Location: PHPKode > projects > Blite > blite-0.1-beta6/blite/settings.php
<?php
/*
 *      Copyright 2012 Douglas Robbins <hide@address.com>
 *      
 *      This file is part of Blite, a blogging application, available at
 *      <http://blite.ca/>.
 * 
 *      Blite is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation; either version 3 of the License, or
 *      (at your option) any later version.
 *      
 *      This program is distributed in the hope that it will be useful,
 *      but WITHOUT ANY WARRANTY; without even the implied warranty of
 *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *      GNU General Public License for more details.
 *      
 *      You should have received a copy of the GNU General Public License
 *      along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

require('configure.php');
if (!$authuser) {
	echo "Permission denied.";
	exit;
}

$page['error'] = '';

// Checkmark settings.
$bool = array( 'excerpts', 'dontexcerptfirst', 'showcategories', 'showarchives', 'enablecomments', 'linksnofollow', 'linksnewwindow', 'blogspam', 'rssposts', 'rssfullcontent', 'rsscomments', 'rsscomfullcontent', 'protectadmin' );

$query_params = '';
$results = db_query("SELECT * FROM settings ORDER BY id");
while ($row = db_getdata($results)) {
	$current[$row['name']] = $row['value'];
}

if (!empty($_POST['submit'])) {
	// Verify the nonce.
	list($nonce, $noncestamp, $nonceerror) = verify_nonce('settings','The admin page expired.');
	if ( !empty($nonceerror) ) {
		echo $nonceerror;
		exit;
	}
	
	// Boolean attributes are not submitted if unchecked on the form.
	foreach ($bool as $attr) {
		if (empty($_POST[$attr])) {
			$_POST[$attr] = "0";
		}
	}

	if (get_magic_quotes_gpc()) {
		foreach ($_POST as $key => $val) {
			$_POST[$key] = stripslashes($val);
		}
	}

	
	// Error checking.	
	
	$errors = '';

	// Admin username.
	if (empty($_POST['adminuser'])) {
		$errors .= "<div>Administrator Username cannot be blank.</div>\n";
	}
	elseif (empty($_POST['adminname'])) {
		$_POST['adminname'] = $_POST['adminuser'];
	}
	
	// Password & confirm.
	if ( !empty($_POST['adminpass']) && empty($_POST['adminpass2']) ) {
		$errors .= "<div>Please re-type the administrator password to confirm it.</div>\n";
	}
	elseif ( !empty($_POST['adminpass']) && !empty($_POST['adminpass2']) && $_POST['adminpass'] !== $_POST['adminpass2'] ) {
		$errors .= "<div>Password and re-typed administrator password do not match.</div>\n";
	}
	
	// Email in a valid format.
	if (!empty($_POST['adminmail']) && !valid_email($_POST['adminmail'])) {
		$errors .= "<div>Email address is invalid.</div>\n";
	}
	
	// Theme.
	if (empty($_POST['theme'])) {
		$errors .= "<div>Please select a theme (Display).</div>\n";
	}

	// Nonce settings.
	if (empty($_POST['noncesalt'])) {
		$_POST['noncesalt'] = sha1( time() . rand(1000,9999) );
	}
	if (empty($_POST['nonceslifetime'])) {
		$_POST['nonceslifetime'] = 24;
	}
	if (empty($_POST['noncespruneinterval'])) {
		$_POST['noncespruneinterval'] = 2;
	}
	
	// End error checking.
	
	if (!empty($errors)) {
		$page['error'] = "\n<div id='error_box'>\n<div class='error_title'>" . $lang['errors'] . "</div>\n$errors</div>\n";
		$current = $_POST;
	}
	else {
		foreach ($_POST as $subname => $subvalue) {
			//$subvalue = stripslashes($subvalue);
			if ($subname == 'allowedtags') {
				$subvalue = str_replace(',', '', $subvalue);
				$pattern = '/[a-z]/i';
				$tags = explode(' ', $subvalue);
				foreach ($tags as $tag) {
					$tag = strtolower($tag);
					if ( preg_match("/^[a-z]*$/i", $tag) && $tag !== 'br' && $tag !== 'blockquote') {
						$goodtags .= "$tag ";
					}				
				}
				$subvalue = substr($goodtags, 0, -1);
			}
			if ($subname == 'adminpass' && !empty($subvalue)) {
				$subvalue = sha1($subvalue);
			}
			elseif ($subname == 'adminpass') {
				$subvalue = $current[$subname];
			}
			if ( $subname == 'submit' ) {
				continue;
			}
			elseif ( $subvalue !== $current[$subname] ) {
				$current[$subname] = $subvalue;
				$query_params = array ( 'subvalue' => 'txt', 'subname' => 'txt' );
				db_query("UPDATE settings SET value=? WHERE name=?");
			}
		}
		$query_params = array( 'nonce' => 'txt', 'noncestamp' => 'int' );
		db_query("INSERT INTO nonces (nonce, type, stamp) VALUES (?, 'settings', ?)");

		header("Location: " . $_SESSION['lastpage'] );
		exit;
	}
}

// All checkbox selections.

foreach ($bool as $attr) {
	if ($current[$attr] == 1) {
		${$attr} = 'checked';
	}
	else {
		${$attr} = '';
	}
}

// Theme selector.

$themedir = dirname(__FILE__) . '/themes';
$themes = scandir($themedir);
$themesel = "<option value=''>Choose theme..</option>\n";
foreach ($themes as $theme) {
	if (is_dir($themedir . '/' . $theme) && $theme[0] !== '.') {
		$sel = '';
		if ($theme == $current['theme']) {
			$sel = 'selected';
		}
		$themesel .= "<option value='$theme' $sel>$theme</option>\n";
	}
}
$themesel = "<select name='theme'>\n$themesel</select>";

// Disable blogspam.net settings if xmlrpc extension not installed.
$bs_disabled = '';
$bs_message = '';
if (!extension_loaded('xmlrpc')) {
	$bs_disabled = 'disabled';
	$bs_message = "<div class='setnote'>Blogspam.net spam detection requires the PHP xmlrpc extension, currently not installed.</div>\n";
}

// Site name
$current['sitename'] = htmlspecialchars($current['sitename']);

$page['content']  = "<div id='panel1' class='panel'>";
$page['content'] .= "<div class='label'>Site Name :</div><div class='in'><input type='text' name='sitename' value=\"$current[sitename]\" size=30 class='string'></div>\n";
$page['content'] .= "<div class='label'>Description :</div><div class='in'><textarea name='sitedescription' rows=2 cols=30 class='small'>$current[sitedescription]</textarea></div>\n";
$page['content'] .= "<div class='subtitle'>Administrator:</div>\n";
$page['content'] .= "<div class='label'>Username :</div><div class='in'><input type='text' name='adminuser' value='$current[adminuser]' size=30 class='string'></div>\n";
$page['content'] .= "<div class='label'>Password :</div><div class='in'><input type='password' name='adminpass' value='' size=30 autocomplete='off' class='string'> *</div>\n";
$page['content'] .= "<div class='label'>Re-type Password :</div><div class='in'><input type='password' name='adminpass2' value='' size=30 autocomplete='off' class='string'> *</div>\n";
$page['content'] .= "<div class='label'>Display Name :</div><div class='in'><input type='text' name='adminname' value='$current[adminname]' size=30 class='string'></div>\n";
$page['content'] .= "<div class='label'>Email :</div><div class='in'><input type='text' name='adminmail' value='$current[adminmail]' size=30 class='string'></div>\n";
$page['content'] .= "<div class='setnote'>* Leave the password fields empty to keep the current password.</div>\n";
$page['content'] .= "<div style='clear:left'></div>\n</div>\n\n";

$page['content'] .= "<div id='panel2' class='panel'>";
$page['content'] .= "<div class='subtitle subtop'><b>Theme:</b></div>";
$page['content'] .= "<div class='check'>$themesel</div>\n";
$page['content'] .= "<div class='subtitle'>Pagination:</div>\n";
$page['content'] .= "<div class='check'>Show <input type='text' name='threadsperpage' value='$current[threadsperpage]' size='3' class='num'> Blog Posts per Page</div>\n";
$page['content'] .= "<div class='subtitle'>Post Excerpts:</div>\n";
$page['content'] .= "<div class='check'><label><input type='checkbox' name='excerpts' value='1' $excerpts> Enable Excerpts</label></div>\n";
$page['content'] .= "<div style='clear:left'></div>\n</div>\n\n";

$page['content'] .= "<div id='panel3' class='panel'>";
$page['content'] .= "<div class='placeholders'>\n<div style='margin-bottom:10px; font-weight:bold'>Placeholders for Sidebar Content (below):</div>\n<div>#adminlinks#<br>#categories#<br>#recentcomments#<br>#recentposts#<br>#archives#</div>\n</div>\n";
$page['content'] .= "<div class='subtitle subtop'>Sidebar Features:</div>\n";
$page['content'] .= "<div class='check'><label><input type='checkbox' name='showcategories' value='1' $showcategories> Enable Categories</label></div>\n";
$page['content'] .= "<div class='check'><label><input type='checkbox' name='showarchives' value='1' $showarchives> Enable Archives</label></div>\n";
$page['content'] .= "<div class='check'>Show <input type='text' name='numrecentposts' value='$current[numrecentposts]' size='3' class='num'> Most Recent Posts ('0' to disable)</div>\n";
$page['content'] .= "<div class='check'>Show <input type='text' name='numrecentcomments' value='$current[numrecentcomments]' size='3' class='num'> Most Recent Comments ('0' to disable)</div>\n";
$page['content'] .= "<div class='subtitle'>Sidebar Content:</div>\n";
$page['content'] .= "<div class='in sbtext'><textarea name='sidebar' class='sbar' cols=20 rows=20>$current[sidebar]</textarea></div>\n";
$page['content'] .= "<div style='clear:left'></div>\n</div>\n\n";

$page['content'] .= "<div id='panel4' class='panel'>";
$page['content'] .= "<div class='subtitle subtop'>Comments:</div>\n";
$page['content'] .= "<div class='check'><label><input type='checkbox' name='enablecomments' value='1' $enablecomments> Enable Comments</label></div>\n";
$page['content'] .= "<div class='check indented'><label><input type='checkbox' name='protectadmin' value='1' $protectadmin> Restrict use of admin's Display Name and Email (must be logged-in to use)</label></div>\n";
$page['content'] .= "<div class='label labelin'>Maximum Length :</div><div class='in'><input type='text' name='maxcommentlength' value='$current[maxcommentlength]' size='6' class='bignum'> characters</div>\n";
$page['content'] .= "<div class='label labelin'>Allow HTML Tags :</div><div class='in'><input type='text' name='allowedtags' value='$current[allowedtags]' size='20' class='smallstring'> (space-separated)</div>\n";
$page['content'] .= "<div class='label labelin'>Allow Editing for :</div><div class='in'><input type='text' name='editfor' value='$current[editfor]' size='3' class='num'> minutes</div>\n";
$page['content'] .= "<div class='check indented'><label><input type='checkbox' name='linksnofollow' value='1' $linksnofollow> Add 'nofollow' attribute to links</label></div>\n";
$page['content'] .= "<div class='check indented'><label><input type='checkbox' name='linksnewwindow' value='1' $linksnewwindow> Open links in new window/tab</label></div>\n";
$page['content'] .= "<div class='subtitle' $bs_disabled>Spam Detection:</div>\n";
$page['content'] .= "<div class='check $bs_disabled'><label><input type='checkbox' name='blogspam' value='1' $blogspam $bs_disabled> Enable blogspam.net analysis</label></div>\n";
$page['content'] .= "<div class='check indented $bs_disabled'>Disable Bayesian analysis until:</div>";
$page['content'] .= "<div class='check indented $bs_disabled'><input type='text' name='minbayesok' value='$current[minbayesok]' size='3' class='num' $bs_disabled> Ham comments are trained, and</div>\n";
$page['content'] .= "<div class='check indented $bs_disabled'><input type='text' name='minbayesspam' value='$current[minbayesspam]' size='3' class='num' $bs_disabled> Spam comments are trained.</div>\n";
$page['content'] .= $bs_message;
$page['content'] .= "<div style='clear:left'></div>\n</div>\n\n";

$page['content'] .= "<div id='panel5' class='panel'>";
$page['content'] .= "<div class='label'>Nonce Salt :</div><div class='in'><input type='text' name='noncesalt' value='$current[noncesalt]' size=30 class='string'></div>\n";
$page['content'] .= "<div class='label'>Nonce Lifetime :</div><div class='in'><input type='text' name='nonceslifetime' value='$current[nonceslifetime]' size=4 class='num'> hours</div>\n";
$page['content'] .= "<div class='label'>Prune Every :</div><div class='in'><input type='text' name='noncespruneinterval' value='$current[noncespruneinterval]' size=4 class='num'> hours</div>\n";
$page['content'] .= "<div style='clear:left'></div>\n</div>\n\n";

$page['content'] .= "<div id='panel6' class='panel'>";
$page['content'] .= "<div class='subtitle subtop'><b>Articles Feed:</b></div>";
$page['content'] .= "<div class='check'><label><input type='checkbox' name='rssposts' value='1' $rssposts> Enable articles feed</label></div>\n";
$page['content'] .= "<div class='check indented'>Include <input type='text' name='rssnumposts' value='$current[rssnumposts]' size='3' class='num'> most recent posts</div>\n";
$page['content'] .= "<div class='check indented'><label>Use first <input type='text' name='rssdesclength' value='$current[rssdesclength]' size='3' class='num'> characters for description (if no excerpt)</div>\n";
$page['content'] .= "<div class='check indented'><input type='checkbox' name='rssfullcontent' value='1' $rssfullcontent> Include full content (CDATA)</div>\n";
$page['content'] .= "<div class='subtitle'><b>Comment Feeds:</b></div>";
$page['content'] .= "<div class='check'><label><input type='checkbox' name='rsscomments' value='1' $rsscomments> Enable comment feeds</label></div>\n";
$page['content'] .= "<div class='check indented'>Use first <input type='text' name='rsscomdesclength' value='$current[rsscomdesclength]' size='3' class='num'> characters for description</div>\n";
$page['content'] .= "<div class='check indented'><input type='checkbox' name='rsscomfullcontent' value='1' $rsscomfullcontent> Include full content (CDATA)</div>\n";
$page['content'] .= "<div style='clear:left'></div>\n</div>\n\n";

$page['cssfile'] = 'themes/' . $cfg['theme'] . '/admin.css';
$page['pagetitle'] = 'Settings';
$page['contentclass'] = 'settings';
$page['infobar'] = "<div class='infobar'>Settings</div>";
$page['lastpage'] = $_SESSION['lastpage'];
$page['navbottom'] = "<ul class='adminnav'><li><a href='./'>Home</a></li>\n$adminnav</ul>\n";
// Build a nonce.
$page['stamp'] = time();
$page['nonce'] = sha1( $page['stamp'] . $_SERVER['REMOTE_ADDR'] . $cfg['noncesalt'] );

$subtemplate = file_get_contents('themes/' . $cfg['theme'] . '/templates/sub_settings.tpl');
$template = file_get_contents('themes/' . $cfg['theme'] . '/templates/main.tpl');
$template = str_replace("#maincontent#", $subtemplate, $template);
foreach ($page as $key => $val) {
	$template = str_replace("#${key}#",$val,$template);
}
echo $template;
exit;
?>
Return current item: Blite