Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for #59: Updated password hash algorithm from md5 to bcrypt (via password_hash() function). Thanks a lot, @axelhahn!

Browse Source 
In detail: Added function io_delete_file(). Removed system_hashsalt_save(). Added password hash update mechanics to user_login().
This commit is contained in:
azett 2020-12-19 14:02:27 +01:00
parent 5a0b7541e7
commit f265b22b0b
6 changed files with 771 additions and 778 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
defaults.php
View File

@ -14,7 +14,6 @@
// We suggest not to define here your owns, but instead
// inmplementing them as plugins
// legacy mode; needed with some ill-formed spb files
define('DUMB_MODE_ENABLED', false);
// default file permissions
@ -22,7 +21,6 @@
define('FILE_PERMISSIONS', 0777);
define('DIR_PERMISSIONS', 0777);
// first some webserver setup...
// here's where your server save session-related stuff.
@ -34,17 +32,20 @@
define('ABS_PATH', dirname(__FILE__) . '/');
// here was blog root in earlier versions. This has been moved to config_load()
// here are default config files
define('FP_DEFAULTS', 'fp-defaults/');
// all writable directories go here.
define('FP_CONTENT', 'fp-content/'); // must be chmodded to 0777
// blog configurations files
define('CONFIG_DIR', FP_CONTENT . 'config/'); // must be chmodded to 0777
define('CONFIG_FILE', CONFIG_DIR . 'settings.conf.php');
/**
*
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
define('HASHSALT_FILE', CONFIG_DIR . 'hashsalt.conf.php');
define('CONFIG_DEFAULT', FP_DEFAULTS . 'settings-defaults.php');
define('USERS_DIR', FP_CONTENT . 'users/');
@ -54,7 +55,6 @@
define('CONTENT_DIR', FP_CONTENT . 'content/');
// define('BLOCKS_DIR', CONTENT_DIR . 'blocks/');
// !!! CRITICAL !!!
// all includes file
define('FP_INCLUDES', 'fp-includes/');
@ -64,8 +64,6 @@
// smarty engine
define('SMARTY_DIR', ABS_PATH . FP_INCLUDES . 'smarty/');
define('FP_INTERFACE', 'fp-interface/');
// theme dir
define('THEMES_DIR', FP_INTERFACE . 'themes/');
@ -74,14 +72,11 @@
// misc forms
define('SHARED_TPLS', ABS_PATH . FP_INTERFACE . 'sharedtpls/');
// here is where all plugins are saved
define('PLUGINS_DIR', 'fp-plugins/');
define('ADMIN_DIR', 'admin/');
// cache file name and path.
define('CACHE_DIR', FP_CONTENT . 'cache/');
define('CACHE_FILE', '%%cached_list.php');
@ -90,18 +85,15 @@
define('LOCKFILE', FP_CONTENT . '%%setup.lock');
// these will be probably moved soon to plugins
// here is where all the uploaded images will be saved
define('IMAGES_DIR', FP_CONTENT . 'images/');
// here is where all the attachments will be saved
define('ATTACHS_DIR', FP_CONTENT . 'attachs/');
define('LANG_DEFAULT', 'en-us');
define('BPT_SORT', SORT_DESC);
set_include_path(ABS_PATH);
//
@ -141,10 +133,9 @@
if (!isset($_SERVER ['REQUEST_URI']))
$_SERVER ['REQUEST_URI'] = $serverport . 'localhost/flatpress/';
#define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
// define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
define('BLOG_ROOT', ('/' == ($v = dirname($_SERVER ['SCRIPT_NAME'])) ? $v : $v . '/'));
define('BLOG_BASEURL', $serverport . $_SERVER ['HTTP_HOST'] . BLOG_ROOT);
//

10
fp-includes/core/core.fileio.php
View File

@ -2,7 +2,6 @@
// fileio.php
// low-level io-handling functions
function io_write_file($filename, $data) {
@umask(0);
$dir = dirname($filename);
@ -26,15 +25,12 @@
return ($length == $done);
}
}
return false;
}
function io_load_file($filename) {
if (file_exists($filename)) {
if (function_exists('file_get_contents'))
return file_get_contents($filename);
@ -55,4 +51,10 @@
return false;
}
function io_delete_file($filename) {
if (!file_exists($filename)) {
return false;
}
return unlink($filename);
}

9
fp-includes/core/core.system.php
View File

@ -59,15 +59,6 @@ function system_save($file, $array) {
// } else die('Wrong number of parameters!');
}
function system_hashsalt_save($force = false) {
global $fp_config;
if ($force || !file_exists(HASHSALT_FILE))
return system_save(HASHSALT_FILE, array(
'fp_hashsalt' => $fp_config ['general'] ['blogid'] . ABS_PATH . BLOG_BASEURL . mt_rand()
));
return true;
}
define('SYSTEM_VER', '1.2.dev');
function system_ver() {

32
fp-includes/core/core.users.php
View File

@ -31,24 +31,42 @@ function user_list() {
}
function user_pwd($userid, $pwd) {
return wp_hash($userid . $pwd);
return password_hash($userid . $pwd, PASSWORD_DEFAULT);
}
function user_login($userid, $pwd, $params = null) {
global $loggedin;
$loggedin = false;
// get user data
$user = user_get($userid);
// user not found? get outta here
if (!isset($user) || !isset($user ['password'])) {
return $loggedin;
}
if (isset($user) && user_pwd($userid, $pwd) == $user ['password']) {
// check the password
if (password_verify($userid . $pwd, $user ['password'])) {
$loggedin = true;
} //
// for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5)
elseif (wp_hash($userid . $pwd) == $user ['password']) {
$loggedin = true;
// re-hash password with current algorithm, ...
$user ['password'] = $pwd;
// ... save in user file ...
user_add($user);
// ... and update user data from re-read user file
$user = user_get($userid);
// after updating the user, we don't need the password hash file any more
io_delete_file(HASHSALT_FILE);
}
if ($loggedin) {
// session_regenerate_id();
$expire = time() + 31536000;
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
}
@ -116,5 +134,3 @@ function user_add($user) {
return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user'));
}
?>

496
fp-includes/core/core.wp-pluggable-funcs.php
View File

@ -1,15 +1,17 @@
<?php
/* These functions can be replaced via plugins. They are loaded after
plugins are loaded. */
/*
* These functions can be replaced via plugins. They are loaded after
* plugins are loaded.
*/
function _get_nextprev_link($nextprev) {
global $fpdb;
$q = & $fpdb->getQuery();
list($caption, $id) = call_user_func(array(&$q, 'get'.$nextprev));
list ($caption, $id) = call_user_func(array(
&$q,
'get' . $nextprev
));
if (!$id)
return null;
@ -20,46 +22,41 @@
if ($_SERVER ['QUERY_STRING']) {
if (strpos($_SERVER ['QUERY_STRING'], 'paged') !== false) {
$link = '?'.preg_replace(
'{paged=[0-9]+}',
"paged={$id}",
$_SERVER['QUERY_STRING']
);
$link = '?' . preg_replace('{paged=[0-9]+}', "paged={$id}", $_SERVER ['QUERY_STRING']);
} else {
$link = '?' . $_SERVER ['QUERY_STRING'] . "&paged={$id}";
}
$link = str_replace('&', '&amp;', $link);
} else {
$link = "?paged={$id}";
}
}
return array($caption, BLOG_BASEURL . $link);
return array(
$caption,
BLOG_BASEURL . $link
);
}
if (!function_exists('get_nextpage_link')) :
function get_nextpage_link() {
function get_nextpage_link() {
global $fpdb;
$q = & $fpdb->getQuery();
$a = _get_nextprev_link('NextPage');
if ($q->single) {
$a [0] .= ' &raquo; ';
}
return $a;
}
endif;
if (!function_exists('get_prevpage_link')) :
function get_prevpage_link() {
function get_prevpage_link() {
global $fpdb;
$q = & $fpdb->getQuery();
@ -74,8 +71,6 @@
endif;
function wp_filter_kses($str) {
return $str;
}
@ -84,162 +79,160 @@
// WordPress pluggable functions
// ----------------------------------------------------------------------------
/*
get_currentuserinfo()
Grabs the information of the current logged in user, if there is one. Essentially a
wrapper for get_userdata(), but it also stores information in global variables.
get_userdata($userid)
Pulls user information for the specified user from the database.
get_userdatabylogin($user_login)
Pulls user information for the specified user from the database.
wp_mail($to, $subject, $message, $headers = '')
A convenient wrapper for PHP's mail function.
wp_login($username, $password, $already_md5 = false)
Returns true if the specified username and password correspond to a registered
user.
auth_redirect()
If a user is not logged in, he or she will be redirected to WordPress' login page before
being allowed to access content on the page from which this function was called.
Upon sucessfully logging in, the user is sent back to the page in question.
wp_redirect($location)
Redirects a browser to the absolute URI specified by the $location parameter.
wp_setcookie($username, $password, $already_md5 = false, $home =
'', $siteurl = '')
Sets the WordPress cookies for a logged in user. See WordPress Cookies.
wp_clearcookie()
Clears the cookies for a logged in user. See WordPress Cookies.
wp_notify_postauthor($comment_id, $comment_type='')
Emails the author of the comment's post the content of the comment specified.
wp_notify_moderator($comment_id)
Informs the administrative email account that the comment specified needs to be
moderated. See General Options SubPanel.
* get_currentuserinfo()
* Grabs the information of the current logged in user, if there is one. Essentially a
* wrapper for get_userdata(), but it also stores information in global variables.
* get_userdata($userid)
* Pulls user information for the specified user from the database.
* get_userdatabylogin($user_login)
* Pulls user information for the specified user from the database.
* wp_mail($to, $subject, $message, $headers = '')
* A convenient wrapper for PHP's mail function.
* wp_login($username, $password, $already_md5 = false)
* Returns true if the specified username and password correspond to a registered
* user.
* auth_redirect()
* If a user is not logged in, he or she will be redirected to WordPress' login page before
* being allowed to access content on the page from which this function was called.
* Upon sucessfully logging in, the user is sent back to the page in question.
* wp_redirect($location)
* Redirects a browser to the absolute URI specified by the $location parameter.
* wp_setcookie($username, $password, $already_md5 = false, $home =
* '', $siteurl = '')
* Sets the WordPress cookies for a logged in user. See WordPress Cookies.
* wp_clearcookie()
* Clears the cookies for a logged in user. See WordPress Cookies.
* wp_notify_postauthor($comment_id, $comment_type='')
* Emails the author of the comment's post the content of the comment specified.
* wp_notify_moderator($comment_id)
* Informs the administrative email account that the comment specified needs to be
* moderated. See General Options SubPanel.
*/
if (!function_exists('get_currentuserinfo')) :
function get_currentuserinfo() {
/* global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity;
// *** retrieving user's data from cookies and db - no spoofing
if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
$userdata = get_userdatabylogin($user_login);
$user_level = $userdata->user_level;
$user_ID = $userdata->ID;
$user_nickname = $userdata->user_nickname;
$user_email = $userdata->user_email;
$user_url = $userdata->user_url;
$user_pass_md5 = md5($userdata->user_pass);
$idmode = $userdata->user_idmode;
if ($idmode == 'nickname') $user_identity = $userdata->user_nickname;
if ($idmode == 'login') $user_identity = $userdata->user_login;
if ($idmode == 'firstname') $user_identity = $userdata->user_firstname;
if ($idmode == 'lastname') $user_identity = $userdata->user_lastname;
if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
if (!$idmode) $user_identity = $userdata->user_nickname;
/*
* global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity;
* // *** retrieving user's data from cookies and db - no spoofing
*
* if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
* $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
* $userdata = get_userdatabylogin($user_login);
* $user_level = $userdata->user_level;
* $user_ID = $userdata->ID;
* $user_nickname = $userdata->user_nickname;
* $user_email = $userdata->user_email;
* $user_url = $userdata->user_url;
* $user_pass_md5 = md5($userdata->user_pass);
*
* $idmode = $userdata->user_idmode;
* if ($idmode == 'nickname') $user_identity = $userdata->user_nickname;
* if ($idmode == 'login') $user_identity = $userdata->user_login;
* if ($idmode == 'firstname') $user_identity = $userdata->user_firstname;
* if ($idmode == 'lastname') $user_identity = $userdata->user_lastname;
* if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
* if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
* if (!$idmode) $user_identity = $userdata->user_nickname;
*/
}
endif;
if (!function_exists('get_userdata')) :
function get_userdata($userid) {
/* global $wpdb, $cache_userdata;
$userid = (int) $userid;
if ( empty($cache_userdata[$userid]) && $userid != 0) {
$cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid");
$cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid];
}
return $cache_userdata[$userid];
function get_userdata($userid) {
/*
* global $wpdb, $cache_userdata;
* $userid = (int) $userid;
* if ( empty($cache_userdata[$userid]) && $userid != 0) {
* $cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid");
* $cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid];
* }
*
* return $cache_userdata[$userid];
*/
}
endif;
if (!function_exists('get_userdatabylogin')) :
function get_userdatabylogin($user_login) {
/* global $cache_userdata, $wpdb;
if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) {
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var
$cache_userdata[$user->ID] = $user;
$cache_userdata[$user_login] =& $cache_userdata[$user->ID];
} else {
$user = $cache_userdata[$user_login];
}
return $user;
/*
* global $cache_userdata, $wpdb;
* if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) {
* $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var
* $cache_userdata[$user->ID] = $user;
* $cache_userdata[$user_login] =& $cache_userdata[$user->ID];
* } else {
* $user = $cache_userdata[$user_login];
* }
* return $user;
*/
}
endif;
if (!function_exists('wp_mail')) :
function wp_mail($to, $subject, $message, $headers = '') {
if ($headers == '') {
$headers = "MIME-Version: 1.0\n" .
"From: " . get_settings('admin_email') . "\n" .
"Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
$headers = "MIME-Version: 1.0\n" . "From: " . get_settings('admin_email') . "\n" . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
}
return @mail($to, $subject, $message, $headers);
}
endif;
if (!function_exists('wp_login')) :
function wp_login($username, $password, $already_md5 = false) {
/* global $wpdb, $error;
if ( !$username )
return false;
if ( !$password ) {
$error = __('<strong>Error</strong>: The password field is empty.');
return false;
}
$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
if (!$login) {
$error = __('<strong>Error</strong>: Wrong username.');
return false;
} else {
// If the password is already_md5, it has been double hashed.
// Otherwise, it is plain text.
if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
return true;
} else {
$error = __('<strong>Error</strong>: Incorrect password.');
$pwd = '';
return false;
}
}
/*
* global $wpdb, $error;
*
* if ( !$username )
* return false;
*
* if ( !$password ) {
* $error = __('<strong>Error</strong>: The password field is empty.');
* return false;
* }
*
* $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
*
* if (!$login) {
* $error = __('<strong>Error</strong>: Wrong username.');
* return false;
* } else {
* // If the password is already_md5, it has been double hashed.
* // Otherwise, it is plain text.
* if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
* return true;
* } else {
* $error = __('<strong>Error</strong>: Incorrect password.');
* $pwd = '';
* return false;
* }
* }
*/
}
endif;
if (!function_exists('auth_redirect')) :
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
/* if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) &&
!wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) ||
(empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) {
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate, max-age=0');
header('Pragma: no-cache');
header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
exit();
}
/*
* if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) &&
* !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) ||
* (empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) {
* header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
* header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
* header('Cache-Control: no-cache, must-revalidate, max-age=0');
* header('Pragma: no-cache');
*
* header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
* exit();
* }
*/
}
endif;
@ -247,6 +240,7 @@ endif;
// Cookie safe redirect. Works around IIS Set-Cookie bug.
// http://support.microsoft.com/kb/q176113/
if (!function_exists('wp_redirect')) :
function wp_redirect($location, $status = 302) {
global $is_IIS;
@ -256,13 +250,15 @@ function wp_redirect($location, $status = 302) {
return false;
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
# $location = wp_kses_no_null($location);
// $location = wp_kses_no_null($location);
$location = preg_replace('/\0+/', '', $location);
$location = preg_replace('/(\\\\0)+/', '', $location);
$strip = array('%0d', '%0a');
$strip = array(
'%0d',
'%0a'
);
$location = str_replace($strip, '', $location);
if ($is_IIS) {
@ -275,8 +271,8 @@ function wp_redirect($location, $status = 302) {
}
endif;
if (!function_exists('wp_setcookie')) :
function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') {
if (!$already_md5)
$password = md5(md5($password)); // Double hash the password in the cookie.
@ -305,6 +301,7 @@ function wp_setcookie($username, $password, $already_md5 = false, $home = '', $s
endif;
if (!function_exists('wp_clearcookie')) :
function wp_clearcookie() {
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
@ -313,14 +310,12 @@ function wp_clearcookie() {
}
endif;
if (!function_exists('check_admin_referer')) :
function check_admin_referer($action = -1) {
$adminurl = BLOG_BASEURL . 'admin.php';
$referer = strtolower(wp_get_referer());
if ( !wp_verify_nonce(@$_REQUEST['_wpnonce'], $action) &&
!(-1 == $action && strstr($referer, $adminurl)) ) {
if (!wp_verify_nonce(@$_REQUEST ['_wpnonce'], $action) && !(-1 == $action && strstr($referer, $adminurl))) {
wp_nonce_ays($action);
die();
}
@ -328,10 +323,9 @@ function check_admin_referer($action = -1) {
}
endif;
if (!function_exists('wp_verify_nonce')) :
function wp_verify_nonce($nonce, $action = -1) {
function wp_verify_nonce($nonce, $action = -1) {
$user = user_get();
$uid = $user ['userid'];
@ -345,6 +339,7 @@ function wp_verify_nonce($nonce, $action = -1) {
endif;
if (!function_exists('wp_create_nonce')) :
function wp_create_nonce($action = -1) {
$user = user_get();
$uid = $user ['userid'];
@ -356,6 +351,12 @@ function wp_create_nonce($action = -1) {
endif;
if (!function_exists('wp_salt')) :
/**
*
* @return NULL|unknown
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
function wp_salt() {
global $fp_config;
static $salt = null;
@ -371,116 +372,127 @@ function wp_salt() {
endif;
if (!function_exists('wp_hash')) :
/**
*
* @param unknown $data
* @return string
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
function wp_hash($data) {
$salt = wp_salt();
return md5($data . $salt);
}
endif;
if (!function_exists('wp_notify_postauthor')) :
function wp_notify_postauthor($comment_id, $comment_type = '') {
/* global $wpdb;
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
if ('' == $user->user_email) return false; // If there's no email to send the comment to
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$blogname = get_settings('blogname');
if ( empty( $comment_type ) ) $comment_type = 'comment';
if ('comment' == $comment_type) {
$notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= __('You can see all comments on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
} elseif ('trackback' == $comment_type) {
$notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
} elseif ('pingback' == $comment_type) {
$notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n";
$notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
$subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
}
$notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
$from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
} else {
$from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
}
$notify_message = apply_filters('comment_notification_text', $notify_message);
$subject = apply_filters('comment_notification_subject', $subject);
$message_headers = apply_filters('comment_notification_headers', $message_headers);
$message_headers = "MIME-Version: 1.0\n"
. "$from\n"
. "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
@wp_mail($user->user_email, $subject, $notify_message, $message_headers);
return true;
/*
* global $wpdb;
*
* $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
* $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
* $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
*
* if ('' == $user->user_email) return false; // If there's no email to send the comment to
*
* $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
*
* $blogname = get_settings('blogname');
*
* if ( empty( $comment_type ) ) $comment_type = 'comment';
*
* if ('comment' == $comment_type) {
* $notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
* $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
* $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
* $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
* $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
* $notify_message .= __('You can see all comments on this post here: ') . "\r\n";
* $subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
* } elseif ('trackback' == $comment_type) {
* $notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
* $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
* $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
* $notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
* $subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
* } elseif ('pingback' == $comment_type) {
* $notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
* $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
* $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n";
* $notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
* $subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
* }
* $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
* $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
*
* if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
* $from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
* } else {
* $from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
* }
*
* $notify_message = apply_filters('comment_notification_text', $notify_message);
* $subject = apply_filters('comment_notification_subject', $subject);
* $message_headers = apply_filters('comment_notification_headers', $message_headers);
*
* $message_headers = "MIME-Version: 1.0\n"
* . "$from\n"
* . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
*
* @wp_mail($user->user_email, $subject, $notify_message, $message_headers);
*
* return true;
*/
}
endif;
/* wp_notify_moderator
notifies the moderator of the blog (usually the admin)
about a new comment that waits for approval
always returns true
/*
* wp_notify_moderator
* notifies the moderator of the blog (usually the admin)
* about a new comment that waits for approval
* always returns true
*/
if (!function_exists('wp_notify_moderator')) :
function wp_notify_moderator($comment_id) {
/* global $wpdb;
if( get_settings( "moderation_notify" ) == 0 )
return true;
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
$notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
$notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n";
$notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
$subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title );
$admin_email = get_settings("admin_email");
$notify_message = apply_filters('comment_moderation_text', $notify_message);
$subject = apply_filters('comment_moderation_subject', $subject);
@wp_mail($admin_email, $subject, $notify_message);
return true;
/*
* global $wpdb;
*
* if( get_settings( "moderation_notify" ) == 0 )
* return true;
*
* $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
* $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
*
* $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
* $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
*
* $notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
* $notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
* $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
* $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
* $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
* $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
* $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
* $notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
* $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
* $notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n";
* $notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
*
* $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title );
* $admin_email = get_settings("admin_email");
*
* $notify_message = apply_filters('comment_moderation_text', $notify_message);
* $subject = apply_filters('comment_moderation_subject', $subject);
*
* @wp_mail($admin_email, $subject, $notify_message);
*
* return true;
*/
}
endif;

43
setup/lib/main.lib.php
View File

@ -1,14 +1,8 @@
<?php
$err = array();
function print_done_fail($label, $bool) {
echo
"<li>",
$label.' <strong style="color :' .
(($bool)? 'green;">DONE' : 'red;">FAILED') .
'</strong><br />',
"</li>\n";
echo "<li>", $label . ' <strong style="color :' . (($bool) ? 'green;">DONE' : 'red;">FAILED') . '</strong><br />', "</li>\n";
}
function config_exist() {
@ -30,7 +24,6 @@ function remove_checkfile() {
}
function setupid() {
global $setupid;
if (isset($_POST ['setupid'])) {
$setupid = $_POST ['setupid'];
@ -39,14 +32,17 @@ function setupid() {
}
return $setupid;
}
function getstep(&$id) {
global $err;
$STEPS = array('locked', 'step1', 'step2', 'step3');
$STEPS = array(
'locked',
'step1',
'step2',
'step3'
);
$MAXST = count($STEPS) - 1;
$i = 0;
@ -60,7 +56,6 @@ function getstep(&$id) {
if (!$setupid)
die('Setup is running');
if (!file_exists(SETUPTEMP_FILE)) {
if (empty($_POST))
$i = 0;
@ -69,13 +64,13 @@ function getstep(&$id) {
} else {
$x = explode(',', io_load_file(SETUPTEMP_FILE));
if ($x [0] != $setupid)
die('Setup is running: if you are the owner, you can delete ' .
SETUPTEMP_FILE .' to restart');
die('Setup is running: if you are the owner, you can delete ' . SETUPTEMP_FILE . ' to restart');
$i = intval($x [1]);
}
@include ("./setup/lib/{$STEPS[$i]}.lib.php");
if (!function_exists('check_step')) :
function check_step() {
return true;
}
@ -92,7 +87,6 @@ function getstep(&$id) {
}
}
}
}
$id = $STEPS [$i];
@ -100,7 +94,6 @@ function getstep(&$id) {
return $i;
}
function validate() {
if (!ctype_alnum($_POST ['fpuser']))
$err [] = "{$_POST['fpuser']} is not a valid username.
@ -112,13 +105,11 @@ function validate() {
if (($_POST ['fppwd']) != ($_POST ['fppwd2']))
$err [] = "Passwords did not match";
if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST['email']) ||
preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST['email'])))
if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST ['email']) || preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST ['email'])))
$err [] = "{$_POST['email']} is not a valid email address";
$www = $_POST ['www'];
if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www)
|| preg_match('!^http(s)?://localhost!', $www)))
if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) || preg_match('!^http(s)?://localhost!', $www)))
$err [] = "$www is not a valid URL";
if ($www && $www [strlen($www) - 1] != '/')
$www .= '/';
@ -131,25 +122,15 @@ function validate() {
$fp_config ['general'] ['www'] = $user ['www'] = $www;
$fp_config ['general'] ['email'] = $user ['email'] = $_POST ['email'];
if (isset($err)) {
$GLOBALS ['err'] = $err;
return false;
}
$fp_config['general']['blogid'] = system_generate_id(
BLOG_ROOT.
$user['www'].
$user['email'].
$user['userid']
);
$fp_config ['general'] ['blogid'] = system_generate_id(BLOG_ROOT . $user ['www'] . $user ['email'] . $user ['userid']);
config_save();
system_hashsalt_save();
user_add($user);
return true;