PageRenderTime 43ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/admin.php

http://github.com/usebb/UseBB
PHP | 180 lines | 87 code | 31 blank | 62 comment | 9 complexity | 347b2d70245cbe4381519a914a8432df MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4. 	Copyright (C) 2003-2012 UseBB Team
    5. 

  5. 	http://www.usebb.net
    6. 

  6. 	
    7. 

  7. 	$Id$
    8. 

  8. 	
    9. 

  9. 	This file is part of UseBB.
    10. 

  10. 	
    11. 

  11. 	UseBB is free software; you can redistribute it and/or modify
    12. 

  12. 	it under the terms of the GNU General Public License as published by
    13. 

  13. 	the Free Software Foundation; either version 2 of the License, or
    14. 

  14. 	(at your option) any later version.
    15. 

  15. 	
    16. 

  16. 	UseBB is distributed in the hope that it will be useful,
    17. 

  17. 	but WITHOUT ANY WARRANTY; without even the implied warranty of
    18. 

  18. 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    19. 

  19. 	GNU General Public License for more details.
    20. 

  20. 	
    21. 

  21. 	You should have received a copy of the GNU General Public License
    22. 

  22. 	along with UseBB; if not, write to the Free Software
    23. 

  23. 	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
    24. 

  24. */
    25. 

  25. 

  26. /**
    27. 

  27.  * Admin control panel
    28. 

  28.  *
    29. 

  29.  * Gives access to the ACP features, including authorizing the admin first.
    30. 

  30.  *
    31. 

  31.  * @author	UseBB Team
    32. 

  32.  * @link	http://www.usebb.net
    33. 

  33.  * @license	GPL-2
    34. 

  34.  * @version	$Revision$
    35. 

  35.  * @copyright	Copyright (C) 2003-2012 UseBB Team
    36. 

  36.  * @package	UseBB
    37. 

  37.  * @subpackage	ACP
    38. 

  38.  */
    39. 

  39. 

  40. define('INCLUDED', true);
    41. 

  41. define('ROOT_PATH', './');
    42. 

  42. 

  43. //
    44. 

  44. // Include usebb engine
    45. 

  45. //
    46. 

  46. require(ROOT_PATH.'sources/common.php');
    47. 

  47. 

  48. //
    49. 

  49. // Update and get the session information
    50. 

  50. //
    51. 

  51. $session->update('admin');
    52. 

  52. 

  53. //
    54. 

  54. // Include the page header
    55. 

  55. //
    56. 

  56. require(ROOT_PATH.'sources/page_head.php');
    57. 

  57. 

  58. if ( $functions->get_user_level() == LEVEL_ADMIN ) {
    59. 

  59. 	
    60. 

  60. 	//
    61. 

  61. 	// Get Admin variables
    62. 

  62. 	//
    63. 

  63. 	$lang = $functions->fetch_language('', 'admin');
    64. 

  64. 

  65. 	$_GET['act'] = ( !empty($_GET['act']) ) ? str_replace(array('/', '\\'), '', $_GET['act']) : 'index';
    66. 

  66. 

  67. 	$_SESSION['admin_last_activity'] = ( isset($_SESSION['admin_last_activity']) ) ? (int) $_SESSION['admin_last_activity'] : 0;
    68. 

  68. 	$_SESSION['admin_disable_logout'] = ( isset($_SESSION['admin_disable_logout']) ) ? (bool) $_SESSION['admin_disable_logout'] : false;
    69. 

  69. 	$acp_auto_logout = (int) $functions->get_config('acp_auto_logout');
    70. 

  70. 	
    71. 

  71. 	if ( $_GET['act'] == 'logout' && $functions->verify_url(false) ) {
    72. 

  72. 		
    73. 

  73. 		//
    74. 

  74. 		// Log out from ACP
    75. 

  75. 		//
    76. 

  76. 		$_SESSION['admin_pwd'] = '';
    77. 

  77. 		$functions->redirect('index.php');
    78. 

  78. 

  79. 	} elseif ( !empty($_POST['passwd']) && md5(stripslashes($_POST['passwd'])) === $session->sess_info['user_info']['passwd'] ) {
    80. 

  80. 		
    81. 

  81. 		//
    82. 

  82. 		// Password submitted and correct
    83. 

  83. 		//
    84. 

  84. 

  85. 		$_SESSION['admin_pwd'] = md5(stripslashes($_POST['passwd']));
    86. 

  86. 		$_SESSION['admin_last_activity'] = time();
    87. 

  87. 		$_SESSION['admin_disable_logout'] = false;
    88. 

  88. 

  89. 		$functions->redirect('admin.php', $_GET);
    90. 

  90. 		
    91. 

  91. 	} elseif ( !empty($_SESSION['admin_pwd']) && $_SESSION['admin_pwd'] === $session->sess_info['user_info']['passwd'] && ( $_SESSION['admin_disable_logout'] || $_SESSION['admin_last_activity'] > time() - $acp_auto_logout * 60 ) ) {
    92. 

  92. 		
    93. 

  93. 		//
    94. 

  94. 		// Password in session and recent activity
    95. 

  95. 		//
    96. 

  96. 		
    97. 

  97. 		$_SESSION['admin_last_activity'] = time();
    98. 

  98. 		$_SESSION['admin_disable_logout'] = false;
    99. 

  99. 

  100. 		require(ROOT_PATH.'sources/functions_admin.php');
    101. 

  101. 		$admin_functions = new admin_functions;
    102. 

  102. 		
    103. 

  103. 		//
    104. 

  104. 		// Include page/module
    105. 

  105. 		//
    106. 

  106. 		
    107. 

  107. 		if ( preg_match('#^mod_([A-Za-z0-9\-_\.]+)$#', $_GET['act'], $module_name) && array_key_exists($module_name[1], $admin_functions->acp_modules) ) {
    108. 

  108. 			
    109. 

  109. 			//
    110. 

  110. 			// ACP module
    111. 

  111. 			//
    112. 

  112. 			$admin_functions->run_module($module_name[1]);
    113. 

  113. 			
    114. 

  114. 		} elseif ( file_exists(ROOT_PATH.'sources/admin_'.$_GET['act'].'.php') ) {
    115. 

  115. 			
    116. 

  116. 			//
    117. 

  117. 			// Regular page
    118. 

  118. 			//
    119. 

  119. 			$content = '';
    120. 

  120. 			require(ROOT_PATH.'sources/admin_'.$_GET['act'].'.php');
    121. 

  121. 			
    122. 

  122. 		} else {
    123. 

  123. 			
    124. 

  124. 			//
    125. 

  125. 			// Non existent
    126. 

  126. 			//
    127. 

  127. 			$functions->redirect('admin.php');
    128. 

  128. 			
    129. 

  129. 		}
    130. 

  130. 		
    131. 

  131. 	} else {
    132. 

  132. 		
    133. 

  133. 		//
    134. 

  134. 		// Request password
    135. 

  135. 		//
    136. 

  136. 

  137. 		if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
    138. 

  138. 			
    139. 

  139. 			if ( empty($_POST['passwd']) ) {
    140. 

  140. 							
    141. 

  141. 				$template->parse('msgbox', 'global', array(
    142. 

  142. 					'box_title' => $lang['Error'],
    143. 

  143. 					'content' => sprintf($lang['MissingFields'], $lang['Password'])
    144. 

  144. 				));
    145. 

  145. 				
    146. 

  146. 			} else {
    147. 

  147. 				
    148. 

  148. 				$template->parse('msgbox', 'global', array(
    149. 

  149. 					'box_title' => $lang['Error'],
    150. 

  150. 					'content' => $lang['WrongPassword']
    151. 

  151. 				));
    152. 

  152. 				
    153. 

  153. 			}
    154. 

  154. 			
    155. 

  155. 		}
    156. 

  156. 		
    157. 

  157. 		$template->add_breadcrumb($lang['AdminLogin']);
    158. 

  158. 		$template->parse('login_form', 'admin', array(
    159. 

  159. 			'form_begin' => '<form action="'.$functions->make_url('admin.php', $_GET).'" method="post">',
    160. 

  160. 			'form_end' => '</form>',
    161. 

  161. 			'username' => $session->sess_info['user_info']['name'],
    162. 

  162. 			'password_input' => '<input type="password" name="passwd" id="passwd" size="25" maxlength="255" />',
    163. 

  163. 			'submit_button'  => '<input type="submit" value="'.$lang['LogIn'].'" />',
    164. 

  164. 		));
    165. 

  165. 		$template->set_js_onload("set_focus('passwd')");
    166. 

  166. 		
    167. 

  167. 	}
    168. 

  168. 	
    169. 

  169. } else {
    170. 

  170. 	
    171. 

  171. 	$functions->redir_to_login();
    172. 

  172. 	
    173. 

  173. }
    174. 

  174. 

  175. //
    176. 

  176. // Include the page footer
    177. 

  177. //
    178. 

  178. require(ROOT_PATH.'sources/page_foot.php');
    179. 

  179. 

  180. ?>
    181. 

  181.