[ Index ] |
PHP Cross Reference of phpwcms V1.5.0 _r431 (28.01.12) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2012 Oliver Georgi <oliver@phpwcms.de> // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 // session_name('hashID'); 24 session_start(); 25 26 $phpwcms = array(); 27 $BL = array(); 28 29 require_once ('./config/phpwcms/conf.inc.php'); 30 require_once ('./include/inc_lib/default.inc.php'); 31 require_once (PHPWCMS_ROOT.'/include/inc_lib/dbcon.inc.php'); 32 33 require_once (PHPWCMS_ROOT.'/include/inc_lib/general.inc.php'); 34 require_once (PHPWCMS_ROOT.'/include/inc_lib/backend.functions.inc.php'); 35 require_once (PHPWCMS_ROOT.'/include/inc_lang/code.lang.inc.php'); 36 37 $_SESSION['REFERER_URL'] = PHPWCMS_URL.get_login_file(); 38 39 // make compatibility check 40 if(phpwcms_revision_check_temp($phpwcms["revision"]) !== true) { 41 $revision_status = phpwcms_revision_check($phpwcms["revision"]); 42 } 43 44 // define vars 45 $err = 0; 46 $wcs_user = ''; 47 48 // where user should be redirected too after login 49 if(!empty($_POST['ref_url'])) { 50 $ref_url = xss_clean($_POST['ref_url']); 51 } elseif(!empty($_GET['ref'])) { 52 $ref_url = xss_clean(rawurldecode($_GET['ref'])); 53 } else { 54 $ref_url = ''; 55 } 56 57 58 // reset all inactive users 59 $sql = "UPDATE ".DB_PREPEND."phpwcms_userlog SET "; 60 $sql .= "logged_in = 0, logged_change = '".time()."' "; 61 $sql .= "WHERE logged_in = 1 AND ( ".time()." - logged_change ) > ".intval($phpwcms["max_time"]); 62 mysql_query($sql, $db); 63 64 65 //load default language EN 66 require_once (PHPWCMS_ROOT.'/include/inc_lang/backend/en/lang.inc.php'); 67 68 //define language and check if language file is available 69 if(isset($_COOKIE['phpwcmsBELang'])) { 70 $temp_lang = strtoupper( substr( trim( $_COOKIE['phpwcmsBELang'] ), 0, 2 ) ); 71 if( isset( $BL[ $temp_lang ] ) ) { 72 $_SESSION["wcs_user_lang"] = strtolower($temp_lang); 73 } else { 74 setcookie('phpwcmsBELang', '', time()-3600 ); 75 } 76 } 77 if(isset($_POST['form_lang'])) { 78 $_SESSION["wcs_user_lang"] = strtolower(substr(clean_slweg($_POST['form_lang']), 0, 2)); 79 set_language_cookie(); 80 } 81 if(empty($_SESSION["wcs_user_lang"])) { 82 $_SESSION["wcs_user_lang"] = strtolower( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? substr( $_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2 ) : $phpwcms["default_lang"] ); 83 } else { 84 $_SESSION["wcs_user_lang"] = strtolower( substr($_SESSION["wcs_user_lang"], 0, 2 ) ); 85 } 86 if(isset($BL[strtoupper($_SESSION["wcs_user_lang"])]) && is_file(PHPWCMS_ROOT.'/include/inc_lang/backend/'.$_SESSION["wcs_user_lang"].'/lang.inc.php')) { 87 $_SESSION["wcs_user_lang_custom"] = 1; 88 } else { 89 $_SESSION["wcs_user_lang"] = 'en'; //by ono 90 $_SESSION["wcs_user_lang_custom"] = 0; 91 } 92 if(!empty($_SESSION["wcs_user_lang_custom"])) { 93 //use custom lang if available -> was set in login.php 94 $BL['merge_lang_array'][0] = $BL['be_admin_optgroup_label']; 95 $BL['merge_lang_array'][1] = $BL['be_cnt_field']; 96 include_once (PHPWCMS_ROOT.'/include/inc_lang/backend/'.$_SESSION["wcs_user_lang"].'/lang.inc.php'); 97 $BL['be_admin_optgroup_label'] = array_merge($BL['merge_lang_array'][0], $BL['be_admin_optgroup_label']); 98 $BL['be_cnt_field'] = array_merge($BL['merge_lang_array'][1], $BL['be_cnt_field']); 99 } 100 101 //WYSIWYG EDITOR: 102 //0 = no wysiwyg editor (default) 103 //1 = CKEditor 104 //2 = FCKeditor 105 $phpwcms["wysiwyg_editor"] = abs(intval($phpwcms["wysiwyg_editor"])); 106 if($phpwcms["wysiwyg_editor"] > 2) { 107 $phpwcms["wysiwyg_editor"] = 1; 108 } 109 $_SESSION["WYSIWYG_EDITOR"] = $phpwcms["wysiwyg_editor"]; 110 $wysiwyg_template = ''; 111 112 if($phpwcms["wysiwyg_editor"]) { 113 114 if(!empty($phpwcms['wysiwyg_template']['FCKeditor'])) { 115 $wysiwyg_template = convertStringToArray($phpwcms['wysiwyg_template']['FCKeditor']); 116 } elseif(!empty($phpwcms['wysiwyg_template']['CKEditor'])) { 117 $wysiwyg_template = convertStringToArray($phpwcms['wysiwyg_template']['CKEditor']); 118 } 119 120 if(empty($wysiwyg_template) || count($wysiwyg_template) == 0) { 121 $wysiwyg_template = array('Basic'); 122 } 123 124 } 125 126 if(isset($_POST['form_aktion']) && $_POST['form_aktion'] == 'login' && isset($_POST['json']) && $_POST['json'] == '1') { 127 128 $login_passed = 0; 129 $wcs_user = slweg($_POST['form_loginname']); 130 $wcs_pass = slweg($_POST['md5pass']); 131 132 $sql_query = "SELECT * FROM ".DB_PREPEND."phpwcms_user WHERE usr_login='". 133 aporeplace($wcs_user)."' AND usr_pass='". 134 aporeplace($wcs_pass)."' AND usr_aktiv=1 AND (usr_fe=1 OR usr_fe=2)"; 135 136 if($result = mysql_query($sql_query)) { 137 if($row = mysql_fetch_assoc($result)) { 138 $_SESSION["wcs_user"] = $wcs_user; 139 $_SESSION["wcs_user_name"] = ($row["usr_name"]) ? $row["usr_name"] : $wcs_user; 140 $_SESSION["wcs_user_id"] = $row["usr_id"]; 141 $_SESSION["wcs_user_aktiv"] = $row["usr_aktiv"]; 142 $_SESSION["wcs_user_rechte"] = $row["usr_rechte"]; 143 $_SESSION["wcs_user_email"] = $row["usr_email"]; 144 $_SESSION["wcs_user_avatar"] = $row["usr_avatar"]; 145 $_SESSION["wcs_user_logtime"] = time(); 146 $_SESSION["wcs_user_admin"] = intval($row["usr_admin"]); 147 $_SESSION["wcs_user_thumb"] = 1; 148 if($row["usr_lang"]) { 149 $_SESSION["wcs_user_lang"] = $row["usr_lang"]; 150 } 151 152 set_language_cookie(); 153 154 $_SESSION["structure"] = @unserialize($row["usr_var_structure"]); 155 $_SESSION["klapp"] = @unserialize($row["usr_var_privatefile"]); 156 $_SESSION["pklapp"] = @unserialize($row["usr_var_publicfile"]); 157 $row["usr_vars"] = @unserialize($row["usr_vars"]); 158 $_SESSION["WYSIWYG_TEMPLATE"] = empty($row["usr_vars"]['template']) || !in_array($row["usr_vars"]['template'], $wysiwyg_template) ? $wysiwyg_template[0] : $row["usr_vars"]['template']; 159 160 $row["usr_wysiwyg"] = abs(intval($row["usr_wysiwyg"])); 161 // Fallback to FCKeditor? 162 $_SESSION["WYSIWYG_EDITOR"] = $row["usr_wysiwyg"] > 2 ? 2 : $row["usr_wysiwyg"]; 163 164 $login_passed = 1; 165 } 166 mysql_free_result($result); 167 } 168 169 if($login_passed) { 170 // Store login information in DB 171 $check = mysql_query( "SELECT COUNT(*) FROM ".DB_PREPEND."phpwcms_userlog WHERE logged_user='". 172 aporeplace($wcs_user)."' AND logged_in=1", $db ); 173 if($row = mysql_fetch_row($check)) { 174 if(!$row[0]) { 175 // User not yet logged in, create new 176 mysql_query("INSERT INTO ".DB_PREPEND."phpwcms_userlog ". 177 "(logged_user, logged_username, logged_start, logged_change, ". 178 "logged_in, logged_ip) VALUES ('". 179 aporeplace($wcs_user)."', '".aporeplace($_SESSION["wcs_user_name"])."', ".time().", ". 180 time().", 1, '".aporeplace(getRemoteIP())."')", $db ); 181 } 182 } 183 mysql_free_result($check); 184 $_SESSION['PHPWCMS_ROOT'] = PHPWCMS_ROOT; 185 set_status_message('Welcome '.$wcs_user.'!'); 186 if($ref_url) { 187 headerRedirect($ref_url.'&'.session_name().'='.session_id()); 188 } else { 189 headerRedirect(PHPWCMS_URL."phpwcms.php?". session_name().'='.session_id()); 190 } 191 192 } else { 193 $err = 1; 194 } 195 196 } elseif(isset($_POST['json']) && intval($_POST['json']) != 1) { 197 198 $err = 1; 199 200 } 201 202 ?> 203 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 204 <html xmlns="http://www.w3.org/1999/xhtml"> 205 206 <head> 207 <title><?php echo $BL['be_page_title'] . ' - ' . PHPWCMS_HOST ?></title> 208 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo PHPWCMS_CHARSET ?>" /> 209 <meta name="robots" content="noindex, nofollow" /> 210 <link href="include/inc_css/login.css" rel="stylesheet" type="text/css" /> 211 <script type="text/javascript" src="include/inc_js/phpwcms.js"></script> 212 <script type="text/javascript" src="include/inc_js/md5.js"></script> 213 <?php 214 215 if((isset($_SESSION["wcs_user_lang"]) && $_SESSION["wcs_user_lang"] == 'ar') || strtolower($phpwcms['default_lang']) == 'ar') { 216 echo ' <style type="text/css">' . LF . '<!--' . LF . '* {direction: rtl;}' . LF . '// -->' . LF . '</style>'; 217 } 218 219 ?> 220 </head> 221 222 <body> 223 <table width="504" border="0" align="center" cellpadding="0" cellspacing="0" summary="Login Screen"> 224 <tr> 225 <td colspan="3"><img src="img/leer.gif" alt="" width="1" height="12" /></td> 226 </tr> 227 <tr> 228 <td colspan="3"><a href="index.php" target="_top"><img src="img/backend/preinfo2.jpg" alt="phpwcms" width="122" height="31" border="0" hspace="18" /></a></td> 229 </tr> 230 <tr> 231 <td colspan="3"><img src="img/leer.gif" alt="" width="1" height="7" /></td> 232 </tr> 233 <tr> 234 <td colspan="3"><a href="index.php" target="_top"><img src="img/backend/preinfo2_r4_c2.jpg" alt="phpwcms" width="504" height="154" border="0" /></a></td> 235 </tr> 236 <tr> 237 <td colspan="3"><img src="img/leer.gif" alt="" width="1" height="11" /></td> 238 </tr> 239 <tr> 240 <td width="15" style="width:15px;"><img src="img/backend/preinfo2_r6_c2.gif" alt="" width="15" height="15" border="0" /></td> 241 <td width="474" bgcolor="#FFFFFF" style="width:474px;"><img src="img/backend/preinfo2_r6_c3.gif" alt="" width="474" height="15" border="0" /></td> 242 <td width="15" style="width:15px;"><img src="img/backend/preinfo2_r6_c7.gif" alt="" width="15" height="15" border="0" /></td> 243 </tr> 244 <tr> 245 <td style="background-image:url(img/backend/preinfo2_r7_c2.gif);background-repeat:repeat-y;" bgcolor="#FFFFFF"> </td> 246 <td bgcolor="#FFFFFF" style="padding-left:3px;padding-right:3px;" id="loginFormArea"> 247 <div class="error" style="font-weight:bold;padding:0 0 15px 0;font-size:12px;text-align:center"><?php 248 249 echo $BL['be_login_jsinfo']; 250 251 ?></div></td> 252 <td style="background-image:url(img/backend/preinfo2_r7_c7.gif);background-repeat:repeat-y;background-position:right;" bgcolor="#FFFFFF"> </td> 253 </tr> 254 <tr> 255 <td style="background-image:url(img/backend/preinfo2_r7_c2.gif);background-repeat:repeat-y;" bgcolor="#FFFFFF"> </td> 256 <td bgcolor="#FFFFFF" style="padding: 0 3px 5px 3px;"> 257 <strong><a href="http://www.phpwcms.de" target="_blank" style="text-decoration:none;">phpwcms</a></strong> 258 Copyright © 2003—<?php echo date('Y'); ?> 259 Oliver Georgi. Extensions are copyright of their respective owners. 260 Visit <a href="http://www.phpwcms.de" target="_blank">http://www.phpwcms.de</a> for 261 details. phpwcms is free software released under <a href="http://www.fsf.org/licensing/licenses/gpl.html" target="_blank">GPL</a> 262 and comes WITHOUT ANY WARRANTY. Obstructing the appearance of this notice is prohibited by law. 263 </td> 264 <td style="background-image:url(img/backend/preinfo2_r7_c7.gif);background-repeat:repeat-y;background-position:right;" bgcolor="#FFFFFF"> </td> 265 </tr> 266 <tr> 267 <td><img src="img/backend/preinfo2_r9_c2.gif" alt="" width="15" height="15" border="0" /></td> 268 <td bgcolor="#FFFFFF"><img src="img/backend/preinfo2_r9_c3.gif" alt="" width="474" height="15" border="0" /></td> 269 <td><img src="img/backend/preinfo2_r9_c7.gif" alt="" width="15" height="15" border="0" /></td> 270 </tr> 271 </table> 272 <?php 273 274 // get whole login form and keep in buffer 275 ob_start(); 276 277 ?> 278 <form action="<?php echo PHPWCMS_URL.get_login_file() ?>" method="post" name="login_formular" id="login_formular" style="margin:0;padding:0;" onsubmit="return login(this);" autocomplete="off"> 279 <input type="hidden" name="json" id="json" value="0" /> 280 <input type="hidden" name="md5pass" id="md5pass" value="" autocomplete="off" /> 281 <input type="hidden" name="ref_url" value="<?php echo html_entities($ref_url) ?>" /> 282 <input name="form_aktion" type="hidden" id="form_aktion" value="login" /> 283 <?php 284 285 echo '<h1>'.$BL["login_text"].'</h1>'; 286 287 if(file_exists(PHPWCMS_ROOT.'/setup')) { 288 echo '<div class="error" style="margin-top:10px;">'.$BL["setup_dir_exists"].'</div>'; 289 } 290 if(file_exists(PHPWCMS_ROOT.'/phpwcms_code_snippets')) { 291 echo '<div class="error" style="margin-top:10px;">'.$BL["phpwcms_code_snippets_dir_exists"].'</div>'; 292 } 293 294 if(isset($_POST['json']) && $_POST['json'] == 2) $err = 0; 295 296 if($err) { 297 echo '<div class="error" style="margin-top:10px;font-weight:bold;">'.$BL["login_error"].'</div>'; 298 } 299 300 echo '<div class="error" style="margin-top:10px;font-weight:bold;display:none;" id="jserr">'.$BL["login_error"].'</div>'; 301 302 ?> 303 304 <table border="0" cellpadding="0" cellspacing="0" summary="Login Form" style="margin:15px 0 20px 10px"> 305 <tr> 306 <td align="right" nowrap="nowrap" class="v10"><?php echo $BL["login_username"] ?>: </td> 307 <td class="v10"><input name="form_loginname" type="text" id="form_loginname" style="width:250px;" size="30" maxlength="30" value="<?php echo html_specialchars($wcs_user); ?>" /></td> 308 </tr> 309 <tr><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="3" /></td></tr> 310 <tr> 311 <td align="right" nowrap="nowrap" class="v10"><?php echo $BL["login_userpass"] ?>: </td> 312 <td class="v10"><input name="form_password" type="password" id="form_password" style="width:250px;" size="30" maxlength="40" /></td> 313 </tr> 314 <tr><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="4" /></td></tr> 315 <tr> 316 <td align="right" nowrap="nowrap" class="v10"><?php echo $BL["login_lang"] ?>: </td> 317 <td class="v10"><select name="form_lang" id="form_lang" style="width:250px;" onchange="getObjectById('json').value='2';login(this.form);"> 318 <?php 319 // check available languages installed and build language selector menu 320 $lang_dirs = opendir(PHPWCMS_ROOT.'/include/inc_lang/backend'); 321 $lang_code = array(); 322 while($lang_codes = readdir( $lang_dirs )) { 323 if( $lang_codes != "." && $lang_codes != ".." && is_file(PHPWCMS_ROOT.'/include/inc_lang/backend/'.$lang_codes."/lang.inc.php")) { 324 $lang_code[$lang_codes] = '<option value="'.$lang_codes.'"'; 325 $lang_code[$lang_codes] .= ($lang_codes == $_SESSION["wcs_user_lang"]) ? ' selected="selected"' : ''; 326 $lang_code[$lang_codes] .= '>'; 327 $lang_code[$lang_codes] .= (isset($BL[strtoupper($lang_codes)])) ? $BL[strtoupper($lang_codes)] : strtoupper($lang_codes); 328 $lang_code[$lang_codes] .= '</option>'; 329 } 330 } 331 closedir( $lang_dirs ); 332 ksort($lang_code); 333 334 echo implode(LF, $lang_code); 335 336 ?> 337 </select></td> 338 </tr> 339 <tr><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="10" /></td></tr> 340 <tr> 341 <td> </td> 342 <td><input name="submit_form" type="submit" value="<?php echo $BL["login_button"] ?>" /></td> 343 </tr> 344 </table> 345 </form> 346 <?php 347 348 $formAll = str_replace( array("'", "\r", "\n", '<'), array("\'", '', " ", "<'+'"), ob_get_clean() ); 349 350 ?> 351 <script type="text/javascript"> 352 getObjectById('loginFormArea').innerHTML = '<?php echo $formAll ?>'; 353 getObjectById('form_loginname').focus(); 354 </script> 355 </body> 356 </html>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Sun Jan 29 16:31:14 2012 | Cross-referenced by PHPXref 0.7.1 |