/** * RSSUser constructor: * Handles: * -logout * -cookie login (with validation) * -login */ function RSSUser() { $this->_uid = 0; $this->_validIPs = array(); $this->_level = RSS_USER_LEVEL_NOLEVEL; $this->_uname = ''; $this->_realName = ''; $this->_hash = null; $this->_showPrivate = 0; $this->_mobileSession = isset($_POST['media']) && 'mobile' == $_POST['media']; if ('mobile' == getThemeMedia()) { @ini_set('session.use_trans_sid', true); session_start(); } if (array_key_exists('logout', $_GET)) { $this->logout(); rss_redirect(''); } $cuname = $chash = null; if (isset($_POST['username']) && isset($_POST['password'])) { $_cuname = trim($_POST['username']); if ($this->_mobileSession) { $_chash = md5(md5($_POST['password'] . $_POST['username'])); } else { $_chash = md5($_POST['password']); } if ($this->login($_cuname, $_chash)) { $cuname = $_cuname; $chash = $_chash; $this->_action = RSS_USER_ACTION_LOGIN; } } elseif (isset($_COOKIE[RSS_USER_COOKIE])) { list($cuname, $chash) = explode('|', $_COOKIE[RSS_USER_COOKIE]); $this->_action = RSS_USER_ACTION_COOKIE; } elseif (isset($_SESSION['mobile'])) { list($cuname, $chash) = explode('|', $_SESSION['mobile']); $this->_mobileSession = true; $this->_action = RSS_USER_ACTION_SESSION; } if ($cuname && $chash) { $sql = "select uid, uname, ulevel, realname, userips from " . getTable('users') . " where uname='" . rss_real_escape_string($cuname) . "' and password='******'#[^a-zA-Z0-9]#', '', md5($chash)) . "'"; $rs = rss_query($sql); if (rss_num_rows($rs) == 1) { list($uid, $uname, $level, $realName, $tmpUserIps) = rss_fetch_row($rs); $userIPs = explode(' ', $tmpUserIps); $subnet = preg_replace('#^([0-9]+\\.[0-9]+\\.[0-9]+)\\.[0-9]+$#', '\\1', $_SERVER['REMOTE_ADDR']); if (array_search($subnet, $userIPs) !== FALSE || $this->_action != RSS_USER_ACTION_COOKIE) { $this->_uid = $uid; $this->_uname = $uname; $this->_validIPs = $userIPs; $this->_level = $level; $this->_realName = $realName; $this->_hash = $chash; } } } }
function set_admin_pass($uname = null, $pass = null) { $sql = "select count(*) from " . getTable('users') . " where password != '' and ulevel >=99"; list($adminexists) = rss_fetch_row(rss_query($sql)); if ($adminexists) { die('Oops. Admin already exists!'); } if ($uname && $pass) { rss_query("update " . getTable('users') . " set uname='{$uname}', " . "password='******' where ulevel=99"); rss_invalidate_cache(); rss_redirect('admin/'); exit; } admin_header(); ?> <script type="text/javascript"> <!-- function on_submit_password_match() { pass=document.getElementById('password').value; pass2=document.getElementById('password2').value; if(pass !== pass2){ msg = '<?php echo __('Passwords do not match!'); ?> '; document.getElementById('admin_match_result').innerHTML = msg; document.getElementById('password').value = ''; document.getElementById('password2').value = ''; return false; }else{ document.getElementById('password2').value = ''; return loginHandler(); } } --> </script> <?php echo "\n<div id=\"channel_admin\" class=\"frame\">"; echo "<h2></h2>\n" . __('<p>No Administrator has been specified yet!</p><p>Please provide an Administrator username and password now!</p>'); echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" onsubmit=\"return on_submit_password_match();\" method=\"post\">\n" . "<fieldset style=\"width:400px;\">" . "<p><label style=\"display:block\" for=\"username\">" . __('Username') . ":</label>\n" . "<input type=\"text\" id=\"username\" name=\"username\" /></p>\n" . "<p><label style=\"display:block\" for=\"password\">" . __('Password') . ":</label>\n" . "<input type=\"password\" id=\"password\" name=\"password\" /></p>\n" . "<p><label style=\"display:block\" for=\"password2\">" . __('Password (again)') . ":</label>\n" . "<input type=\"password\" id=\"password2\" name=\"password2\" /></p>\n" . "<p><input type=\"submit\" value=\"" . __('OK') . "\" /></p>\n" . "<div style=\"display:inline;\" id=\"admin_match_result\"></div>\n" . "</fieldset>\n" . "</form>\n"; echo "</div>\n"; admin_footer(); exit; }
function render() { $newIds = array(); $ret = update(""); if (is_array($ret)) { $newIds = $ret[1]; } parent::cleanUp($newIds); if (!array_key_exists('silent', $_GET)) { rss_redirect(); } }
} } } if (!$next_vfid && $first_vfid) { $next_vfid = $first_vfid; } if ($next_vfid) { $vfid = $next_vfid; $sql = "select distinct(fid) from " . getTable('metatag') . " where tid = {$vfid}"; $res = rss_query($sql); $cids = array(); while (list($cid__) = rss_fetch_row($res)) { $cids[] = $cid__; } } else { rss_redirect(); } break; } if (array_key_exists('redirectto', $_REQUEST)) { header("Location: " . $_REQUEST['redirectto']); exit; } } //echo ("cid=".(isset($cid)?"$cid":"") . " fid=" . (isset($fid)?"$fid":"")); assert(isset($cid) && is_numeric($cid) || isset($fid) && isset($cids) && is_array($cids) && count($cids) || isset($vfid) && isset($cids) && is_array($cids) && count($cids) || !isset($cid) && ($y || $m)); $itemFound = true; if ($iid != "" && !is_numeric($iid)) { //item was deleted $itemFound = false; $iid = "";
function rss_plugins_redirect_to_plugin_config($filename) { rss_redirect("/admin/index.php" . "?" . CST_ADMIN_DOMAIN . "=" . CST_ADMIN_DOMAIN_PLUGIN_OPTIONS . "&action=" . CST_ADMIN_EDIT_ACTION . "&plugin_name=" . $filename); }