IP : 3.137.169.241Hostname : host45.registrar-servers.comKernel : Linux host45.registrar-servers.com 4.18.0-513.18.1.lve.2.el8.x86_64 #1 SMP Sat Mar 30 15:36:11 UTC 2024 x86_64Disable Function : None :) OS : Linux
PATH:
/
home/
../
var/
softaculous/
kirby/
../
wp/
../
./
clicshop/
../
modernizr/
../
phplist/
index.php/
/
<?php
// check for basic prerequisites require_once dirname(__FILE__).'/checkprerequisites.php';
if (ob_get_level() == 0) { @ob_start(); } $er = error_reporting(0); // check for commandline and cli version if (!isset($_SERVER['SERVER_NAME']) && PHP_SAPI != 'cli') { echo 'Warning: commandline only works well with the cli version of PHP'; }
require_once dirname(__FILE__).'/inc/unregister_globals.php'; require_once dirname(__FILE__).'/inc/magic_quotes.php'; // Remove when php5.X is unsupported, currently 31 Dec 2018, https://secure.php.net/supported-versions.php require_once dirname(__FILE__).'/inc/random_compat/random.php';
/* no idea why it wouldn't be there (no dependencies are mentioned on php.net/mb_strtolower), but * found a system missing it. We need it from the start */ if (!function_exists('mb_strtolower')) { function mb_strtolower($string) { return strtolower($string); } }
// setup commandline //if (php_sapi_name() == "cli") { //# 17355 - change the way CL is detected, using the way Drupal does it. if (!isset($_SERVER['SERVER_SOFTWARE']) && (php_sapi_name() == 'cli' || (is_numeric($_SERVER['argc']) && $_SERVER['argc'] > 0))) { for ($i = 0; $i < $_SERVER['argc']; ++$i) { $my_args = array(); if (preg_match('/(.*)=(.*)/', $_SERVER['argv'][$i], $my_args)) { $_GET[$my_args[1]] = $my_args[2]; $_REQUEST[$my_args[1]] = $my_args[2]; } } $GLOBALS['commandline'] = 1; $cline = parseCline(); $dir = dirname($_SERVER['SCRIPT_FILENAME']); chdir($dir);
//# send a header for IE header('X-UA-Compatible: IE=Edge'); //# tell SE's to leave us alone header('X-Robots-Tag: noindex');
if (!$ajax && !$GLOBALS['commandline']) { if (USE_MINIFIED_ASSETS && file_exists(dirname(__FILE__).'/ui/'.$GLOBALS['ui'].'/pagetop_minified.php')) { include_once dirname(__FILE__).'/ui/'.$GLOBALS['ui'].'/pagetop_minified.php'; } else { include_once dirname(__FILE__).'/ui/'.$GLOBALS['ui'].'/pagetop.php'; } }
if (isset($GLOBALS['pageheader'])) { foreach ($GLOBALS['pageheader'] as $sHeaderItem => $sHtml) { echo '<!--'.$sHeaderItem.'-->'.$sHtml;
echo "\n"; } }
$GLOBALS['require_login'] = 1; ## this is no longer configurable and should never have been if ($GLOBALS['commandline']) { cl_output(ClineSignature()); if (!isset($_SERVER['USER']) && is_array($GLOBALS['commandline_users']) && count($GLOBALS['commandline_users'])) { clineError('USER environment variable is not defined, cannot do access check. Please make sure USER is defined.'); exit; } if (is_array($GLOBALS['commandline_users']) && count($GLOBALS['commandline_users']) && !in_array($_SERVER['USER'], $GLOBALS['commandline_users']) ) { clineError('Sorry, You ('.$_SERVER['USER'].') do not have sufficient permissions to run phplist on commandline'); exit; } $GLOBALS['require_login'] = 0;
// getopt is actually useless //$opt = getopt("p:");
$IsCommandlinePlugin = isset($cline['m']) && in_array($cline['m'], $GLOBALS['commandlinePlugins']); if ($cline['p'] && !$IsCommandlinePlugin) { if (empty($GLOBALS['developer_email']) && isset($cline['p']) && !in_array($cline['p'], $GLOBALS['commandline_pages']) ) { clineError($cline['p'].' does not process commandline'); } elseif (isset($cline['p'])) { $_GET['page'] = $cline['p']; } cl_processtitle('core-'.$_GET['page']); } elseif ($cline['p'] && $IsCommandlinePlugin) { if (empty($GLOBALS['developer_email']) && isset($cline['p']) && !in_array($cline['p'], $commandlinePluginPages[$cline['m']]) ) { clineError($cline['p'].' does not process commandline'); } elseif (isset($cline['p'])) { $_GET['page'] = $cline['p']; $_GET['pi'] = $cline['m']; cl_processtitle($_GET['pi'].'-'.$_GET['page']); } } else { clineUsage(' [other parameters]'); cl_output(s('Available options:')); @ob_end_clean(); foreach ($GLOBALS['commandline_pages'] as $page){ echo ' '.$page.PHP_EOL; } foreach ($GLOBALS['commandlinePluginPages'] as $plugin => $pluginPages){ foreach ($pluginPages as $page) { echo ' ' . $page .' -m'.$plugin. PHP_EOL; } } exit; } } else { if (CHECK_REFERRER && isset($_SERVER['HTTP_REFERER'])) { //# do a crude check on referrer. Won't solve everything, as it can be faked, but shouldn't hurt $ref = parse_url($_SERVER['HTTP_REFERER']); $parts = explode(':', $_SERVER['HTTP_HOST']); if ($ref['host'] != $parts[0] && !in_array($ref['host'], $allowed_referrers)) { echo 'Access denied <script type="text/javascript">document.location = document.location</script>'; exit; } } }
if (!empty($GLOBALS['require_login'])) { //bth 7.1.2015 to support x-forwarded-for $remoteAddr = getClientIP();
if ($GLOBALS['authenticationplugin']) { $GLOBALS['admin_auth'] = $GLOBALS['plugins'][$GLOBALS['authenticationplugin']]; } else { require __DIR__.'/phpListAdminAuthentication.php'; $GLOBALS['admin_auth'] = new phpListAdminAuthentication(); } if ((!isset($_SESSION['adminloggedin']) || !$_SESSION['adminloggedin']) && isset($_REQUEST['login']) && isset($_REQUEST['password'])) { $loginresult = $GLOBALS['admin_auth']->validateLogin($_REQUEST['login'], $_REQUEST['password']); if (!$loginresult[0]) { $_SESSION['adminloggedin'] = ''; $_SESSION['logindetails'] = ''; $page = 'login'; logEvent(sprintf($GLOBALS['I18N']->get('invalid login from %s, tried logging in as %s'), $remoteAddr, $_REQUEST['login'])); $msg = $loginresult[1]; } else { session_regenerate_id(); if ($doLoginCheck) { # invalidate other active sessions Sql_Query(sprintf('update %s set active = 0 where adminid = %d and active != 0',$GLOBALS['tables']['admin_login'],$loginresult[0])); }
$_SESSION['adminloggedin'] = $remoteAddr; $_SESSION['logindetails'] = array( 'adminname' => $_REQUEST['login'], 'id' => $loginresult[0], 'superuser' => $admin_auth->isSuperUser($loginresult[0]), 'passhash' => sha1($_REQUEST['password']), ); //#16692 - make sure admin permissions apply at first login $GLOBALS['admin_auth']->validateAccount($_SESSION['logindetails']['id']); unset($_SESSION['session_age']); if (!empty($_POST['page'])) { $page = preg_replace('/\W+/', '', $_POST['page']); }
if ($doLoginCheck) { # check if this is a new IP address $knownIP = Sql_Fetch_Row_Query(sprintf('select * from %s where remote_ip4 = "%s" and adminid = %d ',$GLOBALS['tables']['admin_login'],$remoteAddr,$loginresult[0])); if (empty($knownIP[0])) { notifyNewIPLogin($loginresult[0]); } Sql_Query(sprintf('insert into %s (moment,adminid,remote_ip4,remote_ip6,sessionid,active) values(%d,%d,"%s","%s","%s",1)', $GLOBALS['tables']['admin_login'],time(),$loginresult[0],$remoteAddr,"",session_id())); } } //If passwords are encrypted and a password recovery request was made, send mail to the admin of the given email address. } elseif (isset($_REQUEST['forgotpassword'])) { $adminId = $GLOBALS['admin_auth']->adminIdForEmail($_REQUEST['forgotpassword']); if ($adminId) { $msg = sendAdminPasswordToken($adminId); } else { $msg = $GLOBALS['I18N']->get('Failed sending a change password token'); } $page = 'login'; } elseif (!empty($_GET['secret']) && in_array($_GET['page'], $plugin === null ? array('processbounces', 'processqueue', 'processcron') : $plugin->remotePages)) { //# remote processing call $ourSecret = getConfig('remote_processing_secret'); if ($ourSecret != $_GET['secret']) { @ob_end_clean(); echo 'Error'.': '.s('Incorrect processing secret'); exit; }
$_SESSION['adminloggedin'] = $remoteAddr; $_SESSION['logindetails'] = array( 'adminname' => 'remotecall', 'id' => 0, 'superuser' => 0, 'passhash' => 'xxxx', ); $inRemoteCall = true; } elseif (!isset($_SESSION['adminloggedin']) || !$_SESSION['adminloggedin']) { //$msg = 'Not logged in'; $logged = false; foreach ($GLOBALS['plugins'] as $pluginname => $plugin) { if ($plugin->login()) { $logged = true; break; } } if (!$logged) { $page = 'login'; } } elseif (CHECK_SESSIONIP && $_SESSION['adminloggedin'] && $_SESSION['adminloggedin'] != $remoteAddr) { logEvent(sprintf($GLOBALS['I18N']->get('login ip invalid from %s for %s (was %s)'), $remoteAddr, $_SESSION['logindetails']['adminname'], $_SESSION['adminloggedin'])); $msg = $GLOBALS['I18N']->get('Your IP address has changed. For security reasons, please login again'); $_SESSION['adminloggedin'] = ''; $_SESSION['logindetails'] = ''; $page = 'login'; } elseif ($_SESSION['adminloggedin'] && $_SESSION['logindetails']) { if ($doLoginCheck) { $active = Sql_Fetch_Row_Query(sprintf('select active from %s where adminid = %d and (remote_ip4 = "%s" or remote_ip6 = "%s") and sessionid = "%s"', $GLOBALS['tables']['admin_login'],$_SESSION['logindetails']['id'],$remoteAddr,"",session_id())); } else { $active = array(1); ## pretend to be active } $validate = $GLOBALS['admin_auth']->validateAccount($_SESSION['logindetails']['id']); if (empty($active[0]) || !$validate[0]) { logEvent(sprintf($GLOBALS['I18N']->get('invalidated login from %s for %s (error %s)'), $remoteAddr, $_SESSION['logindetails']['adminname'], $validate[1])); $_SESSION['adminloggedin'] = ''; $_SESSION['logindetails'] = ''; $page = 'login'; if (empty($active[0])) { $msg = s('Your session was invalidated by a new session in a different browser'); } else { $msg = $validate[1]; } } } else { $page = 'login'; } } if ($page == 'login') { unset($_GET['pi']); }
//# force to login page, if an Ajax call is made without being logged in if ($ajax && empty($_SESSION['adminloggedin'])) { $_SESSION['action_result'] = s('Your session timed out, please login again'); echo '<script type="text/javascript">top.location = "./?page=home";</script>'; exit; }
## add a few menu options when the admin is superuser if (isSuperUser() && ALLOW_UPDATER) { $GLOBALS['pagecategories']['system']['pages'][] = 'update'; $GLOBALS['pagecategories']['system']['menulinks'][] = 'update'; } if (isSuperUser()) { foreach (array('admins','admin','importadmin','adminattributes') as $adminPage) { $GLOBALS['pagecategories']['config']['menulinks'][] = $adminPage; $GLOBALS['pagecategories']['config']['pages'][] = $adminPage; } }
if (is_file('ui/'.$GLOBALS['ui'].'/mainmenu.php')) { include 'ui/'.$GLOBALS['ui'].'/mainmenu.php'; } if (!$ajax) { if (USE_MINIFIED_ASSETS && file_exists(dirname(__FILE__).'/ui/'.$GLOBALS['ui'].'/header_minified.inc')) { include 'ui/'.$GLOBALS['ui'].'/header_minified.inc'; } else { include 'ui/'.$GLOBALS['ui'].'/header.inc'; } }
if (!$GLOBALS['commandline']) { echo '<noscript>'; Info(s('phpList will work without Javascript, but it will be easier to use if you switch it on.')); echo '</noscript>'; }
if (!$ajax && $page != 'login') { if (strpos(VERSION, 'dev') && !TEST) { if (!empty($GLOBALS['developer_email'])) { Info( s('Running DEV version. All emails will be sent to '.$GLOBALS['developer_email']) ); } else { Info( s('Running DEV version, but developer email is not set') ); } } if (TEST) { echo Info($GLOBALS['I18N']->get('Running in testmode, no emails will be sent. Check your config file.')); }
if (ALLOW_UPDATER || $updaterplugin) { $updaterdir = __DIR__ . '/../updater';
include 'updateLib.php'; $updateNotif = checkForUpdate();
if ($updateNotif !== '' && $_GET['page'] !== 'update') { $moreInfo = ' <ul><li><a href="https://www.phplist.com/download?utm_source=pl' . VERSION . '&utm_medium=updatedownload&utm_campaign=phpList" title="' . s('Download the new version') . '" target="_blank">' . s('Download the new version') . '</a></li>';
if (version_compare(PHP_VERSION, '5.3.3', '<') && WARN_ABOUT_PHP_SETTINGS) { Error(s('Your PHP version is out of date. phpList requires PHP version 5.3.3 or higher.')); } if (defined('RELEASEDATE') && ((time() - RELEASEDATE) / 31536000) > 2) { Fatal_Error(s('Your phpList version is older than two years. Please %supgrade phpList</a> before continuing.</br> Visit <a href="https://www.phplist.org/users/" title="'.s('Get some help').'">the support site</a> if you need some help.' ,'<a href="https://www.phplist.com/download?utm_source=pl'.VERSION.'&utm_medium=outdated-download-forced&utm_campaign=phpList" title="'.s('Download the latest version').'" target="_blank">')); return; }
if (defined('ENABLE_RSS') && ENABLE_RSS && !function_exists('xml_parse') && WARN_ABOUT_PHP_SETTINGS) { Warn($GLOBALS['I18N']->get('You are trying to use RSS, but XML is not included in your PHP')); }
if (ALLOW_ATTACHMENTS && WARN_ABOUT_PHP_SETTINGS && (!is_dir($GLOBALS['attachment_repository']) || !is_writable($GLOBALS['attachment_repository']))) { if (ini_get('open_basedir')) { Warn($GLOBALS['I18N']->get('open_basedir restrictions are in effect, which may be the cause of the next warning')); } Warn($GLOBALS['I18N']->get('The attachment repository does not exist or is not writable')); }
if (MANUALLY_PROCESS_QUEUE && isSuperUser() && empty($_GET['pi']) && //# hmm, how many more pages to not show this? (!isset($_GET['page']) || ($_GET['page'] != 'processqueue' && $_GET['page'] != 'messages' && $_GET['page'] != 'upgrade')) ) { //# avoid error on uninitialised DB if (Sql_Table_exists($tables['message'])) { $queued_count = Sql_Fetch_Row_Query(sprintf('select count(id) from %s where status in ("submitted","inprocess") and embargo < now()', $tables['message'])); if ($queued_count[0]) { $link = PageLinkButton('processqueue', s('Process the queue')); $link2 = PageLinkButton('messages&tab=active', s('View the queue')); if ($link || $link2) { echo Info(sprintf(s('You have %s campaign(s) in the queue, ready for processing'), $queued_count[0]).'<br/>'.$link.' '.$link2); } } } } }
// always allow access to the about page if (isset($_GET['page']) && $_GET['page'] == 'about') { $page = 'about'; $include = 'about.php'; } echo $pageinfo->show();
if (!empty($_GET['action']) && $_GET['page'] != 'pageaction' && !empty($_SESSION['adminloggedin'])) { $action = basename($_GET['action']); if (is_file(dirname(__FILE__).'/actions/'.$action.'.php')) { $status = ''; //# the page action return the result in $status include dirname(__FILE__).'/actions/'.$action.'.php'; echo '<div id="actionresult">'.$status.'</div>'; } }
/* * * show global news, based on the version in use * * **/
//if (empty($_SESSION['newsshown'])) { ## keep flag to only show one message per session if (!empty($_SESSION['logindetails']['id']) && defined('PHPLISTNEWSROOT') && PHPLISTNEWSROOT) { //# for testing if (!empty($_GET['reset']) && $_GET['reset'] == 'news') { SaveConfig('readnews'.$_SESSION['logindetails']['id'], '', 0, 1); SaveConfig('viewednews'.$_SESSION['logindetails']['id'], '', 0, 1); SaveConfig('phpListNewsLastChecked-'.$_SESSION['adminlanguage']['iso'], '', 0, 1); SaveConfig('phpListNewsIndex-'.$_SESSION['adminlanguage']['iso'], '', 0, 1); clearPageCache(); }
/* also keep track of when a message is viewed and suppress it if it hasn't been closed after several views */ $viewedmessagesconf = getConfig('viewednews'.$_SESSION['logindetails']['id']); $viewedmessages = unserialize($viewedmessagesconf); if (!is_array($viewedmessages)) { $viewedmessages = array(); }
$news = array();
// we only need it once per language per system, regardless of admins $phpListNewsLastChecked = getConfig('phpListNewsLastChecked-'.$_SESSION['adminlanguage']['iso']); if (empty($phpListNewsLastChecked) || ($phpListNewsLastChecked + 86400 < time())) { SaveConfig('phpListNewsLastChecked-'.$_SESSION['adminlanguage']['iso'], time(), 0, 1); $newsIndex = fetchUrlDirect(PHPLISTNEWSROOT.'/'.VERSION.'-'.$_SESSION['adminlanguage']['iso'].'-index.txt'); SaveConfig('phpListNewsIndex-'.$_SESSION['adminlanguage']['iso'], $newsIndex, 0, 1); } $newsIndex = getConfig('phpListNewsIndex-'.$_SESSION['adminlanguage']['iso']);
if (WARN_ABOUT_PHP_SETTINGS && !$GLOBALS['commandline']) { if (strpos(getenv('REQUEST_URI'), $pageroot.'/admin') !== 0) { Warn(s( 'The pageroot in your config "%s" does not match the current location "%s". Check your config file.', $pageroot, strstr(getenv('REQUEST_URI'), '/admin', true) )); } } clearstatcache(); if (empty($_GET['pi']) && (is_file($include) || is_link($include))) {
if (checkAccess($page) || $page == 'about') { // check whether there is a language file to include if (is_file('lan/'.$_SESSION['adminlanguage']['iso'].'/'.$include)) { include 'lan/'.$_SESSION['adminlanguage']['iso'].'/'.$include; } if (is_file('ui/'.$GLOBALS['ui'].'/pages/'.$include)) { $include = 'ui/'.$GLOBALS['ui'].'/pages/'.$include; } // print "Including $include<br/>";
// hmm, pre-parsing and capturing the error would be nice //$parses_ok = eval(@file_get_contents($include)); $parses_ok = 1;
if (!$parses_ok) { echo Error("cannot parse $include"); echo '<p class="error">Sorry, an error occurred. This is a bug. Please <a href="https://github.com/phpList/phplist3/issues">report the bug to the Bug Tracker</a><br/>Sorry for the inconvenience</a></p>'; } else { if (!empty($_SESSION['action_result'])) { echo '<div class="actionresult">'.$_SESSION['action_result'].'</div>'; // print '<script>alert("'.$_SESSION['action_result'].'")</script>'; unset($_SESSION['action_result']); }
if ($GLOBALS['commandline'] || !empty($_GET['secret'])) { @ob_end_clean(); @ob_start(); } $mm = inMaintenanceMode(); if (empty($mm) || $GLOBALS['commandline'] || $page == 'login' || $page == 'about' || $page == 'community') { if (isset($GLOBALS['developer_email'])) { include $include; } else { @include $include; } } else { print '<h1>'.s('phpList is in maintenance mode.<br/>Please try again in half an hour.'). '<h1>'; } } } else { Error(s('Access Denied')); } // print "End of inclusion<br/>"; } elseif ($plugin !== null && isset($GLOBALS['plugins']) && is_array($GLOBALS['plugins']) && is_object($GLOBALS['plugins'][$_GET['pi']])) {
$menu = $plugin->adminmenu();
if (checkAccess($page, $_GET['pi'])) { if (is_file($plugin->coderoot.$include)) { include $plugin->coderoot.$include; } elseif ($include == 'main.php' || $page == 'home') { echo '<h3>'.$plugin->name.'</h3><ul>'; foreach ($menu as $page => $desc) { echo '<li>'.PageLink2($page, $desc).'</li>'; } echo '</ul>'; } elseif ($page != 'login') { echo '<br/>'."$page -> ".s('Sorry this page was not found in the plugin').'<br/>'; //.' '.$plugin->coderoot.$include.'<br/>'; cl_output("$page -> ".s('Sorry this page was not found in the plugin')); //. ' '.$plugin->coderoot . "$include"); } } else { Error(s('Access Denied')); } } else { if ($GLOBALS['commandline']) { clineError(s('Sorry, that module does not exist')); exit; } if (is_file('ui/'.$GLOBALS['ui'].'/pages/'.$include)) { include 'ui/'.$GLOBALS['ui'].'/pages/'.$include; } else { echo "$page -> ".$GLOBALS['I18N']->get('Sorry, not implemented yet'); } }