set_base_dir($basedir);
$config = $conf_obj->get();
$theme = ( !array_key_exists( 'theme', $config ) || empty($config['theme']) ? 'default' : $config['theme'] );
$themedir = "$basedir/templates/$theme";
// Begin dispatch
$args = ( $_SERVER['REQUEST_METHOD'] == 'POST' ? $_POST : $_GET );
if( !empty($args['app']) && $args['app'] == 'login' ) {
include "$themedir/admin/login.inc";
die();
} elseif( !empty($args['app']) && $args['app'] == 'logout' ) {
include "$themedir/admin/logout.inc";
die();
} else {
require_once "tCMS/Auth.inc";
$auth = new Auth;
$auth->ensure_auth();
}
if( empty($args['app']) || $args['app'] == 'config' ) {
$kontent = "$themedir/admin/settings.inc";
} elseif ($args['app'] == 'blog') {
if(!empty($args['get_fragment'])) {
# Need to sanitize
$path = realpath("$basedir/blog/".$args['get_fragment']);
if(strpos($path, "$basedir/blog") !== 0 ) die("Forbidden: Tried to load $path, but $basedir/blog is not the start of the real path.");
die(file_get_contents("$basedir/blog/".$args['get_fragment']));
}
$kontent = "$themedir/admin/bengine.inc";
} elseif ($args['app'] == 'microblog') {
$kontent = "$themedir/admin/mbengine.inc";
} elseif ($args['app'] == 'users' ) {
$kontent = "$themedir/admin/users.inc";
} else {
$kontent = "$themedir/admin/settings.inc";
}
?>
';
$links .= '';
$links .= '';
$links .= '';
echo $links;
// TODO inject avatars these via style tags based on config
?>
tCMS Admin