PageRenderTime 52ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/phpmyfaq/admin/index.php

https://github.com/NHLH-ITM/phpMyFAQ-kindeditor
PHP | 355 lines | 227 code | 29 blank | 99 comment | 52 complexity | 56bcdbdc43d6fd7c988d76ef940f6253 MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception, LGPL-2.1, LGPL-3.0
  1. <?php
  2. /**
  3. * The main admin backend index file
  4. *
  5. * PHP Version 5.4
  6. *
  7. * This Source Code Form is subject to the terms of the Mozilla Public License,
  8. * v. 2.0. If a copy of the MPL was not distributed with this file, You can
  9. * obtain one at http://mozilla.org/MPL/2.0/.
  10. *
  11. * @category phpMyFAQ
  12. * @package Administraion
  13. * @author Thorsten Rinne <thorsten@phpmyfaq.de>
  14. * @author Bastian Poettner <bastian@poettner.net>
  15. * @author Meikel Katzengreis <meikel@katzengreis.com>
  16. * @author Minoru TODA <todam@netjapan.co.jp>
  17. * @author Matteo Scaramuccia <matteo@phpmyfaq.de>
  18. * @copyright 2002-2014 phpMyFAQ Team
  19. * @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
  20. * @link http://www.phpmyfaq.de
  21. * @since 2002-09-16
  22. */
  23. use Symfony\Component\HttpFoundation\RedirectResponse;
  24. define('PMF_ROOT_DIR', dirname(__DIR__));
  25. //
  26. // Check if config/database.php exist -> if not, redirect to installer
  27. //
  28. if (!file_exists(PMF_ROOT_DIR . '/config/database.php')) {
  29. RedirectResponse::create(str_replace('admin/index.php', '', $_SERVER['SCRIPT_NAME']).'setup/index.php')
  30. ->send();
  31. exit;
  32. }
  33. //
  34. // Define the named constant used as a check by any included PHP file
  35. //
  36. define('IS_VALID_PHPMYFAQ', null);
  37. //
  38. // Bootstrapping
  39. //
  40. require PMF_ROOT_DIR . '/inc/Bootstrap.php';
  41. // get language (default: english)
  42. $Language = new PMF_Language($faqConfig);
  43. $LANGCODE = $Language->setLanguage($faqConfig->get('main.languageDetection'), $faqConfig->get('main.language'));
  44. // Preload English strings
  45. require (PMF_ROOT_DIR.'/lang/language_en.php');
  46. $faqConfig->setLanguage($Language);
  47. if (isset($LANGCODE) && PMF_Language::isASupportedLanguage($LANGCODE)) {
  48. // Overwrite English strings with the ones we have in the current language
  49. if (! file_exists(PMF_ROOT_DIR . '/lang/language_' . $LANGCODE . '.php')) {
  50. $LANGCODE = 'en';
  51. }
  52. require PMF_ROOT_DIR . '/lang/language_' . $LANGCODE . '.php';
  53. } else {
  54. $LANGCODE = 'en';
  55. }
  56. //
  57. // Initalizing static string wrapper
  58. //
  59. PMF_String::init($LANGCODE);
  60. //
  61. // Set actual template set name
  62. //
  63. PMF_Template::setTplSetName($faqConfig->get('main.templateSet'));
  64. //
  65. // Initialize attachment factory
  66. //
  67. PMF_Attachment_Factory::init(
  68. $faqConfig->get('records.attachmentsStorageType'),
  69. $faqConfig->get('records.defaultAttachmentEncKey'),
  70. $faqConfig->get('records.enableAttachmentEncryption')
  71. );
  72. //
  73. // Create a new phpMyFAQ system object
  74. //
  75. $faqSystem = new PMF_System();
  76. //
  77. // Create a new FAQ object
  78. //
  79. $faq = new PMF_Faq($faqConfig);
  80. //
  81. // use mbstring extension if available and when possible
  82. //
  83. $validMbStrings = array('ja', 'en', 'uni');
  84. $mbLanguage = ($PMF_LANG['metaLanguage'] != 'ja') ? 'uni' : $PMF_LANG['metaLanguage'];
  85. if (function_exists('mb_language') && in_array($mbLanguage, $validMbStrings)) {
  86. mb_language($mbLanguage);
  87. mb_internal_encoding('utf-8');
  88. }
  89. //
  90. // Get user action
  91. //
  92. $action = PMF_Filter::filterInput(INPUT_GET, 'action', FILTER_SANITIZE_STRING);
  93. if (is_null($action)) {
  94. $action = PMF_Filter::filterInput(INPUT_POST, 'action', FILTER_SANITIZE_STRING);
  95. }
  96. // authenticate current user
  97. $auth = null;
  98. $error = '';
  99. $faqusername = PMF_Filter::filterInput(INPUT_POST, 'faqusername', FILTER_SANITIZE_STRING);
  100. $faqpassword = PMF_Filter::filterInput(INPUT_POST, 'faqpassword', FILTER_SANITIZE_STRING);
  101. $faqremember = PMF_Filter::filterInput(INPUT_POST, 'faqrememberme', FILTER_SANITIZE_STRING);
  102. // Set username via SSO
  103. if ($faqConfig->get('security.ssoSupport') && isset($_SERVER['REMOTE_USER'])) {
  104. $faqusername = trim($_SERVER['REMOTE_USER']);
  105. $faqpassword = '';
  106. }
  107. // Login via local DB or LDAP or SSO
  108. if (!is_null($faqusername) && !is_null($faqpassword)) {
  109. $user = new PMF_User_CurrentUser($faqConfig);
  110. if (!is_null($faqremember) && 'rememberMe' === $faqremember) {
  111. $user->enableRememberMe();
  112. }
  113. if ($faqConfig->get('security.ldapSupport') && function_exists('ldap_connect')) {
  114. $authLdap = new PMF_Auth_Ldap($faqConfig);
  115. $user->addAuth($authLdap, 'ldap');
  116. }
  117. if ($faqConfig->get('security.ssoSupport')) {
  118. $authSso = new PMF_Auth_Sso($faqConfig);
  119. $user->addAuth($authSso, 'sso');
  120. }
  121. if ($user->login($faqusername, $faqpassword)) {
  122. // login, if user account is NOT blocked
  123. if ($user->getStatus() != 'blocked') {
  124. $auth = true;
  125. } else {
  126. $error = $PMF_LANG['ad_auth_fail'];
  127. }
  128. } else {
  129. // error
  130. $logging = new PMF_Logging($faqConfig);
  131. $logging->logAdmin($user, 'Loginerror\nLogin: '.$faqusername.'\nErrors: ' . implode(', ', $user->errors));
  132. $error = $PMF_LANG['ad_auth_fail'];
  133. }
  134. } else {
  135. // Try to authenticate with cookie information
  136. $user = PMF_User_CurrentUser::getFromCookie($faqConfig);
  137. // authenticate with session information
  138. if (! $user instanceof PMF_User_CurrentUser) {
  139. $user = PMF_User_CurrentUser::getFromSession($faqConfig);
  140. }
  141. if ($user instanceof PMF_User_CurrentUser) {
  142. $auth = true;
  143. } else {
  144. $user = new PMF_User_CurrentUser($faqConfig);
  145. }
  146. }
  147. // logout
  148. if ($action == 'logout' && $auth) {
  149. $user->deleteFromSession(true);
  150. $auth = null;
  151. $ssoLogout = $faqConfig->get('security.ssoLogoutRedirect');
  152. if ($faqConfig->get('security.ssoSupport') && !empty ($ssoLogout)) {
  153. header ("Location: $ssoLogout");
  154. }
  155. }
  156. //
  157. // Get current admin user and group id - default: -1
  158. //
  159. if (isset($user) && is_object($user)) {
  160. $currentAdminUser = $user->getUserId();
  161. if ($user->perm instanceof PMF_Perm_Medium) {
  162. $currentAdminGroups = $user->perm->getUserGroups($currentAdminUser);
  163. } else {
  164. $currentAdminGroups = array(-1);
  165. }
  166. if (0 === count($currentAdminGroups)) {
  167. $currentAdminGroups = array(-1);
  168. }
  169. }
  170. //
  171. // Get action from _GET and _POST first
  172. $_ajax = PMF_Filter::filterInput(INPUT_GET, 'ajax', FILTER_SANITIZE_STRING);
  173. if (is_null($_ajax)) {
  174. $_ajax = PMF_Filter::filterInput(INPUT_POST, 'ajax', FILTER_SANITIZE_STRING);
  175. }
  176. // if performing AJAX operation, needs to branch before header.php
  177. if (isset($auth) && count($user->perm->getAllUserRights($user->getUserId())) > 0) {
  178. if (isset($action) && isset($_ajax)) {
  179. if ($action == 'ajax') {
  180. switch ($_ajax) {
  181. // Attachments
  182. case 'att': require 'ajax.attachment.php'; break;
  183. // Link verification
  184. case 'verifyURL': require 'ajax.verifyurl.php'; break;
  185. case 'onDemandURL': require 'ajax.ondemandurl.php'; break;
  186. // Categories
  187. case 'categories': require 'ajax.category.php'; break;
  188. // Configuration management
  189. case 'config_list': require 'ajax.config_list.php'; break;
  190. case 'config': require 'ajax.config.php'; break;
  191. // Tags management
  192. case 'tags_list': require 'ajax.tags_list.php'; break;
  193. // Comments
  194. case 'comment': require 'ajax.comment.php'; break;
  195. // Records
  196. case 'records': require 'ajax.records.php'; break;
  197. case 'recordSave': require 'record.save.php'; break;
  198. case 'recordAdd': require 'record.add.php'; break;
  199. case 'autosave': require 'ajax.autosave.php'; break;
  200. // Search
  201. case 'search': require 'ajax.search.php'; break;
  202. // Users
  203. case 'user': require 'ajax.user.php'; break;
  204. // Groups
  205. case 'group': require 'ajax.group.php'; break;
  206. // Interface translation
  207. case 'trans': require 'ajax.trans.php'; break;
  208. }
  209. exit();
  210. }
  211. }
  212. }
  213. // are we running a PMF export file request?
  214. switch($action) {
  215. case 'exportfile':
  216. require 'export.file.php';
  217. exit();
  218. break;
  219. case 'reportexport':
  220. require 'report.export.php';
  221. exit();
  222. break;
  223. }
  224. //Initializing Twig
  225. $twig = new Twig_Environment(
  226. new Twig_Loader_Filesystem(PMF_ROOT_DIR . '/admin/assets/twig')
  227. );
  228. // Header of the admin page including the navigation
  229. require 'header.php';
  230. // User is authenticated
  231. if (isset($auth) && count($user->perm->getAllUserRights($user->getUserId())) > 0) {
  232. if (!is_null($action)) {
  233. // the various sections of the admin area
  234. switch ($action) {
  235. // functions for user administration
  236. case 'user': require 'user.php'; break;
  237. case 'group': require 'group.php'; break;
  238. // functions for record administration
  239. case 'viewinactive':
  240. case 'viewactive':
  241. case 'view': require 'record.show.php'; break;
  242. case 'searchfaqs': require 'record.search.php'; break;
  243. case "takequestion":
  244. case "editentry":
  245. case 'copyentry':
  246. case "editpreview": require 'record.edit.php'; break;
  247. case "insertentry": require 'record.add.php'; break;
  248. case "saveentry": require 'record.save.php'; break;
  249. case "delatt": require 'record.delatt.php'; break;
  250. case "question": require 'record.questions.php'; break;
  251. case 'comments': require 'record.comments.php'; break;
  252. // news administraion
  253. case 'news':
  254. case 'addnews':
  255. case 'editnews':
  256. case 'savenews':
  257. case 'updatenews':
  258. case 'deletenews': require 'news.php'; break;
  259. // category administration
  260. case 'content':
  261. case 'category':
  262. case 'savecategory':
  263. case 'updatecategory':
  264. case 'removecategory':
  265. case 'changecategory':
  266. case 'pastecategory': require 'category.main.php'; break;
  267. case "addcategory": require 'category.add.php'; break;
  268. case "editcategory": require 'category.edit.php'; break;
  269. case "translatecategory": require 'category.translate.php'; break;
  270. case "deletecategory": require 'category.delete.php'; break;
  271. case "cutcategory": require 'category.cut.php'; break;
  272. case "movecategory": require 'category.move.php'; break;
  273. case "showcategory": require 'category.showstructure.php'; break;
  274. // glossary
  275. case 'glossary':
  276. case 'saveglossary':
  277. case 'updateglossary':
  278. case 'deleteglossary': require 'glossary.main.php'; break;
  279. case 'addglossary': require 'glossary.add.php'; break;
  280. case 'editglossary': require 'glossary.edit.php'; break;
  281. // functions for password administration
  282. case "passwd": require 'pwd.change.php'; break;
  283. // functions for session administration
  284. case 'adminlog':
  285. case 'deleteadminlog': require 'stat.adminlog.php'; break;
  286. case "viewsessions": require 'stat.main.php'; break;
  287. case "sessionbrowse": require 'stat.browser.php'; break;
  288. case "viewsession": require 'stat.show.php'; break;
  289. case "statistics": require 'stat.ratings.php'; break;
  290. case 'truncatesearchterms':
  291. case "searchstats": require 'stat.search.php'; break;
  292. // Reports
  293. case 'reports': require 'report.main.php'; break;
  294. case 'reportview': require 'report.view.php'; break;
  295. // fConfig administration
  296. case 'config': require 'configuration.php'; break;
  297. case 'system': require 'system.php'; break;
  298. case 'updateinstance':
  299. case 'instances': require 'instances.php'; break;
  300. case 'editinstance': require 'instances.edit.php'; break;
  301. case 'stopwordsconfig': require 'stopwordsconfig.main.php'; break;
  302. // functions for backup administration
  303. case 'backup': require 'backup.main.php'; break;
  304. case 'restore': require 'backup.import.php'; break;
  305. // functions for FAQ export
  306. case "export": require 'export.main.php'; break;
  307. // translation tools
  308. case "transedit": require 'trans.edit.php'; break;
  309. case "translist": require 'trans.list.php'; break;
  310. case "transadd": require 'trans.add.php'; break;
  311. // attachment administration
  312. case "attachments": require "att.main.php"; break;
  313. default: echo "Dave, this conversation can serve no purpose anymore. Goodbye."; break;
  314. }
  315. } else {
  316. require 'dashboard.php';
  317. }
  318. // User is authenticated, but has no rights
  319. } elseif (isset($auth) && !in_array(true, $permission)) {
  320. require 'noperm.php';
  321. // User is NOT authenticated
  322. } else {
  323. require 'loginform.php';
  324. }
  325. require 'footer.php';
  326. $faqConfig->getDb()->close();