b2evolution PHP Cross Reference Blogging Systems

Source: /admin.php - 253 lines - 8849 bytes - Summary - Text - Print

Description: This is the main dispatcher for the admin interface. IF YOU ARE READING THIS IN YOUR WEB BROWSER, IT MEANS THAT PHP IS NOT PROPERLY INSTALLED ON YOUR WEB SERVER. IF YOU DON'T KNOW WHAT THIS MEANS, CONTACT YOUR SERVER ADMINISTRATOR OR YOUR HOSTING COMPANY.

   1  <?php
   2  /**
   3   * This is the main dispatcher for the admin interface.
   4   *
   5   * IF YOU ARE READING THIS IN YOUR WEB BROWSER, IT MEANS THAT PHP IS NOT PROPERLY INSTALLED
   6   * ON YOUR WEB SERVER. IF YOU DON'T KNOW WHAT THIS MEANS, CONTACT YOUR SERVER ADMINISTRATOR
   7   * OR YOUR HOSTING COMPANY.
   8   *
   9   * This file is part of the evoCore framework - {@link http://evocore.net/}
  10   * See also {@link http://sourceforge.net/projects/evocms/}.
  11   *
  12   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}
  13   * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}.
  14   * Parts of this file are copyright (c)2005-2006 by PROGIDISTRI - {@link http://progidistri.com/}.
  15   *
  16   * {@internal License choice
  17   * - If you have received this file as part of a package, please find the license.txt file in
  18   *   the same folder or the closest folder above for complete license terms.
  19   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  20   *   then you must choose one of the following licenses before using the file:
  21   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  22   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  23   * }}
  24   *
  25   * {@internal Open Source relicensing agreement:
  26   * Daniel HAHLER grants Francois PLANQUE the right to license
  27   * Daniel HAHLER's contributions to this file and the b2evolution project
  28   * under any OSI approved OSS license (http://www.opensource.org/licenses/).
  29   *
  30   * PROGIDISTRI S.A.S. grants Francois PLANQUE the right to license
  31   * PROGIDISTRI S.A.S.'s contributions to this file and the b2evolution project
  32   * under any OSI approved OSS license (http://www.opensource.org/licenses/).
  33   * }}
  34   *
  35   * @package main
  36   *
  37   * @version $Id: admin.php 6136 2014-03-08 07:59:48Z manuel $
  38   */
  39  
  40  
  41  /**
  42   * Do the MAIN initializations:
  43   */
  44  require_once dirname(__FILE__).'/conf/_config.php';
  45  
  46  
  47  /**
  48   * @global boolean Is this an admin page? Use {@link is_admin_page()} to query it, because it may change.
  49   */
  50  $is_admin_page = true;
  51  
  52  // user must be logged in and his/her account must be validated before access to admin
  53  $login_required = true;
  54  $validate_required = true;
  55  require_once $inc_path.'_main.inc.php';
  56  
  57  
  58  // Check global permission:
  59  if( ! $current_User->check_perm( 'admin', 'restricted' ) )
  60  {    // No permission to access admin...
  61      // asimo> This should always denied access, but we insert a hack to create a temporary solution
  62      // We do allow comments and items actions, if the redirect is set to the front office! This way users without admin access may use the comments, and items controls.
  63      $test_ctrl = param( 'ctrl', '/^[a-z0-9_]+$/', '', false );
  64      $test_redirect_to = param( 'redirect_to', 'url', '', false );
  65      $test_action = param_action();
  66      // asimo> If we also would like to allow publish, deprecate and delete item/comment actions for users without admin access, we must uncomment the commented part below.
  67      if( ( ( $test_ctrl !== 'comments' ) && ( $test_ctrl !== 'items' ) )
  68          || empty( $test_redirect_to ) || ( strpos( $test_redirect_to, $admin_url ) === 0 )
  69          || empty( $test_action ) || !in_array( $test_action, array( 'update', 'publish'/*, 'deprecate', 'delete'*/ ) ) )
  70      {
  71          require $adminskins_path.'_access_denied.main.php';
  72      }
  73  }
  74  
  75  // Check user email is validated to make sure users can never has access to admin without a validated email address
  76  if( !$current_User->check_status( 'can_access_admin' ) )
  77  {
  78      if( $current_User->check_status( 'can_be_validated' ) )
  79      { // redirect back to the login page
  80          $action = 'req_validatemail';
  81          require $htsrv_path.'login.php';
  82      }
  83      else
  84      { // show access denied
  85          require $adminskins_path.'_access_denied.main.php';
  86      }
  87  }
  88  
  89  // Check that the request doesn't exceed the post max size
  90  // This is required because another way not even the $ctrl param can be initialized and the request may freeze
  91  check_post_max_size_exceeded();
  92  
  93  /*
  94   * Get the blog from param, defaulting to the last selected one for this user:
  95   * we need it for quite a few of the menu urls
  96   */
  97  if( isset($collections_Module) )
  98  {
  99      $user_selected_blog = (int)$UserSettings->get('selected_blog');
 100      $BlogCache = & get_BlogCache();
 101      if( param( 'blog', 'integer', NULL, true ) === NULL      // We got no explicit blog choice (not even '0' for 'no blog'):
 102          || ($blog > 0 && ! ($Blog = & $BlogCache->get_by_ID( $blog, false, false )) )) // or we requested a nonexistent blog
 103      { // Try the memorized blog from the previous action:
 104          $blog = $user_selected_blog;
 105          if( ! ($Blog = & $BlogCache->get_by_ID( $blog, false, false ) ) )
 106          { // That one doesn't exist either...
 107              $blog = 0;
 108              // Unset $Blog because otherwise isset( $Blog ) returns true and it may cause issues later
 109              unset( $Blog );
 110          }
 111      }
 112      elseif( $blog != $user_selected_blog )
 113      { // We have selected a new & valid blog. Update UserSettings for selected blog:
 114          set_working_blog( $blog );
 115      }
 116  }
 117  
 118  // bookmarklet, upload (upload actually means sth like: select img for post):
 119  param( 'mode', 'string', '', true );
 120  
 121  
 122  /*
 123   * Get the Admin skin
 124   * TODO: Allow setting through GET param (dropdown in backoffice), respecting a checkbox "Use different setting on each computer" (if cookie_state handling is ready)
 125   */
 126  $admin_skin = $UserSettings->get( 'admin_skin' );
 127  $admin_skin_path = $adminskins_path.'%s/_adminUI.class.php';
 128  
 129  if( ! $admin_skin || ! file_exists( sprintf( $admin_skin_path, $admin_skin ) ) )
 130  { // there's no skin for the user
 131      if( !$admin_skin )
 132      {
 133          $Debuglog->add( 'The user has no admin skin set.', 'skins' );
 134      }
 135      else
 136      {
 137          $Debuglog->add( 'The admin skin ['.$admin_skin.'] set by the user does not exist.', 'skins' );
 138      }
 139  
 140      $admin_skin = $Settings->get( 'admin_skin' );
 141  
 142      if( !$admin_skin || !file_exists( sprintf( $admin_skin_path, $admin_skin ) ) )
 143      { // even the default skin does not exist!
 144          if( !$admin_skin )
 145          {
 146              $Debuglog->add( 'There is no default admin skin set!', 'skins' );
 147          }
 148          else
 149          {
 150              $Debuglog->add( 'The default admin skin ['.$admin_skin.'] does not exist!', array('skin','error') );
 151          }
 152  
 153          if( file_exists(sprintf( $admin_skin_path, 'chicago' )) )
 154          { // 'legacy' does exist
 155              $admin_skin = 'chicago';
 156  
 157              $Debuglog->add( 'Falling back to legacy admin skin.', 'skins' );
 158          }
 159          else
 160          { // get the first one available one
 161              $admin_skin_dirs = get_admin_skins();
 162  
 163              if( $admin_skin_dirs === false )
 164              {
 165                  $Debuglog->add( 'No admin skin found! Check that the path '.$adminskins_path.' exists.', array('skin','error') );
 166              }
 167              elseif( empty($admin_skin_dirs) )
 168              { // No admin skin directories found
 169                  $Debuglog->add( 'No admin skin found! Check that there are skins in '.$adminskins_path.'.', array('skin','error') );
 170              }
 171              else
 172              {
 173                  $admin_skin = array_shift($admin_skin_dirs);
 174                  $Debuglog->add( 'Falling back to first available skin.', 'skins' );
 175              }
 176          }
 177      }
 178  }
 179  if( ! $admin_skin )
 180  {
 181      $Debuglog->display( 'No admin skin available!', '', true, 'skins' );
 182      die(1);
 183  }
 184  
 185  $Debuglog->add( 'Using admin skin &laquo;'.$admin_skin.'&raquo;', 'skins' );
 186  
 187  /**
 188   * Load the AdminUI class for the skin.
 189   */
 190  require_once $adminskins_path.$admin_skin.'/_adminUI.class.php';
 191  /**
 192   * This is the Admin UI object which handles the UI for the backoffice.
 193   *
 194   * @global AdminUI
 195   */
 196  $AdminUI = new AdminUI();
 197  
 198  
 199  /*
 200   * Pass over to controller...
 201   */
 202  
 203  // Get requested controller and memorize it:
 204  param( 'ctrl', '/^[a-z0-9_]+$/', $default_ctrl, true );
 205  
 206  if( empty( $dont_request_controller ) || !$dont_request_controller )
 207  {    // Don't request the controller if we want initialize only the admin configs above (Used on AJAX refreshing of results table)
 208  
 209      // Redirect old-style URLs (e.g. /admin/plugins.php), if they come here because the webserver maps "/admin/" to "/admin.php"
 210      // NOTE: this is just meant as a transformation from pre-1.8 to 1.8!
 211      if( ! empty( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF'] ) // the "!= PHP_SELF" check seems needed by IIS..
 212      {
 213          // Try to find the appropriate controller (ctrl) setting
 214          foreach( $ctrl_mappings as $k => $v )
 215          {
 216              if( preg_match( '~'.preg_quote( $_SERVER['PATH_INFO'], '~' ).'$~', $v ) )
 217              {
 218                  $ctrl = $k;
 219                  break;
 220              }
 221          }
 222  
 223          // Sanitize QUERY_STRING
 224          if( ! empty( $_SERVER['QUERY_STRING'] ) )
 225          {
 226              $query_string = explode( '&', $_SERVER['QUERY_STRING'] );
 227              foreach( $query_string as $k => $v )
 228              {
 229                  $query_string[$k] = strip_tags($v);
 230              }
 231              $query_string = '&'.implode( '&', $query_string );
 232          }
 233          else
 234          {
 235              $query_string = '';
 236          }
 237  
 238          header_redirect( url_add_param( $admin_url, 'ctrl='.$ctrl.$query_string, '&' ), true );
 239          exit(0);
 240      }
 241  
 242  
 243      // Check matching controller file:
 244      if( !isset($ctrl_mappings[$ctrl]) )
 245      {
 246          debug_die( 'The requested controller ['.$ctrl.'] does not exist.' );
 247      }
 248  
 249      // Call the requested controller:
 250      require $inc_path.$ctrl_mappings[$ctrl];
 251  }
 252  
 253  ?>

title

Description

title

Description

title

Description

title

title

Body