/**
* RSSUser constructor:
* Handles:
* -logout
* -cookie login (with validation)
* -login
*/
function RSSUser()
{
$this->_uid = 0;
$this->_validIPs = array();
$this->_level = RSS_USER_LEVEL_NOLEVEL;
$this->_uname = '';
$this->_realName = '';
$this->_hash = null;
$this->_showPrivate = 0;
$this->_mobileSession = isset($_POST['media']) && 'mobile' == $_POST['media'];
if ('mobile' == getThemeMedia()) {
@ini_set('session.use_trans_sid', true);
session_start();
}
if (array_key_exists('logout', $_GET)) {
$this->logout();
rss_redirect('');
}
$cuname = $chash = null;
if (isset($_POST['username']) && isset($_POST['password'])) {
$_cuname = trim($_POST['username']);
if ($this->_mobileSession) {
$_chash = md5(md5($_POST['password'] . $_POST['username']));
} else {
$_chash = md5($_POST['password']);
}
if ($this->login($_cuname, $_chash)) {
$cuname = $_cuname;
$chash = $_chash;
$this->_action = RSS_USER_ACTION_LOGIN;
}
} elseif (isset($_COOKIE[RSS_USER_COOKIE])) {
list($cuname, $chash) = explode('|', $_COOKIE[RSS_USER_COOKIE]);
$this->_action = RSS_USER_ACTION_COOKIE;
} elseif (isset($_SESSION['mobile'])) {
list($cuname, $chash) = explode('|', $_SESSION['mobile']);
$this->_mobileSession = true;
$this->_action = RSS_USER_ACTION_SESSION;
}
if ($cuname && $chash) {
$sql = "select uid, uname, ulevel, realname, userips from " . getTable('users') . " where uname='" . rss_real_escape_string($cuname) . "' and password='******'#[^a-zA-Z0-9]#', '', md5($chash)) . "'";
$rs = rss_query($sql);
if (rss_num_rows($rs) == 1) {
list($uid, $uname, $level, $realName, $tmpUserIps) = rss_fetch_row($rs);
$userIPs = explode(' ', $tmpUserIps);
$subnet = preg_replace('#^([0-9]+\\.[0-9]+\\.[0-9]+)\\.[0-9]+$#', '\\1', $_SERVER['REMOTE_ADDR']);
if (array_search($subnet, $userIPs) !== FALSE || $this->_action != RSS_USER_ACTION_COOKIE) {
$this->_uid = $uid;
$this->_uname = $uname;
$this->_validIPs = $userIPs;
$this->_level = $level;
$this->_realName = $realName;
$this->_hash = $chash;
}
}
}
}
function set_admin_pass($uname = null, $pass = null)
{
$sql = "select count(*) from " . getTable('users') . " where password != '' and ulevel >=99";
list($adminexists) = rss_fetch_row(rss_query($sql));
if ($adminexists) {
die('Oops. Admin already exists!');
}
if ($uname && $pass) {
rss_query("update " . getTable('users') . " set uname='{$uname}', " . "password='******' where ulevel=99");
rss_invalidate_cache();
rss_redirect('admin/');
exit;
}
admin_header();
?>
<script type="text/javascript">
<!--
function on_submit_password_match() {
pass=document.getElementById('password').value;
pass2=document.getElementById('password2').value;
if(pass !== pass2){
msg = '<?php
echo __('Passwords do not match!');
?>
';
document.getElementById('admin_match_result').innerHTML = msg;
document.getElementById('password').value = '';
document.getElementById('password2').value = '';
return false;
}else{
document.getElementById('password2').value = '';
return loginHandler();
}
}
-->
</script>
<?php
echo "\n<div id=\"channel_admin\" class=\"frame\">";
echo "<h2></h2>\n" . __('<p>No Administrator has been specified yet!</p><p>Please provide an Administrator username and password now!</p>');
echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" onsubmit=\"return on_submit_password_match();\" method=\"post\">\n" . "<fieldset style=\"width:400px;\">" . "<p><label style=\"display:block\" for=\"username\">" . __('Username') . ":</label>\n" . "<input type=\"text\" id=\"username\" name=\"username\" /></p>\n" . "<p><label style=\"display:block\" for=\"password\">" . __('Password') . ":</label>\n" . "<input type=\"password\" id=\"password\" name=\"password\" /></p>\n" . "<p><label style=\"display:block\" for=\"password2\">" . __('Password (again)') . ":</label>\n" . "<input type=\"password\" id=\"password2\" name=\"password2\" /></p>\n" . "<p><input type=\"submit\" value=\"" . __('OK') . "\" /></p>\n" . "<div style=\"display:inline;\" id=\"admin_match_result\"></div>\n" . "</fieldset>\n" . "</form>\n";
echo "</div>\n";
admin_footer();
exit;
}
function render()
{
$newIds = array();
$ret = update("");
if (is_array($ret)) {
$newIds = $ret[1];
}
parent::cleanUp($newIds);
if (!array_key_exists('silent', $_GET)) {
rss_redirect();
}
}
}
}
}
if (!$next_vfid && $first_vfid) {
$next_vfid = $first_vfid;
}
if ($next_vfid) {
$vfid = $next_vfid;
$sql = "select distinct(fid) from " . getTable('metatag') . " where tid = {$vfid}";
$res = rss_query($sql);
$cids = array();
while (list($cid__) = rss_fetch_row($res)) {
$cids[] = $cid__;
}
} else {
rss_redirect();
}
break;
}
if (array_key_exists('redirectto', $_REQUEST)) {
header("Location: " . $_REQUEST['redirectto']);
exit;
}
}
//echo ("cid=".(isset($cid)?"$cid":"") . " fid=" . (isset($fid)?"$fid":""));
assert(isset($cid) && is_numeric($cid) || isset($fid) && isset($cids) && is_array($cids) && count($cids) || isset($vfid) && isset($cids) && is_array($cids) && count($cids) || !isset($cid) && ($y || $m));
$itemFound = true;
if ($iid != "" && !is_numeric($iid)) {
//item was deleted
$itemFound = false;
$iid = "";
function rss_plugins_redirect_to_plugin_config($filename)
{
rss_redirect("/admin/index.php" . "?" . CST_ADMIN_DOMAIN . "=" . CST_ADMIN_DOMAIN_PLUGIN_OPTIONS . "&action=" . CST_ADMIN_EDIT_ACTION . "&plugin_name=" . $filename);
}
