private function show_smilies()
{
$smilies = config_file("smilies");
$this->output->open_tag("smilies");
foreach ($smilies as $smiley) {
$smiley = explode("\t", chop($smiley));
$text = array_shift($smiley);
$image = array_pop($smiley);
$this->output->add_tag("smiley", $image, array("text" => $text));
}
$this->output->close_tag();
}
public function execute()
{
$menu = array("Authentication & authorization" => array("Users" => array("cms/user", "users.png"), "Roles" => array("cms/role", "roles.png"), "Organisations" => array("cms/organisation", "organisations.png"), "Access" => array("cms/access", "access.png"), "Flags" => array("cms/flag", "flags.png"), "User switch" => array("cms/switch", "switch.png")), "Content" => array("Agenda" => array("cms/agenda", "agenda.png"), "Dictionary" => array("cms/dictionary", "dictionary.png"), "F.A.Q." => array("cms/faq", "faq.png"), "Files" => array("cms/file", "file.png"), "Forum" => array("cms/forum", "forum.png"), "Guestbook" => array("cms/guestbook", "guestbook.png"), "Languages" => array("cms/language", "language.png"), "Links" => array("cms/links", "links.png"), "Menu" => array("cms/menu", "menu.png"), "News" => array("cms/news", "news.png"), "Pages" => array("cms/page", "page.png"), "Polls" => array("cms/poll", "poll.png"), "Weblog" => array("cms/weblog", "weblog.png")), "Photo album" => array("Albums" => array("cms/album", "album.png"), "Collections" => array("cms/collection", "collection.png"), "Photos" => array("cms/photo", "photo.png")), "Newsletter" => array("Newsletter" => array("cms/newsletter", "newsletter.png"), "Subscriptions" => array("cms/subscriptions", "subscriptions.png")), "System" => array("Logging" => array("cms/logging", "logging.png"), "Action log" => array("cms/action", "action.png"), "Settings" => array("cms/settings", "settings.png"), "API test" => array("cms/apitest", "apitest.png")));
/* Show warnings
*/
if ($this->user->is_admin) {
if (module_exists("setup")) {
$this->output->add_system_warning("The setup module is still available. Remove it from settings/public_modules.conf.");
}
if ($this->user->id == 1 && $this->user->password == "c10b391ff5e75af6ee8469539e6a5428f09eff7e693d6a8c4de0e5525cd9b287") {
$this->output->add_system_warning("Don't forget to change the password of the admin account!");
}
if ($this->settings->secret_website_code == "CHANGE_ME_INTO_A_RANDOM_STRING") {
$this->output->add_system_warning("Don't forget to change the secret_website_code setting.");
}
if (is_true(DEBUG_MODE)) {
$this->output->add_system_warning("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'.");
}
}
if ($this->page->pathinfo[1] != null) {
$this->output->add_system_warning("The administration module '%s' does not exist.", $this->page->pathinfo[1]);
}
/* Show icons
*/
if (is_false(MULTILINGUAL)) {
unset($menu["Content"]["Languages"]);
}
$access_list = page_access_list($this->db, $this->user);
$private_modules = config_file("private_modules");
$this->output->open_tag("menu");
foreach ($menu as $text => $section) {
$this->output->open_tag("section", array("text" => $text, "class" => strtr(strtolower($text), " &", "__")));
foreach ($section as $text => $info) {
list($module, $icon) = $info;
if (in_array($module, $private_modules) == false) {
continue;
}
if (isset($access_list[$module])) {
$access = $access_list[$module] > 0;
} else {
$access = true;
}
$this->output->add_tag("entry", $module, array("text" => $text, "access" => show_boolean($access), "icon" => $icon));
}
$this->output->close_tag();
}
$this->output->close_tag();
}
public function save_oke($page)
{
$result = true;
if (valid_input(trim($page["url"]), VALIDATE_URL, VALIDATE_NONEMPTY) == false) {
$this->output->add_message("URL is empty or contains invalid characters.");
$result = false;
} else {
if (strpos($page["url"], "//") !== false || $page["url"][0] !== "/") {
$this->output->add_message("Invalid URL.");
$result = false;
}
}
if (in_array($page["language"], array_keys(config_array(SUPPORTED_LANGUAGES))) == false) {
$this->output->add_message("Language not supported.");
$result = false;
}
if (($layouts = $this->get_layouts()) != false) {
if (in_array($page["layout"], $layouts) == false) {
$this->output->add_message("Invalid layout.");
$result = false;
}
}
if (trim($page["title"]) == "") {
$this->output->add_message("Empty title not allowed.");
$result = false;
}
if (valid_input($page["language"], VALIDATE_NONCAPITALS, 2) == false) {
$this->output->add_message("Invalid language code.");
$result = false;
}
$module = ltrim($page["url"], "/");
$public_pages = page_to_module(config_file("public_pages"));
$private_pages = page_to_module(config_file("private_pages"));
if (in_array($module, $public_pages) || in_array($module, $private_pages)) {
$this->output->add_message("URL belongs to a module.");
$result = false;
} else {
$query = "select * from pages where id!=%d and url=%s limit 1";
if (($page = $this->db->execute($query, $page["id"], $page["url"])) != false) {
if (count($page) > 0) {
$this->output->add_message("URL belongs to another page.");
$result = false;
}
}
}
return $result;
}
public function get_public_urls()
{
/* Modules on disk
*/
$exclude = array("captcha.png", "logout", "offline", "password", "sitemap.xml");
$urls = array_diff(config_file("public_modules"), $exclude);
/* Pages from database
*/
$query = "select url from pages where private=%d";
if (($pages = $this->db->execute($query, NO)) != false) {
foreach ($pages as $page) {
array_push($urls, ltrim($page["url"], "/"));
}
}
sort($urls);
return $urls;
}
public function execute()
{
$menu = array("Authentication, authorization & system" => array("Users" => array("cms/user", "users.png"), "Roles" => array("cms/role", "roles.png"), "Organisations" => array("cms/organisation", "organisations.png"), "Access" => array("cms/access", "access.png"), "User switch" => array("cms/switch", "switch.png"), "Action log" => array("cms/action", "action.png"), "Settings" => array("cms/settings", "settings.png")), "Content" => array("Files" => array("cms/file", "file.png"), "Hostnames" => array("cms/hostname", "hostname.gif"), "Menu" => array("cms/menu", "menu.png"), "Pages" => array("cms/page", "page.png"), "Webservers" => array("cms/webserver", "webserver.png")));
/* Show warnings
*/
if ($this->user->is_admin) {
if ($this->user->id == 1 && $this->user->password == "610706e9a48f85476e04d270bd6dc7492cdcd9ad7e91878007dff629ab11f195") {
$this->output->add_system_warning("Don't forget to change the password of the admin account!");
}
if ($this->settings->secret_website_code == "CHANGE_ME_INTO_A_RANDOM_STRING") {
$this->output->add_system_warning("Don't forget to change the secret_website_code setting.");
}
if (is_true(DEBUG_MODE)) {
$this->output->add_system_warning("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'.");
}
}
if ($this->page->pathinfo[1] != null) {
$this->output->add_system_warning("The administration module '%s' does not exist.", $this->page->pathinfo[1]);
}
/* Show icons
*/
if (is_false(MULTILINGUAL)) {
unset($menu["Content"]["Languages"]);
}
$access_list = page_access_list($this->db, $this->user);
$private_pages = config_file("private_pages");
$this->output->open_tag("menu");
foreach ($menu as $text => $section) {
$this->output->open_tag("section", array("text" => $text, "class" => strtr(strtolower($text), " &", "__")));
foreach ($section as $text => $info) {
list($page, $icon) = $info;
if (in_array($page, $private_pages) == false) {
continue;
}
if (isset($access_list[$page])) {
$access = $access_list[$page] > 0;
} else {
$access = true;
}
$this->output->add_tag("entry", $page, array("text" => $text, "access" => show_boolean($access), "icon" => $icon));
}
$this->output->close_tag();
}
$this->output->close_tag();
}
public function __construct()
{
$arguments = func_get_args();
call_user_func_array(array("parent", "__construct"), $arguments);
if ($this->language === null) {
return;
}
/* Add supported languages
*/
foreach ($this->language->supported as $lang => $label) {
$this->elements[$lang] = array("label" => $label, "type" => "text", "overview" => false, "required" => true);
}
/* Set page options
*/
$modules = page_to_module(array_merge(config_file("public_pages"), config_file("private_pages")));
sort($modules);
array_unshift($modules, "*");
$modules = array_combine($modules, $modules);
$this->elements["page"]["options"] = $modules;
}
exit;
}
if(isset($_GET["scripts"])){echo scripts();exit;}
if(isset($_GET["tabs"])){tabs();exit;}
if(isset($_GET["databases"])){databases_status();exit;}
if(isset($_GET["ufdbg-community"])){community_status();exit;}
if(isset($_GET["maintenance"])){maintenance_status();exit;}
if(isset($_GET["CompileMissingdb"])){CompileMissingdb();exit;}
if(isset($_GET["MaintenanceReCompileDB"])){maintenance_status_list_compile();exit;}
if(isset($_GET["CompileAlldbs"])){CompileAlldbs();exit;}
if(isset($_GET["schedule"])){schedule();exit;}
if(isset($_GET["EnableSchedule"])){schedule_save();exit;}
if(isset($_GET["maintenance-status-list"])){maintenance_status_list();exit;}
if(isset($_GET["config-file"])){config_file();exit;}
if(isset($_GET["events"])){events();exit;}
popup();
function popup(){
$page=CurrentPageName();
$html="<div id='ufdbguard-tabs'></div>
<script>LoadAjax('ufdbguard-tabs','$page?tabs=yes');</script>";echo $html;
}
function tabs(){
$page=CurrentPageName();
$users=new usersMenus();
$array["databases"]='{databases}';
$array["maintenance"]='{maintenance}';
function module_exists($module)
{
if (in_array($module, config_file("public_modules"))) {
return true;
} else {
if (in_array($module, config_file("private_modules"))) {
return true;
}
}
return false;
}
exit;
}
if (isset($_GET["schedule"])) {
schedule();
exit;
}
if (isset($_GET["EnableSchedule"])) {
schedule_save();
exit;
}
if (isset($_GET["maintenance-status-list"])) {
maintenance_status_list();
exit;
}
if (isset($_GET["config-file"])) {
config_file();
exit;
}
if (isset($_GET["events"])) {
events();
exit;
}
popup();
function popup()
{
$page = CurrentPageName();
$html = "<div id='ufdbguard-tabs'></div>\n\t<script>LoadAjax('ufdbguard-tabs','{$page}?tabs=yes');</script>";
echo $html;
}
function tabs()
{
/**
* Try to write configuration file, return false if not successful
* @return bool
*/
function config_write_file()
{
global $messages, $CFG;
$config_file = 'config.php';
if (is_writable($CFG->dirroot . $config_file) || is_writable($CFG->dirroot)) {
$f = @fopen($CFG->dirroot . $config_file, 'w');
if (!$f) {
$messages[] = __gettext('Could not write configuration file in your elgg directory.');
} else {
// write file
fwrite($f, config_file());
fclose($f);
}
} else {
$messages[] = __gettext('Could not write configuration file in your elgg directory.');
}
if (empty($messages)) {
return true;
} else {
return false;
}
}
/**
* Function: using_yaml
* Are they using YAML config storage?
*/
function using_yaml()
{
return basename(config_file()) != "config.php" and basename(database_file()) != "database.php" or !database_file();
}
public function translate_smilies()
{
/* Load configuration
*/
if ($this->smilies === null) {
$this->smilies = array();
foreach (config_file("smilies") as $line) {
$line = explode("\t", chop($line));
$text = array_shift($line);
$image = array_pop($line);
$this->smilies[$text] = $image;
}
}
/* Translate smilies
*/
foreach ($this->smilies as $text => $image) {
$image = "<img src=\"/images/smilies/" . $image . "\">";
$text_len = strlen($text);
if ($this->message == $text) {
$this->message = $image;
continue;
}
if (substr($this->message, 0, $text_len + 1) == $text . " ") {
$this->message = $image . substr($this->message, $text_len);
}
$this->message = str_replace(" " . $text, " " . $image, $this->message);
}
return $this->message;
}
public function access_allowed($page)
{
static $access = array();
/* Always access
*/
$allowed = array(LOGOUT_MODULE);
if ($this->is_admin || in_array($page, $allowed)) {
return true;
}
/* Public module
*/
if (in_array($page, page_to_module(config_file("public_pages")))) {
return true;
}
/* Public page in database
*/
$query = "select count(*) as count from pages where url=%s and private=%d";
if (($result = $this->db->execute($query, "/" . $page, NO)) == false) {
return false;
} else {
if ($result[0]["count"] > 0) {
return true;
}
}
/* No roles, no access
*/
if (count($this->record["role_ids"]) == 0) {
return false;
}
/* Cached?
*/
if (isset($access[$page])) {
return $access[$page];
}
/* Check access
*/
$conditions = $rids = array();
foreach ($this->record["role_ids"] as $rid) {
array_push($conditions, "%d");
array_push($rids, $rid);
}
if (in_array($page, page_to_module(config_file("private_pages")))) {
/* Pages on disk (modules)
*/
$query = "select %S from roles where id in (" . implode(", ", $conditions) . ")";
if (($access = $this->db->execute($query, $page, $rids)) == false) {
return false;
}
} else {
/* Pages in database
*/
$query = "select a.level from page_access a, pages p " . "where a.page_id=p.id and p.url=%s and a.level>0 " . "and a.role_id in (" . implode(", ", $conditions) . ")";
if (($access = $this->db->execute($query, "/" . $page, $rids)) == false) {
return false;
}
}
$access[$page] = max(array_flatten($access)) > 0;
return $access[$page];
}
public function select_module($page)
{
if ($this->module !== null && $this->module !== LOGIN_MODULE) {
return;
}
/* Old browser
*/
if (preg_match("/MSIE [5678]/", $_SERVER["HTTP_USER_AGENT"]) > 0) {
$this->module = "banshee/browser";
return;
}
/* Public module
*/
if (($this->module = $this->module_on_disk($page, config_file("public_modules"))) !== null) {
$module_count = substr_count($this->module, "/") + 1;
$this->parameters = array_slice($this->pathinfo, $module_count);
return;
} else {
if (($this->module = $this->page_in_database($page, NO)) !== null) {
return;
}
}
/* Change profile before access to private pages
*/
if ($this->user->logged_in && $page != LOGOUT_MODULE) {
if ($this->user->status == USER_STATUS_CHANGEPWD && isset($_SESSION["user_switch"]) == false) {
$page = "profile";
$this->type = "";
}
}
/* Private module
*/
if (($this->module = $this->module_on_disk($page, config_file("private_modules"))) === null) {
$this->module = $this->page_in_database($page, YES);
}
if ($this->module == null) {
/* Page does not exist.
*/
$this->module = ERROR_MODULE;
$this->http_code = 404;
$this->type = "";
} else {
if ($this->user->logged_in == false) {
/* User not logged in.
*/
$this->module = LOGIN_MODULE;
$this->type = "";
} else {
if ($this->user->access_allowed($this->__get("page") . $this->type) == false) {
/* Access denied because not with right role.
*/
$this->module = ERROR_MODULE;
$this->http_code = 403;
$this->type = "";
$this->user->log_action("unauthorized request for page %s", $page);
} else {
/* Access allowed.
*/
$this->is_public = false;
$_SESSION["last_private_visit"] = time();
$module_count = substr_count($this->module, "/") + 1;
$this->parameters = array_slice($this->pathinfo, $module_count);
}
}
}
}
function page_access_list($db, $user)
{
$access_rights = array();
/* Public pages on disk
*/
$public = page_to_module(config_file("public_pages"));
foreach ($public as $page) {
$access_rights[$page] = 1;
}
/* Private pages on disk
*/
$private_pages = page_to_module(config_file("private_pages"));
foreach ($private_pages as $page) {
$access_rights[$page] = $user->is_admin ? YES : NO;
}
if ($user->logged_in && $user->is_admin == false) {
$query = "select * from roles where id in " . "(select role_id from user_role where user_id=%d)";
if (($roles = $db->execute($query, $user->id)) === false) {
return false;
}
foreach ($roles as $role) {
$role = array_slice($role, 2);
foreach ($role as $page => $level) {
$level = (int) $level;
if ($user->is_admin && $level == NO) {
$level = YES;
}
if (isset($access_rights[$page]) == false) {
$access_rights[$page] = $level;
} else {
if ($access_rights[$page] < $level) {
$access_rights[$page] = $level;
}
}
}
}
}
/* Pages in database
*/
if (($pages = $db->execute("select * from pages")) === false) {
return false;
}
foreach ($pages as $page) {
$access_rights[ltrim($page["url"], "/")] = is_false($page["private"]) || $user->is_admin ? YES : NO;
}
if ($user->logged_in && $user->is_admin == false) {
$conditions = $rids = array();
foreach ($user->role_ids as $rid) {
array_push($conditions, "role_id=%d");
array_push($rids, $rid);
}
$query = "select p.url,a.level from pages p, page_access a " . "where p.id=a.page_id and (" . implode(" or ", $conditions) . ")";
if (($pages = $db->execute($query, $rids)) === false) {
return false;
}
foreach ($pages as $page) {
$url = ltrim($page["url"], "/");
if ($access_rights[$url] < $page["level"]) {
$access_rights[$url] = $page["level"];
}
}
}
return $access_rights;
}
