Mambo > Projects > Mambo CMS > SVN

Diff of /mambo/branches/4.6/index.php

-revision 288, Wed Feb 15 17:18:43 2006 UTC
+revision 465, Wed Apr 12 21:14:39 2006 UTC
 Line 1
  <?php
  /**
- * @version $Id: index.php,v 1.47 2005/08/26 08:10:43 mambofoundation Exp $
+ * @package Mambo Open Source
- * @package Mambo
+ * @copyright (C) 2005 - 2006 Mambo Foundation Inc.
- * @copyright (C) 2000 - 2005 Miro International Pty Ltd
  * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
+ *
+ * Mambo was originally developed by Miro (www.miro.com.au) in 2000. Miro assigned the copyright in Mambo to The Mambo Foundation in 2005 to ensure
+ * that Mambo remained free Open Source software owned and managed by the community.
  * Mambo is Free Software
  */
-Line 60
+Line 62
      var $subdirectory;
      var $current_user = null;
      var $do_gzip_compress = false;
+     var $init_errorlevel = 0;
      function mamboCore () {
          global $adminside;
-         $this->rootPath = dirname(__FILE__);
+         $this->init_errorlevel = error_reporting(0);
+         $this->rootPath = str_replace('\\', '/', dirname(__FILE__));
          $this->checkConfig();
          $this->Itemid = mosGetParam($_REQUEST, 'Itemid', 0);
          $this->getConfig();
          $this->fixLanguage();
          @set_magic_quotes_runtime( 0 );
-         if (@$this->mosConfig_error_reporting === 0) error_reporting(0);
+         if (@$this->mosConfig_error_reporting > 0 OR @$this->mosConfig_error_reporting ===0) error_reporting($this->mosConfig_error_reporting);
-         elseif (@$this->mosConfig_error_reporting > 0) error_reporting($this->mosConfig_error_reporting);
+         else error_reporting($this->init_errorlevel);
      }
      function &getMamboCore () {
-Line 117
+Line 120
      }
          function getConfig () {
+                 global $adminside;
                  $code = '';
                  $f = @fopen($this->rootPath.'/configuration.php','rb');
                  if ($f) {
-Line 132
+Line 136
                  }
                  fclose($f);
                  eval($code);
-                 $subdir = substr(dirname(__FILE__), strlen($_SERVER['DOCUMENT_ROOT']));
+                 if (isset($_SERVER['DOCUMENT_ROOT']) AND strlen($_SERVER['DOCUMENT_ROOT'])) $docroot = $_SERVER['DOCUMENT_ROOT'];
-                 $this->subdirectory = str_replace('\\', '/', $subdir);
+                 else {
+                         // Find information about where execution started
+                         $origin = array_pop(debug_backtrace());
+                         // Find the PHP script at the start, with a fix for Windows slashes
+                         $absolutepath = str_replace('\\', '/', $origin['file']);
+                         $localpath = $_SERVER['PHP_SELF'];
+                         $docroot = substr($absolutepath,0,strpos($absolutepath,$localpath));
+                 }
+                 $mamboroot = str_replace('\\', '/', dirname(__FILE__));
+                 $this->subdirectory = substr($mamboroot, strlen($docroot));
                  $scheme = isset($_SERVER['HTTP_SCHEME']) ? $_SERVER['HTTP_SCHEME'] : ((isset($_SERVER['HTTPS']) AND strtolower($_SERVER['HTTPS'] != 'off')) ? 'https' : 'http');
                  if (isset($_SERVER['HTTP_HOST'])) {
                          $withport = explode(':', $_SERVER['HTTP_HOST']);
-Line 150
+Line 163
                  $afterscheme = '://'.$servername.$port.$this->subdirectory;
                  $this->mosConfig_live_site = $this->mosConfig_secure_site = $scheme.$afterscheme;
                  $this->mosConfig_unsecure_site = 'http'.$afterscheme;
- //              $this->mosConfig_live_site = 'http://'.$_SERVER['SERVER_NAME'].$this->subdirectory;
                  $this->mosConfig_absolute_path = $this->rootPath;
                  preg_match_all('/\$this\-\>([A-Za-z_][A-Za-z0-9_]*)/', $code, $matches);
                  foreach ($matches[1] as $match) $GLOBALS[$match] = $this->$match;
-Line 168
+Line 180
      }
      function offlineCheck (&$user, &$database) {
-         if ($this->mosConfig_offline) {
+         if ($this->mosConfig_offline OR file_exists($this->rootPath.'/installation/index.php')) {
              require_once($this->rootPath().'/administrator/includes/admin.php');
              session_name(md5($this->mosConfig_live_site));
              session_start();
-             if ($user =& checkAdminSession($database)) return;
+                     $session =& mosSession::getCurrent();
+                     $my =& new mosUser();
+                     $my->getSessionData();
+             if (mosSession::validate($my)) return;
              include("$this->mosConfig_absolute_path/offline.php");
              exit();
          }
      }
      function fixLanguage () {
-         require_once($this->mosConfig_absolute_path.'/includes/phpgettext/error.php');
          require_once($this->mosConfig_absolute_path.'/includes/phpgettext/phpgettext.class.php');
+         require_once($this->mosConfig_absolute_path.'/includes/phpgettext/error.php');
+         require_once($this->mosConfig_absolute_path.'/includes/mambofunc.php');
+         require_once($this->mosConfig_absolute_path.'/includes/mambolanguage.class.php');
+         error_reporting(E_ALL)        ;
          ##########  DEPRECATED ############
          if (isset($this->mosConfig_lang) AND $this->mosConfig_lang);
          else $this->set('mosConfig_lang', 'english');
-Line 192
+Line 206
          if (file_exists($language_file)) require_once ($language_file);
          ###################################
-         #set_error_handler('error_handler');
-         $lang = $this->mosConfig_lang;
+         $this->mosConfig_lang = mosGetParam($_POST, 'setLanguage', $this->mosConfig_lang);
-         $langfile = $this->rootPath.DIRECTORY_SEPARATOR.'language'.DIRECTORY_SEPARATOR.$lang.'.xml';
-         /*$this->language[$this->mosConfig_language] = array(
-         'locale' => 'pt, pt.utf-8',
-         'encoding' => 'utf-8',
-         'direction' => 'rtl',
-         'dateformat' => '%A, %d %B %Y',
-         'offset' => '+00:00'
-         );
-         */
-         $p = xml_parser_create();
-         xml_parser_set_option($p, XML_OPTION_CASE_FOLDING, 0);
-         xml_parser_set_option($p, XML_OPTION_SKIP_WHITE, 1);
-         xml_parse_into_struct($p, implode("", file($langfile)), $values);
-         xml_parser_free($p);
-         foreach($values as $key => $value)
-         {
-             if ($value['tag'] == 'param') {
-                 $name = $value['attributes']['name'];
-                 $this->language[$name] = $value['attributes']['default'];
-             }
-         }
-         if (!defined('_ISO')) DEFINE('_ISO','charset='.$this->language['encoding']);
+         $language =& mamboLanguage::getInstance($this->mosConfig_lang, $this->rootPath.'/language/');
-         if (!defined('_DATE_FORMAT_LC')) DEFINE('_DATE_FORMAT_LC', $this->language['dateformat']); //Uses PHP's strftime Command Format
+         $languages = $language->getLanguages();
-         if (!defined('_DATE_FORMAT_LC2')) DEFINE('_DATE_FORMAT_LC2', $this->language['dateformat']." %H:%M");
+         $charset = $language->get('charset');
+         $dateformat = $language->get('dateformat');
+         $this->current_language = $language;
+         if (!defined('_ISO')) DEFINE('_ISO','charset='.$charset);
+         if (!defined('_DATE_FORMAT_LC')) DEFINE('_DATE_FORMAT_LC', $dateformat); //Uses PHP's strftime Command Format
+         if (!defined('_DATE_FORMAT_LC2')) DEFINE('_DATE_FORMAT_LC2', $dateformat);
-         //header('Content-Type: text/html; charset=utf-8');
          $gettext =& phpgettext();
-         $gettext->debug = 0;
+         $gettext->debug       = $this->mosConfig_locale_debug;
-         $gettext->has_gettext = 0;
+         $gettext->has_gettext = $this->mosConfig_locale_use_gettext;
-         $gettext->setlocale($this->mosConfig_lang, $this->mosConfig_locale);
+         $gettext->setlocale($this->mosConfig_lang);
-         /*dump($gettext->getlocale());
-         $gettext->bindtextdomain('administrator', $lang_path);/*dump($gettext->getlocale());
-         dump(setlocale(LC_CTYPE, ''));;
-         dump(array($gettext, $this));*/
      }
      function handleGlobals () {
-Line 433
+Line 421
  }
+ /* This is the new error handler to store errors in the database
+ class mosErrorHandler {
+ var $types = array (
+ E_STRICT => 'Strict check',
+ E_USER_WARNING => 'User Warning',
+ E_USER_NOTICE => 'User Notice',
+ E_WARNING => 'Warning',
+ E_NOTICE => 'Notice',
+ E_CORE_WARNING => 'Core Warning',
+ E_COMPILE_WARNING => 'Compile Warning',
+ E_USER_ERROR => 'User Error',
+ E_ERROR => 'Error',
+ E_PARSE => 'Parse error',
+ E_CORE_ERROR => 'Core Error',
+ E_COMPILE_ERROR => 'Compile Error'
+ );
+ function mosErrorHandler () {
+ set_error_handler(array(&$this, 'handler'));
+ }
+ function handler ($errno, $errstr, $errfile, $errline, $errcontext) {
+ if ($errno = E_STRICT) return;
+ $string = $this->types[$errno].': '.$errstr.' in '.$errfile.' at '.$errline;
+ $database = mamboDatabase::getInstance();
+ if (eregi('^(sql)$', $errstr)) {
+ $extra = $database->getErrorMsg();
+ }
+ if (function_exists('debug_backtrace')) {
+ foreach(debug_backtrace() as $back) {
+ if (@$back['file']) {
+ $extra .= "\n".$back['file'].':'.$back['line'];
+ }
+ }
+ }
+ $database->setQuery("DELETE FROM #__errors WHERE file=$errfile AND line=$errline AND number=$errno");
+ $database->query();
+ $database->setQuery("INSERT INTO #__errors VALUES (0, $errno, '$errfile', $errline, '$string', '$extra')");
+ $database->query();
+ }
+ }
+ */
  if (!isset($adminside)) $adminside = 0;
  if (!isset($indextype)) $indextype = 1;
-Line 440
+Line 471
  $configuration->handleGlobals();
  require_once ($configuration->rootPath().'/includes/database.php');
+ //new mosErrorHandler();
  /**
  * Mambo basic error object
-Line 649
+Line 681
      /**
          * @param database A database connector object
          */
-     function mosMenu( $dummy ) {
+     function mosMenu() {
          $db =& mamboDatabase::getInstance();
          $this->mosDBTable( '#__menu', 'id', $db );
      }
-Line 812
+Line 844
          $ret = true;
          if (is_dir($path)) {
              $topdir =& new mosDirectory($path);
-             $files =& $topdir->listFiles ('', 'file', true);
+             $files =& $topdir->listFiles ('', 'file', true, true);
-             $dirs =& $topdir->listFiles ('', 'dir', true);
+             $dirs =& $topdir->listFiles ('', 'dir', true, true);
          }
          else {
              $files = array($path);
-Line 939
+Line 971
          * Constructor
          */
      function mosMenuHandler() {
-         global $my;
          $database =& mamboDatabase::getInstance();
          $sql = "SELECT * FROM #__menu ORDER BY name";
          $this->_menus =& $database->doSQLget($sql, 'mosMenu');
-Line 987
+Line 1018
          return $result;
      }
+     function &getMenuTypes () {
+                 $types = array();
+                 foreach ($this->_menus as $menu) {
+                         if (!isset($types[$menu->menutype])) $types[$menu->menutype] = 0;
+                         $types[$menu->menutype]++;
+                 }
+                 return $types;
+         }
      function getIDByTypeLink ($type, $link) {
          foreach ($this->_menus as $menu) {
              if ($menu->published == 1 AND ($type == '*' OR $menu->type == $type) AND $menu->link == $link) return $menu->id;
-Line 1104
+Line 1144
          * @return boolean True if the visitor's group at least equal to the menu access
          */
      function menuCheck( $Itemid, $menu_option, $task, $gid ) {
-         $exceptions = array ('com_banner', 'com_poll', 'com_registration', 'com_rss');
+         // Construct a link to this component - if no menu for it, assume it is OK
-         if (in_array($menu_option, $exceptions)) return true;
          $dblink="index.php?option=$menu_option";
+         if ($this->getIDLikeLink($dblink) == 0) return true;
          if ($Itemid) {
              $menu =& $this->getMenuByID($Itemid);
              if (strpos($menu->link,$dblink) ===0) $access = $menu->access;
-Line 1195
+Line 1235
          */
      function mosShowVIMenu(  &$params ) {
          global $my, $cur_template, $Itemid;
          if (mamboCore::get('mosConfig_shownoauth')) $maxaccess = 0;
          else $maxaccess = $my->gid;
          $rows =& $this->getByParentOrder(0, $params->get('menutype'), $maxaccess);
-Line 1504
+Line 1543
      var $sendEmail=null;
      /** @var int The group id number */
      var $gid=null;
+     /** @var int Group number from ACL */
+     var $grp=null;
      /** @var datetime */
      var $registerDate=null;
      /** @var datetime */
-Line 1516
+Line 1557
      /**
          * @param database A database connector object
          */
-     function mosUser( $dummy ) {
+     function mosUser() {
          $database =& mamboDatabase::getInstance();
          $this->mosDBTable( '#__users', 'id', $database );
      }
      /**
+          * Return true if this user is an administrator, false otherwise
+          */
+     function isAdmin() {
+         return ( strtolower( $this->usertype ) == 'superadministrator' OR strtolower( $this->usertype ) == 'super administrator' OR (isset($this->grp) AND $this->grp == 16) ) ? true : false;
+     }
+     /**
           * Fill a user object with information from the current session
           */
      function getSessionData() {
-Line 1531
+Line 1579
          $this->usertype = $session->usertype;
          $this->gid = intval( $session->gid );
      }
+     function getSession () {
+                 $this->id = mosGetParam( $_SESSION, 'session_user_id', 0 );
+                 $this->username = mosGetParam( $_SESSION, 'session_username', '' );
+                 $this->usertype = mosGetParam( $_SESSION, 'session_usertype', '' );
+                 $this->gid = mosGetParam( $_SESSION, 'session_gid', 0 );
+                 $this->grp = mosGetParam( $_SESSION, 'session_grp', 0);
+     }
      /**
           * Validation and filtering
           * @return boolean True is satisfactory
-Line 1588
+Line 1644
      }
      function delete($oid=null) {
+         global $acl;
+         $k = $this->_tbl_key;
          if ($oid) $this->id = intval( $oid );
          $aro_id = $acl->get_object_id( 'users', $this->$k, 'ARO' );
          $acl->del_object( $aro_id, 'ARO', true );
-Line 2119
+Line 2176
  class mosSession extends mosDBTable {
      /** @var int Primary key */
      var $session_id=null;
-     /** @var string */
+     /** @var time */
      var $time=null;
-     /** @var string */
+     /** @var int User ID */
      var $userid=0;
      /** @var string */
      var $usertype=null;
      /** @var string */
      var $username='';
-     /** @var time */
+     /** @var int User group ID */
      var $gid=0;
      /** @var int */
      var $guest=1;
-Line 2137
+Line 2194
      /**
          * @param database A database connector object
          */
-     function mosSession( &$db ) {
+     function mosSession() {
          $database =& mamboDatabase::getInstance();
          $this->mosDBTable( '#__session', 'session_id', $database );
          $this->time = time();
      }
+     function validate ($user) {
+                 // check against db record of session
+                 $session_id = mosGetParam( $_SESSION, 'session_id', '' );
+                 $logintime = mosGetParam( $_SESSION, 'session_logintime', '' );
+                 if ($session_id == md5( $user->id.$user->username.$user->usertype.$logintime )) {
+                         $current_time = time();
+                         $database = mamboDatabase::getInstance();
+                         $database->setQuery ("UPDATE #__session"
+                         . "\nSET time='$current_time', guest=-3-guest"
+                         . "\nWHERE session_id='$session_id'"
+                         . " AND username = '" . $database->getEscaped( $user->username ) . "'"
+                         . " AND userid = " . intval( $user->id )
+                         );
+                         if (!$result = $database->query()) echo $database->stderr();
+                         elseif ($database->getAffectedRows() == 1) return true;
+                 }
+                 return false;
+         }
      function &getCurrent () {
          static $currentSession;
          if (!is_object($currentSession)) {
-             $currentSession = new mosSession($dummy);
+             $currentSession = new mosSession();
-             $currentSession->purge(intval(mamboCore::get('mosConfig_lifetime')));
+             mosSession::purge();
              $sessionCookieName = md5('site'.mamboCore::get('mosConfig_live_site'));
              $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null);
              $usercookie = mosGetParam($_COOKIE, 'usercookie', null);
-Line 2203
+Line 2279
              if ($randnum != "") {
                  $cryptrandnum = md5( $randnum );
                  $this->_db->setQuery( "SELECT $this->_tbl_key FROM $this->_tbl WHERE $this->_tbl_key=MD5('$randnum')" );
-                 if(!$result = $this->_db->query()) {
+                 if(!($result = $this->_db->query())) {
                      die( $this->_db->stderr( true ));
                      // todo: handle gracefully
                  }
-Line 2220
+Line 2296
          return $this->_session_cookie;
      }
-     function purge( $inc=1800 ) {
+     function purge () {
-         $past = time() - $inc;
+         $past = time() - intval(mamboCore::get('mosConfig_lifetime'));
-         $query = "DELETE FROM $this->_tbl"
+         $adminpast = time() - 3600;
-         . "\nWHERE (time < $past)";
+         $database = mamboDatabase::getInstance();
-         $this->_db->setQuery($query);
+         $database->setQuery("DELETE FROM #__session WHERE (time<$past AND guest>=0) OR (time<$adminpast AND guest<0)");
+         return $database->query();
-         return $this->_db->query();
      }
  }
  /**
-Line 2345
+Line 2421
                          if (count($parser->html)) return implode("\n", $parser->html);
                  }
                  $raw = $this->_raw;
-                 return "<textarea name='$name' cols='40' rows='10' class='text_area'$raw</textarea>";
+         return "<textarea name='$name' cols='40' rows='10' class='text_area'>$raw</textarea>";
          }
      /**
-Line 2380
+Line 2456
      }
  }
  require($configuration->rootPath().'/includes/version.php');
  $_VERSION =& new version();
-Line 2430
+Line 2507
  $act = strtolower(mosGetParam($_REQUEST, 'act', ''));
  $section = mosGetParam($_REQUEST, 'section', '');
  $no_html = strtolower(mosGetParam($_REQUEST, 'no_html', ''));
+ $cid = (array) mosGetParam( $_POST, 'cid', array() );
+ ini_set('session.use_trans_sid', 0);
+ ini_set('session.use_cookies', 1);
+ ini_set('session.use_only_cookies', 1);
  if ($adminside) {
      // Start ACL
-Line 2444
+Line 2527
      $gettext->bindtextdomain($domain, $lang_path);
      $admindomain = $gettext->textdomain();
      $gettext->textdomain('administrator');
-     // Login will, if it succeeds, start a new session and set $my
+     session_name(md5(mamboCore::get('mosConfig_live_site')));
-     if ($option == 'login') {
+     session_start();
+         // restore some session variables
+         $my = new mosUser();
+         $my->getSession();
+         if (mosSession::validate($my)) mosSession::purge();
+         else $my = null;
+     if (!$my AND $option == 'login') {
          require_once($configuration->rootPath().'/includes/authenticator.php');
          $authenticator =& mamboAuthenticator::getInstance();
          $my = $authenticator->loginAdmin($acl);
      }
-     // If this is not login, we should already have a valid admin session
-     else {
-         session_name(md5(mamboCore::get('mosConfig_live_site')));
-         session_start();
          // Handle the remaining special options
-         if ($option == 'logout') {
+     elseif ($option == 'logout') {
              require($configuration->rootPath().'/administrator/logout.php');
              exit();
          }
-         if ($option == 'simple_mode') $admin_mode = 'on';
-         elseif ($option == 'advanced_mode') $admin_mode = 'off';
-         else $admin_mode = mosGetParam($_SESSION, 'simple_editing', '');
-         $_SESSION['simple_editing'] = mosGetParam($_POST, 'simple_editing', $admin_mode);
-         // Include admin side functions, check that we have a valid admin side session
-         require_once($configuration->rootPath().'/administrator/includes/admin.php');
-         $my = checkAdminSession($database);
-     }
      // We can now create the mainframe object
      $mainframe =& new mosMainFrame($database, $option, '..', true);
      // Provided $my is set, we have a valid admin side session and can include remaining code
      if ($my) {
          mamboCore::set('currentUser', $my);
+         if ($option == 'simple_mode') $admin_mode = 'on';
+         elseif ($option == 'advanced_mode') $admin_mode = 'off';
+         else $admin_mode = mosGetParam($_SESSION, 'simple_editing', '');
+         $_SESSION['simple_editing'] = mosGetParam($_POST, 'simple_editing', $admin_mode);
+         require_once($configuration->rootPath().'/administrator/includes/admin.php');
          require_once( $configuration->rootPath().'/includes/mambo.php' );
          require_once ($configuration->rootPath().'/includes/mambofunc.php');
          require_once ($configuration->rootPath().'/includes/mamboHTML.php');
-Line 2496
+Line 2577
              $configuration->doGzip();
          }
          else {
-             if (!$popup) {
+             if (!isset($popup)) {
                  $pop = mosGetParam($_REQUEST, 'pop', '');
-                 if ($pop) require_once($configuration->rootPath()."/administrator/popups/$pop");
+                 if ($pop) require($configuration->rootPath()."/administrator/popups/$pop");
-                 else require_once($configuration->rootPath()."/administrator/popups/index3pop.php");
+                 else require($configuration->rootPath()."/administrator/popups/index3pop.php");
                  $configuration->doGzip();
              }
          }
      }
-     // If $my was not set, the only possibility is to ask for an admin side login
+     // If $my was not set, the only possibility is to offer a login screen
      else {
          $configuration->initGzip();
          $path = $configuration->rootPath().'/administrator/templates/'.$mainframe->getTemplate().'/login.php';
-Line 2530
+Line 2611
      elseif ($option == 'logout') $configuration->handleLogout();
      $session =& mosSession::getCurrent();
-     $my =& new mosUser($database);
+     $my =& new mosUser();
      $my->getSessionData();
      mamboCore::set('currentUser',$my);
      $configuration->offlineCheck($my, $database);
-Line 2559
+Line 2640
      require_once( $configuration->rootPath() . '/components/com_content/content.class.php' );
      $acl = new gacl_api();
      /** Get the component handler */
      require_once( $configuration->rootPath() . '/includes/cmtclasses.php' );
      $c_handler =& mosComponentHandler::getInstance();
-Line 2571
+Line 2651
          $menuhandler->setPathway($Itemid);
          if ($ret) {
              $gettext->textdomain(substr($option, 4));   // get the component lang file
-             require_once( $path );
+             require ($path);
              $gettext->textdomain($frontdomain);
          }
          else mosNotAuth();
-Line 2627
+Line 2707
      $configuration->doGzip();
  }
  // displays queries performed for page
- if ($configuration->get('mosConfig_debug')) $database->displayLogged();
+ if ($configuration->get('mosConfig_debug') AND $adminside != 3) $database->displayLogged();
  ?>

 Legend:



Removed from v.288
 


changed lines


 
Added in v.465
 Legend:



Removed from v.288
 


changed lines


 
Added in v.465
-Removed from v.288
+Added in v.465

	ViewVC Help
Powered by ViewVC 1.0.0

Web Hosting provided by Network Redux.

MyGforge Home

Mambo CMS

Diff of /mambo/branches/4.6/index.php