YaWK  24.1
Yet another WebKit
index.php
Go to the documentation of this file.
1 <?php
2 
3 use YAWK\alert;
4 use YAWK\backend;
5 use YAWK\sys;
6 
7 session_start();
8 header('Cache-control: private'); // OLD IE (6+) FIX
9 error_reporting(E_ALL ^ E_STRICT); // just for development purpose!!!
10 ini_set('display_errors', 1); // DISPLAY ALL ERRORS - DEVELOPMENT ONLY!!!
11 // error_reporting(0); // no error reporting
12 $loadingTime = microtime(true); // scripting start time (var gets used for benchmark, if enabled)
13 
14 /* include controller classes */
15 require_once '../system/classes/db.php'; // database
16 require_once '../system/classes/AdminLTE.php'; // admin LTE backend
17 require_once '../system/classes/alert.php'; // custom alert and info boxes
18 require_once '../system/classes/settings.php'; // (system) settings class
19 require_once '../system/classes/language.php'; // language class
20 require_once '../system/classes/backend.php'; // backend methods and helpers
21 require_once '../system/classes/dashboard.php'; // dashboard methods
22 require_once '../system/classes/user.php'; // user class: methods to add, edit, modify users
23 require_once '../system/classes/page.php'; // pages class: methods to add edit, modify pages
24 require_once '../system/classes/menu.php'; // menu class: methods to add, edit, display menus
25 require_once '../system/classes/email.php'; // simple email helper class
26 require_once '../system/classes/plugin.php'; // plugin class: methods to handle and interact w plugins
27 require_once '../system/classes/widget.php'; // widget class: methods to handle and interact w widgets
28 require_once '../system/classes/template.php'; // template class: methods to add, edit and handle templates
29 require_once '../system/classes/controller.php'; // basic controller class
30 require_once '../system/classes/filemanager.php'; // filemanager class: methods to add, edit, upload and handle files
31 require_once '../system/classes/sys.php'; // system class: methods and helpers for overall system use
32 require_once '../system/classes/update.php'; // update class: functions used to update the system
33 // PREPARE OBJECTS
34 // database object
35 if (!isset($db))
36 { // create new db obj if none exists
37  $db = new \YAWK\db();
38 }
39 // language object
40 if (!isset($lang) || (empty($lang)))
41 { // create new language obj if none exists
42  $language = new YAWK\language();
43  // init language
44  $language->init($db, "backend");
45  // convert object param to array !important
46  $lang = (array) $language->lang;
47 }
48 
49 // user object
50 if (!isset($user))
51 { // create new user obj if none exists
52  $user = new \YAWK\user($db);
53 }
54 
55 // page object
56 if (!isset($page))
57 { // create new page obj if none exists
58  $page = new \YAWK\page();
59 }
60 
61 // Admin LTE Backend
62 if (!isset($AdminLTE))
63 {
64  // create AdminLTE object
65  $AdminLTE = new \YAWK\BACKEND\AdminLTE($db);
66  // html head (html start, js includes asf...)
67  echo $AdminLTE->drawHtmlHead();
68 
69  // only show this, if session login is set and true
70  if (isset($_SESSION['logged_in']) && ($_SESSION['logged_in'] === true))
71  {
72  // check if username, session and user id are set
73  if (isset($_SESSION['username']) && (isset($_SESSION['gid']) && (isset($_SESSION['uid']))))
74  {
75  // get user properties
76  $user->loadProperties($db, $_SESSION['username']);
77 
78  // draw AdminLTE Template from top to bottom
79  // body markup
80  echo $AdminLTE->drawHtmlBody();
81  // logo markup
82  echo $AdminLTE->drawHtmlLogo($db, $lang);
83  // navbar start
84  echo $AdminLTE->drawHtmlNavbar();
85  // navbar right menu start
86  echo $AdminLTE->drawHtmlNavbarRightMenu();
87 
88  // navbar: draw preview icon
89  echo $AdminLTE->drawHtmlNavbarBackupIcon($lang);
90 
91  // navbar: draw preview icon
92  echo $AdminLTE->drawHtmlNavbarPreviewIcon($lang);
93 
94  // check if messaging is enabled
95  if (\YAWK\settings::getSetting($db, "backendMessagesMenu") == 1)
96  { // ok, draw msg icon and message navbar in upper right corner
97  echo $AdminLTE->drawHtmlNavbarMessagesMenu($db, $lang);
98  }
99 
100  // check if webmail is enabled
101  if (\YAWK\settings::getSetting($db, "webmail_active") == 1)
102  { // ok, draw msg icon and message navbar in upper right corner
103  echo $AdminLTE->drawHtmlNavbarWebmailMenu($db, $lang);
104  }
105 
106  // check, if backend notification is enabled
107  if (\YAWK\settings::getSetting($db, "backendNotificationMenu") == 1)
108  { // draw notification menu, in upper right corner
109  echo $AdminLTE->drawHtmlNavbarNotificationsMenu($db, $user, $lang);
110  }
111 
112  // user account menu
113  echo $AdminLTE->drawHtmlNavbarUserAccountMenu($db, $user);
114  // end navbar header
115  echo $AdminLTE->drawHtmlNavbarHeaderEnd();
116  // left sidebar (main menu)
117  echo $AdminLTE->drawHtmlLeftSidebar($db, $user, $lang);
118  // content header
119  echo $AdminLTE->drawHtmlContentHeader($lang);
120  // content breadcrumbs
121  echo $AdminLTE->drawHtmlContentBreadcrumbs();
122  // html content (main page)
123  echo $AdminLTE->drawHtmlContent($db, $lang, $user);
124 
125  // check, if footer should be displayed
126  if (\YAWK\settings::getSetting($db, "backendFooter") == 1)
127  { // draw footer at bottom of page
128  echo $AdminLTE->drawHtmlFooter($db);
129  }
130 
131  // right sidebar
132  echo $AdminLTE->drawHtmlRightSidebar($lang);
133  // additional js includes at the bottom
134  echo $AdminLTE->drawHtmlJSIncludes();
135  // html end
136  echo $AdminLTE->drawHtmlEnd($db);
137  }
138  else
139  {
140  // session username, gid and / or user is is not set - throw alert and draw login box
141  alert::draw("warning", "Warning :", "It seems that you are not logged in correctly. Please try to re-login!","","8000");
142  }
143  }
144  else
145  {
146  // user is not logged in - set a basic body markup and display login box
147  // body markup
148  echo "<body style=\"background-color: #ecf0f5\">
149 ";
150 
151  // reset password email request
152  if (isset($_POST['resetPasswordRequest']))
153  {
154  if (!empty($_POST['number1'] && (!empty($_POST['number2']) && (!empty($_POST['captcha'])))))
155  {
156  $number1 = $_POST['number1'];
157  $number2 = $_POST['number2'];
158  $captcha = $_POST['captcha'];
159  if ($captcha != ($number1 + $number2))
160  { // error: captcha failed
161  alert::draw("danger", $lang['ERROR'], $lang['CAPTCHA_FAILED'], "", 3800);
162  }
163  else
164  { // captcha solved, send reset email
165  if ($user::sendResetEmail($db, $_POST['username'], $_POST['email'], $lang) == true)
166  { // email sent
167  alert::draw("success", "$lang[EMAIL_SENT]", "$lang[PLEASE_CHECK_YOUR_INBOX]", "", 2400);
168  }
169  else
170  { // error: sending reset email failed
171  alert::draw("danger", $lang['ERROR'], $lang['PASSWORD_RESET_FAILED'], "", 3800);
172  }
173  }
174  }
175  }
176 
177  // reset password requested (from email link)
178  if (isset($_GET['resetPassword'])) {
179  // check if reset token is set
180  if (!empty($_GET['token']) && (is_string($_GET['token']))) {
181  // check if sent token is equal to saved token
182  if ($user::checkResetToken($db, $_GET['token']) === true) {
183  // draw reset password form
184  echo $_GET['token'];
185  // echo \YAWK\backend::drawPasswordResetForm($db, $lang);
186  // end section markup
187  echo "<br><br></section></div>";
188  // output js includes at bottom of page
189  echo $AdminLTE->drawHtmlJSIncludes();
190  // html output end
191  echo $AdminLTE->drawHtmlEnd($db);
192  exit;
193  }
194  else { // ERROR: token does not match with database - throw error
195  alert::draw("danger", $lang['ERROR'], $lang['PASSWORD_RESET_TOKEN_INVALID'], "", 3800);
196  }
197  }
198  }
199 
200  // check if the current user is logged in
201  if (backend::checkLogin($db) === false)
202  {
203  // USER BAN (client side)
204  // if the user has failed to login more than 5 times, ban them for 60 minutes
205  if (!isset($_SESSION['failed']))
206  { // prepare session var
207  $_SESSION['failed'] = 0;
208  }
209  if (!isset($_SESSION['lockout_until']))
210  { // reset lockout time
211  $_SESSION['lockout_until'] = 0;
212  }
213 
214  if (isset($_POST['user']) && (!empty($_POST['user']))){
215  $user->currentuser = $_POST['user'];
216  }
217 
218  // do not allow login attempts if the user is currently banned
219  if (time() < $_SESSION['lockout_until'])
220  { // inform the user that he is banned
221  alert::draw("danger", "ACCESS DENIED", "You have reached the maximum number of login attempts. You have been banned for 60 minutes.<br>Your IP ".$_SERVER['REMOTE_ADDR']." / ".$_SERVER['REMOTE_HOST']." has been logged.", "", 0);
222  // add syslog entry
223  sys::setSyslog($db, 12, 2, "Possible brute force client ".$_SERVER['REMOTE_ADDR']." ".$_SERVER['REMOTE_HOST']." banned.", 0, 0, 0, 0);
224  }
225  else
226  { // draw login box
227  echo backend::drawLoginBox($db, $lang);
228  }
229  // end section markup
230  echo "<br><br></section></div>";
231 
232  // output js includes at bottom of page
233  echo $AdminLTE->drawHtmlJSIncludes();
234 
235  // html output end
236  echo $AdminLTE->drawHtmlEnd($db);
237  exit;
238  }
239  else {
240  // add syslog entry for successful login
241  alert::draw("success", $lang['SUCCESS'], $lang['LOGIN']." ".$lang['SUCCESSFUL'], "index.php", 1200);
242  }
243  }
244 
245 
246 
247 
248  // draw login box
249  // echo \YAWK\backend::drawLoginBox($db, $lang);
250 // end section markup
251 // echo "<br><br></section></div>";
252 //
253 //// output js includes at bottom of page
254 // echo $AdminLTE->drawHtmlJSIncludes();
255 //
256 //// html output end
257 // echo $AdminLTE->drawHtmlEnd($db);
258 // exit;
259 
260 }
261 /* END /admin index controller */
$lang
print $lang['FILEMAN_UPLOAD']
Definition: filemanager.php:385
$loadingTime
$loadingTime
Definition: index.php:12
YAWK\alert
Throws a fancy Bootstrap Alert (success, info, warning or danger)
Definition: alert.php:19
YAWK\backend
Backend class serves a few useful functions for the admin backend.
Definition: backend.php:27
YAWK\language
The language class - support multilingual backend.
Definition: language.php:17
YAWK\sys
The sys class - handles yawk's system core functions.
Definition: sys.php:17
exit
exit
Definition: message-fetch.php:17
YAWK
This class serves methods to create backup from files.
Definition: AdminLTE.php:2
$_GET
print $_GET['id']
Definition: page-edit.php:357
$page
$page
Definition: pages.php:355