Enano CMS (1.1.x): comparison plugins/SpecialAdmin.php

equal deleted inserted replaced

-:edfc24408769
+:5d003b6c9e89
 Author URI: http://enanocms.org/
 */
 /*
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
-* Version 1.0 release candidate 2
+* Version 1.0 release candidate 3
 * Copyright (C) 2006-2007 Dan Fuhry
 *
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 *
 Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically.
 Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.');
+// Demo mode
+if ( defined('ENANO_DEMO_MODE') )
+{
+echo '<h3>Enano is running in demo mode.</h3>
+<p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>';
+}
 // Check for the installer scripts
-if(file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql'))
+if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )
 {
 echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>';
 }
 // Inactive users
 {
 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
 return;
 }
-if(isset($_POST['submit'])) {
+if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )
+{
 // Global site options
 setConfig('site_name', $_POST['site_name']);
 setConfig('site_desc', $_POST['site_desc']);
 setConfig('main_page', str_replace(' ', '_', $_POST['main_page']));
 setConfig('smtp_user', $_POST['smtp_user']);
 if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']);
 echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
+}
+else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
+{
+echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';
 }
 echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">');
 ?>
 <div class="tblholder">
 <table border="0" width="100%" cellspacing="1" cellpadding="4">
 if(isset($_POST['cache_thumbs'])) setConfig('cache_thumbs', '1'); else setConfig('cache_thumbs', '0');
 if(isset($_POST['file_history'])) setConfig('file_history', '1'); else setConfig('file_history', '0');
 if(file_exists($_POST['imagemagick_path'])) setConfig('imagemagick_path', $_POST['imagemagick_path']);
 else echo '<span style="color: red"><b>Warning:</b> the file "'.$_POST['imagemagick_path'].'" was not found, and the ImageMagick file path was not updated.</span>';
 $max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']);
-setConfig('max_file_size', $max_upload.'');
+if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') )
+{
+echo '<div class="error-box">Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.</div>';
+}
+else
+{
+setConfig('max_file_size', $max_upload.'');
+}
 }
 echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">';
 ?>
 <h3>File upload configuration</h3>
 <p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images
 {
 case "enable":
 setConfig('plugin_'.$_GET['plugin'], '1');
 break;
 case "disable":
+if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') )
+{
+echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
+break;
+}
 if ( $_GET['plugin'] != 'SpecialAdmin.php' )
 {
 setConfig('plugin_'.$_GET['plugin'], '0');
 }
 else
 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
 return;
 }
 global $mime_types, $mimetype_exps, $mimetype_extlist;
-if(isset($_POST['save']))
+if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
 {
 $bits = '';
 $keys = array_keys($mime_types);
 foreach($keys as $i => $k)
 {
 else $bits .= '0';
 }
 $bits = compress_bitfield($bits);
 setConfig('allowed_mime_types', $bits);
 echo '<div class="info-box">Your changes have been saved.</div>';
+}
+else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') )
+{
+echo '<div class="error-box">Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.</div>';
 }
 $allowed = fetch_allowed_extensions();
 ?>
 <h3>Allowed file types</h3>
 <p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p>
 {
 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
 return;
 }
-if(isset($_POST['go'])) {
+if(isset($_POST['go']))
+{
 // We need the user ID before we can do anything
 $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
-if(!$q) die('Error selecting user ID: '.mysql_error());
+if ( !$q )
-if($db->numrows() < 1) { echo('User does not exist, please enter another username.'); return; }
+{
+die('Error selecting user ID: '.mysql_error());
+}
+if ( $db->numrows() < 1 )
+{
+echo('User does not exist, please enter another username.');
+return;
+}
 $r = $db->fetchrow();
 $db->free_result();
 if(isset($_POST['save']))
 {
 $_POST['level'] = intval($_POST['level']);
 $new_level = $_POST['level'];
 $old_level = intval($r['user_level']);
-$re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);
+if ( defined('ENANO_DEMO_MODE') )
+{
+echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
+$re = Array('permission denied');
+}
+else
+{
+$re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);
+}
 if($re == 'success')
 {
 if ( $new_level != $old_level )
 $r = mysql_fetch_object($q);
 $db->free_result();
 }
 elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))
 {
-$q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');
+if ( defined('ENANO_DEMO_MODE') )
-if($q)
+{
-{
+echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
-echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';
 }
 else
 {
-echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';
+$q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');
+if($q)
+{
+echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';
+}
+else
+{
+echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';
+}
 }
 }
 else
 {
 echo('
 <input type="submit" name="save" value="Save Changes" /></td></tr>
 </table>
 </form>
 ');
 }
-} elseif(isset($_POST['clearsessions'])) {
+}
-// Get the current session information so the user doesn't get logged out
+else if(isset($_POST['clearsessions']))
-$aes = new AESCrypt();
+{
-$sk = md5($session->sid_super);
+if ( defined('ENANO_DEMO_MODE') )
-$qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
+{
-if(!$qb) die('Error selecting session key info block B: '.$db->get_error());
+echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';
-if($db->numrows($qb) < 1) die('Error: cannot read admin session info block B, aborting table clear process');
+}
-$qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
+else
-if(!$qa) die('Error selecting session key info block A: '.$db->get_error());
+{
-if($db->numrows($qa) < 1) die('Error: cannot read user session info block A, aborting table clear process');
+// Get the current session information so the user doesn't get logged out
-$ra = mysql_fetch_object($qa);
+$aes = new AESCrypt();
-$rb = mysql_fetch_object($qb);
+$sk = md5($session->sid_super);
-$db->free_result($qa);
+$qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
-$db->free_result($qb);
+if(!$qb) die('Error selecting session key info block B: '.$db->get_error());
-$db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
+if($db->numrows($qb) < 1) die('Error: cannot read admin session info block B, aborting table clear process');
-$db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');
+$qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
-echo('
+if(!$qa) die('Error selecting session key info block A: '.$db->get_error());
-<div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>
+if($db->numrows($qa) < 1) die('Error: cannot read user session info block A, aborting table clear process');
-');
+$ra = mysql_fetch_object($qa);
+$rb = mysql_fetch_object($qb);
+$db->free_result($qa);
+$db->free_result($qb);
+$db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
+$db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');
+echo('
+<div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>
+');
+}
 }
 echo('
 <h3>User Management</h3>
 <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">
 <p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>
 if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
 {
 $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
 if(!$e) $db->_die('The ban list entry was not deleted.');
 }
-if(isset($_POST['create']))
+if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
 {
 $q = 'INSERT INTO '.table_prefix.'banlist(ban_type,ban_value,reason,is_regex) VALUES( ' . $db->escape($_POST['type']) . ', \'' . $db->escape($_POST['value']) . '\', \''.$db->escape($_POST['reason']).'\'';
 if(isset($_POST['regex'])) $q .= ', 1';
 else $q .= ', 0';
 $q .= ');';
 $e = $db->sql_query($q);
 if(!$e) $db->_die('The banlist could not be updated.');
+}
+else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
+{
+echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
 }
 $q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
 if(!$q) $db->_die('The banlist data could not be selected.');
 echo '<table border="0" cellspacing="1" cellpadding="4">';
 echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
 return;
 }
 global $enano_config;
-if ( isset($_POST['do_send']) )
+if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') )
 {
 $use_smtp = getConfig('smtp_enabled') == '1';
 //
 // Let's do some checking to make sure that mass mail functions
 else
 {
 echo '<div class="warning-box">Could not send message for the following reason(s):<ul><li>' . implode('</li><li>', $errors) . '</li></ul></div>';
 }
+}
+else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') )
+{
+echo '<div class="error-box">This function is disabled in the demo. You think demo@enanocms.org likes getting "test" mass e-mails?</div>';
 }
 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
 ?>
 <div class="tblholder">
 <table border="0" cellspacing="1" cellpadding="4">
 global $db, $session, $paths, $template, $plugins; // Common objects
 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
 {
 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
 return;
+}
+if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
+{
+redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 );
 }
 global $system_table_list;
 if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes')
 {
 break;
 case BLOCK_PLUGIN:
 $content = $_POST['plugin_id'];
 break;
 }
+if ( defined('ENANO_DEMO_MODE') )
+{
+// Sanitize the HTML
+$content = sanitize_html($content, true);
+}
+if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP )
+{
+echo '<div class="error-box" style="margin: 10px 0 10px 0;">Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.</div>';
+$_POST['php_content'] = '?>&lt;Nulled&gt;';
+$content = $_POST['php_content'];
+}
 // Get the value of item_order
 $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';');
 if(!$q) $db->_die('The order number could not be selected');
 $io = $db->numrows();
 <textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea>
 </p>
 </div>
 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>">
+<?php if ( defined('ENANO_DEMO_MODE') ) { ?>
+<p>Creating PHP blocks in demo mode is disabled for security reasons.</p>
+<?php } else { ?>
 <p>
 <b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here.
 ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type.
 </p>
 <p>
 PHP code:
 </p>
 <p>
 <textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea>
 </p>
+<?php } ?>
 </div>
 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>">
 <p>
 Plugin:
 $db->free_result();
 if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN');
 die($r['block_content']);
 break;
 case 'save':
+if ( defined('ENANO_DEMO_MODE') )
+{
+$q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+if(!$q)
+{
+echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+exit;
+}
+$row = $db->fetchrow();
+if ( $row['block_type'] == BLOCK_PHP )
+{
+$_POST['content'] = '?>&lt;Nulled&gt;';
+}
+else
+{
+$_POST['content'] = sanitize_html($_POST['content'], true);
+}
+}
 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . $db->escape($_GET['id']) . ';');
 if(!$q)
 {
 echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
 exit;

changeset 19	5d003b6c9e89
parent 15	ad5986a53197
child 20	40105681f495