/** * This function must check the user session to be sure that he/she is * authorized to upload and access files in the File Browser. * * @return boolean */ function CheckAuthentication() { // WARNING : DO NOT simply return "true". By doing so, you are allowing // "anyone" to upload and list the files in your server. You must implement // some kind of session validation here. Even something very simple as... // return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized']; // ... where $_SESSION['IsAuthorized'] is set to "true" as soon as the // user logs in your system. To be able to use session variables don't // forget to add session_start() at the top of this file. if (!class_exists("User")) { //Check if Orongo was loaded require "../../startOrongo.php"; startOrongo(); } //ORONGOCMS AUTHENTICATION: if (!function_exists('getUser')) { return false; } if (getUser() == null) { return false; } if (getUser()->getRank() < RANK_WRITER) { return false; } return true; }
<?php /** * @author Jaco Ruit */ require 'startOrongo.php'; startOrongo('orongo-login'); $msg = null; $msgtype = null; if (getUser() != null) { header("Location: orongo-admin"); } if (isset($_GET['msg'])) { $msgCode = Security::escape($_GET['msg']); switch ($msgCode) { case 0: $msg = l("LOGIN_MSG_WRONG_DETAILS"); $msgtype = "error"; break; case 1: $msg = l("LOGIN_MSG_LOGGED_OUT"); $msgtype = "success"; break; case 2: $msg = l("LOGIN_MSG_REG_SUCCESS"); $msgtype = "info"; break; case 3: $msg = l("LOGIN_MSG_REG_INTERNAL_ERROR"); $msgtype = "warning"; break;
<?php /** * @author Jaco Ruit */ require 'startOrongo.php'; startOrongo('article'); $article = null; if (!isset($_GET['id'])) { header('Location: ' . orongoURL("error.php?error_code=404")); exit; } else { try { $article = new Article($_GET['id']); } catch (Exception $e) { if ($e->getCode() == ARTICLE_NOT_EXIST) { header('Location: ' . orongoURL("error.php?error_code=404")); exit; } else { header('Location: ' . orongoURL("error.php?error_code=500")); exit; } } } $articleFO = new ArticleFrontend(); $articleFO->main(array("time" => time(), "article" => &$article)); $articleFO->render();
<?php /** * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_create'); Security::promptAuth(); if (getUser()->getRank() < RANK_WRITER) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } if (!isset($_SERVER['QUERY_STRING'])) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit; } $object = $_SERVER['QUERY_STRING']; $create = new AdminFrontend(); $create->main(array("time" => time(), "page_title" => "Create", "page_template" => "dashboard")); if (isset($_GET['msg'])) { if (isset($_GET['obj'])) { $object = $_GET['obj']; } switch ($_GET['msg']) { case 0: $create->addMessage(l("Object post error"), "error"); break; case 1: $create->addMessage(l("Object post success"), "success"); break; default:
<?php /** * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_orongo-settings'); Security::promptAuth(); if (getUser()->getRank() != RANK_ADMIN) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } $settings = new AdminFrontend(); if (isset($_GET['msg'])) { switch ($_GET['msg']) { case 0: $settings->addMessage(l("Settings saved"), "success"); default: break; } } $settings->main(array('time' => time(), 'page_title' => 'Orongo Settings', 'page_template' => 'dashboard')); $settingForm = new AdminFrontendForm(100, "Orongo Settings", "POST", orongoURL("actions/action_SaveOrongoSettings.php")); $settingForm->addInput("Website Name", "website_name", "text", Settings::getWebsiteName()); $settingForm->addInput("Website URL", "website_url", "text", Settings::getWebsiteURL()); $settingForm->addInput("Admin Email", "admin_email", "text", Settings::getEmail()); $currentShowArchiveString = Settings::showArchive() ? l("Yes") : l("No"); $settingForm->addRadios("Show archive", "show_archive", array(l("Yes") => "true", l("No") => "false"), $currentShowArchiveString); $languages = array(Settings::getLanguageName() => "nl_NL"); $files = @scandir(ADMIN . '/lang/'); if (is_array($files)) {
<?php /** * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_index'); Security::promptAuth(); $index = new AdminFrontend(); $index->main(array("time" => time(), "page_title" => "Dashboard", "page_template" => "dashboard")); if (isset($_GET['msg'])) { switch ($_GET['msg']) { case 0: $index->addMessage(l("No Permission"), "error"); break; case 1: $index->addMessage(l("Invalid Query Arg"), "warning"); break; case 2: $index->addMessage(l("Internal Error"), "warning"); break; } } $text = "<strong>Thank you for testing OrongoCMS!</strong><br/><br/>"; $text .= "<p>To check for updates go to <a href='" . orongoURL("orongo-admin/orongo-update-check.php") . "'>the update checker</a>."; $text .= "<br/>Found bugs? Please post them <a href='" . orongoURL("orongo-admin/post-issue.php") . "'>here</a>."; $text .= "<br/>You can find the terminal of your OrongoCMS installation <a href='" . OrongoURL("orongo-admin/terminal.php") . "'>here</a>."; $text .= "<br/><br/>Enjoy OrongoCMS,<br/> "; $text .= "<strong>The OrongoCMS Team</strong>"; $index->addObject(new AdminFrontendObject(100, "Info", $text, null, false)); $index->render();
<?php /** * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_manage'); Security::promptAuth(); if (getUser()->getRank() < RANK_WRITER) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } $manage = new AdminFrontend(); $manage->main(array("time" => time(), "page_title" => "Manage", "page_template" => "dashboard")); if (!isset($_SERVER['QUERY_STRING'])) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit; } $object = $_SERVER['QUERY_STRING']; if (isset($_GET['msg']) && isset($_GET['obj'])) { $object = $_GET['obj']; switch ($_GET['msg']) { case 0: $manage->addMessage(l("Object not exists"), "error"); break; case 1: $manage->addMessage(l("Object delete success"), "success"); break; case 2: $manage->addMessage(l("Object delete error"), "error"); break;
<?php /** * Using the great terminal jQuery plugin: http://terminal.jcubic.pl. Also credits for the guy(s) who made it, it rocks! * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_terminal'); Security::promptAuth(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <title>OrongoTerminal</title> <script src="http://code.jquery.com/jquery-latest.js" type="text/javascript"></script> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <script src="<?php echo Settings::getWebsiteURL(); ?> js/jquery.mousewheel-min.js"></script> <script src="<?php echo Settings::getWebsiteURL(); ?> js/jquery.terminal-0.4.6.min.js"></script> <link href="<?php echo Settings::getWebsiteURL(); ?> orongo-admin/theme/css/jquery.terminal.css" rel="stylesheet"/> <script> jQuery(document).ready(function($) { $(document.documentElement).terminal("<?php
<?php /** * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_post-issue'); Security::promptAuth(); if (getUser()->getRank() < RANK_ADMIN) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } $postIssue = new AdminFrontend(); getDisplay()->addHTML('<script src="' . orongoURL("js/ajax.boolean.js") . '" type="text/javascript"></script>'); if (isset($_GET['token'])) { $_SESSION["auth-sub-token"] = $_GET['token']; getDisplay()->closeWindow(); exit; } if (!isset($_SESSION["auth-sub-token"])) { $postIssue->main(array("time" => time(), "page_title" => "Login to Google", "page_template" => "dashboard")); $postIssue->addObject(new AdminFrontendObject(100, "Logging in to Google", l("Waiting for login") . "<br/><br/><br/><strong>" . l("Do not see popup") . "</strong><br/>" . l("Enable popups"))); $js = 'window.setInterval(function() {'; $js .= 'if(getAjaxBool("' . orongoURL("ajax/isGCSet.php") . '")) window.location="' . orongoURL("orongo-admin/post-issue.php") . '"; '; $js .= '},2000);'; getDisplay()->addJS($js, "document.ready"); if (isset($_GET['error'])) { $postIssue->addMessage($_GET['error'], "error"); } if (isset($_GET['msg'])) { switch ($_GET['msg']) {
<?php /** * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_orongo-update-check'); Security::promptAuth(); if (getUser()->getRank() != RANK_ADMIN) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } $updater = new AdminFrontend(); $updater->main(array("time" => time(), "page_title" => "Update Checker", "page_template" => "dashboard")); $isUpdateAvailable = false; try { $isUpdateAvailable = OrongoUpdateChecker::isUpdateAvailable(); } catch (Exception $e) { $msgbox = new MessageBox(l("Error update check")); $msgbox->bindException($e); getDisplay()->addObject($msgbox); } if ($isUpdateAvailable) { $updater->addMessage(l("Update available"), "success"); $info = null; try { $info = OrongoUpdateChecker::getLatestVersionInfo(); } catch (Exception $e) { $msgbox = new MessageBox("Error occured while checking for update"); $msgbox->bindException($e); getDisplay()->addObject($msgbox);
<?php /** * @author Jaco Ruit */ require 'startOrongo.php'; startOrongo('archive'); $user = getUser(); $date = false; $username = false; $userid = false; if (isset($_GET['date'])) { if (preg_match('/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/', $_GET['date'])) { $date = $_GET['date']; } else { getDisplay()->addObject(new MessageBox("Invalid date.")); } } else { if (isset($_GET['user'])) { $username = mysql_escape_string($_GET['user']); } else { if (isset($_GET['userid'])) { $userid = mysql_escape_string($_GET['userid']); } } } $articles = array(); $c = 0; $q = "action=fetch&object=article&max=1000000&order=article.id,desc"; if ($date != false) { $q .= "&where=article.date:" . $date;
<?php /** * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_edit'); Security::promptAuth(); if (!isset($_SERVER['QUERY_STRING'])) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit; } $query = explode(".", trim($_SERVER['QUERY_STRING'])); if (count($query) != 2) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit; } $object = trim($query[0]); $id = trim($query[1]); $create = new AdminFrontend(); $create->main(array("time" => time(), "page_title" => "Edit", "page_template" => "dashboard")); switch ($object) { case "article": if (getUser()->getRank() < RANK_WRITER) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } $create->setTitle("Edit Article"); try { $article = new Article($id); } catch (Exception $e) {
<?php /** * @author Jaco Ruit */ require 'startOrongo.php'; startOrongo('orongo-register'); getDisplay()->setTemplateDir("orongo-admin/style/"); $msg = null; $msgtype = null; if (isset($_GET['msg'])) { $msgCode = Security::escape($_GET['msg']); switch ($msgCode) { case 0: $msg = l("REG_MSG_PASS_NO_MATCH"); $msgtype = "error"; break; case 1: $msg = l("REG_MSG_USERNAME_EXISTS"); $msgtype = "warning"; break; case 2: $msg = l("REG_MSG_USERNAME_TOO_SHORT"); $msgtype = "error"; break; case 3: $msg = l("REG_MSG_PASSWORD_TOO_SHORT"); $msgtype = "error"; break; case 4: $msg = l("REG_MSG_FILL_IN_USERNAME");
<?php /** * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_delete'); Security::promptAuth(); if (!isset($_SERVER['QUERY_STRING'])) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit; } $query = explode(".", trim($_SERVER['QUERY_STRING'])); if (count($query) != 2) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit; } $object = trim($query[0]); $id = trim($query[1]); $delete = new AdminFrontend(); $delete->main(array("time" => time(), "page_title" => "Delete", "page_template" => "dashboard")); switch ($object) { case "article": if (getUser()->getRank() < RANK_WRITER) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } $delete->setTitle("Delete Article"); try { $article = new Article($id); } catch (Exception $e) {
<?php /** * @author Jaco Ruit */ require 'startOrongo.php'; startOrongo('index'); $index = new IndexFrontend(); $index->main(array('time' => time())); $index->render();
<?php require '../startOrongo.php'; startOrongo('admin_media'); Security::promptAuth(); if (getUser()->getRank() != RANK_ADMIN) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } if (isset($_SERVER['QUERY_STRING'])) { $type = $_SERVER['QUERY_STRING']; } else { $type = null; } $types = array("files", "images"); if ($type != null) { if (!in_array($type, $types)) { $type = null; } $type = strtoupper(substr($type, 0, 1)) . substr($type, 1); $pageTitle = "Gallery"; } if ($type == null) { $pageTitle = "Media"; } $media = new AdminFrontend(); $media->main(array("time" => time(), "page_title" => $pageTitle, "page_template" => "dashboard")); $ckfinder = new CKFinder(orongoURL("lib/ckfinder/")); if ($type != null) { $ckfinder->ResourceType = $type; }
<?php /** * @author Jaco Ruit */ require 'startOrongo.php'; startOrongo('page'); $page = null; if (!isset($_GET['id'])) { header('Location: ' . orongoURL("error.php?error_code=404")); exit; } else { try { $page = new Page(mysql_escape_string($_GET['id'])); } catch (Exception $e) { if ($e->getCode() == PAGE_NOT_EXIST) { header('Location: ' . orongoURL("error.php?error_code=404")); exit; } else { header('Location: ' . orongoURL("error.php?error_code=500")); exit; } } } $pageFO = new PageFrontend(); $pageFO->main(array("time" => time(), "page" => &$page)); $pageFO->render();
<?php /** * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo('admin_view'); Security::promptAuth(); $view = new AdminFrontend(); if (isset($_GET['msg'])) { if (!isset($_GET['id']) || !isset($_GET['obj'])) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit; } $id = trim($_GET['id']); $object = trim($_GET['obj']); switch ($_GET['msg']) { case 1: $view->addMessage(l("Object edit success"), "success"); break; case 0: $view->addMessage(l("Object edit error"), "error"); break; default: break; } } else { $query = explode(".", trim($_SERVER['QUERY_STRING'])); if (count($query) != 2) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit;
<?php /** * @author Jaco Ruit */ require 'startOrongo.php'; startOrongo('orongo-activation'); if (isset($_GET['code']) && !isset($_SESSION['orongo-id']) && !isset($_SESSION['orongo-session-id'])) { $code = $_GET['code']; if (User::isGoodActivationCode($code)) { $uid = User::getUserIDByActivationCode($code); if (!User::userIsActivated($uid)) { User::activateUser($uid); User::deleteActivationCode($code); header("Location: orongo-login.php?msg=6"); exit; } else { @User::deleteActivationCode($code); header("Location: orongo-login.php?msg=5"); exit; } } else { header("Location: orongo-login.php?msg=4"); exit; } } else { header("Location: orongo-login.php"); exit; }
<?php /** * @author Jaco Ruit */ require 'startOrongo.php'; startOrongo('orongo-logout'); if (isset($_SESSION['orongo-id']) || isset($_SESSION['orongo-session-id'])) { $sessionID = Security::escapeSQL($_SESSION['orongo-session-id']); Session::delete($sessionID); session_destroy(); header("Location: orongo-login.php?msg=1"); } else { header("Location: orongo-login.php"); }
<?php /** * @author Jaco Ruit */ require 'startOrongo.php'; startOrongo('error'); $errorCodes = array(400, 401, 403, 404, 500, 503); if (!isset($_GET['error_code']) || !in_array($_GET['error_code'], $errorCodes)) { header("Location: " . orongoURL("index.php")); exit; } $articleFO = new ErrorFrontend(); $articleFO->main(array("time" => time(), "error_code" => $_GET['error_code'])); $articleFO->render();
<?php require '../startOrongo.php'; startOrongo('admin_plugin-uninstall'); Security::promptAuth(); if (getUser()->getRank() != RANK_ADMIN) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } if (!isset($_GET['xml_path'])) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit; } $xmlPath = ADMIN . '/plugins' . urldecode($_GET['xml_path']); $install = new AdminFrontend(); $install->main(array("time" => time(), "page_title" => "Uninstall", "page_template" => "dashboard")); if (!file_exists($xmlPath)) { $install->addMessage(l("Plugin not found"), "error"); $install->render(); exit; } $installed = false; foreach (getPlugins() as $plugin) { if ($plugin instanceof OrongoPluggableObject == false) { continue; } if ($plugin->getInfoPath() == $xmlPath) { $installed = true; } } if (!$installed) {
<?php /** * fetchNotifications AJAX * * @author Jaco Ruit */ require '../startOrongo.php'; startOrongo(); define("NOT_LOGGED_IN", 1); function errorDie($paramError, $paramErrorCode) { $arrayToJs = array(); $arrayToJs["response"] = $paramError; $arrayToJs["response_code"] = $paramErrorCode; die(json_encode($arrayToJs)); } if (getUser() == null) { errorDie("Not logged in!", NOT_LOGGED_IN); } $arrayToJs = array(); $arrayToJs["notifications"] = array(); $count = 0; foreach (getUser()->getNotifications() as $notification) { if ($notification["notification"] instanceof OrongoNotification == false) { continue; } $arrayToJs["notifications"][$count] = array("title" => $notification["notification"]->getTitle(), "text" => $notification["notification"]->getText(), "time" => $notification["notification"]->getTime(), "image" => $notification["notification"]->getImage()); OrongoNotifier::deleteNotification($notification["id"]); $count++; }
<?php /** * @author Jaco Ruit */ define('HACK_PLUGINS', true); require '../startOrongo.php'; startOrongo('admin_plugin-settings'); Security::promptAuth(); if (getUser()->getRank() != RANK_ADMIN) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } if (!isset($_GET['xml_path'])) { header("Location: " . orongoURL("orongo-admin/index.php?msg=1")); exit; } $xmlPath = ADMIN . '/plugins' . urldecode($_GET['xml_path']); $settings = new AdminFrontend(); $settings->main(array("time" => time(), "page_title" => "Plugin Setting", "page_template" => "dashboard")); if (!file_exists($xmlPath)) { $settings->addMessage(l("Plugin not found"), "error"); $settings->render(); exit; } $installed = false; foreach (getPlugins() as $plugin) { if ($plugin instanceof OrongoPluggableObject == false) { continue; } if ($plugin->getInfoPath() == $xmlPath) {