index.php Source File | Doxygen Source Document

00001 <?php
00002 /*
00003  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
00004  * Copyright (C) 2002-2007 The Nucleus Group
00005  *
00006  * This program is free software; you can redistribute it and/or
00007  * modify it under the terms of the GNU General Public License
00008  * as published by the Free Software Foundation; either version 2
00009  * of the License, or (at your option) any later version.
00010  * (see nucleus/documentation/index.html#license for more info)
00011  */
00018         // we are using admin stuff:
00019         $CONF = array();
00020         $CONF['UsingAdminArea'] = 1;
00021 
00022         // include the admin code
00023         include('../config.php');
00024 
00025         if ($CONF['alertOnSecurityRisk'] == 1)
00026         {
00027                 // check if files exist and generate an error if so
00028                 $aFiles = array(
00029                         '../install.sql' => 'install.sql should be deleted',
00030                         '../install.php' => 'install.php should be deleted',
00031                         'upgrades' => 'nucleus/upgrades directory should be deleted',
00032                         'convert' => 'nucleus/convert directory should be deleted'
00033                 );
00034                 $aFound = array();
00035                 foreach($aFiles as $fileName => $fileDesc)
00036                 {
00037                         if (@file_exists($fileName))
00038                                 array_push($aFound, $fileDesc);
00039                 }
00040                 if (@is_writable('../config.php')) {
00041                         array_push($aFound, 'config.php should be non-writable (chmod to 444)');
00042                 }
00043                 if (sizeof($aFound) > 0)
00044                 {
00045                         startUpError(
00046                                 '<p>One or more of the Nucleus installation files are still present on the webserver, or are writable.</p><p>You should remove these files or change their permissions to ensure security. Here are the files that were found by Nucleus</p> <ul><li>'. implode($aFound, '</li><li>').'</li></ul><p>If you don\'t want to see this error message again, without solving the problem, set <code>$CONF[\'alertOnSecurityRisk\']</code> in <code>globalfunctions.php</code> to <code>0</code>, or do this at the end of <code>config.php</code>.</p>',
00047                                 'Security Risk'
00048                         );
00049                 }
00050         }
00051 
00052         $bNeedsLogin = false;
00053         $bIsActivation = in_array($action, array('activate', 'activatesetpwd'));
00054 
00055         if ($action == 'logout')
00056                 $bNeedsLogin = true;
00057 
00058         if (!$member->isLoggedIn() && !$bIsActivation)
00059                 $bNeedsLogin = true;
00060 
00061         // show error if member cannot login to admin
00062         if ($member->isLoggedIn() && !$member->canLogin() && !$bIsActivation) {
00063                 $error = _ERROR_LOGINDISALLOWED;
00064                 $bNeedsLogin = true;
00065         }
00066 
00067         if ($bNeedsLogin)
00068         {
00069                 setOldAction($action);  // see ADMIN::login() (sets old action in POST vars)
00070                 $action = 'showlogin';
00071         }
00072 
00073         sendContentType('text/html', 'admin-' . $action);
00074 
00075         $admin = new ADMIN();
00076         $admin->action($action);
00077 ?>
nucleus/index.php
