$httpsUrl"));
}
// restrict IP access
if (@$SETTINGS['advanced']['restrictByIP'] && !isIpAllowed()) {
die(sprintf(t("Access is not permitted from your IP address (%s)"), $_SERVER['REMOTE_ADDR']));
}
// install or upgrade if needed
installIfNeeded();
upgradeIfNeeded();
// register if needed
# NOTE: Disabling or modifying licensing or registration code violates your license agreement and is willful copyright infringement.
# NOTE: Copyright infringement can be very expensive: http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement
# NOTE: Please do not steal our software.
registerIfNeeded();
// set current user or show login menu
function adminLoginMenu() {
global $CURRENT_USER;
// login menu actions
$action = @$_REQUEST['action'];
if ($action == 'logoff') { user_logoff(); exit; }
if ($action == 'loginSubmit') {
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
foreach (array('username','password') as $field) { // v2.52 remove leading and trailing whitespace (for usability, users accidentally add whitespace)
$_REQUEST[$field] = preg_replace("/^\s+|\s+$/s", '', @$_REQUEST[$field]);
}
loginCookie_set(@$_REQUEST['username'], getPasswordDigest(@$_REQUEST['password']));
}
// load current user
$CURRENT_USER = getCurrentUser($loginExpired);
// report any errors
$errors = '';
if ($loginExpired) { $errors .= t("You've been logged out due to inactivity, please login again to continue."); }
else if (!$CURRENT_USER && $action == 'loginSubmit') { $errors .= t("Invalid username or password"); }
else if (@$CURRENT_USER['disabled']) { $errors .= t("Your account has been disabled."); }
else if (@$CURRENT_USER['isExpired']) { $errors .= t("Your account has expired."); }
if ($errors) {
alert($errors);
loginCookie_remove(); // if data in login cookie is invalid, remove login cookie so we don't keep checking it
$CURRENT_USER = false; // if login is invalid, clear user variable
usleep(mt_rand(1000000, 3000000)); // sleep somewhere between 1-3 seconds to delay brute force attacks (random sleep time makes it so attacker can't assume slow response is failed password)
}
// if no logged in user
if (!$CURRENT_USER) {
// perform login screen maintenance actions - useful place to run common operations
if (!$action) {
createMissingSchemaTablesAndFields(); // create/update missing schemas, etc
// show helpful messages
if (!mysql_count('accounts')) { alert(t("There are no user accounts in the database.")); }
}
// show login screen if user not logged in
showInterface('login.php');
exit;
}
// if user logged in
if ($CURRENT_USER) {
// reset login cookie (to update lastAccess time used to track session expiry)
loginCookie_set(@$CURRENT_USER['username'], getPasswordDigest(@$CURRENT_USER['password']));
// redirect to last url - on valid login
$redirectUrl = @$_REQUEST['redirectUrl'];
if ($redirectUrl) {
redirectBrowserToURL($redirectUrl, true);
exit;
}
}
}
//
function installIfNeeded() {
global $SETTINGS, $APP, $TABLE_PREFIX;
if (isInstalled()) { return; } // skip if already installed
// rename default files
renameOrRemoveDefaultFiles();
// error checking
if ($SETTINGS['uploadDir'] && !is_dir($SETTINGS['uploadDir'])) {
print "Upload directory doesn't exist, please update 'uploadDir' in /data/" .SETTINGS_FILENAME. "
\n";
print "Current uploadDir value: " .htmlencode($SETTINGS['uploadDir']). "
\n";
print "Suggested uploadDir value: uploads/ or ../uploads/
\n";
exit;
}
// error checking
checkFilePermissions();
// display license
if (@$_REQUEST['menu'] == 'license') { showInterface('license.php'); }
// save
if (@$_REQUEST['save']) {
// error checking
if (!$_REQUEST['licenseCompanyName']) { alert("Please enter your 'Company Name'
\n"); }
if (!$_REQUEST['licenseDomainName']) { alert("Please enter your 'Domain Name'
\n"); }
if (!$_REQUEST['agreeToLicense']) { alert("Please check 'I accept the terms of the License Agreement'
\n"); }
if (!$_REQUEST['mysqlHostname']) { alert("Please enter your 'MySQL Hostname'
\n"); }
if (!$_REQUEST['mysqlDatabase']) { alert("Please enter your 'MySQL Database'
\n"); }
if (!$_REQUEST['mysqlUsername']) { alert("Please enter your 'MySQL Username'
\n"); }
if (!$_REQUEST['mysqlTablePrefix']) { alert("Please enter your 'MySQL Table Prefix'
\n"); }
elseif (preg_match("/[A-Z]/", $_REQUEST['mysqlTablePrefix'])) { alert("Value for 'MySQL Table Prefix' must be lowercase.
\n"); }
elseif (!preg_match("/^[a-z]/i", $_REQUEST['mysqlTablePrefix'])) { alert("Value for 'MySQL Table Prefix' must start with a letter.
\n"); }
elseif (!preg_match("/_$/", $_REQUEST['mysqlTablePrefix'])) { alert("Value for 'MySQL Table Prefix' must end in underscore.
\n"); }
// New Installation
if (!@$_REQUEST['restoreFromBackup']) {
if (!$_REQUEST['adminFullname']) { alert("Please enter 'Admin Full Name'
\n"); }
if (!$_REQUEST['adminEmail']) { alert("Please enter 'Admin Email'
\n"); }
elseif (!isValidEmail($_REQUEST['adminEmail'])) { alert("Please enter a valid email for 'Admin Email' (Example: user@example.com)
\n"); }
if (!$_REQUEST['adminUsername']) { alert("Please enter 'Admin Username'
\n"); }
$passwordErrors = getNewPasswordErrors($_REQUEST['adminPassword1'], $_REQUEST['adminPassword2'], $_REQUEST['adminUsername']); // v2.52
if ($passwordErrors) { alert( nl2br(htmlencode($passwordErrors)) ); }
}
// Restore from Backup
if (@$_REQUEST['restoreFromBackup']) {
if (!$_REQUEST['restore']) { alert("Please select a backup file to restore
\n"); }
}
// Advanced - v2.53
if (!@$_REQUEST['useCustomSettingsFile']) {
if (is_file(SETTINGS_DEV_FILEPATH)) { alert(t("You must select 'Use Custom Settings File' since a custom settings file for this domain already exists!"). "
\n"); }
elseif (isDevServer()) { alert("This is a development server, you must select 'Use Custom Settings File'.". "
\n"); }
}
if (@$_REQUEST['webPrefixUrl'] != '') {
if (!preg_match("|^(\w+:/)?/|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL must start with /") ."
\n"); }
if (preg_match("|/$|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL cannot end with /") ."
\n"); }
}
// update settings (not saved unless there are no errors)
$SETTINGS['cookiePrefix'] = substr(md5(mt_rand()), 0, 5) . '_'; //v2.51 shortened prefix so it's easy to see full cookie names in browser cookie list
$SETTINGS['adminEmail'] = @$SETTINGS['adminEmail'] ? $SETTINGS['adminEmail'] : $_REQUEST['adminEmail'];
$SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName'];
$SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName'];
$SETTINGS['webRootDir'] = @$SETTINGS['webRootDir'] ? $SETTINGS['webRootDir'] : @$_SERVER['DOCUMENT_ROOT'];
$SETTINGS['mysql']['hostname'] = $_REQUEST['mysqlHostname'];
$SETTINGS['mysql']['database'] = $_REQUEST['mysqlDatabase'];
$SETTINGS['mysql']['username'] = $_REQUEST['mysqlUsername'];
$SETTINGS['mysql']['password'] = $_REQUEST['mysqlPassword'];
$SETTINGS['mysql']['tablePrefix'] = $_REQUEST['mysqlTablePrefix'];
$TABLE_PREFIX = $_REQUEST['mysqlTablePrefix']; // update TABLE_PREFIX global as well.
$SETTINGS['webPrefixUrl'] = $_REQUEST['webPrefixUrl'];
// display errors
if (alert()) {
require "lib/menus/install.php";
exit;
}
// connect to mysql
$errors = connectToMySQL('returnErrors');
if ($errors) {
alert($errors);
require "lib/menus/install.php";
exit;
}
else { connectToMySQL(); }
// create schema tables
createMissingSchemaTablesAndFields();
clearAlertsAndNotices(); // don't show "created table/field" alerts
// New Installation: check if admin user already exists
if (!@$_REQUEST['restoreFromBackup']) {
$passwordHash = getPasswordDigest($_REQUEST['adminPassword1']);
$identicalUserExists = mysql_count('accounts', array('username' => $_REQUEST['adminUsername'], 'password' => $passwordHash, 'isAdmin' => '1'));
if (!$identicalUserExists) { // if the don't exist, check if a user with the same username exists and show an error if they do
$count = mysql_count('accounts', array('username' => $_REQUEST['adminUsername']));
if (!$identicalUserExists && $count > 0) { alert("Admin username already exists, please choose another.
\n"); }
}
// create admin user
if (!$identicalUserExists && !alert()) {
mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)
mysql_query("INSERT INTO `{$TABLE_PREFIX}accounts` SET
createdDate = NOW(),
createdByUserNum = '0',
updatedDate = NOW(),
updatedByUserNum = '0',
fullname = '".mysql_escape( $_REQUEST['adminFullname'] )."', email = '".mysql_escape( $_REQUEST['adminEmail'] )."',
username = '".mysql_escape( $_REQUEST['adminUsername'] )."', password = '".mysql_escape($passwordHash)."',
disabled = '0',
isAdmin = '1',
expiresDate = '0000-00-00 00:00:00',
neverExpires = '1'") or alert("MySQL Error Creating Admin User:
\n". htmlencode(mysql_error()) . "\n");
// create accesslist entry
mysql_query("INSERT INTO `{$TABLE_PREFIX}_accesslist` (userNum, tableName, accessLevel, maxRecords, randomSaveId)
VALUES (LAST_INSERT_ID(), 'all', '9', NULL, '1234567890')") or alert("MySQL Error Creating Admin Access List:
\n". htmlencode(mysql_error()) . "\n");
}
}
// Restore from Backup: Restore backup file
if (@$_REQUEST['restoreFromBackup']) {
$userCount = mysql_count('accounts');
if ($userCount) {
$userTable = $TABLE_PREFIX . 'accounts';
$errorMessage = sprintf("Can't restore from backup because it would overwrite the %s existing user accounts in the specified database location.
\n", $userCount);
$errorMessage .= sprintf("Try changing the MySQL Database or Table Prefix to restore to a different location, or remove existing users from '%s'.
\n", $userTable);
alert($errorMessage);
}
else { // restore database
$restoreDatabaseFilePath = $GLOBALS['BACKUP_DIR'] . @$_REQUEST['restore'];
mysqlStrictMode(false); // disable Mysql strict errors
restoreDatabase($restoreDatabaseFilePath);
notice("Restored backup file $restoreDatabaseFilePath");
createMissingSchemaTablesAndFields(); // create any fields that weren't in the backup database but were in the schema files
makeAllUploadRecordsRelative();
}
}
// save settings
if (!alert()) {
saveSettings( @$_REQUEST['useCustomSettingsFile'] );
isInstalled(true); // save installed status
redirectBrowserToURL('?menu=home', true); // refresh page
exitl;
}
}
// set defaults
if (!array_key_exists('licenseDomainName', $_REQUEST)) { $_REQUEST['licenseDomainName'] = $_SERVER['HTTP_HOST']; }
if (!array_key_exists('mysqlHostname', $_REQUEST)) { $_REQUEST['mysqlHostname'] = $SETTINGS['mysql']['hostname']; }
if (!array_key_exists('mysqlDatabase', $_REQUEST)) { $_REQUEST['mysqlDatabase'] = $SETTINGS['mysql']['database']; }
if (!array_key_exists('mysqlUsername', $_REQUEST)) { $_REQUEST['mysqlUsername'] = $SETTINGS['mysql']['username']; }
if (!array_key_exists('mysqlTablePrefix', $_REQUEST)) { $_REQUEST['mysqlTablePrefix'] = $SETTINGS['mysql']['tablePrefix']; }
// show form
require "lib/menus/install.php";
exit;
}
//
function upgradeIfNeeded() {
global $SETTINGS, $APP;
if (!isUpgradePending()) { return; }
// rename default files
renameOrRemoveDefaultFiles();
// run upgrades
require "lib/upgrade_functions.php";
// update version in settings
$SETTINGS['programVersion'] = $APP['version'];
saveSettings();
}
// verify product id and register product if needed
function registerIfNeeded($forceRegister = false) {
global $SETTINGS;
# NOTE: Disabling or modifying licensing or registration code violates your license agreement and is willful copyright infringement.
# NOTE: Copyright infringement can be very expensive: http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement
# NOTE: Please do not steal our software.
# call register on install, relocation, request, and periodically during usage
$programJustInstalled = !$SETTINGS['installPath'];
$programHasBeenMoved = $SETTINGS['installPath'] != _getInstallPath();
$registrationRequested = (@$_REQUEST['action'] == 'register') || $forceRegister;
$_daysSinceRegistered = (int) abs((time() - $SETTINGS['dateRegistered']) / (60*60*24));
$periodicLicenseCheck = ($_daysSinceRegistered >= 30);
if ($programJustInstalled || $programHasBeenMoved || $registrationRequested || $periodicLicenseCheck) {
register();
}
}
// register product
function register() {
global $SETTINGS, $APP;
# NOTE: Disabling or modifying licensing or registration code violates your license agreement and is willful copyright infringement.
# NOTE: Copyright infringement can be very expensive: http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement
# NOTE: Please do not steal our software.
// get filepath
$caller = array_pop(@debug_backtrace());
$filepath = realpath($caller['file']);
### Build registration query
$hostname = getFirstDefinedValue($_SERVER["HTTP_HOST"], $_SERVER["SERVER_NAME"], @$_SERVER["SERVER_ADDR"] );
$url = $_SERVER["SCRIPT_NAME"];
$reginfo = 'reg1=' . urlencode($SETTINGS['licenseCompanyName']); # Company Name
$reginfo .= '®2=' . urlencode($SETTINGS['licenseDomainName']); # Domain Name
$reginfo .= '&lnum=' . isValidProductId($SETTINGS['licenseProductId']); # License Number
$reginfo .= '&prog=' . $APP['id']; # Program Id
$reginfo .= '&ver=' . $APP['version']; # Program Version
$reginfo .= '&url=' . urlencode("$hostname$url"); # script url
# get license status
list($response, $statusCode) = getPage("http://www.registerSoftware.to/register/register.cgi?$reginfo");
if (preg_match('/license.invalid/', $response)) { $isDisabled = 1; }
else if (preg_match('/license.valid/', $response)) { $isDisabled = 0; }
# save settings
$SETTINGS['installPath'] = _getInstallPath();
$SETTINGS['dateRegistered'] = time();
saveSettings();
//
return !$isDisabled;
}
// Returns program directory
// _getInstallPath(); // returns /var/htdocs/cms/
// _getInstallPath('test'); // returns /var/htdocs/cms/test
function _getInstallPath( $addSuffix = '' ) {
// install path should be one up from this library file
$moduleFilepath = __FILE__;
$moduleDir = dirname($moduleFilepath);
$installPath = dirname($moduleDir);
// add suffix if needed
if ($addSuffix) {
$installPath .= "/$addSuffix";
}
//
$installPath = preg_replace('/[\\\\\/]+/', '/', $installPath); // replace and collapse slashes
return $installPath;
}
function checkFilePermissions() {
global $PROGRAM_DIR, $APP, $SETTINGS;
$dirs = array();
$dirs[] = DATA_DIR;
$dirs[] = DATA_DIR.'/schema';
$dirs[] = DATA_DIR.'/schemaPresets';
// get list of files
$filepaths = array();
foreach ($dirs as $dir) {
foreach (scandir($dir) as $filename) {
$filepath = "$dir/$filename";
if (!is_file($filepath)) { continue; }
if (!preg_match("/\.php$/", $filepath)) { continue; }
$filepaths[] = $filepath;
}
}
$filepaths[] = DATA_DIR.'/';
$filepaths[] = SETTINGS_FILEPATH;
$filepaths[] = $GLOBALS['BACKUP_DIR'];
$filepaths[] = DATA_DIR.'/schema/';
$filepaths[] = DATA_DIR.'/schemaPresets/';
$filepaths[] = DATA_DIR.'/temp/';
$filepaths[] = $SETTINGS['uploadDir'].'/';
$filepaths[] = $SETTINGS['uploadDir'].'/thumb/';
$filepaths[] = $SETTINGS['uploadDir'].'/thumb2/';
$filepaths[] = $SETTINGS['uploadDir'].'/thumb3/';
$filepaths[] = $SETTINGS['uploadDir'].'/thumb4/';
sort($filepaths);
// check permissions
$notFoundErrors = '';
$notWritableErrors = '';
foreach ($filepaths as $filepath) {
$filepath = preg_replace("/\/+/", "/", $filepath); // collapse multiple slashes
if (!file_exists($filepath) && !@mkdir($filepath)) { $notFoundErrors .= "$filepath\n"; }
else if (!isPathWritable($filepath)) { $notWritableErrors .= "$filepath\n"; }
}
if ($notFoundErrors) {
print t("Configuration Error - Please make sure the following files and directories have been uploaded:") . "
\n";
print "";
exit;
}
if ($notWritableErrors) {
print t("Configuration Error - Please make the following files and directories writable:") . "
\n";
print "";
if (isWindows()) { print t("Windows: Ask your 'server administrator' to give PHP write permissions to these files"); }
else { print t("Linux/Unix: To find the highest security supported by your server try these chmod permissions and use the first one that works: 755, 775, 777"); }
exit;
}
}
//
function allowSublicensing() {
global $SETTINGS;
$allowSublicencing = md5($SETTINGS['vendorName']) == 'b1e8e6f4faf2741fd0ca553c46c3fee3';
return $allowSublicencing;
}
//
function showInterfaceError($alert) {
$errors = alert($alert);
if (isAjaxRequest()) { die($errors); }
else {
// show error alert, header, footer, and no body.
include "lib/menus/header.php";
include "lib/menus/footer.php";
exit;
}
}
//
function showInterface($body, $showHeaderAndFooter = "n/a") {
if ($showHeaderAndFooter !== "n/a") {
@trigger_error(__FUNCTION__ . "() should not be called with \$showHeaderAndFooter option by new adminUI architecture", E_USER_NOTICE);
}
if ($body == '') { $body = "home.php"; }
include "lib/menus/$body";
exit;
}
// noCacheUrlForCmsFile($pathFromCmsDir); // return filepath with ?modified_time on url to prevent caching
// Usage: echo noCacheUrlForCmsFile("3rdParty/clipone/css/main.css");
function noCacheUrlForCmsFile($pathFromCmsDir) {
$cmsFilePath = CMS_ASSETS_DIR .'/'. $pathFromCmsDir;
$cmsFileUrl = CMS_ASSETS_URL .'/'. $pathFromCmsDir;
$modifiedTime = @filemtime($cmsFilePath);
return "$cmsFileUrl?$modifiedTime"; // on file change browsers should no longer use cached versions
}
//
function clearAlertsAndNotices() {
global $APP;
$APP['alerts'] = '';
$APP['notices'] = '';
}
/* Compose and output the Admin UI template from to