Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for #59: Updated password hash algorithm from md5 to bcrypt (via password_hash() function). Thanks a lot, @axelhahn!

Browse Source 
In detail: Added function io_delete_file(). Removed system_hashsalt_save(). Added password hash update mechanics to user_login().
This commit is contained in:
azett 2020-12-19 14:02:27 +01:00
parent 5a0b7541e7
commit f265b22b0b
6 changed files with 771 additions and 778 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

245
defaults.php
View File

@ -1,168 +1,159 @@
<?php <?php
// defaults.php // defaults.php
// this file defines standard positions of some important // this file defines standard positions of some important
// dirs or files. // dirs or files.
// For security reasons // For security reasons
// these can't be modified in the common settings panels // these can't be modified in the common settings panels
// but only through this file. // but only through this file.
// If you want to change these constants, just change // If you want to change these constants, just change
// the second parameter. // the second parameter.
// We suggest not to define here your owns, but instead // We suggest not to define here your owns, but instead
// inmplementing them as plugins // inmplementing them as plugins
// legacy mode; needed with some ill-formed spb files
define('DUMB_MODE_ENABLED', false);
// default file permissions
// change file to 644 and dir to 755 if your webserver "complains"
define('FILE_PERMISSIONS', 0777);
define('DIR_PERMISSIONS', 0777);
// legacy mode; needed with some ill-formed spb files // first some webserver setup...
define('DUMB_MODE_ENABLED', false);
// default file permissions
// change file to 644 and dir to 755 if your webserver "complains"
define('FILE_PERMISSIONS', 0777);
define('DIR_PERMISSIONS', 0777);
// here's where your server save session-related stuff.
// If you don't experience any session-related problem, you
// you can leave it blank and it will default to standard webserver config
define('SESSION_PATH', '');
// absolute path to your webserver dir; if you don't experience any problem
// you can leave this as it is
define('ABS_PATH', dirname(__FILE__) . '/');
// here was blog root in earlier versions. This has been moved to config_load()
// first some webserver setup... // here are default config files
define('FP_DEFAULTS', 'fp-defaults/');
// here's where your server save session-related stuff. // all writable directories go here.
// If you don't experience any session-related problem, you define('FP_CONTENT', 'fp-content/'); // must be chmodded to 0777
// you can leave it blank and it will default to standard webserver config
define('SESSION_PATH', '');
// absolute path to your webserver dir; if you don't experience any problem
// you can leave this as it is
define('ABS_PATH', dirname(__FILE__).'/');
// here was blog root in earlier versions. This has been moved to config_load()
// blog configurations files
define('CONFIG_DIR', FP_CONTENT . 'config/'); // must be chmodded to 0777
define('CONFIG_FILE', CONFIG_DIR . 'settings.conf.php');
// here are default config files /**
define('FP_DEFAULTS', 'fp-defaults/'); *
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
define('HASHSALT_FILE', CONFIG_DIR . 'hashsalt.conf.php');
define('CONFIG_DEFAULT', FP_DEFAULTS . 'settings-defaults.php');
define('USERS_DIR', FP_CONTENT . 'users/');
// here we'll store all your entries, comments, static pages and blocks
// comments are stored automatically in subdirs of the dir CONTENT_DIR
define('CONTENT_DIR', FP_CONTENT . 'content/');
// define('BLOCKS_DIR', CONTENT_DIR . 'blocks/');
// all writable directories go here. // !!! CRITICAL !!!
define('FP_CONTENT', 'fp-content/'); //must be chmodded to 0777 // all includes file
define('FP_INCLUDES', 'fp-includes/');
// blog configurations files // core include scripts
define('CONFIG_DIR', FP_CONTENT . 'config/'); //must be chmodded to 0777 define('INCLUDES_DIR', FP_INCLUDES . 'core/');
define('CONFIG_FILE', CONFIG_DIR . 'settings.conf.php'); // smarty engine
define('HASHSALT_FILE', CONFIG_DIR . 'hashsalt.conf.php'); define('SMARTY_DIR', ABS_PATH . FP_INCLUDES . 'smarty/');
define('CONFIG_DEFAULT', FP_DEFAULTS. 'settings-defaults.php');
define('USERS_DIR', FP_CONTENT . 'users/');
// here we'll store all your entries, comments, static pages and blocks define('FP_INTERFACE', 'fp-interface/');
// comments are stored automatically in subdirs of the dir CONTENT_DIR // theme dir
define('CONTENT_DIR', FP_CONTENT . 'content/'); define('THEMES_DIR', FP_INTERFACE . 'themes/');
//define('BLOCKS_DIR', CONTENT_DIR . 'blocks/'); // language files
define('LANG_DIR', FP_INTERFACE . 'lang/');
// misc forms
define('SHARED_TPLS', ABS_PATH . FP_INTERFACE . 'sharedtpls/');
// here is where all plugins are saved
define('PLUGINS_DIR', 'fp-plugins/');
// !!! CRITICAL !!! define('ADMIN_DIR', 'admin/');
// all includes file
define('FP_INCLUDES', 'fp-includes/');
// core include scripts // cache file name and path.
define('INCLUDES_DIR', FP_INCLUDES . 'core/'); define('CACHE_DIR', FP_CONTENT . 'cache/');
// smarty engine define('CACHE_FILE', '%%cached_list.php');
define('SMARTY_DIR', ABS_PATH . FP_INCLUDES . 'smarty/');
define('INDEX_DIR', FP_CONTENT . 'index/');
define('LOCKFILE', FP_CONTENT . '%%setup.lock');
define('FP_INTERFACE', 'fp-interface/'); // these will be probably moved soon to plugins
// theme dir // here is where all the uploaded images will be saved
define('THEMES_DIR', FP_INTERFACE . 'themes/'); define('IMAGES_DIR', FP_CONTENT . 'images/');
// language files // here is where all the attachments will be saved
define('LANG_DIR', FP_INTERFACE . 'lang/'); define('ATTACHS_DIR', FP_CONTENT . 'attachs/');
// misc forms
define('SHARED_TPLS', ABS_PATH . FP_INTERFACE . 'sharedtpls/');
define('LANG_DEFAULT', 'en-us');
define('BPT_SORT', SORT_DESC);
set_include_path(ABS_PATH);
// here is where all plugins are saved //
define('PLUGINS_DIR', 'fp-plugins/'); // original Flatpress 1.0.3 coding disabled
//
// compatibility with ISS
// if (!isset($_SERVER['REQUEST_URI']))
// $_SERVER['REQUEST_URI'] = 'http://localhost/flatpress/';
define('ADMIN_DIR', 'admin/'); // #define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
// define('BLOG_ROOT', ('/'==($v=dirname($_SERVER['SCRIPT_NAME']))? $v : $v.'/') );
// define('BLOG_BASEURL', 'http://'.$_SERVER['HTTP_HOST']. BLOG_ROOT);
// cache file name and path. //
define('CACHE_DIR', FP_CONTENT . 'cache/'); // Adding security and HTTPS support
define('CACHE_FILE', '%%cached_list.php'); //
define('INDEX_DIR', FP_CONTENT.'index/'); ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
define('LOCKFILE', FP_CONTENT . '%%setup.lock'); if (isset($_SERVER ['HTTPS'])) {
$_SERVER ['HTTPS'] = htmlspecialchars($_SERVER ['HTTPS'], ENT_QUOTES, "UTF-8");
}
// these will be probably moved soon to plugins $serverport = "false";
// here is where all the uploaded images will be saved // Unterstützung für Apache und IIS
define('IMAGES_DIR', FP_CONTENT . 'images/'); if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
// here is where all the attachments will be saved
define('ATTACHS_DIR', FP_CONTENT . 'attachs/');
define('LANG_DEFAULT', 'en-us');
define('BPT_SORT', SORT_DESC);
set_include_path(ABS_PATH);
//
// original Flatpress 1.0.3 coding disabled
//
// compatibility with ISS
// if (!isset($_SERVER['REQUEST_URI']))
// $_SERVER['REQUEST_URI'] = 'http://localhost/flatpress/';
// #define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
// define('BLOG_ROOT', ('/'==($v=dirname($_SERVER['SCRIPT_NAME']))? $v : $v.'/') );
// define('BLOG_BASEURL', 'http://'.$_SERVER['HTTP_HOST']. BLOG_ROOT);
//
// Adding security and HTTPS support
//
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
if (isset($_SERVER['HTTPS'])) {
$_SERVER['HTTPS'] = htmlspecialchars($_SERVER['HTTPS'], ENT_QUOTES, "UTF-8");
}
$serverport = "false";
// Unterstützung für Apache und IIS
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == '1' || strtolower($_SERVER['HTTPS'])=='on')) {
$serverport = "https://"; $serverport = "https://";
// Uses a secure connection (HTTPS) if possible // Uses a secure connection (HTTPS) if possible
ini_set('session.cookie_secure', 1); ini_set('session.cookie_secure', 1);
} else { } else {
$serverport = "http://"; $serverport = "http://";
} }
// compatibility with ISS // compatibility with ISS
$_SERVER["REQUEST_URI"] = htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES, "UTF-8"); $_SERVER ["REQUEST_URI"] = htmlspecialchars($_SERVER ["REQUEST_URI"], ENT_QUOTES, "UTF-8");
if (!isset($_SERVER['REQUEST_URI'])) if (!isset($_SERVER ['REQUEST_URI']))
$_SERVER['REQUEST_URI'] = $serverport . 'localhost/flatpress/'; $_SERVER ['REQUEST_URI'] = $serverport . 'localhost/flatpress/';
#define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/'); // define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
define('BLOG_ROOT', ('/'==($v=dirname($_SERVER['SCRIPT_NAME']))? $v : $v.'/') ); define('BLOG_ROOT', ('/' == ($v = dirname($_SERVER ['SCRIPT_NAME'])) ? $v : $v . '/'));
define('BLOG_BASEURL', $serverport . $_SERVER ['HTTP_HOST'] . BLOG_ROOT);
define('BLOG_BASEURL', $serverport . $_SERVER['HTTP_HOST'] . BLOG_ROOT); //
// OWASP - Browser Cache - How can the browser cache be used in attacks?
// // https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#How_can_the_browser_cache_be_used_in_attacks.3F
// OWASP - Browser Cache - How can the browser cache be used in attacks? //
// https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#How_can_the_browser_cache_be_used_in_attacks.3F // http://stackoverflow.com/questions/13640109/how-to-prevent-browser-cache-for-php-site
// //
// http://stackoverflow.com/questions/13640109/how-to-prevent-browser-cache-for-php-site header('Expires: Sun, 01 Jan 2015 00:00:00 GMT');
// header('Cache-Control: no-store, no-cache, must-revalidate');
header('Expires: Sun, 01 Jan 2015 00:00:00 GMT'); header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Cache-Control: no-store, no-cache, must-revalidate'); header('Pragma: no-cache');
header('Cache-Control: post-check=0, pre-check=0', FALSE); //
header('Pragma: no-cache'); // http://de.wikipedia.org/wiki/Liste_der_HTTP-Headerfelder
// //
// http://de.wikipedia.org/wiki/Liste_der_HTTP-Headerfelder header('X-Frame-Options: SAMEORIGIN');
// header('X-XSS-Protection: 1; mode=block');
header('X-Frame-Options: SAMEORIGIN'); header('X-Content-Type-Options: nosniff');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
// //
// End of send header // End of send header
// //

32
fp-includes/core/core.fileio.php
View File

@ -1,9 +1,8 @@
<?php <?php
// fileio.php // fileio.php
// low-level io-handling functions // low-level io-handling functions
function io_write_file($filename, $data) {
function io_write_file($filename, $data) {
@umask(0); @umask(0);
$dir = dirname($filename); $dir = dirname($filename);
if (fs_mkdir($dir)) { if (fs_mkdir($dir)) {
@ -22,19 +21,16 @@
@chmod($filename, FILE_PERMISSIONS); @chmod($filename, FILE_PERMISSIONS);
//returns true on success // returns true on success
return($length == $done); return ($length == $done);
} }
} }
return false; return false;
}
} function io_load_file($filename) {
function io_load_file($filename) {
if (file_exists($filename)) { if (file_exists($filename)) {
if (function_exists('file_get_contents')) if (function_exists('file_get_contents'))
return file_get_contents($filename); return file_get_contents($filename);
@ -47,12 +43,18 @@
flock($f, LOCK_UN); flock($f, LOCK_UN);
fclose($f); fclose($f);
//returns contents as string on success // returns contents as string on success
return($contents); return ($contents);
} }
} }
//trigger_error("io_load_file: $filename does not exists", E_USER_ERROR); // trigger_error("io_load_file: $filename does not exists", E_USER_ERROR);
return false;
}
function io_delete_file($filename) {
if (!file_exists($filename)) {
return false; return false;
} }
return unlink($filename);
}

11
fp-includes/core/core.system.php
View File

@ -59,15 +59,6 @@ function system_save($file, $array) {
// } else die('Wrong number of parameters!'); // } else die('Wrong number of parameters!');
} }
function system_hashsalt_save($force = false) {
global $fp_config;
if ($force || !file_exists(HASHSALT_FILE))
return system_save(HASHSALT_FILE, array(
'fp_hashsalt' => $fp_config ['general'] ['blogid'] . ABS_PATH . BLOG_BASEURL . mt_rand()
));
return true;
}
define('SYSTEM_VER', '1.2.dev'); define('SYSTEM_VER', '1.2.dev');
function system_ver() { function system_ver() {
@ -217,7 +208,7 @@ function system_geterr($module = '') {
function system_dpr($action, $content) { function system_dpr($action, $content) {
$p = print_r($content, 1); $p = print_r($content, 1);
add_action($action, function() use ($p) { add_action($action, function () use ($p) {
echo "<pre style='position:absolute'>$p</pre>"; echo "<pre style='position:absolute'>$p</pre>";
}); });
} }

32
fp-includes/core/core.users.php
View File

@ -31,24 +31,42 @@ function user_list() {
} }
function user_pwd($userid, $pwd) { function user_pwd($userid, $pwd) {
return wp_hash($userid . $pwd); return password_hash($userid . $pwd, PASSWORD_DEFAULT);
} }
function user_login($userid, $pwd, $params = null) { function user_login($userid, $pwd, $params = null) {
global $loggedin; global $loggedin;
$loggedin = false; $loggedin = false;
// get user data
$user = user_get($userid); $user = user_get($userid);
// user not found? get outta here
if (!isset($user) || !isset($user ['password'])) {
return $loggedin;
}
if (isset($user) && user_pwd($userid, $pwd) == $user ['password']) { // check the password
if (password_verify($userid . $pwd, $user ['password'])) {
$loggedin = true;
} //
// for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5)
elseif (wp_hash($userid . $pwd) == $user ['password']) {
$loggedin = true; $loggedin = true;
// re-hash password with current algorithm, ...
$user ['password'] = $pwd;
// ... save in user file ...
user_add($user);
// ... and update user data from re-read user file
$user = user_get($userid);
// after updating the user, we don't need the password hash file any more
io_delete_file(HASHSALT_FILE);
}
if ($loggedin) {
// session_regenerate_id(); // session_regenerate_id();
$expire = time() + 31536000; $expire = time() + 31536000;
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
} }
@ -116,5 +134,3 @@ function user_add($user) {
return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user')); return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user'));
} }
?>

662
fp-includes/core/core.wp-pluggable-funcs.php
View File

@ -1,15 +1,17 @@
<?php <?php
/* These functions can be replaced via plugins. They are loaded after /*
plugins are loaded. */ * These functions can be replaced via plugins. They are loaded after
* plugins are loaded.
*/
function _get_nextprev_link($nextprev) { function _get_nextprev_link($nextprev) {
global $fpdb; global $fpdb;
$q =& $fpdb->getQuery(); $q = & $fpdb->getQuery();
list($caption, $id) = call_user_func(array(&$q, 'get'.$nextprev)); list ($caption, $id) = call_user_func(array(
&$q,
'get' . $nextprev
));
if (!$id) if (!$id)
return null; return null;
@ -17,56 +19,51 @@
if ($q->single) { if ($q->single) {
$link = "?entry={$id}"; $link = "?entry={$id}";
} else { } else {
if ($_SERVER['QUERY_STRING']){ if ($_SERVER ['QUERY_STRING']) {
if ( strpos($_SERVER['QUERY_STRING'], 'paged')!==false ){ if (strpos($_SERVER ['QUERY_STRING'], 'paged') !== false) {
$link = '?'.preg_replace( $link = '?' . preg_replace('{paged=[0-9]+}', "paged={$id}", $_SERVER ['QUERY_STRING']);
'{paged=[0-9]+}',
"paged={$id}",
$_SERVER['QUERY_STRING']
);
} else { } else {
$link = '?' . $_SERVER['QUERY_STRING'] . "&paged={$id}"; $link = '?' . $_SERVER ['QUERY_STRING'] . "&paged={$id}";
} }
$link = str_replace('&', '&amp;', $link); $link = str_replace('&', '&amp;', $link);
} else { } else {
$link = "?paged={$id}"; $link = "?paged={$id}";
} }
} }
return array($caption, BLOG_BASEURL . $link); return array(
$caption,
BLOG_BASEURL . $link
);
}
} if (!function_exists('get_nextpage_link')) :
if (!function_exists('get_nextpage_link')) :
function get_nextpage_link() { function get_nextpage_link() {
global $fpdb; global $fpdb;
$q =& $fpdb->getQuery(); $q = & $fpdb->getQuery();
$a = _get_nextprev_link('NextPage'); $a = _get_nextprev_link('NextPage');
if ($q->single) { if ($q->single) {
$a[0] .= ' &raquo; '; $a [0] .= ' &raquo; ';
} }
return $a; return $a;
} }
endif; endif;
if (!function_exists('get_prevpage_link')) : if (!function_exists('get_prevpage_link')) :
function get_prevpage_link() {
function get_prevpage_link() {
global $fpdb; global $fpdb;
$q =& $fpdb->getQuery(); $q = & $fpdb->getQuery();
$a = _get_nextprev_link('PrevPage'); $a = _get_nextprev_link('PrevPage');
if ($q->single) { if ($q->single) {
$a[0] = ' &laquo; ' . $a[0]; $a [0] = ' &laquo; ' . $a [0];
} }
return $a; return $a;
@ -74,415 +71,430 @@
endif; endif;
function wp_filter_kses($str) {
function wp_filter_kses($str) {
return $str; return $str;
} }
//---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// WordPress pluggable functions // WordPress pluggable functions
//---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
/*
/* * get_currentuserinfo()
get_currentuserinfo() * Grabs the information of the current logged in user, if there is one. Essentially a
Grabs the information of the current logged in user, if there is one. Essentially a * wrapper for get_userdata(), but it also stores information in global variables.
wrapper for get_userdata(), but it also stores information in global variables. * get_userdata($userid)
get_userdata($userid) * Pulls user information for the specified user from the database.
Pulls user information for the specified user from the database. * get_userdatabylogin($user_login)
get_userdatabylogin($user_login) * Pulls user information for the specified user from the database.
Pulls user information for the specified user from the database. * wp_mail($to, $subject, $message, $headers = '')
wp_mail($to, $subject, $message, $headers = '') * A convenient wrapper for PHP's mail function.
A convenient wrapper for PHP's mail function. * wp_login($username, $password, $already_md5 = false)
wp_login($username, $password, $already_md5 = false) * Returns true if the specified username and password correspond to a registered
Returns true if the specified username and password correspond to a registered * user.
user. * auth_redirect()
auth_redirect() * If a user is not logged in, he or she will be redirected to WordPress' login page before
If a user is not logged in, he or she will be redirected to WordPress' login page before * being allowed to access content on the page from which this function was called.
being allowed to access content on the page from which this function was called. * Upon sucessfully logging in, the user is sent back to the page in question.
Upon sucessfully logging in, the user is sent back to the page in question. * wp_redirect($location)
wp_redirect($location) * Redirects a browser to the absolute URI specified by the $location parameter.
Redirects a browser to the absolute URI specified by the $location parameter. * wp_setcookie($username, $password, $already_md5 = false, $home =
wp_setcookie($username, $password, $already_md5 = false, $home = * '', $siteurl = '')
'', $siteurl = '') * Sets the WordPress cookies for a logged in user. See WordPress Cookies.
Sets the WordPress cookies for a logged in user. See WordPress Cookies. * wp_clearcookie()
wp_clearcookie() * Clears the cookies for a logged in user. See WordPress Cookies.
Clears the cookies for a logged in user. See WordPress Cookies. * wp_notify_postauthor($comment_id, $comment_type='')
wp_notify_postauthor($comment_id, $comment_type='') * Emails the author of the comment's post the content of the comment specified.
Emails the author of the comment's post the content of the comment specified. * wp_notify_moderator($comment_id)
wp_notify_moderator($comment_id) * Informs the administrative email account that the comment specified needs to be
Informs the administrative email account that the comment specified needs to be * moderated. See General Options SubPanel.
moderated. See General Options SubPanel.
*/ */
if (!function_exists('get_currentuserinfo')) :
function get_currentuserinfo() {
if ( !function_exists('get_currentuserinfo') ) : /*
function get_currentuserinfo() { * global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity;
/* global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity; * // *** retrieving user's data from cookies and db - no spoofing
// *** retrieving user's data from cookies and db - no spoofing *
* if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
if (isset($_COOKIE['wordpressuser_' . COOKIEHASH])) * $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH]; * $userdata = get_userdatabylogin($user_login);
$userdata = get_userdatabylogin($user_login); * $user_level = $userdata->user_level;
$user_level = $userdata->user_level; * $user_ID = $userdata->ID;
$user_ID = $userdata->ID; * $user_nickname = $userdata->user_nickname;
$user_nickname = $userdata->user_nickname; * $user_email = $userdata->user_email;
$user_email = $userdata->user_email; * $user_url = $userdata->user_url;
$user_url = $userdata->user_url; * $user_pass_md5 = md5($userdata->user_pass);
$user_pass_md5 = md5($userdata->user_pass); *
* $idmode = $userdata->user_idmode;
$idmode = $userdata->user_idmode; * if ($idmode == 'nickname') $user_identity = $userdata->user_nickname;
if ($idmode == 'nickname') $user_identity = $userdata->user_nickname; * if ($idmode == 'login') $user_identity = $userdata->user_login;
if ($idmode == 'login') $user_identity = $userdata->user_login; * if ($idmode == 'firstname') $user_identity = $userdata->user_firstname;
if ($idmode == 'firstname') $user_identity = $userdata->user_firstname; * if ($idmode == 'lastname') $user_identity = $userdata->user_lastname;
if ($idmode == 'lastname') $user_identity = $userdata->user_lastname; * if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname; * if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname; * if (!$idmode) $user_identity = $userdata->user_nickname;
if (!$idmode) $user_identity = $userdata->user_nickname; */
*/
}
endif;
if ( !function_exists('get_userdata') ) :
function get_userdata($userid) {
/* global $wpdb, $cache_userdata;
$userid = (int) $userid;
if ( empty($cache_userdata[$userid]) && $userid != 0) {
$cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid");
$cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid];
} }
return $cache_userdata[$userid];
*/
}
endif; endif;
if (!function_exists('get_userdata')) :
function get_userdata($userid) {
if ( !function_exists('get_userdatabylogin') ) : /*
function get_userdatabylogin($user_login) { * global $wpdb, $cache_userdata;
/* global $cache_userdata, $wpdb; * $userid = (int) $userid;
if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) { * if ( empty($cache_userdata[$userid]) && $userid != 0) {
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var * $cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid");
$cache_userdata[$user->ID] = $user; * $cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid];
$cache_userdata[$user_login] =& $cache_userdata[$user->ID]; * }
} else { *
$user = $cache_userdata[$user_login]; * return $cache_userdata[$userid];
*/
} }
return $user;
*/
}
endif; endif;
if (!function_exists('get_userdatabylogin')) :
function get_userdatabylogin($user_login) {
/*
* global $cache_userdata, $wpdb;
* if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) {
* $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var
* $cache_userdata[$user->ID] = $user;
* $cache_userdata[$user_login] =& $cache_userdata[$user->ID];
* } else {
* $user = $cache_userdata[$user_login];
* }
* return $user;
*/
}
endif;
if ( !function_exists('wp_mail') ) : if (!function_exists('wp_mail')) :
function wp_mail($to, $subject, $message, $headers = '') {
if( $headers == '' ) { function wp_mail($to, $subject, $message, $headers = '') {
$headers = "MIME-Version: 1.0\n" . if ($headers == '') {
"From: " . get_settings('admin_email') . "\n" . $headers = "MIME-Version: 1.0\n" . "From: " . get_settings('admin_email') . "\n" . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
"Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
} }
return @mail($to, $subject, $message, $headers); return @mail($to, $subject, $message, $headers);
} }
endif; endif;
if (!function_exists('wp_login')) :
function wp_login($username, $password, $already_md5 = false) {
if ( !function_exists('wp_login') ) : /*
function wp_login($username, $password, $already_md5 = false) { * global $wpdb, $error;
/* global $wpdb, $error; *
* if ( !$username )
if ( !$username ) * return false;
return false; *
* if ( !$password ) {
if ( !$password ) { * $error = __('<strong>Error</strong>: The password field is empty.');
$error = __('<strong>Error</strong>: The password field is empty.'); * return false;
return false; * }
*
* $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
*
* if (!$login) {
* $error = __('<strong>Error</strong>: Wrong username.');
* return false;
* } else {
* // If the password is already_md5, it has been double hashed.
* // Otherwise, it is plain text.
* if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
* return true;
* } else {
* $error = __('<strong>Error</strong>: Incorrect password.');
* $pwd = '';
* return false;
* }
* }
*/
} }
$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
if (!$login) {
$error = __('<strong>Error</strong>: Wrong username.');
return false;
} else {
// If the password is already_md5, it has been double hashed.
// Otherwise, it is plain text.
if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
return true;
} else {
$error = __('<strong>Error</strong>: Incorrect password.');
$pwd = '';
return false;
}
}
*/
}
endif; endif;
if ( !function_exists('auth_redirect') ) : if (!function_exists('auth_redirect')) :
function auth_redirect() {
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page // Checks if a user is logged in, if not redirects them to the login page
/* if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && /*
!wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) || * if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) &&
(empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) { * !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) ||
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); * (empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) {
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); * header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Cache-Control: no-cache, must-revalidate, max-age=0'); * header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Pragma: no-cache'); * header('Cache-Control: no-cache, must-revalidate, max-age=0');
* header('Pragma: no-cache');
header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI'])); *
exit(); * header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
* exit();
* }
*/
} }
*/
}
endif; endif;
// Cookie safe redirect. Works around IIS Set-Cookie bug. // Cookie safe redirect. Works around IIS Set-Cookie bug.
// http://support.microsoft.com/kb/q176113/ // http://support.microsoft.com/kb/q176113/
if ( !function_exists('wp_redirect') ) : if (!function_exists('wp_redirect')) :
function wp_redirect($location, $status = 302) {
function wp_redirect($location, $status = 302) {
global $is_IIS; global $is_IIS;
$location = apply_filters('wp_redirect', $location, $status); $location = apply_filters('wp_redirect', $location, $status);
if ( !$location ) // allows the wp_redirect filter to cancel a redirect if (!$location) // allows the wp_redirect filter to cancel a redirect
return false; return false;
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location); $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
# $location = wp_kses_no_null($location); // $location = wp_kses_no_null($location);
$location = preg_replace('/\0+/', '', $location); $location = preg_replace('/\0+/', '', $location);
$location = preg_replace('/(\\\\0)+/', '', $location); $location = preg_replace('/(\\\\0)+/', '', $location);
$strip = array(
$strip = array('%0d', '%0a'); '%0d',
'%0a'
);
$location = str_replace($strip, '', $location); $location = str_replace($strip, '', $location);
if ( $is_IIS ) { if ($is_IIS) {
header("Refresh: 0;url=$location"); header("Refresh: 0;url=$location");
} else { } else {
if ( php_sapi_name() != 'cgi-fcgi' ) if (php_sapi_name() != 'cgi-fcgi')
utils_status_header($status); // This causes problems on IIS and some FastCGI setups utils_status_header($status); // This causes problems on IIS and some FastCGI setups
header("Location: $location"); header("Location: $location");
} }
} }
endif; endif;
if (!function_exists('wp_setcookie')) :
if ( !function_exists('wp_setcookie') ) : function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') {
function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') { if (!$already_md5)
if ( !$already_md5 ) $password = md5(md5($password)); // Double hash the password in the cookie.
$password = md5( md5($password) ); // Double hash the password in the cookie.
if ( empty($home) ) if (empty($home))
$cookiepath = COOKIEPATH; $cookiepath = COOKIEPATH;
else else
$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' ); $cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/');
if ( empty($siteurl) ) { if (empty($siteurl)) {
$sitecookiepath = SITECOOKIEPATH; $sitecookiepath = SITECOOKIEPATH;
$cookiehash = COOKIEHASH; $cookiehash = COOKIEHASH;
} else { } else {
$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' ); $sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/');
$cookiehash = md5($siteurl); $cookiehash = md5($siteurl);
} }
setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $cookiepath); setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath);
setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $cookiepath); setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath);
if ( $cookiepath != $sitecookiepath ) { if ($cookiepath != $sitecookiepath) {
setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $sitecookiepath); setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath);
setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $sitecookiepath); setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath);
}
} }
}
endif; endif;
if ( !function_exists('wp_clearcookie') ) : if (!function_exists('wp_clearcookie')) :
function wp_clearcookie() {
function wp_clearcookie() {
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH); setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH); setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH); setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH); setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
} }
endif; endif;
if (!function_exists('check_admin_referer')) :
function check_admin_referer($action = -1) {
if ( !function_exists('check_admin_referer') ) :
function check_admin_referer($action = -1) {
$adminurl = BLOG_BASEURL . 'admin.php'; $adminurl = BLOG_BASEURL . 'admin.php';
$referer = strtolower(wp_get_referer()); $referer = strtolower(wp_get_referer());
if ( !wp_verify_nonce(@$_REQUEST['_wpnonce'], $action) && if (!wp_verify_nonce(@$_REQUEST ['_wpnonce'], $action) && !(-1 == $action && strstr($referer, $adminurl))) {
!(-1 == $action && strstr($referer, $adminurl)) ) {
wp_nonce_ays($action); wp_nonce_ays($action);
die(); die();
} }
do_action('check_admin_referer', $action); do_action('check_admin_referer', $action);
} }
endif; endif;
if (!function_exists('wp_verify_nonce')) :
if ( !function_exists('wp_verify_nonce') ) : function wp_verify_nonce($nonce, $action = -1) {
function wp_verify_nonce($nonce, $action = -1) {
$user = user_get(); $user = user_get();
$uid = $user['userid']; $uid = $user ['userid'];
$i = ceil(time() / 43200); $i = ceil(time() / 43200);
//Allow for expanding range, but only do one check if we can // Allow for expanding range, but only do one check if we can
if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce ) if (substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
return true; return true;
return false; return false;
} }
endif; endif;
if ( !function_exists('wp_create_nonce') ) : if (!function_exists('wp_create_nonce')) :
function wp_create_nonce($action = -1) {
function wp_create_nonce($action = -1) {
$user = user_get(); $user = user_get();
$uid = $user['userid']; $uid = $user ['userid'];
$i = ceil(time() / 43200); $i = ceil(time() / 43200);
return substr(wp_hash($i . $action . $uid), -12, 10); return substr(wp_hash($i . $action . $uid), -12, 10);
} }
endif; endif;
if ( !function_exists('wp_salt') ) : if (!function_exists('wp_salt')) :
function wp_salt() {
/**
*
* @return NULL|unknown
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
function wp_salt() {
global $fp_config; global $fp_config;
static $salt = null; static $salt = null;
if (!$salt) { if (!$salt) {
@include(HASHSALT_FILE); @include (HASHSALT_FILE);
if (!$fp_hashsalt) if (!$fp_hashsalt)
trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR); trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR);
$salt = $fp_hashsalt; $salt = $fp_hashsalt;
} }
return $salt; return $salt;
} }
endif; endif;
if ( !function_exists('wp_hash') ) : if (!function_exists('wp_hash')) :
function wp_hash($data) {
/**
*
* @param unknown $data
* @return string
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
function wp_hash($data) {
$salt = wp_salt(); $salt = wp_salt();
return md5($data . $salt); return md5($data . $salt);
} }
endif; endif;
if (!function_exists('wp_notify_postauthor')) :
if ( ! function_exists('wp_notify_postauthor') ) : function wp_notify_postauthor($comment_id, $comment_type = '') {
function wp_notify_postauthor($comment_id, $comment_type='') { /*
/* global $wpdb; * global $wpdb;
*
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); * $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1"); * $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1"); * $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
*
if ('' == $user->user_email) return false; // If there's no email to send the comment to * if ('' == $user->user_email) return false; // If there's no email to send the comment to
*
$comment_author_domain = gethostbyaddr($comment->comment_author_IP); * $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
*
$blogname = get_settings('blogname'); * $blogname = get_settings('blogname');
*
if ( empty( $comment_type ) ) $comment_type = 'comment'; * if ( empty( $comment_type ) ) $comment_type = 'comment';
*
if ('comment' == $comment_type) { * if ('comment' == $comment_type) {
$notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n"; * $notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; * $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n"; * $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n"; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n"; * $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n"; * $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= __('You can see all comments on this post here: ') . "\r\n"; * $notify_message .= __('You can see all comments on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title ); * $subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
} elseif ('trackback' == $comment_type) { * } elseif ('trackback' == $comment_type) {
$notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n"; * $notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; * $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n"; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n"; * $notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n"; * $notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title ); * $subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
} elseif ('pingback' == $comment_type) { * } elseif ('pingback' == $comment_type) {
$notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n"; * $notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; * $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n"; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n"; * $notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n";
$notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n"; * $notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title ); * $subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
} * }
$notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n"; * $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n"; * $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
*
if ('' == $comment->comment_author_email || '' == $comment->comment_author) { * if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
$from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>'; * $from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
} else { * } else {
$from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>"; * $from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
} * }
*
$notify_message = apply_filters('comment_notification_text', $notify_message); * $notify_message = apply_filters('comment_notification_text', $notify_message);
$subject = apply_filters('comment_notification_subject', $subject); * $subject = apply_filters('comment_notification_subject', $subject);
$message_headers = apply_filters('comment_notification_headers', $message_headers); * $message_headers = apply_filters('comment_notification_headers', $message_headers);
*
$message_headers = "MIME-Version: 1.0\n" * $message_headers = "MIME-Version: 1.0\n"
. "$from\n" * . "$from\n"
. "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n"; * . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
*
@wp_mail($user->user_email, $subject, $notify_message, $message_headers); * @wp_mail($user->user_email, $subject, $notify_message, $message_headers);
*
return true; * return true;
*/
}
endif;
/* wp_notify_moderator
notifies the moderator of the blog (usually the admin)
about a new comment that waits for approval
always returns true
*/ */
if ( !function_exists('wp_notify_moderator') ) : }
function wp_notify_moderator($comment_id) { endif;
/* global $wpdb;
if( get_settings( "moderation_notify" ) == 0 ) /*
return true; * wp_notify_moderator
* notifies the moderator of the blog (usually the admin)
* about a new comment that waits for approval
* always returns true
*/
if (!function_exists('wp_notify_moderator')) :
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); function wp_notify_moderator($comment_id) {
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1"); /*
* global $wpdb;
$comment_author_domain = gethostbyaddr($comment->comment_author_IP); *
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); * if( get_settings( "moderation_notify" ) == 0 )
* return true;
$notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n"; *
$notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n"; * $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; * $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n"; *
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n"; * $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n"; * $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n"; *
$notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n"; * $notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n"; * $notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
$notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n"; * $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n"; * $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
* $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title ); * $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$admin_email = get_settings("admin_email"); * $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
* $notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$notify_message = apply_filters('comment_moderation_text', $notify_message); * $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$subject = apply_filters('comment_moderation_subject', $subject); * $notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n";
* $notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
@wp_mail($admin_email, $subject, $notify_message); *
* $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title );
return true; * $admin_email = get_settings("admin_email");
*/ *
} * $notify_message = apply_filters('comment_moderation_text', $notify_message);
* $subject = apply_filters('comment_moderation_subject', $subject);
*
* @wp_mail($admin_email, $subject, $notify_message);
*
* return true;
*/
}
endif; endif;
?> ?>

97
setup/lib/main.lib.php
View File

@ -1,14 +1,8 @@
<?php <?php
$err = array(); $err = array();
function print_done_fail($label, $bool) { function print_done_fail($label, $bool) {
echo echo "<li>", $label . ' <strong style="color :' . (($bool) ? 'green;">DONE' : 'red;">FAILED') . '</strong><br />', "</li>\n";
"<li>",
$label.' <strong style="color :' .
(($bool)? 'green;">DONE' : 'red;">FAILED') .
'</strong><br />',
"</li>\n";
} }
function config_exist() { function config_exist() {
@ -30,24 +24,26 @@ function remove_checkfile() {
} }
function setupid() { function setupid() {
global $setupid; global $setupid;
if (isset($_POST['setupid'])) { if (isset($_POST ['setupid'])) {
$setupid = $_POST['setupid']; $setupid = $_POST ['setupid'];
} else { } else {
$setupid = system_generate_id(BLOG_BASEURL . $_SERVER['HTTP_HOST']); $setupid = system_generate_id(BLOG_BASEURL . $_SERVER ['HTTP_HOST']);
} }
return $setupid; return $setupid;
} }
function getstep(&$id) { function getstep(&$id) {
global $err; global $err;
$STEPS = array('locked', 'step1', 'step2', 'step3'); $STEPS = array(
$MAXST = count($STEPS)-1; 'locked',
'step1',
'step2',
'step3'
);
$MAXST = count($STEPS) - 1;
$i = 0; $i = 0;
@ -57,10 +53,9 @@ function getstep(&$id) {
$setupid = setupid(); $setupid = setupid();
if(!$setupid) if (!$setupid)
die('Setup is running'); die('Setup is running');
if (!file_exists(SETUPTEMP_FILE)) { if (!file_exists(SETUPTEMP_FILE)) {
if (empty($_POST)) if (empty($_POST))
$i = 0; $i = 0;
@ -68,14 +63,14 @@ function getstep(&$id) {
$i = 1; $i = 1;
} else { } else {
$x = explode(',', io_load_file(SETUPTEMP_FILE)); $x = explode(',', io_load_file(SETUPTEMP_FILE));
if ($x[0]!=$setupid) if ($x [0] != $setupid)
die('Setup is running: if you are the owner, you can delete ' . die('Setup is running: if you are the owner, you can delete ' . SETUPTEMP_FILE . ' to restart');
SETUPTEMP_FILE .' to restart'); $i = intval($x [1]);
$i = intval($x[1]);
} }
@include("./setup/lib/{$STEPS[$i]}.lib.php"); @include ("./setup/lib/{$STEPS[$i]}.lib.php");
if (!function_exists('check_step')) : if (!function_exists('check_step')) :
function check_step() { function check_step() {
return true; return true;
} }
@ -83,73 +78,59 @@ function getstep(&$id) {
if (check_step()) { if (check_step()) {
++$i; ++$i;
if ($i>=$MAXST) { if ($i >= $MAXST) {
fs_delete(SETUPTEMP_FILE); fs_delete(SETUPTEMP_FILE);
io_write_file(LOCKFILE, "locked"); io_write_file(LOCKFILE, "locked");
} else { } else {
if ($i > 0 && !@io_write_file(SETUPTEMP_FILE, "$setupid,$i")) { if ($i > 0 && !@io_write_file(SETUPTEMP_FILE, "$setupid,$i")) {
$err[] = 'Write error'; $err [] = 'Write error';
}
} }
} }
} }
} $id = $STEPS [$i];
$id = $STEPS[ $i ];
return $i; return $i;
} }
function validate() { function validate() {
if (!ctype_alnum($_POST['fpuser'])) if (!ctype_alnum($_POST ['fpuser']))
$err[] = "{$_POST['fpuser']} is not a valid username. $err [] = "{$_POST['fpuser']} is not a valid username.
Username must be alphanumeric and should not contain spaces."; Username must be alphanumeric and should not contain spaces.";
if (strlen(trim(($_POST['fppwd']))) < 6) if (strlen(trim(($_POST ['fppwd']))) < 6)
$err[] = "Password must contain at least 6 non-space characters"; $err [] = "Password must contain at least 6 non-space characters";
if (($_POST['fppwd'])!=($_POST['fppwd2'])) if (($_POST ['fppwd']) != ($_POST ['fppwd2']))
$err[] = "Passwords did not match"; $err [] = "Passwords did not match";
if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST['email']) || if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST ['email']) || preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST ['email'])))
preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST['email']))) $err [] = "{$_POST['email']} is not a valid email address";
$err[] = "{$_POST['email']} is not a valid email address";
$www = $_POST['www']; $www = $_POST ['www'];
if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) || preg_match('!^http(s)?://localhost!', $www)))
|| preg_match('!^http(s)?://localhost!', $www))) $err [] = "$www is not a valid URL";
$err[] = "$www is not a valid URL"; if ($www && $www [strlen($www) - 1] != '/')
if ($www && $www[strlen($www)-1]!='/')
$www .= '/'; $www .= '/';
global $fp_config; global $fp_config;
$fp_config['general']['author'] = $user['userid'] = $_POST['fpuser']; $fp_config ['general'] ['author'] = $user ['userid'] = $_POST ['fpuser'];
$user['password'] = $_POST['fppwd']; $user ['password'] = $_POST ['fppwd'];
$fp_config['general']['www'] = $user['www'] = $www;
$fp_config['general']['email'] = $user['email'] = $_POST['email'];
$fp_config ['general'] ['www'] = $user ['www'] = $www;
$fp_config ['general'] ['email'] = $user ['email'] = $_POST ['email'];
if (isset($err)) { if (isset($err)) {
$GLOBALS['err']=$err; $GLOBALS ['err'] = $err;
return false; return false;
} }
$fp_config ['general'] ['blogid'] = system_generate_id(BLOG_ROOT . $user ['www'] . $user ['email'] . $user ['userid']);
$fp_config['general']['blogid'] = system_generate_id(
BLOG_ROOT.
$user['www'].
$user['email'].
$user['userid']
);
config_save(); config_save();
system_hashsalt_save();
user_add($user); user_add($user);
return true; return true;