function my_pathinfo($param = NULL)
{
removeslash($param, 0);
$tab["dirname"] = preg_match("/(^.+)\\//", $param, $dump) ? $dump[1] : ".";
if (preg_match("/.*\\/(.*)\$/", $param, $dump)) {
$tab["basename"] = $dump[1];
} else {
removeslash($param, 1);
preg_match("/(.*)/", $param, $dump);
$tab["basename"] = $dump[1];
}
if ($param === ".." || $param === ".") {
dotordot($param, $tab);
} else {
if (preg_match("/[.]([^.\\/]*)\$/", $param, $dump)) {
$tab["extension"] = $dump[1];
addslash($param);
preg_match("/\\/([^\\/]*)\\.[^\\/]*\$/", $param, $dump);
$tab["filename"] = $dump[1];
} else {
preg_match("/\\/?([^\\/]+)[.\\/]?\$/", $param, $dump);
$tab["filename"] = $dump[1];
}
}
return $tab;
}
public function __construct()
{
global $topDirectory;
$this->datafile = addslash(getSettingsPath()) . 'fileshare.dat';
$this->check_post($this->postlist);
$this->load();
$this->userdir = addslash($topDirectory);
}
public static function getTempDir($token = null)
{
if ($token !== null) {
return array('tok' => $token, 'dir' => addslash(addslash(self::$config['tempdir']) . '.rutorrent/.fman/' . $token));
}
if (is_null(self::$tmpdir)) {
$tmp = self::newTempDir();
self::$tmpdir = $tmp;
}
return self::$tmpdir;
}
public function move($files, $to)
{
$temp = Helper::getTempDir();
$args = array('action' => 'recursiveMove', 'params' => array('files' => $files, 'to' => addslash($to)), 'temp' => $temp);
$task = $temp['dir'] . 'task';
file_put_contents($task, json_encode($args));
$task_opts = array('requester' => 'filemanager', 'name' => 'move');
$rtask = new \rTask($task_opts);
$commands = array(Helper::getTaskCmd() . " " . escapeshellarg($task));
$ret = $rtask->start($commands, 0);
// var_dump($ret);
return $temp;
}
public static function fastResume($torrent, $base, $add_path = true)
{
$files = array();
$info = $torrent->info;
$psize = intval($info['piece length']);
$base = trim($base);
if ($base == '') {
$req = new rXMLRPCRequest(new \model\xmlrpc\rXMLRPCCommand(\config\Conf::$userscgi, 'get_directory'));
if ($req->success()) {
$base = $req->val[0];
}
}
if ($psize && \model\xmlrpc\rTorrentSettings::get(\config\Conf::$userscgi)->correctDirectory($base)) {
$base = addslash($base);
$tsize = 0.0;
if (isset($info['files'])) {
foreach ($info['files'] as $key => $file) {
$tsize += floatval($file['length']);
$files[] = $add_path ? $info['name'] . "/" . implode('/', $file['path']) : implode('/', $file['path']);
}
} else {
$tsize = floatval($info['length']);
$files[] = $info['name'];
}
$chunks = intval(($tsize + $psize - 1) / $psize);
$torrent->{'libtorrent_resume'}['bitfield'] = intval($chunks);
if (!isset($torrent->{'libtorrent_resume'}['files'])) {
$torrent->{'libtorrent_resume'}['files'] = array();
}
foreach ($files as $key => $file) {
$ss = LFS::stat($base . $file);
if ($ss === false) {
return false;
}
if (count($torrent->{'libtorrent_resume'}['files']) < $key) {
$torrent->{'libtorrent_resume'}['files'][$key]['mtime'] = $ss["mtime"];
} else {
$torrent->{'libtorrent_resume'}['files'][$key] = array("priority" => 2, "mtime" => $ss["mtime"]);
}
}
return $torrent;
}
return false;
}
function simplify_path ($path) {
global $delim;
if (@file_exists($path) && function_exists('realpath') && @realpath($path) != '') {
$path = realpath($path);
if (@is_dir($path)) {
return addslash($path);
} else {
return $path;
}
}
$pattern = $delim . '.' . $delim;
if (@is_dir($path)) {
$path = addslash($path);
}
while (strpos($path, $pattern) !== false) {
$path = str_replace($pattern, $delim, $path);
}
$e = addslashes($delim);
$regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|([^\.][^' . $e . ']*))' . $e . '\.\.' . $e;
while (ereg($regex, $path)) {
$path = ereg_replace($regex, $delim, $path);
}
return $path;
}
} else {
require_once INCLUDES . "html_buttons_include.php";
}
$settings2 = array();
$result = dbquery("SELECT * FROM " . DB_SETTINGS);
while ($data = dbarray($result)) {
$settings2[$data['settings_name']] = $data['settings_value'];
}
if (isset($_POST['savesettings'])) {
$error = 0;
if (addslash($_POST['license_agreement']) != $settings2['license_agreement']) {
$license_lastupdate = time();
} else {
$license_lastupdate = $settings2['license_lastupdate'];
}
$license_agreement = addslash(preg_replace("(^<p>\\s</p>\$)", "", $_POST['license_agreement']));
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['enable_registration']) ? $_POST['enable_registration'] : "1") . "' WHERE settings_name='enable_registration'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['email_verification']) ? $_POST['email_verification'] : "1") . "' WHERE settings_name='email_verification'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['admin_activation']) ? $_POST['admin_activation'] : "0") . "' WHERE settings_name='admin_activation'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['display_validation']) ? $_POST['display_validation'] : "1") . "' WHERE settings_name='display_validation'");
if (!$result) {
$error = 1;
} else {
redirect(FUSION_SELF . $aidlink);
}
}
}
}
if (isset($_GET['action']) && $_GET['action'] == "2" && (isset($_GET['t']) && $_GET['t'] == "a")) {
if (isset($_POST['publish']) && (isset($_GET['submit_id']) && isnum($_GET['submit_id']))) {
$result = dbquery("SELECT ts.submit_criteria, user_id\r\n\t\t\tFROM " . DB_SUBMISSIONS . " ts\r\n\t\t\tLEFT JOIN " . DB_USERS . " tu ON ts.submit_user=tu.user_id\r\n\t\t\tWHERE submit_id='" . $_GET['submit_id'] . "'");
if (dbrows($result)) {
$data = dbarray($result);
$submit_criteria = unserialize($data['submit_criteria']);
$article_cat = isnum($_POST['article_cat']) ? $_POST['article_cat'] : 0;
$article_subject = stripinput($_POST['article_subject']);
$article_snippet = addslash($_POST['article_snippet']);
$article_body = addslash($_POST['article_body']);
$article_breaks = $_POST['article_breaks'] == "y" ? "y" : "n";
$result = dbquery("INSERT INTO " . DB_ARTICLES . " (article_cat, article_subject, article_snippet, article_article, article_breaks, article_name, article_datestamp, article_reads, article_allow_comments, article_allow_ratings) VALUES ('{$article_cat}', '{$article_subject}', '{$article_snippet}', '{$article_body}', '{$article_breaks}', '" . $data['user_id'] . "', '" . time() . "', '0', '1', '1' ,'" . LANGUAGE . "')");
$result = dbquery("DELETE FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'");
opentable($locale['530']);
echo "<br /><div style='text-align:center'>" . $locale['531'] . "<br /><br />\n";
echo "<a href='" . FUSION_SELF . $aidlink . "'>" . $locale['402'] . "</a><br /><br />\n";
echo "<a href='index.php" . $aidlink . "'>" . $locale['403'] . "</a></div><br />\n";
closetable();
} else {
redirect(FUSION_SELF . $aidlink);
}
} else {
if (isset($_POST['delete']) && (isset($_GET['submit_id']) && isnum($_GET['submit_id']))) {
opentable($locale['532']);
$result = dbquery("DELETE FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'");
function findRemoteEXE($exe, $err, &$remoteRequests)
{
$st = getSettingsPath() . '/' . rand();
if (!array_key_exists($exe, $remoteRequests)) {
$path = realpath(dirname('.'));
global $pathToExternals;
$cmd = array("sh", addslash($path) . "test.sh", $exe, $st);
if (isset($pathToExternals[$exe]) && !empty($pathToExternals[$exe])) {
$cmd[] = $pathToExternals[$exe];
}
$req = new rXMLRPCRequest(new rXMLRPCCommand("execute", $cmd));
$req->run();
$remoteRequests[$exe] = array("path" => $st, "err" => array());
}
$remoteRequests[$exe]["err"][] = $err;
}
public function move($paths)
{
$files = array_map(array($this, 'getWorkDir'), (array) $paths->fls);
// destination dir requires ending /
$to = addslash($this->getUserDir($paths->to));
// var_dump($paths, $files);
$fs = Fs::get();
if (!$fs->isDir($to)) {
throw new Exception("Destination is not directory", 2);
}
$task_info = $fs->move($files, $to);
return $task_info;
}
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
if (fusion_get_settings("tinymce_enabled")) {
echo "<script language='javascript' type='text/javascript'>advanced();</script>\n";
}
if (isset($_GET['submit_id']) && isnum($_GET['submit_id'])) {
if (isset($_POST['publish']) && (isset($_GET['submit_id']) && isnum($_GET['submit_id']))) {
$result = dbquery("SELECT ts.*, tu.user_id, tu.user_name FROM " . DB_SUBMISSIONS . " ts\n\t\t\tLEFT JOIN " . DB_USERS . " tu ON ts.submit_user=tu.user_id\n\t\t\tWHERE submit_id='" . $_GET['submit_id'] . "'");
if (dbrows($result)) {
$data = dbarray($result);
$data = array('article_id' => 0, 'article_subject' => form_sanitizer($_POST['article_subject'], '', 'article_subject'), 'article_cat' => form_sanitizer($_POST['article_cat'], 0, 'article_cat'), 'article_name' => $data['user_id'], 'article_snippet' => addslash(preg_replace("(^<p>\\s</p>\$)", "", $_POST['article_snippet'])), 'article_article' => addslash(preg_replace("(^<p>\\s</p>\$)", "", $_POST['article_article'])), 'article_keywords' => form_sanitizer($_POST['article_keywords'], '', 'article_keywords'), 'article_datestamp' => form_sanitizer($_POST['article_datestamp'], time(), 'article_datestamp'), 'article_visibility' => form_sanitizer($_POST['article_visibility'], 0, 'article_visibility'), 'article_draft' => isset($_POST['article_draft']) ? "1" : "0", 'article_allow_comments' => 0, 'article_allow_ratings' => 0, 'article_language' => form_sanitizer($_POST['article_language'], '', 'article_language'));
if (fusion_get_settings('tinymce_enabled') != 1) {
$data['article_breaks'] = isset($_POST['line_breaks']) ? "y" : "n";
} else {
$data['article_breaks'] = "n";
}
if (defender::safe()) {
dbquery_insert(DB_ARTICLES, $data, "save");
$result = dbquery("DELETE FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'");
if ($data['article_draft']) {
addNotice("success", $locale['articles_0051']);
} else {
addNotice("success", $locale['articles_0050']);
}
redirect(clean_request("", array("submit_id"), FALSE));
}
}
} elseif (isset($_POST['save_forum'])) {
$forum_name = trim(stripinput($_POST['forum_name']));
$forum_description = trim(stripinput($_POST['forum_description']));
$forum_cat = isnum($_POST['forum_cat']) ? $_POST['forum_cat'] : 0;
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['forum_id']) && isnum($_GET['forum_id'])) && (isset($_GET['t']) && $_GET['t'] == "forum")) {
$forum_mods = $_POST['forum_mods'];
$forum_access = isnum($_POST['forum_access']) ? $_POST['forum_access'] : 0;
$forum_post = isnum($_POST['forum_post']) ? $_POST['forum_post'] : 0;
$forum_reply = isnum($_POST['forum_reply']) ? $_POST['forum_reply'] : 0;
$forum_attach = isnum($_POST['forum_attach']) ? $_POST['forum_attach'] : 0;
$forum_poll = isnum($_POST['forum_poll']) ? $_POST['forum_poll'] : 0;
$forum_vote = isnum($_POST['forum_vote']) ? $_POST['forum_vote'] : 0;
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_name='{$forum_name}', forum_cat='{$forum_cat}', forum_description='{$forum_description}', forum_moderators='{$forum_mods}', forum_access='{$forum_access}', forum_post='{$forum_post}', forum_reply='{$forum_reply}', forum_attach='{$forum_attach}', forum_poll='{$forum_poll}', forum_vote='{$forum_vote}' WHERE forum_id='" . $_GET['forum_id'] . "'");
// start fb4 mod
$forum_icon = addslash(stripinput($_POST['forum_icon']));
$forum_parent = isset($_POST['forum_parent']) && isNum($_POST['forum_parent']) ? $_POST['forum_parent'] : 0;
$result = dbquery("UPDATE " . $db_prefix . "fb_forums set forum_icon='{$forum_icon}', forum_parent='{$forum_parent}' where forum_id='" . $_GET['forum_id'] . "'");
// end fb4 mod
redirect(FUSION_SELF . $aidlink . "§ion=forums&status=savefu");
} else {
if ($forum_name) {
$forum_order = isnum($_POST['forum_order']) ? $_POST['forum_order'] : "";
$forum_parent = isset($_POST['forum_parent']) && isNum($_POST['forum_parent']) ? $_POST['forum_parent'] : 0;
if (!$forum_order) {
$forum_order = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " f\n\t\t\t\tleft join " . DB_PREFIX . "fb_forums f2 on f2.forum_id=f.forum_id\n\t\t\t\tWHERE f2.forum_parent='{$forum_parent}'"), 0) + 1;
}
$result2 = dbquery("select * from " . DB_FORUMS . " f\n\t\t\tleft join " . DB_PREFIX . "fb_forums f2 on f2.forum_id=f.forum_id\n\t\t\tWHERE forum_cat='{$forum_cat}' AND forum_order>='{$forum_order}'" . ($forum_parent ? " AND f2.forum_parent='{$forum_parent}'" : ""));
while ($data2 = dbarray($result2)) {
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 where forum_id='" . $data2['forum_id'] . "'");
}
function getTempDirectory()
{
global $tempDirectory;
if (empty($tempDirectory)) {
$directories = array();
if (ini_get('upload_tmp_dir')) {
$directories[] = ini_get('upload_tmp_dir');
}
if (function_exists('sys_get_temp_dir')) {
$directories[] = sys_get_temp_dir();
}
$directories[] = '/tmp';
foreach ($directories as $directory) {
if (is_dir($directory) && is_writable($directory)) {
$tempDirectory = $directory;
break;
}
}
if (empty($tempDirectory)) {
$tempDirectory = getProfilePath() . '/tmp';
}
$tempDirectory = addslash($tempDirectory);
}
return $tempDirectory;
}
}
if (isset($_GET['deny']) && isNum($_GET['deny']) && $userdata['user_id'] == $data['group_leader']) {
$apply = dbcount("(apply_user)", DB_PREFIX . "fb_apply", "apply_group='" . $data['group_id'] . "' and apply_user='******'deny'] . "'");
if ($apply) {
$query = dbquery("delete from " . DB_PREFIX . "fb_apply where apply_group='" . $data['group_id'] . "' and apply_user='******'deny'] . "'");
$message = str_replace(array("{1}"), array($settings['siteurl'] . "infusions/fusionboard4/groups.php?view=" . $data['group_id']), $locale['uc307']);
sendMessage($applyUser['user_id'], $data['group_leader'], $locale['uc305'], $message);
redirect(FUSION_SELF . "?section=groups&view=" . $_GET['view']);
} else {
redirect(FUSION_SELF . "?section=groups&view=" . $_GET['view']);
}
}
if (isset($_GET['action']) && $_GET['action'] == "edit" && $userdata['user_id'] == $data['group_leader']) {
if (isset($_POST['goGroup'])) {
$group_name = isset($_POST['group_name']) ? addslash(stripinput($_POST['group_name'])) : "";
$group_desc = isset($_POST['group_desc']) ? addslash(stripinput($_POST['group_desc'])) : "";
$group_type = isset($_POST['group_type']) && isNum($_POST['group_type']) ? $_POST['group_type'] : 1;
$group_wall = isset($_POST['group_wall']) && isNum($_POST['group_wall']) ? $_POST['group_wall'] : 0;
$group_visibility = isset($_POST['group_visibility']) && isNum($_POST['group_visibility']) ? $_POST['group_visibility'] : 0;
$group_moderate = isset($_POST['group_moderate']) && isNum($_POST['group_moderate']) ? $_POST['group_moderate'] : 0;
$result = dbquery("update " . DB_PREFIX . "fb_groups set group_description='{$group_desc}', group_access='{$group_type}', \n\t\t\tgroup_wall='{$group_wall}', group_visibility='{$group_visibility}', group_moderate='{$group_moderate}' \n\t\t\twhere group_id='" . $_GET['view'] . "'");
$result = dbquery("update " . DB_USER_GROUPS . " set group_name='{$group_name}', group_description='{$group_desc}' where group_id='" . $_GET['view'] . "'");
redirect(FUSION_SELF . "?section=groups&view=" . $_GET['view']);
}
echo "<tr>\n<td class='forum-caption' style='padding-left:5px;'>" . $locale['uc367'] . "\"" . stripslash($data['group_name']) . "\"</td>\n</tr>\n";
echo "<tr>\n<td class='tbl1' style='padding:10px;'><form action='" . FUSION_SELF . "?section=groups&view=" . $_GET['view'] . "&action=edit' method='post' name='groupeditform'>\n";
echo $locale['uc266'] . "<br /><input name='group_name' class='textbox' style='font-size:14px;margin:3px;margin-left:6px;width:320px;' value='" . stripslash($data['group_name']) . "'><br />\n";
echo $locale['uc267'] . "<br /><textarea name='group_desc' class='textbox' style='font-size:14px;margin:3px;margin-left:6px;width:320px;'>" . stripslash($data['group_description']) . "</textarea><br />\n";
echo $locale['uc268'] . "<br />\n<select name='group_type' class='textbox grouptext'>\n";
echo "<option value='1'" . ($data['group_access'] == "1" ? " SELECTED" : "") . ">" . $locale['uc269'] . "</option>\n";
echo "<option value='2'" . ($data['group_access'] == "2" ? " SELECTED" : "") . ">" . $locale['uc270'] . "</option>\n";
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['maintenance']) ? $_POST['maintenance'] : "0") . "' WHERE settings_name='maintenance'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . addslash(descript($_POST['maintenance_message'])) . "' WHERE settings_name='maintenance_message'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['bad_words_enabled']) ? $_POST['bad_words_enabled'] : "0") . "' WHERE settings_name='bad_words_enabled'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . addslash($_POST['bad_words']) . "' WHERE settings_name='bad_words'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . stripinput($_POST['bad_word_replace']) . "' WHERE settings_name='bad_word_replace'");
if (!$result) {
$error = 1;
}
if ($_POST['captcha'] == "recaptcha" && ($_POST['recaptcha_public'] == "" || $_POST['recaptcha_private'] == "")) {
$error = 2;
} else {
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . stripinput($_POST['captcha']) . "' WHERE settings_name='captcha'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . stripinput($_POST['recaptcha_public']) . "' WHERE settings_name='recaptcha_public'");
<div class="info col-xs-3 col-sm-3 col-md-3 col-lg-3">
<?php
if (empty($orders)) {
echo '<h3>' . 'нет заказов' . '</h3>';
}
?>
</div>
</div>
<div class="row">
<div class="content col-xs-12 col-sm-12 col-md-12 col-lg-12">
<?php
if (is_array($orders)) {
//условия закрываеться в конце дива
foreach ($orders as $order) {
// закрываем условие в конце после таблици
$n = addslash($order['name']);
//обработка переменных на вывод
$e = htmlAll($order['email']);
$p = clearData($order['phone'], "i");
$a = htmlAll($order['address']);
?>
<table border="1" width="100%">
<tr>
<td colspan="6">
<h3>Товарная накладная N </h3>
<hr style="border-width: 3px; color: #003399">
<h5>Заказчик:<?php
echo $n;
?>
</h5>
<h5>Email:<?php
+--------------------------------------------------------*/
require_once "../maincore.php";
require_once THEMES . "templates/admin_header.php";
require_once INCLUDES . "html_buttons_include.php";
include LOCALE . LOCALESET . "admin/downloads.php";
if (!checkrights("D") || !defined("iAUTH") || $_GET['aid'] != iAUTH) {
redirect("../index.php");
}
$result = dbquery("SELECT * FROM " . DB_DOWNLOAD_CATS);
if (dbrows($result)) {
if (isset($_GET['action']) && $_GET['action'] == "delete" && (isset($_GET['download_id']) && isnum($_GET['download_id']))) {
$result = dbquery("DELETE FROM " . DB_DOWNLOADS . " WHERE download_id='" . $_GET['download_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&download_cat_id=" . intval($_GET['download_cat_id']));
} elseif (isset($_POST['save_download'])) {
$download_title = stripinput($_POST['download_title']);
$download_description = addslash($_POST['download_description']);
$download_url = stripinput($_POST['download_url']);
$download_cat = intval($_POST['download_cat']);
$download_license = stripinput($_POST['download_license']);
$download_os = stripinput($_POST['download_os']);
$download_version = stripinput($_POST['download_version']);
$download_filesize = stripinput($_POST['download_filesize']);
if ($download_title) {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['download_id']) && isnum($_GET['download_id']))) {
$download_datestamp = isset($_POST['update_datestamp']) ? ", download_datestamp='" . time() . "'" : "";
$result = dbquery("UPDATE " . DB_DOWNLOADS . " SET download_title='{$download_title}', download_description='{$download_description}', download_url='{$download_url}', download_cat='{$download_cat}', download_license='{$download_license}', download_os='{$download_os}', download_version='{$download_version}', download_filesize='{$download_filesize}'" . $download_datestamp . " WHERE download_id='" . $_GET['download_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&download_cat_id=" . $download_cat);
} else {
$result = dbquery("INSERT INTO " . DB_DOWNLOADS . " (download_title, download_description, download_url, download_cat, download_license, download_os, download_version, download_filesize, download_datestamp, download_count) VALUES ('{$download_title}', '{$download_description}', '{$download_url}', '{$download_cat}', '{$download_license}', '{$download_os}', '{$download_version}', '{$download_filesize}', '" . time() . "', '0')");
redirect(FUSION_SELF . $aidlink . "&download_cat_id=" . $download_cat);
}
<?php
include "../../../../maincore.php";
if (!$_GET['sid']) {
die("Access Denied");
}
if (!iADMIN) {
die("Access Denied");
}
if (file_exists(INFUSIONS . "fusionboard4/locale/" . $settings['locale'] . ".php")) {
include INFUSIONS . "fusionboard4/locale/" . $settings['locale'] . ".php";
} else {
include INFUSIONS . "fusionboard4/locale/English.php";
}
include INFUSIONS . "fusionboard4/includes/func.php";
if (isset($_GET['user']) && isNum($_GET['user'])) {
$image = stripinput($_GET['image']);
$desc = addslash(stripinput($_GET['desc']));
$result = dbquery("insert into " . DB_PREFIX . "fb_awards (award_user, award_image, award_desc) VALUES('" . $_GET['user'] . "', '{$image}', '{$desc}')");
}
if (isset($_GET['del']) && isNum($_GET['del'])) {
$query = dbquery("delete from " . DB_PREFIX . "fb_awards where award_id='" . $_GET['del'] . "'");
}
$result = dbquery("UPDATE " . DB_FAQ_CATS . " SET faq_cat_name='{$faq_cat_name}', faq_cat_description='{$faq_cat_description}' WHERE faq_cat_id='" . $_GET['faq_cat_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&status=scu");
} else {
$result = dbquery("INSERT INTO " . DB_FAQ_CATS . " (faq_cat_name, faq_cat_description) VALUES('{$faq_cat_name}', '{$faq_cat_description}')");
redirect(FUSION_SELF . $aidlink . "&status=scn");
}
} else {
$error = 1;
}
} else {
$error = 2;
}
} elseif (isset($_POST['save_faq'])) {
$faq_cat = intval($_POST['faq_cat']);
$faq_question = stripinput($_POST['faq_question']);
$faq_answer = addslash($_POST['faq_answer']);
if ($faq_question && $faq_answer) {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['faq_id']) && isnum($_GET['faq_id'])) && (isset($_GET['t']) && $_GET['t'] == "faq")) {
$result = dbquery("UPDATE " . DB_FAQS . " SET faq_cat_id='{$faq_cat}', faq_question='{$faq_question}', faq_answer='{$faq_answer}' WHERE faq_id='" . $_GET['faq_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&faq_cat_id={$faq_cat}&status=su");
} else {
$result = dbquery("INSERT INTO " . DB_FAQS . " (faq_cat_id, faq_question, faq_answer) VALUES ('{$faq_cat}', '{$faq_question}', '{$faq_answer}')");
redirect(FUSION_SELF . $aidlink . "&faq_cat_id={$faq_cat}&status=sn");
}
} else {
$error = 3;
}
} elseif (isset($_GET['action']) && $_GET['action'] == "edit") {
if (isset($_GET['faq_cat_id']) && isnum($_GET['faq_cat_id']) && (isset($_GET['t']) && $_GET['t'] == "cat")) {
$result = dbquery("SELECT faq_cat_id, faq_cat_name, faq_cat_description FROM " . DB_FAQ_CATS . " WHERE faq_cat_id='" . $_GET['faq_cat_id'] . "'");
if (dbrows($result)) {
foreach ($_POST['take'] as $id => $val) {
$query_id = dbquery("SELECT * FROM " . DB_DOWNLOADS . " WHERE download_id='{$id}'");
if (!dbrows($query_id)) {
$imported[$id] = $locale['PDP866'];
continue;
}
$imported[$id] = $locale['PDP043'];
$data = dbarray($query_id);
$name = $data['download_title'];
$ver = $data['download_version'];
$url = $_POST['down'][$id];
$size = $data['download_filesize'];
$datestamp = $data['download_datestamp'];
$cat_id = $_POST['cat'][$id];
$lid = $_POST['license'][$id];
$desc = addslash($data['download_description']);
$ok = dbquery("INSERT INTO " . DB_PDP_DOWNLOADS . "" . " SET" . " cat_id='{$cat_id}', dl_name='{$name}'," . " dl_desc='{$desc}'," . " user_id='" . $userdata['user_id'] . "'," . " license_id='{$lid}', lizenz_okay='N'," . " lizenz_packet='N'," . " dl_count='" . $data['download_count'] . "'," . " dl_mtime='{$datestamp}', dl_ctime='{$datestamp}'," . " dl_status='" . PDP_PRO_ON . "'");
$id = mysql_insert_id();
$ok = dbquery("INSERT INTO " . DB_PDP_FILES . "" . " SET" . " download_id='{$id}'," . " file_version='{$ver}'," . " file_desc=''," . " file_url='{$url}'," . " file_size='{$size}'," . " file_timestamp='{$datestamp}'");
}
// count cat downloads
$query_id = dbquery("SELECT cat_id" . " FROM " . DB_PDP_CATS . "");
while ($data = dbarray($query_id)) {
$count = ff_db_count("(*)", DB_PDP_DOWNLOADS, "(cat_id='" . $data['cat_id'] . "'" . " AND dl_status='" . PDP_PRO_ON . "')");
$mysql[] = "UPDATE " . DB_PDP_CATS . "" . " SET" . " count_downloads='" . $count . "'" . " WHERE cat_id='" . $data['cat_id'] . "'";
}
fallback(FUSION_SELF . "?do_import=no");
}
/*
* CREATE CAT SEL
*/
if (isset($request['comment'])) {
$comment = trim($request['comment']);
if (strlen($comment)) {
$torrent->comment($comment);
}
}
if ($request['private']) {
$torrent->is_private(true);
}
$fname = rTask::formatPath($taskNo) . '/result.torrent';
$torrent->save($fname);
if ($request['start_seeding']) {
$fname = getUniqueUploadedFilename($torrent->info['name'] . '.torrent');
$path_edit = trim($request['path_edit']);
if (is_dir($path_edit)) {
$path_edit = addslash($path_edit);
}
if (rTorrentSettings::get()->correctDirectory($path_edit)) {
$path_edit = dirname($path_edit);
if ($resumed = rTorrent::fastResume($torrent, $path_edit)) {
$torrent = $resumed;
}
$torrent->save($fname);
rTorrent::sendTorrent($torrent, true, true, $path_edit, null, true, isLocalMode());
@chmod($fname, $profileMask & 0666);
}
}
exit(0);
}
exit(1);
}
public function correctDirectory(&$dir, $resolve_links = false)
{
global $topDirectory;
if (strlen($dir) && $dir[0] == '~') {
$dir = $this->home . substr($dir, 1);
}
$dir = fullpath($dir, $this->directory);
if ($resolve_links) {
$path = realpath($dir);
if (!$path) {
$dir = addslash(realpath(dirname($dir))) . basename($dir);
} else {
$dir = $path;
}
}
return strpos(addslash($dir), $topDirectory) === 0;
}
default:
$message = $locale['900'];
$status = 'success';
$icon = "<i class='fa fa-check-square-o fa-lg fa-fw'></i>";
}
if ($message) {
addNotice($status, $icon . $message);
}
}
if (isset($_POST['save_banners'])) {
$error = 0;
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . addslash($_POST['sitebanner1']) . "' WHERE settings_name='sitebanner1'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . addslash($_POST['sitebanner2']) . "' WHERE settings_name='sitebanner2'");
if (!$result) {
$error = 1;
}
redirect(FUSION_SELF . $aidlink . "&error=" . $error, TRUE);
}
if (isset($_POST['preview_banners'])) {
$sitebanner1 = "";
$sitebanner2 = "";
$sitebanner1 = stripslash($_POST['sitebanner1']);
$sitebanner2 = stripslash($_POST['sitebanner2']);
} else {
$sitebanner1 = stripslashes($settings['sitebanner1']);
$sitebanner2 = stripslashes($settings['sitebanner2']);
}
opentable($locale['850']);
public function startTask($hash, $outPath, $mode, $fileno)
{
global $rootPath;
$ret = array("no" => -1, "pid" => 0, "status" => 255, "log" => array(), "errors" => array("Unknown error."));
if (rTorrentSettings::get()->isPluginRegistered('quotaspace')) {
require_once dirname(__FILE__) . "/../quotaspace/rquota.php";
$qt = rQuota::load();
if (!$qt->check()) {
$ret["errors"] = array("Quota limitation was reached. Unpack failed.");
return $ret;
}
}
$taskArgs = array('requester' => 'unpack', 'name' => 'unpack', 'hash' => $hash, 'dir' => $outPath, 'mode' => $mode, 'no' => $fileno);
if ($outPath != '' && !rTorrentSettings::get()->correctDirectory($outPath)) {
$outPath = '';
}
if (!empty($mode)) {
$req = new rXMLRPCRequest(new rXMLRPCCommand("f.get_frozen_path", array($hash, intval($fileno))));
if ($req->success()) {
$filename = $req->val[0];
if ($filename == '') {
$req = new rXMLRPCRequest(array(new rXMLRPCCommand("d.open", $hash), new rXMLRPCCommand("f.get_frozen_path", array($hash, intval($fileno))), new rXMLRPCCommand("d.close", $hash)));
if ($req->success()) {
$filename = $req->val[1];
}
}
if ($outPath == '') {
$outPath = dirname($filename);
}
$commands = array();
$arh = getExternal($mode == "zip" ? 'unzip' : 'unrar');
$commands[] = escapeshellarg($rootPath . '/plugins/unpack/un' . $mode . '_file.sh') . " " . escapeshellarg($arh) . " " . escapeshellarg($filename) . " " . escapeshellarg(addslash($outPath));
$taskArgs['arg'] = call_user_func('end', explode('/', $filename));
$task = new rTask($taskArgs);
$ret = $task->start($commands, 0);
}
} else {
$req = new rXMLRPCRequest(array(new rXMLRPCCommand("d.get_base_path", $hash), new rXMLRPCCommand("d.get_custom1", $hash), new rXMLRPCCommand("d.get_name", $hash)));
if ($req->success()) {
$basename = $req->val[0];
$label = rawurldecode($req->val[1]);
$tname = $req->val[2];
if ($basename == '') {
$req = new rXMLRPCRequest(array(new rXMLRPCCommand("d.open", $hash), new rXMLRPCCommand("d.get_base_path", $hash), new rXMLRPCCommand("d.close", $hash)));
if ($req->success()) {
$basename = $req->val[1];
}
}
$req = new rXMLRPCRequest(new rXMLRPCCommand("f.multicall", array($hash, "", getCmd("f.get_path="))));
if ($req->success()) {
$rarPresent = false;
$zipPresent = false;
foreach ($req->val as $no => $name) {
if (USE_UNRAR && preg_match("'.*\\.(rar|r\\d\\d|\\d\\d\\d)\$'si", $name) == 1) {
$rarPresent = true;
} else {
if (USE_UNZIP && preg_match("'.*\\.zip\$'si", $name) == 1) {
$zipPresent = true;
}
}
}
$mode = $rarPresent && $zipPresent ? 'all' : ($rarPresent ? 'rar' : ($zipPresent ? 'zip' : null));
if ($mode) {
$pathToUnrar = getExternal("unrar");
$pathToUnzip = getExternal("unzip");
$arh = $mode == "zip" ? $pathToUnzip : $pathToUnrar;
if (is_dir($basename)) {
$postfix = "_dir";
if ($outPath == '') {
$outPath = $basename;
}
$basename = addslash($basename);
} else {
$postfix = "_file";
if ($outPath == '') {
$outPath = dirname($basename);
}
$pathToUnzip = "";
}
$outPath = addslash($outPath);
if ($this->addLabel && $label != '') {
$outPath .= addslash($label);
}
if ($this->addName && $tname != '') {
$outPath .= addslash($tname);
}
$commands[] = escapeshellarg($rootPath . '/plugins/unpack/un' . $mode . $postfix . '.sh') . " " . escapeshellarg($arh) . " " . escapeshellarg($basename) . " " . escapeshellarg($outPath) . " " . escapeshellarg($pathToUnzip);
$taskArgs['arg'] = call_user_func('end', explode('/', delslash($basename)));
$task = new rTask($taskArgs);
$ret = $task->start($commands, 0);
}
}
}
}
return $ret;
}
} elseif ($_GET['status'] == "del") {
$message = $locale['512'];
}
if ($message) {
echo "<div id='close-message'><div class='admin-message'>" . $message . "</div></div>\n";
}
}
$result = dbcount("(weblink_cat_id)", DB_WEBLINK_CATS);
if (!empty($result)) {
if (isset($_GET['action']) && $_GET['action'] == "delete" && (isset($_GET['weblink_id']) && isnum($_GET['weblink_id']))) {
$result = dbquery("DELETE FROM " . DB_WEBLINKS . " WHERE weblink_id='" . $_GET['weblink_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&weblink_cat_id=" . $_GET['weblink_cat_id'] . "&status=del");
}
if (isset($_POST['save_link'])) {
$weblink_name = stripinput($_POST['weblink_name']);
$weblink_description = addslash($_POST['weblink_description']);
$weblink_url = stripinput($_POST['weblink_url']);
$weblink_cat = intval($_POST['weblink_cat']);
if ($weblink_name) {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['weblink_id']) && isnum($_GET['weblink_id']))) {
$weblink_datestamp = isset($_POST['update_datestamp']) ? ", weblink_datestamp='" . time() . "'" : "";
$result = dbquery("UPDATE " . DB_WEBLINKS . " SET weblink_name='{$weblink_name}', weblink_description='{$weblink_description}', weblink_url='{$weblink_url}', weblink_cat='{$weblink_cat}'" . $weblink_datestamp . " WHERE weblink_id='" . $_GET['weblink_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&weblink_cat_id={$weblink_cat}&status=su");
} else {
$result = dbquery("INSERT INTO " . DB_WEBLINKS . " (weblink_name, weblink_description, weblink_url, weblink_cat, weblink_datestamp, weblink_count) VALUES ('{$weblink_name}', '{$weblink_description}', '{$weblink_url}', '{$weblink_cat}', '" . time() . "', '0')");
redirect(FUSION_SELF . $aidlink . "&weblink_cat_id={$weblink_cat}&status=sn");
}
} else {
redirect(FUSION_SELF . $aidlink);
}
}
<?php
if (chdir(dirname(__FILE__))) {
set_time_limit(0);
if (count($argv) > 6) {
$_SERVER['REMOTE_USER'] = $argv[6];
}
if (count($argv) > 5) {
require_once "unpack.php";
$up = rUnpack::load();
if ($up->enabled) {
$base_name = intval($argv[3]) ? $argv[1] : addslash($argv[1]) . $argv[2];
$label = rawurldecode($argv[4]);
if (@preg_match($up->filter . 'u', $label) == 1) {
$up->startSilentTask($base_name, $label, $argv[5]);
}
}
}
}
$dir = isLocalMode() ? $theSettings->directory : $topDirectory;
if (strpos(addslash($dir), $topDirectory) !== 0) {
$dir = $topDirectory;
}
$dh = @opendir($dir);
}
$files = array();
$dirs = array();
if ($dh) {
$dir = addslash($dir);
while (false !== ($file = readdir($dh))) {
$path = fullpath($dir . $file);
if ($file == ".." && $dir == $topDirectory) {
continue;
}
if (is_dir($path) && is_readable($path) && strpos(addslash($path), $topDirectory) === 0 && ($theSettings->uid < 0 || isUserHavePermission($theSettings->uid, $theSettings->gid, $path, 0x5))) {
$dirs['/' . $file] = $path;
} else {
if (LFS::is_file($path) && is_readable($path) && ($theSettings->uid < 0 || isUserHavePermission($theSettings->uid, $theSettings->gid, $path, 0x4))) {
$files[$file] = $path;
}
}
}
closedir($dh);
ksort($files, SORT_STRING);
ksort($dirs, SORT_STRING);
$files = array_merge($dirs, $files);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
define("OVOVCMS_ROOT", str_replace("\\", "/", dirname(__FILE__)));
define("CONFIG_PATH", OVOVCMS_ROOT . "/config");
define("COMMON_PATH", OVOVCMS_ROOT . "/common");
define("TPL_PATH", OVOVCMS_ROOT . "/templates/html");
define("INCLUDE_FUNCPATH", OVOVCMS_ROOT . "/include/function");
define("INCLUDE_CLASSPATH", OVOVCMS_ROOT . "/include/classlib");
header("Content-type:text/html; Charset=utf-8");
require_once INCLUDE_FUNCPATH . "/function.common.php";
require_once CONFIG_PATH . "/web.config.php";
require_once CONFIG_PATH . "/database.config.php";
//set_magic_quotes_runtime(0);
// 检测魔术引号有无开启,如果没开启,把GET,POST,COOKIE手动转义.
if (!get_magic_quotes_gpc()) {
$_GET = addslash($_GET);
$_POST = addslash($_POST);
$_COOKIE = addslash($_COOKIE);
}
CheckInstall();
//检查是否安装
CheckSwitch();
//检查网站开关
require_once INCLUDE_CLASSPATH . "/mysql.class.php";
$Db = new Db();
include_once OVOVCMS_ROOT . "/include/inc/unsql.php";
require_once OVOVCMS_ROOT . "/smarty/libs/Smarty.class.php";
$smarty = new Smarty();
require_once INCLUDE_FUNCPATH . "/myLib.php";
$smarty->template_dir = OVOVCMS_ROOT . '/templates/ovov_web';
//这个放置模版文件
$smarty->compile_dir = OVOVCMS_ROOT . '/smarty/templates_web/';
//以下三个文件内容为空
$message = $locale['410'];
} elseif ($_GET['status'] == "su") {
$message = $locale['411'];
} elseif ($_GET['status'] == "del") {
$message = $locale['412'];
}
if ($message) {
echo "<div id='close-message'><div class='alert alert-info m-t-10 admin-message'>" . $message . "</div></div>\n";
}
}
$result = dbcount("(article_cat_id)", DB_ARTICLE_CATS);
if (!empty($result)) {
if (isset($_POST['save'])) {
$subject = stripinput($_POST['subject']);
$body = addslash($_POST['body']);
$body2 = addslash($_POST['body2']);
$draft = isset($_POST['article_draft']) ? "1" : "0";
if ($settings['tinymce_enabled'] != 1) {
$breaks = isset($_POST['line_breaks']) ? "y" : "n";
} else {
$breaks = "n";
}
$comments = isset($_POST['article_comments']) ? "1" : "0";
$ratings = isset($_POST['article_ratings']) ? "1" : "0";
if (isset($_POST['article_id']) && isnum($_POST['article_id']) && !defined("FUSION_NULL")) {
$result = dbquery("UPDATE " . DB_ARTICLES . " SET article_cat='" . intval($_POST['article_cat']) . "', article_subject='{$subject}', article_snippet='{$body}', article_article='{$body2}', article_draft='{$draft}', article_breaks='{$breaks}', article_allow_comments='{$comments}', article_allow_ratings='{$ratings}' WHERE article_id='" . $_POST['article_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&status=su");
} elseif (!defined("FUSION_NULL")) {
$result = dbquery("INSERT INTO " . DB_ARTICLES . " (article_cat, article_subject, article_snippet, article_article, article_draft, article_breaks, article_name, article_datestamp, article_reads, article_allow_comments, article_allow_ratings) VALUES ('" . intval($_POST['article_cat']) . "', '{$subject}', '{$body}', '{$body2}', '{$draft}', '{$breaks}', '" . $userdata['user_id'] . "', '" . time() . "', '0', '{$comments}', '{$ratings}')");
redirect(FUSION_SELF . $aidlink . "&status=sn");
}
}
}
closedir($temp);
sort($panel_list);
array_unshift($panel_list, "none");
if (isset($_POST['save'])) {
$error = "";
$panel_name = stripinput($_POST['panel_name']);
$panel_url_list = stripinput($_POST['panel_url_list']);
$panel_restriction = isset($_POST['panel_restriction']) && $_POST['panel_restriction'] == 1 ? 1 : 0;
if ($panel_name == "") {
$error .= $locale['470'] . "<br />";
}
if ($_POST['panel_filename'] == "none") {
$panel_filename = "";
$panel_content = isset($_POST['panel_content']) ? addslash($_POST['panel_content']) : ($panel_side == 1 || $panel_side == 4 ? "openside(\"name\");\n" . "echo \"Content\";\n" . "closeside();" : "opentable(\"name\");\n" . "echo \"Content\";\n" . "closetable();");
$panel_type = "php";
} else {
$panel_filename = stripinput($_POST['panel_filename']);
$panel_content = "";
$panel_type = "file";
}
$panel_access = isnum($_POST['panel_access']) ? $_POST['panel_access'] : "0";
if ($panel_side == "1" || $panel_side == "4") {
$panel_display = "0";
} else {
$panel_display = isset($_POST['panel_display']) ? "1" : "0";
}
if (isset($_GET['panel_id']) && isnum($_GET['panel_id'])) {
if ($panel_name) {
$data = dbarray(dbquery("SELECT panel_name FROM " . DB_PANELS . " WHERE panel_id='" . $_GET['panel_id'] . "'"));
