author | Dan |
Thu, 22 Nov 2007 02:10:12 -0500 | |
changeset 227 | 0f039028f7a5 |
parent 218 | e0ec986c0af3 |
child 229 | b2f985e4cef3 |
permissions | -rw-r--r-- |
1 | 1 |
<?php |
2 |
||
3 |
/* |
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
parents:
129
diff
changeset
|
5 |
* Version 1.0.2 (Coblynau) |
1 | 6 |
* Copyright (C) 2006-2007 Dan Fuhry |
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
14 |
||
15 |
if(isset($_REQUEST['GLOBALS'])) |
|
16 |
{ |
|
17 |
?> |
|
18 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head><title>Hacking Attempt</title><meta http-equiv="Content-type" content="text/html; charset=utf-8" /></head><style type="text/css">body{background-color:#000;color:#CCC;font-family:trebuchet ms,sans-serif;font-size:9pt;}a{color:#FFF;}</style><body><p>Hacking attempt using <a href="http://www.hardened-php.net/index.76.html">PHP $GLOBALS overwrite vulnerability</a> detected, reported to admin</p><p>You're worse than this guy! Unless you are this guy...</p><p id="billp"><img alt=" " src="about:blank" id="billi" /></p><script type="text/javascript">// <![CDATA[ |
|
19 |
window.onload=function(){counter();setInterval('counter();', 1000);};var text=false;var cnt=10;function counter(){if(!text){text=document.createElement('span');text.id='billc';text.innerHTML=cnt;text.style.fontSize='96pt';text.style.color='#FF0000';p=document.getElementById('billp');p.appendChild(text);}else{if(cnt==1){document.getElementById('billi').src='http://upload.wikimedia.org/wikipedia/commons/7/7f/Bill_Gates_2004_cr.jpg';document.getElementById('billc').innerHTML='';return;}cnt--;document.getElementById('billc').innerHTML=cnt+' ';}} |
|
20 |
// ]]> |
|
12
c96a9b56f16c
Fixed problems with installer and config file (chdir and error-connecting-to-MySQL issues)
Dan
parents:
10
diff
changeset
|
21 |
</script><p><span style="color:black;">You been f***ed by Enano | valid XHTML 1.1</span></p></body></html> |
1 | 22 |
<?php |
23 |
exit; |
|
24 |
} |
|
25 |
||
154 | 26 |
$version = '1.0.2'; |
1 | 27 |
|
28 |
function microtime_float() |
|
29 |
{ |
|
30 |
list($usec, $sec) = explode(" ", microtime()); |
|
31 |
return ((float)$usec + (float)$sec); |
|
32 |
} |
|
33 |
||
34 |
global $_starttime; |
|
35 |
$_starttime = microtime_float(); |
|
36 |
||
37 |
error_reporting(E_ALL); |
|
38 |
||
2
0931d60f5bdb
Adding compatibility patch for Enano dev servers to common.php
dan@scribus.fuhry.local.fuhry.local
parents:
1
diff
changeset
|
39 |
// Determine directory (special case for development servers) |
12
c96a9b56f16c
Fixed problems with installer and config file (chdir and error-connecting-to-MySQL issues)
Dan
parents:
10
diff
changeset
|
40 |
if ( strpos(__FILE__, '/repo/') && ( file_exists('.enanodev') || file_exists('../.enanodev') ) ) |
2
0931d60f5bdb
Adding compatibility patch for Enano dev servers to common.php
dan@scribus.fuhry.local.fuhry.local
parents:
1
diff
changeset
|
41 |
{ |
3
2b2084ca1e60
Final commit for initial branch
dan@scribus.fuhry.local.fuhry.local
parents:
2
diff
changeset
|
42 |
$filename = str_replace('/repo/', '/', __FILE__); |
2
0931d60f5bdb
Adding compatibility patch for Enano dev servers to common.php
dan@scribus.fuhry.local.fuhry.local
parents:
1
diff
changeset
|
43 |
} |
0931d60f5bdb
Adding compatibility patch for Enano dev servers to common.php
dan@scribus.fuhry.local.fuhry.local
parents:
1
diff
changeset
|
44 |
else |
0931d60f5bdb
Adding compatibility patch for Enano dev servers to common.php
dan@scribus.fuhry.local.fuhry.local
parents:
1
diff
changeset
|
45 |
{ |
0931d60f5bdb
Adding compatibility patch for Enano dev servers to common.php
dan@scribus.fuhry.local.fuhry.local
parents:
1
diff
changeset
|
46 |
$filename = __FILE__; |
0931d60f5bdb
Adding compatibility patch for Enano dev servers to common.php
dan@scribus.fuhry.local.fuhry.local
parents:
1
diff
changeset
|
47 |
} |
0931d60f5bdb
Adding compatibility patch for Enano dev servers to common.php
dan@scribus.fuhry.local.fuhry.local
parents:
1
diff
changeset
|
48 |
|
1 | 49 |
if(!defined('ENANO_ROOT')) // ENANO_ROOT is sometimes defined by plugins like AjIM that need the constant before the Enano API is initialized |
2
0931d60f5bdb
Adding compatibility patch for Enano dev servers to common.php
dan@scribus.fuhry.local.fuhry.local
parents:
1
diff
changeset
|
50 |
define('ENANO_ROOT', dirname(dirname($filename))); |
1 | 51 |
|
52 |
if(defined('ENANO_DEBUG') && version_compare(PHP_VERSION, '5.0.0') < 0) |
|
53 |
{ |
|
54 |
die(__FILE__.':'.__LINE__.': The debugConsole requires PHP 5.x.x or greater. Please comment out the ENANO_DEBUG constant in your index.php.'); |
|
55 |
} |
|
56 |
||
57 |
if(defined('ENANO_DEBUG')) |
|
58 |
{ |
|
59 |
require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php'); |
|
60 |
} else { |
|
61 |
function dc_here($m) { return false; } |
|
62 |
function dc_dump($a, $g) { return false; } |
|
63 |
function dc_watch($n) { return false; } |
|
64 |
function dc_start_timer($u) { return false; } |
|
65 |
function dc_stop_timer($m) { return false; } |
|
66 |
} |
|
67 |
||
68 |
if ( file_exists( ENANO_ROOT . '/_nightly.php') ) |
|
69 |
require(ENANO_ROOT.'/_nightly.php'); |
|
70 |
||
180
3dbe848431b0
Added a cron framework. Currently tasks will not be run; will implement into templates in next commit
Dan
parents:
154
diff
changeset
|
71 |
// List of scheduled tasks |
3dbe848431b0
Added a cron framework. Currently tasks will not be run; will implement into templates in next commit
Dan
parents:
154
diff
changeset
|
72 |
$cron_tasks = array(); |
3dbe848431b0
Added a cron framework. Currently tasks will not be run; will implement into templates in next commit
Dan
parents:
154
diff
changeset
|
73 |
|
1 | 74 |
// Start including files. LOTS of files. Yeah! |
75 |
require_once(ENANO_ROOT.'/includes/constants.php'); |
|
76 |
dc_here('Enano CMS '.$version.' (dev) - debug window<br />Powered by debugConsole'); |
|
77 |
dc_here('common: including files'); |
|
78 |
require_once(ENANO_ROOT.'/includes/functions.php'); |
|
79 |
require_once(ENANO_ROOT.'/includes/dbal.php'); |
|
80 |
require_once(ENANO_ROOT.'/includes/paths.php'); |
|
81 |
require_once(ENANO_ROOT.'/includes/sessions.php'); |
|
82 |
require_once(ENANO_ROOT.'/includes/template.php'); |
|
83 |
require_once(ENANO_ROOT.'/includes/plugins.php'); |
|
84 |
require_once(ENANO_ROOT.'/includes/comment.php'); |
|
85 |
require_once(ENANO_ROOT.'/includes/wikiformat.php'); |
|
86 |
require_once(ENANO_ROOT.'/includes/diff.php'); |
|
87 |
require_once(ENANO_ROOT.'/includes/render.php'); |
|
88 |
require_once(ENANO_ROOT.'/includes/stats.php'); |
|
89 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
90 |
require_once(ENANO_ROOT.'/includes/js-compressor.php'); |
|
91 |
require_once(ENANO_ROOT.'/includes/rijndael.php'); |
|
92 |
require_once(ENANO_ROOT.'/includes/email.php'); |
|
93 |
require_once(ENANO_ROOT.'/includes/search.php'); |
|
94 |
require_once(ENANO_ROOT.'/includes/json.php'); |
|
95 |
require_once(ENANO_ROOT.'/includes/wikiengine/Tables.php'); |
|
96 |
require_once(ENANO_ROOT.'/includes/pageprocess.php'); |
|
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
76
diff
changeset
|
97 |
require_once(ENANO_ROOT.'/includes/tagcloud.php'); |
1 | 98 |
|
99 |
strip_magic_quotes_gpc(); |
|
100 |
||
101 |
// Enano has five parts: the database abstraction layer (DBAL), the session manager, the path/URL manager, the template engine, and the plugin manager. |
|
102 |
// Each part has its own class and a global var; nearly all Enano functions are handled by one of these five components. |
|
103 |
||
104 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
105 |
global $enano_config; // A global used to cache config information without making loads of queries ;-) |
|
106 |
// In addition, $enano_config is used to fetch config information if die_semicritical() is called. |
|
107 |
||
108 |
global $email; |
|
109 |
||
110 |
if(!isset($_SERVER['HTTP_HOST'])) grinding_halt('Cannot get hostname', '<p>Your web browser did not provide the HTTP Host: field. This site requires a modern browser that supports the HTTP 1.1 standard.</p>'); |
|
111 |
||
112 |
$db = new mysql(); |
|
113 |
dc_here('common: calling $db->connect();'); |
|
114 |
$db->connect(); // Redirects to install.php if an installation is not detected |
|
115 |
||
116 |
if(strstr(contentPath, '?')) $sep = '&'; |
|
117 |
else $sep = '?'; |
|
118 |
define('urlSeparator', $sep); |
|
119 |
unset($sep); // save 10 bytes of memory... |
|
120 |
||
121 |
// See if any diagnostic actions have been requested |
|
122 |
if ( isset($_GET['do']) && $_GET['do'] == 'diag' && isset($_GET['sub']) ) |
|
123 |
{ |
|
124 |
switch($_GET['sub']) |
|
125 |
{ |
|
126 |
case 'cookie_destroy': |
|
127 |
unset($_COOKIE['sid']); |
|
128 |
setcookie('sid', '', time()-3600*24, scriptPath); |
|
129 |
setcookie('sid', '', time()-3600*24, scriptPath.'/'); |
|
130 |
die('Session cookie cleared. <a href="'.$_SERVER['PHP_SELF'].'">Continue</a>'); |
|
131 |
break; |
|
132 |
} |
|
133 |
} |
|
134 |
||
135 |
// Select and fetch the site configuration |
|
136 |
dc_here('common: selecting global config data'); |
|
137 |
$e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;'); |
|
138 |
if(!$e) $db->_die('Some critical configuration information could not be selected.'); |
|
139 |
else define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not |
|
140 |
||
141 |
dc_here('common: fetching $enano_config'); |
|
142 |
$enano_config = Array(); |
|
143 |
while($r = $db->fetchrow()) |
|
144 |
{ |
|
145 |
$enano_config[$r['config_name']] = $r['config_value']; |
|
146 |
} |
|
147 |
||
148 |
$db->free_result(); |
|
149 |
||
150 |
if(enano_version(false, true) != $version) |
|
151 |
{ |
|
152 |
grinding_halt('Version mismatch', '<p>It seems that the Enano release we\'re trying to run ('.$version.') is different from the version specified in your database ('.enano_version().'). Perhaps you need to <a href="'.scriptPath.'/upgrade.php">upgrade</a>?</p>'); |
|
153 |
} |
|
154 |
||
99
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
155 |
// |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
156 |
// Low level maintenance |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
157 |
// |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
158 |
|
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
159 |
// If the AES key size has been changed, bail out and fast |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
160 |
if ( !getConfig('aes_key_size') ) |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
161 |
{ |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
162 |
setConfig('aes_key_size', AES_BITS); |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
163 |
} |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
164 |
else if ( $ks = getConfig('aes_key_size') ) |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
165 |
{ |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
166 |
if ( intval($ks) != AES_BITS ) |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
167 |
{ |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
168 |
grinding_halt('AES key size changed', '<p>Enano has detected that the AES key size in constants.php has been changed. This change cannot be performed after installation, otherwise the private key would have to be re-generated and all passwords would have to be re-encrypted.</p><p>Please change the key size back to ' . $ks . ' bits and reload this page.</p>'); |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
169 |
} |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
170 |
} |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
171 |
|
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
172 |
// Same for AES block size |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
173 |
if ( !getConfig('aes_block_size') ) |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
174 |
{ |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
175 |
setConfig('aes_block_size', AES_BLOCKSIZE); |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
176 |
} |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
177 |
else if ( $ks = getConfig('aes_block_size') ) |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
178 |
{ |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
179 |
if ( intval($ks) != AES_BLOCKSIZE ) |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
180 |
{ |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
181 |
grinding_halt('AES block size changed', '<p>Enano has detected that the AES block size in constants.php has been changed. This change cannot be performed after installation, otherwise all passwords would have to be re-encrypted.</p><p>Please change the block size back to ' . $ks . ' bits and reload this page.</p>'); |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
182 |
} |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
183 |
} |
2332ebd75f61
Added a few low-level checks in config.php for changes of search algorithm and AES cipher parameters
Dan
parents:
80
diff
changeset
|
184 |
|
1 | 185 |
// Our list of tables included in Enano |
186 |
$system_table_list = Array( |
|
187 |
table_prefix.'categories', |
|
188 |
table_prefix.'comments', |
|
189 |
table_prefix.'config', |
|
190 |
table_prefix.'logs', |
|
191 |
table_prefix.'page_text', |
|
192 |
table_prefix.'session_keys', |
|
193 |
table_prefix.'pages', |
|
194 |
table_prefix.'users', |
|
10 | 195 |
table_prefix.'users_extra', |
1 | 196 |
table_prefix.'themes', |
197 |
table_prefix.'buddies', |
|
198 |
table_prefix.'banlist', |
|
199 |
table_prefix.'files', |
|
200 |
table_prefix.'privmsgs', |
|
201 |
table_prefix.'sidebar', |
|
202 |
table_prefix.'hits', |
|
203 |
table_prefix.'search_index', |
|
204 |
table_prefix.'groups', |
|
205 |
table_prefix.'group_members', |
|
206 |
table_prefix.'acl', |
|
76
608dee512bf0
Work started on page tags, still aways to go, but syncing to Nighthawk
Dan
parents:
73
diff
changeset
|
207 |
table_prefix.'page_groups', |
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
76
diff
changeset
|
208 |
table_prefix.'page_group_members', |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
76
diff
changeset
|
209 |
table_prefix.'tags' |
1 | 210 |
); |
211 |
||
212 |
dc_here('common: initializing base classes'); |
|
213 |
$plugins = new pluginLoader(); |
|
214 |
||
215 |
// So where does the majority of Enano get executed? How about the next nine lines of code :) |
|
216 |
dc_here('common: ok, we\'re set up, starting mainstream execution'); |
|
217 |
||
218 |
$plugins->loadAll(); |
|
219 |
dc_here('common: loading plugins'); |
|
220 |
global $plugins; |
|
221 |
foreach($plugins->load_list as $f) { include_once $f; } // Can't be in object context when this is done |
|
222 |
||
223 |
$session = new sessionManager(); |
|
224 |
$paths = new pathManager(); |
|
225 |
$template = new template(); |
|
226 |
$email = new EmailEncryptor(); |
|
227 |
||
228 |
define('ENANO_BASE_CLASSES_INITIALIZED', ''); |
|
229 |
||
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
230 |
if ( !defined('IN_ENANO_INSTALL') ) |
1 | 231 |
{ |
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
232 |
$code = $plugins->setHook('base_classes_initted'); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
233 |
foreach ( $code as $cmd ) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
234 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
235 |
eval($cmd); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
236 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
237 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
238 |
$p = RenderMan::strToPageId($paths->get_pageid_from_url()); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
239 |
if( ( $p[1] == 'Admin' || $p[1] == 'Special' ) && function_exists('page_'.$p[1].'_'.$p[0].'_preloader')) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
240 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
241 |
@call_user_func('page_'.$p[1].'_'.$p[0].'_preloader'); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
242 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
243 |
|
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
183
diff
changeset
|
244 |
// One quick security check... |
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
183
diff
changeset
|
245 |
if ( !is_valid_ip($_SERVER['REMOTE_ADDR']) ) |
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
183
diff
changeset
|
246 |
{ |
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
183
diff
changeset
|
247 |
die('SECURITY: spoofed IP address'); |
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
183
diff
changeset
|
248 |
} |
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
183
diff
changeset
|
249 |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
250 |
$session->start(); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
251 |
$paths->init(); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
252 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
253 |
define('ENANO_MAINSTREAM', ''); |
1 | 254 |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
255 |
// If the site is disabled, bail out, unless we're trying to log in or administer the site |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
256 |
if(getConfig('site_disabled') == '1' && $session->user_level < USER_LEVEL_ADMIN) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
257 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
258 |
if ( $paths->namespace == 'Admin' || ( $paths->namespace == 'Special' && ( $paths->cpage['urlname_nons'] == 'CSS' || $paths->cpage['urlname_nons'] == 'Administration' || $paths->cpage['urlname_nons'] == 'Login' ) ) ) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
259 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
260 |
// do nothing; allow execution to continue |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
261 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
262 |
else |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
263 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
264 |
if(!$n = getConfig('site_disabled_notice')) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
265 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
266 |
$n = 'The administrator has disabled the site. Please check back later.'; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
267 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
268 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
269 |
$text = RenderMan::render($n) . ' |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
270 |
<div class="info-box"> |
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
parents:
142
diff
changeset
|
271 |
If you have an administrative account, you may <a href="'.makeUrlNS('Special', 'Login').'">log in</a> to the site. |
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
272 |
</div>'; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
273 |
$paths->wiki_mode = 0; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
274 |
die_semicritical('Site disabled', $text); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
275 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
276 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
277 |
else if(getConfig('site_disabled') == '1' && $session->user_level >= USER_LEVEL_ADMIN) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
278 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
279 |
$template->site_disabled = true; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
280 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
281 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
282 |
$code = $plugins->setHook('session_started'); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
283 |
foreach ( $code as $cmd ) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
284 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
285 |
eval($cmd); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
286 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
287 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
288 |
if(isset($_GET['noheaders'])) $template->no_headers = true; |
1 | 289 |
} |
290 |
||
291 |
?> |