API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 5th, 2017
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.91 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. * ReimuCMS - mod_base
  4. *
  5. * Copyright (c) 2011 ReimuHakurei
  6. *
  7. * Permission is hereby granted, free of charge, to any person obtaining a copy
  8. * of this software and associated documentation files (the "Software"), to deal
  9. * in the Software without restriction, including without limitation the rights
  10. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11. * copies of the Software, and to permit persons to whom the Software is
  12. * furnished to do so, subject to the following conditions:
  13. *
  14. * The above copyright notice and this permission notice shall be included in
  15. * all copies or substantial portions of the Software.
  16. *
  17. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  20. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  23. * THE SOFTWARE.
  24. */
  25.  
  26. global $ReimuCMS;
  27.  
  28. include("data/mysql.php");
  29.  
  30. // MySQL connect
  31. mysql_connect($ReimuCMS[mysql_server], $ReimuCMS[mysql_user], $ReimuCMS[mysql_pass]);
  32. mysql_select_db($ReimuCMS[mysql_db]);
  33.  
  34. $queries = 0;
  35. function reimucms_do_query($query_string) {
  36. global $queries;
  37. $sql_query_result = mysql_query($query_string);
  38. $queries = $queries + 1;
  39.  
  40. return $sql_query_result;
  41.  
  42. }
  43.  
  44. // Prevent SQL Injection
  45. $username = mysql_real_escape_string($_COOKIE[ReimuCMS_User]);
  46. $password = mysql_real_escape_string($_COOKIE[ReimuCMS_Password]);
  47.  
  48. date_default_timezone_set('America/Los_Angeles');
  49.  
  50. // Track "last active" date for user, if the user is logged in.
  51. reimucms_do_query("UPDATE `reimucms_users` SET `active` = NULL WHERE `username` = '$username' AND `password` = '$password'");
  52.  
  53. $sql_usr = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `username` = '$username' AND `password` = '$password'");
  54. $r_usr = mysql_fetch_array($sql_usr);
  55.  
  56. $ReimuCMS[usr_displayname] = $r_usr[displayname];
  57. $ReimuCMS[usr_id] = $r_usr[id];
  58.  
  59. if ($r_usr[powerlevel] == 1) {
  60. $ReimuCMS[auth_isLoggedIn] = true;
  61. $ReimuCMS[auth_username] = $r_usr[username];
  62. $ReimuCMS[auth_displayname] = $r_usr[displayname];
  63. }
  64.  
  65. if ($r_usr[powerlevel] == 9001) {
  66. $ReimuCMS[auth_isLoggedIn] = true;
  67. $ReimuCMS[auth_isAdmin] = true;
  68. $ReimuCMS[auth_username] = $r_usr[username];
  69. $ReimuCMS[auth_displayname] = $r_usr[displayname];
  70. }
  71.  
  72.  
  73. // Generate the menu~
  74.  
  75. $sql_menu = reimucms_do_query("SELECT * FROM `reimucms_menu` ORDER BY `pos` ASC");
  76.  
  77. $loop1 = true;
  78.  
  79. $ReimuCMS[menu_data] = "";
  80.  
  81. while($r_menu = mysql_fetch_array($sql_menu)) {
  82. if ($loop1 == true) {
  83. $loop1 = false;
  84. } else {
  85. $ReimuCMS[menu_data] = $ReimuCMS[menu_data] . " | ";
  86. }
  87. if ($r_menu[is_url] == "0") {
  88. $ReimuCMS[menu_data] = $ReimuCMS[menu_data] . "<a href='./?act=page&page=$r_menu[linktarget]' class=\"white-link\">$r_menu[linkname]</a>";
  89. } else if ($r_menu[is_url] == "1") {
  90. $ReimuCMS[menu_data] = $ReimuCMS[menu_data] . "<a href='$r_menu[linktarget]' target='_blank' class=\"white-link\">$r_menu[linkname]</a>";
  91. }
  92. }
  93.  
  94. // Functions start here:
  95.  
  96. function mod_auth_login() {
  97. global $ReimuCMS;
  98.  
  99. if ($_SERVER['REQUEST_METHOD'] == "POST") {
  100. // Prevent SQL Injection
  101. $post_user = mysql_real_escape_string(strtolower($_POST[user]));
  102. $post_pass = mysql_real_escape_string(strtolower($_POST[pass]));
  103.  
  104. $sql = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `username` = '$_POST[user]'");
  105. $r = mysql_fetch_array($sql);
  106. if ($r[username] == $post_user && $r[password] == hash("sha256",$ReimuCMS[key] . $post_user . $post_pass)) {
  107. setcookie("ReimuCMS_User", $post_user, 2147483647, "/");
  108. setcookie("ReimuCMS_Password", hash("sha256",$ReimuCMS[key] . $post_user . $post_pass), 2147483647, "/");
  109. reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'login-success', '$_SERVER[REMOTE_ADDR]', '$post_user', 'The user successfully logged in.");
  110.  
  111. $ReimuCMS[output_title] = "Login Successful!";
  112. $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_loginsuccess] . "</p>";
  113. } else {
  114. reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'login-error', '$_SERVER[REMOTE_ADDR]', '$post_user', 'The user entered an invalid username or password.')");
  115.  
  116. $login_error = true;
  117. include "template/mod/mod_auth_login.php";
  118. }
  119. } else {
  120. $login_error = false;
  121. include "template/mod/mod_auth_login.php";
  122. }
  123. }
  124. reimucms_add_handler("login", "auth", "login");
  125.  
  126.  
  127.  
  128. function mod_auth_register() {
  129. global $ReimuCMS;
  130.  
  131. if ($_SERVER['REQUEST_METHOD'] == "POST") {
  132. $reg_user = mysql_real_escape_string(strtolower($_POST[reg_user]));
  133. $reg_display = mysql_real_escape_string($_POST[reg_user]);
  134. $reg_pass = mysql_real_escape_string(strtolower($_POST[reg_pass]));
  135. $reg_pass2 = mysql_real_escape_string(strtolower($_POST[reg_pass2]));
  136. $reg_email = mysql_real_escape_string(strtolower($_POST[reg_email]));
  137.  
  138. if (empty($reg_user) || empty($reg_pass) || empty($reg_pass2) || empty($reg_email)) {
  139. //echo '<font color="red">All fields are required.</font>';
  140. $badfield = true;
  141.  
  142. }
  143. $sql = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `username` = '$reg_user'");
  144. $row = mysql_fetch_row($sql);
  145.  
  146. if ($reg_pass != $reg_pass2) {
  147. $badpass = true;
  148. }
  149. if ($row<1) {
  150. if ($reg_pass == $reg_pass2) {
  151. if ($badfield == false) {
  152. $date = date('Y-m-d H:i:s', time());
  153. $pass = hash("sha256",$ReimuCMS[key] . $reg_user . $reg_pass);
  154. reimucms_do_query("INSERT INTO `reimucms_users` VALUES(NULL, '$reg_user', '$reg_display', '$pass', '$reg_email', '$date', NULL, 0, 1)");
  155.  
  156. setcookie("ReimuCMS_User", $reg_user, 2147483647, "/");
  157. setcookie("ReimuCMS_Password", $pass, 2147483647, "/");
  158.  
  159. reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'register-success', '$_SERVER[REMOTE_ADDR]', '$post_user', 'The user created an account.')");
  160.  
  161. $ReimuCMS[output_title] = "Registration Successful!";
  162. $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_registersuccess] . "</p>";
  163.  
  164. $reg_failure = true;
  165. }
  166. } else {
  167. $badpass = true;
  168. }
  169. } else {
  170. $baduser = true;
  171. }
  172.  
  173. if ($badfield || $baduser || $badpass || $reg_failure) {
  174. include "template/mod/mod_auth_register.php";
  175. }
  176. } else {
  177. include "template/mod/mod_auth_register.php";
  178. }
  179. }
  180. reimucms_add_handler("register", "auth", "register");
  181.  
  182. function mod_auth_logout() {
  183. global $ReimuCMS;
  184.  
  185. setcookie("ReimuCMS_User", "", 2147483647, "/");
  186. setcookie("ReimuCMS_Password", "", 2147483647, "/");
  187. reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'logout', '$_SERVER[REMOTE_ADDR]', '$username', 'The user has logged out.')");
  188.  
  189. $ReimuCMS[output_title] = $ReimuCMS[title_logout];
  190. $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_logout] . "</p>";
  191. $ReimuCMS[auth_isLoggedIn] = false;
  192. }
  193. reimucms_add_handler("logout", "auth", "logout");
  194.  
  195.  
  196. function mod_base_getpage() {
  197. global $ReimuCMS;
  198.  
  199. $ReimuCMS[automagic_header] = false;
  200.  
  201. $page = mysql_real_escape_string($_GET[page]);
  202.  
  203. if ($page == "") {
  204. $page = "index";
  205. }
  206.  
  207. $sql = reimucms_do_query("SELECT * FROM `reimucms_pages` WHERE `shortname` = '$page'");
  208.  
  209. $r = mysql_fetch_array($sql, MYSQL_BOTH);
  210.  
  211. if ($r>1) {
  212. $sqledit = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `id` = $r[editor]");
  213. $redit = mysql_fetch_array($sqledit);
  214. $sqlpost = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `id` = $r[creator]");
  215. $rpost = mysql_fetch_array($sqlpost);
  216.  
  217. $header = '<table class="wide"><tr><td><p class="small-font"><a href="index.php">' . $ReimuCMS[sitename] . "</a> > " . $r[longname] . '</p></td><td class="right"><p class="small-font">Page created on ' . date("F jS, Y ", strtotime($r[created])) . "at" . date(" g:i A", strtotime($r[created])) . ", by " . $rpost[displayname];
  218.  
  219.  
  220. if ($r[edited] != $r[created]) {
  221. $footer = '<p class="small-font">Last edited on ' . date("F jS, Y ", strtotime($r[edited])) . "at" . date(" g:i A", strtotime($r[editor])) . ", by " . $redit[displayname] . "</p>\n";
  222. }
  223. $header = $header . '</p></td></tr></table>' . "\n" . '<p class="header-text">' . $r[longname] . '</p>'; ;
  224.  
  225. $ReimuCMS[output_body] = $header . "\n" . $r[contents] . "\n" . $footer;
  226. $ReimuCMS[output_title] = $r[longname];
  227.  
  228. } else {
  229. $ReimuCMS[output_title] = $ReimuCMS[title_notfound];
  230.  
  231. $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_notfound] . "</p>";
  232. }
  233.  
  234. }
  235. reimucms_add_handler("page", "base", "getpage");
  236.  
  237.  
  238. function mod_base_admin() {
  239. global $ReimuCMS;
  240. if ($ReimuCMS[auth_isAdmin]) {
  241. include "template/mod/mod_base_admin.php";
  242. } else {
  243. $ReimuCMS[output_title] = $ReimuCMS[title_accessdenied];
  244. $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_accessdenied] . "</p>";
  245. }
  246. }
  247. reimucms_add_handler("admin", "base", "admin");
  248.  
  249. function mod_base_newpage() {
  250. global $ReimuCMS;
  251. if ($ReimuCMS[auth_isAdmin]) {
  252. if ($_SERVER['REQUEST_METHOD'] == "POST") {
  253. $title = mysql_real_escape_string($_POST[title]);
  254. $pid = mysql_real_escape_string($_POST[pid]);
  255. $content = mysql_real_escape_string($_POST[pcontents]);
  256. $date = date('Y-m-d H:i:s', time());
  257.  
  258. $sql = reimucms_do_query("SELECT * FROM `reimucms_pages` WHERE `shortname` = '$pid'");
  259. $rows = mysql_fetch_array($sql);
  260.  
  261. if ($rows<1) {
  262. reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'page-create', '$_SERVER[REMOTE_ADDR]', '$ReimuCMS[usr_displayname]', 'The user created the page $pid.')");
  263.  
  264. reimucms_do_query("INSERT INTO `reimucms_pages` VALUES(NULL, '$pid', '$title', '$content', '$date', '$ReimuCMS[usr_displayname]', '$date', '$ReimuCMS[usr_displayname]', 0)");
  265.  
  266. $ReimuCMS[output_title] = $ReimuCMS[title_pagecreated];
  267. $ReimuCMS[output_body] = "<p><b>" . $ReimuCMS[title_pagecreated] . "</b></p><p>" . $ReimuCMS[msg_pagecreated] . " <a href=\"./?act=page&page=" . $pid . "\">" . $pid . "</a></p>";
  268. } else {
  269. $exists = true;
  270.  
  271. include "template/mod/mod_base_newpage.php";
  272. }
  273. } else {
  274. include "template/mod/mod_base_newpage.php";
  275. }
  276. } else {
  277. $ReimuCMS[output_title] = $ReimuCMS[title_accessdenied];
  278. $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_accessdenied] . "</p>";
  279. }
  280. }
  281. reimucms_add_handler("newpage", "base", "newpage");
  282.  
  283. function mod_base_ajax_admin_newpage_checkid() {
  284. global $ReimuCMS;
  285. $ReimuCMS[api] = true;
  286.  
  287. $page = mysql_real_escape_string($_GET[page]) ;
  288.  
  289. $sql = reimucms_do_query("SELECT * FROM `reimucms_pages` WHERE `shortname` = '$page'");
  290.  
  291. $r = mysql_fetch_array($sql, MYSQL_BOTH);
  292.  
  293. if ($r>1) {
  294. echo "ERROR";
  295. } else {
  296. echo "OK";
  297. }
  298. }
  299. reimucms_add_handler("ajax_admin_newpage_checkid", "base", "ajax_admin_newpage_checkid");
  300.  
  301.  
  302. function mod_base_portal() {
  303. global $ReimuCMS;
  304.  
  305. $ReimuCMS[content_multizone] = true;
  306.  
  307. $ReimuCMS[automagic_header] = false;
  308.  
  309. $id = mysql_real_escape_string($_GET[id]);
  310.  
  311. if ($_GET[viewpost] == true) {
  312.  
  313. } else {
  314. $sql = reimucms_do_query("SELECT * FROM `reimucms_portal` ORDER BY `created` DESC");
  315.  
  316. while($r = mysql_fetch_array($sql, MYSQL_BOTH)) {
  317. $sqledit = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `id` = $r[editor]");
  318. $redit = mysql_fetch_array($sqledit);
  319. $sqlpost = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `id` = $r[creator]");
  320. $rpost = mysql_fetch_array($sqlpost);
  321.  
  322.  
  323. $header = '<div class="content">' . "\n" . '<table class="wide"><tr><td><p class="small-font"><a href="index.php">' . $ReimuCMS[sitename] . "</a> > " . $r[title] . '</p></td><td class="right"><p class="small-font">Created on ' . date("F jS, Y ", strtotime($r[created])) . "at" . date(" g:i A", strtotime($r[created])) . ", by " . $rpost[displayname];
  324.  
  325.  
  326. if ($r[edited] != $r[created]) {
  327. $footer = '<p class="small-font">Last edited on ' . date("F jS, Y ", strtotime($r[edited])) . "at" . date(" g:i A", strtotime($r[edited])) . ", by " . $redit[displayname] . "</p>\n";
  328. }
  329. $footer = $footer . "</div>\n";
  330. $header = $header . '</p></td></tr></table>' . "\n" . '<p class="header-text">' . $r[title] . '</p>'; ;
  331.  
  332. $ReimuCMS[output_snippet] = $header . "\n" . $r[contents] . "\n" . $footer;
  333. AppendContent();
  334. // $ReimuCMS[output_title] = $r[title];
  335. }
  336. }
  337. }
  338. reimucms_add_handler("portal", "base", "portal");
  339.  
  340.  
  341. function mod_base_newarticle() {
  342. global $ReimuCMS;
  343. if ($ReimuCMS[auth_isAdmin]) {
  344. if ($_SERVER['REQUEST_METHOD'] == "POST") {
  345. $title = mysql_real_escape_string($_POST[title]);
  346. $content = mysql_real_escape_string($_POST[pcontents]);
  347. $date = date('Y-m-d H:i:s', time());
  348.  
  349. // reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'page-create', '$_SERVER[REMOTE_ADDR]', '$ReimuCMS[usr_displayname]', 'The user created the page $pid.')");
  350.  
  351. reimucms_do_query("INSERT INTO `reimucms_portal` VALUES(NULL, '$title', '$content', '$date', '$ReimuCMS[usr_id]', '$date', '$ReimuCMS[usr_id]', 0)");
  352.  
  353. $ReimuCMS[output_title] = $ReimuCMS[title_articlecreated];
  354. $ReimuCMS[output_body] = "<p><b>" . $ReimuCMS[title_articlecreated] . "</b></p><p>" . $ReimuCMS[msg_articlecreated] . " <a href=\"./?act=article&id=" . $pid . "\">" . $title . "</a></p>";
  355. } else {
  356. include "template/mod/mod_base_newarticle.php";
  357. }
  358. } else {
  359. $ReimuCMS[output_title] = $ReimuCMS[title_accessdenied];
  360. $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_accessdenied] . "</p>";
  361. }
  362. }
  363. reimucms_add_handler("newarticle", "base", "newarticle");
  364.  
  365.  
  366. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!