/**
  * Comment object constructor
  *
  * @param database $db
  * @return privileges
  * @access public
  */
 function privileges(&$db, $gid)
 {
     global $my;
     $this->gid = intval($this->escapeString($gid));
     if (isset($my->gids) && $my->gid == $gid) {
         $db->setQuery("SELECT priv_upload, priv_editmedium, priv_delmedium, priv_creategal, priv_editgal, priv_delgal " . " FROM #__zoom_priv WHERE gid IN (" . $this->escapeString($my->gids) . ")");
     } else {
         $db->setQuery("SELECT priv_upload, priv_editmedium, priv_delmedium, priv_creategal, priv_editgal, priv_delgal " . " FROM #__zoom_priv WHERE gid = '{$this->gid}'");
     }
     $result = $db->query();
     while ($row = mysql_fetch_object($result)) {
         foreach ($row as $priv => $value) {
             if ($value) {
                 $this->{$priv} = $value;
             }
         }
     }
 }
Ejemplo n.º 2
0
function send_mail($to_email, $to_name, $subject, $content, $from_name = '')
{
    $table = array("account");
    $db = new database();
    $query = $db->createQueryAll($table);
    $db->setQuery($query);
    $result1 = $db->loadAllRow();
    //var_dump($result1);
    $pass = encrypt_decrypt('decrypt', $result1[0]['pass']);
    //var_dump($pass);
    //tài khoản gmail dùng để gửi mail
    $from_email = $result1[0]['name'];
    // Reply to this email
    $from_email_pass = $pass;
    return send_gmail($from_email, $from_email_pass, $to_email, $to_name, $subject, $content, $from_name);
}
Ejemplo n.º 3
0
 $configArray['DBpassword'] = $DBpassword;
 $configArray['DBname'] = $DBname;
 $configArray['DBPort'] = $DBPort;
 $configArray['DBPrefix'] = $DBPrefix;
 $sql = "CREATE DATABASE `{$DBname}`";
 $mysql_result = mysql_query($sql);
 $test = mysql_errno();
 if ($test != 0 && $test != 1007) {
     db_err("stepBack", "A database error occurred: " . mysql_error());
 }
 // db is now new or existing, create the db object connector to do the serious work
 $DBserver = $DBPort ? "{$DBhostname}:{$DBPort}" : "{$DBhostname}";
 $database = new database($DBserver, $DBuserName, $DBpassword, $DBname, $DBPrefix);
 // delete existing mos table if requested
 if ($DBDel) {
     $database->setQuery("SHOW TABLES FROM `{$DBname}`");
     $errors = array();
     if ($tables = $database->loadResultArray()) {
         foreach ($tables as $table) {
             if ($DBPrefix) {
                 if (strpos($table, $DBPrefix) === 0) {
                     if ($DBBackup) {
                         $butable = str_replace($DBPrefix, $BUPrefix, $table);
                         $database->setQuery("DROP TABLE IF EXISTS `{$butable}`");
                         $database->query();
                         if ($database->getErrorNum()) {
                             $errors[$database->getQuery()] = $database->getErrorMsg();
                         }
                         $database->setQuery("RENAME TABLE `{$table}` TO `{$butable}`");
                         $database->query();
                         if ($database->getErrorNum()) {
Ejemplo n.º 4
0
 }
 // Does this code actually do anything???
 $configArray['DBhostname'] = $DBhostname;
 $configArray['DBuserName'] = $DBuserName;
 $configArray['DBpassword'] = $DBpassword;
 $configArray['DBname'] = $DBname;
 $configArray['DBPrefix'] = $DBPrefix;
 $sql = "CREATE DATABASE `{$DBname}`";
 $mysql_result = mysql_query($sql);
 $test = mysql_errno();
 if ($test != 0 && $test != 1007) {
     db_err("stepBack", "访问数据库出错: " . mysql_error());
 }
 // db is now new or existing, create the db object connector to do the serious work
 $database = new database($DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix);
 $database->setQuery("set names 'gb2312'");
 // set charset
 $database->query();
 // kilin did it
 // delete existing mos table if requested
 if ($DBDel) {
     $database->setQuery("SHOW TABLES FROM {$DBname}");
     $errors = array();
     if ($tables = $database->loadResultArray()) {
         foreach ($tables as $table) {
             if (strpos($table, $DBPrefix) === 0) {
                 if ($DBBackup) {
                     $butable = str_replace($DBPrefix, $BUPrefix, $table);
                     $database->setQuery("DROP TABLE IF EXISTS {$butable}");
                     $database->query();
                     if ($database->getErrorNum()) {
    public static function run()
    {
        if (!isset($_POST['expr'])) {
            $_POST['expr'] = "";
        }
        if (!isset($_POST['evaltype'])) {
            $_POST['evaltype'] = "none";
        }
        // include("udf_phpdump.php");
        $_POST['expr'] = rtrim(stripslashes(stripslashes($_POST['expr'])));
        ?>

    <form action="<?php 
        echo bfTools::ME();
        ?>
" method="post">
        PHP Expression:
        <table width="100%">
            <tr valign="top">
                <td width="10%"><label><input type="radio" name="evaltype"
                                              value="none" accesskey="n" tabindex="3"
                    <?php 
        if ($_POST['evaltype'] == "none") {
            echo ' checked="checked"';
        }
        ?>
 />
                    <span style="text-decoration: underline">n</span>one</label><br/>
                    <label><input type="radio" name="evaltype" value="echo"
                                  accesskey="n" tabindex="4"
                        <?php 
        if (!isset($_POST['submit']) or $_POST['evaltype'] == "echo") {
            echo ' checked="checked"';
        }
        ?>
 />
                        e<span style="text-decoration: underline">c</span>ho</label><br/>
                    <label><input type="radio" name="evaltype" value="vardump"
                                  accesskey="v" tabindex="5"
                        <?php 
        if ($_POST['evaltype'] == "vardump") {
            echo ' checked="checked"';
        }
        ?>
 />
                        <span style="text-decoration: underline">v</span>ardump</label><br/>
                    <label><input type="radio" name="evaltype" value="phpdump"
                                  accesskey="d" tabindex="6"
                        <?php 
        if ($_POST['evaltype'] == "phpdump") {
            echo ' checked="checked"';
        }
        ?>
 />
                        php<span style="text-decoration: underline">d</span>ump</label><br/>
                    <label><input type="radio" name="evaltype" value="dbclasscreator"
                                  accesskey="d" tabindex="7"
                        <?php 
        if ($_POST['evaltype'] == "dbclasscreator") {
            echo ' checked="checked"';
        }
        ?>
 />
                        <span style="text-decoration: underline">d</span>bclasscreator</label><br/>
                    <label><input type="radio" name="evaltype" value="loadObjectList"
                                  accesskey="l" tabindex="7"
                        <?php 
        if ($_POST['evaltype'] == "loadObjectList") {
            echo ' checked="checked"';
        }
        ?>
 />
                        <span style="text-decoration: underline">l</span>oadObjectList</label><br/>
                    <label><input type="radio" name="evaltype" value="md5" accesskey="m"
                                  tabindex="7"
                        <?php 
        if ($_POST['evaltype'] == "md5") {
            echo ' checked="checked"';
        }
        ?>
 />
                        <span style="text-decoration: underline">m</span>d5</label><br/> <label><input
                            type="radio" name="evaltype" value="passthru" accesskey="p"
                            tabindex="8"
                        <?php 
        if ($_POST['evaltype'] == "passthru") {
            echo ' checked="checked"';
        }
        ?>
 />
                        <span style="text-decoration: underline">p</span>assthru</label><br/>
                    <label><input type="radio" name="evaltype" value="wget"
                                  accesskey="w" tabindex="9"
                        <?php 
        if ($_POST['evaltype'] == "wget") {
            echo ' checked="checked"';
        }
        ?>
 />
                        <span style="text-decoration: underline">w</span>get</label><br/>

                </td>
                <td width="92%"><textarea rows="5" cols="45" name="expr"
                                          accesskey="e" tabindex="1"
                                          style="width: 90%"><?php 
        echo htmlspecialchars($_POST['expr']);
        ?>
</textarea>
                </td>
            </tr>
            <tr>
                <td>&nbsp;</td>
                <td><input type="submit" name="submit" value="  Evaluate  "
                           tabindex="2"/></td>
            </tr>
        </table>
    </form>

    <?php 
        if (strlen($_POST['expr'])) {
            switch ($_POST['evaltype']) {
                case "echo":
                    $_POST['expr'] = "echo " . $_POST['expr'];
                    break;
                case "vardump":
                    $_POST['expr'] = "var_dump(" . $_POST['expr'] . ")";
                    break;
                case "phpdump":
                    $_POST['expr'] = "phpdump(" . $_POST['expr'] . ")";
                    break;
                case "md5":
                    $_POST['expr'] = "echo md5('" . $_POST['expr'] . "')";
                    break;
                case "passthru":
                    $_POST['expr'] = "passthru('" . $_POST['expr'] . "')";
                    break;
                case "wget":
                    $_POST['expr'] = "passthru('wget " . $_POST['expr'] . "')";
                    break;
                case "loadObjectList":
                    include 'database.php';
                    // $database = new
                    // database('localhost','root','root','componentsdev','jos');
                    $database->setQuery($_POST['expr']);
                    echo '<pre style="background-color: #EEE; padding: 0.5em; overflow: auto;">';
                    print_R($database->loadObjectList());
                    echo "</pre>";
                    die;
                    break;
                case "dbclasscreator":
                    include 'database.php';
                    // $database = new
                    // database('localhost','root','root','componentsdev','jos');
                    $dbname = explode('.', $_POST['expr']);
                    $e = explode('_', $dbname[1]);
                    $prefix = $e[0] . '_';
                    $db = new database('localhost', 'root', 'root', $dbname[0], $prefix);
                    $db->setQuery('DESCRIBE ' . $dbname[1]);
                    $fields = $db->loadObjectList();
                    $str = array();
                    $str[] = 'class CLASSNAME extends mosDBTable {';
                    $str[] = '';
                    $_tbl_key = $fields[0]->Field;
                    foreach ($fields as $field) {
                        $str[] = "\t" . 'var $' . $field->Field . '=null;';
                    }
                    $str[] = '';
                    $str[] = "\t" . 'function CLASSNAME() {';
                    $str[] = "\t" . "\t" . 'global $database;';
                    $dbname[1] = str_replace('jos_', '', $dbname[1]);
                    $dbname[1] = str_replace('mos_', '', $dbname[1]);
                    $str[] = "\t" . "\t" . '$this->mosDBTable( "#__' . $dbname[1] . '", "' . $_tbl_key . '", $database );';
                    $str[] = "\t" . '}';
                    $str[] = '}';
                    $text = implode("\n", $str);
                    echo '<pre style="background-color: #EEE; padding: 0.5em; overflow: auto;">';
                    print_R($text);
                    echo "</pre>";
                    break;
                default:
                    break;
            }
            if (substr($_POST['expr'], -1) != ";") {
                $_POST['expr'] .= ";";
            }
            echo '<pre style="background-color: #EEE; padding: 0.5em; overflow: auto;">';
            eval($_POST['expr']);
            echo "</pre>";
        }
    }
Ejemplo n.º 6
0
 function MakePass()
 {
     $uid = JSYS_Utils::getParam('user_id', 0, 'integer', false);
     $npass = JSYS_Utils::getParam('new_password', '', 'string', false);
     if (!$npass || !$uid) {
         echo "Bad or empty password";
         return;
     }
     $conf = 'configuration.php';
     if (!file_exists($conf)) {
         echo "Joomla Configuration File not found. Cannot connect to the database";
     }
     require_once $conf;
     classCreator::createDatabase();
     $database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix, false);
     $database->setQuery("UPDATE #__users SET password='******' WHERE id='{$uid}'");
     $database->query();
     echo "The new password is {$npass}";
 }
Ejemplo n.º 7
0
 $database = new database($DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix);
 $databasehist = new database($DBhostname, $DBuserName, $DBpassword, $DBHistname, $DBPrefix);
 // delete existing mos table if requested
 if ($DBDel) {
     $database->setQuery("SHOW TABLES FROM `{$DBname}`");
     $errors = array();
     if ($tables = $database->loadResultArray()) {
         foreach ($tables as $table) {
             $database->setQuery("DROP TABLE IF EXISTS `{$table}`");
             $database->query();
             if ($database->getErrorNum()) {
                 $errors[$database->getQuery()] = $database->getErrorMsg();
             }
         }
     }
     $databasehist->setQuery("SHOW TABLES FROM `{$DBname}`");
     $errors = array();
     if ($tables = $databasehist->loadResultArray()) {
         foreach ($tables as $table) {
             $databasehist->setQuery("DROP TABLE IF EXISTS `{$table}`");
             $databasehist->query();
             if ($databasehist->getErrorNum()) {
                 $errors[$databasehist->getQuery()] = $databasehist->getErrorMsg();
             }
         }
     }
 }
 populate_db($DBname, $DBPrefix, 'knomos.sql');
 populate_db($DBHistname, $DBPrefix, 'knomos_hist.sql');
 if ($DBSample) {
     populate_db($DBname, $DBPrefix, 'sample_data.sql');
Ejemplo n.º 8
0
    function getSuggestions($keyword)
    {
        //get DB
        if (defined('_JEXEC')) {
            $dbi =& JDatabase::getInstance(array('driver' => DB_DRIVER, 'host' => DB_HOST, 'user' => DB_USER, 'password' => DB_PASSWORD, 'database' => DB_DATABASE, 'prefix' => DB_PREFIX));
        } else {
            $dbi = new database(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE, DB_PREFIX, DB_OFFLINE);
        }
        // escape the keyword string
        if (get_magic_quotes_gpc()) {
            //Addded by AW
            $keyword = stripslashes($keyword);
        }
        $keyword = addcslashes(mysql_real_escape_string($keyword), "%_");
        //$patterns = array('/\s+/', '/"+/', '/%+/');
        //$replace = array('');
        //$keyword = preg_replace($patterns, $replace, $keyword);
        // build the SQL query that gets the matching functions from the database
        $tit = "title";
        $id = "id";
        $link = "link";
        // execute the SQL query
        $output = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>';
        $output .= '<response>';
        $filter = '=""';
        if ($keyword != '') {
            $filter = ' LIKE "' . $keyword . '%"';
        }
        // if the keyword is empty build a SQL query that will return no results
        $query = '';
        if (defined('_JEXEC')) {
            $query = 'SELECT ' . $tit . ',' . $link . ',' . $id . '
			 FROM
			(SELECT c.' . $tit . ' ,m.' . $link . ',m.id,c.created
			FROM #__content c
			JOIN
			(
			 SELECT  ' . $link . ',' . $id . ' 
			 FROM #__menu
			 WHERE ' . $link . ' like "index.php?option=com_content&view=article&id=%"
			 AND published = 1
			
			) as m on m.' . $link . ' = concat("index.php?option=com_content&view=article&id=",c.' . $id . ')
			WHERE  c.' . $tit . $filter . '
					
			UNION 
			
			SELECT c.' . $tit . ' ,concat("index.php?option=com_content&amp;view=article&amp;id=",cast(c.' . $id . ' as char(11))) as link ,0 as id,c.created
			FROM #__content c
			LEFT JOIN
			(
			 SELECT  ' . $link . ',' . $id . ' 
			 FROM #__menu
			 WHERE ' . $link . ' like "index.php?option=com_content&view=article&id=%"
			 AND published = 1
			
			) as m on m.' . $link . ' = concat("index.php?option=com_content&view=article&id=",c.' . $id . ')
			WHERE  c.' . $tit . $filter . '
			AND m.' . $id . ' is null
			AND c.sectionid = 0
			AND c.catid = 0
			AND c.state = 1
			
			UNION 
		
			SELECT i.' . $tit . ' as title,concat("index.php?option=com_content&amp;view=article&amp;id=",cast(i.' . $id . ' as char(11)))
			 as link, IFNULL(ms.' . $id . ' ,mc.' . $id . ' ) as id,i.created
			 FROM #__content AS i
			 JOIN #__sections AS s ON i.sectionid = s.' . $id . '
			 LEFT JOIN #__menu AS ms ON 
			 ms.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ')
			OR ms.' . $link . ' =  concat("index.php?option=com_content&view=section&id=",s.' . $id . ')
			 JOIN #__categories AS c ON i.catid = c.' . $id . '
			 LEFT JOIN #__menu AS mc ON
			 mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
			OR mc.' . $link . ' =  concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
			 
			 WHERE (ms.id is not null or mc.id is not null)
			AND (ms.published = 1 or mc.published=1)
			 AND i.' . $tit . $filter . '
					 
			UNION   
			
			select i.' . $tit . ',concat("index.php?option=com_content&amp;view=article&amp;id=",cast(i.' . $id . ' as char(11))) as link, 0 as id,i.created
			 FROM #__content i
			 LEFT join #__menu  m on m.link = concat("index.php?option=com_content&view=article&id=",i.' . $id . ')
			 JOIN #__sections AS s ON i.sectionid = s.' . $id . '
			 LEFT JOIN #__menu AS ms ON 
			 ms.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ')
				OR ms.' . $link . ' =  concat("index.php?option=com_content&view=section&id=",s.' . $id . ')
			 JOIN #__categories AS c ON i.catid = c.' . $id . '
			 LEFT JOIN #__menu AS mc ON
			 mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
			 OR mc.' . $link . ' =  concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
			 
			 WHERE m.' . $id . ' is null
			 AND ms.' . $id . ' is null 
			 AND mc.' . $id . ' is null
			 AND state = 1
			 AND i.' . $tit . $filter . '
			 
			UNION
			 
			SELECT IFNULL(s.' . $tit . ',c.' . $tit . '),m.link,m.id,"0000-00-00 00:00:00" as created
			 FROM #__menu AS m 
			 LEFT JOIN #__sections AS s ON
			 m.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ')
				OR m.' . $link . ' =  concat("index.php?option=com_content&view=section&id=",s.' . $id . ')
		 
			 LEFT JOIN #__categories AS c ON
			 m.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
			OR m.' . $link . ' =  concat("iindex.php?option=com_content&view=category&id=",c.' . $id . ')
					 
			 WHERE (s.id is not null or c.id is not null)
			AND m.published = 1
			AND IFNULL(s.' . $tit . ',c.' . $tit . ') ' . $filter . '
		 
			 UNION 
		 
		 
			 SELECT s.' . $tit . ',concat("index.php?option=com_content&amp;view=section&amp;id=",cast(s.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
			 FROM #__sections AS s 
			 LEFT JOIN #__menu AS m ON
			 m.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ')
			 OR m.' . $link . ' =  concat("index.php?option=com_content&view=section&id=",s.' . $id . ')
		 
				WHERE m.id is null
			   AND s.published = 1
			   AND s.' . $tit . $filter . '
		 
			   UNION
		 
			SELECT c.title,concat("index.php?option=com_content&amp;view=category&amp;id=",cast(c.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
			 FROM #__categories AS c 
			 LEFT JOIN #__menu AS m ON
			 m.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
			OR m.' . $link . ' =  concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
					 
			WHERE m.id is null
				AND c.published = 1
			AND c.section REGEXP "^[0-9]+$"
			AND c.' . $tit . $filter . '
	
			 ORDER BY created desc) a
			 WHERE ' . $tit . $filter;
        } else {
            $query = 'SELECT ' . $tit . ',' . $link . ',' . $id . '
		 FROM
		(SELECT c.' . $tit . ' ,m.' . $link . ',m.id,c.created
		FROM #__content c
		JOIN
		(
		 SELECT componentid,' . $link . ',' . $id . ' 
		 FROM #__menu
		 WHERE type in ("content_item_link","content_typed")
		 AND published = 1
		
		) as m on m.' . $link . ' = concat("index.php?option=com_content&task=view&id=",c.' . $id . ')
		WHERE  c.' . $tit . $filter . '
		
		union
		
		SELECT c.' . $tit . ' ,concat("index.php?option=com_content&amp;task=view&amp;id=",cast(c.' . $id . ' as char(11))) as link ,0 as id,c.created
		FROM #__content c
		LEFT JOIN
		(
		 SELECT  ' . $link . ',' . $id . ' 
		 FROM #__menu
		 WHERE type in ("content_item_link","content_typed")
		 AND published = 1
		
		) as m on m.' . $link . ' = concat("index.php?option=com_content&task=view&id=",c.' . $id . ')
		WHERE  m.' . $id . ' is null
		AND c.sectionid = 0
		AND c.catid = 0
		AND	c.' . $tit . $filter . '
		
		union
		
		SELECT i.' . $tit . ' as title,concat("index.php?option=com_content&amp;task=view&amp;id=",cast(i.' . $id . ' as char(11)))
		 as link, IFNULL(ms.' . $id . ' ,mc.' . $id . ' ) as id,i.created
		 FROM #__content i
		 LEFT JOIN #__sections AS s ON i.sectionid = s.' . $id . '
		 LEFT JOIN #__menu AS ms ON ms.componentid = s.' . $id . '
		 LEFT JOIN #__categories AS c ON i.catid = c.' . $id . '
		 LEFT JOIN #__menu AS mc ON mc.componentid = c.' . $id . '
		 WHERE ( ms.type IN ( "content_section", "content_blog_section" ) OR mc.type IN ( "content_blog_category", "content_category" ) )
		 AND ms.published = 1 or mc.published=1
		 AND  i.' . $tit . $filter . '
		
		union
		
		select uc.' . $tit . ',concat("index.php?option=com_content&amp;task=view&amp;id=",cast(uc.' . $id . ' as char(11))) as link,um.' . $id . ',uc.created
		FROM #__content uc
		JOIN #__menu um on um.componentid = uc.' . $id . '
		WHERE type = "url"
		AND um.published = 1
		AND ' . $link . ' LIKE "index.php?%"
		AND  uc.' . $tit . $filter . '
		
		union
		
		select i.' . $tit . ',concat("index.php?option=com_content&amp;task=view&amp;id=",cast(i.' . $id . ' as char(11))) as link, 0 as id,i.created
		from #__content i
		LEFT join #__menu  m on m.link = concat("index.php?option=com_content&task=view&id=",i.' . $id . ')
		LEFT join #__menu um on um.componentid = i.' . $id . '
		LEFT JOIN #__sections AS s ON i.sectionid = s.' . $id . '
		LEFT JOIN #__menu AS ms ON ms.componentid = s.' . $id . '
		AND ms.type IN ( "content_section", "content_blog_section" )
		LEFT JOIN #__categories AS c ON i.catid = c.' . $id . '
		LEFT JOIN #__menu AS mc ON mc.componentid = c.' . $id . '
		AND mc.type IN ( "content_blog_category", "content_category" )
		WHERE m.' . $id . ' is null
		AND um.' . $id . ' is null
		AND ms.' . $id . ' is null and mc.id is null
		AND state = 1
		AND  i.' . $tit . $filter . '
		 
		union
		 
		SELECT IFNULL(s.' . $tit . ',c.' . $tit . '),m.link,m.id,"0000-00-00 00:00:00" as created
		FROM #__menu AS m 
		LEFT JOIN #__sections AS s ON m.componentid = s.' . $id . '
		LEFT JOIN #__categories AS c ON m.componentid = c.' . $id . '
	 	WHERE m.type IN ( "content_section", "content_blog_section" ,"content_blog_category", "content_category" ) 
     	AND m.published = 1
     	AND IFNULL(s.' . $tit . ',c.' . $tit . ') ' . $filter . '
	    
	    union
	    
	
	    SELECT s.' . $tit . ',concat("index.php?option=com_content&amp;view=section&amp;id=",cast(s.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
		FROM #__sections AS s 
		LEFT JOIN #__menu AS m ON m.componentid = s.' . $id . '
		AND m.type IN ( "content_section", "content_blog_section" )
    	WHERE m.id is null
    	AND s.published = 1
     	AND s.' . $tit . $filter . '
     
    	union
     
    	SELECT c.title,concat("index.php?option=com_content&amp;view=category&amp;id=",cast(c.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
		FROM #__categories AS c 
		LEFT JOIN #__menu AS m ON m.componentid = c.' . $id . '
		AND m.type IN ( "content_blog_category", "content_category" )
		WHERE m.id is null
     	AND c.published = 1
		AND c.section REGEXP "^[0-9]+$"
     	AND c.' . $tit . $filter . '
		ORDER BY created desc) a
		WHERE ' . $tit . $filter;
        }
        // execute the SQL query
        //get DB intstance
        $dbi->setQuery($query);
        $rows = $dbi->loadAssocList();
        // if we have results, loop through them and add them to the output
        if ($rows) {
            foreach ($rows as $row) {
                //$output .= '<name>' . '<![CDATA[' . htmlentities($row[$tit], ENT_QUOTES) . ']]>' . '</name>';
                $output .= '<name>' . '<![CDATA[' . $row[$tit] . ']]>' . '</name>';
                $output .= '<pid>' . $row[$id] . '</pid>';
                $output .= '<link>' . '<![CDATA[' . $row[$link] . ']]>' . '</link>';
            }
        }
        // add debug information
        // $output .= '<query>' . 	 $query . '</query>';
        $output .= '<error>' . $dbi->getErrorMsg() . '</error>';
        // add the final closing tag
        $output .= '</response>';
        // return the results
        return $output;
    }
Ejemplo n.º 9
0
Archivo: index3.php Proyecto: cwcw/cms
$no_html = strtolower(trim(mosGetParam($_REQUEST, 'no_html', '')));
if ($option == 'logout') {
    require 'logout.php';
    exit;
}
// restore some session variables
$my = new mosUser($database);
$my->id = mosGetParam($_SESSION, 'session_user_id', '');
$my->username = mosGetParam($_SESSION, 'session_username', '');
$my->usertype = mosGetParam($_SESSION, 'session_usertype', '');
$my->gid = mosGetParam($_SESSION, 'session_gid', '');
$session_id = mosGetParam($_SESSION, 'session_id', '');
$logintime = mosGetParam($_SESSION, 'session_logintime', '');
// check against db record of session
if ($session_id == md5($my->id . $my->username . $my->usertype . $logintime)) {
    $database->setQuery("SELECT * FROM #__session" . "\nWHERE session_id='{$session_id}'");
    if (!($result = $database->query())) {
        echo $database->stderr();
    }
    if ($database->getNumRows($result) != 1) {
        echo "<script>document.location.href='index.php'</script>\n";
        exit;
    }
} else {
    echo "<script>document.location.href='index.php'</script>\n";
    exit;
}
// update session timestamp
$current_time = time();
$database->setQuery("UPDATE #__session SET time='{$current_time}'" . "\nWHERE session_id='{$session_id}'");
$database->query();
 /**
  * Sets the SQL query string for later execution.
  *
  * This function replaces a string identifier $prefix with the
  * string held is the $this->getPrefix() class variable.
  *
  * @param string $sql     The SQL query (casted to (string) )
  * @param int    $offset  The offset to start selection
  * @param int    $limit   The number of results to return
  * @param string $prefix  The common table prefix search for replacement string
  */
 function setQuery($sql, $offset = 0, $limit = 0, $prefix = '#__')
 {
     $sql = (string) $sql;
     if (in_array(checkJversion('product'), array('Mambo', 'Elxis', 'MiaCMS'))) {
         if ($offset || $limit) {
             $sql .= " LIMIT ";
             if ($offset) {
                 $sql .= (int) abs($offset) . ', ';
             }
             $sql .= (int) abs($limit);
         }
         $this->_db->setQuery($sql, $prefix);
     } else {
         $this->_db->setQuery($sql, (int) abs($offset), (int) abs($limit), $prefix);
     }
 }
Ejemplo n.º 11
0
/**
* @version $Id: pollwindow.php,v 1.1 2004/09/27 08:04:38 dappa Exp $
* @package Mambo_4.5.1
* @copyright (C) 2000 - 2004 Miro International Pty Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
* Mambo is Free Software
*/
/** Set flag that this is a parent file */
define("_VALID_MOS", 1);
require_once "../includes/auth.php";
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$database->debug($mosConfig_debug);
$pollid = mosGetParam($_REQUEST, 'pollid', 0);
$css = mosGetParam($_REQUEST, 't', '');
$database->setQuery("SELECT title FROM #__polls WHERE id='{$pollid}'");
$title = $database->loadResult();
$database->setQuery("SELECT text FROM #__poll_data WHERE pollid='{$pollid}' order by id");
$options = $database->loadResultArray();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
	<title><?php 
echo $adminLanguage->A_TITLE_PPRE;
?>
</title>
	<link rel="stylesheet" href="../../templates/<?php 
echo $css;
?>
/css/template_css.css" type="text/css">
Ejemplo n.º 12
0
Archivo: index.php Proyecto: cwcw/cms
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$database->debug($mosConfig_debug);
$acl = new gacl_api();
$option = mosGetParam($_REQUEST, 'option', null);
// mainframe is an API workhorse, lots of 'core' interaction routines
$mainframe = new mosMainFrame($database, $option, '..', true);
if (isset($_POST['submit'])) {
    /** escape and trim to minimise injection of malicious sql */
    $usrname = $database->getEscaped(trim(mosGetParam($_POST, 'usrname', '')));
    $pass = $database->getEscaped(trim(mosGetParam($_POST, 'pass', '')));
    if (!$pass) {
        echo "<script>alert('" . $adminLanguage->A_ALERT_ENTER_PASSWORD . "'); document.location.href='index.php';</script>\n";
    } else {
        $pass = md5($pass);
    }
    $database->setQuery("SELECT COUNT(*)" . "\nFROM #__users" . "\nWHERE (usertype='administrator' OR usertype='superadministrator')");
    $count = intval($database->loadResult());
    if ($count < 1) {
        echo "<script>alert(\"" . _LOGIN_NOADMINS . "\"); window.history.go(-1); </script>\n";
        exit;
    }
    $database->setQuery("SELECT * FROM #__users WHERE username='******' AND block='0'");
    $my = null;
    $database->loadObject($my);
    /** find the user group (or groups in the future) */
    $grp = $acl->getAroGroup($my->id);
    $my->gid = $grp->group_id;
    $my->usertype = $grp->name;
    if ($my->id) {
        if (strcmp($my->password, $pass) || !$acl->acl_check('administration', 'login', 'users', $my->usertype)) {
            echo "<script>alert('" . $adminLanguage->A_ALERT_INCORRECT . "'); document.location.href='index.php';</script>\n";
Ejemplo n.º 13
0
/**
* @version $Id: modulewindow.php,v 1.2 2004/10/11 03:36:33 dappa Exp $
* @package Mambo_4.5.1
* @copyright (C) 2000 - 2004 Miro International Pty Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
* Mambo is Free Software
*/
/** Set flag that this is a parent file */
define("_VALID_MOS", 1);
require_once '../includes/auth.php';
include_once $mosConfig_absolute_path . '/language/' . $mosConfig_lang . '.php';
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$database->debug($mosConfig_debug);
$title = mosGetParam($_REQUEST, 'title', 0);
$css = mosGetParam($_REQUEST, 't', '');
$database->setQuery("SELECT * FROM #__modules WHERE title='{$title}'");
$row = null;
$database->loadObject($row);
$pat = "src=images";
$replace = "src=../../images";
$pat2 = "\\\\'";
$replace2 = "'";
$content = eregi_replace($pat, $replace, $row->content);
$content = eregi_replace($pat2, $replace2, $row->content);
$title = eregi_replace($pat2, $replace2, $row->title);
$iso = split('=', _ISO);
// xml prolog
echo '<?xml version="1.0" encoding="' . $iso[1] . '"?' . '>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
Ejemplo n.º 14
0
 /**
  * Tests connection to a MySQL database using the provided settings
  *
  * @param string $host MySQL server's hostname
  * @param string $port MySQL server's port
  * @param string $user MySQL server's username
  * @param string $pass MySQL server's password
  * @param string $database MySQL database
  * @return boolean|string True on success, error description on failure
  */
 function testConnection($host, $port, $user, $pass, $database)
 {
     $host = $host . ($port != '' ? ":{$port}" : '');
     if (!defined('_JEXEC')) {
         $database = new database($host, $user, $pass, $database, '', false);
         // A dummy SQL statement which shouldn't fail
         $sql = 'SHOW TABLES';
         $database->setQuery($sql);
         $database->query();
         // If the query failed, I guess we're not connected to the database
         if ($database->getErrorNum() != 0) {
             return false;
         }
     } else {
         jimport('joomla.database.database');
         jimport('joomla.database.table');
         $conf =& JFactory::getConfig();
         $driver = $conf->getValue('config.dbtype');
         $options = array('driver' => $driver, 'host' => $host, 'user' => $user, 'password' => $pass, 'database' => $database, 'prefix' => '');
         $database =& JDatabase::getInstance($options);
         if (JError::isError($database)) {
             return false;
         }
         if ($database->getErrorNum() > 0) {
             return false;
         }
     }
     return true;
 }
Ejemplo n.º 15
0
    function getSuggestions($keyword)
    {
        //get DB
        if (defined('_JEXEC')) {
            $dbi = JDatabase::getInstance(array('driver' => DB_DRIVER, 'host' => DB_HOST, 'user' => DB_USER, 'password' => DB_PASSWORD, 'database' => DB_DATABASE, 'prefix' => DB_PREFIX));
        } else {
            $dbi = new database(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE, DB_PREFIX, DB_OFFLINE);
        }
        // escape the keyword string
        if (get_magic_quotes_gpc()) {
            //Addded by AW
            $keyword = stripslashes($keyword);
        }
        $keyword = $dbi->getEscaped($keyword);
        //$patterns = array('/\s+/', '/"+/', '/%+/');
        //$replace = array('');
        //$keyword = preg_replace($patterns, $replace, $keyword);
        //set SQL BIG SELECT option to ensure it is set to true
        $dbi->setQuery("SET OPTION SQL_BIG_SELECTS=1");
        $dbi->query();
        // build the SQL query that gets the matching functions from the database
        $tit = "title";
        $id = "id";
        $link = "link";
        // execute the SQL query
        $output = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>';
        $output .= '<response>';
        $filter = '=""';
        if ($keyword != '') {
            $filter = ' LIKE "' . $keyword . '%"';
        }
        // if the keyword is empty build a SQL query that will return no results
        $query = '';
        if (defined('_JEXEC')) {
            $query = 'SELECT ' . $tit . ',' . $link . ',' . $id . '
			 FROM
			(SELECT c.' . $tit . ' ,m.' . $link . ',m.id,c.created
			FROM #__content c
			JOIN
			(
			 SELECT  ' . $link . ',' . $id . ' 
			 FROM #__menu
			 WHERE ' . $link . ' like "index.php?option=com_content&view=article&id=%"
			 AND published = 1
			
			) as m on m.' . $link . ' = concat("index.php?option=com_content&view=article&id=",c.' . $id . ')
			WHERE  c.' . $tit . $filter . '
				
			UNION 
		
			SELECT i.' . $tit . ' as title,concat(concat(concat("index.php?option=com_content&amp;view=article&amp;catid=",c.' . $id . '),"&amp;id="),cast(i.' . $id . ' as char(11)))
			 as link, mc.' . $id . '  as id,i.created
			 FROM #__content AS i
			 JOIN #__categories AS c ON i.catid = c.' . $id . '
			 JOIN #__menu AS mc ON
			 mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
			 OR mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
			 
			WHERE mc.published=1
			AND i.' . $tit . $filter . '
					 
			UNION   
			
			select i.' . $tit . ',concat(concat(concat("index.php?option=com_content&amp;view=article&amp;catid=",c.' . $id . '),"&amp;id="),cast(i.' . $id . ' as char(11))) as link, 0 as id,i.created
			 FROM #__content i
			 LEFT join #__menu  m on m.link = concat("index.php?option=com_content&view=article&id=",i.' . $id . ')
			 JOIN #__categories AS c ON i.catid = c.' . $id . '
			 LEFT JOIN #__menu AS mc ON
			 mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
			 OR  mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
			 
			 WHERE m.' . $id . ' is null
			 AND mc.' . $id . ' is null
			 AND state = 1
			 AND i.' . $tit . $filter . '
			 
			UNION
			 
			SELECT c.' . $tit . ',m.link,m.id,"0000-00-00 00:00:00" as created
			FROM #__menu AS m 
			JOIN #__categories AS c ON
			m.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ')
			OR m.' . $link . ' =  concat("index.php?option=com_content&view=category&id=",c.' . $id . ')
					 
			WHERE m.published = 1
			AND m.parent_id = 1
			AND c.' . $tit . $filter . '
			
			
			UNION 
		 
			SELECT c.title,concat("index.php?option=com_content&amp;view=categories&amp;id=",cast(c.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created
			FROM #__categories AS c 
			JOIN #__menu AS m ON
	 		m.' . $link . ' =  concat("index.php?option=com_content&view=categories&id=",c.' . $id . ')
			WHERE m.published = 1
			AND c.' . $tit . $filter . '
			
			ORDER BY created desc) a
			WHERE ' . $tit . $filter;
        }
        // execute the SQL query
        //get DB intstance
        $dbi->setQuery($query);
        $rows = $dbi->loadAssocList();
        // if we have results, loop through them and add them to the output
        if ($rows) {
            foreach ($rows as $row) {
                //$output .= '<name>' . '<![CDATA[' . htmlentities($row[$tit], ENT_QUOTES) . ']]>' . '</name>';
                $output .= '<name>' . '<![CDATA[' . $row[$tit] . ']]>' . '</name>';
                $output .= '<pid>' . $row[$id] . '</pid>';
                $output .= '<link>' . '<![CDATA[' . $row[$link] . ']]>' . '</link>';
            }
        }
        // add debug information
        // $output .= '<query>' . 	 $query . '</query>';
        $output .= '<error>' . $dbi->getErrorMsg() . '</error>';
        // add the final closing tag
        $output .= '</response>';
        // return the results
        return $output;
    }
Ejemplo n.º 16
0
#$appapikey = 'd8520a0693d090e98286086ffd49f76a';
#$appsecret = '681174282fd1e16189127346e7764726';
#$facebook = new Facebook($appapikey, $appsecret);
#$uid = $facebook->require_login();
// get session
require_once $CONFIG['dir']->includes . '/session.php';
// get database object
require_once $CONFIG['dir']->includes . '/database.php';
$database = new database($CONFIG['db']->host, $CONFIG['db']->user, $CONFIG['db']->pass, $CONFIG['db']->name, null);
//$database->debug( $CONFIG['site']->debug );
// check if user is logging in
if ($_REQUEST['login']) {
    // check username and password
    $user = new stdClass();
    $sql = "SELECT *\n\t\t\tFROM Users\n\t\t\tWHERE username='******'username'] . "'\n\t\t\t\tAND password='******'password'] . "'";
    $database->setQuery($sql);
    if ($database->loadObject($user)) {
        // successful login
        $GLOBALS['user'] = $user;
        // get preferences
        $GLOBALS['preferences']->regions = textarea_to_array($user->regions);
        $GLOBALS['preferences']->sites = textarea_to_array($user->sites);
        setSessionVar('uname', $user->username);
    } else {
        $err = 'Login failed. Please try again.';
    }
} else {
    if (isset($_REQUEST['logout'])) {
        // logout user
        unset($GLOBALS['user']);
        unset($GLOBALS['preferences']);
require_once $mosConfig_absolute_path . '/includes/gacl.class.php';
require_once $mosConfig_absolute_path . '/includes/gacl_api.class.php';
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$acl = new gacl_api();
if (isset($_REQUEST['uid'])) {
    $uid = intval(trim($_REQUEST['uid']));
} else {
    if (isset($_REQUEST['dnd_uid'])) {
        $uid = intval(trim($_REQUEST['dnd_uid']));
    } else {
        $uid = '0';
    }
}
$my = $mainframe->getUser();
session_start();
$database->setQuery("SELECT id, gid, username, usertype FROM #__users WHERE id={$uid}");
$row = null;
if ($database->loadObject($row)) {
    // fudge the group stuff
    $grp = $acl->getAroGroup($row->id);
    $row->gid = 1;
    if ($acl->is_group_child_of($grp->name, 'Registered', 'ARO') || $acl->is_group_child_of($grp->name, 'Public Backend', 'ARO')) {
        // fudge Authors, Editors, Publishers and Super Administrators into the Special Group
        $row->gid = 2;
    }
    $row->usertype = $grp->name;
    $my->id = intval($row->id);
    $my->username = $row->username;
    $my->usertype = $row->usertype;
    $my->gid = intval($row->gid);
}
Ejemplo n.º 18
0
Archivo: index.php Proyecto: cwcw/cms
if (file_exists('installation/index.php')) {
    include 'offline.php';
    exit;
}
/** retrieve some expected url (or form) arguments */
$option = trim(strtolower(mosGetParam($_REQUEST, 'option')));
//µÃµ½$option=$_REQUEST['option'];
$Itemid = intval(mosGetParam($_REQUEST, 'Itemid', null));
//µÃµ½$Itemid=$_REQUEST['Itemid'];
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$database->debug($mosConfig_debug);
$acl = new gacl_api();
if ($option == '') {
    if ($Itemid) {
        $query = "SELECT id, link" . "\n FROM #__menu" . "\n WHERE menutype='mainmenu'" . "\n AND id = '{$Itemid}'" . "\n AND published = '1'";
        $database->setQuery($query);
        //Ìæ»»µô#__;
    } else {
        $query = "SELECT id, link" . "\n FROM #__menu" . "\n WHERE menutype='mainmenu' AND published='1'" . "\n ORDER BY parent, ordering LIMIT 1";
        $database->setQuery($query);
        //Ìæ»»µô#__;
    }
    $menu = new mosMenu($database);
    if ($database->loadObject($menu)) {
        $Itemid = $menu->id;
    }
    $link = $menu->link;
    if (($pos = strpos($link, '?')) !== false) {
        $link = substr($link, $pos + 1) . '&Itemid=' . $Itemid;
    }
    parse_str($link, $temp);
Ejemplo n.º 19
0
 /**
  * Return an instance of JDatabase
  *
  * @return JDatabase
  */
 function _getDB()
 {
     if ($this->_isJoomla) {
         // Core Joomla! database, get the existing instance
         $db = JoomlapackAbstraction::getDatabase();
         return $db;
     } else {
         // We have to connect ourselves
         if (defined('_JEXEC')) {
             // Joomla! 1.5.x
             jimport('joomla.database.database');
             jimport('joomla.database.table');
             $conf =& JFactory::getConfig();
             $host = $this->_host . ($this->_port != '' ? ':' . $this->_port : '');
             $user = $this->_username;
             $password = $this->_password;
             $database = $this->_database;
             $prefix = '';
             $driver = $conf->getValue('config.dbtype');
             $debug = $conf->getValue('config.debug');
             $options = array('driver' => $driver, 'host' => $host, 'user' => $user, 'password' => $password, 'database' => $database, 'prefix' => $prefix);
             $db =& JDatabase::getInstance($options);
             if (JError::isError($db)) {
                 $this->_errorMessage = "JoomlapackDumperDefault :: Database Error:" . $db->toString();
                 $this->_isError = true;
                 $this->setError($this->_errorMessage);
                 return false;
             }
             if ($db->getErrorNum() > 0) {
                 $this->_errorMessage = 'JDatabase::getInstance: Could not connect to database <br/>' . 'joomla.library:' . $db->getErrorNum() . ' - ' . $db->getErrorMsg();
                 $this->_isError = true;
                 $this->setError($this->_errorMessage);
                 return false;
             }
             $db->debug($debug);
             return $db;
         } else {
             // Joomla! 1.0.x
             $host = $this->_host . ($this->_port != '' ? ':' . $this->_port : '');
             $user = $this->_username;
             $password = $this->_password;
             $database = $this->_database;
             $prefix = '';
             $db = new database($host, $user, $password, $database, $prefix, false);
             // A dummy SQL statement which shouldn't fail
             $sql = 'SHOW TABLES';
             $db->setQuery($sql);
             $db->query();
             // If the query failed, I guess we're not connected to the database
             if ($db->getErrorNum() > 0) {
                 $this->_errorMessage = 'database(): Could not connect to database <br/>' . 'joomla.library:' . $db->getErrorNum() . ' - ' . $db->getErrorMsg();
                 $this->_isError = true;
                 $this->setError($this->_errorMessage);
                 return false;
             }
             return $db;
         }
     }
 }