function login_post($username, $password, $referrer)
{
global $auth;
if ($username == $auth['username'] && md5($password) == $auth['password']) {
jabSetUser($username, $auth['rights']);
jabRedirect(strlen($referrer) > 0 ? $referrer : "/");
} else {
// No
$model['username'] = $username;
$model['password'] = $password;
$model['referrer'] = $referrer;
$model['login_failed'] = true;
return jabRenderView("view_login.php", $model);
}
}
function contact_post()
{
jabRequire("captcha");
global $jab;
global $contact;
// Retrieve model values
$model['contact'] = $contact;
$model['name'] = jabRequestParam('Name');
$model['email'] = jabRequestParam('Email');
$model['message'] = jabRequestParam('Message');
if (strlen($model['name']) == 0) {
$model['errors'][] = "Name is missing";
}
if (!jabIsValidEmail($model['email'])) {
$model['errors'][] = "Invalid email address";
}
if (strlen($model['message']) == 0) {
$model['errors'][] = "You haven't entered a message";
}
// Check recapture OK
$error = jabCheckCaptcha();
if ($error !== true) {
$model['errors'][] = $error;
}
if (sizeof($model['errors']) > 0) {
return jabRenderView("contact_view_form.php", $model);
}
$model['to'] = $contact['emailTo'];
$model['from'] = "\"" . $model['name'] . "\" <" . $model['email'] . ">";
$model['subject'] = $contact['emailSubject'];
if (!jabRenderMail("contact_email.php", $model)) {
$model['send_error'] = true;
jabRenderView("contact_view_form.php", $model);
} else {
jabRenderView("contact_view_success.php", null);
}
}
function editor_post()
{
if (!jabCanUser("edit")) {
return;
}
global $editor;
$model['editor'] = $editor;
$model['referrer'] = jabRequestParam("referrer");
if (strlen($model['referrer']) == 0) {
$model['referrer'] = "/";
}
$model['file'] = str_replace("..", ".", jabRequestParam("file"));
$model['content'] = jabRequestParam("content");
// Handle no file specified
if (strlen($model['file']) == 0) {
return;
}
// Handle attempt to escape the document root
if (strstr($model['file'], "..")) {
return;
}
// Cancel?
if (jabRequestParam("cancel")) {
return jabRedirect($model['referrer']);
}
$fullpath = jabPathAppend($_SERVER['DOCUMENT_ROOT'], $model['file']);
// Handle file uploads
for ($i = 1; $i <= (isset($editor['maxuploadfiles']) ? $editor['maxuploadfiles'] : 4); $i++) {
if (strlen($_FILES['file' . $i]['name']) == 0) {
continue;
}
$target_path = jabPathAppend(dirname($fullpath), basename($_FILES['file' . $i]['name']));
if (is_file($target_path) && jabRequestParam('overwrite') == "") {
$errors[] = "File " . $_FILES['file' . $i]['name'] . " would be overwriten";
} else {
if (!move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path)) {
$errors[] = "Failed to upload " . $_FILES['file' . $i]['name'];
} else {
if (jabRequestParam("addtoarticle") != "") {
$file = $_FILES['file' . $i]['name'];
$ext = strrpos($file, ".") === false ? null : substr($file, strrpos($file, ".") + 1);
if (in_array($ext, explode(";", "png;jpg;jpeg;tif;tiff;gif"))) {
$model['content'] .= "\n\n<center></center>\n\n";
} else {
$model['content'] .= "\n\n[{$file}]({$file})\n\n";
}
}
}
}
}
if (jabRequestParam("delete")) {
if (jabRequestParam("deleteconfirmed") == "yes") {
try {
unlink($fullpath);
return jabRedirect($model['referrer']);
} catch (Exception $ex) {
$model['errors'][] = "Failed to delete {$ex->getMessage()}.";
}
} else {
$model['errors'][] = "Press Delete again to really delete this file";
$model['deleteconfirmed'] = "yes";
}
return jabRenderView("editor_view.php", $model);
}
if (jabRequestParam("save")) {
try {
$fh = @fopen($fullpath, 'w');
fwrite($fh, $model['content']);
fclose($fh);
jabRedirect($model['referrer']);
} catch (Exception $ex) {
$model['errors'][] = "Failed to save file - {$ex->getMessage()}.";
}
}
return jabRenderView("editor_view.php", $model);
}
function jabDoRouteStaticContent($urlTail, $contentRoot)
{
global $jab;
// Remove querystring
$qpos = strchr($urlTail, "?");
if ($qpos !== false) {
$urlTail = substr($urlTail, 0, $qpos);
}
// Find jab file
$path = jabPathAppend($contentRoot, $urlTail);
if (is_dir($path)) {
// If folder path doesn't end in trailing slash, add one and redirect
if (substr($path, -1) != "/") {
$url = $_SERVER['REQUEST_URI'];
$qpos = strchr($url, "?");
if ($qpos !== false) {
$url = substr($url, 0, $qpos);
}
jabRedirect("http://" . $_SERVER['HTTP_HOST'] . $url . "/");
}
$path = jabPathAppend($path, "index.jab");
} else {
// .html at the end is optional
if (strtolower(substr($path, -5)) == ".html") {
$path = substr($path, 0, -5);
}
// Use jab file?
if (is_file($path . ".jab")) {
$path .= ".jab";
}
}
if (jabCanUser('cms.edit')) {
$model['sourceFile'] = $path;
if (!is_file($path)) {
$jab['missingSourceFile'] = $model['sourceFile'] . ".jab";
}
}
// Exists?
if (!is_file($path)) {
return false;
}
// Render it
if (substr($path, -4) == ".php" || substr($path, -4) == ".jab") {
jabRenderView($path, $model);
} else {
jabEchoFile($path);
}
}
function settings_get()
{
jabLogin();
jabRenderView("auth_view_settings.php", $model);
}
function import_get()
{
jabCanUser("author", true);
// Render import upload view
jabRenderView("blog_view_import.php", $model);
}
