Location: PHPKode > projects > Edit-Point > edit-point/index.php
<?php
########################################################################
# Edit-Point 4.01 Beta - Simple Content Management System
# Copyright (c)2005-2009 Todd Strattman
# hide@address.com
# http://covertheweb.com/edit-point/
# License: LGPL
########################################################################

// Config.php is the main configuration file.
include('config.php');
// Password file.
if (is_file("$datadir/user_pass.php")) {
include ("$datadir/user_pass.php");
}
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
if ($su == "on") {
	$page_name = "su";
} else {
	$page_name = "index";
}
// Get current page URL for "edit" links on webpages.
function url() {
	$page_url = 'http';
	if ($_SERVER['HTTPS'] == "on") {
		$pageURL .= "s";
	}
	$page_url .= "://";
	if ($_SERVER['SERVER_PORT'] != "80") {
		$page_url .= $_SERVER['HTTP_HOST'] . ":" . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
	} else {
		$page_url .= $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
	}
	return $page_url;
}
$pageurl = url();

// Password protection.
// Random string generator.
function randomstring($length){
	$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
	$string  = $chars{ rand(0,62) };
	for($i=1;$i<$length;$i++){
		$string .= $chars{ rand(0,62) };
	}
	return $string;
}
if ($password_protect == "on") {
	session_start();
	if(!empty($_POST['pass_hash_user'])) {
		// Crypt, hash, and store password in session.
		$_SESSION['pass_hash_user'] = crypt(md5($_POST['pass_hash_user']), md5($_POST['pass_hash_user']));
		// Crypt random string with random string seed for agent response.
		$string_agent = crypt($_SESSION['random'], $_SESSION['random']);
		// Hash crypted random string for random string response.
		$string_string = md5($string_agent);
		// Hash and concatenate md5/crypted random string and password hash posts.
		$string_response = md5($string_string . $_POST['pass_hash2']);
		// Concatenate agent and language.
		$agent_lang = getenv('HTTP_USER_AGENT') . getenv('HTTP_ACCEPT_LANGUAGE');
		// Hash crypted agent/language concatenate with random string seed for check against post.
		$agent_response = md5(crypt(md5($agent_lang), $string_agent));
	// Check crypted pass against stored pass. Check random string and pass hashed concatenate against post. Check hashed and crypted agent/language concatenate against post.
	} if (($_SESSION['pass_hash_user'] != $user_password) || ($_POST['pass_string_hash'] != $string_response) || ($_POST['agenthash'] != $agent_response)) {
		// Otherwise, give login.
		if ($head == "on") {
			include("header.php");
		}
		// Set random string session.
		$_SESSION['random'] = randomstring(40);
		// Crypt random string with random string seed.
		$rand_string = crypt($_SESSION['random'], $_SESSION['random']);
		// Concatenate agent and language.
		$agent_lang = getenv('HTTP_USER_AGENT').getenv('HTTP_ACCEPT_LANGUAGE');
		// Crypt agent and language with random string seed for form submission.
		$agent = crypt(md5($agent_lang), $rand_string);
		// Form md5 and encrypt javascript.
		echo "$p
		<b>$l_global13</b>
		$p2
		<script type=\"text/javascript\" src=\"jscripts/crypt/sha256.js\"></script>
		<script type=\"text/javascript\" src=\"jscripts/crypt/md5.js\"></script>
		<script type=\"text/javascript\">
		function obfuscate() {
			document.form1.pass_hash_user.value = hex_sha256(document.form1.pass_user.value);
			document.form1.pass_hash2.value = hex_md5(document.form1.pass_user.value);
			document.form1.string_hash.value = hex_md5(document.form1.string.value);
			document.form1.pass_string_hash.value =  hex_md5(document.form1.string_hash.value  + document.form1.pass_hash2.value);
			document.form1.agenthash.value = hex_md5(document.form1.agent.value);
			document.form1.pass_user.value = \"\";
			document.form1.string.value = \"\";
			document.form1.agent.value = \"\";
			document.form1.jscript.value = \"on\";
			return true;
		}
		</script>
		<form action=\"$pageurl\" method=\"post\" name=\"form1\" onsubmit=\"return obfuscate()\">
		$p
		<input name=\"jscript\" type=\"hidden\" value=\"off\" />
		<input name=\"pass_hash_user\" type=\"hidden\" value=\"\" />
		<input name=\"pass_hash2\" type=\"hidden\" value=\"\" />
		<input name=\"string_hash\" type=\"hidden\" value=\"\" />
		<input name=\"pass_string_hash\" type=\"hidden\" value=\"\" />
		<input name=\"agenthash\" type=\"hidden\" value=\"\" />
		<input name=\"string\" type=\"hidden\" value=\"$rand_string\" />
		<input name=\"agent\" type=\"hidden\" value=\"$agent\" />
		<input type=\"password\" name=\"pass_user\" />
		<input type=\"submit\" value=\"$l_global14\" />
		$p2
		</form>";
		if ($head == "on") {
			include("footer.php");
		}
		exit();
	}
} else {
}
// End password protection.

// Show Edit-Points.
function index () {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
if ($su == "on") {
	$page_name = "su";
} else {
	$page_name = "index";
}
// Include header if "on" in config.php.
if ($head == "on") {
	include("header.php");
}
include("$datadir/textlinks.txt");
if ($head == "on") {
	include("footer.php");
}
}

// Open Edit-Point to edit.
function index2($name) {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$tiny_head = "on";
$logout = "index.php";
if ($su == "on") {
	$page_name = "su";
} else {
	$page_name = "index";
}
// Include header if "on" in config.php.
if ($head == "on") {
	include("header.php");
}
$txt = 'txt'; // Extension for data files.
$nametxt = $name.'.'.$txt; // Add extension to $name for data files.
// Open file for editing
echo "<form action=\"index.php\" method=\"post\">
$p
<b>$l_index1 : $name</b>
$p2
$p
<input type=\"hidden\" name=\"name\" value=\"$name\" />
<textarea class=\"mce_editable\" name=\"comments\" cols=\"$edit_width\" rows=\"$edit_height\">";
include("$datadir/$nametxt");
echo "</textarea>
<br />
<input type=\"hidden\" name=\"cmd\" value=\"index3\" />
<input name=\"submit\" type=\"submit\" value=\"$l_global6\" /> <input type=\"button\" onClick=\"javascript:location='index.php';\" value=\"$l_global5\" />
$p2</form>";

// Include footer if "on" in config.php.
if ($head == "on") {
include("footer.php");
}
}

// Save Edit-Point changes.
function index3($name, $comments) {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
if ($su == "on") {
	$page_name = "su";
} else {
	$page_name = "index";
}
// Include header if "on" in config.php.
if ($head == "on") {
	include("header.php");
}

$txt = 'txt'; // Extension for data files.
$nametxt = $name.'.'.$txt; // Add extension to $name for data files.
$comments = stripslashes($comments); // Stripslashes.

// Open file and write changes
$open = fopen("$datadir/$nametxt", 'wb');
fwrite($open, $comments);
fclose($open);

echo "<script type=\"text/javascript\">
<!--
var URL   = \"index.php\"
var speed = $edit_redirect
function reload() {
location = URL
}
setTimeout(\"reload()\", speed);
//-->
</script>
$p
$l_index2
$p2
$p
$l_index3
$p2";

// Include footer if "on" in config.php.
if ($head == "on") {
	include("footer.php");
}
}

function logout (){
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
if ($su == "on") {
	$page_name = "su";
} else {
	$page_name = "index";
}
// Include header if "on" in config.php.
if ($head == "on") {
	include("header.php");
}
session_destroy ();
session_unset ($_SESSION['pass_hash_user']);
echo "<script type=\"text/javascript\">
<!--
var URL   = \"index.php\"
var speed = $edit_redirect
function reload() {
location = URL
}
setTimeout(\"reload()\", speed);
//-->
</script>
$p
$l_global10
$p2
$p
$l_global11
$p2";
// Include footer if "on" in config.php.
if ($head == "on") {
	include("footer.php");
}
}

switch(@$_REQUEST['cmd']) {
	default:
	index();
	break;

case "index2";
	index2($_REQUEST['name']);
	break;

case "index3";
	index3($_POST['name'], $_POST['comments']);
	break;

case "logout";
	logout();
	break;
}

?>
Return current item: Edit-Point