Example #1
0
 function cat_csrf_callback($tokens)
 {
     // check headers content type
     $headers = headers_list();
     foreach ($headers as $entry) {
         list($key, $value) = explode(': ', $entry);
         if (!strcasecmp('Content-type', $key)) {
             if (substr_count($value, 'json')) {
                 print json_encode(array('message' => 'CSRF check failed. Your form session may have expired, or you may not have cookies enabled.', 'success' => false));
                 exit;
             }
         }
     }
     $data = '';
     header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
     if (function_exists('csrf_flattenpost')) {
         foreach (csrf_flattenpost($_POST) as $key => $value) {
             if ($key == $GLOBALS['csrf']['input-name']) {
                 continue;
             }
             $data .= '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($value) . '" />';
         }
         $data = '<form method="post" action="">' . $data . '<input type="submit" value="Try again" /></form>';
     }
     echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
   <head>
   <meta http-equiv="content-type" content="text/html; charset=windows-1250">
   <title>Black Cat CMS Error Message</title>
   </head>
   <body>
         <p>CSRF check failed. Your form session may have expired, or you may not have
         cookies enabled.</p>
         ' . $data;
     if (CAT_Registry::exists('DEBUG_CSRF') && DEBUG_CSRF === true) {
         echo "<p>Debug: {$tokens}</p>";
     }
     echo '</body></html>';
 }
Example #2
0
 /**
  * retrieve allowed Mime types; we use the 'upload_allowed' entry in
  * the settings table combined with the list of known Mime types here
  *
  * @access public
  * @param  string  $filter - optional filter, for example, 'image/*'
  * @return array
  **/
 public static function getAllowedMimeTypes($filter = NULL)
 {
     if (!count(self::$allowed)) {
         $self = self::getInstance();
         if (!count(self::$mimetypes)) {
             self::getMimeTypes();
         }
         $self->log()->LogDebug('getting allowed upload mimetypes from settings');
         if (CAT_Registry::exists('UPLOAD_ALLOWED')) {
             $suffixes = explode(',', CAT_Registry::get('UPLOAD_ALLOWED'));
             $self->log()->logDebug('allowed suffixes:', $suffixes);
             for ($i = 0; $i < count($suffixes); $i++) {
                 $suffix = $suffixes[$i];
                 if (isset(self::$mimetypes[$suffix])) {
                     foreach (array_values(self::$mimetypes[$suffix]) as $type) {
                         if (!in_array($type, self::$allowed)) {
                             self::$allowed[] = $type;
                         }
                         if (!array_key_exists($suffix, self::$suffixes)) {
                             self::$suffixes[$suffix] = $type;
                         }
                     }
                 }
             }
         }
         $self->log()->LogDebug('allowed', self::$allowed);
     }
     if ($filter) {
         $self->log()->LogDebug(sprintf('using filter (preg_match) [~^%s~]', $filter), self::$allowed);
         $temp = array();
         foreach (self::$allowed as $type) {
             if (preg_match('~^' . $filter . '~', $type)) {
                 $temp[] = $type;
             }
         }
         return $temp;
     }
     return self::$allowed;
 }
Example #3
0
 /**
  * Create directories recursive
  *
  * @access public
  * @param string   $dir_name - directory to create
  * @param ocatal   $dir_mode - access mode
  * @return boolean result of operation
  *
  * @todo ---check for valid dir name---
  **/
 public static function createDirectory($dir_name, $dir_mode = NULL, $createIndex = false)
 {
     if (!$dir_mode) {
         $dir_mode = CAT_Registry::exists('OCTAL_DIR_MODE') ? CAT_Registry::get('OCTAL_DIR_MODE') : (int) octdec(self::defaultDirMode());
     }
     if ($dir_name != '' && !is_dir($dir_name)) {
         $umask = umask(0);
         mkdir($dir_name, $dir_mode, true);
         umask($umask);
         if ($createIndex) {
             self::recursiveCreateIndex($dir_name);
         }
         return true;
     }
     return false;
 }
Example #4
0
    // no frontend login, no forgot form
    if (INTRO_PAGE) {
        die(header('Location: ' . CAT_URL . PAGES_DIRECTORY . '/index.php'));
    } else {
        die(header('Location: ' . CAT_URL . '/index.php'));
    }
}
$val = CAT_Helper_Validate::getInstance();
$email = $val->sanitizePost('email', NULL, true);
$display_form = true;
$msg_class = 'info';
global $parser;
$parser->setPath(CAT_PATH . '/templates/' . DEFAULT_TEMPLATE . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT'));
// if there's a template for this in the current frontend template
$parser->setFallbackPath(dirname(__FILE__) . '/templates/default');
// fallback to default dir
// mailer lib installed?
if (count(CAT_Helper_Addons::getLibraries('mail')) == 0) {
    $parser->output('account_forgot_form', array('message_class' => 'highlight', 'display_form' => false, 'message' => $val->lang()->translate('Sorry, but the system is unable to use mail to send your details. Please contact the administrator.'), 'contact' => CAT_Registry::exists('SERVER_EMAIL', false) && CAT_Registry::get('SERVER_EMAIL') != '*****@*****.**' && $val->validate_email(CAT_Registry::get('SERVER_EMAIL')) ? '<br />[ <a href="mailto:' . CAT_Registry::get('SERVER_EMAIL') . '">' . $val->lang()->translate('Send eMail') . '</a> ]' : ''));
    exit;
}
// Check if the user has already submitted the form, otherwise show it
if ($email && $val->sanitize_email($email)) {
    list($result, $message) = CAT_Users::handleForgot($email);
} else {
    $email = '';
}
if (!isset($message)) {
    $message = $val->lang()->translate('Please enter your email address below');
}
$parser->output('account_forgot_form', array('message_class' => $msg_class, 'email' => $email, 'display_form' => $display_form, 'message' => $message));
Example #5
0
 /**
  * check for valid username:
  *
  * + must begin with a char (a-z)
  * + ...followed by at least 2 chars (a-z), numbers (0-9), _ or -
  * + must match min and max username length
  *
  * If USERS_ALLOW_MAILADDRESS is set to true, the username is checked
  * for valid mail address. If it is valid, there will be no check for
  * min. and max. length to avoid problems here.
  *
  * @access public
  * @param  string  $username
  * @return booelan
  *
  **/
 public static function validateUsername($username)
 {
     if (CAT_Registry::exists('USERS_ALLOW_MAILADDRESS')) {
         $allow_mailaddress = CAT_Registry::get('USERS_ALLOW_MAILADDRESS');
     } else {
         $allow_mailaddress = false;
     }
     if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
         if ($allow_mailaddress && CAT_Helper_Validate::getInstance()->sanitize_email($username)) {
             // in case of mail address, we do not check for min and max length!
             return true;
         } else {
             self::setError('Invalid eMail address');
             return false;
         }
         self::setError('Invalid characters in username found');
         return false;
     }
     $min_length = CAT_Registry::exists('AUTH_MIN_LOGIN_LENGTH') ? CAT_Registry::get('AUTH_MIN_LOGIN_LENGTH') : 5;
     $max_length = CAT_Registry::exists('AUTH_MAX_LOGIN_LENGTH') ? CAT_Registry::get('AUTH_MAX_LOGIN_LENGTH') : 50;
     if (strlen($username) < $min_length) {
         self::setError(self::getInstance()->lang()->translate('Username too short (min.: {{ length }})', array('length' => $min_length)));
         return false;
     }
     if (strlen($username) > $max_length) {
         self::setError(self::getInstance()->lang()->translate('Username too long (max.: {{ length }})', array('length' => $max_length)));
         return false;
     }
     return true;
 }
Example #6
0
 /**
  * check if system is in maintenance mode
  *
  * @access public
  * @return boolean
  **/
 public static function isMaintenance()
 {
     if (!CAT_Registry::exists('MAINTENANCE_MODE')) {
         $result = $this->db()->query('SELECT `value` FROM `:prefix:settings` WHERE `name`="maintenance_mode"');
         if (is_resource($result) && $result->rowCount() == 1) {
             $row = $result->fetch();
             CAT_Registry::register('MAINTENANCE_MODE', $row['maintenance_mode'], true);
         }
     }
     return CAT_Registry::get('MAINTENANCE_MODE') == 'on' ? true : false;
 }
Example #7
0
}
//**************************************************************************
// frontend only
//**************************************************************************
if (!CAT_Backend::isBackend() && !defined('CAT_AJAX_CALL') && !defined('CAT_LOGIN_PHASE') && defined('ENABLE_CSRFMAGIC') && true === ENABLE_CSRFMAGIC) {
    CAT_Helper_Protect::getInstance()->enableCSRFMagic();
}
//**************************************************************************
// Get users language
//**************************************************************************
$val = CAT_Helper_Validate::getInstance();
$user_lang = $val->sanitizeGet('lang');
if ($user_lang && $user_lang != '' && !is_numeric($user_lang) && strlen($user_lang) == 2 && file_exists(CAT_PATH . '/languages/' . $user_lang . '.php')) {
    CAT_Registry::register('LANGUAGE', strtoupper($user_lang), true);
}
if (!CAT_Registry::exists('LANGUAGE')) {
    CAT_Registry::register('LANGUAGE', DEFAULT_LANGUAGE, true);
}
// Load Language file
if (!defined('LANGUAGE_LOADED')) {
    if (!file_exists(CAT_PATH . '/languages/' . LANGUAGE . '.php')) {
        exit('Error loading language file ' . LANGUAGE . ', please check configuration');
    } else {
        require_once CAT_PATH . '/languages/' . LANGUAGE . '.php';
    }
}
//**************************************************************************
// set timezone and date/time formats
//**************************************************************************
$timezone_string = isset($_SESSION['TIMEZONE_STRING']) ? $_SESSION['TIMEZONE_STRING'] : DEFAULT_TIMEZONE_STRING;
date_default_timezone_set($timezone_string);
Example #8
0
/**
 * init constants needed for module installations etc.
 **/
function init_constants($cat_path)
{
    global $config;
    // avoid to load config.php here
    if (!CAT_Registry::exists('CAT_PATH')) {
        CAT_Registry::define('CAT_PATH', $cat_path);
    }
    if (!CAT_Registry::exists('CAT_URL')) {
        CAT_Registry::define('CAT_URL', $config['cat_url']);
    }
    if (!CAT_Registry::exists('CAT_ADMINS_FOLDER')) {
        CAT_Registry::define('CAT_ADMINS_FOLDER', '/admins');
    }
    if (!CAT_Registry::exists('CAT_BACKEND_FOLDER')) {
        CAT_Registry::define('CAT_BACKEND_FOLDER', '/backend');
    }
    if (!CAT_Registry::exists('CAT_BACKEND_PATH')) {
        CAT_Registry::define('CAT_BACKEND_PATH', CAT_BACKEND_FOLDER);
    }
    if (!CAT_Registry::exists('CAT_ADMIN_PATH')) {
        CAT_Registry::define('CAT_ADMIN_PATH', CAT_PATH . CAT_BACKEND_PATH);
    }
    if (!CAT_Registry::exists('CAT_ADMIN_URL')) {
        CAT_Registry::define('CAT_ADMIN_URL', CAT_URL . CAT_BACKEND_PATH);
    }
    foreach ($config as $key => $value) {
        if (!CAT_Registry::exists(strtoupper($key))) {
            if (!is_scalar($value)) {
                continue;
            }
            CAT_Registry::define(str_replace('DATABASE_', 'CAT_DB_', strtoupper($key)), $value);
        }
    }
    if (!CAT_Registry::exists('CAT_TABLE_PREFIX')) {
        CAT_Registry::define('CAT_TABLE_PREFIX', TABLE_PREFIX);
    }
    // WB compatibility
    if (!CAT_Registry::exists('WB_URL')) {
        CAT_Registry::define('WB_URL', $config['cat_url']);
    }
    if (!CAT_Registry::exists('WB_PATH')) {
        CAT_Registry::define('WB_PATH', $cat_path);
    }
    // LEPTON compatibility
    if (!CAT_Registry::exists('LEPTON_URL')) {
        CAT_Registry::define('LEPTON_URL', $config['cat_url']);
    }
    if (!CAT_Registry::exists('LEPTON_PATH')) {
        CAT_Registry::define('LEPTON_PATH', $cat_path);
    }
    // user id
    $_SESSION['USER_ID'] = 1;
    $_SESSION['GROUP_ID'] = 1;
}
Example #9
0
 /**
  * initializes template search paths for backend
  *
  * @access public
  * @return
  **/
 public static function initPaths()
 {
     global $parser;
     // ===================================
     // ! initialize template search path
     // ===================================
     $parser->setPath(CAT_THEME_PATH . '/templates/default', 'backend');
     $parser->setFallbackPath(CAT_THEME_PATH . '/templates/default', 'backend');
     if (file_exists(CAT_THEME_PATH . '/templates/default')) {
         $parser->setPath(CAT_THEME_PATH . '/templates/default', 'backend');
         if (!CAT_Registry::exists('DEFAULT_THEME_VARIANT') || CAT_Registry::get('DEFAULT_THEME_VARIANT') == '') {
             CAT_Registry::set('DEFAULT_THEME_VARIANT', 'default');
             $parser->setGlobals('DEFAULT_THEME_VARIANT', 'default');
         }
     }
     if (CAT_Registry::get('DEFAULT_THEME_VARIANT') != '' && file_exists(CAT_THEME_PATH . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT'))) {
         $parser->setPath(CAT_THEME_PATH . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT'), 'backend');
     }
 }
Example #10
0
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$backend = CAT_Backend::getInstance('Pages', 'pages_modify', false);
$val = CAT_Helper_Validate::getInstance();
$users = CAT_Users::getInstance();
header('Content-type: application/json');
// Make sure people are allowed to access this page
if (!CAT_Registry::exists('MANAGE_SECTIONS') || CAT_Registry::get('MANAGE_SECTIONS') != 'enabled') {
    $ajax = array('message' => $backend->lang()->translate('You cannot modify sections. Please enable "Manage section".'), 'success' => false);
    print json_encode($ajax);
    exit;
}
$delete_section_id = $val->sanitizePost('delete_section_id', 'numeric');
$update_section_id = $val->sanitizePost('update_section_id', 'numeric');
$section_id = $delete_section_id ? $delete_section_id : $update_section_id;
// ===============
// ! Get page id
// ===============
$page_id = CAT_Sections::getPageForSection($section_id);
if (!$page_id) {
    $ajax = array('message' => $backend->lang()->translate('You sent an invalid value.') . ' ' . $backend->lang()->translate('Unable to get page_id for section [{{section}}].', array('section' => $section_id)), 'success' => false);
    print json_encode($ajax);
    exit;
Example #11
0
 /**
  * Accessor to KLogger class; this makes using the class significant faster!
  *
  * @access public
  * @return object
  *
  **/
 public function log()
 {
     // 8 = OFF
     if ($this->debugLevel < 8) {
         if (!is_object($this->logObj)) {
             if (!CAT_Registry::exists('CAT_PATH', false)) {
                 CAT_Registry::define('CAT_PATH', dirname(__FILE__) . '/../..', 1);
             }
             $debug_dir = CAT_PATH . '/temp/logs' . ($this->debugLevel == 7 ? '/debug_' . get_class($this) : '');
             if (get_class($this) != 'CAT_Helper_Directory') {
                 $debug_dir = CAT_Helper_Directory::sanitizePath($debug_dir);
             }
             if (!file_exists($debug_dir)) {
                 if (get_class($this) != 'CAT_Helper_Directory') {
                     CAT_Helper_Directory::createDirectory($debug_dir, 0777);
                 } else {
                     mkdir($debug_dir, 0777);
                 }
             }
             $this->logObj = CAT_Helper_KLogger::instance($debug_dir, $this->debugLevel);
         }
         return $this->logObj;
     }
     return $this;
 }
Example #12
0
 /**
  * get page sections for given block
  *
  * @access public
  * @param  integer $block
  * @return void (direct print to STDOUT)
  **/
 public function getPageContent($block = 1)
 {
     // keep old modules happy
     global $wb, $admin, $database, $page_id, $section_id, $parser;
     // old style language files
     global $TEXT, $HEADING, $MESSAGE;
     $admin =& $wb;
     if ($page_id == '') {
         $page_id = $this->_page_id;
     }
     // check if user is allowed to see this page
     if (!self::$helper->isVisible($this->_page_id) && !CAT_Users::is_root() && (!self::$helper->isMaintenance() || CAT_Registry::get('MAINTENANCE_PAGE') != $this->_page_id)) {
         if (self::$helper->isDeleted($this->_page_id)) {
             return self::print404();
         } else {
             // if Frontend-Login redirect user to login form and after login back to current page
             if (FRONTEND_LOGIN) {
                 header("HTTP/1.1 401 Unauthorized");
                 header("Location: " . LOGIN_URL . '?redirect=' . $_SERVER['PHP_SELF']);
                 exit;
             } else {
                 self::$helper->printFatalError('You are not allowed to view this page!');
             }
         }
     }
     // check if page has active sections
     if (!self::$helper->isActive($this->_page_id)) {
         return self::$helper->lang()->translate('The page does not have any content!');
     }
     // get the page content; if constant PAGE_CONTENT is set, it contains
     // the name of a file to be included
     if (!defined('PAGE_CONTENT') or $block != 1) {
         // get active sections
         $sections = CAT_Sections::getActiveSections($this->_page_id, $block);
         if (is_array($sections) && count($sections)) {
             global $parser, $section_id;
             foreach ($sections as $section) {
                 self::$helper->log()->logDebug('sections for this block', $sections);
                 $section_id = $section['section_id'];
                 $module = $section['module'];
                 // make a anchor for every section.
                 if (defined('SEC_ANCHOR') && SEC_ANCHOR != '') {
                     echo '<a class="section_anchor" id="' . SEC_ANCHOR . $section_id . '"' . (isset($section['name']) && $section['name'] != 'no name' ? 'title="' . $section['name'] . '"' : '') . '></a>';
                 }
                 // check if module exists - feature: write in errorlog
                 if (file_exists(CAT_PATH . '/modules/' . $module . '/view.php')) {
                     // load language file (if any)
                     $langfile = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/languages/' . LANGUAGE . '.php');
                     if (file_exists($langfile)) {
                         // modern language file
                         if ($this->lang()->checkFile($langfile, 'LANG', true)) {
                             $this->lang()->addFile(LANGUAGE . '.php', CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/languages'));
                         }
                     }
                     // set template path
                     if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates'))) {
                         $parser->setPath(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates'));
                     }
                     if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/default'))) {
                         $parser->setPath(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/default'));
                     }
                     if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/' . DEFAULT_TEMPLATE))) {
                         $parser->setFallbackPath(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/default'));
                         $parser->setPath(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/' . DEFAULT_TEMPLATE));
                     }
                     // fetch original content
                     ob_start();
                     require CAT_PATH . '/modules/' . $module . '/view.php';
                     $content = ob_get_clean();
                     echo $content;
                 } else {
                     continue;
                 }
             }
         }
     } else {
         require PAGE_CONTENT;
     }
     if (!CAT_Registry::exists('CAT_PAGE_CONTENT_DONE')) {
         CAT_Registry::register('CAT_PAGE_CONTENT_DONE', true, true);
     }
 }