/**
* Render a template.
* @param {string} $template Path to file.
* @param {mixed} $data Data to make available.
*/
public function render($template, $data = NULL)
{
if (!(include $this->basePath . $template)) {
$msg = sprintf('[%s] Failed to include file <code>"%s"</code>.', get_class(), htmlspecialchars($this->basePath . $template));
ae_Log::error($msg);
}
}
/**
* Prepare and execute an SQL statement.
* @param {string} $statement The statement to prepare and execute.
* @param {array} $params Parameters for the statement. (Optional.)
* @return {array|boolean} The query result as array or FALSE if an error occured.
*/
public static function query($statement, $params = array())
{
$pdoStatement = self::$pdo->prepare($statement);
if (!$pdoStatement || $pdoStatement->execute($params) === FALSE) {
$errorInfo = @$pdoStatement->errorInfo();
$msg = sprintf('[%s] Statement failed: <code>%s</code>. %s', get_class(), htmlspecialchars($statement), @$errorInfo[2]);
ae_Log::error($msg);
return FALSE;
}
self::$numQueries++;
return $pdoStatement->fetchAll(PDO::FETCH_ASSOC);
}
/**
* Delete the associated file from the file system.
* @return {boolean} TRUE, if file could be deleted, FALSE otherwise.
*/
public function deleteFile()
{
$file = $this->mediaPath . $this->getFilePath();
if (!unlink($file)) {
$msg = sprintf('[%s] Failed to delete file: %s', get_class(), htmlspecialchars($file));
ae_Log::error($msg);
return FALSE;
}
if ($this->isImage()) {
$file = $this->mediaPath . $this->getFilePathNoName() . 'tiny/' . $this->getName();
if (!unlink($file)) {
$msg = sprintf('[%s] Failed to delete preview image: %s', get_class(), htmlspecialchars($file));
ae_Log::error($msg);
return FALSE;
}
}
return TRUE;
}
/**
* Initialize.
* @param {array} $settings The settings. (Optional.)
*/
public static function init($settings = array())
{
foreach (self::$cfg as $key => $value) {
if (isset($settings[$key])) {
self::$cfg[$key] = $settings[$key];
}
}
if (session_id() == '') {
$sessParams = session_get_cookie_params();
session_set_cookie_params($sessParams['lifetime'], $sessParams['path'], $sessParams['domain'], $sessParams['secure'], TRUE);
session_name('aestas3');
session_start();
$_SESSION['last_action'] = time();
}
if (empty($_SERVER['HTTP_USER_AGENT'])) {
ae_Log::warning('[' . get_class() . '] <code>$_SERVER["HTTP_USER_AGENT"] has no value.</code>');
}
if (empty($_SERVER['REMOTE_ADDR'])) {
ae_Log::warning('[' . get_class() . '] <code>$_SERVER["REMOTE_ADDR"] has no value.</code>');
}
}
<?php
require_once '../../core/autoload.php';
require_once '../../core/config.php';
if (!isset($_POST['username'], $_POST['userpwd'])) {
header('Location: ../index.php');
}
$query = '
SELECT COUNT( u_id ) as hits, u_id, u_pwd, u_status
FROM `' . AE_TABLE_USERS . '`
WHERE u_name_intern = :name
';
$params = array(':name' => $_POST['username']);
$result = ae_Database::query($query, $params);
$u = $result[0];
// Reject: Account is suspended
if ($u['hits'] == '1' && $u['u_status'] != ae_UserModel::STATUS_ACTIVE) {
header('Location: ../index.php?error=account_suspended&username='******'username']));
exit;
} else {
if ($u['hits'] == '1' && $u['u_id'] >= 0 && ae_Security::verify($_POST['userpwd'], $u['u_pwd'])) {
ae_Security::login($result[0]['u_id']);
header('Location: ../admin.php');
exit;
}
}
if (ae_Log::hasMessages()) {
ae_Log::printAll();
} else {
header('Location: ../index.php?error=nomatch&username='******'username']));
}
<?php
require_once '../core/autoload.php';
require_once '../core/config.php';
if (!ae_Security::isLoggedIn()) {
header('Location: index.php?error=not_logged_in');
exit;
}
$area = 'dashboard';
if (!isset($_GET['area'])) {
$area = 'dashboard';
} else {
if (!ae_Security::isValidArea($_GET['area'])) {
$msg = sprintf('Area "%s" is not a valid area.', htmlspecialchars($_GET['area']));
ae_Log::warning($msg);
} else {
$area = $_GET['area'];
}
}
$sb = new ae_SiteBuilder();
include_once 'sb_params.php';
?>
<!DOCTYPE html>
<html>
<?php
$sb->render('templates/head.php', $paramsHead);
?>
<body>
<?php
if (ini_get('register_globals')) {
ini_set('register_globals', 0);
}
// URL constant
$protocol = 'http://';
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
$protocol = 'https://';
}
$url = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$url = explode('/', $url);
array_pop($url);
if (defined('IS_RSS')) {
array_pop($url);
}
$url = $protocol . implode('/', $url) . '/';
define('URL', $url);
unset($url);
// Initialize some needed classes
ae_Timer::start('total');
ae_Log::init($logSettings);
if (ae_Database::connect($dbSettings) === FALSE) {
$path = 'themes/error-msg-db.php';
$path = file_exists($path) ? $path : '../' . $path;
include $path;
exit;
}
ae_Security::init($securitySettings);
ae_Settings::load();
// Constants used in themes and the RSS feed
define('THEME', ae_Settings::get('theme'));
define('THEME_PATH', URL . 'themes/' . THEME . '/');
/**
* Save all uploaded file data to the DB.
* @return {boolean} TRUE, if all files could be saved, FALSE otherwise.
*/
public function saveToDB()
{
foreach ($this->items as $m) {
if (!$m->save()) {
$msg = sprintf('[%s] Failed to save <code>%s</code> to the DB.', get_class(), htmlspecialchars($m->getName()));
ae_Log::error($msg);
return FALSE;
}
}
return TRUE;
}