prepend.php @ 2708:e8b17b3a7413

Visit:

Revision 2708:e8b17b3a7413, 10.0 KB checked in by Dsls, 11 years ago (diff)
1st attempt for admin url handler. See #1645, see #1959

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	define('DC_CONTEXT_ADMIN',true);
14
15	require_once dirname(__FILE__).'/../prepend.php';
16
17	// HTTP/1.1
18	header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
19	header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
20
21	// HTTP/1.0
22	header("Pragma: no-cache");
23
24	function dc_load_locales() {
25	global $_lang, $core;
26
27	$_lang = $core->auth->getInfo('user_lang');
28	$_lang = preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$_lang) ? $_lang : 'en';
29
30	l10n::lang($_lang);
31	if (l10n::set(dirname(__FILE__).'/../../locales/'.$_lang.'/date') === false && $_lang != 'en') {
32	l10n::set(dirname(__FILE__).'/../../locales/en/date');
33	}
34	l10n::set(dirname(__FILE__).'/../../locales/'.$_lang.'/main');
35	l10n::set(dirname(__FILE__).'/../../locales/'.$_lang.'/public');
36	l10n::set(dirname(__FILE__).'/../../locales/'.$_lang.'/plugins');
37	}
38
39	function dc_admin_icon_url($img)
40	{
41	global $core;
42
43	$core->auth->user_prefs->addWorkspace('interface');
44	$user_ui_iconset = @$core->auth->user_prefs->interface->iconset;
45	if (($user_ui_iconset) && ($img)) {
46	$icon = false;
47	if ((preg_match('/^images\/menu\/(.+)$/',$img,$m)) \|\|
48	(preg_match('/^index\.php\?pf=(.+)$/',$img,$m))) {
49	if ($m[1]) {
50	$icon = path::real(dirname(__FILE__).'/../../admin/images/iconset/'.$user_ui_iconset.'/'.$m[1],false);
51	if ($icon !== false) {
52	$allow_types = array('png','jpg','jpeg','gif');
53	if (is_file($icon) && is_readable($icon) && in_array(files::getExtension($icon),$allow_types)) {
54	return DC_ADMIN_URL.'images/iconset/'.$user_ui_iconset.'/'.$m[1];
55	}
56	}
57	}
58	}
59	}
60	return $img;
61	}
62
63	if (defined('DC_AUTH_SESS_ID') && defined('DC_AUTH_SESS_UID'))
64	{
65	# We have session information in constants
66	$_COOKIE[DC_SESSION_NAME] = DC_AUTH_SESS_ID;
67
68	if (!$core->auth->checkSession(DC_AUTH_SESS_UID)) {
69	throw new Exception('Invalid session data.');
70	}
71
72	# Check nonce from POST requests
73	if (!empty($_POST))
74	{
75	if (empty($_POST['xd_check']) \|\| !$core->checkNonce($_POST['xd_check'])) {
76	throw new Exception('Precondition Failed.');
77	}
78	}
79
80	if (empty($_SESSION['sess_blog_id'])) {
81	throw new Exception('Permission denied.');
82	}
83
84	# Loading locales
85	dc_load_locales();
86
87	$core->setBlog($_SESSION['sess_blog_id']);
88	if (!$core->blog->id) {
89	throw new Exception('Permission denied.');
90	}
91	}
92	elseif ($core->auth->sessionExists())
93	{
94	# If we have a session we launch it now
95	try {
96	if (!$core->auth->checkSession())
97	{
98	# Avoid loop caused by old cookie
99	$p = $core->session->getCookieParameters(false,-600);
100	$p[3] = '/';
101	call_user_func_array('setcookie',$p);
102
103	http::redirect('auth.php');
104	}
105	} catch (Exception $e) {
106	__error(__('Database error')
107	,__('There seems to be no Session table in your database. Is Dotclear completly installed?')
108	,20);
109	}
110
111	# Check nonce from POST requests
112	if (!empty($_POST))
113	{
114	if (empty($_POST['xd_check']) \|\| !$core->checkNonce($_POST['xd_check'])) {
115	http::head(412);
116	header('Content-Type: text/plain');
117	echo 'Precondition Failed';
118	exit;
119	}
120	}
121
122
123	if (!empty($_REQUEST['switchblog'])
124	&& $core->auth->getPermissions($_REQUEST['switchblog']) !== false)
125	{
126	$_SESSION['sess_blog_id'] = $_REQUEST['switchblog'];
127	if (isset($_SESSION['media_manager_dir'])) {
128	unset($_SESSION['media_manager_dir']);
129	}
130	if (isset($_SESSION['media_manager_page'])) {
131	unset($_SESSION['media_manager_page']);
132	}
133
134	# Removing switchblog from URL
135	$redir = $_SERVER['REQUEST_URI'];
136	$redir = preg_replace('/switchblog=(.*?)(&\|$)/','',$redir);
137	$redir = preg_replace('/\?$/','',$redir);
138	http::redirect($redir);
139	exit;
140	}
141
142	# Check blog to use and log out if no result
143	if (isset($_SESSION['sess_blog_id']))
144	{
145	if ($core->auth->getPermissions($_SESSION['sess_blog_id']) === false) {
146	unset($_SESSION['sess_blog_id']);
147	}
148	}
149	else
150	{
151	if (($b = $core->auth->findUserBlog($core->auth->getInfo('user_default_blog'))) !== false) {
152	$_SESSION['sess_blog_id'] = $b;
153	unset($b);
154	}
155	}
156
157	# Loading locales
158	dc_load_locales();
159
160	if (isset($_SESSION['sess_blog_id'])) {
161	$core->setBlog($_SESSION['sess_blog_id']);
162	} else {
163	$core->session->destroy();
164	http::redirect('auth.php');
165	}
166
167	/*
168	# Check add to my fav fired
169	if (!empty($_REQUEST['add-favorite'])) {
170	$redir = $_SERVER['REQUEST_URI'];
171	# Extract admin page from URI
172	# TO BE COMPLETED
173	}
174	*/
175	}
176
177	$core->adminurl = new dcAdminURL($core);
178
179	$core->adminurl->register('admin.posts','posts.php');
180	$core->adminurl->register('admin.post','post.php');
181	$core->adminurl->register('admin.blog.theme','blog_theme.php');
182	$core->adminurl->register('admin.blog.pref','blog_pref.php');
183	$core->adminurl->register('admin.blogs','blogs.php');
184	$core->adminurl->register('admin.categories','categories.php');
185	$core->adminurl->register('admin.category','category.php');
186	$core->adminurl->register('admin.comments','comments.php');
187	$core->adminurl->register('admin.comments','comment.php');
188	$core->adminurl->register('admin.help','help.php');
189	$core->adminurl->register('admin.home','index.php');
190	$core->adminurl->register('admin.langs','langs.php');
191	$core->adminurl->register('admin.media','media.php');
192	$core->adminurl->register('admin.media_item','media_item.php');
193	$core->adminurl->register('admin.plugins','plugins.php');
194	$core->adminurl->register('admin.plugin','plugin.php');
195	$core->adminurl->register('admin.user.preferences','preferences.php');
196	$core->adminurl->register('admin.user','user.php');
197	$core->adminurl->register('admin.users','users.php');
198
199	if ($core->auth->userID() && $core->blog !== null)
200	{
201	# Loading resources and help files
202	$locales_root = dirname(__FILE__).'/../../locales/';
203	require $locales_root.'/en/resources.php';
204	if (($f = l10n::getFilePath($locales_root,'resources.php',$_lang))) {
205	require $f;
206	}
207	unset($f);
208
209	if (($hfiles = @scandir($locales_root.$_lang.'/help')) !== false)
210	{
211	foreach ($hfiles as $hfile) {
212	if (preg_match('/^(.*)\.html$/',$hfile,$m)) {
213	$GLOBALS['__resources']['help'][$m[1]] = $locales_root.$_lang.'/help/'.$hfile;
214	}
215	}
216	}
217	unset($hfiles,$locales_root);
218	// Contextual help flag
219	$GLOBALS['__resources']['ctxhelp'] = false;
220
221	$core->auth->user_prefs->addWorkspace('interface');
222	$user_ui_nofavmenu = $core->auth->user_prefs->interface->nofavmenu;
223
224	$core->favs = new dcFavorites($core);
225
226
227	# [] : Title, URL, small icon, large icon, permissions, id, class
228	# NB : '*' in permissions means any, null means super admin only
229
230
231	# Menus creation
232	$_menu = new ArrayObject();
233	$_menu['Dashboard'] = new dcMenu('dashboard-menu',null);
234	if (!$user_ui_nofavmenu) {
235	$core->favs->appendMenuTitle($_menu);
236	}
237	$_menu['Blog'] = new dcMenu('blog-menu','Blog');
238	$_menu['System'] = new dcMenu('system-menu','System');
239	$_menu['Plugins'] = new dcMenu('plugins-menu','Plugins');
240	# Loading plugins
241	$core->plugins->loadModules(DC_PLUGINS_ROOT,'admin',$_lang);
242	$core->favs->setup();
243
244	if (!$user_ui_nofavmenu) {
245	$core->favs->appendMenu($_menu);
246	}
247
248
249	# Set menu titles
250
251	$_menu['System']->title = __('System settings');
252	$_menu['Blog']->title = __('Blog');
253	$_menu['Plugins']->title = __('Plugins');
254
255
256	$_menu['Blog']->prependItem(__('Blog appearance'),'blog_theme.php','images/menu/themes.png',
257	preg_match('/blog_theme.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
258	$core->auth->check('admin',$core->blog->id));
259	$_menu['Blog']->prependItem(__('Blog settings'),'blog_pref.php','images/menu/blog-pref.png',
260	preg_match('/blog_pref.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
261	$core->auth->check('admin',$core->blog->id));
262	$_menu['Blog']->prependItem(__('Media manager'),'media.php','images/menu/media.png',
263	preg_match('/media(_item)?.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
264	$core->auth->check('media,media_admin',$core->blog->id));
265	$_menu['Blog']->prependItem(__('Categories'),'categories.php','images/menu/categories.png',
266	preg_match('/categories.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
267	$core->auth->check('categories',$core->blog->id));
268	$_menu['Blog']->prependItem(__('Search'),'search.php','images/menu/search.png',
269	preg_match('/search.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
270	$core->auth->check('usage,contentadmin',$core->blog->id));
271	$_menu['Blog']->prependItem(__('Comments'),'comments.php','images/menu/comments.png',
272	preg_match('/comments.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
273	$core->auth->check('usage,contentadmin',$core->blog->id));
274	$_menu['Blog']->prependItem(__('Entries'),'posts.php','images/menu/entries.png',
275	preg_match('/posts.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
276	$core->auth->check('usage,contentadmin',$core->blog->id));
277	$_menu['Blog']->prependItem(__('New entry'),'post.php','images/menu/edit.png',
278	preg_match('/post.php$/',$_SERVER['REQUEST_URI']),
279	$core->auth->check('usage,contentadmin',$core->blog->id));
280
281	$_menu['System']->prependItem(__('Update'),'update.php','images/menu/update.png',
282	preg_match('/update.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
283	$core->auth->isSuperAdmin() && is_readable(DC_DIGESTS));
284	$_menu['System']->prependItem(__('Languages'),'langs.php','images/menu/langs.png',
285	preg_match('/langs.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
286	$core->auth->isSuperAdmin());
287	$_menu['System']->prependItem(__('Plugins management'),'plugins.php','images/menu/plugins.png',
288	preg_match('/plugins.php(\?.*)?$/',$_SERVER['REQUEST_URI']),
289	$core->auth->isSuperAdmin());
290	$_menu['System']->prependItem(__('Users'),'users.php','images/menu/users.png',
291	preg_match('/users.php$/',$_SERVER['REQUEST_URI']),
292	$core->auth->isSuperAdmin());
293	$_menu['System']->prependItem(__('Blogs'),'blogs.php','images/menu/blogs.png',
294	preg_match('/blogs.php$/',$_SERVER['REQUEST_URI']),
295	$core->auth->isSuperAdmin() \|\|
296	$core->auth->check('usage,contentadmin',$core->blog->id) && $core->auth->getBlogCount() > 1);
297
298	if (empty($core->blog->settings->system->jquery_migrate_mute)) {
299	$core->blog->settings->system->put('jquery_migrate_mute', true, 'boolean', 'Mute warnings for jquery migrate plugin ?', false);
300	}
301	}
302

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/admin/prepend.php @ 2708:e8b17b3a7413

Download in other formats:

Sites map