<?php
########################################################################
# Edit-Point 4.01 Beta - Simple Content Management System
# Copyright (c)2005-2009 Todd Strattman
# hide@address.com
# http://covertheweb.com/edit-point/
# License: LGPL
########################################################################
// Config.php is the main configuration file.
include('config.php');
// Password file.
if (is_file("$datadir/user_pass.php")) {
include ("$datadir/user_pass.php");
}
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
if ($su == "on") {
$page_name = "su";
} else {
$page_name = "index";
}
// Get current page URL for "edit" links on webpages.
function url() {
$page_url = 'http';
if ($_SERVER['HTTPS'] == "on") {
$pageURL .= "s";
}
$page_url .= "://";
if ($_SERVER['SERVER_PORT'] != "80") {
$page_url .= $_SERVER['HTTP_HOST'] . ":" . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
} else {
$page_url .= $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
}
return $page_url;
}
$pageurl = url();
// Password protection.
// Random string generator.
function randomstring($length){
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
$string = $chars{ rand(0,62) };
for($i=1;$i<$length;$i++){
$string .= $chars{ rand(0,62) };
}
return $string;
}
if ($password_protect == "on") {
session_start();
if(!empty($_POST['pass_hash_user'])) {
// Crypt, hash, and store password in session.
$_SESSION['pass_hash_user'] = crypt(md5($_POST['pass_hash_user']), md5($_POST['pass_hash_user']));
// Crypt random string with random string seed for agent response.
$string_agent = crypt($_SESSION['random'], $_SESSION['random']);
// Hash crypted random string for random string response.
$string_string = md5($string_agent);
// Hash and concatenate md5/crypted random string and password hash posts.
$string_response = md5($string_string . $_POST['pass_hash2']);
// Concatenate agent and language.
$agent_lang = getenv('HTTP_USER_AGENT') . getenv('HTTP_ACCEPT_LANGUAGE');
// Hash crypted agent/language concatenate with random string seed for check against post.
$agent_response = md5(crypt(md5($agent_lang), $string_agent));
// Check crypted pass against stored pass. Check random string and pass hashed concatenate against post. Check hashed and crypted agent/language concatenate against post.
} if (($_SESSION['pass_hash_user'] != $user_password) || ($_POST['pass_string_hash'] != $string_response) || ($_POST['agenthash'] != $agent_response)) {
// Otherwise, give login.
if ($head == "on") {
include("header.php");
}
// Set random string session.
$_SESSION['random'] = randomstring(40);
// Crypt random string with random string seed.
$rand_string = crypt($_SESSION['random'], $_SESSION['random']);
// Concatenate agent and language.
$agent_lang = getenv('HTTP_USER_AGENT').getenv('HTTP_ACCEPT_LANGUAGE');
// Crypt agent and language with random string seed for form submission.
$agent = crypt(md5($agent_lang), $rand_string);
// Form md5 and encrypt javascript.
echo "$p
<b>$l_global13</b>
$p2
<script type=\"text/javascript\" src=\"jscripts/crypt/sha256.js\"></script>
<script type=\"text/javascript\" src=\"jscripts/crypt/md5.js\"></script>
<script type=\"text/javascript\">
function obfuscate() {
document.form1.pass_hash_user.value = hex_sha256(document.form1.pass_user.value);
document.form1.pass_hash2.value = hex_md5(document.form1.pass_user.value);
document.form1.string_hash.value = hex_md5(document.form1.string.value);
document.form1.pass_string_hash.value = hex_md5(document.form1.string_hash.value + document.form1.pass_hash2.value);
document.form1.agenthash.value = hex_md5(document.form1.agent.value);
document.form1.pass_user.value = \"\";
document.form1.string.value = \"\";
document.form1.agent.value = \"\";
document.form1.jscript.value = \"on\";
return true;
}
</script>
<form action=\"$pageurl\" method=\"post\" name=\"form1\" onsubmit=\"return obfuscate()\">
$p
<input name=\"jscript\" type=\"hidden\" value=\"off\" />
<input name=\"pass_hash_user\" type=\"hidden\" value=\"\" />
<input name=\"pass_hash2\" type=\"hidden\" value=\"\" />
<input name=\"string_hash\" type=\"hidden\" value=\"\" />
<input name=\"pass_string_hash\" type=\"hidden\" value=\"\" />
<input name=\"agenthash\" type=\"hidden\" value=\"\" />
<input name=\"string\" type=\"hidden\" value=\"$rand_string\" />
<input name=\"agent\" type=\"hidden\" value=\"$agent\" />
<input type=\"password\" name=\"pass_user\" />
<input type=\"submit\" value=\"$l_global14\" />
$p2
</form>";
if ($head == "on") {
include("footer.php");
}
exit();
}
} else {
}
// End password protection.
// Show Edit-Points.
function index () {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
if ($su == "on") {
$page_name = "su";
} else {
$page_name = "index";
}
// Include header if "on" in config.php.
if ($head == "on") {
include("header.php");
}
include("$datadir/textlinks.txt");
if ($head == "on") {
include("footer.php");
}
}
// Open Edit-Point to edit.
function index2($name) {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$tiny_head = "on";
$logout = "index.php";
if ($su == "on") {
$page_name = "su";
} else {
$page_name = "index";
}
// Include header if "on" in config.php.
if ($head == "on") {
include("header.php");
}
$txt = 'txt'; // Extension for data files.
$nametxt = $name.'.'.$txt; // Add extension to $name for data files.
// Open file for editing
echo "<form action=\"index.php\" method=\"post\">
$p
<b>$l_index1 : $name</b>
$p2
$p
<input type=\"hidden\" name=\"name\" value=\"$name\" />
<textarea class=\"mce_editable\" name=\"comments\" cols=\"$edit_width\" rows=\"$edit_height\">";
include("$datadir/$nametxt");
echo "</textarea>
<br />
<input type=\"hidden\" name=\"cmd\" value=\"index3\" />
<input name=\"submit\" type=\"submit\" value=\"$l_global6\" /> <input type=\"button\" onClick=\"javascript:location='index.php';\" value=\"$l_global5\" />
$p2</form>";
// Include footer if "on" in config.php.
if ($head == "on") {
include("footer.php");
}
}
// Save Edit-Point changes.
function index3($name, $comments) {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
if ($su == "on") {
$page_name = "su";
} else {
$page_name = "index";
}
// Include header if "on" in config.php.
if ($head == "on") {
include("header.php");
}
$txt = 'txt'; // Extension for data files.
$nametxt = $name.'.'.$txt; // Add extension to $name for data files.
$comments = stripslashes($comments); // Stripslashes.
// Open file and write changes
$open = fopen("$datadir/$nametxt", 'wb');
fwrite($open, $comments);
fclose($open);
echo "<script type=\"text/javascript\">
<!--
var URL = \"index.php\"
var speed = $edit_redirect
function reload() {
location = URL
}
setTimeout(\"reload()\", speed);
//-->
</script>
$p
$l_index2
$p2
$p
$l_index3
$p2";
// Include footer if "on" in config.php.
if ($head == "on") {
include("footer.php");
}
}
function logout (){
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
if ($su == "on") {
$page_name = "su";
} else {
$page_name = "index";
}
// Include header if "on" in config.php.
if ($head == "on") {
include("header.php");
}
session_destroy ();
session_unset ($_SESSION['pass_hash_user']);
echo "<script type=\"text/javascript\">
<!--
var URL = \"index.php\"
var speed = $edit_redirect
function reload() {
location = URL
}
setTimeout(\"reload()\", speed);
//-->
</script>
$p
$l_global10
$p2
$p
$l_global11
$p2";
// Include footer if "on" in config.php.
if ($head == "on") {
include("footer.php");
}
}
switch(@$_REQUEST['cmd']) {
default:
index();
break;
case "index2";
index2($_REQUEST['name']);
break;
case "index3";
index3($_POST['name'], $_POST['comments']);
break;
case "logout";
logout();
break;
}
?>