Annotation of /mambo/branches/4.5.3h/administrator/index3.php
Parent Directory
| 
Revision Log
Revision 1542 - (view) (download)
| 1 : | alwarren | 1542 | <?php |
| 2 : | /** | ||
| 3 : | * @package Mambo | ||
| 4 : | * @author Mambo Foundation Inc see README.php | ||
| 5 : | * @copyright Mambo Foundation Inc. | ||
| 6 : | * @license GNU/GPL Version 2, see LICENSE.php | ||
| 7 : | * Mambo is free software; you can redistribute it and/or | ||
| 8 : | * modify it under the terms of the GNU General Public License | ||
| 9 : | * as published by the Free Software Foundation; version 2 of the License. | ||
| 10 : | */ | ||
| 11 : | |||
| 12 : | |||
| 13 : | // fix to address the globals overwrite problem in php versions < 4.4.1 | ||
| 14 : | $protect_globals = array('_REQUEST', '_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_ENV', 'GLOBALS', '_SESSION'); | ||
| 15 : | foreach ($protect_globals as $global) { | ||
| 16 : | if ( in_array($global , array_keys($_REQUEST)) || | ||
| 17 : | in_array($global , array_keys($_GET)) || | ||
| 18 : | in_array($global , array_keys($_POST)) || | ||
| 19 : | in_array($global , array_keys($_COOKIE)) || | ||
| 20 : | in_array($global , array_keys($_FILES))) { | ||
| 21 : | die("Invalid Request."); | ||
| 22 : | } | ||
| 23 : | } | ||
| 24 : | |||
| 25 : | /** Set flag that this is a parent file */ | ||
| 26 : | define( "_VALID_MOS", 1 ); | ||
| 27 : | |||
| 28 : | if (!file_exists( "../configuration.php" )) { | ||
| 29 : | header( "Location: ../installation/index.php" ); | ||
| 30 : | exit(); | ||
| 31 : | } | ||
| 32 : | |||
| 33 : | require_once( "../globals.php" ); | ||
| 34 : | require_once( "../configuration.php" ); | ||
| 35 : | require_once( $mosConfig_absolute_path . "/includes/mambo.php" ); | ||
| 36 : | include_once( $mosConfig_absolute_path . "/language/".$mosConfig_lang.".php" ); | ||
| 37 : | require_once( $mosConfig_absolute_path . "/administrator/includes/admin.php" ); | ||
| 38 : | |||
| 39 : | $database = new database( $mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix ); | ||
| 40 : | $database->debug( $mosConfig_debug ); | ||
| 41 : | $acl = new gacl_api(); | ||
| 42 : | |||
| 43 : | $option = trim( strtolower( mosGetParam( $_REQUEST, 'option', '' ) ) ); | ||
| 44 : | |||
| 45 : | // must start the session before we create the mainframe object | ||
| 46 : | session_name( md5( $mosConfig_live_site ) ); | ||
| 47 : | session_start(); | ||
| 48 : | if (!isset($_SESSION['initiated'])) { | ||
| 49 : | session_regenerate_id(); | ||
| 50 : | $_SESSION['initiated'] = true; | ||
| 51 : | } | ||
| 52 : | |||
| 53 : | // mainframe is an API workhorse, lots of 'core' interaction routines | ||
| 54 : | $mainframe = new mosMainFrame( $database, $option, '..', true ); | ||
| 55 : | |||
| 56 : | // initialise some common request directives | ||
| 57 : | $task = trim( mosGetParam( $_REQUEST, 'task', '' ) ); | ||
| 58 : | $act = trim( strtolower( mosGetParam( $_REQUEST, 'act', '' ) ) ); | ||
| 59 : | $section = trim( mosGetParam( $_REQUEST, 'section', '' ) ); | ||
| 60 : | $mosmsg = trim( strip_tags( mosGetParam( $_REQUEST, 'mosmsg', '' ) ) ); | ||
| 61 : | $no_html = strtolower( trim( mosGetParam( $_REQUEST, 'no_html', '' ) ) ); | ||
| 62 : | |||
| 63 : | |||
| 64 : | if ($option == 'logout') { | ||
| 65 : | require 'logout.php'; | ||
| 66 : | exit(); | ||
| 67 : | } | ||
| 68 : | |||
| 69 : | // restore some session variables | ||
| 70 : | $my = new mosUser( $database ); | ||
| 71 : | $my->id = mosGetParam( $_SESSION, 'session_user_id', '' ); | ||
| 72 : | $my->username = mosGetParam( $_SESSION, 'session_username', '' ); | ||
| 73 : | $my->usertype = mosGetParam( $_SESSION, 'session_usertype', '' ); | ||
| 74 : | $my->gid = mosGetParam( $_SESSION, 'session_gid', '' ); | ||
| 75 : | |||
| 76 : | $session_id = mosGetParam( $_SESSION, 'session_id', '' ); | ||
| 77 : | $logintime = mosGetParam( $_SESSION, 'session_logintime', '' ); | ||
| 78 : | |||
| 79 : | // check against db record of session | ||
| 80 : | if ($session_id == md5( $my->id.$my->username.$my->usertype.$logintime )) { | ||
| 81 : | $database->setQuery( "SELECT * FROM #__session" | ||
| 82 : | . "\nWHERE session_id='$session_id'" | ||
| 83 : | . " AND username = '" . $database->getEscaped( $my->username ) . "'" | ||
| 84 : | . " AND userid = " . intval( $my->id ) | ||
| 85 : | ); | ||
| 86 : | if (!$result = $database->query()) { | ||
| 87 : | echo $database->stderr(); | ||
| 88 : | } | ||
| 89 : | if ($database->getNumRows( $result ) <> 1) { | ||
| 90 : | echo "<script>document.location.href='index.php'</script>\n"; | ||
| 91 : | exit(); | ||
| 92 : | } | ||
| 93 : | } else { | ||
| 94 : | echo "<script>document.location.href='index.php'</script>\n"; | ||
| 95 : | exit(); | ||
| 96 : | } | ||
| 97 : | |||
| 98 : | // update session timestamp | ||
| 99 : | $current_time = time(); | ||
| 100 : | $database->setQuery( "UPDATE #__session SET time='$current_time'" | ||
| 101 : | . "\nWHERE session_id='$session_id'" | ||
| 102 : | ); | ||
| 103 : | $database->query(); | ||
| 104 : | |||
| 105 : | // timeout old sessions | ||
| 106 : | $past = time()-1800; | ||
| 107 : | $database->setQuery( "DELETE FROM #__session WHERE time < '$past'" ); | ||
| 108 : | $database->query(); | ||
| 109 : | |||
| 110 : | // start the html output | ||
| 111 : | if ($no_html) { | ||
| 112 : | if ($path = $mainframe->getPath( "admin" )) { | ||
| 113 : | require $path; | ||
| 114 : | } | ||
| 115 : | exit; | ||
| 116 : | } | ||
| 117 : | |||
| 118 : | initGzip(); | ||
| 119 : | |||
| 120 : | ?> | ||
| 121 : | <?php echo "<?xml version=\"1.0\"?>"; ?> | ||
| 122 : | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
| 123 : | <html xmlns="http://www.w3.org/1999/xhtml"> | ||
| 124 : | <head> | ||
| 125 : | <title><?php echo $mosConfig_sitename; ?> - Administration [Mambo]</title> | ||
| 126 : | <link rel="stylesheet" href="templates/<?php echo $mainframe->getTemplate(); ?>/css/template_css.css" type="text/css"> | ||
| 127 : | <link rel="stylesheet" href="templates/<?php echo $mainframe->getTemplate(); ?>/css/theme.css" type="text/css"> | ||
| 128 : | <script language="JavaScript" src="../includes/js/JSCookMenu.js" type="text/javascript"></script> | ||
| 129 : | <script language="JavaScript" src="includes/js/ThemeOffice/theme.js" type="text/javascript"></script> | ||
| 130 : | <script language="JavaScript" src="../includes/js/mambojavascript.js" type="text/javascript"></script> | ||
| 131 : | <meta http-equiv="Content-Type" content="text/html; <?php echo _ISO; ?>" /> | ||
| 132 : | </head> | ||
| 133 : | <body> | ||
| 134 : | <?php | ||
| 135 : | if ($mosmsg) { | ||
| 136 : | if (!get_magic_quotes_gpc()) { | ||
| 137 : | $mosmsg = addslashes( $mosmsg ); | ||
| 138 : | } | ||
| 139 : | echo "\n<script language=\"javascript\" type=\"text/javascript\">alert('$mosmsg');</script>"; | ||
| 140 : | } | ||
| 141 : | |||
| 142 : | // Show list of items to edit or delete or create new | ||
| 143 : | if ($path = $mainframe->getPath( 'admin' )) { | ||
| 144 : | require $path; | ||
| 145 : | } else { | ||
| 146 : | ?> | ||
| 147 : | <img src="images/logo.png" border="0" alt="Mambo Logo" /> <br /> | ||
| 148 : | <?php | ||
| 149 : | } | ||
| 150 : | ?> | ||
| 151 : | |||
| 152 : | </body> | ||
| 153 : | </html> | ||
| 154 : | <?php | ||
| 155 : | doGzip(); | ||
| 156 : | ?> |
| ViewVC Help | |
| Powered by ViewVC 1.0.0 |
Web Hosting provided by Network Redux.