Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for #59: Updated password hash algorithm from md5 to bcrypt (via password_hash() function). Thanks a lot, @axelhahn!

Browse Source 
In detail: Added function io_delete_file(). Removed system_hashsalt_save(). Added password hash update mechanics to user_login().
This commit is contained in:
azett 2020-12-19 14:02:27 +01:00
parent 5a0b7541e7
commit f265b22b0b
6 changed files with 771 additions and 778 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

297
defaults.php
View File

@ -1,168 +1,159 @@
<?php <?php
// defaults.php // defaults.php
// this file defines standard positions of some important
// dirs or files.
// For security reasons
// these can't be modified in the common settings panels
// but only through this file.
// If you want to change these constants, just change
// the second parameter.
// We suggest not to define here your owns, but instead
// inmplementing them as plugins
// legacy mode; needed with some ill-formed spb files
define('DUMB_MODE_ENABLED', false);
// default file permissions
// change file to 644 and dir to 755 if your webserver "complains"
define('FILE_PERMISSIONS', 0777);
define('DIR_PERMISSIONS', 0777);
// this file defines standard positions of some important
// first some webserver setup... // dirs or files.
// here's where your server save session-related stuff.
// If you don't experience any session-related problem, you
// you can leave it blank and it will default to standard webserver config
define('SESSION_PATH', '');
// absolute path to your webserver dir; if you don't experience any problem
// you can leave this as it is
define('ABS_PATH', dirname(__FILE__).'/');
// here was blog root in earlier versions. This has been moved to config_load()
// here are default config files
define('FP_DEFAULTS', 'fp-defaults/');
// all writable directories go here.
define('FP_CONTENT', 'fp-content/'); //must be chmodded to 0777
// blog configurations files
define('CONFIG_DIR', FP_CONTENT . 'config/'); //must be chmodded to 0777
define('CONFIG_FILE', CONFIG_DIR . 'settings.conf.php');
define('HASHSALT_FILE', CONFIG_DIR . 'hashsalt.conf.php');
define('CONFIG_DEFAULT', FP_DEFAULTS. 'settings-defaults.php');
define('USERS_DIR', FP_CONTENT . 'users/');
// here we'll store all your entries, comments, static pages and blocks
// comments are stored automatically in subdirs of the dir CONTENT_DIR
define('CONTENT_DIR', FP_CONTENT . 'content/');
//define('BLOCKS_DIR', CONTENT_DIR . 'blocks/');
// !!! CRITICAL !!!
// all includes file
define('FP_INCLUDES', 'fp-includes/');
// core include scripts
define('INCLUDES_DIR', FP_INCLUDES . 'core/');
// smarty engine
define('SMARTY_DIR', ABS_PATH . FP_INCLUDES . 'smarty/');
define('FP_INTERFACE', 'fp-interface/');
// theme dir
define('THEMES_DIR', FP_INTERFACE . 'themes/');
// language files
define('LANG_DIR', FP_INTERFACE . 'lang/');
// misc forms
define('SHARED_TPLS', ABS_PATH . FP_INTERFACE . 'sharedtpls/');
// here is where all plugins are saved
define('PLUGINS_DIR', 'fp-plugins/');
define('ADMIN_DIR', 'admin/');
// cache file name and path.
define('CACHE_DIR', FP_CONTENT . 'cache/');
define('CACHE_FILE', '%%cached_list.php');
define('INDEX_DIR', FP_CONTENT.'index/'); // For security reasons
// these can't be modified in the common settings panels
define('LOCKFILE', FP_CONTENT . '%%setup.lock'); // but only through this file.
// If you want to change these constants, just change
// the second parameter.
// We suggest not to define here your owns, but instead
// these will be probably moved soon to plugins // inmplementing them as plugins
// here is where all the uploaded images will be saved
define('IMAGES_DIR', FP_CONTENT . 'images/');
// here is where all the attachments will be saved
define('ATTACHS_DIR', FP_CONTENT . 'attachs/');
define('LANG_DEFAULT', 'en-us');
define('BPT_SORT', SORT_DESC);
set_include_path(ABS_PATH);
//
// original Flatpress 1.0.3 coding disabled
//
// compatibility with ISS
// if (!isset($_SERVER['REQUEST_URI']))
// $_SERVER['REQUEST_URI'] = 'http://localhost/flatpress/';
// #define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
// define('BLOG_ROOT', ('/'==($v=dirname($_SERVER['SCRIPT_NAME']))? $v : $v.'/') );
// define('BLOG_BASEURL', 'http://'.$_SERVER['HTTP_HOST']. BLOG_ROOT); // legacy mode; needed with some ill-formed spb files
define('DUMB_MODE_ENABLED', false);
// default file permissions
// change file to 644 and dir to 755 if your webserver "complains"
define('FILE_PERMISSIONS', 0777);
define('DIR_PERMISSIONS', 0777);
// // first some webserver setup...
// Adding security and HTTPS support
//
ini_set('session.cookie_httponly', 1); // here's where your server save session-related stuff.
ini_set('session.use_only_cookies', 1); // If you don't experience any session-related problem, you
// you can leave it blank and it will default to standard webserver config
define('SESSION_PATH', '');
// absolute path to your webserver dir; if you don't experience any problem
// you can leave this as it is
define('ABS_PATH', dirname(__FILE__) . '/');
// here was blog root in earlier versions. This has been moved to config_load()
if (isset($_SERVER['HTTPS'])) { // here are default config files
$_SERVER['HTTPS'] = htmlspecialchars($_SERVER['HTTPS'], ENT_QUOTES, "UTF-8"); define('FP_DEFAULTS', 'fp-defaults/');
}
$serverport = "false";
// Unterstützung für Apache und IIS
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == '1' || strtolower($_SERVER['HTTPS'])=='on')) {
$serverport = "https://";
// Uses a secure connection (HTTPS) if possible
ini_set('session.cookie_secure', 1);
} else {
$serverport = "http://";
}
// compatibility with ISS // all writable directories go here.
$_SERVER["REQUEST_URI"] = htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES, "UTF-8"); define('FP_CONTENT', 'fp-content/'); // must be chmodded to 0777
if (!isset($_SERVER['REQUEST_URI']))
$_SERVER['REQUEST_URI'] = $serverport . 'localhost/flatpress/';
#define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
define('BLOG_ROOT', ('/'==($v=dirname($_SERVER['SCRIPT_NAME']))? $v : $v.'/') );
// blog configurations files
define('BLOG_BASEURL', $serverport . $_SERVER['HTTP_HOST'] . BLOG_ROOT); define('CONFIG_DIR', FP_CONTENT . 'config/'); // must be chmodded to 0777
define('CONFIG_FILE', CONFIG_DIR . 'settings.conf.php');
// /**
// OWASP - Browser Cache - How can the browser cache be used in attacks? *
// https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#How_can_the_browser_cache_be_used_in_attacks.3F * @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
// */
// http://stackoverflow.com/questions/13640109/how-to-prevent-browser-cache-for-php-site define('HASHSALT_FILE', CONFIG_DIR . 'hashsalt.conf.php');
// define('CONFIG_DEFAULT', FP_DEFAULTS . 'settings-defaults.php');
header('Expires: Sun, 01 Jan 2015 00:00:00 GMT'); define('USERS_DIR', FP_CONTENT . 'users/');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE); // here we'll store all your entries, comments, static pages and blocks
header('Pragma: no-cache'); // comments are stored automatically in subdirs of the dir CONTENT_DIR
// define('CONTENT_DIR', FP_CONTENT . 'content/');
// http://de.wikipedia.org/wiki/Liste_der_HTTP-Headerfelder // define('BLOCKS_DIR', CONTENT_DIR . 'blocks/');
//
header('X-Frame-Options: SAMEORIGIN'); // !!! CRITICAL !!!
header('X-XSS-Protection: 1; mode=block'); // all includes file
header('X-Content-Type-Options: nosniff'); define('FP_INCLUDES', 'fp-includes/');
// core include scripts
define('INCLUDES_DIR', FP_INCLUDES . 'core/');
// smarty engine
define('SMARTY_DIR', ABS_PATH . FP_INCLUDES . 'smarty/');
define('FP_INTERFACE', 'fp-interface/');
// theme dir
define('THEMES_DIR', FP_INTERFACE . 'themes/');
// language files
define('LANG_DIR', FP_INTERFACE . 'lang/');
// misc forms
define('SHARED_TPLS', ABS_PATH . FP_INTERFACE . 'sharedtpls/');
// here is where all plugins are saved
define('PLUGINS_DIR', 'fp-plugins/');
define('ADMIN_DIR', 'admin/');
// cache file name and path.
define('CACHE_DIR', FP_CONTENT . 'cache/');
define('CACHE_FILE', '%%cached_list.php');
define('INDEX_DIR', FP_CONTENT . 'index/');
define('LOCKFILE', FP_CONTENT . '%%setup.lock');
// these will be probably moved soon to plugins
// here is where all the uploaded images will be saved
define('IMAGES_DIR', FP_CONTENT . 'images/');
// here is where all the attachments will be saved
define('ATTACHS_DIR', FP_CONTENT . 'attachs/');
define('LANG_DEFAULT', 'en-us');
define('BPT_SORT', SORT_DESC);
set_include_path(ABS_PATH);
//
// original Flatpress 1.0.3 coding disabled
//
// compatibility with ISS
// if (!isset($_SERVER['REQUEST_URI']))
// $_SERVER['REQUEST_URI'] = 'http://localhost/flatpress/';
// #define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
// define('BLOG_ROOT', ('/'==($v=dirname($_SERVER['SCRIPT_NAME']))? $v : $v.'/') );
// define('BLOG_BASEURL', 'http://'.$_SERVER['HTTP_HOST']. BLOG_ROOT);
//
// Adding security and HTTPS support
//
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
if (isset($_SERVER ['HTTPS'])) {
$_SERVER ['HTTPS'] = htmlspecialchars($_SERVER ['HTTPS'], ENT_QUOTES, "UTF-8");
}
$serverport = "false";
// Unterstützung für Apache und IIS
if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
$serverport = "https://";
// Uses a secure connection (HTTPS) if possible
ini_set('session.cookie_secure', 1);
} else {
$serverport = "http://";
}
// compatibility with ISS
$_SERVER ["REQUEST_URI"] = htmlspecialchars($_SERVER ["REQUEST_URI"], ENT_QUOTES, "UTF-8");
if (!isset($_SERVER ['REQUEST_URI']))
$_SERVER ['REQUEST_URI'] = $serverport . 'localhost/flatpress/';
// define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
define('BLOG_ROOT', ('/' == ($v = dirname($_SERVER ['SCRIPT_NAME'])) ? $v : $v . '/'));
define('BLOG_BASEURL', $serverport . $_SERVER ['HTTP_HOST'] . BLOG_ROOT);
//
// OWASP - Browser Cache - How can the browser cache be used in attacks?
// https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#How_can_the_browser_cache_be_used_in_attacks.3F
//
// http://stackoverflow.com/questions/13640109/how-to-prevent-browser-cache-for-php-site
//
header('Expires: Sun, 01 Jan 2015 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
//
// http://de.wikipedia.org/wiki/Liste_der_HTTP-Headerfelder
//
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
// //
// End of send header // End of send header
// //

104
fp-includes/core/core.fileio.php
View File

@ -1,58 +1,60 @@
<?php <?php
// fileio.php // fileio.php
// low-level io-handling functions // low-level io-handling functions
function io_write_file($filename, $data) {
function io_write_file($filename, $data) { @umask(0);
@umask(0); $dir = dirname($filename);
$dir = dirname($filename); if (fs_mkdir($dir)) {
if (fs_mkdir($dir)) { $f = fopen($filename, "w");
$f = fopen($filename, "w"); if ($f) {
if ($f) {
if (!flock($f, LOCK_EX))
return -1;
$length = strlen($data);
$done = fwrite($f, $data);
flock($f, LOCK_UN);
fclose($f);
@chmod($filename, FILE_PERMISSIONS);
//returns true on success
return($length == $done); if (!flock($f, LOCK_EX))
} return -1;
$length = strlen($data);
$done = fwrite($f, $data);
flock($f, LOCK_UN);
fclose($f);
@chmod($filename, FILE_PERMISSIONS);
// returns true on success
return ($length == $done);
} }
return false;
} }
function io_load_file($filename) {
if (file_exists($filename)) {
if (function_exists('file_get_contents'))
return file_get_contents($filename);
$f = fopen($filename, "r"); return false;
if ($f) { }
if (!flock($f, LOCK_SH))
return -1; function io_load_file($filename) {
$contents = fread($f, filesize($filename)); if (file_exists($filename)) {
flock($f, LOCK_UN); if (function_exists('file_get_contents'))
fclose($f); return file_get_contents($filename);
//returns contents as string on success $f = fopen($filename, "r");
return($contents); if ($f) {
} if (!flock($f, LOCK_SH))
} return -1;
//trigger_error("io_load_file: $filename does not exists", E_USER_ERROR); $contents = fread($f, filesize($filename));
flock($f, LOCK_UN);
fclose($f);
// returns contents as string on success
return ($contents);
}
}
// trigger_error("io_load_file: $filename does not exists", E_USER_ERROR);
return false;
}
function io_delete_file($filename) {
if (!file_exists($filename)) {
return false; return false;
} }
return unlink($filename);
}

11
fp-includes/core/core.system.php
View File

@ -59,15 +59,6 @@ function system_save($file, $array) {
// } else die('Wrong number of parameters!'); // } else die('Wrong number of parameters!');
} }
function system_hashsalt_save($force = false) {
global $fp_config;
if ($force || !file_exists(HASHSALT_FILE))
return system_save(HASHSALT_FILE, array(
'fp_hashsalt' => $fp_config ['general'] ['blogid'] . ABS_PATH . BLOG_BASEURL . mt_rand()
));
return true;
}
define('SYSTEM_VER', '1.2.dev'); define('SYSTEM_VER', '1.2.dev');
function system_ver() { function system_ver() {
@ -217,7 +208,7 @@ function system_geterr($module = '') {
function system_dpr($action, $content) { function system_dpr($action, $content) {
$p = print_r($content, 1); $p = print_r($content, 1);
add_action($action, function() use ($p) { add_action($action, function () use ($p) {
echo "<pre style='position:absolute'>$p</pre>"; echo "<pre style='position:absolute'>$p</pre>";
}); });
} }

32
fp-includes/core/core.users.php
View File

@ -31,24 +31,42 @@ function user_list() {
} }
function user_pwd($userid, $pwd) { function user_pwd($userid, $pwd) {
return wp_hash($userid . $pwd); return password_hash($userid . $pwd, PASSWORD_DEFAULT);
} }
function user_login($userid, $pwd, $params = null) { function user_login($userid, $pwd, $params = null) {
global $loggedin; global $loggedin;
$loggedin = false; $loggedin = false;
// get user data
$user = user_get($userid); $user = user_get($userid);
// user not found? get outta here
if (!isset($user) || !isset($user ['password'])) {
return $loggedin;
}
if (isset($user) && user_pwd($userid, $pwd) == $user ['password']) { // check the password
if (password_verify($userid . $pwd, $user ['password'])) {
$loggedin = true;
} //
// for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5)
elseif (wp_hash($userid . $pwd) == $user ['password']) {
$loggedin = true; $loggedin = true;
// re-hash password with current algorithm, ...
$user ['password'] = $pwd;
// ... save in user file ...
user_add($user);
// ... and update user data from re-read user file
$user = user_get($userid);
// after updating the user, we don't need the password hash file any more
io_delete_file(HASHSALT_FILE);
}
if ($loggedin) {
// session_regenerate_id(); // session_regenerate_id();
$expire = time() + 31536000; $expire = time() + 31536000;
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
} }
@ -116,5 +134,3 @@ function user_add($user) {
return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user')); return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user'));
} }
?>

964
fp-includes/core/core.wp-pluggable-funcs.php
View File

@ -1,488 +1,500 @@
<?php <?php
/* These functions can be replaced via plugins. They are loaded after /*
plugins are loaded. */ * These functions can be replaced via plugins. They are loaded after
* plugins are loaded.
function _get_nextprev_link($nextprev) {
global $fpdb;
$q =& $fpdb->getQuery();
list($caption, $id) = call_user_func(array(&$q, 'get'.$nextprev));
if (!$id)
return null;
if ($q->single) {
$link = "?entry={$id}";
} else {
if ($_SERVER['QUERY_STRING']){
if ( strpos($_SERVER['QUERY_STRING'], 'paged')!==false ){
$link = '?'.preg_replace(
'{paged=[0-9]+}',
"paged={$id}",
$_SERVER['QUERY_STRING']
);
} else {
$link = '?' . $_SERVER['QUERY_STRING'] . "&paged={$id}";
}
$link = str_replace('&', '&amp;', $link);
} else {
$link = "?paged={$id}";
}
}
return array($caption, BLOG_BASEURL . $link);
}
if (!function_exists('get_nextpage_link')) :
function get_nextpage_link() {
global $fpdb;
$q =& $fpdb->getQuery();
$a = _get_nextprev_link('NextPage');
if ($q->single) {
$a[0] .= ' &raquo; ';
}
return $a;
}
endif;
if (!function_exists('get_prevpage_link')) :
function get_prevpage_link() {
global $fpdb;
$q =& $fpdb->getQuery();
$a = _get_nextprev_link('PrevPage');
if ($q->single) {
$a[0] = ' &laquo; ' . $a[0];
}
return $a;
}
endif;
function wp_filter_kses($str) {
return $str;
}
//----------------------------------------------------------------------------
// WordPress pluggable functions
//----------------------------------------------------------------------------
/*
get_currentuserinfo()
Grabs the information of the current logged in user, if there is one. Essentially a
wrapper for get_userdata(), but it also stores information in global variables.
get_userdata($userid)
Pulls user information for the specified user from the database.
get_userdatabylogin($user_login)
Pulls user information for the specified user from the database.
wp_mail($to, $subject, $message, $headers = '')
A convenient wrapper for PHP's mail function.
wp_login($username, $password, $already_md5 = false)
Returns true if the specified username and password correspond to a registered
user.
auth_redirect()
If a user is not logged in, he or she will be redirected to WordPress' login page before
being allowed to access content on the page from which this function was called.
Upon sucessfully logging in, the user is sent back to the page in question.
wp_redirect($location)
Redirects a browser to the absolute URI specified by the $location parameter.
wp_setcookie($username, $password, $already_md5 = false, $home =
'', $siteurl = '')
Sets the WordPress cookies for a logged in user. See WordPress Cookies.
wp_clearcookie()
Clears the cookies for a logged in user. See WordPress Cookies.
wp_notify_postauthor($comment_id, $comment_type='')
Emails the author of the comment's post the content of the comment specified.
wp_notify_moderator($comment_id)
Informs the administrative email account that the comment specified needs to be
moderated. See General Options SubPanel.
*/
if ( !function_exists('get_currentuserinfo') ) :
function get_currentuserinfo() {
/* global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity;
// *** retrieving user's data from cookies and db - no spoofing
if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
$userdata = get_userdatabylogin($user_login);
$user_level = $userdata->user_level;
$user_ID = $userdata->ID;
$user_nickname = $userdata->user_nickname;
$user_email = $userdata->user_email;
$user_url = $userdata->user_url;
$user_pass_md5 = md5($userdata->user_pass);
$idmode = $userdata->user_idmode;
if ($idmode == 'nickname') $user_identity = $userdata->user_nickname;
if ($idmode == 'login') $user_identity = $userdata->user_login;
if ($idmode == 'firstname') $user_identity = $userdata->user_firstname;
if ($idmode == 'lastname') $user_identity = $userdata->user_lastname;
if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
if (!$idmode) $user_identity = $userdata->user_nickname;
*/
}
endif;
if ( !function_exists('get_userdata') ) :
function get_userdata($userid) {
/* global $wpdb, $cache_userdata;
$userid = (int) $userid;
if ( empty($cache_userdata[$userid]) && $userid != 0) {
$cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid");
$cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid];
}
return $cache_userdata[$userid];
*/
}
endif;
if ( !function_exists('get_userdatabylogin') ) :
function get_userdatabylogin($user_login) {
/* global $cache_userdata, $wpdb;
if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) {
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var
$cache_userdata[$user->ID] = $user;
$cache_userdata[$user_login] =& $cache_userdata[$user->ID];
} else {
$user = $cache_userdata[$user_login];
}
return $user;
*/
}
endif;
if ( !function_exists('wp_mail') ) :
function wp_mail($to, $subject, $message, $headers = '') {
if( $headers == '' ) {
$headers = "MIME-Version: 1.0\n" .
"From: " . get_settings('admin_email') . "\n" .
"Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
}
return @mail($to, $subject, $message, $headers);
}
endif;
if ( !function_exists('wp_login') ) :
function wp_login($username, $password, $already_md5 = false) {
/* global $wpdb, $error;
if ( !$username )
return false;
if ( !$password ) {
$error = __('<strong>Error</strong>: The password field is empty.');
return false;
}
$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
if (!$login) {
$error = __('<strong>Error</strong>: Wrong username.');
return false;
} else {
// If the password is already_md5, it has been double hashed.
// Otherwise, it is plain text.
if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
return true;
} else {
$error = __('<strong>Error</strong>: Incorrect password.');
$pwd = '';
return false;
}
}
*/
}
endif;
if ( !function_exists('auth_redirect') ) :
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
/* if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) &&
!wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) ||
(empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) {
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate, max-age=0');
header('Pragma: no-cache');
header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
exit();
}
*/
}
endif;
// Cookie safe redirect. Works around IIS Set-Cookie bug.
// http://support.microsoft.com/kb/q176113/
if ( !function_exists('wp_redirect') ) :
function wp_redirect($location, $status = 302) {
global $is_IIS;
$location = apply_filters('wp_redirect', $location, $status);
if ( !$location ) // allows the wp_redirect filter to cancel a redirect
return false;
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
# $location = wp_kses_no_null($location);
$location = preg_replace('/\0+/', '', $location);
$location = preg_replace('/(\\\\0)+/', '', $location);
$strip = array('%0d', '%0a');
$location = str_replace($strip, '', $location);
if ( $is_IIS ) {
header("Refresh: 0;url=$location");
} else {
if ( php_sapi_name() != 'cgi-fcgi' )
utils_status_header($status); // This causes problems on IIS and some FastCGI setups
header("Location: $location");
}
}
endif;
if ( !function_exists('wp_setcookie') ) :
function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') {
if ( !$already_md5 )
$password = md5( md5($password) ); // Double hash the password in the cookie.
if ( empty($home) )
$cookiepath = COOKIEPATH;
else
$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' );
if ( empty($siteurl) ) {
$sitecookiepath = SITECOOKIEPATH;
$cookiehash = COOKIEHASH;
} else {
$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' );
$cookiehash = md5($siteurl);
}
setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $cookiepath);
setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $cookiepath);
if ( $cookiepath != $sitecookiepath ) {
setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $sitecookiepath);
setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $sitecookiepath);
}
}
endif;
if ( !function_exists('wp_clearcookie') ) :
function wp_clearcookie() {
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
}
endif;
if ( !function_exists('check_admin_referer') ) :
function check_admin_referer($action = -1) {
$adminurl = BLOG_BASEURL . 'admin.php';
$referer = strtolower(wp_get_referer());
if ( !wp_verify_nonce(@$_REQUEST['_wpnonce'], $action) &&
!(-1 == $action && strstr($referer, $adminurl)) ) {
wp_nonce_ays($action);
die();
}
do_action('check_admin_referer', $action);
}
endif;
if ( !function_exists('wp_verify_nonce') ) :
function wp_verify_nonce($nonce, $action = -1) {
$user = user_get();
$uid = $user['userid'];
$i = ceil(time() / 43200);
//Allow for expanding range, but only do one check if we can
if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
return true;
return false;
}
endif;
if ( !function_exists('wp_create_nonce') ) :
function wp_create_nonce($action = -1) {
$user = user_get();
$uid = $user['userid'];
$i = ceil(time() / 43200);
return substr(wp_hash($i . $action . $uid), -12, 10);
}
endif;
if ( !function_exists('wp_salt') ) :
function wp_salt() {
global $fp_config;
static $salt = null;
if (!$salt) {
@include(HASHSALT_FILE);
if (!$fp_hashsalt)
trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR);
$salt = $fp_hashsalt;
}
return $salt;
}
endif;
if ( !function_exists('wp_hash') ) :
function wp_hash($data) {
$salt = wp_salt();
return md5($data . $salt);
}
endif;
if ( ! function_exists('wp_notify_postauthor') ) :
function wp_notify_postauthor($comment_id, $comment_type='') {
/* global $wpdb;
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
if ('' == $user->user_email) return false; // If there's no email to send the comment to
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$blogname = get_settings('blogname');
if ( empty( $comment_type ) ) $comment_type = 'comment';
if ('comment' == $comment_type) {
$notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= __('You can see all comments on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
} elseif ('trackback' == $comment_type) {
$notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
} elseif ('pingback' == $comment_type) {
$notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n";
$notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
}
$notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
$from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
} else {
$from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
}
$notify_message = apply_filters('comment_notification_text', $notify_message);
$subject = apply_filters('comment_notification_subject', $subject);
$message_headers = apply_filters('comment_notification_headers', $message_headers);
$message_headers = "MIME-Version: 1.0\n"
. "$from\n"
. "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
@wp_mail($user->user_email, $subject, $notify_message, $message_headers);
return true;
*/
}
endif;
/* wp_notify_moderator
notifies the moderator of the blog (usually the admin)
about a new comment that waits for approval
always returns true
*/ */
if ( !function_exists('wp_notify_moderator') ) : function _get_nextprev_link($nextprev) {
function wp_notify_moderator($comment_id) { global $fpdb;
/* global $wpdb; $q = & $fpdb->getQuery();
if( get_settings( "moderation_notify" ) == 0 ) list ($caption, $id) = call_user_func(array(
return true; &$q,
'get' . $nextprev
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); ));
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$comment_author_domain = gethostbyaddr($comment->comment_author_IP); if (!$id)
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); return null;
$notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n"; if ($q->single) {
$notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n"; $link = "?entry={$id}";
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; } else {
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n"; if ($_SERVER ['QUERY_STRING']) {
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n";
$notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
$subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title ); if (strpos($_SERVER ['QUERY_STRING'], 'paged') !== false) {
$admin_email = get_settings("admin_email"); $link = '?' . preg_replace('{paged=[0-9]+}', "paged={$id}", $_SERVER ['QUERY_STRING']);
} else {
$link = '?' . $_SERVER ['QUERY_STRING'] . "&paged={$id}";
}
$link = str_replace('&', '&amp;', $link);
} else {
$link = "?paged={$id}";
}
}
$notify_message = apply_filters('comment_moderation_text', $notify_message); return array(
$subject = apply_filters('comment_moderation_subject', $subject); $caption,
BLOG_BASEURL . $link
@wp_mail($admin_email, $subject, $notify_message); );
return true;
*/
} }
if (!function_exists('get_nextpage_link')) :
function get_nextpage_link() {
global $fpdb;
$q = & $fpdb->getQuery();
$a = _get_nextprev_link('NextPage');
if ($q->single) {
$a [0] .= ' &raquo; ';
}
return $a;
}
endif;
if (!function_exists('get_prevpage_link')) :
function get_prevpage_link() {
global $fpdb;
$q = & $fpdb->getQuery();
$a = _get_nextprev_link('PrevPage');
if ($q->single) {
$a [0] = ' &laquo; ' . $a [0];
}
return $a;
}
endif;
function wp_filter_kses($str) {
return $str;
}
// ----------------------------------------------------------------------------
// WordPress pluggable functions
// ----------------------------------------------------------------------------
/*
* get_currentuserinfo()
* Grabs the information of the current logged in user, if there is one. Essentially a
* wrapper for get_userdata(), but it also stores information in global variables.
* get_userdata($userid)
* Pulls user information for the specified user from the database.
* get_userdatabylogin($user_login)
* Pulls user information for the specified user from the database.
* wp_mail($to, $subject, $message, $headers = '')
* A convenient wrapper for PHP's mail function.
* wp_login($username, $password, $already_md5 = false)
* Returns true if the specified username and password correspond to a registered
* user.
* auth_redirect()
* If a user is not logged in, he or she will be redirected to WordPress' login page before
* being allowed to access content on the page from which this function was called.
* Upon sucessfully logging in, the user is sent back to the page in question.
* wp_redirect($location)
* Redirects a browser to the absolute URI specified by the $location parameter.
* wp_setcookie($username, $password, $already_md5 = false, $home =
* '', $siteurl = '')
* Sets the WordPress cookies for a logged in user. See WordPress Cookies.
* wp_clearcookie()
* Clears the cookies for a logged in user. See WordPress Cookies.
* wp_notify_postauthor($comment_id, $comment_type='')
* Emails the author of the comment's post the content of the comment specified.
* wp_notify_moderator($comment_id)
* Informs the administrative email account that the comment specified needs to be
* moderated. See General Options SubPanel.
*/
if (!function_exists('get_currentuserinfo')) :
function get_currentuserinfo() {
/*
* global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity;
* // *** retrieving user's data from cookies and db - no spoofing
*
* if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
* $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
* $userdata = get_userdatabylogin($user_login);
* $user_level = $userdata->user_level;
* $user_ID = $userdata->ID;
* $user_nickname = $userdata->user_nickname;
* $user_email = $userdata->user_email;
* $user_url = $userdata->user_url;
* $user_pass_md5 = md5($userdata->user_pass);
*
* $idmode = $userdata->user_idmode;
* if ($idmode == 'nickname') $user_identity = $userdata->user_nickname;
* if ($idmode == 'login') $user_identity = $userdata->user_login;
* if ($idmode == 'firstname') $user_identity = $userdata->user_firstname;
* if ($idmode == 'lastname') $user_identity = $userdata->user_lastname;
* if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
* if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
* if (!$idmode) $user_identity = $userdata->user_nickname;
*/
}
endif;
if (!function_exists('get_userdata')) :
function get_userdata($userid) {
/*
* global $wpdb, $cache_userdata;
* $userid = (int) $userid;
* if ( empty($cache_userdata[$userid]) && $userid != 0) {
* $cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid");
* $cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid];
* }
*
* return $cache_userdata[$userid];
*/
}
endif;
if (!function_exists('get_userdatabylogin')) :
function get_userdatabylogin($user_login) {
/*
* global $cache_userdata, $wpdb;
* if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) {
* $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var
* $cache_userdata[$user->ID] = $user;
* $cache_userdata[$user_login] =& $cache_userdata[$user->ID];
* } else {
* $user = $cache_userdata[$user_login];
* }
* return $user;
*/
}
endif;
if (!function_exists('wp_mail')) :
function wp_mail($to, $subject, $message, $headers = '') {
if ($headers == '') {
$headers = "MIME-Version: 1.0\n" . "From: " . get_settings('admin_email') . "\n" . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
}
return @mail($to, $subject, $message, $headers);
}
endif;
if (!function_exists('wp_login')) :
function wp_login($username, $password, $already_md5 = false) {
/*
* global $wpdb, $error;
*
* if ( !$username )
* return false;
*
* if ( !$password ) {
* $error = __('<strong>Error</strong>: The password field is empty.');
* return false;
* }
*
* $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
*
* if (!$login) {
* $error = __('<strong>Error</strong>: Wrong username.');
* return false;
* } else {
* // If the password is already_md5, it has been double hashed.
* // Otherwise, it is plain text.
* if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
* return true;
* } else {
* $error = __('<strong>Error</strong>: Incorrect password.');
* $pwd = '';
* return false;
* }
* }
*/
}
endif;
if (!function_exists('auth_redirect')) :
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
/*
* if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) &&
* !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) ||
* (empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) {
* header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
* header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
* header('Cache-Control: no-cache, must-revalidate, max-age=0');
* header('Pragma: no-cache');
*
* header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
* exit();
* }
*/
}
endif;
// Cookie safe redirect. Works around IIS Set-Cookie bug.
// http://support.microsoft.com/kb/q176113/
if (!function_exists('wp_redirect')) :
function wp_redirect($location, $status = 302) {
global $is_IIS;
$location = apply_filters('wp_redirect', $location, $status);
if (!$location) // allows the wp_redirect filter to cancel a redirect
return false;
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
// $location = wp_kses_no_null($location);
$location = preg_replace('/\0+/', '', $location);
$location = preg_replace('/(\\\\0)+/', '', $location);
$strip = array(
'%0d',
'%0a'
);
$location = str_replace($strip, '', $location);
if ($is_IIS) {
header("Refresh: 0;url=$location");
} else {
if (php_sapi_name() != 'cgi-fcgi')
utils_status_header($status); // This causes problems on IIS and some FastCGI setups
header("Location: $location");
}
}
endif;
if (!function_exists('wp_setcookie')) :
function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') {
if (!$already_md5)
$password = md5(md5($password)); // Double hash the password in the cookie.
if (empty($home))
$cookiepath = COOKIEPATH;
else
$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/');
if (empty($siteurl)) {
$sitecookiepath = SITECOOKIEPATH;
$cookiehash = COOKIEHASH;
} else {
$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/');
$cookiehash = md5($siteurl);
}
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath);
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath);
if ($cookiepath != $sitecookiepath) {
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath);
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath);
}
}
endif;
if (!function_exists('wp_clearcookie')) :
function wp_clearcookie() {
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
}
endif;
if (!function_exists('check_admin_referer')) :
function check_admin_referer($action = -1) {
$adminurl = BLOG_BASEURL . 'admin.php';
$referer = strtolower(wp_get_referer());
if (!wp_verify_nonce(@$_REQUEST ['_wpnonce'], $action) && !(-1 == $action && strstr($referer, $adminurl))) {
wp_nonce_ays($action);
die();
}
do_action('check_admin_referer', $action);
}
endif;
if (!function_exists('wp_verify_nonce')) :
function wp_verify_nonce($nonce, $action = -1) {
$user = user_get();
$uid = $user ['userid'];
$i = ceil(time() / 43200);
// Allow for expanding range, but only do one check if we can
if (substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
return true;
return false;
}
endif;
if (!function_exists('wp_create_nonce')) :
function wp_create_nonce($action = -1) {
$user = user_get();
$uid = $user ['userid'];
$i = ceil(time() / 43200);
return substr(wp_hash($i . $action . $uid), -12, 10);
}
endif;
if (!function_exists('wp_salt')) :
/**
*
* @return NULL|unknown
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
function wp_salt() {
global $fp_config;
static $salt = null;
if (!$salt) {
@include (HASHSALT_FILE);
if (!$fp_hashsalt)
trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR);
$salt = $fp_hashsalt;
}
return $salt;
}
endif;
if (!function_exists('wp_hash')) :
/**
*
* @param unknown $data
* @return string
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
function wp_hash($data) {
$salt = wp_salt();
return md5($data . $salt);
}
endif;
if (!function_exists('wp_notify_postauthor')) :
function wp_notify_postauthor($comment_id, $comment_type = '') {
/*
* global $wpdb;
*
* $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
* $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
* $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
*
* if ('' == $user->user_email) return false; // If there's no email to send the comment to
*
* $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
*
* $blogname = get_settings('blogname');
*
* if ( empty( $comment_type ) ) $comment_type = 'comment';
*
* if ('comment' == $comment_type) {
* $notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
* $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
* $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
* $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
* $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
* $notify_message .= __('You can see all comments on this post here: ') . "\r\n";
* $subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
* } elseif ('trackback' == $comment_type) {
* $notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
* $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
* $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
* $notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
* $subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
* } elseif ('pingback' == $comment_type) {
* $notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
* $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
* $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n";
* $notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
* $subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
* }
* $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
* $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
*
* if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
* $from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
* } else {
* $from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
* }
*
* $notify_message = apply_filters('comment_notification_text', $notify_message);
* $subject = apply_filters('comment_notification_subject', $subject);
* $message_headers = apply_filters('comment_notification_headers', $message_headers);
*
* $message_headers = "MIME-Version: 1.0\n"
* . "$from\n"
* . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
*
* @wp_mail($user->user_email, $subject, $notify_message, $message_headers);
*
* return true;
*/
}
endif;
/*
* wp_notify_moderator
* notifies the moderator of the blog (usually the admin)
* about a new comment that waits for approval
* always returns true
*/
if (!function_exists('wp_notify_moderator')) :
function wp_notify_moderator($comment_id) {
/*
* global $wpdb;
*
* if( get_settings( "moderation_notify" ) == 0 )
* return true;
*
* $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
* $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
*
* $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
* $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
*
* $notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
* $notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
* $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
* $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
* $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
* $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
* $notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
* $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
* $notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n";
* $notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
*
* $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title );
* $admin_email = get_settings("admin_email");
*
* $notify_message = apply_filters('comment_moderation_text', $notify_message);
* $subject = apply_filters('comment_moderation_subject', $subject);
*
* @wp_mail($admin_email, $subject, $notify_message);
*
* return true;
*/
}
endif; endif;
?> ?>

141
setup/lib/main.lib.php
View File

@ -1,14 +1,8 @@
<?php <?php
$err = array(); $err = array();
function print_done_fail($label, $bool) { function print_done_fail($label, $bool) {
echo echo "<li>", $label . ' <strong style="color :' . (($bool) ? 'green;">DONE' : 'red;">FAILED') . '</strong><br />', "</li>\n";
"<li>",
$label.' <strong style="color :' .
(($bool)? 'green;">DONE' : 'red;">FAILED') .
'</strong><br />',
"</li>\n";
} }
function config_exist() { function config_exist() {
@ -30,128 +24,115 @@ function remove_checkfile() {
} }
function setupid() { function setupid() {
global $setupid; global $setupid;
if (isset($_POST['setupid'])) { if (isset($_POST ['setupid'])) {
$setupid = $_POST['setupid']; $setupid = $_POST ['setupid'];
} else { } else {
$setupid = system_generate_id(BLOG_BASEURL . $_SERVER['HTTP_HOST']); $setupid = system_generate_id(BLOG_BASEURL . $_SERVER ['HTTP_HOST']);
} }
return $setupid; return $setupid;
} }
function getstep(&$id) { function getstep(&$id) {
global $err; global $err;
$STEPS = array('locked', 'step1', 'step2', 'step3'); $STEPS = array(
$MAXST = count($STEPS)-1; 'locked',
'step1',
'step2',
'step3'
);
$MAXST = count($STEPS) - 1;
$i = 0; $i = 0;
$setupid = null; $setupid = null;
if (!file_exists(LOCKFILE)) { if (!file_exists(LOCKFILE)) {
$setupid = setupid(); $setupid = setupid();
if(!$setupid) if (!$setupid)
die('Setup is running'); die('Setup is running');
if (!file_exists(SETUPTEMP_FILE)) { if (!file_exists(SETUPTEMP_FILE)) {
if (empty($_POST)) if (empty($_POST))
$i = 0; $i = 0;
else else
$i = 1; $i = 1;
} else { } else {
$x = explode(',', io_load_file(SETUPTEMP_FILE)); $x = explode(',', io_load_file(SETUPTEMP_FILE));
if ($x[0]!=$setupid) if ($x [0] != $setupid)
die('Setup is running: if you are the owner, you can delete ' . die('Setup is running: if you are the owner, you can delete ' . SETUPTEMP_FILE . ' to restart');
SETUPTEMP_FILE .' to restart'); $i = intval($x [1]);
$i = intval($x[1]);
} }
@include("./setup/lib/{$STEPS[$i]}.lib.php"); @include ("./setup/lib/{$STEPS[$i]}.lib.php");
if (!function_exists('check_step')) : if (!function_exists('check_step')) :
function check_step() { function check_step() {
return true; return true;
} }
endif; endif;
if (check_step()) { if (check_step()) {
++$i; ++$i;
if ($i>=$MAXST) { if ($i >= $MAXST) {
fs_delete(SETUPTEMP_FILE); fs_delete(SETUPTEMP_FILE);
io_write_file(LOCKFILE, "locked"); io_write_file(LOCKFILE, "locked");
} else { } else {
if ($i > 0 && !@io_write_file(SETUPTEMP_FILE, "$setupid,$i")) { if ($i > 0 && !@io_write_file(SETUPTEMP_FILE, "$setupid,$i")) {
$err[] = 'Write error'; $err [] = 'Write error';
} }
} }
} }
} }
$id = $STEPS[ $i ]; $id = $STEPS [$i];
return $i; return $i;
} }
function validate() { function validate() {
if (!ctype_alnum($_POST['fpuser'])) if (!ctype_alnum($_POST ['fpuser']))
$err[] = "{$_POST['fpuser']} is not a valid username. $err [] = "{$_POST['fpuser']} is not a valid username.
Username must be alphanumeric and should not contain spaces."; Username must be alphanumeric and should not contain spaces.";
if (strlen(trim(($_POST['fppwd']))) < 6) if (strlen(trim(($_POST ['fppwd']))) < 6)
$err[] = "Password must contain at least 6 non-space characters"; $err [] = "Password must contain at least 6 non-space characters";
if (($_POST['fppwd'])!=($_POST['fppwd2'])) if (($_POST ['fppwd']) != ($_POST ['fppwd2']))
$err[] = "Passwords did not match"; $err [] = "Passwords did not match";
if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST['email']) || if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST ['email']) || preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST ['email'])))
preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST['email']))) $err [] = "{$_POST['email']} is not a valid email address";
$err[] = "{$_POST['email']} is not a valid email address";
$www = $_POST ['www'];
$www = $_POST['www']; if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) || preg_match('!^http(s)?://localhost!', $www)))
if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) $err [] = "$www is not a valid URL";
|| preg_match('!^http(s)?://localhost!', $www))) if ($www && $www [strlen($www) - 1] != '/')
$err[] = "$www is not a valid URL";
if ($www && $www[strlen($www)-1]!='/')
$www .= '/'; $www .= '/';
global $fp_config; global $fp_config;
$fp_config['general']['author'] = $user['userid'] = $_POST['fpuser']; $fp_config ['general'] ['author'] = $user ['userid'] = $_POST ['fpuser'];
$user['password'] = $_POST['fppwd']; $user ['password'] = $_POST ['fppwd'];
$fp_config['general']['www'] = $user['www'] = $www; $fp_config ['general'] ['www'] = $user ['www'] = $www;
$fp_config['general']['email'] = $user['email'] = $_POST['email']; $fp_config ['general'] ['email'] = $user ['email'] = $_POST ['email'];
if (isset($err)) { if (isset($err)) {
$GLOBALS['err']=$err; $GLOBALS ['err'] = $err;
return false; return false;
} }
$fp_config ['general'] ['blogid'] = system_generate_id(BLOG_ROOT . $user ['www'] . $user ['email'] . $user ['userid']);
$fp_config['general']['blogid'] = system_generate_id(
BLOG_ROOT.
$user['www'].
$user['email'].
$user['userid']
);
config_save(); config_save();
system_hashsalt_save();
user_add($user); user_add($user);
return true; return true;
} }