PageRenderTime 29ms CodeModel.GetById 18ms app.highlight 8ms RepoModel.GetById 1ms app.codeStats 0ms

/index.php

https://github.com/armitage/poMMo
PHP | 208 lines | 138 code | 19 blank | 51 comment | 22 complexity | efef76c4dbbaf5cc72fd6d2bdf456c3b MD5 | raw file
  1<?php
  2/**
  3 * Copyright (C) 2005, 2006, 2007, 2008  Brice Burgess <bhb@iceburg.net>
  4 * 
  5 * This file is part of poMMo (http://www.pommo.org)
  6 * 
  7 * poMMo is free software; you can redistribute it and/or modify 
  8 * it under the terms of the GNU General Public License as published 
  9 * by the Free Software Foundation; either version 2, or any later version.
 10 * 
 11 * poMMo is distributed in the hope that it will be useful,
 12 * but WITHOUT ANY WARRANTY; without even the implied warranty
 13 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
 14 * the GNU General Public License for more details.
 15 * 
 16 * You should have received a copy of the GNU General Public License
 17 * along with program; see the file docs/LICENSE. If not, write to the
 18 * Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 19 */
 20
 21/**********************************
 22	INITIALIZATION METHODS
 23 *********************************/
 24 
 25require ('bootstrap.php');
 26Pommo::init(array('authLevel' => 0));
 27$logger = Pommo::$_logger;
 28
 29/**********************************
 30	SETUP TEMPLATE, PAGE
 31 *********************************/
 32require_once(Pommo::$_baseDir.'classes/Pommo_Template.php');
 33$smarty = new Pommo_Template();
 34
 35//	log the user out if requested
 36if (isset($_GET['logout']))
 37{
 38	Pommo::$_auth->logout();
 39	header('Location: ' . Pommo::$_http . Pommo::$_baseUrl . 'index.php');
 40}
 41
 42// 	check if user is already logged in
 43if (Pommo::$_hasConfigFile && Pommo::$_auth->isAuthenticated())
 44{
 45	// If user is authenticated (has logged in), redirect to admin.php
 46	Pommo::redirect(Pommo::$_http . Pommo::$_baseUrl . 'admin.php');
 47}
 48// 	Log in attempt. Authenticate.
 49elseif (isset($_POST['submit'])
 50		&& !empty($_POST['username'])
 51		&& !empty($_POST['password']))
 52{
 53	$auth = Pommo_Api::configGet(array (
 54		'admin_username',
 55		'admin_password'
 56	));
 57	
 58	if ($_POST['username'] == $auth['admin_username']
 59			&& md5($_POST['password']) == $auth['admin_password'])
 60	{
 61		// don't perform maintenance if accessing support area
 62		if(!isset($_GET['referer'])
 63				|| !basename($_GET['referer']) == 'support.php')
 64		{
 65			// login success. Perform maintenance, set auth, redirect to referer
 66			require_once(Pommo::$_baseDir.'classes/Pommo_Helper_Maintenance.php');
 67			Pommo_Helper_Maintenance::perform();
 68		}
 69
 70		Pommo::$_auth->login($_POST['username']);
 71		
 72		Pommo::redirect(Pommo::$_http.$_POST['referer']);
 73	}
 74	else
 75	{
 76		$logger->addMsg(Pommo::_T('Failed login attempt. Try again.'));
 77	}
 78}
 79elseif (!empty ($_POST['resetPassword']))
 80{
 81	// TODO -- visit this function later
 82	// Check if a reset password request has been received
 83	// check that captcha matched
 84	if (!isset($_POST['captcha']))
 85	{
 86		// generate captcha
 87		$captcha = substr(md5(rand()), 0, 4);
 88
 89		$smarty->assign('captcha', $captcha);
 90	}
 91	elseif ($_POST['captcha'] == $_POST['realdeal'])
 92	{
 93		// user inputted captcha matched. Reset password
 94		
 95		require_once(Pommo::$_baseDir.'classes/Pommo_Pending.php');
 96		require_once(Pommo::$_baseDir.'classes/Pommo_Helper_Messages.php');
 97
 98		// see if there is already a pending request for the administrator
 99		// [subscriber id == 0]
100		if (Pommo_Pending::isPending(0))
101		{
102			$input = urlencode(serialize(array('adminID' => TRUE,
103					'Email' => Pommo::$_config['admin_email'])));
104			Pommo::redirect(Pommo::$_http . Pommo::$_baseUrl .
105					'pending.php?input='.$input);
106		}
107
108		// create a password change request, send confirmation mail
109		$subscriber = array('id' => 0);
110		$code = Pommo_Pending::add($subscriber,'password');
111		Pommo_Helper_Messages::sendMessage(
112				array('to' => Pommo::$_config['admin_email'],
113				'code' => $code, 'type' => 'password'));
114		
115		$smarty->assign('captcha',FALSE);
116		
117	}
118	else
119	{
120		// captcha did not match
121		$logger->addMsg(Pommo::_T('Captcha did not match. Try again.'));
122	}
123}
124elseif (!Pommo::$_hasConfigFile && $_POST['configure'])
125{
126	//	Try to connect to database with data entered from the user.
127	//	I am not using /inc/classes/db.php because it kills the proccess when
128	//	connection is not possible
129	//	TODO: db.php shouldnt kill the process
130	$link = @mysql_connect($_POST['dbhost'],
131			$_POST['dbuser'],
132			$_POST['dbpass']);
133			
134	if (!$link)
135	{
136		//	Could not connect
137		$configErrors[]	= 'Could not connect to host. Check your settings
138				and try again.';
139	}
140	else
141	{
142		if (!@mysql_select_db($_POST['dbname'], $link))
143		{
144			//	Database does not exist. Lets try to create it.
145			if (!mysql_query('CREATE DATABASE '.$_POST['dbname'], $link))
146			{
147				$configErrors[]	= 'Database does not exist. And the provided
148						user does not have the necessary permissions to create
149						it. You will have to create it manually first.';
150			}
151		}
152	}
153	
154	//	If there were no errors then try to create the file
155	if (!$configErrors)
156	{
157		//	I am sure there must be better ways to do this, but this works
158		// 	for now.
159		//	TODO: If there is a better method change this, if not. Delete
160		//			this line.
161		$handle = @fopen('config.php', 'w');
162		if (!$handle)
163		{
164			$configErrors[]	= 'Script was not able to create config.php
165					file. You should assign write permission for this script
166					to pommo root folder or create config.php yourself.';
167		}
168		else
169		{
170			$string = '<?php die(); /* DO NOT REMOVE THIS LINE! */ ?>'.
171					PHP_EOL.PHP_EOL
172					.'[db_hostname] = '.$_POST['dbhost'].PHP_EOL
173					.'[db_username] = '.$_POST['dbuser'].PHP_EOL
174					.'[db_password] = '.$_POST['dbpass'].PHP_EOL
175					.'[db_database] = '.$_POST['dbname'].PHP_EOL
176					.'[db_prefix] = pommo_'.PHP_EOL
177					.PHP_EOL
178					.'[lang] = en'.PHP_EOL
179					.'[debug] = off'.PHP_EOL
180					.'[verbosity] = 3'.PHP_EOL
181					.'[date_format] = 1'.PHP_EOL;
182			fwrite($handle, $string);
183			fclose($handle);
184			$redir = Pommo::$_baseUrl.'install.php';
185			header('Location: '.$redir);
186			exit();
187		}
188	}
189}
190
191if (Pommo::$_hasConfigFile)
192{
193	//	referer (used to return user to requested page upon login success)
194	$smarty->assign('referer',
195			(isset($_REQUEST['referer']) ?
196			$_REQUEST['referer'] : Pommo::$_baseUrl.'admin.php'));
197
198	$smarty->display('index.tpl');
199}
200else
201{
202	$smarty->assign('messages', $configErrors);
203	$smarty->assign('dbhost', $_POST['dbhost']);
204	$smarty->assign('dbname', $_POST['dbname']);
205	$smarty->assign('dbuser', $_POST['dbuser']);
206	$smarty->display('configure.tpl');
207}
208