mirror of
https://github.com/icecoder/ICEcoder.git
synced 2026-03-02 14:53:59 +01:00
c335b6b7fb
Extra CodeMirror object child level needs to be checked too plus put into dev mode until I resolve 2nd eval issue on renaming file (occurs in .min.js file)
335 lines
15 KiB
PHP
335 lines
15 KiB
PHP
<?php
|
|
// Display & log all errors
|
|
ini_set('display_errors', 1);
|
|
ini_set('log_errors', 1);
|
|
ini_set('error_log', dirname(__FILE__).'/../error-log.txt');
|
|
error_reporting(-1);
|
|
|
|
// Set our default timezone and supress warning with @
|
|
@date_default_timezone_set(date_default_timezone_get());
|
|
|
|
// Start a session if we haven't already
|
|
if(!isset($_SESSION)) {session_start();}
|
|
|
|
// Logout if that's the action we're taking
|
|
if (isset($_GET['logout'])) {
|
|
$_SESSION['loggedIn']=false;
|
|
session_destroy();
|
|
header("Location: dirname(__FILE__)./?loggedOut");
|
|
}
|
|
|
|
// If magic quotes are still on (attempted to switch off in php.ini)
|
|
if (get_magic_quotes_gpc ()) {
|
|
function stripslashes_deep($value) {
|
|
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
|
|
return $value;
|
|
}
|
|
$_POST = (isset($_POST) && !empty($_POST)) ? array_map('stripslashes_deep', $_POST) : array();
|
|
$_GET = (isset($_GET) && !empty($_GET)) ? array_map('stripslashes_deep', $_GET) : array();
|
|
$_COOKIE = (isset($_COOKIE) && !empty($_COOKIE)) ? array_map('stripslashes_deep', $_COOKIE) : array();
|
|
$_REQUEST = (isset($_REQUEST) && !empty($_REQUEST)) ? array_map('stripslashes_deep', $_REQUEST) : array();
|
|
}
|
|
|
|
// Function to handle salted hashing
|
|
define('SALT_LENGTH',9);
|
|
function generateHash($plainText,$salt=null) {
|
|
if ($salt === null) {
|
|
$salt = substr(md5(uniqid(rand(), true)),0,SALT_LENGTH);
|
|
} else {
|
|
$salt = substr($salt,0,SALT_LENGTH);
|
|
}
|
|
return $salt.sha1($salt.$plainText);
|
|
}
|
|
|
|
// returns converted entities which have HTML entity equivalents
|
|
function strClean($var) {
|
|
return htmlentities($var, ENT_QUOTES, "UTF-8");
|
|
}
|
|
|
|
// returns a number, whole or decimal or null
|
|
function numClean($var) {
|
|
return is_numeric($var) ? floatval($var) : false;
|
|
}
|
|
|
|
// Settings are stored in this file
|
|
$settingsTemplate = 'config-template.php';
|
|
$settingsFile = 'config.php';
|
|
if (!file_exists(dirname(__FILE__)."/".$settingsFile)) {
|
|
if (!copy(dirname(__FILE__)."/".$settingsTemplate, dirname(__FILE__)."/".$settingsFile)) {
|
|
die("Couldn't create $settingsFile. Maybe you need write permissions on the lib folder?");
|
|
}
|
|
}
|
|
include(dirname(__FILE__)."/".$settingsFile);
|
|
|
|
// Add ICEcoder settings to beginning of $ICEcoder array
|
|
$ICEcoder = array(
|
|
"versionNo" => "2.3",
|
|
"codeMirrorDir" => "CodeMirror-3.12",
|
|
"demoMode" => false,
|
|
"devMode" => true
|
|
)+$ICEcoder;
|
|
|
|
$onLoadExtras = "";
|
|
$pluginsDisplay = "";
|
|
|
|
if ($ICEcoder['demoMode'] && $ICEcoder['accountPassword']!="") {$_SESSION['loggedIn']=true;};
|
|
$demoMode = $ICEcoder['demoMode'];
|
|
|
|
// Update this config file?
|
|
if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset($_POST["theme"]) && $_POST["theme"]) {
|
|
$settingsContents = file_get_contents($settingsFile);
|
|
// Replace our settings vars
|
|
$repPosStart = strpos($settingsContents,'"root"');
|
|
$repPosEnd = strpos($settingsContents,'"previousFiles"');
|
|
|
|
// Prepare all our vars
|
|
$ICEcoder["root"] = strClean($_POST['root']);
|
|
$ICEcoder["checkUpdates"] = isset($_POST['checkUpdates']) && $_POST['checkUpdates'] ? "true" : "false";
|
|
$ICEcoder["openLastFiles"] = isset($_POST['openLastFiles']) && $_POST['openLastFiles'] ? "true" : "false";
|
|
$ICEcoder["findFilesExclude"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['findFilesExclude']))).'")';
|
|
$ICEcoder["codeAssist"] = isset($_POST['codeAssist']) && $_POST['codeAssist'] ? "true" : "false";
|
|
$ICEcoder["visibleTabs"] = isset($_POST['visibleTabs']) && $_POST['visibleTabs'] ? "true" : "false";
|
|
$ICEcoder["lockedNav"] = isset($_POST['lockedNav']) && $_POST['lockedNav'] ? "true" : "false";
|
|
if ($_POST['accountPassword']!="") {$ICEcoder["accountPassword"] = generateHash(strClean($_POST['accountPassword']));};
|
|
$ICEcoder["bannedFiles"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['bannedFiles']))).'")';
|
|
$ICEcoder["bannedPaths"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['bannedPaths']))).'")';
|
|
$ICEcoder["allowedIPs"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['allowedIPs']))).'")';
|
|
$ICEcoder["plugins"] = 'array('.PHP_EOL.' array('.PHP_EOL.' '.str_replace('====================','),'.PHP_EOL.' array(',$_POST['plugins']).'))';
|
|
$ICEcoder["theme"] = strClean($_POST['theme']);
|
|
$ICEcoder["fontSize"] = strClean($_POST['fontSize']);
|
|
$ICEcoder["lineWrapping"] = strClean($_POST['lineWrapping']);
|
|
$ICEcoder["indentWithTabs"] = strClean($_POST['indentWithTabs']);
|
|
$ICEcoder["indentSize"] = numClean($_POST['indentSize']);
|
|
|
|
$settingsArray = array("root","checkUpdates","openLastFiles","findFilesExclude","codeAssist","visibleTabs","lockedNav","accountPassword","bannedFiles","bannedPaths","allowedIPs","plugins","theme","fontSize","lineWrapping","indentWithTabs","indentSize");
|
|
$settingsNew = "";
|
|
for ($i=0;$i<count($settingsArray);$i++) {
|
|
$settingsNew .= '"'.$settingsArray[$i].'"'.PHP_EOL.' => ';
|
|
$settingWrap = $settingsArray[$i]=="root"||$settingsArray[$i]=="accountPassword"||$settingsArray[$i]=="theme"||$settingsArray[$i]=="fontSize" ? '"' : '';
|
|
$settingsNew .= $settingWrap.$ICEcoder[$settingsArray[$i]].$settingWrap.','.PHP_EOL.PHP_EOL;
|
|
}
|
|
|
|
// Compile our new settings
|
|
$settingsContents = substr($settingsContents,0,$repPosStart).$settingsNew.substr($settingsContents,($repPosEnd),strlen($settingsContents));
|
|
// Now update the config file
|
|
if (is_writeable($settingsFile)) {
|
|
$fh = fopen($settingsFile, 'w');
|
|
fwrite($fh, $settingsContents);
|
|
fclose($fh);
|
|
} else {
|
|
echo "<script>top.ICEcoder.message('Cannot update config file. Please set public write permissions on lib/".$settingsFile." and try again');</script>";
|
|
}
|
|
|
|
// OK, now the config file has been updated, update our current session with new arrays
|
|
$settingsArray = array("findFilesExclude","bannedFiles","allowedIPs");
|
|
for ($i=0;$i<count($settingsArray);$i++) {
|
|
$_SESSION[$settingsArray[$i]] = $ICEcoder[$settingsArray[$i]] = explode(",",str_replace(" ","",strClean($_POST[$settingsArray[$i]])));
|
|
}
|
|
// Work out the theme to use now
|
|
$ICEcoder["theme"]=="default" ? $themeURL = 'lib/editor.css' : $themeURL = $ICEcoder["codeMirrorDir"].'/theme/'.$ICEcoder["theme"].'.css';
|
|
// Do we need a file manager refresh?
|
|
$refreshFM = $_POST['changedFileSettings']=="true" ? "true" : "false";
|
|
// With all that worked out, we can now hide the settings screen and apply the new settings
|
|
echo "<script>top.ICEcoder.settingsScreen('hide');top.ICEcoder.useNewSettings('".$themeURL."',".$ICEcoder["codeAssist"].",".$ICEcoder["lockedNav"].",".$ICEcoder["visibleTabs"].",'".$ICEcoder["fontSize"]."',".$ICEcoder["lineWrapping"].",".$ICEcoder["indentWithTabs"].",".$ICEcoder["indentSize"].",".$refreshFM.");</script>";
|
|
}
|
|
|
|
// Establish our user level
|
|
if (!isset($_SESSION['loggedIn'])) {$_SESSION['loggedIn'] = false;};
|
|
if(isset($_POST['loginPassword']) && generateHash(strClean($_POST['loginPassword']),$ICEcoder["accountPassword"])==$ICEcoder["accountPassword"]) {$_SESSION['loggedIn'] = true; header('Location: ../');};
|
|
$_SESSION['loggedIn'] = $_SESSION['loggedIn'];
|
|
|
|
// Define the serverType, docRoot & iceRoot
|
|
$serverType = stristr($_SERVER['SERVER_SOFTWARE'], "win") ? "Windows" : "Linux";
|
|
$docRoot = rtrim(str_replace("\\","/",$_SERVER['DOCUMENT_ROOT']));
|
|
$iceRoot = rtrim(str_replace("\\","/",$ICEcoder["root"]));
|
|
if ($_SESSION['loggedIn']) {
|
|
echo "<script>top.docRoot='".$docRoot."';top.iceRoot='".$iceRoot."'</script>";
|
|
}
|
|
|
|
// Setup our file security vars
|
|
$settingsArray = array("findFilesExclude","bannedFiles","allowedIPs");
|
|
for ($i=0;$i<count($settingsArray);$i++) {
|
|
if (!isset($_SESSION[$settingsArray[$i]])) {$_SESSION[$settingsArray[$i]] = $ICEcoder[$settingsArray[$i]];}
|
|
}
|
|
|
|
// Determin our allowed IP addresses
|
|
$allowedIP = false;
|
|
for($i=0;$i<count($_SESSION['allowedIPs']);$i++) {
|
|
if ($_SESSION['allowedIPs'][$i]==$_SERVER["REMOTE_ADDR"]||$_SESSION['allowedIPs'][$i]=="*") {
|
|
$allowedIP = true;
|
|
}
|
|
}
|
|
// If user not allowed to view, boot to site root
|
|
if (!$allowedIP) {
|
|
echo '<script>top.window.location="/";</script>';
|
|
};
|
|
|
|
// Save the currently opened files for next time
|
|
if ($_SESSION['loggedIn'] && isset($_GET["saveFiles"]) && $_GET['saveFiles']) {
|
|
$settingsContents = file_get_contents($settingsFile);
|
|
|
|
// Replace our previousFiles var with the the current
|
|
$repPosStart = strpos($settingsContents,'previousFiles" => "')+20;
|
|
$repPosEnd = strpos($settingsContents,'",',$repPosStart)-$repPosStart;
|
|
if (!$demoMode) {
|
|
if ($_GET['saveFiles']!="CLEAR") {
|
|
$saveFiles=strClean($_GET['saveFiles']);
|
|
$saveFilesArray = explode(",",$saveFiles);
|
|
$saveFiles="";
|
|
for ($i=0;$i<count($saveFilesArray);$i++) {
|
|
$saveFilesArray[$i] = str_replace("/","|",$docRoot).$saveFilesArray[$i];
|
|
$saveFiles .= $saveFilesArray[$i].",";
|
|
}
|
|
$saveFiles = rtrim($saveFiles,",");
|
|
} else {
|
|
$saveFilesArray = array();
|
|
$saveFiles = "";
|
|
}
|
|
$settingsContents = substr($settingsContents,0,$repPosStart).$saveFiles.substr($settingsContents,($repPosStart+$repPosEnd),strlen($settingsContents));
|
|
// Now update the config file
|
|
if (is_writeable($settingsFile)) {
|
|
$fh = fopen($settingsFile, 'w');
|
|
fwrite($fh, $settingsContents);
|
|
fclose($fh);
|
|
} else {
|
|
echo "<script>top.ICEcoder.message('Cannot update config file. Please set public write permissions on lib/".$settingsFile." and try again');</script>";
|
|
}
|
|
|
|
// Update our last10Files var?
|
|
$last10FilesArray = explode(",",$ICEcoder["last10Files"]);
|
|
for ($i=0;$i<count($saveFilesArray);$i++) {
|
|
$inLast10Files = in_array($saveFilesArray[$i],$last10FilesArray);
|
|
if (!$inLast10Files && $saveFilesArray[$i] !="") {
|
|
$repPosStart = strpos($settingsContents,'last10Files" => "')+18;
|
|
$repPosEnd = strpos($settingsContents,'"',$repPosStart)-$repPosStart;
|
|
$commaExtra = $ICEcoder["last10Files"]!="" ? "," : "";
|
|
if (count($last10FilesArray)>=10) {$ICEcoder["last10Files"]=substr($ICEcoder["last10Files"],0,strrpos($ICEcoder["last10Files"],','));};
|
|
$settingsContents = substr($settingsContents,0,$repPosStart).$saveFilesArray[$i].$commaExtra.$ICEcoder["last10Files"].substr($settingsContents,($repPosStart+$repPosEnd),strlen($settingsContents));
|
|
// Now update the config file
|
|
if (is_writeable($settingsFile)) {
|
|
$fh = fopen($settingsFile, 'w');
|
|
fwrite($fh, $settingsContents);
|
|
fclose($fh);
|
|
} else {
|
|
echo "<script>top.ICEcoder.message('Cannot update config file. Please set public write permissions on lib/".$settingsFile." and try again');</script>";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
echo '<script>top.ICEcoder.serverMessage();top.ICEcoder.serverQueue("del",0);</script>';
|
|
}
|
|
|
|
// If we're updating, do/redo plugins
|
|
if ($_SESSION['loggedIn']) {
|
|
// If we're updating, we need to recreate the plugins array
|
|
if (isset($_POST["theme"]) && $_POST["theme"]) {
|
|
$ICEcoder["plugins"] = array();
|
|
$pluginsArray = explode("====================",str_replace("\"","",str_replace("\r","",str_replace("\n","",$_POST['plugins']))));
|
|
for ($i=0;$i<count($pluginsArray);$i++) {
|
|
array_push($ICEcoder["plugins"], explode(",",$pluginsArray[$i]));
|
|
}
|
|
}
|
|
|
|
// Work out the plugins to display to the user
|
|
$pluginsDisplay = "";
|
|
for ($i=0;$i<count($ICEcoder["plugins"]);$i++) {
|
|
$target = explode(":",$ICEcoder["plugins"][$i][4]);
|
|
$pluginsDisplay .= '<a href="'.$ICEcoder["plugins"][$i][3].'" title="'.$ICEcoder["plugins"][$i][0].'" target="'.$target[0].'"><img src="'.$ICEcoder["plugins"][$i][1].'" style="'.$ICEcoder["plugins"][$i][2].'" alt="'.$ICEcoder["plugins"][$i][0].'"></a>';
|
|
};
|
|
|
|
// If we're updating, replace the plugin display with our newly established one
|
|
echo "<script>if(top.document.getElementById('pluginsContainer')) {top.document.getElementById('pluginsContainer').innerHTML = '".$pluginsDisplay."'};</script>";
|
|
|
|
// Work out what plugins we'll need to set on a setInterval
|
|
$onLoadExtras = "";
|
|
for ($i=0;$i<count($ICEcoder["plugins"]);$i++) {
|
|
if ($ICEcoder["plugins"][$i][5]!="") {
|
|
$onLoadExtras .= ";top.ICEcoder.startPluginIntervals(".$i.",'".$ICEcoder["plugins"][$i][3]."','".$ICEcoder["plugins"][$i][4]."','".$ICEcoder["plugins"][$i][5]."')";
|
|
};
|
|
};
|
|
|
|
// If we're updating our settings, clear existing setIntervals & the array refs, then start new ones
|
|
if (isset($_POST["theme"]) && $_POST["theme"]) {
|
|
?>
|
|
<script>
|
|
for (i=0;i<=top.ICEcoder.pluginIntervalRefs.length-1;i++) {
|
|
clearInterval(top.ICEcoder['plugTimer'+top.ICEcoder.pluginIntervalRefs[i]]);
|
|
}
|
|
top.ICEcoder.pluginIntervalRefs = [];
|
|
<?php echo $onLoadExtras.PHP_EOL; ?>
|
|
</script>
|
|
<?php
|
|
}
|
|
|
|
// Finally, show server data
|
|
$onLoadExtras .= ";top.ICEcoder.content.style.visibility='visible'";
|
|
}
|
|
|
|
if ((!$_SESSION['loggedIn'] || $ICEcoder["accountPassword"] == "") && !strpos($_SERVER['SCRIPT_NAME'],"lib/settings.php")) {
|
|
header('Location: lib/settings.php');
|
|
// If we're due to show the settings screen
|
|
} elseif (!$_SESSION['loggedIn']) {
|
|
// If the password hasn't been set and we're setting it
|
|
if ($ICEcoder["accountPassword"] == "" && isset($_POST['accountPassword'])) {
|
|
$password = generateHash(strClean($_POST['accountPassword']));
|
|
$settingsFile = $settingsFile;
|
|
$settingsContents = file_get_contents($settingsFile);
|
|
// Replace our empty password with the one submitted by user
|
|
$settingsContents = str_replace('"accountPassword" => "",','"accountPassword" => "'.$password.'",',$settingsContents);
|
|
// Also set the update checker preference
|
|
$checkUpdates = $_POST['checkUpdates']=="true" ? "true" : "false";
|
|
// once to cover the true setting, once to cover false
|
|
$settingsContents = str_replace('"checkUpdates" => true,','"checkUpdates" => '.$checkUpdates.',',$settingsContents);
|
|
$settingsContents = str_replace('"checkUpdates" => false,','"checkUpdates" => '.$checkUpdates.',',$settingsContents);
|
|
// Now update the config file
|
|
$fh = fopen($settingsFile, 'w') or die("Can't update config file. Please set public write permissions on ".$settingsFile." and press refresh");
|
|
fwrite($fh, $settingsContents);
|
|
fclose($fh);
|
|
// Set the session user level
|
|
$_SESSION['loggedIn'] = true;
|
|
// Finally, load again as now this file has changed and auto login
|
|
header('Location: ../');
|
|
}
|
|
?>
|
|
<!DOCTYPE html>
|
|
|
|
<html>
|
|
<head>
|
|
<title>ICEcoder <?php
|
|
echo $ICEcoder["versionNo"]." : ";
|
|
echo $ICEcoder["accountPassword"] == "" ? "Setup" : "Login";
|
|
?></title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<meta name="robots" content="noindex, nofollow">
|
|
<link rel="stylesheet" type="text/css" href="ice-coder.css">
|
|
<link rel="icon" type="image/png" href="../favicon.png">
|
|
</head>
|
|
|
|
<body onLoad="document.settingsUpdate.<?php echo $ICEcoder["accountPassword"] == "" ? "account" : "login"; ?>Password.focus()">
|
|
|
|
<div class="screenContainer" style="background-color: #141414">
|
|
<div class="screenVCenter">
|
|
<div class="screenCenter">
|
|
<img src="../images/ice-coder.png">
|
|
<div class="version">v <?php echo $ICEcoder["versionNo"];?></div>
|
|
<form name="settingsUpdate" action="settings.php" method="POST">
|
|
<input type="password" name="<?php echo $ICEcoder["accountPassword"] == "" ? "account" : "login"; ?>Password" class="accountPassword"><br><br>
|
|
<input type="submit" name="submit" value="<?php echo $ICEcoder["accountPassword"] == "" ? "set password" : "login"; ?>" class="button">
|
|
<?php
|
|
if ($ICEcoder["accountPassword"] == "") {
|
|
echo '<div class="text"><input type="checkbox" name="checkUpdates" value="true" checked> auto-check for updates</div>';
|
|
}
|
|
?>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
<?php
|
|
} elseif ($_SESSION['loggedIn'] && $ICEcoder["accountPassword"]=="") {
|
|
header("Location: ../?logout");
|
|
}
|
|
?>
|