<?php
/**
* @package Dotclear
* @subpackage Backend
*
* @copyright Olivier Meunier & Association Dotclear
* @copyright GPL-2.0-only
*/
define('DC_CONTEXT_ADMIN', true);
define('DC_ADMIN_CONTEXT', true); // For dyslexic devs ;-)
require_once __DIR__ . '/../prepend.php';
// HTTP/1.1
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
// HTTP/1.0
header('Pragma: no-cache');
if (defined('DC_AUTH_SESS_ID') && defined('DC_AUTH_SESS_UID')) {
# We have session information in constants
$_COOKIE[DC_SESSION_NAME] = DC_AUTH_SESS_ID;
if (!$core->auth->checkSession(DC_AUTH_SESS_UID)) {
throw new Exception('Invalid session data.');
}
# Check nonce from POST requests
if (!empty($_POST)) {
if (empty($_POST['xd_check']) || !$core->checkNonce($_POST['xd_check'])) {
throw new Exception('Precondition Failed.');
}
}
if (empty($_SESSION['sess_blog_id'])) {
throw new Exception('Permission denied.');
}
# Loading locales
dcAdminHelper::loadLocales($_lang);
$core->setBlog($_SESSION['sess_blog_id']);
if (!$core->blog->id) {
throw new Exception('Permission denied.');
}
} elseif ($core->auth->sessionExists()) {
# If we have a session we launch it now
try {
if (!$core->auth->checkSession()) {
# Avoid loop caused by old cookie
$p = $core->session->getCookieParameters(false, -600);
$p[3] = '/';
call_user_func_array('setcookie', $p);
http::redirect('auth.php');
}
} catch (Exception $e) {
__error(__('Database error'), __('There seems to be no Session table in your database. Is Dotclear completly installed?'), 20);
}
# Check nonce from POST requests
if (!empty($_POST)) {
if (empty($_POST['xd_check']) || !$core->checkNonce($_POST['xd_check'])) {
http::head(412);
header('Content-Type: text/plain');
echo 'Precondition Failed';
exit;
}
}
if (!empty($_REQUEST['switchblog'])
&& $core->auth->getPermissions($_REQUEST['switchblog']) !== false) {
$_SESSION['sess_blog_id'] = $_REQUEST['switchblog'];
if (isset($_SESSION['media_manager_dir'])) {
unset($_SESSION['media_manager_dir']);
}
if (isset($_SESSION['media_manager_page'])) {
unset($_SESSION['media_manager_page']);
}
if (!empty($_REQUEST['redir'])) {
# Keep context as far as possible
$redir = $_REQUEST['redir'];
} else {
# Removing switchblog from URL
$redir = $_SERVER['REQUEST_URI'];
$redir = preg_replace('/switchblog=(.*?)(&|$)/', '', $redir);
$redir = preg_replace('/\?$/', '', $redir);
}
http::redirect($redir);
exit;
}
# Check blog to use and log out if no result
if (isset($_SESSION['sess_blog_id'])) {
if ($core->auth->getPermissions($_SESSION['sess_blog_id']) === false) {
unset($_SESSION['sess_blog_id']);
}
} else {
if (($b = $core->auth->findUserBlog($core->auth->getInfo('user_default_blog'))) !== false) {
$_SESSION['sess_blog_id'] = $b;
unset($b);
}
}
# Loading locales
dcAdminHelper::loadLocales($_lang);
if (isset($_SESSION['sess_blog_id'])) {
$core->setBlog($_SESSION['sess_blog_id']);
} else {
$core->session->destroy();
http::redirect('auth.php');
}
}
$core->adminurl = new dcAdminURL($core);
$core->adminurl->register('admin.posts', 'posts.php');
$core->adminurl->register('admin.popup_posts', 'popup_posts.php');
$core->adminurl->register('admin.post', 'post.php');
$core->adminurl->register('admin.post.media', 'post_media.php');
$core->adminurl->register('admin.blog.theme', 'blog_theme.php');
$core->adminurl->register('admin.blog.pref', 'blog_pref.php');
$core->adminurl->register('admin.blog.del', 'blog_del.php');
$core->adminurl->register('admin.blog', 'blog.php');
$core->adminurl->register('admin.blogs', 'blogs.php');
$core->adminurl->register('admin.categories', 'categories.php');
$core->adminurl->register('admin.category', 'category.php');
$core->adminurl->register('admin.comments', 'comments.php');
$core->adminurl->register('admin.comment', 'comment.php');
$core->adminurl->register('admin.help', 'help.php');
$core->adminurl->register('admin.home', 'index.php');
$core->adminurl->register('admin.langs', 'langs.php');
$core->adminurl->register('admin.media', 'media.php');
$core->adminurl->register('admin.media.item', 'media_item.php');
$core->adminurl->register('admin.plugins', 'plugins.php');
$core->adminurl->register('admin.plugin', 'plugin.php');
$core->adminurl->register('admin.search', 'search.php');
$core->adminurl->register('admin.user.preferences', 'preferences.php');
$core->adminurl->register('admin.user', 'user.php');
$core->adminurl->register('admin.user.actions', 'users_actions.php');
$core->adminurl->register('admin.users', 'users.php');
$core->adminurl->register('admin.auth', 'auth.php');
$core->adminurl->register('admin.help', 'help.php');
$core->adminurl->register('admin.update', 'update.php');
$core->adminurl->registercopy('load.plugin.file', 'admin.home', ['pf' => 'dummy.css']);
$core->adminurl->registercopy('load.var.file', 'admin.home', ['vf' => 'dummy.json']);
if ($core->auth->userID() && $core->blog !== null) {
# Loading resources and help files
$locales_root = __DIR__ . '/../../locales/';
require $locales_root . '/en/resources.php';
if (($f = l10n::getFilePath($locales_root, 'resources.php', $_lang))) {
require $f;
}
unset($f);
if (($hfiles = @scandir($locales_root . $_lang . '/help')) !== false) {
foreach ($hfiles as $hfile) {
if (preg_match('/^(.*)\.html$/', $hfile, $m)) {
$GLOBALS['__resources']['help'][$m[1]] = $locales_root . $_lang . '/help/' . $hfile;
}
}
}
unset($hfiles, $locales_root);
// Contextual help flag
$GLOBALS['__resources']['ctxhelp'] = false;
$core->auth->user_prefs->addWorkspace('interface');
$user_ui_nofavmenu = $core->auth->user_prefs->interface->nofavmenu;
$core->notices = new dcNotices($core);
$core->favs = new dcFavorites($core);
# [] : Title, URL, small icon, large icon, permissions, id, class
# NB : '*' in permissions means any, null means super admin only
# Menus creation
$_menu = new ArrayObject();
$_menu['Dashboard'] = new dcMenu('dashboard-menu', '');
if (!$user_ui_nofavmenu) {
$core->favs->appendMenuTitle($_menu);
}
$_menu['Blog'] = new dcMenu('blog-menu', 'Blog');
$_menu['System'] = new dcMenu('system-menu', 'System');
$_menu['Plugins'] = new dcMenu('plugins-menu', 'Plugins');
# Loading plugins
$core->plugins->loadModules(DC_PLUGINS_ROOT, 'admin', $_lang);
$core->favs->setup();
if (!$user_ui_nofavmenu) {
$core->favs->appendMenu($_menu);
}
# Set menu titles
$_menu['System']->title = __('System settings');
$_menu['Blog']->title = __('Blog');
$_menu['Plugins']->title = __('Plugins');
dcAdminHelper::addMenuItem(
'Blog',
__('Blog appearance'),
'admin.blog.theme',
['images/menu/themes.svg', 'images/menu/themes-dark.svg'],
$core->auth->check('admin', $core->blog->id)
);
dcAdminHelper::addMenuItem(
'Blog',
__('Blog settings'),
'admin.blog.pref',
['images/menu/blog-pref.svg', 'images/menu/blog-pref-dark.svg'],
$core->auth->check('admin', $core->blog->id)
);
dcAdminHelper::addMenuItem(
'Blog',
__('Media manager'),
'admin.media',
['images/menu/media.svg', 'images/menu/media-dark.svg'],
$core->auth->check('media,media_admin', $core->blog->id)
);
dcAdminHelper::addMenuItem(
'Blog',
__('Categories'),
'admin.categories',
['images/menu/categories.svg', 'images/menu/categories-dark.svg'],
$core->auth->check('categories', $core->blog->id)
);
dcAdminHelper::addMenuItem(
'Blog',
__('Search'),
'admin.search',
['images/menu/search.svg','images/menu/search-dark.svg'],
$core->auth->check('usage,contentadmin', $core->blog->id)
);
dcAdminHelper::addMenuItem(
'Blog',
__('Comments'),
'admin.comments',
['images/menu/comments.svg', 'images/menu/comments-dark.svg'],
$core->auth->check('usage,contentadmin', $core->blog->id)
);
dcAdminHelper::addMenuItem(
'Blog',
__('Posts'),
'admin.posts',
['images/menu/entries.svg', 'images/menu/entries-dark.svg'],
$core->auth->check('usage,contentadmin', $core->blog->id)
);
dcAdminHelper::addMenuItem(
'Blog',
__('New post'),
'admin.post',
['images/menu/edit.svg', 'images/menu/edit-dark.svg'],
$core->auth->check('usage,contentadmin', $core->blog->id),
true,
true
);
dcAdminHelper::addMenuItem(
'System',
__('Update'),
'admin.update',
['images/menu/update.svg', 'images/menu/update-dark.svg'],
$core->auth->isSuperAdmin() && is_readable(DC_DIGESTS)
);
dcAdminHelper::addMenuItem(
'System',
__('Languages'),
'admin.langs',
['images/menu/langs.svg', 'images/menu/langs-dark.svg'],
$core->auth->isSuperAdmin()
);
dcAdminHelper::addMenuItem(
'System',
__('Plugins management'),
'admin.plugins',
['images/menu/plugins.svg', 'images/menu/plugins-dark.svg'],
$core->auth->isSuperAdmin()
);
dcAdminHelper::addMenuItem(
'System',
__('Users'),
'admin.users',
'images/menu/users.svg',
$core->auth->isSuperAdmin()
);
dcAdminHelper::addMenuItem(
'System',
__('Blogs'),
'admin.blogs',
['images/menu/blogs.svg', 'images/menu/blogs-dark.svg'],
$core->auth->isSuperAdmin() || $core->auth->check('usage,contentadmin', $core->blog->id) && $core->auth->getBlogCount() > 1
);
if (empty($core->blog->settings->system->jquery_migrate_mute)) {
$core->blog->settings->system->put('jquery_migrate_mute', true, 'boolean', 'Mute warnings for jquery migrate plugin ?', false);
}
if (empty($core->blog->settings->system->jquery_allow_old_version)) {
$core->blog->settings->system->put('jquery_allow_old_version', false, 'boolean', 'Allow older version of jQuery', false, true);
}
# Ensure theme's settings namespace exists
$core->blog->settings->addNamespace('themes');
# Admin behaviors
$core->addBehavior('adminPopupPosts', ['dcAdminBlogPref', 'adminPopupPosts']);
}