/** Đăng nhập admin cp */
function admin_cp_login()
{
global $hmuser;
$hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET);
hook_action('admin_cp_login');
$user_login = hm_post('login');
$password = hm_post('password');
$logmein = hm_post('log-me-in');
if (is_numeric($logmein)) {
$tableName = DB_PREFIX . "users";
$whereArray = array('user_login' => MySQL::SQLValue($user_login));
$hmdb->SelectRows($tableName, $whereArray);
if ($hmdb->HasRecords()) {
$row = $hmdb->Row();
$salt = $row->salt;
$user_pass = $row->user_pass;
$password_encode = hm_encode_str(md5($password . $salt));
if ($password_encode == $user_pass) {
$time = time();
$ip = hm_ip();
$cookie_array = array('time' => $time, 'ip' => $ip, 'user_login' => $user_login, 'admincp' => 'yes');
$cookie_user = hm_encode_str($cookie_array);
setcookie('admin_login', $cookie_user, time() + COOKIE_EXPIRES, '/');
$_SESSION['admin_login'] = $cookie_user;
return json_encode(array('status' => 'success', 'mes' => _('Đăng nhập thành công')));
} else {
return json_encode(array('status' => 'error', 'mes' => _('Sai mật khẩu')));
}
} else {
return json_encode(array('status' => 'error', 'mes' => _('Không có tài khoản này')));
}
}
}
function admin_cp_newpw()
{
global $hmuser;
$hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET);
hook_action('newpw_checkkey');
$key = hm_post('key');
$password = hm_post('password');
$password2 = hm_post('password2');
if ($password == $password2) {
$tableName = DB_PREFIX . "field";
$whereArray = array('name' => MySQL::SQLValue('lostpw_key'), 'object_type' => MySQL::SQLValue('user'), 'val' => MySQL::SQLValue($key));
$hmdb->SelectRows($tableName, $whereArray);
$row = $hmdb->Row();
$user_id = $row->object_id;
$salt = rand(100000, 999999);
$password_encode = hm_encode_str(md5($password . $salt));
$tableName = DB_PREFIX . "users";
$updateArray = array('user_pass' => MySQL::SQLValue($password_encode), 'salt' => MySQL::SQLValue($salt));
$whereArray = array('id' => MySQL::SQLValue($user_id, MySQL::SQLVALUE_NUMBER));
$hmdb->UpdateRows($tableName, $updateArray, $whereArray);
return json_encode(array('status' => 'success', 'mes' => _('Đã đổi mật khẩu thành công')));
} else {
return json_encode(array('status' => 'error', 'mes' => _('Hai mật khẩu bạn nhập vào không khớp')));
}
}
function install_db()
{
$host = $_SESSION['db']['host'];
$username = $_SESSION['db']['username'];
$password = $_SESSION['db']['password'];
$database = $_SESSION['db']['database'];
$prefix = $_SESSION['db']['prefix'];
$admin_username = trim($_POST['admin_username']);
$admin_password = trim($_POST['admin_password']);
$encryption_key = trim($_POST['encryption_key']);
$url_path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
/** install */
$mysqlConnection = mysql_connect($host, $username, $password);
mysql_select_db($database, $mysqlConnection);
mysql_query('SET NAMES "UTF8"');
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "content` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(500) NOT NULL,\n\t\t `slug` varchar(500) NOT NULL,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `parent` int(11) NOT NULL,\n\t\t `status` varchar(255) NOT NULL,\n\t\t `content_order` int(11) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'content ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "field` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(255) NOT NULL,\n\t\t `val` text NOT NULL,\n\t\t `object_id` int(11) NOT NULL,\n\t\t `object_type` varchar(255) NOT NULL,\n\t\t PRIMARY KEY (`id`),\n\t\t KEY `object_id` (`object_id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'field ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "media` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `media_group_id` int(11) NOT NULL,\n\t\t `file_info` text NOT NULL,\n\t\t `file_is_image` varchar(5) NOT NULL,\n\t\t `file_name` varchar(255) NOT NULL,\n\t\t `file_folder` varchar(255) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'media ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "media_groups` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(255) NOT NULL,\n\t\t `folder` varchar(255) NOT NULL,\n\t\t `parent` int(11) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'media_groups ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "object` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(255) NOT NULL,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `parent` int(11) NOT NULL,\n\t\t `order_number` int(11) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'object ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "option` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `section` varchar(500) NOT NULL,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `value` text NOT NULL,\n\t\t PRIMARY KEY (`id`),\n\t\t KEY `section` (`section`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'option ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "plugin` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `active` int(1) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'plugin ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "relationship` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `object_id` int(11) NOT NULL,\n\t\t `target_id` int(1) NOT NULL,\n\t\t `relationship` varchar(255) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'relationship ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "request_uri` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `object_id` int(11) NOT NULL,\n\t\t `object_type` varchar(255) NOT NULL,\n\t\t `uri` varchar(1000) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'request_uri ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "taxonomy` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(255) NOT NULL,\n\t\t `slug` varchar(255) NOT NULL,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `parent` int(11) NOT NULL,\n\t\t `status` varchar(255) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'taxonomy ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "users` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `user_login` varchar(255) NOT NULL,\n\t\t `user_pass` varchar(255) NOT NULL,\n\t\t `salt` int(6) NOT NULL,\n\t\t `user_nicename` varchar(255) NOT NULL,\n\t\t `user_email` varchar(255) NOT NULL,\n\t\t `user_activation_key` varchar(255) NOT NULL,\n\t\t `user_role` int(11) NOT NULL,\n\t\t `user_group` int(11) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t";
mysql_query($sql);
echo '<p>Tạo bảng : ' . $prefix . 'users ...</p>';
/**--------------------------------------------------------*/
/** user_admin */
$admin_salt = rand(0, 999999);
$password_encode = hm_encode_str(md5($admin_password . $admin_salt), $encryption_key);
$sql = "\n\t\tINSERT INTO `" . $prefix . "users` (`id`, `user_login`, `user_pass`, `salt`, `user_nicename`, `user_activation_key`, `user_role`, `user_group`) VALUES\n\t\t(1, '" . $admin_username . "', '" . $password_encode . "', '" . $admin_salt . "', '" . $admin_username . "', '0', 1, 0);\n\t";
mysql_query($sql);
echo '<p>Tạo tài khoản quản trị : ' . $admin_username . ' ...</p>';
/**--------------------------------------------------------*/
$sql = "\n\t\tINSERT INTO `hm_option` (`id`, `section`, `key`, `value`) VALUES\n\t\t(1, 'system_setting', 'theme', 'dong'),\n\t\t(2, 'system_setting', 'post_per_page', '10');\n\t";
mysql_query($sql);
echo '<p>Kích hoạt giao diện mặc định ...</p>';
/**--------------------------------------------------------*/
/** Tạo .htaccess */
$htaccess = '<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . ' . $url_path . 'index.php [L]
</IfModule>
<FilesMatch "\\.php$">
Order Deny,Allow
Deny from all
</FilesMatch>
<FilesMatch "^index\\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>';
$fp = fopen('.htaccess', 'w');
if ($fp) {
fwrite($fp, $htaccess);
fclose($fp);
} else {
echo '<p><strong>Quá trình tạo file : .htaccess thất bại, vui lòng tạo 1 file .htaccess (ngang hàng index.php) trên host với nội dung như sau:</strong></p>';
echo '<textarea class="form-control" rows="10">' . $htaccess . '</textarea>';
}
/** tạo file config */
$hm_config = file_get_contents('hm_include/install/hm_config_sample.php');
$hm_config = str_replace("define('DB_NAME', '');", "define('DB_NAME', '" . $database . "');", $hm_config);
$hm_config = str_replace("define('DB_USER', '');", "define('DB_USER', '" . $username . "');", $hm_config);
$hm_config = str_replace("define('DB_PASSWORD', '');", "define('DB_PASSWORD', '" . $password . "');", $hm_config);
$hm_config = str_replace("define('DB_HOST', '');", "define('DB_HOST', '" . $host . "');", $hm_config);
$hm_config = str_replace("define('DB_PREFIX', '');", "define('DB_PREFIX', '" . $prefix . "');", $hm_config);
$hm_config = str_replace("define('ENCRYPTION_KEY', '');", "define('ENCRYPTION_KEY', '" . $encryption_key . "');", $hm_config);
$hm_config = str_replace("define('FOLDER_PATH', '');", "define('FOLDER_PATH', '" . $url_path . "');", $hm_config);
if ($_SERVER['SERVER_PORT'] != '80') {
$hm_config = str_replace("define('SERVER_PORT', '');", "define('SERVER_PORT', ':" . $_SERVER['SERVER_PORT'] . "');", $hm_config);
}
$fp = fopen('hm_config.php', 'w');
if ($fp) {
fwrite($fp, $hm_config);
fclose($fp);
echo '<p class="alert alert-success" role="alert">Cài đặt mã nguồn thành công</p>';
echo '<p><a href="' . SITE_URL . 'admin/" class="btn btn-default">Đăng nhập quản trị</a></p>';
} else {
echo '<p><strong>Quá trình tạo file : hm_config.php thất bại, vui lòng tạo 1 file hm_config.php (ngang hàng index.php) trên host với nội dung như sau:</strong></p>';
echo '<textarea class="form-control" rows="10">' . $hm_config . '</textarea>';
}
}
/** Load template user box */
function ajax_add_user($args = array())
{
global $hmuser;
$hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET);
hook_action('ajax_add_user');
if (isset($args['id_update'])) {
$id_update = $args['id_update'];
} else {
$id_update = NULL;
}
$user_login = hm_post('user_login');
$password = hm_post('password');
$password2 = hm_post('password2');
$nicename = hm_post('nicename');
$user_email = hm_post('user_email');
$userrole = hm_post('userrole');
$user_group = hm_post('user_group', 0);
$salt = rand(100000, 999999);
$user_activation_key = '0';
if ($password != $password2) {
return json_encode(array('status' => 'error', 'mes' => _('Hai mật khẩu nhập vào không khớp')));
hm_exit();
}
$tableName = DB_PREFIX . "users";
/** check trùng user login */
if (!is_numeric($id_update)) {
$whereArray = array('user_login' => MySQL::SQLValue($user_login));
$hmdb->SelectRows($tableName, $whereArray);
if ($hmdb->HasRecords()) {
return json_encode(array('status' => 'error', 'mes' => _('Tài khoản này đã tồn tại')));
hm_exit();
}
}
$password_encode = hm_encode_str(md5($password . $salt));
/** Thêm tài khoản */
$values["user_login"] = MySQL::SQLValue($user_login);
$values["user_nicename"] = MySQL::SQLValue($nicename);
$values["user_email"] = MySQL::SQLValue($user_email);
$values["user_activation_key"] = MySQL::SQLValue($user_activation_key);
$values["user_role"] = MySQL::SQLValue($userrole);
$values["user_group"] = MySQL::SQLValue($user_group);
if (is_numeric($id_update)) {
if ($password != '') {
$values["user_pass"] = MySQL::SQLValue($password_encode);
$values["salt"] = MySQL::SQLValue($salt);
}
$whereArray = array('id' => $id_update);
$hmdb->AutoInsertUpdate($tableName, $values, $whereArray);
$insert_id = $id_update;
} else {
$values["user_pass"] = MySQL::SQLValue($password_encode);
$values["salt"] = MySQL::SQLValue($salt);
$insert_id = $hmdb->InsertRow($tableName, $values);
}
/** Lưu user field */
foreach ($_POST as $post_key => $post_val) {
if (is_numeric($insert_id)) {
if (is_array($post_val)) {
$post_val = json_encode($post_val);
}
$tableName = DB_PREFIX . 'field';
if ($post_key != 'password' and $post_key != 'password2') {
$values["name"] = MySQL::SQLValue($post_key);
$values["val"] = MySQL::SQLValue($post_val);
$values["object_id"] = MySQL::SQLValue($insert_id, MySQL::SQLVALUE_NUMBER);
$values["object_type"] = MySQL::SQLValue('user');
if (is_numeric($id_update)) {
$whereArray = array('object_id' => MySQL::SQLValue($id_update, MySQL::SQLVALUE_NUMBER), 'object_type' => MySQL::SQLValue('user'), 'name' => MySQL::SQLValue($post_key));
$hmdb->AutoInsertUpdate($tableName, $values, $whereArray);
} else {
$hmdb->InsertRow($tableName, $values);
}
}
unset($values);
}
}
if (is_numeric($id_update)) {
return json_encode(array('status' => 'updated', 'mes' => _('Đã sửa thông tin tài khoản : ' . $user_login)));
} else {
return json_encode(array('status' => 'success', 'mes' => _('Đã thêm tài khoản : ' . $user_login)));
}
}
