Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for #59: Updated password hash algorithm from md5 to bcrypt (via password_hash() function). Thanks a lot, @axelhahn!

Browse Source 
In detail: Added function io_delete_file(). Removed system_hashsalt_save(). Added password hash update mechanics to user_login().
This commit is contained in:
azett 2020-12-19 14:02:27 +01:00
parent 5a0b7541e7
commit f265b22b0b
6 changed files with 771 additions and 778 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

253
defaults.php
View File

@ -1,168 +1,159 @@
<?php <?php
// defaults.php // defaults.php
// this file defines standard positions of some important // this file defines standard positions of some important
// dirs or files. // dirs or files.
// For security reasons // For security reasons
// these can't be modified in the common settings panels // these can't be modified in the common settings panels
// but only through this file. // but only through this file.
// If you want to change these constants, just change // If you want to change these constants, just change
// the second parameter. // the second parameter.
// We suggest not to define here your owns, but instead // We suggest not to define here your owns, but instead
// inmplementing them as plugins // inmplementing them as plugins
// legacy mode; needed with some ill-formed spb files
define('DUMB_MODE_ENABLED', false);
// default file permissions
// change file to 644 and dir to 755 if your webserver "complains"
define('FILE_PERMISSIONS', 0777);
define('DIR_PERMISSIONS', 0777);
// legacy mode; needed with some ill-formed spb files // first some webserver setup...
define('DUMB_MODE_ENABLED', false);
// default file permissions
// change file to 644 and dir to 755 if your webserver "complains"
define('FILE_PERMISSIONS', 0777);
define('DIR_PERMISSIONS', 0777);
// here's where your server save session-related stuff.
// If you don't experience any session-related problem, you
// you can leave it blank and it will default to standard webserver config
define('SESSION_PATH', '');
// absolute path to your webserver dir; if you don't experience any problem
// you can leave this as it is
define('ABS_PATH', dirname(__FILE__) . '/');
// here was blog root in earlier versions. This has been moved to config_load()
// first some webserver setup... // here are default config files
define('FP_DEFAULTS', 'fp-defaults/');
// here's where your server save session-related stuff. // all writable directories go here.
// If you don't experience any session-related problem, you define('FP_CONTENT', 'fp-content/'); // must be chmodded to 0777
// you can leave it blank and it will default to standard webserver config
define('SESSION_PATH', '');
// absolute path to your webserver dir; if you don't experience any problem
// you can leave this as it is
define('ABS_PATH', dirname(__FILE__).'/');
// here was blog root in earlier versions. This has been moved to config_load()
// blog configurations files
define('CONFIG_DIR', FP_CONTENT . 'config/'); // must be chmodded to 0777
define('CONFIG_FILE', CONFIG_DIR . 'settings.conf.php');
// here are default config files /**
define('FP_DEFAULTS', 'fp-defaults/'); *
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
define('HASHSALT_FILE', CONFIG_DIR . 'hashsalt.conf.php');
define('CONFIG_DEFAULT', FP_DEFAULTS . 'settings-defaults.php');
define('USERS_DIR', FP_CONTENT . 'users/');
// here we'll store all your entries, comments, static pages and blocks
// comments are stored automatically in subdirs of the dir CONTENT_DIR
define('CONTENT_DIR', FP_CONTENT . 'content/');
// define('BLOCKS_DIR', CONTENT_DIR . 'blocks/');
// all writable directories go here. // !!! CRITICAL !!!
define('FP_CONTENT', 'fp-content/'); //must be chmodded to 0777 // all includes file
define('FP_INCLUDES', 'fp-includes/');
// blog configurations files // core include scripts
define('CONFIG_DIR', FP_CONTENT . 'config/'); //must be chmodded to 0777 define('INCLUDES_DIR', FP_INCLUDES . 'core/');
define('CONFIG_FILE', CONFIG_DIR . 'settings.conf.php'); // smarty engine
define('HASHSALT_FILE', CONFIG_DIR . 'hashsalt.conf.php'); define('SMARTY_DIR', ABS_PATH . FP_INCLUDES . 'smarty/');
define('CONFIG_DEFAULT', FP_DEFAULTS. 'settings-defaults.php');
define('USERS_DIR', FP_CONTENT . 'users/');
// here we'll store all your entries, comments, static pages and blocks define('FP_INTERFACE', 'fp-interface/');
// comments are stored automatically in subdirs of the dir CONTENT_DIR // theme dir
define('CONTENT_DIR', FP_CONTENT . 'content/'); define('THEMES_DIR', FP_INTERFACE . 'themes/');
//define('BLOCKS_DIR', CONTENT_DIR . 'blocks/'); // language files
define('LANG_DIR', FP_INTERFACE . 'lang/');
// misc forms
define('SHARED_TPLS', ABS_PATH . FP_INTERFACE . 'sharedtpls/');
// here is where all plugins are saved
define('PLUGINS_DIR', 'fp-plugins/');
// !!! CRITICAL !!! define('ADMIN_DIR', 'admin/');
// all includes file
define('FP_INCLUDES', 'fp-includes/');
// core include scripts // cache file name and path.
define('INCLUDES_DIR', FP_INCLUDES . 'core/'); define('CACHE_DIR', FP_CONTENT . 'cache/');
// smarty engine define('CACHE_FILE', '%%cached_list.php');
define('SMARTY_DIR', ABS_PATH . FP_INCLUDES . 'smarty/');
define('INDEX_DIR', FP_CONTENT . 'index/');
define('LOCKFILE', FP_CONTENT . '%%setup.lock');
define('FP_INTERFACE', 'fp-interface/'); // these will be probably moved soon to plugins
// theme dir // here is where all the uploaded images will be saved
define('THEMES_DIR', FP_INTERFACE . 'themes/'); define('IMAGES_DIR', FP_CONTENT . 'images/');
// language files // here is where all the attachments will be saved
define('LANG_DIR', FP_INTERFACE . 'lang/'); define('ATTACHS_DIR', FP_CONTENT . 'attachs/');
// misc forms
define('SHARED_TPLS', ABS_PATH . FP_INTERFACE . 'sharedtpls/');
define('LANG_DEFAULT', 'en-us');
define('BPT_SORT', SORT_DESC);
set_include_path(ABS_PATH);
// here is where all plugins are saved //
define('PLUGINS_DIR', 'fp-plugins/'); // original Flatpress 1.0.3 coding disabled
//
// compatibility with ISS
// if (!isset($_SERVER['REQUEST_URI']))
// $_SERVER['REQUEST_URI'] = 'http://localhost/flatpress/';
define('ADMIN_DIR', 'admin/'); // #define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
// define('BLOG_ROOT', ('/'==($v=dirname($_SERVER['SCRIPT_NAME']))? $v : $v.'/') );
// define('BLOG_BASEURL', 'http://'.$_SERVER['HTTP_HOST']. BLOG_ROOT);
// cache file name and path. //
define('CACHE_DIR', FP_CONTENT . 'cache/'); // Adding security and HTTPS support
define('CACHE_FILE', '%%cached_list.php'); //
define('INDEX_DIR', FP_CONTENT.'index/'); ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
define('LOCKFILE', FP_CONTENT . '%%setup.lock'); if (isset($_SERVER ['HTTPS'])) {
$_SERVER ['HTTPS'] = htmlspecialchars($_SERVER ['HTTPS'], ENT_QUOTES, "UTF-8");
}
$serverport = "false";
// Unterstützung für Apache und IIS
if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
$serverport = "https://";
// Uses a secure connection (HTTPS) if possible
ini_set('session.cookie_secure', 1);
} else {
$serverport = "http://";
}
// compatibility with ISS
$_SERVER ["REQUEST_URI"] = htmlspecialchars($_SERVER ["REQUEST_URI"], ENT_QUOTES, "UTF-8");
if (!isset($_SERVER ['REQUEST_URI']))
$_SERVER ['REQUEST_URI'] = $serverport . 'localhost/flatpress/';
// these will be probably moved soon to plugins // define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
// here is where all the uploaded images will be saved define('BLOG_ROOT', ('/' == ($v = dirname($_SERVER ['SCRIPT_NAME'])) ? $v : $v . '/'));
define('IMAGES_DIR', FP_CONTENT . 'images/');
// here is where all the attachments will be saved
define('ATTACHS_DIR', FP_CONTENT . 'attachs/');
define('BLOG_BASEURL', $serverport . $_SERVER ['HTTP_HOST'] . BLOG_ROOT);
define('LANG_DEFAULT', 'en-us'); //
define('BPT_SORT', SORT_DESC); // OWASP - Browser Cache - How can the browser cache be used in attacks?
// https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#How_can_the_browser_cache_be_used_in_attacks.3F
//
set_include_path(ABS_PATH); // http://stackoverflow.com/questions/13640109/how-to-prevent-browser-cache-for-php-site
//
// header('Expires: Sun, 01 Jan 2015 00:00:00 GMT');
// original Flatpress 1.0.3 coding disabled header('Cache-Control: no-store, no-cache, must-revalidate');
// header('Cache-Control: post-check=0, pre-check=0', FALSE);
// compatibility with ISS header('Pragma: no-cache');
// if (!isset($_SERVER['REQUEST_URI'])) //
// $_SERVER['REQUEST_URI'] = 'http://localhost/flatpress/'; // http://de.wikipedia.org/wiki/Liste_der_HTTP-Headerfelder
//
// #define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/'); header('X-Frame-Options: SAMEORIGIN');
// define('BLOG_ROOT', ('/'==($v=dirname($_SERVER['SCRIPT_NAME']))? $v : $v.'/') ); header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
// define('BLOG_BASEURL', 'http://'.$_SERVER['HTTP_HOST']. BLOG_ROOT);
//
// Adding security and HTTPS support
//
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
if (isset($_SERVER['HTTPS'])) {
$_SERVER['HTTPS'] = htmlspecialchars($_SERVER['HTTPS'], ENT_QUOTES, "UTF-8");
}
$serverport = "false";
// Unterstützung für Apache und IIS
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == '1' || strtolower($_SERVER['HTTPS'])=='on')) {
$serverport = "https://";
// Uses a secure connection (HTTPS) if possible
ini_set('session.cookie_secure', 1);
} else {
$serverport = "http://";
}
// compatibility with ISS
$_SERVER["REQUEST_URI"] = htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES, "UTF-8");
if (!isset($_SERVER['REQUEST_URI']))
$_SERVER['REQUEST_URI'] = $serverport . 'localhost/flatpress/';
#define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
define('BLOG_ROOT', ('/'==($v=dirname($_SERVER['SCRIPT_NAME']))? $v : $v.'/') );
define('BLOG_BASEURL', $serverport . $_SERVER['HTTP_HOST'] . BLOG_ROOT);
//
// OWASP - Browser Cache - How can the browser cache be used in attacks?
// https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#How_can_the_browser_cache_be_used_in_attacks.3F
//
// http://stackoverflow.com/questions/13640109/how-to-prevent-browser-cache-for-php-site
//
header('Expires: Sun, 01 Jan 2015 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
//
// http://de.wikipedia.org/wiki/Liste_der_HTTP-Headerfelder
//
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
// //
// End of send header // End of send header
// //

80
fp-includes/core/core.fileio.php
View File

@ -1,58 +1,60 @@
<?php <?php
// fileio.php // fileio.php
// low-level io-handling functions // low-level io-handling functions
function io_write_file($filename, $data) {
@umask(0);
$dir = dirname($filename);
if (fs_mkdir($dir)) {
$f = fopen($filename, "w");
if ($f) {
function io_write_file($filename, $data) { if (!flock($f, LOCK_EX))
@umask(0); return -1;
$dir = dirname($filename);
if (fs_mkdir($dir)) {
$f = fopen($filename, "w");
if ($f) {
if (!flock($f, LOCK_EX)) $length = strlen($data);
return -1; $done = fwrite($f, $data);
$length = strlen($data); flock($f, LOCK_UN);
$done = fwrite($f, $data);
flock($f, LOCK_UN); fclose($f);
fclose($f); @chmod($filename, FILE_PERMISSIONS);
@chmod($filename, FILE_PERMISSIONS); // returns true on success
//returns true on success
return($length == $done);
}
return ($length == $done);
} }
return false;
} }
function io_load_file($filename) { return false;
}
if (file_exists($filename)) { function io_load_file($filename) {
if (function_exists('file_get_contents')) if (file_exists($filename)) {
return file_get_contents($filename); if (function_exists('file_get_contents'))
return file_get_contents($filename);
$f = fopen($filename, "r"); $f = fopen($filename, "r");
if ($f) { if ($f) {
if (!flock($f, LOCK_SH)) if (!flock($f, LOCK_SH))
return -1; return -1;
$contents = fread($f, filesize($filename)); $contents = fread($f, filesize($filename));
flock($f, LOCK_UN); flock($f, LOCK_UN);
fclose($f); fclose($f);
//returns contents as string on success // returns contents as string on success
return($contents); return ($contents);
}
} }
//trigger_error("io_load_file: $filename does not exists", E_USER_ERROR); }
// trigger_error("io_load_file: $filename does not exists", E_USER_ERROR);
return false;
}
function io_delete_file($filename) {
if (!file_exists($filename)) {
return false; return false;
} }
return unlink($filename);
}

11
fp-includes/core/core.system.php
View File

@ -59,15 +59,6 @@ function system_save($file, $array) {
// } else die('Wrong number of parameters!'); // } else die('Wrong number of parameters!');
} }
function system_hashsalt_save($force = false) {
global $fp_config;
if ($force || !file_exists(HASHSALT_FILE))
return system_save(HASHSALT_FILE, array(
'fp_hashsalt' => $fp_config ['general'] ['blogid'] . ABS_PATH . BLOG_BASEURL . mt_rand()
));
return true;
}
define('SYSTEM_VER', '1.2.dev'); define('SYSTEM_VER', '1.2.dev');
function system_ver() { function system_ver() {
@ -217,7 +208,7 @@ function system_geterr($module = '') {
function system_dpr($action, $content) { function system_dpr($action, $content) {
$p = print_r($content, 1); $p = print_r($content, 1);
add_action($action, function() use ($p) { add_action($action, function () use ($p) {
echo "<pre style='position:absolute'>$p</pre>"; echo "<pre style='position:absolute'>$p</pre>";
}); });
} }

32
fp-includes/core/core.users.php
View File

@ -31,24 +31,42 @@ function user_list() {
} }
function user_pwd($userid, $pwd) { function user_pwd($userid, $pwd) {
return wp_hash($userid . $pwd); return password_hash($userid . $pwd, PASSWORD_DEFAULT);
} }
function user_login($userid, $pwd, $params = null) { function user_login($userid, $pwd, $params = null) {
global $loggedin; global $loggedin;
$loggedin = false; $loggedin = false;
// get user data
$user = user_get($userid); $user = user_get($userid);
// user not found? get outta here
if (!isset($user) || !isset($user ['password'])) {
return $loggedin;
}
if (isset($user) && user_pwd($userid, $pwd) == $user ['password']) { // check the password
if (password_verify($userid . $pwd, $user ['password'])) {
$loggedin = true;
} //
// for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5)
elseif (wp_hash($userid . $pwd) == $user ['password']) {
$loggedin = true; $loggedin = true;
// re-hash password with current algorithm, ...
$user ['password'] = $pwd;
// ... save in user file ...
user_add($user);
// ... and update user data from re-read user file
$user = user_get($userid);
// after updating the user, we don't need the password hash file any more
io_delete_file(HASHSALT_FILE);
}
if ($loggedin) {
// session_regenerate_id(); // session_regenerate_id();
$expire = time() + 31536000; $expire = time() + 31536000;
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
} }
@ -116,5 +134,3 @@ function user_add($user) {
return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user')); return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user'));
} }
?>

802
fp-includes/core/core.wp-pluggable-funcs.php
View File

@ -1,72 +1,69 @@
<?php <?php
/* These functions can be replaced via plugins. They are loaded after /*
plugins are loaded. */ * These functions can be replaced via plugins. They are loaded after
* plugins are loaded.
*/
function _get_nextprev_link($nextprev) {
global $fpdb;
$q = & $fpdb->getQuery();
list ($caption, $id) = call_user_func(array(
&$q,
'get' . $nextprev
));
function _get_nextprev_link($nextprev) { if (!$id)
return null;
global $fpdb; if ($q->single) {
$q =& $fpdb->getQuery(); $link = "?entry={$id}";
} else {
list($caption, $id) = call_user_func(array(&$q, 'get'.$nextprev)); if ($_SERVER ['QUERY_STRING']) {
if (!$id)
return null;
if ($q->single) {
$link = "?entry={$id}";
} else {
if ($_SERVER['QUERY_STRING']){
if ( strpos($_SERVER['QUERY_STRING'], 'paged')!==false ){
$link = '?'.preg_replace(
'{paged=[0-9]+}',
"paged={$id}",
$_SERVER['QUERY_STRING']
);
} else {
$link = '?' . $_SERVER['QUERY_STRING'] . "&paged={$id}";
}
$link = str_replace('&', '&amp;', $link);
if (strpos($_SERVER ['QUERY_STRING'], 'paged') !== false) {
$link = '?' . preg_replace('{paged=[0-9]+}', "paged={$id}", $_SERVER ['QUERY_STRING']);
} else { } else {
$link = "?paged={$id}"; $link = '?' . $_SERVER ['QUERY_STRING'] . "&paged={$id}";
} }
$link = str_replace('&', '&amp;', $link);
} else {
$link = "?paged={$id}";
} }
return array($caption, BLOG_BASEURL . $link);
} }
if (!function_exists('get_nextpage_link')) : return array(
function get_nextpage_link() { $caption,
BLOG_BASEURL . $link
);
}
if (!function_exists('get_nextpage_link')) :
function get_nextpage_link() {
global $fpdb; global $fpdb;
$q =& $fpdb->getQuery(); $q = & $fpdb->getQuery();
$a = _get_nextprev_link('NextPage'); $a = _get_nextprev_link('NextPage');
if ($q->single) { if ($q->single) {
$a[0] .= ' &raquo; '; $a [0] .= ' &raquo; ';
} }
return $a; return $a;
} }
endif; endif;
if (!function_exists('get_prevpage_link')) : if (!function_exists('get_prevpage_link')) :
function get_prevpage_link() {
function get_prevpage_link() {
global $fpdb; global $fpdb;
$q =& $fpdb->getQuery(); $q = & $fpdb->getQuery();
$a = _get_nextprev_link('PrevPage'); $a = _get_nextprev_link('PrevPage');
if ($q->single) { if ($q->single) {
$a[0] = ' &laquo; ' . $a[0]; $a [0] = ' &laquo; ' . $a [0];
} }
return $a; return $a;
@ -74,415 +71,430 @@
endif; endif;
function wp_filter_kses($str) {
return $str;
function wp_filter_kses($str) {
return $str;
}
//----------------------------------------------------------------------------
// WordPress pluggable functions
//----------------------------------------------------------------------------
/*
get_currentuserinfo()
Grabs the information of the current logged in user, if there is one. Essentially a
wrapper for get_userdata(), but it also stores information in global variables.
get_userdata($userid)
Pulls user information for the specified user from the database.
get_userdatabylogin($user_login)
Pulls user information for the specified user from the database.
wp_mail($to, $subject, $message, $headers = '')
A convenient wrapper for PHP's mail function.
wp_login($username, $password, $already_md5 = false)
Returns true if the specified username and password correspond to a registered
user.
auth_redirect()
If a user is not logged in, he or she will be redirected to WordPress' login page before
being allowed to access content on the page from which this function was called.
Upon sucessfully logging in, the user is sent back to the page in question.
wp_redirect($location)
Redirects a browser to the absolute URI specified by the $location parameter.
wp_setcookie($username, $password, $already_md5 = false, $home =
'', $siteurl = '')
Sets the WordPress cookies for a logged in user. See WordPress Cookies.
wp_clearcookie()
Clears the cookies for a logged in user. See WordPress Cookies.
wp_notify_postauthor($comment_id, $comment_type='')
Emails the author of the comment's post the content of the comment specified.
wp_notify_moderator($comment_id)
Informs the administrative email account that the comment specified needs to be
moderated. See General Options SubPanel.
*/
if ( !function_exists('get_currentuserinfo') ) :
function get_currentuserinfo() {
/* global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity;
// *** retrieving user's data from cookies and db - no spoofing
if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
$userdata = get_userdatabylogin($user_login);
$user_level = $userdata->user_level;
$user_ID = $userdata->ID;
$user_nickname = $userdata->user_nickname;
$user_email = $userdata->user_email;
$user_url = $userdata->user_url;
$user_pass_md5 = md5($userdata->user_pass);
$idmode = $userdata->user_idmode;
if ($idmode == 'nickname') $user_identity = $userdata->user_nickname;
if ($idmode == 'login') $user_identity = $userdata->user_login;
if ($idmode == 'firstname') $user_identity = $userdata->user_firstname;
if ($idmode == 'lastname') $user_identity = $userdata->user_lastname;
if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
if (!$idmode) $user_identity = $userdata->user_nickname;
*/
} }
// ----------------------------------------------------------------------------
// WordPress pluggable functions
// ----------------------------------------------------------------------------
/*
* get_currentuserinfo()
* Grabs the information of the current logged in user, if there is one. Essentially a
* wrapper for get_userdata(), but it also stores information in global variables.
* get_userdata($userid)
* Pulls user information for the specified user from the database.
* get_userdatabylogin($user_login)
* Pulls user information for the specified user from the database.
* wp_mail($to, $subject, $message, $headers = '')
* A convenient wrapper for PHP's mail function.
* wp_login($username, $password, $already_md5 = false)
* Returns true if the specified username and password correspond to a registered
* user.
* auth_redirect()
* If a user is not logged in, he or she will be redirected to WordPress' login page before
* being allowed to access content on the page from which this function was called.
* Upon sucessfully logging in, the user is sent back to the page in question.
* wp_redirect($location)
* Redirects a browser to the absolute URI specified by the $location parameter.
* wp_setcookie($username, $password, $already_md5 = false, $home =
* '', $siteurl = '')
* Sets the WordPress cookies for a logged in user. See WordPress Cookies.
* wp_clearcookie()
* Clears the cookies for a logged in user. See WordPress Cookies.
* wp_notify_postauthor($comment_id, $comment_type='')
* Emails the author of the comment's post the content of the comment specified.
* wp_notify_moderator($comment_id)
* Informs the administrative email account that the comment specified needs to be
* moderated. See General Options SubPanel.
*/
if (!function_exists('get_currentuserinfo')) :
function get_currentuserinfo() {
/*
* global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity;
* // *** retrieving user's data from cookies and db - no spoofing
*
* if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
* $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
* $userdata = get_userdatabylogin($user_login);
* $user_level = $userdata->user_level;
* $user_ID = $userdata->ID;
* $user_nickname = $userdata->user_nickname;
* $user_email = $userdata->user_email;
* $user_url = $userdata->user_url;
* $user_pass_md5 = md5($userdata->user_pass);
*
* $idmode = $userdata->user_idmode;
* if ($idmode == 'nickname') $user_identity = $userdata->user_nickname;
* if ($idmode == 'login') $user_identity = $userdata->user_login;
* if ($idmode == 'firstname') $user_identity = $userdata->user_firstname;
* if ($idmode == 'lastname') $user_identity = $userdata->user_lastname;
* if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
* if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
* if (!$idmode) $user_identity = $userdata->user_nickname;
*/
}
endif; endif;
if (!function_exists('get_userdata')) :
function get_userdata($userid) {
if ( !function_exists('get_userdata') ) : /*
function get_userdata($userid) { * global $wpdb, $cache_userdata;
/* global $wpdb, $cache_userdata; * $userid = (int) $userid;
$userid = (int) $userid; * if ( empty($cache_userdata[$userid]) && $userid != 0) {
if ( empty($cache_userdata[$userid]) && $userid != 0) { * $cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid");
$cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid"); * $cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid];
$cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid]; * }
*
* return $cache_userdata[$userid];
*/
} }
return $cache_userdata[$userid];
*/
}
endif; endif;
if (!function_exists('get_userdatabylogin')) :
function get_userdatabylogin($user_login) {
if ( !function_exists('get_userdatabylogin') ) : /*
function get_userdatabylogin($user_login) { * global $cache_userdata, $wpdb;
/* global $cache_userdata, $wpdb; * if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) {
if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) { * $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var * $cache_userdata[$user->ID] = $user;
$cache_userdata[$user->ID] = $user; * $cache_userdata[$user_login] =& $cache_userdata[$user->ID];
$cache_userdata[$user_login] =& $cache_userdata[$user->ID]; * } else {
} else { * $user = $cache_userdata[$user_login];
$user = $cache_userdata[$user_login]; * }
* return $user;
*/
} }
return $user;
*/
}
endif; endif;
if (!function_exists('wp_mail')) :
function wp_mail($to, $subject, $message, $headers = '') {
if ($headers == '') {
$headers = "MIME-Version: 1.0\n" . "From: " . get_settings('admin_email') . "\n" . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
}
if ( !function_exists('wp_mail') ) : return @mail($to, $subject, $message, $headers);
function wp_mail($to, $subject, $message, $headers = '') {
if( $headers == '' ) {
$headers = "MIME-Version: 1.0\n" .
"From: " . get_settings('admin_email') . "\n" .
"Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
} }
return @mail($to, $subject, $message, $headers);
}
endif; endif;
if (!function_exists('wp_login')) :
function wp_login($username, $password, $already_md5 = false) {
if ( !function_exists('wp_login') ) : /*
function wp_login($username, $password, $already_md5 = false) { * global $wpdb, $error;
/* global $wpdb, $error; *
* if ( !$username )
if ( !$username ) * return false;
return false; *
* if ( !$password ) {
if ( !$password ) { * $error = __('<strong>Error</strong>: The password field is empty.');
$error = __('<strong>Error</strong>: The password field is empty.'); * return false;
return false; * }
*
* $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
*
* if (!$login) {
* $error = __('<strong>Error</strong>: Wrong username.');
* return false;
* } else {
* // If the password is already_md5, it has been double hashed.
* // Otherwise, it is plain text.
* if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
* return true;
* } else {
* $error = __('<strong>Error</strong>: Incorrect password.');
* $pwd = '';
* return false;
* }
* }
*/
} }
endif;
$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'"); if (!function_exists('auth_redirect')) :
if (!$login) { function auth_redirect() {
$error = __('<strong>Error</strong>: Wrong username.'); // Checks if a user is logged in, if not redirects them to the login page
return false; /*
} else { * if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) &&
// If the password is already_md5, it has been double hashed. * !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) ||
// Otherwise, it is plain text. * (empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) {
if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) { * header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
return true; * header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
} else { * header('Cache-Control: no-cache, must-revalidate, max-age=0');
$error = __('<strong>Error</strong>: Incorrect password.'); * header('Pragma: no-cache');
$pwd = ''; *
* header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
* exit();
* }
*/
}
endif;
// Cookie safe redirect. Works around IIS Set-Cookie bug.
// http://support.microsoft.com/kb/q176113/
if (!function_exists('wp_redirect')) :
function wp_redirect($location, $status = 302) {
global $is_IIS;
$location = apply_filters('wp_redirect', $location, $status);
if (!$location) // allows the wp_redirect filter to cancel a redirect
return false; return false;
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
// $location = wp_kses_no_null($location);
$location = preg_replace('/\0+/', '', $location);
$location = preg_replace('/(\\\\0)+/', '', $location);
$strip = array(
'%0d',
'%0a'
);
$location = str_replace($strip, '', $location);
if ($is_IIS) {
header("Refresh: 0;url=$location");
} else {
if (php_sapi_name() != 'cgi-fcgi')
utils_status_header($status); // This causes problems on IIS and some FastCGI setups
header("Location: $location");
} }
} }
*/
}
endif; endif;
if ( !function_exists('auth_redirect') ) : if (!function_exists('wp_setcookie')) :
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
/* if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) &&
!wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) ||
(empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) {
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate, max-age=0');
header('Pragma: no-cache');
header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI'])); function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') {
exit(); if (!$already_md5)
$password = md5(md5($password)); // Double hash the password in the cookie.
if (empty($home))
$cookiepath = COOKIEPATH;
else
$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/');
if (empty($siteurl)) {
$sitecookiepath = SITECOOKIEPATH;
$cookiehash = COOKIEHASH;
} else {
$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/');
$cookiehash = md5($siteurl);
}
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath);
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath);
if ($cookiepath != $sitecookiepath) {
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath);
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath);
}
} }
*/
}
endif; endif;
// Cookie safe redirect. Works around IIS Set-Cookie bug. if (!function_exists('wp_clearcookie')) :
// http://support.microsoft.com/kb/q176113/
if ( !function_exists('wp_redirect') ) :
function wp_redirect($location, $status = 302) {
global $is_IIS;
$location = apply_filters('wp_redirect', $location, $status); function wp_clearcookie() {
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
}
endif;
if ( !$location ) // allows the wp_redirect filter to cancel a redirect if (!function_exists('check_admin_referer')) :
function check_admin_referer($action = -1) {
$adminurl = BLOG_BASEURL . 'admin.php';
$referer = strtolower(wp_get_referer());
if (!wp_verify_nonce(@$_REQUEST ['_wpnonce'], $action) && !(-1 == $action && strstr($referer, $adminurl))) {
wp_nonce_ays($action);
die();
}
do_action('check_admin_referer', $action);
}
endif;
if (!function_exists('wp_verify_nonce')) :
function wp_verify_nonce($nonce, $action = -1) {
$user = user_get();
$uid = $user ['userid'];
$i = ceil(time() / 43200);
// Allow for expanding range, but only do one check if we can
if (substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
return true;
return false; return false;
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
# $location = wp_kses_no_null($location);
$location = preg_replace('/\0+/', '', $location);
$location = preg_replace('/(\\\\0)+/', '', $location);
$strip = array('%0d', '%0a');
$location = str_replace($strip, '', $location);
if ( $is_IIS ) {
header("Refresh: 0;url=$location");
} else {
if ( php_sapi_name() != 'cgi-fcgi' )
utils_status_header($status); // This causes problems on IIS and some FastCGI setups
header("Location: $location");
} }
}
endif; endif;
if (!function_exists('wp_create_nonce')) :
if ( !function_exists('wp_setcookie') ) : function wp_create_nonce($action = -1) {
function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') { $user = user_get();
if ( !$already_md5 ) $uid = $user ['userid'];
$password = md5( md5($password) ); // Double hash the password in the cookie.
if ( empty($home) ) $i = ceil(time() / 43200);
$cookiepath = COOKIEPATH;
else
$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' );
if ( empty($siteurl) ) { return substr(wp_hash($i . $action . $uid), -12, 10);
$sitecookiepath = SITECOOKIEPATH;
$cookiehash = COOKIEHASH;
} else {
$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' );
$cookiehash = md5($siteurl);
} }
endif;
setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $cookiepath); if (!function_exists('wp_salt')) :
setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $cookiepath);
if ( $cookiepath != $sitecookiepath ) { /**
setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $sitecookiepath); *
setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $sitecookiepath); * @return NULL|unknown
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
function wp_salt() {
global $fp_config;
static $salt = null;
if (!$salt) {
@include (HASHSALT_FILE);
if (!$fp_hashsalt)
trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR);
$salt = $fp_hashsalt;
}
return $salt;
} }
}
endif; endif;
if ( !function_exists('wp_clearcookie') ) : if (!function_exists('wp_hash')) :
function wp_clearcookie() {
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
}
endif;
/**
*
if ( !function_exists('check_admin_referer') ) : * @param unknown $data
function check_admin_referer($action = -1) { * @return string
$adminurl = BLOG_BASEURL . 'admin.php'; * @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
$referer = strtolower(wp_get_referer()); */
if ( !wp_verify_nonce(@$_REQUEST['_wpnonce'], $action) && function wp_hash($data) {
!(-1 == $action && strstr($referer, $adminurl)) ) { $salt = wp_salt();
wp_nonce_ays($action); return md5($data . $salt);
die();
} }
do_action('check_admin_referer', $action);
}
endif; endif;
if (!function_exists('wp_notify_postauthor')) :
if ( !function_exists('wp_verify_nonce') ) : function wp_notify_postauthor($comment_id, $comment_type = '') {
function wp_verify_nonce($nonce, $action = -1) { /*
* global $wpdb;
$user = user_get(); *
$uid = $user['userid']; * $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
* $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$i = ceil(time() / 43200); * $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
*
//Allow for expanding range, but only do one check if we can * if ('' == $user->user_email) return false; // If there's no email to send the comment to
if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce ) *
return true; * $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
return false; *
} * $blogname = get_settings('blogname');
endif; *
* if ( empty( $comment_type ) ) $comment_type = 'comment';
if ( !function_exists('wp_create_nonce') ) : *
function wp_create_nonce($action = -1) { * if ('comment' == $comment_type) {
$user = user_get(); * $notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$uid = $user['userid']; * $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
* $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
$i = ceil(time() / 43200); * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
return substr(wp_hash($i . $action . $uid), -12, 10); * $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
} * $notify_message .= __('You can see all comments on this post here: ') . "\r\n";
endif; * $subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
* } elseif ('trackback' == $comment_type) {
if ( !function_exists('wp_salt') ) : * $notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
function wp_salt() { * $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
global $fp_config; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
static $salt = null; * $notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
if (!$salt) { * $notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
@include(HASHSALT_FILE); * $subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
if (!$fp_hashsalt) * } elseif ('pingback' == $comment_type) {
trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR); * $notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
* $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$salt = $fp_hashsalt; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n";
* $notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
* $subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
* }
* $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
* $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
*
* if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
* $from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
* } else {
* $from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
* }
*
* $notify_message = apply_filters('comment_notification_text', $notify_message);
* $subject = apply_filters('comment_notification_subject', $subject);
* $message_headers = apply_filters('comment_notification_headers', $message_headers);
*
* $message_headers = "MIME-Version: 1.0\n"
* . "$from\n"
* . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
*
* @wp_mail($user->user_email, $subject, $notify_message, $message_headers);
*
* return true;
*/
} }
return $salt;
}
endif; endif;
if ( !function_exists('wp_hash') ) : /*
function wp_hash($data) { * wp_notify_moderator
$salt = wp_salt(); * notifies the moderator of the blog (usually the admin)
return md5($data . $salt); * about a new comment that waits for approval
} * always returns true
endif;
if ( ! function_exists('wp_notify_postauthor') ) :
function wp_notify_postauthor($comment_id, $comment_type='') {
/* global $wpdb;
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
if ('' == $user->user_email) return false; // If there's no email to send the comment to
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$blogname = get_settings('blogname');
if ( empty( $comment_type ) ) $comment_type = 'comment';
if ('comment' == $comment_type) {
$notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= __('You can see all comments on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
} elseif ('trackback' == $comment_type) {
$notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
} elseif ('pingback' == $comment_type) {
$notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n";
$notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
}
$notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
$from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
} else {
$from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
}
$notify_message = apply_filters('comment_notification_text', $notify_message);
$subject = apply_filters('comment_notification_subject', $subject);
$message_headers = apply_filters('comment_notification_headers', $message_headers);
$message_headers = "MIME-Version: 1.0\n"
. "$from\n"
. "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
@wp_mail($user->user_email, $subject, $notify_message, $message_headers);
return true;
*/
}
endif;
/* wp_notify_moderator
notifies the moderator of the blog (usually the admin)
about a new comment that waits for approval
always returns true
*/ */
if ( !function_exists('wp_notify_moderator') ) : if (!function_exists('wp_notify_moderator')) :
function wp_notify_moderator($comment_id) {
/* global $wpdb;
if( get_settings( "moderation_notify" ) == 0 ) function wp_notify_moderator($comment_id) {
return true; /*
* global $wpdb;
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); *
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1"); * if( get_settings( "moderation_notify" ) == 0 )
* return true;
$comment_author_domain = gethostbyaddr($comment->comment_author_IP); *
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); * $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
* $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n"; *
$notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n"; * $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; * $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n"; *
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n"; * $notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n"; * $notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n"; * $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n"; * $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n"; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n"; * $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n"; * $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
* $notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title ); * $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$admin_email = get_settings("admin_email"); * $notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n";
* $notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
$notify_message = apply_filters('comment_moderation_text', $notify_message); *
$subject = apply_filters('comment_moderation_subject', $subject); * $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title );
* $admin_email = get_settings("admin_email");
@wp_mail($admin_email, $subject, $notify_message); *
* $notify_message = apply_filters('comment_moderation_text', $notify_message);
return true; * $subject = apply_filters('comment_moderation_subject', $subject);
*/ *
} * @wp_mail($admin_email, $subject, $notify_message);
*
* return true;
*/
}
endif; endif;
?> ?>

95
setup/lib/main.lib.php
View File

@ -1,14 +1,8 @@
<?php <?php
$err = array(); $err = array();
function print_done_fail($label, $bool) { function print_done_fail($label, $bool) {
echo echo "<li>", $label . ' <strong style="color :' . (($bool) ? 'green;">DONE' : 'red;">FAILED') . '</strong><br />', "</li>\n";
"<li>",
$label.' <strong style="color :' .
(($bool)? 'green;">DONE' : 'red;">FAILED') .
'</strong><br />',
"</li>\n";
} }
function config_exist() { function config_exist() {
@ -30,24 +24,26 @@ function remove_checkfile() {
} }
function setupid() { function setupid() {
global $setupid; global $setupid;
if (isset($_POST['setupid'])) { if (isset($_POST ['setupid'])) {
$setupid = $_POST['setupid']; $setupid = $_POST ['setupid'];
} else { } else {
$setupid = system_generate_id(BLOG_BASEURL . $_SERVER['HTTP_HOST']); $setupid = system_generate_id(BLOG_BASEURL . $_SERVER ['HTTP_HOST']);
} }
return $setupid; return $setupid;
} }
function getstep(&$id) { function getstep(&$id) {
global $err; global $err;
$STEPS = array('locked', 'step1', 'step2', 'step3'); $STEPS = array(
$MAXST = count($STEPS)-1; 'locked',
'step1',
'step2',
'step3'
);
$MAXST = count($STEPS) - 1;
$i = 0; $i = 0;
@ -57,10 +53,9 @@ function getstep(&$id) {
$setupid = setupid(); $setupid = setupid();
if(!$setupid) if (!$setupid)
die('Setup is running'); die('Setup is running');
if (!file_exists(SETUPTEMP_FILE)) { if (!file_exists(SETUPTEMP_FILE)) {
if (empty($_POST)) if (empty($_POST))
$i = 0; $i = 0;
@ -68,14 +63,14 @@ function getstep(&$id) {
$i = 1; $i = 1;
} else { } else {
$x = explode(',', io_load_file(SETUPTEMP_FILE)); $x = explode(',', io_load_file(SETUPTEMP_FILE));
if ($x[0]!=$setupid) if ($x [0] != $setupid)
die('Setup is running: if you are the owner, you can delete ' . die('Setup is running: if you are the owner, you can delete ' . SETUPTEMP_FILE . ' to restart');
SETUPTEMP_FILE .' to restart'); $i = intval($x [1]);
$i = intval($x[1]);
} }
@include("./setup/lib/{$STEPS[$i]}.lib.php"); @include ("./setup/lib/{$STEPS[$i]}.lib.php");
if (!function_exists('check_step')) : if (!function_exists('check_step')) :
function check_step() { function check_step() {
return true; return true;
} }
@ -83,73 +78,59 @@ function getstep(&$id) {
if (check_step()) { if (check_step()) {
++$i; ++$i;
if ($i>=$MAXST) { if ($i >= $MAXST) {
fs_delete(SETUPTEMP_FILE); fs_delete(SETUPTEMP_FILE);
io_write_file(LOCKFILE, "locked"); io_write_file(LOCKFILE, "locked");
} else { } else {
if ($i > 0 && !@io_write_file(SETUPTEMP_FILE, "$setupid,$i")) { if ($i > 0 && !@io_write_file(SETUPTEMP_FILE, "$setupid,$i")) {
$err[] = 'Write error'; $err [] = 'Write error';
} }
} }
} }
} }
$id = $STEPS[ $i ]; $id = $STEPS [$i];
return $i; return $i;
} }
function validate() { function validate() {
if (!ctype_alnum($_POST['fpuser'])) if (!ctype_alnum($_POST ['fpuser']))
$err[] = "{$_POST['fpuser']} is not a valid username. $err [] = "{$_POST['fpuser']} is not a valid username.
Username must be alphanumeric and should not contain spaces."; Username must be alphanumeric and should not contain spaces.";
if (strlen(trim(($_POST['fppwd']))) < 6) if (strlen(trim(($_POST ['fppwd']))) < 6)
$err[] = "Password must contain at least 6 non-space characters"; $err [] = "Password must contain at least 6 non-space characters";
if (($_POST['fppwd'])!=($_POST['fppwd2'])) if (($_POST ['fppwd']) != ($_POST ['fppwd2']))
$err[] = "Passwords did not match"; $err [] = "Passwords did not match";
if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST['email']) || if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST ['email']) || preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST ['email'])))
preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST['email']))) $err [] = "{$_POST['email']} is not a valid email address";
$err[] = "{$_POST['email']} is not a valid email address";
$www = $_POST['www']; $www = $_POST ['www'];
if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) || preg_match('!^http(s)?://localhost!', $www)))
|| preg_match('!^http(s)?://localhost!', $www))) $err [] = "$www is not a valid URL";
$err[] = "$www is not a valid URL"; if ($www && $www [strlen($www) - 1] != '/')
if ($www && $www[strlen($www)-1]!='/')
$www .= '/'; $www .= '/';
global $fp_config; global $fp_config;
$fp_config['general']['author'] = $user['userid'] = $_POST['fpuser']; $fp_config ['general'] ['author'] = $user ['userid'] = $_POST ['fpuser'];
$user['password'] = $_POST['fppwd']; $user ['password'] = $_POST ['fppwd'];
$fp_config['general']['www'] = $user['www'] = $www;
$fp_config['general']['email'] = $user['email'] = $_POST['email'];
$fp_config ['general'] ['www'] = $user ['www'] = $www;
$fp_config ['general'] ['email'] = $user ['email'] = $_POST ['email'];
if (isset($err)) { if (isset($err)) {
$GLOBALS['err']=$err; $GLOBALS ['err'] = $err;
return false; return false;
} }
$fp_config ['general'] ['blogid'] = system_generate_id(BLOG_ROOT . $user ['www'] . $user ['email'] . $user ['userid']);
$fp_config['general']['blogid'] = system_generate_id(
BLOG_ROOT.
$user['www'].
$user['email'].
$user['userid']
);
config_save(); config_save();
system_hashsalt_save();
user_add($user); user_add($user);
return true; return true;