File: D:/HostingSpaces/PvdBoogaard/indoorski.nl/backup/oude-site/cms/admin/init.php
<?php
/**
* This is the index.php file for the control panel. It directs all requests in the control panel
* with the exception of ajax requests which are handled by the remote.php file.
*
* @package IWP
*/
require_once(dirname(dirname(__FILE__)) . '/api/iwp.php');
// set sessions to an hour (if possible)
@ini_set('session.gc_maxlifetime', 3600);
// Declare that we are in the control panel
// If this is not set by the time common.defines.php is (fron the IWP::Init() call), it is set to false
define('IN_CONTROL_PANEL', true);
// A white list of available sections/classes to be called
$whitelist_section = array(
'categories',
'content',
'contenttypes',
'modules',
'module',
'user',
'settings',
'tools',
'auth',
'groups',
'lists',
'layout',
'install',
'importer',
'imagemanager',
'tools',
'maintenance',
'home'
);
// A white list of available actions
$whitelist_action = array(
'view',
'saveform',
'edit',
'create',
'delete',
'deletesingle',
'deletemulti',
'saveedit',
'createview',
'logout',
'viewlist',
'saveview',
'editview',
'deletefile',
'sitelayout',
'editblock',
'showboxform',
'configure',
'search',
'custom',
'import',
'disclaimers',
'runtask',
'finishimport',
'cancel',
'rollback',
'rollbacktask',
'systeminformation',
'rewritehelp',
'viewbackups',
);
// debug mode on/off
IWP::Set('DebugMode', false);
// set the language file
if (isset($_GET['section']) && in_array($_GET['section'], $whitelist_section, true)) {
IWP::Set('LangFile', 'admin.common,'.'admin.'.$_GET['section']);
}else{
IWP::Set('LangFile', 'admin.common');
}
// initialise the application
IWP::Init();
// Check if the application has been installed yet or not
if(!IWP::isInstalled()){
// It hasn't been installed, lets go to the installer
if (!isset($_GET['a']) || $_GET['a'] != 'sessionCheck') {
$_SESSION['CHECK_SESSION_CHECK'] = true;
header('Location: '.$_SERVER['PHP_SELF'].'?a=sessionCheck§ion=install');
die();
}
// load the install specific language variables
iwp_language::getInstance()->Load('admin.install');
// we need to disable events as they aren't initalized until the installer runs
iwp_template::getInstance()->DisableEvents = true;
// the installer doesn't autoload
include(dirname(__FILE__) . '/includes/classes/class.install.php');
$install = new iwp_install();
$install->lang->Load('admin.install');
if (@$_GET['action'] == 'filecheck') {
$install->RemoteFileCheck();
} else {
$install->StartInstall();
}
die();
}
if(isset($_GET['section']) && $_GET['section'] == 'install'){
header('Location: index.php');
die();
}
/**
* In order to prevent cross-domain problems with cookies, we'll make sure
* The user is using the correct URL to access the admin, i.e. the one in their config
*/
$requestHost = $_SERVER["HTTP_HOST"];
$configPathInfo = parse_url(GetConfig('siteURL'));
if($requestHost !== stricmp($configPathInfo['host'], $requestHost)){
if(!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off"){
$protocol = 'http://';
}else{
$protocol = 'https://';
}
if('www.'.$requestHost === $configPathInfo['host']){
// they accessed the admin without the www. when the should have accessed
// with it!
$currentPath = 'www.'.$requestHost;
header('Location: ' . $protocol . $currentPath . $_SERVER['REQUEST_URI']);
die();
}elseif(substr($requestHost,4) == $configPathInfo['host']){
// they accessed the admin with the www. when the should have accessed
// without it!
$currentPath = substr($requestHost,4);
header('Location: ' . $protocol . $currentPath . $_SERVER['REQUEST_URI']);
die();
}
}
// Load the user data from the session
$auth = iwp_admin_auth::getInstance();
if(!$auth->IsLoggedIn()) {
if(isset($_POST['submit_login'])){
// They've just submitted the login form
$auth->DoLogin();
}elseif(isset($_GET['forgotpass'])) {
// They forgot their password
$auth->ForgotPassword();
}elseif(isset($_GET['forgotpassconfirm'])) {
// They forgot their password
$auth->ForgotPasswordConfirm();
}else{
if(isset($_GET['section']) && isset($_GET['action'])){
// if they tried to access a specific page, store it in a cookie while the login so we can redirect them to it.
$cookiePrefix = iwp_config::Get('cookiePrefix');
setcookie($cookiePrefix . "redirectPage", $_SERVER["QUERY_STRING"]);
}
if(sizeof($_POST) > 1){
// save any post data that was sent so it can be reset when they login
iwp_session::Set('__postData', serialize($_POST));
}
if(sizeof($_GET) > 1){
// save any get data that was sent so it can be reset when they login
iwp_session::Set('__getData', serialize($_GET));
}
$auth->ShowLoginPage();
}
die();
} else {
// logged in, we need to set up the main menus
$auth->template->Assign(array('menu', 'Text'), iwp_admin_navigation::getInstance()->GetTextMenu());
$auth->template->Assign(array('menu', 'DropDown'), iwp_admin_navigation::getInstance()->GetDropDownMenu());
}
$auth->LoadUserData(mysql_user_row());
$section = iwp_validation::FilterAlpha(@$_GET['section']);
$action = iwp_validation::FilterAlphaNumeric(@$_GET['action']);
$classname = 'iwp_admin_'.$section;
iwp_event::trigger(new iwp_event_admin_index_beforetemplate());
if((isset($_GET['section']) && !in_array($section, $whitelist_section)) || (isset($_GET['action']) &&!in_array(iwp_strtolower($action), $whitelist_action))) {
iwp_admin_home::getInstance()->ShowDashboard(GetLang('InvalidUrlSelected'), MSG_ERROR);
die();
}
if (defined('PRODUCT_EDITION')) {
iwp_template::getInstance()->Assign('adminEditionTitle', ' ('. PRODUCT_EDITION .' '. GetLang('EditionEdition') .')');
}
if(!isset($_GET['section'])){
// must be home page
iwp_admin_home::getInstance()->ShowDashboard();
die();
}
$class = call_user_func(array($classname, 'getInstance'));
iwp_template::getInstance()->Assign('section', $section);
iwp_template::getInstance()->Assign('action', $action);
// Finally, call the class and the function
$class->$action();
iwp_event::trigger(new iwp_event_admin_index_aftertemplate());