/** * List current set of users * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @return void */ public function manage() { $objSQL = Core_Classes_coreObj::getDBO(); $objTPL = Core_Classes_coreObj::getTPL(); $objTime = Core_Classes_coreObj::getTime(); $objUser = Core_Classes_coreObj::getUser(); $objTPL->set_filenames(array('body' => cmsROOT . Core_Classes_Page::$THEME_ROOT . 'block.tpl', 'panel' => cmsROOT . 'modules/core/views/admin/users/list.tpl')); $query = $objSQL->queryBuilder()->select('*')->from('#__users')->orderby('id')->build(); $users = $objSQL->fetchAll($query, 'id'); if (!$users) { msgDie('INFO', 'Cant query users :/'); return false; } foreach ($users as $id => $user) { switch ($user['userlevel']) { case ADMIN: $role = 'Administrator'; break; case MOD: $role = 'Moderator'; break; case USER: $role = 'User'; break; } $objTPL->assign_block_vars('user', array('ID' => $id, 'NAME' => $objUser->makeUsername($id), 'EMAIL' => $user['email'], 'DATE_REGISTERED' => $objTime->mk_time($user['register_date']), 'ROLE' => $role, 'STATUS' => $user['active'] == '1' ? 'Active' : 'Disabled', 'STATUS_LABEL' => $user['active'] == '1' ? 'success' : 'error')); } $objTPL->parse('panel', false); Core_Classes_coreObj::getAdminCP()->setupBlock('body', array('cols' => 3, 'vars' => array('TITLE' => 'User Management', 'CONTENT' => $objTPL->get_html('panel', false), 'ICON' => 'fa-icon-user'), 'custom_html' => array('HTML' => Core_Classes_coreObj::getForm()->inputBox('search_user', 'text', '', array('class' => 'input-mini', 'placeholder' => 'Search..'))))); }
/** * Tests to see if we have a body handle in the template system, if so output it * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @return void */ public function output() { $objTPL = Core_Classes_coreObj::getTPL(); if (!$objTPL->isHandle('body')) { $page = Core_Classes_coreObj::getPage()->getVar('contents'); if ($page === null) { msgDie('FAIL', 'No output received from module.'); } else { echo $page; } } else { echo $objTPL->get_html('body'); } }
function form_recaptcha($args) { global $objTPL; $file = 'plugins/cscms/class.recaptcha.php'; if (!is_file($file) || !is_readable($file)) { msgDie('FAIL', 'Fatal Error - 404' . '<br />We have been unable to locate/read the ' . $file . ' file.'); } else { require_once $file; } if (class_exists('Captcha', false) && !is_empty($objTPL->config('site', 'captcha_pub')) && !is_empty($objTPL->config('site', 'captcha_priv'))) { $objCAPTCHA = new Captcha($objTPL->config('site', 'captcha_pub'), $objTPL->config('site', 'captcha_priv')); $objCAPTCHA->objTPL = $objTPL; } else { return false; } if (!HTTP_POST) { return $objCAPTCHA->outputCaptcha($args); } else { return $objCAPTCHA->checkAnswer(User::getIP(), $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); } return false; }
/** * Displays the header with an error. * * @version 1.0 * @since 0.8.0 */ function hmsgDie($type, $msg) { $objPage = Core_Classes_coreObj::getPage(); // $doSimple = false; // if(HTTP_AJAX || isset($_GET['ajax']) || $objPage->getVar('simpleTpl')){ // $doSimple = true; // } $header = $objPage->getOptions('completed'); if (!$header) { $objPage->showHeader(); } msgDie($type, $msg, '', '', ''); }
*/ $url = explode('?', $_SERVER['REQUEST_URI']); if (isset($url[1])) { //backup the _GET array parse_str overwrites the $_GET array $GET = $_GET; //parse the _GET vars from the url parse_str($url[1], $_GET); //and merge away :D $_GET = array_merge($GET, $_GET); } $mode = doArgs('__mode', null, $_GET); $module = doArgs('__module', null, $_GET); $action = doArgs('__action', null, $_GET); $extra = doArgs('__extra', null, $_GET); if (!preg_match('#install($|/)#i', $action)) { if (!empty($module) && $objCore->loadModule($module, true)) { $objModule = new $module($objCore); $objModule->doAction($action); } else { $objCore->throwHTTP(404); } } else { $objCore->autoLoadModule('core', $objModule); $objModule->installModule($module); } $tplMode = $objPage->getVar('tplMode'); $objPage->showHeader(!$tplMode && !isset($_GET['ajax']) ? false : true); if ($__eval = $objTPL->output('body')) { msgDie('FAIL', 'No output received from module.'); } $objPage->showFooter(!$tplMode && !isset($_GET['ajax']) ? false : true);
if ($userava_update === NULL) { msgDie('FAIL', 'The upload failed. Please try again.', '', '', '', 0); } $avachgr = '<script>top.change_avatar(\'' . $update['avatar'] . '\');top.myLightWindow.deactivate();</script>'; $this->objLogin->setSessions($uid); msgDie('OK', 'The avatar upload was successful.' . $avachgr, '', '', '', 0); } else { msgDie('FAIL', 'The upload failed. Please try again.', '', '', '', 0); } } else { unset($update); $update['avatar'] = '/' . root() . 'images/avatars/' . $uid . '/' . $file; $userava_update = $this->objSQL->updateRow('users', $update, 'id = "' . $uid . '"'); $avachgr = '<script>top.change_avatar(\'' . $update['avatar'] . '\');top.myLightWindow.deactivate();</script>'; if ($userava_update === NULL) { msgDie('FAIL', 'The upload failed. Please try again.', '', '', '', 0); } $this->objLogin->setSessions($uid); msgDie('OK', 'The avatar upload was successful.' . $avachgr, '', '', '', 0); } } else { $this->objTPL->set_filenames(array('body' => 'modules/profile/template/ava_upload.tpl')); $form = 'File: ' . $this->objForm->inputbox('file', '', 'avatar', array('class' => 'upload_field', 'extra' => ' size="30"')) . $this->objForm->inputbox('hidden', 30000, 'MAX_FILE_SIZE'); $this->objTPL->assign_vars(array('SFORM' => $this->objForm->start('upload', 'POST', '/' . root() . 'modules/profile/avatar/?action=upload', "\$(\"uploading\").Show;\$(\"uploader\").Hide;", ' enctype="multipart/form-data"'), 'EFORM' => $this->objForm->finish(), 'MSG' => 'Please select the image you wish to use as your avatar.', 'FIELDS' => $form, 'SUBMIT' => $this->objForm->button('Upload', 'submit'), 'IMG' => '/' . root() . 'images/ajax-loading.gif', 'YES' => $this->objForm->button('Yes', 'submit', 'boxgreen'), 'NO' => $this->objForm->button('No', 'submit', 'boxred'))); $this->objTPL->pparse('body'); } break; default: hmsgDie('FAIL', 'No idea what you were trying to do there...'); break; }
/** * Generates a full path+filename for the given filename, which can either * be an absolute name, or a name relative to the rootdir for this Template * object. */ private function make_filename($filename, $handle) { // check to see if its a remote template $from_http = 0; $fname = $filename; $filename = str_replace(array('../'), array('/'), $filename); $extra_info = IS_ADMIN ? '<br /><br />Error: Template "' . $filename . '" not found.' : ''; if (strtolower(substr($filename, 0, 4)) == 'http') { $from_http = 1; } if (!$from_http) { // Check if it's an absolute or relative path. if (substr($filename, 0, 1) != '/') { // this allows loading of a template by url $filename = realpath(cmsROOT . $filename); if ($filename === false) { die('We have encountered a problem with the page you are currently using. ' . $extra_info); } $dirsep = stristr(PHP_OS, 'WIN') ? '\\' : '/'; $explode = explode($dirsep, $filename); $cexplode = count($explode); $file_name = $explode[$cexplode - 3] . $dirsep . $explode[$cexplode - 1]; } //play with tempalte overrides if (!isset($this->override[$handle]) || $this->override[$handle] === true) { $file_name = isset($file_name) ? $file_name : $filename; $files = array(); //module/ $file[] = cmsROOT . 'template/' . $this->tpl . '/template/' . $explode[$cexplode - 6] . '/' . $explode[$cexplode - 2] . '/' . $explode[$cexplode - 1]; //module/admin/ $file[] = cmsROOT . 'template/' . $this->tpl . '/template/' . $explode[$cexplode - 4] . '/' . $explode[$cexplode - 2] . '/' . $explode[$cexplode - 1]; //core/admin/ $file[] = 'template/' . $this->tpl . '/template/' . $file_name; foreach ($file as $f) { if (file_exists($f)) { return realpath($f); } } } if (!file_exists($filename)) { if (!file_exists(cmsROOT . 'template/default/' . $fname)) { msgDie('FAIL', 'We have encountered a problem with the page you are currently using. ' . 'A notification has been sent to the administration who will try and fix the problem as soon as possible. ' . $extra_info); } else { return realpath(cmsROOT . 'template/default/' . $fname); } } } return $filename; }
/** * Logs the user out * * @version 1.0 * @since 1.0.0 * @author Daniel Noel-Davies * * @param string $check The user code to verify */ public function logout($check) { $objSQL = Core_Classes_coreObj::getDBO(); $objUser = Core_Classes_coreObj::getUser(); $objTime = Core_Classes_coreObj::getTime(); $objPage = Core_Classes_coreObj::getPage(); if (!is_empty($check) && $check == $objUser->grab('usercode')) { $objUser->update($objUser->grab('id'), array('autologin' => '0')); $objSQL->deleteRow('online', array('userkey = "%s"', $_SESSION['user']['userkey'])); unset($_SESSION['user']); if (isset($_COOKIE['login'])) { setCookie('login', '', $objTime->mod_time(time(), 0, 0, 24 * 365 * 10 * 1000 * 1000, 'MINUS')); unset($_COOKIE['login']); } session_destroy(); if (isset($_COOKIE[session_name()])) { setCookie(session_name(), '', time() - 42000); } $objPage->redirect(doArgs('HTTP_REFERER', '/' . root(), $_SERVER), 0); } else { $objPage->redirect('/' . root(), 0); msgDie('FAIL', 'You\'ve Unsuccessfully attempted to logout.<br />Please use the correct procedures.'); } }
} if (User::$IS_ONLINE && !$acpCheck && !isset($_GET['ajax'])) { $objPage->redirect('/' . root() . 'index.php'); } $objLogin->doLogin(isset($_GET['ajax']) && HTTP_AJAX ? true : false); break; case 'active': if (!isset($_GET['un']) || !isset($_GET['check'])) { hmsgDie('FAIL', 'Cannot activate your account, Please use all the url sent to you in the email'); } else { if ($objUser->getUserInfo($_GET['un'], 'active') == 1) { hmsgDie('Info', 'You account is already active.'); } if ($objLogin->activateAccount($_GET['un'], $_GET['check'])) { $objLogin->doError('0x08'); } else { // Make this into a form hmsgDie('FAIL', contentParse('Cannot activate your account. Please email the site administrator at [email]' . $objCore->config('site', 'admin_email') . '[/email]')); } } break; case 'logout': $objLogin->logout($_GET['check']); break; } $objPage->showHeader(isset($_GET['ajax']) ? true : false); if ($objTPL->output('body')) { msgDie('FAIL', 'No output received.'); } $objPage->showFooter(isset($_GET['ajax']) ? true : false);
$objTPL->assign_var('MSG', 'Config Written Successfully.'); $objTPL->assign_var('SUBMIT', $objForm->button('submit', 'Next', array('extra' => ' onclick="window.location=\'?action=6\'"'))); $_SESSION['allow_config'] = true; } else { $objTPL->assign_var('MSG', 'CONFIG.PHP isnt writable, please chmod it 0777 before continuing. To continue please press Refresh or F5 and RETRY the process'); } break; case 6: include cmsROOT . 'cache/config.php'; // //--SQL Setup // $objSQL = new driver_mysql($config['db']); //check and see whether we can connect to the db if (!$objSQL->connect(true, LOCALHOST && cmsDEBUG ? true : false, is_file(cmsROOT . 'cache/ALLOW_LOGGING'))) { msgDie('FAIL', '<b>Fatal Error</b>: <i>No Connection to the database</i>. SQL Said: ' . $objSQL->error(), __LINE__, __FILE__); } unset($config['db']['password']); //dont want this info being used now :D if (is_readable('sql.php')) { include_once 'sql.php'; if (!is_array($sql) || !count($sql)) { $info = '<font color=red>ERROR: No SQL to process.</font>'; break; } $content = ''; foreach ($sql as $s) { //replace the table prefix's with the wanted version :D $s = str_replace('cs_', $config['db']['prefix'], $s); $query = $objSQL->query($s); $content .= $query === false ? dump($s, mysql_error()) : NULL;
//--Generate a 'Template' for the Session // $guest['user'] = array('id' => 0, 'username' => 'Guest', 'theme' => $objCore->config('site', 'theme'), 'userkey' => doArgs('userkey', null, $_SESSION['user']), 'timezone' => doArgs('timezone', $objCore->config('time', 'timezone'), $_SESSION['user'])); //generate user stuff $config['global'] = array('user' => isset($_SESSION['user']['id']) ? $_SESSION['user'] : $guest['user'], 'ip' => User::getIP(), 'useragent' => doArgs('HTTP_USER_AGENT', null, $_SERVER), 'browser' => getBrowser($_SERVER['HTTP_USER_AGENT']), 'language' => $language, 'secure' => $_SERVER['HTTPS'] ? true : false, 'referer' => doArgs('HTTP_REFERER', null, $_SERVER), 'rootPath' => '/' . root(), 'fullPath' => $_SERVER['REQUEST_URI'], 'rootUrl' => ($_SERVER['HTTPS'] ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . '/' . root(), 'url' => ($_SERVER['HTTPS'] ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); //hook the session template, this is the place to add some more if you want $objPlugins->hook('CMSCore_session_tpl', $config['global']); $objUser->setIsOnline(!($config['global']['user']['id'] == 0 ? true : false)); $objUser->initPerms(); if (!defined('NO_DB')) { //start the tracker, this sets out a few things so we can kill, ban etc $objCore->objUser->tracker(); } $theme = !User::$IS_ONLINE || !$objCore->config('site', 'theme_override') ? $objCore->config('site', 'theme') : $objUser->grab('theme'); if (!$objPage->setTheme($theme)) { msgDie('FAIL', sprintf($errorTPL, 'Fatal Error', 'Cannot find template. Please make sure atleast default/ is uploaded correctly and try again.')); } if (is_file(cmsROOT . 'modules/core/lang.' . $language . '.php')) { translateFile(cmsROOT . 'modules/core/lang.' . $language . '.php'); } //include the templates settings, these will assign them to an array in the page class if (is_readable(Page::$THEME_ROOT . 'settings.php')) { include Page::$THEME_ROOT . 'settings.php'; } //this sets the global theme vars $objPage->setThemeVars(); //set a default breadcrumb $objPage->addPagecrumb(array(array('url' => '/' . root(), 'name' => langVar('B_MAINSITE')))); // //--Setup modules, online system and bbcode stuffz //
if ($objForm->loadCaptcha('verify') === false) { $_error['captcha'] = 'The captcha you provided was incorrect. Please try again.'; } if (count($_error)) { $_SESSION['register']['error'] = $_error; $_SESSION['register']['form'] = $_POST; $objPage->redirect($objCore->config('global', 'fullPath'), 3, 0); exit; } //set the input array up $userInfo['username'] = $_POST['username']; $userInfo['password'] = $_POST['password']; $userInfo['email'] = $_POST['email']; $register = $objUser->register($userInfo); if (!$register) { msgDie('FAIL', $objUser->error()); } if ($objPage->config('site', 'register_verification')) { $user = $objUser->getUserInfo($register); $emailVars['URL'] = 'http://' . $_SERVER['HTTP_HOST'] . '/' . root() . 'login.php?action=active&un=' . $user['id'] . '&check=' . $user['usercode']; $emailVars['USERNAME'] = $userInfo['username']; $emailVars['SITE_NAME'] = $objCore->config('site', 'name'); sendEmail($userInfo['email'], 'E_REG_SUCCESSFUL', $emailVars); $msg = langVar('L_REG_SUCCESS_EMAIL'); } else { $msg = langVar('L_REG_SUCCESS_NO_EMAIL'); } unset($_SESSION['register'], $_SESSION['error'], $query, $userInfo, $_error); $objCache->generate_statistics_cache(); hmsgDie('INFO', $msg); }
} else { msgDie('FAIL', sprintf($errorTPL, 'Fatal Error', 'Cannot open ' . ($langDir . $language . '/main.php') . ' for include.')); } // //-- and now load the rest of the classes // $classes['objTPL'] = array($classDir . 'class.template.php', array('root' => '.', 'useCache' => $cacheWritable, 'cacheDir' => $cachePath . 'template/')); $classes['objPage'] = array($classDir . 'class.page.php'); $classes['objGroups'] = array($classDir . 'class.groups.php'); $classes['objForm'] = array($classDir . 'class.form.php'); $classes['objTime'] = array($classDir . 'class.time.php'); $classes['objNotify'] = array($classDir . 'class.notify.php'); //init these classes $doneSetup = $objCore->setup($classes); if (!$doneSetup) { msgDie('FAIL', sprintf($errorTPL, 'Fatal Error', 'Cannot load CMS Classes, make sure file structure is intact and $cmsROOT is defined properly if applicable.')); } //globalise the class names foreach ($objCore->classes as $objName => $args) { ${$objName} =& $objCore->{$objName}; } $objSQL = false; unset($classes, $objCore->classes); $objPage->setVar('language', $language); // //--BBCode Setup // $objBBCode = new BBCode(); $objBBCode->SetDebug(true); $objBBCode->SetDetectURLs(false); $objBBCode->ClearSmileys();
public static function getDBO() { global $errorTPL; if (!isset(Core_Classes_coreObj::$_classes['database'])) { $options = self::config('db'); if (!$options) { trigger_error('Error: Could not obtain values from the configuration file. Please ensure it is present.', E_USER_ERROR); } $name = 'Core_Drivers_' . $options['driver']; $options['persistant'] = true; $options['debug'] = cmsDEBUG ? true : false; $options['logging'] = is_file(cmsROOT . 'cache/ALLOW_LOGGING'); $objSQL = new $name(null, $options); if ($objSQL === false) { if (!headers_sent()) { header('HTTP/1.1 500 Internal Server Error'); exit; } hmsgDie('FAIL', 'Error: No DB Avaliable'); } if (!$objSQL->connect()) { msgDie('FAIL', sprintf($errorTPL, 'Fatal Error', 'Connecting to SQL failed. ' . $objSQL->getVar('errorMsg') . (cmsDEBUG ? '<br />' . $objSQL->getError() : NULL))); } Core_Classes_coreObj::$_classes['database'] = $objSQL; } return Core_Classes_coreObj::$_classes['database']; }