1 | <?php |
---|
2 | # -- BEGIN LICENSE BLOCK --------------------------------------- |
---|
3 | # |
---|
4 | # This file is part of Dotclear 2. |
---|
5 | # |
---|
6 | # Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear |
---|
7 | # Licensed under the GPL version 2.0 license. |
---|
8 | # See LICENSE file or |
---|
9 | # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html |
---|
10 | # |
---|
11 | # -- END LICENSE BLOCK ----------------------------------------- |
---|
12 | |
---|
13 | define('DC_CONTEXT_ADMIN',true); |
---|
14 | |
---|
15 | require_once dirname(__FILE__).'/../prepend.php'; |
---|
16 | |
---|
17 | // HTTP/1.1 |
---|
18 | header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); |
---|
19 | header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0'); |
---|
20 | |
---|
21 | // HTTP/1.0 |
---|
22 | header("Pragma: no-cache"); |
---|
23 | |
---|
24 | function dc_valid_fav($url) { |
---|
25 | global $core; |
---|
26 | |
---|
27 | if (preg_match('#plugin\.php\?p=([^&]+)#',$url,$matches)) { |
---|
28 | if (isset($matches[1])) { |
---|
29 | if (!$core->plugins->moduleExists($matches[1])) { |
---|
30 | return false; |
---|
31 | } |
---|
32 | } |
---|
33 | } |
---|
34 | return true; |
---|
35 | } |
---|
36 | |
---|
37 | function dc_prepare_url($url) { |
---|
38 | |
---|
39 | $u = str_replace(array('?','&','/'),array('\?','&','\\/'),$url); |
---|
40 | return (!strpos($u,'\?') ? |
---|
41 | '/'.$u.'$/' : |
---|
42 | (!strpos($u,'&') ? |
---|
43 | '/'.$u.'(\?.*)?$/' : |
---|
44 | '/'.$u.'(&.*)?$/')); |
---|
45 | } |
---|
46 | |
---|
47 | function dc_load_locales() { |
---|
48 | global $_lang, $core; |
---|
49 | |
---|
50 | $_lang = $core->auth->getInfo('user_lang'); |
---|
51 | $_lang = preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$_lang) ? $_lang : 'en'; |
---|
52 | |
---|
53 | if (l10n::set(dirname(__FILE__).'/../../locales/'.$_lang.'/date') === false && $_lang != 'en') { |
---|
54 | l10n::set(dirname(__FILE__).'/../../locales/en/date'); |
---|
55 | } |
---|
56 | l10n::set(dirname(__FILE__).'/../../locales/'.$_lang.'/main'); |
---|
57 | l10n::set(dirname(__FILE__).'/../../locales/'.$_lang.'/public'); |
---|
58 | l10n::set(dirname(__FILE__).'/../../locales/'.$_lang.'/plugins'); |
---|
59 | } |
---|
60 | |
---|
61 | function dc_admin_icon_url($img) |
---|
62 | { |
---|
63 | global $core; |
---|
64 | |
---|
65 | $core->auth->user_prefs->addWorkspace('interface'); |
---|
66 | $user_ui_iconset = @$core->auth->user_prefs->interface->iconset; |
---|
67 | if (($user_ui_iconset) && ($img)) { |
---|
68 | $icon = false; |
---|
69 | if ((preg_match('/^images\/menu\/(.+)$/',$img,$m)) || |
---|
70 | (preg_match('/^index\.php\?pf=(.+)$/',$img,$m))) { |
---|
71 | if ($m[1]) { |
---|
72 | $icon = path::real(dirname(__FILE__).'/../../admin/images/iconset/'.$user_ui_iconset.'/'.$m[1],false); |
---|
73 | if ($icon !== false) { |
---|
74 | $allow_types = array('png','jpg','jpeg','gif'); |
---|
75 | if (is_file($icon) && is_readable($icon) && in_array(files::getExtension($icon),$allow_types)) { |
---|
76 | return DC_ADMIN_URL.'images/iconset/'.$user_ui_iconset.'/'.$m[1]; |
---|
77 | } |
---|
78 | } |
---|
79 | } |
---|
80 | } |
---|
81 | } |
---|
82 | return $img; |
---|
83 | } |
---|
84 | |
---|
85 | if (defined('DC_AUTH_SESS_ID') && defined('DC_AUTH_SESS_UID')) |
---|
86 | { |
---|
87 | # We have session information in constants |
---|
88 | $_COOKIE[DC_SESSION_NAME] = DC_AUTH_SESS_ID; |
---|
89 | |
---|
90 | if (!$core->auth->checkSession(DC_AUTH_SESS_UID)) { |
---|
91 | throw new Exception('Invalid session data.'); |
---|
92 | } |
---|
93 | |
---|
94 | # Check nonce from POST requests |
---|
95 | if (!empty($_POST)) |
---|
96 | { |
---|
97 | if (empty($_POST['xd_check']) || !$core->checkNonce($_POST['xd_check'])) { |
---|
98 | throw new Exception('Precondition Failed.'); |
---|
99 | } |
---|
100 | } |
---|
101 | |
---|
102 | if (empty($_SESSION['sess_blog_id'])) { |
---|
103 | throw new Exception('Permission denied.'); |
---|
104 | } |
---|
105 | |
---|
106 | # Loading locales |
---|
107 | dc_load_locales(); |
---|
108 | |
---|
109 | $core->setBlog($_SESSION['sess_blog_id']); |
---|
110 | if (!$core->blog->id) { |
---|
111 | throw new Exception('Permission denied.'); |
---|
112 | } |
---|
113 | } |
---|
114 | elseif ($core->auth->sessionExists()) |
---|
115 | { |
---|
116 | # If we have a session we launch it now |
---|
117 | try { |
---|
118 | if (!$core->auth->checkSession()) |
---|
119 | { |
---|
120 | # Avoid loop caused by old cookie |
---|
121 | $p = $core->session->getCookieParameters(false,-600); |
---|
122 | $p[3] = '/'; |
---|
123 | call_user_func_array('setcookie',$p); |
---|
124 | |
---|
125 | http::redirect('auth.php'); |
---|
126 | } |
---|
127 | } catch (Exception $e) { |
---|
128 | __error(__('Database error') |
---|
129 | ,__('There seems to be no Session table in your database. Is Dotclear completly installed?') |
---|
130 | ,20); |
---|
131 | } |
---|
132 | |
---|
133 | # Check nonce from POST requests |
---|
134 | if (!empty($_POST)) |
---|
135 | { |
---|
136 | if (empty($_POST['xd_check']) || !$core->checkNonce($_POST['xd_check'])) { |
---|
137 | http::head(412); |
---|
138 | header('Content-Type: text/plain'); |
---|
139 | echo 'Precondition Failed'; |
---|
140 | exit; |
---|
141 | } |
---|
142 | } |
---|
143 | |
---|
144 | |
---|
145 | if (!empty($_REQUEST['switchblog']) |
---|
146 | && $core->auth->getPermissions($_REQUEST['switchblog']) !== false) |
---|
147 | { |
---|
148 | $_SESSION['sess_blog_id'] = $_REQUEST['switchblog']; |
---|
149 | if (isset($_SESSION['media_manager_dir'])) { |
---|
150 | unset($_SESSION['media_manager_dir']); |
---|
151 | } |
---|
152 | if (isset($_SESSION['media_manager_page'])) { |
---|
153 | unset($_SESSION['media_manager_page']); |
---|
154 | } |
---|
155 | |
---|
156 | # Removing switchblog from URL |
---|
157 | $redir = $_SERVER['REQUEST_URI']; |
---|
158 | $redir = preg_replace('/switchblog=(.*?)(&|$)/','',$redir); |
---|
159 | $redir = preg_replace('/\?$/','',$redir); |
---|
160 | http::redirect($redir); |
---|
161 | exit; |
---|
162 | } |
---|
163 | |
---|
164 | # Check blog to use and log out if no result |
---|
165 | if (isset($_SESSION['sess_blog_id'])) |
---|
166 | { |
---|
167 | if ($core->auth->getPermissions($_SESSION['sess_blog_id']) === false) { |
---|
168 | unset($_SESSION['sess_blog_id']); |
---|
169 | } |
---|
170 | } |
---|
171 | else |
---|
172 | { |
---|
173 | if (($b = $core->auth->findUserBlog($core->auth->getInfo('user_default_blog'))) !== false) { |
---|
174 | $_SESSION['sess_blog_id'] = $b; |
---|
175 | unset($b); |
---|
176 | } |
---|
177 | } |
---|
178 | |
---|
179 | # Loading locales |
---|
180 | dc_load_locales(); |
---|
181 | |
---|
182 | if (isset($_SESSION['sess_blog_id'])) { |
---|
183 | $core->setBlog($_SESSION['sess_blog_id']); |
---|
184 | } else { |
---|
185 | $core->session->destroy(); |
---|
186 | http::redirect('auth.php'); |
---|
187 | } |
---|
188 | |
---|
189 | /* |
---|
190 | # Check add to my fav fired |
---|
191 | if (!empty($_REQUEST['add-favorite'])) { |
---|
192 | $redir = $_SERVER['REQUEST_URI']; |
---|
193 | # Extract admin page from URI |
---|
194 | # TO BE COMPLETED |
---|
195 | } |
---|
196 | */ |
---|
197 | } |
---|
198 | |
---|
199 | if ($core->auth->userID() && $core->blog !== null) |
---|
200 | { |
---|
201 | # Loading resources and help files |
---|
202 | $locales_root = dirname(__FILE__).'/../../locales/'; |
---|
203 | require $locales_root.'/en/resources.php'; |
---|
204 | if (($f = l10n::getFilePath($locales_root,'resources.php',$_lang))) { |
---|
205 | require $f; |
---|
206 | } |
---|
207 | unset($f); |
---|
208 | |
---|
209 | if (($hfiles = @scandir($locales_root.$_lang.'/help')) !== false) |
---|
210 | { |
---|
211 | foreach ($hfiles as $hfile) { |
---|
212 | if (preg_match('/^(.*)\.html$/',$hfile,$m)) { |
---|
213 | $GLOBALS['__resources']['help'][$m[1]] = $locales_root.$_lang.'/help/'.$hfile; |
---|
214 | } |
---|
215 | } |
---|
216 | } |
---|
217 | unset($hfiles,$locales_root); |
---|
218 | |
---|
219 | $core->auth->user_prefs->addWorkspace('interface'); |
---|
220 | $user_ui_nofavmenu = $core->auth->user_prefs->interface->nofavmenu; |
---|
221 | |
---|
222 | # Standard favorites |
---|
223 | $_fav = new ArrayObject(); |
---|
224 | |
---|
225 | # [] : Title, URL, small icon, large icon, permissions, id, class |
---|
226 | # NB : '*' in permissions means any, null means super admin only |
---|
227 | |
---|
228 | $_fav['prefs'] = new ArrayObject(array('prefs','My preferences','preferences.php', |
---|
229 | 'images/menu/user-pref.png','images/menu/user-pref-b.png', |
---|
230 | '*',null,null)); |
---|
231 | |
---|
232 | $_fav['new_post'] = new ArrayObject(array('new_post','New entry','post.php', |
---|
233 | 'images/menu/edit.png','images/menu/edit-b.png', |
---|
234 | 'usage,contentadmin',null,'menu-new-post')); |
---|
235 | $_fav['posts'] = new ArrayObject(array('posts','Entries','posts.php', |
---|
236 | 'images/menu/entries.png','images/menu/entries-b.png', |
---|
237 | 'usage,contentadmin',null,null)); |
---|
238 | $_fav['comments'] = new ArrayObject(array('comments','Comments','comments.php', |
---|
239 | 'images/menu/comments.png','images/menu/comments-b.png', |
---|
240 | 'usage,contentadmin',null,null)); |
---|
241 | $_fav['search'] = new ArrayObject(array('search','Search','search.php', |
---|
242 | 'images/menu/search.png','images/menu/search-b.png', |
---|
243 | 'usage,contentadmin',null,null)); |
---|
244 | $_fav['categories'] = new ArrayObject(array('categories','Categories','categories.php', |
---|
245 | 'images/menu/categories.png','images/menu/categories-b.png', |
---|
246 | 'categories',null,null)); |
---|
247 | $_fav['media'] = new ArrayObject(array('media','Media manager','media.php', |
---|
248 | 'images/menu/media.png','images/menu/media-b.png', |
---|
249 | 'media,media_admin',null,null)); |
---|
250 | $_fav['blog_pref'] = new ArrayObject(array('blog_pref','Blog settings','blog_pref.php', |
---|
251 | 'images/menu/blog-pref.png','images/menu/blog-pref-b.png', |
---|
252 | 'admin',null,null)); |
---|
253 | $_fav['blog_theme'] = new ArrayObject(array('blog_theme','Blog appearance','blog_theme.php', |
---|
254 | 'images/menu/themes.png','images/menu/blog-theme-b.png', |
---|
255 | 'admin',null,null)); |
---|
256 | |
---|
257 | $_fav['blogs'] = new ArrayObject(array('blogs','Blogs','blogs.php', |
---|
258 | 'images/menu/blogs.png','images/menu/blogs-b.png', |
---|
259 | 'usage,contentadmin',null,null)); |
---|
260 | $_fav['users'] = new ArrayObject(array('users','Users','users.php', |
---|
261 | 'images/menu/users.png','images/menu/users-b.png', |
---|
262 | null,null,null)); |
---|
263 | $_fav['plugins'] = new ArrayObject(array('plugins','Plugins','plugins.php', |
---|
264 | 'images/menu/plugins.png','images/menu/plugins-b.png', |
---|
265 | null,null,null)); |
---|
266 | $_fav['langs'] = new ArrayObject(array('langs','Languages','langs.php', |
---|
267 | 'images/menu/langs.png','images/menu/langs-b.png', |
---|
268 | null,null,null)); |
---|
269 | |
---|
270 | # Menus creation |
---|
271 | $_menu['Dashboard'] = new dcMenu('dashboard-menu',null); |
---|
272 | if (!$user_ui_nofavmenu) |
---|
273 | $_menu['Favorites'] = new dcMenu('favorites-menu','My favorites'); |
---|
274 | $_menu['Blog'] = new dcMenu('blog-menu','Blog'); |
---|
275 | $_menu['System'] = new dcMenu('system-menu','System'); |
---|
276 | $_menu['Plugins'] = new dcMenu('plugins-menu','Plugins'); |
---|
277 | |
---|
278 | # Loading plugins |
---|
279 | $core->plugins->loadModules(DC_PLUGINS_ROOT,'admin',$_lang); |
---|
280 | |
---|
281 | # Loading favorites info from plugins |
---|
282 | $core->callBehavior('adminDashboardFavs', $core, $_fav); |
---|
283 | |
---|
284 | # Set menu titles |
---|
285 | |
---|
286 | $_menu['System']->title = __('System'); |
---|
287 | $_menu['Blog']->title = __('Blog'); |
---|
288 | $_menu['Plugins']->title = __('Plugins'); |
---|
289 | if (!$user_ui_nofavmenu) |
---|
290 | $_menu['Favorites']->title = __('My favorites'); |
---|
291 | |
---|
292 | /* |
---|
293 | if (!preg_match('/index.php$/',$_SERVER['REQUEST_URI'])) { |
---|
294 | # Admin index can't be add in fav's |
---|
295 | $_menu['Dashboard']->prependItem(__('Add this page to my favorites'),'#','images/menu/add_to_favorites.png', |
---|
296 | false,$core->auth->check('usage,contentadmin',$core->blog->id),'fav-add'); |
---|
297 | } |
---|
298 | */ |
---|
299 | $_menu['Blog']->prependItem(__('Blog appearance'),'blog_theme.php','images/menu/themes.png', |
---|
300 | preg_match('/blog_theme.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
301 | $core->auth->check('admin',$core->blog->id)); |
---|
302 | $_menu['Blog']->prependItem(__('Blog settings'),'blog_pref.php','images/menu/blog-pref.png', |
---|
303 | preg_match('/blog_pref.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
304 | $core->auth->check('admin',$core->blog->id)); |
---|
305 | $_menu['Blog']->prependItem(__('Media manager'),'media.php','images/menu/media.png', |
---|
306 | preg_match('/media(_item)?.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
307 | $core->auth->check('media,media_admin',$core->blog->id)); |
---|
308 | $_menu['Blog']->prependItem(__('Categories'),'categories.php','images/menu/categories.png', |
---|
309 | preg_match('/categories.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
310 | $core->auth->check('categories',$core->blog->id)); |
---|
311 | $_menu['Blog']->prependItem(__('Search'),'search.php','images/menu/search.png', |
---|
312 | preg_match('/search.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
313 | $core->auth->check('usage,contentadmin',$core->blog->id)); |
---|
314 | $_menu['Blog']->prependItem(__('Comments'),'comments.php','images/menu/comments.png', |
---|
315 | preg_match('/comments.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
316 | $core->auth->check('usage,contentadmin',$core->blog->id)); |
---|
317 | $_menu['Blog']->prependItem(__('Entries'),'posts.php','images/menu/entries.png', |
---|
318 | preg_match('/posts.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
319 | $core->auth->check('usage,contentadmin',$core->blog->id)); |
---|
320 | $_menu['Blog']->prependItem(__('New entry'),'post.php','images/menu/edit.png', |
---|
321 | preg_match('/post.php$/',$_SERVER['REQUEST_URI']), |
---|
322 | $core->auth->check('usage,contentadmin',$core->blog->id),'menu-new-post'); |
---|
323 | |
---|
324 | $_menu['System']->prependItem(__('Update'),'update.php','images/menu/update.png', |
---|
325 | preg_match('/update.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
326 | $core->auth->isSuperAdmin() && is_readable(DC_DIGESTS)); |
---|
327 | $_menu['System']->prependItem(__('Languages'),'langs.php','images/menu/langs.png', |
---|
328 | preg_match('/langs.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
329 | $core->auth->isSuperAdmin()); |
---|
330 | $_menu['System']->prependItem(__('Plugins'),'plugins.php','images/menu/plugins.png', |
---|
331 | preg_match('/plugins.php(\?.*)?$/',$_SERVER['REQUEST_URI']), |
---|
332 | $core->auth->isSuperAdmin()); |
---|
333 | $_menu['System']->prependItem(__('Users'),'users.php','images/menu/users.png', |
---|
334 | preg_match('/users.php$/',$_SERVER['REQUEST_URI']), |
---|
335 | $core->auth->isSuperAdmin()); |
---|
336 | $_menu['System']->prependItem(__('Blogs'),'blogs.php','images/menu/blogs.png', |
---|
337 | preg_match('/blogs.php$/',$_SERVER['REQUEST_URI']), |
---|
338 | $core->auth->isSuperAdmin() || |
---|
339 | $core->auth->check('usage,contentadmin',$core->blog->id) && $core->auth->blog_count > 1); |
---|
340 | |
---|
341 | if (!$user_ui_nofavmenu) { |
---|
342 | // Set favorites menu |
---|
343 | $ws = $core->auth->user_prefs->addWorkspace('favorites'); |
---|
344 | $count = 0; |
---|
345 | foreach ($ws->dumpPrefs() as $k => $v) { |
---|
346 | // User favorites only |
---|
347 | if (!$v['global']) { |
---|
348 | $fav = unserialize($v['value']); |
---|
349 | if (dc_valid_fav($fav['url'])) { |
---|
350 | $count++; |
---|
351 | $_menu['Favorites']->addItem(__($fav['title']),$fav['url'],$fav['small-icon'], |
---|
352 | preg_match(dc_prepare_url($fav['url']),$_SERVER['REQUEST_URI']), |
---|
353 | (($fav['permissions'] == '*') || $core->auth->check($fav['permissions'],$core->blog->id)),$fav['id'],$fav['class']); |
---|
354 | } |
---|
355 | } |
---|
356 | } |
---|
357 | if (!$count) { |
---|
358 | // Global favorites if any |
---|
359 | foreach ($ws->dumpPrefs() as $k => $v) { |
---|
360 | $fav = unserialize($v['value']); |
---|
361 | if (dc_valid_fav($fav['url'])) { |
---|
362 | $count++; |
---|
363 | $_menu['Favorites']->addItem(__($fav['title']),$fav['url'],$fav['small-icon'], |
---|
364 | preg_match(dc_prepare_url($fav['url']),$_SERVER['REQUEST_URI']), |
---|
365 | (($fav['permissions'] == '*') || $core->auth->check($fav['permissions'],$core->blog->id)),$fav['id'],$fav['class']); |
---|
366 | } |
---|
367 | } |
---|
368 | } |
---|
369 | if (!$count) { |
---|
370 | // No user or global favorites, add "new entry" fav |
---|
371 | $_menu['Favorites']->addItem(__('New entry'),'post.php','images/menu/edit.png', |
---|
372 | preg_match('/post.php$/',$_SERVER['REQUEST_URI']), |
---|
373 | $core->auth->check('usage,contentadmin',$core->blog->id),'menu-new-post',null); |
---|
374 | } |
---|
375 | } |
---|
376 | } |
---|
377 | ?> |
---|