static function login()
{
core::reg('run-naked',true);
$realm= core::config('cms-realm');
if (!$realm)
{
$realm= strtolower($_SERVER['HTTP_HOST']);
if (substr($realm,0,4)=='www.') $realm= substr($realm,4);
$realm= 'ConKit@'.$realm;
}
if (!isset($_SERVER['PHP_AUTH_USER'])) core::halt(401,$realm);
$exp= (isset($_COOKIE['conkit_cms_exp']) ? $_COOKIE['conkit_cms_exp'] : null);
if ($_SERVER['PHP_AUTH_USER']===$exp)
{
setcookie('conkit_cms_exp','',0,'/');
core::halt(401,$realm);
}
$loginHandler= core::config('cms-user-check');
if (!$loginHandler) $res= cms::loginCheck($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
else $res= call_user_func($loginHandler,$_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
if ($res!==false)
{
if (!$loginHandler) $res= core::reqSession('.cms-admin', array_merge(array('name'=>$_SERVER['PHP_AUTH_USER']),core::$config['cms-users'][$_SERVER['PHP_AUTH_USER']]));
elseif (is_array($res)) $res= array_merge(array('name'=>$_SERVER['PHP_AUTH_USER'],'password'=>$_SERVER['PHP_AUTH_PW']),$res);
else $res= array('name'=>$_SERVER['PHP_AUTH_USER'],'password'=>$_SERVER['PHP_AUTH_PW'],'attr'=>$res);
core::reqSession('.cms-admin', $res);
core::halt(302,urldecode(core::req('cms-request')));
}
else core::halt(401,$realm);
}
static function required($args) // add up required vars
{
if (isset(core::$config['required-vars']) && !core::reg('ignore-required-vars'))
{
foreach (core::$config['required-vars'] as $name=>$data)
{
if (!isset($args['request'][$name])) $args['request'][$name]= core::$req[$name];
if ($args['request'][$name]==$data['ommit']) unset($args['request'][$name]);
}
}
if (core::reg('ignore-required-vars') && core::$config['required-vars'])
{
foreach (core::$config['required-vars'] as $name=>$data)
{
if (isset($args['request'][$name])) unset($args['request'][$name]);
}
}
return $args;
}
static function forward($file)
{
core::reg('run-naked', true);
if ($file!='cms.css' && $file!='cms.js') core::halt(403);
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && !core::config('run-devel'))
{
header('HTTP/1.1 304 Not Modified');
header('Cache-Control: public, max-age=3600');
header('Content-Length: 0');
exit;
}
else
{
if ($file=='cms.js')
{
header('Content-Type: text/javascript');
header('Cache-Control: public, max-age=3600');
header('Content-Length: '.filesize(CORE.$file));
header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime(CORE.$file)).' GMT');
header('Pragma: public');
readfile(CORE.$file);
}
elseif ($file=='cms.css')
{
$setcolor= function($color)
{
return str_pad(core::config('cms-'.$color ),24);
};
header('Content-Type: text/css');
header('Cache-Control: public, max-age=3600');
header('Content-Length: '.filesize(CORE.$file.'.php'));
header('Last-Modified: '.gmdate('D, d M Y H:i:s', time()).' GMT');
header('Pragma: public');
include(CORE.$file.'.php');
}
else core::halt(404);
exit;
}
}
static function start() /// Launches whole the action after configuration read
{
error_reporting(core::$config['error-reporting-lo']);
foreach ($_COOKIE as $var=>$val) core::$req[$var]= $val;
if (isset(core::$config['cookie-vars'])) foreach (core::$config['cookie-vars'] as $var=>$config)
{
core::$req[$var]= core::filter(core::req($var),$config);
}
foreach ($_GET as $var=>$val) if ($var!==session_name()) core::$req[$var]= core::$reqUrl[$var]= $val;
unset(core::$reqUrl[core::config('module-var')]);
foreach ($_POST as $var=>$val) if ($var!==session_name()) core::$req[$var]= $val;
foreach ($_FILES as $var=>$val)
{
if (is_string($val['name'])) core::$req[$var]= $val; // <input type=file name=xxx ...>
else // <input type=file name=xxx[yyy] ...>
{
foreach ($val['name'] as $key=>$void)
{
core::$req[$var][$key]= array(
'name'=>$val['name'][$key],
'type'=>$val['type'][$key],
'tmp_name'=>$val['tmp_name'][$key],
'error'=>$val['error'][$key],
'size'=>$val['size'][$key]
);
}
}
}
if (isset(core::$config['cookie-vars'])) foreach (core::$config['cookie-vars'] as $name=>$config)
{
if (isset(core::$req[$name]))
{
core::$req[$name]= core::filter(core::$req[$name], $config);
if (!isset($_COOKIE[$name]) || $_COOKIE[$name]!=core::$req[$name])
{
setcookie($name, core::$req[$name], $config['expire']);
}
unset(core::$reqUrl[$name]);
}
}
// apply required vars
if (isset(core::$config['required'])) foreach (core::$config['required'] as $name=>$config)
{
core::$req[$name]= core::filter(core::$req[$name],$comfig);
core::$reqUrl[$name]= core::$req[$name];
}
if (!core::moduleName())
{
if (is_array(core::$config['default-module']))
{
$args= href::processArgs(core::$config['default-module']);
core::$req[core::$config['module-var']]= $args['template'];
array_merge(core::$reques,$args['req']);
}
}
core::$req[core::$config['module-var']]= str_replace('..','(dot)(dot)',core::moduleName()); //secure upper directories
core::$req[core::$config['module-var']]= str_replace("\0",'(0)',core::moduleName()); //secure
core::$req[core::$config['module-var']]= str_replace('<','(lt)',core::moduleName()); //secure
core::$req[core::$config['module-var']]= str_replace('>','(gt)',core::moduleName()); //secure
// set session var
if (core::req(session_name()) || isset(core::$config['session-vars']))
{
if (!session_id()) session_start();
foreach ($_SESSION as $name=>$val) core::$req[$name]= $val;
if (isset(core::$config['session-vars'])) foreach (core::$config['session-vars'] as $name=>$config)
{
core::$req[$name]= core::filter(core::req($name),$config);
unset(core::$reqUrl[$name]);
}
}
if (core::req('cms-oper')) cms::perform();
elseif (core::req('core-module')=='cms-resource') cmsGui::forward(core::req('file'));
ob_start();
if (isset(core::$config['pre-models'])) foreach(core::$config['pre-models'] as $model) core::model($model);
core::insert(core::moduleName());
$buffer= ob_get_contents();
ob_end_clean();
// Process pre- and post-templates
if (!core::reg('run-naked'))
{
ob_start();
if (isset(core::$config['pre-module'])) core::insert(core::$config['pre-module']);
echo $buffer;
if (isset(core::$config['post-module'])) core::insert(core::$config['post-module']);
if (isset(core::$config['post-models'])) foreach(core::$config['post-models'] as $model) core::model($model);
$buffer= ob_get_contents();
ob_end_clean();
}
// Output
echo $buffer;
//if (core::$prepend) core::error('one or more prepends were not utilized: '.implode(',',array_keys(core::$prepend)));
}
<?
if (!core::cms()) core::halt(403);
core::reg('run-naked',true);
$file= core::config('data-path').'block1.txt';
$output.= "<h2>File $file</h2>";
if (file_exists($file))
{
if (is_writable($file)) $output.= 'is OK';
else $output.= 'is not writable';
}
else $output.= 'does not exist';
$output.= "<hr>";
$file= core::config('data-path').'block2.txt';
$output.= "<h2>File $file</h2>";
if (file_exists($file))
{
if (is_writable($file)) $output.= 'is OK';
else $output.= 'is not writable';
}
else $output.= 'does not exist';
$output.= "<hr>";
