/** * Open or close the site for maintenance * * @param object $h * @param string $switch - 'open' or 'close' */ public function openCloseSite($h, $switch = 'open') { // called via JavaScript if ($switch == 'open') { $value = 'true'; $message = $h->lang("admin_theme_maintenance_close_site"); $siteState = 'close'; } else { $value = 'false'; $message = $h->lang("admin_theme_maintenance_open_site"); $siteState = 'open'; } $result = \Hotaru\Models2\Setting::makeUpdate($h, 'SITE_OPEN', $value, $h->currentUser->id); $json_array = array('activate' => $result, 'message' => $message, 'name' => $siteState); // Send back result data echo json_encode($json_array); die; }
/** * Step 3 of installation - registers the site Admin. */ function register_admin($h) { global $lang; //already included so Hotaru can't re-include it // Make sure that the cache folders have been created before we call $h for the first time // Since we have defined CACHE in install script, the normal Initialize script will think folders are already present createCacheFolders(); //$h = new \Libs\Hotaru(); // overwrites current global with fully initialized Hotaru object // save default admin user if none already present in db $sql = "SELECT user_username FROM " . TABLE_USERS . " WHERE user_role = %s"; $admin_name = $h->db->get_var($h->db->prepare($sql, 'admin')); if (!$admin_name) { // Insert default settings $user_name = 'admin'; $user_email = '*****@*****.**'; $user_password = '******'; $defaultAdminPermission = serialize($h->currentUser->getDefaultPermissions($h, 'admin')); $passwordHash = password_hash($user_password, PASSWORD_DEFAULT); $sql = "INSERT INTO " . TABLE_USERS . " (user_username, user_role, user_date, user_password, user_email, user_permissions) VALUES (%s, %s, CURRENT_TIMESTAMP, %s, %s, %s)"; $h->db->query($h->db->prepare($sql, $user_name, 'admin', $passwordHash, $user_email, $defaultAdminPermission)); } $next_button = false; $error = 0; $step = $h->cage->post->getInt('step'); if ($step == 4) { // Test CSRF // if (!$h->csrf()) { // $h->message = $lang['install_step3_csrf_error']; ; // $h->messages[$lang['install_step3_csrf_error']] = 'red'; // $error = 1; //} if ($h->cage->post->getAlpha('updated') == 'forum') { // Test username $forumUsernameCheck = $h->cage->post->testUsername('forumUsername'); // alphanumeric, dashes and underscores okay, case insensitive if ($forumUsernameCheck) { $forumUsername = $forumUsernameCheck; } else { $h->message = $lang['install_step3_username_error']; $h->messages[$lang['install_step3_username_error']] = 'red'; $error = 1; } // Test password $forumPasswordCheck = $h->cage->post->testPassword('forumPassword'); if ($forumPasswordCheck) { $forumPassword = $forumPasswordCheck; // $h->currentUser->generateHash($password_check); } else { $h->messages[$lang['install_step3_password_match_error']] = 'red'; $error = 1; } // save \Hotaru\Models2\Setting::makeUpdate($h, 'FORUM_USERNAME', $forumUsername); \Hotaru\Models2\Setting::makeUpdate($h, 'FORUM_PASSWORD', $forumPassword); // TODO give a check/confirmation button } else { // Test username $name_check = $h->cage->post->testUsername('username'); // alphanumeric, dashes and underscores okay, case insensitive if ($name_check) { $user_name = $name_check; } else { $h->message = $lang['install_step3_username_error']; $h->messages[$lang['install_step3_username_error']] = 'red'; $error = 1; } // Test password $password_check = $h->cage->post->testPassword('password'); if ($password_check) { $password2_check = $h->cage->post->testPassword('password2'); if ($password_check == $password2_check) { // success $user_password = $password_check; // $h->currentUser->generateHash($password_check); } else { $h->messages[$lang['install_step3_password_match_error']] = 'red'; $error = 1; } } else { $password_check = ""; $password2_check = ""; $h->messages[$lang['install_step3_password_error']] = 'red'; $error = 1; } // Test email $email_check = $h->cage->post->testEmail('email'); if ($email_check) { $user_email = $email_check; // also use this email address as the site notification email address \Hotaru\Models2\Setting::makeUpdate($h, 'SITE_EMAIL', $user_email); } else { $h->messages[$lang['install_step3_email_error']] = 'red'; $error = 1; } } } if ($error == 0) { $user_info = $h->currentUser->getUser($h, 0, $admin_name); // On returning to this page via back or next, the fields are empty at this point, so... $user_name = isset($user_name) ? $user_name : ""; $user_email = isset($user_email) ? $user_email : ""; $user_password = isset($user_password) ? $user_password : ""; if ($user_name != "" && $user_email != "" && $user_password != "") { // There's been a change so update... $h->currentUser->name = $user_name; $h->currentUser->email = $user_email; $h->currentUser->password = $user_password; $h->currentUser->role = 'admin'; $h->currentUser->updateUserBasic($h); $h->currentUser->savePassword($h); // auto login admin user as well, but no cookie unset($h->users[$user_name]); $h->loginCheck($user_name, $user_password); $next_button = true; } else { $user_id = $user_info->user_id; $user_name = $user_info->user_username; $user_email = $user_info->user_email; //$user_password = $user_info->user_password; } } // Show success message if ($step == 4 && $error == 0) { $h->messages[$lang['install_step3_update_success']] = 'green'; } template($h, 'install/register_admin.php', array('next_button' => $next_button, 'user_name' => $user_name, 'user_email' => $user_email)); }
/** * List all plugins with settings * * @return array|false */ public function listPluginSettings($h) { $plugin_settings = array(); $results = \Hotaru\Models2\Setting::getPluginSettings($h); if (!$results) { return false; } foreach ($results as $item) { array_push($plugin_settings, $item->plugin_folder); } return $plugin_settings; }
/** * Returns all site settings * * @return <bool> */ private function readSettings() { // TODO sort out this hard code define problem if ($this->memCache) { $memCacheSettings = $this->memCache->read('settings'); if ($memCacheSettings) { $settings = $memCacheSettings; } else { $settings = \Hotaru\Models2\Setting::getValues($this); //$settings = HotaruModels\Setting::getValues(); $this->memCache->write('settings', $settings, 10000); } } else { $settings = \Hotaru\Models2\Setting::getValues($this); } if (!$settings) { $default_settings = array('THEME' => 'default/', 'SITE_NAME' => 'Hotaru CMS', 'FRIENDLY_URLS' => false, 'LANG_CACHE' => false, 'SITE_OPEN' => false, 'DB_CACHE_DURATION' => 0, 'DB_CACHE' => false, 'DEBUG' => false, 'MINIFY_JS' => false, 'MINIFY_CSS' => false); foreach ($default_settings as $setting => $value) { $this->settings[$setting] = $value; if (!defined($setting)) { define($setting, $value); } } return false; } /** * override the theme if admin and ?themePreview is set on url */ $themePreview = $this->cage->get->testAlnumLines('themePreview'); if ($themePreview) { $settings[2] = array('settings_name' => 'THEME', 'settings_value' => $themePreview . '/'); } // Make Hotaru settings global constants foreach ($settings as $setting) { if (!defined($setting->settings_name)) { define($setting->settings_name, $setting->settings_value); } } return true; }
/** * Get system data * * @param string $type 'log' or 'object' * @return object */ public function getSystemData($h, $level = '') { // essentials: //$data = \Hotaru\Models\Miscdata::getCurrentSettings(); //print_r($data); $report['hotaru_site_name'] = SITE_NAME; $report['hotaru_SITEURL'] = SITEURL; $report['php_version'] = phpversion(); $report['mysql_version'] = $h->db->get_var("SELECT VERSION() AS VE"); $report['hotaru_version'] = $h->version; $report['php_extensions'] = get_loaded_extensions(); $sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s"; $report['hotaru_version_db'] = $h->db->get_var($h->db->prepare($sql, 'hotaru_version')); // default permissions if ($level !== 'lite') { $sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s"; $report['hotaru_permissions'] = $h->db->get_var($h->db->prepare($sql, 'permissions')); } // default user settings $sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s"; $report['hotaru_user_settings'] = $h->db->get_var($h->db->prepare($sql, 'user_settings')); // Settings: Name, value (excluding SMTP PASSWORD) $settings = \Hotaru\Models2\Setting::getValues($h); //$settings = \Hotaru\Models\Setting::getValues(); if ($settings) { foreach ($settings as $setting) { // mask sensitive data switch ($setting->settings_name) { case 'SMTP_HOST': case 'SMTP_PORT': case 'SMTP_USERNAME': case 'SMTP_PASSWORD': case 'FORUM_PASSWORD': $setting->settings_value = preg_replace("/[a-zA-Z0-9]/", "*", $setting->settings_value); break; } $report['settings'][$setting->settings_name] = $setting->settings_value; } } // Counts for all tables foreach ($h->db->get_col("SHOW TABLES", 0) as $table_name) { $report['hotaru_table_count'][$table_name] = $h->db->get_var("SELECT COUNT(*) FROM " . $table_name); } // $sql = 'SELECT s.schema_name,t.table_name, CONCAT(IFNULL(ROUND(SUM(t.data_length)/1024/1024,2),0.00),"Mb") data_size,CONCAT(IFNULL(ROUND(SUM(t.index_length)/1024/1024,2),0.00),"Mb") index_size, t.ENGINE ENGINE, t.table_rows TABLE_ROWS,t.row_format TABLE_ROW_FORMAT,date(t.update_time) FROM INFORMATION_SCHEMA.SCHEMATA s LEFT JOIN INFORMATION_SCHEMA.TABLES t ON s.schema_name = t.table_schema WHERE s.schema_name not in ("mysql","information_schema") GROUP BY s.schema_name,t.table_name,TABLE_ROW_FORMAT,ENGINE ORDER BY TABLE_ROWS DESC,data_size DESC,index_size DESC'; // // print_r($h->db->get_results($sql)); // plugins: folder, enabled, version, order $sql = "SELECT plugin_folder, plugin_enabled, plugin_version, plugin_order, plugin_latestversion FROM " . TABLE_PLUGINS . " ORDER BY plugin_order"; $plugins = $h->db->get_results($h->db->prepare($sql)); if ($plugins) { foreach ($plugins as $plugin) { $report['hotaru_plugins'][$plugin->plugin_folder]['enabled'] = $plugin->plugin_enabled; $report['hotaru_plugins'][$plugin->plugin_folder]['version'] = $plugin->plugin_version; $report['hotaru_plugins'][$plugin->plugin_folder]['order'] = $plugin->plugin_order; $report['hotaru_plugins'][$plugin->plugin_folder]['plugin_latestversion'] = $plugin->plugin_latestversion; } } // plugin hooks: id, folder, hook name if ($level !== 'lite') { $sql = "SELECT phook_id, plugin_folder, plugin_hook FROM " . TABLE_PLUGINHOOKS; $plugins = $h->db->get_results($h->db->prepare($sql)); if ($plugins) { foreach ($plugins as $plugin) { $report['hotaru_plugin_hooks'][$plugin->phook_id]['folder'] = $plugin->plugin_folder; $report['hotaru_plugin_hooks'][$plugin->phook_id]['hook'] = $plugin->plugin_hook; } } } // plugin settings: folder, setting (can't use value because might include passwords) if ($level !== 'lite') { $sql = "SELECT plugin_folder, plugin_setting, plugin_value FROM " . TABLE_PLUGINSETTINGS; $plugins = $h->db->get_results($h->db->prepare($sql)); if ($plugins) { foreach ($plugins as $plugin) { if (is_serialized($plugin->plugin_value)) { $plugin->plugin_value = unserialize($plugin->plugin_value); } $report['hotaru_plugin_settings'][$plugin->plugin_folder][$plugin->plugin_setting] = $this->applyMaskToArrays($h, $plugin->plugin_value); } } } // Widgets: plugin, function, args $sql = "SELECT widget_plugin, widget_function, widget_args FROM " . TABLE_WIDGETS; $widgets = $h->db->get_results($h->db->prepare($sql)); if ($widgets) { foreach ($widgets as $widget) { $report['hotaru_widgets'][$widget->widget_plugin]['function'] = $widget->widget_function; $report['hotaru_widgets'][$widget->widget_plugin]['args'] = $widget->widget_args; } } return $report; }