Merge pull request #1990 from nukeviet/develop

NukeViet 4.0 Final

CHANGELOG.txt

@@ -1,6 +1,74 @@
 CHANGE LOG: NUKEVIET CMS
 http://nukeviet.vn
 
+NUKEVIET 4.0.29 Final
+- Requires PHP 5.5 or later
+- PHPMailer v6.0
+- Endroid/qrcode v1.6.5
+- CKEditor v4.5.9
+- Config allow theme type 
+- Update theme default
+- Update theme admin default
+- Update Memcache class
+- Update Request class
+- Update DB class
+- Module upload: fix download image
+- Fix update, upgrade system and extentions
+- Fix check update, auto update
+- Module users: 
+	Add feature for group's leader (creat user, delete user, accept user, delete user, change password), 
+	Update theme redirect login, 
+	Update facebook login
+	Change rule for view list users
+	Remove Admin Relogin
+- Module extensions: Fix download file
+- Add more options for module's theme mobile
+- Support statisics for CocCoc browser
+- Module news: Optimize database, fix sample data
+
+NUKEVIET 4.0.28
+- Fix set tollower meta-tag name
+- Update javascript to lastest version: lazyload 1.9.7, Jcop 2.0.4, Select2 4.0.2, jquery-treeview v1.4.2, jquery.imgpreload 1.6.2, jquery.flash v1.3.3, jquery.flash v1.3.3, jquery-ui v1.12.0, jQuery v2.2.3
+- update CKEditor 4.5.8
+- Module Seotools: Remove site Diagnostic
+- Module Users: Allow virtual, fix user custom fields, fix block login, fix users login, fix search user waiting
+- Module Upload: Fix error on quickly refresh dir, fix error on refresh large dir
+- Module News: Fix check image exists, fix change alias op content, fix function and cat, add block by category 
+- Module Contact: Delete link in contact mail containing admin path
+- Update theme mobile_nukeviet
+- Fix comment on mobile theme
+- Fix function nv_xmlOutput
+- Fix class Memcacheds
+- Fix dump database
+- Fix plugin rewrite_obsolute
+- Fix backup MySQL Engine InnoDB
+- Update Font Awesome Version 4.6.1
+- Fix function nv_clean60
+- Theme default: fix block company_info
+
+NUKEVIET 4.0.27
+- update class Punycode
+- update class phpmailer 
+- Module Users: add Group new users
+- Module users: add function groups manage for leader 
+- Theme mobile: file layout not exit
+- nv_info_die function: send http status code
+- Module authors: remove module siteinfo in grant system 
+- Module news: update block newscenter, fix edit content
+- update sample data
+- Fix module Extensions
+- Module page: add image position config, add og:image
+- Update ckeditor 4.5.7, fix when editor maximize
+- Blocks: fix variables $blockID 
+- Database: fix setting backup database
+
+NUKEVIET 4.0.26
+- Add management: leaders, avatar, color, default for groups
+- Contact: update show department
+- Add simple mode for generate pages
+- Fix check extension version
+- Fix and update something...
+
 NUKEVIET 4.0.25
 - Update Data demo
 - Update jQuery v2.2.0 

COPYRIGHT.txt

@@ -13,23 +13,20 @@ NukeViet includes works under other copyright notices and distributed according
 Name                 	Version        License		Description										Url
 Bootstrap				3.3.6			MIT			HTML, CSS, and JavaScript framework for developing responsive	http://getbootstrap.com
 XTemplate				0.4.0			MIT			Templating engine for PHP 						http://www.phpxtemplate.org
-jQuery					2.2.0			MIT			jQuery JavaScript Library						http://jquery.com/
-Ckeditor				4.5.6			GPL, LGPL	JavaScript WYSIWYG web text editor				http://ckeditor.com/
+jQuery					2.2.3			MIT			jQuery JavaScript Library						http://jquery.com/
+Ckeditor				4.5.9			GPL, LGPL	JavaScript WYSIWYG web text editor				http://ckeditor.com/
 jasig/phpcas 			1.3.4			Apache		Jasig PHP CAS Client							https://github.com/Jasig/phpCAS
 Browser-Detect 			1.0.0			MIT			Class to detect a user's Browser				https://github.com/cbschuld/Browser.php
-composer			 	1.0.0			MIT			Dependency Manager for PHP 						https://github.com/composer/composer
-phpmailer/phpmailer  	5.4.x			LGPL-2.1  	The classic email sending library for PHP 		https://github.com/phpmailer/phpmailer
+composer			 	1.1.0			MIT			Dependency Manager for PHP 						https://github.com/composer/composer
+phpmailer/phpmailer  	6.0.0			LGPL-2.1  	The classic email sending library for PHP 		https://github.com/phpmailer/phpmailer
 pclzip/pclzip        	2.8.2			LGPL-2.1  	Compression and extraction functions for Zip	https://github.com/ivanlanin/pclzip
 league/url           	3.3.5			MIT			Lightweight PHP Url manipulating library       	https://github.com/thephpleague/url				
 gregwar/captcha      	1.1.1			MIT			PHP Captcha library 							https://github.com/Gregwar/Captcha     
 gregwar/cache        	1.0.10			MIT			A lightweight filesystem caching system 		https://github.com/Gregwar/Cache    
 gregwar/image        	2.0.20			MIT			A PHP library to handle images 					https://github.com/Gregwar/Image      
 and/oauth            	dev-master   	MIT			Support for authenticating users using OAuth	https://github.com/logical-and/php-oauth
-endroid/qrcode       	1.5.7			MIT			QR Code Generator								https://github.com/endroid/QrCode    
+endroid/qrcode       	1.6.5			MIT			QR Code Generator								https://github.com/endroid/QrCode    
 kriswallsmith/buzz   	0.15			MIT			PHP's lightweight HTTP client 					https://github.com/kriswallsmith/Buzz   
-true/punycode        	2.0.1			MIT			Encoding of Unicode for IDNA					https://github.com/true/php-punycode
+true/punycode        	2.0.2			MIT			Encoding of Unicode for IDNA					https://github.com/true/php-punycode
 
 .. see copyright information at the header of source code file.
-
-
-

admin/authors/add.php

@@ -19,7 +19,7 @@
 
 if ($nv_Request->get_int('result', 'get', 0)) {
     $checksess = $nv_Request->get_title('checksess', 'get', '');
-    if ($checksess != md5($global_config['sitekey'] . session_id())) {
+    if ($checksess != NV_CHECK_SESSION) {
         Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name);
         die();
     }
@@ -194,8 +194,8 @@
 $xtpl->assign('INFO', $contents['info']);
 $xtpl->assign('LANG', $lang_module);
 $xtpl->assign('NV_BASE_ADMINURL', NV_BASE_ADMINURL);
-$xtpl->assign('RESULT_URL', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=add&result=1&checksess=' . md5($global_config['sitekey'] . session_id()));
-$xtpl->assign('FILTERSQL', nv_base64_encode($crypt->aes_encrypt($filtersql, md5($global_config['sitekey'] . $client_info['session_id']))));
+$xtpl->assign('RESULT_URL', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=add&result=1&checksess=' . NV_CHECK_SESSION);
+$xtpl->assign('FILTERSQL', nv_base64_encode($crypt->aes_encrypt($filtersql, NV_CHECK_SESSION)));
 $xtpl->assign('ACTION', $contents['action']);
 
 if (isset($contents['editor'])) {

admin/authors/config.php

@@ -80,7 +80,6 @@ function nv_save_file_admin_config()
 
     $array_config_global['spadmin_add_admin'] = $nv_Request->get_int('spadmin_add_admin', 'post');
     $array_config_global['authors_detail_main'] = $nv_Request->get_int('authors_detail_main', 'post');
-    $array_config_global['adminrelogin_max'] = $nv_Request->get_int('adminrelogin_max', 'post');
     $array_config_global['admin_check_pass_time'] = 60 * $nv_Request->get_int('admin_check_pass_time', 'post');
     if ($array_config_global['admin_check_pass_time'] < 120) {
         $array_config_global['admin_check_pass_time'] = 120;
@@ -149,7 +148,7 @@ function nv_save_file_admin_config()
 
             nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['title_username'], $lang_module['username_edit'] . ' username: ' . $username, $admin_info['userid']);
         } else {
-            $sth = $db->prepare("REPLACE INTO " . NV_AUTHORS_GLOBALTABLE . "_config (keyname, mask, begintime, endtime, notice) VALUES (:username, '-1', " . $begintime1 . ", " . $endtime1 . ", '" . md5($password) . "' )");
+            $sth = $db->prepare("INSERT INTO " . NV_AUTHORS_GLOBALTABLE . "_config (keyname, mask, begintime, endtime, notice) VALUES (:username, '-1', " . $begintime1 . ", " . $endtime1 . ", '" . md5($password) . "' )");
             $sth->bindParam(':username', $username, PDO::PARAM_STR);
             $sth->execute();
             nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['title_username'], $lang_module['username_add'] . ' username: ' . $username, $admin_info['userid']);
@@ -193,13 +192,16 @@ function nv_save_file_admin_config()
 
             nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['adminip'], $lang_module['adminip_edit'] . ' ID ' . $cid . ' -> ' . $keyname, $admin_info['userid']);
         } else {
-            $sth = $db->prepare('REPLACE INTO ' . NV_AUTHORS_GLOBALTABLE . '_config (keyname, mask, begintime, endtime, notice) VALUES ( :keyname, :mask, ' . $begintime . ', ' . $endtime . ', :notice )');
-            $sth->bindParam(':keyname', $keyname, PDO::PARAM_STR);
-            $sth->bindParam(':mask', $mask, PDO::PARAM_STR);
-            $sth->bindParam(':notice', $notice, PDO::PARAM_STR);
-            $sth->execute();
-
-            nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['adminip'], $lang_module['adminip_add'] . ' ' . $keyname, $admin_info['userid']);
+        	$result = $db->query('DELETE FROM ' . NV_AUTHORS_GLOBALTABLE . '_config WHERE keyname=' . $db->quote($keyname));
+			if ($result) {
+	            $sth = $db->prepare('INSERT INTO ' . NV_AUTHORS_GLOBALTABLE . '_config (keyname, mask, begintime, endtime, notice) VALUES ( :keyname, :mask, ' . $begintime . ', ' . $endtime . ', :notice )');
+	            $sth->bindParam(':keyname', $keyname, PDO::PARAM_STR);
+	            $sth->bindParam(':mask', $mask, PDO::PARAM_STR);
+	            $sth->bindParam(':notice', $notice, PDO::PARAM_STR);
+	            $sth->execute();
+
+	            nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['adminip'], $lang_module['adminip_add'] . ' ' . $keyname, $admin_info['userid']);
+			}
         }
         nv_save_file_admin_config();
         Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&rand=' . nv_genpass());
@@ -223,19 +225,8 @@ function nv_save_file_admin_config()
 $xtpl->assign('MODULE_NAME', $module_name);
 $xtpl->assign('NV_LANG_INTERFACE', NV_LANG_INTERFACE);
 $xtpl->assign('ADMIN_CHECK_PASS_TIME', round($global_config['admin_check_pass_time'] / 60));
-
 $xtpl->assign('OP', $op);
 
-for ($i = 2; $i < 11; $i++) {
-    $array = array(
-        'value' => $i,
-        'select' => ($i == $global_config['adminrelogin_max']) ? ' selected="selected"' : '',
-        'text' => $i
-    );
-    $xtpl->assign('OPTION', $array);
-    $xtpl->parse('main.adminrelogin_max');
-}
-
 $xtpl->assign('DATA', array(
     'admfirewall' => $global_config['admfirewall'] ? ' checked="checked"' : '',
     'block_admin_ip' => $global_config['block_admin_ip'] ? ' checked="checked"' : '',

admin/authors/del.php

@@ -65,7 +65,7 @@ function nv_checkAdmpass($adminpass)
 $action_account = $nv_Request->get_int('action_account', 'post', 0);
 $action_account = (isset($array_action_account[$action_account])) ? $action_account : 0;
 $error = '';
-$checkss = md5($admin_id . session_id() . $global_config['sitekey']);
+$checkss = md5($admin_id . NV_CHECK_SESSION);
 if ($nv_Request->get_title('ok', 'post', 0) == $checkss) {
     $sendmail = $nv_Request->get_int('sendmail', 'post', 0);
     $reason = $nv_Request->get_title('reason', 'post', '', 1);
@@ -106,7 +106,7 @@ function nv_checkAdmpass($adminpass)
         if ($action_account == 1) {
             $db->query('UPDATE ' . NV_USERS_GLOBALTABLE . ' SET active=0 WHERE userid=' . $admin_id);
         } elseif ($action_account == 2) {
-            $db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers-1 WHERE group_id IN (SELECT group_id FROM ' . NV_GROUPS_GLOBALTABLE . '_users WHERE userid=' . $admin_id . ')');
+            $db->query('UPDATE ' . NV_GROUPS_GLOBALTABLE . ' SET numbers = numbers-1 WHERE group_id IN (SELECT group_id FROM ' . NV_GROUPS_GLOBALTABLE . '_users WHERE userid=' . $admin_id . ' AND approved = 1)');
             $db->query('DELETE FROM ' . NV_GROUPS_GLOBALTABLE . '_users WHERE userid=' . $admin_id);
             $db->query('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_openid WHERE userid=' . $admin_id);
             $db->query('DELETE FROM ' . NV_USERS_GLOBALTABLE . '_info WHERE userid=' . $admin_id);

admin/authors/module.php

@@ -37,7 +37,7 @@
             $save = true;
             if ($act == 3 and ($row['module'] == 'database' or $row['module'] == 'settings' or $row['module'] == 'site')) {
                 $save = false;
-            } elseif ($act == 1  and $row['module'] == 'authors') {
+            } elseif ($act == 1 and ($row['module'] == 'authors' or $row['module'] == 'siteinfo')) {
                 $save = false;
             }
 
@@ -66,6 +66,7 @@
 $rows = $db->query('SELECT * FROM ' . NV_AUTHORS_GLOBALTABLE . '_module ORDER BY weight ASC')->fetchAll();
 $numrows = sizeof($rows);
 foreach ($rows as $row) {
+	if ($row['module'] == 'siteinfo') continue;
     for ($i = 1; $i <= $numrows; $i++) {
         $xtpl->assign('WEIGHT', array( 'key' => $i, 'selected' => ($i == $row['weight']) ? ' selected="selected"' : '' ));
         $xtpl->parse('main.loop.weight');

admin/authors/users.php

@@ -3,7 +3,7 @@
 /**
  * @Project NUKEVIET 4.x
  * @Author VINADES (contact@vinades.vn)
- * @Copyright ? 2014 VINADES. All rights reserved
+ * @Copyright (C) 2014 VINADES. All rights reserved
  * @License GNU/GPL version 2 or any later version
  * @Createdate 04/05/2010
  */

admin/database/delfile.php

@@ -22,7 +22,7 @@
 
 $path_filename = NV_BASE_SITEURL . $log_dir . '/' . $filename;
 
-if (nv_is_file($path_filename, $log_dir) === true and $checkss == md5($filename . $client_info['session_id'] . $global_config['sitekey'])) {
+if (nv_is_file($path_filename, $log_dir) === true and $checkss == md5($filename . NV_CHECK_SESSION)) {
     $temp = explode('_', $filename);
 
     nv_insert_logs(NV_LANG_DATA, $module_name, $lang_global['delete'] . ' ' . $lang_module['file_backup'], 'File name: ' . end($temp), $admin_info['userid']);
@@ -37,4 +37,4 @@
     include NV_ROOTDIR . '/includes/header.php';
     echo nv_admin_theme($contents);
     include NV_ROOTDIR . '/includes/footer.php';
-}
+}

admin/database/download.php

@@ -14,7 +14,7 @@
 
 $checkss = $nv_Request->get_title('checkss', 'post,get');
 
-if ($checkss == md5($client_info['session_id'] . $global_config['sitekey'])) {
+if ($checkss == NV_CHECK_SESSION) {
     $tables = $nv_Request->get_array('tables', 'post', array());
     $type = $nv_Request->get_title('type', 'post', '');
     $ext = $nv_Request->get_title('ext', 'post', '');
@@ -58,4 +58,4 @@
         exit();
     }
 }
-die();
+die();

admin/database/file.php

@@ -47,8 +47,8 @@
     $file = $value['file'];
     $mc = $value['mc'];
 
-    $link_getfile = NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=getfile&filename=' . $file . '&checkss=' . md5($file . $client_info['session_id'] . $global_config['sitekey']);
-    $link_delete = NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=delfile&filename=' . $file . '&checkss=' . md5($file . $client_info['session_id'] . $global_config['sitekey']);
+    $link_getfile = NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=getfile&filename=' . $file . '&checkss=' . md5($file . NV_CHECK_SESSION);
+    $link_delete = NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=delfile&filename=' . $file . '&checkss=' . md5($file . NV_CHECK_SESSION);
 
     $xtpl->assign('ROW', array(
         'stt' => ++$a,
@@ -61,12 +61,12 @@
 
     $xtpl->parse('main.loop');
 }
-$xtpl->assign('BACKUPNOW', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=download&checkss=' . md5($client_info['session_id'] . $global_config['sitekey']));
+$xtpl->assign('BACKUPNOW', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=download&checkss=' . NV_CHECK_SESSION);
 $page_title = $lang_module['file_backup'];
 
 $xtpl->parse('main');
 $contents = $xtpl->text('main');
 
 include NV_ROOTDIR . '/includes/header.php';
 echo nv_admin_theme($contents);
-include NV_ROOTDIR . '/includes/footer.php';
+include NV_ROOTDIR . '/includes/footer.php';

admin/database/functions.php

@@ -42,6 +42,9 @@ function nv_show_tables()
     while ($item = $result->fetch()) {
         $tables_size = floatval($item['data_length']) + floatval($item['index_length']);
 
+        if ($item['engine'] != 'MyISAM') {
+            $item['rows'] = $db->query("SELECT COUNT(*) FROM " . $item['name'])->fetchColumn();
+        }
         $tables[$item['name']]['table_size'] = nv_convertfromBytes($tables_size);
         $tables[$item['name']]['table_max_size'] = ! empty($item['max_data_length']) ? nv_convertfromBytes(floatval($item['max_data_length'])) : 0;
         $tables[$item['name']]['table_datafree'] = ! empty($item['data_free']) ? nv_convertfromBytes(floatval($item['data_free'])) : 0;
@@ -133,6 +136,10 @@ function nv_show_tab()
         include NV_ROOTDIR . '/includes/footer.php';
     }
 
+    if ($item['engine'] != 'MyISAM') {
+        $item['rows'] = $db->query("SELECT COUNT(*) FROM " . $item['name'])->fetchColumn();
+    }
+
     $tablename = substr($item['name'], strlen($db_config['prefix']) + 1);
     $contents = array();
     $contents['table']['caption'] = sprintf($lang_module['table_caption'], $tablename);
@@ -196,13 +203,12 @@ function main_theme($contents)
 
 function nv_show_tables_theme($contents)
 {
-    global $global_config, $client_info, $module_file;
+    global $global_config, $module_file;
 
     $xtpl = new XTemplate('tables.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
 
     $xtpl->assign('ACTION', $contents['action']);
     $xtpl->assign('CAPTIONS', $contents['captions']['tables_info']);
-    $xtpl->assign('CHECKSS', md5($client_info['session_id'] . $global_config['sitekey']));
 
     foreach ($contents['columns'] as $value) {
         $xtpl->assign('COLNAME', $value);

admin/database/getfile.php

@@ -22,7 +22,7 @@
 
 $path_filename = NV_BASE_SITEURL . '/' . $log_dir . '/' . $filename;
 
-if (nv_is_file($path_filename, $log_dir) === true and $checkss == md5($filename . $client_info['session_id'] . $global_config['sitekey'])) {
+if (nv_is_file($path_filename, $log_dir) === true and $checkss == md5($filename . NV_CHECK_SESSION)) {
     nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['download'], 'File name: ' . basename($filename), $admin_info['userid']);
 
     //Download file