function plugin_aaspam_validate($bool, $arr)
{
// if boolean $bool==false
// the test is forced to fail
if (!$bool) {
return false;
}
// if user is loggedin we ignore the plugin
if (user_loggedin()) {
return true;
}
// get the value and reset last saved, so that
// an attacker can't use the old one for multiple posting
$v = sess_remove('aaspam');
// we get the array stored in session:
// if it evaluated to false value (e.g. is null) test fails
if (!$v) {
return false;
}
// we test the result wether match user input
if (!($ret = $_POST['aaspam'] == $v)) {
global $smarty;
$lang = lang_load('plugin:accessibleantispam');
$smarty->append('error', $lang['plugin']['accessibleantispam']['error']);
}
if (AASPAM_DEBUG && ($f = @fopen(AASPAM_LOG, 'a'))) {
$arr['aaspam-q'] = $_POST['aaspam'];
$arr['aaspam-a'] = $v;
$arr['SUCCESS'] = $ret;
$s = date('r') . "|" . session_id() . '|' . utils_kimplode($arr) . "\r\n";
@fwrite($f, $s);
@fclose($f);
}
return $ret;
}
function user_get($userid = null)
{
if ($userid == null && ($user = user_loggedin())) {
return $user;
}
if (!preg_match('![/\\.]!', $userid) && file_exists($f = USERS_DIR . $userid . ".php")) {
include $f;
return $user;
}
}
function main()
{
global $lang, $smarty;
if (user_loggedin()) {
if (isset($_GET['do']) && $_GET['do'] == 'logout') {
user_logout();
function myredirect()
{
login_redirect('index.php');
}
add_filter('wp_head', 'myredirect');
$content = SHARED_TPLS . 'login_success.tpl';
} elseif (user_loggedin()) {
function myredirect()
{
login_redirect('index.php');
}
add_filter('wp_head', 'myredirect');
$content = SHARED_TPLS . 'login_success.tpl';
} else {
utils_redirect();
}
} elseif (sess_remove('logout_done')) {
function myredirect()
{
login_redirect('index.php');
}
add_filter('wp_head', 'myredirect');
$content = SHARED_TPLS . 'login_success.tpl';
} elseif (empty($_POST)) {
$content = SHARED_TPLS . 'login.tpl';
} else {
// validate after a POST
if (login_validate()) {
utils_redirect('login.php');
} else {
$smarty->assign($_POST);
$content = SHARED_TPLS . 'login.tpl';
}
}
// Set page title and content
// first parameter is Title, second is content.
// Content can be both a shared tpl or raw html content; in this last case
// you have to set the third optional parameter to true
$smarty->assign('subject', $lang['login']['head']);
$smarty->assign('content', $content);
}
function index_staticpage($page, $explicit_req, &$params, &$module)
{
global $smarty, $title;
if (static_exists($page)) {
$arr = static_parse($page);
$title = $arr['subject'];
if ($explicit_req) {
add_filter('wp_title', 'index_gentitle', 1, 2);
}
$smarty->assign('static_id', $page);
$smarty->assign('static_page', $arr);
return $module = 'static.tpl';
}
if (user_loggedin()) {
utils_redirect('admin.php?p=static&action=write&page=' . $page);
} else {
$module = index_404error();
}
return $module;
}
function plugin_lastentries_widget()
{
global $fpdb;
// load plugin strings
// they're located under plugin.PLUGINNAME/lang/LANGID/
$lang = lang_load('plugin:lastentries');
$num = 10;
####################
/*
$queryId = $fpdb->query("fullparse:false,start:0,count:$num");
$fpdb->doquery($queryId);
$fpdb->getQuery
*/
$q = new FPDB_Query(array('fullparse' => false, 'start' => 0, 'count' => $num), null);
$string = '<ul>';
$count = 0;
while ($q->hasmore()) {
list($id, $entry) = $q->getEntry();
$link = get_permalink($id);
$string .= '<li>';
$admin = BLOG_BASEURL . "admin.php?p=entry&entry=";
if (user_loggedin()) {
// if loggedin prints a "edit" link
$string .= "<a href=\"{$admin}{$id}\">[" . $lang['plugin']['lastentries']['edit'] . "]</a>";
}
$string .= "<a href=\"{$link}\">{$entry['subject']}</a></li>\n";
$count++;
}
if ($string == '<ul>') {
$string .= '<li><a href="admin.php?p=entry&action=write">' . $lang['plugin']['lastentries']['add_entry'] . '</a></li>';
$subject = $lang['plugin']['lastentries']['no_entries'];
} else {
$subject = $lang['plugin']['lastentries']['subject_before_count'] . $count . $lang['plugin']['lastentries']['subject_after_count'];
}
$string .= '</ul>';
$widget = array();
$widget['subject'] = $subject;
$widget['content'] = $string;
return $widget;
}
function plugin_adminarea_widget()
{
// load plugin strings
// they're located under plugin.PLUGINNAME/lang/LANGID/
$lang = lang_load('plugin:adminarea');
$baseurl = BLOG_BASEURL;
if ($user = user_loggedin()) {
$userid = $user['userid'];
$string = <<<END
\t\t<p>{$lang['plugin']['adminarea']['welcome']} <strong>{$userid}</strong> !</p>
\t\t<ul>
\t\t<li><a href="{$baseurl}admin.php">{$lang['plugin']['adminarea']['admin_panel']}</a></li>
\t\t<li><a href="{$baseurl}admin.php?p=entry&action=write">{$lang['plugin']['adminarea']['add_entry']}</a></li>
\t\t<li><a href="{$baseurl}login.php?do=logout">{$lang['plugin']['adminarea']['logout']}</a></li>
\t\t</ul>
END;
} else {
$string = '<ul><li><a href="' . $baseurl . 'login.php">Login</a></li></ul>';
}
$entry['subject'] = $lang['plugin']['adminarea']['subject'];
$entry['content'] = $string;
return $entry;
}
function plugin_postviews_calc($id, $calc)
{
$dir = entry_dir($id);
if (!$dir) {
return;
}
$f = $dir . '/view_counter' . EXT;
$v = io_load_file($f);
if ($v === false) {
$v = 0;
} elseif ($v < 0) {
// file was locked. Do not increase views.
// actually on file locks system should hang, so
// this should never happen
$v = 0;
$calc = false;
}
if ($calc && !user_loggedin()) {
$v++;
io_write_file($f, $v);
}
return $v;
}
<?php
session_start();
require_once 'databaseconnection.php';
include 'includes/sc-includes.php';
if (!user_loggedin()) {
header('Location:index.php');
}
?>
<?php
if (isset($_GET['err'])) {
echo $_GET['err'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Blue Marble Theme - Free CSS Template</title>
<meta name="keywords" content="blue, marble, design, theme, web, free templates, website templates, CSS, HTML" />
<meta name="description" content="Blue Marble Theme is a free website template provided by templatemo.com" />
<link href="templatemo_style.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" />
<script src="js/jquery.min.js" type="text/javascript"></script>
<script src="js/jquery.nivo.slider.js" type="text/javascript"></script>
<script type="text/javascript">
$(window).load(function() {
function theme_init(&$smarty)
{
/* &$mode */
global $fp_config, $lang, $theme, $fp_params;
// avoid compiled tpl collision (i.e. change theme without this and cry)
$smarty->compile_id = md5($fp_config['general']['theme']);
$smarty->template_dir = ABS_PATH . THEMES_DIR . $fp_config['general']['theme'] . '/';
$loggedin = user_loggedin();
$flatpress = $fp_config['general'];
// retained for compatibility
// todo: ugly, clean this up
// smarty has constant facilities included ^_^
//$flatpress['FP_INTERFACE'] = FP_INTERFACE;
//$flatpress['BLOGURL'] = BLOG_BASEURL;
$flatpress['loggedin'] = $loggedin;
if ($loggedin) {
$flatpress['user'] = user_get();
}
// useful shorthand for themes
// e.g. {$flatpress.themeurl}imgs/myimage.png
if (isset($fp_config['general']['style'])) {
$themeurl = theme_style_geturl($fp_config['general']['style']);
} else {
$themeurl = theme_geturl();
}
$flatpress['themeurl'] = $themeurl;
$flatpress['params'] = $fp_params;
$flatpress_upper = array_change_key_case($flatpress, CASE_UPPER);
$flatpress = array_merge($flatpress, $flatpress_upper);
$smarty->assign('flatpress', $flatpress);
$smarty->assign('lang', $lang);
$smarty->assign('blogtitle', $fp_config['general']['title']);
$smarty->assign('pagetitle', apply_filters('wp_title', "", '«'));
$smarty->assign_by_ref('fp_config', $fp_config);
$smarty->register_modifier('tag', 'theme_apply_filters_wrapper');
$smarty->register_modifier('link', 'theme_apply_filters_link_wrapper');
$smarty->register_modifier('filed', 'theme_entry_categories');
if (!isset($fp_params['feed']) || empty($fp_params['feed'])) {
$smarty->register_modifier('date_format_daily', 'theme_smarty_modifier_date_format_daily');
$smarty->register_modifier('date_format', 'theme_date_format');
}
$smarty->register_modifier('date_rfc3339', 'theme_smarty_modifier_date_rfc3339');
$smarty->register_function('action', 'theme_smarty_function_action');
do_action('theme_init');
}
function main()
{
// general setup
global $panel, $action, $lang, $smarty, $fp_admin, $fp_admin_action;
$panels = admin_getpanels();
$panel = isset($_GET['p']) ? $_GET['p'] : $panels[0];
define('ADMIN_PANEL', $panel);
$smarty->assign('panel', $panel);
if (!admin_panelexists($panel)) {
trigger_error('Requested panel does not exists!', E_USER_ERROR);
}
$panelprefix = "admin.{$panel}";
$panelpath = ADMIN_DIR . "panels/{$panel}/{$panelprefix}.php";
$fp_admin = null;
if (file_exists($panelpath)) {
include $panelpath;
$panelclass = "admin_{$panel}";
if (!class_exists($panelclass)) {
trigger_error("No class defined for requested panel", E_USER_ERROR);
}
$fp_admin = new $panelclass($smarty);
}
/* check if user is loggedin */
if (!user_loggedin()) {
utils_redirect("login.php");
die;
}
$action = isset($_GET['action']) ? $_GET['action'] : 'default';
if (!$fp_admin) {
return;
}
$fp_admin_action = $fp_admin->get_action($action);
define('ADMIN_PANEL_ACTION', $action);
$smarty->assign('action', $action);
$panel_url = BLOG_BASEURL . "admin.php?p={$panel}";
$action_url = $panel_url . "&action={$action}";
$smarty->assign('panel_url', $panel_url);
$smarty->assign('action_url', $action_url);
if (!empty($_POST)) {
check_admin_referer("admin_{$panel}_{$action}");
}
$smarty->assign('success', sess_remove("success_{$panel}"));
$retval = $fp_admin_action->exec();
if ($retval > 0) {
// if has REDIRECT option
// clear postdata by a redirect
sess_add("success_{$panel}", $smarty->get_template_vars('success'));
$smarty->get_template_vars('success');
$to_action = $retval > 1 ? '&action=' . $action : '';
$with_mod = isset($_GET['mod']) ? '&mod=' . $_GET['mod'] : '';
$with_arguments = '';
if ($retval == PANEL_REDIRECT_CURRENT) {
foreach ($fp_admin_action->args as $mandatory_argument) {
$with_arguments .= '&' . $mandatory_argument . '=' . $_REQUEST[$mandatory_argument];
}
}
$url = "admin.php?p={$panel}{$to_action}{$with_mod}{$with_arguments}";
utils_redirect($url);
}
$smarty->register_modifier('action_link', 'admin_filter_action');
$smarty->register_modifier('cmd_link', 'admin_filter_command');
}
/**
* Smarty {admincontrols}{/admincontrols} block plugin
*
* Type: block function<br />
* Name: admincontrols<br />
* Purpose: automatically show/hides admin controls<br />
* @author NoWhereMan <monte at ohrt dot com>
* @return string string $content if loggedin
*/
function smarty_block_admincontrols($params, $content, &$smarty)
{
if (user_loggedin()) {
return $content;
}
}
function commentform()
{
global $smarty, $lang, $fpdb, $fp_params;
$comment_formid = 'fp-comments';
$smarty->assign('comment_formid', $comment_formid);
if (!empty($_POST)) {
# utils_nocache_headers();
// add http to url
if (!empty($_POST['url']) && strpos($_POST['url'], 'http://') === false) {
$_POST['url'] = 'http://' . $_POST['url'];
}
// custom hook here!!
if ($arr = comment_validate()) {
global $fp_config;
$id = comment_save($fp_params['entry'], $arr);
do_action('comment_post', $fp_params['entry'], array($id, $arr));
$q = new FPDB_Query(array('id' => $fp_params['entry'], 'fullparse' => false), null);
list($entryid, $e) = $q->getEntry();
if ($fp_config['general']['notify'] && !user_loggedin()) {
global $post;
$comm_mail = isset($arr['email']) ? "<{$arr['email']}>" : '';
$from_mail = $fp_config['general']['email'];
$post = $e;
// plugin such as prettyurls might need this...
$lang = lang_load('comments');
$mail = str_replace(array('%toname%', '%fromname%', '%frommail%', '%entrytitle%', '%commentlink%', '%content%', '%blogtitle%'), array($fp_config['general']['author'], $arr['name'], $comm_mail, $e['subject'], get_comments_link($entryid) . '#' . $id, $arr['content'], $fp_config['general']['title']), $lang['comments']['mail']);
@utils_mail($from_mail, "New comment on {$fp_config['general']['title']}", $mail);
}
// if comment is valid, this redirect will clean the postdata
$location = str_replace('&', '&', get_comments_link($entryid)) . '#' . $id;
utils_redirect($location, true);
exit;
} else {
$smarty->assign('values', $_POST);
}
}
// Cookies
$smarty->assign('cookie', array('name' => @$_COOKIE['comment_author_' . COOKIEHASH], 'email' => @$_COOKIE['comment_author_email_' . COOKIEHASH], 'url' => @$_COOKIE['comment_author_url_' . COOKIEHASH]));
}
function system_init()
{
system_sanitizequery();
system_unregister_globals();
system_prepare_iis();
$GLOBALS['fpdb'] = new FPDB();
$GLOBALS['fp_widgets'] = new widget_indexer();
$GLOBALS['smarty'] =& $GLOBALS['_FP_SMARTY'];
$smarty =& $GLOBALS['smarty'];
$GLOBALS['fp_config'] = config_load();
cookie_setup();
sess_setup();
user_loggedin();
ob_start();
$GLOBALS['theme'] = theme_loadsettings();
$GLOBALS['lang'] = lang_load();
plugin_loadall();
// init smarty
$smarty->compile_dir = CACHE_DIR;
$smarty->cache_dir = SMARTY_DIR . 'cache/';
$smarty->caching = 0;
do_action('init');
ob_end_clean();
}
