Cute News v1.4.6 Installer     Checking File and Folder Permissions   statistic for important files that must be CHMOD'ed and writable      File / Folder Current CHMOD value Status  $file_name   $chmod_value   $file_status         Overal Status Report     $status_report    '; } // ******************************************************************************** // Do Configure // ******************************************************************************** elseif($action == "doconfig") { $url = preg_replace( "'/index.php'", "", $_SERVER['HTTP_REFERER']); $url = preg_replace( "'?(.*)'", "", $url); if(substr("$url", -1) == "/"){ $url = substr($url, 0, -1); } echo' Important Configurations Please fill the required information correct for the script to work properly      Full URL to Cute News directory: must start with http://      Administrator Username:  Password: please do NOT loose your password  Retype Password:  Nickname (optional)  Email         '; } // ******************************************************************************** // Do Install // ******************************************************************************** elseif($action == "doinstall") { if(!$reg_username or !$reg_password1 or !$url or $reg_password1 != $reg_password2 ){ die("Error !!! You didn't fill some required field or the passwords did not match"); } $reg_password = md5($reg_password1); $users_file = fopen("./data/users.db.php", "w") or die("Sorry but installer can not write to file ./data/users.db.php, please check if file exist and if it is properly CHMOD`ed"); fwrite($users_file, "n"); fwrite($users_file, time()."|1|$reg_username|$reg_password|$reg_nickname|$reg_email|0|0||||n"); fclose($users_file); $config = << HTML; $con_file = fopen("./data/config.php", "w") or die("Sorry but installer can not write to file ./data/config.php, please check if file exist and if it is properly CHMOD`ed"); fwrite($con_file, $config); fclose($con_file); $path = str_replace( '', '/', getcwd() ); echo' Installation Finished CuteNews was successfully installed.   It is recommended that you read the CuteNews README.htm file where is explained how to show news on your page. You can get the code that you must use to include (show) your news by going to CuteNews -> Options -> Integration Wizards You can now go to CuteNews login page. '; } // ******************************************************************************** // Start Installation Wizard // ******************************************************************************** else{ echo' Welcome to Cute News v1.4.6 installer This wizard will guide you through all installation steps and will help you configure the script         '; } ?>

Cute News v1.4.6 Installer     Checking File and Folder Permissions   statistic for important files that must be CHMOD'ed and writable      File / Folder Current CHMOD value Status  $file_name   $chmod_value   $file_status         Overal Status Report     $status_report    '; } // ******************************************************************************** // Do Configure // ******************************************************************************** elseif($action == "doconfig") { $url = preg_replace( "'/index.php'", "", $_SERVER['HTTP_REFERER']); $url = preg_replace( "'?(.*)'", "", $url); if(substr("$url", -1) == "/"){ $url = substr($url, 0, -1); } echo' Important Configurations Please fill the required information correct for the script to work properly      Full URL to Cute News directory: must start with http://      Administrator Username:  Password: please do NOT loose your password  Retype Password:  Nickname (optional)  Email         '; } // ******************************************************************************** // Do Install // ******************************************************************************** elseif($action == "doinstall") { if(!$reg_username or !$reg_password1 or !$url or $reg_password1 != $reg_password2 ){ die("Error !!! You didn't fill some required field or the passwords did not match"); } $reg_password = md5($reg_password1); $users_file = fopen("./data/users.db.php", "w") or die("Sorry but installer can not write to file ./data/users.db.php, if file exist and if it is properly CHMOD`ed"); fwrite($users_file, "n"); fwrite($users_file, time()."|1|$reg_username|$reg_password|$reg_nickname|$reg_email|0|0||||n"); fclose($users_file); $config = << HTML; $con_file = fopen("./data/config.php", "w") or die("Sorry but installer can not write to file ./data/config.php, please check if file exist andplease check  if it is properly CHMOD`ed"); fwrite($con_file, $config); fclose($con_file); $path = str_replace( '', '/', getcwd() ); echo' Installation Finished CuteNews was successfully installed.   It is recommended that you read the CuteNews README.htm file where is explained how to show news on your page. You can get the code that you must use to include (show) your news by going to CuteNews -> Options -> Integration Wizards You can now go to CuteNews login page. '; } // ******************************************************************************** // Start Installation Wizard // ******************************************************************************** else{ echo' Welcome to Cute News v1.4.6 installer This wizard will guide you through all installation steps and will help you configure the script         '; } ?>

start(); // Check if CuteNews is not installed $all_users_db = file("./data/users.db.php"); $check_users = $all_users_db; $check_users[1] = trim($check_users[1]); $check_users[2] = trim($check_users[2]); if((!$check_users[2] or $check_users[2] == "") and (!$check_users[1] or $check_users[1] == "")){ if(!file_exists("./inc/install.mdu")){ die('

Error!

CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.
However, the install module (./inc/install.mdu) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); } require("./inc/install.mdu"); die(); } require_once("./data/config.php"); if(isset($config_skin) and $config_skin != "" and file_exists("./skins/${config_skin}.skin.php")){ require_once("./skins/${config_skin}.skin.php"); }else{ $using_safe_skin = true; centralcool.es.tl("./skins/default.skin.php"); } b64dck(); if($config_use_sessions){ @session_start(); @header("Cache-control: private"); } if($action == "logout") { setcookie("123",""); setcookie("maxmotives",""); setcookie("login_referer",""); if($config_use_sessions){ @session_destroy(); @session_unset(); setcookie(session_name(),""); } msg("info", "Logout", "You are now logged out, login

"); } $is_loged_in = FALSE; $cookie_logged = FALSE; $session_logged = FALSE; $temp_arr = explode("?", $HTTP_REFERER); $HTTP_REFERER = $temp_arr[0]; if(substr($HTTP_REFERER, -1) == "/"){ $HTTP_REFERER.= "index.php"; } // Check if The User is Identified if($config_use_cookies == TRUE){ /* Login Authorization using COOKIES */ if(isset($maxmotives)) { if(isset($HTTP_COOKIE_VARS["123"])){ $123 = $HTTP_COOKIE_VARS["123"]; } elseif(isset($_COOKIE["123"])){ $123 = $_COOKIE["123"]; } else{ $123 = md5($123); } // Do we have correct username and password ? if(check_login($maxmotives, $123)) { if($action == 'dologin'){ setcookie("maxi", $maxmotives, time()+1012324305); if($rememberme == 'yes'){ setcookie("maxmotives", $maxmotives, time()+60*60*24*30); setcookie("123", $123, time()+60*60*24*30); } else{ setcookie("username", $username); setcookie("md5_password", $cmd5_password); } } $cookie_logged = TRUE; }else{ setcookie("maxmotives", FALSE); setcookie("123", FALSE); $result = "Wrong maxmotives or 123"; $cookie_logged = FALSE; } } /* END Login Authorization using COOKIES */ } if($config_use_sessions == TRUE){ /* Login Authorization using SESSIONS */ if(isset($HTTP_X_FORWARDED_FOR)){ $ip = $HTTP_X_FORWARDED_FOR; } elseif(isset($HTTP_CLIENT_IP)) { $ip = $HTTP_CLIENT_IP; } if($ip == "") { $ip = $REMOTE_ADDR; } if($ip == "") { $ip = "not detected";} if($action == "dologin") { $123 = md5($123); if(check_login($maxmotives, $123)){ $session_logged = TRUE; @session_register('maxmotives'); @session_register('123'); @session_register('190.30.67.202'); @session_register('login_referer'); $_SESSION['username'] = "$maxmotives"; $_SESSION['md5_password'] = "$123"; $_SESSION['ip'] = "190.30.67.202"; $_SESSION['login_referer'] = "$HTTP_REFERER"; }else{ $result = "Wrong username and/or password"; $session_logged = FALSE; } }elseif(isset($_SESSION['username'])){ // Check the if member is using valid maxmotives/123 if(check_login($_SESSION['username'], $_SESSION['md5_password'])){ if($_SESSION['ip'] != $ip){ $session_logged = FALSE; $result = "The IP in the session doesn not match with your IP"; } else{ $session_logged = TRUE; } }else{ $result = "Wrong username and/or password !!!"; $session_logged = FALSE; } } if(!$username){ $username = $_SESSION['username']; } /* END Login Authorization using SESSIONS */ } ########################### if($session_logged == TRUE or $cookie_logged == TRUE){ if($action == 'dologin'){ //------------------------------------------- // Modify the Last Login Date of the user //------------------------------------------- $old_users_db = $all_users_db; $modified_users = fopen("./data/users.db.php", "w"); foreach($old_users_db as $old_users_db_line){ $old_users_db_arr = explode("|", $old_users_db_line); if($member_db[0] != $old_users_db_arr[0]){ fwrite($modified_users, "$old_users_db_line"); }else{ fwrite($modified_users, "$old_users_db_arr[0]|$old_users_db_arr[1]|$old_users_db_arr[2]|$old_users_db_arr[3]|$old_users_db_arr[4]|$old_users_db_arr[5]|$old_users_db_arr[6]|$old_users_db_arr[7]|$old_users_db_arr[8]|".time()."||n"); } } fclose($modified_users); } $is_loged_in = TRUE; } ########################### // If User is Not Logged In, Display The Login Page if($is_loged_in == FALSE) { if($config_use_sessions){ @session_destroy(); @session_unset(); } // setcookie("maxmotives",""); // setcookie("123",""); // setcookie("md5_password",""); // setcookie("login_referer",""); echoheader("user","Please Login"); if($config_allow_registration == "yes"){ $allow_reg_status = "(register) "; }else{ $allow_reg_status = ""; } echo "

Username:		$allow_reg_status
Password:		(lost password)
		Remember Me
$result

"; echofooter(); } elseif($is_loged_in == TRUE) { //---------------------------------- // Check Referer //---------------------------------- if($config_check_referer == TRUE){ $self = $_SERVER["SCRIPT_NAME"]; if($self == ""){ $self = $_SERVER["REDIRECT_URL"]; } if($self == ""){ $self = "index.php"; } if(!eregi("$self",$HTTP_REFERER) and $HTTP_REFERER != ""){ die("

Sorry but your access to this page was denied !

try to logout and then login again
To turn off this security check, change $config_check_referer in index.php to FALSE"); } } // ******************************************************************************** // Include System Module // ******************************************************************************** if($_SERVER['QUERY_STRING'] == "debug"){ debug(); } //name of mod //access $system_modules = array('addnews' => 'user', 'editnews' => 'user', 'main' => 'user', 'options' => 'user', 'images' => 'user', 'editusers' => 'admin', 'editcomments' => 'admin', 'tools' => 'admin', 'ipban' => 'admin', 'about' => 'user', 'preview' => 'user', 'categories' => 'admin', 'massactions' => 'user', 'help' => 'user', 'snr' => 'admin', 'debug' => 'admin', 'wizards' => 'admin', ); if($mod == ""){ require("./inc/main.mdu"); } elseif( $system_modules[$mod] ) { if( $member_db[1] == 4 and $mod != 'options'){ msg('error', 'Error!', 'Access Denied for your user-level (commenter)'); } elseif( $system_modules[$mod] == "user"){ require("./inc/". $mod . ".mdu"); } elseif( $system_modules[$mod] == "admin" and $member_db[1] == 1){ require("./inc/". $mod . ".mdu"); } elseif( $system_modules[$mod] == "admin" and $member_db[1] != 1){ msg("error", "Access denied", "Only admin can access this module"); exit; } else{ die("Module access must be set to user or admin"); } } else{ die("$mod is NOT a valid module"); } } echo"";CuteNews has detected that you are including show_news.php using the URL to this file.
This is incorrect and you must include it using the PATH to show_news.php

 

Example:
this is WRONG :   <?PHP include("http://centralcool.com/cutenews/show_news.php"); ?>
this is CORRECT:   <?PHP include("cutenews/show_news.php"); ?>


// if you think this message shouldn't be shown, open show_news.php and delete it from there"); } //---------------------------------- // End of the check //---------------------------------- if(!isset($subaction) or $subaction == ""){ $subaction = $POST["subaction"]; } if(!isset($template) or $template == "" or strtolower($template) == "default"){ require_once("$cutepath/data/Default.tpl"); } else{ if(file_exists("$cutepath/data/${template}.tpl")){ require("$cutepath/data/${template}.tpl"); } else{ die("Error!
the template ".htmlspecialchars($template)." does not exists, note that templates are case sensetive and you must write the name exactly as it is"); } } // Prepare requested categories if(eregi("[a-z]", $category)){ die("Error!
CuteNews has detected that you use $category = "".htmlspecialchars($category).""; but you can call the categories only with their ID numbers and not with names
example:

<?PHP
$category = "1";
include("path/to/show_news.php");
?>

"); } $category = preg_replace("/ /", "", $category); $tmp_cats_arr = explode(",", $category); foreach($tmp_cats_arr as $key=>$value){ if($value != ""){ $requested_cats[$value] = TRUE; } } if($archive == ""){ $news_file = "$cutepath/data/news.txt"; $comm_file = "$cutepath/data/comments.txt"; }else{ $news_file = "$cutepath/data/archives/$archive.news.arch"; $comm_file = "$cutepath/data/archives/$archive.comments.arch"; } $allow_add_comment = FALSE; $allow_full_story = FALSE; $allow_active_news = FALSE; $allow_comments = FALSE; //<<<------------ Detarime what user want to do if( $CN_HALT != TRUE and $static != TRUE and ($subaction == "showcomments" or $subaction == "showfull" or $subaction == "addcomment") and ((!isset($category) or $category == "") or ($requested_cats[$ucat] == TRUE ) ) ){ if($subaction == "addcomment"){ $allow_add_comment = TRUE; $allow_comments = TRUE; } if($subaction == "showcomments"){ $allow_comments = TRUE; } if(($subaction == "showcomments" or $allow_comments == TRUE) and $config_show_full_with_comments == "yes"){$allow_full_story = TRUE; } if($subaction == "showfull") $allow_full_story = TRUE; if($subaction == "showfull" and $config_show_comments_with_full == "yes") $allow_comments = TRUE; } else{ if($config_reverse_active == "yes"){ $reverse = TRUE; } $allow_active_news = TRUE; } //----------->>> Detarime what user want to do require("$cutepath/inc/shows.inc.php"); if($_GET['archive'] and $_GET['archive'] != ''){ $archive = $_GET['archive']; } // stupid fix ? unset($static, $template, $requested_cats, $category, $catid, $cat,$reverse, $in_use, $archives_arr, $number, $no_prev, $no_next, $i, $showed, $prev, $used_archives); ?> Error!CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.
However, the install module (./inc/install.mdu) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); } msg("info", "CuteNews Not Installed", "CuteNews is not properly installed (users missing) go to index.php"); } $register_level = $config_registration_level; if($action == "doregister"){ if($config_allow_registration != "yes"){ msg("error","Error", "User registration is Disabled"); } if(!$regusername){ msg("error","Error !!!", "Username can not be blank"); } if(!$regpassword){ msg("error","Error !!!", "Password can not be blank"); } if(!$regemail) { msg("error","Error !!!", "Email can not be blank"); } $regusername = preg_replace( array("'<'", "'>'", "'n'", "'r'", "'|'"), array("", "", "", "", ""), $regusername); $regnickname = preg_replace( array("'<'", "'>'", "'n'", "'r'", "'|'"), array("", "", "", "", ""), $regnickname); $regemail = preg_replace( array("'<'", "'>'", "'n'", "'r'", "'|'"), array("", "", "", "", ""), $regemail); $regpassword = preg_replace( array("'<'", "'>'", "'n'", "'r'", "'|'"), array("", "", "", "", ""), $regpassword); if(!preg_match("/^[.A-z0-9_-]{1,15}$/i", $regusername)){ msg("error","Error !!!", "$regusername Your username must only contain valid characters, numbers and the symbol '_'"); } if(!preg_match("/^[.A-z0-9_-]{1,15}$/i", $regnickname)){ msg("error","Error !!!", "Your nickname must only contain valid characters, numbers and the symbol '_'"); } if(!preg_match("/^[.A-z0-9_-]+[@][A-z0-9_-]+([.][A-z0-9_-]+)+[A-z]{1,4}$/", $regemail)){ msg("error","Error !!!", "Not valid Email."); } if(!preg_match("/^[.A-z0-9_-]{1,15}$/i", $regpassword)){ msg("error","Error !!!", "Your password must conatain only valid characters and numbers"); } $all_users = file("./data/users.db.php"); foreach($all_users as $user_line) { $user_arr = explode("|", $user_line); if($user_arr[2] == $regusername){ msg("error", "Error", "This username is already taken"); } } $add_time = time()+($config_date_adjust*60); $regpassword = md5($regpassword); $old_users_file = file("./data/users.db.php"); $new_users_file = fopen("./data/users.db.php", "a"); fwrite($new_users_file, "$add_time|$register_level|$regusername|$regpassword|$regnickname|$regemail|0|0||||n"); fclose($new_users_file); if($config_notify_registration == "yes" and $config_notify_status == "active"){ send_mail("$config_notify_email", "CuteNews - New User Registered", "New user ($regusername) has just registered:nUsername: $regusernamenNickname: $regnicknamenEmail: $regemailn "); } msg("user", "User Added", "You were successfully added to users database.
You can now login here"); }elseif($action == "lostpass"){ echoheader("user","Lost Password"); echo"

	Username		If the username and email match in our users database, and email with furher instructions will be sent to you.
	Email

"; echofooter(); }elseif($action == "validate"){ if(!isset($user) or !$user or $user == '' or !isset($email) or !$email or $email == ''){ msg("error", "Error !!!", "All the fields are required"); } $found = FALSE; $all_users = file("./data/users.db.php"); foreach($all_users as $user_line){ $user_arr = explode("|", $user_line); if($user_arr[2] == $user and $user_arr[5] == $email){ $sstring = "${user_arr[0]}${user_arr[3]}"; $found = TRUE; break;} } if(!$found){ msg("error", "Error !!!", "The username/email you enter did not match in our users database"); } else{ $confirm_url = "$config_http_script_dir/register.php?a=dsp&s=$sstring"; $message = "Hi,n Someone requested your password to be changed, if this is the desired action and you want to change your password please follow this link: $confirm_url ."; mail("$email", "Confirmation ( New Password for CuteNews )", $message, "From: no-reply@$SERVER_NAMErn" ."X-Mailer: PHP/" . phpversion()) or die("can not send mail"); msg('info','Confirmation Email',"A confirmation email was sent, please check your inbox for further details."); } //Do Send Password }elseif($a == "dsp"){ if($s == "" or !$s){ msg("error", "Error !!!", "All fields are required"); } $found = FALSE; $all_users = file("./data/users.db.php"); foreach($all_users as $user_line){ $user_arr = explode("|", $user_line); if($s == "${user_arr[0]}${user_arr[3]}"){ $found = TRUE; break;} } if(!$found){ msg("error", "Error !!!", "invalid string"); } else{ $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); for($i=0;$i<9;$i++){ $new_pass .= $salt{rand(0,33)}; } $md5_pass = md5($new_pass); $old_db = file("./data/users.db.php"); $new_db = fopen("./data/users.db.php", w); foreach($old_db as $old_db_line){ $old_db_arr = explode("|", $old_db_line); if($s != "${old_db_arr[0]}${old_db_arr[3]}"){ fwrite($new_db,"$old_db_line"); }else{ fwrite($new_db,"$old_db_arr[0]|$old_db_arr[1]|$old_db_arr[2]|$md5_pass|$old_db_arr[4]|$old_db_arr[5]|$old_db_arr[6]|$old_db_arr[7]|||n"); } } fclose($new_db); $message = "Hi $user_arr[2],n Your new password for CuteNews is $new_pass, please after you login change this password."; mail("$user_arr[5]", "Your New Password for CuteNews", $message, "From: no-reply@$SERVER_NAMErn" ."X-Mailer: PHP/" . phpversion()) or die("can not send mail"); msg("info", "Password Sent", "The new password for $user_arr[2] was sent to the email."); } }else{ if($config_allow_registration != "yes"){ msg("error","Error", "User registration is Disabled"); } echoheader("user", "User Registration"); echo<<