Ejemplos de kleeja_check_form_key_get en PHP

Ejemplo n.º 1

Archivo: r_repair.php Proyecto: Saleh7/Kleeja

// not for directly open
if (!defined('IN_ADMIN')) {
    exit;
}
#turn time-limit off
@set_time_limit(0);
#get current case
$case = false;
if (isset($_GET['case'])) {
    $case = htmlspecialchars($_GET['case']);
}
#set form ket
$GET_FORM_KEY = kleeja_add_form_key_get('REPAIR_FORM_KEY');
//check _GET Csrf token
if ($case && in_array($case, array('clearc', 'sync_files', 'sync_images', 'sync_users', 'tables', 'sync_sizes', 'status_file'))) {
    if (!kleeja_check_form_key_get('REPAIR_FORM_KEY')) {
        kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH), 2);
    }
}
switch ($case) {
    default:
        # Get real number from database right now
        $all_files = get_actual_stats('files');
        $all_images = get_actual_stats('imgs');
        $all_users = get_actual_stats('users');
        $all_sizes = Customfile_size(get_actual_stats('sizes'));
        #links
        $del_cache_link = basename(ADMIN_PATH) . '?cp=r_repair&case=clearc&' . $GET_FORM_KEY;
        $resync_files_link = $config['siteurl'] . 'go.php?go=resync&case=sync_files';
        $resync_images_link = $config['siteurl'] . 'go.php?go=resync&case=sync_images';
        $resync_users_link = basename(ADMIN_PATH) . '?cp=r_repair&case=sync_users&' . $GET_FORM_KEY;

Ejemplo n.º 2

Archivo: m_styles.php Proyecto: Saleh7/Kleeja

                 kleeja_admin_info(sprintf($lang['STYLE_NOW_IS_DEFAULT'], htmlspecialchars($style_id)), true, '', true, basename(ADMIN_PATH) . '?cp=' . (isset($_REQUEST['home']) ? 'start' : basename(__FILE__, '.php')));
                 break;
         }
     }
     break;
 case 'style_orders':
     //style id ..
     $style_id = str_replace('..', '', htmlspecialchars($_GET['style_id']));
     $redirect_to = basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&style_choose=' . $style_id . '&method=1';
     if (empty($_GET['tpl_choose'])) {
         #redirect($redirect_to);
     }
     //edit or del tpl
     if (isset($_GET['tpl_choose']) && !empty($_GET['tpl_choose']) && isset($_GET['style_id']) && isset($_GET['method'])) {
         //check _GET Csrf token
         if (!kleeja_check_form_key_get('adm_style_del_edit')) {
             kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $redirect_to, 2);
         }
         //tpl name
         $tpl_name = str_replace('..', '', htmlspecialchars($_GET['tpl_choose']));
         $tpl_path = PATH . 'styles/' . $style_id . '/' . $tpl_name;
         $d_style_path = PATH . 'styles/' . $style_id;
         if (!file_exists($tpl_path)) {
             $text = sprintf($lang['TPL_PATH_NOT_FOUND'], $tpl_path);
             $_GET['method'] = 0;
         } else {
             if (!is_writable($d_style_path)) {
                 $text = sprintf($lang['STYLE_DIR_NOT_WR'], $d_style_path);
                 $_GET['method'] = 0;
             }
         }

Ejemplo n.º 3

Archivo: users.php Proyecto: omtim/kleeja

                 $xexts .= ($xexts == '' ? '' : ',') . "('" . $SQL->escape($row['ext']) . "', 3, " . $row['user_size'] . ")";
             }
         }
         $SQL->free($result);
         #delete prev exts before adding
         $query_del = array('DELETE' => "{$dbprefix}groups_exts", 'WHERE' => 'group_id=2 OR group_id=3');
         $SQL->build($query_del);
         $SQL->query("INSERT INTO {$dbprefix}groups_exts (ext, group_id, size) VALUES " . $xexts . ";");
         add_config('exts_upraded1_5', 'done');
     }
 }
 #delete ext?
 $DELETED_EXT = $GE_INFO = false;
 if (isset($_GET['del'])) {
     //check _GET Csrf token
     if (!kleeja_check_form_key_get('adm_users')) {
         kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $action, 2);
     }
     $req_ext = isset($_GET['del']) ? intval($_GET['del']) : 0;
     if (!$req_ext) {
         kleeja_admin_err('ERROR-NO-EXT-ID', true, '', true, $action, 2);
     }
     $query_del = array('DELETE' => "{$dbprefix}groups_exts", 'WHERE' => 'ext_id=' . $req_ext);
     $SQL->build($query_del);
     #done
     $DELETED_EXT = $GE_INFO = 2;
     delete_cache('data_groups');
 }
 #add ext?
 $ADDED_EXT = false;
 if (isset($_POST['newext'])) {

Ejemplo n.º 4

Archivo: j_plugins.php Proyecto: Saleh7/Kleeja

                if (preg_match('!changes_of_[a-z0-9]+.zip!', $file)) {
                    $changes_files[] = array('file' => $file, 'path' => basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&do_plg=1&m=6&fn=' . str_replace(array('changes_of_', '.zip'), '', $file) . '&' . $GET_FORM_KEY);
                }
            }
            @closedir($dh);
        }
        $cache->save('__changes_files__', $changes_files);
    }
    $is_there_changes_files = empty($changes_files) ? false : true;
    //after submit
} else {
    $plg_id = intval($_GET['do_plg']);
    //check _GET Csrf token
    //remember to add token at every m=? request !
    if ((int) $_GET['m'] != 6 && (int) $_GET['m'] != 4) {
        if (!kleeja_check_form_key_get('adm_plugins')) {
            kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php'), 2);
        }
    }
    //handle all m=?
    switch ($_GET['m']) {
        case '1':
            // disable the plguin
        // disable the plguin
        case '2':
            //enable it
            $action = (int) $_GET['m'] == 1 ? 1 : 0;
            //check if there is style require this plugin
            if ($action == 1) {
                if (($style_info = kleeja_style_info($config['style'])) != false) {
                    $plugins_required = array_map('trim', explode(',', $style_info['plugins_required']));

Ejemplo n.º 5

Archivo: aupdate.php Proyecto: omtim/kleeja

    exit;
}
//update in 5 steps so we can reduce the load and knows errors when they occurs
$v = @unserialize($config['new_version']);
if (!version_compare(strtolower(KLEEJA_VERSION), strtolower($v['version_number']), '<')) {
    //kleeja_admin_err($lang['U_LAST_VER_KLJ']);
}
#security vars
$H_FORM_KEYS = kleeja_add_form_key('adm_aupdate');
$GET_FORM_KEY = kleeja_add_form_key_get('adm_aupdate');
$current_step = isset($_GET['astep']) ? preg_match('![a-z0-9_]!i', trim($_GET['astep'])) ? trim($_GET['astep']) : 'general' : 'general';
$action = basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&amp;astep=' . $current_step;
if ($current_step != 'general') {
    //check _GET Csrf token
    //remember to add token at every m=? request !
    if (!kleeja_check_form_key_get('adm_aupdate')) {
        kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php'), 2);
    }
}
include PATH . 'includes/update.php';
//for style ..
$stylee = 'admin_aupdate';
//$action = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') .'&amp;sty_t=style_orders';
//class
$ups = new kupdate();
$is_ftp_supported = $ups->is_ftp_supported;
$ftp_info = array('host', 'user', 'pass', 'path', 'port');
if (!empty($config['ftp_info'])) {
    $ftp_info = @unserialize($config['ftp_info']);
} else {
    //todo : make sure to figure this from OS, and some other things

Ejemplo n.º 6

Archivo: logout.php Proyecto: omtim/kleeja

<?php

/**
*
* @package adm
* @version $Id: logout.php 2236 2013-11-30 10:07:23Z saanina $
* @copyright (c) 2007 Kleeja.com
* @license http://www.kleeja.com/license
*
*/
// not for directly open
if (!defined('IN_ADMIN')) {
    exit;
}
//check _GET Csrf token
if (!kleeja_check_form_key_get('GLOBAL_FORM_KEY')) {
    kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH), 2);
}
//remove just the administator session
if ($usrcp->logout_cp()) {
    redirect($config['siteurl']);
    $SQL->close();
    exit;
}