Removes some restrictions previously added. Or else we would need a 'userComments' privilege. But that would not make too much sense, since we already work with the lowest group privilege here. This still is not ready yet, I presume. It needs more finetuning like answer to comments, etc. Please help testing. References #385
		
			
				
	
	
		
			256 lines
		
	
	
		
			8.7 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			256 lines
		
	
	
		
			8.7 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 | |
| # All rights reserved.  See LICENSE file for licensing details
 | |
| 
 | |
| define('IN_installer', true);
 | |
| define('IN_upgrader', true);
 | |
| define('IN_serendipity', true);
 | |
| define('IN_serendipity_admin', true);
 | |
| include('serendipity_config.inc.php');
 | |
| 
 | |
| header('Content-Type: text/html; charset=' . LANG_CHARSET);
 | |
| 
 | |
| if (IS_installed === false) {
 | |
|     require_once(S9Y_INCLUDE_PATH . 'include/functions.inc.php');
 | |
| } else {
 | |
|     if (defined('IS_up2date') && IS_up2date === true) {
 | |
|         serendipity_plugin_api::hook_event('backend_configure', $serendipity);
 | |
|     }
 | |
| }
 | |
| 
 | |
| if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') {
 | |
|     serendipity_logout();
 | |
|     header("Location: ".$serendipity['baseURL']);
 | |
| } else {
 | |
|     if (IS_installed === true) {
 | |
|         /* Check author token to insure session not hijacked */
 | |
|         if (!isset($_SESSION['author_token']) || !isset($serendipity['COOKIE']['author_token']) ||
 | |
|             ($_SESSION['author_token'] !== $serendipity['COOKIE']['author_token'])) {
 | |
|             $_SESSION['serendipityAuthedUser'] = false;
 | |
|             serendipity_session_destroy();
 | |
|         }
 | |
|         if (!serendipity_userLoggedIn()) {
 | |
|             // Try again to log in, this time with enabled external authentication event hook
 | |
|             serendipity_login(true);
 | |
|         }
 | |
|     }
 | |
| }
 | |
| 
 | |
| // If we are inside an iframe, halt the script
 | |
| if (serendipity_is_iframe() !== false) {
 | |
|     include_once S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php';
 | |
|     // An iframe may NOT contain <html> and </html> tags, that's why we emit different headers here than on serendipity_admin.php
 | |
| 
 | |
|     // We need to restore GET/POST variables to that depending plugins inside the iframe
 | |
|     // can still fetch all that variables; and we also tighten security by not allowing
 | |
|     // to pass any different GET/POST variables to our iframe.
 | |
|     $iframe_mode         = $serendipity['GET']['iframe_mode'];
 | |
|     $serendipity['POST'] = &$_SESSION['save_entry_POST'];
 | |
|     $serendipity['GET']  = &$_SESSION['save_entry_POST']; // GET-Vars are the same as POST to ensure compatibility.
 | |
|     $serendipity['hidefooter'] = true;
 | |
|     ignore_user_abort(true);
 | |
|     echo serendipity_iframe($_SESSION['save_entry'], $iframe_mode);
 | |
|     return true;
 | |
| }
 | |
| 
 | |
| if (isset($serendipity['GET']['no_smarty']) || isset($serendipity['no_smarty'])) {
 | |
|     $_SESSION['no_smarty'] = true;
 | |
| }
 | |
| 
 | |
| if (defined('IS_up2date') && IS_up2date === true && IS_installed === true) {
 | |
|     $admin_installed = true;
 | |
| } else {
 | |
|     $admin_installed = false;
 | |
| }
 | |
| 
 | |
| $is_logged_in = serendipity_userLoggedIn();
 | |
| 
 | |
| if ($is_logged_in) {
 | |
|     $self_info = sprintf(USER_SELF_INFO, serendipity_specialchars($serendipity['serendipityUser']), $serendipity['permissionLevels'][$serendipity['serendipityUserlevel']]);
 | |
| } else {
 | |
|     $self_info = '';
 | |
| }
 | |
| 
 | |
| $serendipity['ajax'] = $ajax = (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
 | |
| $no_banner = (isset($serendipity['GET']['noBanner']) || isset($serendipity['POST']['noBanner']));
 | |
| $no_sidebar = (isset($serendipity['GET']['noSidebar']) || isset($serendipity['POST']['noSidebar']));
 | |
| $no_footer = (isset($serendipity['GET']['noFooter']) || isset($serendipity['POST']['noFooter']));
 | |
| 
 | |
| $use_installer = (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2date === false );
 | |
| 
 | |
| $post_action = $serendipity['POST']['action'];
 | |
| 
 | |
| $main_content = '';
 | |
| if (!$use_installer && $is_logged_in) {
 | |
|     if (!isset($serendipity['GET']['adminModule'])) {
 | |
|         $serendipity['GET']['adminModule'] = (isset($serendipity['POST']['adminModule']) ? $serendipity['POST']['adminModule'] : '');
 | |
|     }
 | |
| 
 | |
|     ob_start();
 | |
|     serendipity_checkXSRF();
 | |
| 
 | |
|     switch($serendipity['GET']['adminModule']) {
 | |
|         case 'installer':
 | |
|         case 'configuration':
 | |
|             if (!serendipity_checkPermission('siteConfiguration') && !serendipity_checkPermission('blogConfiguration')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/configuration.inc.php';
 | |
|             $admin_section = CONFIGURATION;
 | |
|             break;
 | |
| 
 | |
|         case 'media':
 | |
|         case 'images':
 | |
|             if (!serendipity_checkPermission('adminImages')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/images.inc.php';
 | |
|             $admin_section = MEDIA;
 | |
|             break;
 | |
| 
 | |
|         case 'templates':
 | |
|             if (!serendipity_checkPermission('adminTemplates')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/templates.inc.php';
 | |
|             $admin_section = MANAGE_STYLES;
 | |
|             break;
 | |
| 
 | |
|         case 'plugins':
 | |
|             if (!serendipity_checkPermission('adminPlugins')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/plugins.inc.php';
 | |
|             $admin_section = CONFIGURE_PLUGINS;
 | |
|             break;
 | |
| 
 | |
|         case 'users':
 | |
|             if (!serendipity_checkPermission('adminUsers')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/users.inc.php';
 | |
|             $admin_section = MANAGE_USERS;
 | |
|             break;
 | |
| 
 | |
|         case 'groups':
 | |
|             if (!serendipity_checkPermission('adminUsersGroups')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/groups.inc.php';
 | |
|             $admin_section = MANAGE_GROUPS;
 | |
|             break;
 | |
| 
 | |
|         case 'personal':
 | |
|             if (!serendipity_checkPermission('personalConfiguration')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/personal.inc.php';
 | |
|             $admin_section = PERSONAL_SETTINGS;
 | |
|             break;
 | |
| 
 | |
|         case 'import':
 | |
|             if (!serendipity_checkPermission('adminImport')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/import.inc.php';
 | |
|             $admin_section = IMPORT_ENTRIES;
 | |
|             break;
 | |
| 
 | |
|         case 'entries':
 | |
|             if (!serendipity_checkPermission('adminEntries')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/entries.inc.php';
 | |
|             $admin_section = ADMIN_ENTRIES;
 | |
|             break;
 | |
| 
 | |
|         case 'comments':
 | |
|             // perms are checked by author
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/comments.inc.php';
 | |
|             $admin_section = COMMENTS;
 | |
|             break;
 | |
| 
 | |
|         case 'category':
 | |
|         case 'categories':
 | |
|             if (!serendipity_checkPermission('adminCategories')) {
 | |
|                 break;
 | |
|             }
 | |
| 
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/category.inc.php';
 | |
|             $admin_section = CATEGORIES;
 | |
|             break;
 | |
| 
 | |
|         case 'logout':
 | |
|             echo LOGGEDOUT;
 | |
|             break;
 | |
| 
 | |
|         case 'event_display':
 | |
|             if ($serendipity['no_create'] !== true) {
 | |
|                 serendipity_plugin_api::hook_event('backend_sidebar_entries_event_display_' . $serendipity['GET']['adminAction'], $serendipity);
 | |
|             }
 | |
|             break;
 | |
| 
 | |
|         case 'maintenance':
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/maintenance.inc.php';
 | |
|             $admin_section = MENU_MAINTENANCE;
 | |
|             break;
 | |
| 
 | |
|         default:
 | |
|             include S9Y_INCLUDE_PATH . 'include/admin/overview.inc.php';
 | |
|             $admin_section = ADMIN_FRONTPAGE;
 | |
|             break;
 | |
|     }
 | |
| 
 | |
|     $main_content = ob_get_contents();
 | |
|     ob_end_clean();
 | |
| }
 | |
| 
 | |
| if ($ajax) {
 | |
|     // if that is an ajax request we can stop here, since we by convention don't want to wrap the content in the usual backend code
 | |
|     echo $main_content;
 | |
| 
 | |
| } elseif (!$use_installer) {
 | |
| 
 | |
|     $poll_admin_vars = array('main_content', 'no_banner', 'no_sidebar', 'no_footer', 'post_action', 'is_logged_in', 'admin_installed', 'self_info', 'use_installer', 'title');
 | |
|     $admin_vars      = array();
 | |
| 
 | |
|     foreach($poll_admin_vars AS $poll_admin_var) {
 | |
|         $admin_vars[$poll_admin_var] =& $$poll_admin_var;
 | |
|     }
 | |
| 
 | |
|     $admin_vars['out']       = array();
 | |
|     $admin_vars['no_create'] = $serendipity['no_create'];
 | |
|     $admin_vars['title']     = $admin_section;
 | |
| 
 | |
|     if ($serendipity['expose_s9y']) {
 | |
|         $admin_vars['version_info'] = sprintf(ADMIN_FOOTER_POWERED_BY, $serendipity['versionInstalled'], phpversion());
 | |
|     } else {
 | |
|         $admin_vars['version_info'] = sprintf(ADMIN_FOOTER_POWERED_BY, '', '');
 | |
|     }
 | |
| 
 | |
|     if (!is_object($serendipity['smarty'])) {
 | |
|         serendipity_smarty_init();
 | |
|     }
 | |
|     $serendipity['smarty']->assignByRef('admin_vars', $admin_vars);
 | |
|     $serendipity['smarty']->display(serendipity_getTemplateFile('admin/index.tpl', 'serendipityPath'));
 | |
| 
 | |
| } else {
 | |
| 
 | |
|     if (IS_installed === false) {
 | |
|         $file = 'include/admin/installer.inc.php';
 | |
|     } elseif ( IS_up2date === false ) {
 | |
|         $file = 'include/admin/upgrader.inc.php';
 | |
|     }
 | |
|     require(S9Y_INCLUDE_PATH . $file);
 | |
| 
 | |
| }
 |