44 $pth[
'folder'][
'templates'] = $pth[
'folder'][
'base'] .
'templates/';
45 $template = $tx[
'subsite'][
'template'] ==
'' 46 ? $cf[
'site'][
'template']
47 : $tx[
'subsite'][
'template'];
48 $pth[
'folder'][
'template'] = $pth[
'folder'][
'templates'] . $template .
'/';
49 $pth[
'file'][
'template'] = $pth[
'folder'][
'template'] .
'template.htm';
50 $pth[
'file'][
'stylesheet'] = $pth[
'folder'][
'template'] .
'stylesheet.css';
51 $pth[
'folder'][
'menubuttons'] = $pth[
'folder'][
'template'] .
'menu/';
52 $pth[
'folder'][
'templateimages'] = $pth[
'folder'][
'template'] .
'images/';
53 $pth[
'folder'][
'templateflags'] = $pth[
'folder'][
'template'] .
'flags/';
70 if (file_exists($pth[
'file'][
'search'])) {
72 include $pth[
'file'][
'search'];
74 $title = $tx[
'title'][
'search'];
108 if ($cf[
'mailform'][
'email'] !=
'') {
109 $title = $tx[
'title'][
'mailform'];
110 $o .=
"\n" .
'<div id="xh_mailform">' .
"\n";
111 $o .=
'<h1>' . $title .
'</h1>' .
"\n";
114 $o .=
'</div>' .
"\n";
147 $title = $tx[
'title'][
'sitemap'];
149 $o .=
'<h1>' . $title .
'</h1>' .
"\n";
151 if (!
hide(
$i) || $cf[
'show_hidden'][
'pages_sitemap'] ==
'true') {
155 $o .=
li($pages,
'sitemaplevel');
165 $passwordForgotten = $this->makePasswordForgotten();
166 $passwordForgotten->dispatch();
195 $keycut =
stsl($keycut);
196 if ($login && $keycut ==
'' && !$adm) {
201 if ($login && !$adm) {
202 $this->handleLogin();
203 } elseif ($logout && $adm) {
204 $this->handleLogout();
223 if (password_verify($keycut, $cf[
'security'][
'password'])) {
226 session_regenerate_id(
true);
227 $_SESSION[
'xh_password'] = $cf[
'security'][
'password'];
228 $_SESSION[
'xh_user_agent'] = md5($_SERVER[
'HTTP_USER_AGENT']);
231 $written =
XH_logMessage(
'info',
'XH',
'login',
'login from ' . $_SERVER[
'REMOTE_ADDR']);
233 e(
'cntwriteto',
'log', $pth[
'file'][
'log']);
237 $f =
'xh_login_failed';
238 XH_logMessage(
'warning',
'XH',
'login',
'login failed from ' . $_SERVER[
'REMOTE_ADDR']);
257 if ($logout !=
'no_backup') {
263 session_regenerate_id(
true);
264 unset($_SESSION[
'xh_password']);
265 $o .=
XH_message(
'success', $tx[
'login'][
'loggedout']);
277 header(
'Content-Type: text/plain');
299 } elseif (($su ==
'' || $su ==
'sitemap') && $sitemap) {
301 } elseif (($su ==
'' || $su ==
'mailform')
302 && ($mailform || $function ==
'mailform')
305 } elseif ($function ==
'search') {
307 } elseif ($function ==
'forgotten') {
344 if ($function ==
'save') {
346 } elseif ($downloads || $function ==
'downloads') {
348 } elseif ($images || $function ==
'images') {
350 } elseif ($userfiles) {
354 } elseif ($phpinfo) {
356 } elseif ($sysinfo) {
358 } elseif ($xh_pagedata) {
360 } elseif ($xh_backups) {
362 } elseif ($settings) {
364 } elseif ($xh_do_validate) {
366 } elseif ($validate) {
368 } elseif ($xh_change_password) {
369 $f =
'change_password';
370 } elseif ($xh_plugins) {
386 return $s > -1 && isset($_POST[
'save_page_data']);
404 $_XH_csrfProtection->check();
406 unset($postData[
'save_page_data'], $postData[
'xh_csrf_token']);
407 $postData = array_map(
'stsl', $postData);
408 $successful = $pd_router->update($s, $postData);
409 if (isset($_GET[
'xh_pagedata_ajax'])) {
411 echo
XH_message(
'info', $tx[
'message'][
'pd_success']);
413 header(
'HTTP/1.0 500 Internal Server Error');
414 echo
XH_message(
'fail', $tx[
'message'][
'pd_fail']);
419 e(
'cntsave',
'content', $pth[
'file'][
'content']);
437 $pageDataEditor = $this->makePageDataEditor();
438 $o .= $pageDataEditor->process();
464 if ($file ===
'log') {
467 header(
'Content-Type: text/plain; charset=utf-8');
468 echo
rmnl(file_get_contents($pth[
'file'][$file]));
485 $_XH_csrfProtection->check();
486 if ($file ==
'content') {
487 $suffix =
stsl($_POST[
'xh_suffix']);
488 if (preg_match(
'/^[a-z_0-9-]{1,20}$/i', $suffix)) {
508 'config' =>
'XH\CoreConfigFileEdit',
509 'language' =>
'XH\CoreLangFileEdit',
510 'content' =>
'XH\CoreTextFileEdit',
511 'template' =>
'XH\CoreTextFileEdit',
512 'stylesheet' =>
'XH\CoreTextFileEdit' 514 $fileEditor = isset($map[$file])
515 ? $this->makeFileEditor($map[$file])
517 if ($action ==
'save') {
518 $o .= $fileEditor->submit();
520 $o .= $fileEditor->form();
548 $interval = 1000 * (ini_get(
'session.gc_maxlifetime') - 1);
550 <script type=
"text/javascript">
551 if (document.cookie.indexOf(
'status=adm') == -1) {
552 document.write(
'<div class="xh_warning">{$tx['error
']['nocookies
']}<\/div>');
555 <noscript><div
class=
"xh_warning">{$tx[
'error'][
'nojs']}</div></noscript>
556 <script type=
"text/javascript">
557 setInterval(
function() {
558 var request =
new XMLHttpRequest();
560 request.open(
"GET",
"?xh_keep_alive");
588 if (
gc(
'mode') ==
'edit' && !$normal) {
592 if (
gc(
'status') !=
'') {
595 if (
gc(
'mode') ==
'edit') {
613 $_XH_csrfProtection->check();
633 return $edit && (!$f || $f ==
'save') && !$download;
652 $o .=
XH_message(
'info', $tx[
'error'][
'cntlocateheading']) .
"\n";
663 return $this->needsFilebrowser()
664 && $this->isExternalMissing(
'filebrowser');
678 return $f ==
'xhpages' 679 && $this->isExternalMissing(
'pagemanager');
700 private function needsFilebrowser()
704 return $images || $downloads || $userfiles || $media
705 || $edit && (!$f || $f ==
'save') && !$download;
718 private function isExternalMissing($name)
722 return $cf[$name][
'external']
723 && !file_exists($pth[
'folder'][
'plugins'] . $cf[$name][
'external']);
741 $e .=
'<li>' . sprintf($tx[
'error'][
'no' . $name], $cf[$name][
'external'])
767 $adm = $edit =
false;
787 return '<div class="xh_warning">' .
"\n" 788 .
'<ul>' .
"\n" . $e .
'</ul>' .
"\n" .
'</div>' .
"\n";
812 $file = $line = null;
813 if (!headers_sent(
$file, $line)) {
814 header(
'Content-Type: text/html; charset=UTF-8');
815 header(
"Content-Language: $sl");
816 if ($cf[
'security'][
'frame_options'] !=
'') {
817 header(
'X-Frame-Options: ' . $cf[
'security'][
'frame_options']);
820 $location =
$file .
':' . $line;
821 XH_exit(str_replace(
'{location}', $location, $tx[
'error'][
'headers']));
XH_logMessage($type, $module, $category, $description)
XH_saveEditorContents($text)
setFunctionsAsPermitted()
if(!isset($cf['folders']['content'])) if($cf['site']['timezone'] !=='' &&function_exists('date_default_timezone_set')) $sl
reportMissingExternal($name)
const CMSIMPLE_ROOT($temp as $i)
foreach(XH_plugins() as $plugin) $_XH_csrfProtection
handlePasswordForgotten()
XH_message($type, $message)