Annotation of /mambo/trunk/administrator/index2.php
Parent Directory
| 
Revision Log
Revision 1 - (view) (download)
| 1 : | root | 1 | <?php |
| 2 : | /** | ||
| 3 : | * @version $Id: index2.php,v 1.8 2005/11/24 23:44:14 cauld Exp $ | ||
| 4 : | * @package Mambo | ||
| 5 : | * @copyright (C) 2000 - 2005 Miro International Pty Ltd | ||
| 6 : | * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL | ||
| 7 : | * Mambo is Free Software | ||
| 8 : | */ | ||
| 9 : | |||
| 10 : | // fix to address the globals overwrite problem in php versions < 4.4.1 | ||
| 11 : | $protect_globals = array('_REQUEST', '_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_ENV', 'GLOBALS', '_SESSION'); | ||
| 12 : | foreach ($protect_globals as $global) { | ||
| 13 : | if ( in_array($global , array_keys($_REQUEST)) || | ||
| 14 : | in_array($global , array_keys($_GET)) || | ||
| 15 : | in_array($global , array_keys($_POST)) || | ||
| 16 : | in_array($global , array_keys($_COOKIE)) || | ||
| 17 : | in_array($global , array_keys($_FILES))) { | ||
| 18 : | die("Invalid Request."); | ||
| 19 : | } | ||
| 20 : | } | ||
| 21 : | |||
| 22 : | /** Set flag that this is a parent file */ | ||
| 23 : | define( "_VALID_MOS", 1 ); | ||
| 24 : | |||
| 25 : | if (!file_exists( "../configuration.php" )) { | ||
| 26 : | header( "Location: ../installation/index.php" ); | ||
| 27 : | exit(); | ||
| 28 : | } | ||
| 29 : | |||
| 30 : | require_once( "../globals.php" ); | ||
| 31 : | require_once( "../configuration.php" ); | ||
| 32 : | require_once( $mosConfig_absolute_path . "/includes/mambo.php" ); | ||
| 33 : | include_once( $mosConfig_absolute_path . "/language/".$mosConfig_lang.".php" ); | ||
| 34 : | require_once( $mosConfig_absolute_path . "/administrator/includes/admin.php" ); | ||
| 35 : | |||
| 36 : | $database = new database( $mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix ); | ||
| 37 : | $database->debug( $mosConfig_debug ); | ||
| 38 : | $acl = new gacl_api(); | ||
| 39 : | |||
| 40 : | $option = strtolower( mosGetParam( $_REQUEST, 'option', '' ) ); | ||
| 41 : | if ($option == '') { | ||
| 42 : | $option = 'com_admin'; | ||
| 43 : | } | ||
| 44 : | // must start the session before we create the mainframe object | ||
| 45 : | session_name( md5( $mosConfig_live_site ) ); | ||
| 46 : | session_start(); | ||
| 47 : | |||
| 48 : | if ($option == 'simple_mode') { | ||
| 49 : | |||
| 50 : | $_SESSION['simple_editing'] = 'on'; | ||
| 51 : | } | ||
| 52 : | if ($option == 'advanced_mode') { | ||
| 53 : | |||
| 54 : | $_SESSION['simple_editing'] = 'off'; | ||
| 55 : | } | ||
| 56 : | |||
| 57 : | // mainframe is an API workhorse, lots of 'core' interaction routines | ||
| 58 : | $mainframe = new mosMainFrame( $database, $option, '..', true ); | ||
| 59 : | |||
| 60 : | // initialise some common request directives | ||
| 61 : | $task = mosGetParam( $_REQUEST, 'task', '' ); | ||
| 62 : | $act = strtolower( mosGetParam( $_REQUEST, 'act', '' ) ); | ||
| 63 : | $section = mosGetParam( $_REQUEST, 'section', '' ); | ||
| 64 : | $no_html = strtolower( mosGetParam( $_REQUEST, 'no_html', '' ) ); | ||
| 65 : | |||
| 66 : | if ($option == 'logout') { | ||
| 67 : | require 'logout.php'; | ||
| 68 : | exit(); | ||
| 69 : | } | ||
| 70 : | |||
| 71 : | // restore some session variables | ||
| 72 : | $my = new mosUser( $database ); | ||
| 73 : | $my->id = mosGetParam( $_SESSION, 'session_user_id', '' ); | ||
| 74 : | $my->username = mosGetParam( $_SESSION, 'session_username', '' ); | ||
| 75 : | $my->usertype = mosGetParam( $_SESSION, 'session_usertype', '' ); | ||
| 76 : | $my->gid = mosGetParam( $_SESSION, 'session_gid', '' ); | ||
| 77 : | |||
| 78 : | $session_id = mosGetParam( $_SESSION, 'session_id', '' ); | ||
| 79 : | $logintime = mosGetParam( $_SESSION, 'session_logintime', '' ); | ||
| 80 : | |||
| 81 : | |||
| 82 : | if(!isset($_SESSION['simple_editing'])){ | ||
| 83 : | $_SESSION['simple_editing'] ='off'; | ||
| 84 : | } | ||
| 85 : | |||
| 86 : | if(isset($_POST['simple_editing']) && ($_POST['simple_editing'] != '')) | ||
| 87 : | { | ||
| 88 : | $_SESSION['simple_editing'] = $_POST['simple_editing']; | ||
| 89 : | } | ||
| 90 : | |||
| 91 : | // check against db record of session | ||
| 92 : | if ($session_id == md5( $my->id.$my->username.$my->usertype.$logintime )) { | ||
| 93 : | $database->setQuery( "SELECT * FROM #__session" | ||
| 94 : | . "\nWHERE session_id='$session_id'" | ||
| 95 : | . " AND username = '" . $database->getEscaped( $my->username ) . "'" | ||
| 96 : | . " AND userid = " . intval( $my->id ) | ||
| 97 : | ); | ||
| 98 : | if (!$result = $database->query()) { | ||
| 99 : | echo $database->stderr(); | ||
| 100 : | } | ||
| 101 : | if ($database->getNumRows( $result ) <> 1) { | ||
| 102 : | echo "<script>document.location.href='index.php'</script>\n"; | ||
| 103 : | exit(); | ||
| 104 : | } | ||
| 105 : | } else { | ||
| 106 : | echo "<script>document.location.href='$mosConfig_live_site/administrator/index.php'</script>\n"; | ||
| 107 : | exit(); | ||
| 108 : | } | ||
| 109 : | |||
| 110 : | // update session timestamp | ||
| 111 : | $current_time = time(); | ||
| 112 : | $database->setQuery( "UPDATE #__session SET time='$current_time'" | ||
| 113 : | . "\nWHERE session_id='$session_id'" | ||
| 114 : | ); | ||
| 115 : | $database->query(); | ||
| 116 : | |||
| 117 : | // timeout old sessions | ||
| 118 : | $past = time()-1800; | ||
| 119 : | $database->setQuery( "DELETE FROM #__session WHERE time < '$past'" ); | ||
| 120 : | $database->query(); | ||
| 121 : | |||
| 122 : | // start the html output | ||
| 123 : | if ($no_html) { | ||
| 124 : | if ($path = $mainframe->getPath( "admin" )) { | ||
| 125 : | require $path; | ||
| 126 : | } | ||
| 127 : | exit; | ||
| 128 : | } | ||
| 129 : | |||
| 130 : | initGzip(); | ||
| 131 : | |||
| 132 : | $path = $mosConfig_absolute_path . "/administrator/templates/" . $mainframe->getTemplate() . "/index.php"; | ||
| 133 : | require_once( $path ); | ||
| 134 : | |||
| 135 : | doGzip(); | ||
| 136 : | ?> |
| ViewVC Help | |
| Powered by ViewVC 1.0.0 |
Web Hosting provided by Network Redux.