first commit

admin/ajax.php

@@ -0,0 +1,38 @@
+<?
+error_reporting( 0 );
+function __autoload_my_classes( $classname )
+{
+  $q = explode( '\\' , $classname );
+  $c = array_pop( $q );
+  $f = '../autoload/' . implode( '/' , $q ) . '/class.' . $c . '.php';
+  if ( $c == 'Savant3' )
+  {
+    require_once( '../autoload/Savant3.php' );
+    return true;
+  }
+  if ( file_exists( $f ) )
+    require_once( $f );
+}
+spl_autoload_register( '__autoload_my_classes' );
+
+require_once '../config.php';
+require_once '../libraries/medoo/medoo.php';
+require_once '../libraries/grid/config.php';
+date_default_timezone_set('Europe/Warsaw');
+
+session_start();
+
+$mdb = new medoo( [
+                    'database_type' => 'mysql',
+                    'database_name' => $database['name'],
+                    'server'        => $database['host'],
+                    'username'      => $database['user'],
+                    'password'      => $database['password'],
+                    'charset'       => 'utf8'
+                ] );
+
+require_once 'ajax/pages.php';
+require_once 'ajax/articles.php';
+require_once 'ajax/users.php';
+require_once 'ajax/newsletter.php';
+?>

admin/index.php

@@ -0,0 +1,86 @@
+<?
+if ( file_exists( 'ip.conf' ) )
+{
+  $ips = file_get_contents( 'ip.conf' );
+  $ips = preg_split( "/\\r\\n|\\r|\\n/", $ips );
+  $ips = array_filter( $ips );
+  if ( is_array( $ips ) and !empty( $ips ) )
+  {
+    if ( !in_array( $_SERVER['REMOTE_ADDR'], $ips ) )
+      die( 'Brak dostępu.' );
+  }
+}
+
+error_reporting( 0 );
+function __autoload_my_classes( $classname )
+{
+  $q = explode( '\\' , $classname );
+  $c = array_pop( $q );
+  $f = '../autoload/' . implode( '/' , $q ) . '/class.' . $c . '.php';
+  if ( file_exists( $f ) )
+    require_once( $f );
+}
+spl_autoload_register( '__autoload_my_classes' );
+
+require_once '../config.php';
+require_once '../libraries/medoo/medoo.php';
+require_once '../libraries/grid/config.php';
+date_default_timezone_set( 'Europe/Warsaw' );
+
+$settings = \front\factory\Settings::settings_details();
+
+if ( file_exists( 'config.php' ) )
+  include 'config.php';
+
+session_start();
+
+if ( !isset( $_SESSION['check'] ) )
+{
+ 	session_regenerate_id();
+	$_SESSION['check']  = true;
+	$_SESSION['ip']     = $_SERVER['REMOTE_ADDR'];
+}
+
+if ( $_SESSION['ip'] !== $_SERVER['REMOTE_ADDR'] )
+{
+  session_destroy();
+  header( 'Location: /admin/' );
+  exit;
+}
+
+$mdb = new medoo( [
+                    'database_type' => 'mysql',
+                    'database_name' => $database['name'],
+                    'server'        => $database['host'],
+                    'username'      => $database['user'],
+                    'password'      => $database['password'],
+                    'charset'       => 'utf8'
+                ] );
+
+$user   = \S::get_session( 'user' , true );
+
+\admin\Site::special_actions();
+
+$domain       = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
+$cookie_name  = str_replace( '.', '-', $domain );
+
+if ( isset( $_COOKIE[$cookie_name] ) && !isset( $_SESSION['user'] ) )
+{
+  $obj      = json_decode( $_COOKIE[$cookie_name] );
+  $login    = $obj -> {'login'};
+  $password = $obj -> {'hash'};
+
+  if ( $mdb -> get( 'pp_users', '*',
+                  [ 'AND' =>
+                    [ 'login' => $login, 'status' => 1, 'password' => $password,
+                      'OR'    => [ 'active_to[>=]' => date( 'Y-m-d' ), 'active_to' => null ]
+                    ]
+                  ] ) )
+  {
+    \S::set_session( 'user', \admin\factory\Users::details( $login ) );
+    header( 'Location: /admin/articles/view_list/' );
+    exit;
+  }
+}
+echo \admin\view\Page::show();
+?>