<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if ($_SESSION["wcs_user_admin"] == 1) {
//if user has admin rights
write_textfile(PHPWCMS_TEMPLATE . "inc_css/frontend.css", slweg($_POST["frontend_css"]));
}
$ref = empty($_SESSION['REFERER_URL']) ? PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') : $_SESSION['REFERER_URL'];
headerRedirect($ref);
function include_url($url)
{
// include given URL but only take content between <body></body>
global $include_urlparts;
if (is_string($url)) {
$url = array(1 => $url);
} elseif (!isset($url[1])) {
return '';
}
$k = '';
$url = trim($url[1]);
$url = explode(' ', $url);
$cache = isset($url[1]) ? intval(str_replace('CACHE=', '', strtoupper($url[1]))) : 0;
$url = $url[0];
$cache_status = 'MISSING';
if ($url && $cache) {
$cache_filename = md5($url) . '-url';
// set cache file name
$cache_file = PHPWCMS_CONTENT . 'tmp/' . $cache_filename;
// set caching file
$cache_status = check_cache($cache_file, $cache);
// ceck existence
if ($cache_status == 'VALID') {
// read cache
$k = read_textfile($cache_file);
$k = trim($k);
if (empty($k)) {
$cache_status == 'EXPIRED';
// check if cache content is available
}
}
}
if ($cache_status != 'VALID' && $url) {
// cache file is missing or outdated
$include_urlparts = parse_url($url);
if (!empty($include_urlparts['path'])) {
$include_urlparts['path'] = dirname($include_urlparts['path']);
$include_urlparts['path'] = str_replace('\\', '/', $include_urlparts['path']);
}
$k = @file_get_contents($url);
if ($k) {
// now check against charset
if (preg_match('/charset=(.*?)"/i', $k, $match)) {
$charset = $match[1];
$charset = str_replace(array('"', "'", '/'), '', $charset);
$charset = strtolower(trim($charset));
} elseif (preg_match('/http-equiv="{0,1}Content-Type"{0,1}\\s{1,}(content="{0,1}.*?"{0,1}.{0,3}>)/i', $k, $match)) {
$charset = '';
if (!empty($match[1])) {
$charset = strtolower($match[1]);
$charset = trim(str_replace(array('"', "'", '/', 'content=', ' ', '>'), '', $charset));
}
} else {
$charset = false;
}
if (preg_match('/<body[^>]*?' . '>(.*)<\\/body>/is', $k, $match)) {
$k = $match[1];
}
$k = str_replace(array('<?', '?>', '<%', '%>'), array('<?', '?>', '<%', '%>'), $k);
$k = preg_replace_callback('/(href|src|action)=[\'|"]{0,1}(.*?)[\'|"]{0,1}( .*?){0,1}>/i', 'make_absoluteURL', $k);
$k = htmlfilter_sanitize(trim($k), array(false, 'link', 'meta'), array(), array('img', 'br', 'hr', 'input'), true);
if ($charset != false) {
$k = makeCharsetConversion($k, $charset, PHPWCMS_CHARSET, 1);
}
// now write or update cache file in case there is timeout or content
if ($cache && $k) {
@write_textfile($cache_file, $k);
}
}
$include_urlparts = '';
}
return $k;
}
function write_conf_file($val)
{
$conf_file = '<?' . "php\n\n";
$conf_file .= "// database values\n";
$conf_file .= "\$phpwcms['db_host'] = '" . $val["db_host"] . "';\n";
$conf_file .= "\$phpwcms['db_user'] = '******';\n";
$conf_file .= "\$phpwcms['db_pass'] = '******';\n";
$conf_file .= "\$phpwcms['db_table'] = '" . $val["db_table"] . "';\n";
$conf_file .= "\$phpwcms['db_prepend'] = '" . $val["db_prepend"] . "';\n";
$conf_file .= "\$phpwcms['db_pers'] = " . intval($val["db_pers"]) . ";\n";
$conf_file .= "\$phpwcms['db_charset'] = '" . $val["db_charset"] . "';\n";
$conf_file .= "\$phpwcms['db_collation'] = '" . $val["db_collation"] . "';\n";
$conf_file .= "\$phpwcms['db_version'] = " . intval($val["db_version"]) . ";\n";
$conf_file .= "\$phpwcms['db_timezone'] = '" . trim($val["db_timezone"]) . "'; // set MySQL session time zone http://dev.mysql.com/doc/refman/5.5/en/time-zone-support.html\n";
$conf_file .= "\n// site values\n";
if (rtrim($val["site"], '/') == 'http://' . $_SERVER['SERVER_NAME']) {
$conf_file .= "\$phpwcms['site'] = 'http://'.\$_SERVER['SERVER_NAME'].'/';";
} else {
$conf_file .= "\$phpwcms['site'] = '" . $val["site"] . "';";
}
$conf_file .= " // recommend 'http://'.\$_SERVER['SERVER_NAME'].'/'\n";
$conf_file .= "\$phpwcms['site_ssl_mode'] = 0; // turns the SSL Support of WCMS on (1) or off (0), default value 0\n";
$conf_file .= "\$phpwcms['site_ssl_url'] = ''; // URL assigned to the SSL Certificate. Recommend 'https://'.\$_SERVER['SERVER_NAME'].'/'\n";
$conf_file .= "\$phpwcms['site_ssl_port'] = 443; // The Port on which you SSL Service serve the secure Sites, default SSL port is 443\n\n";
$conf_file .= "\$phpwcms['admin_name'] = '" . $val["admin_name"] . "'; //default: Webmaster\n";
$conf_file .= "\$phpwcms['admin_user'] = '******'; //default: admin\n";
$conf_file .= "\$phpwcms['admin_pass'] = '******'; //MD5(phpwcms)\n";
$conf_file .= "\$phpwcms['admin_email'] = '" . $val["admin_email"] . "'; //default: noreplay@host\n";
$conf_file .= "\n// paths\n";
if (!$val['DOC_ROOT'] || $val['DOC_ROOT'] == $_SERVER['DOCUMENT_ROOT']) {
$conf_file .= "\$phpwcms['DOC_ROOT'] = \$_SERVER['DOCUMENT_ROOT'];";
} else {
$conf_file .= "\$phpwcms['DOC_ROOT'] = '" . $val["DOC_ROOT"] . "'; //default: \$_SERVER['DOCUMENT_ROOT']";
}
$real_doc = str_replace('\\', '/', dirname(dirname(dirname(__FILE__))));
if (isset($val["root"]) && $val["root"] !== '') {
$real_doc = explode($val["root"], $real_doc);
$real_doc = rtrim($real_doc[0], '/');
}
$conf_file .= "// current DOC_ROOT seems to be: '" . $real_doc . "' \n";
$conf_file .= "\$phpwcms['root'] \t\t= '" . $val["root"] . "'; //default: ''\n";
$conf_file .= "\$phpwcms['file_path'] = '" . $val["file_path"] . "'; //default: 'filearchive'\n";
$conf_file .= "\$phpwcms['templates'] = '" . $val["templates"] . "'; //default: 'template'\n";
$conf_file .= "\$phpwcms['content_path'] = '" . $val["content_path"] . "'; //default: 'content'\n";
$conf_file .= "\$phpwcms['cimage_path'] = 'images'; //default: 'images'\n";
$conf_file .= "\$phpwcms['ftp_path'] = '" . $val["ftp_path"] . "'; //default: 'upload'\n";
$conf_file .= "\n// content values\n";
$conf_file .= "\$phpwcms['file_maxsize'] = " . intval($val["file_maxsize"]) . "; //Bytes (50 x 1024 x 1024)\n";
$conf_file .= "\$phpwcms['content_width'] = " . intval($val["content_width"]) . "; //max width of the article content column - important for rendering multi column images\n";
$conf_file .= "\$phpwcms['img_list_width'] = " . intval($val["img_list_width"]) . "; //max with of the list thumbnail image\n";
$conf_file .= "\$phpwcms['img_list_height'] = " . intval($val["img_list_height"]) . "; //max height of the list thumbnail image\n";
$conf_file .= "\$phpwcms['img_prev_width'] = " . intval($val["img_prev_width"]) . "; //max width of the large preview image\n";
$conf_file .= "\$phpwcms['img_prev_height'] = " . intval($val["img_prev_height"]) . "; //max height of the large preview image\n";
$conf_file .= "\$phpwcms['max_time'] = " . intval($val["max_time"]) . "; //logout after max_time/60 seconds\n";
$conf_file .= "\$phpwcms['responsive'] = 1; // 0 max. image width = \$phpwcms['content_width'], 1 = as given\n";
$conf_file .= "\n// other stuff\n";
$conf_file .= "\$phpwcms['image_library'] = 'GD2'; //GD, GD2, ImageMagick, GraphicsMagick or GM, NetPBM\n";
$conf_file .= "\$phpwcms['library_path'] = ''; //Path to ImageMagick or NetPBM\n";
$conf_file .= "\$phpwcms['rewrite_url'] = 0; // whether URL should be rewritable\n";
$conf_file .= "\$phpwcms['rewrite_ext']\t \t = '.html'; // The file extension used while URL is rewritten\n";
$conf_file .= "\$phpwcms['alias_allow_slash'] = 0; // Allow slashes / in ALIAS\n";
$conf_file .= "\$phpwcms['wysiwyg_editor'] = 1; //0 = no wysiwyg editor, 1 = CKEditor 4\n";
$conf_file .= "\$phpwcms['allowed_lang'] = array('en','de','fr','es'); //array of allowed languages: array('en', 'de', 'fr', 'es')\n";
$conf_file .= "\$phpwcms['be_lang_parse'] = false; // to disable backend language parsing use false, otherwise 'BBCode' or 'BraceCode'\n";
$conf_file .= "\$phpwcms['DOCTYPE_LANG'] = '';\t\t //by default same as \$phpwcms['default_lang'], but can be injected by whatever you like\n";
$conf_file .= "\$phpwcms['default_lang'] = '" . $val["default_lang"] . "'; //default language\n";
$conf_file .= "\$phpwcms['charset'] = '" . $val["charset"] . "'; //default charset 'utf-8'\n";
$conf_file .= "\$phpwcms['php_charset'] = false; // set PHP default charset to \$phpwcms['charset']\n";
$conf_file .= "\$phpwcms['allow_remote_URL'] = 1; //0 = no remote URL in {PHP:...} replacement tag allowed, 1 = allowed\n";
$conf_file .= "\$phpwcms['jpg_quality'] = 85; //JPG Quality Range 25-100\n";
$conf_file .= "\$phpwcms['sharpen_level'] = 1; //Sharpen Level - only ImageMagick: 0, 1, 2, 3, 4, 5 -- 0 = no, 5 = extra sharp\n";
$conf_file .= "\$phpwcms['allow_ext_init'] = 1; //allow including of custom external scripts at frontend initialization\n";
$conf_file .= "\$phpwcms['allow_ext_render'] = 1; //allow including of custom external scripts at frontend rendering\n";
$conf_file .= "\$phpwcms['cache_enabled'] = 0; //cache On/Off - 1 = caching On / 0 = caching Off (default)\n";
$conf_file .= "\$phpwcms['cache_timeout'] = 0; //default cache timeout setting in seconds - 0 = caching Off\n";
$conf_file .= "\$phpwcms['imgext_disabled'] = ''; //comma seperated list of imagetypes which should not be handled 'pdf,ps'\n";
$conf_file .= "\$phpwcms['multimedia_ext'] = 'aif,aiff,mov,movie,mp3,mpeg,mpeg4,mpeg2,wav,swf,swc,ram,ra,wma,wmv,avi,au,midi,moov,rm,rpm,mid,midi'; //comma seperated list of file extensiosn allowed for multimedia\n";
$conf_file .= "\$phpwcms['inline_download'] = 1; //1 = try to display download documents in new window; 0 = show safe under dialog\n";
$conf_file .= "\$phpwcms['sanitize_dlname'] = 0; // if there are problems downloading files with special chars in name try to enable this setting\n";
$conf_file .= "\$phpwcms['form_tracking'] = 1; //make a db entry for each form\n";
$conf_file .= "\$phpwcms['formmailer_set'] = array('allow_send_copy' => 0, 'global_recipient_email' => '*****@*****.**'); //for better security handling\n";
$conf_file .= "\$phpwcms['allow_cntPHP_rt'] = 0; //allow PHP replacement tags and includes in content parts\n";
$conf_file .= "\$phpwcms['GETparameterName'] = 'id'; //must have a minimum of 2 chars \n";
$conf_file .= "\$phpwcms['BOTS'] = array('googlebot', 'msnbot', 'bingbot', 'baiduspider', 'yandex', 'sosospider', 'ia_archiver', 'altavista', 'slurp', 'yahoo', 'jeeves', 'teoma', 'lycos', 'crawler'); //don't start session \n";
$conf_file .= "\$phpwcms['mode_XHTML'] = 3; // Doctype: 1 = XHTML 1.0 Transitional, 0 = HTML 4.01 Transitional, 2 = XHTML 1.0 Strict, 3 = HTML5 \n";
$conf_file .= "\$phpwcms['header_XML'] = 0; // Content Type: 1 = application/xhtml+xml, 0 = text/html \n";
$conf_file .= "\$phpwcms['IE7-js'] \t = 0; // load IE7-js - fix for HTML/CSS/PNG bugs in IE\n";
$conf_file .= "\$phpwcms['php_timezone'] \t = ''; // overwrite PHP default time zone http://php.net/manual/en/timezones.php\n";
$conf_file .= "\$phpwcms['wysiwyg_template'] = array(); // deprecated\n";
$conf_file .= "\$phpwcms['GET_pageinfo'] = 0; // will add \"&pageinfo=/cat1/cat2/page-title.htm\" based on the breadcrumb information for each site link \n";
$conf_file .= "\$phpwcms['version_check'] = 1; // checks for current release of phpwcms online \n";
$conf_file .= "\$phpwcms['SESSION_FEinit'] = 0; // set 1 to enable sessions in frontend, 0 to disable sessions in frontend \n";
$conf_file .= "\$phpwcms['Login_IPcheck'] = 0; \n";
$conf_file .= "\$phpwcms['frontend_edit']\t = 0; // enable content specific direct links - linking direct into the backend \n";
$conf_file .= "\$phpwcms['gd_memcheck_off'] = 0; // disable GD php memory check before resize an image \n";
$conf_file .= "\$phpwcms['enable_chat']\t\t = 0; // enable or disable chat function, by default it is disabled - not recommend anymore to use it \n";
$conf_file .= "\$phpwcms['enable_messages']\t = 0; // enable or disable internal messags, by default it is disabled - not recommend anymore to use it \n";
$conf_file .= "\$phpwcms['enable_seolog']\t = 1; // enable or disable logging of search engine referrer data \n";
$conf_file .= "\$phpwcms['i18n_parse']\t \t = 1; // enable|disable browser based language parser - all @@Text@@ will be parsed and checked for translation/var based replacement\n";
$conf_file .= "\$phpwcms['i18n_complex']\t = 0; // enable|disable the way browser language setting should be used, false = the easier way (always 2 chars 'en'), true - 'en-gb'...\n";
$conf_file .= "\$phpwcms['FCK_FileBrowser'] = 1; // enable|disable phpwcms Filebrowser in FCKeditor instead of built-in FCK file bowser support\n";
$conf_file .= "\$phpwcms['JW_FLV_License'] = ''; // insert your JW FLV Media Player License Code here - License warning will no longer displayed\n";
$conf_file .= "\$phpwcms['feuser_regkey']\t = 'FEUSER';\n";
$conf_file .= "\$phpwcms['login.php']\t \t = 'login.php';\n";
$conf_file .= "\$phpwcms['js_lib']\t\t\t = array(); // extends default lib settings array('jquery'=>'jQuery 1.3','mootools-1.4'=>'MooTools 1.4','mootools-1.1'=>'MooTools 1.1);\n";
$conf_file .= "\$phpwcms['video-js'] = ''; // can be stored locally too 'template/lib/video-js/ (//vjs.zencdn.net/4.10/)\n";
$conf_file .= "\$phpwcms['render_device'] = 0; // allow user agent specific rendering templates <!--if:mobile-->DoMobile<!--/if--><!--!if:mobile-->DoNotMobile<!--/!if--><!--!if:default-->Default<!--/!if-->\n";
$conf_file .= "\$phpwcms['detect_pixelratio'] = 0; // will inject the page with JavaScript to detect Retina devices\n";
$conf_file .= "\$phpwcms['im_fix_colorspace'] = 'RGB'; // some ImageMagick installs (on Mac) might have problems with colorspace setting, if colors are not good try SRGB\n";
$conf_file .= "\$phpwcms['wkhtmltopdf_path'] = ''; // used for generating PDF, use full path including application name '/usr/bin/wkhtmltopdf'\n";
$conf_file .= "\$phpwcms['render_clean_html'] = 0; // clean up HTML source a bit, experimental can have unexpected side effects\n";
$conf_file .= "\$phpwcms['browser_check'] = array('fe'=>false, 'be'=>true, 'vs' => ''); // enable Browser Update check in frontend and/or backend, use 'vs' to which browser version, see http://www.browser-update.org/index.html#install\n";
$conf_file .= "\$phpwcms['usergroup_support'] = false; // set true or false to support/disable this feature, is experimental\n";
$conf_file .= "\$phpwcms['force301_id2alias'] = false; // send 301 HTTP Redirect when article/structure has alias but ID is given\n";
$conf_file .= "\$phpwcms['force301_2struct'] = false; // send 301 HTTP Redirect to structure level when only 1 article is inside\n";
$conf_file .= "\$phpwcms['allow_empty_alias'] = false; // do not auto-create (default) alias when alias field is empty\n";
$conf_file .= "\$phpwcms['enable_deprecated'] = false; // enable/disable deprecated functionality, enable if you miss things\n";
$conf_file .= "\$phpwcms['reserved_alias'] = array(); // use this to block custom alias\n";
$conf_file .= "\$phpwcms['canonical_off'] = false; // disable canonical link tag\n";
$conf_file .= "\$phpwcms['viewport']\t\t = ''; // set viewport like \"width=device-width, initial-scale=1.0, user-scalable=no\"\n";
$conf_file .= "\$phpwcms['X-UA-Compatible'] = 'IE=Edge,chrome=1'; // set browser compatibility mode using meta tag X-UA-Compatible\n";
$conf_file .= "\$phpwcms['base_href']\t\t = false; // set the <base href=\"\"> tag, use string (URL) or bool TRUE/FALSE\n";
$conf_file .= "\$phpwcms['cp_default']\t\t = 0; // set the default CP ID here as used in structure level editor, see http://goo.gl/BVODr\n";
$conf_file .= "\$phpwcms['js_in_body']\t\t = 0; // add <script> direct before </body> instead inside of <head>\n";
$conf_file .= "\$phpwcms['set_article_active']\t= 1; // activate (1) or disable (0) article by default on create\n";
$conf_file .= "\$phpwcms['set_category_active']\t= 1; // activate (1) or disable (0) category/structure level by default on create\n";
$conf_file .= "\$phpwcms['set_file_active']\t\t= 1; // activate (1) or disable (0) files and folders by default on create\n";
$conf_file .= "\$phpwcms['set_news_active']\t\t= 1; // activate (1) or disable (0) news by default on create\n";
$conf_file .= "\$phpwcms['log_404error']\t\t= false; // log each 404 for redirect edit\n";
$conf_file .= "\$phpwcms['set_sociallink']\t\t= array('article' => false, 'articlecat' => false, 'news' => false, 'shop' => false, 'render' => true); // TRUE/FALSE to enable status for article/articlecat/news/shop by default, render TRUE/FALSE to enable/disable in frontend\n";
$conf_file .= "\$phpwcms['header_comment']\t\t= '';\n";
$conf_file .= "\$phpwcms['cnt_sort']\t\t\t= 'a-z'; // not set or empty or false like before; 'a-z' or reverse 'z-a'\n";
$conf_file .= "\$phpwcms['cmsimage_redirect']\t= false; // redirect to the resized/cropped image if true\n";
$conf_file .= "\$phpwcms['disable_next_prev']\t= false; // https://support.google.com/webmasters/answer/1663744\n";
$conf_file .= "\$phpwcms['allowed_upload_ext']\t= 'jpg,jpeg,png,gif,tif,tiff,bmp,pic,psd,eps,ai,svg,pdf,ps,doc,docx,xls,xlsx,ppt,pptx,odt,odm,odg,ods,odp,odf,odc,odb,sxw,sxc,sxi,csv,txt,rtf,html,xml,ini,sql,db,zip,rar,7z,s7z,dmg,bz2,gz,tar,tgz,mkv,webm,vob,ogg,ogv,mov,qt,wmv,mpg,mpeg,mp4,m4p,flv,f4v,f4p,f4a,f4b';\n\n";
$conf_file .= "\$phpwcms['enable_inline_php']\t= false; // disable [PHP] {PHP…} … by default\n";
$conf_file .= "\n// Email specific settings (based on phpMailer)\n";
$conf_file .= "\$phpwcms['SMTP_FROM_EMAIL'] = '" . str_replace("'", "\\'", $val["SMTP_FROM_EMAIL"]) . "'; // reply/from email address\n";
$conf_file .= "\$phpwcms['SMTP_FROM_NAME'] = '" . str_replace("'", "\\'", $val["SMTP_FROM_NAME"]) . "'; // reply/from name\n";
$conf_file .= "\$phpwcms['SMTP_HOST'] = '" . $val["SMTP_HOST"] . "'; // SMTP server (host/IP)\n";
$conf_file .= "\$phpwcms['SMTP_PORT'] = " . intval($val["SMTP_PORT"]) . "; // SMTP server port (default 25)\n";
$conf_file .= "\$phpwcms['SMTP_MAILER'] = '" . $val["SMTP_MAILER"] . "'; // mail method: mail (default), smtp, sendmail\n";
$conf_file .= "\$phpwcms['SMTP_USER'] = '******'", "\\'", $val["SMTP_USER"]) . "'; // default SMTP login (user) name\n";
$conf_file .= "\$phpwcms['SMTP_PASS'] = '******'", "\\'", $val["SMTP_PASS"]) . "'; // default SMTP password\n";
$conf_file .= "\$phpwcms['SMTP_SECURE'] = '" . $val["SMTP_SECURE"] . "'; // secure connection, phpMailer options: '', 'ssl' or 'tls'\n";
$conf_file .= "\$phpwcms['SMTP_AUTH'] = " . intval($val["SMTP_AUTH"]) . "; // SMTP authentication, ON=1/OFF=0\n";
$conf_file .= "\$phpwcms['SMTP_AUTH_TYPE'] = '" . $val["SMTP_AUTH_TYPE"] . "'; // sets SMTP auth type: LOGIN (default), PLAIN, NTLM, CRAM-MD5\n";
$conf_file .= "\$phpwcms['SMTP_REALM'] = '" . $val["SMTP_REALM"] . "'; // SMTP realm, used for NTLM auth type\n";
$conf_file .= "\$phpwcms['SMTP_WORKSTATION'] = '" . $val["SMTP_WORKSTATION"] . "'; // SMTP workstation, used for NTLM auth type\n";
$conf_file .= "\ndefine('PHPWCMS_INCLUDE_CHECK', true);\n";
$conf_file .= "\n?>";
write_textfile("setup.conf.inc.php", $conf_file);
}
$sql .= "\$indexpage['acat_nositemap']\t= " . (isset($_POST["acat_nositemap"]) ? 1 : 0) . ";\n";
$sql .= "\$indexpage['acat_order']\t\t= " . set_correct_ordersort() . ";\n";
$sql .= "\$indexpage['acat_permit']\t\t= '" . $acat_permit . "';\n";
$sql .= "\$indexpage['acat_cntpart']\t= '" . $acat_cntpart . "';\n";
$sql .= "\$indexpage['acat_pagetitle']\t= '" . str_replace("''", "\\'", clean_slweg($_POST["acat_pagetitle"])) . "';\n";
$sql .= "\$indexpage['acat_paginate']\t= " . (isset($_POST["acat_paginate"]) ? 1 : 0) . ";\n";
$sql .= "\$indexpage['acat_overwrite']\t= '" . str_replace("''", "\\'", clean_slweg($_POST["acat_overwrite"])) . "';\n";
$sql .= "\$indexpage['acat_archive']\t= " . (empty($_POST["acat_archive"]) ? 0 : 1) . ";\n";
$sql .= "\$indexpage['acat_class']\t\t= '" . str_replace("'", "\\'", $acat_class) . "';\n";
$sql .= "\$indexpage['acat_keywords']\t= '" . str_replace("'", "\\'", $acat_keywords) . "';\n";
$sql .= "\$indexpage['acat_cpdefault']\t= " . intval($_POST["acat_cpdefault"]) . ";\n";
$sql .= "\$indexpage['acat_disable301']\t= " . (empty($_POST["acat_disable301"]) ? 0 : 1) . ";\n";
$sql .= "\$indexpage['acat_opengraph']\t= " . (empty($_POST["acat_opengraph"]) ? 0 : 1) . ";\n";
$sql .= "\$indexpage['acat_canonical']\t= '" . str_replace("'", "\\'", clean_slweg($_POST["acat_canonical"], 2000)) . "';\n";
$sql .= "\$indexpage['acat_breadcrumb']\t= " . $acat_breadcrumb . ";\n";
write_textfile(PHPWCMS_ROOT . '/include/config/conf.indexpage.inc.php', $sql);
}
$acat_sort_fallback = isset($_POST["acat_sort"]) ? intval(trim($_POST["acat_sort"])) : 0;
$acat_sort_temp = isset($_POST["acat_sort_temp"]) ? intval($_POST["acat_sort_temp"]) : 0;
$acat_lang = empty($_POST["acat_lang"]) ? '' : clean_slweg($_POST["acat_lang"]);
$acat_lang_type = $acat_lang == '' || empty($_POST["acat_lang_type"]) ? '' : in_array($_POST["acat_lang_type"], array('category', 'article')) ? $_POST["acat_lang_type"] : '';
$acat_lang_id = $acat_lang_type == '' || empty($_POST["acat_lang_id"]) ? 0 : intval($_POST["acat_lang_id"]);
if ($acat_sort_fallback === 0 && $acat_sort_temp > 0) {
$acat_sort_fallback = $acat_sort_temp;
}
if (isset($_POST["acat_new"]) && intval($_POST["acat_new"]) == 1 && intval($_POST["acat_id"]) == 0 && $_POST["acat_id"] != 'index') {
if (trim($_POST["acat_name"])) {
$cache_timeout = clean_slweg($_POST["acat_timeout"]);
if (isset($_POST['acat_cacheoff']) && intval($_POST['acat_cacheoff'])) {
$cache_timeout = 0;
}
function phpwcms_revision_check($revision)
{
$revision_file = PHPWCMS_ROOT . '/include/inc_lib/revision/r';
// loop while trying to find the latest revision file (for r407 and up)
// then there is no need to implement new revision updater for each revision
while (!is_file($revision_file . $revision . '.php')) {
$revision--;
if ($revision < 406) {
return false;
}
}
$revision_temp = phpwcms_revision_check_temp($revision);
if ($revision_temp === NULL) {
return false;
} elseif ($revision_temp) {
return true;
}
include_once $revision_file . $revision . '.php';
$revision_function = 'phpwcms_revision_r' . $revision;
if (function_exists($revision_function) && empty($GLOBALS['phpwcms']['check_r' . $revision])) {
if (call_user_func($revision_function) !== false) {
$GLOBALS['phpwcms']['check_r' . $revision] = true;
@write_textfile(PHPWCMS_TEMP . 'r' . $revision . '.checked.tmp', date('Y-d-m H:i:s'));
return true;
} else {
return false;
}
}
return true;
}
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
unset($_GET);
unset($_POST);
//$_print_settings['PDF_font_size'] = empty($_print_settings['PDF_font_size']) ? 5 : intval($_print_settings['PDF_font_size']);
$_print_settings['PDF_file_prefix'] = empty($_print_settings['PDF_file_prefix']) ? '' : trim($_print_settings['PDF_file_prefix']);
//$_print_settings['PDF_disable_tags'] = empty($_print_settings['PDF_disable_tags']) ? 'div,input,form,object,embed,script' : trim($_print_settings['PDF_disable_tags']);
$_print_settings['PDF_filename'] = $_print_settings['PDF_file_prefix'] . substr($content["pagetitle"], 0, 150);
$_print_settings['PDF_filename'] = str_replace(array('?', '%', '*', '"', "'", '<', '>', '|', '/', '\\', ':', '&'), '-', $_print_settings['PDF_filename']);
$_print_settings['PDF_filename'] = str_replace('--', '-', $_print_settings['PDF_filename']) . '.pdf';
unset($content);
$_PDF_page = ob_get_clean();
$include_urlparts = parse_url(PHPWCMS_URL);
$_PDF_page = preg_replace_callback('/(href|src|action)=[\'|"]{0,1}(.*?)[\'|"]{0,1}( .*?){0,1}>/i', 'make_absoluteURL', $_PDF_page);
$include_urlparts['falsepart'] = $include_urlparts['host'] . '/' . trim($phpwcms["root"] . $phpwcms["root"], ' /') . '/';
$include_urlparts['corrected'] = $include_urlparts['host'] . '/' . trim($phpwcms["root"], ' /') . '/';
$_PDF_page = str_replace($include_urlparts['falsepart'], $include_urlparts['corrected'], $_PDF_page);
$_PDF_temp = md5($_print_settings['PDF_filename'] . microtime()) . '.html';
// Output -> use file save and redirect
if (write_textfile(PHPWCMS_CONTENT . 'tmp/' . $_PDF_temp, $_PDF_page)) {
$cmd = $phpwcms['wkhtmltopdf_path'] . ' ' . escapeshellarg(PHPWCMS_URL . CONTENT_PATH . 'tmp/' . $_PDF_temp) . ' ' . escapeshellarg(PHPWCMS_CONTENT . 'tmp/' . $_print_settings['PDF_filename']);
@exec($cmd, $output, $retval);
if (is_file(PHPWCMS_CONTENT . 'tmp/' . $_print_settings['PDF_filename'])) {
// Set the file to 777
@chmod(PHPWCMS_CONTENT . 'tmp/' . $_print_settings['PDF_filename'], 0666);
headerRedirect(PHPWCMS_URL . CONTENT_PATH . 'tmp/' . $_print_settings['PDF_filename']);
}
}
headerRedirect(abs_url());
exit;
<td bgcolor="#FF3300"> </td>
<td class="v10"> PROBLEM</td>
</tr>
</table></td>
</tr>
</table>
<?php
$this_root = dirname(dirname(dirname(__FILE__)));
$config_setup = read_textfile($this_root . '/setup/setup.conf.inc.php');
$config_setup = str_replace('?>', "\$NO_ACCESS = true;\n\n?>", $config_setup);
$result = false;
if (!is_file($this_root . '/include/config/conf.inc.php')) {
// try to chmod
//set_chmod($phpwcms["root"]."/include/config',
// Try to write config file to the correct position
if (!write_textfile($this_root . '/include/config/conf.inc.php', $config_setup)) {
// Try to copy
if (!@copy($this_root . '/setup/setup.conf.inc.php', $this_root . '/include/config/conf.inc.php')) {
// Try to move
if (@rename($this_root . '/setup/setup.conf.inc.php', $this_root . '/include/config/conf.inc.php')) {
// moved successfully
$result = true;
}
} else {
// copied successfully
$result = true;
}
} else {
// written successfully
$result = true;
}
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
$base_path = dirname(__FILE__);
if (is_file($base_path . '/setup.conf.inc.php')) {
require_once $base_path . '/inc/setup.func.inc.php';
require_once $base_path . '/setup.conf.inc.php';
if (empty($NO_ACCESS)) {
header('Cache-Control: no-cache, must-revalidate');
// HTTP/1.1
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
// Datum in der Vergangenheit
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="conf.inc.php"');
$filesize = @filesize($base_path . '/setup.conf.inc.php');
if ($filesize) {
header('Content-length: ' . $filesize);
$temp = read_textfile($base_path . '/setup.conf.inc.php');
write_textfile($base_path . '/setup.conf.inc.php', str_replace('?>', "\$NO_ACCESS = true;\n\n?>", $temp));
} else {
$temp = 'Sorry there was a problem downloading "conf.inc.php". Check manually!';
}
echo $temp;
} else {
header('Location: ' . $phpwcms['site'] . $phpwcms['root']);
}
}
exit;
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if ($_SESSION["wcs_user_admin"] == 1) {
//if user has admin rights
write_textfile(PHPWCMS_TEMPLATE . "inc_default/startup.php", slweg($_POST["startup_default"]));
}
headerRedirect($_SESSION['REFERER_URL']);
function phpwcms_revision_r514()
{
$status = true;
// do former revision check – fallback to r509
if (phpwcms_revision_check_temp('509') !== true) {
$status = phpwcms_revision_check('509');
}
// Delete
// empty temp images table
_dbQuery('DROP TABLE IF EXISTS ' . DB_PREPEND . 'phpwcms_imgcache', 'DROP');
// empty temp images directory
$thumbnails = returnFileListAsArray(PHPWCMS_THUMB, 'jpg,jpeg,gif,png');
if (is_array($thumbnails) && count($thumbnails)) {
foreach ($thumbnails as $thumbnail) {
@unlink(PHPWCMS_THUMB . $thumbnail['filename']);
}
}
// Set file hash
$result = _dbQuery("SHOW FIELDS FROM " . DB_PREPEND . "phpwcms_file WHERE Field='f_hash'");
if ($status && !empty($result[0])) {
// Remove unused fields but only when file storage upgrade from earlier update is done
$count = _dbQuery("SHOW COLUMNS FROM " . DB_PREPEND . "phpwcms_file LIKE 'f_thumb_%'", 'COUNT_SHOW');
if ($count === 2) {
$count = _dbCount("SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE f_thumb_list != '' OR f_thumb_preview != ''");
if ($count === 0) {
_dbQuery("ALTER TABLE " . DB_PREPEND . "phpwcms_file DROP f_thumb_list", 'ALTER');
_dbQuery("ALTER TABLE " . DB_PREPEND . "phpwcms_file DROP f_thumb_preview", 'ALTER');
$status = true;
} else {
$status = false;
}
}
$result = array_change_key_case($result[0], CASE_LOWER);
if ($status && $result['type'] == 'varchar(50)') {
$status = _dbQuery("ALTER TABLE " . DB_PREPEND . "phpwcms_file CHANGE f_hash f_hash VARCHAR(255) NOT NULL DEFAULT ''", 'ALTER');
// ensure all went well
if ($status) {
$result = _dbQuery("SHOW FIELDS FROM " . DB_PREPEND . "phpwcms_file WHERE Field='f_hash'");
$status = false;
if (!empty($result[0])) {
$result = array_change_key_case($result[0], CASE_LOWER);
if ($result['type'] == 'varchar(255)') {
$status = true;
}
}
}
}
// Rename Hash and files
if ($status) {
// Cleanup first — Check all files trashed or deleted and not yet physical accessible anymore
$files = _dbGet('phpwcms_file', '*', 'f_trash IN (8,9) AND f_kid=1');
if (isset($files[0]['f_id'])) {
write_textfile(PHPWCMS_STORAGE . 'phpwcms-filestorage.log', date('Y-m-d H:i:s') . ': Prepare removing non-existing, trashed or deleted files from phpwcms_file database table' . LF, 'a');
$file_id = array();
foreach ($files as $file) {
$file['storage_name'] = $file['f_hash'];
if ($file['f_ext']) {
$file['storage_name'] .= '.' . $file['f_ext'];
}
if (!is_file(PHPWCMS_STORAGE . $file['storage_name'])) {
write_textfile(PHPWCMS_STORAGE . 'phpwcms-filestorage.log', date('Y-m-d H:i:s') . ': ' . json_encode($file) . LF, 'a');
$file_id[] = $file['f_id'];
}
}
$file_id = implode(',', $file_id);
write_textfile(PHPWCMS_STORAGE . 'phpwcms-filestorage.log', date('Y-m-d H:i:s') . ': File IDs to be deleted (' . $file_id . ')', 'a');
if ($file_id) {
$result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_file WHERE f_trash IN (8,9) AND f_kid=1 AND f_id IN (' . $file_id . ')', 'DELETE');
if (!empty($result['AFFECTED_ROWS'])) {
write_textfile(PHPWCMS_STORAGE . 'phpwcms-filestorage.log', ' // DONE: ' . $result['AFFECTED_ROWS'] . ' deleted', 'a');
} else {
write_textfile(PHPWCMS_STORAGE . 'phpwcms-filestorage.log', ' // DONE: None deleted', 'a');
}
}
write_textfile(PHPWCMS_STORAGE . 'phpwcms-filestorage.log', LF . LF . '---' . LF . LF, 'a');
}
// ToDo: implement new naming
}
} else {
$status = false;
}
return $status;
}
