public function getData() { if ($this->config['html_type'] == 'html') { $content = $this->config['html_content']; } elseif ($this->config['html_type'] == 'php') { if (is_demo_mode()) { $content = 'PHP Execution not allowed in Demo Mode!'; } else { $content = eval($this->config['html_content']); if ((!isset($content) or empty($content)) and isset($output) and !empty($output)) { $content = $output; } } } elseif ($this->config['html_type'] == 'text') { $content = nl2br(htmlspecialchars_uni($this->config['html_content'])); } return $content; }
/** * Prints text for an SQL query to recreate a table * * @param string Table name * @param integer If set to a file pointer, will write SQL there instead */ function fetch_table_dump_sql($table, $fp = 0) { global $vbulletin; if (is_demo_mode()) { $fp = 0; } $tabledump = $vbulletin->db->query_first("SHOW CREATE TABLE {$table}"); strip_backticks($tabledump['Create Table']); $tabledump = "DROP TABLE IF EXISTS {$table};\n" . $tabledump['Create Table'] . ";\n\n"; if ($fp) { fwrite($fp, $tabledump); } else { echo $tabledump; } // get data $rows = $vbulletin->db->query_read("SELECT * FROM {$table}"); $numfields = $vbulletin->db->num_fields($rows); while ($row = $vbulletin->db->fetch_array($rows, DBARRAY_NUM)) { $tabledump = "INSERT INTO {$table} VALUES("; $fieldcounter = -1; $firstfield = 1; // get each field's data while (++$fieldcounter < $numfields) { if (!$firstfield) { $tabledump .= ', '; } else { $firstfield = 0; } if (!isset($row["{$fieldcounter}"])) { $tabledump .= 'NULL'; } else { $tabledump .= "'" . $vbulletin->db->escape_string($row["{$fieldcounter}"]) . "'"; } } $tabledump .= ");\n"; if ($fp) { fwrite($fp, $tabledump); } else { echo $tabledump; } } $vbulletin->db->free_result($rows); }
define('FORCE_HOOKS', true); // #################### PRE-CACHE TEMPLATES AND DATA ###################### $phrasegroups = array('plugins'); $specialtemplates = array(); // ########################## REQUIRE BACK-END ############################ require_once './global.php'; require_once DIR . '/includes/class_hook.php'; require_once DIR . '/includes/class_block.php'; require_once DIR . '/includes/adminfunctions_plugin.php'; require_once DIR . '/includes/adminfunctions_template.php'; //inits classloader -- required to make vB_Cache work require_once DIR . '/includes/class_bootstrap_framework.php'; vB_Bootstrap_Framework::init(); // ######################## CHECK ADMIN PERMISSIONS ####################### // don't allow demo version or admin with no permission to administer plugins if (is_demo_mode() or !can_administer('canadminplugins')) { print_cp_no_permission(); } $vbulletin->input->clean_array_gpc('r', array('pluginid' => TYPE_UINT)); // ############################# LOG ACTION ############################### log_admin_action(iif($vbulletin->GPC['pluginid'] != 0, 'plugin id = ' . $vbulletin->GPC['pluginid'])); // ############################################################################# // ########################### START MAIN SCRIPT ############################### // ############################################################################# if ($_REQUEST['do'] != 'download' and $_REQUEST['do'] != 'productexport') { print_cp_header($vbphrase['plugin_products_system']); } if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'modify'; } if (in_array($_REQUEST['do'], array('modify', 'files', 'edit', 'add', 'product', 'productadd', 'productedit'))) {
print_submit_row($vbphrase['find']); */ } // ############################################################################# // rebuilds all parent lists and id cache lists if ($_REQUEST['do'] == 'rebuild') { $vbulletin->input->clean_array_gpc('r', array('renumber' => TYPE_INT, 'install' => TYPE_INT)); echo "<p> </p>"; build_all_styles($vbulletin->GPC['renumber'], $vbulletin->GPC['install'], "template.php?" . $vbulletin->session->vars['sessionurl']); } // ############################################################################# // create template files if ($_REQUEST['do'] == 'createfiles' and $vbulletin->debug) { // this action requires that a web-server writable folder called // 'template_dump' exists in the root of the vbulletin directory if (is_demo_mode()) { print_cp_message('This function is disabled within demo mode'); } if (function_exists('set_time_limit') and !SAFEMODE) { @set_time_limit(1200); } chdir(DIR . '/template_dump'); $templates = $db->query_read("\n\t\tSELECT title, templatetype, username, dateline, template_un AS template\n\t\tFROM " . TABLE_PREFIX . "template\n\t\tWHERE styleid = " . $vbulletin->GPC['dostyleid'] . "\n\t\t\tAND templatetype = 'template'\n\t\t\t" . iif($vbulletin->GPC['mode'] == 1, "AND templateid IN({$templateids})") . "\n\t\tORDER BY title\n\t"); echo "<ol>\n"; while ($template = $db->fetch_array($templates)) { echo "<li><b class=\"col-c\">{$template['title']}</b>: Parsing... "; $text = str_replace("\r\n", "\n", $template['template']); $text = str_replace("\n", "\r\n", $text); echo 'Writing... '; $fp = fopen("./{$template['title']}.htm", 'w+'); fwrite($fp, $text);
/** * Attempts to create a new css file for this style * * @param string CSS filename * @param string CSS contents * * @return boolean Success */ function write_css_file($filename, $contents) { // attempt to write new css file - store in database if unable to write file if ($fp = @fopen(DIR . "/{$filename}", 'w') and !is_demo_mode()) { fwrite($fp, $contents); @fclose($fp); return true; } else { @fclose($fp); return false; } }
|| # ----------------- VBULLETIN IS NOT FREE SOFTWARE ----------------- # || || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # || || ###################################################################### || \*========================================================================*/ // ######################## SET PHP ENVIRONMENT ########################### error_reporting(E_ALL & ~E_NOTICE); // ##################### DEFINE IMPORTANT CONSTANTS ####################### define('CVS_REVISION', '$RCSfile$ - $Revision: 83432 $'); // #################### PRE-CACHE TEMPLATES AND DATA ###################### global $phrasegroups, $specialtemplates, $vbphrase, $vbulletin; $phrasegroups = array('cron', 'logging'); $specialtemplates = array(); // ########################## REQUIRE BACK-END ############################ require_once dirname(__FILE__) . '/global.php'; // ######################## CHECK ADMIN PERMISSIONS ####################### if (is_demo_mode() or !can_administer('canadmincron')) { print_cp_no_permission(); } // ############################# LOG ACTION ############################### $vbulletin->input->clean_array_gpc('r', array('cronid' => vB_Cleaner::TYPE_INT)); log_admin_action(iif($vbulletin->GPC['cronid'] != 0, 'cron id = ' . $vbulletin->GPC['cronid'])); // ######################################################################## // ######################### START MAIN SCRIPT ############################ // ######################################################################## $vb5_config =& vB::getConfig(); print_cp_header($vbphrase['scheduled_task_manager_gcron']); if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'modify'; } // ############## quick enabled/disabled status ################ if ($_POST['do'] == 'updateenabled') {
} else { if (!empty($vbulletin->session->vars['sessionurl_js'])) { $pmpopupurl = 'private.php?' . $vbulletin->session->vars['sessionurl_js']; } else { $pmpopupurl = 'private.php'; } } eval('$footer .= "' . fetch_template('pm_popup_script') . '";'); } // ############################################################################# // ######################### END TEMPLATES & STYLES ############################ // ############################################################################# // ############################################################################# // phpinfo display for support purposes if ($_REQUEST['do'] == 'phpinfo') { if ($vbulletin->options['allowphpinfo'] and !is_demo_mode()) { phpinfo(); exit; } else { eval(standard_error(fetch_error('admin_disabled_php_info'))); } } // ############################################################################# // check to see if server is too busy. this is checked at the end of session.php if ($servertoobusy and !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and THIS_SCRIPT != 'login') { $vbulletin->options['useforumjump'] = 0; eval(standard_error(fetch_error('toobusy'))); } // ############################################################################# // check that board is active - if not admin, then display error if (!$vbulletin->options['bbactive'] and THIS_SCRIPT != 'login') {
/** * Updates the setting table based on data passed in then rebuilds the datastore. * Only entries in the array are updated (allows partial updates). * * @param array Array of settings. Format: [setting_name] = new_value */ function save_settings($settings) { global $vbulletin, $vbphrase, $stylevar; $varnames = array(); foreach (array_keys($settings) as $varname) { $varnames[] = $vbulletin->db->escape_string($varname); } $oldsettings = $vbulletin->db->query_read("\n\t\tSELECT value, varname, datatype, optioncode\n\t\tFROM " . TABLE_PREFIX . "setting\n\t\tWHERE varname IN ('" . implode("', '", $varnames) . "')\n\t\tORDER BY varname\n\t"); while ($oldsetting = $vbulletin->db->fetch_array($oldsettings)) { switch ($oldsetting['varname']) { // ************************************************** case 'bbcode_html_colors': $settings['bbcode_html_colors'] = serialize($settings['bbcode_html_colors']); break; // ************************************************** // ************************************************** case 'styleid': $vbulletin->db->query_write("\n\t\t\t\t\tUPDATE " . TABLE_PREFIX . "style\n\t\t\t\t\tSET userselect = 1\n\t\t\t\t\tWHERE styleid = " . $settings['styleid'] . "\n\t\t\t\t"); break; // ************************************************** // ************************************************** case 'banemail': build_datastore('banemail', $settings['banemail']); $settings['banemail'] = ''; break; // ************************************************** // ************************************************** case 'editormodes': $vbulletin->input->clean_array_gpc('p', array('fe' => TYPE_UINT, 'qr' => TYPE_UINT, 'qe' => TYPE_UINT)); $settings['editormodes'] = serialize(array('fe' => $vbulletin->GPC['fe'], 'qr' => $vbulletin->GPC['qr'], 'qe' => $vbulletin->GPC['qe'])); break; // ************************************************** // ************************************************** case 'cookiepath': case 'cookiedomain': if ($settings[$oldsetting['varname'] . '_other'] and $settings[$oldsetting['varname'] . '_value']) { $settings[$oldsetting['varname']] = $settings[$oldsetting['varname'] . '_value']; } break; // ************************************************** // ************************************************** default: ($hook = vBulletinHook::fetch_hook('admin_options_processing')) ? eval($hook) : false; if ($oldsetting['optioncode'] == 'multiinput') { $store = array(); foreach ($settings["{$oldsetting['varname']}"] as $value) { if ($value != '') { $store[] = $value; } } $settings["{$oldsetting['varname']}"] = serialize($store); } else { if (preg_match('#^usergroup:[0-9]+$#', $oldsetting['optioncode'])) { // serialize the array of usergroup inputs if (!is_array($settings["{$oldsetting['varname']}"])) { $settings["{$oldsetting['varname']}"] = array(); } $settings["{$oldsetting['varname']}"] = array_map('intval', $settings["{$oldsetting['varname']}"]); $settings["{$oldsetting['varname']}"] = serialize($settings["{$oldsetting['varname']}"]); } } } $newvalue = validate_setting_value($settings["{$oldsetting['varname']}"], $oldsetting['datatype']); // this is a strict type check because we want '' to be different from 0 // some special cases below only use != checks to see if the logical value has changed if (strval($oldsetting['value']) !== strval($newvalue)) { switch ($oldsetting['varname']) { case 'activememberdays': case 'activememberoptions': if ($oldsetting['value'] != $newvalue) { $vbulletin->options["{$oldsetting['varname']}"] = $newvalue; require_once DIR . '/includes/functions_databuild.php'; build_birthdays(); } break; case 'showevents': case 'showholidays': if ($oldsetting['value'] != $newvalue) { $vbulletin->options["{$oldsetting['varname']}"] = $newvalue; require_once DIR . '/includes/functions_calendar.php'; build_events(); } break; case 'languageid': if ($oldsetting['value'] != $newvalue) { $vbulletin->options['languageid'] = $newvalue; require_once DIR . '/includes/adminfunctions_language.php'; build_language($vbulletin->options['languageid']); } break; case 'cpstylefolder': $admindm =& datamanager_init('Admin', $vbulletin, ERRTYPE_CP); $admindm->set_existing($vbulletin->userinfo); $admindm->set('cssprefs', $newvalue); $admindm->save(); unset($admindm); break; case 'storecssasfile': if (!is_demo_mode() and $oldsetting['value'] != $newvalue) { $vbulletin->options['storecssasfile'] = $newvalue; require_once DIR . '/includes/adminfunctions_template.php'; print_rebuild_style(-1, '', 1, 0, 0, 0); } break; case 'loadlimit': update_loadavg(); break; case 'view_tagcloud_as_usergroup': build_datastore('tagcloud', serialize(''), 1); break; case 'censorwords': case 'codemaxlines': if ($oldsetting['value'] != $newvalue) { $vbulletin->db->query_write("TRUNCATE TABLE " . TABLE_PREFIX . "postparsed"); if ($vbulletin->options['templateversion'] >= '3.6') { $vbulletin->db->query_write("TRUNCATE TABLE " . TABLE_PREFIX . "sigparsed"); } } ($hook = vBulletinHook::fetch_hook('admin_options_processing_censorcode')) ? eval($hook) : false; break; default: ($hook = vBulletinHook::fetch_hook('admin_options_processing_build')) ? eval($hook) : false; } if (is_demo_mode() and in_array($oldsetting['varname'], array('storecssasfile', 'attachfile', 'usefileavatar', 'errorlogdatabase', 'errorlogsecurity', 'safeupload', 'tmppath'))) { continue; } $vbulletin->db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "setting\n\t\t\t\tSET value = '" . $vbulletin->db->escape_string($newvalue) . "'\n\t\t\t\tWHERE varname = '" . $vbulletin->db->escape_string($oldsetting['varname']) . "'\n\t\t\t"); } } build_options(); }
/** * Logs email to file * */ function log_email($status = true, $errfile = false) { if (is_demo_mode()) { return; } // log file is passed or taken from options $errfile = $errfile ? $errfile : $this->registry->options['errorlogemail']; // no log file specified if (!$errfile) { return; } // trim .log from logfile $errfile = substr($errfile, -4) == '.log' ? substr($errfile, 0, -4) : $errfile; if ($this->registry->options['errorlogmaxsize'] != 0 and $filesize = @filesize("{$errfile}.log") and $filesize >= $this->registry->options['errorlogmaxsize']) { @copy("{$errfile}.log", $errfile . TIMENOW . '.log'); @unlink("{$errfile}.log"); } $timenow = date('r', TIMENOW); $fp = @fopen("{$errfile}.log", 'a+b'); if ($fp) { if ($status === true) { $output = "SUCCESS\r\n"; } else { $output = "FAILED"; if ($status !== false) { $output .= ": {$status}"; } $output .= "\r\n"; } if ($this->delimiter == "\n") { $append = "{$timenow}\r\nTo: " . $this->toemail . "\r\nSubject: " . $this->subject . "\r\n" . $this->headers . "\r\n\r\n" . $this->message . "\r\n=====================================================\r\n\r\n"; @fwrite($fp, $output . $append); } else { $append = preg_replace("#(\r\n|\r|\n)#s", "\r\n", "{$timenow}\r\nTo: " . $this->toemail . "\r\nSubject: " . $this->subject . "\r\n" . $this->headers . "\r\n\r\n" . $this->message . "\r\n=====================================================\r\n\r\n"); @fwrite($fp, $output . $append); } fclose($fp); } }
/** * Finishes off the current page (using templates), prints it out to the browser and halts execution * * @param string The HTML of the page to be printed * @param boolean Send the content length header? */ function print_output($vartext, $sendheader = true) { global $pagestarttime, $querytime, $vbulletin, $show; global $vbphrase, $stylevar; if ($vbulletin->options['addtemplatename']) { if ($doctypepos = @strpos($vartext, $stylevar['htmldoctype'])) { $comment = substr($vartext, 0, $doctypepos); $vartext = substr($vartext, $doctypepos + strlen($stylevar['htmldoctype'])); $vartext = $stylevar['htmldoctype'] . "\n" . $comment . $vartext; } } if (!empty($vbulletin->db->explain) or $vbulletin->debug) { $pageendtime = microtime(); $starttime = explode(' ', $pagestarttime); $endtime = explode(' ', $pageendtime); $totaltime = $endtime[0] - $starttime[0] + $endtime[1] - $starttime[1]; $vartext .= "<!-- Page generated in " . vb_number_format($totaltime, 5) . " seconds with " . $vbulletin->db->querycount . " queries -->"; } // set cookies for displayed notices if ($show['notices'] and !defined('NOPMPOPUP') and !empty($vbulletin->np_notices_displayed) and is_array($vbulletin->np_notices_displayed)) { $np_notices_cookie = $_COOKIE[COOKIE_PREFIX . 'np_notices_displayed']; vbsetcookie('np_notices_displayed', ($np_notices_cookie ? "{$np_notices_cookie}," : '') . implode(',', $vbulletin->np_notices_displayed), false); } // -------------------------------------------------------------------- // debug code global $_TEMPLATEQUERIES, $tempusagecache, $DEVDEBUG, $vbcollapse; if ($vbulletin->debug) { devdebug('php_sapi_name(): ' . SAPI_NAME); $messages = ''; if (is_array($DEVDEBUG)) { foreach ($DEVDEBUG as $debugmessage) { $messages .= "\t<option>" . htmlspecialchars_uni($debugmessage) . "</option>\n"; } } if (is_array($tempusagecache)) { unset($tempusagecache['board_inactive_warning'], $_TEMPLATEQUERIES['board_inactive_warning']); ksort($tempusagecache); foreach ($tempusagecache as $template_name => $times) { $tempusagecache["{$template_name}"] = "<span class=\"shade\" style=\"float:right\">({$times})</span>" . ($_TEMPLATEQUERIES["{$template_name}"] ? "<span style=\"color:red; font-weight:bold\">{$template_name}</span>" : $template_name); } } else { $tempusagecache = array(); } $hook_usage = ''; foreach (vBulletinHook::fetch_hookusage() as $hook_name => $has_code) { $hook_usage .= '<li class="smallfont' . (!$has_code ? ' shade' : '') . '">' . $hook_name . '</li>'; } if (!$hook_usage) { $hook_usage = '<li class="smallfont"> </li>'; } $phrase_groups = ''; sort($GLOBALS['phrasegroups']); foreach ($GLOBALS['phrasegroups'] as $phrase_group) { $phrase_groups .= '<li class="smallfont">' . $phrase_group . '</li>'; } if (!$phrase_groups) { $phrase_groups = '<li class="smallfont"> </li>'; } $debughtml = "\n\t\t\t<table class=\"tborder\" cellpadding=\"{$stylevar['cellpadding']}\" cellspacing=\"{$stylevar['cellspacing']}\" border=\"0\" align=\"center\" style=\"margin-top:20px\" id=\"debuginfo\" dir=\"ltr\">\n\t\t\t<thead>\n\t\t\t\t<tr>\n\t\t\t\t\t<th class=\"tcat\" colspan=\"2\" align=\"left\">\n\t\t\t\t\t\t<a style=\"float:right\" href=\"#\" title=\"Close Debug Info\" onclick=\"document.getElementById('debuginfo').parentNode.removeChild(document.getElementById('debuginfo')); return false;\">X</a>\n\t\t\t\t\t\tvBulletin {$vbulletin->options[templateversion]} Debug Information\n\t\t\t\t\t</th>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class=\"alt1 smallfont\" colspan=\"2\">\n\t\t\t\t\t\t<ul style=\"list-style:none; margin:0px; padding:0px\">\n\t\t\t\t\t\t\t<li class=\"smallfont\" style=\"display:inline; margin-right:8px\"><span class=\"shade\">Page Generation</span> " . vb_number_format($totaltime, 5) . " seconds</li>\n\t\t\t\t\t\t\t" . (function_exists('memory_get_usage') ? "<li class=\"smallfont\" style=\"display:inline; margin-right:8px\"><span class=\"shade\">Memory Usage</span> " . number_format(memory_get_usage() / 1024) . 'KB</li>' : '') . "\n\t\t\t\t\t\t\t<li class=\"smallfont\" style=\"display:inline; margin-right:8px\"><span class=\"shade\">Queries Executed</span> " . (empty($_TEMPLATEQUERIES) ? $vbulletin->db->querycount : "<span title=\"Uncached Templates!\" style=\"color:red; font-weight:bold\">{$vbulletin->db->querycount}</span>") . " <a href=\"" . $vbulletin->scriptpath . (strpos($vbulletin->scriptpath, '?') === false ? '?' : '&') . "explain=1\" target=\"_blank\" title=\"Explain Queries\">(?)</a></li>\n\t\t\t\t\t\t</ul>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr align=\"left\">\n\t\t\t\t\t<th class=\"thead\" colspan=\"2\"><a style=\"float:right\" href=\"#\" onclick=\"return toggle_collapse('debuginfo')\"><img id=\"collapseimg_debuginfo\" src=\"{$stylevar['imgdir_button']}/collapse_thead{$vbcollapse['collapseimg_debuginfo']}.gif\" alt=\"\" border=\"0\" /></a> More Information</th>\n\t\t\t\t</tr>\n\t\t\t</thead>\n\t\t\t<tbody id=\"collapseobj_debuginfo\" style=\"{$vbcollapse['collapseobj_debuginfo']}\">\n\t\t\t\t<tr valign=\"top\">\n\t\t\t\t\t<td class=\"alt1 smallfont\">\n\t\t\t\t\t\t<div style=\"margin-bottom:6px\"><strong>Template Usage:</strong></div>\n\t\t\t\t\t\t<ul style=\"list-style:none; margin:0px; padding:0px\"><li class=\"smallfont\">" . implode('</li><li class="smallfont">', $tempusagecache) . " </li></ul>\n\t\t\t\t\t\t<hr style=\"margin:10px 0px 10px 0px\" />\n\t\t\t\t\t\t<div style=\"margin-bottom:6px\"><strong>Phrase Groups Available:</strong></div>\n\t\t\t\t\t\t<ul style=\"list-style:none; margin:0px; padding:0px\">{$phrase_groups}</ul>\n\t\t\t\t\t</td>\n\t\t\t\t\t<td class=\"alt1 smallfont\">\n\t\t\t\t\t\t<div style=\"margin-bottom:6px\"><strong>Included Files:</strong></div>\n\t\t\t\t\t\t<ul style=\"list-style:none; margin:0px; padding:0px\"><li class=\"smallfont\">" . implode('</li><li class="smallfont">', str_replace(str_replace('\\', '/', DIR) . '/', '', preg_replace('#^(.*/)#si', '<span class="shade">./\\1</span>', str_replace('\\', '/', get_included_files())))) . " </li></ul>\n\t\t\t\t\t\t<hr style=\"margin:10px 0px 10px 0px\" />\n\t\t\t\t\t\t<div style=\"margin-bottom:6px\"><strong>Hooks Called:</strong></div>\n\t\t\t\t\t\t<ul style=\"list-style:none; margin:0px; padding:0px\">{$hook_usage}</ul>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t</tbody>\n\t\t\t\t<tbody>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class=\"alt2 smallfont\" colspan=\"2\"><label>Messages:<select style=\"display:block; width:100%\">{$messages}</select></label></td>\n\t\t\t\t</tr>\n\t\t\t</tbody>\n\t\t\t</table>\n\t\t"; $vartext = str_replace('</body>', "<!--start debug html-->{$debughtml}<!--end debug html-->\n</body>", $vartext); } // end debug code // -------------------------------------------------------------------- $output = process_replacement_vars($vartext); if ($vbulletin->debug and function_exists('memory_get_usage')) { $output = preg_replace('#(<!--querycount-->Executed <b>\\d+</b> queries<!--/querycount-->)#siU', 'Memory Usage: <strong>' . number_format(memory_get_usage() / 1024) . 'KB</strong>, \\1', $output); } // parse PHP include ################## if (!is_demo_mode()) { ($hook = vBulletinHook::fetch_hook('global_complete')) ? eval($hook) : false; } if ($vbulletin->options['gzipoutput'] and !headers_sent()) { $output = fetch_gzipped_text($output, $vbulletin->options['gziplevel']); if ($sendheader and $vbulletin->donegzip) { @header('Content-Length: ' . strlen($output)); } } if (defined('NOSHUTDOWNFUNC')) { exec_shut_down(); } // show regular page if (empty($vbulletin->db->explain)) { echo $output; } else { $querytime = $vbulletin->db->time_total; echo "\n<b>Page generated in {$totaltime} seconds with " . $vbulletin->db->querycount . " queries,\nspending {$querytime} doing MySQL queries and " . ($totaltime - $querytime) . " doing PHP things.\n\n<hr />Shutdown Queries:</b>" . (defined('NOSHUTDOWNFUNC') ? " <b>DISABLED</b>" : '') . "<hr />\n\n"; } // broken if zlib.output_compression is on with Apache 2 if (SAPI_NAME != 'apache2handler' and SAPI_NAME != 'apache2filter') { flush(); } exit; }
error_reporting(E_ALL & ~E_NOTICE); // ##################### DEFINE IMPORTANT CONSTANTS ####################### define('CVS_REVISION', '$RCSfile$ - $Revision: 83435 $'); // #################### PRE-CACHE TEMPLATES AND DATA ###################### global $phrasegroups, $specialtemplates, $vbphrase, $vbulletin; $phrasegroups = array('hooks'); $specialtemplates = array(); // ########################## REQUIRE BACK-END ############################ require_once dirname(__FILE__) . '/global.php'; require_once DIR . '/includes/adminfunctions_product.php'; require_once DIR . '/includes/adminfunctions_template.php'; $assertor = vB::getDbAssertor(); $hook_api = vB_Api::instanceInternal('Hook'); // ######################## CHECK ADMIN PERMISSIONS ####################### // don't allow demo version or admin with no permission to administer hooks if (is_demo_mode() or !can_administer('canadminproducts')) { print_cp_no_permission(); } $vbulletin->input->clean_array_gpc('r', array('hookid' => vB_Cleaner::TYPE_UINT)); // ############################# LOG ACTION ############################### log_admin_action(iif($vbulletin->GPC['hookid'] != 0, 'Hook id = ' . $vbulletin->GPC['hookid'])); // ############################################################################# // ########################### START MAIN SCRIPT ############################### // ############################################################################# print_cp_header($vbphrase['hook_products_system']); if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'modify'; } if (in_array($_REQUEST['do'], array('modify', 'edit', 'add', 'updateactive'))) { if (!$vbulletin->options['enablehooks'] or defined('DISABLE_HOOKS')) { if (!$vbulletin->options['enablehooks']) {
/** * Logs email to file * */ function log_email($status = true) { if (!empty($this->registry->options['errorlogemail']) and !is_demo_mode()) { $errfile =& $this->registry->options['errorlogemail']; if ($this->registry->options['errorlogmaxsize'] != 0 and $filesize = @filesize("{$errfile}.log") and $filesize >= $this->registry->options['errorlogmaxsize']) { @copy("{$errfile}.log", $errfile . TIMENOW . '.log'); @unlink("{$errfile}.log"); } $timenow = date('r', TIMENOW); $is_admin = $this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']; $fp = @fopen("{$errfile}.log", 'a+b'); if ($fp) { if ($status === true) { $output = "SUCCESS\r\n"; } else { $output = "FAILED"; if ($status !== false) { $output .= ": {$status}"; } $output .= "\r\n"; } if ($this->delimiter == "\n") { $append = "{$timenow}\r\nTo: " . $this->toemail . "\r\nSubject: " . $this->subject . "\r\n" . $this->headers . "\r\n\r\n" . $this->message . "\r\n=====================================================\r\n\r\n"; @fwrite($fp, $output . $append); } else { $append = preg_replace("#(\r\n|\r|\n)#s", "\r\n", "{$timenow}\r\nTo: " . $this->toemail . "\r\nSubject: " . $this->subject . "\r\n" . $this->headers . "\r\n\r\n" . $this->message . "\r\n=====================================================\r\n\r\n"); @fwrite($fp, $output . $append); } fclose($fp); } } }
/** * Updates the setting table based on data passed in then rebuilds the datastore. * Only entries in the array are updated (allows partial updates). * * @param array Array of settings. Format: [setting_name] = new_value * */ function save_settings($settings) { global $vbulletin, $vbphrase; //a few variables to track changes for processing after all variables are updated. $rebuildstyle = false; $templatecachepathchanged = false; $oldtemplatepath = null; $newtemplatepath = null; $userContext = vB::getUserContext(); $cleaner = vB::getCleaner(); $canAdminAll = $userContext->hasAdminPermission('canadminsettingsall'); $oldsettings = vB::getDbAssertor()->assertQuery('vBAdmincp:getCurrentSettings', array('varname' => array_keys($settings))); foreach ($oldsettings as $oldsetting) { //check the setting and group permissions if (!empty($oldsetting['adminperm']) and !$userContext->hasAdminPermission($oldsetting['adminperm']) or !empty($oldsetting['groupperm']) and !$userContext->hasAdminPermission($oldsetting['groupperm'])) { throw new vB_Exception_Api('no_permission'); } switch ($oldsetting['varname']) { // ************************************************** case 'bbcode_html_colors': $settings['bbcode_html_colors'] = serialize($settings['bbcode_html_colors']); break; // ************************************************** // ************************************************** case 'styleid': vB::getDbAssertor()->assertQuery('vBForum:style', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, 'userselect' => 1, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'styleid', 'value' => $settings['styleid'], 'operator' => vB_dB_Query::OPERATOR_EQ)))); break; // ************************************************** // ************************************************** case 'banemail': vB::getDatastore()->build('banemail', $settings['banemail']); $settings['banemail'] = ''; break; // ************************************************** // ************************************************** case 'editormodes': $vbulletin->input->clean_array_gpc('p', array('fe' => vB_Cleaner::TYPE_UINT, 'qr' => vB_Cleaner::TYPE_UINT, 'qe' => vB_Cleaner::TYPE_UINT)); $settings['editormodes'] = serialize(array('fe' => $vbulletin->GPC['fe'], 'qr' => $vbulletin->GPC['qr'], 'qe' => $vbulletin->GPC['qe'])); break; // ************************************************** // ************************************************** case 'attachresizes': $vbulletin->input->clean_array_gpc('p', array('attachresizes' => vB_Cleaner::TYPE_ARRAY_UINT)); $value = @unserialize($oldsetting['value']); $invalidate = array(); if ($value[vB_Api_Filedata::SIZE_ICON] != $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_ICON]) { $invalidate[] = vB_Api_Filedata::SIZE_ICON; } if ($value[vB_Api_Filedata::SIZE_THUMB] != $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_THUMB]) { $invalidate[] = vB_Api_Filedata::SIZE_THUMB; } if ($value[vB_Api_Filedata::SIZE_SMALL] != $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_SMALL]) { $invalidate[] = vB_Api_Filedata::SIZE_SMALL; } if ($value[vB_Api_Filedata::SIZE_MEDIUM] != $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_MEDIUM]) { $invalidate[] = vB_Api_Filedata::SIZE_MEDIUM; } if ($value[vB_Api_Filedata::SIZE_LARGE] != $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_LARGE]) { $invalidate[] = vB_Api_Filedata::SIZE_LARGE; } if (!empty($invalidate)) { vB::getDbAssertor()->update('vBForum:filedataresize', array('reload' => 1), array('resize_type' => $invalidate)); } $settings['attachresizes'] = serialize(array(vB_Api_Filedata::SIZE_ICON => $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_ICON], vB_Api_Filedata::SIZE_THUMB => $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_THUMB], vB_Api_Filedata::SIZE_SMALL => $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_SMALL], vB_Api_Filedata::SIZE_MEDIUM => $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_MEDIUM], vB_Api_Filedata::SIZE_LARGE => $vbulletin->GPC['attachresizes'][vB_Api_Filedata::SIZE_LARGE])); break; case 'thumbquality': if ($oldsetting['value'] != $settings['thumbquality']) { vB::getDbAssertor()->update('vBForum:filedataresize', array('reload' => 1), vB_dB_Query::CONDITION_ALL); } break; // ************************************************** // ************************************************** case 'cookiepath': case 'cookiedomain': if ($settings[$oldsetting['varname'] . '_other'] and $settings[$oldsetting['varname'] . '_value']) { $settings[$oldsetting['varname']] = $settings[$oldsetting['varname'] . '_value']; } break; // ************************************************** // ************************************************** default: // Legacy Hook 'admin_options_processing' Removed // if ($oldsetting['optioncode'] == 'multiinput') { $store = array(); foreach ($settings["{$oldsetting['varname']}"] as $value) { if ($value != '') { $store[] = $value; } } $settings["{$oldsetting['varname']}"] = serialize($store); } else { if (preg_match('#^(usergroup|forum)s?:([0-9]+|all|none)$#', $oldsetting['optioncode'])) { // serialize the array of usergroup inputs if (!is_array($settings["{$oldsetting['varname']}"])) { $settings["{$oldsetting['varname']}"] = array(); } $settings["{$oldsetting['varname']}"] = array_map('intval', $settings["{$oldsetting['varname']}"]); $settings["{$oldsetting['varname']}"] = serialize($settings["{$oldsetting['varname']}"]); } } } $newvalue = validate_setting_value($settings["{$oldsetting['varname']}"], $oldsetting['datatype']); if ($canAdminAll and isset($_POST['adminperm_' . $oldsetting[varname]])) { $newAdminPerm = substr($cleaner->clean($_POST['adminperm_' . $oldsetting[varname]], vB_Cleaner::TYPE_STR), 0, 32); } else { $newAdminPerm = $oldsetting['adminperm']; } // this is a strict type check because we want '' to be different from 0 // some special cases below only use != checks to see if the logical value has changed if ($oldsetting['value'] === NULL or strval($oldsetting['value']) !== strval($newvalue) or strval($oldsetting['adminperm']) !== strval($newAdminPerm)) { switch ($oldsetting['varname']) { case 'cache_templates_as_files': if (!is_demo_mode()) { $templatecachepathchanged = true; } break; case 'template_cache_path': if (!is_demo_mode()) { $oldtemplatepath = strval($oldsetting['value']); $newtemplatepath = $newvalue; } break; case 'languageid': if ($oldsetting['value'] != $newvalue) { vB::getDatastore()->setOption('languageid', $newvalue, false); require_once DIR . '/includes/adminfunctions_language.php'; build_language($newvalue); } break; case 'cpstylefolder': $admindm =& datamanager_init('Admin', $vbulletin, vB_DataManager_Constants::ERRTYPE_CP); $admindm->set_existing(vB::getCurrentSession()->fetch_userinfo()); $admindm->set('cssprefs', $newvalue); $admindm->save(); unset($admindm); break; case 'attachthumbssize': if ($oldsetting['value'] != $newvalue) { $rebuildstyle = true; } case 'storecssasfile': if (!is_demo_mode() and $oldsetting['value'] != $newvalue) { vB::getDatastore()->setOption('storecssasfile', $newvalue, false); $rebuildstyle = true; } break; case 'loadlimit': update_loadavg(); break; case 'tagcloud_usergroup': build_datastore('tagcloud', serialize(''), 1); break; case 'censorwords': case 'codemaxlines': case 'url_nofollow': case 'url_nofollow_whitelist': if ($oldsetting['value'] != $newvalue) { if (vB::getDatastore()->getOption('templateversion') >= '3.6') { vB::getDbAssertor()->assertQuery('truncateTable', array('table' => 'sigparsed')); } } // Legacy Hook 'admin_options_processing_censorcode' Removed // break; case 'album_recentalbumdays': if ($oldsetting['value'] > $newvalue) { require_once DIR . '/includes/functions_album.php'; exec_rebuild_album_updates(); } default: // Legacy Hook 'admin_options_processing_build' Removed // } if (is_demo_mode() and in_array($oldsetting['varname'], array('cache_templates_as_files', 'template_cache_path', 'storecssasfile', 'attachfile', 'usefileavatar', 'errorlogdatabase', 'errorlogsecurity', 'safeupload', 'tmppath'))) { continue; } $updateSetting = vB::getDbAssertor()->assertQuery('setting', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, 'value' => $newvalue, 'adminperm' => $newAdminPerm, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'varname', 'value' => $oldsetting['varname'], 'operator' => vB_dB_Query::OPERATOR_EQ)))); } } if (!isset($oldsetting)) { return false; } vB::getDatastore()->build_options(); if (defined('DEV_AUTOEXPORT') and DEV_AUTOEXPORT) { require_once DIR . '/includes/functions_filesystemxml.php'; $xml = get_settings_export_xml('vbulletin'); autoexport_write_file_with_backup(DIR . '/install/vbulletin-settings.xml', $xml); } //handle changes for cache_templates_as_files and template_cache_path //we do it here because there are interactions between them and we don't //want to redo the chache changes twice if both are changed. $api = vB_Api::instanceInternal('template'); if ($templatecachepathchanged or !is_null($oldtemplatepath) and !is_null($newtemplatepath)) { if (vB::getDatastore()->getOption('cache_templates_as_files')) { if (!is_null($oldtemplatepath)) { //temporarily set the datastore path to the old value to clear it. vB::getDatastore()->setOption('template_cache_path', $oldtemplatepath, false); $api->deleteAllTemplateFiles(); vB::getDatastore()->setOption('template_cache_path', $newtemplatepath, false); } $api->saveAllTemplatesToFile(); } else { //we we changed directories and the cache is off, delete from the old directory if (!is_null($oldtemplatepath)) { vB::getDatastore()->setOption('template_cache_path', $oldtemplatepath, false); $api->deleteAllTemplateFiles(); vB::getDatastore()->setOption('template_cache_path', $newtemplatepath, false); } else { $api->deleteAllTemplateFiles(); } } } if ($rebuildstyle) { require_once DIR . '/includes/adminfunctions_template.php'; print_rebuild_style(-1, '', 1, 0, 0, 0); } return true; }
/** * Checks the state of the request to make sure that it's valid and that * we have the necessary permissions to continue. Checks things like * CSRF and banning. */ public function check_state() { global $vbulletin, $show; if (defined('CSRF_ERROR')) { define('VB_ERROR_LITE', true); $ajaxerror = $vbulletin->GPC['ajax'] ? '_ajax' : ''; switch (CSRF_ERROR) { case 'missing': standard_error(fetch_error('security_token_missing', $vbulletin->options['contactuslink'])); break; case 'guest': standard_error(fetch_error('security_token_guest' . $ajaxerror)); break; case 'timeout': standard_error(fetch_error('security_token_timeout' . $ajaxerror, $vbulletin->options['contactuslink'])); break; case 'invalid': default: standard_error(fetch_error('security_token_invalid', $vbulletin->options['contactuslink'])); } exit; } // ############################################################################# // check to see if server is too busy. this is checked at the end of session.php if ($this->server_overloaded() AND !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) AND THIS_SCRIPT != 'login') { $vbulletin->options['useforumjump'] = 0; standard_error(fetch_error('toobusy')); } // ############################################################################# // phpinfo display for support purposes if (!empty($_REQUEST['do']) AND $_REQUEST['do'] == 'phpinfo') { if ($vbulletin->options['allowphpinfo'] AND !is_demo_mode()) { phpinfo(); exit; } else { standard_error(fetch_error('admin_disabled_php_info')); } } // ############################################################################# // check that board is active - if not admin, then display error if ( !defined('BYPASS_FORUM_DISABLED') AND !$vbulletin->options['bbactive'] AND !in_array(THIS_SCRIPT, array('login', 'css')) AND !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) ) { if (defined('DIE_QUIETLY')) { exit; } // If this is a post submission from an admin whose session timed out, give them a chance to log back in and save what they were working on. See bug #34258 if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' AND !empty($_POST) AND !$vbulletin->userinfo['userid'] AND !empty($_COOKIE[COOKIE_PREFIX . 'cpsession'])) { define('VB_ERROR_PERMISSION', true); } $show['enableforumjump'] = true; unset($vbulletin->db->shutdownqueries['lastvisit']); require_once(DIR . '/includes/functions_misc.php'); eval('standard_error("' . make_string_interpolation_safe(str_replace("\\'", "'", addslashes($vbulletin->options['bbclosedreason']))) . '");'); } // ############################################################################# // password expiry system if ($vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['passwordexpires']) { $passworddaysold = floor((TIMENOW - $vbulletin->userinfo['passworddate']) / 86400); if ($passworddaysold >= $vbulletin->userinfo['permissions']['passwordexpires']) { if ((THIS_SCRIPT != 'login' AND THIS_SCRIPT != 'profile' AND THIS_SCRIPT != 'ajax') OR (THIS_SCRIPT == 'profile' AND $_REQUEST['do'] != 'editpassword' AND $_POST['do'] != 'updatepassword') OR (THIS_SCRIPT == 'ajax' AND $_REQUEST['do'] != 'imagereg' AND $_REQUEST['do'] != 'securitytoken' AND $_REQUEST['do'] != 'dismissnotice') ) { standard_error(fetch_error('passwordexpired', $passworddaysold, $vbulletin->session->vars['sessionurl'] )); } else { $show['passwordexpired'] = true; } } } else { $show['passwordexpired'] = false; } // ############################################################################# // password same as username? if (!defined('ALLOW_SAME_USERNAME_PASSWORD') AND $vbulletin->userinfo['userid']) { // save the resource on md5'ing if the option is not enabled or guest if ($vbulletin->userinfo['password'] == md5(md5($vbulletin->userinfo['username']) . $vbulletin->userinfo['salt'])) { if ((THIS_SCRIPT != 'login' AND THIS_SCRIPT != 'profile') OR (THIS_SCRIPT == 'profile' AND $_REQUEST['do'] != 'editpassword' AND $_POST['do'] != 'updatepassword')) { standard_error(fetch_error('username_same_as_password', $vbulletin->session->vars['sessionurl'] )); } } } // ############################################################################# // check required profile fields if ($vbulletin->session->vars['profileupdate'] AND THIS_SCRIPT != 'login' AND THIS_SCRIPT != 'profile') { $vbulletin->options['useforumjump'] = 0; standard_error(fetch_error('updateprofilefields', $vbulletin->session->vars['sessionurl'])); } // ############################################################################# // check permission to view forum if (!$this->has_global_view_permission()) { if (defined('DIE_QUIETLY')) { exit; } else { print_no_permission(); } } // ############################################################################# // check for IP ban on user verify_ip_ban(); ($hook = vBulletinHook::fetch_hook('global_state_check')) ? eval($hook) : false; }
/** * Fetches the standard page view for a widget. * * @return vBCms_View_Widget - The resolved view, or array of views */ public function getPageView() { $config = $this->widget->getConfig(); // Create view if (!isset($config['template_name']) OR ($config['template_name'] == '') ) { $config['template_name'] = 'vbcms_widget_execphp_page'; } if (!isset($config['cache_ttl']) ) { $config['cache_ttl'] = 5; } // Create view $view = new vBCms_View_Widget($config['template_name']); $view->class = $this->widget->getClass(); $view->title = $view->widget_title = $this->widget->getTitle(); $view->description = $this->widget->getDescription(); $hash = $this->getHash($this->widget->getId()); $view->output = vB_Cache::instance()->read($hash, true, true); if ($view->output) { return $view; } $this->assertWidget(); try { if (is_demo_mode()) { $view->output = 'PHP Execution not allowed in Demo Mode!'; } else { $content = eval($config['phpcode']); if ((!isset($content) OR empty($content)) AND isset($output) AND !empty($output)) { $content = $output; } $view->output = $content; } vB_Cache::instance()->write($hash, $output, $config['cache_ttl'], array($this->package . '_event_' . $this->class . '_' . $this->widget->getId())); } catch(Exception $e) { $view->output = ''; } return $view; }