diff --git a/class2.php b/class2.php index 44c758c81..d3dc705ad 100644 --- a/class2.php +++ b/class2.php @@ -9,8 +9,8 @@ * General purpose file * * $Source: /cvs_backup/e107_0.8/class2.php,v $ -* $Revision: 1.160 $ -* $Date: 2009-11-19 10:07:28 $ +* $Revision: 1.161 $ +* $Date: 2009-11-22 14:10:00 $ * $Author: e107coders $ * */ @@ -484,7 +484,7 @@ else //TODO - this could be part of e107->init() method now, prefs will be auto-initialized //when proper called (e107::getPref()) -$e107->set_base_path(); +// $e107->set_base_path(); moved to init(). //DEPRECATED, BC, call e107::getConfig('menu')->get('pref_name') only when needed $menu_pref = e107::getConfig('menu')->getPref(); //extract menu prefs @@ -553,7 +553,6 @@ if ($pref['user_tracking'] == 'session') } } -define('e_SELF', ($pref['ssl_enabled'] == '1' ? 'https://'.$_SERVER['HTTP_HOST'] : 'http://'.$_SERVER['HTTP_HOST']) . ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_FILENAME'])); // if the option to force users to use a particular url for the site is enabled, redirect users there as needed // Now matches RFC 2616 (sec 3.2): case insensitive, https/:443 and http/:80 are equivalent. @@ -606,8 +605,8 @@ if($pref['redirectsiteurl'] && $pref['siteurl']) { } } -$page = substr(strrchr($_SERVER['PHP_SELF'], '/'), 1); -define('e_PAGE', $page); +// $page = substr(strrchr($_SERVER['PHP_SELF'], '/'), 1); +// define('e_PAGE', $page); // sort out the users language selection if (isset($_POST['setlanguage']) || isset($_GET['elan']) || isset($GLOBALS['elan'])) @@ -966,16 +965,12 @@ if(varset($pref['force_userupdate']) && USER && !isset($_E107['no_forceuserupdat $sql->db_Mark_Time('Start: Signup/splash/admin'); -define('e_SIGNUP', e_BASE.(file_exists(e_BASE.'customsignup.php') ? 'customsignup.php' : 'signup.php')); -define('e_LOGIN', e_BASE.(file_exists(e_BASE.'customlogin.php') ? 'customlogin.php' : 'login.php')); if(($pref['membersonly_enabled'] && !isset($_E107['allow_guest'])) || $pref['maintainance_flag']) { //XXX move force_userupdate() also? - require_once(e_HANDLER."redirection_class.php"); - $redirect = new redirection; - $redirect->checkMaintenance(); - $redirect->checkMembersOnly(); + e107::getRedirect()->checkMaintenance(); + e107::getRedirect()->checkMembersOnly(); } // ------------------------------------------------------------------------ @@ -1018,7 +1013,8 @@ if ((e_QUERY == 'logout') || (($pref['user_tracking'] == 'session') && isset($_S cookie(e_COOKIE, '', (time() - 2592000)); e107::getEvent()->trigger('logout'); - header('location:'.e_BASE.'index.php'); + e107::getRedirect()->redirect(e_BASE.'index.php'); + // header('location:'.e_BASE.'index.php'); exit(); } @@ -1055,31 +1051,11 @@ define('TIMEOFFSET', $e_deltaTime); // ---------------------------------------------------------------------------- $sql->db_Mark_Time('(Start: Find/Load Theme)'); - -// Work out which theme to use -//---------------------------- -// The following files are assumed to use admin theme: -// 1. Any file in the admin directory (check for non-plugin added to avoid mismatches) -// 2. any plugin file starting with 'admin_' -// 3. any plugin file in a folder called admin/ -// 4. any file that specifies $eplug_admin = TRUE; -// -// e_SELF has the full HTML path -$inAdminDir = FALSE; -$isPluginDir = strpos(e_SELF,'/'.$PLUGINS_DIRECTORY) !== FALSE; // True if we're in a plugin -$e107Path = str_replace($e107->base_path, '', e_SELF); // Knock off the initial bits -if ( - (!$isPluginDir && strpos($e107Path, $ADMIN_DIRECTORY) === 0 ) // Core admin directory - || ($isPluginDir && (strpos(e_PAGE,'admin_') === 0 || strpos($e107Path, 'admin/') !== FALSE)) // Plugin admin file or directory - || (varsettrue($eplug_admin) || defsettrue('ADMIN_AREA')) // Admin forced - ) -{ - $inAdminDir = TRUE; - // Load admin phrases ASAP - include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_admin.php'); +if(e_ADMIN_AREA) // Load admin phrases ASAP +{ + e107::includeLan(e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_admin.php'); } -// This should avoid further checks - NOTE: used in js_manager.php -define('e_ADMIN_AREA', ($inAdminDir && !defsettrue('USER_AREA'))); //Force USER_AREA added + if(!defined('THEME')) { @@ -1177,7 +1153,7 @@ if(!isset($_E107['no_menus'])) } // here we USE the theme -if($inAdminDir) +if(e_ADMIN_AREA) { if(file_exists(THEME.'admin_theme.php')&&(strpos(e_SELF.'?'.e_QUERY, $ADMIN_DIRECTORY.'menus.php?configure')===FALSE)) // no admin theme when previewing. { @@ -1617,9 +1593,17 @@ function init_session() # - return boolean # - scope public */ - global $sql, $pref, $user_pref, $tp, $currentUser, $e107, $_E107, $eArrayStorage; + + + global $pref, $user_pref, $currentUser, $e107, $_E107; + + $sql = e107::getDb(); + $tp = e107::getParser(); + $eArrayStorage = e107::getArrayStorage(); + define('USERIP', $e107->getip()); + if(isset($_E107['cli']) && $_SERVER['argv'][1]) { @@ -1657,6 +1641,8 @@ function init_session() if (empty($uid) || empty($upw)) { + //$_SESSION[] = e_SELF."?".e_QUERY; + cookie(e_COOKIE, '', (time() - 2592000)); $_SESSION[e_COOKIE] = ""; session_destroy(); @@ -1719,6 +1705,8 @@ function init_session() define('ADMINPERMS', $result['user_perms']); define('ADMINEMAIL', $result['user_email']); define('ADMINPWCHANGE', $result['user_pwchange']); + e107::getRedirect()->setPreviousUrl(); + } else { diff --git a/e107_admin/auth.php b/e107_admin/auth.php index a11c602c3..c72117775 100644 --- a/e107_admin/auth.php +++ b/e107_admin/auth.php @@ -9,24 +9,27 @@ * Administration Area Authorization * * $Source: /cvs_backup/e107_0.8/e107_admin/auth.php,v $ - * $Revision: 1.13 $ - * $Date: 2009-11-18 01:04:24 $ + * $Revision: 1.14 $ + * $Date: 2009-11-22 14:10:04 $ * $Author: e107coders $ -*/ + */ -if (!defined('e107_INIT')) { exit; } +if (!defined('e107_INIT')) +{ + exit; +} /* done in class2 -@include_once(e_LANGUAGEDIR.e_LANGUAGE."/admin/lan_admin.php"); -@include_once(e_LANGUAGEDIR."English/admin/lan_admin.php"); -*/ + @include_once(e_LANGUAGEDIR.e_LANGUAGE."/admin/lan_admin.php"); + @include_once(e_LANGUAGEDIR."English/admin/lan_admin.php"); + */ if (ADMIN) { define('ADMIN_PAGE', true); //don't include it if it'a an AJAX call or not wanted - if(!e_AJAX_REQUEST && !defset('e_NOHEADER')) + if (!e_AJAX_REQUEST && !defset('e_NOHEADER')) { - require_once(e_ADMIN."header.php"); + require_once (e_ADMIN."header.php"); } /* @@ -38,24 +41,25 @@ if (ADMIN) else { //login via AJAX call is not allowed - if(e_AJAX_REQUEST) + if (e_AJAX_REQUEST) { - require_once(e_HANDLER.'js_helper.php'); + require_once (e_HANDLER.'js_helper.php'); e_jshelper::sendAjaxError(403, ADLAN_86, ADLAN_87, true); } - + $use_imagecode = ($pref['logcode'] && extension_loaded("gd")); + if ($use_imagecode) { - require_once(e_HANDLER."secure_img_handler.php"); + require_once (e_HANDLER."secure_img_handler.php"); $sec_img = new secure_image; } - + if ($_POST['authsubmit']) { $obj = new auth; - - if($use_imagecode) + + if ($use_imagecode) { if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) { @@ -64,66 +68,64 @@ else exit; } } - - require_once(e_HANDLER.'user_handler.php'); - $row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'],'')); - if ($row[0] == "authfail") - { - $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",LAN_ROLL_LOG_11,"U: ".$tp->toDB($_POST['authname']),FALSE,LOG_TO_ROLLING); - echo "\n"; - header("location: ../index.php"); - exit; - } - else - { - $cookieval = $row['user_id'].".".md5($row['user_password']); - -// $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'"); -// list($user_id, $user_name, $userpass) = $sql->db_Fetch(); - - // Calculate class membership - needed for a couple of things - // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point - $class_list = explode(',',$row['user_class']); - if ($row['user_admin'] && strlen($row['user_perms'])) - { - $class_list[] = e_UC_ADMIN; - if (strpos($row['user_perms'],'0') === 0) + + // require_once (e_HANDLER.'user_handler.php'); + $row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'], '')); + + if ($row[0] == "authfail") { - $class_list[] = e_UC_MAINADMIN; + $admin_log->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", LAN_ROLL_LOG_11, "U: ".$tp->toDB($_POST['authname']), FALSE, LOG_TO_ROLLING); + echo "\n"; + // header("location: ../index.php"); + e107::getRedirect()->redirect('../index.php'); + exit; } - } - $class_list[] = e_UC_MEMBER; - $class_list[] = e_UC_PUBLIC; - - $user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],''))); - if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list)) - { // Need to note in user audit trail - $admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name); - } - - $edata_li = array("user_id" => $row['user_id'], "user_name" => $row['user_name'], 'class_list' => implode(',',$class_list)); - $e_event->trigger("login", $edata_li); - - if ($pref['user_tracking'] == "session") - { - $_SESSION[$pref['cookie_name']] = $cookieval; - } - else - { - cookie($pref['cookie_name'], $cookieval, (time()+3600 * 24 * 30)); + else + { + $cookieval = $row['user_id'].".".md5($row['user_password']); + + // $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'"); + // list($user_id, $user_name, $userpass) = $sql->db_Fetch(); + + // Calculate class membership - needed for a couple of things + // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point + $class_list = explode(',', $row['user_class']); + if ($row['user_admin'] && strlen($row['user_perms'])) + { + $class_list[] = e_UC_ADMIN; + if (strpos($row['user_perms'], '0') === 0) + { + $class_list[] = e_UC_MAINADMIN; + } } + $class_list[] = e_UC_MEMBER; + $class_list[] = e_UC_PUBLIC; + + $user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], ''))); + if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) + { // Need to note in user audit trail + e107::getAdminLog()->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name); + } + + $edata_li = array("user_id"=>$row['user_id'], "user_name"=>$row['user_name'], 'class_list'=>implode(',', $class_list)); + + e107::getEvent()->trigger("login", $edata_li); + + session_set(e_COOKIE, $cookieval, (time() + 3600 * 24 * 30)); echo "\n"; } } - + $e_sub_cat = 'logout'; - if(!defset('NO_HEADER')) require_once(e_ADMIN."header.php"); - + if (!defset('NO_HEADER')) + require_once (e_ADMIN."header.php"); + if (ADMIN == FALSE) { $obj = new auth; $obj->authform(); - if(!defset('NO_HEADER')) require_once(e_ADMIN."footer.php"); + if (!defset('NO_HEADER')) + require_once (e_ADMIN."footer.php"); exit; } } @@ -131,123 +133,123 @@ else //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// class auth { - function authform() - { - /* - # Admin auth login - # - # - parameters none - # - return null - # - scope public - */ - global $use_imagecode, $sec_img, $pref; - - $text = "
-
- + - + - - "; - + + if (isset($_SESSION['challenge']) && varset($pref['password_CHAP'], 0)) + + $text .= "\n\n"; + $text .= "\n"; + if ($use_imagecode) { $text .= " + ".$sec_img->r_image()."
"; } - + $text .= " - +
".(file_exists(THEME."images/password.png") ? "\n" : "\n" )."".(file_exists(THEME."images/password.png") ? "\n" : "\n")." ".ADLAN_89."\n\n
".ADLAN_90." \n"; - if (isset($_SESSION['challenge']) && varset($pref['password_CHAP'],0)) $text .= "\n\n"; - $text .= "
".ADLAN_152." - ". - $sec_img->r_image(). - "
- - - " + .$frm->admin_button('authsubmit',ADLAN_91). + "
"; - - $au = new e107table; - $au->tablerender(ADLAN_92, $text); + + e107::getRender()->tablerender(ADLAN_92, $text); } - function authcheck($authname, $authpass, $authresponse = '') + + /** + * Admin auth check + * @param string $authname, entered name + * @param string $authpass, entered pass + * @param object $authresponse [optional] + * @return boolean if fail, else result array + */ + public function authcheck($authname, $authpass, $authresponse = '') { - /* - # Admin auth check - # - parameter #1: string $authname, entered name - # - parameter #2: string $authpass, entered pass - # - return boolean if fail, else result array - # - scope public - */ - global $tp, $pref; - $sql_auth = e107::getDb('sql_auth'); - $reason = ''; - $user_info = new UserHandler; - $authname = $tp -> toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname))); + global $pref; + + $tp = e107::getParser(); + $sql_auth = e107::getDb('sql_auth'); + $user_info = e107::getSession(); + $reason = ''; + + $authname = $tp->toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname))); $authpass = trim($authpass); - if (($authpass == '') || ($authname == '')) $reason = 'np'; - if (strlen($authname) > varset($pref['loginname_maxlength'],30)) $reason = 'lu'; - + + if (($authpass == '') || ($authname == '')) + $reason = 'np'; + if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) + $reason = 'lu'; + if (!$reason) { - if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) - { - $row = $sql_auth->db_Fetch(); - } - elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) - { - $row = $sql_auth->db_Fetch(); - $authname = $row['user_loginname']; - } - else - { - $reason = 'iu'; - } - } - if (!$reason && ($row['user_id'])) - { // Can validate password - if (($authresponse && isset($_SESSION['challenge'])) && ($authresponse != $_SESSION['challenge'])) - { // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted) - if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) + if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) { - return $$row; + $row = $sql_auth->db_Fetch(); + } + elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) + { + $row = $sql_auth->db_Fetch(); + $authname = $row['user_loginname']; + } + else + { + $reason = 'iu'; } } - else - { // Plaintext password - if (($pass_result = $user_info->CheckPassword($authpass, $authname,$row['user_password'])) !== PASSWORD_INVALID) - { - return $row; + if (!$reason && ($row['user_id'])) // Can validate password + { + if (($authresponse && isset($_SESSION['challenge'])) && ($authresponse != $_SESSION['challenge'])) + { // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted) + if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) + { + return $$row; + } + } + else + { // Plaintext password + if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) + { + return $row; + } } } - } - return array("authfail", "reason" => $reason); + return array("authfail", "reason"=>$reason); } } //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// -?> \ No newline at end of file +?> diff --git a/e107_admin/cron.php b/e107_admin/cron.php index f44705f5b..41ba77806 100644 --- a/e107_admin/cron.php +++ b/e107_admin/cron.php @@ -11,9 +11,9 @@ | GNU General Public License (http://gnu.org/). | | $Source: /cvs_backup/e107_0.8/e107_admin/cron.php,v $ -| $Revision: 1.22 $ -| $Date: 2009-11-21 22:26:15 $ -| $Author: e107steved $ +| $Revision: 1.23 $ +| $Date: 2009-11-22 14:10:05 $ +| $Author: e107coders $ +----------------------------------------------------------------------------+ */ @@ -268,12 +268,11 @@ function cronName($classname,$method) function setCronPwd() { global $pref; - - require_once (e_HANDLER.'user_handler.php'); - $userMethods = new UserHandler; - $newpwd = $userMethods->generateRandomString('*^*#.**^*'); - $newpwd = sha1($newpwd.time()); - $pref['e_cron_pwd'] = $newpwd; + + $userMethods = e107::getSession(); + $newpwd = $userMethods->generateRandomString('*^*#.**^*'); + $newpwd = sha1($newpwd.time()); + $pref['e_cron_pwd'] = $newpwd; return save_prefs(); diff --git a/e107_admin/image.php b/e107_admin/image.php index 9b6c17b41..9e648a906 100644 --- a/e107_admin/image.php +++ b/e107_admin/image.php @@ -9,9 +9,9 @@ * Image Administration Area * * $Source: /cvs_backup/e107_0.8/e107_admin/image.php,v $ - * $Revision: 1.37 $ - * $Date: 2009-11-18 14:46:28 $ - * $Author: secretr $ + * $Revision: 1.38 $ + * $Date: 2009-11-22 14:10:05 $ + * $Author: e107coders $ * */ require_once("../class2.php"); @@ -328,7 +328,7 @@ class media_admin_ui extends e_admin_ui $oldpath = 'temp/'.$upload['name']; $newpath = $typePath.'/'.$upload['name']; - + $upload_data = array( // not saved if 'noedit' is active. 'media_type' => $upload['type'], 'media_datestamp' => time(), diff --git a/e107_admin/updateadmin.php b/e107_admin/updateadmin.php index be6266a2b..e86b38b49 100644 --- a/e107_admin/updateadmin.php +++ b/e107_admin/updateadmin.php @@ -9,8 +9,8 @@ * Administration Area - Update Admin * * $Source: /cvs_backup/e107_0.8/e107_admin/updateadmin.php,v $ - * $Revision: 1.8 $ - * $Date: 2009-11-18 01:04:26 $ + * $Revision: 1.9 $ + * $Date: 2009-11-22 14:10:06 $ * $Author: e107coders $ * */ @@ -23,9 +23,9 @@ $e_sub_cat = 'admin_pass'; require_once(e_ADMIN.'auth.php'); require_once(e_HANDLER.'message_handler.php'); -require_once(e_HANDLER.'user_handler.php'); +// require_once(e_HANDLER.'user_handler.php'); //use e107::getSession() instead. require_once(e_HANDLER.'validator_class.php'); -$userMethods = new UserHandler; +$userMethods = e107::getSession(); $emessage = &eMessage::getInstance(); if (isset($_POST['update_settings'])) diff --git a/e107_admin/users.php b/e107_admin/users.php index f6868e1de..179b9eb04 100644 --- a/e107_admin/users.php +++ b/e107_admin/users.php @@ -10,8 +10,8 @@ * Administration Area - Users * * $Source: /cvs_backup/e107_0.8/e107_admin/users.php,v $ -* $Revision: 1.69 $ -* $Date: 2009-11-18 01:04:26 $ +* $Revision: 1.70 $ +* $Date: 2009-11-22 14:10:06 $ * $Author: e107coders $ * */ @@ -78,11 +78,11 @@ require_once (e_HANDLER.'form_handler.php'); require_once (e_HANDLER.'userclass_class.php'); include_once (e_HANDLER.'user_extended_class.php'); require_once (e_HANDLER.'validator_class.php'); -require_once (e_HANDLER.'user_handler.php'); +// require_once (e_HANDLER.'user_handler.php'); // $userMethods = new UserHandler; // $colList = $userMethods->getNiceNames(TRUE); $ue = new e107_user_extended; -$userMethods = new UserHandler; +$userMethods = e107::getSession(); $user_data = array(); $frm = new e_form; $rs = new form; diff --git a/e107_handlers/e107_class.php b/e107_handlers/e107_class.php index c63df6471..f340544a3 100644 --- a/e107_handlers/e107_class.php +++ b/e107_handlers/e107_class.php @@ -9,8 +9,8 @@ * e107 Main * * $Source: /cvs_backup/e107_0.8/e107_handlers/e107_class.php,v $ - * $Revision: 1.80 $ - * $Date: 2009-11-21 11:36:10 $ + * $Revision: 1.81 $ + * $Date: 2009-11-22 14:10:07 $ * $Author: e107coders $ */ @@ -140,7 +140,9 @@ class e107 'comment' => '{e_HANDLER}comment_class.php', 'e107_user_extended' => '{e_HANDLER}user_extended_class.php', 'e_userperms' => '{e_HANDLER}user_handler.php', - 'sitelinks' => '{e_HANDLER}sitelinks_class.php' + 'UserHandler' => '{e_HANDLER}user_handler.php', + 'sitelinks' => '{e_HANDLER}sitelinks_class.php', + 'redirection' => '{e_HANDLER}redirection_class.php' ); /** @@ -216,6 +218,8 @@ class e107 { $this->e107_dirs = $e107_paths; $this->set_paths(); + $this->set_base_path(); + $this->set_eUrls(); $this->file_path = $this->fix_windows_paths($e107_root_path)."/"; } return $this; @@ -651,6 +655,8 @@ class e107 return self::getSingleton('e_parse', e_HANDLER.'e_parse_class.php'); } + + /** * Retrieve sc parser singleton object * @@ -698,7 +704,17 @@ class e107 { return self::getSingleton('user_class', true); } - + + + /** + * Retrieve redirection singleton object + * + * @return redirection + */ + public static function getRedirect() + { + return self::getSingleton('redirection', true); + } /** @@ -732,6 +748,16 @@ class e107 return self::getSingleton('e107_event', true); } + /** + * Retrieve user-session singleton object + * + * @return e107_event + */ + public static function getSession() + { + return self::getSingleton('UserHandler', true); + } + /** * Retrieve array storage singleton object * @@ -1230,6 +1256,9 @@ class e107 } + + + /** * Set all environment vars and constants * FIXME - remove globals @@ -1399,6 +1428,59 @@ class e107 return $fixed_path; } + + + + + /** + * Define e_PAGE, e_SELF, e_ADMIN_AREA and USER_AREA; + * The following files are assumed to use admin theme: + * 1. Any file in the admin directory (check for non-plugin added to avoid mismatches) + * 2. any plugin file starting with 'admin_' + * 3. any plugin file in a folder called admin/ + * 4. any file that specifies $eplug_admin = TRUE; + * @return + */ + public function set_eUrls() + { + global $PLUGINS_DIRECTORY,$ADMIN_DIRECTORY; + + $pref = $this->getConfig()->getPref(); + $page = substr(strrchr($_SERVER['PHP_SELF'], '/'), 1); + + define('e_PAGE', $page); + define('e_SELF', ($pref['ssl_enabled'] == '1' ? 'https://'.$_SERVER['HTTP_HOST'] : 'http://'.$_SERVER['HTTP_HOST']) . ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_FILENAME'])); + + define('e_SIGNUP', e_BASE.(file_exists(e_BASE.'customsignup.php') ? 'customsignup.php' : 'signup.php')); + define('e_LOGIN', e_BASE.(file_exists(e_BASE.'customlogin.php') ? 'customlogin.php' : 'login.php')); + + + + // e_SELF has the full HTML path + $inAdminDir = FALSE; + $isPluginDir = strpos(e_SELF,'/'.$PLUGINS_DIRECTORY) !== FALSE; // True if we're in a plugin + $e107Path = str_replace($this->base_path, '', e_SELF); // Knock off the initial bits + + if ( + (!$isPluginDir && strpos($e107Path, $ADMIN_DIRECTORY) === 0 ) // Core admin directory + || ($isPluginDir && (strpos(e_PAGE,'admin_') === 0 || strpos($e107Path, 'admin/') !== FALSE)) // Plugin admin file or directory + || (varsettrue($eplug_admin) || defsettrue('ADMIN_AREA')) // Admin forced + ) + { + $inAdminDir = TRUE; + } + + // This should avoid further checks - NOTE: used in js_manager.php + define('e_ADMIN_AREA', ($inAdminDir && !defsettrue('USER_AREA'))); //Force USER_AREA added + } + + + + + + + + /** * Check if current user is banned * diff --git a/e107_handlers/login.php b/e107_handlers/login.php index 7680c61a6..10551cce8 100644 --- a/e107_handlers/login.php +++ b/e107_handlers/login.php @@ -10,8 +10,8 @@ * e107 Main * * $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $ - * $Revision: 1.30 $ - * $Date: 2009-11-18 01:04:43 $ + * $Revision: 1.31 $ + * $Date: 2009-11-22 14:10:07 $ * $Author: e107coders $ */ @@ -21,7 +21,7 @@ if (!defined('e107_INIT')) { exit; } error_reporting(E_ALL); -require_once(e_HANDLER.'user_handler.php'); +// require_once(e_HANDLER.'user_handler.php'); //shouldn't be necessary include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_login.php'); define ('LOGIN_TRY_OTHER', 2); // Try some other authentication method @@ -72,6 +72,9 @@ class userlogin { return FALSE; } + + $tp = e107::getParser(); + $sql = e107::getDb(); $this->e107 = e107::getInstance(); $this->userIP = $this->e107->getip(); @@ -264,7 +267,15 @@ class userlogin } } } - header("Location: ".$redir); + + $redirPrev = e107::getRedirect()->getPreviousUrl(); + + if($redirPrev) + { + e107::getRedirect()->redirect($redirPrev); + } + + e107::getRedirect()->redirect($redir); exit(); } @@ -334,7 +345,7 @@ class userlogin } // Now check password - $this->userMethods = new UserHandler; + $this->userMethods = e107::getSession(); if ($forceLogin) { if (md5($this->userData['user_name'].$this->userData['user_password'].$this->userData['user_join']) != $userpass) diff --git a/e107_handlers/redirection_class.php b/e107_handlers/redirection_class.php index 6e93edbb3..3d21a4b6e 100644 --- a/e107_handlers/redirection_class.php +++ b/e107_handlers/redirection_class.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/redirection_class.php,v $ - | $Revision: 1.7 $ - | $Date: 2009-11-18 01:04:43 $ + | $Revision: 1.8 $ + | $Date: 2009-11-22 14:10:07 $ | $Author: e107coders $ +----------------------------------------------------------------------------+ */ @@ -42,6 +42,9 @@ class redirection */ protected $page_exceptions = array(); + + protected $query_exceptions = array(); + /** * Manage Member-Only Mode. * @@ -51,8 +54,61 @@ class redirection { $this->self_exceptions = array(SITEURL.e_SIGNUP, SITEURL.'index.php', SITEURL.'fpw.php', SITEURL.e_LOGIN, SITEURL.'membersonly.php'); $this->page_exceptions = array('e_ajax.php', 'e_js.php', 'e_jslib.php', 'sitedown.php'); + $this->query_exceptions = array('logout'); } + /** + * Store the current URL in a cookie for 5 minutes so we can return to it after being logged out. + * @return + */ + function setPreviousUrl() + { + if(in_array(e_SELF, $this->self_exceptions)) + { + return; + } + if(in_array(e_PAGE, $this->page_exceptions)) + { + return; + } + if(in_array(e_QUERY, $this->query_exceptions)) + { + return; + } + + $self = (e_QUERY) ? e_SELF."?".e_QUERY : e_SELF; + + session_set(e_COOKIE.'_previousUrl',$self ,(time()+300)); + } + + + /** + * Return the URL the admin was on, prior to being logged-out. + * @return + */ + public function getPreviousUrl() + { + return $this->getCookie('previousUrl'); + } + + + private function getCookie($name) //TODO move to e107_class or a new user l class. + { + $cookiename = e_COOKIE."_".$name; + + if(vartrue($_SESSION[$cookiename])) + { + return $_SESSION[$cookiename]; + } + elseif(vartrue($_COOKIE[$cookiename])) + { + return $_COOKIE[$cookiename]; + } + + return FALSE; + } + + /** * Perform re-direction when Maintenance Mode is active. * diff --git a/e107_handlers/sitelinks_class.php b/e107_handlers/sitelinks_class.php index 853919fc8..da2db1cd2 100644 --- a/e107_handlers/sitelinks_class.php +++ b/e107_handlers/sitelinks_class.php @@ -9,8 +9,8 @@ * * * $Source: /cvs_backup/e107_0.8/e107_handlers/sitelinks_class.php,v $ - * $Revision: 1.24 $ - * $Date: 2009-11-21 11:36:10 $ + * $Revision: 1.25 $ + * $Date: 2009-11-22 14:10:07 $ * $Author: e107coders $ */ @@ -130,7 +130,7 @@ class sitelinks foreach ($this->eLinkList['head_menu'] as $key => $link){ $main_linkid = "sub_".$link['link_id']; - $link['link_expand'] = ((isset($pref['sitelinks_expandsub']) && $pref['sitelinks_expandsub']) && !$style['linkmainonly'] && !defined("LINKSRENDERONLYMAIN") && isset($this->eLinkList[$main_linkid]) && is_array($this->eLinkList[$main_linkid])) ? TRUE : FALSE; + $link['link_expand'] = ((isset($pref['sitelinks_expandsub']) && $pref['sitelinks_expandsub']) && !vartrue($style['linkmainonly']) && !defined("LINKSRENDERONLYMAIN") && isset($this->eLinkList[$main_linkid]) && is_array($this->eLinkList[$main_linkid])) ? TRUE : FALSE; $render_link[$key] = $this->makeLink($link,'', $style, $css_class); @@ -212,7 +212,7 @@ class sitelinks $tmp = explode('.', $linkInfo['link_name'], 3); $linkInfo['link_name'] = $tmp[2]; } - $indent = ($style['linkdisplay'] != 3) ? $style['subindent'] : ""; + $indent = ($style['linkdisplay'] != 3) ? varset($style['subindent']) : ""; } // Convert any {e_XXX} to absolute URLs (relative ones sometimes get broken by adding e_HTTP at the front) diff --git a/e107_plugins/facebook/e_meta.php b/e107_plugins/facebook/e_meta.php index 540d06fea..1d6d562d5 100644 --- a/e107_plugins/facebook/e_meta.php +++ b/e107_plugins/facebook/e_meta.php @@ -15,7 +15,8 @@ if (!defined('e107_INIT')) if (USER_AREA == TRUE) { //TODO use popup window for 'invite friends'. - $CUSTOMPAGES = array_push(explode(' ', $CUSTOMPAGES), ' facebook.php'); + // $CUSTOMPAGES = array_push(explode(' ', $CUSTOMPAGES), ' facebook.php'); + $fb = e107::getSingleton('e_facebook',e_PLUGIN.'facebook/facebook_function.php'); include_once (e_PLUGIN.'facebook/facebook_function.php'); diff --git a/e107_plugins/facebook/e_module.php b/e107_plugins/facebook/e_module.php index 418ddc86c..993f82c93 100644 --- a/e107_plugins/facebook/e_module.php +++ b/e107_plugins/facebook/e_module.php @@ -2,8 +2,6 @@ //error_reporting(E_ALL); - - if (e_ADMIN_AREA !== TRUE) { @@ -20,7 +18,7 @@ if (e_ADMIN_AREA !== TRUE) prevent_cache_headers(); } - define(XMLNS, "xmlns:fb='http://www.facebook.com/2008/fbml'"); + define('XMLNS', "xmlns:fb='http://www.facebook.com/2008/fbml'"); global $pref; diff --git a/e107_plugins/facebook/facebook_function.php b/e107_plugins/facebook/facebook_function.php index 78358c830..8ed4754ff 100644 --- a/e107_plugins/facebook/facebook_function.php +++ b/e107_plugins/facebook/facebook_function.php @@ -9,8 +9,8 @@ * * * $Source: /cvs_backup/e107_0.8/e107_plugins/facebook/facebook_function.php,v $ - * $Revision: 1.15 $ - * $Date: 2009-11-18 21:18:21 $ + * $Revision: 1.16 $ + * $Date: 2009-11-22 14:10:08 $ * $Author: e107coders $ */ @@ -821,7 +821,7 @@ class e_facebook } endif; - if($fbid) + if(vartrue($fbid)) { // echo "fbid=".print_a($fbid); return $fbid[0]['uid']; diff --git a/e107_plugins/gsitemap/e_cron.php b/e107_plugins/gsitemap/e_cron.php index e527807ac..aa549ee51 100644 --- a/e107_plugins/gsitemap/e_cron.php +++ b/e107_plugins/gsitemap/e_cron.php @@ -9,8 +9,8 @@ * Plugin configuration module - gsitemap * * $Source: /cvs_backup/e107_0.8/e107_plugins/gsitemap/e_cron.php,v $ - * $Revision: 1.5 $ - * $Date: 2009-11-18 01:05:37 $ + * $Revision: 1.6 $ + * $Date: 2009-11-22 14:10:09 $ * $Author: e107coders $ * */ @@ -29,7 +29,7 @@ class gsitemap_cron // include plugin-folder in the name. global $pref; $cron = array(); - /* + $cron[] = array( 'name' => "Update Records", 'function' => "myfunction", @@ -40,7 +40,7 @@ class gsitemap_cron // include plugin-folder in the name. 'name' => "Test Email", 'function' => "sendEmail", 'description' => "Sends a test email to ".$pref['siteadminemail'] - ); */ + ); return $cron; } diff --git a/fpw.php b/fpw.php index 4e9be2342..ed41e27fd 100644 --- a/fpw.php +++ b/fpw.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/fpw.php,v $ -| $Revision: 1.10 $ -| $Date: 2009-11-18 01:04:24 $ +| $Revision: 1.11 $ +| $Date: 2009-11-22 14:10:02 $ | $Author: e107coders $ +----------------------------------------------------------------------------+ */ @@ -42,21 +42,14 @@ if ($pref['membersonly_enabled']) { if (!$FPW_TABLE_HEADER) { - if (file_exists(THEME."fpw_template.php")) - { - require_once(THEME."fpw_template.php"); - } - else - { - require_once(e_BASE.$THEMES_DIRECTORY."templates/fpw_template.php"); - } + require_once (e107::coreTemplatePath('fpw')); //correct way to load a core template. } $HEADER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_HEADER); $FOOTER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_FOOTER); } -require_once(e_HANDLER.'user_handler.php'); -$user_info = new UserHandler; +// require_once(e_HANDLER.'user_handler.php'); +$user_info = e107::getSession(); require_once(HEADERF); diff --git a/page.php b/page.php index db1732acd..7ace55c54 100644 --- a/page.php +++ b/page.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/page.php,v $ -| $Revision: 1.22 $ -| $Date: 2009-11-18 01:04:24 $ +| $Revision: 1.23 $ +| $Date: 2009-11-22 14:10:03 $ | $Author: e107coders $ | +----------------------------------------------------------------------------+ @@ -42,7 +42,7 @@ else { $cacheString = 'page_'.$page->pageID; - $cachePageTitle = 'page-t_'.$page->pageID; + $cachePageTitle = 'page-t_'.$page->pageID; if($cacheData = $e107cache->retrieve($cacheString)) { @@ -58,25 +58,27 @@ else $e107_core_custom_pages = $page -> showPage(); define("e_PAGETITLE", $e107_core_custom_pages['title']); require_once(HEADERF); + if ($e107_core_custom_pages['err']) // Need to display error block after header defined { $ns -> tablerender($e107_core_custom_pages['title'], $e107_core_custom_pages['text'],"cpage"); require_once(FOOTERF); exit; } + if ($e107_core_custom_pages['cachecontrol'] == TRUE) { - ob_start(); - $ns -> tablerender($e107_core_custom_pages['title'], $e107_core_custom_pages['text'],"cpage"); - $cache_data = ob_get_flush(); - $e107cache->set($cacheString, $cache_data); - $e107cache->set($cachePageTitle, $e107_core_custom_pages['title']."^".$e107_core_custom_pages['comment_flag']); - $comment_flag = $e107_core_custom_pages['comment_flag']; + ob_start(); + $ns -> tablerender($e107_core_custom_pages['title'], $e107_core_custom_pages['text'],"cpage"); + $cache_data = ob_get_flush(); + $e107cache->set($cacheString, $cache_data); + $e107cache->set($cachePageTitle, $e107_core_custom_pages['title']."^".$e107_core_custom_pages['comment_flag']); + $comment_flag = $e107_core_custom_pages['comment_flag']; } else { - $ns -> tablerender($e107_core_custom_pages['title'], $e107_core_custom_pages['text'],"cpage"); - $comment_flag = $e107_core_custom_pages['comment_flag']; + $ns -> tablerender($e107_core_custom_pages['title'], $e107_core_custom_pages['text'],"cpage"); + $comment_flag = $e107_core_custom_pages['comment_flag']; } } diff --git a/signup.php b/signup.php index 7cc15a228..193d8a7b8 100644 --- a/signup.php +++ b/signup.php @@ -9,9 +9,9 @@ * User signup * * $Source: /cvs_backup/e107_0.8/signup.php,v $ - * $Revision: 1.42 $ - * $Date: 2009-11-18 20:45:20 $ - * $Author: e107steved $ + * $Revision: 1.43 $ + * $Date: 2009-11-22 14:10:03 $ + * $Author: e107coders $ * */ @@ -35,18 +35,11 @@ $usere = new e107_user_extended; require_once(e_HANDLER.'calendar/calendar_class.php'); $cal = new DHTML_Calendar(true); require_once(e_HANDLER.'validator_class.php'); -require_once(e_HANDLER.'user_handler.php'); -$userMethods = new UserHandler; +// require_once(e_HANDLER.'user_handler.php'); +$userMethods = e107::getSession(); $userMethods->deleteExpired(); // Delete time-expired partial registrations -if (is_readable(THEME.'signup_template.php')) -{ - require_once(THEME.'signup_template.php'); -} -else -{ - require_once(e_THEME.'templates/signup_template.php'); -} +require_once(e107::coreTemplatePath('signup')); //correct way to load a core template. include_once(e_FILE.'shortcode/batch/signup_shortcodes.php'); @@ -262,9 +255,13 @@ if($signup_imagecode) $sec_img = new secure_image; } -if (USER || ($pref['user_reg'] == 0) || ($pref['auth_method'] != 'e107')) +if (USER || ($pref['user_reg'] == 0) || (vartrue($pref['auth_method'],'e107') != 'e107')) { - header('location: '.e_HTTP.'index.php'); + //header('location: '.e_HTTP.'index.php'); + var_dump(USER); + var_dump($pref['user_reg']); + var_dump($pref['auth_method']); + echo "hello"; exit; } diff --git a/usersettings.php b/usersettings.php index 5dd23fcc2..546d5618f 100644 --- a/usersettings.php +++ b/usersettings.php @@ -9,9 +9,9 @@ * User settings modify * * $Source: /cvs_backup/e107_0.8/usersettings.php,v $ - * $Revision: 1.44 $ - * $Date: 2009-11-18 20:45:20 $ - * $Author: e107steved $ + * $Revision: 1.45 $ + * $Date: 2009-11-22 14:10:03 $ + * $Author: e107coders $ * */ /* @@ -49,20 +49,14 @@ include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_usersettings.php'); require_once (e_HANDLER.'ren_help.php'); require_once (e_HANDLER.'user_extended_class.php'); -require_once (e_HANDLER.'user_handler.php'); +// require_once (e_HANDLER.'user_handler.php'); require_once(e_HANDLER.'validator_class.php'); $ue = new e107_user_extended; -$userMethods = new UserHandler; -require_once (e_HANDLER.'ren_help.php'); -if (is_readable(THEME.'usersettings_template.php')) -{ - include_once (THEME.'usersettings_template.php'); -} -else -{ - include_once (e_THEME.'templates/usersettings_template.php'); -} +$userMethods = e107::getSession(); + +require_once (e_HANDLER.'ren_help.php'); +include_once (e107::coreTemplatePath('usersettings')); //correct way to load a core template. include_once (e_FILE.'shortcode/batch/usersettings_shortcodes.php'); require_once (e_HANDLER.'calendar/calendar_class.php');