Mambo PHP Cross Reference Web Portal Systems

Source: /index.php - 424 lines - 16317 bytes - Summary - Text - Print

   1  <?php
   2  /**
   3  * @package Mambo
   4  * @author Mambo Foundation Inc see README.php
   5  * @copyright Mambo Foundation Inc.
   6  * See COPYRIGHT.php for copyright notices and details.
   7  * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see
   8  * LICENSE.php
   9  * Mambo is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU General Public License
  11  * as published by the Free Software Foundation; version 2 of the
  12  * License.
  13  */
  14  
  15  /** Set flag that this is a parent file */
  16  if (!defined('_VALID_MOS')) define( '_VALID_MOS', 1 );
  17  
  18  $dir = isset($adminside)?"../":"";
  19  
  20  if ( !file_exists($dir.'configuration.php' ) || filesize( $dir.'configuration.php' ) < 10 ) {
  21      header("Location: ".$dir."installation/index.php");
  22      exit();
  23  }
  24  
  25  $protects = array('_REQUEST', '_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_ENV', 'GLOBALS', '_SESSION');
  26  foreach ($protects as $protect) {
  27      if ( in_array($protect , array_keys($_REQUEST)) ||
  28      in_array($protect , array_keys($_GET)) ||
  29      in_array($protect , array_keys($_POST)) ||
  30      in_array($protect , array_keys($_COOKIE)) ||
  31      in_array($protect , array_keys($_FILES))) {
  32          die("Invalid Request.");
  33      }
  34  }
  35  
  36  /**
  37  * used to leave the input element without trim it
  38  */
  39  define( "_MOS_NOTRIM", 0x0001 );
  40  /**
  41  * used to leave the input element with all HTML tags
  42  */
  43  define( "_MOS_ALLOWHTML", 0x0002 );
  44  /**
  45  * used to leave the input element without convert it to numeric
  46  */
  47  define( "_MOS_ALLOWRAW", 0x0004 );
  48  /**
  49  * used to leave the input element without slashes
  50  */
  51  define( "_MOS_NOMAGIC", 0x0008 );
  52  
  53  /**
  54  * function to sanitize input values from arrays
  55  *
  56  * This function provides a way to sanitize inputs, should be used to obtain values from 
  57  * _POST, _GET, _COOKIES, etc; a default value can be passed to be used in case that not 
  58  * values are founded to the element, a binary mask can be passed to discard some of  test,
  59  *, this value is matched with _MOS_NOTRIM, _MOS_ALLOWHTML and, _MOS_ALLOWRAW, currently
  60  * 3 test are do it, trim, strip html and convert the value to numeric when is possible.
  61  *
  62  * Example of use:
  63  *
  64  * To get task variable from the URL and select the view like default task, you can use:
  65  *
  66  * <code>$task = mosGetParam ($_GET,"task","view");</code>
  67  *
  68  * To get task variable from the URL, select the view like default task, allows HTML and 
  69  * without trim you can use :
  70  *
  71  * <code>$task = mosGetParam ($_GET,"task","view",_MOS_NOTRIM+_MOS_ALLOWHTML);</code>
  72  *
  73  * @acces public
  74  * @param array &$arr reference to array which contains the value
  75  * @param string $name name of element searched
  76  * @param mixed $def default value to use if nothing is founded
  77  * @param int $mask mask to select checks that will do it
  78  * @return mixed value from the selected element or default value if nothing was found 
  79  */
  80  function mosGetParam( &$arr, $name, $def=null, $mask=0 ) {
  81      if (isset( $arr[$name] )) {
  82          if (is_array($arr[$name])) foreach ($arr[$name] as $key=>$element) $result[$key] = mosGetParam ($arr[$name], $key, $def, $mask);
  83          else {
  84              $result = $arr[$name];
  85              if (!($mask&_MOS_NOTRIM)) $result = trim($result);
  86              if (!is_numeric( $result)) {
  87                  if (!($mask&_MOS_ALLOWHTML)) $result = strip_tags($result);
  88                  if (!($mask&_MOS_ALLOWRAW)) {
  89                      if (is_numeric($def)) $result = intval($result);
  90                  }
  91              }
  92              if (!get_magic_quotes_gpc()) {
  93                  $result = addslashes( $result );
  94              }
  95          }
  96          return $result;
  97      } else {
  98          return $def;
  99      }
 100  }
 101  
 102  
 103  /**
 104  * sets or returns the current side (frontend/backend) 
 105  *
 106  * This function returns TRUE when the user are in the backend area; this is set to
 107  * TRUE when are invocated /administrator/index.php, /administrator/index2.php 
 108  * or /administrator/index3.php, to set this value is not a normal use.
 109  *
 110  * @access public
 111  * @param bool $val value used to set the adminSide value, not planned to be used by users
 112  * @return bool TRUE when the user are in backend area, FALSE when are in frontend
 113  */
 114  function adminSide($val='') {
 115      static $adminside;
 116      if (is_null($adminside)) {
 117          $adminside = ($val == '') ? 0 : $val;
 118      } else {
 119          $adminside = ($val == '') ? $adminside : $val;
 120      }
 121      return $adminside;
 122  }
 123  
 124  
 125  /**
 126  * sets or returns the index type  
 127  *
 128  * This function returns 1, 2 or 3 depending of called file index.php, index2.php or index3.php.
 129  *
 130  * @access private
 131  * @param int $val value used to set the indexType value, not planned to be used by users
 132  * @return int return 1, 2 or 3 depending of called file 
 133  */
 134  
 135  function indexType($val='') 
 136  {
 137      static $indextype;
 138      if (is_null($indextype)) {
 139          $indextype = ($val == '') ? 1 : $val;
 140      } else {
 141          $indextype = ($val == '') ? $indextype : $val;
 142      }
 143      return $indextype;
 144  }
 145  
 146  if (!isset($adminside)) $adminside = 0;
 147  if (!isset($indextype)) $indextype = 1;
 148  
 149  adminSide($adminside);
 150  indexType($indextype);
 151  
 152  $adminside = adminSide();
 153  $indextype = indexType();
 154  
 155  require_once (dirname(__FILE__).'/includes/database.php');
 156  require_once(dirname(__FILE__).'/includes/core.classes.php');
 157  $configuration =& mamboCore::getMamboCore();
 158  $configuration->handleGlobals();
 159  
 160  if (!$adminside) {
 161      $urlerror = 0;
 162      $sefcode = dirname(__FILE__).'/components/com_sef/sef.php';
 163      if (file_exists($sefcode)) require_once($sefcode);
 164      else require_once(dirname(__FILE__).'/includes/sef.php');
 165  }
 166  
 167  $configuration->fixLanguage();
 168  
 169  require($configuration->rootPath().'/includes/version.php');
 170  $_VERSION =& new version();
 171  
 172  
 173  $version = $_VERSION->PRODUCT .' '. $_VERSION->RELEASE .'.'. $_VERSION->DEV_LEVEL .' '
 174  . $_VERSION->DEV_STATUS
 175  .' [ '.$_VERSION->CODENAME .' ] '. $_VERSION->RELDATE .' '
 176  . $_VERSION->RELTIME .' '. $_VERSION->RELTZ;
 177  
 178  if (phpversion() < '4.2.0') require_once( $configuration->rootPath() . '/includes/compat.php41x.php' );
 179  if (phpversion() < '4.3.0') require_once( $configuration->rootPath() . '/includes/compat.php42x.php' );
 180  if (phpversion() < '5.0.0') require_once( $configuration->rootPath() . '/includes/compat.php5xx.php' );
 181  
 182  $local_backup_path = $configuration->rootPath().'/administrator/backups';
 183  $media_path = $configuration->rootPath().'/media/';
 184  $image_path = $configuration->rootPath().'/images/stories';
 185  $lang_path = $configuration->rootPath().'/language';
 186  $image_size = 100;
 187  
 188  
 189  $database =& mamboDatabase::getInstance();
 190  // Start NokKaew patch
 191  $mosConfig_nok_content=0;
 192  if (file_exists( $configuration->rootPath().'components/com_nokkaew/nokkaew.php' ) && !$adminside ) {
 193      $mosConfig_nok_content=1;        // can also go into the configuration - but this might be overwritten!
 194      require_once( $configuration->rootPath()."administrator/components/com_nokkaew/nokkaew.class.php");
 195      require_once( $configuration->rootPath()."components/com_nokkaew/classes/nokkaew.class.php");
 196  }
 197  if( $mosConfig_nok_content ) {
 198      $database = new mlDatabase( $mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix );
 199  } 
 200  
 201  if ($mosConfig_nok_content) {
 202          $mosConfig_defaultLang = $mosConfig_locale;        // Save the default language of the site
 203          $iso_client_lang = NokKaew::discoverLanguage( $database );
 204          $_NOKKAEW_MANAGER = new NokKaewManager();
 205  }
 206  // end NokKaew Patch
 207  $database->debug(mamboCore::get('mosConfig_debug'));
 208  
 209  /** retrieve some possible request string (or form) arguments */
 210  $type = mosGetParam($_REQUEST, 'type', 1);
 211  $act = mosGetParam( $_REQUEST, 'act', '' );
 212  $do_pdf = mosGetParam( $_REQUEST, 'do_pdf', 0 );
 213  $id = mosGetParam( $_REQUEST, 'id', 0 );
 214  $task = mosGetParam($_REQUEST, 'task', '');
 215  $act = strtolower(mosGetParam($_REQUEST, 'act', ''));
 216  $section = mosGetParam($_REQUEST, 'section', '');
 217  $no_html = strtolower(mosGetParam($_REQUEST, 'no_html', ''));
 218  $cid = (array) mosGetParam( $_POST, 'cid', array() );
 219  
 220  ini_set('session.use_trans_sid', 0);
 221  ini_set('session.use_cookies', 1);
 222  ini_set('session.use_only_cookies', 1);
 223  
 224  
 225  /* initialize i18n */
 226  $lang       = $configuration->current_language->name;
 227  $charset    = $configuration->current_language->charset;
 228  $gettext =& phpgettext();
 229  $gettext->debug       = $configuration->mosConfig_locale_debug;
 230  $gettext->has_gettext = $configuration->mosConfig_locale_use_gettext;
 231  $language = new mamboLanguage($lang);
 232  $gettext->setlocale($lang, $language->getSystemLocale());
 233  $gettext->bindtextdomain($lang, $configuration->rootPath().'/language');
 234  $gettext->bind_textdomain_codeset($lang, $charset);
 235  $gettext->textdomain($lang);
 236  #$gettext =& phpgettext(); dump($gettext);
 237  
 238  if ($adminside) {
 239      // Start ACL
 240      require_once($configuration->rootPath().'/includes/gacl.class.php' );
 241      require_once($configuration->rootPath().'/includes/gacl_api.class.php' );
 242      $acl = new gacl_api();
 243      // Handle special admin side options
 244      $option = strtolower(mosGetParam($_REQUEST,'option','com_admin'));
 245  
 246      $domain = substr($option, 4);
 247      session_name(md5(mamboCore::get('mosConfig_live_site')));
 248      session_start();
 249      // restore some session variables
 250      $my = new mosUser();
 251      $my->getSession();
 252      if (mosSession::validate($my)) {
 253          mosSession::purge();
 254      } else {
 255          mosSession::purge();
 256          $my = null;
 257      }
 258      if (!$my AND $option == 'login') {
 259          $option='admin';
 260          require_once($configuration->rootPath().'/includes/authenticator.php');
 261          $authenticator =& mamboAuthenticator::getInstance();
 262          $my = $authenticator->loginAdmin($acl);
 263      }
 264      // Handle the remaining special options
 265      elseif ($option == 'logout') {
 266          require($configuration->rootPath().'/administrator/logout.php');
 267          exit();
 268      }
 269      // We can now create the mainframe object
 270      $mainframe =& new mosMainFrame($database, $option, '..', true);
 271      // Provided $my is set, we have a valid admin side session and can include remaining code
 272      if ($my) {
 273          mamboCore::set('currentUser', $my);
 274          if ($option == 'simple_mode') $admin_mode = 'on';
 275          elseif ($option == 'advanced_mode') $admin_mode = 'off';
 276          else $admin_mode = mosGetParam($_SESSION, 'simple_editing', '');
 277          $_SESSION['simple_editing'] = mosGetParam($_POST, 'simple_editing', $admin_mode);
 278          require_once($configuration->rootPath().'/administrator/includes/admin.php');
 279          require_once( $configuration->rootPath().'/includes/mambo.php' );
 280          require_once ($configuration->rootPath().'/includes/mambofunc.php');
 281          require_once ($configuration->rootPath().'/includes/mamboHTML.php');
 282          require_once( $configuration->rootPath().'/administrator/includes/mosAdminMenus.php');
 283          require_once($configuration->rootPath().'/administrator/includes/admin.php');
 284          require_once( $configuration->rootPath() . '/includes/cmtclasses.php' );
 285          require_once( $configuration->rootPath() . '/components/com_content/content.class.php' );
 286          $_MAMBOTS =& mosMambotHandler::getInstance();
 287  
 288  
 289          // If no_html is set, we avoid starting the template, and go straight to the component
 290          if ($no_html) {
 291              if ($path = $mainframe->getPath( "admin" )) require $path;
 292              exit();
 293          }
 294          $configuration->initGzip();
 295          // When adminside = 3 we assume that HTML is being explicitly written and do nothing more
 296          if ($adminside != 3) {
 297              $path = $configuration->rootPath().'/administrator/templates/'.$mainframe->getTemplate().'/index.php';
 298              require_once($path);
 299              $configuration->doGzip();
 300          }
 301          else {
 302              if (!isset($popup)) {
 303                  $pop = mosGetParam($_REQUEST, 'pop', '');
 304                  if ($pop) require($configuration->rootPath()."/administrator/popups/$pop");
 305                  else require($configuration->rootPath()."/administrator/popups/index3pop.php");
 306                  $configuration->doGzip();
 307              }
 308          }
 309      }
 310      // If $my was not set, the only possibility is to offer a login screen
 311      else {
 312          $configuration->initGzip();
 313          $path = $configuration->rootPath().'/administrator/templates/'.$mainframe->getTemplate().'/login.php';
 314          require_once( $path );
 315          $configuration->doGzip();
 316      }
 317  }
 318  // Finished admin side; the rest is user side code:
 319  else {
 320      $option = $configuration->determineOptionAndItemid();
 321      $Itemid = $configuration->get('Itemid');
 322  
 323      $mainframe =& new mosMainFrame($database, $option, '.');
 324      if ($option == 'login') $configuration->handleLogin();
 325      elseif ($option == 'logout') $configuration->handleLogout();
 326  
 327      $session =& mosSession::getCurrent();
 328      $my =& new mosUser();
 329      $my->getSessionData();
 330      mamboCore::set('currentUser',$my);
 331      $configuration->offlineCheck($my, $database);
 332      $gid = intval( $my->gid );
 333      // gets template for page
 334      $cur_template = $mainframe->getTemplate();
 335  
 336      require_once( $configuration->rootPath().'/includes/frontend.php' );
 337      require_once( $configuration->rootPath().'/includes/mambo.php' );
 338      require_once ($configuration->rootPath().'/includes/mambofunc.php');
 339      require_once ($configuration->rootPath().'/includes/mamboHTML.php');
 340  
 341      if ($indextype == 2 AND $do_pdf == 1 ) {
 342          include_once ('includes/pdf.php');
 343          exit();
 344      }
 345  
 346      /** detect first visit */
 347      $mainframe->detect();
 348  
 349      /** @global mosPlugin $_MAMBOTS */
 350      $_MAMBOTS =& mosMambotHandler::getInstance();
 351      require_once( $configuration->rootPath().'/editor/editor.php' );
 352      require_once( $configuration->rootPath() . '/includes/gacl.class.php' );
 353      require_once( $configuration->rootPath() . '/includes/gacl_api.class.php' );
 354      require_once( $configuration->rootPath() . '/components/com_content/content.class.php' );
 355      $acl = new gacl_api();
 356  
 357      /** Get the component handler */
 358      require_once( $configuration->rootPath() . '/includes/cmtclasses.php' );
 359      $c_handler =& mosComponentHandler::getInstance();
 360      $c_handler->startBuffer();
 361  
 362      if (!$urlerror AND $path = $mainframe->getPath( 'front' )) {
 363          $menuhandler =& mosMenuHandler::getInstance();
 364          $ret = $menuhandler->menuCheck($Itemid, $option, $task, $gid);
 365          $menuhandler->setPathway($Itemid);
 366          if ($ret) {
 367              require ($path);
 368          }
 369          else mosNotAuth();
 370      }
 371      else {
 372          header ('HTTP/1.1 404 Not Found');
 373          $mainframe->setPageTitle(T_('404 Error - page not found'));
 374          include ($configuration->rootPath().'/page404.php');
 375      }
 376  
 377      $c_handler->endBuffer();
 378  
 379      $configuration->initGzip();
 380  
 381      $configuration->standardHeaders();
 382      if (mosGetParam($_GET, 'syndstyle', '') == 'yes') mosMainBody();
 383      elseif ($indextype == 1) {
 384          // loads template file
 385          if ( !file_exists( 'templates/'. $cur_template .'/index.php' ) ) {
 386              echo '<font color=\"red\"><b>'.T_('Template File Not Found! Looking for template').'</b></font>'.$cur_template;
 387          } else {
 388              require_once( 'templates/'. $cur_template .'/index.php' );
 389              $mambothandler =& mosMambotHandler::getInstance();
 390              $mambothandler->loadBotGroup('system');
 391              $mambothandler->trigger('afterTemplate', array($configuration));
 392              echo "<!-- ".time()." -->";
 393          }
 394      }
 395      elseif ($indextype == 2) {
 396          if ( $no_html == 0 ) {
 397              // needed to seperate the ISO number from the language file constant _ISO
 398              $iso = split( '=', _ISO );
 399              // xml prolog 
 400              echo '<?xml version="1.0" encoding="'. $iso[1] .'"?' .'>';
 401              ?>
 402              <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 403              <html xmlns="http://www.w3.org/1999/xhtml">
 404              <head>
 405              <link rel="stylesheet" href="templates/<?php echo $cur_template;?>/css/template_css.css" type="text/css" />
 406              <meta http-equiv="Content-Type" content="text/html; <?php echo _ISO; ?>" />
 407              <meta name="robots" content="noindex, nofollow">
 408              </head>
 409              <body class="contentpane">
 410              <?php mosMainBody(); ?>
 411              </body>
 412              </html>
 413              <?php
 414          } else {
 415              mosMainBody();
 416          }
 417      }
 418  
 419      $configuration->doGzip();
 420  }
 421  // displays queries performed for page
 422  if ($configuration->get('mosConfig_debug') AND $adminside != 3) $database->displayLogged();
 423  
 424  ?>

title

Description

title

Description

title

Description

title

title

Body