[ Index ] |
PHP Cross Reference of phpwcms V1.4.3 _r380 (23.11.09) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2009 Oliver Georgi (oliver@phpwcms.de) // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 // session_name('hashID'); 24 session_start(); 25 26 $phpwcms = array(); 27 $BL = array(); 28 29 require_once ('./config/phpwcms/conf.inc.php'); 30 require_once ('./include/inc_lib/default.inc.php'); 31 require_once (PHPWCMS_ROOT.'/include/inc_lib/dbcon.inc.php'); 32 33 require_once (PHPWCMS_ROOT.'/include/inc_lib/general.inc.php'); 34 require_once (PHPWCMS_ROOT.'/include/inc_lib/backend.functions.inc.php'); 35 require_once (PHPWCMS_ROOT.'/include/inc_lang/code.lang.inc.php'); 36 37 $_SESSION['REFERER_URL'] = PHPWCMS_URL.get_login_file(); 38 39 // define vars 40 $err = 0; 41 $wcs_user = ''; 42 43 // where user should be redirected too after login 44 if(!empty($_POST['ref_url'])) { 45 $ref_url = xss_clean($_POST['ref_url']); 46 } elseif(!empty($_GET['ref'])) { 47 $ref_url = xss_clean(rawurldecode($_GET['ref'])); 48 } else { 49 $ref_url = ''; 50 } 51 52 53 // reset all inactive users 54 $sql = "UPDATE ".DB_PREPEND."phpwcms_userlog SET "; 55 $sql .= "logged_in = 0, logged_change = '".time()."' "; 56 $sql .= "WHERE logged_in = 1 AND ( ".time()." - logged_change ) > ".intval($phpwcms["max_time"]); 57 mysql_query($sql, $db); 58 59 60 //load default language EN 61 require_once (PHPWCMS_ROOT.'/include/inc_lang/backend/en/lang.inc.php'); 62 63 //define language and check if language file is available 64 if(isset($_COOKIE['phpwcmsBELang'])) { 65 $temp_lang = strtoupper( substr( trim( $_COOKIE['phpwcmsBELang'] ), 0, 2 ) ); 66 if( isset( $BL[ $temp_lang ] ) ) { 67 $_SESSION["wcs_user_lang"] = strtolower($temp_lang); 68 } else { 69 setcookie('phpwcmsBELang', '', time()-3600 ); 70 } 71 } 72 if(isset($_POST['form_lang'])) { 73 $_SESSION["wcs_user_lang"] = strtolower(substr(clean_slweg($_POST['form_lang']), 0, 2)); 74 set_language_cookie(); 75 } 76 if(empty($_SESSION["wcs_user_lang"])) { 77 $_SESSION["wcs_user_lang"] = strtolower( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? substr( $_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2 ) : $phpwcms["default_lang"] ); 78 } else { 79 $_SESSION["wcs_user_lang"] = strtolower( substr($_SESSION["wcs_user_lang"], 0, 2 ) ); 80 } 81 if(isset($BL[strtoupper($_SESSION["wcs_user_lang"])]) && is_file(PHPWCMS_ROOT.'/include/inc_lang/backend/'.$_SESSION["wcs_user_lang"].'/lang.inc.php')) { 82 $_SESSION["wcs_user_lang_custom"] = 1; 83 } else { 84 $_SESSION["wcs_user_lang"] = 'en'; //by ono 85 $_SESSION["wcs_user_lang_custom"] = 0; 86 } 87 if(!empty($_SESSION["wcs_user_lang_custom"])) { 88 //use custom lang if available -> was set in login.php 89 $BL['merge_lang_array'][0] = $BL['be_admin_optgroup_label']; 90 $BL['merge_lang_array'][1] = $BL['be_cnt_field']; 91 include_once (PHPWCMS_ROOT.'/include/inc_lang/backend/'.$_SESSION["wcs_user_lang"].'/lang.inc.php'); 92 $BL['be_admin_optgroup_label'] = array_merge($BL['merge_lang_array'][0], $BL['be_admin_optgroup_label']); 93 $BL['be_cnt_field'] = array_merge($BL['merge_lang_array'][1], $BL['be_cnt_field']); 94 } 95 96 //WYSIWYG EDITOR: 97 //0 = no wysiwyg editor (default) 98 //1 = CKEditor 99 //2 = FCKeditor 100 $phpwcms["wysiwyg_editor"] = abs(intval($phpwcms["wysiwyg_editor"])); 101 if($phpwcms["wysiwyg_editor"] > 2) { 102 $phpwcms["wysiwyg_editor"] = 1; 103 } 104 $_SESSION["WYSIWYG_EDITOR"] = $phpwcms["wysiwyg_editor"]; 105 $wysiwyg_template = ''; 106 107 if($phpwcms["wysiwyg_editor"]) { 108 109 if(!empty($phpwcms['wysiwyg_template']['FCKeditor'])) { 110 $wysiwyg_template = convertStringToArray($phpwcms['wysiwyg_template']['FCKeditor']); 111 } elseif(!empty($phpwcms['wysiwyg_template']['CKEditor'])) { 112 $wysiwyg_template = convertStringToArray($phpwcms['wysiwyg_template']['CKEditor']); 113 } 114 115 if(empty($wysiwyg_template) || count($wysiwyg_template) == 0) { 116 $wysiwyg_template = array('Basic'); 117 } 118 119 } 120 121 if(isset($_POST['form_aktion']) && $_POST['form_aktion'] == 'login' && isset($_POST['json']) && $_POST['json'] == '1') { 122 123 $login_passed = 0; 124 $wcs_user = slweg($_POST['form_loginname']); 125 $wcs_pass = slweg($_POST['md5pass']); 126 127 $sql_query = "SELECT * FROM ".DB_PREPEND."phpwcms_user WHERE usr_login='". 128 aporeplace($wcs_user)."' AND usr_pass='". 129 aporeplace($wcs_pass)."' AND usr_aktiv=1 AND (usr_fe=1 OR usr_fe=2)"; 130 131 if($result = mysql_query($sql_query)) { 132 if($row = mysql_fetch_assoc($result)) { 133 $_SESSION["wcs_user"] = $wcs_user; 134 $_SESSION["wcs_user_name"] = ($row["usr_name"]) ? $row["usr_name"] : $wcs_user; 135 $_SESSION["wcs_user_id"] = $row["usr_id"]; 136 $_SESSION["wcs_user_aktiv"] = $row["usr_aktiv"]; 137 $_SESSION["wcs_user_rechte"] = $row["usr_rechte"]; 138 $_SESSION["wcs_user_email"] = $row["usr_email"]; 139 $_SESSION["wcs_user_avatar"] = $row["usr_avatar"]; 140 $_SESSION["wcs_user_logtime"] = time(); 141 $_SESSION["wcs_user_admin"] = intval($row["usr_admin"]); 142 $_SESSION["wcs_user_thumb"] = 1; 143 if($row["usr_lang"]) { 144 $_SESSION["wcs_user_lang"] = $row["usr_lang"]; 145 } 146 147 set_language_cookie(); 148 149 $_SESSION["structure"] = @unserialize($row["usr_var_structure"]); 150 $_SESSION["klapp"] = @unserialize($row["usr_var_privatefile"]); 151 $_SESSION["pklapp"] = @unserialize($row["usr_var_publicfile"]); 152 $row["usr_vars"] = @unserialize($row["usr_vars"]); 153 $_SESSION["WYSIWYG_TEMPLATE"] = empty($row["usr_vars"]['template']) || !in_array($row["usr_vars"]['template'], $wysiwyg_template) ? $wysiwyg_template[0] : $row["usr_vars"]['template']; 154 155 $row["usr_wysiwyg"] = abs(intval($row["usr_wysiwyg"])); 156 // Fallback to FCKeditor? 157 $_SESSION["WYSIWYG_EDITOR"] = $row["usr_wysiwyg"] > 2 ? 2 : $row["usr_wysiwyg"]; 158 159 $login_passed = 1; 160 } 161 mysql_free_result($result); 162 } 163 164 if($login_passed) { 165 //Schreiben der Login-Daten in Datenbank 166 $check = mysql_query( "SELECT COUNT(*) FROM ".DB_PREPEND."phpwcms_userlog WHERE logged_user='". 167 aporeplace($wcs_user)."' AND logged_in=1", $db ); 168 if($row = mysql_fetch_row($check)) { 169 if(!$row[0]) { 170 //Wenn kein User geführt wird, dann neu anlegen 171 mysql_query("INSERT INTO ".DB_PREPEND."phpwcms_userlog ". 172 "(logged_user, logged_username, logged_start, logged_change, ". 173 "logged_in, logged_ip) VALUES ('". 174 aporeplace($wcs_user)."', '".aporeplace($_SESSION["wcs_user_name"])."', ".time().", ". 175 time().", 1, '".aporeplace(getRemoteIP())."')", $db ); 176 } 177 } 178 mysql_free_result($check); 179 $_SESSION['PHPWCMS_ROOT'] = PHPWCMS_ROOT; 180 set_status_message('Welcome '.$wcs_user.'!'); 181 if($ref_url) { 182 headerRedirect($ref_url.'&'.session_name().'='.session_id()); 183 } else { 184 headerRedirect(PHPWCMS_URL."phpwcms.php?". session_name().'='.session_id()); 185 } 186 187 } else { 188 $err = 1; 189 } 190 191 } elseif(isset($_POST['json']) && intval($_POST['json']) != 1) { 192 193 $err = 1; 194 195 } 196 197 ?> 198 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 199 <html xmlns="http://www.w3.org/1999/xhtml"> 200 201 <head> 202 <title><?php echo $BL['be_page_title'] . ' - ' . PHPWCMS_HOST ?></title> 203 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 204 <meta name="robots" content="noindex, nofollow" /> 205 <link href="include/inc_css/login.css" rel="stylesheet" type="text/css" /> 206 <script language="JavaScript" type="text/javascript" src="include/inc_js/phpwcms.js"></script> 207 <script language="JavaScript" type="text/javascript" src="include/inc_js/md5.js"></script> 208 <?php 209 210 if(isset($_SESSION["wcs_user_lang"]) && $_SESSION["wcs_user_lang"] == 'ar') { 211 echo ' <style type="text/css">' . LF . '<!--' . LF . '* {direction: rtl;}' . LF . '//-->' . LF . '</style>'; 212 } elseif(strtolower($phpwcms['default_lang']) == 'ar') { 213 echo ' <style type="text/css">' . LF . '<!--' . LF . '* {direction: rtl;}' . LF . '//-->' . LF . '</style>'; 214 } 215 216 ?> 217 </head> 218 219 <body> 220 <table width="504" border="0" align="center" cellpadding="0" cellspacing="0" summary="Login Screen"> 221 <tr> 222 <td colspan="3"><img src="img/leer.gif" alt="" width="1" height="12" /></td> 223 </tr> 224 <tr> 225 <td colspan="3"><a href="index.php" target="_top"><img src="img/backend/preinfo2.jpg" alt="phpwcms" width="122" height="31" border="0" hspace="18" /></a></td> 226 </tr> 227 <tr> 228 <td colspan="3"><img src="img/leer.gif" alt="" width="1" height="7" /></td> 229 </tr> 230 <tr> 231 <td colspan="3"><a href="index.php" target="_top"><img src="img/backend/preinfo2_r4_c2.jpg" alt="phpwcms" width="504" height="154" border="0" /></a></td> 232 </tr> 233 <tr> 234 <td colspan="3"><img src="img/leer.gif" alt="" width="1" height="11" /></td> 235 </tr> 236 <tr> 237 <td width="15" style="width:15px;"><img src="img/backend/preinfo2_r6_c2.gif" alt="" width="15" height="15" border="0" /></td> 238 <td width="474" bgcolor="#FFFFFF" style="width:474px;"><img src="img/backend/preinfo2_r6_c3.gif" alt="" width="474" height="15" border="0" /></td> 239 <td width="15" style="width:15px;"><img src="img/backend/preinfo2_r6_c7.gif" alt="" width="15" height="15" border="0" /></td> 240 </tr> 241 <tr> 242 <td style="background-image:url(img/backend/preinfo2_r7_c2.gif);background-repeat:repeat-y;" bgcolor="#FFFFFF"> </td> 243 <td bgcolor="#FFFFFF" style="padding-left:3px;padding-right:3px;" id="loginFormArea"> 244 <div class="error" style="font-weight:bold;padding:0 0 15px 0;font-size:12px;text-align:center"><?php 245 246 echo $BL['be_login_jsinfo']; 247 248 ?></div></td> 249 <td style="background-image:url(img/backend/preinfo2_r7_c7.gif);background-repeat:repeat-y;background-position:right;" bgcolor="#FFFFFF"> </td> 250 </tr> 251 <tr> 252 <td style="background-image:url(img/backend/preinfo2_r7_c2.gif);background-repeat:repeat-y;" bgcolor="#FFFFFF"> </td> 253 <td bgcolor="#FFFFFF" style="padding: 0 3px 5px 3px;"> 254 <strong><a href="http://www.phpwcms.de" target="_blank" style="text-decoration:none;">phpwcms</a></strong> 255 Copyright © 2003—<?php echo date('Y'); ?> 256 Oliver Georgi. Extensions are copyright of their respective owners. 257 Visit <a href="http://www.phpwcms.de" target="_blank">http://www.phpwcms.de</a> for 258 details. phpwcms is free software released under <a href="http://www.fsf.org/licensing/licenses/gpl.html" target="_blank">GPL</a> 259 and comes WITHOUT ANY WARRANTY. Obstructing the appearance of this notice is prohibited by law. 260 </td> 261 <td style="background-image:url(img/backend/preinfo2_r7_c7.gif);background-repeat:repeat-y;background-position:right;" bgcolor="#FFFFFF"> </td> 262 </tr> 263 <tr> 264 <td><img src="img/backend/preinfo2_r9_c2.gif" alt="" width="15" height="15" border="0" /></td> 265 <td bgcolor="#FFFFFF"><img src="img/backend/preinfo2_r9_c3.gif" alt="" width="474" height="15" border="0" /></td> 266 <td><img src="img/backend/preinfo2_r9_c7.gif" alt="" width="15" height="15" border="0" /></td> 267 </tr> 268 </table> 269 <?php 270 271 // get whole login form and keep in buffer 272 ob_start(); 273 274 //<div id="loginForm" style="display:none;"> 275 276 ?> 277 <form action="<?php echo PHPWCMS_URL.get_login_file() ?>" method="post" name="login_formular" id="login_formular" style="margin:0;padding:0;" onsubmit="return login(this);" autocomplete="off"> 278 <input type="hidden" name="json" id="json" value="0" /> 279 <input type="hidden" name="md5pass" id="md5pass" value="" autocomplete="off" /> 280 <input type="hidden" name="ref_url" value="<?php echo html_entities($ref_url) ?>" /> 281 <input name="form_aktion" type="hidden" id="form_aktion" value="login" /> 282 <?php 283 284 echo '<h1>'.$BL["login_text"].'</h1>'; 285 286 if(file_exists(PHPWCMS_ROOT.'/setup')) { 287 echo '<div class="error" style="margin-top:10px;">'.$BL["setup_dir_exists"].'</div>'; 288 } 289 if(file_exists(PHPWCMS_ROOT.'/phpwcms_code_snippets')) { 290 echo '<div class="error" style="margin-top:10px;">'.$BL["phpwcms_code_snippets_dir_exists"].'</div>'; 291 } 292 293 if(isset($_POST['json']) && $_POST['json'] == 2) $err = 0; 294 295 if($err) { 296 echo '<div class="error" style="margin-top:10px;font-weight:bold;">'.$BL["login_error"].'</div>'; 297 } 298 299 echo '<div class="error" style="margin-top:10px;font-weight:bold;display:none;" id="jserr">'.$BL["login_error"].'</div>'; 300 301 ?> 302 303 <table border="0" cellpadding="0" cellspacing="0" summary="Login Form" style="margin:15px 0 20px 10px"> 304 <tr> 305 <td align="right" nowrap="nowrap" class="v10"><?php echo $BL["login_username"] ?>: </td> 306 <td class="v10"><input name="form_loginname" type="text" id="form_loginname" style="width:250px;" size="30" maxlength="30" value="<?php echo html_specialchars($wcs_user); ?>" /></td> 307 </tr> 308 <tr><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="3" /></td></tr> 309 <tr> 310 <td align="right" nowrap="nowrap" class="v10"><?php echo $BL["login_userpass"] ?>: </td> 311 <td class="v10"><input name="form_password" type="password" id="form_password" style="width:250px;" size="30" maxlength="40" /></td> 312 </tr> 313 <tr><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="4" /></td></tr> 314 <tr> 315 <td align="right" nowrap="nowrap" class="v10"><?php echo $BL["login_lang"] ?>: </td> 316 <td class="v10"><select name="form_lang" id="form_lang" style="width:250px;" onchange="getObjectById('json').value='2';login(this.form);"> 317 <?php 318 // check available languages installed and build language selector menu 319 $lang_dirs = opendir(PHPWCMS_ROOT.'/include/inc_lang/backend'); 320 $lang_code = array(); 321 while($lang_codes = readdir( $lang_dirs )) { 322 if( $lang_codes != "." && $lang_codes != ".." && is_file(PHPWCMS_ROOT.'/include/inc_lang/backend/'.$lang_codes."/lang.inc.php")) { 323 $lang_code[$lang_codes] = '<option value="'.$lang_codes.'"'; 324 $lang_code[$lang_codes] .= ($lang_codes == $_SESSION["wcs_user_lang"]) ? ' selected="selected"' : ''; 325 $lang_code[$lang_codes] .= '>'; 326 $lang_code[$lang_codes] .= (isset($BL[strtoupper($lang_codes)])) ? $BL[strtoupper($lang_codes)] : strtoupper($lang_codes); 327 $lang_code[$lang_codes] .= '</option>'; 328 } 329 } 330 closedir( $lang_dirs ); 331 ksort($lang_code); 332 333 echo implode(LF, $lang_code); 334 335 ?> 336 </select></td> 337 </tr> 338 <tr><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="10" /></td></tr> 339 <tr> 340 <td> </td> 341 <td><input name="submit_form" type="submit" value="<?php echo $BL["login_button"] ?>" /></td> 342 </tr> 343 </table> 344 </form> 345 <?php 346 347 //</div> 348 349 $formAll = ob_get_contents(); 350 ob_end_clean(); 351 352 $formAll = str_replace( "'", "\'", trim($formAll) ); 353 $formAll = str_replace( "\r", '', $formAll ); 354 //$formAll = str_replace( "\n", '', $formAll ); 355 $formAll = str_replace( "\n", "';\nlf += '", $formAll ); 356 $formAll = str_replace( '<', "<'+'", $formAll ); 357 358 ?> 359 <script type="text/javascript"> 360 <!-- 361 var lf = '<?php echo $formAll ?>'; 362 getObjectById('loginFormArea').innerHTML = lf; 363 getObjectById('form_loginname').focus(); 364 //--> 365 </script> 366 </body> 367 </html>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Dec 30 05:55:15 2009 | Cross-referenced by PHPXref 0.7 |