From: Jason Woofenden Date: Sun, 3 May 2020 20:51:52 +0000 (-0400) Subject: indent with spaces X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl-cms.git;a=commitdiff_plain;h=01c953a17babb9d6fedb751671d7e05bc6f33a92 indent with spaces --- diff --git a/.gitmodules b/.gitmodules index 002e8ba..0b8e212 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,6 @@ [submodule "inc/wfpl"] - path = inc/wfpl - url = /home/jasonwoof/www/wfpl.git + path = inc/wfpl + url = /home/jasonwoof/www/wfpl.git [submodule "inc/ckeditor"] - path = inc/ckeditor - url = /home/jasonwoof/www/ckeditor.git + path = inc/ckeditor + url = /home/jasonwoof/www/ckeditor.git diff --git a/.htaccess b/.htaccess index 092abd1..38ace93 100644 --- a/.htaccess +++ b/.htaccess @@ -10,8 +10,8 @@ RewriteEngine on RewriteRule ^[^/.]*$ /wfpl_main.php [L] - ExpiresActive On - ExpiresDefault A31536000 + ExpiresActive On + ExpiresDefault A31536000 # SECURITY: don't execute code on the server (exception below) @@ -26,16 +26,16 @@ RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo RewriteRule ^(wfpl_main\.php|paypal_ipn\.php|cms_images_autoresize\.php)$ - [L] RewriteRule .*\.php$ - [L,R=404] - php_flag engine on - SetHandler application/x-httpd-php + php_flag engine on + SetHandler application/x-httpd-php - php_flag engine on - SetHandler application/x-httpd-php + php_flag engine on + SetHandler application/x-httpd-php - php_flag engine on - SetHandler application/x-httpd-php + php_flag engine on + SetHandler application/x-httpd-php RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^cms_images/[0-9a-f]+w[0-9]+\.[pj][np]g$ /cms_images_autoresize.php diff --git a/admin.html b/admin.html index 4529ac9..b123142 100644 --- a/admin.html +++ b/admin.html @@ -2,24 +2,24 @@ - <!--~$title show {~-->~$host~ Administration<!--~}~--> + <!--~$title show {~-->~$host~ Administration<!--~}~--> - -

~$host~ Admin Control Panel

+ +

~$host~ Admin Control Panel

-

Images

+

Images

-

Header image (top of every page)

+

Header image (top of every page)

-

Pages

+

Pages

-

Files (downloadable)

+

Files (downloadable)

-

Accounts (admin passwords, etc.)

+

Accounts (admin passwords, etc.)

-

Log out

- +

Log out

+ diff --git a/admin.php b/admin.php index ed40e7a..4dcff01 100644 --- a/admin.php +++ b/admin.php @@ -1,5 +1,5 @@ - - <!--~$title show {~-->Email templates<!--~}~--> + + <!--~$title show {~-->Email templates<!--~}~--> - -

Edit email template "~title html~"

- -

~description htmlbrtab~

- -
-
Notes
-
This is here just for admins to save any kind of notes (for example clarifications on when/how this email template is used, or notes on what the template was like previously.)
-
- -
"From:" email address (required)
-
When this email template is used, the email generated will be sent from this address.
-
To supply a name also, use this exact format: John Smith <john@example.com>
-
- - -
"To:" email address (required)
-
When this email template is used, the email generated will sent to this address.
-
To supply a name also, use this exact format: John Smith <john@example.com>
-
- - -
"Cc:" email address (optional)
-
If you enter an email address here, it will be added to the "Cc:" header, that is, it will get a copy of every email that uses this template. Note that the "Cc:" header is visible to all recipients, so this feature should probably only be used for testing.
-
To supply a name also, use this exact format: John Smith <john@example.com>
-
- -
"Bcc:" email address (optional)
-
If you enter an email address here, it will be added to the "Bcc:" header, that is, it will get a copy of every email that uses this template. This email address will not be visible to recipients, and will not be included in replies.
-
To supply a name also, use this exact format: John Smith <john@example.com>
-
- -
Template Variables
-
You can place variables into the Subject and Message Body fields. This can be used, for example, to insert the recipients username into the message. Below is a table showing the variables that are available for this particular email template: - - - - - - - - - - - - - - - -
VariableDescription
~~~~Puts a single ~~ in the email. You must do this if you want a ~~ in your email.
~~~0~~~~1~
-
- -
Subject
-
This field uses template variables, see above.
-
- -
Message Body
-
This field uses template variables, see above.
-
- -
-
- - -
- -
- -
 
-
Cancel
- - - -

Email Templates

- -

Click one to edit:

- - - - - - - - - - - - -
Template TitleEmail Subject
~title html~(blank)~subject html~(blank)
- - + +

Edit email template "~title html~"

+ +

~description htmlbrtab~

+ +
+
Notes
+
This is here just for admins to save any kind of notes (for example clarifications on when/how this email template is used, or notes on what the template was like previously.)
+
+ +
"From:" email address (required)
+
When this email template is used, the email generated will be sent from this address.
+
To supply a name also, use this exact format: John Smith <john@example.com>
+
+ + +
"To:" email address (required)
+
When this email template is used, the email generated will sent to this address.
+
To supply a name also, use this exact format: John Smith <john@example.com>
+
+ + +
"Cc:" email address (optional)
+
If you enter an email address here, it will be added to the "Cc:" header, that is, it will get a copy of every email that uses this template. Note that the "Cc:" header is visible to all recipients, so this feature should probably only be used for testing.
+
To supply a name also, use this exact format: John Smith <john@example.com>
+
+ +
"Bcc:" email address (optional)
+
If you enter an email address here, it will be added to the "Bcc:" header, that is, it will get a copy of every email that uses this template. This email address will not be visible to recipients, and will not be included in replies.
+
To supply a name also, use this exact format: John Smith <john@example.com>
+
+ +
Template Variables
+
You can place variables into the Subject and Message Body fields. This can be used, for example, to insert the recipients username into the message. Below is a table showing the variables that are available for this particular email template: + + + + + + + + + + + + + + + +
VariableDescription
~~~~Puts a single ~~ in the email. You must do this if you want a ~~ in your email.
~~~0~~~~1~
+
+ +
Subject
+
This field uses template variables, see above.
+
+ +
Message Body
+
This field uses template variables, see above.
+
+ +
+
+ + +
+ +
+ +
 
+
Cancel
+ + + +

Email Templates

+ +

Click one to edit:

+ + + + + + + + + + + + +
Template TitleEmail Subject
~title html~(blank)~subject html~(blank)
+ + diff --git a/admin_email_templates.php b/admin_email_templates.php index 10ed922..4ca36a4 100644 --- a/admin_email_templates.php +++ b/admin_email_templates.php @@ -6,21 +6,21 @@ # # in config.php you'll need something like this: # -# $GLOBALS['email_templates'] = [ -# 'slug' => [ -# 'title' => "Title shown in admin only", -# 'description' => "explain (for admins) what this template is for", -# 'variables' => [ -# ['name', "explan (for admins) what this variable is for"], -# ['verbing', "admins can put these variables into the template"] -# ], -# 'subject' => "email subject", -# 'content' => "Hi, ~name~ this is the email body, thanks for ~verbing~!", -# 'from_addr' => 'noreply@airservices.info', -# 'to_addr' => 'optional@to.address' # optional -# ] -# # , 'slug2' => ... -# ]; +# $GLOBALS['email_templates'] = [ +# 'slug' => [ +# 'title' => "Title shown in admin only", +# 'description' => "explain (for admins) what this template is for", +# 'variables' => [ +# ['name', "explan (for admins) what this variable is for"], +# ['verbing', "admins can put these variables into the template"] +# ], +# 'subject' => "email subject", +# 'content' => "Hi, ~name~ this is the email body, thanks for ~verbing~!", +# 'from_addr' => 'noreply@airservices.info', +# 'to_addr' => 'optional@to.address' # optional +# ] +# # , 'slug2' => ... +# ]; # To save results to a database, you'll need to create the email_templates table. # The file admin_email_templates.sql should help with this @@ -30,157 +30,157 @@ define('ADMIN_EMAIL_TEMPLATES_DB_FIELDS', 'slug,notes,from_addr,to_addr,cc_addr, $GLOBALS['admin_email_templates_field_to_caption'] = array( - 'slug' => 'Slug', - 'notes' => 'Notes', - 'from_addr' => 'From Address', - 'to_addr' => 'To Address', - 'cc_addr' => 'Cc Address', - 'bcc_addr' => 'Bcc Address', - 'subject' => 'Subject', - 'content' => 'Content' + 'slug' => 'Slug', + 'notes' => 'Notes', + 'from_addr' => 'From Address', + 'to_addr' => 'To Address', + 'cc_addr' => 'Cc Address', + 'bcc_addr' => 'Bcc Address', + 'subject' => 'Subject', + 'content' => 'Content' ); function admin_email_templates_get_fields() { - $data = array(); - - # slug is cut in *_main() - $data['notes'] = format_unix(_REQUEST_cut('notes')); - $data['to_addr'] = format_email(trim(_REQUEST_cut('to_addr'))); - $data['from_addr'] = format_email(trim(_REQUEST_cut('from_addr'))); - $data['cc_addr'] = format_email(trim(_REQUEST_cut('cc_addr'))); - $data['bcc_addr'] = format_email(trim(_REQUEST_cut('bcc_addr'))); - $data['subject'] = format_oneline(trim(_REQUEST_cut('subject'))); - $data['content'] = format_unix(_REQUEST_cut('content')); - - return $data; + $data = array(); + + # slug is cut in *_main() + $data['notes'] = format_unix(_REQUEST_cut('notes')); + $data['to_addr'] = format_email(trim(_REQUEST_cut('to_addr'))); + $data['from_addr'] = format_email(trim(_REQUEST_cut('from_addr'))); + $data['cc_addr'] = format_email(trim(_REQUEST_cut('cc_addr'))); + $data['bcc_addr'] = format_email(trim(_REQUEST_cut('bcc_addr'))); + $data['subject'] = format_oneline(trim(_REQUEST_cut('subject'))); + $data['content'] = format_unix(_REQUEST_cut('content')); + + return $data; } function admin_email_templates_main() { - session_auth_must('admin_email_templates'); + session_auth_must('admin_email_templates'); - $slug = _REQUEST_cut('slug'); - if ($slug && isset($GLOBALS['email_templates'][$slug])) { - return admin_email_templates_main_form($slug); - } + $slug = _REQUEST_cut('slug'); + if ($slug && isset($GLOBALS['email_templates'][$slug])) { + return admin_email_templates_main_form($slug); + } - # default action: - return admin_email_templates_main_listing(); + # default action: + return admin_email_templates_main_listing(); } function admin_email_templates_main_sort_title($a, $b) { - return strcasecmp($a['title'], $b['title']); + return strcasecmp($a['title'], $b['title']); } function admin_email_templates_main_sort_title_reverse($a, $b) { - return strcasecmp($b['title'], $a['title']); + return strcasecmp($b['title'], $a['title']); } function admin_email_templates_main_sort_subject($a, $b) { - return strcasecmp($a['subject'], $b['subject']); + return strcasecmp($a['subject'], $b['subject']); } function admin_email_templates_main_sort_subject_reverse($a, $b) { - return strcasecmp($b['subject'], $a['subject']); + return strcasecmp($b['subject'], $a['subject']); } function admin_email_templates_main_listing() { - $data = array(); - $reverse = ''; - $sort = _REQUEST_cut('sort'); - if ($sort && substr($sort, 0, 1) === '-') { - $sort = substr($sort, 1); - $reverse = "_reverse"; - } else { - $data["sorting-by-$sort"] = '-'; - } - $legal_sorts = array('title', 'subject'); - if (!$sort || !in_array($sort, $legal_sorts)) { - $sort = 'title'; - } - - $data['rows'] = array(); - - $rows = db_get_assocs('email_templates', 'slug,from_addr,cc_addr,bcc_addr,subject'); - $by_slug = array(); - foreach ($rows as $row) { - $by_slug[$row['slug']] = $row; - } - foreach ($GLOBALS['email_templates'] as $slug => $row) { - $out = array('slug' => $slug); - # defaults from config - foreach($row as $k => $v) { - $out[$k] = $v; - } - # overwrite with db (if it's in the db) - if ($by_slug[$slug]) { - foreach($by_slug[$slug] as $k => $v) { - $out[$k] = $v; - } - } - $data['rows'][] = $out; - } - - usort($data['rows'], "admin_email_templates_main_sort_$sort$reverse"); - - tem_set('listings', $data); + $data = array(); + $reverse = ''; + $sort = _REQUEST_cut('sort'); + if ($sort && substr($sort, 0, 1) === '-') { + $sort = substr($sort, 1); + $reverse = "_reverse"; + } else { + $data["sorting-by-$sort"] = '-'; + } + $legal_sorts = array('title', 'subject'); + if (!$sort || !in_array($sort, $legal_sorts)) { + $sort = 'title'; + } + + $data['rows'] = array(); + + $rows = db_get_assocs('email_templates', 'slug,from_addr,cc_addr,bcc_addr,subject'); + $by_slug = array(); + foreach ($rows as $row) { + $by_slug[$row['slug']] = $row; + } + foreach ($GLOBALS['email_templates'] as $slug => $row) { + $out = array('slug' => $slug); + # defaults from config + foreach($row as $k => $v) { + $out[$k] = $v; + } + # overwrite with db (if it's in the db) + if ($by_slug[$slug]) { + foreach($by_slug[$slug] as $k => $v) { + $out[$k] = $v; + } + } + $data['rows'][] = $out; + } + + usort($data['rows'], "admin_email_templates_main_sort_$sort$reverse"); + + tem_set('listings', $data); } function admin_email_templates_main_form($slug) { - if (isset($_POST['subject'])) { - $data = admin_email_templates_get_fields(); - $data['slug'] = $slug; - - $all_good = true; - $email_fields = ['from', 'to', 'cc', 'bcc']; - foreach ($email_fields as &$field) { - $value = $data[$field . '_addr']; - if (strlen($value)) { - if (!email_header($value)) { - $pretty = ucfirst($field) . ':'; - message("ERROR: invalid value in \"$pretty\" field. Be very careful with formatting, and only put one address in this field."); - $all_good = false; - } - } - } unset($field); - - if (strlen($data['from_addr']) == 0) { - message("ERROR: the \"From:\" field is required."); - $all_good = false; - } - - if (strlen($data['to_addr']) == 0 && isset($GLOBALS['email_templates'][$slug]['to_addr'])) { - message("ERROR: the \"To:\" field is required for this template."); - $all_good = false; - } - if ($all_good) { - if (0 < db_count('email_templates', 'where slug=%"', $slug)) { - db_update_assoc('email_templates', $data, 'where slug=%"', $slug); - } else { - db_insert_assoc('email_templates', $data); - } - message('Email template updated.'); - if ($error !== true) { - return './admin_email_templates'; - } - } else { - $custom = $data; - } - } else { - $custom = db_get_assoc('email_templates', ADMIN_EMAIL_TEMPLATES_DB_FIELDS, 'where slug=%"', $slug); - } - - $out = array('slug' => $slug); - # defaults from globals - foreach($GLOBALS['email_templates'][$slug] as $k => $v) { - $out[$k] = $v; - } - # show 'to_addr' field if it's relevant - if (isset($out['to_addr'])) { - $out['want_to_addr'] = true; - } - # override with db values - if ($custom) { - foreach($custom as $k => $v) { - $out[$k] = $v; - } - } - tem_set('form', $out); + if (isset($_POST['subject'])) { + $data = admin_email_templates_get_fields(); + $data['slug'] = $slug; + + $all_good = true; + $email_fields = ['from', 'to', 'cc', 'bcc']; + foreach ($email_fields as &$field) { + $value = $data[$field . '_addr']; + if (strlen($value)) { + if (!email_header($value)) { + $pretty = ucfirst($field) . ':'; + message("ERROR: invalid value in \"$pretty\" field. Be very careful with formatting, and only put one address in this field."); + $all_good = false; + } + } + } unset($field); + + if (strlen($data['from_addr']) == 0) { + message("ERROR: the \"From:\" field is required."); + $all_good = false; + } + + if (strlen($data['to_addr']) == 0 && isset($GLOBALS['email_templates'][$slug]['to_addr'])) { + message("ERROR: the \"To:\" field is required for this template."); + $all_good = false; + } + if ($all_good) { + if (0 < db_count('email_templates', 'where slug=%"', $slug)) { + db_update_assoc('email_templates', $data, 'where slug=%"', $slug); + } else { + db_insert_assoc('email_templates', $data); + } + message('Email template updated.'); + if ($error !== true) { + return './admin_email_templates'; + } + } else { + $custom = $data; + } + } else { + $custom = db_get_assoc('email_templates', ADMIN_EMAIL_TEMPLATES_DB_FIELDS, 'where slug=%"', $slug); + } + + $out = array('slug' => $slug); + # defaults from globals + foreach($GLOBALS['email_templates'][$slug] as $k => $v) { + $out[$k] = $v; + } + # show 'to_addr' field if it's relevant + if (isset($out['to_addr'])) { + $out['want_to_addr'] = true; + } + # override with db values + if ($custom) { + foreach($custom as $k => $v) { + $out[$k] = $v; + } + } + tem_set('form', $out); } diff --git a/admin_files.html b/admin_files.html index 9074a6e..bec7918 100644 --- a/admin_files.html +++ b/admin_files.html @@ -2,70 +2,70 @@ - <!--~$title show {~-->~$host~ Admin: Manage files<!--~}~--> + <!--~$title show {~-->~$host~ Admin: Manage files<!--~}~--> - -

~$host~ Admin Control Panel

+ +

~$host~ Admin Control Panel

-

Add a new downloadable fileEdit downloadable file "~description html~"

+

Add a new downloadable fileEdit downloadable file "~description html~"

-
+
-
File
-
+
File
+
-
Description (optional)
-
The files admin page sorts by this, so you can find your files.
-
+
Description (optional)
+
The files admin page sorts by this, so you can find your files.
+
-
 
-
+
 
+
-
+ -
 
-
Cancel
- +
 
+
Cancel
+ - -

~$host~ Admin Control Panel

-

Manage downloadable Files

+ +

~$host~ Admin Control Panel

+

Manage downloadable Files

-

To create a download link on your website:

- +

To create a download link on your website:

+ -

[Add a new file]

+

[Add a new file]

- - - - - - - - - + +
 PathDescription 
download ~filename html~(file missing)~description html~(blank)[delete this file]
+ + + + + + + -
 PathDescription 
download ~filename html~(file missing)~description html~(blank)[delete this file]
- - -

No downloadable files in database.

- + + + +

No downloadable files in database.

+ -

[Add a new file]

- +

[Add a new file]

+ diff --git a/admin_files.php b/admin_files.php index d32b14d..4b6ae04 100644 --- a/admin_files.php +++ b/admin_files.php @@ -17,112 +17,112 @@ require_once(__DIR__.'/'.'inc/wfpl/email.php'); require_once(__DIR__.'/'.'inc/wfpl/upload.php'); function admin_files_get_fields() { - $data = array(); - - $data['description'] = format_oneline(_REQUEST_cut('description')); - - #header('Content-Type: text/plain'); - #print_r(array($_REQUEST['filename'], $_FILES['filename'])); - #exit(); - $filename_filename_tmp = format_filename($_FILES['filename']['name'], true); - if(!$filename_filename_tmp) { - $filename_filename_tmp = $GLOBALS['filename_file_name']; - } - if($_FILES['filename'] && $_FILES['filename']['error'] == 0) { - $data['filename'] = save_uploaded_file('filename', $GLOBALS['upload_directory'] . $filename_filename_tmp); - } else { - if(_REQUEST_cut('delete_filename') == 'Yes') { - $data['filename'] = ''; - } else { - $data['filename'] = format_path(_REQUEST_cut('old_filename'), true); - } - } - unset($_FILES['filename']); - - return $data; + $data = array(); + + $data['description'] = format_oneline(_REQUEST_cut('description')); + + #header('Content-Type: text/plain'); + #print_r(array($_REQUEST['filename'], $_FILES['filename'])); + #exit(); + $filename_filename_tmp = format_filename($_FILES['filename']['name'], true); + if(!$filename_filename_tmp) { + $filename_filename_tmp = $GLOBALS['filename_file_name']; + } + if($_FILES['filename'] && $_FILES['filename']['error'] == 0) { + $data['filename'] = save_uploaded_file('filename', $GLOBALS['upload_directory'] . $filename_filename_tmp); + } else { + if(_REQUEST_cut('delete_filename') == 'Yes') { + $data['filename'] = ''; + } else { + $data['filename'] = format_path(_REQUEST_cut('old_filename'), true); + } + } + unset($_FILES['filename']); + + return $data; } function admin_files_main() { - session_auth_must('admin_files'); + session_auth_must('admin_files'); - $id = _REQUEST_cut('edit_id'); - if($id) { - return admin_files_main_form($id); - } + $id = _REQUEST_cut('edit_id'); + if($id) { + return admin_files_main_form($id); + } - $id = _REQUEST_cut('admin_files_delete_id'); - if($id) { - return admin_files_main_delete($id); - } + $id = _REQUEST_cut('admin_files_delete_id'); + if($id) { + return admin_files_main_delete($id); + } - if(_REQUEST_cut('new')) { - return admin_files_main_form(); - } + if(_REQUEST_cut('new')) { + return admin_files_main_form(); + } - if(_REQUEST_cut('list')) { - return admin_files_main_listing(); - } + if(_REQUEST_cut('list')) { + return admin_files_main_listing(); + } - if(isset($_POST['description'])) { - return admin_files_main_form(); - } + if(isset($_POST['description'])) { + return admin_files_main_form(); + } - # default action: - return admin_files_main_listing(); + # default action: + return admin_files_main_listing(); } function admin_files_main_delete($id) { - $fn = db_get_value('files', 'filename', 'where id=%i', $id); - if ($fn) { - unlink($fn); - db_delete('files', 'where id=%i', $id); - message('File deleted.'); - } else { - message("Couldn't find file to delete. Maybe it's already been deleted?"); - } - return './admin_files'; + $fn = db_get_value('files', 'filename', 'where id=%i', $id); + if ($fn) { + unlink($fn); + db_delete('files', 'where id=%i', $id); + message('File deleted.'); + } else { + message("Couldn't find file to delete. Maybe it's already been deleted?"); + } + return './admin_files'; } function admin_files_main_listing() { - $listing_rows = db_get_assocs('files', 'id,filename,description', 'order by coalesce(nullif(description, ""), substring(filename, 7)) limit 100'); - tem_set('listings', $listing_rows); + $listing_rows = db_get_assocs('files', 'id,filename,description', 'order by coalesce(nullif(description, ""), substring(filename, 7)) limit 100'); + tem_set('listings', $listing_rows); } function admin_files_main_form($id = false) { - if($id) { - tem_set('id', $id); - } - - if(isset($_POST['description'])) { - $data = admin_files_get_fields(); - - if("you're happy with the POSTed values") { - if($id) { - db_update_assoc('files', $data, 'where id=%i', $id); - message('File updated.'); - } else { - db_insert_assoc('files', $data); - message('File saved.'); - } - if($error !== true) { - return './admin_files'; - } - } - # otherwise, we display the form again. admin_files_get_fields() has - # already put the posted values back into the template engine, so they will - # show up in the form fields. You should add some message asking people to - # fix their entry in whatever way you require. - } elseif($id) { - # we've recieved an edit id, but no data. So we grab the values to be edited from the database - $data = db_get_assoc('files', ADMIN_FILES_DB_FIELDS, 'where id=%i', $id); - } else { - # form not submitted, you can set default values like so: - #$data = array('description' => 'Yes'); - $data = array(); - } - - tem_set('upload_max_filesize', upload_max_filesize()); - - tem_set('form', $data); + if($id) { + tem_set('id', $id); + } + + if(isset($_POST['description'])) { + $data = admin_files_get_fields(); + + if("you're happy with the POSTed values") { + if($id) { + db_update_assoc('files', $data, 'where id=%i', $id); + message('File updated.'); + } else { + db_insert_assoc('files', $data); + message('File saved.'); + } + if($error !== true) { + return './admin_files'; + } + } + # otherwise, we display the form again. admin_files_get_fields() has + # already put the posted values back into the template engine, so they will + # show up in the form fields. You should add some message asking people to + # fix their entry in whatever way you require. + } elseif($id) { + # we've recieved an edit id, but no data. So we grab the values to be edited from the database + $data = db_get_assoc('files', ADMIN_FILES_DB_FIELDS, 'where id=%i', $id); + } else { + # form not submitted, you can set default values like so: + #$data = array('description' => 'Yes'); + $data = array(); + } + + tem_set('upload_max_filesize', upload_max_filesize()); + + tem_set('form', $data); } diff --git a/admin_header.html b/admin_header.html index b74de64..fad2ee0 100644 --- a/admin_header.html +++ b/admin_header.html @@ -1,34 +1,34 @@ - - <!--~$title show {~-->~$host~ Admin: Header Image<!--~}~--> + + <!--~$title show {~-->~$host~ Admin: Header Image<!--~}~--> - -

~$host~ Admin: Set header image for home page

+ +

~$host~ Admin: Set header image for home page

-
+ -
Width (in pixels)
-
Your image will be automatically resized to be this wide. ~width_max~ is the full width of the available space.
-
+
Width (in pixels)
+
Your image will be automatically resized to be this wide. ~width_max~ is the full width of the available space.
+
-
Image
-
Please upload an image that is at least the width you specified above.
-
+
Image
+
Please upload an image that is at least the width you specified above.
+
-
Caption (optional)
-
If specified, this will overlay the bottom/right corner of the header image.
-
+
Caption (optional)
+
If specified, this will overlay the bottom/right corner of the header image.
+
-
+
-
- + + diff --git a/admin_header.php b/admin_header.php index 66430ad..f05640b 100644 --- a/admin_header.php +++ b/admin_header.php @@ -6,67 +6,67 @@ $GLOBALS['upload_directory'] = 'image/'; function admin_header_get_fields() { - $data = array(); + $data = array(); - $data['width'] = (int) format_int_0(_REQUEST_cut('width')); - $data['caption'] = format_oneline(_REQUEST_cut('caption')); + $data['width'] = (int) format_int_0(_REQUEST_cut('width')); + $data['caption'] = format_oneline(_REQUEST_cut('caption')); - if ($data['width'] < 100 || $data['width'] > WFPL_SITE_WIDTH) { - $data['width'] = WFPL_SITE_WIDTH; - } + if ($data['width'] < 100 || $data['width'] > WFPL_SITE_WIDTH) { + $data['width'] = WFPL_SITE_WIDTH; + } - $old = persistent_get('wfplcms_header_image'); - if ($_FILES['image'] && $_FILES['image']['error'] == 0) { - if ($old) { - $data['version'] = 1 + $old['version']; - } else { - $data['version'] = 1; - } - $ext = generate_filename($_FILES['image']['name'], $_FILES['image']['type']); - $ext = substr($ext, strrpos($ext, '.') + 1); - $ext = strtolower($ext); - if ($ext !== 'jpg' && $ext !== 'jpeg') { - $ext = 'png'; - } - $dest = "{$GLOBALS['upload_directory']}header_v{$data['version']}.$ext"; - $image = convert_uploaded_image('image', $dest, $data['width'], 2000); - # FIXME use autoresizer instead, and call identify to get aspect ratio - $image = explode(' ', $image); - $data['url'] = $image[0]; - $data['width'] = $image[1]; - $data['height'] = $image[2]; - } else if ($old) { - $data['url'] = $old['url']; - if ($data['width'] == $old['width']) { - $data['height'] = $old['height']; - } else { - $data['height'] = $old['height'] / $old['width'] * $data['width']; - } - } - unset($_FILES['image']); + $old = persistent_get('wfplcms_header_image'); + if ($_FILES['image'] && $_FILES['image']['error'] == 0) { + if ($old) { + $data['version'] = 1 + $old['version']; + } else { + $data['version'] = 1; + } + $ext = generate_filename($_FILES['image']['name'], $_FILES['image']['type']); + $ext = substr($ext, strrpos($ext, '.') + 1); + $ext = strtolower($ext); + if ($ext !== 'jpg' && $ext !== 'jpeg') { + $ext = 'png'; + } + $dest = "{$GLOBALS['upload_directory']}header_v{$data['version']}.$ext"; + $image = convert_uploaded_image('image', $dest, $data['width'], 2000); + # FIXME use autoresizer instead, and call identify to get aspect ratio + $image = explode(' ', $image); + $data['url'] = $image[0]; + $data['width'] = $image[1]; + $data['height'] = $image[2]; + } else if ($old) { + $data['url'] = $old['url']; + if ($data['width'] == $old['width']) { + $data['height'] = $old['height']; + } else { + $data['height'] = $old['height'] / $old['width'] * $data['width']; + } + } + unset($_FILES['image']); - return $data; + return $data; } function admin_header_main() { - session_auth_must('admin_header'); + session_auth_must('admin_header'); - if (isset($_REQUEST['width'])) { - $data = admin_header_get_fields(); - if (isset($data['url'])) { - persistent_set('wfplcms_header_image', $data); - message('Header image updated'); - return './admin_header'; - } - } else { - $data = persistent_get('wfplcms_header_image'); - if (!$data) { - $data = array('width' => ''); - } - } + if (isset($_REQUEST['width'])) { + $data = admin_header_get_fields(); + if (isset($data['url'])) { + persistent_set('wfplcms_header_image', $data); + message('Header image updated'); + return './admin_header'; + } + } else { + $data = persistent_get('wfplcms_header_image'); + if (!$data) { + $data = array('width' => ''); + } + } - tem_set('width_max', WFPL_SITE_WIDTH); + tem_set('width_max', WFPL_SITE_WIDTH); - tem_set('form', $data); + tem_set('form', $data); } \ No newline at end of file diff --git a/admin_images.html b/admin_images.html index 9633384..fa3dc93 100644 --- a/admin_images.html +++ b/admin_images.html @@ -2,71 +2,71 @@ - <!--~$title show {~-->~$host~ Admin: Manage Images<!--~}~--> + <!--~$title show {~-->~$host~ Admin: Manage Images<!--~}~--> - -

~$host~ Admin Control Panel

- -

Add a new imageEdit image "~name html~"

- -
- - -
~caption html~
- - -
Image
-
- - -
Name (used for sorting, optional)
-
This value is never displayed to site visitors. Your collection of images are sorted by name, so you can use this field to keep your images organized.
-
- -
Caption (optional)
-
Here's some symbols you might want to paste in: ©   —   –
-
- -
- -
- -
 
-
Cancel
- - - -

~$host~ Admin Control Panel

- -

Manage Images

- - -

[Add a new image]

- - - - - - - - - - - - -
- -
Name: ~name html~
Caption: ~caption html~		[edit][delete]
- - -

No images in database.

- - -

[Add a new image]

- + +

~$host~ Admin Control Panel

+ +

Add a new imageEdit image "~name html~"

+ +
+ + +
~caption html~
+ + +
Image
+
+ + +
Name (used for sorting, optional)
+
This value is never displayed to site visitors. Your collection of images are sorted by name, so you can use this field to keep your images organized.
+
+ +
Caption (optional)
+
Here's some symbols you might want to paste in: ©   —   –
+
+ +
+ +
+ +
 
+
Cancel
+ + + +

~$host~ Admin Control Panel

+ +

Manage Images

+ + +

[Add a new image]

+ + + + + + + + + + + + +
+ +
Name: ~name html~
Caption: ~caption html~		[edit][delete]
+ + +

No images in database.

+ + +

[Add a new image]

+ diff --git a/admin_images.php b/admin_images.php index 443aae9..c2f4943 100644 --- a/admin_images.php +++ b/admin_images.php @@ -9,150 +9,150 @@ require_once(__DIR__.'/'.'inc/wfpl/upload.php'); # example: 200x300 function format_width_height($str) { - $fields = explode('x', $str); - if(count($fields) != 2) { - return ''; - } + $fields = explode('x', $str); + if(count($fields) != 2) { + return ''; + } - list($width, $height) = $fields; - $width = format_int_0($width); - $height = format_int_0($height); + list($width, $height) = $fields; + $width = format_int_0($width); + $height = format_int_0($height); - return "${width}x$height"; + return "${width}x$height"; } function admin_images_get_fields() { - $data = array(); - - $data['name'] = format_oneline(_REQUEST_cut('name')); - $data['caption'] = format_oneline(_REQUEST_cut('caption')); - - if($_FILES['image'] && $_FILES['image']['error'] == 0 && file_exists($_FILES['image']['tmp_name'])) { - $image_fn_ext = path_or_mime_to_ext($_FILES['image']['name'], $_FILES['image']['type']); - $image_fn_ext = ext_to_web_image_ext($image_fn_ext); - $image_fn_base = sha1_file($_FILES['image']['tmp_name']); - if (strlen($image_fn_base) == 40) { - $image_fn_base = substr($image_fn_base, 0, 16); - $image_filename = 'cms_images/' . $image_fn_base . '.' . $image_fn_ext; - $data['image'] = convert_uploaded_image('image', $image_filename); - } - } else { - if(_REQUEST_cut('delete_image') == 'Yes') { - $data['image'] = ''; - } - } - unset($_FILES['image']); - - return $data; + $data = array(); + + $data['name'] = format_oneline(_REQUEST_cut('name')); + $data['caption'] = format_oneline(_REQUEST_cut('caption')); + + if($_FILES['image'] && $_FILES['image']['error'] == 0 && file_exists($_FILES['image']['tmp_name'])) { + $image_fn_ext = path_or_mime_to_ext($_FILES['image']['name'], $_FILES['image']['type']); + $image_fn_ext = ext_to_web_image_ext($image_fn_ext); + $image_fn_base = sha1_file($_FILES['image']['tmp_name']); + if (strlen($image_fn_base) == 40) { + $image_fn_base = substr($image_fn_base, 0, 16); + $image_filename = 'cms_images/' . $image_fn_base . '.' . $image_fn_ext; + $data['image'] = convert_uploaded_image('image', $image_filename); + } + } else { + if(_REQUEST_cut('delete_image') == 'Yes') { + $data['image'] = ''; + } + } + unset($_FILES['image']); + + return $data; } function admin_images_main() { - session_auth_must('admin_images'); + session_auth_must('admin_images'); - $id = _REQUEST_cut('edit_id'); - if($id) { - return admin_images_main_form($id); - } + $id = _REQUEST_cut('edit_id'); + if($id) { + return admin_images_main_form($id); + } - $id = _REQUEST_cut('admin_images_delete_id'); - if($id) { - return admin_images_main_delete($id); - } + $id = _REQUEST_cut('admin_images_delete_id'); + if($id) { + return admin_images_main_delete($id); + } - if(_REQUEST_cut('new')) { - return admin_images_main_form(); - } + if(_REQUEST_cut('new')) { + return admin_images_main_form(); + } - if(_REQUEST_cut('list')) { - return admin_images_main_listing(); - } + if(_REQUEST_cut('list')) { + return admin_images_main_listing(); + } - if(isset($_POST['name'])) { - return admin_images_main_form(); - } + if(isset($_POST['name'])) { + return admin_images_main_form(); + } - # default action: - return admin_images_main_listing(); + # default action: + return admin_images_main_listing(); } function admin_images_main_delete($id) { - $data = db_get_assoc('cms_images', 'image', 'where id=%i', $id); - if ($data) { - $src = enc_image_src($data['image']); - if ($src) { - $filenames = array($src); - foreach ($GLOBALS['wfpl_image_widths'] as $w) { - $filenames [] = substr($src, 0, -4) . 'w' . $w . substr($src, -4); - } - foreach ($filenames as $filename) { - if (file_exists($filename)) { - unlink($filename); - } - } - } - db_delete('cms_images', 'where id=%i', $id); - message('Image deleted.'); - } else { - message("Couldn't find image to delete. Maybe it's already been deleted?"); - } - return './admin_images'; + $data = db_get_assoc('cms_images', 'image', 'where id=%i', $id); + if ($data) { + $src = enc_image_src($data['image']); + if ($src) { + $filenames = array($src); + foreach ($GLOBALS['wfpl_image_widths'] as $w) { + $filenames [] = substr($src, 0, -4) . 'w' . $w . substr($src, -4); + } + foreach ($filenames as $filename) { + if (file_exists($filename)) { + unlink($filename); + } + } + } + db_delete('cms_images', 'where id=%i', $id); + message('Image deleted.'); + } else { + message("Couldn't find image to delete. Maybe it's already been deleted?"); + } + return './admin_images'; } function admin_images_main_listing() { - $sort_by = 'name'; - $sorts = array( - 'age' => 'created_at desc', - 'name' => "coalesce(nullif(name, ''), caption), created_at", - 'caption' => "coalesce(nullif(caption, ''), name), created_at" - ); - if (isset($_REQUEST['sort'])) { - foreach ($sorts as $s => $sql) { - if ($_REQUEST['sort'] == $s) { - $sort_by = $s; - break; - } - } - } - tem_set("sort_by_$sort_by"); - $listing_rows = db_get_assocs('cms_images', 'id,image,name,caption', 'order by ' . $sorts[$sort_by]); - tem_set('listings', $listing_rows); + $sort_by = 'name'; + $sorts = array( + 'age' => 'created_at desc', + 'name' => "coalesce(nullif(name, ''), caption), created_at", + 'caption' => "coalesce(nullif(caption, ''), name), created_at" + ); + if (isset($_REQUEST['sort'])) { + foreach ($sorts as $s => $sql) { + if ($_REQUEST['sort'] == $s) { + $sort_by = $s; + break; + } + } + } + tem_set("sort_by_$sort_by"); + $listing_rows = db_get_assocs('cms_images', 'id,image,name,caption', 'order by ' . $sorts[$sort_by]); + tem_set('listings', $listing_rows); } function admin_images_main_form($id = false) { - if($id) { - tem_set('id', $id); - } - - if(isset($_POST['name'])) { - $data = admin_images_get_fields(); - - # save anything - # Note: If you change this to re-display the form in some cases, be sure to handle image uploads well (don't make them upload it again.) - - # save to database - if($id) { - db_update_assoc('cms_images', $data, 'where id=%i', $id); - message('Image updated.'); - $saved_id = $id; - return "./admin_images"; - } else { - $data['created_at'] = time(); - db_insert_assoc('cms_images', $data); - message('Image saved. Next time you open a page editor, this image will be availble in the "Insert Image" dialog.'); - $saved_id = db_auto_id(); - return "./admin_images?sort=age"; - } - - } elseif($id) { - # we've recieved an edit id, but no data. So we grab the values to be edited from the database - $data = db_get_assoc('cms_images', ADMIN_IMAGES_DB_FIELDS, 'where id=%i', $id); - } else { - # form not submitted, set default values: - $data = array(); - } - - tem_set('upload_max_filesize', upload_max_filesize()); - - tem_set('form', $data); + if($id) { + tem_set('id', $id); + } + + if(isset($_POST['name'])) { + $data = admin_images_get_fields(); + + # save anything + # Note: If you change this to re-display the form in some cases, be sure to handle image uploads well (don't make them upload it again.) + + # save to database + if($id) { + db_update_assoc('cms_images', $data, 'where id=%i', $id); + message('Image updated.'); + $saved_id = $id; + return "./admin_images"; + } else { + $data['created_at'] = time(); + db_insert_assoc('cms_images', $data); + message('Image saved. Next time you open a page editor, this image will be availble in the "Insert Image" dialog.'); + $saved_id = db_auto_id(); + return "./admin_images?sort=age"; + } + + } elseif($id) { + # we've recieved an edit id, but no data. So we grab the values to be edited from the database + $data = db_get_assoc('cms_images', ADMIN_IMAGES_DB_FIELDS, 'where id=%i', $id); + } else { + # form not submitted, set default values: + $data = array(); + } + + tem_set('upload_max_filesize', upload_max_filesize()); + + tem_set('form', $data); } diff --git a/admin_pages.html b/admin_pages.html index 0d5614c..cc23bfc 100644 --- a/admin_pages.html +++ b/admin_pages.html @@ -2,464 +2,464 @@ - <!--~$title show {~-->~$host~ Admin: <!--~listing {~-->Manage Pages<!--~}~--><!--~form {~--><!--~id unset {~-->Add a new page<!--~}~--><!--~id {~-->Edit page "~title html~"<!--~}~--><!--~}~--><!--~}~--> - - - - + + - + window.admin_pages_cur_layout = layout + } + + - -

~$host~ Admin Control Panel

+ +

~$host~ Admin Control Panel

-

Add a new pageEdit page "~title html~"

+

Add a new pageEdit page "~title html~"

- -

View archived versions of this page

- + +

View archived versions of this page

+ -
+
-
Title
-
(This appears at the top of the page, in the window title-bar (by the close button) and as the headline/link of search engine results.)
-
+
Title
+
(This appears at the top of the page, in the window title-bar (by the close button) and as the headline/link of search engine results.)
+
-
Filename
-
(Careful: if you change this, be sure to update all links to this pagePlease use only a-z, 0-9 and _ (underscore) in your filename. Please, no capitals, punctuation or spaces.)
-
+
Filename
+
(Careful: if you change this, be sure to update all links to this pagePlease use only a-z, 0-9 and _ (underscore) in your filename. Please, no capitals, punctuation or spaces.)
+
-
Show in site-wide navigation links (optional)
-
+
Show in site-wide navigation links (optional)
+
-
Navigation Link Text
-
(If you'd like this page to appear in the navigation with a shorter title.)
-
+
Navigation Link Text
+
(If you'd like this page to appear in the navigation with a shorter title.)
+
-
Page Template/Layout
-
+
Page Template/Layout
+
-
Page Contents
-
-
    -
  • Please read these instructions in full:
    • -
  • If you don't see an editor below (with buttons in it) then please try this page in Mozilla FireFox or Google Chrome.
    • -
  • If you're pasting from Microsoft Word, please use the "paste from word" button (looks like a clipboard with a "W").
    • -
  • To make a link, type the text to be clicked, select it, click the "Link" button (looks like a short chain) and paste the web address (where the link should point to) into the "URL" field. Exception: If you're making a link to another page on this site, please remove the "http://~$host~/" from the beginning of the "URL" field and set the "Protocol" to <other>.
    • -
  • To insert an image: place the cursor at the beginning of a line and click the "insert image" button in the editor. Note that you will only be able to insert images that you have already uploaded on the manage images page.
    • -
-
-
+
Page Contents
+
+
    +
  • Please read these instructions in full:
    • +
  • If you don't see an editor below (with buttons in it) then please try this page in Mozilla FireFox or Google Chrome.
    • +
  • If you're pasting from Microsoft Word, please use the "paste from word" button (looks like a clipboard with a "W").
    • +
  • To make a link, type the text to be clicked, select it, click the "Link" button (looks like a short chain) and paste the web address (where the link should point to) into the "URL" field. Exception: If you're making a link to another page on this site, please remove the "http://~$host~/" from the beginning of the "URL" field and set the "Protocol" to <other>.
    • +
  • To insert an image: place the cursor at the beginning of a line and click the "insert image" button in the editor. Note that you will only be able to insert images that you have already uploaded on the manage images page.
    • +
+
+
- + - + - +
Keywords
+
(Hidden words (up to 30) with commas between them for search engines)
+
+ --> -
 
-
+
 
+
-
+ -
 
-
Cancel
- +
 
+
Cancel
+ - -

~$host~ Admin Control Panel

+ +

~$host~ Admin Control Panel

-

Manage Pages

+

Manage Pages

- - - - - - - - - - - - - - - - +
(new) -
-
(home page) -
- - -
-
~title html~(untitled) -
-
-
-
+ + + + + + + + + + + + + + + -
(new) +
+
(home page) +
+ + +
+
~title html~(untitled) +
+
+
+
- - -

~$host~ Admin Control Panel

+ + + +

~$host~ Admin Control Panel

-

Edit history for page "~title html~"

+

Edit history for page "~title html~"

- -

There are no archived versions of this page.

- - - - - - - - - - - - - - - - - - -
titlesaved atby
~title html~(untitled)~timestamp~~who html~ - - -
- - -
- - - -
- -
- - + +

There are no archived versions of this page.

+ + + + + + + + + + + + + + + + + + +
titlesaved atby
~title html~(untitled)~timestamp~~who html~ + + +
+ + +
+ + + +
+ +
+ + diff --git a/admin_pages.php b/admin_pages.php index ae0fa33..384591d 100644 --- a/admin_pages.php +++ b/admin_pages.php @@ -6,264 +6,264 @@ define('ADMIN_PAGES_DB_FIELDS', 'title,filename,navbar,nav_title,layout,content, function format_cms_filename($str) { - $str = format_filename($str); - $str = str_replace('.', '_', $str); - return $str; + $str = format_filename($str); + $str = str_replace('.', '_', $str); + return $str; } function admin_pages_get_fields() { - $data = array(); - - $data['title'] = format_oneline(_REQUEST_cut('title')); - $data['filename'] = format_cms_filename(_REQUEST_cut('filename')); - $data['navbar'] = format_options(_REQUEST_cut('navbar'), 'navbar'); - $data['nav_title'] = format_oneline(_REQUEST_cut('nav_title')); - $data['layout'] = format_options(_REQUEST_cut('layout'), 'layout'); - $data['content'] = format_unix(_REQUEST_cut('content')); - if (isset($_REQUEST['sidebar_content'])) { // probs not needed - $data['sidebar_content'] = format_unix(_REQUEST_cut('sidebar_content')); - } - if (isset($_REQUEST['description'])) { - $data['description'] = format_unix(_REQUEST_cut('description')); - } - if (isset($_REQUEST['keywords'])) { - $data['keywords'] = format_unix(_REQUEST_cut('keywords')); - } - - return $data; + $data = array(); + + $data['title'] = format_oneline(_REQUEST_cut('title')); + $data['filename'] = format_cms_filename(_REQUEST_cut('filename')); + $data['navbar'] = format_options(_REQUEST_cut('navbar'), 'navbar'); + $data['nav_title'] = format_oneline(_REQUEST_cut('nav_title')); + $data['layout'] = format_options(_REQUEST_cut('layout'), 'layout'); + $data['content'] = format_unix(_REQUEST_cut('content')); + if (isset($_REQUEST['sidebar_content'])) { // probs not needed + $data['sidebar_content'] = format_unix(_REQUEST_cut('sidebar_content')); + } + if (isset($_REQUEST['description'])) { + $data['description'] = format_unix(_REQUEST_cut('description')); + } + if (isset($_REQUEST['keywords'])) { + $data['keywords'] = format_unix(_REQUEST_cut('keywords')); + } + + return $data; } function admin_pages_main() { - session_auth_must('admin_pages'); - - $id = _REQUEST_cut('edit_id'); - if($id) { - return admin_pages_main_form($id); - } - - $id = _REQUEST_cut('edit_history_id'); - if($id) { - return admin_pages_main_form(null, $id); - } - - $id = _REQUEST_cut('history_page_id'); - if($id) { - return admin_pages_main_page_history($id); - } - - $id = _REQUEST_cut('history_id'); - if($id) { - return admin_pages_main_history($id); - } - - $id = _REQUEST_cut('admin_pages_delete_id'); - if($id) { - return admin_pages_main_delete($id); - } - - if(_REQUEST_cut('new')) { - return admin_pages_main_form(); - } - - if(_REQUEST_cut('list')) { - return admin_pages_main_listing(); - } - - $id = _REQUEST_cut('id'); - if($id) { - return admin_pages_main_display($id); - } - - if(isset($_POST['title'])) { - return admin_pages_main_form(); - } - - # default action: - return admin_pages_main_listing(); + session_auth_must('admin_pages'); + + $id = _REQUEST_cut('edit_id'); + if($id) { + return admin_pages_main_form($id); + } + + $id = _REQUEST_cut('edit_history_id'); + if($id) { + return admin_pages_main_form(null, $id); + } + + $id = _REQUEST_cut('history_page_id'); + if($id) { + return admin_pages_main_page_history($id); + } + + $id = _REQUEST_cut('history_id'); + if($id) { + return admin_pages_main_history($id); + } + + $id = _REQUEST_cut('admin_pages_delete_id'); + if($id) { + return admin_pages_main_delete($id); + } + + if(_REQUEST_cut('new')) { + return admin_pages_main_form(); + } + + if(_REQUEST_cut('list')) { + return admin_pages_main_listing(); + } + + $id = _REQUEST_cut('id'); + if($id) { + return admin_pages_main_display($id); + } + + if(isset($_POST['title'])) { + return admin_pages_main_form(); + } + + # default action: + return admin_pages_main_listing(); } # admin-only access to view pages with no filename function admin_pages_main_display($id) { - $page = db_get_assoc('cms_pages', 'id,title,keywords,description,layout,content,sidebar_content', 'where id=%"', $id); - cms_display_content($GLOBALS['wfpl_main_template'], $page); - $GLOBALS['wfpl_main_template']->data['$admin_links']['$edit_page_id'] = $id; + $page = db_get_assoc('cms_pages', 'id,title,keywords,description,layout,content,sidebar_content', 'where id=%"', $id); + cms_display_content($GLOBALS['wfpl_main_template'], $page); + $GLOBALS['wfpl_main_template']->data['$admin_links']['$edit_page_id'] = $id; } function admin_pages_main_delete($id) { - db_delete('cms_pages', 'where id=%i', $id); - message('Page deleted.'); - return './admin_pages'; + db_delete('cms_pages', 'where id=%i', $id); + message('Page deleted.'); + return './admin_pages'; } # get all images from admin_images (for cms) function admin_pages_get_images() { - $out = []; - $rows = db_get_assocs('cms_images', 'image,name,caption', "order by coalesce(nullif(name, ''), caption), created_at"); - if ($rows) { - $id = -1; - foreach($rows as &$row) { $id += 1; - $parts = explode(' ', $row['image'] . ' ', 7); - $out[] = [ - 'id' => '' . $id, - 'src' => $parts[0], - 'aspect' => ''.(round(100000 * ((int)$parts[2]) / ((int)$parts[1]) / 1000)).'%', - 'name' => $row['name'], - 'caption' => $row['caption'] - ]; - } unset($row); - } - return $out; + $out = []; + $rows = db_get_assocs('cms_images', 'image,name,caption', "order by coalesce(nullif(name, ''), caption), created_at"); + if ($rows) { + $id = -1; + foreach($rows as &$row) { $id += 1; + $parts = explode(' ', $row['image'] . ' ', 7); + $out[] = [ + 'id' => '' . $id, + 'src' => $parts[0], + 'aspect' => ''.(round(100000 * ((int)$parts[2]) / ((int)$parts[1]) / 1000)).'%', + 'name' => $row['name'], + 'caption' => $row['caption'] + ]; + } unset($row); + } + return $out; } function admin_pages_main_listing() { - $data = array(); - - $rows = db_get_assocs('cms_pages', 'id,coalesce(nullif(nav_title,""), title) as title,filename', 'order by coalesce(nullif(nav_title,""), title), filename limit 2000'); - $have_home_page = false; - if (count($rows) !== 0) { - $data['rows'] = $rows; - foreach ($rows as &$row) { - if ($row['filename'] === 'index') { - $have_home_page = true; - break; - } - } unset($row); - } - if ($have_home_page === false) { - $data['no_home'] = true; - } - tem_set('listing', $data); + $data = array(); + + $rows = db_get_assocs('cms_pages', 'id,coalesce(nullif(nav_title,""), title) as title,filename', 'order by coalesce(nullif(nav_title,""), title), filename limit 2000'); + $have_home_page = false; + if (count($rows) !== 0) { + $data['rows'] = $rows; + foreach ($rows as &$row) { + if ($row['filename'] === 'index') { + $have_home_page = true; + break; + } + } unset($row); + } + if ($have_home_page === false) { + $data['no_home'] = true; + } + tem_set('listing', $data); } function admin_pages_main_page_history ($id) { - $data = array(); - - $rows = db_get_assocs('history_cms_pages left join users on history_cms_pages.history_user_id = users.id', 'history_cms_pages.id as page_id,history_cms_pages.history_id,history_cms_pages.filename,coalesce(nullif(history_cms_pages.nav_title,""), history_cms_pages.title) as title,history_when as timestamp,coalesce(nullif(users.name,""), users.username) as who', 'where history_cms_pages.id=%i order by history_id desc', $id); - if (count($rows) !== 0) { - $data['title'] = $rows[0]['title']; - $rows[0]['first'] = true; - if ($rows[0]['filename'] === 'index') { - $rows[0]['filename'] = './'; - } - $data['rows'] = $rows; - } - tem_set('page_history', $data); + $data = array(); + + $rows = db_get_assocs('history_cms_pages left join users on history_cms_pages.history_user_id = users.id', 'history_cms_pages.id as page_id,history_cms_pages.history_id,history_cms_pages.filename,coalesce(nullif(history_cms_pages.nav_title,""), history_cms_pages.title) as title,history_when as timestamp,coalesce(nullif(users.name,""), users.username) as who', 'where history_cms_pages.id=%i order by history_id desc', $id); + if (count($rows) !== 0) { + $data['title'] = $rows[0]['title']; + $rows[0]['first'] = true; + if ($rows[0]['filename'] === 'index') { + $rows[0]['filename'] = './'; + } + $data['rows'] = $rows; + } + tem_set('page_history', $data); } function admin_pages_main_history ($id) { - $cms_page = db_get_assoc('history_cms_pages', 'id,title,keywords,description,layout,content,sidebar_content', 'where history_id=%"', $id); - if (!$cms_page) { - message("Error 9393 please inform developer"); - return './admin_pages'; - } - message('You are viewing an archived version of this page. To publish this version (revert the page) click the "Edit this page" link at the top, then the "save" at the bottom of the editor page. Feel free to make changes before saving.'); - cms_display_content($GLOBALS['wfpl_main_template'], $cms_page); - $GLOBALS['wfpl_main_template']->data['$admin_links']['$edit_page_id'] = null; - $GLOBALS['wfpl_main_template']->data['$admin_links']['$edit_page_history_id'] = $id; + $cms_page = db_get_assoc('history_cms_pages', 'id,title,keywords,description,layout,content,sidebar_content', 'where history_id=%"', $id); + if (!$cms_page) { + message("Error 9393 please inform developer"); + return './admin_pages'; + } + message('You are viewing an archived version of this page. To publish this version (revert the page) click the "Edit this page" link at the top, then the "save" at the bottom of the editor page. Feel free to make changes before saving.'); + cms_display_content($GLOBALS['wfpl_main_template'], $cms_page); + $GLOBALS['wfpl_main_template']->data['$admin_links']['$edit_page_id'] = null; + $GLOBALS['wfpl_main_template']->data['$admin_links']['$edit_page_history_id'] = $id; } function admin_pages_main_form($id = false, $history_id = false) { - if ($history_id) { - message('The fields below have been filled with an archived version of this page. To publish this version (revert the page) click "save" button at the bottom. Feel free to make changes before saving.'); - $history_data = db_get_assoc('history_cms_pages', 'id,'.ADMIN_PAGES_DB_FIELDS, 'where history_id=%i', $history_id); - if (!$history_data) { - message("Error 3938 please inform developer"); - return './admin_pages'; - } - $id = $history_data['id']; - } elseif ($id) { - if (db_count('history_cms_pages', 'where id=%i', $id) > 1) { - tem_set('archived_versions'); - } - } - if($id) { - tem_set('id', $id); - } - - tem_set('$basename', 'admin_pages'); - - pulldown('layout', [ - ['0', "Full (no sidebar)"], - ['1', "With Plain Sidebar"], - ['2', "With Bordered Sidebar"] - ]); - - $navbar_options = array(array('ignored', 'Not at all'), array('0', 'First')); - $rows = db_get_rows('cms_pages', 'id,coalesce(nullif(nav_title,\'\'), title) as title,navbar', 'where navbar != 0 order by navbar'); - if($rows) for($i = 0; $i < count($rows); ++$i) { - list($other_id, $other_title, $other_ord) = $rows[$i]; - if($other_id != $id) { # don't display ourselves - $navbar_options[] = array($i + 1, "After \"$other_title\""); - } - } - pulldown('navbar', $navbar_options, PULLDOWN_2D); - - if(isset($_POST['title'])) { - $data = admin_pages_get_fields(); - - # We'll save anything (no required fields) - - $data['navbar'] = db_reposition('cms_pages', $id, $data['navbar'], 'navbar', 'page'); - - if($data['navbar'] && $data['filename'] == '') { - message('This page was removed from the navigation column because it does not have a filename. (Pages without filenames are visible only to admins.)'); - $data['navbar'] = 0; - } - - # save - if($id) { - db_update_assoc('cms_pages', $data, 'where id=%i', $id); - message('Page updated.'); - } else { - db_insert_assoc('cms_pages', $data); - $id = db_auto_id(); - message('Page saved.'); - } - - # save to version history - $data['id'] = $id; - $data['history_when'] = time(); - $s = session_auth(); - $data['history_user_id'] = $s['id']; - db_insert_assoc('history_cms_pages', $data); - - # redirect - if ($data['filename'] === 'index') { - return './'; - } elseif($data['filename'] !== '') { - return "./{$data['filename']}"; - } else { - return "./admin_pages?id=$id"; - } - } elseif($id) { - # we've recieved an edit id, but no data. So we grab the values to be edited from the database - if ($history_id) { - $data = $history_data; - } else { - $data = db_get_assoc('cms_pages', ADMIN_PAGES_DB_FIELDS, 'where id=%i', $id); - } - if($data['navbar']) { - $data['navbar'] = db_count('cms_pages', 'where navbar!=0 && navbar<%i', $data['navbar']); - } else { - $data['navbar'] = 'ignored'; - } - } else { - # form not submitted, set default values: - $data = array('filename' => format_cms_filename($_REQUEST['new_filename'])); - } - - if (!isset($data['layout']) || $data['layout'] === '' || $data['layout'] === '0') { - $data['sidebar_editor_display'] = 'none'; - } else { - $data['sidebar_editor_display'] = 'block'; - } - - tem_set('wfpl_images_json', json_encode(admin_pages_get_images())); - tem_set('wfpl_image_width_full', WFPL_IMAGE_WIDTH_FULL); - tem_set('wfpl_image_width_small', WFPL_IMAGE_WIDTH_SMALL); - tem_set('wfpl_image_width_thumb', WFPL_IMAGE_WIDTH_THUMB); - tem_set('form', $data); - tem_set('$head'); # wysiwyg init goes in + if ($history_id) { + message('The fields below have been filled with an archived version of this page. To publish this version (revert the page) click "save" button at the bottom. Feel free to make changes before saving.'); + $history_data = db_get_assoc('history_cms_pages', 'id,'.ADMIN_PAGES_DB_FIELDS, 'where history_id=%i', $history_id); + if (!$history_data) { + message("Error 3938 please inform developer"); + return './admin_pages'; + } + $id = $history_data['id']; + } elseif ($id) { + if (db_count('history_cms_pages', 'where id=%i', $id) > 1) { + tem_set('archived_versions'); + } + } + if($id) { + tem_set('id', $id); + } + + tem_set('$basename', 'admin_pages'); + + pulldown('layout', [ + ['0', "Full (no sidebar)"], + ['1', "With Plain Sidebar"], + ['2', "With Bordered Sidebar"] + ]); + + $navbar_options = array(array('ignored', 'Not at all'), array('0', 'First')); + $rows = db_get_rows('cms_pages', 'id,coalesce(nullif(nav_title,\'\'), title) as title,navbar', 'where navbar != 0 order by navbar'); + if($rows) for($i = 0; $i < count($rows); ++$i) { + list($other_id, $other_title, $other_ord) = $rows[$i]; + if($other_id != $id) { # don't display ourselves + $navbar_options[] = array($i + 1, "After \"$other_title\""); + } + } + pulldown('navbar', $navbar_options, PULLDOWN_2D); + + if(isset($_POST['title'])) { + $data = admin_pages_get_fields(); + + # We'll save anything (no required fields) + + $data['navbar'] = db_reposition('cms_pages', $id, $data['navbar'], 'navbar', 'page'); + + if($data['navbar'] && $data['filename'] == '') { + message('This page was removed from the navigation column because it does not have a filename. (Pages without filenames are visible only to admins.)'); + $data['navbar'] = 0; + } + + # save + if($id) { + db_update_assoc('cms_pages', $data, 'where id=%i', $id); + message('Page updated.'); + } else { + db_insert_assoc('cms_pages', $data); + $id = db_auto_id(); + message('Page saved.'); + } + + # save to version history + $data['id'] = $id; + $data['history_when'] = time(); + $s = session_auth(); + $data['history_user_id'] = $s['id']; + db_insert_assoc('history_cms_pages', $data); + + # redirect + if ($data['filename'] === 'index') { + return './'; + } elseif($data['filename'] !== '') { + return "./{$data['filename']}"; + } else { + return "./admin_pages?id=$id"; + } + } elseif($id) { + # we've recieved an edit id, but no data. So we grab the values to be edited from the database + if ($history_id) { + $data = $history_data; + } else { + $data = db_get_assoc('cms_pages', ADMIN_PAGES_DB_FIELDS, 'where id=%i', $id); + } + if($data['navbar']) { + $data['navbar'] = db_count('cms_pages', 'where navbar!=0 && navbar<%i', $data['navbar']); + } else { + $data['navbar'] = 'ignored'; + } + } else { + # form not submitted, set default values: + $data = array('filename' => format_cms_filename($_REQUEST['new_filename'])); + } + + if (!isset($data['layout']) || $data['layout'] === '' || $data['layout'] === '0') { + $data['sidebar_editor_display'] = 'none'; + } else { + $data['sidebar_editor_display'] = 'block'; + } + + tem_set('wfpl_images_json', json_encode(admin_pages_get_images())); + tem_set('wfpl_image_width_full', WFPL_IMAGE_WIDTH_FULL); + tem_set('wfpl_image_width_small', WFPL_IMAGE_WIDTH_SMALL); + tem_set('wfpl_image_width_thumb', WFPL_IMAGE_WIDTH_THUMB); + tem_set('form', $data); + tem_set('$head'); # wysiwyg init goes in } diff --git a/admin_users.html b/admin_users.html index 5c6caad..fd764d2 100644 --- a/admin_users.html +++ b/admin_users.html @@ -2,85 +2,85 @@ - - <!--~$title show {~-->~$host~ Admin: Manage Accounts<!--~}~--> + + <!--~$title show {~-->~$host~ Admin: Manage Accounts<!--~}~--> - -

~$host~ Admin Control Panel

- -

Add a new accountEdit account "~name html~"

- -
- -
Role
-
- -
Name (optional)
-
- -
Username
-
This is used to log in. It is not case sensitive, and symbols/spaces/etc are ignored.
-
- -
Password
-
If this is left blank, the user will be unable to log in.
-
Leave this blank to leave the password unchanged.
-
Password suggestions: ~password_suggestions {~~password_suggestions html~~ sep {~ ~}~~}~
-
-
- -
- -
-
- -
- -
 
-
Cancel
- - - -

~$host~ Admin Control Panel

- -

Manage Accounts

- -

On this page you can manage who can log into this site, and what sort of things they have permission to do once logged in.

- - -

[Add a new account]

- - - - - - - - - - - - - - - - - - - -
RoleNameUsernameLast LoginLast Active 
~role html~(blank)~name html~(blank)~username html~(blank)~last_login html~~last_active html~[delete this account]
-

Download as CSV file

- - -

No accounts in database.

- - -

[Add a new account]

- + +

~$host~ Admin Control Panel

+ +

Add a new accountEdit account "~name html~"

+ +
+ +
Role
+
+ +
Name (optional)
+
+ +
Username
+
This is used to log in. It is not case sensitive, and symbols/spaces/etc are ignored.
+
+ +
Password
+
If this is left blank, the user will be unable to log in.
+
Leave this blank to leave the password unchanged.
+
Password suggestions: ~password_suggestions {~~password_suggestions html~~ sep {~ ~}~~}~
+
+
+ +
+ +
+
+ +
+ +
 
+
Cancel
+ + + +

~$host~ Admin Control Panel

+ +

Manage Accounts

+ +

On this page you can manage who can log into this site, and what sort of things they have permission to do once logged in.

+ + +

[Add a new account]

+ + + + + + + + + + + + + + + + + + + +
RoleNameUsernameLast LoginLast Active 
~role html~(blank)~name html~(blank)~username html~(blank)~last_login html~~last_active html~[delete this account]
+

Download as CSV file

+ + +

No accounts in database.

+ + +

[Add a new account]

+ diff --git a/admin_users.php b/admin_users.php index 9e4a753..1c17673 100644 --- a/admin_users.php +++ b/admin_users.php @@ -20,170 +20,170 @@ define('ADMIN_USERS_DB_FIELDS', 'role,name,username,last_login,last_active'); require_once(__DIR__.'/'.'inc/wfpl/format.php'); $GLOBALS['admin_users_field_to_caption'] = array( - 'name' => 'Name', - 'role' => 'Role', - 'username' => 'Username', - 'password' => 'Password', - 'last_login' => 'Last Login', - 'last_active' => 'Last Active' + 'name' => 'Name', + 'role' => 'Role', + 'username' => 'Username', + 'password' => 'Password', + 'last_login' => 'Last Login', + 'last_active' => 'Last Active' ); function admin_users_get_fields() { - $data = array(); + $data = array(); - $data['role'] = format_options(_REQUEST_cut('role'), 'role'); - $data['name'] = format_oneline(trim(_REQUEST_cut('name'))); - $data['username'] = format_auth_username(trim(_REQUEST_cut('username'))); - $data['pass1'] = format_oneline(trim(_REQUEST_cut('pass1'))); - $data['pass2'] = format_oneline(trim(_REQUEST_cut('pass2'))); + $data['role'] = format_options(_REQUEST_cut('role'), 'role'); + $data['name'] = format_oneline(trim(_REQUEST_cut('name'))); + $data['username'] = format_auth_username(trim(_REQUEST_cut('username'))); + $data['pass1'] = format_oneline(trim(_REQUEST_cut('pass1'))); + $data['pass2'] = format_oneline(trim(_REQUEST_cut('pass2'))); - return $data; + return $data; } function admin_users_main() { - session_auth_must('admin_users'); + session_auth_must('admin_users'); - $id = _REQUEST_cut('edit_id'); - if ($id) { - return admin_users_main_form($id); - } + $id = _REQUEST_cut('edit_id'); + if ($id) { + return admin_users_main_form($id); + } - $id = _REQUEST_cut('admin_users_delete_id'); - if ($id) { - return admin_users_main_delete($id); - } + $id = _REQUEST_cut('admin_users_delete_id'); + if ($id) { + return admin_users_main_delete($id); + } - if (_REQUEST_cut('new')) { - return admin_users_main_form(); - } + if (_REQUEST_cut('new')) { + return admin_users_main_form(); + } - if (_REQUEST_cut('list')) { - return admin_users_main_listing(); - } + if (_REQUEST_cut('list')) { + return admin_users_main_listing(); + } - if (_REQUEST_cut('download_csv')) { - return admin_users_csv_download(); - } + if (_REQUEST_cut('download_csv')) { + return admin_users_csv_download(); + } - if (isset($_POST['name'])) { - return admin_users_main_form(); - } + if (isset($_POST['name'])) { + return admin_users_main_form(); + } - # default action: - return admin_users_main_listing(); + # default action: + return admin_users_main_listing(); } function admin_users_main_delete($id) { - db_delete('users', 'where id=%i', $id); - message('Account deleted.'); - return './admin_users'; + db_delete('users', 'where id=%i', $id); + message('Account deleted.'); + return './admin_users'; } function admin_users_csv_download() { - require_once(__DIR__.'/'.'inc/wfpl/csv.php'); - $rows = db_get_rows('users', 'id,'.ADMIN_USERS_DB_FIELDS, 'order by id'); - $fields = explode(',', 'id,'.ADMIN_USERS_DB_FIELDS); - $header = array(); - foreach ($fields as $field) { - if (isset($GLOBALS['admin_users_field_to_caption'][$field])) { - $header[] = $GLOBALS['admin_users_field_to_caption'][$field]; - } else { - $header[] = $field; - } - } - array_unshift($rows, $header); - array2d_to_csv_download($rows, 'admin_users.csv'); + require_once(__DIR__.'/'.'inc/wfpl/csv.php'); + $rows = db_get_rows('users', 'id,'.ADMIN_USERS_DB_FIELDS, 'order by id'); + $fields = explode(',', 'id,'.ADMIN_USERS_DB_FIELDS); + $header = array(); + foreach ($fields as $field) { + if (isset($GLOBALS['admin_users_field_to_caption'][$field])) { + $header[] = $GLOBALS['admin_users_field_to_caption'][$field]; + } else { + $header[] = $field; + } + } + array_unshift($rows, $header); + array2d_to_csv_download($rows, 'admin_users.csv'); } function admin_users_main_listing() { - $data = array(); - $desc = ''; - $sort = _REQUEST_cut('sort'); - if ($sort && substr($sort, 0, 1) === '-') { - $sort = substr($sort, 1); - $desc = ' DESC '; - } else { - $data["sorting-by-$sort"] = '-'; - } - $legal_sorts = explode(',', ADMIN_USERS_DB_FIELDS); - if (!$sort || !in_array($sort, $legal_sorts)) { - $sort = 'role, name'; - } - - $data['rows'] = db_get_assocs('users', 'id,role,name,username,last_login,last_active', "order by $sort $desc limit 1000"); - tem_set('listings', $data); - render_timestamps(); + $data = array(); + $desc = ''; + $sort = _REQUEST_cut('sort'); + if ($sort && substr($sort, 0, 1) === '-') { + $sort = substr($sort, 1); + $desc = ' DESC '; + } else { + $data["sorting-by-$sort"] = '-'; + } + $legal_sorts = explode(',', ADMIN_USERS_DB_FIELDS); + if (!$sort || !in_array($sort, $legal_sorts)) { + $sort = 'role, name'; + } + + $data['rows'] = db_get_assocs('users', 'id,role,name,username,last_login,last_active', "order by $sort $desc limit 1000"); + tem_set('listings', $data); + render_timestamps(); } function admin_users_suggested_password() { - $character_set = "ABCDEFHJKLMNPQRTUWXY34789"; # removed all similar-looking characters - $code = " "; + $character_set = "ABCDEFHJKLMNPQRTUWXY34789"; # removed all similar-looking characters + $code = " "; - # PHP 4.2.0 and up seed the random number generator for you. - # Lets hope that it seeds with something harder to guess than the clock. - for($i = 0; $i < 10; ++$i) { - $code{$i} = $character_set{mt_rand(0, 24)}; # inclusive - } + # PHP 4.2.0 and up seed the random number generator for you. + # Lets hope that it seeds with something harder to guess than the clock. + for($i = 0; $i < 10; ++$i) { + $code{$i} = $character_set{mt_rand(0, 24)}; # inclusive + } - return $code; + return $code; } function admin_users_main_form($id = false) { - if ($id) { - tem_set('id', $id); - } - - pulldown('role', [ - ['admin', 'Site Administrator'], - ['disabled', 'Account Disabled'] - ]); - - if (isset($_POST['name'])) { - $data = admin_users_get_fields(); - - if (strlen($data['username']) < 1) { - message("Oop, Username is required"); - $data['username_bad'] = true; - } elseif ($data['pass1'] !== $data['pass2']) { - message("Oop, passwords didn't match. Please enter your desired password carefully (twice)."); - $data['password_bad'] = true; - } else { - # password hash is slow, so only do it if we're really doing a db write - if (isset($data['pass1']) && strlen($data['pass1']) > 0) { - # hash password for db storage - if (!function_exists('password_hash')) { - require_once(__DIR__.'/'.'inc/password_funcs_backported.php'); - } - $data['password'] = password_hash($data['pass1'], PASSWORD_DEFAULT); - } - unset($data['pass1']); - unset($data['pass2']); - if ($id) { - db_update_assoc('users', $data, 'where id=%i', $id); - message('Account updated.'); - } else { - db_insert_assoc('users', $data); - message('Account saved.'); - } - return './admin_users'; - } - # else fall through to display the form again. Field values are in $data - } elseif ($id) { - # we've recieved an edit id, but no data. So we grab the values to be edited from the database - $data = db_get_assoc('users', ADMIN_USERS_DB_FIELDS, 'where id=%i', $id); - } else { - # form not submitted, you can set default values like so: - #$data = array('name' => 'Yes'); - $data = array(); - } - - tem_set('password_suggestions', [ - admin_users_suggested_password(), - admin_users_suggested_password(), - admin_users_suggested_password(), - admin_users_suggested_password(), - admin_users_suggested_password() - ]); - tem_set('form', $data); + if ($id) { + tem_set('id', $id); + } + + pulldown('role', [ + ['admin', 'Site Administrator'], + ['disabled', 'Account Disabled'] + ]); + + if (isset($_POST['name'])) { + $data = admin_users_get_fields(); + + if (strlen($data['username']) < 1) { + message("Oop, Username is required"); + $data['username_bad'] = true; + } elseif ($data['pass1'] !== $data['pass2']) { + message("Oop, passwords didn't match. Please enter your desired password carefully (twice)."); + $data['password_bad'] = true; + } else { + # password hash is slow, so only do it if we're really doing a db write + if (isset($data['pass1']) && strlen($data['pass1']) > 0) { + # hash password for db storage + if (!function_exists('password_hash')) { + require_once(__DIR__.'/'.'inc/password_funcs_backported.php'); + } + $data['password'] = password_hash($data['pass1'], PASSWORD_DEFAULT); + } + unset($data['pass1']); + unset($data['pass2']); + if ($id) { + db_update_assoc('users', $data, 'where id=%i', $id); + message('Account updated.'); + } else { + db_insert_assoc('users', $data); + message('Account saved.'); + } + return './admin_users'; + } + # else fall through to display the form again. Field values are in $data + } elseif ($id) { + # we've recieved an edit id, but no data. So we grab the values to be edited from the database + $data = db_get_assoc('users', ADMIN_USERS_DB_FIELDS, 'where id=%i', $id); + } else { + # form not submitted, you can set default values like so: + #$data = array('name' => 'Yes'); + $data = array(); + } + + tem_set('password_suggestions', [ + admin_users_suggested_password(), + admin_users_suggested_password(), + admin_users_suggested_password(), + admin_users_suggested_password(), + admin_users_suggested_password() + ]); + tem_set('form', $data); } diff --git a/cms_images_autoresize.php b/cms_images_autoresize.php index 0d3e667..8c98519 100644 --- a/cms_images_autoresize.php +++ b/cms_images_autoresize.php @@ -4,72 +4,72 @@ require_once(__DIR__.'/'.'config.php'); require_once(__DIR__.'/'.'inc/wfpl/upload.php'); function cms_images_autoresize_main_abort_404() { - http_response_code('404'); - header('HTTP/1.0 404 File Not Found'); - header('Content-Type: text/plain'); - print('404: File not found'); - exit(); + http_response_code('404'); + header('HTTP/1.0 404 File Not Found'); + header('Content-Type: text/plain'); + print('404: File not found'); + exit(); } function cms_images_autoresize_main() { - # figure out what file was requested - $out_fn = $_SERVER['REDIRECT_URL']; - $out_fn = preg_replace('|[?].*|', '', $out_fn); # apache 2.4.17 - $out_fn = preg_replace('|.*/|', '', $out_fn); - $matches = array(); - if (!preg_match('/^([0-9a-f]+)w([0-9]+)[.](png|jpg)$/', $out_fn, $matches)) { - cms_images_autoresize_main_abort_404(); - } + # figure out what file was requested + $out_fn = $_SERVER['REDIRECT_URL']; + $out_fn = preg_replace('|[?].*|', '', $out_fn); # apache 2.4.17 + $out_fn = preg_replace('|.*/|', '', $out_fn); + $matches = array(); + if (!preg_match('/^([0-9a-f]+)w([0-9]+)[.](png|jpg)$/', $out_fn, $matches)) { + cms_images_autoresize_main_abort_404(); + } - $basename = $matches[1]; - $width = (int)$matches[2]; - $ext = $matches[3]; - $in_fn = "$basename.$ext"; - $in_path = __DIR__.'/'.'cms_images/' . $in_fn; - $out_path = __DIR__.'/'.'cms_images/' . $out_fn; - $lock_path = $out_path . '.lock'; + $basename = $matches[1]; + $width = (int)$matches[2]; + $ext = $matches[3]; + $in_fn = "$basename.$ext"; + $in_path = __DIR__.'/'.'cms_images/' . $in_fn; + $out_path = __DIR__.'/'.'cms_images/' . $out_fn; + $lock_path = $out_path . '.lock'; - if (!in_array($width, $GLOBALS['wfpl_image_widths'], true)) { - cms_images_autoresize_main_abort_404(); - } + if (!in_array($width, $GLOBALS['wfpl_image_widths'], true)) { + cms_images_autoresize_main_abort_404(); + } - if (!file_exists($in_path)) { - cms_images_autoresize_main_abort_404(); - } + if (!file_exists($in_path)) { + cms_images_autoresize_main_abort_404(); + } - @$lock = fopen($lock_path, 'x'); - if (!$lock) { - # delete lock file if it's stale - $s = stat($lock_path); - if ($s && $s['mtime'] + 3 < time()) { - unlink($lock_path); - } else { - # if it's fresh, exit with temporary error - header('HTTP/1.0 503 Service Unavailable'); - header('Content-Type: text/plain'); - header('Retry-After: 4'); - print("503 Service Unavailable (try again soon)\n"); - var_dump($s); - var_dump(time()); - exit(); - } - } + @$lock = fopen($lock_path, 'x'); + if (!$lock) { + # delete lock file if it's stale + $s = stat($lock_path); + if ($s && $s['mtime'] + 3 < time()) { + unlink($lock_path); + } else { + # if it's fresh, exit with temporary error + header('HTTP/1.0 503 Service Unavailable'); + header('Content-Type: text/plain'); + header('Retry-After: 4'); + print("503 Service Unavailable (try again soon)\n"); + var_dump($s); + var_dump(time()); + exit(); + } + } - imagemagick_convert($in_path, $out_path, - '-geometry ' - . $width - . 'x' - . ($width * 2) - . "'>'" - ); + imagemagick_convert($in_path, $out_path, + '-geometry ' + . $width + . 'x' + . ($width * 2) + . "'>'" + ); - # done! kill the lock - fclose($lock); - unlink($lock_path); + # done! kill the lock + fclose($lock); + unlink($lock_path); - if (!headers_sent()) { - header('Content-Type: ' . ($ext = 'jpg' ? 'image/jpeg' : 'image/png')); - readfile($out_path); - } + if (!headers_sent()) { + header('Content-Type: ' . ($ext = 'jpg' ? 'image/jpeg' : 'image/png')); + readfile($out_path); + } } cms_images_autoresize_main(); diff --git a/config.php b/config.php index 8a2bc85..1c916a3 100644 --- a/config.php +++ b/config.php @@ -15,9 +15,9 @@ define('WFPL_IMAGE_WIDTH_FULL', WFPL_SITE_WIDTH); define('WFPL_IMAGE_WIDTH_SMALL', 250); # "sidebar_width" in style.styl define('WFPL_IMAGE_WIDTH_THUMB', 70); $GLOBALS['wfpl_image_widths'] = array( - WFPL_IMAGE_WIDTH_FULL, - WFPL_IMAGE_WIDTH_SMALL, - WFPL_IMAGE_WIDTH_THUMB + WFPL_IMAGE_WIDTH_FULL, + WFPL_IMAGE_WIDTH_SMALL, + WFPL_IMAGE_WIDTH_THUMB ); # Enable features, auto-includes @@ -38,23 +38,23 @@ db_upgrade(); # paypal_ipn.php calls these when it receives a valid payment $GLOBALS['payment_handlers'] = [ - # the key (below) must be the first word in the paypal variable "custom" - # the file will be run with wfpl's file_run() - # example: - #'membership' => __DIR__.'/'.'inc/payment_membership.php' + # the key (below) must be the first word in the paypal variable "custom" + # the file will be run with wfpl's file_run() + # example: + #'membership' => __DIR__.'/'.'inc/payment_membership.php' ]; $GLOBALS['email_templates'] = [ - 'backend_bug' => [ - 'title' => "Notification for site programmer(s)", - 'description' => "This email template is used if/when the back-end code of this site encounters an unusual/suspicious situation that it's not sure how to cope with.", - 'variables' => [ - ['details', "details about the unusual/suspicious situation"] - ], - 'subject' => "backend alert", - 'content' => "Hi developer,\n\nPlease investigate the following debugging message from the site:\n\n~details~", - 'from_addr' => 'noreply@example.com', - 'to_addr' => 'fixme@example.com' # not all templates need this field - ] - # ... + 'backend_bug' => [ + 'title' => "Notification for site programmer(s)", + 'description' => "This email template is used if/when the back-end code of this site encounters an unusual/suspicious situation that it's not sure how to cope with.", + 'variables' => [ + ['details', "details about the unusual/suspicious situation"] + ], + 'subject' => "backend alert", + 'content' => "Hi developer,\n\nPlease investigate the following debugging message from the site:\n\n~details~", + 'from_addr' => 'noreply@example.com', + 'to_addr' => 'fixme@example.com' # not all templates need this field + ] + # ... ]; diff --git a/contact.html b/contact.html index 95d1412..714ab07 100644 --- a/contact.html +++ b/contact.html @@ -2,28 +2,28 @@ - + - -
+ + -
Name
-
+
Name
+
-
Email
-
+
Email
+
-
Message
-
+
Message
+
-
-
+
+
-
- + + diff --git a/contact.php b/contact.php index 55077d9..ff5cb42 100644 --- a/contact.php +++ b/contact.php @@ -16,105 +16,105 @@ require_once(__DIR__.'/'.'inc/wfpl/email.php'); # generate a new random 16-character string function contact_new_field_key() { - $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - $id = " "; + $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + $id = " "; - # PHP 4.2.0 and up seed the random number generator for you. - # Lets hope that it seeds with something harder to guess than the clock. - for($i = 0; $i < 16; ++$i) { - $id{$i} = $character_set{mt_rand(0, 61)}; - } + # PHP 4.2.0 and up seed the random number generator for you. + # Lets hope that it seeds with something harder to guess than the clock. + for($i = 0; $i < 16; ++$i) { + $id{$i} = $character_set{mt_rand(0, 61)}; + } - return $id; + return $id; } function contact_get_fields() { - $data = array(); + $data = array(); - $data['name'] = format_oneline(_REQUEST_cut('name')); - $data['comments'] = format_unix(_REQUEST_cut('comments')); + $data['name'] = format_oneline(_REQUEST_cut('name')); + $data['comments'] = format_unix(_REQUEST_cut('comments')); - $fields = _REQUEST_cut('fields'); - if (preg_match('/^[a-zA-Z0-9]{32}$/', $fields)) { - $data['robot'] = format_oneline(_REQUEST_cut(substr($fields, 0, 16))); - $data['email'] = format_email(_REQUEST_cut(substr($fields, 16))); - } + $fields = _REQUEST_cut('fields'); + if (preg_match('/^[a-zA-Z0-9]{32}$/', $fields)) { + $data['robot'] = format_oneline(_REQUEST_cut(substr($fields, 0, 16))); + $data['email'] = format_email(_REQUEST_cut(substr($fields, 16))); + } - return $data; + return $data; } function contact_main() { - return contact_main_form(); + return contact_main_form(); } function contact_main_form() { - if (isset($_POST['name'])) { - $data = contact_get_fields(); - $host = this_host(); - - # gj robot, you did it ;) - if ($data['robot'] !== '') { - return './contact_thanks'; - } - - if (!$data['name'] && !$data['email'] && !$data['comments']) { - // message("you didn't fill anything out") - } elseif (!$data['email']) { - message("Error: Please fill out the email field."); - } else { - $error = false; - if ($data['robot'] === '' && $GLOBALS['contact_to'] != 'fixme@example.com') { - $to = $GLOBALS['contact_to']; - if ($GLOBALS['contact_from'] === '') { - $from = "$host/contact "; - } else { - $from = $GLOBALS['contact_from']; - } - $reply_to = $to; - if (isset($data['email']) and valid_email($data['email'])) { - $reply_to = $data['email']; - if ($data['name'] and preg_match('/^[a-zA-Z0-9_\'. -]*$/', $data['name']) !== false) { - $reply_to = "$data[name] <$reply_to>"; - } - } - if ($GLOBALS['contact_subject'] === '') { - $subject = "Your message via $host/contact"; - } else { - $subject = $GLOBALS['contact_subject']; - } - $email_template = new tem(); - $email_template->load('contact.email.txt'); - $email_template->sets($data); - $email_template->set('$host', $host); - $message = $email_template->run(); - $cc = $GLOBALS['contact_cc']; - $bcc = ''; - if (email($from, $to, $subject, $message, $reply_to, $cc, $bcc)) { - message('Due to an internal error, your message could not be sent. Please try again later.'); - $error = true; - } else { - message('Message sent'); - } - } - if ($error !== true) { - # FIXME create this page or change this to go elsewhere - return './contact_thanks'; - } - } - # otherwise, we display the form again. We've got the form field - # values in $data and will put those back in the filds below. You - # should add some message asking people to fix their entry in - # whatever way you require. - } else { - # form not submitted, you can set default values like so: - #$data = array('name' => 'Yes'); - $data = array(); - } - - $data['robot_field'] = contact_new_field_key(); - $data['email_field'] = contact_new_field_key(); - - tem_set('form', $data); + if (isset($_POST['name'])) { + $data = contact_get_fields(); + $host = this_host(); + + # gj robot, you did it ;) + if ($data['robot'] !== '') { + return './contact_thanks'; + } + + if (!$data['name'] && !$data['email'] && !$data['comments']) { + // message("you didn't fill anything out") + } elseif (!$data['email']) { + message("Error: Please fill out the email field."); + } else { + $error = false; + if ($data['robot'] === '' && $GLOBALS['contact_to'] != 'fixme@example.com') { + $to = $GLOBALS['contact_to']; + if ($GLOBALS['contact_from'] === '') { + $from = "$host/contact "; + } else { + $from = $GLOBALS['contact_from']; + } + $reply_to = $to; + if (isset($data['email']) and valid_email($data['email'])) { + $reply_to = $data['email']; + if ($data['name'] and preg_match('/^[a-zA-Z0-9_\'. -]*$/', $data['name']) !== false) { + $reply_to = "$data[name] <$reply_to>"; + } + } + if ($GLOBALS['contact_subject'] === '') { + $subject = "Your message via $host/contact"; + } else { + $subject = $GLOBALS['contact_subject']; + } + $email_template = new tem(); + $email_template->load('contact.email.txt'); + $email_template->sets($data); + $email_template->set('$host', $host); + $message = $email_template->run(); + $cc = $GLOBALS['contact_cc']; + $bcc = ''; + if (email($from, $to, $subject, $message, $reply_to, $cc, $bcc)) { + message('Due to an internal error, your message could not be sent. Please try again later.'); + $error = true; + } else { + message('Message sent'); + } + } + if ($error !== true) { + # FIXME create this page or change this to go elsewhere + return './contact_thanks'; + } + } + # otherwise, we display the form again. We've got the form field + # values in $data and will put those back in the filds below. You + # should add some message asking people to fix their entry in + # whatever way you require. + } else { + # form not submitted, you can set default values like so: + #$data = array('name' => 'Yes'); + $data = array(); + } + + $data['robot_field'] = contact_new_field_key(); + $data['email_field'] = contact_new_field_key(); + + tem_set('form', $data); } diff --git a/error_404.html b/error_404.html index c5e8269..3884061 100644 --- a/error_404.html +++ b/error_404.html @@ -1,16 +1,16 @@ - ~$title show {~404: File Not Found~}~ + ~$title show {~404: File Not Found~}~ - -

404: File Not Found

+ +

404: File Not Found

-

Oops, we don't have a page at ~path html~

+

Oops, we don't have a page at ~path html~

-

If you got here by clicking a link on this site, please let us know where we can find that broken link.

- - +

If you got here by clicking a link on this site, please let us know where we can find that broken link.

+ + diff --git a/error_404.php b/error_404.php index 9c9d958..dcb05bf 100644 --- a/error_404.php +++ b/error_404.php @@ -1,5 +1,5 @@ set('$host', this_host()); - $nav_items = db_get_assocs('cms_pages', "coalesce(nullif(nav_title,''), title) as title,filename", 'where navbar!=0 order by navbar'); - if($nav_items) { - foreach($nav_items as &$item) { - $item['basename'] = $item['filename']; # for nav-links as images - if($item['filename'] == $basename) { - $item['current'] = true; - } - if($item['filename'] == 'index') { - $item['filename'] = './'; - } - if($item['title'] == '') { - $item['title'] = '(untitled)'; - } - } - $tem->set('$navbar_items', $nav_items); - } + $tem->set('$host', this_host()); + $nav_items = db_get_assocs('cms_pages', "coalesce(nullif(nav_title,''), title) as title,filename", 'where navbar!=0 order by navbar'); + if($nav_items) { + foreach($nav_items as &$item) { + $item['basename'] = $item['filename']; # for nav-links as images + if($item['filename'] == $basename) { + $item['current'] = true; + } + if($item['filename'] == 'index') { + $item['filename'] = './'; + } + if($item['title'] == '') { + $item['title'] = '(untitled)'; + } + } + $tem->set('$navbar_items', $nav_items); + } - $header_image = persistent_get('wfplcms_header_image'); - if ($header_image) { - $hi_css = "\n\n"; + $header_image = persistent_get('wfplcms_header_image'); + if ($header_image) { + $hi_css = "\n\n"; - $tem->set('$cms_css', $hi_css); - } + $tem->set('$cms_css', $hi_css); + } - $cms_page = db_get_assoc('cms_pages', 'id,title,keywords,description,layout,content,sidebar_content', 'where filename=%"', $basename); - cms_display_content($tem, $cms_page); + $cms_page = db_get_assoc('cms_pages', 'id,title,keywords,description,layout,content,sidebar_content', 'where filename=%"', $basename); + cms_display_content($tem, $cms_page); - $footer = db_get_value('cms_pages', 'content', 'where filename="_footer"'); - if ($footer) { - $tem->set('$cms_footer', $footer); - } + $footer = db_get_value('cms_pages', 'content', 'where filename="_footer"'); + if ($footer) { + $tem->set('$cms_footer', $footer); + } - if(session_auth_can('admin_links')) { - $admin_links = array(); - if($cms_page) { - $admin_links['$edit_page_id'] = $cms_page['id']; - } - $tem->set('$admin_links', $admin_links); - } + if(session_auth_can('admin_links')) { + $admin_links = array(); + if($cms_page) { + $admin_links['$edit_page_id'] = $cms_page['id']; + } + $tem->set('$admin_links', $admin_links); + } - if($cms_page) { - return true; - } else { - return false; - } + if($cms_page) { + return true; + } else { + return false; + } } function cms_display_content(&$tem, $row) { - if($row) { - $tem->set('$cms_title', $row['title']); - $tem->set('$meta_keywords', $row['keywords']); - $tem->set('$meta_description', $row['description']); - $tem->set('$cms_body', $row['content']); - if ($row['layout'] === '' || $row['layout'] === '0') { - $tem->set('$layout_centerer_class', 'full'); - } else { - $tem->set('$layout_centerer_class', 'with_sidebar'); - if ($row['layout'] === '1') { - $tem->set('$layout_sidebar_class', 'plain'); - } else { - $tem->set('$layout_sidebar_class', 'bordered'); - } - $tem->set('$cms_sidebar', $row['sidebar_content']); - } - return $row['id']; - } else { - $tem->set('$layout_centerer_class', 'full'); - } + if($row) { + $tem->set('$cms_title', $row['title']); + $tem->set('$meta_keywords', $row['keywords']); + $tem->set('$meta_description', $row['description']); + $tem->set('$cms_body', $row['content']); + if ($row['layout'] === '' || $row['layout'] === '0') { + $tem->set('$layout_centerer_class', 'full'); + } else { + $tem->set('$layout_centerer_class', 'with_sidebar'); + if ($row['layout'] === '1') { + $tem->set('$layout_sidebar_class', 'plain'); + } else { + $tem->set('$layout_sidebar_class', 'bordered'); + } + $tem->set('$cms_sidebar', $row['sidebar_content']); + } + return $row['id']; + } else { + $tem->set('$layout_centerer_class', 'full'); + } } diff --git a/inc/db_upgrade.php b/inc/db_upgrade.php index c856fad..ea57afa 100644 --- a/inc/db_upgrade.php +++ b/inc/db_upgrade.php @@ -5,164 +5,164 @@ function db_upgrade_to_1() { db_send_query(<<set('$render_timestamps'); + $GLOBALS['wfpl_main_template']->set('$render_timestamps'); } # helper for email_with_template() below function get_email_template($slug, $template_variables, $to_addr) { - # defaults - $out = array( - 'subject' => $GLOBALS['email_templates'][$slug]['subject'], - 'content' => $GLOBALS['email_templates'][$slug]['content'], - 'from_addr' => $GLOBALS['email_templates'][$slug]['from_addr'], - 'to_addr' => '', - 'cc_addr' => '', - 'bcc_addr' => '' - ); - if (isset($GLOBALS['email_templates'][$slug]['to_addr'])) { - $out['to_addr'] = $GLOBALS['email_templates'][$slug]['to_addr']; - } else { - if ($to_addr == null) { - die("ERROR: email_with_template(\"$slug\") needs a to_addr (put in \$GLOBALS['email_templates']['$slug'] or pass as argument)"); - } - } - # override with DB (if it exists) - $row = db_get_assoc('email_templates', 'from_addr,to_addr,cc_addr,bcc_addr,subject,content', 'where slug=%"', $slug); - if ($row) { - foreach($row as $key => $value) { - $out[$key] = $value; - } - } - # argument wins no matter what - if ($to_addr !== null) { - $out['to_addr'] = $to_addr; - } - if (strpos($out['content'], '~') !== false) { - $tem = new tem(); - $tem->load_str($out['content']); - $tem->sets($template_variables); - $out['content'] = $tem->run(); - } - if (strpos($out['subject'], '~') !== false) { - $tem = new tem(); - $tem->load_str($out['subject']); - $tem->sets($template_variables); - $out['subject'] = $tem->run(); - } - return $out; + # defaults + $out = array( + 'subject' => $GLOBALS['email_templates'][$slug]['subject'], + 'content' => $GLOBALS['email_templates'][$slug]['content'], + 'from_addr' => $GLOBALS['email_templates'][$slug]['from_addr'], + 'to_addr' => '', + 'cc_addr' => '', + 'bcc_addr' => '' + ); + if (isset($GLOBALS['email_templates'][$slug]['to_addr'])) { + $out['to_addr'] = $GLOBALS['email_templates'][$slug]['to_addr']; + } else { + if ($to_addr == null) { + die("ERROR: email_with_template(\"$slug\") needs a to_addr (put in \$GLOBALS['email_templates']['$slug'] or pass as argument)"); + } + } + # override with DB (if it exists) + $row = db_get_assoc('email_templates', 'from_addr,to_addr,cc_addr,bcc_addr,subject,content', 'where slug=%"', $slug); + if ($row) { + foreach($row as $key => $value) { + $out[$key] = $value; + } + } + # argument wins no matter what + if ($to_addr !== null) { + $out['to_addr'] = $to_addr; + } + if (strpos($out['content'], '~') !== false) { + $tem = new tem(); + $tem->load_str($out['content']); + $tem->sets($template_variables); + $out['content'] = $tem->run(); + } + if (strpos($out['subject'], '~') !== false) { + $tem = new tem(); + $tem->load_str($out['subject']); + $tem->sets($template_variables); + $out['subject'] = $tem->run(); + } + return $out; } # pass null as first arg if "to_addr" should come from the DB function email_with_template($to_addr, $template_slug, $template_vars, $reply_to = '') { - $t = get_email_template($template_slug, $template_vars, $to_addr); - return email($t['from_addr'], $t['to_addr'], $t['subject'], $t['content'], $reply_to, $t['cc_addr'], $t['bcc_addr']); + $t = get_email_template($template_slug, $template_vars, $to_addr); + return email($t['from_addr'], $t['to_addr'], $t['subject'], $t['content'], $reply_to, $t['cc_addr'], $t['bcc_addr']); } diff --git a/inc/session_auth.php b/inc/session_auth.php index 9e49d37..5f25ffe 100644 --- a/inc/session_auth.php +++ b/inc/session_auth.php @@ -2,86 +2,86 @@ # normalize usernames (for case-insensitive etc. logins) function format_auth_username($str) { - $str = iconv('utf8', 'ascii//TRANSLIT', $str); - $str = strtolower(trim($str)); - $str = preg_replace('/[^a-z0-9]/', '', $str); - return $str; + $str = iconv('utf8', 'ascii//TRANSLIT', $str); + $str = strtolower(trim($str)); + $str = preg_replace('/[^a-z0-9]/', '', $str); + return $str; } # Called automatically by session_auth(). # Only call if you've just verified that someone has logged in, or has clicked # a valid password reset link. function session_auth_init($id = false, $password_reset = false) { - $GLOBALS['wfpl_session_auth'] = [ - 'id' => null, - 'role' => null, - 'name' => null, - 'username' => null, - 'last_active' => null, - 'password_reset' => null - ]; + $GLOBALS['wfpl_session_auth'] = [ + 'id' => null, + 'role' => null, + 'name' => null, + 'username' => null, + 'last_active' => null, + 'password_reset' => null + ]; - if ($id) { - $user = db_get_assoc('users', 'role,name,username', 'where id=%i', $id); - $now = time(); - db_update('users', 'last_active', $now, 'where id=%i', $id); - $GLOBALS['wfpl_session_auth']['id'] = $id; - $GLOBALS['wfpl_session_auth']['role'] = $user['role']; - $GLOBALS['wfpl_session_auth']['name'] = $user['name']; - $GLOBALS['wfpl_session_auth']['username'] = $user['username']; - $GLOBALS['wfpl_session_auth']['last_active'] = $now; - } + if ($id) { + $user = db_get_assoc('users', 'role,name,username', 'where id=%i', $id); + $now = time(); + db_update('users', 'last_active', $now, 'where id=%i', $id); + $GLOBALS['wfpl_session_auth']['id'] = $id; + $GLOBALS['wfpl_session_auth']['role'] = $user['role']; + $GLOBALS['wfpl_session_auth']['name'] = $user['name']; + $GLOBALS['wfpl_session_auth']['username'] = $user['username']; + $GLOBALS['wfpl_session_auth']['last_active'] = $now; + } - if ($password_reset) { - $GLOBALS['wfpl_session_auth']['password_reset'] = true; - $GLOBALS['wfpl_session_auth']['id'] = session_get('auth_password_reset_id'); - } + if ($password_reset) { + $GLOBALS['wfpl_session_auth']['password_reset'] = true; + $GLOBALS['wfpl_session_auth']['id'] = session_get('auth_password_reset_id'); + } } # return an assoc containing info about the authenticated user, see session_auth_init function session_auth() { - if (!isset($GLOBALS['wfpl_session_auth'])) { - $id = false; - $reset = false; - if (session_exists()) { - $id = session_get('auth_id'); - if (!$id) { - $r = session_get('auth_password_reset'); - if (strlen($r)) { - $r = (int) format_int_0($r); - if (time() < $r) { - $reset = true; - } else { - message('Oops, your temporary access (to change your password) has expired'); - session_clear('auth_password_reset'); - } - } - } - } - session_auth_init($id, $reset); - } - return $GLOBALS['wfpl_session_auth']; + if (!isset($GLOBALS['wfpl_session_auth'])) { + $id = false; + $reset = false; + if (session_exists()) { + $id = session_get('auth_id'); + if (!$id) { + $r = session_get('auth_password_reset'); + if (strlen($r)) { + $r = (int) format_int_0($r); + if (time() < $r) { + $reset = true; + } else { + message('Oops, your temporary access (to change your password) has expired'); + session_clear('auth_password_reset'); + } + } + } + } + session_auth_init($id, $reset); + } + return $GLOBALS['wfpl_session_auth']; } # return true if the logged in user is allowed to $priv # (false if they are not logged in, or aren't alowed to $priv) function session_auth_can($priv) { - $s = session_auth(); - if ($s['role'] === 'admin') { - return true; - } - return false; + $s = session_auth(); + if ($s['role'] === 'admin') { + return true; + } + return false; } # return ONLY IF the currently logged in user can $priv # otherwise, it displays the login page, and exit early function session_auth_must($priv) { - if (session_auth_can($priv)) { - return; - } - if (!isset($_REQUEST['after_login'])) { - $_REQUEST['after_login_url'] = this_url(); - } - wfpl_main('login'); - exit(); + if (session_auth_can($priv)) { + return; + } + if (!isset($_REQUEST['after_login'])) { + $_REQUEST['after_login_url'] = this_url(); + } + wfpl_main('login'); + exit(); } diff --git a/login.html b/login.html index 6a3fbcf..149ffbd 100644 --- a/login.html +++ b/login.html @@ -2,23 +2,23 @@ - + - - -
-
Username
-
+ + + +
Username
+
-
Password (case sensitive)
-
+
Password (case sensitive)
+
-
 
-
-
- - +
 
+
+ + + diff --git a/login.php b/login.php index 79a8f83..802b95e 100644 --- a/login.php +++ b/login.php @@ -2,69 +2,69 @@ function login_get_fields() { - $data = array(); + $data = array(); - $data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url')); - $data['username'] = format_auth_username(trim(_REQUEST_cut('username'))); - $data['password'] = format_oneline(trim(_REQUEST_cut('password'))); + $data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url')); + $data['username'] = format_auth_username(trim(_REQUEST_cut('username'))); + $data['password'] = format_oneline(trim(_REQUEST_cut('password'))); - return $data; + return $data; } function login_main() { - $data = login_get_fields(); - if (strlen($data['username']) && strlen($data['password'])) { - $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']); - if ($row) # && - if (strlen($row['password'])) { - $needs_rehash = false; - $password_good = false; - if (substr($row['password'], 0, 5) === 'sha1:') { - if (sha1($data['password']) === substr($row['password'], 5)) { - $password_good = true; - $needs_rehash = true; - } - } else { - if (!function_exists('password_hash')) { - require_once(__DIR__.'/'.'inc/password_funcs_backported.php'); - } - if (password_verify($data['password'], $row['password'])) { - $password_good = true; - if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) { - $needs_rehash = true; - } - } - } - if ($password_good) { - if ($needs_rehash) { - if (!function_exists('password_hash')) { - require_once(__DIR__.'/'.'inc/password_funcs_backported.php'); - } - $hash = password_hash($data['password'], PASSWORD_DEFAULT); - db_update('users', 'password', $hash, 'where id=%i', $row['id']); - } + $data = login_get_fields(); + if (strlen($data['username']) && strlen($data['password'])) { + $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']); + if ($row) # && + if (strlen($row['password'])) { + $needs_rehash = false; + $password_good = false; + if (substr($row['password'], 0, 5) === 'sha1:') { + if (sha1($data['password']) === substr($row['password'], 5)) { + $password_good = true; + $needs_rehash = true; + } + } else { + if (!function_exists('password_hash')) { + require_once(__DIR__.'/'.'inc/password_funcs_backported.php'); + } + if (password_verify($data['password'], $row['password'])) { + $password_good = true; + if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) { + $needs_rehash = true; + } + } + } + if ($password_good) { + if ($needs_rehash) { + if (!function_exists('password_hash')) { + require_once(__DIR__.'/'.'inc/password_funcs_backported.php'); + } + $hash = password_hash($data['password'], PASSWORD_DEFAULT); + db_update('users', 'password', $hash, 'where id=%i', $row['id']); + } - session_new(); - session_set('auth_id', $row['id']); - # we're about to http redirect, so no need to update session_auth now - db_update('users', 'last_login', time(), 'where id=%i', $row['id']); - message("You are now logged in."); - if(!$data['after_login_url']) { - if ($row['role'] == 'admin') { - $data['after_login_url'] = './admin'; - } else { - $data['after_login_url'] = './'; - } - } elseif(strpos(':', $data['after_login_url']) !== false) { - $data['after_login_url'] = "./$data[url]"; - } + session_new(); + session_set('auth_id', $row['id']); + # we're about to http redirect, so no need to update session_auth now + db_update('users', 'last_login', time(), 'where id=%i', $row['id']); + message("You are now logged in."); + if(!$data['after_login_url']) { + if ($row['role'] == 'admin') { + $data['after_login_url'] = './admin'; + } else { + $data['after_login_url'] = './'; + } + } elseif(strpos(':', $data['after_login_url']) !== false) { + $data['after_login_url'] = "./$data[url]"; + } - # redirect to the page they were trying to access: - return $data['after_login_url']; - } - } - message("Incorrect username and/or password"); - } - $data['password'] = ''; - tem_set('form', $data); + # redirect to the page they were trying to access: + return $data['after_login_url']; + } + } + message("Incorrect username and/or password"); + } + $data['password'] = ''; + tem_set('form', $data); } diff --git a/logout.php b/logout.php index 9600c09..9e26b2f 100644 --- a/logout.php +++ b/logout.php @@ -1,7 +1,7 @@ $value) { - $log .= "\n$key: $value"; - $value = urlencode($value); - $req .= "&$key=$value"; - } + foreach ($_POST as $key => $value) { + $log .= "\n$key: $value"; + $value = urlencode($value); + $req .= "&$key=$value"; + } - // assign posted variables to local variables - $item_name = isset($_POST['item_name']) ? $_POST['item_name'] : ''; - $item_number = isset($_POST['item_number']) ? $_POST['item_number'] : ''; - $payment_status = isset($_POST['payment_status']) ? $_POST['payment_status'] : ''; - $mc_gross = isset($_POST['mc_gross']) ? $_POST['mc_gross'] : ''; - $mc_currency = isset($_POST['mc_currency']) ? $_POST['mc_currency'] : ''; - $txn_id = isset($_POST['txn_id']) ? $_POST['txn_id'] : ''; - $receiver_email = isset($_POST['receiver_email']) ? $_POST['receiver_email'] : ''; - $payer_email = isset($_POST['payer_email']) ? $_POST['payer_email'] : ''; - $custom = isset($_POST['custom']) ? $_POST['custom'] : ''; - $txn_type = isset($_POST['txn_type']) ? $_POST['txn_type'] : ''; - $subscr_id = isset($_POST['subscr_id']) ? $_POST['subscr_id'] : ''; - $needs_review = 1; + // assign posted variables to local variables + $item_name = isset($_POST['item_name']) ? $_POST['item_name'] : ''; + $item_number = isset($_POST['item_number']) ? $_POST['item_number'] : ''; + $payment_status = isset($_POST['payment_status']) ? $_POST['payment_status'] : ''; + $mc_gross = isset($_POST['mc_gross']) ? $_POST['mc_gross'] : ''; + $mc_currency = isset($_POST['mc_currency']) ? $_POST['mc_currency'] : ''; + $txn_id = isset($_POST['txn_id']) ? $_POST['txn_id'] : ''; + $receiver_email = isset($_POST['receiver_email']) ? $_POST['receiver_email'] : ''; + $payer_email = isset($_POST['payer_email']) ? $_POST['payer_email'] : ''; + $custom = isset($_POST['custom']) ? $_POST['custom'] : ''; + $txn_type = isset($_POST['txn_type']) ? $_POST['txn_type'] : ''; + $subscr_id = isset($_POST['subscr_id']) ? $_POST['subscr_id'] : ''; + $needs_review = 1; - $status = 'unknown'; + $status = 'unknown'; - $ch = curl_init($GLOBALS['paypal_site'] . '/cgi-bin/webscr'); - if ($ch == false) { - $status = 'curl_init failed'; - } else { - curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); - curl_setopt($ch, CURLOPT_POST, 1); - curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); - curl_setopt($ch, CURLOPT_POSTFIELDS, $req); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); - curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); - curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); - $res = curl_exec($ch); - $curl_errno = curl_errno($ch); - curl_close($ch); - if ($curl_errno != 0) { - $status = 'curl fail: ' . $curl_errno; - } else { - // Split response headers and payload, a better way for strcmp - $tokens = explode("\r\n\r\n", trim($res)); - $res = trim(end($tokens)); - $res_word = trim($tokens[count($tokens) - 1]); - if ($res_word === 'VERIFIED') { - $status = 'verified'; - } elseif ($res_word === 'INVALID') { - $status = 'invalid'; - } else { - $log .= "\n\nCan't figure out PayPal verify reply:\n" . $res; - } - } - } + $ch = curl_init($GLOBALS['paypal_site'] . '/cgi-bin/webscr'); + if ($ch == false) { + $status = 'curl_init failed'; + } else { + curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); + curl_setopt($ch, CURLOPT_POSTFIELDS, $req); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); + curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); + curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); + $res = curl_exec($ch); + $curl_errno = curl_errno($ch); + curl_close($ch); + if ($curl_errno != 0) { + $status = 'curl fail: ' . $curl_errno; + } else { + // Split response headers and payload, a better way for strcmp + $tokens = explode("\r\n\r\n", trim($res)); + $res = trim(end($tokens)); + $res_word = trim($tokens[count($tokens) - 1]); + if ($res_word === 'VERIFIED') { + $status = 'verified'; + } elseif ($res_word === 'INVALID') { + $status = 'invalid'; + } else { + $log .= "\n\nCan't figure out PayPal verify reply:\n" . $res; + } + } + } - $row = [ - 'txn_id' => $txn_id, - 'status' => $status, - 'custom' => $custom, - 'item_name' => $item_name, - 'item_number' => $item_number, - 'needs_review' => $needs_review, - 'payment_status' => $payment_status, - 'mc_gross' => $mc_gross, - 'mc_currency' => $mc_currency, - 'receiver_email' => $receiver_email, - 'payer_email' => $payer_email, - 'log' => $log, - 'txn_type' => $txn_type, - 'subscr_id' => $subscr_id, - 'user_id' => $user_id, - 'ipn_at' => time() - ]; + $row = [ + 'txn_id' => $txn_id, + 'status' => $status, + 'custom' => $custom, + 'item_name' => $item_name, + 'item_number' => $item_number, + 'needs_review' => $needs_review, + 'payment_status' => $payment_status, + 'mc_gross' => $mc_gross, + 'mc_currency' => $mc_currency, + 'receiver_email' => $receiver_email, + 'payer_email' => $payer_email, + 'log' => $log, + 'txn_type' => $txn_type, + 'subscr_id' => $subscr_id, + 'user_id' => $user_id, + 'ipn_at' => time() + ]; - db_insert_assoc('paypal_ipn', $row); - $row['id'] = $ipn_id = db_auto_id(); + db_insert_assoc('paypal_ipn', $row); + $row['id'] = $ipn_id = db_auto_id(); - if($status !== 'verified') { # it's really from PayPal - paypal_ipn_main_debug("status is not \"verified\" but is \"$status\""); - } elseif ($txn_type !== 'subscr_payment' && $txn_type !== 'web_accept') { - if ($txn_type !== 'subscr_signup' && $txn_type !== 'subscr_cancel' && $txn_type !== 'subscr_eot') { - # subscr_cancel is sent when they cancel. After that: - # subscr_eot is sent when their next payment would have been - paypal_ipn_main_debug("txn_type is not \"subscr_payment\", \"subscr_signup\", \"subscr_cancel\", \"subscr_eot\" or \"web_accept\" but is \"$txn_type\""); - } - } elseif ($payment_status !== 'Completed') { # payment has completed - if ($payment_status !== 'Pending') { - paypal_ipn_main_debug("payment_status is not \"Completed\" or \"Pending\", but is \"$payment_status\""); - } - } elseif ($receiver_email !== $GLOBALS['paypal_email']) { - paypal_ipn_main_debug("payment isn't to us ($GLOBALS[paypal_email]) but to \"$receiver_email\""); - } elseif ($mc_currency !== 'USD') { - paypal_ipn_main_debug("Currency isn't \"USD\" but is \"$mc_currency\""); - } else { - $custom_words = explode(' ', $custom); - if (!isset($GLOBALS['payment_handlers'][$custom_words[0]])) { - paypal_ipn_main_debug("\$custom's first word isn't in GLOBALS[payment_handlers]. \$custom: \"$custom\""); - } else { - $ret = file_run($GLOBALS['payment_handlers'][$custom_words[0]], $custom_words, $mc_gross, $row); - if ($ret and is_array($ret) and isset($ret['success']) and $ret['success']) { - $update = ['processed' => '1']; - if (isset($ret['for_table_id']) and isset($ret['for_row_id'])) { - $tid = format_int_0((string)$ret['for_table_id']); - $rid = format_int_0((string)$ret['for_row_id']); - if ((int)$tid > 0 and (int)$rid > 0) { - $update['for_table_id'] = $tid; - $update['for_row_id'] = $rid; - } - } - db_update_assoc('paypal_ipn', $update); - } else { - paypal_ipn_main_debug($user, $old_date, $was_expired); - } - } - } + if($status !== 'verified') { # it's really from PayPal + paypal_ipn_main_debug("status is not \"verified\" but is \"$status\""); + } elseif ($txn_type !== 'subscr_payment' && $txn_type !== 'web_accept') { + if ($txn_type !== 'subscr_signup' && $txn_type !== 'subscr_cancel' && $txn_type !== 'subscr_eot') { + # subscr_cancel is sent when they cancel. After that: + # subscr_eot is sent when their next payment would have been + paypal_ipn_main_debug("txn_type is not \"subscr_payment\", \"subscr_signup\", \"subscr_cancel\", \"subscr_eot\" or \"web_accept\" but is \"$txn_type\""); + } + } elseif ($payment_status !== 'Completed') { # payment has completed + if ($payment_status !== 'Pending') { + paypal_ipn_main_debug("payment_status is not \"Completed\" or \"Pending\", but is \"$payment_status\""); + } + } elseif ($receiver_email !== $GLOBALS['paypal_email']) { + paypal_ipn_main_debug("payment isn't to us ($GLOBALS[paypal_email]) but to \"$receiver_email\""); + } elseif ($mc_currency !== 'USD') { + paypal_ipn_main_debug("Currency isn't \"USD\" but is \"$mc_currency\""); + } else { + $custom_words = explode(' ', $custom); + if (!isset($GLOBALS['payment_handlers'][$custom_words[0]])) { + paypal_ipn_main_debug("\$custom's first word isn't in GLOBALS[payment_handlers]. \$custom: \"$custom\""); + } else { + $ret = file_run($GLOBALS['payment_handlers'][$custom_words[0]], $custom_words, $mc_gross, $row); + if ($ret and is_array($ret) and isset($ret['success']) and $ret['success']) { + $update = ['processed' => '1']; + if (isset($ret['for_table_id']) and isset($ret['for_row_id'])) { + $tid = format_int_0((string)$ret['for_table_id']); + $rid = format_int_0((string)$ret['for_row_id']); + if ((int)$tid > 0 and (int)$rid > 0) { + $update['for_table_id'] = $tid; + $update['for_row_id'] = $rid; + } + } + db_update_assoc('paypal_ipn', $update); + } else { + paypal_ipn_main_debug($user, $old_date, $was_expired); + } + } + } } function paypal_ipn_main_debug($message) { - $message = this_host() . ' paypal payment failure ' . $_POST['ipn_track_id'] . "\n\n" . $message; - $message .= "\n\nDump of all info received:\n"; - foreach ($_POST as $key => $value) { - $message .= "\t$key: $value\n"; - } - $template_vars = ['details' => $message]; - email_with_template(null, 'backend_debug', $template_vars); + $message = this_host() . ' paypal payment failure ' . $_POST['ipn_track_id'] . "\n\n" . $message; + $message .= "\n\nDump of all info received:\n"; + foreach ($_POST as $key => $value) { + $message .= "\t$key: $value\n"; + } + $template_vars = ['details' => $message]; + email_with_template(null, 'backend_debug', $template_vars); } # this file is accessed directly from the paypal IPN system diff --git a/template.html b/template.html index 9541cd5..9358bb0 100644 --- a/template.html +++ b/template.html @@ -1,103 +1,103 @@ - ~$title html~~$cms_title html~ - - - - - - + ~$title html~~$cms_title html~ + + + + + + -
+
- - - - + + + + -
- -
- -

~message htmlbrtab~

- -
- - -
- +
+ +
+ +

~message htmlbrtab~

+ +
+ + +
+ -
- ~$cms_body~ +
+ ~$cms_body~ - ~$body~ -
-
+ ~$body~ + +
- - + + -
- +
+ -
- ~$cms_footer~ -
-
- - - +
+ ~$cms_footer~ +
+
+ + +