* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*
* You should have received a copy of the GNU General Public License along
* with Hotaru CMS. If not, see http://www.gnu.org/licenses/.
*
* @category Content Management System
* @package HotaruCMS
* @author Nick Ramsay <*****@*****.**>
* @copyright Copyright (c) 2010, Hotaru CMS
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License
* @link http://www.hotarucms.org/
*/
require_once '../hotaru_settings.php';
require_once BASE . 'Hotaru.php';
$h = new Hotaru();
// must come before language inclusion
$sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
$old_version = $h->db->get_var($h->db->prepare($sql, "hotaru_version"));
require_once INSTALL . 'install_language.php';
// language file for install
// delete existing cache
$h->deleteFiles(CACHE . 'db_cache');
$h->deleteFiles(CACHE . 'css_js_cache');
$h->deleteFiles(CACHE . 'rss_cache');
$step = $h->cage->get->getInt('step');
// Installation steps.
switch ($step) {
case 1:
upgrade_welcome();
// "Welcome to Hotaru CMS.
/**
* Start Hotaru from Ajax callback
* *
*/
function startHotaru()
{
$root = $_SERVER['DOCUMENT_ROOT'];
require_once $root . '/hotaru_settings.php';
require_once $root . '/Hotaru.php';
$h = new Hotaru();
$h->start();
return $h;
}
/**
* Step 4 of installation - registers the site Admin.
*/
function register_admin()
{
global $lang;
//already included so Hotaru can't re-include it
global $db;
global $h;
$h = new Hotaru();
// overwrites current global with fully initialized Hotaru object
echo html_header();
// Step title
echo "<h2>" . $lang['install_step4'] . "</h2>\n";
// Step content
echo "<div class='install_content'>" . $lang['install_step4_instructions'] . ":<br />\n";
$error = 0;
if ($h->cage->post->getInt('step') == 4) {
// Test CSRF
if (!$h->csrf()) {
$h->message = $lang['install_step4_csrf_error'];
$h->messageType = 'red';
$h->showMessage();
$error = 1;
}
// Test username
$name_check = $h->cage->post->testUsername('username');
// alphanumeric, dashes and underscores okay, case insensitive
if ($name_check) {
$user_name = $name_check;
} else {
$h->message = $lang['install_step4_username_error'];
$h->messageType = 'red';
$h->showMessage();
$error = 1;
}
// Test password
$password_check = $h->cage->post->testPassword('password');
if ($password_check) {
$password2_check = $h->cage->post->testPassword('password2');
if ($password_check == $password2_check) {
// success
$user_password = $h->currentUser->generateHash($password_check);
} else {
$h->message = $lang['install_step4_password_match_error'];
$h->messageType = 'red';
$h->showMessage();
$error = 1;
}
} else {
$password_check = "";
$password2_check = "";
$h->message = $lang['install_step4_password_error'];
$h->messageType = 'red';
$h->showMessage();
$error = 1;
}
// Test email
$email_check = $h->cage->post->testEmail('email');
if ($email_check) {
$user_email = $email_check;
} else {
$h->message = $lang['install_step4_email_error'];
$h->messageType = 'red';
$h->showMessage();
$error = 1;
}
}
// Show success message
if ($h->cage->post->getInt('step') == 4 && $error == 0) {
$h->message = $lang['install_step4_update_success'];
$h->messageType = 'green';
$h->showMessage();
}
if ($error == 0) {
$sql = "SELECT user_username FROM " . TABLE_USERS . " WHERE user_role = %s";
if (!($admin_name = $h->db->get_var($h->db->prepare($sql, 'admin')))) {
// Insert default settings
$sql = "INSERT INTO " . TABLE_USERS . " (user_username, user_role, user_date, user_password, user_email, user_permissions) VALUES (%s, %s, CURRENT_TIMESTAMP, %s, %s, %s)";
$h->db->query($h->db->prepare($sql, 'admin', 'admin', 'password', '*****@*****.**', serialize($h->currentUser->getDefaultPermissions($h, 'admin'))));
$user_name = 'admin';
$user_email = '*****@*****.**';
$user_password = '******';
} else {
$user_info = $h->currentUser->getUserBasic($h, 0, $admin_name);
// On returning to this page via back or next, the fields are empty at this point, so...
if (!isset($user_name)) {
$user_name = "";
}
if (!isset($user_email)) {
$user_email = "";
}
if (!isset($user_password)) {
$user_password = "";
}
if ($user_name != "" && $user_email != "" && $user_password != "") {
// There's been a change so update...
$sql = "UPDATE " . TABLE_USERS . " SET user_username = %s, user_role = %s, user_date = CURRENT_TIMESTAMP, user_password = %s, user_email = %s, user_email_valid = %d WHERE user_role = %s";
$h->db->query($h->db->prepare($sql, $user_name, 'admin', $user_password, $user_email, 1, 'admin'));
$next_button = true;
} else {
$user_id = $user_info->user_id;
$user_name = $user_info->user_username;
$user_email = $user_info->user_email;
$user_password = $user_info->user_password;
}
}
}
// Registration form
echo "<form name='install_admin_reg_form' action='" . BASEURL . "install/install.php?step=4' method='post'>\n";
echo "<table>";
// Username
echo "<tr><td>" . $lang["install_step4_username"] . " </td><td><input type='text' size=30 name='username' value='" . $user_name . "' /></td></tr>\n";
// Email
echo "<tr><td>" . $lang["install_step4_email"] . " </td><td><input type='text' size=30 name='email' value='" . $user_email . "' /></td></tr>\n";
// Password
echo "<tr><td>" . $lang["install_step4_password"] . " </td><td><input type='password' size=30 name='password' value='' /></td></tr>\n";
// Password verify
echo "<tr><td>" . $lang["install_step4_password_verify"] . " </td><td><input type='password' size=30 name='password2' value='' /></td></tr>\n";
echo "<input type='hidden' name='csrf' value='" . $h->csrfToken . "' />\n";
echo "<input type='hidden' name='step' value='4' />\n";
echo "<input type='hidden' name='updated' value='true' />\n";
// Update button
echo "<tr><td> </td><td style='text-align:right;'><input id='update' type='submit' value='" . $lang['install_step4_form_update'] . "' /></td></tr>\n";
echo "</table>";
echo "</form>\n";
// Make note of password message
echo $lang["install_step4_make_note"] . "</div>\n";
// Previous/Next buttons
echo "<div class='back'><a href='install.php?step=3'>" . $lang['install_back'] . "</a></div>\n";
if ($h->cage->post->getAlpha('updated') == 'true' && isset($next_button)) {
// active "next" link if user has been updated
echo "<div class='next'><a href='install.php?step=5'>" . $lang['install_next'] . "</a></div>\n";
} else {
// link disbaled until "update" button pressed
echo "<div class='next'>" . $lang['install_next'] . "</div>\n";
}
echo html_footer();
}
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*
* You should have received a copy of the GNU General Public License along
* with Hotaru CMS. If not, see http://www.gnu.org/licenses/.
*
* @category Content Management System
* @package HotaruCMS
* @author Nick Ramsay <*****@*****.**>
* @copyright Copyright (c) 2009, Hotaru CMS
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License
* @link http://www.hotarucms.org/
*/
require_once '../../../hotaru_settings.php';
require_once '../../../Hotaru.php';
$h = new Hotaru();
$h->start();
if ($h->currentUser->loggedIn) {
$h->vars['user'] = new UserAuth();
$profile = $h->vars['user']->getProfileSettingsData($h, 'user_profile', $h->currentUser->id);
if (!isset($profile['saved_posts'])) {
$profile['saved_posts'] = array();
}
if ($h->cage->post->keyExists('save_id')) {
$post_id = $h->cage->post->testInt('save_id');
if (!in_array($post_id, array_values($profile['saved_posts']))) {
$profile['saved_posts'][] = $post_id;
}
$h->readPost($post_id);
echo json_encode(array('id' => $post_id, 'url' => $h->url(array('page' => $post_id)), 'title' => $h->post->title));
} else {
* You should have received a copy of the GNU General Public License along
* with Hotaru CMS. If not, see http://www.gnu.org/licenses/.
*
* @category Content Management System
* @package HotaruCMS
* @author Nick Ramsay <*****@*****.**>
* @copyright Copyright (c) 2009, Hotaru CMS
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License
* @link http://www.hotarucms.org/
*/
//$json_array = array('result'=>'test_okay');
//echo json_encode($json_array); exit;
require_once '../../../hotaru_settings.php';
require_once '../../../Hotaru.php';
// Not the cleanest way of getting to the root...
$h = new Hotaru();
$h->start();
if ($h->cage->post->keyExists('comment_id')) {
$user_ip = $h->cage->post->testIp('user_ip');
$post_id = $h->cage->post->testInt('post_id');
$comment_id = $h->cage->post->testInt('comment_id');
$cvote_rating = $h->cage->post->testInt('rating');
//get comment_voting settings
$comments_settings = $h->getSerializedSettings('comments');
if (isset($comments_settings) && isset($comments_settings['comment_bury'])) {
$bury = $comments_settings['comment_bury'];
}
// Only proceed if the user is logged in
if ($h->currentUser->loggedIn) {
$user_id = $h->currentUser->id;
// get comment_voting history for this comment:
<?php
/**
* Includes settings and constructs Hotaru.
*
* PHP version 5
*
* LICENSE: Hotaru CMS is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, either version 3 of
* the License, or (at your option) any later version.
*
* Hotaru CMS is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*
* You should have received a copy of the GNU General Public License along
* with Hotaru CMS. If not, see http://www.gnu.org/licenses/.
*
* @category Content Management System
* @package HotaruCMS
* @author Nick Ramsay <*****@*****.**>
* @copyright Copyright (c) 2010, Hotaru CMS
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License
* @link http://www.hotarucms.org/
*/
// includes
require_once 'hotaru_settings.php';
require_once 'Hotaru.php';
$h = new Hotaru();
$h->start('admin');
* You should have received a copy of the GNU General Public License along
* with Hotaru CMS. If not, see http://www.gnu.org/licenses/.
*
* @category Content Management System
* @package HotaruCMS
* @author Nick Ramsay <*****@*****.**>
* @copyright Copyright (c) 2009, Hotaru CMS
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License
* @link http://www.hotarucms.org/
*/
//$json_array = array('result'=>'test_okay');
//echo json_encode($json_array); exit;
require_once '../../../hotaru_settings.php';
require_once '../../../Hotaru.php';
// Not the cleanest way of getting to the root...
$h = new Hotaru();
$h->start();
$h->includeLanguage('vote', 'vote');
if ($h->cage->post->keyExists('post_id')) {
$post_id = $h->cage->post->testInt('post_id');
$vote_rating = $h->cage->post->testInt('rating');
$user_ip = $h->cage->server->testIp('REMOTE_ADDR');
$referer = $h->cage->post->testAlnum('referer');
//get vote settings
$vote_settings = unserialize($h->getSetting('vote_settings', 'vote'));
vote($h, $post_id, $vote_rating, $user_ip, $referer, $vote_settings);
}
function vote($h, $post_id, $vote_rating, $user_ip, $referer, $vote_settings)
{
// Only proceed if the user is logged in
if (!$h->currentUser->loggedIn) {
/**
* a function to filter HTML
*
* @return string
*/
protected function inspekt($text)
{
/* make_tag_strict is OFF because we don't want to convert <u>, etc. to css
otherwise the strip_tags won't be able to allow them when requested in sanitize(). */
$config = array('safe' => 1, 'make_tag_strict' => 0);
// Allow plugins to alter the value of $config/
// Plugins should return an array, e.g. array('safe' => 1);
require_once BASE . 'Hotaru.php';
$h = new Hotaru();
$results = $h->pluginHook('hotaru_inspekt_htmlawed_config');
if (is_array($results)) {
foreach ($results as $res) {
// THIS LOOKS WEIRD. IT NEEDS A RETHINK /Nick
$config = $res;
// $config takes on the value returned from the last plugin using this hook.
}
}
require_once EXTENSIONS . 'htmLawed/htmLawed.php';
if (!get_magic_quotes_gpc()) {
return htmLawed($text, $config);
} else {
return htmLawed(stripslashes($text), $config);
}
return false;
}
* You should have received a copy of the GNU General Public License along
* with Hotaru CMS. If not, see http://www.gnu.org/licenses/.
*
* @category Content Management System
* @package HotaruCMS
* @author Nick Ramsay <*****@*****.**>
* @copyright Copyright (c) 2009, Hotaru CMS
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License
* @link http://www.hotarucms.org/
*/
//$json_array = array('result'=>'test_okay');
//echo json_encode($json_array); exit;
require_once '../../../hotaru_settings.php';
require_once '../../../Hotaru.php';
// Not the cleanest way of getting to the root...
$h = new Hotaru();
$h->start();
$h->includeLanguage('updown_voting', 'updown_voting');
if ($h->cage->post->keyExists('post_id')) {
$post_id = $h->cage->post->testInt('post_id');
$vote_rating = $h->cage->post->testInt('rating');
$user_ip = $h->cage->server->testIp('REMOTE_ADDR');
$undo = false;
// track whether we're adding a vote or undoing one.
//get vote settings
$updown_voting_settings = unserialize($h->getSetting('updown_voting_settings', 'updown_voting'));
vote($h, $post_id, $vote_rating, $user_ip, $undo, $updown_voting_settings);
}
function vote($h, $post_id, $vote_rating, $user_ip, $undo, $updown_voting_settings)
{
// Only proceed if the user is logged in
* with Hotaru CMS. If not, see http://www.gnu.org/licenses/.
*
* @category Content Management System
* @package HotaruCMS
* @author Nick Ramsay <*****@*****.**>
* @copyright Copyright (c) 2009, Hotaru CMS
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License
* @link http://www.hotarucms.org/
*/
//$json_array = array('result'=>'test_okay');
//echo json_encode($json_array); exit;
//echo $_SERVER['DOCUMENT_ROOT'];
require_once '../../../hotaru_settings.php';
require_once '../../../Hotaru.php';
// Not the cleanest way of getting to the root...
$h = new Hotaru();
$h->start();
if ($h->cage->post->testAlpha('plugin') == 'widgets') {
$h->includeLanguage('widgets');
// Get widget settings from the database...
$widgets_settings = $h->getSerializedSettings('widgets');
$this_widget_function = $h->cage->post->testAlnumLines('widget');
// get the name of this widget, e.g. widget_text_widget (function) -> text_widget (widget name)
$this_widget_name = strstr($this_widget_function, '_');
// get every thing after "widget_" (returns the underscore)
$this_widget_name = ltrim($this_widget_name, '_');
// strip the underscore off the front
// get the name of the supporting plugin
$this_plugin_name = $h->getPluginFromFunction($this_widget_function);
if ($h->cage->post->testAlpha('action') == 'enable') {
// enable a widget if plugin is active
<?php
/**
* Includes settings and constructs Hotaru.
*
* PHP version 5
*
* LICENSE: Hotaru CMS is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, either version 3 of
* the License, or (at your option) any later version.
*
* Hotaru CMS is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*
* You should have received a copy of the GNU General Public License along
* with Hotaru CMS. If not, see http://www.gnu.org/licenses/.
*
* @category Content Management System
* @package HotaruCMS
* @author Nick Ramsay <*****@*****.**>
* @copyright Copyright (c) 2010, Hotaru CMS
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License
* @link http://www.hotarucms.org/
*/
// includes
require_once 'hotaru_settings.php';
require_once 'Hotaru.php';
$h = new Hotaru();
$h->start('main');
