[geeklog-cvs] geeklog: Added Emergency Rescue Tool to Geeklog Install.
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Thu Mar 22 20:49:48 EDT 2012
changeset 8549:adda6d241007
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/adda6d241007
user: Tom <websitemaster at cogeco.net>
date: Thu Mar 22 20:46:11 2012 -0400
description:
Added Emergency Rescue Tool to Geeklog Install.
diffstat:
public_html/admin/install/index.php | 1 +
public_html/admin/install/language/english.php | 3 +-
public_html/admin/install/rescue.php | 426 +++++++++++++++++++++++++
3 files changed, 429 insertions(+), 1 deletions(-)
diffs (truncated from 454 to 300 lines):
diff -r 0476f5531047 -r adda6d241007 public_html/admin/install/index.php
--- a/public_html/admin/install/index.php Thu Mar 22 20:44:56 2012 -0400
+++ b/public_html/admin/install/index.php Thu Mar 22 20:46:11 2012 -0400
@@ -956,6 +956,7 @@
<body dir="' . $LANG_DIRECTION . '">
<div class="header-navigation-container">
<div class="header-navigation-line">
+ <a href="rescue.php" class="header-navigation">' . $LANG_INSTALL[109] . '</a>
<a href="' . $LANG_INSTALL[87] . '" class="header-navigation">' . $LANG_INSTALL[1] . '</a>
</div>
</div>
diff -r 0476f5531047 -r adda6d241007 public_html/admin/install/language/english.php
--- a/public_html/admin/install/language/english.php Thu Mar 22 20:44:56 2012 -0400
+++ b/public_html/admin/install/language/english.php Thu Mar 22 20:46:11 2012 -0400
@@ -157,7 +157,8 @@
105 => 'Sorry, but the admin directory path you entered does not appear to be correct. Please go back and try again.',
106 => 'PostgreSQL',
107 => 'Database Password is required for production environments.',
- 108 => 'No Database Drivers found!'
+ 108 => 'No Database Drivers found!',
+ 109 => 'Emergency Rescue Tool'
);
// +---------------------------------------------------------------------------+
diff -r 0476f5531047 -r adda6d241007 public_html/admin/install/rescue.php
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/public_html/admin/install/rescue.php Thu Mar 22 20:46:11 2012 -0400
@@ -0,0 +1,426 @@
+<?php
+// +---------------------------------------------------------------------------+
+// | Geeklog Emergency Rescue Tool |
+// +---------------------------------------------------------------------------+
+// | admin/rescue.php |
+// +---------------------------------------------------------------------------+
+// | Copyright (C) 2010 Wayne Patterson [suprsidr at flashyourweb.com] |
+// +---------------------------------------------------------------------------+
+// | |
+// | This program is free software; you can redistribute it and/or |
+// | modify it under the terms of the GNU General Public License |
+// | as published by the Free Software Foundation; either version 2 |
+// | of the License, or (at your option) any later version. |
+// | |
+// | This program is distributed in the hope that it will be useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+// | GNU General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
+// | |
+// +---------------------------------------------------------------------------+
+//
+require_once '../../siteconfig.php';
+require_once $_CONF['path'].'db-config.php';
+require_once $_CONF['path_system'].'lib-database.php';
+
+// This
+$self = basename(__FILE__);
+
+// The conf_values we're making available to edit.
+$configs = array('site_url', 'site_admin_url', 'path_html', 'path_themes', 'path_log', 'path_language', 'theme');
+
+// Start it off
+if (! empty($_COOKIE['GLEMERGENCY']) && trim($_COOKIE['GLEMERGENCY']) == md5($_DB_pass)) {
+ /* Already logged in, got a cookie */
+ $view = (isset($_REQUEST['view']) && $_REQUEST['view'] != '') ? trim($_REQUEST['view']) : 'options';
+ $tmpArray = $args = array();
+ $tmp = (isset($_REQUEST['args']) && $_REQUEST['args'] != '') ? trim($_REQUEST['args']) : '';
+ if (strlen($tmp)) {
+ $tmpArray = explode('|', $tmp);
+ foreach ($tmpArray as $pair) {
+ $parts = explode(':', $pair);
+ $args[$parts[0]] = $parts[1];
+ }
+ }
+ render($view, $args);
+ exit;
+} else if (! empty($_POST['gl_password'])) {
+ /* Login attempt */
+ if ($_POST['gl_password'] == $_DB_pass) {
+ setcookie("GLEMERGENCY", md5($_DB_pass), 0);
+ $url = $self.'?view=options&args=result:success|statusMessage:'.urlencode('Login successful');
+ print "<html><head><meta http-equiv=\"refresh\" content=\"0; URL=$url\"></head></html>\n";
+ } else {
+ render('passwordForm', array('incorrectPassword'=>1));
+ exit;
+ }
+} else {
+ render('passwordForm');
+ exit;
+}
+
+
+function render($renderType, $args = array()) {
+ global $_TABLES, $self, $configs;
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+ <head>
+ <title>Geeklog Emergency Rescue Tool</title>
+ <?php printHtmlStyle(); ?>
+ <?php printJs(); ?>
+ </head>
+ <body>
+ <div class="main center">
+ <div class="header-navigation-container">
+ <div class="header-navigation-line">
+ <a href="index.php" class="header-navigation">Geeklog Install</a>
+ </div>
+ </div>
+ <h1>Geeklog Emergency Rescue Tool</h1>
+ <div class="box important">
+ <p>Do not forget to <b>delete this <?php print $self; ?> file and the install directory once you are done!</b>
+ If other users guess the password, they can seriously harm your geeklog installation!
+ <p>
+ </div>
+ <?php if (! empty($args['statusMessage'])): ?>
+ <div class="box <?php print trim($args['result']); ?>">
+ <b>Status:</b>
+ <?php print $args['statusMessage']; ?>
+ </div>
+ <?php endif; ?>
+ <?php if ($renderType == 'passwordForm'): ?>
+ <h2>You are attempting to access a secure section. You can't
+ proceed until you pass the security check.</h2>
+ <div class="password_form">
+ <div class="box">
+ <span class="message">In order to verify you, we require you to enter your database password. This is
+ the password that is stored in geeklog's db-config.php</span>
+ <form id="loginForm" method="post">
+ Password:<input type="password" name="gl_password"/>
+ <script type="text/javascript">
+ document.getElementById('loginForm')['gl_password'].focus();
+ </script>
+ <input type="submit" value="Verify Me" onclick="this.disabled=true;this.form.submit();"/>
+ </form>
+ <?php if (! empty($args['incorrectPassword'])): ?>
+ <div class="error">
+ Password incorrect!
+ </div>
+ <?php endif; ?>
+ </div>
+ </div>
+ <?php elseif ($renderType == 'handleRequest'):
+ $sql = sprintf("%s %s SET %s = '%s' WHERE %s = '%s'", $args['operation'], $_TABLES[$args['table']], $args['field'], trim($_POST['value']), $args['where'], trim($_POST['target']));
+ $enable = (trim($_POST['value']))?'enabling ':'disabling ';
+ $success = (DB_query($sql))?'success ':'error ';
+ $url = $self.'?view=options&args=result:'.$success.'|statusMessage:'.urlencode($success.$enable.trim($_POST['target']));
+ print "<html><head><meta http-equiv=\"refresh\" content=\"0; URL=$url\"></head></html>\n";
+ ?>
+ <?php elseif ($renderType == 'updateConfigs'):
+ foreach ($configs as $config){
+ $sql = sprintf("UPDATE %s SET value = '%s' WHERE name = '%s'", $_TABLES['conf_values'], serialize($_POST[$config]), $config);
+ if(DB_query($sql)){
+ continue;
+ }else{
+ $url = $self.'?view=options&args=result:error|statusMessage:'.urlencode('There was an error updating configs');
+ print "<html><head><meta http-equiv=\"refresh\" content=\"0; URL=$url\"></head></html>\n";
+ exit;
+ }
+ }
+ $url = $self.'?view=options&args=result:success|statusMessage:'.urlencode('Updating configs completed successfully');
+ print "<html><head><meta http-equiv=\"refresh\" content=\"0; URL=$url\"></head></html>\n";
+ ?>
+ <?php elseif ($renderType == 'updateEmail'):
+ $passwd = rand ();
+ $passwd = md5 ($passwd);
+ $passwd = substr ($passwd, 1, 8);
+ $username = DB_getItem($_TABLES['users'], 'username', "uid = '2'");
+ $sql = sprintf("UPDATE %s SET passwd = '%s' WHERE username = '%s'", $_TABLES['users'], md5($passwd), $username);
+ if(!(DB_query($sql))){
+ $url = $self.'?view=options&args=result:error|statusMessage:'.urlencode('There was an error updating your password');
+ print "<html><head><meta http-equiv=\"refresh\" content=\"0; URL=$url\"></head></html>\n";
+ exit;
+ }
+ $email = DB_getItem($_TABLES['users'], 'email', "uid = '2'");
+ $site_url = unserialize(DB_getItem($_TABLES['conf_values'], 'value', "name = 'site_url'"));
+ $to = $email;
+ $subject = 'Geeklog password request';
+ $message = sprintf('
+ <html>
+ <head>
+ <title>Requested Password</title>
+ </head>
+ <body>
+ <p>Someone (hopefully you) has accessed the emergency password request form and a new password:"%s" for your account "%s" on %s, has been generated.</p>
+ <p>If it was not you, please check the security of your site. Make sure to remove the Emergency Rescue Form /admin/rescue.php</p>
+ </body>
+ </html>
+ ', $passwd, $username, $site_url);
+ $headers = 'MIME-Version: 1.0' . "\r\n";
+ $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
+ $headers .= 'X-Mailer: PHP/' . phpversion();
+ if(mail($to, $subject, $message, $headers)){
+ $url = $self.'?view=options&args=result:success|statusMessage:'.urlencode('New password has been sent to the recorded email address');
+ print "<html><head><meta http-equiv=\"refresh\" content=\"0; URL=$url\"></head></html>\n";
+ exit;
+ }else{
+ $url = $self.'?view=options&args=result:error|statusMessage:'.urlencode('There was an error sending email with the subject: '.$subject);
+ print "<html><head><meta http-equiv=\"refresh\" content=\"0; URL=$url\"></head></html>\n";
+ exit;
+ }
+ ?>
+ <?php elseif ($renderType == 'phpinfo'): ?>
+ <h2>PHP Information </h2>
+ <ul><li><a href="javascript:self.location.href='<?php print $self; ?>';"> Reset</a></li></ul>
+ <div class="info">
+ <?php phpinfo(); ?>
+ </div>
+ <ul><li><a href="javascript:self.location.href='<?php print $self; ?>';"> Reset</a></li></ul>
+ <?php elseif ($renderType == 'options'): ?>
+ <h2>System Information </h2>
+ <div class="info">
+ <ul>
+ <li>PHP version: <?php print phpversion(); ?> <a href="<?php print $self; ?>?view=phpinfo"> <small>phpinfo</small></a></li>
+ <li>Geeklog version <?php print VERSION; ?></li>
+ </ul>
+ </div>
+ <h2>Options </h2>
+ <p style="margin-left:5px;">If you happen to install a plugin or addon that brings down your geeklog site, you can remedy the problem with the options below.</p>
+ <ul class="option">
+ <li><a href="javascript:toggle('plugins')">Enable/Disable Plugins</a></li>
+ <li><a href="javascript:toggle('blocks')">Enable/Disable Blocks</a></li>
+ <li><a href="javascript:toggle('conf')">Edit Select $_CONF Values</a></li>
+ <li><a href="javascript:toggle('pass')">Reset Admin Password</a></li>
+ </ul>
+ <div id="plugins" name="options" class="box option" style="display:none;">
+ <h3>Here you can enable/disable any plugin that is currently installed on your geeklog website.</h3>
+ <form id="plugin-operator" method="post">
+ <select name="target" onchange="toggleRadio(this.options[this.selectedIndex].getAttribute('class') == 'disabled', this.form.elements['value']);">
+ <option selected="selected" value="">Select a plugin</option>
+ <?php
+ $result = DB_query( "SELECT * FROM {$_TABLES['plugins']}");
+ while ($A = DB_fetchArray($result)){
+ $class = ($A['pi_enabled'] == 0)?'class="disabled"':'';
+ echo '<option '.$class.' value="'.$A['pi_name'].'">'.$A['pi_name'].'</option>'."\n";
+ }
+ ?>
+ </select>
+ <input type="radio" name="value" value="1"/>Enable
+ <input type="radio" name="value" value="0" checked="checked"/>Disable<br />
+ <input type="hidden" name="view" value="handleRequest"/>
+ <input type="hidden" name="args" value="operation:UPDATE|table:plugins|field:pi_enabled|where:pi_name"/>
+ <input type="submit" value="Go" onclick="this.disabled=true;this.form.submit();"/>
+ </form>
+ <p> </p>
+ </div>
+ <div id="blocks" name="options" class="box option" style="display:none;">
+ <h3>Here you can enable/disable any block that is currently installed on your geeklog website.</h3>
+ <form id="block-operator" method="post">
+ <select name="target" onchange="toggleRadio(this.options[this.selectedIndex].getAttribute('class') == 'disabled', this.form.elements['value']);">
+ <option selected="selected" value="">Select a block</option>
+ <?php
+ $result = DB_query( "SELECT * FROM {$_TABLES['blocks']}");
+ while ($A = DB_fetchArray($result)){
+ $class = ($A['is_enabled'] == 0)?'class="disabled"':'';
+ echo '<option '.$class.' value="'.$A['name'].'">'.$A['title'].'</option>'."\n";
+ }
+ ?>
+ </select>
+ <input type="radio" name="value" value="1"/>Enable
+ <input type="radio" name="value" value="0" checked="checked"/>Disable<br />
+ <input type="hidden" name="table" value="blocks"/>
+ <input type="hidden" name="view" value="handleRequest"/>
+ <input type="hidden" name="args" value="operation:UPDATE|table:blocks|field:is_enabled|where:name"/>
+ <input type="submit" value="Go" onclick="this.disabled=true;this.form.submit();"/>
+ </form>
+ <p> </p>
+ </div>
+ <div id="conf" name="options" class="box option" style="display:none;">
+ <h3>You can edit some key $_CONF options.</h3>
+ <form id="config-operator" method="POST" action="<?php print $self.'?view=updateConfigs'; ?>"/>
+ <?php
+ foreach ($configs as $config){
+ $sql = "SELECT value FROM {$_TABLES['conf_values']} WHERE name ='{$config}' LIMIT 1";
+ $res = DB_query($sql);
+ $row = DB_fetchArray($res);
+ ?>
+ <fieldset><legend><?php print $config; ?>:</legend><input type="text" size="80" id="<?php print $config; ?>" name="<?php print $config; ?>" value="<?php print unserialize($row['value']); ?>"/></fieldset>
+ <?php
+ }
+ ?>
+ <input type="submit" value="Go" onclick="this.disabled=true;this.form.submit();"/>
+ </form>
+ <p> </p>
+ </div>
+ <div id="pass" name="options" class="box option" style="display:none;">
+ <h3>Here you can reset your geeklog root/admin password.</h3>
+ <form id="config-operator" method="POST" action="<?php print $self.'?view=updateEmail'; ?>"/>
+ <input type="submit" value="Email my password" onclick="this.disabled=true;this.form.submit();"/>
+ </form>
+ <p> </p>
+ </div>
+ <?php endif; ?>
+ <div class="box important">
+ <p>Do not forget to <b>delete this <?php print $self; ?> file and the install directory once you are done!</b>
+ If other users guess the password, they can seriously harm your geeklog installation!
+ <p>
+ </div>
More information about the geeklog-cvs
mailing list