/wp-content/plugins/mailz/lists/admin/index.php
PHP | 450 lines | 367 code | 38 blank | 45 comment | 155 complexity | 24cb88971e141d22feb311e5cee1e002 MD5 | raw file
1<?php
2
3@ob_start();
4$er = error_reporting(0);
5# check for commandline and cli version
6if (!isset($_SERVER["SERVER_NAME"]) && !PHP_SAPI == "cli") {
7 print "Warning: commandline only works well with the cli version of PHP";
8}
9
10if (isset($_REQUEST['_SERVER'])) { exit; }
11$cline = array();
12$GLOBALS['commandline'] = 0;
13
14require_once dirname(__FILE__) .'/commonlib/lib/unregister_globals.php';
15require_once dirname(__FILE__) .'/commonlib/lib/magic_quotes.php';
16
17# setup commandline
18if (php_sapi_name() == "cli") {
19 for ($i=0; $i<$_SERVER['argc']; $i++) {
20 $my_args = array();
21 if (ereg("(.*)=(.*)",$_SERVER['argv'][$i], $my_args)) {
22 $_GET[$my_args[1]] = $my_args[2];
23 $_REQUEST[$my_args[1]] = $my_args[2];
24 }
25 }
26 $GLOBALS["commandline"] = 1;
27 $cline = parseCLine();
28 $dir = dirname($_SERVER["SCRIPT_FILENAME"]);
29 chdir($dir);
30} else {
31 $GLOBALS["commandline"] = 0;
32 header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
33 header("Pragma: no-cache"); // HTTP/1.0
34}
35
36if (isset($_SERVER["ConfigFile"]) && is_file($_SERVER["ConfigFile"])) {
37 print '<!-- using '.$_SERVER["ConfigFile"].'-->'."\n";
38 include $_SERVER["ConfigFile"];
39} elseif (isset($cline["c"]) && is_file($cline["c"])) {
40 print '<!-- using '.$cline["c"].' -->'."\n";
41 include $cline["c"];
42} elseif ($GLOBALS['commandline'] && isset($_ENV["CONFIG"]) && is_file($_ENV["CONFIG"])) {
43# print '<!-- using '.$_ENV["CONFIG"].'-->'."\n";
44 include $_ENV["CONFIG"];
45} elseif (is_file("../config/config.php")) {
46 print '<!-- using ../config/config.php -->'."\n";
47 include "../config/config.php";
48} else {
49 print "Error, cannot find config file\n";
50 exit;
51}
52
53# record the start time(usec) of script
54$now = gettimeofday();
55$GLOBALS["pagestats"] = array();
56$GLOBALS["pagestats"]["time_start"] = $now["sec"] * 1000000 + $now["usec"];
57$GLOBALS["pagestats"]["number_of_queries"] = 0;
58
59if (!$GLOBALS["commandline"] && isset($GLOBALS["developer_email"]) && $_SERVER['HTTP_HOST'] != 'cvs.phplist.com' && $GLOBALS['show_dev_errors']) {
60 error_reporting(E_ALL | E_NOTICE);
61 ini_set('display_errors',1);
62 foreach ($_REQUEST as $key => $val) {
63 unset($$key);
64 }
65} else {
66# error_reporting($er);
67 error_reporting(0);
68}
69
70# load all required files
71require_once dirname(__FILE__).'/init.php';
72require_once dirname(__FILE__).'/'.$GLOBALS["database_module"];
73require_once dirname(__FILE__)."/../texts/english.inc";
74include_once dirname(__FILE__)."/../texts/".$GLOBALS["language_module"];
75require_once dirname(__FILE__)."/defaultconfig.inc";
76require_once dirname(__FILE__).'/connect.php';
77include_once dirname(__FILE__)."/languages.php";
78include_once dirname(__FILE__)."/lib.php";
79require_once dirname(__FILE__)."/commonlib/lib/interfacelib.php";
80include_once dirname(__FILE__)."/pagetop.php";
81
82
83
84if ($GLOBALS["commandline"]) {
85 if (!isset($_SERVER["USER"]) && sizeof($GLOBALS["commandline_users"])) {
86 clineError("USER environment variable is not defined, cannot do access check. Please make sure USER is defined.");
87 exit;
88 }
89 if (is_array($GLOBALS["commandline_users"]) && sizeof($GLOBALS["commandline_users"]) && !in_array($_SERVER["USER"],$GLOBALS["commandline_users"])) {
90 clineError("Sorry, You (".$_SERVER["USER"].") do not have sufficient permissions to run phplist on commandline");
91 exit;
92 }
93 $GLOBALS["require_login"] = 0;
94
95 # getopt is actually useless
96 #$opt = getopt("p:");
97 if ($cline["p"]) {
98 if (!in_array($cline["p"],$GLOBALS["commandline_pages"])) {
99 clineError($cline["p"]." does not process commandline");
100 } else {
101 $_GET["page"] = $cline["p"];
102 }
103 } else {
104 clineUsage(" [other parameters]");
105 exit;
106 }
107} else {
108 if (CHECK_REFERRER && isset($_SERVER['HTTP_REFERER'])) {
109 ## do a crude check on referrer. Won't solve everything, as it can be faked, but shouldn't hurt
110 $ref = parse_url($_SERVER['HTTP_REFERER']);
111 if ($ref['host'] != $_SERVER['HTTP_HOST'] && !in_array($ref['host'],$allowed_referrers)) {
112 print 'Access denied';exit;
113 }
114 }
115}
116
117# fix for old PHP versions, although not failsafe :-(
118if (!isset($_POST) && isset($HTTP_POST_VARS)) {
119 include_once dirname(__FILE__) ."/commonlib/lib/oldphp_vars.php";
120}
121
122if (!isset($_GET['page']))
123 $page = 'home';
124else
125 $page = $_GET['page'];
126preg_match("/([\w_]+)/",$page,$regs);
127$page = $regs[1];
128if (!is_file($page.'.php') && !isset($_GET['pi'])) {
129 $page = 'home';
130}
131
132if (!$GLOBALS["admin_auth_module"]) {
133 # stop login system when no admins exist
134 if (!Sql_Table_Exists($tables["admin"])) {
135 $GLOBALS["require_login"] = 0;
136 } else {
137 $num = Sql_Query("select * from {$tables["admin"]}");
138 if (!Sql_Affected_Rows())
139 $GLOBALS["require_login"] = 0;
140 }
141} elseif (!Sql_Table_exists($GLOBALS['tables']['config'])) {
142 $GLOBALS['require_login'] = 0;
143}
144
145$page_title = NAME;
146@include_once dirname(__FILE__)."/lan/".$_SESSION['adminlanguage']['iso']."/pagetitles.php";
147
148print '<script language="javascript" type="text/javascript" src="js/select_style.js"></script>';
149print '<meta http-equiv="Cache-Control" content="no-cache, must-revalidate">'; // HTTP/1.1
150print '<meta http-equiv="Pragma" content="no-cache">'; // HTTP/1.1
151print "<title>".NAME." :: ";
152if (isset($GLOBALS["installation_name"]))
153 print $GLOBALS["installation_name"] .' :: ';
154print "$page_title</title>";
155
156if (isset($GLOBALS["require_login"]) && $GLOBALS["require_login"]) {
157 if ($GLOBALS["admin_auth_module"] && is_file("auth/".$GLOBALS["admin_auth_module"])) {
158 require_once "auth/".$GLOBALS["admin_auth_module"];
159 } elseif ($GLOBALS["admin_auth_module"] && is_file($GLOBALS["admin_auth_module"])) {
160 require_once $GLOBALS["admin_auth_module"];
161 } else {
162 if ($GLOBALS["admin_auth_module"]) {
163 logEvent("Warning: unable to use ".$GLOBALS["admin_auth_module"]. " for admin authentication, reverting back to phplist authentication");
164 $GLOBALS["admin_auth_module"] = 'phplist_auth.inc';
165 }
166 require_once 'auth/phplist_auth.inc';
167 }
168 if (class_exists('admin_auth')) {
169 $GLOBALS["admin_auth"] = new admin_auth();
170 } else {
171 print Fatal_Error($GLOBALS['I18N']->get('admininitfailure'));
172 return;
173 }
174 if ((!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) && isset($_REQUEST["login"]) && isset($_REQUEST["password"])) {
175 $loginresult = $GLOBALS["admin_auth"]->validateLogin($_REQUEST["login"],$_REQUEST["password"]);
176 if (!$loginresult[0]) {
177 $_SESSION["adminloggedin"] = "";
178 $_SESSION["logindetails"] = "";
179 $page = "login";
180 logEvent(sprintf($GLOBALS['I18N']->get('invalid login from %s, tried logging in as %s'),$_SERVER['REMOTE_ADDR'],$_REQUEST["login"]));
181 $msg = $loginresult[1];
182 } else {
183 $_SESSION["adminloggedin"] = $_SERVER["REMOTE_ADDR"];
184 $_SESSION["logindetails"] = array(
185 "adminname" => $_REQUEST["login"],
186 "id" => $loginresult[0],
187 "superuser" => $admin_auth->isSuperUser($loginresult[0]),
188 );
189 if ($_POST["page"] && $_POST["page"] != "") {
190 $page = $_POST["page"];
191 }
192 }
193 } elseif (isset($_REQUEST["forgotpassword"])) {
194 $pass = '';
195 if (is_email($_REQUEST["forgotpassword"])) {
196 $pass = $GLOBALS["admin_auth"]->getPassword($_REQUEST["forgotpassword"]);
197 }
198 if ($pass) {
199 sendMail ($_REQUEST["forgotpassword"],$GLOBALS['I18N']->get('yourpassword'),"\n\n".$GLOBALS['I18N']->get('yourpasswordis')." $pass");
200 $msg = $GLOBALS['I18N']->get('passwordsent');
201 logEvent(sprintf($GLOBALS['I18N']->get('successful password request from %s for %s'),$_SERVER['REMOTE_ADDR'],$_REQUEST["forgotpassword"]));
202 } else {
203 $msg = $GLOBALS['I18N']->get('cannotsendpassword');
204 logEvent(sprintf($GLOBALS['I18N']->get('failed password request from %s for %s'),$_SERVER['REMOTE_ADDR'],$_REQUEST["forgotpassword"]));
205 }
206 $page = "login";
207 } elseif (!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) {
208 #$msg = 'Not logged in';
209 $page = "login";
210 } elseif (CHECK_SESSIONIP && $_SESSION["adminloggedin"] && $_SESSION["adminloggedin"] != $_SERVER["REMOTE_ADDR"]) {
211 logEvent(sprintf($GLOBALS['I18N']->get('login ip invalid from %s for %s (was %s)'),$_SERVER['REMOTE_ADDR'],$_SESSION["logindetails"]['adminname'],$_SESSION["adminloggedin"]));
212 $msg = $GLOBALS['I18N']->get('ipchanged');
213 $_SESSION["adminloggedin"] = "";
214 $_SESSION["logindetails"] = "";
215 $page = "login";
216 } elseif ($_SESSION["adminloggedin"] && $_SESSION["logindetails"]) {
217 $validate = $GLOBALS["admin_auth"]->validateAccount($_SESSION["logindetails"]["id"]);
218 if (!$validate[0]) {
219 logEvent(sprintf($GLOBALS['I18N']->get('invalidated login from %s for %s (error %s)'),$_SERVER['REMOTE_ADDR'],$_SESSION["logindetails"]['adminname'],$validate[1]));
220 $_SESSION["adminloggedin"] = "";
221 $_SESSION["logindetails"] = "";
222 $page = "login";
223 $msg = $validate[1];
224 }
225 }
226}
227
228$include = '';
229include "header.inc";
230if ($page != '') {
231 preg_match("/([\w_]+)/",$page,$regs);
232 $include = $regs[1];
233 $include .= ".php";
234 $include = $page . ".php";
235} else {
236 $include = "home.php";
237}
238
239print '<p class="leaftitle">'.NAME.' - '.strtolower($page_title).'</p>';
240
241if ($GLOBALS["require_login"] && $page != "login") {
242 if ($page == 'logout') {
243 $greeting = $GLOBALS['I18N']->get('goodbye');
244 } else {
245 $hr = date("G");
246 if ($hr > 0 && $hr < 12) {
247 $greeting = $GLOBALS['I18N']->get('goodmorning');
248 } elseif ($hr <= 18) {
249 $greeting = $GLOBALS['I18N']->get('goodafternoon');
250 } else {
251 $greeting = $GLOBALS['I18N']->get('goodevening');
252 }
253 }
254 print '<div><font style="font-size : 12px;font-family : Arial, Helvetica, sans-serif; font-weight : bold;"> '.$greeting." ".adminName($_SESSION["logindetails"]["id"]). "</font></div>";
255 if ($page != "logout") {
256 print '<div align="right">'.PageLink2("logout",$GLOBALS['I18N']->get('logout'));
257 }
258 print '</div>';
259}
260if (LANGUAGE_SWITCH) {
261 $ls = '<div align="right" id="languageswitch"><br/><form name="languageswitch" method="post" style="margin: 0; padding: 0">';
262 $ls .= '<select name="setlanguage" onChange="document.languageswitch.submit()" style="width: 100px; font-size: 10px; color: #666666">';
263 $lancount = 0;
264 foreach ($GLOBALS['LANGUAGES'] as $iso => $rec) {
265 if (is_dir(dirname(__FILE__).'/lan/'.$iso)) {
266 $ls .= sprintf('<option value="%s" %s>%s</option>',$iso,$_SESSION['adminlanguage']['iso'] == $iso ? 'selected':'',$rec[0]);
267 $lancount++;
268 }
269 }
270 $ls .= '</select></form></div>';
271 if ($lancount > 1) {
272 print $ls;
273 }
274}
275
276if ($page != "login") {
277 if (ereg("dev",VERSION) && !TEST) {
278 if ($GLOBALS["developer_email"]) {
279 print Info("Running CVS version. All emails will be sent to ".$GLOBALS["developer_email"]);
280 } else {
281 print Info("Running CVS version, but developer email is not set");
282 }
283 }
284 if (TEST) {
285 print Info($GLOBALS['I18N']->get('Running in testmode, no emails will be sent. Check your config file.'));
286 }
287
288 if (ini_get("register_globals") == "on" && WARN_ABOUT_PHP_SETTINGS) {
289 Error($GLOBALS['I18N']->get('It is safer to set Register Globals in your php.ini to be <b>off</b> instead of ').ini_get("register_globals") );
290 }
291 if (((bool)ini_get("safe_mode") === true ) && WARN_ABOUT_PHP_SETTINGS)
292 Warn($GLOBALS['I18N']->get('safemodewarning'));
293
294 /* this needs checking
295 if (!ini_get("magic_quotes_gpc") && WARN_ABOUT_PHP_SETTINGS)
296 Warn($GLOBALS['I18N']->get('magicquoteswarning'));
297
298 if (ini_get("magic_quotes_runtime") && WARN_ABOUT_PHP_SETTINGS)
299 Warn($GLOBALS['I18N']->get('magicruntimewarning'));
300 */
301 if (defined("ENABLE_RSS") && ENABLE_RSS && !function_exists("xml_parse") && WARN_ABOUT_PHP_SETTINGS)
302 Warn($GLOBALS['I18N']->get('noxml'));
303
304 if (ALLOW_ATTACHMENTS && WARN_ABOUT_PHP_SETTINGS && (!is_dir($GLOBALS["attachment_repository"]) || !is_writable ($GLOBALS["attachment_repository"]))) {
305 if (ini_get("open_basedir")) {
306 Warn($GLOBALS['I18N']->get('warnopenbasedir'));
307 }
308 Warn($GLOBALS['I18N']->get('warnattachmentrepository'));
309 }
310}
311
312# always allow access to the about page
313if (isset($_GET['page']) && $_GET['page'] == 'about') {
314 $page = 'about';
315 $include = 'about.php';
316}
317
318# include some information
319if (is_file("info/".$_SESSION['adminlanguage']['info']."/$include")) {
320 @include "info/".$_SESSION['adminlanguage']['info']."/$include";
321} else {
322 @include "info/en/$include";
323# print "Not a file: "."info/".$adminlanguage["info"]."/$include";
324}
325
326
327/*
328if (USEFCK) {
329 $imgdir = getenv("DOCUMENT_ROOT").$GLOBALS["pageroot"].'/'.FCKIMAGES_DIR.'/';
330 if (!is_dir($imgdir) || !is_writeable ($imgdir)) {
331 Warn("The FCK image directory does not exist, or is not writable");
332 }
333}
334*/
335
336if (defined("USE_PDF") && USE_PDF && !defined('FPDF_VERSION')) {
337 Warn($GLOBALS['I18N']->get('nofpdf'));
338}
339
340$this_doc = getenv("REQUEST_URI");
341if (preg_match("#(.*?)/admin?$#i",$this_doc,$regs)) {
342 $check_pageroot = $pageroot;
343 $check_pageroot = preg_replace('#/$#','',$check_pageroot);
344 if ($check_pageroot != $regs[1] && WARN_ABOUT_PHP_SETTINGS)
345 Warn($GLOBALS['I18N']->get('warnpageroot'));
346}
347clearstatcache();
348if (checkAccess($page,"") || $page == 'about') {
349 if (!$_GET['pi'] && (is_file($include) || is_link($include))) {
350 # check whether there is a language file to include
351 if (is_file("lan/".$_SESSION['adminlanguage']['iso']."/".$include)) {
352 include "lan/".$_SESSION['adminlanguage']['iso']."/".$include;
353 }
354 # print "Including $include<br/>";
355
356 # hmm, pre-parsing and capturing the error would be nice
357 #$parses_ok = eval(@file_get_contents($include));
358 $parses_ok = 1;
359
360 if (!$parses_ok) {
361 print Error("cannot parse $include");
362 print '<p>Sorry, an error occurred. This is a bug. Please <a href="http://mantis.tincan.co.uk">report the bug to the Bug Tracker</a><br/>Sorry for the inconvenience</a></p>';
363 } else {
364 if (isset($GLOBALS['developer_email'])) {
365 include $include;
366 } else {
367 @include $include;
368 }
369 }
370 # print "End of inclusion<br/>";
371 } elseif ($_GET['pi'] && isset($GLOBALS['plugins']) && is_array($GLOBALS['plugins']) && is_object($GLOBALS['plugins'][$_GET['pi']])) {
372 $plugin = $GLOBALS["plugins"][$_GET["pi"]];
373 $menu = $plugin->adminmenu();
374 if (is_file($plugin->coderoot . $include)) {
375 include ($plugin->coderoot . $include);
376 } elseif ($include == 'main.php') {
377 print '<h1>'.$plugin->name.'</h1><ul>';
378 foreach ($menu as $page => $desc) {
379 print '<li>'.PageLink2($page,$desc).'</li>';
380 }
381 print '</ul>';
382 } else {
383 print '<br/>'."$page -> ".$I18N->get("pagenotfoundinplugin").'<br/>';#.' '.$plugin->coderoot.$include.'<br/>';
384 #print $plugin->coderoot . "$include";
385 }
386 } else {
387 if ($GLOBALS["commandline"]) {
388 clineError("Sorry, that module does not exist");
389 exit;
390 }
391
392 print "$page -> ".$GLOBALS['I18N']->get('notimplemented');
393 }
394} else {
395 Error($GLOBALS['I18N']->get('noaccess'));
396}
397
398# some debugging stuff
399if (ereg("dev",VERSION)) {
400 $now = gettimeofday();
401 $finished = $now["sec"] * 1000000 + $now["usec"];
402 $elapsed = $finished - $GLOBALS["pagestats"]["time_start"];
403 $elapsed = ($elapsed / 1000000);
404# print "\n\n".'<!--';
405 print '<br clear="all" /><font style="{font-size:8;font-color:#cccccc}">';
406 print $GLOBALS["pagestats"]["number_of_queries"]." db queries in $elapsed seconds";
407 print '</font>';
408 if (isset($GLOBALS["statslog"])) {
409 if ($fp = @fopen($GLOBALS["statslog"],"a")) {
410 @fwrite($fp,getenv("REQUEST_URI")."\t".$GLOBALS["pagestats"]["number_of_queries"]."\t$elapsed\n");
411 }
412 }
413# print '-->';
414}
415
416if (isset($GLOBALS["commandline"]) && $GLOBALS["commandline"]) {
417 ob_clean();
418 exit;
419} elseif (!isset($_GET["omitall"])) {
420 if (!$GLOBALS['compression_used']) {
421 @ob_end_flush();
422 }
423 include_once "footer.inc";
424}
425
426function parseCline() {
427 $res = array();
428 $cur = "";
429 foreach ($GLOBALS["argv"] as $clinearg) {
430 if (substr($clinearg,0,1) == "-") {
431 $par = substr($clinearg,1,1);
432 $clinearg = substr($clinearg,2,strlen($clinearg));
433 # $res[$par] = "";
434 $cur = strtolower($par);
435 $res[$cur] .= $clinearg;
436 } elseif ($cur) {
437 if ($res[$cur])
438 $res[$cur] .= ' '.$clinearg;
439 else
440 $res[$cur] .= $clinearg;
441 }
442 }
443/* ob_end_clean();
444 foreach ($res as $key => $val) {
445 print "$key = $val\n";
446 }
447 ob_start();*/
448 return $res;
449}
450