defined in index.php's now
// CMSimple 4 define config.php
if(file_exists('./config.php') && $pth['folder']['base'] != './')
{
$pth['file']['config'] = './config.php';
}
else
{
$pth['file']['config'] = $pth['folder']['cmsimple'] . 'config.php';
}
if (file_exists($pth['folder']['cmsimple'].'defaultconfig.php'))
{
include($pth['folder']['cmsimple'].'defaultconfig.php');
}
if (!include($pth['file']['config']))die('Config file missing');
if(isset($cf['site']['allow_embed_in_frames']))
{
if($cf['site']['allow_embed_in_frames'] != 'allow') header('X-Frame-Options: ' . $cf['site']['allow_embed_in_frames']);
}
if(isset($cf['server']['timezone']) && $cf['server']['timezone'] != "")date_default_timezone_set($cf['server']['timezone']);
// define menulevel depending of splitting method
if($cf['use']['h1only_pagesplitting'] == 'true')
{
$CMSimple4menulevel = '6';
}
else
{
$CMSimple4menulevel = $cf['menu']['levels'];
}
//for compatibility with older versions
if (!isset($cf['folders']['userfiles']))
$cf['folders']['userfiles'] = 'userfiles/';
if (!isset($cf['folders']['downloads']))
$cf['folders']['downloads'] = 'downloads/';
if (!isset($cf['folders']['images']))
$cf['folders']['images'] = 'images/';
if (!isset($cf['folders']['media']))
$cf['folders']['media'] = 'downloads/';
// fix $_SERVER['SCRIPT_NAME'] for crazy configured IIS servers
$cmsimpleScriptNameVar = $_SERVER['SCRIPT_NAME'];
$cmsimpleScriptNameArray = explode('/', $cmsimpleScriptNameVar);
if($cf['server']['script_name_slice'] == 'true')
{
$cmsimpleScriptNameArray = array_slice($cmsimpleScriptNameArray,2);
$cmsimpleScriptNameVarNew = '/' . implode('/', $cmsimpleScriptNameArray);
}
else
{
$cmsimpleScriptNameVarNew = implode('/', $cmsimpleScriptNameArray);
}
$_SERVER['SCRIPT_NAME'] = $cmsimpleScriptNameVarNew;
// create $sn variable (2014, moved 2023)
$sn = preg_replace('/index.php/i', '', $_SERVER['SCRIPT_NAME']);
// CMSimpleSubsites: prepare CMSIMPLE_ROOT
$cmsimpleRootVar = preg_replace('/\/index.php/i', '', $_SERVER['SCRIPT_NAME']);
$cmsimpleRootArray = explode('/', $cmsimpleRootVar);
if($pth['folder']['base'] == '../../')
{
array_pop($cmsimpleRootArray);
array_pop($cmsimpleRootArray);
}
if($pth['folder']['base'] == '../')
{
array_pop($cmsimpleRootArray);
}
$cmsimpleRootVarNew = implode('/', $cmsimpleRootArray) . '/';
define('CMSIMPLE_ROOT', $cmsimpleRootVarNew);
define('CMSIMPLE_BASE', $pth['folder']['base']);
define('CMSIMPLE_SITEURL', (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['SERVER_NAME'] . $sn);
define('CMSIMPLE_ROOTURL', (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['SERVER_NAME'] . CMSIMPLE_ROOT);
// prepare $subsite_folder
if(CMSIMPLE_ROOT == '/')
{
$cmsimpleRootReplace = '';
}
else
{
$cmsimpleRootReplace = CMSIMPLE_ROOT;
}
$subsite_folder = str_replace($cmsimpleRootReplace,'',$_SERVER['SCRIPT_NAME']);
$subsite_folder = str_replace('index.php', '', $subsite_folder);
$subsite_folder = trim($subsite_folder, '/') . '/';
// own userfiles folders (if exists and writable) for subsites and second languages
if(is_writable('./userfiles') && is_writable('./userfiles/downloads') && is_writable('./userfiles/images') && is_writable('./userfiles/media') && $pth['folder']['base'] != './')
{
$userfiles_path = $subsite_folder . $cf['folders']['userfiles'];
$userfiles_path_downloads = $subsite_folder . $cf['folders']['downloads'];
$userfiles_path_images = $subsite_folder . $cf['folders']['images'];
$userfiles_path_media = $subsite_folder . $cf['folders']['media'];
}
else
{
$userfiles_path = $cf['folders']['userfiles'];
$userfiles_path_downloads = $cf['folders']['downloads'];
$userfiles_path_images = $cf['folders']['images'];
$userfiles_path_media = $cf['folders']['media'];
}
// Userfiles-folders
if(is_writable('./userfiles') && is_writable('./userfiles/downloads') && is_writable('./userfiles/images') && is_writable('./userfiles/media') && $pth['folder']['base'] != './')
{
$pth['folder']['userfiles'] = './' . $cf['folders']['userfiles'];
$pth['folder']['downloads'] = './' . $cf['folders']['downloads'];
$pth['folder']['images'] = './' . $cf['folders']['images'];
$pth['folder']['media'] = './' . $cf['folders']['media'];
$pth['folder']['flags'] = $pth['folder']['images'] . 'flags/';
}
else
{
$pth['folder']['userfiles'] = $pth['folder']['base'] . $cf['folders']['userfiles'];
$pth['folder']['downloads'] = $pth['folder']['base'] . $cf['folders']['downloads'];
$pth['folder']['images'] = $pth['folder']['base'] . $cf['folders']['images'];
$pth['folder']['media'] = $pth['folder']['base'] . $cf['folders']['media'];
$pth['folder']['flags'] = $pth['folder']['images'] . 'flags/';
}
// 4.5
if(file_exists($pth['folder']['downloads'] . 'XHdebug.txt') && is_writable($pth['folder']['downloads'])){unlink($pth['folder']['downloads'] . 'XHdebug.txt');}
if(file_exists($pth['folder']['downloads'] . '_XHdebug.txt') && is_writable($pth['folder']['downloads'])){unlink($pth['folder']['downloads'] . '_XHdebug.txt');}
// END 4.5
// 5.11 new installation
if(!file_exists($pth['folder']['userfiles'] . '_core/_CMSimpleDebug.txt') && !file_exists($pth['folder']['userfiles'] . '_core/CMSimpleDebug.txt') && is_dir('./userfiles/_core/'))
{
copy($pth['folder']['base'] . 'setup/defaults/CMSimpleDebug.txt',$pth['folder']['userfiles'] . '_core/CMSimpleDebug.txt');
chmod($pth['folder']['userfiles'] . '_core/CMSimpleDebug.txt', 0666);
}
// END 5.11 new installation
if ($cf['functions']['file'] != "")
{
include($pth['folder']['cmsimple'] . $cf['functions']['file']);
}
// debug-mode, enables error-reporting
CMSimpleDebugMode();
$errors = array();
// CMSimple 4: define selected language
$slVar = $_SERVER['SCRIPT_NAME'];
$slVarArray = explode('/', $slVar);
array_pop($slVarArray);
if (file_exists('./cmsimplelanguage.htm'))
{
$sl = array_pop($slVarArray);
}
else
{
$sl = $cf['language']['default'];
}
// fallback selected language
if (!isset($sl))
{
$sl = $cf['language']['default'];
}
// END define $sl
// Own language files for subsites
if(file_exists('./languages/' . basename($sl) . '.php'))
{
$pth['folder']['language'] = './languages/';
}
else
{
$pth['folder']['language'] = $pth['folder']['cmsimple'] . 'languages/';
}
$pth['folder']['language_default'] = $pth['folder']['cmsimple'] . 'languages/';
$pth['file']['language'] = $pth['folder']['language'] . basename($sl) . '.php';
$pth['file']['corestyle'] = $pth['folder']['base'] . 'css/core.css';
if (!file_exists($pth['file']['language']))
{
copy($pth['folder']['language_default'].'default.php', $pth['file']['language']);
}
if (!file_exists($pth['file']['language']) && !file_exists($pth['folder']['language_default'].'default.php'))
{
die('Language file ' . $pth['file']['language'] . ' missing');
}
include $pth['folder']['language_default'] . 'default.php';
include $pth['file']['language'];
if(file_exists('./templates'))
{
$pth['folder']['templates'] = './templates/';
}
else
{
$pth['folder']['templates'] = $pth['folder']['base'] . 'templates/';
}
$pth['folder']['template'] = $pth['folder']['templates'] . $cf['site']['template'] . '/';
$pth['file']['template'] = $pth['folder']['template'].'template.htm';
$pth['file']['stylesheet'] = $pth['folder']['template'].'stylesheet.css';
$pth['folder']['menubuttons'] = $pth['folder']['template'].'menu/';
$pth['folder']['templateimages'] = $pth['folder']['template'].'images/';
// template fallback
if (!is_readable($pth['file']['template']) || $pth['folder']['template'] == $pth['folder']['templates'].'__maintenance__/')
{
$pth['folder']['template'] = $pth['folder']['templates'].'__fallback__/';
$pth['file']['template'] = $pth['folder']['template'].'template.htm';
$pth['file']['stylesheet'] = $pth['folder']['template'].'stylesheet.css';
$pth['folder']['menubuttons'] = $pth['folder']['template'].'menu/';
$pth['folder']['templateimages'] = $pth['folder']['template'].'images/';
}
// END template fallback
// fallback template text 1-9
$txc['template']['text1'] = $tx['template']['text1'];
$txc['template']['text2'] = $tx['template']['text2'];
$txc['template']['text3'] = $tx['template']['text3'];
$txc['template']['text4'] = $tx['template']['text4'];
$txc['template']['text5'] = $tx['template']['text5'];
$txc['template']['text6'] = $tx['template']['text6'];
$txc['template']['text7'] = $tx['template']['text7'];
$txc['template']['text8'] = $tx['template']['text8'];
$txc['template']['text9'] = $tx['template']['text9'];
// END fallback template text 1-9
$pth['folder']['plugins'] = $pth['folder']['base'] . $cf['plugins']['folder'] . '/';
$iis = strpos(sv('SERVER_SOFTWARE'), "IIS");
$cgi = (php_sapi_name() == 'cgi' || php_sapi_name() == 'cgi-fcgi');
// create variables for CRSF Protection (2017)
$snForCsrf = str_replace('/','___',$sn);
$snForCsrf = uenc($snForCsrf);
$csrfSession = 'csrf_token' . $snForCsrf;
// NEW 2016 (4.6.5)
// prevents call with "/index.php" from address line
if (preg_match('/index.php/i', $_SERVER['REQUEST_URI']) && $cf['site']['allow_call_indexphp'] != "true")
{
die('
CMSimple - Open Source CMS ohne Datenbank
Come In »
');
}
// END NEW
foreach (array('download', 'function', 'media', 'search', 'mailform', 'sitemap', 'text', 'selected', 'login', 'logout', 'settings', 'print', 'retrieve', 'file', 'action', 'validate', 'images', 'downloads', 'edit', 'normal', 'stylesheet', 'passwd', 'userfiles', 'xhpages')as $i)
initvar($i);
// define su - selected url
$su = '';
if (sv('QUERY_STRING') != '')
{
$rq = explode('&', sv('QUERY_STRING'));
if (!strpos($rq[0], '='))
$su = $rq[0];
$v = count($rq);
for ($i = 0; $i < $v; $i++)
if (!strpos($rq[$i], '='))
$GLOBALS[$rq[$i]] = 'true';
}
else
{
$su = $selected;
}
if (!isset($cf['uri']['length']))
{
$cf['uri']['length'] = 200;
}
$su = substr($su, 0, $cf['uri']['length']);
if ($stylesheet != '')
{
header("Content-type: text/css");
include($pth['file']['stylesheet']);
exit;
}
if ($download != '')
{
download($pth['folder']['downloads'] . basename($download));
}
$pth['file']['login'] = $pth['folder']['cmsimple'] . 'login.php';
$pth['file']['adm'] = $pth['folder']['cmsimple'] . 'adm.php';
$pth['file']['search'] = $pth['folder']['cmsimple'] . 'search.php';
$pth['file']['mailform'] = $pth['folder']['cmsimple'] . 'mailform.php';
$adm = 0;
$f = '';
if (!@include($pth['file']['login']))
{
if ($login)
{
e('missing', 'file', $pth['file']['login']);
}
}
$cl = 0;
// maintenance mode warning
if($adm && $cf['site']['content_visible'] != 'true')
{
$o.= '' . $tx['message']['maintenance_backend'] . '
';
}
rfc(); // Here content is loaded
if ($function == 'search')
$f = 'search';
if ($mailform || $function == 'mailform')
$f = 'mailform';
if ($sitemap)
$f = 'sitemap';
if ($xhpages)
$f = 'xhpages';
if (file_exists($pth['folder']['cmsimple'] . 'userfuncs.php'))
{
include($pth['folder']['cmsimple'] . 'userfuncs.php');
}
// $txc fallback for Plugins
$txc['site']['title'] = $cf['site']['title'];
$txc['subsite']['template'] = $cf['site']['template'];
$txc['meta']['keywords'] = $cf['meta']['keywords'];
$txc['meta']['description'] = $cf['meta']['description'];
$txc['mailform']['email'] = $cf['mailform']['email'];
$txc['mailform']['captcha'] = $cf['mailform']['captcha'];
// fallback for TinyMCE toolbar
$plugin_cf['tinymce']['init'] = $cf['editor']['tinymce_toolbar'];
// Create plugins array
$handle_pluginlist = opendir($pth['folder']['plugins']);
while ($pluginlist_item = readdir($handle_pluginlist))
{
if (strpos($pluginlist_item, '.') === false && $pluginlist_item != 'pluginloader' && is_dir($pth['folder']['plugins'] . $pluginlist_item))
{
$pluginlist_array[] = $pluginlist_item;
}
}
closedir($handle_pluginlist);
sort($pluginlist_array);
$plugins = $pluginlist_array;
// update message CMSimple and plugins
if($cf['site']['allow_versionsinfo'] != 'true' && isset($sysinfo) && $adm)
{
$o.= '' . $tx['sysinfo']['version_info_disabled'];
$o.= ' - ' . $tx['sysinfo']['version_info_configlink'] . '';
$o.= '
';
}
if
(
!isset($sysinfo) &&
$adm &&
$file == 'config' ||
$file == 'language' ||
$file == 'template' ||
$file == 'stylesheet' ||
isset($_GET['backups']) && $adm ||
isset($_GET['settings']) && $adm ||
isset($cmsimple_pluginmanager) && $adm
)
{
$o.= '' . $tx['sysinfo']['version_info'] . '';
$o.= '
';
}
// Plugin loading
if ($function == 'save')
{
$edit = true;
}
if ($cf['plugins']['folder'] != "")
include($pth['folder']['plugins'] . 'index.php');
if ($f == 'search')
@include($pth['file']['search']);
if ($f == 'mailform')
{
if ($cf['mailform']['email'] != '')
{
include($pth['file']['mailform']);
}
else
{
shead(404);
}
}
if ($f == 'sitemap')
{
$title = $tx['title'][$f];
$ta = array();
$o .= '' . $title . '
' . "\n";
for ($i = 0; $i < $cl; $i++)
if (!hide($i) || $cf['hidden']['pages_sitemap'] == 'true')
$ta[] = $i;
$o .= li($ta, 'sitemaplevel');
}
// Compatibility for DHTML menus, moved from functions.php to cms.php
$si = -1;
$hc = array();
for ($i = 0; $i < $cl; $i++)
{
if (!hide($i) || ($i == $s && $cf['hidden']['pages_toc'] == 'true'))
$hc[] = $i;
if ($i == $s)
$si = count($hc);
}
$hl = count($hc);
//END Compatibility for DHTML menus
// LEGAL NOTICES - no needed under GPL3
if ($cf['menu']['legal'] == '')
$cf['menu']['legal'] = 'CMSimple Legal Notices';
if ($su == uenc($cf['menu']['legal']))
{
$f = $title = $cf['menu']['legal'];
$s = -1;
$o .= '' . $title . '
' . rf($pth['folder']['cmsimple'] . 'legal.txt');
}
if (!include($pth['file']['adm']))
{
if ($login)
e('missing', 'file', $pth['file']['adm']);
if ($s == -1 && !$f && $o == '' && $su == '')
$s = 0;
}
// CMSimple scripting
if (!($edit && $adm) && $s > -1)
{
$c[$s] = evaluate_cmsimple_scripting($c[$s]);
if (isset($keywords))
$cf['meta']['keywords'] = $keywords;
if (isset($description))
$cf['meta']['description'] = $description;
}
if ($s == -1 && !$f && $o == '')
{
shead('404');
}
if (function_exists('loginforms'))
loginforms();
foreach (array('content', 'pagedata', 'config', 'language', 'stylesheet', 'template', 'log') as $i)
chkfile($i, (($login || $settings) && $adm));
if ($e)
$o = '' . "\n" . '' . $tx['heading']['warning'] . '' . "\n" . '
' . "\n" . '' . "\n" . $o;
if ($title == '')
{
if ($s > -1)
$title = $h[$s];
else if ($f != '')
$title = ucfirst($f);
}
if ($retrieve)
{
echo '' . head() . '' . $c[$s] . '';
exit;
}
if ($print && $cf['site']['content_visible'] == 'true')
{
echo '' . "\n";
echo '' . "\n" . head(), '' . "\n" . '' . "\n" . '
';
if($cf['site']['printview_with_backlink'] == 'true')
{
echo '';
}
echo content(), '' . "\n" . '