/** * admin process * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Admin * @author Henry Ruhs */ function admin_process() { $aliasFilter = new Redaxscript\Filter\Alias(); $emailFilter = new Redaxscript\Filter\Email(); $urlFilter = new Redaxscript\Filter\Url(); $htmlFilter = new Redaxscript\Filter\Html(); $aliasValidator = new Redaxscript\Validator\Alias(); $loginValidator = new Redaxscript\Validator\Login(); $specialFilter = new Redaxscript\Filter\Special(); $messenger = new Redaxscript\Admin\Messenger(Redaxscript\Registry::getInstance()); $filter = Redaxscript\Registry::get('filter'); $tableParameter = Redaxscript\Registry::get('tableParameter'); $idParameter = Redaxscript\Registry::get('idParameter'); /* clean post */ switch ($tableParameter) { /* categories */ case 'categories': $parent = $r['parent'] = $specialFilter->sanitize($_POST['parent']); /* articles */ /* articles */ case 'articles': $r['keywords'] = $_POST['keywords']; $r['robots'] = $specialFilter->sanitize($_POST['robots']); $r['template'] = $specialFilter->sanitize($_POST['template']); /* extras */ /* extras */ case 'extras': $title = $r['title'] = $_POST['title']; if ($tableParameter != 'categories') { $r['headline'] = $specialFilter->sanitize($_POST['headline']); } $r['sibling'] = $specialFilter->sanitize($_POST['sibling']); $author = $r['author'] = Redaxscript\Registry::get('myUser'); /* comments */ /* comments */ case 'comments': if ($tableParameter == 'comments') { $r['url'] = $urlFilter->sanitize($_POST['url']); $author = $r['author'] = $_POST['author']; } if ($tableParameter != 'categories') { $text = $r['text'] = $filter ? $htmlFilter->sanitize($_POST['text']) : $_POST['text']; $date = $r['date'] = $_POST['date']; } $rank = $r['rank'] = $specialFilter->sanitize($_POST['rank']); /* groups */ /* groups */ case 'groups': if ($tableParameter != 'comments') { $alias = $r['alias'] = $aliasFilter->sanitize($_POST['alias']); } /* users */ /* users */ case 'users': if ($tableParameter != 'groups') { $language = $r['language'] = $specialFilter->sanitize($_POST['language']); } /* modules */ /* modules */ case 'modules': $alias = $aliasFilter->sanitize($_POST['alias']); $status = $r['status'] = $specialFilter->sanitize($_POST['status']); if ($tableParameter != 'groups' && $tableParameter != 'users' && Redaxscript\Registry::get('groupsEdit')) { $access = array_map([$specialFilter, 'sanitize'], $_POST['access']); $access_string = implode(', ', $access); if (!$access_string) { $access_string = null; } $access = $r['access'] = $access_string; } if ($tableParameter != 'extras' && $tableParameter != 'comments') { $r['description'] = $_POST['description']; } $token = $_POST['token']; break; } /* clean contents post */ if ($tableParameter == 'articles') { $r['byline'] = $specialFilter->sanitize($_POST['byline']); $comments = $r['comments'] = $specialFilter->sanitize($_POST['comments']); if ($category && !$idParameter) { $status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status; } } if ($tableParameter == 'articles' || $tableParameter == 'extras') { $category = $r['category'] = $specialFilter->sanitize($_POST['category']); } if ($tableParameter == 'articles' || $tableParameter == 'extras' || $tableParameter == 'comments') { if ($date > Redaxscript\Registry::get('now')) { $status = $r['status'] = 2; } if (!$date) { $r['date'] = Redaxscript\Registry::get('now'); } } if ($tableParameter == 'extras' || $tableParameter == 'comments') { $article = $r['article'] = $specialFilter->sanitize($_POST['article']); } if ($tableParameter == 'comments' && !$idParameter) { $status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status; } if ($tableParameter == 'comments' || $tableParameter == 'users') { $email = $r['email'] = $emailFilter->sanitize($_POST['email']); } /* clean groups post */ if ($tableParameter == 'groups' && (!$idParameter || $idParameter > 1)) { $groups_array = ['categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules']; foreach ($groups_array as $value) { ${$value} = array_map([$specialFilter, 'sanitize'], $_POST[$value]); $groups_string = implode(', ', ${$value}); if (!$groups_string) { $groups_string = 0; } $r[$value] = $groups_string; } $r['settings'] = $specialFilter->sanitize($_POST['settings']); $r['filter'] = $specialFilter->sanitize($_POST['filter']); } if (($tableParameter == 'groups' || $tableParameter == 'users') && $idParameter == 1) { $status = $r['status'] = 1; } if ($tableParameter == 'groups' || $tableParameter == 'users' || $tableParameter == 'modules') { $name = $r['name'] = $specialFilter->sanitize($_POST['name']); } /* clean users post */ if ($tableParameter == 'users') { if ($_POST['user']) { $user = $r['user'] = $specialFilter->sanitize($_POST['user']); } else { $user = $r['user'] = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user; } $password_check = $password_confirm = 1; if ($_POST['edit'] && !$_POST['password'] && !$_POST['password_confirm'] || $_POST['delete']) { $password_check = 0; } if ($_POST['password'] != $_POST['password_confirm']) { $password_confirm = 0; } $password = $specialFilter->sanitize($_POST['password']); if ($password_check == 1 && $password_confirm == 1) { $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); $r['password'] = $passwordHash->getHash(); } if ($_POST['new']) { $r['first'] = $r['last'] = Redaxscript\Registry::get('now'); } if (!$idParameter || $idParameter > 1) { $groups = array_map([$specialFilter, 'sanitize'], $_POST['groups']); $groups_string = implode(', ', $groups); if (!$groups_string) { $groups_string = 0; } $groups = $r['groups'] = $groups_string; } } $r_keys = array_keys($r); $last = end($r_keys); /* validate post */ switch ($tableParameter) { /* contents */ case 'categories': case 'articles': case 'extras': if (!$title) { $error = Redaxscript\Language::get('title_empty'); } if ($tableParameter == 'categories') { $opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id; } if ($tableParameter == 'articles') { $opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id; } if ($opponent_id) { $error = Redaxscript\Language::get('alias_exists'); } if ($tableParameter != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) { $error = Redaxscript\Language::get('alias_incorrect'); } /* groups */ /* groups */ case 'groups': if (!$alias) { $error = Redaxscript\Language::get('alias_empty'); } else { $alias_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->alias; $id_alias = Redaxscript\Db::forTablePrefix($tableParameter)->where('alias', $alias)->findOne()->id; } if ($id_alias && strcasecmp($alias_id, $alias) < 0) { $error = Redaxscript\Language::get('alias_exists'); } } /* validate general post */ switch ($tableParameter) { case 'articles': case 'extras': case 'comments': if (!$text) { $error = Redaxscript\Language::get('text_empty'); } break; case 'groups': case 'users': case 'modules': if (!$name) { $error = Redaxscript\Language::get('name_empty'); } break; } /* validate users post */ if ($tableParameter == 'users') { if (!$user) { $error = Redaxscript\Language::get('user_incorrect'); } else { $user_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user; $id_user = Redaxscript\Db::forTablePrefix($tableParameter)->where('user', $user)->findOne()->id; } if ($id_user && strcasecmp($user_id, $user) < 0) { $error = Redaxscript\Language::get('user_exists'); } if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('user_incorrect'); } if ($password_check == 1) { if (!$password) { $error = Redaxscript\Language::get('password_empty'); } if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('password_incorrect'); } } } /* validate last post */ $emailValidator = new Redaxscript\Validator\Email(); switch ($tableParameter) { case 'comments': if (!$author) { $error = Redaxscript\Language::get('author_empty'); } case 'users': if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('email_incorrect'); } } $route = 'admin'; /* handle error */ if ($error) { if (!$idParameter) { $route .= '/new/' . $tableParameter; } else { $route .= '/edit/' . $tableParameter . '/' . $idParameter; } /* show error */ echo $messenger->setRoute(Redaxscript\Language::get('back'), $route)->error($error, Redaxscript\Language::get('error_occurred')); return; } else { if (Redaxscript\Registry::get('tableEdit') == 1 || Redaxscript\Registry::get('tableEdit') == 1) { $route .= '/view/' . $tableParameter; if ($alias) { $route .= '#' . $alias; } else { if ($user) { $route .= '#' . $user; } } } } /* select to null */ foreach ($r as $key => $value) { if ($value == 'select') { $r[$key] = null; } } /* process */ switch (true) { /* query new */ case $_POST['new']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save(); /* show success */ echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed')); return; /* query edit */ /* query edit */ case $_POST['edit']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save(); /* query categories */ if ($tableParameter == 'categories') { $categoryChildren = Redaxscript\Db::forTablePrefix($tableParameter)->where('parent', $idParameter); $categoryArray = array_merge($categoryChildren->findFlatArray(), [$idParameter]); $articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray); $articleArray = $articleChildren->findFlatArray(); if (count($articleArray) > 0) { Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(['status' => $status, 'access' => $access])->save(); } $categoryChildren->findMany()->set(['status' => $status, 'access' => $access])->save(); $articleChildren->findMany()->set(['status' => $status, 'access' => $access])->save(); } /* query articles */ if ($tableParameter == 'articles') { if ($comments == 0) { $status = 0; } Redaxscript\Db::forTablePrefix('comments')->where('article', $idParameter)->findMany()->set(['status' => $status, 'access' => $access])->save(); } if ($tableParameter == 'users' && $idParameter == Redaxscript\Registry::get('myId')) { $auth = new Redaxscript\Auth(Redaxscript\Request::getInstance()); $auth->init(); $auth->setUser('name', $name); $auth->setUser('email', $email); $auth->setUser('language', $language); $auth->save(); Redaxscript\Request::setSession('language', $language); } /* show success */ echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed')); return; } }
/** * startup * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Startup * @author Henry Ruhs */ function startup() { /* ini set */ if (function_exists('ini_set')) { if (error_reporting() == 0) { ini_set('display_startup_errors', 0); ini_set('display_errors', 0); } ini_set('session.use_trans_sid', 0); ini_set('url_rewriter.tags', 0); ini_set('mbstring.substitute_character', 0); } /* define general */ $request = Redaxscript\Request::getInstance(); $registry = Redaxscript\Registry::getInstance(); $file = new Redaxscript\Server\File($request); $root = new Redaxscript\Server\Root($request); $host = new Redaxscript\Server\Host($request); $registry->set('file', $file->getOutput()); $registry->set('root', $root->getOutput()); $registry->set('host', $host->getOutput()); /* session */ session_start(); /* prevent session hijacking */ $request->refreshSession(); if (!$request->getSession('regenerateId')) { session_regenerate_id(); $request->setSession('regenerateId', true); } /* database status */ $registry->set('dbStatus', Redaxscript\Db::getStatus()); /* define token */ $token = new Redaxscript\Server\Token($request); $auth = new Redaxscript\Auth($request); $registry->set('token', $token->getOutput()); if ($auth->getStatus()) { $registry->set('loggedIn', $token->getOutput()); } /* setup charset */ if (function_exists('ini_set') && $registry->get('dbStatus') === 2) { ini_set('default_charset', Redaxscript\Db::getSetting('charset')); } /* define status */ $pdoDriverArray = PDO::getAvailableDrivers(); $fallbackModuleArray = ['mod_deflate', 'mod_headers', 'mod_rewrite']; $apacheModuleArray = function_exists('apache_get_modules') ? apache_get_modules() : $fallbackModuleArray; $registry->set('phpOs', strtolower(php_uname('s'))); $registry->set('phpVersion', phpversion()); $registry->set('pdoDriverArray', $pdoDriverArray); $registry->set('apacheModuleArray', $apacheModuleArray); $registry->set('sessionStatus', session_status()); /* define parameter */ $parameter = new Redaxscript\Router\Parameter($request); $parameter->init(); $registry->set('firstParameter', $parameter->getFirst()); $registry->set('firstSubParameter', $parameter->getSub()); $registry->set('secondParameter', $parameter->getSecond()); $registry->set('secondSubParameter', $parameter->getSub()); $registry->set('thirdParameter', $parameter->getThird()); $registry->set('thirdSubParameter', $parameter->getSub()); if ($registry->get('loggedIn') == $registry->get('token') && $registry->get('firstParameter') == 'admin') { $registry->set('adminParameter', $parameter->getAdmin()); $registry->set('tableParameter', $parameter->getTable()); $registry->set('idParameter', $parameter->getId()); $registry->set('aliasParameter', $parameter->getAlias()); } $registry->set('lastParameter', $parameter->getLast()); $registry->set('lastSubParameter', $parameter->getSub()); $registry->set('tokenParameter', $parameter->getToken()); /* define routes */ $resolver = new Redaxscript\Router\Resolver($request); $resolver->init(); $registry->set('liteRoute', $resolver->getLite()); $registry->set('fullRoute', $resolver->getFull()); if (!in_array('mod_rewrite', $registry->get('apacheModuleArray')) || !file_exists('.htaccess') || $registry->get('file') == 'install.php') { $registry->set('parameterRoute', '?p='); $registry->set('languageRoute', '&l='); $registry->set('templateRoute', '&t='); } else { $registry->set('parameterRoute', null); $registry->set('languageRoute', '.'); $registry->set('templateRoute', '.'); } /* define tables */ if ($registry->get('dbStatus') === 2) { if (!$registry->get('fullRoute') || $registry->get('firstParameter') == 'admin' && !$registry->get('secondParameter')) { /* check for homepage */ if (Redaxscript\Db::getSetting('homepage') > 0) { $table = 'articles'; $id = Redaxscript\Db::getSetting('homepage'); } else { $table = 'categories'; $id = 0; /* check order */ if (Redaxscript\Db::getSetting('order') == 'asc') { $rank = Redaxscript\Db::forTablePrefix($table)->min('rank'); } else { if (Redaxscript\Db::getSetting('order') == 'desc') { $rank = Redaxscript\Db::forTablePrefix($table)->max('rank'); } } /* category is published */ if ($rank) { $status = Redaxscript\Db::forTablePrefix($table)->where('rank', $rank)->findOne()->status; if ($status == 1) { $id = Redaxscript\Db::forTablePrefix($table)->where('rank', $rank)->findOne()->id; } } } $registry->set('firstTable', $table); $registry->set('lastTable', $table); } else { if ($registry->get('firstParameter')) { $registry->set('firstTable', query_table($registry->get('firstParameter'))); } if ($registry->get('firstTable')) { $registry->set('secondTable', query_table($registry->get('secondParameter'))); } if ($registry->get('secondTable')) { $registry->set('thirdTable', query_table($registry->get('thirdParameter'))); } if ($registry->get('lastParameter')) { $registry->set('lastTable', query_table($registry->get('lastParameter'))); } if ($registry->get('lastTable')) { $id = Redaxscript\Db::forTablePrefix($registry->get('lastTable'))->where('alias', $registry->get('lastParameter'))->findOne()->id; } } } /* define ids */ $aliasValidator = new Redaxscript\Validator\Alias(); if ($registry->get('firstParameter') === 'admin' || $aliasValidator->validate($registry->get('firstParameter'), Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::FAILED) { if ($registry->get('lastTable') == 'categories') { $registry->set('categoryId', $id); $registry->set('lastId', $id); } else { if ($registry->get('lastTable') == 'articles') { $registry->set('articleId', $id); $registry->set('lastId', $id); } } } /* define content error */ if (!$registry->get('lastId') && $aliasValidator->validate($registry->get('firstParameter'), Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::FAILED) { $registry->set('contentError', true); } else { $registry->set('contentError', false); } /* define user */ $browser = new Redaxscript\Client\Browser($request); $version = new Redaxscript\Client\Version($request); $engine = new Redaxscript\Client\Engine($request); $mobile = new Redaxscript\Client\Mobile($request); $tablet = new Redaxscript\Client\Tablet($request); $desktop = new Redaxscript\Client\Desktop($request); $registry->set('myBrowser', $browser->getOutput()); $registry->set('myBrowserVersion', $version->getOutput()); $registry->set('myEngine', $engine->getOutput()); $registry->set('myMobile', $mobile->getOutput()); $registry->set('myTablet', $tablet->getOutput()); if (!$registry->get('myMobile') || !$registry->get('myTablet')) { $registry->set('myDesktop', $desktop->getOutput()); } /* auth */ Redaxscript\Request::refreshSession(); $auth->init(); if ($auth->getStatus()) { $registry->set('myId', $auth->getUser('id')); $registry->set('myName', $auth->getUser('name')); $registry->set('myUser', $auth->getUser('user')); $registry->set('myEmail', $auth->getUser('email')); $registry->set('myLanguage', $auth->getUser('language')); $registry->set('myGroups', $auth->getUser('groups')); $registry->set('categoriesNew', $auth->getPermissionNew('categories')); $registry->set('categoriesEdit', $auth->getPermissionEdit('categories')); $registry->set('categoriesDelete', $auth->getPermissionDelete('categories')); $registry->set('articlesNew', $auth->getPermissionNew('articles')); $registry->set('articlesEdit', $auth->getPermissionEdit('articles')); $registry->set('articlesDelete', $auth->getPermissionDelete('articles')); $registry->set('extrasNew', $auth->getPermissionNew('extras')); $registry->set('extrasEdit', $auth->getPermissionEdit('extras')); $registry->set('extrasDelete', $auth->getPermissionDelete('extras')); $registry->set('commentsNew', $auth->getPermissionNew('comments')); $registry->set('commentsEdit', $auth->getPermissionEdit('comments')); $registry->set('commentsDelete', $auth->getPermissionDelete('comments')); $registry->set('groupsNew', $auth->getPermissionNew('groups')); $registry->set('groupsEdit', $auth->getPermissionEdit('groups')); $registry->set('groupsDelete', $auth->getPermissionDelete('groups')); $registry->set('usersNew', $auth->getPermissionNew('users')); $registry->set('usersEdit', $auth->getPermissionEdit('users')); $registry->set('usersDelete', $auth->getPermissionDelete('users')); $registry->set('modulesInstall', $auth->getPermissionInstall('modules')); $registry->set('modulesEdit', $auth->getPermissionEdit('modules')); $registry->set('modulesUninstall', $auth->getPermissionUninstall('modules')); $registry->set('settingsEdit', $auth->getPermissionEdit('settings')); } $registry->set('filter', $auth->getFilter()); /* define table access */ $tableParameter = $registry->get('tableParameter'); $registry->set('tableNew', $registry->get($tableParameter . 'New')); $registry->set('tableInstall', $registry->get($tableParameter . 'Install')); $registry->set('tableEdit', $registry->get($tableParameter . 'Edit')); $registry->set('tableDelete', $registry->get($tableParameter . 'Delete')); $registry->set('tableUninstall', $registry->get($tableParameter . 'Uninstall')); /* define time */ $registry->set('now', date('Y-m-d H:i:s')); /* cron update */ $registry->set('cronUpdate', false); if (!Redaxscript\Request::getSession('timerUpdate') && $registry->get('dbStatus') === 2 && function_exists('future_update')) { Redaxscript\Request::setSession('timerUpdate', date('Y-m-d H:i:s', strtotime('+1 minute'))); $registry->set('cronUpdate', true); } else { if (Redaxscript\Request::getSession('timerUpdate') < $registry->get('now')) { Redaxscript\Request::setSession('timerUpdate', false); } } /* future update */ if ($registry->get('cronUpdate')) { Redaxscript\Hook::trigger('cronUpdate'); future_update('categories'); future_update('articles'); future_update('comments'); future_update('extras'); } /* cache */ $registry->set('noCache', false); $filterBoolean = new Redaxscript\Filter\Boolean(); $noCache = $filterBoolean->sanitize($request->getQuery('no-cache')); if ($registry->get('loggedIn') == $registry->get('token') || $noCache) { $registry->set('noCache', true); } }