mysql_connect('localhost', 'user', 'password');
mysql_select_db('database_name');
class MysqlDemo
{
public function query($query)
{
if (preg_match("/create|drop/", $query)) {
throw new Exception("Sorry you are not allowed to execute '" . $query . "'");
}
if (!preg_match("/(select.*from *test|insert *into *test.*|delete *from *test|update *test)/", $query)) {
throw new Exception("Sorry you can't execute '" . $query . "' you are only allowed to select, insert, delete " . "or update 'test' table");
}
if ($res = mysql_query($query)) {
if ($res === true) {
return true;
}
if (mysql_num_rows($res) > 0) {
while ($row = mysql_fetch_row($res)) {
$result[] = $row;
}
return $result;
} else {
return array();
}
} else {
throw new Exception("MySQL Error: " . mysql_error());
}
}
}
handle_json_rpc(new MysqlDemo());
<?php
define('__DEVEL__', true);
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
ini_set('display_errors', 'On');
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
require 'lib/json-rpc.php';
require 'lib/Service.php';
if (__DEVEL__) {
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
ini_set('display_errors', 'On');
}
echo handle_json_rpc(new Service('config.json', getcwd()));
exit;
}
?>
<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title>Leash</title>
<meta name="Description" content=""/>
<link rel="shortcut icon" href="favicon.ico"/>
<!--[if IE]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<link href="css/jquery.terminal.css" rel="stylesheet"/>
<link href="css/style.css" rel="stylesheet"/>
<link href="css/jquery.micro.css" rel="stylesheet"/>
<style>
/* some styles before I move them to style.css */
if (strcmp(md5("demo:demo"), $token) == 0) {
if (preg_match("/\\.\\./", $path)) {
throw new Exception("No directory traversal Dude");
}
$base = preg_replace("/(.*\\/).*/", "\$1", $_SERVER["SCRIPT_FILENAME"]);
$path = $base . ($path[0] != '/' ? "/" : "") . $path;
$dir = opendir($path);
while ($name = readdir($dir)) {
$fname = $path . "/" . $name;
if (!is_dir($name) && !is_dir($fname)) {
$list[] = $name;
}
}
closedir($dir);
return $list;
} else {
throw new Exception("Access Denied");
}
}
static $whoami_documentation = "return user information";
public function whoami($token, $a = null)
{
return array("2" => $a, "your User Agent" => $_SERVER["HTTP_USER_AGENT"], "your IP" => $_SERVER['REMOTE_ADDR'], "you acces this from" => $_SERVER["HTTP_REFERER"]);
}
public function whoisuli($token, $a = null)
{
return array("token" => $token, "2" => $a);
}
}
handle_json_rpc(new Demo());
public static function terminal()
{
global $REX, $I18N;
// Phase 1
/** @var $commands watson_terminal[] */
$commands = rex_register_extension_point('WATSON_TERMINAL');
$commands = $commands['terminal'];
$terminal_input = rex_request('watson_terminal', 'bool');
if ($terminal_input && is_array($commands) && count($commands) > 0) {
handle_json_rpc($commands);
}
}
$instance = new Memcache();
do_debug('memcache connect:' . $instance->connect('localhost'));
$return = $this->do_command($token, $instance);
return $return;
}
protected function do_command($token, $instance)
{
$input = explode(' ', $token);
$method = $input[0];
unset($input[0]);
$param = $input;
if (in_array($method, array('describe', 'help'))) {
if (is_array($param) and count($param)) {
$return = get_describe(strtolower(get_class($instance)), current($param));
} else {
$return = 'please input a valid method name after describe';
}
} else {
try {
$return = call_user_func_array(array($instance, $method), $param);
} catch (Exception $e) {
$return = $e->getMessage();
do_debug($return);
}
$return = is_string($return) ? $return : json_encode($return);
}
return $return;
}
}
handle_json_rpc(new Controller());
$versions = array("OrongoCMS version" => "r" . REVISION, "OrongoTerminal version" => "v" . ORONGOTERMINAL_VERSION, "jQueryTerminal version" => "v" . JQUERYTERMINAL_VERSION, "\n" => "", "PHP version" => "v" . phpversion(), "MySQL version" => "v" . mysql_get_server_info(), "\n" => "");
$pluginversions = array();
foreach ($plugins as $plugin) {
$pluginName = get_class($plugin);
if (array_key_exists($pluginName, $pluginversions)) {
continue;
}
$vn = -1;
try {
$vn = $plugin->getVersionNumber();
} catch (Exception $e) {
continue;
}
$pluginversions[$pluginName] = $vn;
}
$allversions = $versions + $pluginversions;
$str = "";
foreach ($allversions as $key => $version) {
if ($key == "\n") {
$str .= $key . $version;
} else {
$str .= $key . ": " . $version . "\n";
}
}
return $str;
}
}
$objs = array(new OrongoTerminal(), new GeneralCommands());
$objs = array_merge($plugins, $objs);
handle_json_rpc($objs);
return mysql_array($query);
}
public function ls($token, $path)
{
// you can select token from database
if (strcmp(md5("foo:bar"), $token) == 0) {
$dir = opendir($path);
while ($name = readdir($dir)) {
$fname = $path . "/" . $name;
if (!is_dir($name) && !is_dir($fname)) {
$list[] = $name;
}
}
closedir($dir);
return $list;
} else {
throw new Exception("Access Denied");
}
}
//can't use echo
public function _echo($ignore, $str)
{
return $str;
}
public function ping($ignore)
{
return "pong";
}
}
handle_json_rpc(new Service());
case 'type':
global $hmcontent;
if (isset($parameter2)) {
$con = $hmcontent->hmcontent;
if (isset($con[$parameter2])) {
$args = $con[$parameter2];
foreach ($args as $key => $val) {
if (is_array($val)) {
$return[] = "\t" . hm_array_to_list($key, $val);
} else {
$return[] = "\t" . $key . " : " . $val . "\n";
}
}
return implode('', $return);
}
} else {
$content_type = $hmcontent->hmcontent;
foreach ($content_type as $key => $val) {
$return[] = "\t" . $key . "\n";
}
return implode('', $return);
}
break;
default:
$help = "\tcontent type : " . _('Hiển thị tất cả content type') . "\n" . "\tcontent type ['content key'] : " . _('Hiển thị chi tiết content type') . "\n" . "" . "\n";
return $help;
}
}
}
handle_json_rpc(new Hmcommand());
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
require 'lib/Service.php';
$service = new Service('config.json', getcwd());
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
require 'lib/json-rpc.php';
if ($service->debug()) {
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
ini_set('display_errors', 'On');
}
echo handle_json_rpc($service);
exit;
}
?>
<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title>Leash</title>
<meta name="Description" content=""/>
<link rel="shortcut icon" href="favicon.ico"/>
<!--[if IE]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<link href="css/jquery.terminal.css" rel="stylesheet"/>
<link href="css/style.css" rel="stylesheet"/>