-
Notifications
You must be signed in to change notification settings - Fork 66
/
Copy pathindex.php
executable file
·412 lines (320 loc) · 15.1 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
<?php
/**
* @package pragyan
* @brief Pragyan CMS v3.0 Project
* @author Abhilash R
* @author Sahil Ahuja
* @author Anshu Prateek
* @author Ankit Srivastav
* @author Abhishek Shrivastava
* @author Chakradar Raju
* @author Balanivash
* @author Boopathi Rajaa
* @author Shriram Venkataramana
* @copyright (c) 2010 Pragyan Team
* @license http://www.gnu.org/licenses/ GNU Public License
* For more details, see README
* @mainpage Pragyan CMS
* @section Introduction
* Pragyan CMS is a simple and fast multiuser CMS(Content Management System) to organize collaborative web-content.
* This CMS allows very fine user & group permissions and generating pages like articles, forms, quizzes, forums, gallery, etc.
* The internal search engine is powered by Sphider and it comes with many third-party plugins like PDF, Google Maps, etc.
*
* @section For License, Credits and other details
* Please see README.html in docs folder.
* For more details, contact Abhishek Shrivastava abhishekdelta [at] integriti.org.in .
*
*/
///Very important variable for detecting direct script access to any other .php file
define('__PRAGYAN_CMS',')$!%^!%#^@');
///Folder containing all library files
$cmsFolder="cms";
///Folder containing all the modules
$moduleFolder = "modules";
///Folder containing all the modules
$templateFolder = "templates";
///Folder containing the upload files, temporary files and session files
$uploadFolder = "uploads";
///Folder containing all the widgets.
$widgetFolder = "widgets";
///Initial value of debug enabler, will get overridden by the config value
$debugSet = "off";
///Complete location of the source folder
$sourceFolder = substr($_SERVER['SCRIPT_FILENAME'], 0, strrpos($_SERVER['SCRIPT_FILENAME'], '/'))."/".$cmsFolder;
///Can be used to update the last updated time
$PAGELASTUPDATED="";
///Defined here. Will get appended by displayerror() in common.lib.php
$ERRORSTRING = "";
///Defined here. Will get appended by displayinfo() in common.lib.php
$INFOSTRING = "";
///Defined here. Will get appended by displaywarning() in common.lib.php
$WARNINGSTRING = "";
///Will contain a string containing all that has to be executed on window load
$STARTSCRIPTS = "";
///For Apache + Rewrite Mod + phpSUexec, SCRIPT_NAME is WRONG and ORIG_SCRIPT_NAME is correct. So we prioritise ORIG_SCRIPT_NAME. Its unset for any other environment.
$scriptname = isset($_SERVER['ORIG_SCRIPT_NAME'])?$_SERVER['ORIG_SCRIPT_NAME']:$_SERVER['SCRIPT_NAME'];
///Root of the request - that path to cms base
$urlRequestRoot = substr($scriptname, 0, strrpos($scriptname, '/'));
///Full path to template folder as seen from the browser (defined in template.lib.php)
$TEMPLATEBROWSERPATH = "";
///Full path to template folder as seen by httpd while parsing (defined in template.lib.php)
$TEMPLATECODEPATH = "";
///Site description to be used in the HTML <meta> tag
$SITEDESCRIPTION = "";
///Site keywords to be used in the HTML <meta> tag
$SITEKEYWORDS = "";
///Login form to be used in template
$LOGINFORM = "";
///Debugging information
$DEBUGINFO = "";
///is cookie supported by the client's browser ?
$cookieSupported = false;
///Stores all the icons locations along with <img> tag, indexed by the icon name
$ICONS = array();
///Stores all the icons locations without the <img> tag, indexed by the icon name
$ICONS_SRC = array();
///Variables for storing widgets.
$WIDGETS = array();
//User Public profile module
$publicPageRequest = false;
///For example, if hosted on pragyan.org/10, $onlineSiteUrl = http://pragyan.org/10/home
$onlineSiteUrl = "http://" . $_SERVER['HTTP_HOST'] . substr($scriptname,0,stripos($scriptname,"index.php")) . "home";
///If config.inc.php doesn't exists, assume CMS hasn't been installed.
@include_once($sourceFolder."/config.inc.php");
///If config.inc.php doesn't exists, ADMIN_USERID won't be defined, so assume CMS is not installed.
if(!defined("ADMIN_USERID") )
{
echo "Welcome to Pragyan CMS v3.0. <a href='./INSTALL/'>Click Here</a> to goto installation page.<br/><br/>
<b>NOTE:</b>If you're not using the <a href='http://sourceforge.net/projects/pragyan'>official package</a> of the Pragyan CMS or you're installing for the second time, then please make sure that the 'RewriteEngine' property is set to 'Off' in the .htaccess file present in the root folder of Pragyan for the above link to work correctly.";
exit();
}
///Contains functions which are common to many tasks and very frequently used.
require_once($sourceFolder."/common.lib.php");
///Only works in case Magic Quotes and Register Globals are ENABLED by chance or mistake.
disable_magic_quotes();
unregister_globals();
require_once($sourceFolder."/icons.lib.php");
///Defined here to set its access as global to the project
$dbase;
///To connect to server
connect();
///Authentication process begins here
require_once($sourceFolder."/authenticate.lib.php");
$cookieSupported = checkCookieSupport();
if($cookieSupported==true) session_start();
$userId=firstTimeGetUserId();
///Case 1 : request a page
if(isset($_GET['page'])){
$_GET['page'] = escape($_GET['page']);
$pageFullPath = strtolower($_GET['page']);
}
///Case 2 : request for a user profile page
else if(isset($_GET['user'])) {
$publicPageRequest = true;
$userProfileId = safe_html(escape($_GET['user']));
//This is just to prevent parsing a NULL url when someone misplaces the code for User profile parser
$pageFullPath = "home";
}
else $pageFullPath = "home";
///Retrieve the action, default is "view"
if(isset($_GET['action']))
$action = strtolower(escape($_GET['action']));
else $action = "view";
///Just to check if server is alive, an alternative of Ping
if ($action == 'keepalive')
die("OK: " . rand());
///Get all the global settings from the database and convert into variables
$globals=getGlobalSettings();
foreach($globals as $var=>$val)
$$var=$val;
if($openid_enabled=='true'){
set_include_path('cms/openid/');
require_once 'cms/openid/class.dopeopenid.php';
}
///Check the status of URL rewriting taken from database
$rewriteEngineEnabled=$url_rewrite;
///Some of the previously defined global settings variables are converted into constants
///Title of the Website
define("CMS_TITLE", $cms_title);
///Default template name
define("DEF_TEMPLATE",$default_template);
///Upload size limit for the CMS. All the modules use this constant as the upload limit.
define("UPLOAD_SIZE_LIMIT", $upload_limit);
///Whether to send a mail when a new user registers
define("SEND_MAIL_ON_REGISTRATION",($default_mail_verify==0)?false:true);
///Email address to be used by CMS when sending mails to users
define("CMS_EMAIL",$cms_email);
///Whether to activate the user on registration
define("ACTIVATE_USER_ON_REG",$default_user_activate);
$SITEDESCRIPTION=$cms_desc;
$SITEKEYWORDS=$cms_keywords;
$FOOTER=$cms_footer;
///Include all the required libraries
require_once($sourceFolder."/parseurl.lib.php");
require_once($sourceFolder."/template.lib.php");
require_once($sourceFolder."/menu.lib.php");
require_once($sourceFolder."/breadcrumbs.lib.php");
require_once($sourceFolder."/permission.lib.php");
require_once($sourceFolder."/content.lib.php");
require_once($sourceFolder."/inheritedinfo.lib.php");
require_once($sourceFolder."/actionbar.lib.php");
require_once($sourceFolder."/searchbar.lib.php");
require_once($sourceFolder."/registration.lib.php");
require_once($sourceFolder."/widget.lib.php");
require_once($sourceFolder."/login.lib.php");
///If requesting for a userpage donot goto parse. Note that this code is before the URL parse
///Check if request is made
if($publicPageRequest) {
require_once($sourceFolder."/userprofile.lib.php");
define("TEMPLATE", getPageTemplate(0));
$TITLE = CMS_TITLE . " | User : " . ucfirst(getUserName($userProfileId));
$CONTENT = generatePublicProfile($userProfileId,$userId);
$ACTIONBARPAGE = getActionbarPage($userId, $pageId);
$BREADCRUMB = breadcrumbs(array(0=>0)," » ");
$MENUBAR = getMenu($userId, $pageIdArray);
$SEARCHBAR = getSearchbar($userId, $pageId);
$PAGEKEYWORDS = getPagetags($pageId);
templateReplace($TITLE,$MENUBAR,$ACTIONBARMODULE,$ACTIONBARPAGE,$BREADCRUMB,$SEARCHBAR,$PAGEKEYWORDS,$INHERITEDINFO,$CONTENT,$FOOTER,$DEBUGINFO,$ERRORSTRING,$WARNINGSTRING,$INFOSTRING,$STARTSCRIPTS,$LOGINFORM);
exit(1);
}
///The URL may contain some harmful GET variables, so filter and block such URLs.
if(URLSecurityCheck($_GET))
{
define("TEMPLATE", getPageTemplate(0));
$pageId = parseUrlReal("home", $pageIdArray);
$TITLE = CMS_TITLE;
$MENUBAR = '';
$CONTENT = "The requested URL was found to have invalid syntax and cannot be processed for security reasons.<br/> If you believe its a". "correct URL, please contact the administrator immediately..<br />$_SERVER[SERVER_SIGNATURE]".
"<br /><br />Click <a href='".$urlRequestRoot."'>here </a> to return to the home page";
templateReplace($TITLE,$MENUBAR,$ACTIONBARMODULE,$ACTIONBARPAGE,$BREADCRUMB,$SEARCHBAR,$PAGEKEYWORDS,$INHERITEDINFO,$CONTENT,$FOOTER,$DEBUGINFO,$ERRORSTRING,$WARNINGSTRING,$INFOSTRING,$STARTSCRIPTS,$LOGINFORM);
exit();
}
///Parse the URL and retrieve the PageID of the request page if its valid
$pageId = parseUrlReal($pageFullPath, $pageIdArray);
///Means that the requested URL is not valid.
if ($pageId === false) {
define("TEMPLATE", getPageTemplate(0));
$pageId = parseUrlReal("home", $pageIdArray);
$TITLE = CMS_TITLE;
$MENUBAR = '';
$CONTENT = "The requested URL was not found on this server.<br />$_SERVER[SERVER_SIGNATURE]".
"<br /><br />Click <a href='".$urlRequestRoot."'>here </a> to return to the home page";
templateReplace($TITLE,$MENUBAR,$ACTIONBARMODULE,$ACTIONBARPAGE,$BREADCRUMB,$SEARCHBAR,$PAGEKEYWORDS,$INHERITEDINFO,$CONTENT,$FOOTER,$DEBUGINFO,$ERRORSTRING,$WARNINGSTRING,$INFOSTRING,$STARTSCRIPTS,$LOGINFORM);
exit();
}
///If it reaches here, means the page requested is valid. Log the information for future use.
logInfo (getUserEmail($userId),$userId, $pageId, $pageFullPath, getPageModule($pageId), $action, $_SERVER['REMOTE_ADDR']);
///The URL points to a file. Download permissions for the file are handled inside the download() function in download.lib.php
if(isset($_GET['fileget'])) {
require_once($sourceFolder."/download.lib.php");
$action="";
if(isset($_GET['action']))
$action=$_GET['action'];
download($pageId,$userId,$_GET['fileget'],$action);
exit();
}
///Check whether the user has the permission to use that action on the requested page.
$permission = getPermissions($userId, $pageId, $action);
///Gets the page-specific template for that requested page
define("TEMPLATE", getPageTemplate($pageId));
///Gets the page title of the requested page
if (getTitle($pageId, $action, $TITLE))
$TITLE = CMS_TITLE . " - $TITLE";
else
$TITLE = CMS_TITLE;
///Gets the content according to the user's permissions
$CONTENT = getContent($pageId, $action, $userId, $permission);
///Gets the inherited code (if any) from the parent page
$INHERITEDINFO = inheritedinfo($pageIdArray);
///Gets the breadcrumb
$BREADCRUMB = breadcrumbs($pageIdArray," » ");
//Gets the searchbar
$SEARCHBAR = getSearchbar($userId, $pageId);
//Gets the page-speciit keywords
$PAGEKEYWORDS = getPagetags($pageId);
///Gets the menubar consisting of the child pages from the current location upto a certain depth
$MENUBAR = getMenu($userId, $pageIdArray);
///The Login form to be displayed from login.lib.php
if($userId == 0)
$LOGINFORM = loginForm();
else
{
$userNameFromId = getUserName($userId);
$LOGINFORM = "Welcome {$userNameFromId}.";
}
///Gets the list of allowed actions for the current page
$ACTIONBARPAGE = getActionbarPage($userId, $pageId);
///Gets the list of allowed actions for the current module on the page
$ACTIONBARMODULE = getActionbarModule($userId, $pageId);
///Initializes the widgets in the page
populateWidgetVariables($pageId);
///If its disabled, then all the links in the generated page are converted into non-pretty URLs using regex
if($rewriteEngineEnabled=='false') {
$TITLE = convertUri($TITLE);
$MENUBAR = convertUri($MENUBAR);
$CONTENT = convertUri($CONTENT);
$INHERITEDINFO = convertUri($INHERITEDINFO);
$BREADCRUMB = convertUri($BREADCRUMB);
$ACTIONBARPAGE = convertUri($ACTIONBARPAGE);
$ACTIONBARMODULE = convertUri($ACTIONBARMODULE);
$INFOSTRING = convertUri($INFOSTRING);
$ERRORSTRING = convertUri($ERRORSTRING);
$WARNINGSTRING = convertUri($WARNINGSTRING);
$LOGINFORM = convertUri($LOGINFORM);
}
///Some extra debugging information if debugSet is enabled
if($debugSet == "on") {
$DEBUGINFO .= "Page Full text path : ".$pageFullPath."<br /><br />\n";
$DEBUGINFO .= "UID : ".getUserId()."<br /><br />\n";
$DEBUGINFO .= "GIDS : ".arraytostring(getGroupIds($userId))."<br /><br />\n";
$DEBUGINFO .= "Action : ".$action."<br /><br />\n";
$DEBUGINFO .= "Get Vars : ".arraytostring($_GET)."<br /><br />\n";
$DEBUGINFO .= "Page Id : ".$pageId."<br /><br />\n";
$DEBUGINFO .= "Page id path : ".arraytostring($pageIdArray)."\n<br /><br />";
$DEBUGINFO .= "Title : ".$TITLE."\n<br /><br />";
$DEBUGINFO .= "SERVER info : ".arraytostring($_SERVER)."\n<br /><br />";
$DEBUGINFO .= "POST info : ".arraytostring($_POST)."\n<br /><br />";
$DEBUGINFO .= "FILES info : ".arraytostring($_FILES)."\n<br /><br />";
$DEBUGINFO .= "SESSION info : ".arraytostring($_SESSION)."\n<br /><br />";
$DEBUGINFO .= "STARTSCRIPTS : ".$STARTSCRIPTS."\n<br/><br/>";
if($DEBUGINFO!="") displayinfo($DEBUGINFO);
}
///Used to check in subsequent requests if cookies are supported or not
setcookie("cookie_support", "enabled", 0, "/");
///Apply the template on the generated content and display the page
templateReplace($TITLE,$MENUBAR,$ACTIONBARMODULE,$ACTIONBARPAGE,$BREADCRUMB,$SEARCHBAR,$PAGEKEYWORDS,$INHERITEDINFO,$CONTENT,$FOOTER,$DEBUGINFO,$ERRORSTRING,$WARNINGSTRING,$INFOSTRING,$STARTSCRIPTS,$LOGINFORM);
disconnect();
exit();
/** Additional notes :
authenticate.lib.php -> Find out who requested it
output: one int -> uid
parseurl.lib.php -> Find out the page id and action requested
input: url
output : pageid, action, actionparameters (variables passed as parameters for the action)
permission.lib.php -> Find out if he has the permission of the particular action on that page
input : pageid, uid, action
output : true, false
content.lib.php -> Generate the output of the page -> has nothing to do with the uid.
The only inputs will be -> permission output, pageid, action, parameters for action (might include uid)
outputs : javascript to be run on page load
page content
bread crumbs -> breadcrumbs.lib.php
breadcrumbs.lib.php
input: pageid
output: div containing breadcrumbs
header.lib.php
input : pageid
output: header div
menu.lib.php : input : uid, pageid
this in turn will use
menuitems.lib.php : input : uid, pageid : output: pageid's children
output: divs for the menu
right sidebar will be generated through template only
Types of outputs :
Both menu bar, page content, along with template.
Menu bar content
Page content. (that comes from modules)
Constants :
uids : unauthenticated -> 0, loggedin -> his own uid
gids : Groups available by default (to which permissions can be given) - unauthenticated users -> 0, logged in users -> 1
*/