v0.7.5 release updates

README.md

@@ -15,15 +15,15 @@ Custodian CMS (CCMS) is a good caretaker to build your site upon because:
 	<li>It gets out of the way of developers to build sites the way they want, with the tools/plugins/frameworks they want, using the themes they want.</li>
 </ol>
 
-Though CCMS does not come with setup scripts or an admin system currently (Admin system will be ready in v1.0) fortunately CCMS is so simple neither one is required to make use of this amazing tool.  Use a simple text editor to update the config and a tool like phpMyAdmin to add, remove or update your database inserts.
+Though CCMS does not come with a finished admin system (coming in v1.0) users do already have the ability to maintain some content in an easy, safe and secure way already via the public side templates.  CCMS's programming requirements are also very minimal, containing only 5 proprietary tags, it can be maintained with a simple text editor and a tool like phpMyAdmin to add, remove or update database inserts.
 
 
 About
 --
 
-CCMS is a small, light weight, multilingual, Content Management System distributed for free under the GNU LGPL.
+CCMS is a small, light weight, Content Management System, designed to help you build multilingual websites and is distributed for free under the GNU LGPL.
 
-The primary purpose of CCMS is to maintain a database of multilingual content and make it easy to display the correct one using a single set of templates.  One website, one set of templates, many languages.  The website developer sets the default language for the site, adds support for additional languages, fills the database with individually hand crafted blobs of content and inserts CCMS_DB tags throughout the HTML to automatically replace content in the language requested by visitors.  Here is an example of the database content insertion tag used in CCMS.
+The primary purpose of CCMS is to maintain a database of custom content, written and maintianed by native speakers, and make it easy to display the correct one using a single set of templates.  One website, one set of templates, many languages.  The website developer sets the default language for the site, adds support for additional languages, fills the database with individually hand crafted blobs of content and inserts CCMS_DB tags throughout the HTML to automatically replace content in the language requested by visitors.  Here is an example of the database content insertion tag used in CCMS.
 
 	{CCMS_DB:about_us_page,first_paragraph}
 	{CCMS_DB:use_anywhere,form_button_submit}
@@ -46,8 +46,6 @@ CCMS also provides a framework to help website developers build Search Engine Op
 	{CCMS_LIB:test/dir/indeX_Asdf-123.php;FUNC:cfgindeX_Asdf123("arg1", "arg2")}
 
 
-Visit the project website at https://custodiancms.org
-
 System requirements
 --
 
@@ -73,4 +71,4 @@ Or use the original method below to install.
 * Copy and or Rename /ccmspre/config_original.php to /ccmspre/config.php and /ccmspre/user_whiteList_original.php to /ccmspre/user_whiteList.php.
 * Open a browser and call your test environment, if the first template that comes up says 'Custodian CMS Configuration Instructions' follow the instructions and double check your installation.  Most likely you forgot to rename the /ccmspre/config_original.php and /ccmspre/user_whiteList_original.php files described above.
 
-CCMS project website: https://custodiancms.org (Under development)
+Visit the project website at https://custodiancms.org (Under development) or connect with us on Discord at: https://discord.gg/AA9vrxxyAJ

ccmspre/index.php

@@ -58,17 +58,27 @@
 // \z End of subject or newline at end. (Better then $ because $ does not include /n characters at the end of a line.)
 // /u Pattern strings are treated as UTF-8
 
+define('WHOLE_NUMBER', '/^[\pN]*\z/');
+// ^		Start of line
+// [		Starts the character class.
+// \pN		Any number.
+// ]		Ends the character class.
+// *		Zero or more
+// \z		End of subject or newline at end. (Better then $ because $ does not include /n characters at the end of a line.)
+// /		End of the Pattern.
+
 $ccms_whitelist = array(
-	"ccms_lngSelect"				=> array("type" => "LNG",											"maxlength" => 5),
-	"ccms_parms"						=> array("type" => "PARMS",										"maxlength" => 128),
-	"ccms_tpl"							=> array("type" => "TPL",											"maxlength" => 256),
-	"ccms_session"					=> array("type" => "SESSION_ID",							"maxlength" => 64),
-	"ccms_cid"							=> array("type" => "SESSION_ID",							"maxlength" => 64),
-	"ccms_lng"							=> array("type" => "LNG",											"maxlength" => 5),
-	"ccms_token"						=> array("type" => "UTF8_STRING_DIGIT_WHITE",	"maxlength" => 64),
-	"HTTP_COOKIE"						=> array("type" => "HTTP_COOKIE",							"maxlength" => 512),
-	"HTTP_USER_AGENT"				=> array("type" => "HTTP_USER_AGENT",					"maxlength" => 512),
-	"QUERY_STRING"					=> array("type" => "QUERY_STRING",						"maxlength" => 1024)
+	"ccms_ajax_flag"	=> array("type" => "WHOLE_NUMBER",				"maxlength" => 1),
+	"ccms_lngSelect"	=> array("type" => "LNG",						"maxlength" => 5),
+	"ccms_parms"		=> array("type" => "PARMS",						"maxlength" => 128),
+	"ccms_tpl"			=> array("type" => "TPL",						"maxlength" => 256),
+	"ccms_session"		=> array("type" => "SESSION_ID",				"maxlength" => 64),
+	"ccms_cid"			=> array("type" => "SESSION_ID",				"maxlength" => 64),
+	"ccms_lng"			=> array("type" => "LNG",						"maxlength" => 5),
+	"ccms_token"		=> array("type" => "UTF8_STRING_DIGIT_WHITE",	"maxlength" => 64),
+	"HTTP_COOKIE"		=> array("type" => "HTTP_COOKIE",				"maxlength" => 512),
+	"HTTP_USER_AGENT"	=> array("type" => "HTTP_USER_AGENT",			"maxlength" => 512),
+	"QUERY_STRING"		=> array("type" => "QUERY_STRING",				"maxlength" => 1024)
 );
 
 
@@ -146,8 +156,8 @@ function CCMS_Set_LNG() {
 					$qry->execute(array(':user_id' => $_SESSION["USER_ID"]));
 					$row = $qry->fetch(PDO::FETCH_ASSOC);
 					$json_a = json_decode($row["priv"], true);
-					if($row["super"] === "1" || $json_a[priv][content_manager][r] === "1") {
-						if($row["super"] === "1" || $json_a[priv][content_manager][lng][$key] === "1" || $json_a[priv][content_manager][lng][$key] === "2") {
+					if($row["super"] == "1" || $json_a["priv"]["content_manager"]["r"] == 1) {
+						if($row["super"] == "1" || $json_a["priv"]["content_manager"]["lng"][$key] == 1 || $json_a["priv"]["content_manager"]["lng"][$key] == 2) {
 							$CFG["CCMS_LNG_DIR"] = $value["dir"];
 							$CFG["lngCodeActiveFlag"] = true;
 						}
@@ -314,6 +324,7 @@ function CCMS_Set_SESSION() {
 				// The user is valid and nothing is outstanding so just update the most current privilages.
 
 				$_SESSION["2FA_VALID"] = null;
+				$_SESSION["ALIAS"] = $row["alias"];
 				$_SESSION["PRIV"] = $row["priv"];
 			}
 		} else {
@@ -466,6 +477,9 @@ function CCMS_Filter($input, $whitelist) {
 					case "UTF8_STRING_DIGIT_PUNC_WHITE":
 						$buf = (preg_match(UTF8_STRING_DIGIT_PUNC_WHITE, $value)) ? $value : "INVAL";
 						break;
+					case "WHOLE_NUMBER":
+						$buf = (preg_match(WHOLE_NUMBER, $value)) ? $value : "INVAL";
+						break;
 				}
 			}
 			$CLEAN[$key] = $buf;
@@ -1017,13 +1031,11 @@ function CCMS_Main() {
 		// Store a copy of the original tpl requested for use later on in the error page.
 		$CLEAN["ccms_tpl_org"] = $CLEAN["ccms_tpl"];
 
-		// Reset the tpl variable to the error page.
-		$CLEAN["ccms_tpl"] = "/error.php";
 		header("HTTP/1.0 404 not found");
 
-		if(is_file($_SERVER["DOCUMENT_ROOT"] . "/" . $CFG["TPLDIR"] . $CLEAN["ccms_tpl"])) {
+		if(is_file($_SERVER["DOCUMENT_ROOT"] . "/" . $CFG["TPLDIR"] . "/error.php")) {
 			ob_start();
-			include $_SERVER["DOCUMENT_ROOT"] . "/" . $CFG["TPLDIR"] . $CLEAN["ccms_tpl"];
+			include $_SERVER["DOCUMENT_ROOT"] . "/" . $CFG["TPLDIR"] . "/error.php";
 			$buf = ob_get_contents();
 			ob_end_clean();
 			//echo CCMS_TPL_Parser($buf);

ccmspre/whitelist_public.php

@@ -0,0 +1,96 @@
+<?php
+/*************************************************************
+References:
+http://www.regular-expressions.info/unicode.html
+NOTE: To match a letter including any diacritics, use \p{L}\p{M}*+.
+An extensive list of regular expression examples:
+http://www.roscripts.com/PHP_regular_expressions_examples-136.html
+
+A list of predefined PHP constants for use with the filter_var() function can be found here: http://ca2.php.net/manual/en/filter.constants.php
+**************************************************************/
+
+
+/*************************************************************
+The following is a list of types already pre defined that you can use and the regular expressions they represent.
+These types are found at the top of the /ccmspre/index.php template and should not be altered there.
+
+CRYPT							=> /^[a-z\-_\/#=&:\pN\?\.\";\'\`\*\s]*\z/i
+HTTP_ACCEPT_LANGUAGE			=> /^[a-z0-9\-,;=\.]{2,}\z/i
+HTTP_COOKIE						=> /^[a-z\-_=\.\pN]{1,}\z/i
+LNG								=> /^[a-z]{2}(-[a-z]{2})?\z/i
+PARMS							=> /^[a-z\-_\pN\/]+\z/i
+QUERY_STRING					=> /^[a-z\-_=&\.\pN]{1,}\z/i
+SESSION_ID						=> /^[a-z\pN]{1,}\z/i
+TPL								=> /^[a-z\-\pN\/]{1,}\z/i
+UTF8_STRING_WHITE				=> /^[\pL\pM*+\s]*\z/u
+UTF8_STRING_DIGIT_WHITE			=> /^[\pL\pM*+\pN\s]*\z/u
+UTF8_STRING_DIGIT_PUNC_WHITE	=> /^[\pL\pM*+\pN\pP\s]*\z/u
+WHOLE_NUMBER					=> /^[\pN]*\z/
+
+If you would like to add your own DEFINE's please add them here.  Remember to add a new switch statement to the USER_filter() below.
+**************************************************************/
+
+
+define('EXAMPLE_EXPRESSION_1', '/^[\pL\pM*+\s]{2,15}\z/u');
+// ^		Start of line
+// [		Start of the character class.
+// \pL		Any kind of letter from any language, upper or lower case.
+// \pM		Mark.  (*** A character intended to be combined with another character (e.g. accents, umlauts, enclosing boxes, etc.). ***)
+// \s		Whitespaces.
+// ]		End of the character class.
+// {2,15}	Minimum of 2 characters, maximum of 15 characters.
+// \z		End of subject or newline at end. (Better then $ because $ does not include /n characters at the end of a line.)
+// /i		Pattern is treated as case-insensitive.
+
+define('EXAMPLE_EXPRESSION_2', '/^[\pN]+\z/');
+// ^ Start of line
+// [ Starts the character class.
+// \pN Any number.
+// ] Ends the character class.
+// + One or more.
+// \z End of subject or newline at end. (Better then $ because $ does not include /n characters at the end of a line.)
+// / End of the Pattern.
+
+
+$whitelist = array(
+	"example_given_name"	 => array("type" => "EXAMPLE_EXPRESSION_1",  "minlength" => 1,	"maxlength" => 15),
+	"example_age"			  => array("type" => "EXAMPLE_EXPRESSION_2",  "maxlength" => 3),
+);
+
+
+function CCMS_Public_Filter($input, $whitelist) {
+	global $CLEAN;
+
+	foreach ($input as $key => $value) {
+		if (array_key_exists($key, $whitelist)) {
+			$buf = null;
+			$value = @trim($value);
+			// utf8_decode() converts unknown ISO-8859-1 chars to '?' for the purpose of counting.
+			$length = strlen(utf8_decode($value));
+			if (isset($whitelist[$key]['minlength']) && ($length < $whitelist[$key]['minlength'])) {
+				$buf = "MINLEN";
+			}
+			if (isset($whitelist[$key]['maxlength']) && ($length > $whitelist[$key]['maxlength'])) {
+				$buf = "MAXLEN";
+			}
+			if ($buf != "MINLEN" && $buf != "MAXLEN") {
+				switch ($whitelist[$key]['type']) {
+
+
+					case "EXAMPLE_EXPRESSION_1":
+						$buf = (preg_match(EXAMPLE_EXPRESSION_1, $value)) ? $value : "INVAL";
+						break;
+					case "EXAMPLE_EXPRESSION_2":
+						$buf = (preg_match(EXAMPLE_EXPRESSION_2, $value)) ? $value : "INVAL";
+						break;
+
+
+// Add your own case statements here, just copy the patter above, make the neccessary changes, save and upload.
+
+
+				}
+			}
+			$CLEAN[$key] = $buf;
+		}
+	}
+}

ccmspre/whitelist_public_original.php

@@ -14,17 +14,18 @@
 The following is a list of types already pre defined that you can use and the regular expressions they represent.
 These types are found at the top of the /ccmspre/index.php template and should not be altered there.
 
-CRYPT							=>	/^[a-z\-_\/#=&:\pN\?\.\";\'\`\*\s]*\z/i
-HTTP_ACCEPT_LANGUAGE			=>	/^[a-z0-9\-,;=\.]{2,}\z/i
-HTTP_COOKIE						=>	/^[a-z\-_=\.\pN]{1,}\z/i
-LNG								=>	/^[a-z]{2}(-[a-z]{2})?\z/i
-PARMS							=>	/^[a-z\-_\pN\/]+\z/i
-QUERY_STRING					=>	/^[a-z\-_=&\.\pN]{1,}\z/i
-SESSION_ID						=>	/^[a-z0-9]{1,}\z/i
-TPL								=>	/^[a-z\-\pN\/]{1,}\z/i
-UTF8_STRING_WHITE				=>	/^[\pL\pM\s]*\z/u
-UTF8_STRING_DIGIT_WHITE			=>	/^[\pL\pM\pN\s]*\z/u
-UTF8_STRING_DIGIT_PUNC_WHITE	=>	/^[\pL\pM\pN\pP\s]*\z/u
+CRYPT							=> /^[a-z\-_\/#=&:\pN\?\.\";\'\`\*\s]*\z/i
+HTTP_ACCEPT_LANGUAGE			=> /^[a-z0-9\-,;=\.]{2,}\z/i
+HTTP_COOKIE						=> /^[a-z\-_=\.\pN]{1,}\z/i
+LNG								=> /^[a-z]{2}(-[a-z]{2})?\z/i
+PARMS							=> /^[a-z\-_\pN\/]+\z/i
+QUERY_STRING					=> /^[a-z\-_=&\.\pN]{1,}\z/i
+SESSION_ID						=> /^[a-z\pN]{1,}\z/i
+TPL								=> /^[a-z\-\pN\/]{1,}\z/i
+UTF8_STRING_WHITE				=> /^[\pL\pM*+\s]*\z/u
+UTF8_STRING_DIGIT_WHITE			=> /^[\pL\pM*+\pN\s]*\z/u
+UTF8_STRING_DIGIT_PUNC_WHITE	=> /^[\pL\pM*+\pN\pP\s]*\z/u
+WHOLE_NUMBER					=> /^[\pN]*\z/
 
 If you would like to add your own DEFINE's please add them here.  Remember to add a new switch statement to the USER_filter() below.
 **************************************************************/