| [ Index ] |
PHP Cross Reference of Nucleus CMS 3.32 |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 4 * Copyright (C) 2002-2007 The Nucleus Group 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 2 9 * of the License, or (at your option) any later version. 10 * (see nucleus/documentation/index.html#license for more info) 11 */ 12 /** 13 * @license http://nucleuscms.org/license.txt GNU General Public License 14 * @copyright Copyright (C) 2002-2007 The Nucleus Group 15 * @version $Id: index.php 1176 2007-06-16 22:27:17Z kaigreve $ 16 */ 17 // we are using admin stuff: 18 $CONF = array(); 19 $CONF['UsingAdminArea'] = 1; 20 21 // include the admin code 22 include ('../config.php'); 23 24 if ($CONF['alertOnSecurityRisk'] == 1) 25 { 26 // check if files exist and generate an error if so 27 $aFiles = array( 28 '../install.sql' => 'install.sql should be deleted', 29 '../install.php' => 'install.php should be deleted', 30 'upgrades' => 'nucleus/upgrades directory should be deleted', 31 'convert' => 'nucleus/convert directory should be deleted' 32 ); 33 $aFound = array(); 34 foreach($aFiles as $fileName => $fileDesc) 35 { 36 if (@file_exists($fileName)) 37 array_push($aFound, $fileDesc); 38 } 39 if (@is_writable('../config.php')) { 40 array_push($aFound, 'config.php should be non-writable (chmod to 444)'); 41 } 42 if (sizeof($aFound) > 0) 43 { 44 startUpError( 45 '<p>One or more of the Nucleus installation files are still present on the webserver, or are writable.</p><p>You should remove these files or change their permissions to ensure security. Here are the files that were found by Nucleus</p> <ul><li>'. implode($aFound, '</li><li>').'</li></ul><p>If you don\'t want to see this error message again, without solving the problem, set <code>$CONF[\'alertOnSecurityRisk\']</code> in <code>globalfunctions.php</code> to <code>0</code>, or do this at the end of <code>config.php</code>.</p>', 46 'Security Risk' 47 ); 48 } 49 } 50 51 $bNeedsLogin = false; 52 $bIsActivation = in_array($action, array('activate', 'activatesetpwd')); 53 54 if ($action == 'logout') 55 $bNeedsLogin = true; 56 57 if (!$member->isLoggedIn() && !$bIsActivation) 58 $bNeedsLogin = true; 59 60 // show error if member cannot login to admin 61 if ($member->isLoggedIn() && !$member->canLogin() && !$bIsActivation) { 62 $error = _ERROR_LOGINDISALLOWED; 63 $bNeedsLogin = true; 64 } 65 66 if ($bNeedsLogin) 67 { 68 setOldAction($action); // see ADMIN::login() (sets old action in POST vars) 69 $action = 'showlogin'; 70 } 71 72 sendContentType('text/html', 'admin-' . $action); 73 74 $admin = new ADMIN(); 75 $admin->action($action); 76 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Feb 12 15:34:36 2008 | Cross-referenced by PHPXref 0.7 |