index
<?php
function setup() {
userlogout(); // this deletes cookie
// not needed except for me
$html = html();
$config = config();
$arg = ''; // for templates
$status = '';
$formtitle = "";
$url = basename($_SERVER['PHP_SELF']);
$file = 'dat/defines.php';
$message = 'defines'; // htm/admin/messages.php
if (!isset($_POST['salt1'])) {
$_POST['salt1'] = $_POST['salt2'] = '';
$_POST['salt3'] = randomstring(16);
if (!config('configuresalts')) {
$_POST['salt1'] = '$5$'.randomstring(16);
$_POST['salt2'] = '$5$'.randomstring(16);
}
}
$post = 'ad_name,ad_pass,db_user,db_pass,db_name,salt1,salt2,salt3,button';
eval(POST_);
eval(shit_file('htm/admin/open.html'));
/*if (!function_exists('mysqli_connect')) {
echo "The function 'mysqli_connect' does not exist and ".
"we cannot continue, sorry. If <b>anyone</b> requests we will ".
"make a version that uses the 'mysql' version instead.<br><br>";
}*/
$f = is_writeable($file);
if (!$f) {
echo "The file '$file' does not have the proper permissions ".
"so your settings cannot be saved. (A PHP script cannot ".
"change the file's permissions.)<br><br>";
}
if ($button == 'write' || $button == 'test') {
$e = '';
// test mysql
if (!function_exists('mysqli_connect') || config('mysql')) {
$t = @mysql_connect('localhost',$db_user,$db_pass);
$mysqlerror = 'mysql_error';
}
else {
$t = @mysqli_connect('localhost',$db_user,$db_pass,$db_name);
$mysqlerror = 'mysqli_connect_error';
}
// test login name characters
preg_match('/([a-zA-Z0-9_]+)/',$ad_name,$res);
if (isset($res[1]) && $ad_name != $res[1])
$e = "Improper Login ID.";
// check empty fields
if (!$ad_name||!$ad_pass||!$db_user||!$db_pass||!$db_name)
$e = "No field can be empty.";
if (config('configuresalts') && (!$salt1 || !$salt2))
$e = "No field can be empty.";
// check password
$p = _chkpassword($ad_pass);
if ($p)
$e = $p;
// see if anything is wrne
if (!$e && isset($t) && !$t)
$e = "myslq: ".$mysqlerror().".";
if ($e)
$status = $e;
if (!$e && $button == 'test')
$status = "Data is valid.";
// if okay write file
if (!$e && $button == 'write' && $f) {
if (!_savesetup($file))
$status = "Error saving file!";
else
$message = 'goodtogo';
}
}
eval(shit_show(_message($message)));
eval(shit_file('htm/admin/close.html'));
}
/* save data to file */
function _savesetup($file) {
$post = 'ad_name,ad_pass,db_user,db_pass,db_name,salt1,salt2,salt3';
eval(POST_);
if (!$ad_name||!$ad_pass||!$db_user||!$db_pass||!$db_name)
return FALSE; // should not happen but can if making changes
$fd = @fopen($file,'w');
if (!$fd)
return FALSE;
$ad_pass = crypt($ad_pass,$salt1);
fwrite($fd,"<?php\n// this file gets written by the admin code\n\n");
foreach (explode(",",$post) as $_)
fwrite($fd,"define('".strtoupper($_)."','".$$_."');\n");
fclose($fd);
return TRUE;
}
/* password creation */
function password() {
$url = basename($_SERVER['PHP_SELF']);
$status = "";
$html = html();
$config = config();
$arg = getvar('arg');
$formtitle = "";
$p = isset($_POST['password']) ? $_POST['password'] : "";
$button = isset($_POST['button']) ? $_POST['button'] : "";
eval(shit_file('htm/admin/open.html'));
$message = 'password';
if ($button == "generate") {
$e = _chkpassword($p);
if ($e)
$status = $e;
else {
$PASS = thiscrypt($p);
$message = 'yerpassword';
$status = '';
}
}
eval(shit_show(_message($message)));
eval(shit_file('htm/admin/close.html'));
// NOTE yes, yes, we know we are using a 'text' input, and yes, we are
// displaying the password -- but, you're not doing this while
// in a public place, are you?
}
function _chkpassword($p) {
$e = '';
if (trim($p) != $p)
$e = 'Password cannot have leading/trailing spaces.';
// input type=password removes them
elseif ($p == "")
$e = 'Password cannot be empty.';
/* do we really need these?
elseif (strlen($p) < 4)
$e = 'Password must be greater than 4 characters.';
elseif (strlen($p) > 64)
$e = 'Password must be shorter than 65 characters.';
*/
return $e;
// NOTE obviously, can check for password strength as well, but we have a
// dislike for forcing people to do that, especially when testing! You are
// testing this code, aren't you? we don't even like the length checks
}
function randomstring($len) {
$s = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
return substr(str_shuffle($s),0,$len);
}