Change references to numeric child/parent IDs which can now be text
[contractdashboard.git] / cutenews / index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
<?PHP
 
/***************************************************************************
 CuteNews CutePHP.com
 Copyright (C) 2005 Georgi Avramov  (flexer@cutephp.com)
****************************************************************************/
 
error_reporting (E_ALL ^ E_NOTICE);
 
require_once("./inc/functions.inc.php");
//#################
 
$PHP_SELF                                        = "index.php";
$cutepath                                        = ".";
$config_path_image_upload        = "./data/upimages";
 
$config_use_cookies = TRUE;  // Use Cookies When Checking Authorization
$config_use_sessions = FALSE;  // Use Sessions When Checking Authorization
$config_check_referer = TRUE; // Set to TRUE for more seciruty
//#################
 
$Timer = new microTimer;
$Timer->start();
 
// Check if CuteNews is not installed
$all_users_db = file("./data/users.db.php");
$check_users = $all_users_db;
$check_users[1] = trim($check_users[1]);
$check_users[2] = trim($check_users[2]);
if((!$check_users[2] or $check_users[2] == "") and (!$check_users[1] or $check_users[1] == "")){
    if(!file_exists("./inc/install.mdu")){ die('<h2>Error!</h2>CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.<br>
    However, the install module (<b>./inc/install.mdu</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); }
    require("./inc/install.mdu");
    die();
}
 
require_once("./data/config.php");
if(isset($config_skin) and $config_skin != "" and file_exists("./skins/${config_skin}.skin.php")){
        require_once("./skins/${config_skin}.skin.php");
}else{
        $using_safe_skin = true;
        require_once("./skins/default.skin.php");
}
 
b64dck();
if($config_use_sessions){
@session_start();
@header("Cache-control: private");
}
 
if($action == "logout")
{
    setcookie("md5_password","");
        setcookie("username","");
        setcookie("login_referer","");
 
    if($config_use_sessions){
            @session_destroy();
            @session_unset();
            setcookie(session_name(),"");
        }
    msg("info", "Logout", "You are now logged out, <a href=\"$PHP_SELF\">login</a><br /><br>");
}
 
 
$is_loged_in = FALSE;
$cookie_logged = FALSE;
$session_logged = FALSE;
$temp_arr = explode("?", $HTTP_REFERER);
$HTTP_REFERER = $temp_arr[0];
if(substr($HTTP_REFERER, -1) == "/"){ $HTTP_REFERER.= "index.php"; }
 
// Check if The User is Identified
 
 
if($config_use_cookies == TRUE){
/* Login Authorization using COOKIES */
 
if(isset($username))
{
    if(isset($HTTP_COOKIE_VARS["md5_password"])){ $cmd5_password = $HTTP_COOKIE_VARS["md5_password"]; }
    elseif(isset($_COOKIE["md5_password"])){ $cmd5_password = $_COOKIE["md5_password"]; }
    else{ $cmd5_password = md5($password); }
 
 
    // Do we have correct username and password ?
    if(check_login($username, $cmd5_password))
    {
        if($action == 'dologin'){
                setcookie("lastusername", $username, time()+1012324305);
                if($rememberme == 'yes'){
                   setcookie("username", $username, time()+60*60*24*30);
                   setcookie("md5_password", $cmd5_password, time()+60*60*24*30);
                }
                else{
                   setcookie("username", $username);
                   setcookie("md5_password", $cmd5_password);
                }
        }
 
        $cookie_logged = TRUE;
 
    }else{
                   setcookie("username", FALSE);
                   setcookie("md5_password", FALSE);
        $result = "<font color=red>Wrong username or password</font>";
        $cookie_logged = FALSE;
    }
}
/* END Login Authorization using COOKIES */
}
 
if($config_use_sessions == TRUE){
/* Login Authorization using SESSIONS */
        if(isset($HTTP_X_FORWARDED_FOR)){ $ip = $HTTP_X_FORWARDED_FOR; }
        elseif(isset($HTTP_CLIENT_IP))        { $ip = $HTTP_CLIENT_IP; }
        if($ip == "")                                    { $ip = $REMOTE_ADDR; }
        if($ip == "")                                        { $ip = "not detected";}
 
if($action == "dologin")
{
        $md5_password = md5($password);
    if(check_login($username, $md5_password)){
                $session_logged = TRUE;
 
                @session_register('username');
                @session_register('md5_password');
                @session_register('ip');
                @session_register('login_referer');
 
                $_SESSION['username']                = "$username";
                $_SESSION['md5_password']         = "$md5_password";
                $_SESSION['ip']                                = "$ip";
                $_SESSION['login_referer']        = "$HTTP_REFERER";
 
        }else{
                $result = "<font color=red>Wrong username and/or password</font>";
                $session_logged = FALSE;
        }
}elseif(isset($_SESSION['username'])){ // Check the if member is using valid username/password
    if(check_login($_SESSION['username'], $_SESSION['md5_password'])){
        if($_SESSION['ip'] != $ip){ $session_logged = FALSE; $result = "The IP in the session doesn not match with your IP"; }
        else{ $session_logged = TRUE; }
        }else{
                $result = "<font color=red>Wrong username and/or password !!!</font>";
                $session_logged = FALSE;
        }
}
 
if(!$username){ $username = $_SESSION['username']; }
/* END Login Authorization using SESSIONS */
}
 
###########################
 
if($session_logged == TRUE or $cookie_logged == TRUE){
    if($action == 'dologin'){
        //-------------------------------------------
        // Modify the Last Login Date of the user
        //-------------------------------------------
        $old_users_db        = $all_users_db;
        $modified_users = fopen("./data/users.db.php", "w");
        foreach($old_users_db as $old_users_db_line){
           $old_users_db_arr = explode("|", $old_users_db_line);
            if($member_db[0] != $old_users_db_arr[0]){
                    fwrite($modified_users, "$old_users_db_line");
            }else{
                    fwrite($modified_users, "$old_users_db_arr[0]|$old_users_db_arr[1]|$old_users_db_arr[2]|$old_users_db_arr[3]|$old_users_db_arr[4]|$old_users_db_arr[5]|$old_users_db_arr[6]|$old_users_db_arr[7]|$old_users_db_arr[8]|".time()."||\n");
            }
        }
        fclose($modified_users);
        }
 
        $is_loged_in = TRUE;
}
 
###########################
 
// If User is Not Logged In, Display The Login Page
if($is_loged_in == FALSE)
{
    if($config_use_sessions){
            @session_destroy();
            @session_unset();
        }
 
//    setcookie("username","");
//    setcookie("password","");
//    setcookie("md5_password","");
//    setcookie("login_referer","");
 
    echoheader("user","Please Login");
 
    if($config_allow_registration == "yes"){ $allow_reg_status = "<a href='register.php'>(register)</a> "; }else{ $allow_reg_status = ""; }
 
    echo "
  <table width=\"100%\" border=0 cellpadding=1 cellspacing=0>
     <form  name=login action='$PHP_SELF' method=post>
     <tr>
 
       <td width=80>Username: </td>
       <td width='160'><input tabindex=1 type=text name=username value='$lastusername' style='width:150;'></td>
       <td>&nbsp;$allow_reg_status</a></td>
      </tr>
      <tr>
       <td>Password: </td>
       <td><input type=password name=password style='width:150'></td>
       <td>&nbsp;<a href='register.php?action=lostpass'>(lost password)</a> </td>
      </tr>
      <tr>
 
       <td></td>
       <td style='text-align:left'>
          <input accesskey='s' type=submit style=\"width:150; background-color: #F3F3F3;\" value='      Login...      '><br/>
       </td>
       <td style='text-align:left'><label for=rememberme title='Remmber me for 30 days, Do not use on Public-Terminals!'>
         <input id=rememberme type=checkbox value=yes style=\"border:0px;\" name=rememberme>
Remember Me</label> </td>
      </tr>
 
      <tr>
       <td align=center colspan=4 style='text-align:left;'>$result</td>
      </tr>
     <input type=hidden name=action value=dologin>
     </form>
    </table>";
                     
   echofooter();
}
elseif($is_loged_in == TRUE)
{
 
//----------------------------------
// Check Referer
//----------------------------------
if($config_check_referer == TRUE){
   $self = $_SERVER["SCRIPT_NAME"];
   if($self == ""){ $self = $_SERVER["REDIRECT_URL"]; }
   if($self == ""){ $self = "index.php"; }
 
   if(!eregi("$self",$HTTP_REFERER) and $HTTP_REFERER != ""){
       die("<h2>Sorry but your access to this page was denied !</h2><br>try to <a href=\"?action=logout\">logout</a> and then login again<br>To turn off this security check, change \$config_check_referer in index.php to FALSE");
   }
}
// ********************************************************************************
// Include System Module
// ********************************************************************************
if($_SERVER['QUERY_STRING'] == "debug"){ debug(); }
 
                            //name of mod   //access
    $system_modules = array('addnews' => 'user',
                            'editnews' => 'user',
                            'main' => 'user',
                            'options' => 'user',
                            'images' => 'user',
                            'editusers' => 'admin',
                            'editcomments' => 'admin',
                            'tools' => 'admin',
                            'ipban' => 'admin',
                            'about' => 'user',
                            'preview' => 'user',
                            'categories' => 'admin',
                            'massactions' => 'user',
                            'help' => 'user',
                            'snr' => 'admin',
                            'debug' => 'admin',
                            'wizards' => 'admin',
                            );
 
 
    if($mod == ""){ require("./inc/main.mdu"); }
    elseif( $system_modules[$mod] )
    {
        if(     $member_db[1] == 4 and $mod != 'options'){ msg('error', 'Error!', 'Access Denied for your user-level (commenter)'); }
        elseif( $system_modules[$mod] == "user"){ require("./inc/". $mod . ".mdu"); }
        elseif( $system_modules[$mod] == "admin" and $member_db[1] == 1){ require("./inc/". $mod . ".mdu"); }
        elseif( $system_modules[$mod] == "admin" and $member_db[1] != 1){ msg("error", "Access denied", "Only admin can access this module"); exit; }
        else{   die("Module access must be set to <b>user</b> or <b>admin</b>"); }
    }
    else{       die("$mod is NOT a valid module"); }
}
 
echo"<!-- execution time: ".$Timer->stop()." -->";
?>