<?php
/***************************************************************************
 *                             empw.php
 *                            -------------------
 *   begin                : Saturday, Dec 13, 2003
 *   copyright            : (C) 2003 thru 2004 by Nuttzy - Craig Nuttall
 *   email                : nuttzy@blizzhackers.com
 *
 *   $Id: empw.php,v 0.0.12preview 2003/12/26 00:00:00 nuttzy Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/


/*
	NOTE: I CAN'T REMEMBER IF I FINISHED THIS OR IF IT EVEN WORKS! - 2004/08/08
*/


// once moved to the admin dir, don't interfer with building the index
if (!empty($setmodules))
{
	return;
}

define('IN_PHPBB', 1);


//
// Let's set the root dir for phpBB
//
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'config.'.$phpEx);
include($phpbb_root_path . 'includes/constants.'.$phpEx);
include($phpbb_root_path . 'includes/functions.'.$phpEx);
include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
include($phpbb_root_path . 'includes/db.'.$phpEx);
include($phpbb_root_path . '/admin/em_includes/em_ftp.' . $phpEx) ;
include($phpbb_root_path . '/admin/em_includes/em_modio.' . $phpEx) ;
include($phpbb_root_path . '/admin/em_includes/em_functions.' . $phpEx) ;


// look in the config table to get the EM settings
function get_em_settings( $filename, $path, $em_pass, $preview = false)
{
	global $db, $phpbb_root_path ;

	//
	// grab the EM settings
	//
	$sql = "SELECT *
		FROM " . CONFIG_TABLE ;
	if( !$result = $db->sql_query($sql) )
	{
		message_die(GENERAL_ERROR, $lang['EM_err_config_info'], '', __LINE__, __FILE__, $sql);
	}

	// loop through all the settings and assign the EM ones as appropriate
	while ( $row = $db->sql_fetchrow($result))
	{
		if ( $row['config_name'] == 'EM_read')
		{
			$read = $row['config_value'] ;
		}
		else if ( $row['config_name'] == 'EM_write')
		{
			$write = $row['config_value'] ;
		}
		else if ( $row['config_name'] == 'EM_move')
		{
			$move = $row['config_value'] ;
		}
		else if ( $row['config_name'] == 'EM_ftp_dir')
		{
			$ftp_dir = $row['config_value'] ;
		}
		else if ( $row['config_name'] == 'EM_ftp_user')
		{
			$ftp_user = $row['config_value'] ;
		}
		else if ( $row['config_name'] == 'EM_ftp_pass')
		{
			$ftp_pass = $row['config_value'] ;
		}
		else if ( $row['config_name'] == 'EM_ftp_host')
		{
			$ftp_host = $row['config_value'] ;
		}
		else if ( $row['config_name'] == 'EM_ftp_type')
		{
			$ftp_type = $row['config_value'] ;
		}
	}

	// decrypt the FTP password
	include($phpbb_root_path . 'admin/em_includes/em_cipher.php') ;
	$cipher = new Cipher_BlockMode_cbc();
	$cipher->blowfish->setKey( $em_pass);
	$ftp_pass = $cipher->decrypt($ftp_pass) ;


	// if we are in preview mode, then no matter what we will set to display to screen
	if ($preview)
	{
		$write = 'screen' ;
		$move = 'ftpm' ;
	}

	// easiest thing to do is return a mod_io object
	return new mod_io( $filename, $path, $read, $write, $move, $ftp_user, $ftp_pass, $ftp_dir, $ftp_host, $ftp_type) ;
}



// get our values
$password = ( !empty($HTTP_POST_VARS['password']) ) ? htmlspecialchars($HTTP_POST_VARS['password']) : '' ; 
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? htmlspecialchars($HTTP_POST_VARS['mode']) : '' ; 


// use the SS css file to pretty things up; should work fine even if the css file is not found
echo '<link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css">' . "\n" ;


//
// update the EM settings; they already filled out the settings page and hit submit
//
if ($mode == 'update')
{
	// password settings
	$em_pass = (isset($HTTP_POST_VARS['em_pass'])) ? htmlspecialchars( $HTTP_POST_VARS['em_pass']) : '' ;
	$em_pass_confirm = (isset($HTTP_POST_VARS['em_pass_confirm'])) ? htmlspecialchars( $HTTP_POST_VARS['em_pass_confirm']) : '' ;

	// ftp settings
	$ftp_pass = (isset($HTTP_POST_VARS['ftp_pass'])) ? htmlspecialchars( $HTTP_POST_VARS['ftp_pass']) : '' ;

	// confirm passwords match and update pw if needed
	if ( $em_pass == $em_pass_confirm)
	{
		// update the password; starting with 0.0.11 store as MD5 hash
		em_db_update( 'EM_password', md5($em_pass)) ;
		$pass_msg = ($em_pass == '') ? '(EM password disabled)' : '(EM password updated)' ;


		// decrypt the FTP password
		include($phpbb_root_path . '/admin/em_includes/em_cipher.php') ;
		$cipher = new Cipher_BlockMode_cbc();
		$cipher->blowfish->setKey( $em_pass);
		$ftp_pass = $cipher->encrypt( $ftp_pass) ;

		// update the settings
		em_db_update( 'EM_ftp_pass', $ftp_pass) ;

?>

<table cellpadding="2" cellspacing="1" border="0" class="forumline" align="center">
	<tr>
		<th>Success</th>
	</tr>
	<tr>
		<td class="row1" align="center"><span class="gen">
			<br>
			&nbsp; Your EasyMOD settings have been updated successfully. <?php echo $pass_msg ; ?> &nbsp;<br>
			<br>
			&nbsp; <b>You should now rename or delete empw.php to prevent unauthorized use.</b> &nbsp;<br>
			<br></span></td>
	</tr>
</table>

<?php
	}
	// passwords do not match so throw an error; reset mode so that we ask for settings again
	else
	{
		echo "<h1>The EasyMOD passwords do not match.  Settings not updated.</h1><br>\n" ;
		$mode = '' ;
	}
}



//
// display the settings page
//
if ($mode == '')
{
	$command_file = get_em_settings( '6E7574747A79.72756C657321', '', $password) ;

?>

<br>
<h3>Change EasyMOD password</h3>
<p>Try to remember it next time, ok? ;-)</p>
<form action="empw.php" name="settings" method="post">
<table width="100%" cellpadding="2" cellspacing="1" border="0" class="forumline">
	<tr>
		<th colspan="2">EasyMOD Password Protection</th>
	</tr>
	<tr>
		<td class="row2" align="center" colspan="2"><span class="gen">The EasyMOD password will allow you to restrict which admins can use EasyMOD. By having access to EasyMOD an admin could covertly obtain your database user/pass and FTP info. Leave both the password and the confirm password empty to have no password set. Leave the confirm empty to not change the password.</span></td>
	</tr>
	<tr>
		<td class="row1" align="right"><span class="gen">Set EM password</span></td>
		<td class="row2"><input type="password" name="em_pass" value=""></td>
	</tr>
	<tr>
		<td class="row1" align="right"><span class="gen">Confirm EM password</span></td>
		<td class="row2"><input type="password" name="em_pass_confirm" value=""></td>
	</tr>
	<tr>
		<th colspan="2">FTP Password</th>
	</tr>
	<tr>
		<td class="row2" align="center" colspan="2"><span class="gen">Whenever you change the EM password you must also reenter your FTP password.  The two are linked together to increase security.</span></td>
	</tr>
	<tr>
		<td class="row1" align="right"><span class="gen">FTP Username</span></td>
		<td class="row2"><span class="gen"> &nbsp;<?php echo $command_file->ftp_user ?></span></td>
	</tr>
	<tr>
		<td class="row1" align="right"><span class="gen">FTP Password</span></td>
		<td class="row2"><input type="password" name="ftp_pass" value=""></td>
	</tr>
	<tr> 
		<td class="catbottom" align="center" colspan="2">
			<input type="hidden" name="mode" value="update">
			<input class="mainoption" type="submit" value="Submit" />&nbsp;
		</td>
	</tr>
</table>
</form>



<?php

}

?>
