PageRenderTime 52ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/public_html/lists/admin/index.php

https://github.com/samtuke/phplist
PHP | 608 lines | 500 code | 58 blank | 50 comment | 230 complexity | 4a9b3559b484a7b21a14254efb868799 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1 
    

  1. <?php
    2. 

  2. 

  3. @ob_start();
    4. 

  4. $er = error_reporting(0);
    5. 

  5. # check for commandline and cli version
    6. 

  6. if (!isset($_SERVER["SERVER_NAME"]) && !PHP_SAPI == "cli") {
    7. 

  7.   print "Warning: commandline only works well with the cli version of PHP";
    8. 

  8. }
    9. 

  9. 

  10. if (isset($_REQUEST['_SERVER'])) { exit; }
    11. 

  11. $cline = array();
    12. 

  12. $GLOBALS['commandline'] = 0;
    13. 

  13. 

  14. require_once dirname(__FILE__) .'/commonlib/lib/unregister_globals.php';
    15. 

  15. require_once dirname(__FILE__) .'/commonlib/lib/magic_quotes.php';
    16. 

  16. 

  17. # setup commandline
    18. 

  18. if (php_sapi_name() == "cli") {
    19. 

  19.   for ($i=0; $i<$_SERVER['argc']; $i++) {
    20. 

  20.     $my_args = array();
    21. 

  21.     if (preg_match("/(.*)=(.*)/",$_SERVER['argv'][$i], $my_args)) {
    22. 

  22.       $_GET[$my_args[1]] = $my_args[2];
    23. 

  23.       $_REQUEST[$my_args[1]] = $my_args[2];
    24. 

  24.     }
    25. 

  25.   }
    26. 

  26.   $GLOBALS["commandline"] = 1;
    27. 

  27.   $cline = parseCLine();
    28. 

  28.   $dir = dirname($_SERVER["SCRIPT_FILENAME"]);
    29. 

  29.   chdir($dir);
    30. 

  30.   
    31. 

  31.   if (!is_file($cline['c'])) {
    32. 

  32.     print "Cannot find config file\n";
    33. 

  33.     exit;
    34. 

  34.   }
    35. 

  35.   
    36. 

  36. } else {
    37. 

  37.   $GLOBALS["commandline"] = 0;
    38. 

  38.   header("Cache-Control: no-cache, must-revalidate");           // HTTP/1.1
    39. 

  39.   header("Pragma: no-cache");                                   // HTTP/1.0
    40. 

  40. }
    41. 

  41. 

  42. $configfile = '';
    43. 

  43. 

  44. if (isset($_SERVER["ConfigFile"]) && is_file($_SERVER["ConfigFile"])) {
    45. 

  45.    $configfile = $_SERVER["ConfigFile"];
    46. 

  46. } elseif (isset($cline["c"]) && is_file($cline["c"])) {
    47. 

  47.   $configfile = $cline["c"];
    48. 

  48. } elseif (is_file(dirname(__FILE__).'/../config/config.php')) {
    49. 

  49.    $configfile = "../config/config.php";
    50. 

  50. } else {
    51. 

  51.   $configfile = "../config/config.php";
    52. 

  52. }
    53. 

  53. 

  54. if (is_file($configfile) && filesize($configfile) > 20) {
    55. 

  55.   include $configfile;
    56. 

  56. } elseif ($GLOBALS["commandline"]) {
    57. 

  57.   print 'Cannot find config file'."\n";
    58. 

  58. } else {
    59. 

  59.   $GLOBALS['installer'] = 1;
    60. 

  60.   include(dirname(__FILE__).'/install.php');
    61. 

  61.   exit;
    62. 

  62. }
    63. 

  63. $ajax = isset($_GET['ajaxed']);
    64. 

  64. 

  65. if (!isset($database_host) || !isset($database_user) || !isset($database_password) || !isset($database_name)) {
    66. 

  66.  # print $GLOBALS['I18N']->get('Database details incomplete, please check your config file');
    67. 

  67.   print 'Database details incomplete, please check your config file';
    68. 

  68.   exit;
    69. 

  69. }
    70. 

  70. #exit;
    71. 

  71. # record the start time(usec) of script
    72. 

  72. $now =  gettimeofday();
    73. 

  73. $GLOBALS["pagestats"] = array();
    74. 

  74. $GLOBALS["pagestats"]["time_start"] = $now["sec"] * 1000000 + $now["usec"];
    75. 

  75. $GLOBALS["pagestats"]["number_of_queries"] = 0;
    76. 

  76. 

  77. # load all required files
    78. 

  78. require_once dirname(__FILE__).'/init.php';
    79. 

  79. require_once dirname(__FILE__).'/'.$GLOBALS["database_module"];
    80. 

  80. include_once dirname(__FILE__)."/../texts/english.inc";
    81. 

  81. include_once dirname(__FILE__)."/../texts/".$GLOBALS["language_module"];
    82. 

  82. include_once dirname(__FILE__)."/languages.php";
    83. 

  83. require_once dirname(__FILE__)."/defaultconfig.php";
    84. 

  84. 

  85. require_once dirname(__FILE__).'/connect.php';
    86. 

  86. include_once dirname(__FILE__)."/lib.php";
    87. 

  87. if (INTERFACELIB == 2 && is_file(dirname(__FILE__).'/interfacelib.php')) {
    88. 

  88.   require_once dirname(__FILE__)."/interfacelib.php";
    89. 

  89. } else {
    90. 

  90.   require_once dirname(__FILE__)."/commonlib/lib/interfacelib.php";
    91. 

  91. }
    92. 

  92. 

  93. if (!empty($_SESSION['hasconf']) || Sql_Table_exists($tables["config"],1)) {
    94. 

  94.   $_SESSION['hasconf'] = true;
    95. 

  95.   ### Activate all plugins
    96. 

  96.   /* already done in pluginlib */
    97. 

  97.   //foreach ($GLOBALS['plugins'] as $plugin) {
    98. 

  98.     //$plugin->activate();
    99. 

  99.   //}
    100. 

  100. }
    101. 

  101. if (!empty($_GET['page']) && $_GET['page'] == 'logout') {
    102. 

  102.   foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
    103. 

  103.     $plugin->logout();
    104. 

  104.   }
    105. 

  105. 

  106.   $_SESSION["adminloggedin"] = "";
    107. 

  107.   $_SESSION["logindetails"] = "";
    108. 

  108.   session_destroy();
    109. 

  109.   Redirect('home');
    110. 

  110. }
    111. 

  111. 

  112. ## send a header for IE
    113. 

  113. header('X-UA-Compatible: IE=Edge');
    114. 

  114. ## tell SE's to leave us alone
    115. 

  115. header('X-Robots-Tag: noindex');
    116. 

  116. 

  117. if (!$ajax && !$GLOBALS["commandline"]) {
    118. 

  118.   if (USE_MINIFIED_ASSETS && file_exists(dirname(__FILE__).'/ui/'.$GLOBALS['ui'].'/pagetop_minified.php')) {
    119. 

  119.     include_once dirname(__FILE__).'/ui/'.$GLOBALS['ui'].'/pagetop_minified.php';
    120. 

  120.   } else {
    121. 

  121.     include_once dirname(__FILE__).'/ui/'.$GLOBALS['ui'].'/pagetop.php';
    122. 

  122.   }
    123. 

  123. }
    124. 

  124. 

  125. if (isset($GLOBALS['pageheader'])) {
    126. 

  126.   foreach ($GLOBALS['pageheader'] as $sHeaderItem => $sHtml ) {
    127. 

  127.     print '<!--'.$sHeaderItem.'-->'.$sHtml;
    128. 

  128.     
    129. 

  129.     print "\n";
    130. 

  130.   }
    131. 

  131. } 
    132. 

  132. 

  133. if ($GLOBALS["commandline"]) {
    134. 

  134.   if (!isset($_SERVER["USER"]) && sizeof($GLOBALS["commandline_users"])) {
    135. 

  135.     clineError("USER environment variable is not defined, cannot do access check. Please make sure USER is defined.");
    136. 

  136.     exit;
    137. 

  137.   }
    138. 

  138.   if (is_array($GLOBALS["commandline_users"]) && sizeof($GLOBALS["commandline_users"]) && !in_array($_SERVER["USER"],$GLOBALS["commandline_users"])) {
    139. 

  139.     clineError("Sorry, You (".$_SERVER["USER"].") do not have sufficient permissions to run phplist on commandline");
    140. 

  140.     exit;
    141. 

  141.   }
    142. 

  142.   $GLOBALS["require_login"] = 0;
    143. 

  143. 

  144.   # getopt is actually useless
    145. 

  145.   #$opt = getopt("p:");
    146. 

  146. 

  147.   $IsCommandlinePlugin = isset($cline['m']) && in_array($cline['m'],$GLOBALS["commandlinePlugins"]);
    148. 

  148.   if ($cline['p'] && !$IsCommandlinePlugin) {
    149. 

  149.     if (empty($GLOBALS['developer_email']) && isset($cline['p']) && !in_array($cline['p'],$GLOBALS["commandline_pages"])) {
    150. 

  150.       clineError($cline['p']." does not process commandline");
    151. 

  151.     } elseif (isset($cline['p'])) {
    152. 

  152.       $_GET['page'] = $cline['p'];
    153. 

  153.     }
    154. 

  154.   } elseif ($cline['p'] && $IsCommandlinePlugin) {
    155. 

  155.     if (empty($GLOBALS['developer_email']) && isset($cline['p']) && !in_array($cline['p'],$commandlinePluginPages[$cline['m']])) {
    156. 

  156.       clineError($cline['p']." does not process commandline");
    157. 

  157.     } elseif (isset($cline['p'])) {
    158. 

  158.       $_GET['page'] = $cline['p'];
    159. 

  159.       $_GET['pi'] = $cline['m'];
    160. 

  160.     }
    161. 

  161.   } else {
    162. 

  162.     clineUsage(" [other parameters]");
    163. 

  163.     exit;
    164. 

  164.   }
    165. 

  165. } else {
    166. 

  166.   if (CHECK_REFERRER && isset($_SERVER['HTTP_REFERER'])) {
    167. 

  167.     ## do a crude check on referrer. Won't solve everything, as it can be faked, but shouldn't hurt
    168. 

  168.     $ref = parse_url($_SERVER['HTTP_REFERER']);
    169. 

  169.     if ($ref['host'] != $_SERVER['HTTP_HOST'] && !in_array($ref['host'],$allowed_referrers)) {
    170. 

  170.       print 'Access denied';exit;
    171. 

  171.     }
    172. 

  172.   }
    173. 

  173. }
    174. 

  174. 

  175. if (!isset($_GET['page'])) {
    176. 

  176.   $page = $GLOBALS['homepage'];
    177. 

  177. } else {
    178. 

  178.   $page = $_GET['page'];
    179. 

  179. }
    180. 

  180. 

  181. if (preg_match("/([\w_]+)/",$page,$regs)) {
    182. 

  182.   $page = $regs[1];
    183. 

  183. } else {
    184. 

  184.   $page = '';
    185. 

  185. }
    186. 

  186. if (!is_file($page.'.php') && !isset($_GET['pi'])) {
    187. 

  187.   $page = $GLOBALS['homepage'];
    188. 

  188. }
    189. 

  189. 

  190. if (!$GLOBALS["admin_auth_module"]) {
    191. 

  191.   # stop login system when no admins exist
    192. 

  192.   if (!Sql_Table_Exists($tables["admin"])) {
    193. 

  193.     $GLOBALS["require_login"] = 0;
    194. 

  194.   } else {
    195. 

  195.     $num = Sql_Query("select * from {$tables["admin"]}");
    196. 

  196.     if (!Sql_Affected_Rows())
    197. 

  197.       $GLOBALS["require_login"] = 0;
    198. 

  198.   }
    199. 

  199. } elseif (!Sql_Table_exists($GLOBALS['tables']['config'])) {
    200. 

  200.   $GLOBALS['require_login'] = 0;
    201. 

  201. }
    202. 

  202. 

  203. if (!empty($_GET['pi']) && isset($GLOBALS['plugins'][$_GET['pi']])) {
    204. 

  204.   $page_title = $GLOBALS['plugins'][$_GET['pi']]->pageTitle($page);
    205. 

  205. } else {
    206. 

  206.   $page_title = $GLOBALS['I18N']->pageTitle($page);
    207. 

  207. }
    208. 

  208. 

  209. print "<title>".NAME." :: ";
    210. 

  210. if (isset($GLOBALS["installation_name"])) {
    211. 

  211.   print $GLOBALS["installation_name"] .' :: ';
    212. 

  212. }
    213. 

  213. print "$page_title</title>";
    214. 

  214. 

  215. if (isset($GLOBALS["require_login"]) && $GLOBALS["require_login"]) {
    216. 

  216.   if ($GLOBALS["admin_auth_module"] && is_file("auth/".$GLOBALS["admin_auth_module"])) {
    217. 

  217.     require_once "auth/".$GLOBALS["admin_auth_module"];
    218. 

  218.   } elseif ($GLOBALS["admin_auth_module"] && is_file($GLOBALS["admin_auth_module"])) {
    219. 

  219.     require_once $GLOBALS["admin_auth_module"];
    220. 

  220.   } else {
    221. 

  221.     if ($GLOBALS["admin_auth_module"]) {
    222. 

  222.       logEvent("Warning: unable to use ".$GLOBALS["admin_auth_module"]. " for admin authentication, reverting back to phplist authentication");
    223. 

  223.       $GLOBALS["admin_auth_module"] = 'phplist_auth.inc';
    224. 

  224.     }
    225. 

  225.     require_once 'auth/phplist_auth.inc';
    226. 

  226.   }
    227. 

  227.   if (class_exists('admin_auth')) {
    228. 

  228.     $GLOBALS["admin_auth"] = new admin_auth();
    229. 

  229.   } else {
    230. 

  230.     print Fatal_Error($GLOBALS['I18N']->get('Admin Authentication initialisation failure'));
    231. 

  231.     return;
    232. 

  232.   }
    233. 

  233.   if ((!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) && isset($_REQUEST["login"]) && isset($_REQUEST["password"]) && !empty($_REQUEST["password"])) {
    234. 

  234.     $loginresult = $GLOBALS["admin_auth"]->validateLogin($_REQUEST["login"],$_REQUEST["password"]);
    235. 

  235.     if (!$loginresult[0]) {
    236. 

  236.       $_SESSION["adminloggedin"] = "";
    237. 

  237.       $_SESSION["logindetails"] = "";
    238. 

  238.       $page = "login";
    239. 

  239.       logEvent(sprintf($GLOBALS['I18N']->get('invalid login from %s, tried logging in as %s'),$_SERVER['REMOTE_ADDR'],$_REQUEST["login"]));
    240. 

  240.       $msg = $loginresult[1];
    241. 

  241.     } else {
    242. 

  242.       $_SESSION["adminloggedin"] = $_SERVER["REMOTE_ADDR"];
    243. 

  243.       $_SESSION["logindetails"] = array(
    244. 

  244.         "adminname" => $_REQUEST["login"],
    245. 

  245.         "id" => $loginresult[0],
    246. 

  246.         "superuser" => $admin_auth->isSuperUser($loginresult[0]),
    247. 

  247.         "passhash" => sha1($_REQUEST["password"]),
    248. 

  248.       );
    249. 

  249.       ##16692 - make sure admin permissions apply at first login
    250. 

  250.       $GLOBALS["admin_auth"]->validateAccount($_SESSION["logindetails"]["id"]);      
    251. 

  251.       if (!empty($_POST["page"])) {
    252. 

  252.         $page = preg_replace('/\W+/','',$_POST["page"]);
    253. 

  253.       }
    254. 

  254.     }
    255. 

  255.   #If passwords are encrypted and a password recovery request was made, send mail to the admin of the given email address.
    256. 

  256.   } elseif (isset($_REQUEST["forgotpassword"])) {
    257. 

  257.   	  $adminId = $GLOBALS["admin_auth"]->adminIdForEmail($_REQUEST['forgotpassword']);
    258. 

  258.       if($adminId){
    259. 

  259.       	$msg = sendAdminPasswordToken($adminId);
    260. 

  260.       } else {
    261. 

  261.       	$msg = $GLOBALS['I18N']->get('Failed sending a change password token');
    262. 

  262.       }
    263. 

  263.       $page = "login";
    264. 

  264.   } elseif (!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) {
    265. 

  265.     #$msg = 'Not logged in';
    266. 

  266.     $page = "login";
    267. 

  267.   } elseif (CHECK_SESSIONIP && $_SESSION["adminloggedin"] && $_SESSION["adminloggedin"] != $_SERVER["REMOTE_ADDR"]) {
    268. 

  268.     logEvent(sprintf($GLOBALS['I18N']->get('login ip invalid from %s for %s (was %s)'),$_SERVER['REMOTE_ADDR'],$_SESSION["logindetails"]['adminname'],$_SESSION["adminloggedin"]));
    269. 

  269.     $msg = $GLOBALS['I18N']->get('Your IP address has changed. For security reasons, please login again');
    270. 

  270.     $_SESSION["adminloggedin"] = "";
    271. 

  271.     $_SESSION["logindetails"] = "";
    272. 

  272.     $page = "login";
    273. 

  273.   } elseif ($_SESSION["adminloggedin"] && $_SESSION["logindetails"]) {
    274. 

  274.     $validate = $GLOBALS["admin_auth"]->validateAccount($_SESSION["logindetails"]["id"]);
    275. 

  275.     if (!$validate[0]) {
    276. 

  276.       logEvent(sprintf($GLOBALS['I18N']->get('invalidated login from %s for %s (error %s)'),$_SERVER['REMOTE_ADDR'],$_SESSION["logindetails"]['adminname'],$validate[1]));
    277. 

  277.       $_SESSION["adminloggedin"] = "";
    278. 

  278.       $_SESSION["logindetails"] = "";
    279. 

  279.       $page = "login";
    280. 

  280.       $msg = $validate[1];
    281. 

  281.     }
    282. 

  282.   } else {
    283. 

  283.     $page = "login";
    284. 

  284.   }
    285. 

  285. }
    286. 

  286. if ($page == 'login') {
    287. 

  287.   unset($_GET['pi']);
    288. 

  288. }
    289. 

  289. 

  290. ##  force to login page, if an Ajax call is made without being logged in
    291. 

  291. if ($ajax && empty($_SESSION['adminloggedin'])) {
    292. 

  292.   $_SESSION['action_result'] = s('Your session timed out, please login again');
    293. 

  293.   print '<script type="text/javascript">top.location = "./?page=home";</script>';
    294. 

  294.   exit;
    295. 

  295. }
    296. 

  296. 

  297. if (LANGUAGE_SWITCH && empty($logoutontop) && !$ajax) {
    298. 

  298.     $languageswitcher = '
    299. 

  299.  <div id="languageswitcher">
    300. 

  300.        <form name="languageswitchform" method="post" action="">';
    301. 

  301.     $languageswitcher .= '
    302. 

  302.            <select name="setlanguage" onchange="document.languageswitchform.submit()">';
    303. 

  303.     $lancount = 0;
    304. 

  304.     foreach ($GLOBALS['LANGUAGES'] as $iso => $rec) {
    305. 

  305.     #  if (is_dir(dirname(__FILE__).'/locale/'.$iso)) {
    306. 

  306.         $languageswitcher .= sprintf('
    307. 

  307.                  <option value="%s" %s>%s</option>',$iso,$_SESSION['adminlanguage']['iso'] == $iso ? 'selected="selected"':'',$rec[0]);
    308. 

  308.         $lancount++;
    309. 

  309.     #  }
    310. 

  310.     }
    311. 

  311.     $languageswitcher .= '
    312. 

  312.             </select>
    313. 

  313.        </form>
    314. 

  314.  </div>';
    315. 

  315.     if ($lancount <= 1) {
    316. 

  316.       $languageswitcher = '';
    317. 

  317.     }
    318. 

  318. }
    319. 

  319. 

  320. require_once dirname(__FILE__).'/setpermissions.php';
    321. 

  321. $include = '';
    322. 

  322. 

  323. if ($page != '' && $page != 'install') {
    324. 

  324.   preg_match("/([\w_]+)/",$page,$regs);
    325. 

  325.   $include = $regs[1];
    326. 

  326.   $include .= ".php";
    327. 

  327.   $include = $page . ".php";
    328. 

  328. } else {
    329. 

  329.   $include = $GLOBALS['homepage'].".php";
    330. 

  330. }
    331. 

  331. $pageinfo = new pageInfo();
    332. 

  332. $pageinfo->fetchInfoContent($include);
    333. 

  333. 

  334. if (is_file('ui/'.$GLOBALS['ui']."/mainmenu.php")) {
    335. 

  335.   include 'ui/'.$GLOBALS['ui']."/mainmenu.php";
    336. 

  336. }  
    337. 

  337. if (!$ajax) {
    338. 

  338.   if (USE_MINIFIED_ASSETS && file_exists(dirname(__FILE__).'/ui/'.$GLOBALS['ui'].'/header_minified.inc')) {
    339. 

  339.     include 'ui/'.$GLOBALS['ui']."/header_minified.inc";
    340. 

  340.   } else {
    341. 

  341.     include 'ui/'.$GLOBALS['ui']."/header.inc";
    342. 

  342.   }
    343. 

  343. } 
    344. 

  344. 

  345. if (!$ajax) {
    346. 

  346.   print '<h4 class="pagetitle">'.mb_strtolower($page_title).'</h4>';
    347. 

  347. }
    348. 

  348. 

  349. if ($GLOBALS["require_login"] && $page != "login") {
    350. 

  350.   if ($page == 'logout') {
    351. 

  351.     $greeting = $GLOBALS['I18N']->get('goodbye');
    352. 

  352.   } else {
    353. 

  353.     $hr = date("G");
    354. 

  354.     if ($hr > 0 && $hr < 12) {
    355. 

  355.       $greeting = $GLOBALS['I18N']->get('good morning');
    356. 

  356.     } elseif ($hr <= 18) {
    357. 

  357.       $greeting = $GLOBALS['I18N']->get('good afternoon');
    358. 

  358.     } else {
    359. 

  359.       $greeting = $GLOBALS['I18N']->get('good evening');
    360. 

  360.     }
    361. 

  361.   }
    362. 

  362. 

  363.   if ($page != "logout" && empty($logoutontop) && !$ajax) {
    364. 

  364.   #  print '<div class="right">'.PageLink2("logout",$GLOBALS['I18N']->get('logout')).'</div>';
    365. 

  365.     if (!empty($_SESSION['firstinstall']) && $page != 'setup') {
    366. 

  366.       print '<div class="fright">'.PageLinkClass("setup",$GLOBALS['I18N']->get('Continue Configuration'),'','firstinstallbutton').'</div>';
    367. 

  367.     }
    368. 

  368.   }
    369. 

  369. }
    370. 

  370. 

  371. if (!$GLOBALS["commandline"]) {
    372. 

  372.   print '<noscript>';
    373. 

  373.    Info(s('phpList will work without Javascript, but it will be easier to use if you switch it on.'));
    374. 

  374.   print '</noscript>';
    375. 

  375. }
    376. 

  376. 

  377. if (!$ajax && $page != "login") {
    378. 

  378.   if (strpos(VERSION,"dev") && !TEST) {#
    379. 

  379.     if ($GLOBALS["developer_email"]) {
    380. 

  380.       Info("Running DEV version. All emails will be sent to ".$GLOBALS["developer_email"]);
    381. 

  381.     } else {
    382. 

  382.       Info("Running DEV version, but developer email is not set");
    383. 

  383.     }
    384. 

  384.   }
    385. 

  385.   if (TEST) {
    386. 

  386.     print Info($GLOBALS['I18N']->get('Running in testmode, no emails will be sent. Check your config file.'));
    387. 

  387.   }
    388. 

  388.   if (version_compare(PHP_VERSION, '5.1.2', '<') && WARN_ABOUT_PHP_SETTINGS) {
    389. 

  389.     Error($GLOBALS['I18N']->get('phpList requires PHP version 5.1.2 or higher'));
    390. 

  390.   }
    391. 

  391.   if (defined("ENABLE_RSS") && ENABLE_RSS && !function_exists("xml_parse") && WARN_ABOUT_PHP_SETTINGS)
    392. 

  392.     Warn($GLOBALS['I18N']->get('You are trying to use RSS, but XML is not included in your PHP'));
    393. 

  393. 

  394.   if (ALLOW_ATTACHMENTS && WARN_ABOUT_PHP_SETTINGS && (!is_dir($GLOBALS["attachment_repository"]) || !is_writable ($GLOBALS["attachment_repository"]))) {
    395. 

  395.     if (ini_get("open_basedir")) {
    396. 

  396.       Warn($GLOBALS['I18N']->get('open_basedir restrictions are in effect, which may be the cause of the next warning'));
    397. 

  397.     }
    398. 

  398.     Warn($GLOBALS['I18N']->get('The attachment repository does not exist or is not writable'));
    399. 

  399.   }
    400. 

  400. 

  401.   if (MANUALLY_PROCESS_QUEUE && isSuperUser() && empty($_GET['pi']) &&
    402. 

  402.     ## hmm, how many more pages to not show this?
    403. 

  403.     (!isset($_GET['page']) || 
    404. 

  404.     ($_GET['page'] != 'processqueue' && $_GET['page'] != 'messages' && $_GET['page'] != 'upgrade'))) {
    405. 

  405.       ## avoid error on uninitialised DB
    406. 

  406.       if (Sql_Table_exists($tables['message'])) {
    407. 

  407.         $queued_count = Sql_Fetch_Row_Query(sprintf('select count(id) from %s where status in ("submitted","inprocess") and embargo < now()',$tables['message']));
    408. 

  408.         if ($queued_count[0]) {
    409. 

  409.           $link = PageLinkButton('processqueue',s('Process the queue'));
    410. 

  410.           $link2 = PageLinkButton('messages&amp;tab=active',s('View the queue'));
    411. 

  411.           if ($link || $link2) {
    412. 

  412.             print Info(sprintf(s('You have %s message(s) waiting to be sent'),$queued_count[0]).'<br/>'.$link.' '.$link2);
    413. 

  413.           }
    414. 

  414.         }
    415. 

  415.     }
    416. 

  416.   }
    417. 

  417.   
    418. 

  418. }
    419. 

  419. 

  420. # always allow access to the about page
    421. 

  421. if (isset($_GET['page']) && $_GET['page'] == 'about') {
    422. 

  422.   $page = 'about';
    423. 

  423.   $include = 'about.php';
    424. 

  424. }
    425. 

  425. print $pageinfo->show();
    426. 

  426. 

  427. if (!empty($_GET['action']) && $_GET['page'] != 'pageaction') {
    428. 

  428.   $action = basename($_GET['action']);
    429. 

  429.   if (is_file(dirname(__FILE__).'/actions/'.$action.'.php')) {
    430. 

  430.     $status = '';
    431. 

  431.     ## the page action return the result in $status
    432. 

  432.     include dirname(__FILE__).'/actions/'.$action.'.php';
    433. 

  433.     print '<div id="actionresult">'.$status.'</div>';
    434. 

  434.   }
    435. 

  435. }
    436. 

  436. 

  437. /*
    438. 

  438. if (USEFCK) {
    439. 

  439.   $imgdir = getenv("DOCUMENT_ROOT").$GLOBALS["pageroot"].'/'.FCKIMAGES_DIR.'/';
    440. 

  440.   if (!is_dir($imgdir) || !is_writeable ($imgdir)) {
    441. 

  441.     Warn("The FCK image directory does not exist, or is not writable");
    442. 

  442.   }
    443. 

  443. }
    444. 

  444. */
    445. 

  445. 

  446. if (!empty($_COOKIE['browsetrail'])) {
    447. 

  447.   if (!isset($_SESSION['browsetrail']) || !is_array($_SESSION['browsetrail'])) {
    448. 

  448.     $_SESSION['browsetrail'] = array();
    449. 

  449.   }
    450. 

  450.   if (!in_array($_COOKIE['browsetrail'],$_SESSION['browsetrail'])) {
    451. 

  451.     $_SESSION['browsetrail'][] = $_COOKIE['browsetrail'];
    452. 

  452.   }
    453. 

  453. }
    454. 

  454. 

  455. if (defined("USE_PDF") && USE_PDF && !defined('FPDF_VERSION')) {
    456. 

  456.   Warn($GLOBALS['I18N']->get('You are trying to use PDF support without having FPDF loaded'));
    457. 

  457. }
    458. 

  458. 

  459. $this_doc = getenv("REQUEST_URI");
    460. 

  460. if (preg_match("#(.*?)/admin?$#i",$this_doc,$regs)) {
    461. 

  461.   $check_pageroot = $pageroot;
    462. 

  462.   $check_pageroot = preg_replace('#/$#','',$check_pageroot);
    463. 

  463.   if ($check_pageroot != $regs[1] && WARN_ABOUT_PHP_SETTINGS)
    464. 

  464.     Warn($GLOBALS['I18N']->get('The pageroot in your config does not match the current locationCheck your config file.'));
    465. 

  465. }
    466. 

  466. 

  467. clearstatcache();
    468. 

  468. if (checkAccess($page,"") || $page == 'about') {
    469. 

  469.   if (empty($_GET['pi']) && (is_file($include) || is_link($include))) {
    470. 

  470.     # check whether there is a language file to include
    471. 

  471.     if (is_file("lan/".$_SESSION['adminlanguage']['iso']."/".$include)) {
    472. 

  472.       include "lan/".$_SESSION['adminlanguage']['iso']."/".$include;
    473. 

  473.     }
    474. 

  474.     if (is_file('ui/'.$GLOBALS['ui'].'/pages/'.$include)) {
    475. 

  475.       $include = 'ui/'.$GLOBALS['ui'].'/pages/'.$include;
    476. 

  476.     }
    477. 

  477.   #  print "Including $include<br/>";
    478. 

  478. 

  479.     # hmm, pre-parsing and capturing the error would be nice
    480. 

  480.     #$parses_ok = eval(@file_get_contents($include));
    481. 

  481.     $parses_ok = 1;
    482. 

  482. 

  483.     if (!$parses_ok) {
    484. 

  484.       print Error("cannot parse $include");
    485. 

  485.       print '<p class="error">Sorry, an error occurred. This is a bug. Please <a href="http://mantis.phplist.com">report the bug to the Bug Tracker</a><br/>Sorry for the inconvenience</a></p>';
    486. 

  486.     } else {
    487. 

  487.       if (!empty($_SESSION['action_result'])) {
    488. 

  488.         print '<div class="actionresult">'.$_SESSION['action_result'].'</div>';
    489. 

  489. #        print '<script>alert("'.$_SESSION['action_result'].'")</script>';
    490. 

  490.         unset($_SESSION['action_result']);
    491. 

  491.       }
    492. 

  492. 

  493.       if ($GLOBALS['commandline']) {
    494. 

  494.         @ob_end_clean();
    495. 

  495.         @ob_start();
    496. 

  496.       }
    497. 

  497.       if (isset($GLOBALS['developer_email'])) {
    498. 

  498.         include $include;
    499. 

  499.       } else {
    500. 

  500.         @include $include;
    501. 

  501.       }
    502. 

  502.     }
    503. 

  503.   #  print "End of inclusion<br/>";
    504. 

  504.   } elseif (!empty($_GET['pi']) && isset($GLOBALS['plugins']) && is_array($GLOBALS['plugins']) && isset($GLOBALS['plugins'][$_GET['pi']]) && is_object($GLOBALS['plugins'][$_GET['pi']])) {
    505. 

  505.     $plugin = $GLOBALS["plugins"][$_GET["pi"]];
    506. 

  506.     $menu = $plugin->adminmenu(); 
    507. 

  507.     if (is_file($plugin->coderoot . $include)) {
    508. 

  508.       include ($plugin->coderoot . $include);
    509. 

  509.     } elseif ($include == 'main.php' || $_GET['page'] == 'home') {
    510. 

  510.       print '<h3>'.$plugin->name.'</h3><ul>';
    511. 

  511.       foreach ($menu as $page => $desc) {
    512. 

  512.         print '<li>'.PageLink2($page,$desc).'</li>';
    513. 

  513.       }
    514. 

  514.       print '</ul>';
    515. 

  515.     } elseif ($page != 'login') {
    516. 

  516.       print '<br/>'."$page -&gt; ".$I18N->get('Sorry this page was not found in the plugin').'<br/>';#.' '.$plugin->coderoot.$include.'<br/>';
    517. 

  517.       #print $plugin->coderoot . "$include";
    518. 

  518.     }
    519. 

  519.   } else {
    520. 

  520.     if ($GLOBALS["commandline"]) {
    521. 

  521.       clineError(s('Sorry, that module does not exist'));
    522. 

  522.       exit;
    523. 

  523.     }
    524. 

  524.     if (is_file('ui/'.$GLOBALS['ui'].'/pages/'.$include)) {
    525. 

  525.       include ('ui/'.$GLOBALS['ui'].'/pages/'.$include);
    526. 

  526.     } else {
    527. 

  527.       print "$page -&gt; ".$GLOBALS['I18N']->get('Sorry, not implemented yet');
    528. 

  528.     }
    529. 

  529.   }
    530. 

  530. } else {
    531. 

  531.   Error($GLOBALS['I18N']->get('Access Denied'));
    532. 

  532. }
    533. 

  533. 

  534. # some debugging stuff
    535. 

  535. $now =  gettimeofday();
    536. 

  536. $finished = $now["sec"] * 1000000 + $now["usec"];
    537. 

  537. $elapsed = $finished - $GLOBALS["pagestats"]["time_start"];
    538. 

  538. $elapsed = ($elapsed / 1000000);
    539. 

  539. 

  540. print "\n\n".'<!--';
    541. 

  541. if (!empty($GLOBALS['developer_email'])) {
    542. 

  542.   print '<br clear="all" />';
    543. 

  543.   print $GLOBALS["pagestats"]["number_of_queries"]." db queries in $elapsed seconds";
    544. 

  544.   if (function_exists('memory_get_peak_usage')) {
    545. 

  545.     $memory_usage = 'Peak: ' .memory_get_peak_usage();
    546. 

  546.   } elseif (function_exists("memory_get_usage")) {
    547. 

  547.     $memory_usage = memory_get_usage();
    548. 

  548.   } else {
    549. 

  549.     $memory_usage = 'Cannot determine with this PHP version';
    550. 

  550.   }
    551. 

  551.   print '<br/>Memory usage: '.$memory_usage;
    552. 

  552. }  
    553. 

  553. 

  554. if (isset($GLOBALS["statslog"])) {
    555. 

  555.   if ($fp = @fopen($GLOBALS["statslog"],"a")) {
    556. 

  556.     @fwrite($fp,$GLOBALS["pagestats"]["number_of_queries"]."\t$elapsed\t".$_SERVER['REQUEST_URI']."\t".$GLOBALS['installation_name']."\n");
    557. 

  557.   }
    558. 

  558. }
    559. 

  559.   print '-->';
    560. 

  560. 

  561. if ($ajax || !empty($GLOBALS["commandline"])) {
    562. 

  562.   @ob_clean();
    563. 

  563.   exit;
    564. 

  564. } elseif (!isset($_GET["omitall"])) {
    565. 

  565.   if (!$GLOBALS['compression_used']) {
    566. 

  566.     @ob_end_flush();
    567. 

  567.   }
    568. 

  568. 

  569.   if (USE_MINIFIED_ASSETS && file_exists(dirname(__FILE__).'/ui/'.$GLOBALS['ui'].'/footer_minified.inc')) {
    570. 

  570.     include_once 'ui/'.$GLOBALS['ui']."/footer_minified.inc";
    571. 

  571.   } else {
    572. 

  572.     include_once 'ui/'.$GLOBALS['ui']."/footer.inc";
    573. 

  573.   }
    574. 

  574. }
    575. 

  575. if (isset($GLOBALS['pagefooter'])) {
    576. 

  576.   foreach ($GLOBALS['pagefooter'] as $sFooterItem => $sHtml ) {
    577. 

  577.     print '<!--'.$sFooterItem.'-->'.$sHtml;
    578. 

  578.     
    579. 

  579.     print "\n";
    580. 

  580.   }
    581. 

  581. } 
    582. 

  582. print '</body></html>';
    583. 

  583. 

  584. function parseCline() {
    585. 

  585.   $res = array();
    586. 

  586.   $cur = "";
    587. 

  587.   foreach ($GLOBALS["argv"] as $clinearg) {
    588. 

  588.     if (substr($clinearg,0,1) == "-") {
    589. 

  589.       $par = substr($clinearg,1,1);
    590. 

  590.       $clinearg = substr($clinearg,2,strlen($clinearg));
    591. 

  591.      # $res[$par] = "";
    592. 

  592.       $cur = mb_strtolower($par);
    593. 

  593.       $res[$cur] .= $clinearg;
    594. 

  594.      } elseif ($cur) {
    595. 

  595.       if ($res[$cur])
    596. 

  596.         $res[$cur] .= ' '.$clinearg;
    597. 

  597.       else
    598. 

  598.         $res[$cur] .= $clinearg;
    599. 

  599.     }
    600. 

  600.   }
    601. 

  601. /*  ob_end_clean();
    602. 

  602.   foreach ($res as $key => $val) {
    603. 

  603.     print "$key = $val\n";
    604. 

  604.   }
    605. 

  605.   ob_start();*/
    606. 

  606.   return $res;
    607. 

  607. }
    608. 

  608. 

  609.