} if (!empty($_GET['creaco'])) { echo '<p class="message">' . __('Comment has been successfully created.') . '</p>'; } # XHTML conversion if (!empty($_GET['xconv'])) { $post_excerpt = $post_excerpt_xhtml; $post_content = $post_content_xhtml; $post_format = 'xhtml'; echo '<p class="message">' . __('Don\'t forget to validate your XHTML conversion by saving your post.') . '</p>'; } echo '<h2>' . html::escapeHTML($core->blog->name) . ' › ' . $page_title; if ($post_id && $post->post_status == 1) { echo ' - <a id="post-preview" href="' . $post->getURL() . '" class="button">' . __('View entry') . '</a>'; } elseif ($post_id) { $preview_url = $core->blog->url . $core->url->getBase('preview') . '/' . $core->auth->userID() . '/' . http::browserUID(DC_MASTER_KEY . $core->auth->userID() . $core->auth->getInfo('user_pwd')) . '/' . $post->post_url; echo ' - <a id="post-preview" href="' . $preview_url . '" class="button">' . __('Preview entry') . '</a>'; } echo '</h2>'; if ($post_id) { echo '<p>'; if ($prev_link) { echo $prev_link; } if ($next_link && $prev_link) { echo ' - '; } if ($next_link) { echo $next_link; } # --BEHAVIOR-- adminPostNavLinks
} $cookie_admin = http::browserUID(DC_MASTER_KEY . $user_id . $core->auth->crypt($user_pwd)) . bin2hex(pack('a32', $user_id)); if ($check_perms && $core->auth->mustChangePassword()) { $login_data = join('/', array(base64_encode($user_id), $cookie_admin, empty($_POST['user_remember']) ? '0' : '1')); if (!$core->auth->allowPassChange()) { $err = __('You have to change your password before you can login.'); } else { $err = __('In order to login, you have to change your password now.'); $change_pwd = true; } } elseif ($check_perms && !empty($_POST['safe_mode']) && !$core->auth->isSuperAdmin()) { $err = __('Safe Mode can only be used for super administrators.'); } elseif ($check_perms) { $core->session->start(); $_SESSION['sess_user_id'] = $user_id; $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); if (!empty($_POST['blog'])) { $_SESSION['sess_blog_id'] = $_POST['blog']; } if (!empty($_POST['safe_mode']) && $core->auth->isSuperAdmin()) { $_SESSION['sess_safe_mode'] = true; } if (!empty($_POST['user_remember'])) { setcookie('dc_admin', $cookie_admin, strtotime('+15 days'), '', '', DC_ADMIN_SSL); } $core->adminurl->redirect('admin.home'); } else { if (isset($_COOKIE['dc_admin'])) { unset($_COOKIE['dc_admin']); setcookie('dc_admin', false, -600, '', '', DC_ADMIN_SSL); }
/** * This method checks user session validity. * * @return boolean */ public function checkSession($uid = null) { $this->core->session->start(); # If session does not exist, logout. if (!isset($_SESSION['sess_user_id'])) { $this->core->session->destroy(); return false; } # Check here for user and IP address $this->checkUser($_SESSION['sess_user_id']); $uid = $uid ? $uid : http::browserUID(DC_MASTER_KEY); $user_can_log = $this->userID() !== null && $uid == $_SESSION['sess_browser_uid']; if (!$user_can_log) { $this->core->session->destroy(); return false; } return true; }
mail::sendMail($recover_res['user_email'], $subject, $message, $headers); $msg = __('Your new password is in your mailbox.'); } catch (Exception $e) { $err = $e->getMessage(); } } elseif ($user_id !== null && ($user_pwd !== null || $user_key !== null)) { # We check the user if ($core->auth->checkUser($user_id, $user_pwd, $user_key) === true) { $core->session->start(); $_SESSION['sess_user_id'] = $user_id; $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); if (!empty($_POST['blog'])) { $_SESSION['sess_blog_id'] = $_POST['blog']; } if (!empty($_POST['user_remember'])) { $cookie_admin = http::browserUID(DC_MASTER_KEY . $user_id . crypt::hmac(DC_MASTER_KEY, $user_pwd)) . bin2hex(pack('a32', $user_id)); setcookie('dc_admin', $cookie_admin, strtotime('+15 days'), '', '', DC_ADMIN_SSL); } http::redirect('index.php'); } else { if (isset($_COOKIE['dc_admin'])) { unset($_COOKIE['dc_admin']); setcookie('dc_admin', false, -600, '', '', DC_ADMIN_SSL); } $err = __('Wrong username or password'); } } if (isset($_GET['user'])) { $user_id = $_GET['user']; } header('Content-Type: text/html; charset=UTF-8');
$main_items = new ArrayObject(array("post_title" => '<p class="col">' . '<label class="required no-margin bold" for="post_title"><abbr title="' . __('Required field') . '">*</abbr> ' . __('Title:') . '</label>' . form::field('post_title', 20, 255, html::escapeHTML($post_title), 'maximal') . '</p>', "post_excerpt" => '<p class="area" id="excerpt-area"><label for="post_excerpt" class="bold">' . __('Excerpt:') . ' <span class="form-note">' . __('Introduction to the page.') . '</span></label> ' . form::textarea('post_excerpt', 50, 5, html::escapeHTML($post_excerpt)) . '</p>', "post_content" => '<p class="area" id="content-area"><label class="required bold" ' . 'for="post_content"><abbr title="' . __('Required field') . '">*</abbr> ' . __('Content:') . '</label> ' . form::textarea('post_content', 50, $core->auth->getOption('edit_size'), html::escapeHTML($post_content)) . '</p>', "post_notes" => '<p class="area" id="notes-area"><label for="post_notes" class="bold">' . __('Personal notes:') . ' <span class="form-note">' . __('Unpublished notes.') . '</span></label>' . form::textarea('post_notes', 50, 5, html::escapeHTML($post_notes)) . '</p>')); # --BEHAVIOR-- adminPostFormItems $core->callBehavior('adminPageFormItems', $main_items, $sidebar_items, isset($post) ? $post : null); echo '<div class="multi-part" title="' . ($post_id ? __('Edit page') : __('New page')) . sprintf(' › %s', $post_format) . '" id="edit-entry">'; echo '<form action="' . html::escapeURL($redir_url) . '" method="post" id="entry-form">'; echo '<div id="entry-wrapper">'; echo '<div id="entry-content"><div class="constrained">'; echo '<h3 class="out-of-screen-if-js">' . __('Edit page') . '</h3>'; foreach ($main_items as $id => $item) { echo $item; } # --BEHAVIOR-- adminPageForm $core->callBehavior('adminPageForm', isset($post) ? $post : null); echo '<p class="border-top">' . ($post_id ? form::hidden('id', $post_id) : '') . '<input type="submit" value="' . __('Save') . ' (s)" ' . 'accesskey="s" name="save" /> '; if ($post_id) { $preview_url = $core->blog->url . $core->url->getURLFor('pagespreview', $core->auth->userID() . '/' . http::browserUID(DC_MASTER_KEY . $core->auth->userID() . $core->auth->getInfo('user_pwd')) . '/' . $post->post_url); echo '<a id="post-preview" href="' . $preview_url . '" class="button" accesskey="p">' . __('Preview') . ' (p)' . '</a>'; } else { echo '<a id="post-cancel" href="' . $core->adminurl->get('admin.home') . '" class="button" accesskey="c">' . __('Cancel') . ' (c)</a>'; } echo ($can_delete ? '<input type="submit" class="delete" value="' . __('Delete') . '" name="delete" />' : '') . $core->formNonce() . '</p>'; echo '</div></div>'; // End #entry-content echo '</div>'; // End #entry-wrapper echo '<div id="entry-sidebar" role="complementary">'; foreach ($sidebar_items as $id => $c) { echo '<div id="' . $id . '" class="sb-box">' . '<h4>' . $c['title'] . '</h4>'; foreach ($c['items'] as $e_name => $e_content) { echo $e_content; }
$err = $e->getMessage(); } } elseif ($user_id !== null && ($user_pwd !== null || $user_key !== null)) { if (check_email_address($user_id)) { $rs_user = $core->con->select("SELECT user_id FROM " . $core->prefix . "user WHERE user_email = '" . $user_id . "'"); if ($rs_user->count() == 1) { $user_id = $rs_user->user_id; } } # We check the user $check_user = $core->auth->checkUser($user_id, $user_pwd, $user_key) === true; $cookie_admin = http::browserUID('BP_MASTER_KEY' . $user_id . crypt::hmac('BP_MASTER_KEY', $user_pwd)) . bin2hex(pack('a32', $user_id)); if ($check_user) { $core->session->start(); $_SESSION['sess_user_id'] = $user_id; $_SESSION['sess_browser_uid'] = http::browserUID('BP_MASTER_KEY'); if (!empty($_POST['user_remember'])) { setcookie('bp_admin', $cookie_admin, strtotime('+30 days'), '', ''); } $rs = $core->con->select('SELECT user_token, user_email, user_id, user_fullname, user_pwd FROM ' . $core->prefix . 'user WHERE user_id=\'' . $user_id . '\''); # if no token exists, create one $rs->extend('rsExtUser'); if ($rs->user_token == '') { $token = generateUserToken($rs->user_fullname, $rs->user_email, $rs->user_pwd); $curt = $core->con->openCursor($core->prefix . 'user'); $curt->user_token = $token; $curt->modified = array(' NOW() '); $curt->update("WHERE user_id='" . $rs->user_id . "'"); } http::redirect($came_from);