3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
\r
4 * Copyright (C) 2002-2005 The Nucleus Group
\r
6 * This program is free software; you can redistribute it and/or
\r
7 * modify it under the terms of the GNU General Public License
\r
8 * as published by the Free Software Foundation; either version 2
\r
9 * of the License, or (at your option) any later version.
\r
10 * (see nucleus/documentation/index.html#license for more info)
\r
12 * $Id: index.php,v 1.3 2005-03-16 08:04:14 kimitake Exp $
\r
15 // we are using admin stuff:
\r
17 $CONF['UsingAdminArea'] = 1;
\r
19 // include the admin code
\r
20 include('../config.php');
\r
22 if ($CONF['alertOnSecurityRisk'] == 1)
\r
24 // check if files exist and generate an error if so
\r
26 '../install.sql' => 'install.sql should be deleted',
\r
27 '../install.php' => 'install.php should be deleted',
\r
28 'upgrades' => 'nucleus/upgrades directory should be deleted',
\r
29 'convert' => 'nucleus/convert directory should be deleted'
\r
32 foreach($aFiles as $fileName => $fileDesc)
\r
34 if (@file_exists($fileName))
\r
35 array_push($aFound, $fileDesc);
\r
37 if (@is_writable('../config.php')) {
\r
38 array_push($aFound, 'config.php should be non-writable (chmod to 444)');
\r
40 if (sizeof($aFound) > 0)
\r
43 '<p>One or more of the Nucleus installation files are still present on the webserver, or are writable.</p><p>You should remove these files or change their permissions to ensure security. Here are the files that were found by Nucleus</p> <ul><li>'. implode($aFound, '</li><li>').'</li></ul><p>If you don\'t want to see this error message again, without solving the problem, set <code>$CONF[\'alertOnSecurityRisk\']</code> in <code>globalfunctions.php</code> to <code>0</code>, or do this at the end of <code>config.php</code>.</p>',
\r
49 $bNeedsLogin = false;
\r
50 $bIsActivation = in_array($action, array('activate', 'activatesetpwd'));
\r
52 if ($action == 'logout')
\r
53 $bNeedsLogin = true;
\r
55 if (!$member->isLoggedIn() && !$bIsActivation)
\r
56 $bNeedsLogin = true;
\r
58 // show error if member cannot login to admin
\r
59 if ($member->isLoggedIn() && !$member->canLogin() && !$bIsActivation) {
\r
60 $error = _ERROR_LOGINDISALLOWED;
\r
61 $bNeedsLogin = true;
\r
66 setOldAction($action); // see ADMIN::login() (sets old action in POST vars)
\r
67 $action = 'showlogin';
\r
70 sendContentType('application/xhtml+xml', 'admin-' . $action);
\r
72 $admin = new ADMIN();
\r
73 $admin->action($action);
\r