phorum-core/admin.php at phorum_5_2 · oricgn/phorum-core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php

////////////////////////////////////////////////////////////////////////////////
//                                                                            //
//   Copyright (C) 2017 Phorum Development Team                               //
//   http://www.phorum.org                                                    //
//                                                                            //
//   This program is free software. You can redistribute it and/or modify     //
//   it under the terms of either the current Phorum License (viewable at     //
//   phorum.org) or the Phorum License that was distributed with this file    //
//                                                                            //
//   This program is distributed in the hope that it will be useful,          //
//   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
//                                                                            //
//   You should have received a copy of the Phorum License                    //
//   along with this program.                                                 //
////////////////////////////////////////////////////////////////////////////////

    // Phorum 5 Admin

    define("PHORUM_ADMIN", 1);

    // set a sane error level for our admin.
    // this will make the coding time faster and
    // the code run faster.
    error_reporting(E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR );

    include_once "./common.php";
    include_once "./include/admin_functions.php";
    include_once "./include/format_functions.php";

    // initialized as empty
    $PHORUM['admin_token']="";
    if(!empty($_GET['phorum_admin_token'])) {
        $PHORUM['admin_token']=$_GET['phorum_admin_token'];
    } elseif(!empty($_POST['phorum_admin_token'])) {
        $PHORUM['admin_token']=$_POST['phorum_admin_token'];
    }

    // determine absolute URI for the admin
    $PHORUM["admin_http_path"] = phorum_get_current_url(false);

    // determine http_path (at install time; after that it's in the settings)
    if(!isset($PHORUM["http_path"])){
        $PHORUM["http_path"] = dirname($_SERVER["PHP_SELF"]);
    }

    // if we are installing or upgrading, we don't need to check for a session
    // 2005081000 was the internal version that introduced the installed flag
    if(!isset($PHORUM['internal_version']) || (!isset($PHORUM['installed']) && $PHORUM['internal_version']>='2005081000')) {

        // this is an install
        $module="install";

    } elseif ( (isset($_REQUEST["module"]) && $_REQUEST["module"]=="upgrade") ||
               $PHORUM['internal_version'] < PHORUM_SCHEMA_VERSION ||
               !isset($PHORUM['internal_patchlevel']) ||
               $PHORUM['internal_patchlevel'] < PHORUM_SCHEMA_PATCHLEVEL ) {

        // this is an upgrade
        $module="upgrade";

    } else {

        // Try to restore an admin session.
        phorum_api_user_session_restore(PHORUM_ADMIN_SESSION);

        if(!isset($GLOBALS["PHORUM"]["user"]) || !$GLOBALS["PHORUM"]["user"]["admin"]){
            // if not an admin
            unset($GLOBALS["PHORUM"]["user"]);
            $module="login";
        } else {
            // load the default module if none is specified
            $module = "";
            if(isset($_POST["module"]) && is_scalar($_POST["module"])){
                $module = @basename($_POST["module"]);
            } elseif(isset($_GET["module"]) && is_scalar($_GET["module"])){
                $module = @basename($_GET["module"]);
            }
            if(empty($module) || !file_exists("./include/admin/$module.php")){
                $module = "default";
            }
            // check the admin token
            if(!empty($GLOBALS["PHORUM"]["user"]['settings_data']['admin_token']) &&
               $PHORUM['admin_token'] != $GLOBALS["PHORUM"]["user"]['settings_data']['admin_token'] ||
               $GLOBALS["PHORUM"]["user"]['settings_data']['admin_token_time'] <= (time()-PHORUM_ADMIN_TOKEN_TIMEOUT)) {
                // 900 = timeout after 15 minutes of inactivity
               // echo "invalid token or timeout ...";
               // var_dump($PHORUM['admin_token'],$GLOBALS["PHORUM"]["user"]['settings_data']['admin_token'],$GLOBALS["PHORUM"]["user"]['settings_data']['admin_token_time'],(time()-PHORUM_ADMIN_TOKEN_TIMEOUT));
                $PHORUM['admin_token']="";
            }

            if(empty($PHORUM['admin_token'])) {
                $module = "tokenmissing";
            } else {
                // update the token time
                phorum_api_user_save_settings(array(
                    'admin_token_time' => time()
                ));
            }
        }

    }

    $module = phorum_hook( "admin_pre", $module );
    ob_start();
    if($module!="help") include_once "./include/admin/header.php";
    include_once "./include/admin/$module.php";
    if($module!="help") include_once "./include/admin/footer.php";
    ob_end_flush();


?>