<?php
/*
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
- * Copyright (C) 2002-2007 The Nucleus Group
+ * Copyright (C) 2002-2009 The Nucleus Group
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*/
/**
* @license http://nucleuscms.org/license.txt GNU General Public License
- * @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: index.php,v 1.9 2008-02-08 09:31:22 kimitake Exp $
+ * @copyright Copyright (C) 2002-2009 The Nucleus Group
+ * @version $Id$
* $NucleusJP: index.php,v 1.8.2.1 2007/09/07 07:36:09 kimitake Exp $
*/
// we are using admin stuff:
// include the admin code
include('../config.php');
- if ($CONF['alertOnSecurityRisk'] == 1)
- {
+ if ($CONF['alertOnSecurityRisk'] == 1) {
// check if files exist and generate an error if so
$aFiles = array(
- '../install.sql' => 'install.sql should be deleted',
- '../install.php' => 'install.php should be deleted',
- 'upgrades' => 'nucleus/upgrades directory should be deleted',
- 'convert' => 'nucleus/convert directory should be deleted'
+ '../install.sql' => _ERRORS_INSTALLSQL,\r
+ '../install.php' => _ERRORS_INSTALLPHP,\r
+ 'upgrades' => _ERRORS_UPGRADESDIR,\r
+ 'convert' => _ERRORS_CONVERTDIR\r
);
$aFound = array();
- foreach($aFiles as $fileName => $fileDesc)
- {
+ foreach($aFiles as $fileName => $fileDesc) {
if (@file_exists($fileName))
array_push($aFound, $fileDesc);
}
if (@is_writable('../config.php')) {
- array_push($aFound, 'config.php should be non-writable (chmod to 444)');
+ array_push($aFound, _ERRORS_CONFIGPHP);
}
- if (sizeof($aFound) > 0)
- {
+ if (sizeof($aFound) > 0) {
startUpError(
- '<p>One or more of the Nucleus installation files are still present on the webserver, or are writable.</p><p>You should remove these files or change their permissions to ensure security. Here are the files that were found by Nucleus</p> <ul><li>'. implode($aFound, '</li><li>').'</li></ul><p>If you don\'t want to see this error message again, without solving the problem, set <code>$CONF[\'alertOnSecurityRisk\']</code> in <code>globalfunctions.php</code> to <code>0</code>, or do this at the end of <code>config.php</code>.</p>',
- 'Security Risk'
+ _ERRORS_STARTUPERROR1. implode($aFound, '</li><li>')._ERRORS_STARTUPERROR2,\r
+ _ERRORS_STARTUPERROR3\r
);
}
}
- $bNeedsLogin = false;
+ $bNeedsLogin = false;
$bIsActivation = in_array($action, array('activate', 'activatesetpwd'));
- if ($action == 'logout')
- $bNeedsLogin = true;
+ if ($action == 'logout') {
+ $bNeedsLogin = true;\r
+ }
- if (!$member->isLoggedIn() && !$bIsActivation)
- $bNeedsLogin = true;
+ if (!$member->isLoggedIn() && !$bIsActivation) {
+ $bNeedsLogin = true;\r
+ }
// show error if member cannot login to admin
if ($member->isLoggedIn() && !$member->canLogin() && !$bIsActivation) {
- $error = _ERROR_LOGINDISALLOWED;
+ $error = _ERROR_LOGINDISALLOWED;
$bNeedsLogin = true;
}
- if ($bNeedsLogin)
- {
+ if ($bNeedsLogin) {
setOldAction($action); // see ADMIN::login() (sets old action in POST vars)
$action = 'showlogin';
}
OSDN Git Service
