if (isset($modx->config['validate_referer']) && intval($modx->config['validate_referer'])) { if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; if (!empty($referer)) { if (!preg_match('/^' . preg_quote(MODX_SITE_URL, '/') . '/i', $referer)) { $modx->webAlertAndQuit("A possible CSRF attempt was detected from referer: {$referer}.", "index.php"); } } else { $modx->webAlertAndQuit("A possible CSRF attempt was detected. No referer was provided by the client.", "index.php"); } } else { $modx->webAlertAndQuit("A possible CSRF attempt was detected. No referer was provided by the server.", "index.php"); } } // invoke OnManagerPageInit event $modx->invokeEvent("OnManagerPageInit", array("action" => $action)); // Now we decide what to do according to the action request. This is a BIG list :) switch ($action) { /********************************************************************/ /* frame management - show the requested frame */ /********************************************************************/ case 1: // get the requested frame $frame = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['f']); if ($frame > 9) { $enable_debug = false; // this is to stop the debug thingy being attached to the framesets } include_once "frames/" . $frame . ".php"; break; /********************************************************************/
/** * build siteCache file * @param DocumentParser $modx * @return boolean success */ function buildCache($modx) { $tmpPHP = "<?php\n"; // SETTINGS & DOCUMENT LISTINGS CACHE // get settings $sql = 'SELECT * FROM ' . $modx->getFullTableName('system_settings'); $rs = $modx->db->query($sql); $limit_tmp = $modx->db->getRecordCount($rs); $config = array(); $tmpPHP .= '$c=&$this->config;' . "\n"; while (list($key, $value) = $modx->db->getRow($rs, 'num')) { $tmpPHP .= '$c[\'' . $key . '\']' . ' = "' . $this->escapeDoubleQuotes($value) . "\";\n"; $config[$key] = $value; } // get aliases modx: support for alias path $tmpPath = ''; $tmpPHP .= '$this->aliasListing = array();' . "\n"; $tmpPHP .= '$a = &$this->aliasListing;' . "\n"; $tmpPHP .= '$d = &$this->documentListing;' . "\n"; $tmpPHP .= '$m = &$this->documentMap;' . "\n"; $sql = 'SELECT IF(alias=\'\', id, alias) AS alias, id, contentType, parent FROM ' . $modx->getFullTableName('site_content') . ' WHERE deleted=0 ORDER BY parent, menuindex'; $rs = $modx->db->query($sql); $limit_tmp = $modx->db->getRecordCount($rs); for ($i_tmp = 0; $i_tmp < $limit_tmp; $i_tmp++) { $tmp1 = $modx->db->getRow($rs); if ($config['friendly_urls'] == 1 && $config['use_alias_path'] == 1) { $tmpPath = $this->getParents($tmp1['parent']); $alias = (strlen($tmpPath) > 0 ? "{$tmpPath}/" : '') . $tmp1['alias']; $alias = $modx->db->escape($alias); $tmpPHP .= '$d[\'' . $alias . '\']' . " = " . $tmp1['id'] . ";\n"; } else { $tmpPHP .= '$d[\'' . $modx->db->escape($tmp1['alias']) . '\']' . " = " . $tmp1['id'] . ";\n"; } $tmpPHP .= '$a[' . $tmp1['id'] . ']' . " = array('id' => " . $tmp1['id'] . ", 'alias' => '" . $modx->db->escape($tmp1['alias']) . "', 'path' => '" . $modx->db->escape($tmpPath) . "', 'parent' => " . $tmp1['parent'] . ");\n"; $tmpPHP .= '$m[]' . " = array('" . $tmp1['parent'] . "' => '" . $tmp1['id'] . "');\n"; } // get content types $sql = 'SELECT id, contentType FROM ' . $modx->getFullTableName('site_content') . " WHERE contentType != 'text/html'"; $rs = $modx->db->query($sql); $limit_tmp = $modx->db->getRecordCount($rs); $tmpPHP .= '$c = &$this->contentTypes;' . "\n"; for ($i_tmp = 0; $i_tmp < $limit_tmp; $i_tmp++) { $tmp1 = $modx->db->getRow($rs); $tmpPHP .= '$c[' . $tmp1['id'] . ']' . " = '" . $tmp1['contentType'] . "';\n"; } // WRITE Chunks to cache file $sql = 'SELECT * FROM ' . $modx->getFullTableName('site_htmlsnippets'); $rs = $modx->db->query($sql); $limit_tmp = $modx->db->getRecordCount($rs); $tmpPHP .= '$c = &$this->chunkCache;' . "\n"; for ($i_tmp = 0; $i_tmp < $limit_tmp; $i_tmp++) { $tmp1 = $modx->db->getRow($rs); $tmpPHP .= '$c[\'' . $modx->db->escape($tmp1['name']) . '\']' . " = '" . $this->escapeSingleQuotes($tmp1['snippet']) . "';\n"; } // WRITE snippets to cache file $sql = 'SELECT ss.*,sm.properties as `sharedproperties` ' . 'FROM ' . $modx->getFullTableName('site_snippets') . ' ss ' . 'LEFT JOIN ' . $modx->getFullTableName('site_modules') . ' sm on sm.guid=ss.moduleguid'; $rs = $modx->db->query($sql); $limit_tmp = $modx->db->getRecordCount($rs); $tmpPHP .= '$s = &$this->snippetCache;' . "\n"; for ($i_tmp = 0; $i_tmp < $limit_tmp; $i_tmp++) { $tmp1 = $modx->db->getRow($rs); $tmpPHP .= '$s[\'' . $modx->db->escape($tmp1['name']) . '\']' . " = '" . $this->escapeSingleQuotes($tmp1['snippet']) . "';\n"; // Raymond: save snippet properties to cache if ($tmp1['properties'] != "" || $tmp1['sharedproperties'] != "") { $tmpPHP .= '$s[\'' . $tmp1['name'] . 'Props\']' . " = '" . $this->escapeSingleQuotes($tmp1['properties'] . " " . $tmp1['sharedproperties']) . "';\n"; } // End mod } // WRITE plugins to cache file $sql = 'SELECT sp.*,sm.properties as `sharedproperties`' . 'FROM ' . $modx->getFullTableName('site_plugins') . ' sp ' . 'LEFT JOIN ' . $modx->getFullTableName('site_modules') . ' sm on sm.guid=sp.moduleguid ' . 'WHERE sp.disabled=0'; $rs = $modx->db->query($sql); $limit_tmp = $modx->db->getRecordCount($rs); $tmpPHP .= '$p = &$this->pluginCache;' . "\n"; for ($i_tmp = 0; $i_tmp < $limit_tmp; $i_tmp++) { $tmp1 = $modx->db->getRow($rs); $tmpPHP .= '$p[\'' . $modx->db->escape($tmp1['name']) . '\']' . " = '" . $this->escapeSingleQuotes($tmp1['plugincode']) . "';\n"; if ($tmp1['properties'] != '' || $tmp1['sharedproperties'] != '') { $tmpPHP .= '$p[\'' . $tmp1['name'] . 'Props\']' . " = '" . $this->escapeSingleQuotes($tmp1['properties'] . ' ' . $tmp1['sharedproperties']) . "';\n"; } } // WRITE system event triggers $sql = 'SELECT sysevt.name as `evtname`, pe.pluginid, plugs.name FROM ' . $modx->getFullTableName('system_eventnames') . ' sysevt INNER JOIN ' . $modx->getFullTableName('site_plugin_events') . ' pe ON pe.evtid = sysevt.id INNER JOIN ' . $modx->getFullTableName('site_plugins') . ' plugs ON plugs.id = pe.pluginid WHERE plugs.disabled=0 ORDER BY sysevt.name,pe.priority'; $events = array(); $rs = $modx->db->query($sql); $limit_tmp = $modx->db->getRecordCount($rs); $tmpPHP .= '$e = &$this->pluginEvent;' . "\n"; for ($i = 0; $i < $limit_tmp; $i++) { $evt = $modx->db->getRow($rs); if (!$events[$evt['evtname']]) { $events[$evt['evtname']] = array(); } $events[$evt['evtname']][] = $evt['name']; } foreach ($events as $evtname => $pluginnames) { $tmpPHP .= '$e[\'' . $evtname . '\'] = array(\'' . implode("','", $this->escapeSingleQuotes($pluginnames)) . "');\n"; } // close and write the file $tmpPHP .= "\n"; $filename = $this->cachePath . 'siteCache.idx.php'; $somecontent = $tmpPHP; // invoke OnBeforeCacheUpdate event if ($modx) { $modx->invokeEvent('OnBeforeCacheUpdate'); } if (!($handle = fopen($filename, 'w'))) { echo 'Cannot open file (', $filename, ')'; exit; } // Write $somecontent to our opened file. if (fwrite($handle, $somecontent) === FALSE) { echo 'Cannot write main MODx cache file! Make sure the assets/cache directory is writable!'; exit; } fclose($handle); // invoke OnCacheUpdate event if ($modx) { $modx->invokeEvent('OnCacheUpdate'); } return true; }
include_once "error.class.inc.php"; $e = new errorHandler(); // initiate the content manager class include_once "document.parser.class.inc.php"; $modx = new DocumentParser(); $modx->loadExtension("ManagerAPI"); $modx->getSettings(); $etomite =& $modx; // for backward compatibility $username = $modx->db->escape($_REQUEST['username']); $givenPassword = $modx->db->escape($_REQUEST['password']); $captcha_code = $_REQUEST['captcha_code']; $rememberme = $_REQUEST['rememberme']; $failed_allowed = $modx->config["failed_login_attempts"]; // invoke OnBeforeManagerLogin event $modx->invokeEvent("OnBeforeManagerLogin", array("username" => $username, "userpassword" => $givenPassword, "rememberme" => $rememberme)); $sql = "SELECT {$dbase}.`" . $table_prefix . "manager_users`.*, {$dbase}.`" . $table_prefix . "user_attributes`.* FROM {$dbase}.`" . $table_prefix . "manager_users`, {$dbase}.`" . $table_prefix . "user_attributes` WHERE BINARY {$dbase}.`" . $table_prefix . "manager_users`.username = '******' and {$dbase}.`" . $table_prefix . "user_attributes`.internalKey={$dbase}.`" . $table_prefix . "manager_users`.id;"; $rs = mysql_query($sql); $limit = mysql_num_rows($rs); if ($limit == 0 || $limit > 1) { jsAlert($e->errors[900]); return; } $row = mysql_fetch_assoc($rs); $internalKey = $row['internalKey']; $dbasePassword = $row['password']; $failedlogins = $row['failedlogincount']; $blocked = $row['blocked']; $blockeduntildate = $row['blockeduntil']; $blockedafterdate = $row['blockedafter']; $registeredsessionid = $row['sessionid'];
include_once $richtextIncludeDirectory . 'assets/cache/siteManager.php'; } if (!defined('MGR_DIR')) { define('MGR_DIR', 'manager'); } $richtextIncludeDirectory .= MGR_DIR . '/'; //Config $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME'] = '/'; require_once $richtextIncludeDirectory . 'includes/protect.inc.php'; require_once $richtextIncludeDirectory . 'includes/config.inc.php'; startCMSSession(); if ($_SESSION['mgrValidated']) { define('IN_MANAGER_MODE', true); //Setup the MODx API define('MODX_API_MODE', true); //Initiate a new document parser require_once $richtextIncludeDirectory . 'includes/document.parser.class.inc.php'; $modx = new DocumentParser(); //Provide the MODx DBAPI $modx->db->connect(); //Provide the $modx->documentMap and user settings $modx->getSettings(); $mmDir = 'assets/plugins/managermanager/'; $windowDir = $mmDir . 'widgets/ddmultiplefields/richtext/'; //Include the ddTools library require_once $modx->config['base_path'] . $mmDir . 'modx.ddtools.class.php'; $temp = $modx->invokeEvent('OnRichTextEditorInit', array('editor' => 'TinyMCE', 'elements' => array('ddMultipleFields_richtext'))); echo ddTools::parseText(file_get_contents($modx->config['base_path'] . $windowDir . 'template.html'), array('site_url' => $modx->config['site_url'], 'mmDir' => $mmDir, 'windowDir' => $windowDir, 'charset' => '<meta charset="' . $modx->config['modx_charset'] . '" />', 'style' => MODX_MANAGER_URL . 'media/style/' . $modx->config['manager_theme'] . '/style.css', 'tinyMCE' => $temp[0]), '[+', '+]', false); } else { echo file_get_contents(dirname(__FILE__) . '/index.html'); }
/** * build siteCache file * @param DocumentParser $modx * @return boolean success */ function buildCache($modx) { $tmpPHP = "<?php\n"; // SETTINGS & DOCUMENT LISTINGS CACHE // get settings $rs = $modx->db->select('*', $modx->getFullTableName('system_settings')); $config = array(); $tmpPHP .= '$c=&$this->config;' . "\n"; while (list($key, $value) = $modx->db->getRow($rs, 'num')) { $tmpPHP .= '$c[\'' . $this->escapeSingleQuotes($key) . '\']' . ' = "' . $this->escapeDoubleQuotes($value) . "\";\n"; $config[$key] = $value; } // get aliases modx: support for alias path $tmpPath = ''; $tmpPHP .= '$this->aliasListing = array();' . "\n"; $tmpPHP .= '$a = &$this->aliasListing;' . "\n"; $tmpPHP .= '$d = &$this->documentListing;' . "\n"; $tmpPHP .= '$m = &$this->documentMap;' . "\n"; $rs = $modx->db->select('IF(alias=\'\', id, alias) AS alias, id, parent, isfolder', $modx->getFullTableName('site_content'), 'deleted=0', 'parent, menuindex'); while ($tmp1 = $modx->db->getRow($rs)) { if ($config['friendly_urls'] == 1 && $config['use_alias_path'] == 1) { $tmpPath = $this->getParents($tmp1['parent']); $alias = (strlen($tmpPath) > 0 ? "{$tmpPath}/" : '') . $tmp1['alias']; $tmpPHP .= '$d[\'' . $this->escapeSingleQuotes($alias) . '\']' . " = " . $tmp1['id'] . ";\n"; } else { $tmpPHP .= '$d[\'' . $this->escapeSingleQuotes($tmp1['alias']) . '\']' . " = " . $tmp1['id'] . ";\n"; } $tmpPHP .= '$a[' . $tmp1['id'] . ']' . " = array('id' => " . $tmp1['id'] . ", 'alias' => '" . $this->escapeSingleQuotes($tmp1['alias']) . "', 'path' => '" . $this->escapeSingleQuotes($tmpPath) . "', 'parent' => " . $tmp1['parent'] . ", 'isfolder' => " . $tmp1['isfolder'] . ");\n"; $tmpPHP .= '$m[]' . " = array('" . $tmp1['parent'] . "' => '" . $tmp1['id'] . "');\n"; } // get content types $rs = $modx->db->select('id, contentType', $modx->getFullTableName('site_content'), "contentType != 'text/html'"); $tmpPHP .= '$c = &$this->contentTypes;' . "\n"; while ($tmp1 = $modx->db->getRow($rs)) { $tmpPHP .= '$c[' . $tmp1['id'] . ']' . " = '" . $this->escapeSingleQuotes($tmp1['contentType']) . "';\n"; } // WRITE Chunks to cache file $rs = $modx->db->select('*', $modx->getFullTableName('site_htmlsnippets')); $tmpPHP .= '$c = &$this->chunkCache;' . "\n"; while ($tmp1 = $modx->db->getRow($rs)) { $tmpPHP .= '$c[\'' . $this->escapeSingleQuotes($tmp1['name']) . '\']' . " = '" . $this->escapeSingleQuotes($tmp1['snippet']) . "';\n"; } // WRITE snippets to cache file $rs = $modx->db->select('ss.*, sm.properties as sharedproperties', $modx->getFullTableName('site_snippets') . ' ss LEFT JOIN ' . $modx->getFullTableName('site_modules') . ' sm on sm.guid=ss.moduleguid'); $tmpPHP .= '$s = &$this->snippetCache;' . "\n"; while ($tmp1 = $modx->db->getRow($rs)) { $tmpPHP .= '$s[\'' . $this->escapeSingleQuotes($tmp1['name']) . '\']' . " = '" . $this->escapeSingleQuotes($tmp1['snippet']) . "';\n"; if ($tmp1['properties'] != '' || $tmp1['sharedproperties'] != '') { $tmpPHP .= '$s[\'' . $this->escapeSingleQuotes($tmp1['name']) . 'Props\']' . " = '" . $this->escapeSingleQuotes($tmp1['properties'] . " " . $tmp1['sharedproperties']) . "';\n"; } } // WRITE plugins to cache file $rs = $modx->db->select('sp.*, sm.properties as sharedproperties', $modx->getFullTableName('site_plugins') . ' sp LEFT JOIN ' . $modx->getFullTableName('site_modules') . ' sm on sm.guid=sp.moduleguid', 'sp.disabled=0'); $tmpPHP .= '$p = &$this->pluginCache;' . "\n"; while ($tmp1 = $modx->db->getRow($rs)) { $tmpPHP .= '$p[\'' . $this->escapeSingleQuotes($tmp1['name']) . '\']' . " = '" . $this->escapeSingleQuotes($tmp1['plugincode']) . "';\n"; if ($tmp1['properties'] != '' || $tmp1['sharedproperties'] != '') { $tmpPHP .= '$p[\'' . $this->escapeSingleQuotes($tmp1['name']) . 'Props\']' . " = '" . $this->escapeSingleQuotes($tmp1['properties'] . ' ' . $tmp1['sharedproperties']) . "';\n"; } } // WRITE system event triggers $events = array(); $rs = $modx->db->select('sysevt.name as evtname, pe.pluginid, plugs.name', $modx->getFullTableName('system_eventnames') . ' sysevt INNER JOIN ' . $modx->getFullTableName('site_plugin_events') . ' pe ON pe.evtid = sysevt.id INNER JOIN ' . $modx->getFullTableName('site_plugins') . ' plugs ON plugs.id = pe.pluginid', 'plugs.disabled=0', 'sysevt.name,pe.priority'); $tmpPHP .= '$e = &$this->pluginEvent;' . "\n"; while ($evt = $modx->db->getRow($rs)) { if (!$events[$evt['evtname']]) { $events[$evt['evtname']] = array(); } $events[$evt['evtname']][] = $evt['name']; } foreach ($events as $evtname => $pluginnames) { $tmpPHP .= '$e[\'' . $this->escapeSingleQuotes($evtname) . '\'] = array(\'' . implode("','", $this->escapeSingleQuotes($pluginnames)) . "');\n"; } // close and write the file $tmpPHP .= "\n"; $filename = $this->cachePath . 'siteCache.idx.php'; $somecontent = $tmpPHP; // invoke OnBeforeCacheUpdate event if ($modx) { $modx->invokeEvent('OnBeforeCacheUpdate'); } if (!($handle = fopen($filename, 'w'))) { echo 'Cannot open file (', $filename, ')'; exit; } if (!is_file($this->cachePath . '/.htaccess')) { file_put_contents($this->cachePath . '/.htaccess', "order deny,allow\ndeny from all\n"); } // Write $somecontent to our opened file. if (fwrite($handle, $somecontent) === FALSE) { echo 'Cannot write main MODX cache file! Make sure the assets/cache directory is writable!'; exit; } fclose($handle); // invoke OnCacheUpdate event if ($modx) { $modx->invokeEvent('OnCacheUpdate'); } return true; }