/** * reminder form * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Reminder * @author Henry Ruhs */ function reminder_form() { $output = Redaxscript\Hook::trigger(__FUNCTION__ . '_start'); /* disable fields if attack blocked */ if (ATTACK_BLOCKED > 9) { $code_disabled = ' disabled="disabled"'; } /* captcha object */ $captcha = new Redaxscript\Captcha(Redaxscript\Language::getInstance()); $captcha->init(); /* collect output */ $output .= '<h2 class="title_content">' . l('reminder') . '</h2>'; $output .= form_element('form', 'form_reminder', 'js_validate_form form_default form_reminder', '', '', '', 'action="' . REWRITE_ROUTE . 'reminder" method="post"'); $output .= form_element('fieldset', '', 'set_reminder', '', '', l('reminder_request') . l('point')) . '<ul>'; $output .= '<li>' . form_element('email', 'email', 'field_text field_note', 'email', '', l('email'), 'maxlength="50" required="required" autofocus="autofocus"' . $code_disabled) . '</li>'; /* collect captcha task output */ $output .= '<li>' . form_element('number', 'task', 'field_text field_note', 'task', '', $captcha->getTask(), 'min="1" max="20" required="required"' . $code_disabled) . '</li>'; $output .= '</ul></fieldset>'; /* collect captcha solution output */ $captchaHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $captchaHash->init($captcha->getSolution()); $output .= form_element('hidden', '', '', 'solution', $captchaHash->getHash()); /* collect hidden and button output */ $output .= form_element('hidden', '', '', 'token', TOKEN); $output .= form_element('button', '', 'js_submit button_default', 'reminder_post', l('submit'), '', $code_disabled); $output .= '</form>'; $output .= Redaxscript\Hook::trigger(__FUNCTION__ . '_end'); $_SESSION[ROOT . '/reminder'] = 'visited'; echo $output; }
/** * db backup render start * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Modules * @author Henry Ruhs */ function db_backup_render_start() { if (LOGGED_IN == TOKEN && FIRST_PARAMETER == 'admin' && SECOND_PARAMETER == 'db-backup') { define('TITLE', l('database_backup', 'db_backup')); /* registry object */ $registry = Redaxscript\Registry::getInstance(); $registry->set('title', l('database_backup', 'db_backup')); /* config object */ $config = Redaxscript\Config::getInstance(); /* download database backup */ if (THIRD_PARAMETER == 'download') { define('RENDER_BREAK', 1); db_backup($config::get('name'), 0); } /* send database backup */ if (THIRD_PARAMETER == 'send') { define('CENTER_BREAK', 1); /* prepare body parts */ $urlLink = anchor_element('external', '', '', ROOT, ROOT); $fileName = $config::get('name') . '-' . db_backup_clean_date(NOW) . '.sql'; /* prepare mail inputs */ $toArray = $fromArray = array(s('author') => s('email')); $subject = l('database_backup', 'db_backup'); $bodyArray = array('<strong>' . l('url') . l('colon') . '</strong> ' . $urlLink, '<strong>' . l('database') . l('colon') . '</strong> ' . $config::get('name'), '<br />', '<strong>' . l('message') . l('colon') . '</strong> ' . l('save_attachment', 'db_backup') . l('point')); $attachmentArray = array($fileName => db_backup($config::get('name'), 1)); /* mail object */ $mail = new Redaxscript\Mailer($toArray, $fromArray, $subject, $bodyArray, $attachmentArray); $mail->send(); } } }
/** * login form * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Login * @author Henry Ruhs */ function login_form() { $output = Redaxscript\Hook::trigger(__FUNCTION__ . '_start'); /* disable fields if attack blocked */ if (ATTACK_BLOCKED > 9) { $code_disabled = ' disabled="disabled"'; } /* captcha object */ if (s('captcha') > 0) { $captcha = new Redaxscript\Captcha(Redaxscript\Language::getInstance()); $captcha->init(); } /* reminder question */ if (s('reminder') == 1) { $legend = anchor_element('internal', '', 'link_legend', l('reminder_question') . l('question_mark'), 'reminder', '', 'rel="nofollow"'); } else { $legend = l('fields_limited') . l('point'); } /* collect output */ $output .= '<h2 class="title_content">' . l('login') . '</h2>'; $output .= form_element('form', 'form_login', 'js_validate_form form_default form_login', '', '', '', 'action="' . REWRITE_ROUTE . 'login" method="post"'); $output .= form_element('fieldset', '', 'set_login', '', '', $legend) . '<ul>'; $output .= '<li>' . form_element('text', 'user', 'field_text field_note', 'user', '', l('user'), 'maxlength="50" required="required" autofocus="autofocus"' . $code_disabled) . '</li>'; $output .= '<li>' . form_element('password', 'password', 'js_unmask_password field_text field_note', 'password', '', l('password'), 'maxlength="50" required="required" autocomplete="off"' . $code_disabled) . '</li>'; /* collect captcha task output */ if (LOGGED_IN != TOKEN && s('captcha') > 0) { $output .= '<li>' . form_element('number', 'task', 'field_text field_note', 'task', '', $captcha->getTask(), 'min="1" max="20" required="required"' . $code_disabled) . '</li>'; } $output .= '</ul></fieldset>'; /* collect captcha solution output */ if (s('captcha') > 0) { $captchaHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $captchaHash->init($captcha->getSolution()); if (LOGGED_IN == TOKEN) { $output .= form_element('hidden', '', '', 'task', $captchaHash->getRaw()); } $output .= form_element('hidden', '', '', 'solution', $captchaHash->getHash()); } /* collect hidden and button output */ $output .= form_element('hidden', '', '', 'token', TOKEN); $output .= form_element('button', '', 'js_submit button_default', 'login_post', l('submit'), '', $code_disabled); $output .= '</form>'; $output .= Redaxscript\Hook::trigger(__FUNCTION__ . '_end'); $_SESSION[ROOT . '/login'] = '******'; echo $output; }
/** * write config * * @since 2.4.0 * @deprecated 2.4.0 * * @package Redaxscript * @category Install * @author Henry Ruhs */ function write_config() { global $d_type, $d_host, $d_name, $d_user, $d_password, $d_prefix, $d_salt; $config = Redaxscript\Config::getInstance(); $config->set('dbType', $d_type); $config->set('dbHost', $d_host); $config->set('dbName', $d_name); $config->set('dbUser', $d_user); $config->set('dbPassword', $d_password); $config->set('dbPrefix', $d_prefix); $config->set('dbSalt', $d_salt); $config->write(); }
/** * startup * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Startup * @author Henry Ruhs */ function startup() { /* ini set */ if (function_exists('ini_set')) { if (error_reporting() == 0) { ini_set('display_startup_errors', 0); ini_set('display_errors', 0); } ini_set('session.use_trans_sid', 0); ini_set('url_rewriter.tags', 0); ini_set('mbstring.substitute_character', 0); } /* define general */ $request = Redaxscript\Request::getInstance(); $file = new Redaxscript\Server\File($request); $root = new Redaxscript\Server\Root($request); define('FILE', $file->getOutput()); define('ROOT', $root->getOutput()); /* session start */ session_start(); /* prevent session hijacking */ if (!$_SESSION[ROOT . '/regenerate_id']) { session_regenerate_id(); $_SESSION[ROOT . '/regenerate_id'] = 1; } /* database status */ Redaxscript\Registry::set('dbStatus', Redaxscript\Db::getStatus()); /* define token */ $token = new Redaxscript\Server\Token($request); define('TOKEN', $token->getOutput()); /* prefix and salt */ define('PREFIX', Redaxscript\Config::get('dbPrefix')); define('SALT', Redaxscript\Config::get('dbSalt')); /* define session */ define('LOGGED_IN', $_SESSION[ROOT . '/logged_in']); define('ATTACK_BLOCKED', $_SESSION[ROOT . '/attack_blocked']); /* setup charset */ if (function_exists('ini_set') && Redaxscript\Registry::get('dbStatus') === 2) { ini_set('default_charset', s('charset')); } /* define parameter */ $parameter = new Redaxscript\Parameter($request); $parameter->init(); define('FIRST_PARAMETER', $parameter->getFirst()); define('FIRST_SUB_PARAMETER', $parameter->getSub()); define('SECOND_PARAMETER', $parameter->getSecond()); define('SECOND_SUB_PARAMETER', $parameter->getSub()); define('THIRD_PARAMETER', $parameter->getThird()); define('THIRD_SUB_PARAMETER', $parameter->getSub()); if (LOGGED_IN == TOKEN && FIRST_PARAMETER == 'admin') { define('ADMIN_PARAMETER', $parameter->getAdmin()); define('TABLE_PARAMETER', $parameter->getTable()); define('ID_PARAMETER', $parameter->getId()); define('ALIAS_PARAMETER', $parameter->getAlias()); } else { undefine(array('ADMIN_PARAMETER', 'TABLE_PARAMETER', 'ID_PARAMETER', 'ALIAS_PARAMETER')); } define('LAST_PARAMETER', $parameter->getLast()); define('LAST_SUB_PARAMETER', $parameter->getSub()); define('TOKEN_PARAMETER', $parameter->getToken()); /* define routes */ $router = new Redaxscript\Router($request); $router->init(); define('LITE_ROUTE', $router->getLite()); define('FULL_ROUTE', $router->getFull()); if (function_exists('apache_get_modules') && in_array('mod_rewrite', apache_get_modules()) == '' || file_exists('.htaccess') == '' || FILE == 'install.php') { define('REWRITE_ROUTE', '?p='); define('LANGUAGE_ROUTE', '&l='); define('TEMPLATE_ROUTE', '&t='); } else { define('REWRITE_ROUTE', ''); define('LANGUAGE_ROUTE', '.'); define('TEMPLATE_ROUTE', '.'); } /* define tables */ if (Redaxscript\Registry::get('dbStatus') === 2) { if (FULL_ROUTE == '' || FIRST_PARAMETER == 'admin' && SECOND_PARAMETER == '') { /* check for homepage */ if (s('homepage') > 0) { $table = 'articles'; $id = s('homepage'); } else { $table = 'categories'; $id = 0; /* check order */ if (s('order') == 'asc') { $rank = Redaxscript\Db::forTablePrefix($table)->min('rank'); } else { if (s('order') == 'desc') { $rank = Redaxscript\Db::forTablePrefix($table)->max('rank'); } } /* if category is published */ if ($rank) { $status = Redaxscript\Db::forTablePrefix($table)->where('rank', $rank)->findOne()->status; if ($status == 1) { $id = Redaxscript\Db::forTablePrefix($table)->where('rank', $rank)->findOne()->id; } } } define('FIRST_TABLE', $table); define('SECOND_TABLE', ''); define('THIRD_TABLE', ''); define('LAST_TABLE', $table); } else { if (FIRST_PARAMETER) { define('FIRST_TABLE', query_table(FIRST_PARAMETER)); } else { define('FIRST_TABLE', ''); } if (FIRST_TABLE) { define('SECOND_TABLE', query_table(SECOND_PARAMETER)); } else { define('SECOND_TABLE', ''); } if (SECOND_TABLE) { define('THIRD_TABLE', query_table(THIRD_PARAMETER)); } else { define('THIRD_TABLE', ''); } if (LAST_PARAMETER) { define('LAST_TABLE', query_table(LAST_PARAMETER)); } else { define('LAST_TABLE', ''); } if (LAST_TABLE) { $id = Redaxscript\Db::forTablePrefix(LAST_TABLE)->where('alias', LAST_PARAMETER)->findOne()->id; } } } else { undefine(array('FIRST_TABLE', 'SECOND_TABLE', 'THIRD_TABLE', 'LAST_TABLE')); } /* define ids */ if (LAST_TABLE == 'categories') { define('CATEGORY', $id); define('ARTICLE', ''); define('LAST_ID', $id); } else { if (LAST_TABLE == 'articles') { define('CATEGORY', ''); define('ARTICLE', $id); define('LAST_ID', $id); } else { undefine(array('CATEGORY', 'ARTICLE', 'LAST_ID')); } } /* define content error */ $aliasValidator = new Redaxscript\Validator\Alias(); if (LAST_ID == '' && $aliasValidator->validate(FIRST_PARAMETER, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::FAILED) { define('CONTENT_ERROR', 1); } else { define('CONTENT_ERROR', 0); } /* define user */ $browser = new Redaxscript\Client\Browser($request); $version = new Redaxscript\Client\Version($request); $engine = new Redaxscript\Client\Engine($request); $mobile = new Redaxscript\Client\Mobile($request); $tablet = new Redaxscript\Client\Tablet($request); define('MY_BROWSER', $browser->getOutput()); define('MY_BROWSER_VERSION', $version->getOutput()); define('MY_ENGINE', $engine->getOutput()); define('MY_MOBILE', $mobile->getOutput()); define('MY_TABLET', $tablet->getOutput()); /* if mobile or tablet */ if (MY_MOBILE || MY_TABLET) { define('MY_DESKTOP', ''); } else { $desktop = new Redaxscript\Client\Desktop($request); define('MY_DESKTOP', $desktop->getOutput()); } /* if logged in */ if (LOGGED_IN == TOKEN) { define('MY_ID', $_SESSION[ROOT . '/my_id']); define('MY_NAME', $_SESSION[ROOT . '/my_name']); define('MY_USER', $_SESSION[ROOT . '/my_user']); define('MY_EMAIL', $_SESSION[ROOT . '/my_email']); define('MY_GROUPS', $_SESSION[ROOT . '/my_groups']); /* define access */ $access_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users'); foreach ($access_array as $value) { define(strtoupper($value) . '_NEW', $_SESSION[ROOT . '/' . $value . '_new']); define(strtoupper($value) . '_EDIT', $_SESSION[ROOT . '/' . $value . '_edit']); define(strtoupper($value) . '_DELETE', $_SESSION[ROOT . '/' . $value . '_delete']); if (TABLE_PARAMETER == 'users' && ID_PARAMETER == MY_ID && $value == 'users') { define('USERS_EXCEPTION', 1); } else { if ($value == 'users') { define('USERS_EXCEPTION', 0); } } } define('MODULES_INSTALL', $_SESSION[ROOT . '/modules_install']); define('MODULES_EDIT', $_SESSION[ROOT . '/modules_edit']); define('MODULES_UNINSTALL', $_SESSION[ROOT . '/modules_uninstall']); define('SETTINGS_EDIT', $_SESSION[ROOT . '/settings_edit']); define('FILTER', $_SESSION[ROOT . '/filter']); } else { define('FILTER', 1); } /* define table access */ define('TABLE_NEW', constant(strtoupper(TABLE_PARAMETER) . '_NEW')); define('TABLE_INSTALL', constant(strtoupper(TABLE_PARAMETER) . '_INSTALL')); define('TABLE_EDIT', constant(strtoupper(TABLE_PARAMETER) . '_EDIT')); define('TABLE_DELETE', constant(strtoupper(TABLE_PARAMETER) . '_DELETE')); define('TABLE_UNINSTALL', constant(strtoupper(TABLE_PARAMETER) . '_UNINSTALL')); /* define time */ define('GMDATE', gmdate('D, d M Y H:i:s') . ' GMT'); define('GMDATE_PLUS_WEEK', gmdate('D, d M Y H:i:s', strtotime('+1 week')) . ' GMT'); define('GMDATE_PLUS_YEAR', gmdate('D, d M Y H:i:s', strtotime('+1 year')) . ' GMT'); define('NOW', date('Y-m-d H:i:s')); Redaxscript\Registry::set('now', NOW); define('DELAY', date('Y-m-d H:i:s', strtotime('+1 minute'))); define('TODAY', date('Y-m-d')); /* future update */ define('UPDATE', $_SESSION[ROOT . '/update']); if (UPDATE == '' && Redaxscript\Registry::get('dbStatus') === 2) { future_update('articles'); future_update('comments'); future_update('extras'); $_SESSION[ROOT . '/update'] = DELAY; } else { if (UPDATE < NOW) { $_SESSION[ROOT . '/update'] = ''; } } }
/** * router * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Center * @author Henry Ruhs */ function router() { $firstParameter = Redaxscript\Registry::get('firstParameter'); $secondParameter = Redaxscript\Registry::get('secondParameter'); $thirdParameter = Redaxscript\Registry::get('thirdParameter'); $thirdSubParameter = Redaxscript\Registry::get('thirdSubParameter'); $config = Redaxscript\Config::getInstance(); Redaxscript\Hook::trigger('routerStart'); if (Redaxscript\Registry::get('routerBreak')) { return; } /* check token */ $messenger = new Redaxscript\Messenger(Redaxscript\Registry::getInstance()); if ($_POST && $_POST['token'] != Redaxscript\Registry::get('token')) { echo $messenger->setRoute(Redaxscript\Language::get('home'), Redaxscript\Registry::get('root'))->error(Redaxscript\Language::get('token_incorrect'), Redaxscript\Language::get('error_occurred')); return; } /* install routing */ if (Redaxscript\Registry::get('file') === 'install.php' && $config->get('env') !== 'production') { if (Redaxscript\Request::getPost('Redaxscript\\View\\InstallForm')) { $installController = new Redaxscript\Controller\Install(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance(), Redaxscript\Request::getInstance(), Redaxscript\Config::getInstance()); echo $installController->process(); return; } else { $systemStatus = new Redaxscript\View\SystemStatus(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance()); $installForm = new Redaxscript\View\InstallForm(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance()); echo $systemStatus->render() . $installForm->render(); return; } } /* general routing */ $post_list = ['Redaxscript\\View\\LoginForm' => 'Redaxscript\\Controller\\Login', 'Redaxscript\\View\\RegisterForm' => 'Redaxscript\\Controller\\Register', 'Redaxscript\\View\\ResetForm' => 'Redaxscript\\Controller\\Reset', 'Redaxscript\\View\\RecoverForm' => 'Redaxscript\\Controller\\Recover', 'Redaxscript\\View\\CommentForm' => 'Redaxscript\\Controller\\Comment']; foreach ($post_list as $key => $value) { if (Redaxscript\Request::getPost($key)) { if (class_exists($value)) { $controller = new $value(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance(), Redaxscript\Request::getInstance()); echo $controller->process(); } return; } } /* search routing */ if (Redaxscript\Request::getPost('Redaxscript\\View\\SearchForm')) { $messenger = new Redaxscript\Messenger(Redaxscript\Registry::getInstance()); $table = Redaxscript\Request::getPost('table'); if ($table) { $table = '/' . $table; } echo $messenger->setRoute(Redaxscript\Language::get('continue'), 'search' . $table . '/' . Redaxscript\Request::getPost('search'))->doRedirect(0)->success(Redaxscript\Language::get('search')); } /* parameter routing */ switch ($firstParameter) { case 'admin': if (Redaxscript\Registry::get('loggedIn') == Redaxscript\Registry::get('token')) { admin_router(); } else { echo $messenger->setRoute(Language::get('login'), 'login')->error(Language::get('access_no'), Language::get('error_occurred')); } return; case 'login': switch ($secondParameter) { case 'recover': if (Redaxscript\Db::getSetting('recovery') == 1) { $recoverForm = new Redaxscript\View\RecoverForm(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance()); echo $recoverForm->render(); return; } case 'reset': if (Redaxscript\Db::getSetting('recovery') == 1 && $thirdParameter && $thirdSubParameter) { $resetForm = new Redaxscript\View\ResetForm(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance()); echo $resetForm->render(); return; } /* show error */ echo $messenger->setRoute(Language::get('login'), 'login')->error(Language::get('access_no'), Language::get('error_occurred')); return; default: $loginForm = new Redaxscript\View\LoginForm(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance()); echo $loginForm->render(); return; } case 'logout': if (Redaxscript\Registry::get('loggedIn') == Redaxscript\Registry::get('token')) { $logoutController = new Redaxscript\Controller\Logout(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance(), Redaxscript\Request::getInstance()); echo $logoutController->process(); return; } /* show error */ echo $messenger->setRoute(Language::get('login'), 'login')->error(Language::get('access_no'), Language::get('error_occurred')); return; case 'register': if (Redaxscript\Db::getSetting('registration')) { $registerForm = new Redaxscript\View\RegisterForm(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance()); echo $registerForm->render(); return; } /* show error */ echo $messenger->setRoute(Language::get('home'), Redaxscript\Registry::get('root'))->error(Language::get('access_no'), Language::get('error_occurred')); return; case 'search': $searchController = new Redaxscript\Controller\Search(Redaxscript\Registry::getInstance(), Redaxscript\Language::getInstance(), Redaxscript\Request::getInstance()); echo $searchController->process(); return; default: contents(); return; } Redaxscript\Hook::trigger('routerEnd'); }
/** * comment form * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Comments * @author Henry Ruhs * * @param integer $article * @param string $language */ function comment_form($article = '', $language = '') { $output = Redaxscript\Hook::trigger(__FUNCTION__ . '_start'); /* disable fields if attack blocked */ if (ATTACK_BLOCKED > 9) { $code_readonly = $code_disabled = ' disabled="disabled"'; } else { if (LOGGED_IN == TOKEN) { $author = MY_USER; $email = MY_EMAIL; $code_readonly = ' readonly="readonly"'; } } /* captcha object */ if (s('captcha') > 0) { $captcha = new Redaxscript\Captcha(Redaxscript\Language::getInstance()); $captcha->init(); } /* collect output */ $output .= '<h2 class="title_content">' . l('comment_new') . '</h2>'; $output .= form_element('form', 'form_comment', 'js_validate_form form_default form_comment', '', '', '', 'method="post"'); $output .= form_element('fieldset', '', 'set_comment', '', '', l('fields_required') . l('point')) . '<ul>'; $output .= '<li>' . form_element('text', 'author', 'field_text field_note', 'author', $author, '* ' . l('author'), 'maxlength="50" required="required"' . $code_readonly) . '</li>'; $output .= '<li>' . form_element('email', 'email', 'field_text field_note', 'email', $email, '* ' . l('email'), 'maxlength="50" required="required"' . $code_readonly) . '</li>'; $output .= '<li>' . form_element('url', 'url', 'field_text', 'url', '', l('url'), 'maxlength="50"' . $code_disabled) . '</li>'; $output .= '<li>' . form_element('textarea', 'text', 'js_auto_resize js_editor_textarea field_textarea field_note', 'text', '', '* ' . l('comment'), 'rows="5" cols="100" required="required"' . $code_disabled) . '</li>'; /* collect captcha task output */ if (LOGGED_IN != TOKEN && s('captcha') > 0) { $output .= '<li>' . form_element('number', 'task', 'field_text field_note', 'task', '', $captcha->getTask(), 'min="1" max="20" required="required"' . $code_disabled) . '</li>'; } $output .= '</ul></fieldset>'; /* collect hidden output */ $output .= form_element('hidden', '', '', 'language', $language); $output .= form_element('hidden', '', '', 'date', NOW); $output .= form_element('hidden', '', '', 'article', $article); /* collect captcha solution output */ if (s('captcha') > 0) { $captchaHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $captchaHash->init($captcha->getSolution()); if (LOGGED_IN == TOKEN) { $output .= form_element('hidden', '', '', 'task', $captchaHash->getRaw()); } $output .= form_element('hidden', '', '', 'solution', $captchaHash->getHash()); } /* collect hidden and button output */ $output .= form_element('hidden', '', '', 'token', TOKEN); $output .= form_element('button', '', 'js_submit button_default', 'comment_post', l('create'), '', $code_disabled); $output .= '</form>'; $output .= Redaxscript\Hook::trigger(__FUNCTION__ . '_end'); $_SESSION[ROOT . '/comment'] = 'visited'; echo $output; }
/** * admin process * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Admin * @author Henry Ruhs */ function admin_process() { $aliasValidator = new Redaxscript\Validator\Alias(); $loginValidator = new Redaxscript\Validator\Login(); $specialFilter = new Redaxscript\Filter\Special(); /* clean post */ switch (TABLE_PARAMETER) { /* categories */ case 'categories': $parent = $r['parent'] = clean($_POST['parent'], 0); /* articles */ /* articles */ case 'articles': $r['keywords'] = clean($_POST['keywords'], 5); $r['template'] = clean($_POST['template'], 0); /* extras */ /* extras */ case 'extras': $title = $r['title'] = clean($_POST['title'], 5); if (TABLE_PARAMETER != 'categories') { $r['headline'] = clean($_POST['headline'], 0); } $r['sibling'] = clean($_POST['sibling'], 0); /* comments */ /* comments */ case 'comments': if (TABLE_PARAMETER == 'comments') { $r['url'] = clean($_POST['url'], 4); } $author = $r['author'] = clean($_POST['author'], 0); if (TABLE_PARAMETER != 'categories') { $text = $r['text'] = clean($_POST['text'], 1); $date = $_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day'] . ' ' . $_POST['hour'] . ':' . $_POST['minute'] . ':00'; $date = $r['date'] = clean($date, 5); } $rank = $r['rank'] = clean($_POST['rank'], 0); /* groups */ /* groups */ case 'groups': if (TABLE_PARAMETER != 'comments') { $alias = $r['alias'] = clean($_POST['alias'], 2); } /* users */ /* users */ case 'users': if (TABLE_PARAMETER != 'groups') { $language = $r['language'] = clean($_POST['language'], 0); } /* modules */ /* modules */ case 'modules': $alias = clean($_POST['alias'], 2); $status = $r['status'] = clean($_POST['status'], 0); if (TABLE_PARAMETER != 'groups' && TABLE_PARAMETER != 'users' && GROUPS_EDIT == 1) { $access = array_map(array($specialFilter, 'sanitize'), $_POST['access']); $access = array_map('clean', $access); $access_string = implode(', ', $access); if ($access_string == '') { $access_string = null; } $access = $r['access'] = $access_string; } if (TABLE_PARAMETER != 'extras' && TABLE_PARAMETER != 'comments') { $r['description'] = clean($_POST['description'], 5); } $token = $_POST['token']; break; } /* clean contents post */ if (TABLE_PARAMETER == 'articles') { $r['infoline'] = clean($_POST['infoline'], 0); $comments = $r['comments'] = clean($_POST['comments'], 0); if ($category && ID_PARAMETER == '') { $status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status; } } if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras') { $category = $r['category'] = clean($_POST['category'], 0); } if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') { if ($date > NOW) { $status = $r['status'] = 2; } else { $date = $r['date'] = NOW; } } if (TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') { $article = $r['article'] = clean($_POST['article'], 0); } if (TABLE_PARAMETER == 'comments' && ID_PARAMETER == '') { $status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status; } if (TABLE_PARAMETER == 'comments' || TABLE_PARAMETER == 'users') { $email = $r['email'] = clean($_POST['email'], 3); } /* clean groups post */ if (TABLE_PARAMETER == 'groups' && (ID_PARAMETER == '' || ID_PARAMETER > 1)) { $groups_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules'); foreach ($groups_array as $value) { ${$value} = array_map(array($specialFilter, 'sanitize'), $_POST[$value]); ${$value} = array_map('clean', ${$value}); $groups_string = implode(', ', ${$value}); if ($groups_string == '') { $groups_string = 0; } $r[$value] = $groups_string; } $r['settings'] = clean($_POST['settings'], 0); $r['filter'] = clean($_POST['filter'], 0); } if ((TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users') && ID_PARAMETER == 1) { $status = $r['status'] = 1; } if (TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users' || TABLE_PARAMETER == 'modules') { $name = $r['name'] = clean($_POST['name'], 0); } /* clean users post */ if (TABLE_PARAMETER == 'users') { if ($_POST['user']) { $user = $r['user'] = clean($_POST['user'], 0); } else { $user = $r['user'] = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->user; } $password_check = $password_confirm = 1; if ($_POST['edit'] && $_POST['password'] == '' && $_POST['password_confirm'] == '' || $_POST['delete']) { $password_check = 0; } if ($_POST['password'] != $_POST['password_confirm']) { $password_confirm = 0; } $password = clean($_POST['password'], 0); if ($password_check == 1 && $password_confirm == 1) { $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); $r['password'] = $passwordHash->getHash(); } if ($_POST['new']) { $r['first'] = $r['last'] = NOW; } if (ID_PARAMETER == '' || ID_PARAMETER > 1) { $groups = array_map(array($specialFilter, 'sanitize'), $_POST['groups']); $groups = array_map('clean', $groups); $groups_string = implode(', ', $groups); if ($groups_string == '') { $groups_string = 0; } $groups = $r['groups'] = $groups_string; } } $r_keys = array_keys($r); $last = end($r_keys); /* validate post */ switch (TABLE_PARAMETER) { /* contents */ case 'categories': case 'articles': case 'extras': if ($title == '') { $error = l('title_empty'); } else { $title_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->title; $id_title = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('title', $title)->findOne()->id; } if ($id_title && strcasecmp($title_id, $title) < 0) { $error = l('title_exists'); } if (TABLE_PARAMETER == 'categories') { $opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id; } if (TABLE_PARAMETER == 'articles') { $opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id; } if ($opponent_id) { $error = l('alias_exists'); } if (TABLE_PARAMETER != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) { $error = l('alias_incorrect'); } /* groups */ /* groups */ case 'groups': if ($alias == '') { $error = l('alias_empty'); } else { $alias_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->alias; $id_alias = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('alias', $alias)->findOne()->id; } if ($id_alias && strcasecmp($alias_id, $alias) < 0) { $error = l('alias_exists'); } } /* validate general post */ switch (TABLE_PARAMETER) { case 'articles': case 'extras': case 'comments': if ($text == '') { $error = l('text_empty'); } break; case 'groups': case 'users': case 'modules': if ($name == '') { $error = l('name_empty'); } break; } /* validate users post */ if (TABLE_PARAMETER == 'users') { if ($user == '') { $error = l('user_incorrect'); } else { $user_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->user; $id_user = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('user', $user)->findOne()->id; } if ($id_user && strcasecmp($user_id, $user) < 0) { $error = l('user_exists'); } if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('user_incorrect'); } if ($password_check == 1) { if ($password == '') { $error = l('password_empty'); } if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('password_incorrect'); } } } /* validate last post */ $emailValidator = new Redaxscript\Validator\Email(); switch (TABLE_PARAMETER) { case 'comments': if ($author == '') { $error = l('author_empty'); } case 'users': if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('email_incorrect'); } } $route = 'admin'; /* handle error */ if ($error) { if (ID_PARAMETER == '') { $route .= '/new/' . TABLE_PARAMETER; } else { $route .= '/edit/' . TABLE_PARAMETER . '/' . ID_PARAMETER; } notification(l('error_occurred'), $error, l('back'), $route); return; } else { if (TABLE_EDIT == 1 || TABLE_DELETE == 1) { $route .= '/view/' . TABLE_PARAMETER; if ($alias) { $route .= '#' . $alias; } else { if ($user) { $route .= '#' . $user; } } } } /* process */ switch (true) { /* query new */ case $_POST['new']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save(); notification(l('operation_completed'), '', l('continue'), $route); return; /* query edit */ /* query edit */ case $_POST['edit']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save(); /* query categories */ if (TABLE_PARAMETER == 'categories') { $categoryChildren = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('parent', ID_PARAMETER); $categoryArray = array_merge($categoryChildren->findArrayFlat(), array(ID_PARAMETER)); $articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray); $articleArray = $articleChildren->findArrayFlat(); if (count($articleArray) > 0) { Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(array('status' => $status, 'access' => $access))->save(); } $categoryChildren->findMany()->set(array('status' => $status, 'access' => $access))->save(); $articleChildren->findMany()->set(array('status' => $status, 'access' => $access))->save(); } /* query articles */ if (TABLE_PARAMETER == 'articles') { if ($comments == 0) { $status = 0; } Redaxscript\Db::forTablePrefix('comments')->where('article', ID_PARAMETER)->findMany()->set(array('status' => $status, 'access' => $access))->save(); } if (USERS_EXCEPTION == 1) { $_SESSION[ROOT . '/my_name'] = $name; $_SESSION[ROOT . '/my_email'] = $email; if (file_exists('languages/' . $language . '.php')) { $_SESSION[ROOT . '/language'] = $language; $_SESSION[ROOT . '/language_selected'] = 1; } } notification(l('operation_completed'), '', l('continue'), $route); return; } }
/** * startup * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Startup * @author Henry Ruhs */ function startup() { /* ini set */ if (function_exists('ini_set')) { if (error_reporting() == 0) { ini_set('display_startup_errors', 0); ini_set('display_errors', 0); } ini_set('session.use_trans_sid', 0); ini_set('url_rewriter.tags', 0); } /* session start */ session_start(); /* define general */ define('FILE', get_file()); define('ROOT', get_root()); define('TOKEN', get_token()); /* prefix and salt */ define('PREFIX', Redaxscript\Config::get('prefix')); define('SALT', Redaxscript\Config::get('salt')); /* database connect */ database_connect(Redaxscript\Config::get('host'), Redaxscript\Config::get('name'), Redaxscript\Config::get('user'), Redaxscript\Config::get('password')); /* define session */ define('DB_CONNECTED', $_SESSION[ROOT . '/db_connected']); define('DB_ERROR', $_SESSION[ROOT . '/db_error']); define('LOGGED_IN', $_SESSION[ROOT . '/logged_in']); define('ATTACK_BLOCKED', $_SESSION[ROOT . '/attack_blocked']); /* setup charset */ if (function_exists('ini_set')) { ini_set('default_charset', s('charset')); } /* define parameter */ define('FIRST_PARAMETER', get_parameter('first')); define('FIRST_SUB_PARAMETER', get_parameter('first_sub')); define('SECOND_PARAMETER', get_parameter('second')); define('SECOND_SUB_PARAMETER', get_parameter('second_sub')); define('THIRD_PARAMETER', get_parameter('third')); define('THIRD_SUB_PARAMETER', get_parameter('third_sub')); if (LOGGED_IN == TOKEN && FIRST_PARAMETER == 'admin') { define('ADMIN_PARAMETER', get_parameter('admin')); define('TABLE_PARAMETER', get_parameter('table')); define('ID_PARAMETER', get_parameter('id')); define('ALIAS_PARAMETER', get_parameter('alias')); } else { undefine(array('ADMIN_PARAMETER', 'TABLE_PARAMETER', 'ID_PARAMETER', 'ALIAS_PARAMETER')); } define('LAST_PARAMETER', get_parameter('last')); define('LAST_SUB_PARAMETER', get_parameter('last_sub')); define('TOKEN_PARAMETER', get_parameter('token')); /* define routes */ define('FULL_ROUTE', get_route(0)); define('FULL_TOP_ROUTE', get_route(1)); if (function_exists('apache_get_modules') && in_array('mod_rewrite', apache_get_modules()) == '' || file_exists('.htaccess') == '' || FILE == 'install.php') { define('REWRITE_ROUTE', '?p='); define('LANGUAGE_ROUTE', '&l='); define('TEMPLATE_ROUTE', '&t='); } else { define('REWRITE_ROUTE', ''); define('LANGUAGE_ROUTE', '.'); define('TEMPLATE_ROUTE', '.'); } /* redirect to install */ if (DB_CONNECTED == 0 && file_exists('install.php')) { define('REFRESH_ROUTE', ROOT . '/install.php'); } /* define tables */ if (FULL_ROUTE == '' || FIRST_PARAMETER == 'admin' && SECOND_PARAMETER == '') { /* check for homepage */ if (s('homepage') > 0) { $table = 'articles'; $id = s('homepage'); } else { $table = 'categories'; $id = 0; /* check order */ if (s('order') == 'asc') { $function = 'min'; } else { if (s('order') == 'desc') { $function = 'max'; } } $rank = query_plumb('rank', $table, $function); /* if category is published */ if ($rank) { $status = retrieve('status', $table, 'rank', $rank); if ($status == 1) { $id = retrieve('id', $table, 'rank', $rank); } } } define('FIRST_TABLE', $table); define('SECOND_TABLE', ''); define('THIRD_TABLE', ''); define('LAST_TABLE', $table); } else { if (FIRST_PARAMETER) { define('FIRST_TABLE', query_table(FIRST_PARAMETER)); } else { define('FIRST_TABLE', ''); } if (FIRST_TABLE) { define('SECOND_TABLE', query_table(SECOND_PARAMETER)); } else { define('SECOND_TABLE', ''); } if (SECOND_TABLE) { define('THIRD_TABLE', query_table(THIRD_PARAMETER)); } else { define('THIRD_TABLE', ''); } if (LAST_PARAMETER) { define('LAST_TABLE', query_table(LAST_PARAMETER)); } else { define('LAST_TABLE', ''); } if (LAST_TABLE) { $id = retrieve('id', LAST_TABLE, 'alias', LAST_PARAMETER); } } /* define ids */ if (LAST_TABLE == 'categories') { define('CATEGORY', $id); define('ARTICLE', ''); define('LAST_ID', $id); } else { if (LAST_TABLE == 'articles') { define('CATEGORY', ''); define('ARTICLE', $id); define('LAST_ID', $id); } else { undefine(array('CATEGORY', 'ARTICLE', 'LAST_ID')); } } /* define content error */ $aliasValidator = new Redaxscript\Validator\Alias(); if (LAST_ID == '' && $aliasValidator->validate(FIRST_PARAMETER, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\Validator::FAILED) { define('CONTENT_ERROR', 1); } else { define('CONTENT_ERROR', 0); } /* define user */ define('MY_IP', get_user_ip()); define('MY_BROWSER', get_user_agent(0)); define('MY_BROWSER_VERSION', get_user_agent(1)); define('MY_ENGINE', get_user_agent(2)); define('MY_MOBILE', get_user_agent(4)); define('MY_TABLET', get_user_agent(5)); /* if mobile or tablet */ if (MY_MOBILE || MY_TABLET) { define('MY_DESKTOP', ''); } else { define('MY_DESKTOP', get_user_agent(3)); } /* if logged in */ if (LOGGED_IN == TOKEN) { define('MY_ID', $_SESSION[ROOT . '/my_id']); define('MY_NAME', $_SESSION[ROOT . '/my_name']); define('MY_USER', $_SESSION[ROOT . '/my_user']); define('MY_EMAIL', $_SESSION[ROOT . '/my_email']); define('MY_GROUPS', $_SESSION[ROOT . '/my_groups']); /* define access */ $access_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users'); foreach ($access_array as $value) { define(strtoupper($value) . '_NEW', $_SESSION[ROOT . '/' . $value . '_new']); define(strtoupper($value) . '_EDIT', $_SESSION[ROOT . '/' . $value . '_edit']); define(strtoupper($value) . '_DELETE', $_SESSION[ROOT . '/' . $value . '_delete']); if (TABLE_PARAMETER == 'users' && ID_PARAMETER == MY_ID && $value == 'users') { define('USERS_EXCEPTION', 1); } else { if ($value == 'users') { define('USERS_EXCEPTION', 0); } } } define('MODULES_INSTALL', $_SESSION[ROOT . '/modules_install']); define('MODULES_EDIT', $_SESSION[ROOT . '/modules_edit']); define('MODULES_UNINSTALL', $_SESSION[ROOT . '/modules_uninstall']); define('SETTINGS_EDIT', $_SESSION[ROOT . '/settings_edit']); define('FILTER', $_SESSION[ROOT . '/filter']); } else { define('FILTER', 1); } /* define table access */ define('TABLE_NEW', constant(strtoupper(TABLE_PARAMETER) . '_NEW')); define('TABLE_INSTALL', constant(strtoupper(TABLE_PARAMETER) . '_INSTALL')); define('TABLE_EDIT', constant(strtoupper(TABLE_PARAMETER) . '_EDIT')); define('TABLE_DELETE', constant(strtoupper(TABLE_PARAMETER) . '_DELETE')); define('TABLE_UNINSTALL', constant(strtoupper(TABLE_PARAMETER) . '_UNINSTALL')); /* define time */ define('GMDATE', gmdate('D, d M Y H:i:s') . ' GMT'); define('GMDATE_PLUS_WEEK', gmdate('D, d M Y H:i:s', strtotime('+1 week')) . ' GMT'); define('GMDATE_PLUS_YEAR', gmdate('D, d M Y H:i:s', strtotime('+1 year')) . ' GMT'); define('NOW', date('Y-m-d H:i:s')); define('DELAY', date('Y-m-d H:i:s', strtotime('+1 minute'))); define('TODAY', date('Y-m-d')); /* future update */ define('UPDATE', $_SESSION[ROOT . '/update']); if (UPDATE == '') { future_update('articles'); future_update('extras'); $_SESSION[ROOT . '/update'] = DELAY; } else { if (UPDATE < NOW) { $_SESSION[ROOT . '/update'] = ''; } } }
/** * admin process * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Admin * @author Henry Ruhs */ function admin_process() { $aliasFilter = new Redaxscript\Filter\Alias(); $emailFilter = new Redaxscript\Filter\Email(); $urlFilter = new Redaxscript\Filter\Url(); $htmlFilter = new Redaxscript\Filter\Html(); $aliasValidator = new Redaxscript\Validator\Alias(); $loginValidator = new Redaxscript\Validator\Login(); $specialFilter = new Redaxscript\Filter\Special(); $messenger = new Redaxscript\Admin\Messenger(Redaxscript\Registry::getInstance()); $filter = Redaxscript\Registry::get('filter'); $tableParameter = Redaxscript\Registry::get('tableParameter'); $idParameter = Redaxscript\Registry::get('idParameter'); /* clean post */ switch ($tableParameter) { /* categories */ case 'categories': $parent = $r['parent'] = $specialFilter->sanitize($_POST['parent']); /* articles */ /* articles */ case 'articles': $r['keywords'] = $_POST['keywords']; $r['robots'] = $specialFilter->sanitize($_POST['robots']); $r['template'] = $specialFilter->sanitize($_POST['template']); /* extras */ /* extras */ case 'extras': $title = $r['title'] = $_POST['title']; if ($tableParameter != 'categories') { $r['headline'] = $specialFilter->sanitize($_POST['headline']); } $r['sibling'] = $specialFilter->sanitize($_POST['sibling']); $author = $r['author'] = Redaxscript\Registry::get('myUser'); /* comments */ /* comments */ case 'comments': if ($tableParameter == 'comments') { $r['url'] = $urlFilter->sanitize($_POST['url']); $author = $r['author'] = $_POST['author']; } if ($tableParameter != 'categories') { $text = $r['text'] = $filter ? $htmlFilter->sanitize($_POST['text']) : $_POST['text']; $date = $r['date'] = $_POST['date']; } $rank = $r['rank'] = $specialFilter->sanitize($_POST['rank']); /* groups */ /* groups */ case 'groups': if ($tableParameter != 'comments') { $alias = $r['alias'] = $aliasFilter->sanitize($_POST['alias']); } /* users */ /* users */ case 'users': if ($tableParameter != 'groups') { $language = $r['language'] = $specialFilter->sanitize($_POST['language']); } /* modules */ /* modules */ case 'modules': $alias = $aliasFilter->sanitize($_POST['alias']); $status = $r['status'] = $specialFilter->sanitize($_POST['status']); if ($tableParameter != 'groups' && $tableParameter != 'users' && Redaxscript\Registry::get('groupsEdit')) { $access = array_map([$specialFilter, 'sanitize'], $_POST['access']); $access_string = implode(', ', $access); if (!$access_string) { $access_string = null; } $access = $r['access'] = $access_string; } if ($tableParameter != 'extras' && $tableParameter != 'comments') { $r['description'] = $_POST['description']; } $token = $_POST['token']; break; } /* clean contents post */ if ($tableParameter == 'articles') { $r['byline'] = $specialFilter->sanitize($_POST['byline']); $comments = $r['comments'] = $specialFilter->sanitize($_POST['comments']); if ($category && !$idParameter) { $status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status; } } if ($tableParameter == 'articles' || $tableParameter == 'extras') { $category = $r['category'] = $specialFilter->sanitize($_POST['category']); } if ($tableParameter == 'articles' || $tableParameter == 'extras' || $tableParameter == 'comments') { if ($date > Redaxscript\Registry::get('now')) { $status = $r['status'] = 2; } if (!$date) { $r['date'] = Redaxscript\Registry::get('now'); } } if ($tableParameter == 'extras' || $tableParameter == 'comments') { $article = $r['article'] = $specialFilter->sanitize($_POST['article']); } if ($tableParameter == 'comments' && !$idParameter) { $status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status; } if ($tableParameter == 'comments' || $tableParameter == 'users') { $email = $r['email'] = $emailFilter->sanitize($_POST['email']); } /* clean groups post */ if ($tableParameter == 'groups' && (!$idParameter || $idParameter > 1)) { $groups_array = ['categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules']; foreach ($groups_array as $value) { ${$value} = array_map([$specialFilter, 'sanitize'], $_POST[$value]); $groups_string = implode(', ', ${$value}); if (!$groups_string) { $groups_string = 0; } $r[$value] = $groups_string; } $r['settings'] = $specialFilter->sanitize($_POST['settings']); $r['filter'] = $specialFilter->sanitize($_POST['filter']); } if (($tableParameter == 'groups' || $tableParameter == 'users') && $idParameter == 1) { $status = $r['status'] = 1; } if ($tableParameter == 'groups' || $tableParameter == 'users' || $tableParameter == 'modules') { $name = $r['name'] = $specialFilter->sanitize($_POST['name']); } /* clean users post */ if ($tableParameter == 'users') { if ($_POST['user']) { $user = $r['user'] = $specialFilter->sanitize($_POST['user']); } else { $user = $r['user'] = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user; } $password_check = $password_confirm = 1; if ($_POST['edit'] && !$_POST['password'] && !$_POST['password_confirm'] || $_POST['delete']) { $password_check = 0; } if ($_POST['password'] != $_POST['password_confirm']) { $password_confirm = 0; } $password = $specialFilter->sanitize($_POST['password']); if ($password_check == 1 && $password_confirm == 1) { $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); $r['password'] = $passwordHash->getHash(); } if ($_POST['new']) { $r['first'] = $r['last'] = Redaxscript\Registry::get('now'); } if (!$idParameter || $idParameter > 1) { $groups = array_map([$specialFilter, 'sanitize'], $_POST['groups']); $groups_string = implode(', ', $groups); if (!$groups_string) { $groups_string = 0; } $groups = $r['groups'] = $groups_string; } } $r_keys = array_keys($r); $last = end($r_keys); /* validate post */ switch ($tableParameter) { /* contents */ case 'categories': case 'articles': case 'extras': if (!$title) { $error = Redaxscript\Language::get('title_empty'); } if ($tableParameter == 'categories') { $opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id; } if ($tableParameter == 'articles') { $opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id; } if ($opponent_id) { $error = Redaxscript\Language::get('alias_exists'); } if ($tableParameter != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) { $error = Redaxscript\Language::get('alias_incorrect'); } /* groups */ /* groups */ case 'groups': if (!$alias) { $error = Redaxscript\Language::get('alias_empty'); } else { $alias_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->alias; $id_alias = Redaxscript\Db::forTablePrefix($tableParameter)->where('alias', $alias)->findOne()->id; } if ($id_alias && strcasecmp($alias_id, $alias) < 0) { $error = Redaxscript\Language::get('alias_exists'); } } /* validate general post */ switch ($tableParameter) { case 'articles': case 'extras': case 'comments': if (!$text) { $error = Redaxscript\Language::get('text_empty'); } break; case 'groups': case 'users': case 'modules': if (!$name) { $error = Redaxscript\Language::get('name_empty'); } break; } /* validate users post */ if ($tableParameter == 'users') { if (!$user) { $error = Redaxscript\Language::get('user_incorrect'); } else { $user_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user; $id_user = Redaxscript\Db::forTablePrefix($tableParameter)->where('user', $user)->findOne()->id; } if ($id_user && strcasecmp($user_id, $user) < 0) { $error = Redaxscript\Language::get('user_exists'); } if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('user_incorrect'); } if ($password_check == 1) { if (!$password) { $error = Redaxscript\Language::get('password_empty'); } if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('password_incorrect'); } } } /* validate last post */ $emailValidator = new Redaxscript\Validator\Email(); switch ($tableParameter) { case 'comments': if (!$author) { $error = Redaxscript\Language::get('author_empty'); } case 'users': if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('email_incorrect'); } } $route = 'admin'; /* handle error */ if ($error) { if (!$idParameter) { $route .= '/new/' . $tableParameter; } else { $route .= '/edit/' . $tableParameter . '/' . $idParameter; } /* show error */ echo $messenger->setRoute(Redaxscript\Language::get('back'), $route)->error($error, Redaxscript\Language::get('error_occurred')); return; } else { if (Redaxscript\Registry::get('tableEdit') == 1 || Redaxscript\Registry::get('tableEdit') == 1) { $route .= '/view/' . $tableParameter; if ($alias) { $route .= '#' . $alias; } else { if ($user) { $route .= '#' . $user; } } } } /* select to null */ foreach ($r as $key => $value) { if ($value == 'select') { $r[$key] = null; } } /* process */ switch (true) { /* query new */ case $_POST['new']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save(); /* show success */ echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed')); return; /* query edit */ /* query edit */ case $_POST['edit']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save(); /* query categories */ if ($tableParameter == 'categories') { $categoryChildren = Redaxscript\Db::forTablePrefix($tableParameter)->where('parent', $idParameter); $categoryArray = array_merge($categoryChildren->findFlatArray(), [$idParameter]); $articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray); $articleArray = $articleChildren->findFlatArray(); if (count($articleArray) > 0) { Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(['status' => $status, 'access' => $access])->save(); } $categoryChildren->findMany()->set(['status' => $status, 'access' => $access])->save(); $articleChildren->findMany()->set(['status' => $status, 'access' => $access])->save(); } /* query articles */ if ($tableParameter == 'articles') { if ($comments == 0) { $status = 0; } Redaxscript\Db::forTablePrefix('comments')->where('article', $idParameter)->findMany()->set(['status' => $status, 'access' => $access])->save(); } if ($tableParameter == 'users' && $idParameter == Redaxscript\Registry::get('myId')) { $auth = new Redaxscript\Auth(Redaxscript\Request::getInstance()); $auth->init(); $auth->setUser('name', $name); $auth->setUser('email', $email); $auth->setUser('language', $language); $auth->save(); Redaxscript\Request::setSession('language', $language); } /* show success */ echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed')); return; } }
/** * registration post * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Registration * @author Henry Ruhs */ function registration_post() { /* clean post */ if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/registration'] == 'visited') { $name = $r['name'] = clean($_POST['name'], 0); $user = $r['user'] = clean($_POST['user'], 0); $email = $r['email'] = clean($_POST['email'], 3); $password = substr(sha1(uniqid()), 0, 10); $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); $r['password'] = $passwordHash->getHash(); $r['description'] = ''; $r['language'] = Redaxscript\Registry::get('language'); $r['first'] = $r['last'] = NOW; $r['groups'] = Redaxscript\Db::forTablePrefix('groups')->where('alias', 'members')->findOne()->id; if ($r['groups'] == '') { $r['groups'] = 0; } $task = $_POST['task']; $solution = $_POST['solution']; } /* validate post */ $loginValidator = new Redaxscript\Validator\Login(); $emailValidator = new Redaxscript\Validator\Email(); $captchaValidator = new Redaxscript\Validator\Captcha(); if ($name == '') { $error = l('name_empty'); } else { if ($user == '') { $error = l('user_empty'); } else { if ($email == '') { $error = l('email_empty'); } else { if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('user_incorrect'); } else { if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('email_incorrect'); } else { if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('captcha_incorrect'); } else { if (Redaxscript\Db::forTablePrefix('users')->where('user', $user)->findOne()->id) { $error = l('user_exists'); } else { if (USERS_NEW == 0 && s('verification') == 1) { $r['status'] = 0; $success = l('registration_verification'); } else { $r['status'] = 1; $success = l('registration_sent'); } /* send login information */ $loginRoute = ROOT . '/' . REWRITE_ROUTE . 'login'; $loginLink = anchor_element('external', '', '', $loginRoute, $loginRoute); $toArray = array($name => $email); if (s('notification') == 1) { $toArray[s('author')] = s('email'); } $fromArray = array($author => $email); $subject = l('registration'); $bodyArray = array('<strong>' . l('name') . l('colon') . '</strong> ' . $name, '<br />', '<strong>' . l('user') . l('colon') . '</strong> ' . $user, '<br />', '<strong>' . l('password') . l('colon') . '</strong> ' . $password, '<br />', '<strong>' . l('login') . l('colon') . '<strong> ' . $loginLink); /* mailer object */ $mailer = new Redaxscript\Mailer(); $mailer->init($toArray, $fromArray, $subject, $bodyArray); $mailer->send(); /* create user */ Redaxscript\Db::forTablePrefix('users')->create()->set($r)->save(); } } } } } } } /* handle error */ if ($error) { if (s('blocker') == 1) { $_SESSION[ROOT . '/attack_blocked']++; } notification(l('error_occurred'), $error, l('back'), 'registration'); } else { notification(l('operation_completed'), $success, l('login'), 'login'); } $_SESSION[ROOT . '/registration'] = ''; }
/** * password reset post * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Password * @author Henry Ruhs */ function password_reset_post() { $captchaValidator = new Redaxscript\Validator\Captcha(); /* clean post */ if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/password_reset'] == 'visited') { $post_id = clean($_POST['id'], 0); $post_password = clean($_POST['password'], 0); $password = substr(sha1(uniqid()), 0, 10); $task = $_POST['task']; $solution = $_POST['solution']; } /* query user information */ if ($post_id && $post_password) { $users_result = Redaxscript\Db::forTablePrefix('users')->where(array('id' => $post_id, 'status' => 1))->findArray(); foreach ($users_result as $r) { foreach ($r as $key => $value) { $key = 'my_' . $key; ${$key} = stripslashes($value); } } } /* validate post */ if ($post_id == '' || $post_password == '') { $error = l('input_incorrect'); } else { if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('captcha_incorrect'); } else { if ($my_id == '' || sha1($my_password) != $post_password) { $error = l('access_no'); } else { /* send new password */ $loginRoute = ROOT . '/' . REWRITE_ROUTE . 'login'; $loginLink = anchor_element('external', '', '', $loginRoute, $loginRoute); $toArray = array($my_name => $my_email); $fromArray = array(s('author') => s('email')); $subject = l('password_new'); $bodyArray = array('<strong>' . l('password_new') . l('colon') . '</strong> ' . $password, '<br />', '<strong>' . l('login') . l('colon') . '</strong> ' . $loginLink); /* mailer object */ $mailer = new Redaxscript\Mailer(); $mailer->init($toArray, $fromArray, $subject, $bodyArray); $mailer->send(); /* update password */ $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); Redaxscript\Db::forTablePrefix('users')->where(array('id' => $post_id, 'status' => 1))->findOne()->set('password', $passwordHash->getHash())->save(); } } } /* handle error */ if ($error) { if (s('blocker') == 1) { $_SESSION[ROOT . '/attack_blocked']++; } if ($post_id && $post_password) { $back_route = 'password_reset/' . $post_id . '/' . $post_password; } else { $back_route = 'reminder'; } notification(l('error_occurred'), $error, l('back'), $back_route); } else { notification(l('operation_completed'), l('password_sent'), l('login'), 'login'); } $_SESSION[ROOT . '/password_reset'] = ''; }