Location: PHPKode > projects > Buran > buran_v1.0-beta2/simpleadmin/index.php
<?php

/**
*
* Buran CMS - content & community management
* Copyright (c) 2008 Basilisk Digital
* http://www.basilisk-digital.ch
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*
**/

error_reporting(E_ALL);
//error_reporting(0);

/////////////////////////////////////////////////
// INCLUDE FILES, ESTABLISH A DB CONNECTION, GET THE SETTINGS, ETC.
/////////////////////////////////////////////////

// make sure we are using the UTF-8 charset
header('content-type: text/html; charset=utf-8');

// define IN_BURAN
define('IN_BURAN', true);

// include config file
require('../config.php');

// check if the config data is valid
if(!defined('db_host') || !defined('db_username') || !defined('db_password') || !defined('db_prefix') || !defined('base_url') || !defined('base_path')){
	die('Buran\'s config file appears to be empty or invalid.<p />Has Buran been installed properly yet?');
}

// Make sure the page is being accessed using the subdomain defined in the config.php file.
// This avoids a potential bug. If we set "http://www.buranhost.com" in the config and then
// access the webpage through just "http://buranhost.com", some JavaScript in pop-ups, such
// as the filemanager, will cease working due to permission problems, because the JavaScript
// will still be loaded from "http://www.buranhost.com". Due to security reasons, modern
// browsers will not allow scripts which are both from different hosts and in different windows
// to interact.
$base_url_length = strlen(base_url);
$real_url = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if(substr($real_url, 0, $base_url_length) != base_url){
	$new_url = base_url.$_SERVER['REQUEST_URI'];
	header('Location: '.$new_url); die();
}

// include functions files
require(base_path.'libraries/inc_admin.php');
require(base_path.'libraries/inc_block.php');
require(base_path.'libraries/inc_cache.php');
require(base_path.'libraries/inc_captcha.php');
require(base_path.'libraries/inc_errorlog.php');
require(base_path.'libraries/inc_event.php');
require(base_path.'libraries/inc_fckeditor.php');
require(base_path.'libraries/inc_misc.php');
require(base_path.'libraries/inc_module.php');
require(base_path.'libraries/inc_navigation.php');
require(base_path.'libraries/inc_page.php');
require(base_path.'libraries/inc_permissions.php');
require(base_path.'libraries/inc_rss.php');
require(base_path.'libraries/inc_sanitise.php');
require(base_path.'libraries/inc_search.php');
require(base_path.'libraries/inc_settings.php');
require(base_path.'libraries/inc_shorturl.php');
require(base_path.'libraries/inc_text.php');
require(base_path.'libraries/inc_translation.php');
require(base_path.'libraries/inc_theme.php');
require(base_path.'libraries/inc_upload.php');
require(base_path.'libraries/inc_uploadgroup.php');
require(base_path.'libraries/inc_user.php');
require(base_path.'libraries/inc_userprofile.php');

// include image functions
if(img_processor == 'gd'){
	require(base_path.'libraries/inc_image-gd.php');
}
elseif(img_processor == 'imagemagick'){
	require(base_path.'libraries/inc_image-im.php');
}

// set custom error handler
set_error_handler('buran_errorlog_handler');

// turn off magic_quotes_runtime and undo the effect of magic_quotes_gpc
set_magic_quotes_runtime(0);
buran_sanitise_magicquotes();

// include database function file
require(base_path.'libraries/inc_db-mysql.php');

// get the core settings from the database
$CONF = buran_settings_load('core');

// get the URL parameters
$PARAMS = array_merge($_GET, $_POST);

// create the language array
$LANG = array();





/////////////////////////////////////////////////
// HANDLE SESSIONS
/////////////////////////////////////////////////

// start session
if(isset($_COOKIE['sess_id'])){
	$sess_id = $_COOKIE['sess_id'];
} else {
	$sess_id = md5($_SERVER['REMOTE_ADDR']).md5(base_url).rand(1,10000000);
	if(strpos(base_domain,'.') === false){ // Fix for IE and for Gecko-based browsers
		setcookie('sess_id', $sess_id, time()+31556926, base_directory);
	} else {
		setcookie('sess_id', $sess_id, time()+31556926, base_directory, base_domain);
	}
}
session_name(base_url);
session_id($sess_id);
session_start();
header('Cache-control: private'); // IE 6 Fix.

if(isset($PARAMS['logout']) && $PARAMS['logout'] == 'yeslogmeoutfromtheadminpanelplz'){

	if(isset($_COOKIE['login_name']) && isset($_COOKIE['login_pw_'])){
	
		if(strpos(base_domain,'.') === false){ // Fix for IE and for Gecko-based browsers
			setcookie('login_name', '', time()-31556926, base_directory);
			setcookie('login_pw', '', time()-31556926, base_directory);
		} else {
			setcookie('login_name', '', time()-31556926, base_directory, base_domain);
			setcookie('login_pw', '', time()-31556926, base_directory, base_domain);
		}
	}
	
	buran_event_run('userLoggedOut',$_SESSION['user_id']);
	
	session_destroy();
	
	if(isset($_COOKIE['login_name']) && isset($_COOKIE['login_pw'])){
		if(strpos(base_domain,'.') === false){ // Fix for IE and for Gecko-based browsers
			setcookie('login_name', '', time()-31556926, base_directory);
			setcookie('login_pw', '', time()-31556926, base_directory);
		} else {
			setcookie('login_name', '', time()-31556926, base_directory, base_domain);
			setcookie('login_pw', '', time()-31556926, base_directory, base_domain);
		}
	}
	
	header('Location: index.php');
	die();
}

if(!isset($_SESSION['user_id']) && isset($_COOKIE['login_name']) && isset($_COOKIE['login_pw'])){
	
	$password_retrieve_q1 = buran_db_query("SELECT id,password FROM {db_prefix}users WHERE username='{?}'", $_COOKIE['login_name']);
	$password_retrieve_row = buran_db_fetchassoc($password_retrieve_q1);
	
	if($_COOKIE['login_pw'] == $password_retrieve_row['password']) {
		buran_user_session($password_retrieve_row['id']); // if password was correct, create user session
		buran_event_run('userLoggedIn',$password_retrieve_row['id']);
	}
	
}

if(isset($PARAMS['login']) && $PARAMS['login'] == 1){
	$password = md5($PARAMS['password']);
	$password_q1 = buran_db_query("SELECT id,password FROM {db_prefix}users WHERE username='{?}'", $PARAMS['username']);
	$password_r1 = buran_db_fetchassoc($password_q1);
	if($password == $password_r1['password']) {
		buran_user_session($password_r1['id']);
	}
}
elseif(!isset($_SESSION['user_id'])){
	buran_user_session(1);
} else {
	buran_user_session($_SESSION['user_id']);
}





/////////////////////////////////////////////////
// HANDLE LANGUAGE SWITCHES
/////////////////////////////////////////////////

if(isset($PARAMS['buranlanguage'])){
	$update_q1 = buran_db_query("UPDATE {db_prefix}users SET standardlanguage='{?}' WHERE id='{?}'", $PARAMS['buranlanguage'], $_SESSION['user_id']);
	buran_cache_clearvalue('core', 'userstart_'.$_SESSION['user_id']);
	
	header('Location: index.php'); die();
}






/////////////////////////////////////////////////
// FIGURE OUT WHAT CONTENT THE USER WANTED
/////////////////////////////////////////////////

// Include the core language file

$core_language_file = buran_sanitise_path(base_path.'modules/core/languages/lang_'.$_SESSION['buran_languagepack'].'.php');
include($core_language_file);


// Reload $CONF

$CONF = buran_settings_load('core');


// Retrieve some required variables

if(empty($CONF['simpleadmin_pagelist'])){
	define('core_error_message', $LANG['core_simpleadmin_no_pages_set']);
	include(base_path.'simpleadmin/error.php'); die();
}

$pagelist = explode('@', $CONF['simpleadmin_pagelist']);
if(count($pagelist) == 1){
	$list_page = $pagelist[0];
	$show_overview_link = false;
}
else {
	$list_page = 0;
	$show_overview_link = true;
}

if(isset($PARAMS['page']) && in_array($PARAMS['page'], $pagelist)){
	$CONF['page'] = $PARAMS['page'];
}
else {
	$CONF['page'] = $list_page;
}

$CONF['module'] = buran_page_getmodule($CONF['page']);

if(isset($PARAMS['subpage'])){
	$CONF['subpage'] = $PARAMS['subpage'];
}
else {
	$CONF['subpage'] = 'main';
	if($CONF['page'] == 0){
		$CONF['subpage'] = 'simpleadmin_main';
	}
}

$CONF['buranview'] = 'system'; ///TODO: Correct?


// get page title

$title_q1 = buran_db_query("SELECT title FROM {db_prefix}pages WHERE id='{?}'", $CONF['page']);
$title_r1 = buran_db_fetchassoc($title_q1);
$CONF['page_title'] = buran_text_title($title_r1['title']);


// get the module settings

if($CONF['module'] != 'core'){
	$CONF_module = buran_settings_load($CONF['module']);
	$CONF = array_merge($CONF,$CONF_module);
}


// Include the module language file

$module_language_file = buran_loadlanguage($CONF['module']);
include($module_language_file);





/////////////////////////////////////////////////
// OUTPUT THE ADMIN PAGE'S HTML LAYOUT AND THE CONTENT
/////////////////////////////////////////////////

?>
<?php
// If the user is not logged in, echo the log in form and exit
if(!buran_user_isadmin()){
	$loginform = '<strong>'.$LANG['core_need_login_to_access'].'</strong><p />';
	$loginform .= '<form accept-charset="utf-8" method="post" action="index.php">';
	$loginform .= '<input type="hidden" name="login" value="1">';
	$loginform .= $LANG['core_need_login_to_access_un'].'<br />';
	$loginform .= '<input type="text" name="username">';
	$loginform .= '<p />';
	$loginform .= $LANG['core_need_login_to_access_pw'].'<br />';
	$loginform .= '<input type="password" name="password">';
	$loginform .= '<p />';
	$loginform .= '<input type="submit" value="'.$LANG['core_need_login_to_access_li'].'">';
	$loginform .= '</form>';
	define('core_error_message', $loginform);
	include(base_path.'simpleadmin/error.php'); die();
}
// If the user is logged in but not an admin, exit with an error message
if(!buran_user_isadmin()){
	define('core_error_message', $LANG['core_only_admins']);
	include(base_path.'simpleadmin/error.php'); die();
}

// If the install directory still exists, exit with an error message
if(is_dir(base_path.'install')) {
	define('core_error_message', $LANG['core_remove_install']);
	include(base_path.'simpleadmin/error.php'); die();
}

?>

<html>
<head>
	<title><?php echo $CONF['website_title'].' - '.$LANG['core_buran_admin_panel']; ?></title>
	
	<link rel="stylesheet" type="text/css" href="../admin/adminstyle.css" />
	
	<script type="text/javascript" src="pagetree.js"></script>
	<?php echo buran_jslang($LANG); ?>
	
</head>
<body>
	
	<div style="width: 75%; margin-left: auto; margin-right: auto; background-color: #2b6d9b; border: 1px solid #1a5c8a; margin-bottom: 14pt; text-align: right; color: #ffffff; padding-top: 2pt; padding-bottom: 2pt;">
		
		<a href="index.php?logout=yeslogmeoutfromtheadminpanelplz" style="color: #ffffff; float: right;"><?php echo $LANG['core_admin_logout']; ?>&nbsp;&nbsp;&nbsp;&nbsp;</a>
		
		<?php if($show_overview_link == true){ ?>
			<a href="index.php" style="color: #ffffff; float: left;">&nbsp;&nbsp;&nbsp;&nbsp;<?php echo $LANG['core_simpleadmin_main']; ?></a>
		<?php } ?>
		
	</div>
	
	<table class="master_table" cellspacing="0" style="width: 75%; margin-left: auto; margin-right: auto;">
	<tr>
	<td class="master_rightcol" align="center">
		
		<div style="padding: 18pt; text-align: left;">
			
			<?php
			$modulefile = base_path.'modules/'.$CONF['module'].'/admin/'.$CONF['subpage'].'.php';
			$modulefile = buran_sanitise_path($modulefile);
			if(!is_file($modulefile)){
				die($LANG['core_module_admin_file_not_found']);
			}
			
			if(buran_module_isinstalled($CONF['module'])){
				ob_start();
				include($modulefile);
				$content_tab_content = ob_get_contents();
				ob_end_clean();
			} else {
				$content_tab_content = $LANG['core_cant_edit_page_without_module'];
			}
			
			echo $content_tab_content;
			
			?>
			
		</div>
		
	</td>
	</tr>
	</table>
	
</body>
</html>
Return current item: Buran