public function __construct()
{
parent::__construct();
$this->load->driver('auth');
$this->load->helper('auth');
if (!auth_check()) {
// put your code here for example: redirect('Testauth/deny');
// don't fotget to make 'Testauth/deny' allowed for all, else you will have infinte loop ;)
}
}
/**
* Add a comment
*
* This function will add a comment to the database
* using the credentials passed to it.
*
* @access public
* @param string $pageUrl The page url
* @param string $userName The user adding the comment
* @param string $note The note to add
* @param string $approved Is it approved ? "Default: pending"
*/
function addComment($pageUrl, $userName, $note, $approved = 'pending')
{
$user = isset($GLOBALS['auth_user']) ? $GLOBALS['auth_user']->handle : '';
if ($user) {
$sql = "\n INSERT INTO {$this->notesTableName}\n (page_url, user_name, user_handle, note_text, note_time,\n note_approved, note_approved_by, note_deleted)\n VALUES (?, ?, ?, ?, NOW(), ?, ?, 0)\n ";
// always approve pear.dev account holder comments, moderate others
$res = $this->dbc->query($sql, array($pageUrl, $userName, $user, $note, auth_check('pear.dev') ? 'yes' : $approved, auth_check('pear.dev') ? $user : ''));
} else {
$sql = "\n INSERT INTO {$this->notesTableName}\n (page_url, user_name, user_handle, note_text, note_time,\n note_approved, note_approved_by, note_deleted)\n VALUES (?, ?, ?, ?, NOW(), ?, null, 0)\n ";
$res = $this->dbc->query($sql, array($pageUrl, $userName, $user, $note, $approved));
}
if (PEAR::isError($res)) {
return $res;
}
$this->_compileComment($this->dbc->getOne('SELECT LAST_INSERT_ID()'), $note);
return true;
}
function printForm($data = array())
{
foreach (array('name', 'email', 'copy_me', 'subject', 'text') as $value) {
if (!isset($data[$value])) {
$data[$value] = '';
}
}
$form = new HTML_QuickForm2('contect', 'post', array('action' => '/account-mail.php?handle=' . htmlspecialchars($_GET['handle'])));
$form->removeAttribute('name');
// Set defaults for the form elements
$form->addDataSource(new HTML_QuickForm2_DataSource_Array(array('name' => htmlspecialchars($data['name']), 'email' => htmlspecialchars($data['email']), 'copy_me' => htmlspecialchars($data['copy_me']), 'subject' => htmlspecialchars($data['subject']), 'text' => htmlspecialchars($data['text']))));
$form->addElement('text', 'name', array('required' => 'required'))->setLabel('Y<span class="accesskey">o</span>ur Name:', 'size="40" accesskey="o"');
$form->addElement('email', 'email', array('required' => 'required'))->setLabel('Email Address:');
$form->addElement('checkbox', 'copy_me')->setLabel('CC me?:');
$form->addElement('text', 'subject', array('required' => 'required', 'size' => '80'))->setLabel('Subject:');
$form->addElement('textarea', 'text', array('cols' => 80, 'rows' => 10, 'required' => 'required'))->setLabel('Text:');
if (!auth_check('pear.dev')) {
$numeralCaptcha = new Text_CAPTCHA_Numeral();
$form->addElement('number', 'captcha', array('maxlength' => 4, 'required' => 'required'))->setLabel("What is " . $numeralCaptcha->getOperation() . '?');
$_SESSION['answer'] = $numeralCaptcha->getAnswer();
}
$form->addElement('submit', 'submit')->setLabel('Send Email');
print $form;
}
function checkUser($user)
{
global $dbh;
// It's a lead or user of the package
$query = '
SELECT m.handle
FROM packages p, maintains m
WHERE
m.handle = ? AND
p.id = m.package AND
m.role = ?';
$res = $dbh->getOne($query, array($user, 'lead'));
if ($res !== null) {
return true;
}
// Try to see if the user is an admin
return auth_check('pear.qa');
}
<?php
$sub_menu = "200200";
include_once './_common.php';
auth_check($auth[$sub_menu], 'r');
$token = get_token();
$sql_common = " from {$g5['point_table']} ";
$sql_search = " where (1) ";
if ($stx) {
$sql_search .= " and ( ";
switch ($sfl) {
case 'mb_id':
$sql_search .= " ({$sfl} = '{$stx}') ";
break;
default:
$sql_search .= " ({$sfl} like '%{$stx}%') ";
break;
}
$sql_search .= " ) ";
}
if (!$sst) {
$sst = "po_id";
$sod = "desc";
}
$sql_order = " order by {$sst} {$sod} ";
$sql = " select count(*) as cnt\n {$sql_common}\n {$sql_search}\n {$sql_order} ";
$row = sql_fetch($sql);
$total_count = $row['cnt'];
$rows = $config['cf_page_rows'];
$total_page = ceil($total_count / $rows);
// 전체 페이지 계산
$cols_name[] = array("日期", "類別", "平台/論壇", "評價層級", "問題", "問題網址", "問題回覆/解答者", "問題回覆/解答日期", "關鍵字");
//$_SESSION['report_value'] = $result;
/*echo $col++;
echo "<pre>";
print_r( $_SESSION['report_value'] );
echo "</pre>";
foreach($_SESSION['report_value'] as $rows){
foreach($rows as $key => $val ){
print_r( $rows["$key"] );
print "Key $key, Value $val\n";
}
}*/
export_xls($_SESSION['report_value'], $cols_name, "export", "export");
exit;
}
auth_check("member", false, false);
$user_id = get_login_id();
$get_member_group_sql = "SELECT group_id,name FROM plu_member WHERE account = '{$user_id}'";
$member_info = $db->get_results($get_member_group_sql, ARRAY_A);
$_SESSION['member_group'] = $member_info[0]['group_id'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CMS後台管理系統-商品服務列表</title>
<script src="js/jquery.js" type="text/javascript"></script>
<script src="js/jquery.history_remote.pack.js" type="text/javascript"></script>
<script src="js/jquery.tabs.pack.js" type="text/javascript"></script>
<script type="text/javascript">
<?php
require_once 'src/db.php';
session_start();
//make sure user is allowed
if ($_SESSION != null) {
if (!auth_check($_SESSION['email'], $_SESSION['password'])) {
session_destroy();
header('Location: index.php');
}
} else {
session_destroy();
header('Location: index.php');
}
//User is allowed!
//Check to see if user posted data
if (isset($_POST['title'])) {
if (strlen($_POST['title']) > 0) {
$title = filter_var($_POST["title"], FILTER_SANITIZE_STRING);
$tags = to_pg_array(explode(" ", filter_var($_POST['tags'], FILTER_SANITIZE_STRING)));
$visible = isset($_POST['visible']) ? 't' : 'f';
$is_on_odua = isset($_POST['is_on_odua']) ? 't' : 'f';
$content = $_POST['content'];
$name = isset($_GET['p']) ? $_GET['p'] : $title;
//Data grabed and sanatized, add to database
$dbconn = post_connect();
$query = "UPDATE blog SET title='{$title}',entry='{$content}',tags='{$tags}',visible='{$visible}',is_on_odua='{$is_on_odua}' WHERE title='{$name}';\n INSERT INTO blog (title, entry, tags, visible, is_on_odua) SELECT '{$title}', '{$content}', '{$tags}', '{$visible}', '{$is_on_odua}'\n WHERE NOT EXISTS (SELECT 1 FROM blog WHERE title='{$title}');";
$results = pg_query($dbconn, $query) or die('Query failed: ' . pg_last_error());
pg_close($dbconn);
if ($results) {
pg_free_result($results);
<?php
foreach ($inactive_channels as $channel) {
?>
<li>
<a href="<?php
print $channel['project_link'];
?>
" title="<?php
print $channel['name'];
?>
"><?php
print $channel['project_label'];
?>
</a>
<?php
if (auth_check('pear.admin')) {
?>
(<a href="edit.php?channel=<?php
print $channel['name'];
?>
">edit</a>)<?php
}
?>
</li>
<?php
}
?>
</ul>
<?php
}
?>
/**
* Generates and returns the notes comments HTML.
*
* @param string $uri Manual page id
*
* @return string HTML
*/
function getComments($uri)
{
$output = '';
require_once 'notes/ManualNotes.class.php';
$manualNotes = new Manual_Notes();
$comments = $manualNotes->getPageComments($uri, auth_check('pear.dev'));
if (empty($comments)) {
$output .= 'There are no user contributed notes for this page.';
}
foreach ($comments as $comment) {
$manualNotes->display($comment);
}
return $output;
}
$maintain = !empty($_GET['maintain']) ? $_GET['maintain'] : '';
$bug_type = !empty($_GET['bug_type']) && $_GET['bug_type'] != 'All' ? $_GET['bug_type'] : '';
$boolean_search = isset($_GET['boolean']) ? (int) $_GET['boolean'] : 0;
define('BOOLEAN_SEARCH', $boolean_search);
$package_name = isset($_GET['package_name']) && is_array($_GET['package_name']) ? $_GET['package_name'] : array();
$package_nname = isset($_GET['package_nname']) && is_array($_GET['package_nname']) ? $_GET['package_nname'] : array();
if (isset($_GET['cmd']) && $_GET['cmd'] == 'display') {
$query = 'SELECT SQL_CALC_FOUND_ROWS bugdb.*, ' . ' TO_DAYS(NOW())-TO_DAYS(bugdb.ts2) AS unchanged FROM bugdb' . ' LEFT JOIN packages ON packages.name = bugdb.package_name';
if ($maintain != '' || $handle != '') {
$query .= ' LEFT JOIN maintains ON packages.id = maintains.package';
$query .= ' AND maintains.handle = ';
$query .= $maintain != '' ? $dbh->quoteSmart($maintain) : $dbh->quoteSmart($handle);
$query .= ' AND maintains.active = 1';
}
$where_clause = ' WHERE bugdb.registered IN(';
$where_clause .= !auth_check('pear.dev') ? '1)' : '1,0)';
if (!empty($package_name)) {
$where_clause .= ' AND bugdb.package_name';
if (count($package_name) > 1) {
$where_clause .= " IN ('" . join("', '", escapeSQL($package_name)) . "')";
} else {
$where_clause .= ' = ' . $dbh->quoteSmart($package_name[0]);
}
}
if (!empty($package_nname)) {
$where_clause .= ' AND bugdb.package_name';
if (count($package_nname) > 1) {
$where_clause .= " NOT IN ('" . join("', '", escapeSQL($package_nname)) . "')";
} else {
$where_clause .= ' <> ' . $dbh->quoteSmart($package_nname[0]);
}
function output_note($com_id, $ts, $email, $comment, $showemail = 1, $handle = null, $comment_name = null, $registered)
{
global $edit, $id, $user, $dbh;
echo '<div class="comment">';
echo '<a name="' . urlencode($ts) . '"> </a>';
echo "<strong>[", format_date($ts), "] ";
if (!$registered) {
echo 'User who submitted this comment has not confirmed identity</strong>';
if (!auth_check('pear.dev')) {
echo '<pre class="note">If you submitted this note, check your email.';
echo 'If you do not have a message, <a href="resend-request-email.php?' . 'handle=' . urlencode($handle) . "\">click here to re-send</a>\n", 'MANUAL CONFIRMATION IS NOT POSSIBLE. Write a message to <a href="mailto:' . PEAR_DEV_EMAIL . '">' . PEAR_DEV_EMAIL . '</a>' . "\n", "to request the confirmation link. All bugs/comments/patches associated with this\n\nemail address will be deleted within 48 hours if the account request is not confirmed!";
echo "</pre>\n</div>";
return;
}
} else {
if ($handle) {
echo '<a href="/user/' . $handle . '">' . $handle . "</a></strong>\n";
} else {
require_once 'bugs/pear-bugs-utils.php';
$pbu = new PEAR_Bugs_Utils();
echo $pbu->spamProtect(htmlspecialchars($email)) . "</strong>\n";
}
}
if ($comment_name && $registered) {
echo '(' . htmlspecialchars($comment_name) . ')';
}
if ($edit === 1 && $com_id !== 0 && auth_check('pear.dev')) {
echo " <a href=\"bug.php?id={$id}&edit=1&hide_comment={$com_id}\">[delete]</a>\n";
}
echo '<div class="note" style="white-space: pre-wrap; width: 60em; overflow: auto; max-height: 20em; padding: 1.0em; margin: 1.0em; background-color: rgb(240, 240, 240)">';
// This has to be done so we don't wordwrap the changeset part again
$fix = $comment;
$status = "";
$search = "</div>";
$needle = strrpos($comment, $search);
if ($needle !== false) {
$fix = substr($comment, $needle + strlen($search));
// Get from last div until end of string
$status = substr($comment, 0, $needle) . $search;
}
$comment = make_ticket_links(addlinks(clean($fix)));
$comment = $status . $comment;
echo $comment;
echo "</div>\n";
echo '</div>' . "\n";
}
if (!isset($_POST['admintag'])) {
$_POST['admintag'] = 0;
}
$errors = $manager->validateNewTag($_POST['tag'], $_POST['desc'], $_POST['admintag']);
if (!count($errors)) {
try {
if ($_POST['admintag']) {
$manager->createAdminTag($_POST['tag'], $_POST['desc']);
} else {
$manager->createRegularTag($_POST['tag'], $_POST['desc']);
}
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
}
} elseif (isset($_POST['deltag'])) {
if (isset($_POST['tags']) && is_array($_POST['tags'])) {
foreach ($_POST['tags'] as $id => $unused) {
try {
$manager->deleteTag($id);
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
}
}
}
$tags = $manager->getTags();
$tagname = isset($_POST['tag']) ? strip_tags($_POST['tag']) : '';
$desc = isset($_POST['desc']) ? $_POST['desc'] : '';
$admin = auth_check('pear.admin');
require PEARWEB_TEMPLATEDIR . '/tags/admin.tpl.php';
function auth($type, $forum_id, $ug_data, $f_access = array(), $group_perm = UG_PERM_BOTH)
{
global $lang, $bf, $datastore;
$is_guest = true;
$is_admin = false;
$auth = $auth_fields = $u_access = array();
$add_auth_type_desc = $forum_id != AUTH_LIST_ALL;
//
// Get $auth_fields
//
if ($type == AUTH_ALL) {
$auth_fields = array_keys($bf['forum_perm']);
} else {
if ($auth_type = array_search($type, $bf['forum_perm'])) {
$auth_fields = array($auth_type);
}
}
if (empty($auth_fields)) {
trigger_error(__FUNCTION__ . '(): empty $auth_fields', E_USER_ERROR);
}
//
// Get $f_access
//
// If f_access has been passed, or auth is needed to return an array of forums
// then we need to pull the auth information on the given forum (or all forums)
if (empty($f_access)) {
if (!($forums = $datastore->get('cat_forums'))) {
$datastore->update('cat_forums');
$forums = $datastore->get('cat_forums');
}
if ($forum_id == AUTH_LIST_ALL) {
$f_access = $forums['f'];
} else {
if (isset($forums['f'][$forum_id])) {
$f_access[$forum_id] = $forums['f'][$forum_id];
}
}
} else {
if (isset($f_access['forum_id'])) {
// Change passed $f_access format for later using in foreach()
$f_access = array($f_access['forum_id'] => $f_access);
}
}
if (empty($f_access)) {
trigger_error(__FUNCTION__ . '(): empty $f_access', E_USER_ERROR);
}
//
// Get user or group permissions
//
$forum_match_sql = $forum_id != AUTH_LIST_ALL ? "AND aa.forum_id = " . (int) $forum_id : '';
// GROUP mode
if (!empty($ug_data['group_id'])) {
$is_guest = false;
$is_admin = false;
$sql = "SELECT aa.forum_id, aa.forum_perm\n\t\t\tFROM " . BB_AUTH_ACCESS . " aa\n\t\t\tWHERE aa.group_id = " . (int) $ug_data['group_id'] . "\n\t\t\t\t{$forum_match_sql}";
foreach (DB()->fetch_rowset($sql) as $row) {
$u_access[$row['forum_id']] = $row['forum_perm'];
}
} else {
if (!empty($ug_data['user_id'])) {
$is_guest = empty($ug_data['session_logged_in']);
$is_admin = !$is_guest && $ug_data['user_level'] == ADMIN;
if ($group_perm != UG_PERM_BOTH) {
$group_single_user = $group_perm == UG_PERM_USER_ONLY ? 1 : 0;
$sql = "\n\t\t\t\tSELECT\n\t\t\t\t\taa.forum_id, BIT_OR(aa.forum_perm) AS forum_perm\n\t\t\t\tFROM\n\t\t\t\t\t" . BB_USER_GROUP . " ug,\n\t\t\t\t\t" . BB_GROUPS . " g,\n\t\t\t\t\t" . BB_AUTH_ACCESS . " aa\n\t\t\t\tWHERE\n\t\t\t\t\t ug.user_id = " . (int) $ug_data['user_id'] . "\n\t\t\t\t\tAND ug.user_pending = 0\n\t\t\t\t\tAND g.group_id = ug.group_id\n\t\t\t\t\tAND g.group_single_user = {$group_single_user}\n\t\t\t\t\tAND aa.group_id = g.group_id\n\t\t\t\t\t\t{$forum_match_sql}\n\t\t\t\t\tGROUP BY aa.forum_id\n\t\t\t";
foreach (DB()->fetch_rowset($sql) as $row) {
$u_access[$row['forum_id']] = $row['forum_perm'];
}
} else {
if (!$is_guest && !$is_admin) {
$sql = "SELECT SQL_CACHE aa.forum_id, aa.forum_perm\n\t\t\t\t\tFROM " . BB_AUTH_ACCESS_SNAP . " aa\n\t\t\t\t\tWHERE aa.user_id = " . (int) $ug_data['user_id'] . "\n\t\t\t\t\t\t{$forum_match_sql}";
foreach (DB()->fetch_rowset($sql) as $row) {
$u_access[$row['forum_id']] = $row['forum_perm'];
}
}
}
}
}
// If the user is logged on and the forum type is either ALL or REG then the user has access
//
// If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions
// to do whatever it is they want to do ... to do this we pull relevant information for the
// user (and any groups they belong to)
//
// Now we compare the users access level against the forums. We assume here that a moderator
// and admin automatically have access to an ACL forum, similarly we assume admins meet an
// auth requirement of MOD
//
foreach ($f_access as $f_id => $f_data) {
$auth[$f_id]['auth_mod'] = auth_check('forum_perm', 'auth_mod', $u_access, $f_id, $is_admin);
foreach ($auth_fields as $auth_type) {
if (!isset($f_data[$auth_type])) {
continue;
}
switch ($f_data[$auth_type]) {
case AUTH_ALL:
$auth[$f_id][$auth_type] = true;
break;
case AUTH_REG:
$auth[$f_id][$auth_type] = !$is_guest;
break;
case AUTH_ACL:
$auth[$f_id][$auth_type] = auth_check('forum_perm', $auth_type, $u_access, $f_id, $is_admin) || $auth[$f_id]['auth_mod'];
break;
case AUTH_MOD:
$auth[$f_id][$auth_type] = $auth[$f_id]['auth_mod'];
break;
case AUTH_ADMIN:
$auth[$f_id][$auth_type] = $is_admin;
break;
default:
$auth[$f_id][$auth_type] = false;
}
if ($add_auth_type_desc) {
$auth[$f_id][$auth_type . '_type'] =& $lang['AUTH_TYPES'][$f_data[$auth_type]];
}
}
}
return $forum_id == AUTH_LIST_ALL ? $auth : $auth[$forum_id];
}
function auth_require($admin = false)
{
global $auth_user;
$res = true;
if (!is_logged_in()) {
auth_reject();
// exits
}
$num = func_num_args();
for ($i = 0; $i < $num; $i++) {
$arg = func_get_arg($i);
$res = auth_check($arg);
if ($res == true) {
return true;
}
}
if ($res == false) {
response_header("Insufficient Privileges");
report_error("Insufficient Privileges");
response_footer();
exit;
}
return true;
}
function auth_need($domain, $did, $auth, $level = 1)
{
$flag = auth_check($domain, $did, $auth, $level);
if ($flag > 0) {
return true;
}
global $_TPL;
$_TPL['hidemenu'] = true;
switch ($flag) {
case -1:
message('并不拥有指定权限' . $auth, '警告');
break;
case -2:
message('并不拥有指定权限' . $auth . ',该权限已经被取消', '警告');
break;
case -3:
message('并不拥有指定权限' . $auth . ',授权等级不足', '警告');
break;
case 0:
message('授权操作被拒绝', '警告');
break;
}
}
<?php include_once 'error_converted_exception_handler.php'; require_once 'library.php'; auth_check();
<?php
require_once './commonAPI.php';
require_once './constantAPI.php';
require_once './auth.php';
require_once './phpError.php';
$realm = $_SERVER['SERVER_NAME'];
$authError = "";
if (!$myUser && !($myUser = auth_check($realm))) {
auth_request($realm);
} else {
header('Cache-Control: no-cache, must-revalidate');
header('Expires:' . gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600));
header('Content-type: application/json');
$jsonOutput = "{\"error\":{\"id\":\"0\",\"message\":\"no error\"}}\n";
}
$_SESSION['currentUser'] = serialize($myUser);
if ($isErrorPHP == true) {
echo $msgErrorPHP;
$_SESSION = array();
session_unset();
session_destroy();
} else {
echo $jsonOutput;
}
ini_set('default_socket_timeout', 1800);
ini_set('date.timezone', 'Asia/Chongqing');
if (function_exists('mysql_set_timeout')) {
mysql_set_timeout(99999999);
}
$db_admin_user = '******';
$db_admin_pass = '******';
$backup_user = '******';
//////////////////////////////
// Main
//////////////////////////////
$validate_arg_array = array("mode" => array("required" => 0, "value_expected" => 1, "default_val" => 'create', "help_alias" => "[ seed | statement | clean ]"), "ddl_file" => array("required" => 0, "value_expected" => 1, "help_alias" => "Required for mode statement.\n File with ALTER or CREATE statements"), "seed_tables" => array("required" => 0, "value_expected" => 1, "help_alias" => "Required for mode seed.\n Comma seperated list of tables for which schema\n should be replicated from seed db"), "seed_host" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "Required for mode seed.\n Host with example of desired table structure"), "seed_db" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "Required for mode seed.\n Schema with example of desired table structure"), "socket" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "mysqld socket file (default is to run on all)"), "dbname" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "Run on named database\n Default is all not like test, mysql, localinfo,\n snapshot%, %_restored"), "skip_fk_check" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Skip foreign key check (not advisable outside udb)"), "skip_trigger_check" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Skip trigger check (not advisable)"), "eliminate_dups" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Removes duplicate entries for PK/uniques.\n Dangerous if run on slaves before masters."), "eliminate_unused_columns" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Allows a column to be dropped if it is not\n the in the new schema"), "use_new_pk" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Use new tables PK for doing merging of data.\n This option will use more diskspace and be slower."), "create_missing_table" => array("required" => 0, "value_expected" => 0, "default_val" => 0, "help_alias" => "If this option is set the script will create\n a missing table"), "ignore_partition_differences" => array("required" => 0, "value_expected" => 0, "default_val" => 0, "help_alias" => "If this option is set the script will not consider\n differences in partitions in its view of whether a table\n is already in the desired state"), "tmpdir" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "Directory to temporarily store data\n Default is schema data directory"), "verbose" => array("required" => 0, "value_expected" => 1, "default_val" => 1, "help_alias" => "A value of 0 only shows errors,\n 1 is the default and shows most interesting information,\n 2 is has more detail than is normally useful,\n 3 is very verbose and can break servers"), "long_trx_time" => array("required" => 0, "value_expected" => 1, "default_val" => 3600, "help_alias" => "Do not run OSC if a trx running longer than X exists"), "osc_class" => array("required" => 0, "value_expected" => 1, "default_val" => "OnlineSchemaChange", "help_alias" => "OnlineSchemaChange class to use instead of default"), "connection_limit" => array("required" => 0, "value_expected" => 1, "default_val" => CONNECTION_LIMIT, "help_alias" => "Wait to run if more than XXX connection exist\n DEFAULT is " . CONNECTION_LIMIT . " with a 10 minute timeout"), "scratch_schema" => array("required" => 0, "value_expected" => 1, "default_val" => "test", "help_alias" => "Schema to use instead of test for conversions of ALTERs\n into CREATE TABLE statements"), "accept_mysql_version" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Accept a version of MySQL that has not been white listed\n in the main OSC code"), "safe_compression_version" => array("required" => 0, "value_expected" => 1, "default_val" => "5.1.53", "help_alias" => "Strip InnoDB compression from CREATE TABLE statements\n if mysql is less than this version (default 5.1.53)"));
if (!($arg_list = validate_args($validate_arg_array))) {
gen_help($validate_arg_array);
}
if (auth_check() == false) {
print "ERROR: You have to run this script as root user\n";
gen_help($validate_arg_array);
exit(1);
}
foreach ($arg_list as $arg => $value) {
${$arg} = $value;
}
if ($osc_class != "OnlineSchemaChange") {
require_once 'osc_helpers/' . $osc_class . '.php';
}
// get localhost
$op = "/bin/hostname | sed -e 's/\\.facebook\\.com//'";
$basename = trim(shell_exec($op));
$allowed_modes = array('seed', 'statement', 'clean');
$check_mode = array_search($mode, $allowed_modes);
}
$patchcontents = $patchinfo->getPatch($buginfo['id'], $patch, $revision);
if (PEAR::isError($patchcontents)) {
response_header('Error :: Cannot retrieve patch');
report_error('Internal error: Invalid patch/revision specified (is in database, but not in filesystem)');
response_footer();
exit;
}
$package = $buginfo['package_name'];
$bug = $buginfo['id'];
$handle = $patchinfo->getDeveloper($bug, $patch, $revision);
$obsoletedby = $patchinfo->getObsoletingPatches($bug, $patch, $revision);
$obsoletes = $patchinfo->getObsoletePatches($bug, $patch, $revision);
$patches = $patchinfo->listPatches($bug);
$revisions = $patchinfo->listRevisions($bug, $patch);
$canpatch = auth_check('pear.bug') || auth_check('pear.dev');
response_header('Bug #' . clean($bug) . ' :: Patches');
if (isset($_GET['diff']) && $_GET['diff'] && isset($_GET['old']) && is_numeric($_GET['old'])) {
/**
* Display patch diff
*/
$diffoldrev = (int) $_GET['old'];
$old = $patchinfo->getPatchFullpath($bug_id, $patch, $diffoldrev);
$new = $path;
if (!realpath($old) || !realpath($new)) {
response_header('Error :: Cannot retrieve patch');
report_error('Internal error: Invalid patch revision specified for diff');
response_footer();
exit;
}
require_once 'Horde/Text/Diff.php';
logme($lang['ok_login'], 'no', 'user');
} else {
$s = 'login';
$message = $log_in;
logme($lang['failed_login'], 'yes', 'error');
}
} else {
if (isset($s) && $s == 'logout') {
setcookie('pixie_login', ' ', time() - 3600, '/');
$s = 'login';
if (isset($tool) && $tool == 'home') {
header('Location: ../');
exit;
}
} else {
$log_in = auth_check();
if (isset($GLOBALS['pixie_user'])) {
if ($GLOBALS['pixie_user']) {
if (isset($s) && $s) {
/* Then use $s */
} else {
$s = 'myaccount';
}
} else {
/*if ($s == 'help') {
$s = 'help';
} else {*/
$s = 'login';
/*}*/
$message = $log_in;
}
/**
* Assigns the header urls to the smarty engine
*
* @param string $help The helpfile to display (optional, without extension)
* @param string $title The text to add to html <title> tag (optional, will be html-encoded)
*/
function tpl_header($help = '', $title = '')
{
global $smarty, $lang, $config;
global $id, $diskid;
// viewing is only availble if autorized or public access
if (auth_check(false)) {
$header['browse'] = 'index.php';
if (check_permission(PERM_READ, PERM_ANY)) {
$header['random'] = 'show.php';
$header['search'] = 'search.php';
}
$header['stats'] = 'stats.php';
if ($config['imdbBrowser']) {
$header['trace'] = 'trace.php';
}
$header['help'] = 'help.php';
if ($help) {
$header['help'] .= '?page=' . $help . '.html';
}
}
// editing is only available in local network
if (localnet()) {
if (check_permission(PERM_WRITE, PERM_ANY)) {
//2015-10-6 Alex ADD start
$header['studio'] = 'studiolist.php';
//2015-10-6 Alex ADD end
$header['new'] = 'edit.php';
if ($config['showtools']) {
$header['contrib'] = 'contrib.php';
}
}
if (check_permission(PERM_ADMIN)) {
$header['setup'] = 'setup.php';
}
// edit or show?
if ($id) {
if (check_videopermission(PERM_WRITE, $id)) {
$header['edit'] = 'edit.php?id=' . $id;
}
if (!preg_match('/show.php$/', $_SERVER['PHP_SELF'])) {
$header['view'] = 'show.php?id=' . $id;
}
if (check_videopermission(PERM_WRITE, $id)) {
$header['del'] = 'delete.php?id=' . $id;
}
}
if (check_permission(PERM_WRITE, PERM_ANY)) {
$header['borrow'] = 'borrow.php';
if (isset($diskid)) {
$header['borrow'] .= '?diskid=' . $diskid;
}
}
}
// multiuser settings
if ($config['multiuser']) {
$header['login'] = '******';
// logged in?
if (!empty($_COOKIE['VDBusername']) && $_COOKIE['VDBuserid'] != $config['guestid']) {
$header['profile'] = 'profile.php';
$smarty->assign('loggedin', $_COOKIE['VDBusername']);
} else {
// make sure anonymous users don't get access to trace for security reasons
unset($header['trace']);
}
if (check_permission(PERM_ADMIN)) {
$header['users'] = 'users.php';
}
}
// determine active tab
if (preg_match('/(\\w+)\\.php/', $_SERVER['PHP_SELF'], $m)) {
$tab = strtolower($m[1]);
switch ($tab) {
case 'show':
case 'edit':
if (!empty($id)) {
$header['active'] = $tab;
} else {
$header['active'] = $tab == 'show' ? 'random' : 'new';
}
break;
default:
/* legacy version
$translate = array('index' => 'browse', 'users' => 'setup', 'permissions' => 'setup', 'delete' => 'show');
*/
$translate = array('index' => 'browse', 'permissions' => 'users', 'delete' => 'show');
if (in_array($tab, array_keys($translate))) {
$tab = $translate[$tab];
}
$header['active'] = $tab;
}
}
// breadcrumbs
$breadcrumbs = session_get('breadcrumbs', array());
$smarty->assign('breadcrumbs', $breadcrumbs);
$smarty->assign('title', htmlspecialchars($title));
$smarty->assign('header', $header);
$smarty->assign('style', $config['style']);
$smarty->assign('langcode', $config['language']);
}
function draw_navigation()
{
global $auth_user;
// SELF doesn't cut it here, using REQUEST URI instead
$self = strip_tags(htmlspecialchars(@$_SERVER['REQUEST_URI'], ENT_QUOTES, 'iso-8859-1'));
if ($self === '/') {
$self = '/index.php';
}
include_once 'pear-auth.php';
init_auth_user();
$main_order = $main = $data = $sub = $rel = array();
$main_order[1] = '/index.php';
$main['/index.php'] = 'Main';
$sub['/index.php'] = array();
$sub['/index.php']['/index.php'] = 'Home';
$sub['/index.php']['/news/'] = 'News';
$sub['/index.php']['/qa/'] = 'Quality Assurance';
$sub['/index.php']['/group/'] = 'The PEAR Group';
$sub['/index.php']['/mirrors.php'] = 'Mirrors';
$main_order[2] = '/support/';
$main['/support/'] = 'Support';
$sub['/support/'] = array();
$sub['/support/']['/support/'] = 'Overview';
$sub['/support/']['/support/lists.php'] = 'Mailing Lists';
$sub['/support/']['/support/books.php'] = 'Books';
$sub['/support/']['/support/tutorials.php'] = 'Tutorials';
$sub['/support/']['/support/slides.php'] = 'Presentation Slides';
$sub['/support/']['/support/icons.php'] = 'Icons';
$sub['/support/']['/support/forums.php'] = 'Forums';
$main_order[3] = '/manual/';
$main['/manual/'] = 'Documentation';
$sub['/manual/'] = array();
$sub['/manual/']['/manual/en/about-pear.php'] = 'About PEAR';
$sub['/manual/']['/manual/'] = 'Manual';
$sub['/manual/']['/manual/en/faq.php'] = 'FAQ';
$main_order[4] = '/packages.php';
$main['/packages.php'] = 'Packages';
$sub['/packages.php'] = array();
if (!empty($auth_user) && !empty($auth_user->registered) && auth_check('pear.dev')) {
$sub['/packages.php']['/package-new.php'] = 'New Package';
$sub['/packages.php']['/release-upload.php'] = 'Upload Release';
}
$sub['/packages.php']['/packages.php'] = 'List Packages';
$sub['/packages.php']['/search.php'] = 'Search Packages';
$sub['/packages.php']['/package-stats.php'] = 'Statistics';
$sub['/packages.php']['/channels/'] = 'Channels';
$main_order[6] = '/accounts.php';
$main['/accounts.php'] = 'Developers';
$sub['/accounts.php'] = array();
$sub['/accounts.php']['/map/'] = 'Find a Developer';
$sub['/accounts.php']['/accounts.php'] = 'List Accounts';
$sub['/accounts.php']['/bugs/stats_dev.php'] = 'Developers Bug Statistics';
if (!empty($auth_user) && !empty($auth_user->registered) && auth_check('pear.dev')) {
$sub['/accounts.php']['/release-upload.php'] = 'Upload Release';
$sub['/accounts.php']['/package-new.php'] = 'New Package';
$sub['/accounts.php']['/notes/admin/'] = 'Manage User Notes';
$sub['/accounts.php']['/election/'] = 'View Elections';
}
$main_order[5] = '/pepr/';
$main['/pepr/'] = 'Package Proposals';
$sub['/pepr/'] = array();
$sub['/pepr/']['/pepr/'] = 'Browse Proposals';
$sub['/pepr/']['/pepr/pepr-proposal-edit.php'] = 'New Proposal';
$main_order[7] = '/bugs/';
$main['/bugs/'] = 'Bugs';
$sub['/bugs/'] = array();
$sub['/bugs/']['/bugs/search.php'] = 'Search for bugs';
$sub['/bugs/']['/bugs/stats.php'] = 'Package Bug Statistics';
if (!empty($auth_user) && $auth_user->isAdmin()) {
$main_order[8] = '/admin/';
$main['/admin/'] = 'Administrators';
$sub['/admin/'] = array();
$sub['/admin/']['/admin/'] = 'Overview';
$sub['/admin/']['/admin/package-approval.php'] = 'Package approvals';
$sub['/admin/']['/admin/category-manager.php'] = 'Manage categories';
$sub['/admin/']['/tags/admin.php'] = 'Manage tags';
$sub['/admin/']['/admin/karma.php'] = 'Karma';
$sub['/admin/']['/admin/apidoc-log.php'] = 'APIdoc log';
}
// Orders the main items in the proper order according to $main_order
ksort($main_order);
foreach ($main_order as $mo) {
if (isset($main[$mo])) {
$data[$mo] = $main[$mo];
}
}
// Relationship linker
foreach (array_keys($sub) as $path) {
$keys = array_keys($sub[$path]);
$temp = array_fill_keys($keys, $path);
$rel += $temp;
}
// Can't find a match, lets cut pieces of the url
// lets first try sub dir + a php file
if (!isset($rel[$self]) || $rel[$self] === null) {
$pos = strpos($self, '.php');
$self = $pos !== false ? substr($self, 0, $pos + 4) : $self;
}
// Can't find a match, lets cut pieces of the url
if ((!isset($rel[$self]) || $rel[$self] === null) && strlen($self) > 0) {
$pos = strpos($self, '/', 1);
$self = $pos !== false ? substr($self, 0, $pos + 1) : $self;
}
/* Check if it's a top level item.
* There are cases were we don't want to put fake second level
* menu item, like Bugs -> Index, the top level link serves as Index
*/
if (isset($data[$self])) {
$rel += array($self => $self);
}
// avoid a notice if the array key isn't set
if (!array_key_exists($self, $rel)) {
$rel[$self] = null;
}
// Not really menu items but required so the correct
// sub menu item gets selected
$fake = array('/developers/' => '/accounts.php', '/user/' => '/accounts.php', '/package/' => '/packages.php', '/package-edit.php' => '/packages.php', '/package-delete.php' => '/packages.php');
if (isset($fake[$self])) {
$self = $fake[$self];
}
// Still no luck, lets fallback on index.php
if ($rel[$self] === null) {
$self = '/index.php';
}
$menu = array();
$menu['main'] = make_menu($data, 'menu', $rel[$self]);
$menu['sub'] = make_menu($sub[$rel[$self]], 'submenu', $self);
return $menu;
}
<?php
$sub_menu = "300100";
include_once './_common.php';
include_once G5_LIB_PATH . '/json.lib.php';
$data = array();
$data['error'] = '';
$data['error'] = auth_check($auth[$sub_menu], 'w', true);
if ($data['error']) {
die(json_encode($data));
}
if (!$config['cf_theme']) {
$data['error'] = '사용 중인 테마가 없습니다.';
die(json_encode($data));
}
$theme_dir = get_theme_dir();
if (!in_array($config['cf_theme'], $theme_dir)) {
$data['error'] = $config['cf_theme'] . ' 테마는 설치된 테마가 아닙니다.';
die(json_encode($data));
}
$type = $_POST['type'];
$arr_type = array('board', 'conf_skin', 'conf_member', 'shop_skin', 'shop_img_size');
if (!in_array($type, $arr_type)) {
$data['error'] = '올바른 방법으로 이용해 주십시오.';
die(json_encode($data));
}
if ($type == 'board') {
$keys = array('bo_gallery_cols', 'bo_gallery_width', 'bo_gallery_height', 'bo_mobile_gallery_width', 'bo_mobile_gallery_height', 'bo_image_width');
$tconfig = get_theme_config_value($config['cf_theme'], implode(',', $keys));
$i = 0;
foreach ($keys as $val) {
function response_header($title = 'The PHP Extension Community Library', $style = false)
{
global $_style, $_header_done, $SIDEBAR_DATA, $extra_styles, $auth_user;
if ($_header_done) {
return;
}
$_header_done = true;
$_style = $style;
$rts = rtrim($SIDEBAR_DATA);
if (substr($rts, -1) == '-') {
$SIDEBAR_DATA = substr($rts, 0, -1);
} else {
global $main_menu, $docu_menu, $downloads_menu;
$SIDEBAR_DATA .= draw_navigation($main_menu);
$SIDEBAR_DATA .= draw_navigation($docu_menu, 'Documentation:');
$SIDEBAR_DATA .= draw_navigation($downloads_menu, 'Downloads:');
if (!$GLOBALS['_NODB']) {
init_auth_user();
} else {
$auth_user = null;
}
if (is_logged_in()) {
global $developer_menu;
$SIDEBAR_DATA .= draw_navigation($developer_menu, 'Developers:');
if (auth_check(true)) {
global $admin_menu;
$SIDEBAR_DATA .= draw_navigation($admin_menu, 'Administrators:');
}
}
}
echo '<?xml version="1.0" encoding="ISO-8859-1" ?>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>PECL :: <?php
echo $title;
?>
</title>
<link rel="shortcut icon" href="/gifs/pecl-favicon.ico" />
<link rel="stylesheet" href="/css/style.css" />
<?php
foreach ($extra_styles as $style_file) {
echo ' <link rel="stylesheet" href="' . $style_file . "\" />\n";
}
?>
<link rel="alternate" type="application/rss+xml" title="RSS feed" href="http://<?php
echo $_SERVER['HTTP_HOST'];
?>
/feeds/latest.rss" />
</head>
<body <?php
if (!empty($GLOBALS['ONLOAD'])) {
print "onload=\"" . $GLOBALS['ONLOAD'] . "\"";
}
?>
>
<div>
<a id="TOP"></a>
</div>
<!-- START HEADER -->
<table class="head" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td class="head-logo">
<?php
print_link('/', make_image('peclsmall.gif', 'PECL :: The PHP Extension Community Library', false, false, false, false, 'margin: 5px;'));
?>
<br />
</td>
<td class="head-menu">
<?php
if (empty($auth_user)) {
print_link('/login.php', 'Login', false, 'class="menuBlack"');
} else {
print '<small class="menuWhite">';
print 'Logged in as ' . strtoupper($auth_user->handle) . ' (';
print '<a class="menuWhite" href="/user/' . $auth_user->handle . '">Info</a> | ';
print '<a class="menuWhite" href="/account-edit.php?handle=' . $auth_user->handle . '">Profile</a> | ';
print '<a class="menuWhite" href="https://bugs.php.net/search.php?cmd=display&status=Open&assign=' . $auth_user->handle . '">Bugs</a>';
print ")</small><br />\n";
print_link('/?logout=1', 'Logout', false, 'class="menuBlack"');
}
echo delim();
print_link('/packages.php', 'Packages', false, 'class="menuBlack"');
echo delim();
print_link('/support.php', 'Support', false, 'class="menuBlack"');
echo delim();
print_link('/bugs/', 'Bugs', false, 'class="menuBlack"');
?>
<br />
<?php
spacer(2, 2);
?>
<br />
</td>
</tr>
<tr>
<td class="head-search" colspan="2">
<form method="post" action="/search.php">
<p class="head-search"><span class="accesskey">S</span>earch for
<input class="small" type="text" name="search_string" value="" size="20" accesskey="s" />
in the
<select name="search_in" class="small">
<option value="packages">Packages</option>
<option value="site">This site (using Google)</option>
<option value="developers">Developers</option>
<option value="pecl-dev">Developer mailing list</option>
<option value="pecl-cvs">SVN commits mailing list</option>
</select>
<input type="image" src="/gifs/small_submit_white.gif" alt="search" style="vertical-align: middle;" /> <br />
</p>
</form>
</td>
</tr>
</table>
<!-- END HEADER -->
<!-- START MIDDLE -->
<table class="middle" cellspacing="0" cellpadding="0">
<tr>
<?php
if (isset($SIDEBAR_DATA)) {
?>
<!-- START LEFT SIDEBAR -->
<td class="sidebar_left">
<?php
echo $SIDEBAR_DATA;
?>
</td>
<!-- END LEFT SIDEBAR -->
<?php
}
?>
<!-- START MAIN CONTENT -->
<td class="content">
<?php
}
<?php
if (isset($_REQUEST['bug_type'])) {
$selectedBt = $_REQUEST['bug_type'];
} else {
$selectedBt = $_POST['in']['bug_type'];
}
?>
<select name="in[bug_type]" id="in[bug_type]">
<?php
show_type_options($selectedBt);
?>
</select>
</td>
</tr>
<?php
if (auth_check('pear.dev')) {
$content = '';
Bug_DataObject::init();
$db = Bug_DataObject::bugDB('bugdb_roadmap');
$db->package = $clean_package;
$db->orderBy('releasedate ASC');
$myroadmaps = array();
if (isset($_POST['in']) && isset($_POST['in']['roadmap']) && is_array($_POST['in']['roadmap'])) {
$myroadmaps = array_flip($_POST['in']['roadmap']);
}
if ($db->find(false)) {
while ($db->fetch()) {
$released = $dbh->getOne('SELECT releases.id
FROM packages, releases, bugdb_roadmap b
WHERE
b.id = ? AND
function auth_require()
{
global $auth_user;
$res = true;
$user = @$_COOKIE['PEAR_USER'];
$passwd = @$_COOKIE['PEAR_PW'];
if (!auth_verify($user, $passwd)) {
auth_reject();
// exits
}
$num = func_num_args();
for ($i = 0; $i < $num; $i++) {
$arg = func_get_arg($i);
$res = auth_check($arg);
if ($res === true) {
return true;
}
}
if ($res === false) {
response_header("Insufficient Privileges");
report_error("Insufficient Privileges");
response_footer();
exit;
}
return true;
}
<?php
$sub_menu = "200100";
include_once "./_common.php";
check_demo();
auth_check($auth[$sub_menu], "d");
$mb = get_member($_POST['mb_id']);
if (!$mb[mb_id]) {
alert("회원자료가 존재하지 않습니다.");
} else {
if ($member[mb_id] == $mb[mb_id]) {
alert("로그인 중인 관리자는 삭제 할 수 없습니다.");
} else {
if (is_admin($mb[mb_id]) == "super") {
alert("최고 관리자는 삭제할 수 없습니다.");
} else {
if ($mb[mb_level] >= $member[mb_level]) {
alert("자신보다 권한이 높거나 같은 회원은 삭제할 수 없습니다.");
}
}
}
}
check_token();
// 회원자료 삭제
member_delete($mb[mb_id]);
if ($url) {
goto_url("{$url}?{$qstr}&w=u&mb_id={$mb_id}");
} else {
goto_url("./member_list.php?{$qstr}");
}
function removePackageTag($tag, $package)
{
if (!is_int($package)) {
$package = package::info($package, 'id');
}
if (!is_numeric($tag)) {
$tagid = $this->tagExists($tag);
} else {
$tagid = $tag;
}
if (!$package || !$tagid) {
return;
}
if ($this->dbh->getOne('SELECT adminkey FROM tagnames WHERE tagid=?', array($tagid))) {
if (!auth_check('pear.group') && !auth_check('pear.admin')) {
throw new Exception('Only PEAR administrators can set or remove this tag');
}
}
$this->dbh->query('DELETE FROM tag_package_link WHERE package_id=? AND tagid=?', array($package, $tagid));
}
