/**
* This function must check the user session to be sure that he/she is
* authorized to upload and access files in the File Browser.
*
* @return boolean
*/
function CheckAuthentication()
{
// WARNING : DO NOT simply return "true". By doing so, you are allowing
// "anyone" to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as...
// return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized'];
// ... where $_SESSION['IsAuthorized'] is set to "true" as soon as the
// user logs in your system. To be able to use session variables don't
// forget to add session_start() at the top of this file.
if (!class_exists("User")) {
//Check if Orongo was loaded
require "../../startOrongo.php";
startOrongo();
}
//ORONGOCMS AUTHENTICATION:
if (!function_exists('getUser')) {
return false;
}
if (getUser() == null) {
return false;
}
if (getUser()->getRank() < RANK_WRITER) {
return false;
}
return true;
}
<?php
/**
* @author Jaco Ruit
*/
require 'startOrongo.php';
startOrongo('orongo-login');
$msg = null;
$msgtype = null;
if (getUser() != null) {
header("Location: orongo-admin");
}
if (isset($_GET['msg'])) {
$msgCode = Security::escape($_GET['msg']);
switch ($msgCode) {
case 0:
$msg = l("LOGIN_MSG_WRONG_DETAILS");
$msgtype = "error";
break;
case 1:
$msg = l("LOGIN_MSG_LOGGED_OUT");
$msgtype = "success";
break;
case 2:
$msg = l("LOGIN_MSG_REG_SUCCESS");
$msgtype = "info";
break;
case 3:
$msg = l("LOGIN_MSG_REG_INTERNAL_ERROR");
$msgtype = "warning";
break;
<?php
/**
* @author Jaco Ruit
*/
require 'startOrongo.php';
startOrongo('article');
$article = null;
if (!isset($_GET['id'])) {
header('Location: ' . orongoURL("error.php?error_code=404"));
exit;
} else {
try {
$article = new Article($_GET['id']);
} catch (Exception $e) {
if ($e->getCode() == ARTICLE_NOT_EXIST) {
header('Location: ' . orongoURL("error.php?error_code=404"));
exit;
} else {
header('Location: ' . orongoURL("error.php?error_code=500"));
exit;
}
}
}
$articleFO = new ArticleFrontend();
$articleFO->main(array("time" => time(), "article" => &$article));
$articleFO->render();
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_create');
Security::promptAuth();
if (getUser()->getRank() < RANK_WRITER) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
if (!isset($_SERVER['QUERY_STRING'])) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
}
$object = $_SERVER['QUERY_STRING'];
$create = new AdminFrontend();
$create->main(array("time" => time(), "page_title" => "Create", "page_template" => "dashboard"));
if (isset($_GET['msg'])) {
if (isset($_GET['obj'])) {
$object = $_GET['obj'];
}
switch ($_GET['msg']) {
case 0:
$create->addMessage(l("Object post error"), "error");
break;
case 1:
$create->addMessage(l("Object post success"), "success");
break;
default:
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_orongo-settings');
Security::promptAuth();
if (getUser()->getRank() != RANK_ADMIN) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
$settings = new AdminFrontend();
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case 0:
$settings->addMessage(l("Settings saved"), "success");
default:
break;
}
}
$settings->main(array('time' => time(), 'page_title' => 'Orongo Settings', 'page_template' => 'dashboard'));
$settingForm = new AdminFrontendForm(100, "Orongo Settings", "POST", orongoURL("actions/action_SaveOrongoSettings.php"));
$settingForm->addInput("Website Name", "website_name", "text", Settings::getWebsiteName());
$settingForm->addInput("Website URL", "website_url", "text", Settings::getWebsiteURL());
$settingForm->addInput("Admin Email", "admin_email", "text", Settings::getEmail());
$currentShowArchiveString = Settings::showArchive() ? l("Yes") : l("No");
$settingForm->addRadios("Show archive", "show_archive", array(l("Yes") => "true", l("No") => "false"), $currentShowArchiveString);
$languages = array(Settings::getLanguageName() => "nl_NL");
$files = @scandir(ADMIN . '/lang/');
if (is_array($files)) {
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_index');
Security::promptAuth();
$index = new AdminFrontend();
$index->main(array("time" => time(), "page_title" => "Dashboard", "page_template" => "dashboard"));
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case 0:
$index->addMessage(l("No Permission"), "error");
break;
case 1:
$index->addMessage(l("Invalid Query Arg"), "warning");
break;
case 2:
$index->addMessage(l("Internal Error"), "warning");
break;
}
}
$text = "<strong>Thank you for testing OrongoCMS!</strong><br/><br/>";
$text .= "<p>To check for updates go to <a href='" . orongoURL("orongo-admin/orongo-update-check.php") . "'>the update checker</a>.";
$text .= "<br/>Found bugs? Please post them <a href='" . orongoURL("orongo-admin/post-issue.php") . "'>here</a>.";
$text .= "<br/>You can find the terminal of your OrongoCMS installation <a href='" . OrongoURL("orongo-admin/terminal.php") . "'>here</a>.";
$text .= "<br/><br/>Enjoy OrongoCMS,<br/> ";
$text .= "<strong>The OrongoCMS Team</strong>";
$index->addObject(new AdminFrontendObject(100, "Info", $text, null, false));
$index->render();
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_manage');
Security::promptAuth();
if (getUser()->getRank() < RANK_WRITER) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
$manage = new AdminFrontend();
$manage->main(array("time" => time(), "page_title" => "Manage", "page_template" => "dashboard"));
if (!isset($_SERVER['QUERY_STRING'])) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
}
$object = $_SERVER['QUERY_STRING'];
if (isset($_GET['msg']) && isset($_GET['obj'])) {
$object = $_GET['obj'];
switch ($_GET['msg']) {
case 0:
$manage->addMessage(l("Object not exists"), "error");
break;
case 1:
$manage->addMessage(l("Object delete success"), "success");
break;
case 2:
$manage->addMessage(l("Object delete error"), "error");
break;
<?php
/**
* Using the great terminal jQuery plugin: http://terminal.jcubic.pl. Also credits for the guy(s) who made it, it rocks!
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_terminal');
Security::promptAuth();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>OrongoTerminal</title>
<script src="http://code.jquery.com/jquery-latest.js" type="text/javascript"></script>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<script src="<?php
echo Settings::getWebsiteURL();
?>
js/jquery.mousewheel-min.js"></script>
<script src="<?php
echo Settings::getWebsiteURL();
?>
js/jquery.terminal-0.4.6.min.js"></script>
<link href="<?php
echo Settings::getWebsiteURL();
?>
orongo-admin/theme/css/jquery.terminal.css" rel="stylesheet"/>
<script>
jQuery(document).ready(function($) {
$(document.documentElement).terminal("<?php
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_post-issue');
Security::promptAuth();
if (getUser()->getRank() < RANK_ADMIN) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
$postIssue = new AdminFrontend();
getDisplay()->addHTML('<script src="' . orongoURL("js/ajax.boolean.js") . '" type="text/javascript"></script>');
if (isset($_GET['token'])) {
$_SESSION["auth-sub-token"] = $_GET['token'];
getDisplay()->closeWindow();
exit;
}
if (!isset($_SESSION["auth-sub-token"])) {
$postIssue->main(array("time" => time(), "page_title" => "Login to Google", "page_template" => "dashboard"));
$postIssue->addObject(new AdminFrontendObject(100, "Logging in to Google", l("Waiting for login") . "<br/><br/><br/><strong>" . l("Do not see popup") . "</strong><br/>" . l("Enable popups")));
$js = 'window.setInterval(function() {';
$js .= 'if(getAjaxBool("' . orongoURL("ajax/isGCSet.php") . '")) window.location="' . orongoURL("orongo-admin/post-issue.php") . '"; ';
$js .= '},2000);';
getDisplay()->addJS($js, "document.ready");
if (isset($_GET['error'])) {
$postIssue->addMessage($_GET['error'], "error");
}
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_orongo-update-check');
Security::promptAuth();
if (getUser()->getRank() != RANK_ADMIN) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
$updater = new AdminFrontend();
$updater->main(array("time" => time(), "page_title" => "Update Checker", "page_template" => "dashboard"));
$isUpdateAvailable = false;
try {
$isUpdateAvailable = OrongoUpdateChecker::isUpdateAvailable();
} catch (Exception $e) {
$msgbox = new MessageBox(l("Error update check"));
$msgbox->bindException($e);
getDisplay()->addObject($msgbox);
}
if ($isUpdateAvailable) {
$updater->addMessage(l("Update available"), "success");
$info = null;
try {
$info = OrongoUpdateChecker::getLatestVersionInfo();
} catch (Exception $e) {
$msgbox = new MessageBox("Error occured while checking for update");
$msgbox->bindException($e);
getDisplay()->addObject($msgbox);
<?php
/**
* @author Jaco Ruit
*/
require 'startOrongo.php';
startOrongo('archive');
$user = getUser();
$date = false;
$username = false;
$userid = false;
if (isset($_GET['date'])) {
if (preg_match('/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/', $_GET['date'])) {
$date = $_GET['date'];
} else {
getDisplay()->addObject(new MessageBox("Invalid date."));
}
} else {
if (isset($_GET['user'])) {
$username = mysql_escape_string($_GET['user']);
} else {
if (isset($_GET['userid'])) {
$userid = mysql_escape_string($_GET['userid']);
}
}
}
$articles = array();
$c = 0;
$q = "action=fetch&object=article&max=1000000&order=article.id,desc";
if ($date != false) {
$q .= "&where=article.date:" . $date;
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_edit');
Security::promptAuth();
if (!isset($_SERVER['QUERY_STRING'])) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
}
$query = explode(".", trim($_SERVER['QUERY_STRING']));
if (count($query) != 2) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
}
$object = trim($query[0]);
$id = trim($query[1]);
$create = new AdminFrontend();
$create->main(array("time" => time(), "page_title" => "Edit", "page_template" => "dashboard"));
switch ($object) {
case "article":
if (getUser()->getRank() < RANK_WRITER) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
$create->setTitle("Edit Article");
try {
$article = new Article($id);
} catch (Exception $e) {
<?php
/**
* @author Jaco Ruit
*/
require 'startOrongo.php';
startOrongo('orongo-register');
getDisplay()->setTemplateDir("orongo-admin/style/");
$msg = null;
$msgtype = null;
if (isset($_GET['msg'])) {
$msgCode = Security::escape($_GET['msg']);
switch ($msgCode) {
case 0:
$msg = l("REG_MSG_PASS_NO_MATCH");
$msgtype = "error";
break;
case 1:
$msg = l("REG_MSG_USERNAME_EXISTS");
$msgtype = "warning";
break;
case 2:
$msg = l("REG_MSG_USERNAME_TOO_SHORT");
$msgtype = "error";
break;
case 3:
$msg = l("REG_MSG_PASSWORD_TOO_SHORT");
$msgtype = "error";
break;
case 4:
$msg = l("REG_MSG_FILL_IN_USERNAME");
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_delete');
Security::promptAuth();
if (!isset($_SERVER['QUERY_STRING'])) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
}
$query = explode(".", trim($_SERVER['QUERY_STRING']));
if (count($query) != 2) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
}
$object = trim($query[0]);
$id = trim($query[1]);
$delete = new AdminFrontend();
$delete->main(array("time" => time(), "page_title" => "Delete", "page_template" => "dashboard"));
switch ($object) {
case "article":
if (getUser()->getRank() < RANK_WRITER) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
$delete->setTitle("Delete Article");
try {
$article = new Article($id);
} catch (Exception $e) {
<?php
/**
* @author Jaco Ruit
*/
require 'startOrongo.php';
startOrongo('index');
$index = new IndexFrontend();
$index->main(array('time' => time()));
$index->render();
<?php
require '../startOrongo.php';
startOrongo('admin_media');
Security::promptAuth();
if (getUser()->getRank() != RANK_ADMIN) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
if (isset($_SERVER['QUERY_STRING'])) {
$type = $_SERVER['QUERY_STRING'];
} else {
$type = null;
}
$types = array("files", "images");
if ($type != null) {
if (!in_array($type, $types)) {
$type = null;
}
$type = strtoupper(substr($type, 0, 1)) . substr($type, 1);
$pageTitle = "Gallery";
}
if ($type == null) {
$pageTitle = "Media";
}
$media = new AdminFrontend();
$media->main(array("time" => time(), "page_title" => $pageTitle, "page_template" => "dashboard"));
$ckfinder = new CKFinder(orongoURL("lib/ckfinder/"));
if ($type != null) {
$ckfinder->ResourceType = $type;
}
<?php
/**
* @author Jaco Ruit
*/
require 'startOrongo.php';
startOrongo('page');
$page = null;
if (!isset($_GET['id'])) {
header('Location: ' . orongoURL("error.php?error_code=404"));
exit;
} else {
try {
$page = new Page(mysql_escape_string($_GET['id']));
} catch (Exception $e) {
if ($e->getCode() == PAGE_NOT_EXIST) {
header('Location: ' . orongoURL("error.php?error_code=404"));
exit;
} else {
header('Location: ' . orongoURL("error.php?error_code=500"));
exit;
}
}
}
$pageFO = new PageFrontend();
$pageFO->main(array("time" => time(), "page" => &$page));
$pageFO->render();
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo('admin_view');
Security::promptAuth();
$view = new AdminFrontend();
if (isset($_GET['msg'])) {
if (!isset($_GET['id']) || !isset($_GET['obj'])) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
}
$id = trim($_GET['id']);
$object = trim($_GET['obj']);
switch ($_GET['msg']) {
case 1:
$view->addMessage(l("Object edit success"), "success");
break;
case 0:
$view->addMessage(l("Object edit error"), "error");
break;
default:
break;
}
} else {
$query = explode(".", trim($_SERVER['QUERY_STRING']));
if (count($query) != 2) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
<?php
/**
* @author Jaco Ruit
*/
require 'startOrongo.php';
startOrongo('orongo-activation');
if (isset($_GET['code']) && !isset($_SESSION['orongo-id']) && !isset($_SESSION['orongo-session-id'])) {
$code = $_GET['code'];
if (User::isGoodActivationCode($code)) {
$uid = User::getUserIDByActivationCode($code);
if (!User::userIsActivated($uid)) {
User::activateUser($uid);
User::deleteActivationCode($code);
header("Location: orongo-login.php?msg=6");
exit;
} else {
@User::deleteActivationCode($code);
header("Location: orongo-login.php?msg=5");
exit;
}
} else {
header("Location: orongo-login.php?msg=4");
exit;
}
} else {
header("Location: orongo-login.php");
exit;
}
<?php
/**
* @author Jaco Ruit
*/
require 'startOrongo.php';
startOrongo('orongo-logout');
if (isset($_SESSION['orongo-id']) || isset($_SESSION['orongo-session-id'])) {
$sessionID = Security::escapeSQL($_SESSION['orongo-session-id']);
Session::delete($sessionID);
session_destroy();
header("Location: orongo-login.php?msg=1");
} else {
header("Location: orongo-login.php");
}
<?php
/**
* @author Jaco Ruit
*/
require 'startOrongo.php';
startOrongo('error');
$errorCodes = array(400, 401, 403, 404, 500, 503);
if (!isset($_GET['error_code']) || !in_array($_GET['error_code'], $errorCodes)) {
header("Location: " . orongoURL("index.php"));
exit;
}
$articleFO = new ErrorFrontend();
$articleFO->main(array("time" => time(), "error_code" => $_GET['error_code']));
$articleFO->render();
<?php
require '../startOrongo.php';
startOrongo('admin_plugin-uninstall');
Security::promptAuth();
if (getUser()->getRank() != RANK_ADMIN) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
if (!isset($_GET['xml_path'])) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
}
$xmlPath = ADMIN . '/plugins' . urldecode($_GET['xml_path']);
$install = new AdminFrontend();
$install->main(array("time" => time(), "page_title" => "Uninstall", "page_template" => "dashboard"));
if (!file_exists($xmlPath)) {
$install->addMessage(l("Plugin not found"), "error");
$install->render();
exit;
}
$installed = false;
foreach (getPlugins() as $plugin) {
if ($plugin instanceof OrongoPluggableObject == false) {
continue;
}
if ($plugin->getInfoPath() == $xmlPath) {
$installed = true;
}
}
if (!$installed) {
<?php
/**
* fetchNotifications AJAX
*
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo();
define("NOT_LOGGED_IN", 1);
function errorDie($paramError, $paramErrorCode)
{
$arrayToJs = array();
$arrayToJs["response"] = $paramError;
$arrayToJs["response_code"] = $paramErrorCode;
die(json_encode($arrayToJs));
}
if (getUser() == null) {
errorDie("Not logged in!", NOT_LOGGED_IN);
}
$arrayToJs = array();
$arrayToJs["notifications"] = array();
$count = 0;
foreach (getUser()->getNotifications() as $notification) {
if ($notification["notification"] instanceof OrongoNotification == false) {
continue;
}
$arrayToJs["notifications"][$count] = array("title" => $notification["notification"]->getTitle(), "text" => $notification["notification"]->getText(), "time" => $notification["notification"]->getTime(), "image" => $notification["notification"]->getImage());
OrongoNotifier::deleteNotification($notification["id"]);
$count++;
}
<?php
/**
* @author Jaco Ruit
*/
define('HACK_PLUGINS', true);
require '../startOrongo.php';
startOrongo('admin_plugin-settings');
Security::promptAuth();
if (getUser()->getRank() != RANK_ADMIN) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=0"));
exit;
}
if (!isset($_GET['xml_path'])) {
header("Location: " . orongoURL("orongo-admin/index.php?msg=1"));
exit;
}
$xmlPath = ADMIN . '/plugins' . urldecode($_GET['xml_path']);
$settings = new AdminFrontend();
$settings->main(array("time" => time(), "page_title" => "Plugin Setting", "page_template" => "dashboard"));
if (!file_exists($xmlPath)) {
$settings->addMessage(l("Plugin not found"), "error");
$settings->render();
exit;
}
$installed = false;
foreach (getPlugins() as $plugin) {
if ($plugin instanceof OrongoPluggableObject == false) {
continue;
}
if ($plugin->getInfoPath() == $xmlPath) {
