diff options
Diffstat (limited to 'comiccontrol/initialize.php')
| -rw-r--r-- | comiccontrol/initialize.php | 312 |
1 files changed, 312 insertions, 0 deletions
diff --git a/comiccontrol/initialize.php b/comiccontrol/initialize.php new file mode 100644 index 0000000..a846fcb --- /dev/null +++ b/comiccontrol/initialize.php @@ -0,0 +1,312 @@ +<? +//initialize.php +//Initialization script: create sanitization functions and assign configuration variables +//Includes editing and deleting comics as well as displays comics that can be edited in nested list format + +$preview = false; + +//DATA MANAGEMENT AND AUXILIARY FUNCTIONS + +//sanitize() - standard input sanitization function for mysql +function sanitize($input){ + global $z; + $input = mysqli_real_escape_string($z,$input); + return $input; +} + +//filterint() - filter integers +function filterint($input){ + $input = filter_var($input,FILTER_SANITIZE_NUMBER_INT); + return $input; +} + +//sanitizeText() - sanitize text that has to be outputted as html +function sanitizeText($input){ + global $z; + $input = str_replace("'","'",$input); + $input = str_replace("’","'",$input); + $input = str_replace("’","'",$input); + $input = str_replace('"',""",$input); + $input = mysqli_real_escape_string($z,$input); + return $input; +} + +//sanitizeAlphanumeric() - remove all except alphanumeric for ULTIMATE SANITIZATION +function sanitizeAlphanumeric($input){ + $sanitized = preg_replace("/[^A-Za-z0-9 ]/", '', $input); + return $sanitized; +} + +//sanitizeSlug() - remove all except alphanumeric and hyphens +function sanitizeSlug($input){ + return preg_replace('/[^A-Za-z0-9\-]/', '', $input); +} + +//fetch() - get one result from query +function fetch($query){ + global $z; + + $result = $z->query($query); + $row = $result->fetch_assoc(); + return $row; +} + +//isMobile() - check if user is mobile user +function isMobile(){ + global $_SERVER; + + $useragent=$_SERVER['HTTP_USER_AGENT']; + if(preg_match('/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i',$useragent)||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i',substr($useragent,0,4))){ + return true; + }else{ + return false; + } + +} + +//log in user +function authCheck(){ + global $tableprefix; + global $z; + global $_COOKIE; + global $_SERVER; + + if(isset($_POST['username'])) + { + $password = sanitize($_POST['password']); + $username = sanitize($_POST['username']); + $query = "SELECT * FROM cc_" . $tableprefix . "users WHERE username='" . $username . "' LIMIT 1"; + $result = $z->query($query); + if($result->num_rows == 1){ + $userinfo = $result->fetch_assoc(); + $query="SELECT * FROM cc_" . $tableprefix . "users WHERE username='".$username."' AND password='" . md5($password . $userinfo['salt']) . "' LIMIT 1"; + $result = $z->query($query); + if($result->num_rows == 1){ + $userinfo = $result->fetch_assoc(); + $characters = 'abcdefghijklmnopqrstuvwxyz0123456789'; + $randstr = ''; + for ($i = 0; $i < 32; $i++) { + $randstr .= $characters[rand(0, strlen($characters) - 1)]; + } + $query = "UPDATE cc_" . $tableprefix . "users SET loginhash='" . sha1($userinfo['username'] . $userinfo['salt'] . $randstr) . "' WHERE id='" . $userinfo['id'] . "' LIMIT 1"; + $z->query($query); + setcookie('loginhash', $randstr, time() + (432000), "/", $_SERVER['HTTP_HOST']); + setcookie('username', $username, time() + (432000), "/", $_SERVER['HTTP_HOST']); + setcookie('hashtime', time(), time() + (432000), "/", $_SERVER['HTTP_HOST']); + return true; + } + } + } + else if(isset($_COOKIE['username']) && isset($_COOKIE['loginhash']) && isset($_COOKIE['hashtime'])){ + $loginhash = sanitize($_COOKIE['loginhash']); + $username = sanitize($_COOKIE['username']); + $query = "SELECT * FROM cc_" . $tableprefix . "users WHERE username='" . $username . "' LIMIT 1"; + $result = $z->query($query); + if($result->num_rows == 1){ + $userinfo = $result->fetch_assoc(); + $query = "SELECT * FROM cc_" . $tableprefix . "users WHERE username='" . $userinfo['username'] . "' AND loginhash='" . sha1($userinfo['username'] . $userinfo['salt'] . $loginhash) . "' LIMIT 1"; + $result = $z->query($query); + if($result->num_rows == 1){ + if((time() - $_COOKIE['hashtime']) > 3600){ + $characters = 'abcdefghijklmnopqrstuvwxyz0123456789'; + $randstr = ''; + for ($i = 0; $i < 32; $i++) { + $randstr .= $characters[rand(0, strlen($characters) - 1)]; + } + $query = "UPDATE cc_" . $tableprefix . "users SET loginhash='" . sha1($userinfo['username'] . $userinfo['salt'] . $randstr) . "' WHERE id='" . $userinfo['id'] . "' LIMIT 1"; + $z->query($query); + setcookie('loginhash', $randstr, time() + (432000), "/", $_SERVER['HTTP_HOST']); + setcookie('username', $username, time() + (432000), "/", $_SERVER['HTTP_HOST']); + setcookie('hashtime', time(), time() + (432000), "/", $_SERVER['HTTP_HOST']); + } + return true; + } + } + } + return false; +} + + +//QUERY FUNCTION +function fetchoption($optionname){ + global $z; + global $tableprefix; + + $optionname=sanitizeAlphanumeric($optionname); + + $query = "SELECT * FROM cc_" . $tableprefix . "options WHERE optionname='" . $optionname . "' LIMIT 1"; + + $result = $z->query($query); + $row = $result->fetch_assoc(); + return $row['optionvalue']; + +} + +//SITE INFO +$sitetitle = fetchoption("sitetitle"); +$disqusname = fetchoption("disqusname"); +if($_GET['id'] > 0 && $_GET['id'] < 73){ $disqusname = "works-in-progress"; } +$root = fetchoption("root"); +$siteroot = fetchoption("siteroot"); +$relativeroot = fetchoption("relativeroot"); + +//TIMEZONE +$timezone = fetchoption("timezone"); +$timezoneshort = fetchoption("timezoneshort"); + +date_default_timezone_set($timezone); + +//OPTIONS +$dateformat = fetchoption("dateformat"); +$timeformat = fetchoption("timeformat"); +$navaux = fetchoption("navaux"); +$previewpage = fetchoption("preview"); +$language = fetchoption("language"); +$navorder = fetchoption("navorder"); +$maxwidth = fetchoption("maxwidth"); +$usemaxwidth = fetchoption("usemaxwidth"); +$thumbwidth = fetchoption("thumbwidth"); +$thumbheight = fetchoption("thumbheight"); + +//SLUG PARSING +$url = "$_SERVER[REQUEST_URI]"; +$url = substr($url,(strlen($relativeroot)+1)); +$slug = preg_replace('/[^a-zA-Z0-9\-\/.?=]/', '', $url); +$slugarr = explode("/",$slug); +foreach($slugarr as $key=>$value){ + if(strpos($value,"?") > -1) { + $str = substr($value,0,strpos($value,"?")); + $slugarr[$key] = $str; + } +} + +//MATCH TO OLD MODULES +$query = "SELECT * FROM cc_" . $tableprefix . "modules"; +$result = $z->query($query); +while($row = $result->fetch_assoc()){ + if($slugarr[0] == ""){ + $slugarr[0] = "index.php"; + } + if($slugarr[0] == $row['filename']){ + $slugarr[0] = $row['slug']; + if($row['type'] == "comic"){ + $id = preg_replace('[\D]', '', $_GET['id']); + if($id != ""){ + $query = "SELECT * FROM cc_" . $tableprefix . "comics WHERE comic='" . $row['id'] . "' AND id='" . $id . "' AND publishtime < " . time() . " LIMIT 1"; + $result = $z->query($query); + if($result->num_rows > 0){ + $row = $result->fetch_assoc(); + $slugarr[1] = $row['slug']; + } + } + } + } +} + +//SET MODULE +$query = "SELECT * FROM cc_" . $tableprefix . "modules WHERE slug='" . $slugarr[0] . "' LIMIT 1"; +$moduleinfo = fetch($query); + + +//SET LANGUAGE VARIABLES +include('languages/' . $language . '.php'); +if($moduleinfo != "") include('languages/user-' . $moduleinfo['language'] . '.php'); + +//BUILD PREVIEW BAR IF LOGGED IN + +if(authCheck()){ + $previewbar='<style> + html{ + width:100% !important; + margin-top:40px !important; + } + .cc-previewbar{ + width:100%; + height:40px; + background:#000; + color:#fff; + font-family:Georgia, "Times New Roman", Times, serif; + position:fixed; + top:0; + z-index:100; + } + .cc-leftside{ + float:left; + width:20%; + font-size:20px; + padding:10px; + } + .cc-rightside{ + float:right; + width:75%; + font-size:14px; + text-align:right; + padding:10px; + } + .cc-previewbar a{ + color:#fff; + text-decoration:none; + } + </style> + <div class="cc-previewbar"><div class="cc-leftside"><a href="' . $root . '">ComicControl.</a></div><div class="cc-rightside">'; + + + switch($moduleinfo['type']){ + case "comic": + $query = "SELECT * FROM cc_" . $tableprefix . "comics WHERE comic='" . $moduleinfo['id'] . "' AND slug='" . $slugarr[1] . "' LIMIT 1"; + $result = $z->query($query); + if($result->num_rows > 0){ + $comicinfo = $result->fetch_assoc(); + if($comicinfo['publishtime'] > time()){ + $previewbar .= $lang['previewbar'] . " - "; + }else{ + $preview = false; + } + $previewbar .= $comicinfo['comicname'] .' - <a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '&do=add">' . $lang['addanothercomic'] . '</a> | <a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '&do=edit&comicid=' . $comicinfo['id'] . '&edit=edit">' . $lang['editthiscomic'] . '</a> | '; + }else{ + $previewbar .= '<a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '&do=add">' . $lang['addanothercomic'] . '</a> | '; + } + $previewbar .= '<a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '">' . $lang['returnto'] . $moduleinfo['title'] . '</a>'; + $previewbar .= '</div></div>'; + break; + case "blog": + $query = "SELECT * FROM cc_" . $tableprefix . "blogs WHERE blog='" . $moduleinfo['id'] . "' AND slug='" . $slugarr[1] . "' LIMIT 1"; + $result = $z->query($query); + if($result->num_rows > 0){ + $bloginfo = $result->fetch_assoc(); + if($bloginfo['publishtime'] > time()){ + $previewbar .= $lang['previewbar'] . " - "; + } + $previewbar .= $bloginfo['title'] . ' - '; + } + $previewbar .= '<a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '&action=add">' . $lang['addanotherpost'] . '</a> | '; + if($bloginfo != "") $previewbar .= '<a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '&action=ed&blogid=' . $bloginfo['id'] . '">' . $lang['editthispost'] . '</a> | '; + $previewbar .= '<a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '">' . $lang['returnto'] . $moduleinfo['title'] . '</a></div></div>'; + break; + case "gallery": + $prevmid = $moduleinfo['title'] . ' - <a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '">' . $lang['addanotherimage'] . '</a> | <a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '">' . $lang['returnto'] . $moduleinfo['title'] . '</a>'; + $previewbar .= $prevmid; + $previewbar .= '</div></div>'; + break; + case "page": + $prevmid = $moduleinfo['title'] . ' - <a href="' . $root . 'edit.php?moduleid=' . $moduleinfo['id'] . '">' . $lang['editthispage'] . '</a>'; + $previewbar .= $prevmid; + $previewbar .= '</div></div>'; + break; + default: + $previewbar .= '</div></div>'; + break; + } +}else{ + if($moduleinfo['type'] == "comic" && $slugarr[1] != "" && $slugarr[1] != "archive"){ + $query = "SELECT * FROM cc_" . $tableprefix . "comics WHERE comic='" . $moduleinfo['id'] . "' AND slug='" . $slugarr[1] . "' LIMIT 1"; + $result = $z->query($query); + if($result->num_rows <= 0){ + header("HTTP/1.0 404 Not Found"); + http_response_code(404); + include('404.php'); + die(); + } + } +} +?>
\ No newline at end of file |