}
if (!empty($_GET['creaco'])) {
echo '<p class="message">' . __('Comment has been successfully created.') . '</p>';
}
# XHTML conversion
if (!empty($_GET['xconv'])) {
$post_excerpt = $post_excerpt_xhtml;
$post_content = $post_content_xhtml;
$post_format = 'xhtml';
echo '<p class="message">' . __('Don\'t forget to validate your XHTML conversion by saving your post.') . '</p>';
}
echo '<h2>' . html::escapeHTML($core->blog->name) . ' › ' . $page_title;
if ($post_id && $post->post_status == 1) {
echo ' - <a id="post-preview" href="' . $post->getURL() . '" class="button">' . __('View entry') . '</a>';
} elseif ($post_id) {
$preview_url = $core->blog->url . $core->url->getBase('preview') . '/' . $core->auth->userID() . '/' . http::browserUID(DC_MASTER_KEY . $core->auth->userID() . $core->auth->getInfo('user_pwd')) . '/' . $post->post_url;
echo ' - <a id="post-preview" href="' . $preview_url . '" class="button">' . __('Preview entry') . '</a>';
}
echo '</h2>';
if ($post_id) {
echo '<p>';
if ($prev_link) {
echo $prev_link;
}
if ($next_link && $prev_link) {
echo ' - ';
}
if ($next_link) {
echo $next_link;
}
# --BEHAVIOR-- adminPostNavLinks
}
$cookie_admin = http::browserUID(DC_MASTER_KEY . $user_id . $core->auth->crypt($user_pwd)) . bin2hex(pack('a32', $user_id));
if ($check_perms && $core->auth->mustChangePassword()) {
$login_data = join('/', array(base64_encode($user_id), $cookie_admin, empty($_POST['user_remember']) ? '0' : '1'));
if (!$core->auth->allowPassChange()) {
$err = __('You have to change your password before you can login.');
} else {
$err = __('In order to login, you have to change your password now.');
$change_pwd = true;
}
} elseif ($check_perms && !empty($_POST['safe_mode']) && !$core->auth->isSuperAdmin()) {
$err = __('Safe Mode can only be used for super administrators.');
} elseif ($check_perms) {
$core->session->start();
$_SESSION['sess_user_id'] = $user_id;
$_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY);
if (!empty($_POST['blog'])) {
$_SESSION['sess_blog_id'] = $_POST['blog'];
}
if (!empty($_POST['safe_mode']) && $core->auth->isSuperAdmin()) {
$_SESSION['sess_safe_mode'] = true;
}
if (!empty($_POST['user_remember'])) {
setcookie('dc_admin', $cookie_admin, strtotime('+15 days'), '', '', DC_ADMIN_SSL);
}
$core->adminurl->redirect('admin.home');
} else {
if (isset($_COOKIE['dc_admin'])) {
unset($_COOKIE['dc_admin']);
setcookie('dc_admin', false, -600, '', '', DC_ADMIN_SSL);
}
/**
* This method checks user session validity.
*
* @return boolean
*/
public function checkSession($uid = null)
{
$this->core->session->start();
# If session does not exist, logout.
if (!isset($_SESSION['sess_user_id'])) {
$this->core->session->destroy();
return false;
}
# Check here for user and IP address
$this->checkUser($_SESSION['sess_user_id']);
$uid = $uid ? $uid : http::browserUID(DC_MASTER_KEY);
$user_can_log = $this->userID() !== null && $uid == $_SESSION['sess_browser_uid'];
if (!$user_can_log) {
$this->core->session->destroy();
return false;
}
return true;
}
mail::sendMail($recover_res['user_email'], $subject, $message, $headers);
$msg = __('Your new password is in your mailbox.');
} catch (Exception $e) {
$err = $e->getMessage();
}
} elseif ($user_id !== null && ($user_pwd !== null || $user_key !== null)) {
# We check the user
if ($core->auth->checkUser($user_id, $user_pwd, $user_key) === true) {
$core->session->start();
$_SESSION['sess_user_id'] = $user_id;
$_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY);
if (!empty($_POST['blog'])) {
$_SESSION['sess_blog_id'] = $_POST['blog'];
}
if (!empty($_POST['user_remember'])) {
$cookie_admin = http::browserUID(DC_MASTER_KEY . $user_id . crypt::hmac(DC_MASTER_KEY, $user_pwd)) . bin2hex(pack('a32', $user_id));
setcookie('dc_admin', $cookie_admin, strtotime('+15 days'), '', '', DC_ADMIN_SSL);
}
http::redirect('index.php');
} else {
if (isset($_COOKIE['dc_admin'])) {
unset($_COOKIE['dc_admin']);
setcookie('dc_admin', false, -600, '', '', DC_ADMIN_SSL);
}
$err = __('Wrong username or password');
}
}
if (isset($_GET['user'])) {
$user_id = $_GET['user'];
}
header('Content-Type: text/html; charset=UTF-8');
$main_items = new ArrayObject(array("post_title" => '<p class="col">' . '<label class="required no-margin bold" for="post_title"><abbr title="' . __('Required field') . '">*</abbr> ' . __('Title:') . '</label>' . form::field('post_title', 20, 255, html::escapeHTML($post_title), 'maximal') . '</p>', "post_excerpt" => '<p class="area" id="excerpt-area"><label for="post_excerpt" class="bold">' . __('Excerpt:') . ' <span class="form-note">' . __('Introduction to the page.') . '</span></label> ' . form::textarea('post_excerpt', 50, 5, html::escapeHTML($post_excerpt)) . '</p>', "post_content" => '<p class="area" id="content-area"><label class="required bold" ' . 'for="post_content"><abbr title="' . __('Required field') . '">*</abbr> ' . __('Content:') . '</label> ' . form::textarea('post_content', 50, $core->auth->getOption('edit_size'), html::escapeHTML($post_content)) . '</p>', "post_notes" => '<p class="area" id="notes-area"><label for="post_notes" class="bold">' . __('Personal notes:') . ' <span class="form-note">' . __('Unpublished notes.') . '</span></label>' . form::textarea('post_notes', 50, 5, html::escapeHTML($post_notes)) . '</p>'));
# --BEHAVIOR-- adminPostFormItems
$core->callBehavior('adminPageFormItems', $main_items, $sidebar_items, isset($post) ? $post : null);
echo '<div class="multi-part" title="' . ($post_id ? __('Edit page') : __('New page')) . sprintf(' › %s', $post_format) . '" id="edit-entry">';
echo '<form action="' . html::escapeURL($redir_url) . '" method="post" id="entry-form">';
echo '<div id="entry-wrapper">';
echo '<div id="entry-content"><div class="constrained">';
echo '<h3 class="out-of-screen-if-js">' . __('Edit page') . '</h3>';
foreach ($main_items as $id => $item) {
echo $item;
}
# --BEHAVIOR-- adminPageForm
$core->callBehavior('adminPageForm', isset($post) ? $post : null);
echo '<p class="border-top">' . ($post_id ? form::hidden('id', $post_id) : '') . '<input type="submit" value="' . __('Save') . ' (s)" ' . 'accesskey="s" name="save" /> ';
if ($post_id) {
$preview_url = $core->blog->url . $core->url->getURLFor('pagespreview', $core->auth->userID() . '/' . http::browserUID(DC_MASTER_KEY . $core->auth->userID() . $core->auth->getInfo('user_pwd')) . '/' . $post->post_url);
echo '<a id="post-preview" href="' . $preview_url . '" class="button" accesskey="p">' . __('Preview') . ' (p)' . '</a>';
} else {
echo '<a id="post-cancel" href="' . $core->adminurl->get('admin.home') . '" class="button" accesskey="c">' . __('Cancel') . ' (c)</a>';
}
echo ($can_delete ? '<input type="submit" class="delete" value="' . __('Delete') . '" name="delete" />' : '') . $core->formNonce() . '</p>';
echo '</div></div>';
// End #entry-content
echo '</div>';
// End #entry-wrapper
echo '<div id="entry-sidebar" role="complementary">';
foreach ($sidebar_items as $id => $c) {
echo '<div id="' . $id . '" class="sb-box">' . '<h4>' . $c['title'] . '</h4>';
foreach ($c['items'] as $e_name => $e_content) {
echo $e_content;
}
$err = $e->getMessage();
}
} elseif ($user_id !== null && ($user_pwd !== null || $user_key !== null)) {
if (check_email_address($user_id)) {
$rs_user = $core->con->select("SELECT user_id FROM " . $core->prefix . "user WHERE user_email = '" . $user_id . "'");
if ($rs_user->count() == 1) {
$user_id = $rs_user->user_id;
}
}
# We check the user
$check_user = $core->auth->checkUser($user_id, $user_pwd, $user_key) === true;
$cookie_admin = http::browserUID('BP_MASTER_KEY' . $user_id . crypt::hmac('BP_MASTER_KEY', $user_pwd)) . bin2hex(pack('a32', $user_id));
if ($check_user) {
$core->session->start();
$_SESSION['sess_user_id'] = $user_id;
$_SESSION['sess_browser_uid'] = http::browserUID('BP_MASTER_KEY');
if (!empty($_POST['user_remember'])) {
setcookie('bp_admin', $cookie_admin, strtotime('+30 days'), '', '');
}
$rs = $core->con->select('SELECT user_token, user_email, user_id, user_fullname, user_pwd
FROM ' . $core->prefix . 'user WHERE user_id=\'' . $user_id . '\'');
# if no token exists, create one
$rs->extend('rsExtUser');
if ($rs->user_token == '') {
$token = generateUserToken($rs->user_fullname, $rs->user_email, $rs->user_pwd);
$curt = $core->con->openCursor($core->prefix . 'user');
$curt->user_token = $token;
$curt->modified = array(' NOW() ');
$curt->update("WHERE user_id='" . $rs->user_id . "'");
}
http::redirect($came_from);
