PageRenderTime 27ms CodeModel.GetById 7ms RepoModel.GetById 0ms app.codeStats 0ms

/legacy/includes/pages/admin/themes.php

http://novaboard.googlecode.com/
PHP | 487 lines | 16 code | 11 blank | 460 comment | 2 complexity | 8e79bd01f716d0dad4f6384a4da9d8dc MD5 | raw file
Possible License(s): AGPL-3.0 
    

  1. <?php

    2. 

  2. /*

    3. 

  3. +--------------------------------------------------------------------------

    4. 

  4. |  NovaBoard

    5. 

  5. |  ========================================

    6. 

  6. |  By The NovaBoard team

    7. 

  7. |  Released under the Artistic License 2.0
    8. 

  8. |  http://www.novaboard.net

    9. 

  9. |  ========================================
|+--------------------------------------------------------------------------

    10. 

  10. |   themes.php - install/remove forum themes

    11. 

  11.  

    12. 

  12. */

    13. 

  13. 

    14. 

  14. if (!defined('NOVA_RUN')){

    15. 

  15. 	echo "<h1>ACCESS DENIED</h1>You cannot access this file directly.";

    16. 

  16. 	exit();

    17. 

  17. }

    18. 

  18. 

    19. 

  19. require_once "scripts/php/dUnzip2.inc.php";

    20. 

  20. 

    21. 

  21. template_hook("pages/admin/themes.template.php", "start");

    22. 

  22. 

    23. 

  23. if ($can_change_site_settings=='0'){

    24. 

  24. 

    25. 

  25. 	nova_redirect("index.php?page=error&error=11","error/11");

    26. 

  26. 

    27. 

  27. }

    28. 

  28. 

    29. 

  29. else{

    30. 

  30. 

    31. 

  31. foreach (glob("themes/*.zip") as $file_name) {

    32. 

  32. unlink ($file_name);

    33. 

  33. }

    34. 

  34. 

    35. 

  35. if (isset($_POST['upload'])){

    36. 

  36. 

    37. 

  37. $contenttype = $_FILES['uploadedfile']['type'];

    38. 

  38. 

    39. 

  39. $file=$_FILES['uploadedfile']['name'];

    40. 

  40. 

    41. 

  41. $parts			= explode('.', $file);

    42. 

  42. $ext			= $parts[count($parts)-1];

    43. 

  43. $contenttype	= strtolower($ext);

    44. 

  44. 

    45. 

  45. if ($contenttype=='zip'){

    46. 

  46. $allowed="1";

    47. 

  47. }

    48. 

  48. else{

    49. 

  49. $allowed="0";

    50. 

  50. }

    51. 

  51. 

    52. 

  52. if ($allowed=='0'){

    53. 

  53. echo "contenttype = $contenttype<br /><br />";

    54. 

  54. 

    55. 

  55. exit("You are not allowed to upload files with this extension.");

    56. 

  56. }

    57. 

  57. else{

    58. 

  58. 

    59. 

  59. // Where the file is going to be placed 

    60. 

  60. $target_path = "themes/";

    61. 

  61. 

    62. 

  62. $file_name = $_FILES['uploadedfile']['name'];

    63. 

  63. 

    64. 

  64. $new_file_name = $file_name;

    65. 

  65. 

    66. 

  66. $target_path_complete = $target_path . basename( $new_file_name); 

    67. 

  67. $_FILES['uploadedfile']['tmp_name'];  

    68. 

  68. 

    69. 

  69. if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path_complete)) {

    70. 

  70. 

    71. 

  71. if($contenttype == 'zip'){

    72. 

  72. 

    73. 

  73. $zip = new dUnzip2('themes/'.$file_name);

    74. 

  74. $zip->debug = true;

    75. 

  75. $zip->getList();

    76. 

  76. $zip->unzipAll('themes');

    77. 

  77. }

    78. 

  78. 

    79. 

  79. foreach (glob("themes/*.zip") as $filename) {

    80. 

  80. unlink ($filename);

    81. 

  81. }

    82. 

  82. 

    83. 

  83. 	template_hook("pages/admin/themes.template.php", "form_1");

    84. 

  84. 

    85. 

  85. 	nova_redirect("index.php?page=admin&act=themes","admin/themes");

    86. 

  86. 

    87. 

  87. }

    88. 

  88. 

    89. 

  89. }

    90. 

  90. 

    91. 

  91. }

    92. 

  92. 

    93. 

  93. elseif (isset($_GET['alter']) && ($_GET['alter']=='rss')){

    94. 

  94. 

    95. 

  95. $order = $_POST['order'];

    96. 

  96. $order = escape_string($order);

    97. 

  97. 

    98. 

  98. $limit = $_POST['limit'];

    99. 

  99. $limit = escape_string($limit);

    100. 

  100. 

    101. 

  101. $method = $_POST['method'];

    102. 

  102. $method = escape_string($method);

    103. 

  103. 

    104. 

  104. mysql_query("UPDATE {$db_prefix}settings SET theme_order='$order', theme_limit='$limit', theme_method='$method'");

    105. 

  105. 

    106. 

  106. # Delete cache

    107. 

  107. $Cache->delete('settings');

    108. 

  108. 

    109. 

  109. 	template_hook("pages/admin/themes.template.php", "form_2");

    110. 

  110. 

    111. 

  111. 	nova_redirect("index.php?page=admin&act=themes","admin/themes");

    112. 

  112. 

    113. 

  113. }

    114. 

  114. 

    115. 

  115. elseif (isset($_GET['func']) && ($_GET['func']=='remote')){

    116. 

  116. 

    117. 

  117. // first warn the admin about what he/she is about to do

    118. 

  118. // because this feature could be maliciously abused by

    119. 

  119. // crafty people wanting you to install nasty things

    120. 

  120. // onto the server...

    121. 

  121. 

    122. 

  122. if ($_POST['agree']!='1'){

    123. 

  123. 

    124. 

  124. 

    125. 

  125. 

    126. 

  126. $token_id = md5(microtime());

    127. 

  127. $token = md5(uniqid(rand(),true));

    128. 

  128. 

    129. 

  129. $token_name = "token_remote_$token_id";

    130. 

  130. 

    131. 

  131. $_SESSION[$token_name] = $token;

    132. 

  132. 

    133. 

  133. $file = escape_string($_GET['file']);

    134. 

  134. $themename = escape_string($_GET['theme']);

    135. 

  135. $func = escape_string($_GET['func']);

    136. 

  136. 

    137. 

  137. template_hook("pages/admin/themes.template.php", "warn");

    138. 

  138. 

    139. 

  139. }

    140. 

  140. else{

    141. 

  141. 

    142. 

  142. $token_id = $_POST['token_id'];

    143. 

  143. $token_id = escape_string($token_id);

    144. 

  144. 

    145. 

  145. $token_name = "token_remote_$token_id";

    146. 

  146. 

    147. 

  147.  if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){

    148. 

  148. 

    149. 

  149. $theme_file = htmlentities(escape_string($_GET['file']));

    150. 

  150. 

    151. 

  151. if(strpos($theme_file, "http://themes.novaboard.net") === false){

    152. 

  152. 

    153. 

  153. 	nova_redirect("index.php?page=error","error");

    154. 

  154. 	

    155. 

  155. }

    156. 

  156. else{

    157. 

  157. 

    158. 

  158. nova_remote(" http://themes.novaboard.net/files/".$theme_file, "themes/");

    159. 

  159. $filename = basename(" http://themes.novaboard.net/files/".$theme_file);

    160. 

  160. 

    161. 

  161. $zip = new dUnzip2('themes/'.$filename);

    162. 

  162. $zip->debug = true;

    163. 

  163. $zip->getList();

    164. 

  164. $zip->unzipAll('themes');

    165. 

  165. 

    166. 

  166. foreach (glob("themes/*.zip") as $file_name) {

    167. 

  167. unlink ($file_name);

    168. 

  168. }

    169. 

  169. 

    170. 

  170. 	template_hook("pages/admin/themes.template.php", "form_3");

    171. 

  171. 

    172. 

  172. 	nova_redirect("index.php?page=admin&act=themes","admin/themes");

    173. 

  173. }

    174. 

  174. }

    175. 

  175. else{

    176. 

  176. 	nova_redirect("index.php?page=error&error=28","error/28");

    177. 

  177. 

    178. 

  178. }

    179. 

  179. }

    180. 

  180. }

    181. 

  181. elseif (isset($_GET['func']) && ($_GET['func']=='install')){

    182. 

  182. 

    183. 

  183. // first warn the admin about what he/she is about to do

    184. 

  184. // because this feature could be maliciously abused by

    185. 

  185. // crafty people wanting you to install nasty things

    186. 

  186. // onto the server...

    187. 

  187. 

    188. 

  188. if ($_POST['agree']!='1'){

    189. 

  189. 

    190. 

  190. 

    191. 

  191. 

    192. 

  192. $token_id = md5(microtime());

    193. 

  193. $token = md5(uniqid(rand(),true));

    194. 

  194. 

    195. 

  195. $token_name = "token_install_$token_id";

    196. 

  196. 

    197. 

  197. $_SESSION[$token_name] = $token;

    198. 

  198. 

    199. 

  199. $file = escape_string($_GET['file']);

    200. 

  200. $themename = escape_string($_GET['theme']);

    201. 

  201. $func = escape_string($_GET['func']);

    202. 

  202. 

    203. 

  203. template_hook("pages/admin/themes.template.php", "warn");

    204. 

  204. 

    205. 

  205. }

    206. 

  206. else{

    207. 

  207. 

    208. 

  208. $token_id = $_POST['token_id'];

    209. 

  209. $token_id = escape_string($token_id);

    210. 

  210. 

    211. 

  211. $token_name = "token_install_$token_id";

    212. 

  212. 

    213. 

  213.  if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){

    214. 

  214. 

    215. 

  215. 

    216. 

  216. $theme_name =escape_string($_GET['theme']);

    217. 

  217. 

    218. 

  218. mysql_query("DELETE FROM {$db_prefix}themes WHERE theme_name ='$theme_name'");

    219. 

  219. 

    220. 

  220. mysql_query("INSERT INTO {$db_prefix}themes (theme_name, installed) VALUES ('$theme_name', '1')");

    221. 

  221. 

    222. 

  222. if (file_exists("themes/$theme_name/install.php")){

    223. 

  223. include "themes/$theme_name/install.php";

    224. 

  224. }

    225. 

  225. 

    226. 

  226. 	template_hook("pages/admin/themes.template.php", "form_4");

    227. 

  227. 

    228. 

  228. 	nova_redirect("index.php?page=admin&act=themes","admin/themes");

    229. 

  229. 

    230. 

  230. }

    231. 

  231. 

    232. 

  232. 	nova_redirect("index.php?page=error&error=28","error/28");

    233. 

  233. 

    234. 

  234. }

    235. 

  235. 

    236. 

  236. }

    237. 

  237. elseif (isset($_GET['func']) && ($_GET['func']=='remove')){

    238. 

  238. 

    239. 

  239. // first warn the admin about what he/she is about to do

    240. 

  240. // because this feature could be maliciously abused by

    241. 

  241. // crafty people wanting you to install nasty things

    242. 

  242. // onto the server...

    243. 

  243. 

    244. 

  244. if ($_POST['agree']!='1'){

    245. 

  245. 

    246. 

  246. 

    247. 

  247. 

    248. 

  248. $token_id = md5(microtime());

    249. 

  249. $token = md5(uniqid(rand(),true));

    250. 

  250. 

    251. 

  251. $token_name = "token_remove_$token_id";

    252. 

  252. 

    253. 

  253. $_SESSION[$token_name] = $token;

    254. 

  254. 

    255. 

  255. $file = escape_string($_GET['file']);

    256. 

  256. $themename = escape_string($_GET['theme']);

    257. 

  257. $func = escape_string($_GET['func']);

    258. 

  258. 

    259. 

  259. template_hook("pages/admin/themes.template.php", "warn");

    260. 

  260. 

    261. 

  261. }

    262. 

  262. else{

    263. 

  263. 

    264. 

  264. $token_id = $_POST['token_id'];

    265. 

  265. $token_id = escape_string($token_id);

    266. 

  266. 

    267. 

  267. $token_name = "token_remove_$token_id";

    268. 

  268. 

    269. 

  269.  if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){

    270. 

  270. 

    271. 

  271. 

    272. 

  272. $theme_name =escape_string($_GET['theme']);

    273. 

  273. 

    274. 

  274. mysql_query("DELETE FROM {$db_prefix}themes WHERE theme_name ='$theme_name'");

    275. 

  275. 

    276. 

  276. if (file_exists("themes/$theme_name/uninstall.php")){

    277. 

  277. include "themes/$theme_name/uninstall.php";

    278. 

  278. }

    279. 

  279. 

    280. 

  280. 	template_hook("pages/admin/themes.template.php", "form_5");

    281. 

  281. 

    282. 

  282. 	nova_redirect("index.php?page=admin&act=themes","admin/themes");

    283. 

  283. 

    284. 

  284. }

    285. 

  285. else{

    286. 

  286. 	nova_redirect("index.php?page=error&error=28","error/28");

    287. 

  287. }

    288. 

  288. }

    289. 

  289. }

    290. 

  290. elseif (isset($_GET['func']) && ($_GET['func']=='delete')){

    291. 

  291. 

    292. 

  292. // first warn the admin about what he/she is about to do

    293. 

  293. // because this feature could be maliciously abused by

    294. 

  294. // crafty people wanting you to install nasty things

    295. 

  295. // onto the server...

    296. 

  296. 

    297. 

  297. if ($_POST['agree']!='1'){

    298. 

  298. 

    299. 

  299. $file = escape_string($_GET['file']);

    300. 

  300. $themename = escape_string($_GET['theme']);

    301. 

  301. $func = escape_string($_GET['func']);

    302. 

  302. 

    303. 

  303. template_hook("pages/admin/themes.template.php", "warn");

    304. 

  304. 

    305. 

  305. }

    306. 

  306. else{

    307. 

  307. 

    308. 

  308. $theme_name = escape_string($_GET['theme']);

    309. 

  309. 

    310. 

  310. nova_remove("themes/$theme_name");

    311. 

  311. 

    312. 

  312. 	template_hook("pages/admin/themes.template.php", "form_6");

    313. 

  313. 

    314. 

  314. 	nova_redirect("index.php?page=admin&act=themes","admin/themes");

    315. 

  315. 

    316. 

  316. }

    317. 

  317. }

    318. 

  318. else{

    319. 

  319. 

    320. 

  320. template_hook("pages/admin/themes.template.php", "1");

    321. 

  321. 

    322. 

  322. list_themes_admin("themes/", "details");

    323. 

  323. 

    324. 

  324. template_hook("pages/admin/themes.template.php", "3");

    325. 

  325. 

    326. 

  326. template_hook('pages/admin/themes.template.php', 'remote_replacement');

    327. 

  327. 

    328. 

  328. /*template_hook("pages/admin/themes.template.php", "4");

    329. 

  329. 

    330. 

  330. class RSSParser	{

    331. 

  331. 

    332. 

  332.     var $title			= "";

    333. 

  333. 	var $version 		= "";

    334. 

  334. 	var $date 			= "";

    335. 

  335. 	var $downloads		= "";

    336. 

  336.     var $link 			= "";

    337. 

  337.     var $description 	= "";

    338. 

  338. 	var $author			= "";

    339. 

  339. 	var $site			= "";

    340. 

  340. 	var $image			= "";

    341. 

  341.     var $inside_item 	= false;

    342. 

  342. 

    343. 

  343. 

    344. 

  344. 	function startElement( $parser, $name, $attrs='' ){

    345. 

  345. 		global $current_tag;

    346. 

  346. 

    347. 

  347. 		$current_tag = $name;

    348. 

  348. 

    349. 

  349. 		if( $current_tag == "ITEM" )

    350. 

  350. 			$this->inside_item = true;

    351. 

  351. 

    352. 

  352. 	} // endfunc startElement

    353. 

  353. 

    354. 

  354. 	function endElement( $parser, $tagName, $attrs='' ){

    355. 

  355. 		global $current_tag;

    356. 

  356. 

    357. 

  357.     	if ( $tagName == "ITEM" ) {

    358. 

  358. 

    359. 

  359. 		$title = $this->title;		

    360. 

  360. 		$version = $this->version;

    361. 

  361. 		$date = $this->date;

    362. 

  362. 		$downloads = $this->downloads;	

    363. 

  363. 		$link = $this->link;

    364. 

  364. 		$link = str_replace(" http://themes.novaboard.net/files/", "", $link); 

    365. 

  365. 		$description = $this->description;

    366. 

  366. 		$author = $this->author;

    367. 

  367. 		$site = $this->site;

    368. 

  368. 		$image = $this->image;

    369. 

  369. 	

    370. 

  370. 		

    371. 

  371. 		template_hook("pages/admin/themes.template.php", "5");

    372. 

  372. 			echo "$image";

    373. 

  373. 		template_hook("pages/admin/themes.template.php", "14");

    374. 

  374. 			echo "$title";			

    375. 

  375. 		template_hook("pages/admin/themes.template.php", "6");

    376. 

  376. 			echo "$version";

    377. 

  377. 		template_hook("pages/admin/themes.template.php", "7");

    378. 

  378. 			echo "$author";

    379. 

  379. 		template_hook("pages/admin/themes.template.php", "8");

    380. 

  380. 			echo "$site";		

    381. 

  381. 		template_hook("pages/admin/themes.template.php", "9");

    382. 

  382. 			echo "$site";			

    383. 

  383. 		template_hook("pages/admin/themes.template.php", "10");	

    384. 

  384. 			echo "$description";

    385. 

  385. 		template_hook("pages/admin/themes.template.php", "11");	

    386. 

  386. 			echo "$link";

    387. 

  387. 		template_hook("pages/admin/themes.template.php", "12");	

    388. 

  388. 		

    389. 

  389.     		$this->title = "";

    390. 

  390. 			$this->version = "";

    391. 

  391.     		$this->date = "";

    392. 

  392.     		$this->downloads = "";			

    393. 

  393.     		$this->link = "";

    394. 

  394.     		$this->description = "";

    395. 

  395.     		$this->author = "";	

    396. 

  396.     		$this->site = "";

    397. 

  397.     		$this->image = "";			

    398. 

  398.     		$this->inside_item = false;

    399. 

  399. 

    400. 

  400.     	}

    401. 

  401. 

    402. 

  402. 	} // endfunc endElement

    403. 

  403. 

    404. 

  404. 	function characterData( $parser, $data ){

    405. 

  405. 		global $current_tag;

    406. 

  406. 

    407. 

  407. 		if( $this->inside_item ){

    408. 

  408. 			switch($current_tag){

    409. 

  409. 

    410. 

  410. 				case "TITLE":

    411. 

  411. 					$this->title .= $data;

    412. 

  412. 					break;

    413. 

  413. 				case "VERSION":

    414. 

  414. 					$this->version .= $data;

    415. 

  415. 					break;	

    416. 

  416. 				case "DATE":

    417. 

  417. 					$this->date .= $data;

    418. 

  418. 					break;

    419. 

  419. 				case "DOWNLOADS":

    420. 

  420. 					$this->downloads .= $data;

    421. 

  421. 					break;					

    422. 

  422. 				case "LINK":

    423. 

  423. 					$this->link .= $data;

    424. 

  424. 					break;

    425. 

  425. 				case "DESCRIPTION":

    426. 

  426. 					$this->description .= $data;

    427. 

  427. 					break;

    428. 

  428. 				case "AUTHOR":

    429. 

  429. 					$this->author .= $data;

    430. 

  430. 					break;

    431. 

  431. 				case "SITE":

    432. 

  432. 					$this->site .= $data;

    433. 

  433. 					break;					

    434. 

  434. 				case "IMAGE":

    435. 

  435. 					$this->image .= $data;

    436. 

  436. 					break;	

    437. 

  437. 				default:

    438. 

  438. 					break;		

    439. 

  439. 		

    440. 

  440. 			} // endswitch

    441. 

  441. 

    442. 

  442. 		} // end if

    443. 

  443. 		

    444. 

  444. 	} // endfunc characterData

    445. 

  445. 

    446. 

  446. 	function parse_results( $xml_parser, $rss_parser, $file )	{

    447. 

  447. 

    448. 

  448. 		xml_set_object( $xml_parser, &$rss_parser );

    449. 

  449. 		xml_set_element_handler( $xml_parser, "startElement", "endElement" );

    450. 

  450. 		xml_set_character_data_handler( $xml_parser, "characterData" );

    451. 

  451. 

    452. 

  452. 		$fp = fopen("$file","r") or die( "Error reading XML file, $file" );

    453. 

  453. 

    454. 

  454. 		while ($data = fread($fp, 4096))	{

    455. 

  455. 

    456. 

  456. 			// parse the data

    457. 

  457. 			xml_parse( $xml_parser, $data, feof($fp) ) or die( sprintf( "XML error: %s at line %d", xml_error_string( xml_get_error_code($xml_parser) ), xml_get_current_line_number( $xml_parser ) ) );

    458. 

  458. 

    459. 

  459. 		} // endwhile

    460. 

  460. 

    461. 

  461. 		fclose($fp);

    462. 

  462. 

    463. 

  463. 		xml_parser_free( $xml_parser );

    464. 

  464. 

    465. 

  465. 	} // endfunc parse_results

    466. 

  466. 

    467. 

  467. } // endclass RSSParser

    468. 

  468. 

    469. 

  469. global $rss_url;

    470. 

  470. 

    471. 

  471. $xml_parser = xml_parser_create();

    472. 

  472. $rss_parser = new RSSParser();

    473. 

  473. 

    474. 

  474. $parse_nova_version = str_replace(" ", "_", $nova_version);

    475. 

  475. 

    476. 

  476. $rss_parser->parse_results( $xml_parser, $rss_parser, "http://themes.novaboard.net/$parse_nova_version/$module_order/$module_limit/$module_method/files.php" );

    477. 

  477. 

    478. 

  478. template_hook("pages/admin/themes.template.php", "3");

    479. 

  479. 

    480. 

  480. template_hook("pages/admin/themes.template.php", "13");*/

    481. 

  481. 

    482. 

  482. }

    483. 

  483. 

    484. 

  484. }

    485. 

  485. 

    486. 

  486. template_hook("pages/admin/themes.template.php", "end");

    487. 

  487. ?>
    488.