Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- * ReimuCMS - mod_base
- *
- * Copyright (c) 2011 ReimuHakurei
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
- global $ReimuCMS;
- include("data/mysql.php");
- // MySQL connect
- mysql_connect($ReimuCMS[mysql_server], $ReimuCMS[mysql_user], $ReimuCMS[mysql_pass]);
- mysql_select_db($ReimuCMS[mysql_db]);
- $queries = 0;
- function reimucms_do_query($query_string) {
- global $queries;
- $sql_query_result = mysql_query($query_string);
- $queries = $queries + 1;
- return $sql_query_result;
- }
- // Prevent SQL Injection
- $username = mysql_real_escape_string($_COOKIE[ReimuCMS_User]);
- $password = mysql_real_escape_string($_COOKIE[ReimuCMS_Password]);
- date_default_timezone_set('America/Los_Angeles');
- // Track "last active" date for user, if the user is logged in.
- reimucms_do_query("UPDATE `reimucms_users` SET `active` = NULL WHERE `username` = '$username' AND `password` = '$password'");
- $sql_usr = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `username` = '$username' AND `password` = '$password'");
- $r_usr = mysql_fetch_array($sql_usr);
- $ReimuCMS[usr_displayname] = $r_usr[displayname];
- $ReimuCMS[usr_id] = $r_usr[id];
- if ($r_usr[powerlevel] == 1) {
- $ReimuCMS[auth_isLoggedIn] = true;
- $ReimuCMS[auth_username] = $r_usr[username];
- $ReimuCMS[auth_displayname] = $r_usr[displayname];
- }
- if ($r_usr[powerlevel] == 9001) {
- $ReimuCMS[auth_isLoggedIn] = true;
- $ReimuCMS[auth_isAdmin] = true;
- $ReimuCMS[auth_username] = $r_usr[username];
- $ReimuCMS[auth_displayname] = $r_usr[displayname];
- }
- // Generate the menu~
- $sql_menu = reimucms_do_query("SELECT * FROM `reimucms_menu` ORDER BY `pos` ASC");
- $loop1 = true;
- $ReimuCMS[menu_data] = "";
- while($r_menu = mysql_fetch_array($sql_menu)) {
- if ($loop1 == true) {
- $loop1 = false;
- } else {
- $ReimuCMS[menu_data] = $ReimuCMS[menu_data] . " | ";
- }
- if ($r_menu[is_url] == "0") {
- $ReimuCMS[menu_data] = $ReimuCMS[menu_data] . "<a href='./?act=page&page=$r_menu[linktarget]' class=\"white-link\">$r_menu[linkname]</a>";
- } else if ($r_menu[is_url] == "1") {
- $ReimuCMS[menu_data] = $ReimuCMS[menu_data] . "<a href='$r_menu[linktarget]' target='_blank' class=\"white-link\">$r_menu[linkname]</a>";
- }
- }
- // Functions start here:
- function mod_auth_login() {
- global $ReimuCMS;
- if ($_SERVER['REQUEST_METHOD'] == "POST") {
- // Prevent SQL Injection
- $post_user = mysql_real_escape_string(strtolower($_POST[user]));
- $post_pass = mysql_real_escape_string(strtolower($_POST[pass]));
- $sql = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `username` = '$_POST[user]'");
- $r = mysql_fetch_array($sql);
- if ($r[username] == $post_user && $r[password] == hash("sha256",$ReimuCMS[key] . $post_user . $post_pass)) {
- setcookie("ReimuCMS_User", $post_user, 2147483647, "/");
- setcookie("ReimuCMS_Password", hash("sha256",$ReimuCMS[key] . $post_user . $post_pass), 2147483647, "/");
- reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'login-success', '$_SERVER[REMOTE_ADDR]', '$post_user', 'The user successfully logged in.");
- $ReimuCMS[output_title] = "Login Successful!";
- $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_loginsuccess] . "</p>";
- } else {
- reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'login-error', '$_SERVER[REMOTE_ADDR]', '$post_user', 'The user entered an invalid username or password.')");
- $login_error = true;
- include "template/mod/mod_auth_login.php";
- }
- } else {
- $login_error = false;
- include "template/mod/mod_auth_login.php";
- }
- }
- reimucms_add_handler("login", "auth", "login");
- function mod_auth_register() {
- global $ReimuCMS;
- if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $reg_user = mysql_real_escape_string(strtolower($_POST[reg_user]));
- $reg_display = mysql_real_escape_string($_POST[reg_user]);
- $reg_pass = mysql_real_escape_string(strtolower($_POST[reg_pass]));
- $reg_pass2 = mysql_real_escape_string(strtolower($_POST[reg_pass2]));
- $reg_email = mysql_real_escape_string(strtolower($_POST[reg_email]));
- if (empty($reg_user) || empty($reg_pass) || empty($reg_pass2) || empty($reg_email)) {
- //echo '<font color="red">All fields are required.</font>';
- $badfield = true;
- }
- $sql = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `username` = '$reg_user'");
- $row = mysql_fetch_row($sql);
- if ($reg_pass != $reg_pass2) {
- $badpass = true;
- }
- if ($row<1) {
- if ($reg_pass == $reg_pass2) {
- if ($badfield == false) {
- $date = date('Y-m-d H:i:s', time());
- $pass = hash("sha256",$ReimuCMS[key] . $reg_user . $reg_pass);
- reimucms_do_query("INSERT INTO `reimucms_users` VALUES(NULL, '$reg_user', '$reg_display', '$pass', '$reg_email', '$date', NULL, 0, 1)");
- setcookie("ReimuCMS_User", $reg_user, 2147483647, "/");
- setcookie("ReimuCMS_Password", $pass, 2147483647, "/");
- reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'register-success', '$_SERVER[REMOTE_ADDR]', '$post_user', 'The user created an account.')");
- $ReimuCMS[output_title] = "Registration Successful!";
- $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_registersuccess] . "</p>";
- $reg_failure = true;
- }
- } else {
- $badpass = true;
- }
- } else {
- $baduser = true;
- }
- if ($badfield || $baduser || $badpass || $reg_failure) {
- include "template/mod/mod_auth_register.php";
- }
- } else {
- include "template/mod/mod_auth_register.php";
- }
- }
- reimucms_add_handler("register", "auth", "register");
- function mod_auth_logout() {
- global $ReimuCMS;
- setcookie("ReimuCMS_User", "", 2147483647, "/");
- setcookie("ReimuCMS_Password", "", 2147483647, "/");
- reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'logout', '$_SERVER[REMOTE_ADDR]', '$username', 'The user has logged out.')");
- $ReimuCMS[output_title] = $ReimuCMS[title_logout];
- $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_logout] . "</p>";
- $ReimuCMS[auth_isLoggedIn] = false;
- }
- reimucms_add_handler("logout", "auth", "logout");
- function mod_base_getpage() {
- global $ReimuCMS;
- $ReimuCMS[automagic_header] = false;
- $page = mysql_real_escape_string($_GET[page]);
- if ($page == "") {
- $page = "index";
- }
- $sql = reimucms_do_query("SELECT * FROM `reimucms_pages` WHERE `shortname` = '$page'");
- $r = mysql_fetch_array($sql, MYSQL_BOTH);
- if ($r>1) {
- $sqledit = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `id` = $r[editor]");
- $redit = mysql_fetch_array($sqledit);
- $sqlpost = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `id` = $r[creator]");
- $rpost = mysql_fetch_array($sqlpost);
- $header = '<table class="wide"><tr><td><p class="small-font"><a href="index.php">' . $ReimuCMS[sitename] . "</a> > " . $r[longname] . '</p></td><td class="right"><p class="small-font">Page created on ' . date("F jS, Y ", strtotime($r[created])) . "at" . date(" g:i A", strtotime($r[created])) . ", by " . $rpost[displayname];
- if ($r[edited] != $r[created]) {
- $footer = '<p class="small-font">Last edited on ' . date("F jS, Y ", strtotime($r[edited])) . "at" . date(" g:i A", strtotime($r[editor])) . ", by " . $redit[displayname] . "</p>\n";
- }
- $header = $header . '</p></td></tr></table>' . "\n" . '<p class="header-text">' . $r[longname] . '</p>'; ;
- $ReimuCMS[output_body] = $header . "\n" . $r[contents] . "\n" . $footer;
- $ReimuCMS[output_title] = $r[longname];
- } else {
- $ReimuCMS[output_title] = $ReimuCMS[title_notfound];
- $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_notfound] . "</p>";
- }
- }
- reimucms_add_handler("page", "base", "getpage");
- function mod_base_admin() {
- global $ReimuCMS;
- if ($ReimuCMS[auth_isAdmin]) {
- include "template/mod/mod_base_admin.php";
- } else {
- $ReimuCMS[output_title] = $ReimuCMS[title_accessdenied];
- $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_accessdenied] . "</p>";
- }
- }
- reimucms_add_handler("admin", "base", "admin");
- function mod_base_newpage() {
- global $ReimuCMS;
- if ($ReimuCMS[auth_isAdmin]) {
- if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $title = mysql_real_escape_string($_POST[title]);
- $pid = mysql_real_escape_string($_POST[pid]);
- $content = mysql_real_escape_string($_POST[pcontents]);
- $date = date('Y-m-d H:i:s', time());
- $sql = reimucms_do_query("SELECT * FROM `reimucms_pages` WHERE `shortname` = '$pid'");
- $rows = mysql_fetch_array($sql);
- if ($rows<1) {
- reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'page-create', '$_SERVER[REMOTE_ADDR]', '$ReimuCMS[usr_displayname]', 'The user created the page $pid.')");
- reimucms_do_query("INSERT INTO `reimucms_pages` VALUES(NULL, '$pid', '$title', '$content', '$date', '$ReimuCMS[usr_displayname]', '$date', '$ReimuCMS[usr_displayname]', 0)");
- $ReimuCMS[output_title] = $ReimuCMS[title_pagecreated];
- $ReimuCMS[output_body] = "<p><b>" . $ReimuCMS[title_pagecreated] . "</b></p><p>" . $ReimuCMS[msg_pagecreated] . " <a href=\"./?act=page&page=" . $pid . "\">" . $pid . "</a></p>";
- } else {
- $exists = true;
- include "template/mod/mod_base_newpage.php";
- }
- } else {
- include "template/mod/mod_base_newpage.php";
- }
- } else {
- $ReimuCMS[output_title] = $ReimuCMS[title_accessdenied];
- $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_accessdenied] . "</p>";
- }
- }
- reimucms_add_handler("newpage", "base", "newpage");
- function mod_base_ajax_admin_newpage_checkid() {
- global $ReimuCMS;
- $ReimuCMS[api] = true;
- $page = mysql_real_escape_string($_GET[page]) ;
- $sql = reimucms_do_query("SELECT * FROM `reimucms_pages` WHERE `shortname` = '$page'");
- $r = mysql_fetch_array($sql, MYSQL_BOTH);
- if ($r>1) {
- echo "ERROR";
- } else {
- echo "OK";
- }
- }
- reimucms_add_handler("ajax_admin_newpage_checkid", "base", "ajax_admin_newpage_checkid");
- function mod_base_portal() {
- global $ReimuCMS;
- $ReimuCMS[content_multizone] = true;
- $ReimuCMS[automagic_header] = false;
- $id = mysql_real_escape_string($_GET[id]);
- if ($_GET[viewpost] == true) {
- } else {
- $sql = reimucms_do_query("SELECT * FROM `reimucms_portal` ORDER BY `created` DESC");
- while($r = mysql_fetch_array($sql, MYSQL_BOTH)) {
- $sqledit = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `id` = $r[editor]");
- $redit = mysql_fetch_array($sqledit);
- $sqlpost = reimucms_do_query("SELECT * FROM `reimucms_users` WHERE `id` = $r[creator]");
- $rpost = mysql_fetch_array($sqlpost);
- $header = '<div class="content">' . "\n" . '<table class="wide"><tr><td><p class="small-font"><a href="index.php">' . $ReimuCMS[sitename] . "</a> > " . $r[title] . '</p></td><td class="right"><p class="small-font">Created on ' . date("F jS, Y ", strtotime($r[created])) . "at" . date(" g:i A", strtotime($r[created])) . ", by " . $rpost[displayname];
- if ($r[edited] != $r[created]) {
- $footer = '<p class="small-font">Last edited on ' . date("F jS, Y ", strtotime($r[edited])) . "at" . date(" g:i A", strtotime($r[edited])) . ", by " . $redit[displayname] . "</p>\n";
- }
- $footer = $footer . "</div>\n";
- $header = $header . '</p></td></tr></table>' . "\n" . '<p class="header-text">' . $r[title] . '</p>'; ;
- $ReimuCMS[output_snippet] = $header . "\n" . $r[contents] . "\n" . $footer;
- AppendContent();
- // $ReimuCMS[output_title] = $r[title];
- }
- }
- }
- reimucms_add_handler("portal", "base", "portal");
- function mod_base_newarticle() {
- global $ReimuCMS;
- if ($ReimuCMS[auth_isAdmin]) {
- if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $title = mysql_real_escape_string($_POST[title]);
- $content = mysql_real_escape_string($_POST[pcontents]);
- $date = date('Y-m-d H:i:s', time());
- // reimucms_do_query("INSERT INTO `reimucms_security_log` VALUES(NULL, 'page-create', '$_SERVER[REMOTE_ADDR]', '$ReimuCMS[usr_displayname]', 'The user created the page $pid.')");
- reimucms_do_query("INSERT INTO `reimucms_portal` VALUES(NULL, '$title', '$content', '$date', '$ReimuCMS[usr_id]', '$date', '$ReimuCMS[usr_id]', 0)");
- $ReimuCMS[output_title] = $ReimuCMS[title_articlecreated];
- $ReimuCMS[output_body] = "<p><b>" . $ReimuCMS[title_articlecreated] . "</b></p><p>" . $ReimuCMS[msg_articlecreated] . " <a href=\"./?act=article&id=" . $pid . "\">" . $title . "</a></p>";
- } else {
- include "template/mod/mod_base_newarticle.php";
- }
- } else {
- $ReimuCMS[output_title] = $ReimuCMS[title_accessdenied];
- $ReimuCMS[output_body] = "<p>" . $ReimuCMS[msg_accessdenied] . "</p>";
- }
- }
- reimucms_add_handler("newarticle", "base", "newarticle");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement