PageRenderTime 44ms CodeModel.GetById 15ms RepoModel.GetById 1ms app.codeStats 0ms

/e107_admin/admin.php

https://github.com/CasperGemini/e107
PHP | 356 lines | 232 code | 96 blank | 28 comment | 66 complexity | 2973da93cce00b8a85ffd5fc28185950 MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. <?php
    2. 

  2. /*
    3. 

  3.  * e107 website system
    4. 

  4.  *
    5. 

  5.  * Copyright (C) 2008-2009 e107 Inc (e107.org)
    6. 

  6.  * Released under the terms and conditions of the
    7. 

  7.  * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
    8. 

  8.  *
    9. 

  9.  *
    10. 

  10.  *
    11. 

  11.  * $Source: /cvs_backup/e107_0.8/e107_admin/admin.php,v $
    12. 

  12.  * $Revision$
    13. 

  13.  * $Date$
    14. 

  14.  * $Author$
    15. 

  15.  */
    16. 

  16. 

  17. require_once('../class2.php');
    18. 

  18. include_once(e107::coreTemplatePath('admin_icons')); // Needs to be loaded before infopanel AND in boot.php 
    19. 

  19. 

  20. if(vartrue($_GET['iframe']) == 1)
    21. 

  21. {
    22. 

  22. 	define('e_IFRAME', true);
    23. 

  23. }
    24. 

  24. 

  25. $e_sub_cat = 'main';
    26. 

  26. 

  27. if (varset($pref['adminstyle'])=='cascade' || varset($pref['adminstyle'])=='beginner') // Deprecated Admin-include. 
    28. 

  28. {
    29. 

  29.     $pref['adminstyle'] = 'infopanel'; 
    30. 

  30. }
    31. 

  31. 

  32. if(strpos($pref['adminstyle'], 'infopanel') === 0)
    33. 

  33. {
    34. 

  34. 	require_once(e_ADMIN.'includes/'.$pref['adminstyle'].'.php');
    35. 

  35. 	$_class = 'adminstyle_'.$pref['adminstyle'];
    36. 

  36. 	if(class_exists($_class, false))
    37. 

  37. 	{
    38. 

  38. 		$adp = new $_class;	
    39. 

  39. 	}
    40. 

  40. 	else $adp = new adminstyle_infopanel;	
    41. 

  41. }
    42. 

  42. 

  43. 

  44. 

  45. 

  46. require_once(e_ADMIN.'boot.php');
    47. 

  47. require_once(e_ADMIN.'auth.php');
    48. 

  48. require_once(e_HANDLER.'upload_handler.php');
    49. 

  49. 

  50. 

  51. new admin_start;
    52. 

  52. 

  53. 

  54. $mes = e107::getMessage();
    55. 

  55. 

  56. if (!isset($pref['adminstyle'])) $pref['adminstyle'] = 'infopanel';		// Shouldn't be needed - but just in case
    57. 

  57. 

  58. 

  59. 

  60. 

  61. 

  62. class admin_start
    63. 

  63. {
    64. 

  64. 	
    65. 

  65. 	private $incompat = array(
    66. 

  66. 			'banhelper'		=> 1.7,
    67. 

  67. 			'slir_admin'	=> 1.0,
    68. 

  68. 			'facebook_like'	=> 0.7,
    69. 

  69. 			'unanswered'	=> 1.4,
    70. 

  70. 			'lightwindow'	=> '1.0b',
    71. 

  71. 			'aa_jquery'		=> 1.2,
    72. 

  72. 			'who'			=> 1.0,
    73. 

  73. 			'ratings'		=> 4.2,
    74. 

  74. 			'e107slider'	=> 0.1
    75. 

  75. 	);
    76. 

  76. 

  77. 

  78. 	private $allowed_types = null;
    79. 

  79. 

  80. 	
    81. 

  81. 	
    82. 

  82. 	
    83. 

  83. 	function __construct()
    84. 

  84. 	{
    85. 

  85. 		$this->checkWritable();
    86. 

  86. 		$this->checkHtmlarea();	
    87. 

  87. 		$this->checkIncompatiblePlugins();
    88. 

  88. 		$this->checkFileTypes();
    89. 

  89. 		$this->checkSuspiciousFiles();
    90. 

  90. 		
    91. 

  91. 	}	
    92. 

  92. 

  93. 

  94. 	function checkWritable()
    95. 

  95. 	{
    96. 

  96. 		$mes = e107::getMessage();
    97. 

  97. 		
    98. 

  98. 		if(deftrue('e_MEDIA') && is_dir(e_MEDIA) && !is_writable(e_MEDIA))
    99. 

  99. 		{
    100. 

  100. 			$mes->addWarning("The folder ".e_MEDIA." is not writable. Please correct before proceeding.");			
    101. 

  101. 		}	
    102. 

  102. 		
    103. 

  103. 		if(deftrue('e_SYSTEM') && is_dir(e_SYSTEM) && !is_writable(e_SYSTEM))
    104. 

  104. 		{
    105. 

  105. 			$mes->addWarning("The folder ".e_SYSTEM." is not writable. Please correct before proceeding.");			
    106. 

  106. 		}			
    107. 

  107. 		
    108. 

  108. 	}
    109. 

  109. 

  110. 

  111. 	
    112. 

  112. 	
    113. 

  113. 	function checkHtmlarea()
    114. 

  114. 	{
    115. 

  115. 		$mes = e107::getMessage();
    116. 

  116. 		if (is_dir(e_ADMIN.'htmlarea') || is_dir(e_HANDLER.'htmlarea'))
    117. 

  117. 		{
    118. 

  118. 			$mes->addWarning($HANDLERS_DIRECTORY."htmlarea/<br />".$ADMIN_DIRECTORY."htmlarea/");
    119. 

  119. 		}	
    120. 

  120. 	}		
    121. 

  121. 	
    122. 

  122. 

  123. 

  124. 	function checkIncompatiblePlugins()
    125. 

  125. 	{
    126. 

  126. 		$mes = e107::getMessage();
    127. 

  127. 		
    128. 

  128. 		$installedPlugs = e107::getPref('plug_installed');
    129. 

  129. 	
    130. 

  130. 		$inCompatText = "";
    131. 

  131. 		$incompatFolders = array_keys($this->incompat);
    132. 

  132. 		
    133. 

  133. 		foreach($this->incompat as $folder => $version)
    134. 

  134. 		{
    135. 

  135. 			if(vartrue($installedPlugs[$folder]) && $version == $installedPlugs[$folder])
    136. 

  136. 			{
    137. 

  137. 				$inCompatText .= "<li>".$folder." v".$installedPlugs[$folder]."</li>";				
    138. 

  138. 			}	
    139. 

  139. 		}
    140. 

  140. 		
    141. 

  141. 		if($inCompatText)
    142. 

  142. 		{
    143. 

  143. 			$text = "<ul>".$inCompatText."</ul>";
    144. 

  144. 			$mes->addWarning("The following plugins are not compatible with this version of e107 and should be uninstalled: ".$text."<a class='btn' href='".e_ADMIN."plugin.php'>uninstall</a>");	
    145. 

  145. 		}	
    146. 

  146. 		
    147. 

  147. 	}
    148. 

  148. 

  149. 	
    150. 

  150. 	function checkFileTypes()
    151. 

  151. 	{
    152. 

  152. 		$mes = e107::getMessage();
    153. 

  153. 		
    154. 

  154. 		$this->allowed_types = get_filetypes();			// Get allowed types according to filetypes.xml or filetypes.php
    155. 

  155. 		if (count($this->allowed_types) == 0)
    156. 

  156. 		{
    157. 

  157. 			$this->allowed_types = array('zip' => 1, 'gz' => 1, 'jpg' => 1, 'png' => 1, 'gif' => 1);
    158. 

  158. 			$mes->addInfo("Setting default filetypes: ".implode(', ',array_keys($this->allowed_types)));
    159. 

  159. 		
    160. 

  160. 		}	
    161. 

  161. 	}
    162. 

  162. 	
    163. 

  163. 

  164. 

  165. 	function checkSuspiciousFiles()
    166. 

  166. 	{
    167. 

  167. 		$mes = e107::getMessage();
    168. 

  168. 		$public = array(e_UPLOAD, e_AVATAR_UPLOAD);
    169. 

  169. 		$exceptions = array(".","..","/","CVS","avatars","Thumbs.db",".ftpquota",".htaccess","php.ini",".cvsignore",'e107.htaccess');
    170. 

  170. 		
    171. 

  171. 		//TODO use $file-class to grab list and perform this check. 
    172. 

  172. 		foreach ($public as $dir)
    173. 

  173. 		{
    174. 

  174. 			if (is_dir($dir))
    175. 

  175. 			{
    176. 

  176. 				if ($dh = opendir($dir))
    177. 

  177. 				{
    178. 

  178. 					while (($file = readdir($dh)) !== false)
    179. 

  179. 					{
    180. 

  180. 						if (is_dir($dir."/".$file) == FALSE && !in_array($file,$exceptions))
    181. 

  181. 						{
    182. 

  182. 							$fext = substr(strrchr($file, "."), 1);
    183. 

  183. 							if (!array_key_exists(strtolower($fext),$this->allowed_types) )
    184. 

  184. 							{
    185. 

  185. 								if ($file == 'index.html' || $file == "null.txt")
    186. 

  186. 								{
    187. 

  187. 									if (filesize($dir.'/'.$file))
    188. 

  188. 									{
    189. 

  189. 										$potential[] = str_replace('../', '', $dir).'/'.$file;
    190. 

  190. 									}
    191. 

  191. 								}
    192. 

  192. 								else
    193. 

  193. 								{
    194. 

  194. 									$potential[] = str_replace('../', '', $dir).'/'.$file;
    195. 

  195. 								}
    196. 

  196. 							}
    197. 

  197. 						}
    198. 

  198. 					}
    199. 

  199. 					closedir($dh);
    200. 

  200. 				}
    201. 

  201. 			}
    202. 

  202. 		}
    203. 

  203. 		
    204. 

  204. 		if (isset($potential))
    205. 

  205. 		{
    206. 

  206. 			//$text = ADLAN_ERR_3."<br /><br />";
    207. 

  207. 			$mes->addWarning(ADLAN_ERR_3);
    208. 

  208. 			$text = '<ul>';
    209. 

  209. 			foreach ($potential as $p_file)
    210. 

  210. 			{
    211. 

  211. 				$text .= '<li>'.$p_file.'</li>';
    212. 

  212. 			}
    213. 

  213. 			$mes->addWarning($text);
    214. 

  214. 			//$ns -> tablerender(ADLAN_ERR_1, $text);
    215. 

  215. 		}	
    216. 

  216. 		
    217. 

  217. 		
    218. 

  218. 		
    219. 

  219. 		
    220. 

  220. 	}
    221. 

  221. 

  222. 

  223. 

  224. 	
    225. 

  225. }
    226. 

  226. 

  227. 

  228. 

  229. // ---------------------------------------------------------
    230. 

  230. 

  231. 

  232. // auto db update
    233. 

  233. if ('0' == ADMINPERMS)
    234. 

  234. {
    235. 

  235. 	$sc = e107::getScBatch('admin');
    236. 

  236. 	echo $tp->parseTemplate('{ADMIN_COREUPDATE=alert}',true, $sc);
    237. 

  237. 	
    238. 

  238. 	require_once(e_ADMIN.'update_routines.php');
    239. 

  239. 	update_check();
    240. 

  240. }
    241. 

  241. 

  242. 

  243. 

  244. // end auto db update
    245. 

  245. 

  246. /*
    247. 

  247. if (e_QUERY == 'purge' && getperms('0'))
    248. 

  248. {
    249. 

  249. 	$admin_log->purge_log_events(false);
    250. 

  250. }
    251. 

  251. */
    252. 

  252. 

  253. $td = 1;
    254. 

  254. 

  255. 

  256. // DEPRECATED 
    257. 

  257. function render_links($link, $title, $description, $perms, $icon = FALSE, $mode = FALSE)
    258. 

  258. {
    259. 

  259. 	return e107::getNav()->renderAdminButton($link, $title, $description, $perms, $icon, $mode);
    260. 

  260. }
    261. 

  261. 

  262. 

  263. function render_clean() // still used by classis, tabbed etc. 
    264. 

  264. {
    265. 

  265. 	global $td;
    266. 

  266. 	$text = "";
    267. 

  267. 	while ($td <= ADLINK_COLS)
    268. 

  268. 	{
    269. 

  269. 		$text .= "<td class='td' style='width:20%;'></td>";
    270. 

  270. 		$td++;
    271. 

  271. 	}
    272. 

  272. 	$text .= "</tr>";
    273. 

  273. 	$td = 1;
    274. 

  274. 	return $text;
    275. 

  275. }
    276. 

  276. 

  277. 

  278. 

  279. if(is_object($adp))
    280. 

  280. {
    281. 

  281. 	$adp->render();	
    282. 

  282. }
    283. 

  283. else
    284. 

  284. {
    285. 

  285. 	require_once(e_ADMIN.'includes/'.$pref['adminstyle'].'.php');	
    286. 

  286. }
    287. 

  287. 

  288. 

  289. 

  290. function admin_info()
    291. 

  291. {
    292. 

  292. 	global $tp;
    293. 

  293. 

  294. 	$width = (getperms('0')) ? "33%" : "50%";
    295. 

  295. 

  296. 	$ADMIN_INFO_TEMPLATE = "
    297. 

  297. 	<div style='text-align:center'>
    298. 

  298. 		<table style='width: 100%; border-collapse:collapse; border-spacing:0px;'>
    299. 

  299. 		<tr>
    300. 

  300. 			<td style='width: ".$width."; vertical-align: top'>
    301. 

  301. 			{ADMIN_STATUS}
    302. 

  302. 			</td>
    303. 

  303. 			<td style='width:".$width."; vertical-align: top'>
    304. 

  304. 			{ADMIN_LATEST}
    305. 

  305. 			</td>";
    306. 

    307. 

  307.     	if(getperms('0'))
    308. 

  308. 		{
    309. 

  309. 			$ADMIN_INFO_TEMPLATE .= "
    310. 

  310. 			<td style='width:".$width."; vertical-align: top'>{ADMIN_LOG}</td>";
    311. 

  311.     	}
    312. 

  312. 

  313.    	$ADMIN_INFO_TEMPLATE .= "
    314. 

  314. 		</tr></table></div>";
    315. 

    316. 

  316. 	return $tp->parseTemplate($ADMIN_INFO_TEMPLATE);
    317. 

  317. }
    318. 

  318. 

  319. function status_request()
    320. 

  320. {
    321. 

  321. 	global $pref;
    322. 

  322. 	if ($pref['adminstyle'] == 'classis' || $pref['adminstyle'] == 'cascade' || $pref['adminstyle'] == 'beginner' || $pref['adminstyle'] == 'tabbed') {
    323. 

  323. 		return TRUE;
    324. 

  324. 	} else {
    325. 

  325. 		return FALSE;
    326. 

  326. 	}
    327. 

  327. }
    328. 

  328. 

  329. 

  330. function latest_request()
    331. 

  331. {
    332. 

  332. 	global $pref;
    333. 

  333. 	if ($pref['adminstyle'] == 'classis' || $pref['adminstyle'] == 'cascade' || $pref['adminstyle'] == 'beginner' || $pref['adminstyle'] == 'tabbed') {
    334. 

  334. 		return TRUE;
    335. 

  335. 	} else {
    336. 

  336. 		return FALSE;
    337. 

  337. 	}
    338. 

  338. }
    339. 

  339. 

  340. function log_request()
    341. 

  341. {
    342. 

  342. 	global $pref;
    343. 

  343. 	if ($pref['adminstyle'] == 'classis' || $pref['adminstyle'] == 'cascade'|| $pref['adminstyle'] == 'beginner' || $pref['adminstyle'] == 'tabbed') {
    344. 

  344. 		return TRUE;
    345. 

  345. 	} else {
    346. 

  346. 		return FALSE;
    347. 

  347. 	}
    348. 

  348. }
    349. 

  349. 

  350. // getPlugLinks() - moved to sitelinks_class.php : pluginLinks();
    351. 

  351. 

  352. 

  353. 

  354. require_once("footer.php");
    355. 

  355. 

  356. ?>
    357.