PageRenderTime 37ms CodeModel.GetById 32ms RepoModel.GetById 0ms app.codeStats 0ms

/legacy/includes/pages/admin/themes.php

http://novaboard.googlecode.com/
PHP | 487 lines | 16 code | 11 blank | 460 comment | 2 complexity | 8e79bd01f716d0dad4f6384a4da9d8dc MD5 | raw file
Possible License(s): AGPL-3.0
  1. <?php
  2. /*
  3. +--------------------------------------------------------------------------
  4. | NovaBoard
  5. | ========================================
  6. | By The NovaBoard team
  7. | Released under the Artistic License 2.0
  8. | http://www.novaboard.net
  9. | ======================================== |+--------------------------------------------------------------------------
  10. | themes.php - install/remove forum themes
  11. */
  12. if (!defined('NOVA_RUN')){
  13. echo "<h1>ACCESS DENIED</h1>You cannot access this file directly.";
  14. exit();
  15. }
  16. require_once "scripts/php/dUnzip2.inc.php";
  17. template_hook("pages/admin/themes.template.php", "start");
  18. if ($can_change_site_settings=='0'){
  19. nova_redirect("index.php?page=error&error=11","error/11");
  20. }
  21. else{
  22. foreach (glob("themes/*.zip") as $file_name) {
  23. unlink ($file_name);
  24. }
  25. if (isset($_POST['upload'])){
  26. $contenttype = $_FILES['uploadedfile']['type'];
  27. $file=$_FILES['uploadedfile']['name'];
  28. $parts = explode('.', $file);
  29. $ext = $parts[count($parts)-1];
  30. $contenttype = strtolower($ext);
  31. if ($contenttype=='zip'){
  32. $allowed="1";
  33. }
  34. else{
  35. $allowed="0";
  36. }
  37. if ($allowed=='0'){
  38. echo "contenttype = $contenttype<br /><br />";
  39. exit("You are not allowed to upload files with this extension.");
  40. }
  41. else{
  42. // Where the file is going to be placed
  43. $target_path = "themes/";
  44. $file_name = $_FILES['uploadedfile']['name'];
  45. $new_file_name = $file_name;
  46. $target_path_complete = $target_path . basename( $new_file_name);
  47. $_FILES['uploadedfile']['tmp_name'];
  48. if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path_complete)) {
  49. if($contenttype == 'zip'){
  50. $zip = new dUnzip2('themes/'.$file_name);
  51. $zip->debug = true;
  52. $zip->getList();
  53. $zip->unzipAll('themes');
  54. }
  55. foreach (glob("themes/*.zip") as $filename) {
  56. unlink ($filename);
  57. }
  58. template_hook("pages/admin/themes.template.php", "form_1");
  59. nova_redirect("index.php?page=admin&act=themes","admin/themes");
  60. }
  61. }
  62. }
  63. elseif (isset($_GET['alter']) && ($_GET['alter']=='rss')){
  64. $order = $_POST['order'];
  65. $order = escape_string($order);
  66. $limit = $_POST['limit'];
  67. $limit = escape_string($limit);
  68. $method = $_POST['method'];
  69. $method = escape_string($method);
  70. mysql_query("UPDATE {$db_prefix}settings SET theme_order='$order', theme_limit='$limit', theme_method='$method'");
  71. # Delete cache
  72. $Cache->delete('settings');
  73. template_hook("pages/admin/themes.template.php", "form_2");
  74. nova_redirect("index.php?page=admin&act=themes","admin/themes");
  75. }
  76. elseif (isset($_GET['func']) && ($_GET['func']=='remote')){
  77. // first warn the admin about what he/she is about to do
  78. // because this feature could be maliciously abused by
  79. // crafty people wanting you to install nasty things
  80. // onto the server...
  81. if ($_POST['agree']!='1'){
  82. $token_id = md5(microtime());
  83. $token = md5(uniqid(rand(),true));
  84. $token_name = "token_remote_$token_id";
  85. $_SESSION[$token_name] = $token;
  86. $file = escape_string($_GET['file']);
  87. $themename = escape_string($_GET['theme']);
  88. $func = escape_string($_GET['func']);
  89. template_hook("pages/admin/themes.template.php", "warn");
  90. }
  91. else{
  92. $token_id = $_POST['token_id'];
  93. $token_id = escape_string($token_id);
  94. $token_name = "token_remote_$token_id";
  95. if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){
  96. $theme_file = htmlentities(escape_string($_GET['file']));
  97. if(strpos($theme_file, "http://themes.novaboard.net") === false){
  98. nova_redirect("index.php?page=error","error");
  99. }
  100. else{
  101. nova_remote(" http://themes.novaboard.net/files/".$theme_file, "themes/");
  102. $filename = basename(" http://themes.novaboard.net/files/".$theme_file);
  103. $zip = new dUnzip2('themes/'.$filename);
  104. $zip->debug = true;
  105. $zip->getList();
  106. $zip->unzipAll('themes');
  107. foreach (glob("themes/*.zip") as $file_name) {
  108. unlink ($file_name);
  109. }
  110. template_hook("pages/admin/themes.template.php", "form_3");
  111. nova_redirect("index.php?page=admin&act=themes","admin/themes");
  112. }
  113. }
  114. else{
  115. nova_redirect("index.php?page=error&error=28","error/28");
  116. }
  117. }
  118. }
  119. elseif (isset($_GET['func']) && ($_GET['func']=='install')){
  120. // first warn the admin about what he/she is about to do
  121. // because this feature could be maliciously abused by
  122. // crafty people wanting you to install nasty things
  123. // onto the server...
  124. if ($_POST['agree']!='1'){
  125. $token_id = md5(microtime());
  126. $token = md5(uniqid(rand(),true));
  127. $token_name = "token_install_$token_id";
  128. $_SESSION[$token_name] = $token;
  129. $file = escape_string($_GET['file']);
  130. $themename = escape_string($_GET['theme']);
  131. $func = escape_string($_GET['func']);
  132. template_hook("pages/admin/themes.template.php", "warn");
  133. }
  134. else{
  135. $token_id = $_POST['token_id'];
  136. $token_id = escape_string($token_id);
  137. $token_name = "token_install_$token_id";
  138. if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){
  139. $theme_name =escape_string($_GET['theme']);
  140. mysql_query("DELETE FROM {$db_prefix}themes WHERE theme_name ='$theme_name'");
  141. mysql_query("INSERT INTO {$db_prefix}themes (theme_name, installed) VALUES ('$theme_name', '1')");
  142. if (file_exists("themes/$theme_name/install.php")){
  143. include "themes/$theme_name/install.php";
  144. }
  145. template_hook("pages/admin/themes.template.php", "form_4");
  146. nova_redirect("index.php?page=admin&act=themes","admin/themes");
  147. }
  148. nova_redirect("index.php?page=error&error=28","error/28");
  149. }
  150. }
  151. elseif (isset($_GET['func']) && ($_GET['func']=='remove')){
  152. // first warn the admin about what he/she is about to do
  153. // because this feature could be maliciously abused by
  154. // crafty people wanting you to install nasty things
  155. // onto the server...
  156. if ($_POST['agree']!='1'){
  157. $token_id = md5(microtime());
  158. $token = md5(uniqid(rand(),true));
  159. $token_name = "token_remove_$token_id";
  160. $_SESSION[$token_name] = $token;
  161. $file = escape_string($_GET['file']);
  162. $themename = escape_string($_GET['theme']);
  163. $func = escape_string($_GET['func']);
  164. template_hook("pages/admin/themes.template.php", "warn");
  165. }
  166. else{
  167. $token_id = $_POST['token_id'];
  168. $token_id = escape_string($token_id);
  169. $token_name = "token_remove_$token_id";
  170. if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){
  171. $theme_name =escape_string($_GET['theme']);
  172. mysql_query("DELETE FROM {$db_prefix}themes WHERE theme_name ='$theme_name'");
  173. if (file_exists("themes/$theme_name/uninstall.php")){
  174. include "themes/$theme_name/uninstall.php";
  175. }
  176. template_hook("pages/admin/themes.template.php", "form_5");
  177. nova_redirect("index.php?page=admin&act=themes","admin/themes");
  178. }
  179. else{
  180. nova_redirect("index.php?page=error&error=28","error/28");
  181. }
  182. }
  183. }
  184. elseif (isset($_GET['func']) && ($_GET['func']=='delete')){
  185. // first warn the admin about what he/she is about to do
  186. // because this feature could be maliciously abused by
  187. // crafty people wanting you to install nasty things
  188. // onto the server...
  189. if ($_POST['agree']!='1'){
  190. $file = escape_string($_GET['file']);
  191. $themename = escape_string($_GET['theme']);
  192. $func = escape_string($_GET['func']);
  193. template_hook("pages/admin/themes.template.php", "warn");
  194. }
  195. else{
  196. $theme_name = escape_string($_GET['theme']);
  197. nova_remove("themes/$theme_name");
  198. template_hook("pages/admin/themes.template.php", "form_6");
  199. nova_redirect("index.php?page=admin&act=themes","admin/themes");
  200. }
  201. }
  202. else{
  203. template_hook("pages/admin/themes.template.php", "1");
  204. list_themes_admin("themes/", "details");
  205. template_hook("pages/admin/themes.template.php", "3");
  206. template_hook('pages/admin/themes.template.php', 'remote_replacement');
  207. /*template_hook("pages/admin/themes.template.php", "4");
  208. class RSSParser {
  209. var $title = "";
  210. var $version = "";
  211. var $date = "";
  212. var $downloads = "";
  213. var $link = "";
  214. var $description = "";
  215. var $author = "";
  216. var $site = "";
  217. var $image = "";
  218. var $inside_item = false;
  219. function startElement( $parser, $name, $attrs='' ){
  220. global $current_tag;
  221. $current_tag = $name;
  222. if( $current_tag == "ITEM" )
  223. $this->inside_item = true;
  224. } // endfunc startElement
  225. function endElement( $parser, $tagName, $attrs='' ){
  226. global $current_tag;
  227. if ( $tagName == "ITEM" ) {
  228. $title = $this->title;
  229. $version = $this->version;
  230. $date = $this->date;
  231. $downloads = $this->downloads;
  232. $link = $this->link;
  233. $link = str_replace(" http://themes.novaboard.net/files/", "", $link);
  234. $description = $this->description;
  235. $author = $this->author;
  236. $site = $this->site;
  237. $image = $this->image;
  238. template_hook("pages/admin/themes.template.php", "5");
  239. echo "$image";
  240. template_hook("pages/admin/themes.template.php", "14");
  241. echo "$title";
  242. template_hook("pages/admin/themes.template.php", "6");
  243. echo "$version";
  244. template_hook("pages/admin/themes.template.php", "7");
  245. echo "$author";
  246. template_hook("pages/admin/themes.template.php", "8");
  247. echo "$site";
  248. template_hook("pages/admin/themes.template.php", "9");
  249. echo "$site";
  250. template_hook("pages/admin/themes.template.php", "10");
  251. echo "$description";
  252. template_hook("pages/admin/themes.template.php", "11");
  253. echo "$link";
  254. template_hook("pages/admin/themes.template.php", "12");
  255. $this->title = "";
  256. $this->version = "";
  257. $this->date = "";
  258. $this->downloads = "";
  259. $this->link = "";
  260. $this->description = "";
  261. $this->author = "";
  262. $this->site = "";
  263. $this->image = "";
  264. $this->inside_item = false;
  265. }
  266. } // endfunc endElement
  267. function characterData( $parser, $data ){
  268. global $current_tag;
  269. if( $this->inside_item ){
  270. switch($current_tag){
  271. case "TITLE":
  272. $this->title .= $data;
  273. break;
  274. case "VERSION":
  275. $this->version .= $data;
  276. break;
  277. case "DATE":
  278. $this->date .= $data;
  279. break;
  280. case "DOWNLOADS":
  281. $this->downloads .= $data;
  282. break;
  283. case "LINK":
  284. $this->link .= $data;
  285. break;
  286. case "DESCRIPTION":
  287. $this->description .= $data;
  288. break;
  289. case "AUTHOR":
  290. $this->author .= $data;
  291. break;
  292. case "SITE":
  293. $this->site .= $data;
  294. break;
  295. case "IMAGE":
  296. $this->image .= $data;
  297. break;
  298. default:
  299. break;
  300. } // endswitch
  301. } // end if
  302. } // endfunc characterData
  303. function parse_results( $xml_parser, $rss_parser, $file ) {
  304. xml_set_object( $xml_parser, &$rss_parser );
  305. xml_set_element_handler( $xml_parser, "startElement", "endElement" );
  306. xml_set_character_data_handler( $xml_parser, "characterData" );
  307. $fp = fopen("$file","r") or die( "Error reading XML file, $file" );
  308. while ($data = fread($fp, 4096)) {
  309. // parse the data
  310. xml_parse( $xml_parser, $data, feof($fp) ) or die( sprintf( "XML error: %s at line %d", xml_error_string( xml_get_error_code($xml_parser) ), xml_get_current_line_number( $xml_parser ) ) );
  311. } // endwhile
  312. fclose($fp);
  313. xml_parser_free( $xml_parser );
  314. } // endfunc parse_results
  315. } // endclass RSSParser
  316. global $rss_url;
  317. $xml_parser = xml_parser_create();
  318. $rss_parser = new RSSParser();
  319. $parse_nova_version = str_replace(" ", "_", $nova_version);
  320. $rss_parser->parse_results( $xml_parser, $rss_parser, "http://themes.novaboard.net/$parse_nova_version/$module_order/$module_limit/$module_method/files.php" );
  321. template_hook("pages/admin/themes.template.php", "3");
  322. template_hook("pages/admin/themes.template.php", "13");*/
  323. }
  324. }
  325. template_hook("pages/admin/themes.template.php", "end");
  326. ?>