1<?php 2/* 3+ ----------------------------------------------------------------------------+ 4| e107 website system 5| 6| Copyright (C) 2008-2009 e107 Inc 7| http://e107.org/ 8| 9| Standalone page aimed to reset core preferences 10| 11| Released under the terms and conditions of the 12| GNU General Public License (http://gnu.org). 13| 14| $Source: /cvs_backup/e107_0.8/e107_files/utilities/resetcore.php,v $ 15| $Revision$ 16| $Date$ 17| $Author$ 18+----------------------------------------------------------------------------+ 19*/ 20 21 22/* 23@TODO: Needs detailed review/fixing: 24 - Handle XML-based default prefs 25 - Review existing definitions of constants 26 - Define new constants (e_CORE, etc) properly 27*/ 28 29/* #################################################### 30 31 32To use this file, you must edit the following line, removing the // so it reads: 33define("ACTIVE", true); 34If you don't, the script will not be usable. 35 36When you have finished with resetcore you should swap true for false so it can't be used by 37people it shouldn't be used by. 38 39*/ 40 41define('ACTIVE', false); 42//define('ACTIVE', TRUE); 43 44 45/* #################################################### */ 46 47 48 49if(ACTIVE !== true) 50{ 51 echo "<span class='headertext2'>Currently disabled. To enable please open this file in a text editor and follow the instructions to activate.</span>"; 52 exit; 53} 54 55$register_globals = true; 56if(function_exists('ini_get')) 57{ 58 $register_globals = ini_get('register_globals'); 59} 60if($register_globals == true) 61{ 62 while (list($global) = each($GLOBALS)) 63 { 64 if (!preg_match('/^(_POST|_GET|_COOKIE|_SERVER|_FILES|GLOBALS|HTTP.*|_REQUEST|eTimingStart)$/', $global)) 65 { 66 unset($$global); 67 } 68 } 69 unset($global); 70} 71 72 73// build e_CACHE and other constants from e107_config.php - resetcore.php is a stand alone page 74$siteRoot = realpath(dirname(__FILE__).'./../../').'/'; 75require_once($siteRoot.'e107_config.php'); 76if (!isset($mySQLdefaultdb)) return FALSE; 77if (!isset($mySQLprefix)) return FALSE; 78 79$hash = substr(md5($mySQLdefaultdb.".".$mySQLprefix),0,10); 80 81 82mysql_connect($mySQLserver, $mySQLuser, $mySQLpassword); 83mysql_select_db($mySQLdefaultdb); 84define("MAGIC_QUOTES_GPC", (ini_get('magic_quotes_gpc') ? TRUE : FALSE)); 85 86define('e_CACHE', $siteRoot.$SYSTEM_DIRECTORY.$hash.'/cache/'); 87define('e_CORE', $siteRoot.'core/'); // @TODO: Allow for override 88 89define('e107_INIT', TRUE); 90 91 92require_once('../../'.$HANDLERS_DIRECTORY.'core_functions.php'); 93$eArrayStorage = new e_array(); 94 95?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> 96<html xmlns="http://www.w3.org/1999/xhtml"> 97<head> 98<title>e107 resetcore</title> 99<link rel="stylesheet" href="style.css" /> 100<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 101<meta http-equiv="content-style-type" content="text/css" /> 102</head> 103<body> 104<div class='mainbox'> 105<a href="http://e107.org"><img src="../../<?php echo($IMAGES_DIRECTORY); ?>logo_template_large.png" alt="Logo" style="border: 0px; vertical-align: middle;" /></a> <span class='headertext'>e107 Reset Core Utility</span> 106<br /> 107<br /> 108<br /> 109<br /> 110<?php 111 112 113if (isset($_POST['usubmit'])) 114{ 115 if (($row = e_verify()) !== FALSE) 116 { 117 extract($row); 118 119 $result = mysql_query("SELECT * FROM ".$mySQLprefix."core WHERE e107_name='pref_backup' "); 120 $bu_exist = ($row = mysql_fetch_array($result) ? TRUE : FALSE); 121 122 $admin_directory = "e107_admin"; 123 124// <input type='radio' name='mode' value='1' /> <span class='headertext2'>Manually edit core values</span><br /> 125 126 echo "<span class='headertext2'><b>Please select which method you want to use, then click the button to proceed ...</b></span><br /><br /><br /><br /> 127 <table style='width: auto; margin-left:auto; margin-right: auto;'> 128 <tr> 129 <td> 130 <form method='post' action='".$_SERVER['PHP_SELF']."'> 131 <input type='radio' name='mode' value='2' /> <span class='headertext2'>Reset core to default values</span><br />". ($bu_exist ? "<input type='radio' name='mode' value='3' /> <span class='headertext2'>Restore core backup</span>" : "<br />( There is no backed-up core - unable to offer option to restore backup )")."<br /><br /><input class='btn button' type='submit' name='reset_core_sub' value='Select method then click here to continue' /> 132 133 <input type='hidden' name='a_name' value='".$_POST['a_name']."' /> 134 <input type='hidden' name='a_password' value='".$_POST['a_password']."' /> 135 136 </form> 137 </td> 138 </tr> 139 </table> 140 "; 141 142 $END = TRUE; 143 } else { 144 $message = "<b>Administrator not found in database / incorrect password / insufficient permissions - aborting.</b><br />"; 145 $END = TRUE; 146 } 147} 148 149 150if (isset($_POST['reset_core_sub']) && $_POST['mode'] == 2) 151{ 152 if (($at = e_verify()) === FALSE) 153 { 154 exit; 155 } 156 157 $tmpr = substr(str_replace($_SERVER['DOCUMENT_ROOT'], "", $_SERVER['SCRIPT_FILENAME']), 1); 158 $root = "/".substr($tmpr, 0, strpos($tmpr, "/"))."/"; 159 $e_HTTP = $root; 160 $admin_directory = "e107_admin"; 161 $url_prefix = substr($_SERVER['PHP_SELF'], strlen($e_HTTP), strrpos($_SERVER['PHP_SELF'], "/")+1-strlen($e_HTTP)); 162 $num_levels = substr_count($url_prefix, "/"); 163 $link_prefix = ''; 164 for($i = 1; $i <= $num_levels; $i++) { 165 $link_prefix .= "../"; 166 } 167 168 define("e_ADMIN", $e_HTTP.$admin_directory."/"); 169 define("e_SELF", "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); 170 define("e_QUERY", preg_replace("#&|/?PHPSESSID.*#i", "", $_SERVER['QUERY_STRING'])); 171 define('e_BASE', $link_prefix); 172 $e_path = (!strpos($_SERVER['SCRIPT_FILENAME'], ".php") ? $_SERVER['PATH_TRANSLATED'] : $_SERVER['SCRIPT_FILENAME']); 173 define("e_PATH", $e_path); 174 175 176 $pref_language = "English"; 177 include_once("../../".$LANGUAGES_DIRECTORY.'English/lan_prefs.php'); 178 require_once(e_CORE.'def_e107_prefs.php'); 179 180 $PrefOutput = $eArrayStorage->WriteArray($pref); 181 182 mysql_query("DELETE FROM ".$mySQLprefix."core WHERE e107_name='SitePrefs' OR e107_name='SitePrefs_Backup'"); 183 if (!mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs', '{$PrefOutput}')")) 184 { 185 $message = "Rebuild failed ..."; 186 $END = TRUE; 187 } 188 else 189 { 190 mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs_Backup', '{$PrefOutput}')"); 191 $message = "Core reset. <br /><br /><a href='../../index.php'>Click here to continue</a>"; 192 $END = TRUE; 193 } 194} 195 196 197 198function recurse_pref($ppost) 199{ 200 $search = array("\"", "'", "\\", '\"', "\'", "$", "?"); 201 $replace = array(""", "'", "\", """, "'", "$", "©"); 202 foreach ($ppost as $key => $value) { 203 if(!is_array($value)){ 204 $ret[$key] = str_replace($search, $replace, $text); 205 } else { 206 $ret[$key] = recurse_pref($value); 207 } 208 } 209 return $ret; 210} 211 212if (isset($_POST['coreedit_sub'])) 213{ 214 if (($at = e_verify()) === FALSE) { 215 exit; 216 } 217 218 $pref = recurse_pref($_POST); 219 220 $PrefOutput = $eArrayStorage->WriteArray($pref); 221 222 mysql_query("DELETE FROM ".$mySQLprefix."core WHERE e107_name='SitePrefs' OR e107_name='SitePrefs_Backup'"); 223 mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs', '{$PrefOutput}')"); 224 mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs_Backup', '{$PrefOutput}')"); 225 226 $message = "Core settings successfully updated. <br /><br /><a href='../../index.php'>Click here to continue</a>"; 227 $END = TRUE; 228} 229 230if (isset($_POST['reset_core_sub']) && $_POST['mode'] == 3) { 231 if (($at = e_verify()) === FALSE) { 232 exit; 233 } 234 235 $result = mysql_query("SELECT * FROM ".$mySQLprefix."core WHERE e107_name='pref_backup'"); 236 $row = mysql_fetch_array($result); 237 238 $pref = unserialize(base64_decode($row['e107_value'])); 239 240 $PrefOutput = $eArrayStorage->WriteArray($pref); 241 242 mysql_query("DELETE FROM ".$mySQLprefix."core WHERE `e107_name` = 'SitePrefs' OR `e107_name` = 'SitePrefs_Backup'"); 243 mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs', '{$PrefOutput}')"); 244 mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs_Backup', '{$PrefOutput}')"); 245 246 $message = "Core backup successfully restored. <br /><br /><a href='../../index.php'>Click here to continue</a>"; 247 $END = TRUE; 248} 249 250 251if (isset($_POST['reset_core_sub']) && $_POST['mode'] == 1) 252{ 253 if (($at = e_verify()) === FALSE) { 254 exit; 255 } 256 257 $result = @mysql_query("SELECT * FROM ".$mySQLprefix."core WHERE e107_name='SitePrefs'"); 258 $row = @mysql_fetch_array($result); 259 260 $pref = $eArrayStorage->ReadArray($row['e107_value']); 261 262 echo " 263 <span class='headertext2'><b>Edit your individual core items and click the button to save - <span class='headertext'>use this script with caution</span>.</b></span><br /><br /> 264 <form method='post' action='".$_SERVER['PHP_SELF']."'> 265 <table style='width:95%'>\n"; 266 267 while (list($key, $prefr) = each($pref)) { 268 if (is_array($prefr)) { 269 foreach ($prefr as $akey => $apref) { 270 echo "<tr><td class='headertext2' style='width:50%; text-align:right;'>{$key}[{$akey}] </td> 271 <td style='width:50%'><input type='text' name='{$key}[{$akey}]' value='{$apref}' size='50' maxlength='100' /></td></tr>\n"; 272 273 } 274 } else { 275 echo "<tr><td class='headertext2' style='width:50%; text-align:right;'>{$key} </td> 276 <td style='width:50%'><input type='text' name='{$key}' value='{$prefr}' size='50' maxlength='100' /></td></tr>\n"; 277 } 278 } 279 echo " 280 <tr> 281 <td colspan='2' style='text-align:center'><br /><input class='btn btn-default btn-secondary button' type='submit' name='coreedit_sub' value='Save Core Settings' /></td> 282 </tr> 283 </table> 284 <input type='hidden' name='a_name' value='".$_POST['a_name']."' /> 285 <input type='hidden' name='a_password' value='".preg_replace("/\W/", '', $_POST['a_password'])."' /> 286 </form>"; 287 $END = TRUE; 288} 289 290if (isset($message)) { 291 echo "<br /><br /><div style='text-align:center'><span class='headertext2'>{$message}</span></div><br />"; 292} 293 294if (isset($END)) { 295 echo "<br /></div></body></html>"; 296 exit; 297} 298 299echo "<span class='headertext2'> 300 This is the e107 resetcore utility. It allows you to completely rebuild your core if it becomes corrupt, or to restore a backup. <br />It won't affect your actual content (news posts, forum posts, articles etc).<br /> 301 <b>Only run this utility if your site is failing to load due to a critical core error, or if you need to change a setting and can't log into your admin area.</b></span><br /><br /><br /><br /> 302 303 <span class='headertext'>Please enter your main administrator username and password to continue ...</span><br /><br /> 304 <form method='post' action='".$_SERVER['PHP_SELF']."'> 305 <table style='width:95%'> 306 <tr> 307 <td style='width:50%; text-align:right;' class='mediumtext'>Main administrator name:</td> 308 <td style='width:50%'> 309 <input class='tbox' type='text' name='a_name' size='30' value='' maxlength='100' /> 310 </td> 311 </tr> 312 <tr> 313 <td style='width:50%; text-align:right;' class='mediumtext'>Main administrator Password:</td> 314 <td style='width:50%'> 315 <input class='tbox' type='password' name='a_password' size='30' value='' maxlength='100' /> 316 </td> 317 </tr> 318 <tr> 319 <td colspan='2' style='text-align:center'> 320 <br /> 321 <input class='btn btn-default btn-secondary button' type='submit' name='usubmit' value='Continue' /> 322 </td> 323 </tr> 324 </table> 325 <br /> 326 </div> 327 </body> 328 </html>"; 329 330 331/** 332 * Verify main admin data 333 */ 334function e_verify() { 335 global $mySQLprefix; 336 if (ACTIVE !== TRUE) 337 { 338 exit(); 339 } 340 if (MAGIC_QUOTES_GPC == FALSE) 341 { 342 $a_name = addslashes($_POST['a_name']); 343 } 344 else 345 { 346 $a_name = $_POST['a_name']; 347 } 348 349 $a_name = str_replace('/*', '', $a_name); 350 351 $result = mysql_query("SELECT * FROM ".$mySQLprefix."user WHERE user_name='".$a_name."'"); 352 $row = mysql_fetch_array($result); 353 354 // @TODO: Will need to handle other password encodings as well 355 if (($row['user_password'] === md5($_POST['a_password'])) && ($row['user_perms'] === '0') && (ACTIVE === TRUE)) 356 { 357 clear_cache(); 358 return $row; 359 } 360 else 361 { 362 return FALSE; 363 } 364} 365 366 367 368 369/** 370 * Clear all cache files 371 */ 372function clear_cache() 373{ 374 // $dir = "../cache/"; 375 $dir = e_CACHE; 376 $pattern = "*.cache.php"; 377 $deleted = false; 378 $pattern = str_replace(array("\*", "\?"), array(".*", "."), preg_quote($pattern)); 379 if (substr($dir, -1) != "/") { 380 $dir .= "/"; 381 } 382 if (is_dir($dir)) { 383 $d = opendir($dir); 384 while ($file = readdir($d)) { 385 if (is_file($dir.$file) && preg_match("/^{$pattern}$/", $file)) { 386 if (unlink($dir.$file)) { 387 $deleted[] = $file; 388 } 389 } 390 } 391 closedir($d); 392 return true; 393 } else { 394 return false; 395 } 396} 397 398?>