PageRenderTime 104ms CodeModel.GetById 14ms RepoModel.GetById 0ms app.codeStats 0ms

/phpmyfaq/admin/index.php

https://github.com/cyrke/phpMyFAQ
PHP | 668 lines | 504 code | 63 blank | 101 comment | 82 complexity | 524f0b8be147770a37bed16658167f25 MD5 | raw file
Possible License(s): LGPL-2.1, LGPL-3.0, MPL-2.0-no-copyleft-exception 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * The main admin backend index file
    4. 

  4.  *
    5. 

  5.  * PHP Version 5.3
    6. 

  6.  *
    7. 

  7.  * This Source Code Form is subject to the terms of the Mozilla Public License,
    8. 

  8.  * v. 2.0. If a copy of the MPL was not distributed with this file, You can
    9. 

  9.  * obtain one at http://mozilla.org/MPL/2.0/.
    10. 

  10.  *
    11. 

  11.  * @category  phpMyFAQ
    12. 

  12.  * @package   Administraion
    13. 

  13.  * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
    14. 

  14.  * @author    Bastian Poettner <bastian@poettner.net>
    15. 

  15.  * @author    Meikel Katzengreis <meikel@katzengreis.com>
    16. 

  16.  * @author    Minoru TODA <todam@netjapan.co.jp>
    17. 

  17.  * @author    Matteo Scaramuccia <matteo@phpmyfaq.de>
    18. 

  18.  * @copyright 2002-2012 phpMyFAQ Team
    19. 

  19.  * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
    20. 

  20.  * @link      http://www.phpmyfaq.de
    21. 

  21.  * @since     2002-09-16
    22. 

  22.  */
    23. 

  23. 

  24. define('PMF_ROOT_DIR', dirname(__DIR__));
    25. 

  25. 

  26. //
    27. 

  27. // Check if config/database.php exist -> if not, redirect to installer
    28. 

  28. //
    29. 

  29. if (!file_exists(PMF_ROOT_DIR . '/config/database.php')) {
    30. 

  30.     header("Location: ".str_replace('admin/index.php', '', $_SERVER['SCRIPT_NAME']).'install/setup.php');
    31. 

  31.     exit();
    32. 

  32. }
    33. 

  33. 

  34. //
    35. 

  35. // Define the named constant used as a check by any included PHP file
    36. 

  36. //
    37. 

  37. define('IS_VALID_PHPMYFAQ', null);
    38. 

  38. 

  39. //
    40. 

  40. // Bootstrap phpMyFAQ and start the PHP session
    41. 

  41. //
    42. 

  42. require_once PMF_ROOT_DIR.'/inc/Bootstrap.php';
    43. 

  43. PMF_Init::cleanRequest();
    44. 

  44. session_name(PMF_Session::PMF_COOKIE_NAME_AUTH);
    45. 

  45. session_start();
    46. 

  46. 

  47. // get language (default: english)
    48. 

  48. $Language = new PMF_Language($faqConfig);
    49. 

  49. $LANGCODE = $Language->setLanguage($faqConfig->get('main.languageDetection'), $faqConfig->get('main.language'));
    50. 

  50. // Preload English strings
    51. 

  51. require_once (PMF_ROOT_DIR.'/lang/language_en.php');
    52. 

  52. $faqConfig->setLanguage($Language);
    53. 

  53. 

  54. if (isset($LANGCODE) && PMF_Language::isASupportedLanguage($LANGCODE)) {
    55. 

  55.     // Overwrite English strings with the ones we have in the current language
    56. 

  56.     if (! file_exists(PMF_ROOT_DIR . '/lang/language_' . $LANGCODE . '.php')) {
    57. 

  57.         $LANGCODE = 'en';
    58. 

  58.     }
    59. 

  59.     require_once PMF_ROOT_DIR . '/lang/language_' . $LANGCODE . '.php';
    60. 

  60. } else {
    61. 

  61.     $LANGCODE = 'en';
    62. 

  62. }
    63. 

  63. 

  64. //
    65. 

  65. // Initalizing static string wrapper
    66. 

  66. //
    67. 

  67. PMF_String::init($LANGCODE);
    68. 

  68. 

  69. //
    70. 

  70. // Set actual template set name
    71. 

  71. //
    72. 

  72. PMF_Template::setTplSetName($faqConfig->get('main.templateSet'));
    73. 

  73. 

  74. //
    75. 

  75. // Initialize attachment factory
    76. 

  76. //
    77. 

  77. PMF_Attachment_Factory::init(
    78. 

  78.     $faqConfig->get('records.attachmentsStorageType'),
    79. 

  79.     $faqConfig->get('records.defaultAttachmentEncKey'),
    80. 

  80.     $faqConfig->get('records.enableAttachmentEncryption')
    81. 

  81. );
    82. 

  82. 

  83. //
    84. 

  84. // Initiazile caching
    85. 

  85. //
    86. 

  86. PMF_Cache::init($faqConfig);
    87. 

  87. 

  88. 

  89. //
    90. 

  90. // Create a new FAQ object
    91. 

  91. //
    92. 

  92. $faq = new PMF_Faq($faqConfig);
    93. 

  93. 

  94. //
    95. 

  95. // use mbstring extension if available and when possible
    96. 

  96. //
    97. 

  97. $valid_mb_strings = array('ja', 'en', 'uni');
    98. 

  98. $mbLanguage = ($PMF_LANG['metaLanguage'] != 'ja') ? 'uni' : $PMF_LANG['metaLanguage'];
    99. 

  99. if (function_exists('mb_language') && in_array($mbLanguage, $valid_mb_strings)) {
    100. 

  100.     mb_language($mbLanguage);
    101. 

  101.     mb_internal_encoding('utf-8');
    102. 

  102. }
    103. 

  103. 

  104. //
    105. 

  105. // Get user action
    106. 

  106. //
    107. 

  107. $action = PMF_Filter::filterInput(INPUT_GET, 'action', FILTER_SANITIZE_STRING);
    108. 

  108. if (is_null($action)) {
    109. 

  109.     $action = PMF_Filter::filterInput(INPUT_POST, 'action', FILTER_SANITIZE_STRING);
    110. 

  110. }
    111. 

  111. 

  112. // authenticate current user
    113. 

  113. $auth        = null;
    114. 

  114. $error       = '';
    115. 

  115. $faqusername = PMF_Filter::filterInput(INPUT_POST, 'faqusername', FILTER_SANITIZE_STRING);
    116. 

  116. $faqpassword = PMF_Filter::filterInput(INPUT_POST, 'faqpassword', FILTER_SANITIZE_STRING);
    117. 

  117. $faqremember = PMF_Filter::filterInput(INPUT_POST, 'faqrememberme', FILTER_SANITIZE_STRING);
    118. 

  118. 

  119. // Set username via SSO
    120. 

  120. if ($faqConfig->get('security.ssoSupport') && isset($_SERVER['REMOTE_USER'])) {
    121. 

  121.     $faqusername = trim($_SERVER['REMOTE_USER']);
    122. 

  122.     $faqpassword = '';
    123. 

  123. }
    124. 

  124. 

  125. // Login via local DB or LDAP or SSO
    126. 

  126. if (!is_null($faqusername) && !is_null($faqpassword)) {
    127. 

  127.     $user = new PMF_User_CurrentUser($faqConfig);
    128. 

  128.     if (!is_null($faqremember) && 'rememberMe' === $faqremember) {
    129. 

  129.         $user->enableRememberMe();
    130. 

  130.     }
    131. 

  131.     if ($faqConfig->get('security.ldapSupport')) {
    132. 

  132.         $authLdap = new PMF_Auth_Ldap($faqConfig);
    133. 

  133.         $user->addAuth($authLdap, 'ldap');
    134. 

  134.     }
    135. 

  135.     if ($faqConfig->get('security.ssoSupport')) {
    136. 

  136.         $authSso = new PMF_Auth_Sso($faqConfig);
    137. 

  137.         $user->addAuth($authSso, 'sso');
    138. 

  138.     }
    139. 

  139.     if ($user->login($faqusername, $faqpassword)) {
    140. 

  140.         // login, if user account is NOT blocked
    141. 

  141.         if ($user->getStatus() != 'blocked') {
    142. 

  142.             $auth = true;
    143. 

  143.         } else {
    144. 

  144.             $error = $PMF_LANG['ad_auth_fail'];
    145. 

  145.             $user  = null;
    146. 

  146.         }
    147. 

  147.     } else {
    148. 

  148.         // error
    149. 

  149.         $logging = new PMF_Logging($faqConfig);
    150. 

  150.         $logging->logAdmin($user, 'Loginerror\nLogin: '.$faqusername.'\nErrors: ' . implode(', ', $user->errors));
    151. 

  151.         $error = $PMF_LANG['ad_auth_fail'];
    152. 

  152.         $user  = null;
    153. 

  153.     }
    154. 

  154. } else {
    155. 

  155.     // Try to authenticate with cookie information
    156. 

  156.     $user = PMF_User_CurrentUser::getFromCookie($faqConfig);
    157. 

  157.     // authenticate with session information
    158. 

  158.     if (! $user instanceof PMF_User_CurrentUser) {
    159. 

  159.         $user = PMF_User_CurrentUser::getFromSession($faqConfig);
    160. 

  160.     }
    161. 

  161.     if ($user instanceof PMF_User_CurrentUser) {
    162. 

  162.         $auth = true;
    163. 

  163.     } else {
    164. 

  164.         $user = null;
    165. 

  165.     }
    166. 

  166. }
    167. 

  167. 

  168. // get user rights
    169. 

  169. $permission = array();
    170. 

  170. if (isset($auth)) {
    171. 

  171.     // read all rights, set them FALSE
    172. 

  172.     $allRights = $user->perm->getAllRightsData();
    173. 

  173.     foreach ($allRights as $right) {
    174. 

  174.         $permission[$right['name']] = false;
    175. 

  175.     }
    176. 

  176.     // check user rights, set them TRUE
    177. 

  177.     $allUserRights = $user->perm->getAllUserRights($user->getUserId());
    178. 

  178.     foreach ($allRights as $right) {
    179. 

  179.         if (in_array($right['right_id'], $allUserRights))
    180. 

  180.             $permission[$right['name']] = true;
    181. 

  181.     }
    182. 

  182. }
    183. 

  183. 

  184. // logout
    185. 

  185. if ($action == 'logout' && $auth) {
    186. 

  186.     $user->deleteFromSession();
    187. 

  187.     $user = null;
    188. 

  188.     $auth = null;
    189. 

  189.     $ssoLogout = $faqConfig->get('security.ssoLogoutRedirect');
    190. 

  190.     if ($faqConfig->get('security.ssoSupport') && !empty ($ssoLogout)) {
    191. 

  191.         header ("Location: $ssoLogout");
    192. 

  192.     }
    193. 

  193. }
    194. 

  194. 

  195. //
    196. 

  196. // Get current admin user and group id - default: -1
    197. 

  197. //
    198. 

  198. if (isset($user) && is_object($user)) {
    199. 

  199.     $currentAdminUser = $user->getUserId();
    200. 

  200.     if ($user->perm instanceof PMF_Perm_Medium) {
    201. 

  201.         $currentAdminGroups = $user->perm->getUserGroups($currentAdminUser);
    202. 

  202.     } else {
    203. 

  203.         $currentAdminGroups = array(-1);
    204. 

  204.     }
    205. 

  205.     if (0 == count($currentAdminGroups)) {
    206. 

  206.         $currentAdminGroups = array(-1);
    207. 

  207.     }
    208. 

  208. }
    209. 

  209. 

  210. //
    211. 

  211. // Get action from _GET and _POST first
    212. 

  212. $_ajax = PMF_Filter::filterInput(INPUT_GET, 'ajax', FILTER_SANITIZE_STRING);
    213. 

  213. if (is_null($_ajax)) {
    214. 

  214.     $_ajax = PMF_Filter::filterInput(INPUT_POST, 'ajax', FILTER_SANITIZE_STRING);
    215. 

  215. }
    216. 

  216. 

  217. // if performing AJAX operation, needs to branch before header.php
    218. 

  218. if (isset($auth) && in_array(true, $permission)) {
    219. 

  219.     if (isset($action) && isset($_ajax)) {
    220. 

  220.         if ($action == 'ajax') {
    221. 

  221. 

  222.             switch ($_ajax) {
    223. 

  223.             // Link verification
    224. 

  224.             case 'verifyURL':
    225. 

  225.                 require_once 'ajax.verifyurl.php';
    226. 

  226.                 break;
    227. 

  227.             case 'onDemandURL':
    228. 

  228.                 require_once 'ajax.ondemandurl.php';
    229. 

  229.                 break;
    230. 

  230. 

  231.             // Configuration management
    232. 

  232.             case 'config_list':
    233. 

  233.                 require_once 'ajax.config_list.php';
    234. 

  234.                 break;
    235. 

  235. 

  236.             case 'config':
    237. 

  237.                 require_once 'ajax.config.php';
    238. 

  238.                 break;
    239. 

  239.                 
    240. 

  240.             // Tags management
    241. 

  241.             case 'tags_list':
    242. 

  242.                 require_once 'ajax.tags_list.php';
    243. 

  243.                 break;
    244. 

  244.                 
    245. 

  245.             // Comments
    246. 

  246.             case 'comment':
    247. 

  247.                 require 'ajax.comment.php';
    248. 

  248.                 break;
    249. 

  249.             
    250. 

  250.             // Records
    251. 

  251.             case 'records':	
    252. 

  252.                 require 'ajax.records.php';
    253. 

  253.                 break;
    254. 

  254. 

  255.             case 'recordSave':
    256. 

  256.                 require 'record.save.php';
    257. 

  257.                 break;
    258. 

  258. 

  259.             case 'recordAdd':
    260. 

  260.                 require 'record.add.php';
    261. 

  261.                 break;
    262. 

  262. 

  263.             // Search
    264. 

  264.             case 'search':
    265. 

  265.                 require 'ajax.search.php';
    266. 

  266.                 break;
    267. 

  267. 

  268.             // Users
    269. 

  269.             case 'user': 
    270. 

  270.                 require 'ajax.user.php';
    271. 

  271.                 break;
    272. 

  272.             
    273. 

  273.             // Groups
    274. 

  274.             case 'group': 
    275. 

  275.                 require 'ajax.group.php';
    276. 

  276.                 break;
    277. 

  277.             
    278. 

  278.             // Interface translation
    279. 

  279.             case 'trans':
    280. 

  280.                 require 'ajax.trans.php';
    281. 

  281.                 break;
    282. 

  282.                 
    283. 

  283.             case 'att':
    284. 

  284.                 require 'ajax.attachment.php';
    285. 

  285.                 break;
    286. 

  286. 

  287. 			case 'autosave':
    288. 

  288. 				require 'ajax.autosave.php';
    289. 

  289. 				break;
    290. 

  290.             }
    291. 

  291.         exit();
    292. 

  292.         }
    293. 

  293.     }
    294. 

  294. }
    295. 

  295. 

  296. // are we running a PMF export file request?
    297. 

  297. switch($action) {
    298. 

  298.     case 'exportfile':
    299. 

  299.         require 'export.file.php';
    300. 

  300.         exit();
    301. 

  301.         break;
    302. 

  302.     case 'reportexport':
    303. 

  303.         require 'report.export.php';
    304. 

  304.         exit();
    305. 

  305.         break;
    306. 

  306. }
    307. 

  307. 

  308. // Header of the admin page including the navigation
    309. 

  309. require_once 'header.php';
    310. 

  310. 

  311. // User is authenticated
    312. 

  312. if (isset($auth) && in_array(true, $permission)) {
    313. 

  313.     if (!is_null($action)) {
    314. 

  314.         // the various sections of the admin area
    315. 

  315.         switch ($action) {
    316. 

  316.             // functions for user administration
    317. 

  317.             case 'user':                    require_once 'user.php'; break;
    318. 

  318.             case 'group':                   require_once 'group.php'; break;
    319. 

  319.             // functions for record administration
    320. 

  320.             case 'viewinactive':
    321. 

  321.             case 'viewactive':
    322. 

  322.             case 'view':                    require_once 'record.show.php'; break;
    323. 

  323.             case 'searchfaqs':              require_once 'record.search.php'; break;
    324. 

  324.             case "takequestion":
    325. 

  325.             case "editentry":
    326. 

  326.             case 'copyentry':
    327. 

  327.             case "editpreview":             require_once 'record.edit.php'; break;
    328. 

  328.             case "insertentry":             require_once 'record.add.php'; break;
    329. 

  329.             case "saveentry":               require_once 'record.save.php'; break;
    330. 

  330.             case "delentry":                require_once 'record.delete.php'; break;
    331. 

  331.             case "delatt":                  require_once 'record.delatt.php'; break;
    332. 

  332.             case "question":                require_once 'record.questions.php'; break;
    333. 

  333.             case 'comments':                require_once 'record.comments.php'; break;
    334. 

  334.             // news administraion
    335. 

  335.             case 'news':                    
    336. 

  336.             case 'addnews':
    337. 

  337.             case 'editnews':
    338. 

  338.             case 'savenews':
    339. 

  339.             case 'updatenews':	
    340. 

  340.             case 'deletenews':              require_once 'news.php'; break;
    341. 

  341.             // category administration
    342. 

  342.             case 'content':
    343. 

  343.             case 'category':
    344. 

  344.             case 'savecategory':
    345. 

  345.             case 'updatecategory':
    346. 

  346.             case 'removecategory':
    347. 

  347.             case 'changecategory':
    348. 

  348.             case 'pastecategory':           require_once 'category.main.php'; break;
    349. 

  349.             case "addcategory":             require_once 'category.add.php'; break;
    350. 

  350.             case "editcategory":            require_once 'category.edit.php'; break;
    351. 

  351.             case "translatecategory":       require_once 'category.translate.php'; break;
    352. 

  352.             case "deletecategory":          require_once 'category.delete.php'; break;
    353. 

  353.             case "cutcategory":             require_once 'category.cut.php'; break;
    354. 

  354.             case "movecategory":            require_once 'category.move.php'; break;
    355. 

  355.             case "showcategory":            require_once 'category.showstructure.php'; break;
    356. 

  356.             // glossary
    357. 

  357.             case 'glossary':
    358. 

  358.             case 'saveglossary':
    359. 

  359.             case 'updateglossary':
    360. 

  360.             case 'deleteglossary':          require_once 'glossary.main.php'; break;
    361. 

  361.             case 'addglossary':             require_once 'glossary.add.php'; break;
    362. 

  362.             case 'editglossary':            require_once 'glossary.edit.php'; break;
    363. 

  363.             // adminlog administration
    364. 

  364.             case 'adminlog':
    365. 

  365.             case 'deleteadminlog':          require_once 'adminlog.php'; break;
    366. 

  366.             // functions for password administration
    367. 

  367.             case "passwd":                  require_once 'pwd.change.php'; break;
    368. 

  368.             // functions for session administration
    369. 

  369.             case "viewsessions":            require_once 'stat.main.php'; break;
    370. 

  370.             case "sessionbrowse":           require_once 'stat.browser.php'; break;
    371. 

  371.             case "viewsession":             require_once 'stat.show.php'; break;
    372. 

  372.             case "statistics":              require_once 'stat.ratings.php'; break;
    373. 

  373.             case "searchstats":             require_once 'stat.search.php'; break;
    374. 

  374.             case 'reports':                 require_once 'report.main.php'; break;
    375. 

  375.             case 'reportview':              require_once 'report.view.php'; break;
    376. 

  376.             // functions for config administration
    377. 

  377.             case 'config':                  require_once 'configuration.php'; break;
    378. 

  378.             case 'updateinstance':
    379. 

  379.             case 'instances':               require_once 'instances.php'; break;
    380. 

  380.             case 'editinstance':            require_once 'instances.edit.php'; break;
    381. 

  381.             case 'stopwordsconfig':         require_once 'stopwordsconfig.main.php'; break;
    382. 

  382.             // functions for backup administration
    383. 

  383.             case 'backup':                  require_once 'backup.main.php'; break;
    384. 

  384.             case 'restore':                 require_once 'backup.import.php'; break;
    385. 

  385.             // functions for FAQ export
    386. 

  386.             case "export":                  require_once 'export.main.php'; break;
    387. 

  387.             // translation tools
    388. 

  388.             case "transedit":               require_once 'trans.edit.php'; break;
    389. 

  389.             case "translist":               require_once 'trans.list.php'; break;
    390. 

  390.             case "transadd":                require_once 'trans.add.php'; break;
    391. 

  391.             // attachment administration 
    392. 

  392.             case "attachments":             require_once "att.main.php"; break;
    393. 

  393.             
    394. 

  394.             default:                        print "Error"; break;
    395. 

  395.         }
    396. 

  396.     } else {
    397. 

  397.         // start page with some information about the FAQ
    398. 

  398.         $faqTableInfo = $faqConfig->getDb()->getTableStatus();
    399. 

  399.         $faqSystem = new PMF_System();
    400. 

  400. ?>
    401. 

  401. 

  402.             <header>
    403. 

  403.                 <h2><?php print $PMF_LANG['ad_pmf_info']; ?></h2>
    404. 

  404.             </header>
    405. 

  405. 

  406.             <table class="table table-striped">
    407. 

  407.             <tbody>
    408. 

  408.                 <tr>
    409. 

  409.                     <td><strong><a href="?action=config"><?php print $PMF_LANG['msgMode']; ?></a></strong></td>
    410. 

  410.                     <td>
    411. 

  411.                         <?php if ($faqConfig->get('main.maintenanceMode')): ?>
    412. 

  412.                         <span class="label label-important"><?php print $PMF_LANG['msgMaintenanceMode']; ?></span>
    413. 

  413.                         <?php else: ?>
    414. 

  414.                         <span class="label label-success"><?php print $PMF_LANG['msgOnlineMode']; ?></span>
    415. 

  415.                         <?php endif; ?>
    416. 

  416.                     </td>
    417. 

  417.                 </tr>
    418. 

  418.                 <tr>
    419. 

  419.                     <td><strong><a href="?action=viewsessions"><?php print $PMF_LANG["ad_start_visits"]; ?></a></strong></td>
    420. 

  420.                     <td><?php print $faqTableInfo[PMF_Db::getTablePrefix() . "faqsessions"]; ?></td>
    421. 

  421.                 </tr>
    422. 

  422.                 <tr>
    423. 

  423.                     <td><strong><a href="?action=view"><?php print $PMF_LANG["ad_start_articles"]; ?></a></strong></td>
    424. 

  424.                     <td><?php print $faqTableInfo[PMF_Db::getTablePrefix() . "faqdata"]; ?></td>
    425. 

  425.                 </tr>
    426. 

  426.                 <tr>
    427. 

  427.                     <td><strong><a href="?action=comments"><?php print $PMF_LANG["ad_start_comments"]; ?></strong></a></td>
    428. 

  428.                     <td><?php print $faqTableInfo[PMF_Db::getTablePrefix() . "faqcomments"]; ?></td>
    429. 

  429.                 </tr>
    430. 

  430.                 <tr>
    431. 

  431.                     <td><strong><a href="?action=question"><?php print $PMF_LANG["msgOpenQuestions"]; ?></strong></a></td>
    432. 

  432.                     <td><?php print $faqTableInfo[PMF_Db::getTablePrefix() . "faqquestions"]; ?></td>
    433. 

  433.                 </tr>
    434. 

  434.                 <tr>
    435. 

  435.                     <td><strong><a href="?action=news"><?php print $PMF_LANG["msgNews"]; ?></strong></a></td>
    436. 

  436.                     <td><?php print $faqTableInfo[PMF_Db::getTablePrefix() . "faqnews"]; ?></td>
    437. 

  437.                 </tr>
    438. 

  438.                 <tr>
    439. 

  439.                     <td><strong><a href="?action=user&user_action=listallusers"><?php print $PMF_LANG['admin_mainmenu_users']; ?></strong></a></td>
    440. 

  440.                     <td><?php print $faqTableInfo[PMF_Db::getTablePrefix() . 'faquser'] - 1; ?></td>
    441. 

  441.                 </tr>
    442. 

  442.             </tbody>
    443. 

  443.             </table>
    444. 

  444.         </section>
    445. 

  445. 

  446.         <section class="row-fluid">
    447. 

  447.             <div class="span5">
    448. 

  448.                 <header>
    449. 

  449.                     <h3><?php print $PMF_LANG['ad_online_info']; ?></h3>
    450. 

  450.                 </header>
    451. 

  451. <?php
    452. 

  452.         $version = PMF_Filter::filterInput(INPUT_POST, 'param', FILTER_SANITIZE_STRING);
    453. 

  453.         if (!is_null($version) && $version == 'version') {
    454. 

  454.             $json   = file_get_contents('http://www.phpmyfaq.de/api/version');
    455. 

  455.             $result = json_decode($json);
    456. 

  456.             if ($result instanceof stdClass) {
    457. 

  457.                 $installed = $faqConfig->get('main.currentVersion');
    458. 

  458.                 $available = $result->stable;
    459. 

  459.                 printf(
    460. 

  460.                     '<p class="alert alert-%s">%s <a href="http://www.phpmyfaq.de" target="_blank">phpmyfaq.de</a>:<br/><strong>phpMyFAQ %s</strong>',
    461. 

  461.                     (-1 == version_compare($installed, $available)) ? 'danger' : 'info',
    462. 

  462.                     $PMF_LANG['ad_xmlrpc_latest'],
    463. 

  463.                     $available
    464. 

  464.                 );
    465. 

  465.                 // Installed phpMyFAQ version is outdated
    466. 

  466.                 if (-1 == version_compare($installed, $available)) {
    467. 

  467.                     print '<br />' . $PMF_LANG['ad_you_should_update'];
    468. 

  468.                 }
    469. 

  469.             }
    470. 

  470.         } else {
    471. 

  471. ?>
    472. 

  472.                 <p>
    473. 

  473.                     <form action="index.php" method="post">
    474. 

  474.                         <input type="hidden" name="param" value="version" />
    475. 

  475.                         <button class="btn btn-primary" type="submit">
    476. 

  476.                             <i class="icon-check icon-white"></i> <?php print $PMF_LANG["ad_xmlrpc_button"]; ?>
    477. 

  477.                         </button>
    478. 

  478.                     </form>
    479. 

  479.                 </p>
    480. 

  480. <?php
    481. 

  481.         }
    482. 

  482. ?>
    483. 

  483.                 </p>
    484. 

  484.             </div>
    485. 

  485.             <div class="span5">
    486. 

  486.                 <header>
    487. 

  487.                     <h3><?php print $PMF_LANG['ad_online_verification'] ?></h3>
    488. 

  488.                 </header>
    489. 

  489. <?php
    490. 

  490.         $getJson = PMF_Filter::filterInput(INPUT_POST, 'getJson', FILTER_SANITIZE_STRING);
    491. 

  491.         if (!is_null($getJson) && 'verify' === $getJson) {
    492. 

  492. 

  493.             $faqSystem    = new PMF_System();
    494. 

  494.             $localHashes  = $faqSystem->createHashes();
    495. 

  495.             $remoteHashes = file_get_contents(
    496. 

  496.                 'http://www.phpmyfaq.de/api/verify/' . $faqConfig->get('main.currentVersion')
    497. 

  497.             );
    498. 

  498. 

  499.             if (!is_array($remoteHashes)) {
    500. 

  500.                 echo '<p class="alert alert-danger">phpMyFAQ version mismatch - no verification possible.</p>';
    501. 

  501.             } else {
    502. 

  502. 

  503.                 $diff = array_diff(
    504. 

  504.                     json_decode($localHashes, true),
    505. 

  505.                     json_decode($remoteHashes, true)
    506. 

  506.                 );
    507. 

  507. 

  508.                 if (0 !== count($diff)) {
    509. 

  509.                     printf('<p class="alert alert-danger">%s</p>', $PMF_LANG["ad_verification_notokay"]);
    510. 

  510.                     print '<ul>';
    511. 

  511.                     foreach ($diff as $file => $hash) {
    512. 

  512.                         if ('created' === $file) {
    513. 

  513.                             continue;
    514. 

  514.                         }
    515. 

  515.                         printf(
    516. 

  516.                             '<li><span class="pmf-popover" data-original-title="SHA-1" data-content="%s">%s</span></li>',
    517. 

  517.                             $hash,
    518. 

  518.                             $file
    519. 

  519.                         );
    520. 

  520.                     }
    521. 

  521.                     print '</ul>';
    522. 

  522.                 } else {
    523. 

  523.                     printf('<p class="alert alert-success">%s</p>', $PMF_LANG["ad_verification_okay"]);
    524. 

  524.                 }
    525. 

  525.             }
    526. 

  526. 

  527.         } else {
    528. 

  528. ?>
    529. 

  529.                 <p>
    530. 

  530.                     <form action="index.php" method="post">
    531. 

  531.                         <input type="hidden" name="getJson" value="verify" />
    532. 

  532.                         <button class="btn btn-primary" type="submit">
    533. 

  533.                             <i class="icon-certificate icon-white"></i> <?php print $PMF_LANG["ad_verification_button"] ?>
    534. 

  534.                         </button>
    535. 

  535.                     </form>
    536. 

  536.                 </p>
    537. 

  537. <?php
    538. 

  538.         }
    539. 

  539. ?>
    540. 

  540.                 <script>$(function(){ $('span[class="pmf-popover"]').popover();});</script>
    541. 

  541.             </div>
    542. 

  542.         </section>
    543. 

  543. 

  544.         <section class="row-fluid">
    545. 

  545.             <header>
    546. 

  546.                 <h3><?php print $PMF_LANG['ad_system_info']; ?></h3>
    547. 

  547.             </header>
    548. 

  548.             <div class="pmf-system-information">
    549. 

  549.                 <table class="table table-striped">
    550. 

  550.                 <tbody>
    551. 

  551.                     <?php
    552. 

  552.                     $systemInformation = array(
    553. 

  553.                         'phpMyFAQ Version'    => $faqSystem->getVersion(),
    554. 

  554.                         'Server Software'     => $_SERVER['SERVER_SOFTWARE'],
    555. 

  555.                         'PHP Version'         => PHP_VERSION,
    556. 

  556.                         'Register Globals'    => ini_get('register_globals') == 1 ? 'on' : 'off',
    557. 

  557.                         'safe Mode'           => ini_get('safe_mode') == 1 ? 'on' : 'off',
    558. 

  558.                         'Open Basedir'        => ini_get('open_basedir') == 1 ? 'on' : 'off',
    559. 

  559.                         'DB Server'           => PMF_Db::getType(),
    560. 

  560.                         'DB Client Version'   => $faqConfig->getDb()->clientVersion(),
    561. 

  561.                         'DB Server Version'   => $faqConfig->getDb()->serverVersion(),
    562. 

  562.                         'Webserver Interface' => strtoupper(@php_sapi_name()),
    563. 

  563.                         'PHP Extensions'      => implode(', ', get_loaded_extensions())
    564. 

  564.                     );
    565. 

  565.                     foreach ($systemInformation as $name => $info): ?>
    566. 

  566.                     <tr>
    567. 

  567.                         <td class="span3"><strong><?php print $name ?></strong></td>
    568. 

  568.                         <td><?php print $info ?></td>
    569. 

  569.                     </tr>
    570. 

  570.                     <?php endforeach; ?>
    571. 

  571.                 </tbody>
    572. 

  572.                 </table>
    573. 

  573.             </div>
    574. 

  574. 

  575.             <p>phpMyFAQ uses <a href="http://glyphicons.com/">Glyphicons</a>.</p>
    576. 

  576. 

  577.             <div style="font-size: 5px; text-align: right; color: #f5f5f5">NOTE: Art is resistance.</div>
    578. 

  578.         </section>
    579. 

  579. <?php
    580. 

  580.     }
    581. 

  581. // User is authenticated, but has no rights
    582. 

  582. } elseif (isset($auth) && !in_array(true, $permission)) {
    583. 

  583. ?>
    584. 

  584.             <header>
    585. 

  585.                 <h2><?php print $PMF_LANG['ad_pmf_info']; ?></h2>
    586. 

  586.             </header>
    587. 

  587. 

  588.             <p class="error"><?php print $PMF_LANG['err_NotAuth'] ?></p>
    589. 

  589. 

  590. <?php
    591. 

  591. // User is NOT authenticated
    592. 

  592. } else {
    593. 

  593. ?>
    594. 

  594. 

  595.             <header>
    596. 

  596.                 <h2>phpMyFAQ Login</h2>
    597. 

  597.             </header>
    598. 

  598. <?php
    599. 

  599.     if (isset($error) && 0 < strlen($error)) {
    600. 

  600.         $message = sprintf(
    601. 

  601.             '<p class="alert alert-error">%s%s</p>',
    602. 

  602.             '<a class="close" data-dismiss="alert" href="#">&times;</a>',
    603. 

  603.             $error
    604. 

  604.         );
    605. 

  605.     } else {
    606. 

  606.         $message = sprintf('<p>%s</p>', $PMF_LANG['ad_auth_insert']);
    607. 

  607.     }
    608. 

  608.     if ($action == 'logout') {
    609. 

  609.         $message = sprintf(
    610. 

  610.             '<p class="alert alert-success">%s%s</p>',
    611. 

  611.             '<a class="close" data-dismiss="alert" href="#">&times;</a>',
    612. 

  612.             $PMF_LANG['ad_logout']
    613. 

  613.         );
    614. 

  614.     }
    615. 

  615.     
    616. 

  616.     if (isset($_SERVER['HTTPS']) || !$faqConfig->get('security.useSslForLogins')) {
    617. 

  617. ?>
    618. 

  618. 

  619.             <?php print $message ?>
    620. 

  620. 

  621.             <form class="form-horizontal" action="index.php" method="post">
    622. 

  622. 

  623.                 <div class="control-group">
    624. 

  624.                     <label class="control-label" for="faqusername"><?php print $PMF_LANG["ad_auth_user"]; ?></label>
    625. 

  625.                     <div class="controls">
    626. 

  626.                         <input type="text" name="faqusername" id="faqusername" required="required" />
    627. 

  627.                     </div>
    628. 

  628.                 </div>
    629. 

  629. 

  630.                 <div class="control-group">
    631. 

  631.                     <label class="control-label" for="faqpassword"><?php print $PMF_LANG["ad_auth_passwd"]; ?></label>
    632. 

  632.                     <div class="controls">
    633. 

  633.                         <input type="password" name="faqpassword" id="faqpassword" required="required" />
    634. 

  634.                     </div>
    635. 

  635.                 </div>
    636. 

  636. 

  637.                 <div class="control-group">
    638. 

  638.                     <div class="controls">
    639. 

  639.                         <label class="checkbox">
    640. 

  640.                             <input type="checkbox" id="faqrememberme" name="faqrememberme" value="rememberMe">
    641. 

  641.                             <?php print $PMF_LANG['rememberMe'] ?>
    642. 

  642.                         </label>
    643. 

  643.                     </div>
    644. 

  644.                 </div>
    645. 

  645. 

  646.                 <div class="form-actions">
    647. 

  647.                     <button class="btn btn-primary" type="submit">
    648. 

  648.                         <?php print $PMF_LANG["ad_auth_ok"]; ?>
    649. 

  649.                     </button>
    650. 

  650.                 </div>
    651. 

  651. <?php
    652. 

  652.     } else {
    653. 

  653.         printf('<p><a href="https://%s%s">%s</a></p>',
    654. 

  654.             $_SERVER['HTTP_HOST'],
    655. 

  655.             $_SERVER['REQUEST_URI'],
    656. 

  656.             $PMF_LANG['msgSecureSwitch']);
    657. 

  657.     }
    658. 

  658. ?>
    659. 

  659.             </form>
    660. 

  660. <?php
    661. 

  661. }
    662. 

  662. ?>
    663. 

  663.     </div>
    664. 

  664. <?php
    665. 

  665. 

  666. require 'footer.php';
    667. 

  667. 

  668. $faqConfig->getDb()->close();
    669. 

  669.