function adminRegisterAccount($email, $password, $name)
{
global $db;
$email = escape($email);
if (substr($password, 0, 6) == ":hash:") {
$password = escape(substr($password, 6));
} else {
require_once includePath() . "/pbkdf2.php";
$password = escape("*pbkdf2*" . pbkdf2_create_hash($password));
}
$name = escape($name);
$db->query("INSERT INTO accounts (email, password, name) VALUES ('{$email}', '{$password}', '{$name}')");
}
function confirmPGP($email, $confirm)
{
require_once includePath() . "/lock.php";
if (!lockAction('confirmpgp')) {
return false;
}
$result = databaseQuery("SELECT id FROM gpgmw_keys WHERE confirm = ? AND email = ?", array($confirm, $email));
if ($row = $result->fetch()) {
databaseQuery("UPDATE gpgmw_keys SET confirm = '' WHERE id = ?", array($row[0]));
return true;
}
return false;
}
function includePath($path)
{
$ponteiro = opendir($path);
while ($nome_itens = readdir($ponteiro)) {
$itens[] = $nome_itens;
}
sort($itens);
foreach ($itens as $listar) {
if ($listar != "." && $listar != "..") {
if (is_dir("{$path}/{$listar}")) {
if ($listar != ".svn" || $listar != ".git") {
includePath("{$path}/{$listar}");
}
} else {
require_once "{$path}/{$listar}";
}
}
}
}
function insertQuestion($varname, $vardesc, $vartype, $club_id, $database, $whereString)
{
//basic error checking
include_once includePath() . "/apply_gen.php";
$typeArray = toArray($vartype);
if (!isset($typeArray['type'])) {
return "type map does not contain required 'type' attribute";
}
if ($typeArray['type'] == "select" && $vardesc == '') {
return "description (required for select) left blank";
}
//add spaces to type array
$vartype = str_replace(";", "; ", $vartype);
$vartype = str_replace("|", "| ", $vartype);
if ($database != "supplements" && $database != "baseapp" && $database != "custom") {
return "internal error: invalid database {$database}";
}
$varname = escape($varname);
$vardesc = escape($vardesc);
$vartype = escape($vartype);
$club_id = escape($club_id);
//increment from highest orderId
$result = mysql_query("SELECT MAX(orderId) FROM {$database} WHERE {$whereString}");
if ($row = mysql_fetch_array($result)) {
if (is_null($row[0])) {
$orderId = 1;
} else {
$orderId = escape($row[0] + 1);
}
if ($database != "supplements") {
mysql_query("INSERT INTO {$database} (orderId, varname, vardesc, vartype, category) VALUES ('{$orderId}', '{$varname}', '{$vardesc}', '{$vartype}', '" . $_SESSION['category'] . "')");
} else {
mysql_query("INSERT INTO supplements (orderId, varname, vardesc, vartype, club_id) VALUES ('{$orderId}', '{$varname}', '{$vardesc}', '{$vartype}', '{$club_id}')");
}
return true;
} else {
return "internal error";
//this shouldn't occur, since MAX would return null if no rows are found
}
}
}
} else {
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
}
}
//validate they are accessing this site, in case multiple are hosted
if (isset($_SESSION['site_name'])) {
if ($_SESSION['site_name'] != $config['site_name']) {
session_unset();
}
} else {
$_SESSION['site_name'] = $config['site_name'];
}
$_SESSION['active'] = time();
//CSRF guard library
include includePath() . "/csrfguard.php";
//handle noredirect option
if (isset($_REQUEST['noredirect'])) {
if ($_REQUEST['noredirect'] === "false") {
unset($_SESSION['noredirect']);
} else {
if ($_REQUEST['noredirect'] === "true") {
$_SESSION['noredirect'] = true;
}
}
}
//redirect slave if needed
$script_name = basename($_SERVER["SCRIPT_FILENAME"]);
$script_directory = basename(substr($_SERVER['SCRIPT_FILENAME'], 0, strrpos($_SERVER['SCRIPT_FILENAME'], '/')));
if ($config['slave_enabled'] && ($script_directory != "database" && $script_directory != "ghost" && $script_directory != "channel" && $script_directory != "minecraft" && $script_directory != "garena" && $script_directory != "admin") && ($script_name != "remote_login.php" && $script_name != "service_redirect.php")) {
header("Location: " . $config['slave_master']);
function minecraftCommand($service_id, $command)
{
if (strlen($command > 1000)) {
return "Error: the entered command is too long!";
}
//get the configuration
$configuration = minecraftGetConfiguration($service_id, false);
if (isset($configuration['rcon.password']) && isset($configuration['rcon.port'])) {
$hostname = "localhost";
if (!empty($configuration['server-ip'])) {
$hostname = $configuration['server-ip'];
}
require_once includePath() . "/rcon.php";
try {
$rcon = new RCon($hostname, $configuration['rcon.port'], $configuration['rcon.password']);
} catch (Exception $e) {
return "Error: {$e}";
}
if ($rcon->Auth()) {
//allow execution of multiple commands
if (is_array($command)) {
foreach ($command as $str) {
$rcon->rconCommand($command);
}
} else {
$rcon->rconCommand($command);
}
return true;
} else {
return "Error: failed to connect and authenticate with Minecraft server (is it online?).";
}
} else {
return "Error: could not find rcon port and password to use.";
}
}
$channelPlugins = array('accesskick', 'afk', 'alarm', 'announce', 'calc', 'chanstats', 'clanactivity', 'clanmembers', 'copycat', 'dbstats', 'gamequeue', 'getgames', 'getgames-whois', 'gettime', 'greet', 'inactive', 'inviteme', 'lottery', 'matchmake', 'plugindb', 'pluginman', 'pounce', 'rand', 'randkick', 'randspeed', 'rroulette', 'security', 'snipe', 'trivia', 'votekick', '__init__');
$channelUpdatableFiles = array("language.cfg", "cfg/ask8ball.txt", "cfg/command.txt", "cfg/quote.txt", "cfg/slap_neg.txt", "cfg/slap_pos.txt", "cfg/phrase.txt");
//get additional parameters from configuration
if (isset($config['channelParameters'])) {
$channelParameters = array_merge($channelParameters, $config['channelParameters']);
}
if (isset($config['defaultChannelParameters'])) {
$defaultChannelParameters = array_merge($defaultChannelParameters, $config['defaultChannelParameters']);
}
if (isset($config['channelUpdatableFiles'])) {
$channelUpdatableFiles = array_merge($channelUpdatableFiles, $config['channelUpdatableFiles']);
}
if (isset($config['channelPlugins'])) {
$channelPlugins = array_merge($channelPlugins, $config['channelPlugins']);
}
require_once includePath() . "/jail.php";
//escapes function in configuration file
function channelEscape($type, $default, $type_extra, $value)
{
if ($type == 0) {
//string, just strip newlines
return str_replace(array("\n", "\r"), array("", ""), $value);
} else {
if ($type == 1) {
//integer, convert
return intval($value);
} else {
if ($type == 2) {
if ($value == 1 || $value === "true") {
return 1;
} else {
function execBackground($command)
{
return exec('php ' . escapeshellarg(includePath() . '/exec.php') . ' ' . escapeshellarg($command));
}
function authChangePassword($user_id, $old_password, $new_password)
{
global $config, $db;
if (!checkLock("checkuser")) {
return "Too many failed attempts. Please try again later.";
}
if (strlen($new_password) < 6) {
return "The new password is too short. Please use at least six characters.";
}
if ($old_password == $new_password) {
return "The old and new passwords are identical.";
}
if (!authCheckPassword($user_id, $old_password, "id")) {
lockAction("checkuser");
return "The password you entered is not correct.";
}
$user_id = escape($user_id);
require_once includePath() . "/pbkdf2.php";
$new_password = escape("*pbkdf2*" . pbkdf2_create_hash($new_password));
$db->query("UPDATE accounts SET password = '******' WHERE id = '{$user_id}'");
return true;
}
function verifyLogin($user_id, $password)
{
if (!checkLock("checkuser")) {
return -2;
}
$user_id = escape($user_id);
//decrypt the password if needed
require_once includePath() . "/crypto.php";
$password = decryptPassword($password);
$result = mysql_query("SELECT password, salt FROM users WHERE id='" . $user_id . "'");
if ($row = mysql_fetch_array($result)) {
if (chash2($password, hex2bin($row['salt'])) == $row['password']) {
return true;
} else {
lockAction("checkuser");
return -1;
}
} else {
lockAction("checkuser");
return -1;
}
}
(user|system)function(none-args or have-args)
include* require*
*/
//dl('funcall.so');
function includePath()
{
echo "****************abc\n";
return '../test_include.php';
}
fc_add_pre('include', 'pre_cb');
fc_add_post('include', 'post_cb');
echo "first icnlude\n";
//include '../test_include.php';
echo "2nd icnlude\n";
include includePath();
echo "starting ...\n";
function m1()
{
return 'm1 ret_v';
}
function m2($a, $b, $c)
{
echo "iii2\n";
return 'm2 ret_v';
}
class testc2
{
public function testf()
{
echo 'testf';
function resetPassword($user_id, $password)
{
$user_id = escape($user_id);
$gen_salt = secure_random_bytes(20);
$db_salt = escape(bin2hex($gen_salt));
//decrypt the password if needed
require_once includePath() . "/crypto.php";
$password = decryptPassword($password);
$password = escape(chash2($password, $gen_salt));
mysql_query("UPDATE users SET password='******', salt = '{$db_salt}' WHERE id='{$user_id}'");
mysql_query("DELETE FROM reset WHERE user_id='{$user_id}'");
//make sure user doesn't reset again with same link
}
function submitApplication($user_id, $application_id, $do_submit = true)
{
$user_id = escape($user_id);
$application_id = escape($application_id);
//verify application belongs to user and hasn't been submitted
$checkResult = checkApplication($user_id, $application_id, true);
if ($checkResult[0] !== 0) {
return "check failed";
}
//verify that the user is not trying to submit the general application
if ($checkResult[1] == 0) {
return "";
}
//verify that the application can be submitted at this time
// (checkResult checks view_time, not open_time)
if (!isAvailableWindow($checkResult[1], true)) {
return "application cannot be submitted at this time";
}
//verify that enough peer recommendations have been inputted; grab the filenames while we're at it
$result = mysql_query("SELECT num_recommend FROM clubs WHERE id = '" . $checkResult[1] . "'");
$recommendResult = mysql_query("SELECT filename FROM recommendations WHERE user_id = '{$user_id}' AND status = '1'");
if ($row = mysql_fetch_array($result)) {
if ($row[0] > mysql_num_rows($recommendResult)) {
return "not enough peer recommendations";
}
} else {
return "internal error, club not found";
}
$peerString = "";
while ($row = mysql_fetch_array($recommendResult)) {
$peerString .= ":" . $row[0];
}
//create supplement PDF
$createSupplementResult = createApplicationPDF($user_id, $application_id, "../submit/");
if ($createSupplementResult[0] === FALSE) {
//true is success, string is error message
return $createSupplementResult[1];
}
//create general application PDF
$gen_app_id = getApplicationByUserClub($user_id, 0);
$createGeneralResult = createApplicationPDF($user_id, $gen_app_id, "../submit/");
if ($createGeneralResult[0] === FALSE) {
//true is success, string is error message
return $createGeneralResult[1];
}
//update database
if ($do_submit) {
$submitName = escape($createGeneralResult[1] . ":" . $createSupplementResult[1] . $peerString);
//handle files
$result = mysql_query("SELECT val FROM answers WHERE application_id = '{$application_id}' AND val LIKE 'file:%'");
while ($row = mysql_fetch_array($result)) {
$fileParts = explode(":", $row[0], 3);
$submitName .= escape(":*" . $fileParts[1] . "," . $fileParts[2]);
//:*file_id,filename
}
$result = mysql_query("SELECT val FROM answers WHERE application_id = '{$gen_app_id}' AND val LIKE 'file:%'");
while ($row = mysql_fetch_array($result)) {
$fileParts = explode(":", $row[0], 3);
$submitName .= escape(":*" . $fileParts[1] . "," . $fileParts[2]);
//:*file_id,filename
}
mysql_query("UPDATE applications SET submitted='{$submitName}' WHERE id='{$application_id}' AND user_id='{$user_id}'");
}
//some maintenance
include includePath() . "/chk.php";
checkExtraPDFs(true, true);
//delete old, extra PDFs
return array($createGeneralResult[1], $createSupplementResult[1]);
}