| [ Index ] |
PHP Cross Reference of Nuke-Evolution v2.0.5 |
[Summary view] [Print] [Text view]
1 <?php 2 /*======================================================================= 3 Nuke-Evolution Basic: Enhanced PHP-Nuke Web Portal System 4 =======================================================================*/ 5 6 /************************************************************************/ 7 /* PHP-NUKE: Advanced Content Management System */ 8 /* ============================================ */ 9 /* */ 10 /* Copyright (c) 2002 by Francisco Burzi */ 11 /* http://phpnuke.org */ 12 /* */ 13 /* This program is free software. You can redistribute it and/or modify */ 14 /* it under the terms of the GNU General Public License as published by */ 15 /* the Free Software Foundation; either version 2 of the License. */ 16 /* */ 17 /************************************************************************/ 18 19 /*****[CHANGES]********************************************************** 20 -=[Base]=- 21 Nuke Patched v3.1.0 06/26/2005 22 NukeSentinel v2.5.00 07/11/2006 23 Caching System v1.0.0 10/31/2005 24 Module Simplifications v1.0.0 11/17/2005 25 Evolution Functions v1.5.0 12/14/2005 26 -=[Other]=- 27 Admin Field Size v1.0.0 06/02/2005 28 Need To Delete v1.0.0 06/03/2005 29 Date Fix v1.0.0 06/20/2005 30 -=[Mod]=- 31 Admin Icon/Link Pos v1.0.0 06/02/2005 32 Admin Tracker v1.0.1 06/08/2005 33 Advanced Username Color v1.0.6 06/13/2005 34 CNBYA Modifications v1.0.0 07/05/2005 35 Password Strength Meter v1.0.0 07/12/2005 36 Auto Admin Protector v2.0.0 08/18/2005 37 Admin IP Lock v2.1.0 11/18/2005 38 Evolution Version Checker v1.1.0 08/21/2005 39 Auto Admin Login v2.0.1 08/27/2005 40 Auto First User Login v1.0.0 08/27/2005 41 Persistent Admin Login v2.0.0 12/10/2005 42 External Admin Index v1.0.0 08/27/2005 43 External Admin Functions v1.0.0 12/14/2005 44 ************************************************************************/ 45 46 define('ADMIN_FILE', true); 47 define('VALIDATE', true); 48 49 if(isset($aid) && ($aid) && (!isset($admin) || empty($admin)) && $op!='login') { 50 unset($aid, $admin); 51 die('Access Denied'); 52 } 53 54 // Include functions 55 require_once(dirname(__FILE__) . '/mainfile.php'); 56 /*****[BEGIN]****************************************** 57 [ Mod: External Admin Functions v1.0.0 ] 58 ******************************************************/ 59 require_once(NUKE_ADMIN_DIR.'functions.php'); 60 /*****[END]******************************************** 61 [ Mod: External Admin Functions v1.0.0 ] 62 ******************************************************/ 63 64 global $domain, $admin_file; 65 66 /*****[BEGIN]****************************************** 67 [ Mod: Admin IP Lock v2.1.0 ] 68 ******************************************************/ 69 /*===== 70 For more information on how to use this please see the help file in the help/features folder 71 =====*/ 72 include (NUKE_BASE_DIR.'ips.php'); 73 74 if(isset($ips) && is_array($ips)) { 75 $ip_check = implode('|^',$ips); 76 if (!preg_match("/^".$ip_check."/",identify::get_ip())) { 77 unset($aid); 78 unset($admin); 79 /*****[BEGIN]****************************************** 80 [ Base: Evolution Functions v1.5.0 ] 81 ******************************************************/ 82 global $cookie; 83 $name = (isset($cookie[1]) && !empty($cookie[1])) ? $cookie[1] : _ANONYMOUS; 84 log_write('admin', $name.' used invalid IP address attempted to access the admin area', 'Security Breach'); 85 /*****[END]******************************************** 86 [ Base: Evolution Functions v1.5.0 ] 87 ******************************************************/ 88 die('Invalid IP<br />Access denied'); 89 } 90 define('ADMIN_IP_LOCK',true); 91 } 92 /*****[END]******************************************** 93 [ Mod: Admin IP Lock v2.1.0 ] 94 ******************************************************/ 95 96 global $admin_file; 97 list($the_first )= $db->sql_ufetchrow("SELECT COUNT(*) FROM ".$prefix."_authors", SQL_NUM); 98 99 if ($the_first == 0) { 100 if (!$name) { 101 /*****[BEGIN]****************************************** 102 [ Other: Need To Delete v1.0.0 ] 103 ******************************************************/ 104 need_delete('install.php'); 105 need_delete('upgrade.php'); 106 need_delete('install', true); 107 /*****[END]******************************************** 108 [ Other: Need To Delete v1.0.0 ] 109 ******************************************************/ 110 include_once (NUKE_BASE_DIR.'header.php'); 111 title($sitename.': '._ADMINISTRATION); 112 OpenTable(); 113 echo "<center><strong>"._NOADMINYET."</strong></center><br /><br />" 114 ."<form action=\"".$admin_file.".php\" method=\"post\" name=\"form1\">" 115 ."<table border=\"0\">" 116 ."<tr><td><strong>"._NICKNAME.":</strong></td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"25\"></td></tr>" 117 ."<tr><td><strong>"._HOMEPAGE.":</strong></td><td><input type=\"text\" name=\"url\" size=\"30\" maxlength=\"255\" value=\"http://\"></td></tr>" 118 ."<tr><td><strong>"._EMAIL.":</strong></td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"255\"></td></tr>" 119 ."<tr><td><strong>"._PASSWORD.":</strong></td><td><input type=\"password\" name=\"pwd\" size=\"11\" maxlength=\"40\" onkeyup='chkpwd(form1.pwd.value)' onblur='chkpwd(form1.pwd.value)' onmouseout='chkpwd(form1.pwd.value)'></td></tr>"; 120 /*****[BEGIN]****************************************** 121 [ Other: Admin Password Confirm v1.0.0 ] 122 ******************************************************/ 123 echo "<tr><td><strong>"._PASS_CONFIRM.":</strong></td><td><input type=\"password\" name=\"cpwd\" size=\"11\" maxlength=\"40\"></td></tr>"; 124 /*****[END]******************************************** 125 [ Other: Admin Password Confirm v1.0.0 ] 126 ******************************************************/ 127 128 /*****[BEGIN]****************************************** 129 [ Mod: Password Strength Meter v1.0.0 ] 130 ******************************************************/ 131 echo "</table><table width='300' cellpadding='2' cellspacing='0' border='1' style='border-collapse: collapse;'><tr>" 132 ."<td id='td1' width='100' align='center'><div id='div1'></div></td>" 133 ."<td id='td2' width='100' align='center'><div id='div2'></div></td>" 134 ."<td id='td3' width='100' align='center'><div id='div3'>"._PSM_NOTRATED."</div></td>" 135 ."<td id='td4' width='100' align='center'><div id='div4'></div></td>" 136 ."<td id='td5' width='100' align='center'><div id='div5'></div></td>" 137 ."</tr></table><div id='divTEMP'></div><table border=\"0\">"; 138 echo ""._PSM_CLICK." <a href=\"javascript:strengthhelp()\">"._PSM_HERE."</a> "._PSM_HELP.""; 139 /*****[END]******************************************** 140 [ Mod: Password Strength Meter v1.0.0 ] 141 ******************************************************/ 142 echo "<tr><td colspan=\"2\">"._CREATEUSERDATA." <input type=\"radio\" name=\"user_new\" value=\"1\" checked>"._YES." <input type=\"radio\" name=\"user_new\" value=\"0\">"._NO."</td></tr>"; 143 echo "<tr><td><input type=\"hidden\" name=\"fop\" value=\"create_first\">" 144 ."<input type=\"submit\" value=\""._SUBMIT."\">" 145 ."</td></tr></table></form>"; 146 CloseTable(); 147 include_once (NUKE_BASE_DIR.'footer.php'); 148 } 149 switch($fop) { 150 case "create_first": 151 create_first($name, $url, $email, $pwd, $user_new, $cpwd); 152 break; 153 } 154 exit; 155 } 156 157 if (isset($aid) && (ereg("[^a-zA-Z0-9_-]",trim($aid)))) { 158 die('Begone'); 159 } 160 if (isset($aid)) { $aid = substr($aid, 0,25);} 161 if (isset($pwd)) { $pwd = substr($pwd, 0,40);} 162 if ((isset($aid)) && (isset($pwd)) && (isset($op)) && ($op == "login")) { 163 /*****[BEGIN]****************************************** 164 [ Mod: Advanced Security Code Control v1.0.0 ] 165 ******************************************************/ 166 $gfxchk = array(1,5,6,7); 167 if (!security_code_check($_POST['gfx_check'], $gfxchk)) { 168 /*****[END]******************************************** 169 [ Mod: Advanced Security Code Control v1.0.0 ] 170 ******************************************************/ 171 redirect($admin_file.".php"); 172 } 173 if(!empty($aid) AND !empty($pwd)) { 174 $txt_pwd = $pwd; 175 /*****[BEGIN]****************************************** 176 [ Base: Evolution Functions v1.5.0 ] 177 ******************************************************/ 178 $evo_crypt = EvoCrypt($pwd); 179 $pwd = md5($pwd); 180 /*****[END]******************************************** 181 [ Base: Evolution Functions v1.5.0 ] 182 ******************************************************/ 183 $admlanguage = addslashes(get_admin_field('admlanguage', $aid)); 184 $rpwd = get_admin_field('pwd', $aid); 185 //Un-evocrypt 186 if ($evo_crypt == $rpwd) { 187 $db->sql_query("UPDATE `".$prefix."_authors` SET `pwd`='".$pwd."' WHERE `aid`='".$aid."'"); 188 $rpwd = get_admin_field('pwd', $aid); 189 } 190 if($rpwd == $pwd && !empty($rpwd)) { 191 /*****[BEGIN]****************************************** 192 [ Mod: Persistent Admin Login v2.0.0 ] 193 ******************************************************/ 194 $persistent = intval($persistent); 195 $admin = base64_encode("$aid:$pwd:$admlanguage:$persistent"); 196 $time = (intval($admin1[3])) ? 43200 : 60; 197 setcookie('admin',$admin,time()+($time*60)); 198 /*****[END]******************************************** 199 [ Mod: Persistent Admin Login v2.0.0 ] 200 ******************************************************/ 201 unset($op); 202 /*****[BEGIN]****************************************** 203 [ Mod: Admin Tracker v1.0.1 ] 204 ******************************************************/ 205 unset($txt_pwd); 206 redirect($_SERVER['REQUEST_URI']); 207 } else { 208 log_write('admin', 'Attempted to login with "' . $aid . '"/"' . $txt_pwd . '" but failed', 'Security Breach'); 209 unset($txt_pwd); 210 } 211 } else { 212 if(empty($aid) AND empty($pwd)) { 213 log_write('admin', 'Attempted to login to the admin area with no username and password', 'Security Breach'); 214 } else if(empty($aid)) { 215 log_write('admin', 'Attempted to login to the admin area with no username', 'Security Breach'); 216 } else if(empty($pwd)) { 217 log_write('admin', 'Attempted to login to the admin area with no password', 'Security Breach'); 218 } 219 } 220 /*****[END]******************************************** 221 [ Mod: Admin Tracker v1.0.1 ] 222 ******************************************************/ 223 } 224 225 $admintest = 0; 226 227 if(isset($admin) && !empty($admin) && (!isset($admin1) || !is_array($admin1))) { 228 $admin1 = base64_decode($admin); 229 $admin1 = explode(":", $admin1); 230 $aid = addslashes($admin1[0]); 231 $pwd = $admin1[1]; 232 $admlanguage = (isset($admin1[2])) ? $admin1[2] : 'english'; 233 if (empty($aid) OR empty($pwd)) { 234 $admintest=0; 235 /*****[BEGIN]****************************************** 236 [ Mod: Admin Tracker v1.0.1 ] 237 ******************************************************/ 238 log_write('admin', 'Caused an Intruder Alert', 'Security Breach'); 239 /*****[END]******************************************** 240 [ Mod: Admin Tracker v1.0.1 ] 241 ******************************************************/ 242 die('Illegal Operation'); 243 } 244 $aid = substr($aid, 0,25); 245 if (!($admdata = get_admin_field('*', $aid))) { 246 die('Selection from database failed!'); 247 } else { 248 if ($admdata['pwd'] == $pwd && !empty($admdata['pwd'])) { 249 $admintest = 1; 250 /*****[BEGIN]****************************************** 251 [ Mod: Persistent Admin Login v2.0.0 ] 252 ******************************************************/ 253 $time = (intval($admin1[3])) ? 43200 : 60; 254 if (!isset($op) || $op != 'logout') { 255 setcookie('admin',$admin,time()+($time*60)); 256 } 257 /*****[END]******************************************** 258 [ Mod: Persistent Admin Login v2.0.0 ] 259 ******************************************************/ 260 } else { 261 $admdata = array(); 262 /*****[BEGIN]****************************************** 263 [ Mod: Admin Tracker v1.0.1 ] 264 ******************************************************/ 265 log_write('admin', 'Attempted to login with "' . $aid . '" but failed', 'Security Breach'); 266 /*****[END]******************************************** 267 [ Mod: Admin Tracker v1.0.1 ] 268 ******************************************************/ 269 } 270 } 271 unset($admin1); 272 } 273 274 if(!isset($op)) { 275 $op = 'adminMain'; 276 } elseif(($op=='mod_authors' OR $op=='modifyadmin' OR $op=='UpdateAuthor' OR $op=='AddAuthor' OR $op=='deladmin2' OR $op=='deladmin' OR $op=='assignstories' OR $op=='deladminconf') AND ($admdata['name'] != 'God')) { 277 die('Illegal Operation'); 278 } 279 280 if($admintest) { 281 282 if(!$admin) exit('Illegal Operation'); 283 284 switch($op) { 285 286 case "do_gfx": 287 do_gfx(); 288 break; 289 290 case "deleteNotice": 291 deleteNotice($id); 292 break; 293 294 case "GraphicAdmin": 295 GraphicAdmin(); 296 break; 297 298 case "adminMain": 299 /*****[BEGIN]****************************************** 300 [ Mod: External Admin Index v1.0.0 ] 301 ******************************************************/ 302 include_once (NUKE_ADMIN_MODULE_DIR.'index.php'); 303 /*****[END]******************************************** 304 [ Mod: External Admin Index v1.0.0 ] 305 ******************************************************/ 306 adminMain(); 307 break; 308 309 case "logout": 310 setcookie("admin", false); 311 unset($admin); 312 header("Refresh: 3; url=".$admin_file.".php"); 313 DisplayError("<span class=\"title\"><strong>"._YOUARELOGGEDOUT."</strong></span>", 1); 314 break; 315 316 case "login"; 317 unset($op); 318 319 default: 320 if (!is_admin()) { 321 login(); 322 } 323 /*****[BEGIN]****************************************** 324 [ Mod: Admin Icon/Link Pos v1.0.0 ] 325 ******************************************************/ 326 define('ADMIN_POS', true); 327 /*****[END]******************************************** 328 [ Mod: Admin Icon/Link Pos v1.0.0 ] 329 ******************************************************/ 330 define('ADMIN_PROTECTION', true); 331 $casedir = opendir(NUKE_ADMIN_DIR.'case'); 332 while(false !== ($func = readdir($casedir))) { 333 if(substr($func, 0, 5) == "case.") { 334 include(NUKE_ADMIN_DIR.'case/'.$func); 335 } 336 } 337 closedir($casedir); 338 $result = $db->sql_query("SELECT title FROM ".$prefix."_modules ORDER BY title ASC"); 339 while (list($mod_title) = $db->sql_fetchrow($result,SQL_BOTH)) { 340 if (is_mod_admin($mod_title) && file_exists(NUKE_MODULES_DIR.$mod_title.'/admin/index.php') AND file_exists(NUKE_MODULES_DIR.$mod_title.'/admin/links.php') AND file_exists(NUKE_MODULES_DIR.$mod_title.'/admin/case.php')) { 341 include(NUKE_MODULES_DIR.$mod_title.'/admin/case.php'); 342 } 343 } 344 $db->sql_freeresult($result); 345 break; 346 347 } 348 } else { 349 switch($op) { 350 default: 351 if (!stristr($_SERVER['HTTP_USER_AGENT'], 'WebTV')) { 352 header('HTTP/1.0 403 Forbidden'); 353 } 354 login(); 355 break; 356 } 357 } 358 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Jun 6 11:38:01 2007 | Cross-referenced by PHPXref 0.7 |