/** Đăng nhập admin cp */ function admin_cp_login() { global $hmuser; $hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET); hook_action('admin_cp_login'); $user_login = hm_post('login'); $password = hm_post('password'); $logmein = hm_post('log-me-in'); if (is_numeric($logmein)) { $tableName = DB_PREFIX . "users"; $whereArray = array('user_login' => MySQL::SQLValue($user_login)); $hmdb->SelectRows($tableName, $whereArray); if ($hmdb->HasRecords()) { $row = $hmdb->Row(); $salt = $row->salt; $user_pass = $row->user_pass; $password_encode = hm_encode_str(md5($password . $salt)); if ($password_encode == $user_pass) { $time = time(); $ip = hm_ip(); $cookie_array = array('time' => $time, 'ip' => $ip, 'user_login' => $user_login, 'admincp' => 'yes'); $cookie_user = hm_encode_str($cookie_array); setcookie('admin_login', $cookie_user, time() + COOKIE_EXPIRES, '/'); $_SESSION['admin_login'] = $cookie_user; return json_encode(array('status' => 'success', 'mes' => _('Đăng nhập thành công'))); } else { return json_encode(array('status' => 'error', 'mes' => _('Sai mật khẩu'))); } } else { return json_encode(array('status' => 'error', 'mes' => _('Không có tài khoản này'))); } } }
function admin_cp_newpw() { global $hmuser; $hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET); hook_action('newpw_checkkey'); $key = hm_post('key'); $password = hm_post('password'); $password2 = hm_post('password2'); if ($password == $password2) { $tableName = DB_PREFIX . "field"; $whereArray = array('name' => MySQL::SQLValue('lostpw_key'), 'object_type' => MySQL::SQLValue('user'), 'val' => MySQL::SQLValue($key)); $hmdb->SelectRows($tableName, $whereArray); $row = $hmdb->Row(); $user_id = $row->object_id; $salt = rand(100000, 999999); $password_encode = hm_encode_str(md5($password . $salt)); $tableName = DB_PREFIX . "users"; $updateArray = array('user_pass' => MySQL::SQLValue($password_encode), 'salt' => MySQL::SQLValue($salt)); $whereArray = array('id' => MySQL::SQLValue($user_id, MySQL::SQLVALUE_NUMBER)); $hmdb->UpdateRows($tableName, $updateArray, $whereArray); return json_encode(array('status' => 'success', 'mes' => _('Đã đổi mật khẩu thành công'))); } else { return json_encode(array('status' => 'error', 'mes' => _('Hai mật khẩu bạn nhập vào không khớp'))); } }
function install_db() { $host = $_SESSION['db']['host']; $username = $_SESSION['db']['username']; $password = $_SESSION['db']['password']; $database = $_SESSION['db']['database']; $prefix = $_SESSION['db']['prefix']; $admin_username = trim($_POST['admin_username']); $admin_password = trim($_POST['admin_password']); $encryption_key = trim($_POST['encryption_key']); $url_path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH); /** install */ $mysqlConnection = mysql_connect($host, $username, $password); mysql_select_db($database, $mysqlConnection); mysql_query('SET NAMES "UTF8"'); $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "content` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(500) NOT NULL,\n\t\t `slug` varchar(500) NOT NULL,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `parent` int(11) NOT NULL,\n\t\t `status` varchar(255) NOT NULL,\n\t\t `content_order` int(11) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'content ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "field` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(255) NOT NULL,\n\t\t `val` text NOT NULL,\n\t\t `object_id` int(11) NOT NULL,\n\t\t `object_type` varchar(255) NOT NULL,\n\t\t PRIMARY KEY (`id`),\n\t\t KEY `object_id` (`object_id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'field ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "media` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `media_group_id` int(11) NOT NULL,\n\t\t `file_info` text NOT NULL,\n\t\t `file_is_image` varchar(5) NOT NULL,\n\t\t `file_name` varchar(255) NOT NULL,\n\t\t `file_folder` varchar(255) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'media ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "media_groups` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(255) NOT NULL,\n\t\t `folder` varchar(255) NOT NULL,\n\t\t `parent` int(11) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'media_groups ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "object` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(255) NOT NULL,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `parent` int(11) NOT NULL,\n\t\t `order_number` int(11) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'object ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "option` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `section` varchar(500) NOT NULL,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `value` text NOT NULL,\n\t\t PRIMARY KEY (`id`),\n\t\t KEY `section` (`section`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'option ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "plugin` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `active` int(1) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'plugin ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "relationship` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `object_id` int(11) NOT NULL,\n\t\t `target_id` int(1) NOT NULL,\n\t\t `relationship` varchar(255) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'relationship ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "request_uri` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `object_id` int(11) NOT NULL,\n\t\t `object_type` varchar(255) NOT NULL,\n\t\t `uri` varchar(1000) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'request_uri ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "taxonomy` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(255) NOT NULL,\n\t\t `slug` varchar(255) NOT NULL,\n\t\t `key` varchar(255) NOT NULL,\n\t\t `parent` int(11) NOT NULL,\n\t\t `status` varchar(255) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'taxonomy ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\tCREATE TABLE IF NOT EXISTS `" . $prefix . "users` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `user_login` varchar(255) NOT NULL,\n\t\t `user_pass` varchar(255) NOT NULL,\n\t\t `salt` int(6) NOT NULL,\n\t\t `user_nicename` varchar(255) NOT NULL,\n\t\t `user_email` varchar(255) NOT NULL,\n\t\t `user_activation_key` varchar(255) NOT NULL,\n\t\t `user_role` int(11) NOT NULL,\n\t\t `user_group` int(11) NOT NULL,\n\t\t PRIMARY KEY (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;\n\t"; mysql_query($sql); echo '<p>Tạo bảng : ' . $prefix . 'users ...</p>'; /**--------------------------------------------------------*/ /** user_admin */ $admin_salt = rand(0, 999999); $password_encode = hm_encode_str(md5($admin_password . $admin_salt), $encryption_key); $sql = "\n\t\tINSERT INTO `" . $prefix . "users` (`id`, `user_login`, `user_pass`, `salt`, `user_nicename`, `user_activation_key`, `user_role`, `user_group`) VALUES\n\t\t(1, '" . $admin_username . "', '" . $password_encode . "', '" . $admin_salt . "', '" . $admin_username . "', '0', 1, 0);\n\t"; mysql_query($sql); echo '<p>Tạo tài khoản quản trị : ' . $admin_username . ' ...</p>'; /**--------------------------------------------------------*/ $sql = "\n\t\tINSERT INTO `hm_option` (`id`, `section`, `key`, `value`) VALUES\n\t\t(1, 'system_setting', 'theme', 'dong'),\n\t\t(2, 'system_setting', 'post_per_page', '10');\n\t"; mysql_query($sql); echo '<p>Kích hoạt giao diện mặc định ...</p>'; /**--------------------------------------------------------*/ /** Tạo .htaccess */ $htaccess = '<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule . ' . $url_path . 'index.php [L] </IfModule> <FilesMatch "\\.php$"> Order Deny,Allow Deny from all </FilesMatch> <FilesMatch "^index\\.php$"> Order Allow,Deny Allow from all </FilesMatch>'; $fp = fopen('.htaccess', 'w'); if ($fp) { fwrite($fp, $htaccess); fclose($fp); } else { echo '<p><strong>Quá trình tạo file : .htaccess thất bại, vui lòng tạo 1 file .htaccess (ngang hàng index.php) trên host với nội dung như sau:</strong></p>'; echo '<textarea class="form-control" rows="10">' . $htaccess . '</textarea>'; } /** tạo file config */ $hm_config = file_get_contents('hm_include/install/hm_config_sample.php'); $hm_config = str_replace("define('DB_NAME', '');", "define('DB_NAME', '" . $database . "');", $hm_config); $hm_config = str_replace("define('DB_USER', '');", "define('DB_USER', '" . $username . "');", $hm_config); $hm_config = str_replace("define('DB_PASSWORD', '');", "define('DB_PASSWORD', '" . $password . "');", $hm_config); $hm_config = str_replace("define('DB_HOST', '');", "define('DB_HOST', '" . $host . "');", $hm_config); $hm_config = str_replace("define('DB_PREFIX', '');", "define('DB_PREFIX', '" . $prefix . "');", $hm_config); $hm_config = str_replace("define('ENCRYPTION_KEY', '');", "define('ENCRYPTION_KEY', '" . $encryption_key . "');", $hm_config); $hm_config = str_replace("define('FOLDER_PATH', '');", "define('FOLDER_PATH', '" . $url_path . "');", $hm_config); if ($_SERVER['SERVER_PORT'] != '80') { $hm_config = str_replace("define('SERVER_PORT', '');", "define('SERVER_PORT', ':" . $_SERVER['SERVER_PORT'] . "');", $hm_config); } $fp = fopen('hm_config.php', 'w'); if ($fp) { fwrite($fp, $hm_config); fclose($fp); echo '<p class="alert alert-success" role="alert">Cài đặt mã nguồn thành công</p>'; echo '<p><a href="' . SITE_URL . 'admin/" class="btn btn-default">Đăng nhập quản trị</a></p>'; } else { echo '<p><strong>Quá trình tạo file : hm_config.php thất bại, vui lòng tạo 1 file hm_config.php (ngang hàng index.php) trên host với nội dung như sau:</strong></p>'; echo '<textarea class="form-control" rows="10">' . $hm_config . '</textarea>'; } }
/** Load template user box */ function ajax_add_user($args = array()) { global $hmuser; $hmdb = new MySQL(true, DB_NAME, DB_HOST, DB_USER, DB_PASSWORD, DB_CHARSET); hook_action('ajax_add_user'); if (isset($args['id_update'])) { $id_update = $args['id_update']; } else { $id_update = NULL; } $user_login = hm_post('user_login'); $password = hm_post('password'); $password2 = hm_post('password2'); $nicename = hm_post('nicename'); $user_email = hm_post('user_email'); $userrole = hm_post('userrole'); $user_group = hm_post('user_group', 0); $salt = rand(100000, 999999); $user_activation_key = '0'; if ($password != $password2) { return json_encode(array('status' => 'error', 'mes' => _('Hai mật khẩu nhập vào không khớp'))); hm_exit(); } $tableName = DB_PREFIX . "users"; /** check trùng user login */ if (!is_numeric($id_update)) { $whereArray = array('user_login' => MySQL::SQLValue($user_login)); $hmdb->SelectRows($tableName, $whereArray); if ($hmdb->HasRecords()) { return json_encode(array('status' => 'error', 'mes' => _('Tài khoản này đã tồn tại'))); hm_exit(); } } $password_encode = hm_encode_str(md5($password . $salt)); /** Thêm tài khoản */ $values["user_login"] = MySQL::SQLValue($user_login); $values["user_nicename"] = MySQL::SQLValue($nicename); $values["user_email"] = MySQL::SQLValue($user_email); $values["user_activation_key"] = MySQL::SQLValue($user_activation_key); $values["user_role"] = MySQL::SQLValue($userrole); $values["user_group"] = MySQL::SQLValue($user_group); if (is_numeric($id_update)) { if ($password != '') { $values["user_pass"] = MySQL::SQLValue($password_encode); $values["salt"] = MySQL::SQLValue($salt); } $whereArray = array('id' => $id_update); $hmdb->AutoInsertUpdate($tableName, $values, $whereArray); $insert_id = $id_update; } else { $values["user_pass"] = MySQL::SQLValue($password_encode); $values["salt"] = MySQL::SQLValue($salt); $insert_id = $hmdb->InsertRow($tableName, $values); } /** Lưu user field */ foreach ($_POST as $post_key => $post_val) { if (is_numeric($insert_id)) { if (is_array($post_val)) { $post_val = json_encode($post_val); } $tableName = DB_PREFIX . 'field'; if ($post_key != 'password' and $post_key != 'password2') { $values["name"] = MySQL::SQLValue($post_key); $values["val"] = MySQL::SQLValue($post_val); $values["object_id"] = MySQL::SQLValue($insert_id, MySQL::SQLVALUE_NUMBER); $values["object_type"] = MySQL::SQLValue('user'); if (is_numeric($id_update)) { $whereArray = array('object_id' => MySQL::SQLValue($id_update, MySQL::SQLVALUE_NUMBER), 'object_type' => MySQL::SQLValue('user'), 'name' => MySQL::SQLValue($post_key)); $hmdb->AutoInsertUpdate($tableName, $values, $whereArray); } else { $hmdb->InsertRow($tableName, $values); } } unset($values); } } if (is_numeric($id_update)) { return json_encode(array('status' => 'updated', 'mes' => _('Đã sửa thông tin tài khoản : ' . $user_login))); } else { return json_encode(array('status' => 'success', 'mes' => _('Đã thêm tài khoản : ' . $user_login))); } }