/**
* Comment object constructor
*
* @param database $db
* @return privileges
* @access public
*/
function privileges(&$db, $gid)
{
global $my;
$this->gid = intval($this->escapeString($gid));
if (isset($my->gids) && $my->gid == $gid) {
$db->setQuery("SELECT priv_upload, priv_editmedium, priv_delmedium, priv_creategal, priv_editgal, priv_delgal " . " FROM #__zoom_priv WHERE gid IN (" . $this->escapeString($my->gids) . ")");
} else {
$db->setQuery("SELECT priv_upload, priv_editmedium, priv_delmedium, priv_creategal, priv_editgal, priv_delgal " . " FROM #__zoom_priv WHERE gid = '{$this->gid}'");
}
$result = $db->query();
while ($row = mysql_fetch_object($result)) {
foreach ($row as $priv => $value) {
if ($value) {
$this->{$priv} = $value;
}
}
}
}
function send_mail($to_email, $to_name, $subject, $content, $from_name = '')
{
$table = array("account");
$db = new database();
$query = $db->createQueryAll($table);
$db->setQuery($query);
$result1 = $db->loadAllRow();
//var_dump($result1);
$pass = encrypt_decrypt('decrypt', $result1[0]['pass']);
//var_dump($pass);
//tài khoản gmail dùng để gửi mail
$from_email = $result1[0]['name'];
// Reply to this email
$from_email_pass = $pass;
return send_gmail($from_email, $from_email_pass, $to_email, $to_name, $subject, $content, $from_name);
}
$configArray['DBpassword'] = $DBpassword;
$configArray['DBname'] = $DBname;
$configArray['DBPort'] = $DBPort;
$configArray['DBPrefix'] = $DBPrefix;
$sql = "CREATE DATABASE `{$DBname}`";
$mysql_result = mysql_query($sql);
$test = mysql_errno();
if ($test != 0 && $test != 1007) {
db_err("stepBack", "A database error occurred: " . mysql_error());
}
// db is now new or existing, create the db object connector to do the serious work
$DBserver = $DBPort ? "{$DBhostname}:{$DBPort}" : "{$DBhostname}";
$database = new database($DBserver, $DBuserName, $DBpassword, $DBname, $DBPrefix);
// delete existing mos table if requested
if ($DBDel) {
$database->setQuery("SHOW TABLES FROM `{$DBname}`");
$errors = array();
if ($tables = $database->loadResultArray()) {
foreach ($tables as $table) {
if ($DBPrefix) {
if (strpos($table, $DBPrefix) === 0) {
if ($DBBackup) {
$butable = str_replace($DBPrefix, $BUPrefix, $table);
$database->setQuery("DROP TABLE IF EXISTS `{$butable}`");
$database->query();
if ($database->getErrorNum()) {
$errors[$database->getQuery()] = $database->getErrorMsg();
}
$database->setQuery("RENAME TABLE `{$table}` TO `{$butable}`");
$database->query();
if ($database->getErrorNum()) {
}
// Does this code actually do anything???
$configArray['DBhostname'] = $DBhostname;
$configArray['DBuserName'] = $DBuserName;
$configArray['DBpassword'] = $DBpassword;
$configArray['DBname'] = $DBname;
$configArray['DBPrefix'] = $DBPrefix;
$sql = "CREATE DATABASE `{$DBname}`";
$mysql_result = mysql_query($sql);
$test = mysql_errno();
if ($test != 0 && $test != 1007) {
db_err("stepBack", "访问数据库出错: " . mysql_error());
}
// db is now new or existing, create the db object connector to do the serious work
$database = new database($DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix);
$database->setQuery("set names 'gb2312'");
// set charset
$database->query();
// kilin did it
// delete existing mos table if requested
if ($DBDel) {
$database->setQuery("SHOW TABLES FROM {$DBname}");
$errors = array();
if ($tables = $database->loadResultArray()) {
foreach ($tables as $table) {
if (strpos($table, $DBPrefix) === 0) {
if ($DBBackup) {
$butable = str_replace($DBPrefix, $BUPrefix, $table);
$database->setQuery("DROP TABLE IF EXISTS {$butable}");
$database->query();
if ($database->getErrorNum()) {
public static function run()
{
if (!isset($_POST['expr'])) {
$_POST['expr'] = "";
}
if (!isset($_POST['evaltype'])) {
$_POST['evaltype'] = "none";
}
// include("udf_phpdump.php");
$_POST['expr'] = rtrim(stripslashes(stripslashes($_POST['expr'])));
?>
<form action="<?php
echo bfTools::ME();
?>
" method="post">
PHP Expression:
<table width="100%">
<tr valign="top">
<td width="10%"><label><input type="radio" name="evaltype"
value="none" accesskey="n" tabindex="3"
<?php
if ($_POST['evaltype'] == "none") {
echo ' checked="checked"';
}
?>
/>
<span style="text-decoration: underline">n</span>one</label><br/>
<label><input type="radio" name="evaltype" value="echo"
accesskey="n" tabindex="4"
<?php
if (!isset($_POST['submit']) or $_POST['evaltype'] == "echo") {
echo ' checked="checked"';
}
?>
/>
e<span style="text-decoration: underline">c</span>ho</label><br/>
<label><input type="radio" name="evaltype" value="vardump"
accesskey="v" tabindex="5"
<?php
if ($_POST['evaltype'] == "vardump") {
echo ' checked="checked"';
}
?>
/>
<span style="text-decoration: underline">v</span>ardump</label><br/>
<label><input type="radio" name="evaltype" value="phpdump"
accesskey="d" tabindex="6"
<?php
if ($_POST['evaltype'] == "phpdump") {
echo ' checked="checked"';
}
?>
/>
php<span style="text-decoration: underline">d</span>ump</label><br/>
<label><input type="radio" name="evaltype" value="dbclasscreator"
accesskey="d" tabindex="7"
<?php
if ($_POST['evaltype'] == "dbclasscreator") {
echo ' checked="checked"';
}
?>
/>
<span style="text-decoration: underline">d</span>bclasscreator</label><br/>
<label><input type="radio" name="evaltype" value="loadObjectList"
accesskey="l" tabindex="7"
<?php
if ($_POST['evaltype'] == "loadObjectList") {
echo ' checked="checked"';
}
?>
/>
<span style="text-decoration: underline">l</span>oadObjectList</label><br/>
<label><input type="radio" name="evaltype" value="md5" accesskey="m"
tabindex="7"
<?php
if ($_POST['evaltype'] == "md5") {
echo ' checked="checked"';
}
?>
/>
<span style="text-decoration: underline">m</span>d5</label><br/> <label><input
type="radio" name="evaltype" value="passthru" accesskey="p"
tabindex="8"
<?php
if ($_POST['evaltype'] == "passthru") {
echo ' checked="checked"';
}
?>
/>
<span style="text-decoration: underline">p</span>assthru</label><br/>
<label><input type="radio" name="evaltype" value="wget"
accesskey="w" tabindex="9"
<?php
if ($_POST['evaltype'] == "wget") {
echo ' checked="checked"';
}
?>
/>
<span style="text-decoration: underline">w</span>get</label><br/>
</td>
<td width="92%"><textarea rows="5" cols="45" name="expr"
accesskey="e" tabindex="1"
style="width: 90%"><?php
echo htmlspecialchars($_POST['expr']);
?>
</textarea>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value=" Evaluate "
tabindex="2"/></td>
</tr>
</table>
</form>
<?php
if (strlen($_POST['expr'])) {
switch ($_POST['evaltype']) {
case "echo":
$_POST['expr'] = "echo " . $_POST['expr'];
break;
case "vardump":
$_POST['expr'] = "var_dump(" . $_POST['expr'] . ")";
break;
case "phpdump":
$_POST['expr'] = "phpdump(" . $_POST['expr'] . ")";
break;
case "md5":
$_POST['expr'] = "echo md5('" . $_POST['expr'] . "')";
break;
case "passthru":
$_POST['expr'] = "passthru('" . $_POST['expr'] . "')";
break;
case "wget":
$_POST['expr'] = "passthru('wget " . $_POST['expr'] . "')";
break;
case "loadObjectList":
include 'database.php';
// $database = new
// database('localhost','root','root','componentsdev','jos');
$database->setQuery($_POST['expr']);
echo '<pre style="background-color: #EEE; padding: 0.5em; overflow: auto;">';
print_R($database->loadObjectList());
echo "</pre>";
die;
break;
case "dbclasscreator":
include 'database.php';
// $database = new
// database('localhost','root','root','componentsdev','jos');
$dbname = explode('.', $_POST['expr']);
$e = explode('_', $dbname[1]);
$prefix = $e[0] . '_';
$db = new database('localhost', 'root', 'root', $dbname[0], $prefix);
$db->setQuery('DESCRIBE ' . $dbname[1]);
$fields = $db->loadObjectList();
$str = array();
$str[] = 'class CLASSNAME extends mosDBTable {';
$str[] = '';
$_tbl_key = $fields[0]->Field;
foreach ($fields as $field) {
$str[] = "\t" . 'var $' . $field->Field . '=null;';
}
$str[] = '';
$str[] = "\t" . 'function CLASSNAME() {';
$str[] = "\t" . "\t" . 'global $database;';
$dbname[1] = str_replace('jos_', '', $dbname[1]);
$dbname[1] = str_replace('mos_', '', $dbname[1]);
$str[] = "\t" . "\t" . '$this->mosDBTable( "#__' . $dbname[1] . '", "' . $_tbl_key . '", $database );';
$str[] = "\t" . '}';
$str[] = '}';
$text = implode("\n", $str);
echo '<pre style="background-color: #EEE; padding: 0.5em; overflow: auto;">';
print_R($text);
echo "</pre>";
break;
default:
break;
}
if (substr($_POST['expr'], -1) != ";") {
$_POST['expr'] .= ";";
}
echo '<pre style="background-color: #EEE; padding: 0.5em; overflow: auto;">';
eval($_POST['expr']);
echo "</pre>";
}
}
function MakePass()
{
$uid = JSYS_Utils::getParam('user_id', 0, 'integer', false);
$npass = JSYS_Utils::getParam('new_password', '', 'string', false);
if (!$npass || !$uid) {
echo "Bad or empty password";
return;
}
$conf = 'configuration.php';
if (!file_exists($conf)) {
echo "Joomla Configuration File not found. Cannot connect to the database";
}
require_once $conf;
classCreator::createDatabase();
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix, false);
$database->setQuery("UPDATE #__users SET password='******' WHERE id='{$uid}'");
$database->query();
echo "The new password is {$npass}";
}
$database = new database($DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix);
$databasehist = new database($DBhostname, $DBuserName, $DBpassword, $DBHistname, $DBPrefix);
// delete existing mos table if requested
if ($DBDel) {
$database->setQuery("SHOW TABLES FROM `{$DBname}`");
$errors = array();
if ($tables = $database->loadResultArray()) {
foreach ($tables as $table) {
$database->setQuery("DROP TABLE IF EXISTS `{$table}`");
$database->query();
if ($database->getErrorNum()) {
$errors[$database->getQuery()] = $database->getErrorMsg();
}
}
}
$databasehist->setQuery("SHOW TABLES FROM `{$DBname}`");
$errors = array();
if ($tables = $databasehist->loadResultArray()) {
foreach ($tables as $table) {
$databasehist->setQuery("DROP TABLE IF EXISTS `{$table}`");
$databasehist->query();
if ($databasehist->getErrorNum()) {
$errors[$databasehist->getQuery()] = $databasehist->getErrorMsg();
}
}
}
}
populate_db($DBname, $DBPrefix, 'knomos.sql');
populate_db($DBHistname, $DBPrefix, 'knomos_hist.sql');
if ($DBSample) {
populate_db($DBname, $DBPrefix, 'sample_data.sql');
function getSuggestions($keyword)
{
//get DB
if (defined('_JEXEC')) {
$dbi =& JDatabase::getInstance(array('driver' => DB_DRIVER, 'host' => DB_HOST, 'user' => DB_USER, 'password' => DB_PASSWORD, 'database' => DB_DATABASE, 'prefix' => DB_PREFIX));
} else {
$dbi = new database(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE, DB_PREFIX, DB_OFFLINE);
}
// escape the keyword string
if (get_magic_quotes_gpc()) {
//Addded by AW
$keyword = stripslashes($keyword);
}
$keyword = addcslashes(mysql_real_escape_string($keyword), "%_");
//$patterns = array('/\s+/', '/"+/', '/%+/');
//$replace = array('');
//$keyword = preg_replace($patterns, $replace, $keyword);
// build the SQL query that gets the matching functions from the database
$tit = "title";
$id = "id";
$link = "link";
// execute the SQL query
$output = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>';
$output .= '<response>';
$filter = '=""';
if ($keyword != '') {
$filter = ' LIKE "' . $keyword . '%"';
}
// if the keyword is empty build a SQL query that will return no results
$query = '';
if (defined('_JEXEC')) {
$query = 'SELECT ' . $tit . ',' . $link . ',' . $id . '
FROM
(SELECT c.' . $tit . ' ,m.' . $link . ',m.id,c.created
FROM #__content c
JOIN
(
SELECT ' . $link . ',' . $id . '
FROM #__menu
WHERE ' . $link . ' like "index.php?option=com_content&view=article&id=%"
AND published = 1
) as m on m.' . $link . ' = concat("index.php?option=com_content&view=article&id=",c.' . $id . ')
WHERE c.' . $tit . $filter . '
UNION
SELECT c.' . $tit . ' ,concat("index.php?option=com_content&view=article&id=",cast(c.' . $id . ' as char(11))) as link ,0 as id,c.created
FROM #__content c
LEFT JOIN
(
SELECT ' . $link . ',' . $id . '
FROM #__menu
WHERE ' . $link . ' like "index.php?option=com_content&view=article&id=%"
AND published = 1
) as m on m.' . $link . ' = concat("index.php?option=com_content&view=article&id=",c.' . $id . ')
WHERE c.' . $tit . $filter . '
AND m.' . $id . ' is null
AND c.sectionid = 0
AND c.catid = 0
AND c.state = 1
UNION
SELECT i.' . $tit . ' as title,concat("index.php?option=com_content&view=article&id=",cast(i.' . $id . ' as char(11)))
as link, IFNULL(ms.' . $id . ' ,mc.' . $id . ' ) as id,i.created
FROM #__content AS i
JOIN #__sections AS s ON i.sectionid = s.' . $id . '
LEFT JOIN #__menu AS ms ON
ms.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ')
OR ms.' . $link . ' = concat("index.php?option=com_content&view=section&id=",s.' . $id . ')
JOIN #__categories AS c ON i.catid = c.' . $id . '
LEFT JOIN #__menu AS mc ON
mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
OR mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
WHERE (ms.id is not null or mc.id is not null)
AND (ms.published = 1 or mc.published=1)
AND i.' . $tit . $filter . '
UNION
select i.' . $tit . ',concat("index.php?option=com_content&view=article&id=",cast(i.' . $id . ' as char(11))) as link, 0 as id,i.created
FROM #__content i
LEFT join #__menu m on m.link = concat("index.php?option=com_content&view=article&id=",i.' . $id . ')
JOIN #__sections AS s ON i.sectionid = s.' . $id . '
LEFT JOIN #__menu AS ms ON
ms.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ')
OR ms.' . $link . ' = concat("index.php?option=com_content&view=section&id=",s.' . $id . ')
JOIN #__categories AS c ON i.catid = c.' . $id . '
LEFT JOIN #__menu AS mc ON
mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
OR mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
WHERE m.' . $id . ' is null
AND ms.' . $id . ' is null
AND mc.' . $id . ' is null
AND state = 1
AND i.' . $tit . $filter . '
UNION
SELECT IFNULL(s.' . $tit . ',c.' . $tit . '),m.link,m.id,"0000-00-00 00:00:00" as created
FROM #__menu AS m
LEFT JOIN #__sections AS s ON
m.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ')
OR m.' . $link . ' = concat("index.php?option=com_content&view=section&id=",s.' . $id . ')
LEFT JOIN #__categories AS c ON
m.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
OR m.' . $link . ' = concat("iindex.php?option=com_content&view=category&id=",c.' . $id . ')
WHERE (s.id is not null or c.id is not null)
AND m.published = 1
AND IFNULL(s.' . $tit . ',c.' . $tit . ') ' . $filter . '
UNION
SELECT s.' . $tit . ',concat("index.php?option=com_content&view=section&id=",cast(s.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
FROM #__sections AS s
LEFT JOIN #__menu AS m ON
m.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ')
OR m.' . $link . ' = concat("index.php?option=com_content&view=section&id=",s.' . $id . ')
WHERE m.id is null
AND s.published = 1
AND s.' . $tit . $filter . '
UNION
SELECT c.title,concat("index.php?option=com_content&view=category&id=",cast(c.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
FROM #__categories AS c
LEFT JOIN #__menu AS m ON
m.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
OR m.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
WHERE m.id is null
AND c.published = 1
AND c.section REGEXP "^[0-9]+$"
AND c.' . $tit . $filter . '
ORDER BY created desc) a
WHERE ' . $tit . $filter;
} else {
$query = 'SELECT ' . $tit . ',' . $link . ',' . $id . '
FROM
(SELECT c.' . $tit . ' ,m.' . $link . ',m.id,c.created
FROM #__content c
JOIN
(
SELECT componentid,' . $link . ',' . $id . '
FROM #__menu
WHERE type in ("content_item_link","content_typed")
AND published = 1
) as m on m.' . $link . ' = concat("index.php?option=com_content&task=view&id=",c.' . $id . ')
WHERE c.' . $tit . $filter . '
union
SELECT c.' . $tit . ' ,concat("index.php?option=com_content&task=view&id=",cast(c.' . $id . ' as char(11))) as link ,0 as id,c.created
FROM #__content c
LEFT JOIN
(
SELECT ' . $link . ',' . $id . '
FROM #__menu
WHERE type in ("content_item_link","content_typed")
AND published = 1
) as m on m.' . $link . ' = concat("index.php?option=com_content&task=view&id=",c.' . $id . ')
WHERE m.' . $id . ' is null
AND c.sectionid = 0
AND c.catid = 0
AND c.' . $tit . $filter . '
union
SELECT i.' . $tit . ' as title,concat("index.php?option=com_content&task=view&id=",cast(i.' . $id . ' as char(11)))
as link, IFNULL(ms.' . $id . ' ,mc.' . $id . ' ) as id,i.created
FROM #__content i
LEFT JOIN #__sections AS s ON i.sectionid = s.' . $id . '
LEFT JOIN #__menu AS ms ON ms.componentid = s.' . $id . '
LEFT JOIN #__categories AS c ON i.catid = c.' . $id . '
LEFT JOIN #__menu AS mc ON mc.componentid = c.' . $id . '
WHERE ( ms.type IN ( "content_section", "content_blog_section" ) OR mc.type IN ( "content_blog_category", "content_category" ) )
AND ms.published = 1 or mc.published=1
AND i.' . $tit . $filter . '
union
select uc.' . $tit . ',concat("index.php?option=com_content&task=view&id=",cast(uc.' . $id . ' as char(11))) as link,um.' . $id . ',uc.created
FROM #__content uc
JOIN #__menu um on um.componentid = uc.' . $id . '
WHERE type = "url"
AND um.published = 1
AND ' . $link . ' LIKE "index.php?%"
AND uc.' . $tit . $filter . '
union
select i.' . $tit . ',concat("index.php?option=com_content&task=view&id=",cast(i.' . $id . ' as char(11))) as link, 0 as id,i.created
from #__content i
LEFT join #__menu m on m.link = concat("index.php?option=com_content&task=view&id=",i.' . $id . ')
LEFT join #__menu um on um.componentid = i.' . $id . '
LEFT JOIN #__sections AS s ON i.sectionid = s.' . $id . '
LEFT JOIN #__menu AS ms ON ms.componentid = s.' . $id . '
AND ms.type IN ( "content_section", "content_blog_section" )
LEFT JOIN #__categories AS c ON i.catid = c.' . $id . '
LEFT JOIN #__menu AS mc ON mc.componentid = c.' . $id . '
AND mc.type IN ( "content_blog_category", "content_category" )
WHERE m.' . $id . ' is null
AND um.' . $id . ' is null
AND ms.' . $id . ' is null and mc.id is null
AND state = 1
AND i.' . $tit . $filter . '
union
SELECT IFNULL(s.' . $tit . ',c.' . $tit . '),m.link,m.id,"0000-00-00 00:00:00" as created
FROM #__menu AS m
LEFT JOIN #__sections AS s ON m.componentid = s.' . $id . '
LEFT JOIN #__categories AS c ON m.componentid = c.' . $id . '
WHERE m.type IN ( "content_section", "content_blog_section" ,"content_blog_category", "content_category" )
AND m.published = 1
AND IFNULL(s.' . $tit . ',c.' . $tit . ') ' . $filter . '
union
SELECT s.' . $tit . ',concat("index.php?option=com_content&view=section&id=",cast(s.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
FROM #__sections AS s
LEFT JOIN #__menu AS m ON m.componentid = s.' . $id . '
AND m.type IN ( "content_section", "content_blog_section" )
WHERE m.id is null
AND s.published = 1
AND s.' . $tit . $filter . '
union
SELECT c.title,concat("index.php?option=com_content&view=category&id=",cast(c.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
FROM #__categories AS c
LEFT JOIN #__menu AS m ON m.componentid = c.' . $id . '
AND m.type IN ( "content_blog_category", "content_category" )
WHERE m.id is null
AND c.published = 1
AND c.section REGEXP "^[0-9]+$"
AND c.' . $tit . $filter . '
ORDER BY created desc) a
WHERE ' . $tit . $filter;
}
// execute the SQL query
//get DB intstance
$dbi->setQuery($query);
$rows = $dbi->loadAssocList();
// if we have results, loop through them and add them to the output
if ($rows) {
foreach ($rows as $row) {
//$output .= '<name>' . '<![CDATA[' . htmlentities($row[$tit], ENT_QUOTES) . ']]>' . '</name>';
$output .= '<name>' . '<![CDATA[' . $row[$tit] . ']]>' . '</name>';
$output .= '<pid>' . $row[$id] . '</pid>';
$output .= '<link>' . '<![CDATA[' . $row[$link] . ']]>' . '</link>';
}
}
// add debug information
// $output .= '<query>' . $query . '</query>';
$output .= '<error>' . $dbi->getErrorMsg() . '</error>';
// add the final closing tag
$output .= '</response>';
// return the results
return $output;
}
$no_html = strtolower(trim(mosGetParam($_REQUEST, 'no_html', '')));
if ($option == 'logout') {
require 'logout.php';
exit;
}
// restore some session variables
$my = new mosUser($database);
$my->id = mosGetParam($_SESSION, 'session_user_id', '');
$my->username = mosGetParam($_SESSION, 'session_username', '');
$my->usertype = mosGetParam($_SESSION, 'session_usertype', '');
$my->gid = mosGetParam($_SESSION, 'session_gid', '');
$session_id = mosGetParam($_SESSION, 'session_id', '');
$logintime = mosGetParam($_SESSION, 'session_logintime', '');
// check against db record of session
if ($session_id == md5($my->id . $my->username . $my->usertype . $logintime)) {
$database->setQuery("SELECT * FROM #__session" . "\nWHERE session_id='{$session_id}'");
if (!($result = $database->query())) {
echo $database->stderr();
}
if ($database->getNumRows($result) != 1) {
echo "<script>document.location.href='index.php'</script>\n";
exit;
}
} else {
echo "<script>document.location.href='index.php'</script>\n";
exit;
}
// update session timestamp
$current_time = time();
$database->setQuery("UPDATE #__session SET time='{$current_time}'" . "\nWHERE session_id='{$session_id}'");
$database->query();
/**
* Sets the SQL query string for later execution.
*
* This function replaces a string identifier $prefix with the
* string held is the $this->getPrefix() class variable.
*
* @param string $sql The SQL query (casted to (string) )
* @param int $offset The offset to start selection
* @param int $limit The number of results to return
* @param string $prefix The common table prefix search for replacement string
*/
function setQuery($sql, $offset = 0, $limit = 0, $prefix = '#__')
{
$sql = (string) $sql;
if (in_array(checkJversion('product'), array('Mambo', 'Elxis', 'MiaCMS'))) {
if ($offset || $limit) {
$sql .= " LIMIT ";
if ($offset) {
$sql .= (int) abs($offset) . ', ';
}
$sql .= (int) abs($limit);
}
$this->_db->setQuery($sql, $prefix);
} else {
$this->_db->setQuery($sql, (int) abs($offset), (int) abs($limit), $prefix);
}
}
/**
* @version $Id: pollwindow.php,v 1.1 2004/09/27 08:04:38 dappa Exp $
* @package Mambo_4.5.1
* @copyright (C) 2000 - 2004 Miro International Pty Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
* Mambo is Free Software
*/
/** Set flag that this is a parent file */
define("_VALID_MOS", 1);
require_once "../includes/auth.php";
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$database->debug($mosConfig_debug);
$pollid = mosGetParam($_REQUEST, 'pollid', 0);
$css = mosGetParam($_REQUEST, 't', '');
$database->setQuery("SELECT title FROM #__polls WHERE id='{$pollid}'");
$title = $database->loadResult();
$database->setQuery("SELECT text FROM #__poll_data WHERE pollid='{$pollid}' order by id");
$options = $database->loadResultArray();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title><?php
echo $adminLanguage->A_TITLE_PPRE;
?>
</title>
<link rel="stylesheet" href="../../templates/<?php
echo $css;
?>
/css/template_css.css" type="text/css">
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$database->debug($mosConfig_debug);
$acl = new gacl_api();
$option = mosGetParam($_REQUEST, 'option', null);
// mainframe is an API workhorse, lots of 'core' interaction routines
$mainframe = new mosMainFrame($database, $option, '..', true);
if (isset($_POST['submit'])) {
/** escape and trim to minimise injection of malicious sql */
$usrname = $database->getEscaped(trim(mosGetParam($_POST, 'usrname', '')));
$pass = $database->getEscaped(trim(mosGetParam($_POST, 'pass', '')));
if (!$pass) {
echo "<script>alert('" . $adminLanguage->A_ALERT_ENTER_PASSWORD . "'); document.location.href='index.php';</script>\n";
} else {
$pass = md5($pass);
}
$database->setQuery("SELECT COUNT(*)" . "\nFROM #__users" . "\nWHERE (usertype='administrator' OR usertype='superadministrator')");
$count = intval($database->loadResult());
if ($count < 1) {
echo "<script>alert(\"" . _LOGIN_NOADMINS . "\"); window.history.go(-1); </script>\n";
exit;
}
$database->setQuery("SELECT * FROM #__users WHERE username='******' AND block='0'");
$my = null;
$database->loadObject($my);
/** find the user group (or groups in the future) */
$grp = $acl->getAroGroup($my->id);
$my->gid = $grp->group_id;
$my->usertype = $grp->name;
if ($my->id) {
if (strcmp($my->password, $pass) || !$acl->acl_check('administration', 'login', 'users', $my->usertype)) {
echo "<script>alert('" . $adminLanguage->A_ALERT_INCORRECT . "'); document.location.href='index.php';</script>\n";
/**
* @version $Id: modulewindow.php,v 1.2 2004/10/11 03:36:33 dappa Exp $
* @package Mambo_4.5.1
* @copyright (C) 2000 - 2004 Miro International Pty Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
* Mambo is Free Software
*/
/** Set flag that this is a parent file */
define("_VALID_MOS", 1);
require_once '../includes/auth.php';
include_once $mosConfig_absolute_path . '/language/' . $mosConfig_lang . '.php';
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$database->debug($mosConfig_debug);
$title = mosGetParam($_REQUEST, 'title', 0);
$css = mosGetParam($_REQUEST, 't', '');
$database->setQuery("SELECT * FROM #__modules WHERE title='{$title}'");
$row = null;
$database->loadObject($row);
$pat = "src=images";
$replace = "src=../../images";
$pat2 = "\\\\'";
$replace2 = "'";
$content = eregi_replace($pat, $replace, $row->content);
$content = eregi_replace($pat2, $replace2, $row->content);
$title = eregi_replace($pat2, $replace2, $row->title);
$iso = split('=', _ISO);
// xml prolog
echo '<?xml version="1.0" encoding="' . $iso[1] . '"?' . '>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
/**
* Tests connection to a MySQL database using the provided settings
*
* @param string $host MySQL server's hostname
* @param string $port MySQL server's port
* @param string $user MySQL server's username
* @param string $pass MySQL server's password
* @param string $database MySQL database
* @return boolean|string True on success, error description on failure
*/
function testConnection($host, $port, $user, $pass, $database)
{
$host = $host . ($port != '' ? ":{$port}" : '');
if (!defined('_JEXEC')) {
$database = new database($host, $user, $pass, $database, '', false);
// A dummy SQL statement which shouldn't fail
$sql = 'SHOW TABLES';
$database->setQuery($sql);
$database->query();
// If the query failed, I guess we're not connected to the database
if ($database->getErrorNum() != 0) {
return false;
}
} else {
jimport('joomla.database.database');
jimport('joomla.database.table');
$conf =& JFactory::getConfig();
$driver = $conf->getValue('config.dbtype');
$options = array('driver' => $driver, 'host' => $host, 'user' => $user, 'password' => $pass, 'database' => $database, 'prefix' => '');
$database =& JDatabase::getInstance($options);
if (JError::isError($database)) {
return false;
}
if ($database->getErrorNum() > 0) {
return false;
}
}
return true;
}
function getSuggestions($keyword)
{
//get DB
if (defined('_JEXEC')) {
$dbi = JDatabase::getInstance(array('driver' => DB_DRIVER, 'host' => DB_HOST, 'user' => DB_USER, 'password' => DB_PASSWORD, 'database' => DB_DATABASE, 'prefix' => DB_PREFIX));
} else {
$dbi = new database(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE, DB_PREFIX, DB_OFFLINE);
}
// escape the keyword string
if (get_magic_quotes_gpc()) {
//Addded by AW
$keyword = stripslashes($keyword);
}
$keyword = $dbi->getEscaped($keyword);
//$patterns = array('/\s+/', '/"+/', '/%+/');
//$replace = array('');
//$keyword = preg_replace($patterns, $replace, $keyword);
//set SQL BIG SELECT option to ensure it is set to true
$dbi->setQuery("SET OPTION SQL_BIG_SELECTS=1");
$dbi->query();
// build the SQL query that gets the matching functions from the database
$tit = "title";
$id = "id";
$link = "link";
// execute the SQL query
$output = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>';
$output .= '<response>';
$filter = '=""';
if ($keyword != '') {
$filter = ' LIKE "' . $keyword . '%"';
}
// if the keyword is empty build a SQL query that will return no results
$query = '';
if (defined('_JEXEC')) {
$query = 'SELECT ' . $tit . ',' . $link . ',' . $id . '
FROM
(SELECT c.' . $tit . ' ,m.' . $link . ',m.id,c.created
FROM #__content c
JOIN
(
SELECT ' . $link . ',' . $id . '
FROM #__menu
WHERE ' . $link . ' like "index.php?option=com_content&view=article&id=%"
AND published = 1
) as m on m.' . $link . ' = concat("index.php?option=com_content&view=article&id=",c.' . $id . ')
WHERE c.' . $tit . $filter . '
UNION
SELECT i.' . $tit . ' as title,concat(concat(concat("index.php?option=com_content&view=article&catid=",c.' . $id . '),"&id="),cast(i.' . $id . ' as char(11)))
as link, mc.' . $id . ' as id,i.created
FROM #__content AS i
JOIN #__categories AS c ON i.catid = c.' . $id . '
JOIN #__menu AS mc ON
mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
OR mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
WHERE mc.published=1
AND i.' . $tit . $filter . '
UNION
select i.' . $tit . ',concat(concat(concat("index.php?option=com_content&view=article&catid=",c.' . $id . '),"&id="),cast(i.' . $id . ' as char(11))) as link, 0 as id,i.created
FROM #__content i
LEFT join #__menu m on m.link = concat("index.php?option=com_content&view=article&id=",i.' . $id . ')
JOIN #__categories AS c ON i.catid = c.' . $id . '
LEFT JOIN #__menu AS mc ON
mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
OR mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
WHERE m.' . $id . ' is null
AND mc.' . $id . ' is null
AND state = 1
AND i.' . $tit . $filter . '
UNION
SELECT c.' . $tit . ',m.link,m.id,"0000-00-00 00:00:00" as created
FROM #__menu AS m
JOIN #__categories AS c ON
m.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
OR m.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
WHERE m.published = 1
AND m.parent_id = 1
AND c.' . $tit . $filter . '
UNION
SELECT c.title,concat("index.php?option=com_content&view=categories&id=",cast(c.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
FROM #__categories AS c
JOIN #__menu AS m ON
m.' . $link . ' = concat("index.php?option=com_content&view=categories&id=",c.' . $id . ')
WHERE m.published = 1
AND c.' . $tit . $filter . '
ORDER BY created desc) a
WHERE ' . $tit . $filter;
}
// execute the SQL query
//get DB intstance
$dbi->setQuery($query);
$rows = $dbi->loadAssocList();
// if we have results, loop through them and add them to the output
if ($rows) {
foreach ($rows as $row) {
//$output .= '<name>' . '<![CDATA[' . htmlentities($row[$tit], ENT_QUOTES) . ']]>' . '</name>';
$output .= '<name>' . '<![CDATA[' . $row[$tit] . ']]>' . '</name>';
$output .= '<pid>' . $row[$id] . '</pid>';
$output .= '<link>' . '<![CDATA[' . $row[$link] . ']]>' . '</link>';
}
}
// add debug information
// $output .= '<query>' . $query . '</query>';
$output .= '<error>' . $dbi->getErrorMsg() . '</error>';
// add the final closing tag
$output .= '</response>';
// return the results
return $output;
}
#$appapikey = 'd8520a0693d090e98286086ffd49f76a';
#$appsecret = '681174282fd1e16189127346e7764726';
#$facebook = new Facebook($appapikey, $appsecret);
#$uid = $facebook->require_login();
// get session
require_once $CONFIG['dir']->includes . '/session.php';
// get database object
require_once $CONFIG['dir']->includes . '/database.php';
$database = new database($CONFIG['db']->host, $CONFIG['db']->user, $CONFIG['db']->pass, $CONFIG['db']->name, null);
//$database->debug( $CONFIG['site']->debug );
// check if user is logging in
if ($_REQUEST['login']) {
// check username and password
$user = new stdClass();
$sql = "SELECT *\n\t\t\tFROM Users\n\t\t\tWHERE username='******'username'] . "'\n\t\t\t\tAND password='******'password'] . "'";
$database->setQuery($sql);
if ($database->loadObject($user)) {
// successful login
$GLOBALS['user'] = $user;
// get preferences
$GLOBALS['preferences']->regions = textarea_to_array($user->regions);
$GLOBALS['preferences']->sites = textarea_to_array($user->sites);
setSessionVar('uname', $user->username);
} else {
$err = 'Login failed. Please try again.';
}
} else {
if (isset($_REQUEST['logout'])) {
// logout user
unset($GLOBALS['user']);
unset($GLOBALS['preferences']);
require_once $mosConfig_absolute_path . '/includes/gacl.class.php';
require_once $mosConfig_absolute_path . '/includes/gacl_api.class.php';
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$acl = new gacl_api();
if (isset($_REQUEST['uid'])) {
$uid = intval(trim($_REQUEST['uid']));
} else {
if (isset($_REQUEST['dnd_uid'])) {
$uid = intval(trim($_REQUEST['dnd_uid']));
} else {
$uid = '0';
}
}
$my = $mainframe->getUser();
session_start();
$database->setQuery("SELECT id, gid, username, usertype FROM #__users WHERE id={$uid}");
$row = null;
if ($database->loadObject($row)) {
// fudge the group stuff
$grp = $acl->getAroGroup($row->id);
$row->gid = 1;
if ($acl->is_group_child_of($grp->name, 'Registered', 'ARO') || $acl->is_group_child_of($grp->name, 'Public Backend', 'ARO')) {
// fudge Authors, Editors, Publishers and Super Administrators into the Special Group
$row->gid = 2;
}
$row->usertype = $grp->name;
$my->id = intval($row->id);
$my->username = $row->username;
$my->usertype = $row->usertype;
$my->gid = intval($row->gid);
}
if (file_exists('installation/index.php')) {
include 'offline.php';
exit;
}
/** retrieve some expected url (or form) arguments */
$option = trim(strtolower(mosGetParam($_REQUEST, 'option')));
//µÃµ½$option=$_REQUEST['option'];
$Itemid = intval(mosGetParam($_REQUEST, 'Itemid', null));
//µÃµ½$Itemid=$_REQUEST['Itemid'];
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$database->debug($mosConfig_debug);
$acl = new gacl_api();
if ($option == '') {
if ($Itemid) {
$query = "SELECT id, link" . "\n FROM #__menu" . "\n WHERE menutype='mainmenu'" . "\n AND id = '{$Itemid}'" . "\n AND published = '1'";
$database->setQuery($query);
//Ìæ»»µô#__;
} else {
$query = "SELECT id, link" . "\n FROM #__menu" . "\n WHERE menutype='mainmenu' AND published='1'" . "\n ORDER BY parent, ordering LIMIT 1";
$database->setQuery($query);
//Ìæ»»µô#__;
}
$menu = new mosMenu($database);
if ($database->loadObject($menu)) {
$Itemid = $menu->id;
}
$link = $menu->link;
if (($pos = strpos($link, '?')) !== false) {
$link = substr($link, $pos + 1) . '&Itemid=' . $Itemid;
}
parse_str($link, $temp);
/**
* Return an instance of JDatabase
*
* @return JDatabase
*/
function _getDB()
{
if ($this->_isJoomla) {
// Core Joomla! database, get the existing instance
$db = JoomlapackAbstraction::getDatabase();
return $db;
} else {
// We have to connect ourselves
if (defined('_JEXEC')) {
// Joomla! 1.5.x
jimport('joomla.database.database');
jimport('joomla.database.table');
$conf =& JFactory::getConfig();
$host = $this->_host . ($this->_port != '' ? ':' . $this->_port : '');
$user = $this->_username;
$password = $this->_password;
$database = $this->_database;
$prefix = '';
$driver = $conf->getValue('config.dbtype');
$debug = $conf->getValue('config.debug');
$options = array('driver' => $driver, 'host' => $host, 'user' => $user, 'password' => $password, 'database' => $database, 'prefix' => $prefix);
$db =& JDatabase::getInstance($options);
if (JError::isError($db)) {
$this->_errorMessage = "JoomlapackDumperDefault :: Database Error:" . $db->toString();
$this->_isError = true;
$this->setError($this->_errorMessage);
return false;
}
if ($db->getErrorNum() > 0) {
$this->_errorMessage = 'JDatabase::getInstance: Could not connect to database <br/>' . 'joomla.library:' . $db->getErrorNum() . ' - ' . $db->getErrorMsg();
$this->_isError = true;
$this->setError($this->_errorMessage);
return false;
}
$db->debug($debug);
return $db;
} else {
// Joomla! 1.0.x
$host = $this->_host . ($this->_port != '' ? ':' . $this->_port : '');
$user = $this->_username;
$password = $this->_password;
$database = $this->_database;
$prefix = '';
$db = new database($host, $user, $password, $database, $prefix, false);
// A dummy SQL statement which shouldn't fail
$sql = 'SHOW TABLES';
$db->setQuery($sql);
$db->query();
// If the query failed, I guess we're not connected to the database
if ($db->getErrorNum() > 0) {
$this->_errorMessage = 'database(): Could not connect to database <br/>' . 'joomla.library:' . $db->getErrorNum() . ' - ' . $db->getErrorMsg();
$this->_isError = true;
$this->setError($this->_errorMessage);
return false;
}
return $db;
}
}
}
