PageRenderTime 5ms CodeModel.GetById 12ms app.highlight 21ms RepoModel.GetById 1ms app.codeStats 0ms

/index.php

https://github.com/soonick/poMMo
PHP | 225 lines | 148 code | 18 blank | 59 comment | 23 complexity | 9022eb301413b991fcf7b28976b879cc MD5 | raw file
  1<?php
  2/**
  3 *  Original Code Copyright (C) 2005, 2006, 2007, 2008  Brice Burgess <bhb@iceburg.net>
  4 *  released originally under GPLV2
  5 *
  6 *  This file is part of poMMo.
  7 *
  8 *  poMMo is free software: you can redistribute it and/or modify
  9 *  it under the terms of the GNU General Public License as published by
 10 *  the Free Software Foundation, either version 3 of the License, or
 11 *  (at your option) any later version.
 12 *
 13 *  poMMo is distributed in the hope that it will be useful,
 14 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 15 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 16 *  GNU General Public License for more details.
 17 *
 18 *  You should have received a copy of the GNU General Public License
 19 *  along with Pommo.  If not, see <http://www.gnu.org/licenses/>.
 20 *
 21 *  This fork is from https://github.com/soonick/poMMo
 22 *  Please see docs/contribs for Contributors
 23 *
 24 */
 25
 26/**********************************
 27	INITIALIZATION METHODS
 28 *********************************/
 29
 30require ('bootstrap.php');
 31Pommo::init(array('authLevel' => 0));
 32$logger = Pommo::$_logger;
 33
 34/**********************************
 35	SETUP TEMPLATE, PAGE
 36 *********************************/
 37require_once(Pommo::$_baseDir.'classes/Pommo_Template.php');
 38$view = new Pommo_Template();
 39
 40$fatal_error = null;
 41// Check we have the mysql module installed
 42if (!extension_loaded('mysql')) {
 43    $fatal_error[] = "Php mysql module is not installed.";
 44}
 45
 46// Check if module is installed
 47if (!extension_loaded('gettext')) {
 48    $fatal_error[] = "Php gettext module is not installed.";
 49}
 50
 51//Check write permission to the cache directory
 52if (!is_writable(dirname(__FILE__).'/cache')) {
 53    $fatal_error[] = "The cache directory needs to be writable";
 54}
 55
 56if ($fatal_error) {
 57    $view->assign('errors', $fatal_error);
 58    $view->display('message');
 59    exit();
 60}
 61
 62//	log the user out if requested
 63if (isset($_GET['logout']))
 64{
 65	Pommo::$_auth->logout();
 66	header('Location: ' . Pommo::$_http . Pommo::$_baseUrl . 'index.php');
 67}
 68
 69// 	check if user is already logged in
 70if (Pommo::$_hasConfigFile && Pommo::$_auth->isAuthenticated())
 71{
 72	// If user is authenticated (has logged in), redirect to admin.php
 73	Pommo::redirect(Pommo::$_http . Pommo::$_baseUrl . 'admin.php');
 74}
 75// 	Log in attempt. Authenticate.
 76elseif (isset($_POST['submit'])
 77		&& !empty($_POST['username'])
 78		&& !empty($_POST['password']))
 79{
 80	require_once Pommo::$_baseDir.'classes/Pommo_User.php';
 81	$user = new Pommo_user();
 82	if ($user->login($_POST['username'], $_POST['password']))
 83	{
 84		// don't perform maintenance if accessing support area
 85		if(!isset($_GET['referer'])
 86				|| !basename($_GET['referer']) == 'support.php')
 87		{
 88			// login success. Perform maintenance, set auth, redirect to referer
 89			require_once(Pommo::$_baseDir.'classes/Pommo_Helper_Maintenance.php');
 90			Pommo_Helper_Maintenance::perform();
 91		}
 92
 93		Pommo::$_auth->login($_POST['username']);
 94
 95		Pommo::redirect(Pommo::$_http.$_POST['referer']);
 96	}
 97	else
 98	{
 99		$logger->addMsg(Pommo::_T('Failed login attempt. Try again.'));
100	}
101}
102elseif (!empty ($_POST['resetPassword']))
103{
104	// TODO -- visit this function later
105	// Check if a reset password request has been received
106	// check that captcha matched
107	if (!isset($_POST['captcha']))
108	{
109		// generate captcha
110		$captcha = substr(md5(rand()), 0, 4);
111
112		$view->assign('captcha', $captcha);
113	}
114	elseif ($_POST['captcha'] == $_POST['realdeal'])
115	{
116		// user inputted captcha matched. Reset password
117		require_once(Pommo::$_baseDir.'classes/Pommo_Pending.php');
118		require_once(Pommo::$_baseDir.'classes/Pommo_Helper_Messages.php');
119
120		// see if there is already a pending request for the administrator
121		// [subscriber id == 0]
122		if (Pommo_Pending::isPending(0))
123		{
124			$input = urlencode(serialize(array('adminID' => TRUE,
125					'Email' => Pommo::$_config['admin_email'])));
126			Pommo::redirect(Pommo::$_http . Pommo::$_baseUrl
127					.'pending.php?input='.$input);
128		}
129
130		// create a password change request, send confirmation mail
131		$subscriber = array('id' => 0);
132		$code = Pommo_Pending::add($subscriber,'password');
133		Pommo_Helper_Messages::sendMessage(
134				array('to' => Pommo::$_config['admin_email'],
135				'code' => $code, 'type' => 'password'));
136
137		$view->assign('captcha',FALSE);
138	}
139	else
140	{
141		// captcha did not match
142		$logger->addMsg(Pommo::_T('Captcha did not match. Try again.'));
143	}
144}
145elseif (!Pommo::$_hasConfigFile && $_POST['configure'])
146{
147	//	Try to connect to database with data entered from the user.
148	//	I am not using /inc/classes/db.php because it kills the proccess when
149	//	connection is not possible
150	//	TODO: db.php shouldnt kill the process
151	$link = @mysql_connect($_POST['dbhost'], $_POST['dbuser'], $_POST['dbpass']);
152	if (!$link)
153	{
154		//	Could not connect
155		$configErrors[]	= 'Could not connect to host. Check your settings
156				and try again.';
157	}
158	else
159	{
160		if (!@mysql_select_db($_POST['dbname'], $link))
161		{
162			//	Database does not exist. Lets try to create it.
163			if (!mysql_query('CREATE DATABASE '.$_POST['dbname'], $link))
164			{
165				$configErrors[]	= 'Database does not exist. And the provided
166						user does not have the necessary permissions to create
167						it. You will have to create it manually first.';
168			}
169		}
170	}
171
172	//	If there were no errors then try to create the file
173	if (!$configErrors)
174	{
175		//	I am sure there must be better ways to do this, but this works
176		// 	for now.
177		//	TODO: If there is a better method change this, if not. Delete
178		//			this line.
179		$handle = @fopen('config.php', 'w');
180		if (!$handle)
181		{
182			$configErrors[]	= 'Script was not able to create config.php
183					file. You should assign write permission for this script
184					to pommo root folder or create config.php yourself.';
185		}
186		else
187		{
188			$string = '<?php die(); /* DO NOT REMOVE THIS LINE! */ ?>'.
189					PHP_EOL.PHP_EOL
190					.'[db_hostname] = '.$_POST['dbhost'].PHP_EOL
191					.'[db_username] = '.$_POST['dbuser'].PHP_EOL
192					.'[db_password] = '.$_POST['dbpass'].PHP_EOL
193					.'[db_database] = '.$_POST['dbname'].PHP_EOL
194					.'[db_prefix] = pommo_'.PHP_EOL
195					.PHP_EOL
196					.'[lang] = en'.PHP_EOL
197					.'[debug] = off'.PHP_EOL
198					.'[verbosity] = 3'.PHP_EOL
199					.'[date_format] = 1'.PHP_EOL;
200			fwrite($handle, $string);
201			fclose($handle);
202			$redir = Pommo::$_baseUrl.'install.php';
203			header('Location: '.$redir);
204			exit();
205		}
206	}
207}
208
209if (Pommo::$_hasConfigFile)
210{
211	//	referer (used to return user to requested page upon login success)
212	$view->assign('referer',
213			(isset($_REQUEST['referer']) ?
214			$_REQUEST['referer'] : Pommo::$_baseUrl.'admin.php'));
215
216	$view->display('index');
217}
218else
219{
220	$view->assign('messages', $configErrors);
221	$view->assign('dbhost', $_POST['dbhost']);
222	$view->assign('dbname', $_POST['dbname']);
223	$view->assign('dbuser', $_POST['dbuser']);
224	$view->display('configure');
225}