function cat_csrf_callback($tokens)
{
// check headers content type
$headers = headers_list();
foreach ($headers as $entry) {
list($key, $value) = explode(': ', $entry);
if (!strcasecmp('Content-type', $key)) {
if (substr_count($value, 'json')) {
print json_encode(array('message' => 'CSRF check failed. Your form session may have expired, or you may not have cookies enabled.', 'success' => false));
exit;
}
}
}
$data = '';
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
if (function_exists('csrf_flattenpost')) {
foreach (csrf_flattenpost($_POST) as $key => $value) {
if ($key == $GLOBALS['csrf']['input-name']) {
continue;
}
$data .= '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($value) . '" />';
}
$data = '<form method="post" action="">' . $data . '<input type="submit" value="Try again" /></form>';
}
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1250">
<title>Black Cat CMS Error Message</title>
</head>
<body>
<p>CSRF check failed. Your form session may have expired, or you may not have
cookies enabled.</p>
' . $data;
if (CAT_Registry::exists('DEBUG_CSRF') && DEBUG_CSRF === true) {
echo "<p>Debug: {$tokens}</p>";
}
echo '</body></html>';
}
/**
* retrieve allowed Mime types; we use the 'upload_allowed' entry in
* the settings table combined with the list of known Mime types here
*
* @access public
* @param string $filter - optional filter, for example, 'image/*'
* @return array
**/
public static function getAllowedMimeTypes($filter = NULL)
{
if (!count(self::$allowed)) {
$self = self::getInstance();
if (!count(self::$mimetypes)) {
self::getMimeTypes();
}
$self->log()->LogDebug('getting allowed upload mimetypes from settings');
if (CAT_Registry::exists('UPLOAD_ALLOWED')) {
$suffixes = explode(',', CAT_Registry::get('UPLOAD_ALLOWED'));
$self->log()->logDebug('allowed suffixes:', $suffixes);
for ($i = 0; $i < count($suffixes); $i++) {
$suffix = $suffixes[$i];
if (isset(self::$mimetypes[$suffix])) {
foreach (array_values(self::$mimetypes[$suffix]) as $type) {
if (!in_array($type, self::$allowed)) {
self::$allowed[] = $type;
}
if (!array_key_exists($suffix, self::$suffixes)) {
self::$suffixes[$suffix] = $type;
}
}
}
}
}
$self->log()->LogDebug('allowed', self::$allowed);
}
if ($filter) {
$self->log()->LogDebug(sprintf('using filter (preg_match) [~^%s~]', $filter), self::$allowed);
$temp = array();
foreach (self::$allowed as $type) {
if (preg_match('~^' . $filter . '~', $type)) {
$temp[] = $type;
}
}
return $temp;
}
return self::$allowed;
}
/**
* Create directories recursive
*
* @access public
* @param string $dir_name - directory to create
* @param ocatal $dir_mode - access mode
* @return boolean result of operation
*
* @todo ---check for valid dir name---
**/
public static function createDirectory($dir_name, $dir_mode = NULL, $createIndex = false)
{
if (!$dir_mode) {
$dir_mode = CAT_Registry::exists('OCTAL_DIR_MODE') ? CAT_Registry::get('OCTAL_DIR_MODE') : (int) octdec(self::defaultDirMode());
}
if ($dir_name != '' && !is_dir($dir_name)) {
$umask = umask(0);
mkdir($dir_name, $dir_mode, true);
umask($umask);
if ($createIndex) {
self::recursiveCreateIndex($dir_name);
}
return true;
}
return false;
}
// no frontend login, no forgot form
if (INTRO_PAGE) {
die(header('Location: ' . CAT_URL . PAGES_DIRECTORY . '/index.php'));
} else {
die(header('Location: ' . CAT_URL . '/index.php'));
}
}
$val = CAT_Helper_Validate::getInstance();
$email = $val->sanitizePost('email', NULL, true);
$display_form = true;
$msg_class = 'info';
global $parser;
$parser->setPath(CAT_PATH . '/templates/' . DEFAULT_TEMPLATE . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT'));
// if there's a template for this in the current frontend template
$parser->setFallbackPath(dirname(__FILE__) . '/templates/default');
// fallback to default dir
// mailer lib installed?
if (count(CAT_Helper_Addons::getLibraries('mail')) == 0) {
$parser->output('account_forgot_form', array('message_class' => 'highlight', 'display_form' => false, 'message' => $val->lang()->translate('Sorry, but the system is unable to use mail to send your details. Please contact the administrator.'), 'contact' => CAT_Registry::exists('SERVER_EMAIL', false) && CAT_Registry::get('SERVER_EMAIL') != '*****@*****.**' && $val->validate_email(CAT_Registry::get('SERVER_EMAIL')) ? '<br />[ <a href="mailto:' . CAT_Registry::get('SERVER_EMAIL') . '">' . $val->lang()->translate('Send eMail') . '</a> ]' : ''));
exit;
}
// Check if the user has already submitted the form, otherwise show it
if ($email && $val->sanitize_email($email)) {
list($result, $message) = CAT_Users::handleForgot($email);
} else {
$email = '';
}
if (!isset($message)) {
$message = $val->lang()->translate('Please enter your email address below');
}
$parser->output('account_forgot_form', array('message_class' => $msg_class, 'email' => $email, 'display_form' => $display_form, 'message' => $message));
/**
* check for valid username:
*
* + must begin with a char (a-z)
* + ...followed by at least 2 chars (a-z), numbers (0-9), _ or -
* + must match min and max username length
*
* If USERS_ALLOW_MAILADDRESS is set to true, the username is checked
* for valid mail address. If it is valid, there will be no check for
* min. and max. length to avoid problems here.
*
* @access public
* @param string $username
* @return booelan
*
**/
public static function validateUsername($username)
{
if (CAT_Registry::exists('USERS_ALLOW_MAILADDRESS')) {
$allow_mailaddress = CAT_Registry::get('USERS_ALLOW_MAILADDRESS');
} else {
$allow_mailaddress = false;
}
if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
if ($allow_mailaddress && CAT_Helper_Validate::getInstance()->sanitize_email($username)) {
// in case of mail address, we do not check for min and max length!
return true;
} else {
self::setError('Invalid eMail address');
return false;
}
self::setError('Invalid characters in username found');
return false;
}
$min_length = CAT_Registry::exists('AUTH_MIN_LOGIN_LENGTH') ? CAT_Registry::get('AUTH_MIN_LOGIN_LENGTH') : 5;
$max_length = CAT_Registry::exists('AUTH_MAX_LOGIN_LENGTH') ? CAT_Registry::get('AUTH_MAX_LOGIN_LENGTH') : 50;
if (strlen($username) < $min_length) {
self::setError(self::getInstance()->lang()->translate('Username too short (min.: {{ length }})', array('length' => $min_length)));
return false;
}
if (strlen($username) > $max_length) {
self::setError(self::getInstance()->lang()->translate('Username too long (max.: {{ length }})', array('length' => $max_length)));
return false;
}
return true;
}
/**
* check if system is in maintenance mode
*
* @access public
* @return boolean
**/
public static function isMaintenance()
{
if (!CAT_Registry::exists('MAINTENANCE_MODE')) {
$result = $this->db()->query('SELECT `value` FROM `:prefix:settings` WHERE `name`="maintenance_mode"');
if (is_resource($result) && $result->rowCount() == 1) {
$row = $result->fetch();
CAT_Registry::register('MAINTENANCE_MODE', $row['maintenance_mode'], true);
}
}
return CAT_Registry::get('MAINTENANCE_MODE') == 'on' ? true : false;
}
}
//**************************************************************************
// frontend only
//**************************************************************************
if (!CAT_Backend::isBackend() && !defined('CAT_AJAX_CALL') && !defined('CAT_LOGIN_PHASE') && defined('ENABLE_CSRFMAGIC') && true === ENABLE_CSRFMAGIC) {
CAT_Helper_Protect::getInstance()->enableCSRFMagic();
}
//**************************************************************************
// Get users language
//**************************************************************************
$val = CAT_Helper_Validate::getInstance();
$user_lang = $val->sanitizeGet('lang');
if ($user_lang && $user_lang != '' && !is_numeric($user_lang) && strlen($user_lang) == 2 && file_exists(CAT_PATH . '/languages/' . $user_lang . '.php')) {
CAT_Registry::register('LANGUAGE', strtoupper($user_lang), true);
}
if (!CAT_Registry::exists('LANGUAGE')) {
CAT_Registry::register('LANGUAGE', DEFAULT_LANGUAGE, true);
}
// Load Language file
if (!defined('LANGUAGE_LOADED')) {
if (!file_exists(CAT_PATH . '/languages/' . LANGUAGE . '.php')) {
exit('Error loading language file ' . LANGUAGE . ', please check configuration');
} else {
require_once CAT_PATH . '/languages/' . LANGUAGE . '.php';
}
}
//**************************************************************************
// set timezone and date/time formats
//**************************************************************************
$timezone_string = isset($_SESSION['TIMEZONE_STRING']) ? $_SESSION['TIMEZONE_STRING'] : DEFAULT_TIMEZONE_STRING;
date_default_timezone_set($timezone_string);
/**
* init constants needed for module installations etc.
**/
function init_constants($cat_path)
{
global $config;
// avoid to load config.php here
if (!CAT_Registry::exists('CAT_PATH')) {
CAT_Registry::define('CAT_PATH', $cat_path);
}
if (!CAT_Registry::exists('CAT_URL')) {
CAT_Registry::define('CAT_URL', $config['cat_url']);
}
if (!CAT_Registry::exists('CAT_ADMINS_FOLDER')) {
CAT_Registry::define('CAT_ADMINS_FOLDER', '/admins');
}
if (!CAT_Registry::exists('CAT_BACKEND_FOLDER')) {
CAT_Registry::define('CAT_BACKEND_FOLDER', '/backend');
}
if (!CAT_Registry::exists('CAT_BACKEND_PATH')) {
CAT_Registry::define('CAT_BACKEND_PATH', CAT_BACKEND_FOLDER);
}
if (!CAT_Registry::exists('CAT_ADMIN_PATH')) {
CAT_Registry::define('CAT_ADMIN_PATH', CAT_PATH . CAT_BACKEND_PATH);
}
if (!CAT_Registry::exists('CAT_ADMIN_URL')) {
CAT_Registry::define('CAT_ADMIN_URL', CAT_URL . CAT_BACKEND_PATH);
}
foreach ($config as $key => $value) {
if (!CAT_Registry::exists(strtoupper($key))) {
if (!is_scalar($value)) {
continue;
}
CAT_Registry::define(str_replace('DATABASE_', 'CAT_DB_', strtoupper($key)), $value);
}
}
if (!CAT_Registry::exists('CAT_TABLE_PREFIX')) {
CAT_Registry::define('CAT_TABLE_PREFIX', TABLE_PREFIX);
}
// WB compatibility
if (!CAT_Registry::exists('WB_URL')) {
CAT_Registry::define('WB_URL', $config['cat_url']);
}
if (!CAT_Registry::exists('WB_PATH')) {
CAT_Registry::define('WB_PATH', $cat_path);
}
// LEPTON compatibility
if (!CAT_Registry::exists('LEPTON_URL')) {
CAT_Registry::define('LEPTON_URL', $config['cat_url']);
}
if (!CAT_Registry::exists('LEPTON_PATH')) {
CAT_Registry::define('LEPTON_PATH', $cat_path);
}
// user id
$_SESSION['USER_ID'] = 1;
$_SESSION['GROUP_ID'] = 1;
}
/**
* initializes template search paths for backend
*
* @access public
* @return
**/
public static function initPaths()
{
global $parser;
// ===================================
// ! initialize template search path
// ===================================
$parser->setPath(CAT_THEME_PATH . '/templates/default', 'backend');
$parser->setFallbackPath(CAT_THEME_PATH . '/templates/default', 'backend');
if (file_exists(CAT_THEME_PATH . '/templates/default')) {
$parser->setPath(CAT_THEME_PATH . '/templates/default', 'backend');
if (!CAT_Registry::exists('DEFAULT_THEME_VARIANT') || CAT_Registry::get('DEFAULT_THEME_VARIANT') == '') {
CAT_Registry::set('DEFAULT_THEME_VARIANT', 'default');
$parser->setGlobals('DEFAULT_THEME_VARIANT', 'default');
}
}
if (CAT_Registry::get('DEFAULT_THEME_VARIANT') != '' && file_exists(CAT_THEME_PATH . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT'))) {
$parser->setPath(CAT_THEME_PATH . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT'), 'backend');
}
}
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Pages', 'pages_modify', false);
$val = CAT_Helper_Validate::getInstance();
$users = CAT_Users::getInstance();
header('Content-type: application/json');
// Make sure people are allowed to access this page
if (!CAT_Registry::exists('MANAGE_SECTIONS') || CAT_Registry::get('MANAGE_SECTIONS') != 'enabled') {
$ajax = array('message' => $backend->lang()->translate('You cannot modify sections. Please enable "Manage section".'), 'success' => false);
print json_encode($ajax);
exit;
}
$delete_section_id = $val->sanitizePost('delete_section_id', 'numeric');
$update_section_id = $val->sanitizePost('update_section_id', 'numeric');
$section_id = $delete_section_id ? $delete_section_id : $update_section_id;
// ===============
// ! Get page id
// ===============
$page_id = CAT_Sections::getPageForSection($section_id);
if (!$page_id) {
$ajax = array('message' => $backend->lang()->translate('You sent an invalid value.') . ' ' . $backend->lang()->translate('Unable to get page_id for section [{{section}}].', array('section' => $section_id)), 'success' => false);
print json_encode($ajax);
exit;
/**
* Accessor to KLogger class; this makes using the class significant faster!
*
* @access public
* @return object
*
**/
public function log()
{
// 8 = OFF
if ($this->debugLevel < 8) {
if (!is_object($this->logObj)) {
if (!CAT_Registry::exists('CAT_PATH', false)) {
CAT_Registry::define('CAT_PATH', dirname(__FILE__) . '/../..', 1);
}
$debug_dir = CAT_PATH . '/temp/logs' . ($this->debugLevel == 7 ? '/debug_' . get_class($this) : '');
if (get_class($this) != 'CAT_Helper_Directory') {
$debug_dir = CAT_Helper_Directory::sanitizePath($debug_dir);
}
if (!file_exists($debug_dir)) {
if (get_class($this) != 'CAT_Helper_Directory') {
CAT_Helper_Directory::createDirectory($debug_dir, 0777);
} else {
mkdir($debug_dir, 0777);
}
}
$this->logObj = CAT_Helper_KLogger::instance($debug_dir, $this->debugLevel);
}
return $this->logObj;
}
return $this;
}
/**
* get page sections for given block
*
* @access public
* @param integer $block
* @return void (direct print to STDOUT)
**/
public function getPageContent($block = 1)
{
// keep old modules happy
global $wb, $admin, $database, $page_id, $section_id, $parser;
// old style language files
global $TEXT, $HEADING, $MESSAGE;
$admin =& $wb;
if ($page_id == '') {
$page_id = $this->_page_id;
}
// check if user is allowed to see this page
if (!self::$helper->isVisible($this->_page_id) && !CAT_Users::is_root() && (!self::$helper->isMaintenance() || CAT_Registry::get('MAINTENANCE_PAGE') != $this->_page_id)) {
if (self::$helper->isDeleted($this->_page_id)) {
return self::print404();
} else {
// if Frontend-Login redirect user to login form and after login back to current page
if (FRONTEND_LOGIN) {
header("HTTP/1.1 401 Unauthorized");
header("Location: " . LOGIN_URL . '?redirect=' . $_SERVER['PHP_SELF']);
exit;
} else {
self::$helper->printFatalError('You are not allowed to view this page!');
}
}
}
// check if page has active sections
if (!self::$helper->isActive($this->_page_id)) {
return self::$helper->lang()->translate('The page does not have any content!');
}
// get the page content; if constant PAGE_CONTENT is set, it contains
// the name of a file to be included
if (!defined('PAGE_CONTENT') or $block != 1) {
// get active sections
$sections = CAT_Sections::getActiveSections($this->_page_id, $block);
if (is_array($sections) && count($sections)) {
global $parser, $section_id;
foreach ($sections as $section) {
self::$helper->log()->logDebug('sections for this block', $sections);
$section_id = $section['section_id'];
$module = $section['module'];
// make a anchor for every section.
if (defined('SEC_ANCHOR') && SEC_ANCHOR != '') {
echo '<a class="section_anchor" id="' . SEC_ANCHOR . $section_id . '"' . (isset($section['name']) && $section['name'] != 'no name' ? 'title="' . $section['name'] . '"' : '') . '></a>';
}
// check if module exists - feature: write in errorlog
if (file_exists(CAT_PATH . '/modules/' . $module . '/view.php')) {
// load language file (if any)
$langfile = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/languages/' . LANGUAGE . '.php');
if (file_exists($langfile)) {
// modern language file
if ($this->lang()->checkFile($langfile, 'LANG', true)) {
$this->lang()->addFile(LANGUAGE . '.php', CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/languages'));
}
}
// set template path
if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates'))) {
$parser->setPath(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates'));
}
if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/default'))) {
$parser->setPath(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/default'));
}
if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/' . DEFAULT_TEMPLATE))) {
$parser->setFallbackPath(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/default'));
$parser->setPath(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/templates/' . DEFAULT_TEMPLATE));
}
// fetch original content
ob_start();
require CAT_PATH . '/modules/' . $module . '/view.php';
$content = ob_get_clean();
echo $content;
} else {
continue;
}
}
}
} else {
require PAGE_CONTENT;
}
if (!CAT_Registry::exists('CAT_PAGE_CONTENT_DONE')) {
CAT_Registry::register('CAT_PAGE_CONTENT_DONE', true, true);
}
}