static function login() { core::reg('run-naked',true); $realm= core::config('cms-realm'); if (!$realm) { $realm= strtolower($_SERVER['HTTP_HOST']); if (substr($realm,0,4)=='www.') $realm= substr($realm,4); $realm= 'ConKit@'.$realm; } if (!isset($_SERVER['PHP_AUTH_USER'])) core::halt(401,$realm); $exp= (isset($_COOKIE['conkit_cms_exp']) ? $_COOKIE['conkit_cms_exp'] : null); if ($_SERVER['PHP_AUTH_USER']===$exp) { setcookie('conkit_cms_exp','',0,'/'); core::halt(401,$realm); } $loginHandler= core::config('cms-user-check'); if (!$loginHandler) $res= cms::loginCheck($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); else $res= call_user_func($loginHandler,$_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); if ($res!==false) { if (!$loginHandler) $res= core::reqSession('.cms-admin', array_merge(array('name'=>$_SERVER['PHP_AUTH_USER']),core::$config['cms-users'][$_SERVER['PHP_AUTH_USER']])); elseif (is_array($res)) $res= array_merge(array('name'=>$_SERVER['PHP_AUTH_USER'],'password'=>$_SERVER['PHP_AUTH_PW']),$res); else $res= array('name'=>$_SERVER['PHP_AUTH_USER'],'password'=>$_SERVER['PHP_AUTH_PW'],'attr'=>$res); core::reqSession('.cms-admin', $res); core::halt(302,urldecode(core::req('cms-request'))); } else core::halt(401,$realm); }
static function required($args) // add up required vars { if (isset(core::$config['required-vars']) && !core::reg('ignore-required-vars')) { foreach (core::$config['required-vars'] as $name=>$data) { if (!isset($args['request'][$name])) $args['request'][$name]= core::$req[$name]; if ($args['request'][$name]==$data['ommit']) unset($args['request'][$name]); } } if (core::reg('ignore-required-vars') && core::$config['required-vars']) { foreach (core::$config['required-vars'] as $name=>$data) { if (isset($args['request'][$name])) unset($args['request'][$name]); } } return $args; }
static function forward($file) { core::reg('run-naked', true); if ($file!='cms.css' && $file!='cms.js') core::halt(403); if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && !core::config('run-devel')) { header('HTTP/1.1 304 Not Modified'); header('Cache-Control: public, max-age=3600'); header('Content-Length: 0'); exit; } else { if ($file=='cms.js') { header('Content-Type: text/javascript'); header('Cache-Control: public, max-age=3600'); header('Content-Length: '.filesize(CORE.$file)); header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime(CORE.$file)).' GMT'); header('Pragma: public'); readfile(CORE.$file); } elseif ($file=='cms.css') { $setcolor= function($color) { return str_pad(core::config('cms-'.$color ),24); }; header('Content-Type: text/css'); header('Cache-Control: public, max-age=3600'); header('Content-Length: '.filesize(CORE.$file.'.php')); header('Last-Modified: '.gmdate('D, d M Y H:i:s', time()).' GMT'); header('Pragma: public'); include(CORE.$file.'.php'); } else core::halt(404); exit; } }
static function start() /// Launches whole the action after configuration read { error_reporting(core::$config['error-reporting-lo']); foreach ($_COOKIE as $var=>$val) core::$req[$var]= $val; if (isset(core::$config['cookie-vars'])) foreach (core::$config['cookie-vars'] as $var=>$config) { core::$req[$var]= core::filter(core::req($var),$config); } foreach ($_GET as $var=>$val) if ($var!==session_name()) core::$req[$var]= core::$reqUrl[$var]= $val; unset(core::$reqUrl[core::config('module-var')]); foreach ($_POST as $var=>$val) if ($var!==session_name()) core::$req[$var]= $val; foreach ($_FILES as $var=>$val) { if (is_string($val['name'])) core::$req[$var]= $val; // <input type=file name=xxx ...> else // <input type=file name=xxx[yyy] ...> { foreach ($val['name'] as $key=>$void) { core::$req[$var][$key]= array( 'name'=>$val['name'][$key], 'type'=>$val['type'][$key], 'tmp_name'=>$val['tmp_name'][$key], 'error'=>$val['error'][$key], 'size'=>$val['size'][$key] ); } } } if (isset(core::$config['cookie-vars'])) foreach (core::$config['cookie-vars'] as $name=>$config) { if (isset(core::$req[$name])) { core::$req[$name]= core::filter(core::$req[$name], $config); if (!isset($_COOKIE[$name]) || $_COOKIE[$name]!=core::$req[$name]) { setcookie($name, core::$req[$name], $config['expire']); } unset(core::$reqUrl[$name]); } } // apply required vars if (isset(core::$config['required'])) foreach (core::$config['required'] as $name=>$config) { core::$req[$name]= core::filter(core::$req[$name],$comfig); core::$reqUrl[$name]= core::$req[$name]; } if (!core::moduleName()) { if (is_array(core::$config['default-module'])) { $args= href::processArgs(core::$config['default-module']); core::$req[core::$config['module-var']]= $args['template']; array_merge(core::$reques,$args['req']); } } core::$req[core::$config['module-var']]= str_replace('..','(dot)(dot)',core::moduleName()); //secure upper directories core::$req[core::$config['module-var']]= str_replace("\0",'(0)',core::moduleName()); //secure core::$req[core::$config['module-var']]= str_replace('<','(lt)',core::moduleName()); //secure core::$req[core::$config['module-var']]= str_replace('>','(gt)',core::moduleName()); //secure // set session var if (core::req(session_name()) || isset(core::$config['session-vars'])) { if (!session_id()) session_start(); foreach ($_SESSION as $name=>$val) core::$req[$name]= $val; if (isset(core::$config['session-vars'])) foreach (core::$config['session-vars'] as $name=>$config) { core::$req[$name]= core::filter(core::req($name),$config); unset(core::$reqUrl[$name]); } } if (core::req('cms-oper')) cms::perform(); elseif (core::req('core-module')=='cms-resource') cmsGui::forward(core::req('file')); ob_start(); if (isset(core::$config['pre-models'])) foreach(core::$config['pre-models'] as $model) core::model($model); core::insert(core::moduleName()); $buffer= ob_get_contents(); ob_end_clean(); // Process pre- and post-templates if (!core::reg('run-naked')) { ob_start(); if (isset(core::$config['pre-module'])) core::insert(core::$config['pre-module']); echo $buffer; if (isset(core::$config['post-module'])) core::insert(core::$config['post-module']); if (isset(core::$config['post-models'])) foreach(core::$config['post-models'] as $model) core::model($model); $buffer= ob_get_contents(); ob_end_clean(); } // Output echo $buffer; //if (core::$prepend) core::error('one or more prepends were not utilized: '.implode(',',array_keys(core::$prepend))); }
<? if (!core::cms()) core::halt(403); core::reg('run-naked',true); $file= core::config('data-path').'block1.txt'; $output.= "<h2>File $file</h2>"; if (file_exists($file)) { if (is_writable($file)) $output.= 'is OK'; else $output.= 'is not writable'; } else $output.= 'does not exist'; $output.= "<hr>"; $file= core::config('data-path').'block2.txt'; $output.= "<h2>File $file</h2>"; if (file_exists($file)) { if (is_writable($file)) $output.= 'is OK'; else $output.= 'is not writable'; } else $output.= 'does not exist'; $output.= "<hr>";