define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/lib/sitemap.php';
// security check done ASAP
if (!checkAuth() || empty($_SESSION['rc1']) || empty($_SESSION['rc2'])) {
die("No external access to file");
}
$do = getGETparam4IdOrNumber('do');
$status = getGETparam4IdOrNumber('status');
$status_message = getGETparam4DisplayHTML('msg');
// Set the default template
$dir_temp = BASE_PATH . "/lib/templates/";
$get_temp = getGETparam4FullFilePath('template', $template[0] . '.tpl.html');
$chstatus = is_writable_ex($dir_temp . $get_temp);
// @dev: to test the error feedback on read-only on Win+UNIX: add '|| 1' here.
// Check for filename
if (!empty($get_temp)) {
if (@fopen($dir_temp . $get_temp, 'r')) {
$handle = fopen($dir_temp . $get_temp, 'r');
// PHP5+ Feature
$contents = stream_get_contents($handle);
if (0) {
// PHP4 Compatibility
$flen = filesize($dir_temp . $get_temp);
if ($flen > 0) {
$contents = @fread($handle, $flen);
}
}
fclose($handle);
// }
exit;
}
/**
* Regenerate all thumbnails. This will delete any existing thumbnails!
*/
if ($_SERVER['REQUEST_METHOD'] == 'GET' && $do_action == 'confirm_regen') {
FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id);
try {
$album_name = getGETparam4Filename('album');
if (!empty($album_name)) {
FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id . '&album=' . $album_name);
// Only if current user has the rights
if ($perm->is_level_okay('manageModLightbox', $_SESSION['ccms_userLevel'])) {
$dest = BASE_PATH . '/media/albums/' . $album_name;
if (!is_dir($dest) && is_writable_ex($dest)) {
throw new FbX($ccms['lang']['system']['error_dirwrite']);
}
if (!is_dir($dest . '/_thumbs')) {
if (!@mkdir($dest . '/_thumbs')) {
throw new FbX($ccms['lang']['system']['error_dirwrite']);
}
}
foreach (array_diff(scandir($dest), array('.', '..', 'index.html', 'info.txt')) as $f) {
if (is_file($dest . '/' . $f)) {
$extension = pathinfo($f, PATHINFO_EXTENSION);
$uploadedfile = $dest . '/' . $f;
// Do resize
switch ($extension) {
case 'jpg':
case 'jpeg':
//
if ($err == 0) {
$htaccess = @file_get_contents(BASE_PATH . '/.htaccess');
$newpath = $_SESSION['variables']['rootdir'];
// remove the <IfDefine> and </IfDefine> to turn on the rewrite rules, now that we have the site configured!
$htaccess = preg_replace('/([# \\t]*)(<IfDefine CCMS_installed>)/', '# \\2', $htaccess);
$htaccess = preg_replace('/([# \\t]*)(<\\/IfDefine>(\\s*#\\s*CCMS_installed)?)/', '# \\2', $htaccess);
// make sure the regexes tolerate ErrorDocument/RewriteBase lines which point at a subdirectory instead of the / root:
$htaccess = preg_replace('/(ErrorDocument\\s+[0-9]+\\s+)\\/(.*)(index\\.php\\?page)/', '\\1' . $newpath . '\\3', $htaccess);
$htaccess = preg_replace('/(RewriteBase\\s+)\\/.*/', '\\1' . $newpath, $htaccess);
if (!$htaccess) {
$errors[] = 'Fatal: could not set the RewriteBase in the .htaccess file.';
$err++;
} else {
if (!$cfg['IN_DEVELOPMENT_ENVIRONMENT'] || WRITE_CFG_FILES_TO_DISK) {
if (is_writable_ex(BASE_PATH . '/.htaccess') && ($fp = fopen(BASE_PATH . '/.htaccess', 'w'))) {
if (fwrite($fp, $htaccess, strlen($htaccess))) {
$log[] = "Successfully rewrote the .htaccess file";
} else {
$errors[] = "Fatal: Problem saving new .htaccess file.";
$errors[] = 'Make sure the file is writable, or <a href="index.php?do=ftp">do so now</a>.';
$err++;
}
fclose($fp);
} else {
$errors[] = 'Fatal: the .htaccess file is not writable.';
$errors[] = 'Make sure the file is writable, or <a href="index.php?do=ftp">do so now</a>.';
$err++;
}
} else {
if ($cfg['IN_DEVELOPMENT_ENVIRONMENT'] && DUMP_QUERIES_N_STUFF_IN_DEVMODE) {
if ($perm->is_level_okay('managePageEditing', $_SESSION['ccms_userLevel']) && ($row->iscoding != 'Y' || $perm->is_level_okay('managePageCoding', $_SESSION['ccms_userLevel'])) && (!in_array($row->urlpage, $cfg['restrict']) || in_array($_SESSION['ccms_userID'], $owner))) {
$active = $row->published;
$name = $row->urlpage;
if ($row->iscoding == 'Y') {
// code pages: only for users with elevated rights, so we're okay with less filtering (none at all, in this case!)
$type = 'code';
$content = getPOSTparam4RAWCONTENT('content');
// accept ANYTHING: it's code, so can carry anything, including javascript and PHP code chunks!
} else {
$type = 'text';
$content = getPOSTparam4RAWHTML('content');
// [i_a] must be RAW HTML, no htmlspecialchars(). Filtering required if malicious input risk expected.
}
$filename = BASE_PATH . '/content/' . $name . '.php';
$keywords = getPOSTparam4DisplayHTML('keywords');
if (is_writable_ex($filename)) {
if (!($handle = fopen($filename, 'w'))) {
die('[ERR105] ' . $ccms['lang']['system']['error_openfile'] . ' (' . $filename . ').');
}
if (fwrite($handle, $content) === FALSE) {
die('[ERR106] ' . $ccms['lang']['system']['error_write'] . ' (' . $filename . ').');
}
fclose($handle);
} else {
die($ccms['lang']['system']['error_chmod']);
}
// Save keywords to database
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values['keywords'] = MySQL::SQLValue($keywords, MySQL::SQLVALUE_TEXT);
if ($db->UpdateRow($cfg['db_prefix'] . 'pages', $values, array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)))) {