<?php
session_start();
//////////////////////////////////////////////////////////////////
// OrbitFAQ //
// --------- //
// //
// Orbit FAQ was solely written and developed by Orbit Services //
// http://www.orbitservices.net //
// //
// Access the Forum here: //
// http://forums.orbitservices.net/index.php?c=4 //
// //
// OrbitFAQ utilises the following opensource projects/classes; //
// + Fckeditor - http://www.fckeditor.net //
// + Smarty Template Engine - http://smarty.php.net //
// + Swift Email Class - http://www.swiftmailer.org/ //
// + OWASP PHP Filter Project - http://www.owasp.org //
// + MySQL Search Class by Stephen Bartholomew //
// //
//////////////////////////////////////////////////////////////////
// Get our Admin Specific Includes
require('incs/admin.config.inc.php');
require('../incs/config.inc.php');
require('../incs/db.inc.php');
require('incs/admin.classes.inc.php');
// Check for actions
require('incs/admin.checkactions.inc.php');
// Lets get our common $_GET values and sanitize them
$faq = sanitize_paranoid_string($_GET['faq']); // Selected FAQ
$ca = sanitize_paranoid_string($_GET['ca']); // Category
$qn = sanitize_paranoid_string($_GET['qn']); // Question
$view = sanitize_paranoid_string($_GET['view']); // View Type
$action = sanitize_paranoid_string($_GET['action']); // Action
$mod = sanitize_paranoid_string($_GET['mod']); // Action
$type = sanitize_paranoid_string($_GET['type']); // Type
$user = sanitize_paranoid_string($_GET['user']); // Type
$posted = $_GET['posted']; // Posted
$message = $_GET['message']; // Submitted Messages
$ip = $_SERVER['REMOTE_ADDR'];
$smarty = new Smarty;
$smarty->compile_check = false;
$smarty->debugging = false;
$SmartyCompileDir = "$AdminFullPath/skins/$AdminSkin/skins_c";
$smarty->compile_dir = $SmartyCompileDir;
require('../incs/common.inc.php');
$smarty->assign("DefaultSkin","$AdminSkin");
$smarty->assign("message","$message");
$smarty->assign("action_msg","$action_msg");
$smarty->assign("mod","$mod");
$smarty->assign("SiteTitle","$AdminOrbitFAQTitle");
$smarty->assign("AdminFullPath","$AdminFullPath");
$smarty->assign("OrbitFAQVersion","$orbitfaq_version");
$smarty->assign('FAQmods',$faqmods);
$smarty->assign('FAQtoplinks',$faqtoplinks);
// First Thing we need to do is check that they are authenticated to login
// Let check if the IP is banned to access the Admin Panel
// First we make sure the BannedUser variable is not set
// as a GET variable.
if($_GET['BannedUser'] == '')
{
$BannedUser = checkBanList($ip);
$smarty->assign("BannedUser","$BannedUser");
}
else
{
$BannedUser = '0';
$smarty->assign("BannedUser","$BannedUser");
}
// If the BannedUser variable is 0 then dont even show the login form.
if($BannedUser == '0')
{
$smarty->assign("OrbitFAQTitle","Your IP Has Been Banned");
$message = "You are trying to access the system via a Banned IP Address.";
$smarty->assign("message","$message");
$smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_auth_bannedip.tpl";
$smarty->display("file:$smarty_template_file");
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
exit;
}
// Let check if the username has to access the Admin Panel
// First we make sure the AuthUser variable is not set
// as a GET variable.
if($_GET['AuthUser'] == '')
{
$accesslvl = $_SESSION['orbitfaq_accesslevel'];
$AuthUser = checkAuthentication($accesslvl);
$smarty->assign("AuthUser","$AuthUser");
$smarty->assign("AccessLvl","$accesslvl");
$orbitfaq_userid = $_SESSION['orbitfaq_userid'];
$smarty->assign("AuthUserID","$orbitfaq_userid");
}
else
{
$AuthUser = '0';
$smarty->assign("AuthUser","$AuthUser");
// Tell the user that they are being bad
$message = "You are trying to access the system through dodgy methods!! Thats not very nice! Your IP Address has been recorded in the Banlist!!";
if($BanInvalidAuthUser == '1')
{
$query_add = "INSERT INTO `orbitfaq_banlist` ( `ban_type`, `detail`)VALUES('ip','$ip');";
$result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");
}
$smarty->assign("OrbitFAQTitle","You Are One Dodgy Person!!");
$smarty->assign("message","$message");
$smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_auth_bannedip.tpl";
$smarty->display("file:$smarty_template_file");
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
exit;
}
// If the AuthUser variable is 0 then show the login
if(($AuthUser == '0')AND($action != 'login')AND($action != 'logout'))
{
$smarty->assign("OrbitFAQTitle","Login");
if($message == '')
{
$message = 'You are not authenticated to access this page, please log in.';
}
$smarty->assign("message","$message");
$smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_auth_loginform.tpl";
$smarty->display("file:$smarty_template_file");
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
exit;
}
// All User/IP Validation is complete so we can now start
// the real stuff.
if($mod != '')
{
require("modules/$mod/index.php");
$smarty->assign("OrbitFAQTitleImage","$mod");
}
else
{
require("modules/frontpage/index.php");
$smarty->assign("OrbitFAQTitleImage","frontpage");
}
// Do Not Cache - turn off after dev
$smarty->caching = 0;
// Load our Template
$smarty->display("file:$smarty_template_file");
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
exit;
?>