PageRenderTime 102ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 1ms

/wp-content/plugins/mailz/lists/admin/index.php

https://bitbucket.org/antonyravel/cape-resorts
PHP | 450 lines | 367 code | 38 blank | 45 comment | 155 complexity | 24cb88971e141d22feb311e5cee1e002 MD5 | raw file
  1. <?php
  2. @ob_start();
  3. $er = error_reporting(0);
  4. # check for commandline and cli version
  5. if (!isset($_SERVER["SERVER_NAME"]) && !PHP_SAPI == "cli") {
  6. print "Warning: commandline only works well with the cli version of PHP";
  7. }
  8. if (isset($_REQUEST['_SERVER'])) { exit; }
  9. $cline = array();
  10. $GLOBALS['commandline'] = 0;
  11. require_once dirname(__FILE__) .'/commonlib/lib/unregister_globals.php';
  12. require_once dirname(__FILE__) .'/commonlib/lib/magic_quotes.php';
  13. # setup commandline
  14. if (php_sapi_name() == "cli") {
  15. for ($i=0; $i<$_SERVER['argc']; $i++) {
  16. $my_args = array();
  17. if (ereg("(.*)=(.*)",$_SERVER['argv'][$i], $my_args)) {
  18. $_GET[$my_args[1]] = $my_args[2];
  19. $_REQUEST[$my_args[1]] = $my_args[2];
  20. }
  21. }
  22. $GLOBALS["commandline"] = 1;
  23. $cline = parseCLine();
  24. $dir = dirname($_SERVER["SCRIPT_FILENAME"]);
  25. chdir($dir);
  26. } else {
  27. $GLOBALS["commandline"] = 0;
  28. header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
  29. header("Pragma: no-cache"); // HTTP/1.0
  30. }
  31. if (isset($_SERVER["ConfigFile"]) && is_file($_SERVER["ConfigFile"])) {
  32. print '<!-- using '.$_SERVER["ConfigFile"].'-->'."\n";
  33. include $_SERVER["ConfigFile"];
  34. } elseif (isset($cline["c"]) && is_file($cline["c"])) {
  35. print '<!-- using '.$cline["c"].' -->'."\n";
  36. include $cline["c"];
  37. } elseif ($GLOBALS['commandline'] && isset($_ENV["CONFIG"]) && is_file($_ENV["CONFIG"])) {
  38. # print '<!-- using '.$_ENV["CONFIG"].'-->'."\n";
  39. include $_ENV["CONFIG"];
  40. } elseif (is_file("../config/config.php")) {
  41. print '<!-- using ../config/config.php -->'."\n";
  42. include "../config/config.php";
  43. } else {
  44. print "Error, cannot find config file\n";
  45. exit;
  46. }
  47. # record the start time(usec) of script
  48. $now = gettimeofday();
  49. $GLOBALS["pagestats"] = array();
  50. $GLOBALS["pagestats"]["time_start"] = $now["sec"] * 1000000 + $now["usec"];
  51. $GLOBALS["pagestats"]["number_of_queries"] = 0;
  52. if (!$GLOBALS["commandline"] && isset($GLOBALS["developer_email"]) && $_SERVER['HTTP_HOST'] != 'cvs.phplist.com' && $GLOBALS['show_dev_errors']) {
  53. error_reporting(E_ALL | E_NOTICE);
  54. ini_set('display_errors',1);
  55. foreach ($_REQUEST as $key => $val) {
  56. unset($$key);
  57. }
  58. } else {
  59. # error_reporting($er);
  60. error_reporting(0);
  61. }
  62. # load all required files
  63. require_once dirname(__FILE__).'/init.php';
  64. require_once dirname(__FILE__).'/'.$GLOBALS["database_module"];
  65. require_once dirname(__FILE__)."/../texts/english.inc";
  66. include_once dirname(__FILE__)."/../texts/".$GLOBALS["language_module"];
  67. require_once dirname(__FILE__)."/defaultconfig.inc";
  68. require_once dirname(__FILE__).'/connect.php';
  69. include_once dirname(__FILE__)."/languages.php";
  70. include_once dirname(__FILE__)."/lib.php";
  71. require_once dirname(__FILE__)."/commonlib/lib/interfacelib.php";
  72. include_once dirname(__FILE__)."/pagetop.php";
  73. if ($GLOBALS["commandline"]) {
  74. if (!isset($_SERVER["USER"]) && sizeof($GLOBALS["commandline_users"])) {
  75. clineError("USER environment variable is not defined, cannot do access check. Please make sure USER is defined.");
  76. exit;
  77. }
  78. if (is_array($GLOBALS["commandline_users"]) && sizeof($GLOBALS["commandline_users"]) && !in_array($_SERVER["USER"],$GLOBALS["commandline_users"])) {
  79. clineError("Sorry, You (".$_SERVER["USER"].") do not have sufficient permissions to run phplist on commandline");
  80. exit;
  81. }
  82. $GLOBALS["require_login"] = 0;
  83. # getopt is actually useless
  84. #$opt = getopt("p:");
  85. if ($cline["p"]) {
  86. if (!in_array($cline["p"],$GLOBALS["commandline_pages"])) {
  87. clineError($cline["p"]." does not process commandline");
  88. } else {
  89. $_GET["page"] = $cline["p"];
  90. }
  91. } else {
  92. clineUsage(" [other parameters]");
  93. exit;
  94. }
  95. } else {
  96. if (CHECK_REFERRER && isset($_SERVER['HTTP_REFERER'])) {
  97. ## do a crude check on referrer. Won't solve everything, as it can be faked, but shouldn't hurt
  98. $ref = parse_url($_SERVER['HTTP_REFERER']);
  99. if ($ref['host'] != $_SERVER['HTTP_HOST'] && !in_array($ref['host'],$allowed_referrers)) {
  100. print 'Access denied';exit;
  101. }
  102. }
  103. }
  104. # fix for old PHP versions, although not failsafe :-(
  105. if (!isset($_POST) && isset($HTTP_POST_VARS)) {
  106. include_once dirname(__FILE__) ."/commonlib/lib/oldphp_vars.php";
  107. }
  108. if (!isset($_GET['page']))
  109. $page = 'home';
  110. else
  111. $page = $_GET['page'];
  112. preg_match("/([\w_]+)/",$page,$regs);
  113. $page = $regs[1];
  114. if (!is_file($page.'.php') && !isset($_GET['pi'])) {
  115. $page = 'home';
  116. }
  117. if (!$GLOBALS["admin_auth_module"]) {
  118. # stop login system when no admins exist
  119. if (!Sql_Table_Exists($tables["admin"])) {
  120. $GLOBALS["require_login"] = 0;
  121. } else {
  122. $num = Sql_Query("select * from {$tables["admin"]}");
  123. if (!Sql_Affected_Rows())
  124. $GLOBALS["require_login"] = 0;
  125. }
  126. } elseif (!Sql_Table_exists($GLOBALS['tables']['config'])) {
  127. $GLOBALS['require_login'] = 0;
  128. }
  129. $page_title = NAME;
  130. @include_once dirname(__FILE__)."/lan/".$_SESSION['adminlanguage']['iso']."/pagetitles.php";
  131. print '<script language="javascript" type="text/javascript" src="js/select_style.js"></script>';
  132. print '<meta http-equiv="Cache-Control" content="no-cache, must-revalidate">'; // HTTP/1.1
  133. print '<meta http-equiv="Pragma" content="no-cache">'; // HTTP/1.1
  134. print "<title>".NAME." :: ";
  135. if (isset($GLOBALS["installation_name"]))
  136. print $GLOBALS["installation_name"] .' :: ';
  137. print "$page_title</title>";
  138. if (isset($GLOBALS["require_login"]) && $GLOBALS["require_login"]) {
  139. if ($GLOBALS["admin_auth_module"] && is_file("auth/".$GLOBALS["admin_auth_module"])) {
  140. require_once "auth/".$GLOBALS["admin_auth_module"];
  141. } elseif ($GLOBALS["admin_auth_module"] && is_file($GLOBALS["admin_auth_module"])) {
  142. require_once $GLOBALS["admin_auth_module"];
  143. } else {
  144. if ($GLOBALS["admin_auth_module"]) {
  145. logEvent("Warning: unable to use ".$GLOBALS["admin_auth_module"]. " for admin authentication, reverting back to phplist authentication");
  146. $GLOBALS["admin_auth_module"] = 'phplist_auth.inc';
  147. }
  148. require_once 'auth/phplist_auth.inc';
  149. }
  150. if (class_exists('admin_auth')) {
  151. $GLOBALS["admin_auth"] = new admin_auth();
  152. } else {
  153. print Fatal_Error($GLOBALS['I18N']->get('admininitfailure'));
  154. return;
  155. }
  156. if ((!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) && isset($_REQUEST["login"]) && isset($_REQUEST["password"])) {
  157. $loginresult = $GLOBALS["admin_auth"]->validateLogin($_REQUEST["login"],$_REQUEST["password"]);
  158. if (!$loginresult[0]) {
  159. $_SESSION["adminloggedin"] = "";
  160. $_SESSION["logindetails"] = "";
  161. $page = "login";
  162. logEvent(sprintf($GLOBALS['I18N']->get('invalid login from %s, tried logging in as %s'),$_SERVER['REMOTE_ADDR'],$_REQUEST["login"]));
  163. $msg = $loginresult[1];
  164. } else {
  165. $_SESSION["adminloggedin"] = $_SERVER["REMOTE_ADDR"];
  166. $_SESSION["logindetails"] = array(
  167. "adminname" => $_REQUEST["login"],
  168. "id" => $loginresult[0],
  169. "superuser" => $admin_auth->isSuperUser($loginresult[0]),
  170. );
  171. if ($_POST["page"] && $_POST["page"] != "") {
  172. $page = $_POST["page"];
  173. }
  174. }
  175. } elseif (isset($_REQUEST["forgotpassword"])) {
  176. $pass = '';
  177. if (is_email($_REQUEST["forgotpassword"])) {
  178. $pass = $GLOBALS["admin_auth"]->getPassword($_REQUEST["forgotpassword"]);
  179. }
  180. if ($pass) {
  181. sendMail ($_REQUEST["forgotpassword"],$GLOBALS['I18N']->get('yourpassword'),"\n\n".$GLOBALS['I18N']->get('yourpasswordis')." $pass");
  182. $msg = $GLOBALS['I18N']->get('passwordsent');
  183. logEvent(sprintf($GLOBALS['I18N']->get('successful password request from %s for %s'),$_SERVER['REMOTE_ADDR'],$_REQUEST["forgotpassword"]));
  184. } else {
  185. $msg = $GLOBALS['I18N']->get('cannotsendpassword');
  186. logEvent(sprintf($GLOBALS['I18N']->get('failed password request from %s for %s'),$_SERVER['REMOTE_ADDR'],$_REQUEST["forgotpassword"]));
  187. }
  188. $page = "login";
  189. } elseif (!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) {
  190. #$msg = 'Not logged in';
  191. $page = "login";
  192. } elseif (CHECK_SESSIONIP && $_SESSION["adminloggedin"] && $_SESSION["adminloggedin"] != $_SERVER["REMOTE_ADDR"]) {
  193. logEvent(sprintf($GLOBALS['I18N']->get('login ip invalid from %s for %s (was %s)'),$_SERVER['REMOTE_ADDR'],$_SESSION["logindetails"]['adminname'],$_SESSION["adminloggedin"]));
  194. $msg = $GLOBALS['I18N']->get('ipchanged');
  195. $_SESSION["adminloggedin"] = "";
  196. $_SESSION["logindetails"] = "";
  197. $page = "login";
  198. } elseif ($_SESSION["adminloggedin"] && $_SESSION["logindetails"]) {
  199. $validate = $GLOBALS["admin_auth"]->validateAccount($_SESSION["logindetails"]["id"]);
  200. if (!$validate[0]) {
  201. logEvent(sprintf($GLOBALS['I18N']->get('invalidated login from %s for %s (error %s)'),$_SERVER['REMOTE_ADDR'],$_SESSION["logindetails"]['adminname'],$validate[1]));
  202. $_SESSION["adminloggedin"] = "";
  203. $_SESSION["logindetails"] = "";
  204. $page = "login";
  205. $msg = $validate[1];
  206. }
  207. }
  208. }
  209. $include = '';
  210. include "header.inc";
  211. if ($page != '') {
  212. preg_match("/([\w_]+)/",$page,$regs);
  213. $include = $regs[1];
  214. $include .= ".php";
  215. $include = $page . ".php";
  216. } else {
  217. $include = "home.php";
  218. }
  219. print '<p class="leaftitle">'.NAME.' - '.strtolower($page_title).'</p>';
  220. if ($GLOBALS["require_login"] && $page != "login") {
  221. if ($page == 'logout') {
  222. $greeting = $GLOBALS['I18N']->get('goodbye');
  223. } else {
  224. $hr = date("G");
  225. if ($hr > 0 && $hr < 12) {
  226. $greeting = $GLOBALS['I18N']->get('goodmorning');
  227. } elseif ($hr <= 18) {
  228. $greeting = $GLOBALS['I18N']->get('goodafternoon');
  229. } else {
  230. $greeting = $GLOBALS['I18N']->get('goodevening');
  231. }
  232. }
  233. print '<div><font style="font-size : 12px;font-family : Arial, Helvetica, sans-serif; font-weight : bold;"> '.$greeting." ".adminName($_SESSION["logindetails"]["id"]). "</font></div>";
  234. if ($page != "logout") {
  235. print '<div align="right">'.PageLink2("logout",$GLOBALS['I18N']->get('logout'));
  236. }
  237. print '</div>';
  238. }
  239. if (LANGUAGE_SWITCH) {
  240. $ls = '<div align="right" id="languageswitch"><br/><form name="languageswitch" method="post" style="margin: 0; padding: 0">';
  241. $ls .= '<select name="setlanguage" onChange="document.languageswitch.submit()" style="width: 100px; font-size: 10px; color: #666666">';
  242. $lancount = 0;
  243. foreach ($GLOBALS['LANGUAGES'] as $iso => $rec) {
  244. if (is_dir(dirname(__FILE__).'/lan/'.$iso)) {
  245. $ls .= sprintf('<option value="%s" %s>%s</option>',$iso,$_SESSION['adminlanguage']['iso'] == $iso ? 'selected':'',$rec[0]);
  246. $lancount++;
  247. }
  248. }
  249. $ls .= '</select></form></div>';
  250. if ($lancount > 1) {
  251. print $ls;
  252. }
  253. }
  254. if ($page != "login") {
  255. if (ereg("dev",VERSION) && !TEST) {
  256. if ($GLOBALS["developer_email"]) {
  257. print Info("Running CVS version. All emails will be sent to ".$GLOBALS["developer_email"]);
  258. } else {
  259. print Info("Running CVS version, but developer email is not set");
  260. }
  261. }
  262. if (TEST) {
  263. print Info($GLOBALS['I18N']->get('Running in testmode, no emails will be sent. Check your config file.'));
  264. }
  265. if (ini_get("register_globals") == "on" && WARN_ABOUT_PHP_SETTINGS) {
  266. Error($GLOBALS['I18N']->get('It is safer to set Register Globals in your php.ini to be <b>off</b> instead of ').ini_get("register_globals") );
  267. }
  268. if (((bool)ini_get("safe_mode") === true ) && WARN_ABOUT_PHP_SETTINGS)
  269. Warn($GLOBALS['I18N']->get('safemodewarning'));
  270. /* this needs checking
  271. if (!ini_get("magic_quotes_gpc") && WARN_ABOUT_PHP_SETTINGS)
  272. Warn($GLOBALS['I18N']->get('magicquoteswarning'));
  273. if (ini_get("magic_quotes_runtime") && WARN_ABOUT_PHP_SETTINGS)
  274. Warn($GLOBALS['I18N']->get('magicruntimewarning'));
  275. */
  276. if (defined("ENABLE_RSS") && ENABLE_RSS && !function_exists("xml_parse") && WARN_ABOUT_PHP_SETTINGS)
  277. Warn($GLOBALS['I18N']->get('noxml'));
  278. if (ALLOW_ATTACHMENTS && WARN_ABOUT_PHP_SETTINGS && (!is_dir($GLOBALS["attachment_repository"]) || !is_writable ($GLOBALS["attachment_repository"]))) {
  279. if (ini_get("open_basedir")) {
  280. Warn($GLOBALS['I18N']->get('warnopenbasedir'));
  281. }
  282. Warn($GLOBALS['I18N']->get('warnattachmentrepository'));
  283. }
  284. }
  285. # always allow access to the about page
  286. if (isset($_GET['page']) && $_GET['page'] == 'about') {
  287. $page = 'about';
  288. $include = 'about.php';
  289. }
  290. # include some information
  291. if (is_file("info/".$_SESSION['adminlanguage']['info']."/$include")) {
  292. @include "info/".$_SESSION['adminlanguage']['info']."/$include";
  293. } else {
  294. @include "info/en/$include";
  295. # print "Not a file: "."info/".$adminlanguage["info"]."/$include";
  296. }
  297. /*
  298. if (USEFCK) {
  299. $imgdir = getenv("DOCUMENT_ROOT").$GLOBALS["pageroot"].'/'.FCKIMAGES_DIR.'/';
  300. if (!is_dir($imgdir) || !is_writeable ($imgdir)) {
  301. Warn("The FCK image directory does not exist, or is not writable");
  302. }
  303. }
  304. */
  305. if (defined("USE_PDF") && USE_PDF && !defined('FPDF_VERSION')) {
  306. Warn($GLOBALS['I18N']->get('nofpdf'));
  307. }
  308. $this_doc = getenv("REQUEST_URI");
  309. if (preg_match("#(.*?)/admin?$#i",$this_doc,$regs)) {
  310. $check_pageroot = $pageroot;
  311. $check_pageroot = preg_replace('#/$#','',$check_pageroot);
  312. if ($check_pageroot != $regs[1] && WARN_ABOUT_PHP_SETTINGS)
  313. Warn($GLOBALS['I18N']->get('warnpageroot'));
  314. }
  315. clearstatcache();
  316. if (checkAccess($page,"") || $page == 'about') {
  317. if (!$_GET['pi'] && (is_file($include) || is_link($include))) {
  318. # check whether there is a language file to include
  319. if (is_file("lan/".$_SESSION['adminlanguage']['iso']."/".$include)) {
  320. include "lan/".$_SESSION['adminlanguage']['iso']."/".$include;
  321. }
  322. # print "Including $include<br/>";
  323. # hmm, pre-parsing and capturing the error would be nice
  324. #$parses_ok = eval(@file_get_contents($include));
  325. $parses_ok = 1;
  326. if (!$parses_ok) {
  327. print Error("cannot parse $include");
  328. print '<p>Sorry, an error occurred. This is a bug. Please <a href="http://mantis.tincan.co.uk">report the bug to the Bug Tracker</a><br/>Sorry for the inconvenience</a></p>';
  329. } else {
  330. if (isset($GLOBALS['developer_email'])) {
  331. include $include;
  332. } else {
  333. @include $include;
  334. }
  335. }
  336. # print "End of inclusion<br/>";
  337. } elseif ($_GET['pi'] && isset($GLOBALS['plugins']) && is_array($GLOBALS['plugins']) && is_object($GLOBALS['plugins'][$_GET['pi']])) {
  338. $plugin = $GLOBALS["plugins"][$_GET["pi"]];
  339. $menu = $plugin->adminmenu();
  340. if (is_file($plugin->coderoot . $include)) {
  341. include ($plugin->coderoot . $include);
  342. } elseif ($include == 'main.php') {
  343. print '<h1>'.$plugin->name.'</h1><ul>';
  344. foreach ($menu as $page => $desc) {
  345. print '<li>'.PageLink2($page,$desc).'</li>';
  346. }
  347. print '</ul>';
  348. } else {
  349. print '<br/>'."$page -&gt; ".$I18N->get("pagenotfoundinplugin").'<br/>';#.' '.$plugin->coderoot.$include.'<br/>';
  350. #print $plugin->coderoot . "$include";
  351. }
  352. } else {
  353. if ($GLOBALS["commandline"]) {
  354. clineError("Sorry, that module does not exist");
  355. exit;
  356. }
  357. print "$page -&gt; ".$GLOBALS['I18N']->get('notimplemented');
  358. }
  359. } else {
  360. Error($GLOBALS['I18N']->get('noaccess'));
  361. }
  362. # some debugging stuff
  363. if (ereg("dev",VERSION)) {
  364. $now = gettimeofday();
  365. $finished = $now["sec"] * 1000000 + $now["usec"];
  366. $elapsed = $finished - $GLOBALS["pagestats"]["time_start"];
  367. $elapsed = ($elapsed / 1000000);
  368. # print "\n\n".'<!--';
  369. print '<br clear="all" /><font style="{font-size:8;font-color:#cccccc}">';
  370. print $GLOBALS["pagestats"]["number_of_queries"]." db queries in $elapsed seconds";
  371. print '</font>';
  372. if (isset($GLOBALS["statslog"])) {
  373. if ($fp = @fopen($GLOBALS["statslog"],"a")) {
  374. @fwrite($fp,getenv("REQUEST_URI")."\t".$GLOBALS["pagestats"]["number_of_queries"]."\t$elapsed\n");
  375. }
  376. }
  377. # print '-->';
  378. }
  379. if (isset($GLOBALS["commandline"]) && $GLOBALS["commandline"]) {
  380. ob_clean();
  381. exit;
  382. } elseif (!isset($_GET["omitall"])) {
  383. if (!$GLOBALS['compression_used']) {
  384. @ob_end_flush();
  385. }
  386. include_once "footer.inc";
  387. }
  388. function parseCline() {
  389. $res = array();
  390. $cur = "";
  391. foreach ($GLOBALS["argv"] as $clinearg) {
  392. if (substr($clinearg,0,1) == "-") {
  393. $par = substr($clinearg,1,1);
  394. $clinearg = substr($clinearg,2,strlen($clinearg));
  395. # $res[$par] = "";
  396. $cur = strtolower($par);
  397. $res[$cur] .= $clinearg;
  398. } elseif ($cur) {
  399. if ($res[$cur])
  400. $res[$cur] .= ' '.$clinearg;
  401. else
  402. $res[$cur] .= $clinearg;
  403. }
  404. }
  405. /* ob_end_clean();
  406. foreach ($res as $key => $val) {
  407. print "$key = $val\n";
  408. }
  409. ob_start();*/
  410. return $res;
  411. }