1<?php
2/*
3+ ----------------------------------------------------------------------------+
4|     e107 website system
5|
6|     Copyright (C) 2008-2009 e107 Inc
7|     http://e107.org/
8|
9|     Standalone page aimed to reset core preferences
10|
11|     Released under the terms and conditions of the
12|     GNU General Public License (http://gnu.org).
13|
14|     $Source: /cvs_backup/e107_0.8/e107_files/utilities/resetcore.php,v $
15|     $Revision$
16|     $Date$
17|     $Author$
18+----------------------------------------------------------------------------+
19*/
20
21
22/*
23@TODO: Needs detailed review/fixing:
24	- Handle XML-based default prefs
25	- Review existing definitions of constants
26	- Define new constants (e_CORE, etc) properly
27*/
28
29/* ####################################################
30
31
32To use this file, you must edit the following line, removing the // so it reads:
33define("ACTIVE", true);
34If you don't, the script will not be usable.
35
36When you have finished with resetcore you should swap true for false so it can't be used by
37people it shouldn't be used by.
38
39*/
40
41define('ACTIVE', false);
42//define('ACTIVE', TRUE);
43
44
45/* #################################################### */
46
47
48
49if(ACTIVE !== true)
50{
51	echo "<span class='headertext2'>Currently disabled. To enable please open this file in a text editor and follow the instructions to activate.</span>";
52	exit;
53}
54
55$register_globals = true;
56if(function_exists('ini_get'))
57{
58	$register_globals = ini_get('register_globals');
59}
60if($register_globals == true)
61{
62	while (list($global) = each($GLOBALS))
63	{
64		if (!preg_match('/^(_POST|_GET|_COOKIE|_SERVER|_FILES|GLOBALS|HTTP.*|_REQUEST|eTimingStart)$/', $global))
65		{
66			unset($$global);
67		}
68	}
69	unset($global);
70}
71
72
73// build e_CACHE and other constants from e107_config.php - resetcore.php is a stand alone page
74$siteRoot = realpath(dirname(__FILE__).'./../../').'/';
75require_once($siteRoot.'e107_config.php');
76if (!isset($mySQLdefaultdb)) return FALSE;
77if (!isset($mySQLprefix)) return FALSE;
78
79$hash = substr(md5($mySQLdefaultdb.".".$mySQLprefix),0,10);
80
81
82mysql_connect($mySQLserver, $mySQLuser, $mySQLpassword);
83mysql_select_db($mySQLdefaultdb);
84define("MAGIC_QUOTES_GPC", (ini_get('magic_quotes_gpc') ? TRUE : FALSE));
85
86define('e_CACHE', $siteRoot.$SYSTEM_DIRECTORY.$hash.'/cache/');
87define('e_CORE', $siteRoot.'core/');				// @TODO: Allow for override
88
89define('e107_INIT', TRUE);
90
91
92require_once('../../'.$HANDLERS_DIRECTORY.'core_functions.php');
93$eArrayStorage = new e_array();
94
95?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
96<html xmlns="http://www.w3.org/1999/xhtml">
97<head>
98<title>e107 resetcore</title>
99<link rel="stylesheet" href="style.css" />
100<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
101<meta http-equiv="content-style-type" content="text/css" />
102</head>
103<body>
104<div class='mainbox'>
105<a href="http://e107.org"><img src="../../<?php echo($IMAGES_DIRECTORY); ?>logo_template_large.png" alt="Logo" style="border: 0px; vertical-align: middle;" /></a> <span class='headertext'>e107 Reset Core Utility</span>
106<br />
107<br />
108<br />
109<br />
110<?php
111
112
113if (isset($_POST['usubmit']))
114{
115	if (($row = e_verify()) !== FALSE)
116	{
117		extract($row);
118
119		$result = mysql_query("SELECT * FROM ".$mySQLprefix."core WHERE e107_name='pref_backup' ");
120		$bu_exist = ($row = mysql_fetch_array($result) ? TRUE : FALSE);
121
122		$admin_directory = "e107_admin";
123
124//			<input type='radio' name='mode' value='1' /> <span class='headertext2'>Manually edit core values</span><br />
125
126		echo "<span class='headertext2'><b>Please select which method you want to use, then click the button to proceed ...</b></span><br /><br /><br /><br />
127			<table style='width: auto; margin-left:auto; margin-right: auto;'>
128			<tr>
129			<td>
130			<form method='post' action='".$_SERVER['PHP_SELF']."'>
131			<input type='radio' name='mode' value='2' /> <span class='headertext2'>Reset core to default values</span><br />". ($bu_exist ? "<input type='radio' name='mode' value='3' /> <span class='headertext2'>Restore core backup</span>" : "<br />( There is no backed-up core - unable to offer option to restore backup )")."<br /><br /><input class='btn button' type='submit' name='reset_core_sub' value='Select method then click here to continue' />
132
133			<input type='hidden' name='a_name' value='".$_POST['a_name']."' />
134			<input type='hidden' name='a_password' value='".$_POST['a_password']."' />
135
136			</form>
137			</td>
138			</tr>
139			</table>
140			";
141
142		$END = TRUE;
143	} else {
144		$message = "<b>Administrator not found in database / incorrect password / insufficient permissions - aborting.</b><br />";
145		$END = TRUE;
146	}
147}
148
149
150if (isset($_POST['reset_core_sub']) && $_POST['mode'] == 2)
151{
152	if (($at = e_verify()) === FALSE)
153	{
154		exit;
155	}
156
157	$tmpr = substr(str_replace($_SERVER['DOCUMENT_ROOT'], "", $_SERVER['SCRIPT_FILENAME']), 1);
158	$root = "/".substr($tmpr, 0, strpos($tmpr, "/"))."/";
159	$e_HTTP = $root;
160	$admin_directory = "e107_admin";
161	$url_prefix = substr($_SERVER['PHP_SELF'], strlen($e_HTTP), strrpos($_SERVER['PHP_SELF'], "/")+1-strlen($e_HTTP));
162	$num_levels = substr_count($url_prefix, "/");
163	$link_prefix = '';
164	for($i = 1; $i <= $num_levels; $i++) {
165		$link_prefix .= "../";
166	}
167
168	define("e_ADMIN", $e_HTTP.$admin_directory."/");
169	define("e_SELF", "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
170	define("e_QUERY", preg_replace("#&|/?PHPSESSID.*#i", "", $_SERVER['QUERY_STRING']));
171	define('e_BASE', $link_prefix);
172	$e_path = (!strpos($_SERVER['SCRIPT_FILENAME'], ".php") ? $_SERVER['PATH_TRANSLATED'] : $_SERVER['SCRIPT_FILENAME']);
173	define("e_PATH", $e_path);
174
175
176	$pref_language = "English";
177	include_once("../../".$LANGUAGES_DIRECTORY.'English/lan_prefs.php');
178	require_once(e_CORE.'def_e107_prefs.php');
179
180	$PrefOutput = $eArrayStorage->WriteArray($pref);
181
182	mysql_query("DELETE FROM ".$mySQLprefix."core WHERE e107_name='SitePrefs' OR e107_name='SitePrefs_Backup'");
183	if (!mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs', '{$PrefOutput}')"))
184	{
185		$message = "Rebuild failed ...";
186		$END = TRUE;
187	}
188	else
189	{
190		mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs_Backup', '{$PrefOutput}')");
191		$message = "Core reset. <br /><br /><a href='../../index.php'>Click here to continue</a>";
192		$END = TRUE;
193	}
194}
195
196
197
198function recurse_pref($ppost)
199{
200	$search = array("\"", "'", "\\", '\"', "\'", "$", "?");
201	$replace = array("&quot;", "&#39;", "&#92;", "&quot;", "&#39;", "&#036;", "&copy;");
202	foreach ($ppost as $key => $value) {
203		if(!is_array($value)){
204			$ret[$key] = str_replace($search, $replace, $text);
205		} else {
206			$ret[$key] = recurse_pref($value);
207		}
208	}
209	return $ret;
210}
211
212if (isset($_POST['coreedit_sub']))
213{
214	if (($at = e_verify()) === FALSE) {
215		exit;
216	}
217
218	$pref = recurse_pref($_POST);
219
220	$PrefOutput = $eArrayStorage->WriteArray($pref);
221
222	mysql_query("DELETE FROM ".$mySQLprefix."core WHERE e107_name='SitePrefs' OR e107_name='SitePrefs_Backup'");
223	mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs', '{$PrefOutput}')");
224	mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs_Backup', '{$PrefOutput}')");
225
226	$message = "Core settings successfully updated. <br /><br /><a href='../../index.php'>Click here to continue</a>";
227	$END = TRUE;
228}
229
230if (isset($_POST['reset_core_sub']) && $_POST['mode'] == 3) {
231	if (($at = e_verify()) === FALSE) {
232		exit;
233	}
234
235	$result = mysql_query("SELECT * FROM ".$mySQLprefix."core WHERE e107_name='pref_backup'");
236	$row = mysql_fetch_array($result);
237
238	$pref = unserialize(base64_decode($row['e107_value']));
239
240	$PrefOutput = $eArrayStorage->WriteArray($pref);
241
242	mysql_query("DELETE FROM ".$mySQLprefix."core WHERE `e107_name` = 'SitePrefs' OR `e107_name` = 'SitePrefs_Backup'");
243	mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs', '{$PrefOutput}')");
244	mysql_query("INSERT INTO ".$mySQLprefix."core VALUES ('SitePrefs_Backup', '{$PrefOutput}')");
245
246	$message = "Core backup successfully restored. <br /><br /><a href='../../index.php'>Click here to continue</a>";
247	$END = TRUE;
248}
249
250
251if (isset($_POST['reset_core_sub']) && $_POST['mode'] == 1)
252{
253	if (($at = e_verify()) === FALSE) {
254		exit;
255	}
256
257	$result = @mysql_query("SELECT * FROM ".$mySQLprefix."core WHERE e107_name='SitePrefs'");
258	$row = @mysql_fetch_array($result);
259
260	$pref = $eArrayStorage->ReadArray($row['e107_value']);
261
262	echo "
263		<span class='headertext2'><b>Edit your individual core items and click the button to save - <span class='headertext'>use this script with caution</span>.</b></span><br /><br />
264		<form method='post' action='".$_SERVER['PHP_SELF']."'>
265		<table style='width:95%'>\n";
266
267	while (list($key, $prefr) = each($pref)) {
268		if (is_array($prefr)) {
269			foreach ($prefr as $akey => $apref) {
270				echo "<tr><td class='headertext2' style='width:50%; text-align:right;'>{$key}[{$akey}]&nbsp;&nbsp;</td>
271				<td style='width:50%'><input type='text' name='{$key}[{$akey}]' value='{$apref}' size='50' maxlength='100' /></td></tr>\n";
272
273			}
274		} else {
275			echo "<tr><td class='headertext2' style='width:50%; text-align:right;'>{$key}&nbsp;&nbsp;</td>
276			<td style='width:50%'><input type='text' name='{$key}' value='{$prefr}' size='50' maxlength='100' /></td></tr>\n";
277		}
278	}
279	echo "
280		<tr>
281		<td colspan='2' style='text-align:center'><br /><input class='btn btn-default btn-secondary button' type='submit' name='coreedit_sub' value='Save Core Settings' /></td>
282		</tr>
283		</table>
284		<input type='hidden' name='a_name' value='".$_POST['a_name']."' />
285		<input type='hidden' name='a_password' value='".preg_replace("/\W/", '', $_POST['a_password'])."' />
286		</form>";
287	$END = TRUE;
288}
289
290if (isset($message)) {
291	echo "<br /><br /><div style='text-align:center'><span class='headertext2'>{$message}</span></div><br />";
292}
293
294if (isset($END)) {
295	echo "<br /></div></body></html>";
296	exit;
297}
298
299echo "<span class='headertext2'>
300	This is the e107 resetcore utility. It allows you to completely rebuild your core if it becomes corrupt, or to restore a backup. <br />It won't affect your actual content (news posts, forum posts, articles etc).<br />
301	<b>Only run this utility if your site is failing to load due to a critical core error, or if you need to change a setting and can't log into your admin area.</b></span><br /><br /><br /><br />
302
303	<span class='headertext'>Please enter your main administrator username and password to continue ...</span><br /><br />
304	<form method='post' action='".$_SERVER['PHP_SELF']."'>
305	<table style='width:95%'>
306	<tr>
307	<td style='width:50%; text-align:right;' class='mediumtext'>Main administrator name:</td>
308	<td style='width:50%'>
309	<input class='tbox' type='text' name='a_name' size='30' value='' maxlength='100' />
310	</td>
311	</tr>
312	<tr>
313	<td style='width:50%; text-align:right;' class='mediumtext'>Main administrator Password:</td>
314	<td style='width:50%'>
315	<input class='tbox' type='password' name='a_password' size='30' value='' maxlength='100' />
316	</td>
317	</tr>
318	<tr>
319	<td colspan='2' style='text-align:center'>
320	<br />
321	<input class='btn btn-default btn-secondary button' type='submit' name='usubmit' value='Continue' />
322	</td>
323	</tr>
324	</table>
325	<br />
326	</div>
327	</body>
328	</html>";
329
330
331/**
332 *	Verify main admin data
333 */
334function e_verify() {
335	global $mySQLprefix;
336	if (ACTIVE !== TRUE)
337	{
338		exit();
339	}
340	if (MAGIC_QUOTES_GPC == FALSE)
341	{
342		$a_name = addslashes($_POST['a_name']);
343	}
344	else
345	{
346		$a_name = $_POST['a_name'];
347	}
348
349	$a_name = str_replace('/*', '', $a_name);
350
351	$result = mysql_query("SELECT * FROM ".$mySQLprefix."user WHERE user_name='".$a_name."'");
352	$row = mysql_fetch_array($result);
353
354	// @TODO: Will need to handle other password encodings as well
355	if (($row['user_password'] === md5($_POST['a_password'])) && ($row['user_perms'] === '0') && (ACTIVE === TRUE))
356	{
357		clear_cache();
358		return $row;
359	}
360	else
361	{
362		return FALSE;
363	}
364}
365
366
367
368
369/**
370 *	Clear all cache files
371 */
372function clear_cache()
373{
374	// $dir = "../cache/";
375	$dir = e_CACHE;
376	$pattern = "*.cache.php";
377	$deleted = false;
378	$pattern = str_replace(array("\*", "\?"), array(".*", "."), preg_quote($pattern));
379	if (substr($dir, -1) != "/") {
380		$dir .= "/";
381	}
382	if (is_dir($dir)) {
383		$d = opendir($dir);
384		while ($file = readdir($d)) {
385			if (is_file($dir.$file) && preg_match("/^{$pattern}$/", $file)) {
386				if (unlink($dir.$file)) {
387					$deleted[] = $file;
388				}
389			}
390		}
391		closedir($d);
392		return true;
393	} else {
394		return false;
395	}
396}
397
398?>