コード例 #1
0
/**
 * login post
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Login
 * @author Henry Ruhs
 */
function login_post()
{
    $passwordValidator = new Redaxscript\Validator\Password();
    $loginValidator = new Redaxscript\Validator\Login();
    $emailValidator = new Redaxscript\Validator\Email();
    $captchaValidator = new Redaxscript\Validator\Captcha();
    /* clean post */
    if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/login'] == 'visited') {
        $post_user = $_POST['user'];
        $post_password = $_POST['password'];
        $task = $_POST['task'];
        $solution = $_POST['solution'];
        $login_by_email = 0;
        $users = Redaxscript\Db::forTablePrefix('users');
        if ($emailValidator->validate($post_user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
            $post_user = clean($post_user, 0);
            $users->where('user', $post_user);
        } else {
            $post_user = clean($post_user, 3);
            $login_by_email = 1;
            $users->where('email', $post_user);
        }
        $users_result = $users->findArray();
        foreach ($users_result as $r) {
            foreach ($r as $key => $value) {
                $key = 'my_' . $key;
                ${$key} = stripslashes($value);
            }
        }
    }
    /* validate post */
    if ($post_user == '') {
        $error = l('user_empty');
    } else {
        if ($post_password == '') {
            $error = l('password_empty');
        } else {
            if ($login_by_email == 0 && $loginValidator->validate($post_user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                $error = l('user_incorrect');
            } else {
                if ($login_by_email == 1 && $emailValidator->validate($post_user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                    $error = l('email_incorrect');
                } else {
                    if ($passwordValidator->validate($post_password, $my_password) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                        $error = l('password_incorrect');
                    } else {
                        if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                            $error = l('captcha_incorrect');
                        } else {
                            if ($my_id == '') {
                                $error = l('login_incorrect');
                            } else {
                                if ($my_status == 0) {
                                    $error = l('access_no');
                                } else {
                                    /* setup login session */
                                    $_SESSION[ROOT . '/logged_in'] = TOKEN;
                                    $_SESSION[ROOT . '/my_id'] = $my_id;
                                    $_SESSION[ROOT . '/my_name'] = $my_name;
                                    $_SESSION[ROOT . '/my_user'] = $my_user;
                                    $_SESSION[ROOT . '/my_email'] = $my_email;
                                    if (file_exists('languages/' . $my_language . '.php')) {
                                        $_SESSION[ROOT . '/language'] = $my_language;
                                        $_SESSION[ROOT . '/language_selected'] = 1;
                                    }
                                    $_SESSION[ROOT . '/my_groups'] = $my_groups;
                                    /* query groups */
                                    $groups_result = Redaxscript\Db::forTablePrefix('groups')->whereIdIn(explode(',', $my_groups))->where('status', 1)->findArray();
                                    if ($groups_result) {
                                        $num_rows = count($groups_result);
                                        foreach ($groups_result as $r) {
                                            if ($r) {
                                                foreach ($r as $key => $value) {
                                                    $key = 'groups_' . $key;
                                                    ${$key} .= stripslashes($value);
                                                    if (++$counter < $num_rows) {
                                                        ${$key} .= ', ';
                                                    }
                                                }
                                            }
                                        }
                                    }
                                    /* setup access session */
                                    $access_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users');
                                    foreach ($access_array as $value) {
                                        $groups_value = 'groups_' . $value;
                                        $position_new = strpos(${$groups_value}, '1');
                                        $position_edit = strpos(${$groups_value}, '2');
                                        $position_delete = strpos(${$groups_value}, '3');
                                        $_SESSION[ROOT . '/' . $value . '_delete'] = $_SESSION[ROOT . '/' . $value . '_edit'] = $_SESSION[ROOT . '/' . $value . '_new'] = 0;
                                        if ($position_new > -1) {
                                            $_SESSION[ROOT . '/' . $value . '_new'] = 1;
                                        }
                                        if ($position_edit > -1) {
                                            $_SESSION[ROOT . '/' . $value . '_edit'] = 1;
                                        }
                                        if ($position_delete > -1) {
                                            $_SESSION[ROOT . '/' . $value . '_delete'] = 1;
                                        }
                                    }
                                    $position_modules_install = strpos($groups_modules, '1');
                                    $position_modules_edit = strpos($groups_modules, '2');
                                    $position_modules_uninstall = strpos($groups_modules, '3');
                                    $position_settings_edit = strpos($groups_settings, '1');
                                    $position_filter = strpos($groups_filter, '0');
                                    $_SESSION[ROOT . '/filter'] = 1;
                                    $_SESSION[ROOT . '/settings_edit'] = $_SESSION[ROOT . '/modules_uninstall'] = $_SESSION[ROOT . '/modules_edit'] = $_SESSION[ROOT . '/modules_install'] = 0;
                                    if ($position_modules_install > -1) {
                                        $_SESSION[ROOT . '/modules_install'] = 1;
                                    }
                                    if ($position_modules_edit > -1) {
                                        $_SESSION[ROOT . '/modules_edit'] = 1;
                                    }
                                    if ($position_modules_uninstall > -1) {
                                        $_SESSION[ROOT . '/modules_uninstall'] = 1;
                                    }
                                    if ($position_settings_edit > -1) {
                                        $_SESSION[ROOT . '/settings_edit'] = 1;
                                    }
                                    if ($position_filter > -1) {
                                        $_SESSION[ROOT . '/filter'] = 0;
                                    }
                                    $_SESSION[ROOT . '/update'] = NOW;
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    /* handle error */
    if ($error) {
        if (s('blocker') == 1) {
            $_SESSION[ROOT . '/attack_blocked']++;
        }
        notification(l('error_occurred'), $error, l('back'), 'login');
    } else {
        notification(l('welcome'), l('logged_in'), l('continue'), 'admin');
    }
    $_SESSION[ROOT . '/login'] = '';
}
コード例 #2
0
/**
 * check install
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Install
 * @author Henry Ruhs
 *
 * @return integer
 */
function check_install()
{
    global $name, $user, $password, $email;
    $registry = Redaxscript\Registry::getInstance();
    $loginValidator = new Redaxscript\Validator\Login();
    $emailValidator = new Redaxscript\Validator\Email();
    if ($_POST['install_post'] && $registry->get('dbStatus') && $name && $loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::PASSED && $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::PASSED && $emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::PASSED) {
        $output = 1;
    } else {
        $output = 0;
    }
    return $output;
}
コード例 #3
0
ファイル: admin_query.php プロジェクト: ITw3/redaxscript
/**
 * admin process
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Admin
 * @author Henry Ruhs
 */
function admin_process()
{
    $aliasValidator = new Redaxscript\Validator\Alias();
    $loginValidator = new Redaxscript\Validator\Login();
    /* clean post */
    switch (TABLE_PARAMETER) {
        /* categories */
        case 'categories':
            $parent = $r['parent'] = clean($_POST['parent'], 0);
            /* articles */
        /* articles */
        case 'articles':
            $r['keywords'] = clean($_POST['keywords'], 1);
            $r['template'] = clean($_POST['template'], 0);
            /* extras */
        /* extras */
        case 'extras':
            $title = $r['title'] = clean($_POST['title'], 1);
            if (TABLE_PARAMETER != 'categories') {
                $r['headline'] = clean($_POST['headline'], 0);
            }
            /* comments */
        /* comments */
        case 'comments':
            if (TABLE_PARAMETER == 'comments') {
                $r['url'] = clean($_POST['url'], 4);
            }
            $author = $r['author'] = clean($_POST['author'], 0);
            if (TABLE_PARAMETER != 'categories') {
                $text = $r['text'] = clean($_POST['text'], 1);
                $date = $_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day'] . ' ' . $_POST['hour'] . ':' . $_POST['minute'] . ':00';
                $date = $r['date'] = clean($date, 1);
            }
            $rank = $r['rank'] = clean($_POST['rank'], 0);
            /* groups */
        /* groups */
        case 'groups':
            if (TABLE_PARAMETER != 'comments') {
                $alias = $r['alias'] = clean($_POST['alias'], 2);
            }
            /* users */
        /* users */
        case 'users':
            if (TABLE_PARAMETER != 'groups') {
                $language = $r['language'] = clean($_POST['language'], 0);
            }
            /* modules */
        /* modules */
        case 'modules':
            $alias = clean($_POST['alias'], 2);
            $status = $r['status'] = clean($_POST['status'], 0);
            if (TABLE_PARAMETER != 'groups' && TABLE_PARAMETER != 'users' && GROUPS_EDIT == 1) {
                $access = array_map('clean_special', $_POST['access']);
                $access = array_map('clean_mysql', $access);
                $access_string = implode(', ', $access);
                if ($access_string == '') {
                    $access_string = 0;
                }
                $access = $r['access'] = $access_string;
            }
            if (TABLE_PARAMETER != 'extras' && TABLE_PARAMETER != 'comments') {
                $r['description'] = clean($_POST['description'], 1);
            }
            $token = $_POST['token'];
            break;
    }
    /* clean contents post */
    if (TABLE_PARAMETER == 'articles') {
        $r['infoline'] = clean($_POST['infoline'], 0);
        $comments = $r['comments'] = clean($_POST['comments'], 0);
        if ($category && ID_PARAMETER == '') {
            $status = $r['status'] = retrieve('status', 'categories', 'id', $category);
        }
    }
    if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras') {
        $category = $r['category'] = clean($_POST['category'], 0);
    }
    if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') {
        if ($date > NOW) {
            $status = $r['status'] = 2;
        } else {
            $date = $r['date'] = NOW;
        }
    }
    if (TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') {
        $article = $r['article'] = clean($_POST['article'], 0);
    }
    if (TABLE_PARAMETER == 'comments' && ID_PARAMETER == '') {
        $status = $r['status'] = retrieve('status', 'articles', 'id', $article);
    }
    if (TABLE_PARAMETER == 'comments' || TABLE_PARAMETER == 'users') {
        $email = $r['email'] = clean($_POST['email'], 3);
    }
    /* clean groups post */
    if (TABLE_PARAMETER == 'groups' && (ID_PARAMETER == '' || ID_PARAMETER > 1)) {
        $groups_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules');
        foreach ($groups_array as $value) {
            ${$value} = array_map('clean_special', $_POST[$value]);
            ${$value} = array_map('clean_mysql', ${$value});
            $groups_string = implode(', ', ${$value});
            if ($groups_string == '') {
                $groups_string = 0;
            }
            $r[$value] = $groups_string;
        }
        $r['settings'] = clean($_POST['settings'], 0);
        $r['filter'] = clean($_POST['filter'], 0);
    }
    if ((TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users') && ID_PARAMETER == 1) {
        $status = $r['status'] = 1;
    }
    if (TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users' || TABLE_PARAMETER == 'modules') {
        $name = $r['name'] = clean($_POST['name'], 0);
    }
    /* clean users post */
    if (TABLE_PARAMETER == 'users') {
        $user = $r['user'] = clean($_POST['user'], 0);
        $password_check = $password_confirm = 1;
        if ($_POST['edit'] && $_POST['password'] == '' && $_POST['password_confirm'] == '' || $_POST['delete']) {
            $password_check = 0;
        }
        if ($_POST['password'] != $_POST['password_confirm']) {
            $password_confirm = 0;
        }
        $password = clean($_POST['password'], 0);
        if ($password_check == 1 && $password_confirm == 1) {
            $r['password'] = sha1($password) . SALT;
        }
        if ($_POST['new']) {
            $r['first'] = $r['last'] = NOW;
        }
        if (ID_PARAMETER == '' || ID_PARAMETER > 1) {
            $groups = array_map('clean_special', $_POST['groups']);
            $groups = array_map('clean_mysql', $groups);
            $groups_string = implode(', ', $groups);
            if ($groups_string == '') {
                $groups_string = 0;
            }
            $groups = $r['groups'] = $groups_string;
        }
    }
    $r_keys = array_keys($r);
    $last = end($r_keys);
    /* validate post */
    switch (TABLE_PARAMETER) {
        /* contents */
        case 'categories':
        case 'articles':
        case 'extras':
            if ($title == '') {
                $error = l('title_empty');
            } else {
                $title_id = retrieve('title', TABLE_PARAMETER, 'id', ID_PARAMETER);
                $id_title = retrieve('id', TABLE_PARAMETER, 'title', $title);
            }
            if ($id_title && strcasecmp($title_id, $title) < 0) {
                $error = l('title_exists');
            }
            if (TABLE_PARAMETER == 'categories') {
                $opponent_id = retrieve('id', 'articles', 'alias', $alias);
            }
            if (TABLE_PARAMETER == 'articles') {
                $opponent_id = retrieve('id', 'categories', 'alias', $alias);
            }
            if ($opponent_id) {
                $error = l('alias_exists');
            }
            if (TABLE_PARAMETER != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\Validator::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\Validator::PASSED) {
                $error = l('alias_incorrect');
            }
            /* groups */
        /* groups */
        case 'groups':
            if ($alias == '') {
                $error = l('alias_empty');
            } else {
                $alias_id = retrieve('alias', TABLE_PARAMETER, 'id', ID_PARAMETER);
                $id_alias = retrieve('id', TABLE_PARAMETER, 'alias', $alias);
            }
            if ($id_alias && strcasecmp($alias_id, $alias) < 0) {
                $error = l('alias_exists');
            }
    }
    /* validate general post */
    switch (TABLE_PARAMETER) {
        case 'articles':
        case 'extras':
        case 'comments':
            if ($text == '') {
                $error = l('text_empty');
            }
            break;
        case 'groups':
        case 'users':
        case 'modules':
            if ($name == '') {
                $error = l('name_empty');
            }
            break;
    }
    /* validate users post */
    if (TABLE_PARAMETER == 'users') {
        if ($user == '') {
            $error = l('user_incorrect');
        } else {
            $user_id = retrieve('user', TABLE_PARAMETER, 'id', ID_PARAMETER);
            $id_user = retrieve('id', TABLE_PARAMETER, 'user', $user);
        }
        if ($id_user && strcasecmp($user_id, $user) < 0) {
            $error = l('user_exists');
        }
        if ($loginValidator->validate($user) == Redaxscript\Validator\Validator::FAILED) {
            $error = l('user_incorrect');
        }
        if ($password_check == 1) {
            if ($password == '') {
                $error = l('password_empty');
            }
            if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\Validator::FAILED) {
                $error = l('password_incorrect');
            }
        }
    }
    /* validate last post */
    $emailValidator = new Redaxscript\Validator\Email();
    switch (TABLE_PARAMETER) {
        case 'comments':
            if ($author == '') {
                $error = l('author_empty');
            }
        case 'users':
            if ($emailValidator->validate($email) == Redaxscript\Validator\Validator::FAILED) {
                $error = l('email_incorrect');
            }
    }
    $route = 'admin';
    /* handle error */
    if ($error) {
        if (ID_PARAMETER == '') {
            $route .= '/new/' . TABLE_PARAMETER;
        } else {
            $route .= '/edit/' . TABLE_PARAMETER . '/' . ID_PARAMETER;
        }
        notification(l('error_occurred'), $error, l('back'), $route);
        return null;
    } else {
        if (TABLE_EDIT == 1 || TABLE_DELETE == 1) {
            $route .= '/view/' . TABLE_PARAMETER;
            if ($alias) {
                $route .= '#' . $alias;
            } else {
                if ($user) {
                    $route .= '#' . $user;
                }
            }
        }
    }
    /* process */
    switch (true) {
        /* query new */
        case $_POST['new']:
            foreach ($r as $key => $value) {
                $key_string .= $key;
                $value_string .= '\'' . $value . '\'';
                if ($last != $key) {
                    $key_string .= ', ';
                    $value_string .= ', ';
                }
            }
            $general_insert_query = 'INSERT INTO ' . PREFIX . TABLE_PARAMETER . ' (' . $key_string . ') VALUES (' . $value_string . ')';
            mysql_query($general_insert_query);
            notification(l('operation_completed'), '', l('continue'), $route);
            return null;
            /* query edit */
        /* query edit */
        case $_POST['edit']:
            foreach ($r as $key => $value) {
                $set_string .= $key . ' = \'' . $value . '\'';
                if ($last != $key) {
                    $set_string .= ', ';
                }
            }
            $general_update_query = 'UPDATE ' . PREFIX . TABLE_PARAMETER . ' SET ' . $set_string . ' WHERE id = ' . ID_PARAMETER . ' LIMIT 1';
            /* categories */
            if (TABLE_PARAMETER == 'categories') {
                $categories_string = admin_children('categories', ID_PARAMETER, 0);
                $categories_children_string = admin_children('categories', ID_PARAMETER, 2);
                $categories_update_query = 'UPDATE ' . PREFIX . 'categories SET status = ' . $status . ', access = \'' . $access . '\' WHERE id IN (' . $categories_string . ')';
                $articles_update_query = 'UPDATE ' . PREFIX . 'articles SET status = ' . $status . ', access = \'' . $access . '\' WHERE category IN (' . $categories_string . ')';
                $comments_update_query = 'UPDATE ' . PREFIX . 'comments SET status = ' . $status . ', access = \'' . $access . '\' WHERE article IN (' . $categories_children_string . ')';
                mysql_query($categories_update_query);
                mysql_query($articles_update_query);
            }
            /* articles */
            if (TABLE_PARAMETER == 'articles') {
                if ($comments == 0) {
                    $status = 0;
                }
                $comments_update_query = 'UPDATE ' . PREFIX . 'comments SET status = ' . $status . ', access = \'' . $access . '\' WHERE article = ' . ID_PARAMETER;
            }
            /* general */
            mysql_query($general_update_query);
            if ($comments_update_query) {
                mysql_query($comments_update_query);
            }
            if (USERS_EXCEPTION == 1) {
                $_SESSION[ROOT . '/my_name'] = $name;
                $_SESSION[ROOT . '/my_email'] = $email;
                if (file_exists('languages/' . $language . '.php')) {
                    $_SESSION[ROOT . '/language'] = $language;
                    $_SESSION[ROOT . '/language_selected'] = 1;
                }
            }
            notification(l('operation_completed'), '', l('continue'), $route);
            return null;
    }
}
コード例 #4
0
/**
 * admin process
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Admin
 * @author Henry Ruhs
 */
function admin_process()
{
    $aliasValidator = new Redaxscript\Validator\Alias();
    $loginValidator = new Redaxscript\Validator\Login();
    $specialFilter = new Redaxscript\Filter\Special();
    /* clean post */
    switch (TABLE_PARAMETER) {
        /* categories */
        case 'categories':
            $parent = $r['parent'] = clean($_POST['parent'], 0);
            /* articles */
        /* articles */
        case 'articles':
            $r['keywords'] = clean($_POST['keywords'], 5);
            $r['template'] = clean($_POST['template'], 0);
            /* extras */
        /* extras */
        case 'extras':
            $title = $r['title'] = clean($_POST['title'], 5);
            if (TABLE_PARAMETER != 'categories') {
                $r['headline'] = clean($_POST['headline'], 0);
            }
            $r['sibling'] = clean($_POST['sibling'], 0);
            /* comments */
        /* comments */
        case 'comments':
            if (TABLE_PARAMETER == 'comments') {
                $r['url'] = clean($_POST['url'], 4);
            }
            $author = $r['author'] = clean($_POST['author'], 0);
            if (TABLE_PARAMETER != 'categories') {
                $text = $r['text'] = clean($_POST['text'], 1);
                $date = $_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day'] . ' ' . $_POST['hour'] . ':' . $_POST['minute'] . ':00';
                $date = $r['date'] = clean($date, 5);
            }
            $rank = $r['rank'] = clean($_POST['rank'], 0);
            /* groups */
        /* groups */
        case 'groups':
            if (TABLE_PARAMETER != 'comments') {
                $alias = $r['alias'] = clean($_POST['alias'], 2);
            }
            /* users */
        /* users */
        case 'users':
            if (TABLE_PARAMETER != 'groups') {
                $language = $r['language'] = clean($_POST['language'], 0);
            }
            /* modules */
        /* modules */
        case 'modules':
            $alias = clean($_POST['alias'], 2);
            $status = $r['status'] = clean($_POST['status'], 0);
            if (TABLE_PARAMETER != 'groups' && TABLE_PARAMETER != 'users' && GROUPS_EDIT == 1) {
                $access = array_map(array($specialFilter, 'sanitize'), $_POST['access']);
                $access = array_map('clean', $access);
                $access_string = implode(', ', $access);
                if ($access_string == '') {
                    $access_string = null;
                }
                $access = $r['access'] = $access_string;
            }
            if (TABLE_PARAMETER != 'extras' && TABLE_PARAMETER != 'comments') {
                $r['description'] = clean($_POST['description'], 5);
            }
            $token = $_POST['token'];
            break;
    }
    /* clean contents post */
    if (TABLE_PARAMETER == 'articles') {
        $r['infoline'] = clean($_POST['infoline'], 0);
        $comments = $r['comments'] = clean($_POST['comments'], 0);
        if ($category && ID_PARAMETER == '') {
            $status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status;
        }
    }
    if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras') {
        $category = $r['category'] = clean($_POST['category'], 0);
    }
    if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') {
        if ($date > NOW) {
            $status = $r['status'] = 2;
        } else {
            $date = $r['date'] = NOW;
        }
    }
    if (TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') {
        $article = $r['article'] = clean($_POST['article'], 0);
    }
    if (TABLE_PARAMETER == 'comments' && ID_PARAMETER == '') {
        $status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status;
    }
    if (TABLE_PARAMETER == 'comments' || TABLE_PARAMETER == 'users') {
        $email = $r['email'] = clean($_POST['email'], 3);
    }
    /* clean groups post */
    if (TABLE_PARAMETER == 'groups' && (ID_PARAMETER == '' || ID_PARAMETER > 1)) {
        $groups_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules');
        foreach ($groups_array as $value) {
            ${$value} = array_map(array($specialFilter, 'sanitize'), $_POST[$value]);
            ${$value} = array_map('clean', ${$value});
            $groups_string = implode(', ', ${$value});
            if ($groups_string == '') {
                $groups_string = 0;
            }
            $r[$value] = $groups_string;
        }
        $r['settings'] = clean($_POST['settings'], 0);
        $r['filter'] = clean($_POST['filter'], 0);
    }
    if ((TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users') && ID_PARAMETER == 1) {
        $status = $r['status'] = 1;
    }
    if (TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users' || TABLE_PARAMETER == 'modules') {
        $name = $r['name'] = clean($_POST['name'], 0);
    }
    /* clean users post */
    if (TABLE_PARAMETER == 'users') {
        if ($_POST['user']) {
            $user = $r['user'] = clean($_POST['user'], 0);
        } else {
            $user = $r['user'] = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->user;
        }
        $password_check = $password_confirm = 1;
        if ($_POST['edit'] && $_POST['password'] == '' && $_POST['password_confirm'] == '' || $_POST['delete']) {
            $password_check = 0;
        }
        if ($_POST['password'] != $_POST['password_confirm']) {
            $password_confirm = 0;
        }
        $password = clean($_POST['password'], 0);
        if ($password_check == 1 && $password_confirm == 1) {
            $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance());
            $passwordHash->init($password);
            $r['password'] = $passwordHash->getHash();
        }
        if ($_POST['new']) {
            $r['first'] = $r['last'] = NOW;
        }
        if (ID_PARAMETER == '' || ID_PARAMETER > 1) {
            $groups = array_map(array($specialFilter, 'sanitize'), $_POST['groups']);
            $groups = array_map('clean', $groups);
            $groups_string = implode(', ', $groups);
            if ($groups_string == '') {
                $groups_string = 0;
            }
            $groups = $r['groups'] = $groups_string;
        }
    }
    $r_keys = array_keys($r);
    $last = end($r_keys);
    /* validate post */
    switch (TABLE_PARAMETER) {
        /* contents */
        case 'categories':
        case 'articles':
        case 'extras':
            if ($title == '') {
                $error = l('title_empty');
            } else {
                $title_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->title;
                $id_title = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('title', $title)->findOne()->id;
            }
            if ($id_title && strcasecmp($title_id, $title) < 0) {
                $error = l('title_exists');
            }
            if (TABLE_PARAMETER == 'categories') {
                $opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id;
            }
            if (TABLE_PARAMETER == 'articles') {
                $opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id;
            }
            if ($opponent_id) {
                $error = l('alias_exists');
            }
            if (TABLE_PARAMETER != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) {
                $error = l('alias_incorrect');
            }
            /* groups */
        /* groups */
        case 'groups':
            if ($alias == '') {
                $error = l('alias_empty');
            } else {
                $alias_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->alias;
                $id_alias = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('alias', $alias)->findOne()->id;
            }
            if ($id_alias && strcasecmp($alias_id, $alias) < 0) {
                $error = l('alias_exists');
            }
    }
    /* validate general post */
    switch (TABLE_PARAMETER) {
        case 'articles':
        case 'extras':
        case 'comments':
            if ($text == '') {
                $error = l('text_empty');
            }
            break;
        case 'groups':
        case 'users':
        case 'modules':
            if ($name == '') {
                $error = l('name_empty');
            }
            break;
    }
    /* validate users post */
    if (TABLE_PARAMETER == 'users') {
        if ($user == '') {
            $error = l('user_incorrect');
        } else {
            $user_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->user;
            $id_user = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('user', $user)->findOne()->id;
        }
        if ($id_user && strcasecmp($user_id, $user) < 0) {
            $error = l('user_exists');
        }
        if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
            $error = l('user_incorrect');
        }
        if ($password_check == 1) {
            if ($password == '') {
                $error = l('password_empty');
            }
            if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                $error = l('password_incorrect');
            }
        }
    }
    /* validate last post */
    $emailValidator = new Redaxscript\Validator\Email();
    switch (TABLE_PARAMETER) {
        case 'comments':
            if ($author == '') {
                $error = l('author_empty');
            }
        case 'users':
            if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                $error = l('email_incorrect');
            }
    }
    $route = 'admin';
    /* handle error */
    if ($error) {
        if (ID_PARAMETER == '') {
            $route .= '/new/' . TABLE_PARAMETER;
        } else {
            $route .= '/edit/' . TABLE_PARAMETER . '/' . ID_PARAMETER;
        }
        notification(l('error_occurred'), $error, l('back'), $route);
        return;
    } else {
        if (TABLE_EDIT == 1 || TABLE_DELETE == 1) {
            $route .= '/view/' . TABLE_PARAMETER;
            if ($alias) {
                $route .= '#' . $alias;
            } else {
                if ($user) {
                    $route .= '#' . $user;
                }
            }
        }
    }
    /* process */
    switch (true) {
        /* query new */
        case $_POST['new']:
            Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save();
            notification(l('operation_completed'), '', l('continue'), $route);
            return;
            /* query edit */
        /* query edit */
        case $_POST['edit']:
            Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save();
            /* query categories */
            if (TABLE_PARAMETER == 'categories') {
                $categoryChildren = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('parent', ID_PARAMETER);
                $categoryArray = array_merge($categoryChildren->findArrayFlat(), array(ID_PARAMETER));
                $articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray);
                $articleArray = $articleChildren->findArrayFlat();
                if (count($articleArray) > 0) {
                    Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(array('status' => $status, 'access' => $access))->save();
                }
                $categoryChildren->findMany()->set(array('status' => $status, 'access' => $access))->save();
                $articleChildren->findMany()->set(array('status' => $status, 'access' => $access))->save();
            }
            /* query articles */
            if (TABLE_PARAMETER == 'articles') {
                if ($comments == 0) {
                    $status = 0;
                }
                Redaxscript\Db::forTablePrefix('comments')->where('article', ID_PARAMETER)->findMany()->set(array('status' => $status, 'access' => $access))->save();
            }
            if (USERS_EXCEPTION == 1) {
                $_SESSION[ROOT . '/my_name'] = $name;
                $_SESSION[ROOT . '/my_email'] = $email;
                if (file_exists('languages/' . $language . '.php')) {
                    $_SESSION[ROOT . '/language'] = $language;
                    $_SESSION[ROOT . '/language_selected'] = 1;
                }
            }
            notification(l('operation_completed'), '', l('continue'), $route);
            return;
    }
}
コード例 #5
0
/**
 * admin process
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Admin
 * @author Henry Ruhs
 */
function admin_process()
{
    $aliasFilter = new Redaxscript\Filter\Alias();
    $emailFilter = new Redaxscript\Filter\Email();
    $urlFilter = new Redaxscript\Filter\Url();
    $htmlFilter = new Redaxscript\Filter\Html();
    $aliasValidator = new Redaxscript\Validator\Alias();
    $loginValidator = new Redaxscript\Validator\Login();
    $specialFilter = new Redaxscript\Filter\Special();
    $messenger = new Redaxscript\Admin\Messenger(Redaxscript\Registry::getInstance());
    $filter = Redaxscript\Registry::get('filter');
    $tableParameter = Redaxscript\Registry::get('tableParameter');
    $idParameter = Redaxscript\Registry::get('idParameter');
    /* clean post */
    switch ($tableParameter) {
        /* categories */
        case 'categories':
            $parent = $r['parent'] = $specialFilter->sanitize($_POST['parent']);
            /* articles */
        /* articles */
        case 'articles':
            $r['keywords'] = $_POST['keywords'];
            $r['robots'] = $specialFilter->sanitize($_POST['robots']);
            $r['template'] = $specialFilter->sanitize($_POST['template']);
            /* extras */
        /* extras */
        case 'extras':
            $title = $r['title'] = $_POST['title'];
            if ($tableParameter != 'categories') {
                $r['headline'] = $specialFilter->sanitize($_POST['headline']);
            }
            $r['sibling'] = $specialFilter->sanitize($_POST['sibling']);
            $author = $r['author'] = Redaxscript\Registry::get('myUser');
            /* comments */
        /* comments */
        case 'comments':
            if ($tableParameter == 'comments') {
                $r['url'] = $urlFilter->sanitize($_POST['url']);
                $author = $r['author'] = $_POST['author'];
            }
            if ($tableParameter != 'categories') {
                $text = $r['text'] = $filter ? $htmlFilter->sanitize($_POST['text']) : $_POST['text'];
                $date = $r['date'] = $_POST['date'];
            }
            $rank = $r['rank'] = $specialFilter->sanitize($_POST['rank']);
            /* groups */
        /* groups */
        case 'groups':
            if ($tableParameter != 'comments') {
                $alias = $r['alias'] = $aliasFilter->sanitize($_POST['alias']);
            }
            /* users */
        /* users */
        case 'users':
            if ($tableParameter != 'groups') {
                $language = $r['language'] = $specialFilter->sanitize($_POST['language']);
            }
            /* modules */
        /* modules */
        case 'modules':
            $alias = $aliasFilter->sanitize($_POST['alias']);
            $status = $r['status'] = $specialFilter->sanitize($_POST['status']);
            if ($tableParameter != 'groups' && $tableParameter != 'users' && Redaxscript\Registry::get('groupsEdit')) {
                $access = array_map([$specialFilter, 'sanitize'], $_POST['access']);
                $access_string = implode(', ', $access);
                if (!$access_string) {
                    $access_string = null;
                }
                $access = $r['access'] = $access_string;
            }
            if ($tableParameter != 'extras' && $tableParameter != 'comments') {
                $r['description'] = $_POST['description'];
            }
            $token = $_POST['token'];
            break;
    }
    /* clean contents post */
    if ($tableParameter == 'articles') {
        $r['byline'] = $specialFilter->sanitize($_POST['byline']);
        $comments = $r['comments'] = $specialFilter->sanitize($_POST['comments']);
        if ($category && !$idParameter) {
            $status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status;
        }
    }
    if ($tableParameter == 'articles' || $tableParameter == 'extras') {
        $category = $r['category'] = $specialFilter->sanitize($_POST['category']);
    }
    if ($tableParameter == 'articles' || $tableParameter == 'extras' || $tableParameter == 'comments') {
        if ($date > Redaxscript\Registry::get('now')) {
            $status = $r['status'] = 2;
        }
        if (!$date) {
            $r['date'] = Redaxscript\Registry::get('now');
        }
    }
    if ($tableParameter == 'extras' || $tableParameter == 'comments') {
        $article = $r['article'] = $specialFilter->sanitize($_POST['article']);
    }
    if ($tableParameter == 'comments' && !$idParameter) {
        $status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status;
    }
    if ($tableParameter == 'comments' || $tableParameter == 'users') {
        $email = $r['email'] = $emailFilter->sanitize($_POST['email']);
    }
    /* clean groups post */
    if ($tableParameter == 'groups' && (!$idParameter || $idParameter > 1)) {
        $groups_array = ['categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules'];
        foreach ($groups_array as $value) {
            ${$value} = array_map([$specialFilter, 'sanitize'], $_POST[$value]);
            $groups_string = implode(', ', ${$value});
            if (!$groups_string) {
                $groups_string = 0;
            }
            $r[$value] = $groups_string;
        }
        $r['settings'] = $specialFilter->sanitize($_POST['settings']);
        $r['filter'] = $specialFilter->sanitize($_POST['filter']);
    }
    if (($tableParameter == 'groups' || $tableParameter == 'users') && $idParameter == 1) {
        $status = $r['status'] = 1;
    }
    if ($tableParameter == 'groups' || $tableParameter == 'users' || $tableParameter == 'modules') {
        $name = $r['name'] = $specialFilter->sanitize($_POST['name']);
    }
    /* clean users post */
    if ($tableParameter == 'users') {
        if ($_POST['user']) {
            $user = $r['user'] = $specialFilter->sanitize($_POST['user']);
        } else {
            $user = $r['user'] = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user;
        }
        $password_check = $password_confirm = 1;
        if ($_POST['edit'] && !$_POST['password'] && !$_POST['password_confirm'] || $_POST['delete']) {
            $password_check = 0;
        }
        if ($_POST['password'] != $_POST['password_confirm']) {
            $password_confirm = 0;
        }
        $password = $specialFilter->sanitize($_POST['password']);
        if ($password_check == 1 && $password_confirm == 1) {
            $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance());
            $passwordHash->init($password);
            $r['password'] = $passwordHash->getHash();
        }
        if ($_POST['new']) {
            $r['first'] = $r['last'] = Redaxscript\Registry::get('now');
        }
        if (!$idParameter || $idParameter > 1) {
            $groups = array_map([$specialFilter, 'sanitize'], $_POST['groups']);
            $groups_string = implode(', ', $groups);
            if (!$groups_string) {
                $groups_string = 0;
            }
            $groups = $r['groups'] = $groups_string;
        }
    }
    $r_keys = array_keys($r);
    $last = end($r_keys);
    /* validate post */
    switch ($tableParameter) {
        /* contents */
        case 'categories':
        case 'articles':
        case 'extras':
            if (!$title) {
                $error = Redaxscript\Language::get('title_empty');
            }
            if ($tableParameter == 'categories') {
                $opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id;
            }
            if ($tableParameter == 'articles') {
                $opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id;
            }
            if ($opponent_id) {
                $error = Redaxscript\Language::get('alias_exists');
            }
            if ($tableParameter != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) {
                $error = Redaxscript\Language::get('alias_incorrect');
            }
            /* groups */
        /* groups */
        case 'groups':
            if (!$alias) {
                $error = Redaxscript\Language::get('alias_empty');
            } else {
                $alias_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->alias;
                $id_alias = Redaxscript\Db::forTablePrefix($tableParameter)->where('alias', $alias)->findOne()->id;
            }
            if ($id_alias && strcasecmp($alias_id, $alias) < 0) {
                $error = Redaxscript\Language::get('alias_exists');
            }
    }
    /* validate general post */
    switch ($tableParameter) {
        case 'articles':
        case 'extras':
        case 'comments':
            if (!$text) {
                $error = Redaxscript\Language::get('text_empty');
            }
            break;
        case 'groups':
        case 'users':
        case 'modules':
            if (!$name) {
                $error = Redaxscript\Language::get('name_empty');
            }
            break;
    }
    /* validate users post */
    if ($tableParameter == 'users') {
        if (!$user) {
            $error = Redaxscript\Language::get('user_incorrect');
        } else {
            $user_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user;
            $id_user = Redaxscript\Db::forTablePrefix($tableParameter)->where('user', $user)->findOne()->id;
        }
        if ($id_user && strcasecmp($user_id, $user) < 0) {
            $error = Redaxscript\Language::get('user_exists');
        }
        if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
            $error = Redaxscript\Language::get('user_incorrect');
        }
        if ($password_check == 1) {
            if (!$password) {
                $error = Redaxscript\Language::get('password_empty');
            }
            if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                $error = Redaxscript\Language::get('password_incorrect');
            }
        }
    }
    /* validate last post */
    $emailValidator = new Redaxscript\Validator\Email();
    switch ($tableParameter) {
        case 'comments':
            if (!$author) {
                $error = Redaxscript\Language::get('author_empty');
            }
        case 'users':
            if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                $error = Redaxscript\Language::get('email_incorrect');
            }
    }
    $route = 'admin';
    /* handle error */
    if ($error) {
        if (!$idParameter) {
            $route .= '/new/' . $tableParameter;
        } else {
            $route .= '/edit/' . $tableParameter . '/' . $idParameter;
        }
        /* show error */
        echo $messenger->setRoute(Redaxscript\Language::get('back'), $route)->error($error, Redaxscript\Language::get('error_occurred'));
        return;
    } else {
        if (Redaxscript\Registry::get('tableEdit') == 1 || Redaxscript\Registry::get('tableEdit') == 1) {
            $route .= '/view/' . $tableParameter;
            if ($alias) {
                $route .= '#' . $alias;
            } else {
                if ($user) {
                    $route .= '#' . $user;
                }
            }
        }
    }
    /* select to null */
    foreach ($r as $key => $value) {
        if ($value == 'select') {
            $r[$key] = null;
        }
    }
    /* process */
    switch (true) {
        /* query new */
        case $_POST['new']:
            Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save();
            /* show success */
            echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed'));
            return;
            /* query edit */
        /* query edit */
        case $_POST['edit']:
            Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save();
            /* query categories */
            if ($tableParameter == 'categories') {
                $categoryChildren = Redaxscript\Db::forTablePrefix($tableParameter)->where('parent', $idParameter);
                $categoryArray = array_merge($categoryChildren->findFlatArray(), [$idParameter]);
                $articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray);
                $articleArray = $articleChildren->findFlatArray();
                if (count($articleArray) > 0) {
                    Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(['status' => $status, 'access' => $access])->save();
                }
                $categoryChildren->findMany()->set(['status' => $status, 'access' => $access])->save();
                $articleChildren->findMany()->set(['status' => $status, 'access' => $access])->save();
            }
            /* query articles */
            if ($tableParameter == 'articles') {
                if ($comments == 0) {
                    $status = 0;
                }
                Redaxscript\Db::forTablePrefix('comments')->where('article', $idParameter)->findMany()->set(['status' => $status, 'access' => $access])->save();
            }
            if ($tableParameter == 'users' && $idParameter == Redaxscript\Registry::get('myId')) {
                $auth = new Redaxscript\Auth(Redaxscript\Request::getInstance());
                $auth->init();
                $auth->setUser('name', $name);
                $auth->setUser('email', $email);
                $auth->setUser('language', $language);
                $auth->save();
                Redaxscript\Request::setSession('language', $language);
            }
            /* show success */
            echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed'));
            return;
    }
}
コード例 #6
0
ファイル: login.php プロジェクト: ITw3/redaxscript
/**
 * login post
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Login
 * @author Henry Ruhs
 */
function login_post()
{
    $loginValidator = new Redaxscript\Validator\Login();
    $emailValidator = new Redaxscript\Validator\Email();
    $captchaValidator = new Redaxscript\Validator\Captcha();
    /* clean post */
    if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/login'] == 'visited') {
        $post_user = $_POST['user'];
        $post_password = $_POST['password'];
        $task = $_POST['task'];
        $solution = $_POST['solution'];
        $login_by_email = 0;
        $users_query = 'SELECT id, name, user, email, password, language, status, groups FROM ' . PREFIX . 'users ';
        if ($emailValidator->validate($post_user) == Redaxscript\Validator\Validator::FAILED) {
            $post_user = clean($post_user, 0);
            $users_query .= 'WHERE user = \'' . $post_user . '\' LIMIT 1';
        } else {
            $post_user = clean($post_user, 3);
            $login_by_email = 1;
            $users_query .= 'WHERE email = \'' . $post_user . '\' LIMIT 1';
        }
        $users_result = mysql_query($users_query);
        while ($r = mysql_fetch_assoc($users_result)) {
            foreach ($r as $key => $value) {
                $key = 'my_' . $key;
                ${$key} = stripslashes($value);
            }
        }
    }
    /* validate post */
    if ($post_user == '') {
        $error = l('user_empty');
    } else {
        if ($post_password == '') {
            $error = l('password_empty');
        } else {
            if ($login_by_email == 0 && $loginValidator->validate($post_user) == Redaxscript\Validator\Validator::FAILED) {
                $error = l('user_incorrect');
            } else {
                if ($login_by_email == 1 && $emailValidator->validate($post_user) == Redaxscript\Validator\Validator::FAILED) {
                    $error = l('email_incorrect');
                } else {
                    if ($loginValidator->validate($post_password) == Redaxscript\Validator\Validator::FAILED) {
                        $error = l('password_incorrect');
                    } else {
                        if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\Validator::FAILED) {
                            $error = l('captcha_incorrect');
                        } else {
                            if ($my_id == '' || md5($post_password) . SALT != $my_password && sha1($post_password) . SALT != $my_password) {
                                $error = l('login_incorrect');
                            } else {
                                if ($my_status == 0) {
                                    $error = l('access_no');
                                } else {
                                    /* setup login session */
                                    $_SESSION[ROOT . '/logged_in'] = TOKEN;
                                    $_SESSION[ROOT . '/my_id'] = $my_id;
                                    $_SESSION[ROOT . '/my_name'] = $my_name;
                                    $_SESSION[ROOT . '/my_user'] = $my_user;
                                    $_SESSION[ROOT . '/my_email'] = $my_email;
                                    if (file_exists('languages/' . $my_language . '.php')) {
                                        $_SESSION[ROOT . '/language'] = $my_language;
                                        $_SESSION[ROOT . '/language_selected'] = 1;
                                    }
                                    $_SESSION[ROOT . '/my_groups'] = $my_groups;
                                    /* query groups */
                                    $groups_query = 'SELECT categories, articles, extras, comments, groups, users, modules, settings, filter FROM ' . PREFIX . 'groups WHERE id IN (' . $my_groups . ') && status = 1';
                                    $groups_result = mysql_query($groups_query);
                                    if ($groups_result) {
                                        $num_rows = mysql_num_rows($groups_result);
                                        while ($r = mysql_fetch_assoc($groups_result)) {
                                            if ($r) {
                                                foreach ($r as $key => $value) {
                                                    $key = 'groups_' . $key;
                                                    ${$key} .= stripslashes($value);
                                                    if (++$counter < $num_rows) {
                                                        ${$key} .= ', ';
                                                    }
                                                }
                                            }
                                        }
                                    }
                                    /* setup access session */
                                    $access_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users');
                                    foreach ($access_array as $value) {
                                        $groups_value = 'groups_' . $value;
                                        $position_new = strpos(${$groups_value}, '1');
                                        $position_edit = strpos(${$groups_value}, '2');
                                        $position_delete = strpos(${$groups_value}, '3');
                                        $_SESSION[ROOT . '/' . $value . '_delete'] = $_SESSION[ROOT . '/' . $value . '_edit'] = $_SESSION[ROOT . '/' . $value . '_new'] = 0;
                                        if ($position_new > -1) {
                                            $_SESSION[ROOT . '/' . $value . '_new'] = 1;
                                        }
                                        if ($position_edit > -1) {
                                            $_SESSION[ROOT . '/' . $value . '_edit'] = 1;
                                        }
                                        if ($position_delete > -1) {
                                            $_SESSION[ROOT . '/' . $value . '_delete'] = 1;
                                        }
                                    }
                                    $position_modules_install = strpos($groups_modules, '1');
                                    $position_modules_edit = strpos($groups_modules, '2');
                                    $position_modules_uninstall = strpos($groups_modules, '3');
                                    $position_settings_edit = strpos($groups_settings, '1');
                                    $position_filter = strpos($groups_filter, '0');
                                    $_SESSION[ROOT . '/filter'] = 1;
                                    $_SESSION[ROOT . '/settings_edit'] = $_SESSION[ROOT . '/modules_uninstall'] = $_SESSION[ROOT . '/modules_edit'] = $_SESSION[ROOT . '/modules_install'] = 0;
                                    if ($position_modules_install > -1) {
                                        $_SESSION[ROOT . '/modules_install'] = 1;
                                    }
                                    if ($position_modules_edit > -1) {
                                        $_SESSION[ROOT . '/modules_edit'] = 1;
                                    }
                                    if ($position_modules_uninstall > -1) {
                                        $_SESSION[ROOT . '/modules_uninstall'] = 1;
                                    }
                                    if ($position_settings_edit > -1) {
                                        $_SESSION[ROOT . '/settings_edit'] = 1;
                                    }
                                    if ($position_filter > -1) {
                                        $_SESSION[ROOT . '/filter'] = 0;
                                    }
                                    $_SESSION[ROOT . '/update'] = NOW;
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    /* handle error */
    if ($error) {
        if (s('blocker') == 1) {
            $_SESSION[ROOT . '/attack_blocked']++;
        }
        notification(l('error_occurred'), $error, l('back'), 'login');
    } else {
        notification(l('welcome'), l('logged_in'), l('continue'), 'admin');
    }
    $_SESSION[ROOT . '/login'] = '';
}
コード例 #7
0
/**
 * registration post
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Registration
 * @author Henry Ruhs
 */
function registration_post()
{
    /* clean post */
    if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/registration'] == 'visited') {
        $name = $r['name'] = clean($_POST['name'], 0);
        $user = $r['user'] = clean($_POST['user'], 0);
        $email = $r['email'] = clean($_POST['email'], 3);
        $password = substr(sha1(uniqid()), 0, 10);
        $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance());
        $passwordHash->init($password);
        $r['password'] = $passwordHash->getHash();
        $r['description'] = '';
        $r['language'] = Redaxscript\Registry::get('language');
        $r['first'] = $r['last'] = NOW;
        $r['groups'] = Redaxscript\Db::forTablePrefix('groups')->where('alias', 'members')->findOne()->id;
        if ($r['groups'] == '') {
            $r['groups'] = 0;
        }
        $task = $_POST['task'];
        $solution = $_POST['solution'];
    }
    /* validate post */
    $loginValidator = new Redaxscript\Validator\Login();
    $emailValidator = new Redaxscript\Validator\Email();
    $captchaValidator = new Redaxscript\Validator\Captcha();
    if ($name == '') {
        $error = l('name_empty');
    } else {
        if ($user == '') {
            $error = l('user_empty');
        } else {
            if ($email == '') {
                $error = l('email_empty');
            } else {
                if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                    $error = l('user_incorrect');
                } else {
                    if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                        $error = l('email_incorrect');
                    } else {
                        if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) {
                            $error = l('captcha_incorrect');
                        } else {
                            if (Redaxscript\Db::forTablePrefix('users')->where('user', $user)->findOne()->id) {
                                $error = l('user_exists');
                            } else {
                                if (USERS_NEW == 0 && s('verification') == 1) {
                                    $r['status'] = 0;
                                    $success = l('registration_verification');
                                } else {
                                    $r['status'] = 1;
                                    $success = l('registration_sent');
                                }
                                /* send login information */
                                $loginRoute = ROOT . '/' . REWRITE_ROUTE . 'login';
                                $loginLink = anchor_element('external', '', '', $loginRoute, $loginRoute);
                                $toArray = array($name => $email);
                                if (s('notification') == 1) {
                                    $toArray[s('author')] = s('email');
                                }
                                $fromArray = array($author => $email);
                                $subject = l('registration');
                                $bodyArray = array('<strong>' . l('name') . l('colon') . '</strong> ' . $name, '<br />', '<strong>' . l('user') . l('colon') . '</strong> ' . $user, '<br />', '<strong>' . l('password') . l('colon') . '</strong> ' . $password, '<br />', '<strong>' . l('login') . l('colon') . '<strong> ' . $loginLink);
                                /* mailer object */
                                $mailer = new Redaxscript\Mailer();
                                $mailer->init($toArray, $fromArray, $subject, $bodyArray);
                                $mailer->send();
                                /* create user */
                                Redaxscript\Db::forTablePrefix('users')->create()->set($r)->save();
                            }
                        }
                    }
                }
            }
        }
    }
    /* handle error */
    if ($error) {
        if (s('blocker') == 1) {
            $_SESSION[ROOT . '/attack_blocked']++;
        }
        notification(l('error_occurred'), $error, l('back'), 'registration');
    } else {
        notification(l('operation_completed'), $success, l('login'), 'login');
    }
    $_SESSION[ROOT . '/registration'] = '';
}
コード例 #8
0
ファイル: install.php プロジェクト: ITw3/redaxscript
function check_install()
{
    global $name, $user, $password, $email;
    $loginValidator = new Redaxscript\Validator\Login();
    $emailValidator = new Redaxscript\Validator\Email();
    if ($_POST['install_post'] && DB_CONNECTED == 1 && $name && $loginValidator->validate($user) == Redaxscript\Validator\Validator::PASSED && $loginValidator->validate($password) == Redaxscript\Validator\Validator::PASSED && $emailValidator->validate($email) == Redaxscript\Validator\Validator::PASSED) {
        $output = 1;
    } else {
        $output = 0;
    }
    return $output;
}
コード例 #9
0
ファイル: registration.php プロジェクト: ITw3/redaxscript
/**
 * registration post
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Registration
 * @author Henry Ruhs
 */
function registration_post()
{
    /* clean post */
    if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/registration'] == 'visited') {
        $name = $r['name'] = clean($_POST['name'], 0);
        $user = $r['user'] = clean($_POST['user'], 0);
        $email = $r['email'] = clean($_POST['email'], 3);
        $password = hash_generator(10);
        $r['password'] = sha1($password) . SALT;
        $r['description'] = '';
        $r['language'] = LANGUAGE;
        $r['first'] = $r['last'] = NOW;
        $r['groups'] = retrieve('id', 'groups', 'alias', 'members');
        if ($r['groups'] == '') {
            $r['groups'] = 0;
        }
        $task = $_POST['task'];
        $solution = $_POST['solution'];
    }
    /* validate post */
    $loginValidator = new Redaxscript\Validator\Login();
    $emailValidator = new Redaxscript\Validator\Email();
    $captchaValidator = new Redaxscript\Validator\Captcha();
    if ($name == '') {
        $error = l('name_empty');
    } else {
        if ($user == '') {
            $error = l('user_empty');
        } else {
            if ($email == '') {
                $error = l('email_empty');
            } else {
                if ($loginValidator->validate($user) == Redaxscript\Validator\Validator::FAILED) {
                    $error = l('user_incorrect');
                } else {
                    if ($emailValidator->validate($email) == Redaxscript\Validator\Validator::FAILED) {
                        $error = l('email_incorrect');
                    } else {
                        if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\Validator::FAILED) {
                            $error = l('captcha_incorrect');
                        } else {
                            if (retrieve('id', 'users', 'user', $user)) {
                                $error = l('user_exists');
                            } else {
                                if (USERS_NEW == 0 && s('verification') == 1) {
                                    $r['status'] = 0;
                                    $success = l('registration_verification');
                                } else {
                                    $r['status'] = 1;
                                    $success = l('registration_sent');
                                }
                                /* send login information */
                                $loginRoute = ROOT . '/' . REWRITE_ROUTE . 'login';
                                $loginLink = anchor_element('external', '', '', $loginRoute, $loginRoute);
                                $toArray = array($name => $email);
                                if (s('notification') == 1) {
                                    $toArray[s('author')] = s('email');
                                }
                                $fromArray = array($author => $email);
                                $subject = l('registration');
                                $bodyArray = array('<strong>' . l('name') . l('colon') . '</strong> ' . $name . ' (' . MY_IP . ')', '<strong>' . l('user') . l('colon') . '</strong> ' . $user, '<strong>' . l('password') . l('colon') . '</strong> ' . $password, '<br />', '<strong>' . l('login') . l('colon') . '<strong> ' . $loginLink);
                                /* mailer object */
                                $mailer = new Redaxscript\Mailer($toArray, $fromArray, $subject, $bodyArray);
                                $mailer->send();
                                /* build key and value strings */
                                $r_keys = array_keys($r);
                                $last = end($r_keys);
                                foreach ($r as $key => $value) {
                                    $key_string .= $key;
                                    $value_string .= '\'' . $value . '\'';
                                    if ($last != $key) {
                                        $key_string .= ', ';
                                        $value_string .= ', ';
                                    }
                                }
                                /* insert user */
                                $query = 'INSERT INTO ' . PREFIX . 'users (' . $key_string . ') VALUES (' . $value_string . ')';
                                mysql_query($query);
                            }
                        }
                    }
                }
            }
        }
    }
    /* handle error */
    if ($error) {
        if (s('blocker') == 1) {
            $_SESSION[ROOT . '/attack_blocked']++;
        }
        notification(l('error_occurred'), $error, l('back'), 'registration');
    } else {
        notification(l('operation_completed'), $success, l('login'), 'login');
    }
    $_SESSION[ROOT . '/registration'] = '';
}