);
for ($i = 0; $i < $numItems; $i++) {
$error = $files['error'][$i];
// File input in form for which no file has been selected
if ($error == UPLOAD_ERR_NO_FILE) {
continue;
}
// Something actually went wrong with an upload
if ($error != UPLOAD_ERR_OK) {
$msg = sprintf('[%s] Upload error for file <code>%s</code>: %s', get_class(), htmlspecialchars($files['name'][$i]), self::getUploadErrorString($error));
ae_Log::error($msg);
$json = str_replace('\\/', '/', json_encode($files));
ae_Log::debug('File ' . $i . ': ' . $json);
continue;
}
$type = self::getMIMEType($files['tmp_name'][$i], $files['type'][$i]);
$m = new ae_MediaModel();
$m->setName($files['name'][$i]);
$m->setTmpName($files['tmp_name'][$i]);
$m->setDatetime(date('Y-m-d H:i:s'));
$m->setType($type);
$m->setUserId(ae_Security::getCurrentUserId());
$m->setStatus(ae_MediaModel::STATUS_AVAILABLE);
$m->setMetaInfo(self::getMetaInfo($m));
$this->items[] = $m;
}
}
public function testSetPasswordHash()
{
$u = new ae_UserModel();
$hash = ae_Security::hash('test pwd');
$u->setPasswordHash($hash);
$this->assertTrue($u->getPasswordHash() === $hash);
$u->setPasswordHash(123456);
$this->assertTrue($u->getPasswordHash() === '123456');
$this->setExpectedException('Exception');
$u->setPasswordHash('');
}
public function testSanitizing()
{
$before = '';
$after = '';
$this->assertEquals(ae_Security::sanitizeHTML($before), $after);
$before = '<strong>test</strong>';
$after = '<strong>test</strong>';
$this->assertEquals(ae_Security::sanitizeHTML($before), $after);
$before = '<b>lorem</b> <strong>ipsum dolor</strong> sit <em>amet</em>';
$after = '<b>lorem</b> <strong>ipsum dolor</strong> sit <em>amet</em>';
$this->assertEquals(ae_Security::sanitizeHTML($before), $after);
$before = 'I am <iframe src="http://evil" />! <script>Oooh!</script>';
$after = 'I am <iframe src="http://evil" />! <script>Oooh!</script>';
$this->assertEquals(ae_Security::sanitizeHTML($before), $after);
}
<?php
require_once '../../core/autoload.php';
require_once '../../core/config.php';
if (!isset($_POST['username'], $_POST['userpwd'])) {
header('Location: ../index.php');
}
$query = '
SELECT COUNT( u_id ) as hits, u_id, u_pwd, u_status
FROM `' . AE_TABLE_USERS . '`
WHERE u_name_intern = :name
';
$params = array(':name' => $_POST['username']);
$result = ae_Database::query($query, $params);
$u = $result[0];
// Reject: Account is suspended
if ($u['hits'] == '1' && $u['u_status'] != ae_UserModel::STATUS_ACTIVE) {
header('Location: ../index.php?error=account_suspended&username='******'username']));
exit;
} else {
if ($u['hits'] == '1' && $u['u_id'] >= 0 && ae_Security::verify($_POST['userpwd'], $u['u_pwd'])) {
ae_Security::login($result[0]['u_id']);
header('Location: ../admin.php');
exit;
}
}
if (ae_Log::hasMessages()) {
ae_Log::printAll();
} else {
header('Location: ../index.php?error=nomatch&username='******'username']));
}
<?php
require_once '../core/autoload.php';
require_once '../core/config.php';
if (!ae_Security::isLoggedIn()) {
header('Location: index.php?error=not_logged_in');
exit;
}
$area = 'dashboard';
if (!isset($_GET['area'])) {
$area = 'dashboard';
} else {
if (!ae_Security::isValidArea($_GET['area'])) {
$msg = sprintf('Area "%s" is not a valid area.', htmlspecialchars($_GET['area']));
ae_Log::warning($msg);
} else {
$area = $_GET['area'];
}
}
$sb = new ae_SiteBuilder();
include_once 'sb_params.php';
?>
<!DOCTYPE html>
<html>
<?php
$sb->render('templates/head.php', $paramsHead);
?>
<body>
<?php
<?php
require_once '../../core/autoload.php';
require_once '../../core/config.php';
if (!ae_Security::isLoggedIn()) {
header('Location: ../index.php?error=not_logged_in');
exit;
}
if (!isset($_GET['status'])) {
header('Location: ../admin.php?error=no_status_given');
exit;
}
$mainArea = 'manage';
if (isset($_GET['category']) && ae_Validate::id($_GET['category'])) {
$area = 'category';
$model = new ae_CategoryModel();
} else {
if (isset($_GET['cofilter']) && ae_Validate::id($_GET['cofilter'])) {
$area = 'cofilter';
$mainArea = 'settings';
$model = new ae_CommentfilterModel();
} else {
if (isset($_GET['comment']) && ae_Validate::id($_GET['comment'])) {
$area = 'comment';
$model = new ae_CommentModel();
} else {
if (isset($_GET['media']) && ae_Validate::id($_GET['media'])) {
$area = 'media';
$mainArea = 'media';
$model = new ae_MediaModel();
$model->setMediaPath('../../media/');
/**
* Save the page to DB. If an ID is set, it will update
* the page, otherwise it will create a new one.
* @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved
* as new entry instead of updating. (Optional, default is FALSE.)
* @return {boolean} TRUE, if saving is successful, FALSE otherwise.
* @throws {Exception} If $forceInsert is TRUE, but no valid ID is set.
*/
public function save($forceInsert = FALSE)
{
if ($this->datetime == '0000-00-00 00:00:00') {
$this->setDatetime(date('Y-m-d H:i:s'));
}
if (!ae_Validate::id($this->userId)) {
$this->setUserId(ae_Security::getCurrentUserId());
}
if ($this->permalink == '') {
$this->setPermalink($this->title);
}
$params = array(':title' => $this->title, ':permalink' => $this->permalink, ':content' => $this->content, ':datetime' => $this->datetime, ':user' => $this->userId, ':comments' => $this->commentsStatus, ':status' => $this->status);
// Create new page
if ($this->id === FALSE && !$forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_PAGES . '` (
pa_title,
pa_permalink,
pa_content,
pa_datetime,
pa_user,
pa_comments,
pa_status
) VALUES (
:title,
:permalink,
:content,
:datetime,
:user,
:comments,
:status
)
';
} else {
if ($this->id !== FALSE && $forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_PAGES . '` (
pa_id,
pa_title,
pa_permalink,
pa_content,
pa_datetime,
pa_user,
pa_comments,
pa_status
) VALUES (
:id,
:title,
:permalink,
:content,
:datetime,
:user,
:comments,
:status
)
';
$params[':id'] = $this->id;
} else {
if ($this->id !== FALSE) {
$stmt = '
UPDATE `' . AE_TABLE_PAGES . '` SET
pa_title = :title,
pa_permalink = :permalink,
pa_content = :content,
pa_datetime = :datetime,
pa_edit = :editDatetime,
pa_user = :user,
pa_comments = :comments,
pa_status = :status
WHERE
pa_id = :id
';
$params[':id'] = $this->id;
$params[':editDatetime'] = date('Y-m-d H:i:s');
} else {
$msg = sprintf('[%s] Supposed to insert new page with set ID, but no ID has been set.', get_class());
throw new Exception($msg);
}
}
}
if (ae_Database::query($stmt, $params) === FALSE) {
return FALSE;
}
// If a new page was created, get the new ID
if ($this->id === FALSE) {
$this->setId($this->getLastInsertedId());
}
return TRUE;
}
if (ini_get('register_globals')) {
ini_set('register_globals', 0);
}
// URL constant
$protocol = 'http://';
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
$protocol = 'https://';
}
$url = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$url = explode('/', $url);
array_pop($url);
if (defined('IS_RSS')) {
array_pop($url);
}
$url = $protocol . implode('/', $url) . '/';
define('URL', $url);
unset($url);
// Initialize some needed classes
ae_Timer::start('total');
ae_Log::init($logSettings);
if (ae_Database::connect($dbSettings) === FALSE) {
$path = 'themes/error-msg-db.php';
$path = file_exists($path) ? $path : '../' . $path;
include $path;
exit;
}
ae_Security::init($securitySettings);
ae_Settings::load();
// Constants used in themes and the RSS feed
define('THEME', ae_Settings::get('theme'));
define('THEME_PATH', URL . 'themes/' . THEME . '/');
<?php
require_once '../../core/autoload.php';
require_once '../../core/config.php';
ae_Security::logout();
header('Location: ../index.php?success=logout');
/**
* Create the user.
* @return {int} ID of the new user.
*/
function createUser()
{
if (!isset($_POST['user-name-internal'], $_POST['user-name-external'], $_POST['user-permalink'], $_POST['user-password'])) {
header('Location: ../admin.php?error=missing_data_for_user');
exit;
}
$permalink = trim($_POST['user-permalink']);
$status = isset($_POST['user-status-suspended']) ? ae_UserModel::STATUS_SUSPENDED : ae_UserModel::STATUS_ACTIVE;
$user = new ae_UserModel();
if (isset($_POST['edit-id'])) {
if (!$user->load($_POST['edit-id'])) {
return FALSE;
}
}
$user->setNameInternal($_POST['user-name-internal']);
$user->setNameExternal($_POST['user-name-external']);
if ($permalink != '') {
$user->setPermalink($permalink);
}
if ($_POST['user-password'] !== '') {
$user->setPasswordHash(ae_Security::hash($_POST['user-password']));
}
$user->setStatus($status);
$user->save();
return $user->getId();
}
try {
$co->setPostId($_POST['comment-post']);
} catch (Exception $exc) {
header('Location: ../?p=' . $_POST['comment-post'] . '&error=invalid_data#comment-form');
exit;
}
// Forgivable errors with default values for fallback
try {
$co->setAuthorName($_POST['comment-author-name']);
$co->setAuthorEmail($_POST['comment-author-email']);
$co->setAuthorUrl($url);
$co->setAuthorIp($_SERVER['REMOTE_ADDR']);
$co->setContent($content);
$co->setStatus(COMMENT_DEFAULT_STATUS);
if (ae_Security::isLoggedIn()) {
$co->setUserId(ae_Security::getCurrentUserId());
}
$filter = array('LIMIT' => FALSE, 'WHERE' => 'cf_status = :status');
$params = array(':status' => ae_CommentfilterModel::STATUS_ACTIVE);
$cfList = new ae_CommentfilterList($filter, $params, FALSE);
$keep = $cfList->applyFilters($co);
if (!$keep) {
header('Location: ../?p=' . $_POST['comment-post'] . '&error=comment_deleted_by_filter');
exit;
}
$co->save();
} catch (Exception $exc) {
header('Location: ../?p=' . $_POST['comment-post'] . '&error=failed_to_save#comment-form');
exit;
}
header('Location: ../?p=' . $_POST['comment-post'] . '&saved#comment-' . $co->getId());