/**
* To execute a query to the db
*
* @param string $q The query string
* @return resource|false
*/
public function query($q)
{
$this->result = mysqli_query($this->connect_id, $q);
if (!$this->result && mysqli_errno($this->connect_id)) {
big_error('MySQL Query Error', $this->error());
}
$this->query_num++;
return $this->result;
}
function _load_template($template_name)
{
global $config, $THIS_STYLE_PATH_ABS, $STYLE_PATH_ADMIN_ABS, $DEFAULT_PATH_ADMIN_ABS;
$is_admin_template = false;
$style_path = $THIS_STYLE_PATH_ABS;
//admin template always begin with admin_
if (substr($template_name, 0, 6) == 'admin_') {
$style_path = $STYLE_PATH_ADMIN_ABS;
$is_admin_template = true;
}
$template_path = $style_path . $template_name . '.html';
//if template not found and default style is there and not admin tpl
$is_tpl_exist = file_exists($template_path);
if (!$is_tpl_exist) {
if (trim($config['style_depend_on']) != '') {
$template_path_alternative = str_replace('/' . $config['style'] . '/', '/' . $config['style_depend_on'] . '/', $template_path);
if (file_exists($template_path_alternative)) {
$template_path = $template_path_alternative;
$is_tpl_exist = true;
}
} else {
if ($is_admin_template) {
$template_path = $DEFAULT_PATH_ADMIN_ABS . $template_name . '.html';
$is_tpl_exist = true;
} else {
if ($config['style'] != 'default' && !$is_admin_template) {
$template_path_alternative = str_replace('/' . $config['style'] . '/', '/default/', $template_path);
if (file_exists($template_path_alternative)) {
$template_path = $template_path_alternative;
$is_tpl_exist = true;
}
}
}
}
}
if (!$is_tpl_exist) {
big_error('No Template !', 'Requested "' . $template_path . '" template doesnt exists or an empty !! ');
}
$this->HTML = file_get_contents($template_path);
$this->_parse($this->HTML);
//use 'b' to force binary mode
if ($filename = @fopen(PATH . 'cache/tpl_' . $this->re_name_tpl($template_name) . '.php', 'wb')) {
@flock($filename, LOCK_EX);
@fwrite($filename, $this->HTML);
@flock($filename, LOCK_UN);
@fclose($filename);
// Read and write for owner, read for everybody else
@chmod(PATH . 'cache/tpl_' . $this->re_name_tpl($template_name) . '.php', 0644);
}
}
function _load_template($template_name)
{
global $config, $root_path, $STYLE_PATH, $STYLE_PATH_ADMIN;
$is_admin_template = false;
$style_path = $STYLE_PATH;
//admin template always begin with admin_
if (substr($template_name, 0, 6) == 'admin_') {
$style_path = $STYLE_PATH_ADMIN;
$is_admin_template = true;
}
$template_path = $style_path . $template_name . '.html';
//if template not found and default style is there and not admin tpl
$is_tpl_exist = file_exists($template_path);
if (!$is_tpl_exist) {
if (file_exists($style_path . 'depend_on.txt')) {
$depend_on = file_get_contents($style_path . 'depend_on.txt');
$template_path_alternative = str_replace('/' . $config['style'] . '/', '/' . trim($depend_on) . '/', $template_path);
if (file_exists($template_path_alternative)) {
$template_path = $template_path_alternative;
$is_tpl_exist = true;
}
} else {
if ($config['style'] != 'default' && !$is_admin_template) {
$template_path_alternative = str_replace('/' . $config['style'] . '/', '/default/', $template_path);
if (file_exists($template_path_alternative)) {
$template_path = $template_path_alternative;
$is_tpl_exist = true;
}
}
}
}
if (!$is_tpl_exist) {
big_error('No Template !', 'Requested "' . $template_path . '" template doesnt exists or an empty !! ');
}
/*
if(!is_writable($root_path . 'cache'))
{
big_error('No Template !', '"Cache" folder is not writable!! ');
}
*/
$this->HTML = file_get_contents($template_path);
$this->_parse($this->HTML);
$filename = @fopen($root_path . 'cache/tpl_' . $this->re_name_tpl($template_name) . '.php', 'w');
@flock($filename, LOCK_EX);
// exlusive look
@fwrite($filename, $this->HTML);
@fclose($filename);
}
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_name = false)
{
global $lang, $config, $usrcp, $userinfo;
global $script_path, $script_encoding, $script_srv, $script_db, $script_user, $script_pass, $script_prefix;
//check for last slash /
if (isset($script_path)) {
if (isset($script_path[strlen($script_path)]) && $script_path[strlen($script_path)] == '/') {
$script_path = substr($script_path, 0, strlen($script_path));
}
//get some useful data from phbb config file
if (file_exists(PATH . $script_path . SCRIPT_CONFIG_PATH)) {
include PATH . $script_path . SCRIPT_CONFIG_PATH;
$forum_srv = $dbhost;
$forum_db = $dbname;
$forum_user = $dbuser;
$forum_pass = $dbpasswd;
$forum_prefix = $table_prefix;
if (empty($dbhost)) {
$forum_srv = 'localhost';
}
if (!empty($dbport)) {
$forum_srv .= ':' . $dbport;
}
} else {
big_error('Forum path is not correct', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'phpBB3'));
}
} else {
$forum_srv = $script_srv;
$forum_db = $script_db;
$forum_user = $script_user;
$forum_pass = $script_pass;
$forum_prefix = $script_prefix;
}
//if no variables of db
if (empty($forum_srv) || empty($forum_user) || empty($forum_db)) {
return;
}
//conecting ...
$SQLBB = new SSQL($forum_srv, $forum_user, $forum_pass, $forum_db, true);
$SQLBB->set_names('utf8');
unset($forum_pass);
// We do not need this any longer
//get utf tools
global $phpbb_root_path, $phpEx;
$phpbb_root_path = PATH . $script_path . '/';
$phpEx = 'php';
define('IN_PHPBB', true);
include_once PATH . $script_path . '/includes/utf/utf_tools.' . $phpEx;
$row_leve = 'user_type';
$admin_level = 3;
$query2 = array('SELECT' => '*', 'FROM' => "`{$forum_prefix}users`");
$query2['WHERE'] = $hashed ? "user_id=" . intval($name) . " AND user_password='******' " : "username_clean='" . $SQLBB->escape(utf8_clean_string($name)) . "'";
if ($return_name) {
$query2['SELECT'] = "username";
$query2['WHERE'] = "user_id=" . intval($name);
}
$query = '';
if (!$hashed) {
$result2 = $SQLBB->build($query2);
while ($row = $SQLBB->fetch($result2)) {
$SQLBB->free($result2);
if ($return_name) {
return $row['username'];
} else {
if (phpbb_check_hash($pass, $row['user_password'])) {
$query = $query2;
}
}
}
} else {
$query = $query2;
}
if (empty($query)) {
$SQLBB->close();
return false;
}
($hook = $plugin->run_hook('qr_select_usrdata_phpbb_usr_class')) ? eval($hook) : null;
//run hook
$result = $SQLBB->build($query);
if ($SQLBB->num($result) != 0) {
while ($row = $SQLBB->fetch($result)) {
if ($SQLBB->num($SQLBB->query("SELECT ban_userid FROM `{$forum_prefix}banlist` WHERE ban_userid=" . intval($row['user_id']))) == 0) {
if (!$loginadm) {
define('USER_ID', $row['user_id']);
define('GROUP_ID', $row[$row_leve] == $admin_level ? '1' : '3');
define('USER_NAME', $row['username']);
define('USER_MAIL', $row['user_email']);
if ($row[$row_leve] == $admin_level) {
define('USER_ADMIN', true);
}
}
$userinfo = $row;
$userinfo['group_id'] = $row[$row_leve] == $admin_level ? '1' : '3';
$user_y = kleeja_base64_encode(serialize(array('id' => $row['user_id'], 'name' => $row['username'], 'mail' => $row['user_email'], 'last_visit' => time())));
if (!$hashed && !$loginadm) {
$usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($row['user_id'] . '|' . $row['user_password'] . '|' . $expire . '|' . sha1(md5($config['h_key'] . $row['user_password']) . $expire) . '|' . ($row[$row_leve] == $admin_level ? '1' : '3') . '|' . $user_y), $expire);
}
($hook = $plugin->run_hook('qr_while_usrdata_phpbb_usr_class')) ? eval($hook) : null;
//run hook
} else {
//he is banned from phpBB
$SQLBB->free($result);
unset($pass);
$SQLBB->close();
return false;
}
}
$SQLBB->free($result);
unset($pass);
$SQLBB->close();
return true;
} else {
$SQLBB->free($result);
$SQLBB->close();
return false;
}
//dont know why they come here !
return false;
}
/**
* Include language file
*/
function get_lang($name, $folder = '')
{
global $config, $lang, $plugin;
($hook = $plugin->run_hook('get_lang_func')) ? eval($hook) : null;
//run hook
$name = str_replace('..', '', $name);
if ($folder != '') {
$folder = str_replace('..', '', $folder);
$name = $folder . '/' . $name;
}
$path = PATH . 'languages/' . $config['language'] . '/' . str_replace('.php', '', $name) . '.php';
$s = defined('DEBUG') ? include $path : @(include $path);
if ($s === false) {
//$pathen = PATH . 'lang/en/' . str_replace('.php', '', $name) . '.php';
//$sen = defined('DEBUG') ? include_once($pathen) : @include_once($pathen);
//if($sen === false)
//{
big_error('There is no language file in the current path', 'languages/' . $config['language'] . '/' . str_replace('.php', '', $name) . '.php not found');
//}
}
return true;
}
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_name = false)
{
global $lang, $config, $usrcp, $userinfo;
global $script_path, $script_cp1256, $script_srv, $script_db, $script_user, $script_pass, $script_prefix, $script_db_charset;
if (isset($script_path)) {
//check for last slash
if (isset($script_path[strlen($script_path)]) && $script_path[strlen($script_path)] == '/') {
$script_path = substr($script_path, 0, strlen($script_path));
}
//get some useful data from vb config file
if (file_exists(PATH . $script_path . SCRIPT_CONFIG_PATH)) {
require_once PATH . $script_path . SCRIPT_CONFIG_PATH;
//
//get config from config file
//
$forum_srv = $config['MasterServer']['servername'];
$forum_db = $config['Database']['dbname'];
$forum_user = $config['MasterServer']['username'];
$forum_pass = $config['MasterServer']['password'];
$forum_prefix = $config['Database']['tableprefix'];
if ($config['MasterServer']['port'] != 3306) {
$forum_srv .= ':' . $config['MasterServer']['port'];
}
//some people change their db charset
if (isset($config['Mysqli']['charset'])) {
$forum_db_charset = $config['Mysqli']['charset'];
}
} else {
big_error('Forum path is not correct', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'Vbulletin'));
}
} else {
//
//custom config data
//
$forum_srv = $script_srv;
$forum_db = $script_db;
$forum_user = $script_user;
$forum_pass = $script_pass;
$forum_prefix = $script_prefix;
//some people change their db charset
if (isset($script_db_charset)) {
$forum_db_charset = $script_db_charset;
}
}
if (empty($forum_srv) || empty($forum_user) || empty($forum_db)) {
return;
}
$SQLVB = new SSQL($forum_srv, $forum_user, $forum_pass, $forum_db, true);
if (isset($forum_db_charset)) {
//config
$SQLVB->set_names($forum_db_charset);
} else {
$SQLVB->set_names('latin1');
}
unset($forum_pass);
// We do not need this any longer
$pass = empty($script_cp1256) || !$script_cp1256 ? $pass : $usrcp->kleeja_utf8($pass, false);
$name = empty($script_cp1256) || !$script_cp1256 || $hashed ? $name : $usrcp->kleeja_utf8($name, false);
$query_salt = array('SELECT' => $hashed ? '*' : 'salt', 'FROM' => "`{$forum_prefix}user`");
$query_salt['WHERE'] = $hashed ? "userid=" . intval($name) . " AND password='******' AND usergroupid != '8'" : "username='******' AND usergroupid != '8'";
//if return only name let's ignore the obove
if ($return_name) {
$query_salt['SELECT'] = "username";
$query_salt['WHERE'] = "userid=" . intval($name);
}
($hook = kleeja_run_hook('qr_select_usrdata_vb_usr_class')) ? eval($hook) : null;
//run hook
$result_salt = $SQLVB->build($query_salt);
if ($SQLVB->num_rows($result_salt) > 0) {
while ($row1 = $SQLVB->fetch_array($result_salt)) {
if ($return_name) {
return empty($script_cp1256) || !$script_cp1256 ? $row1['username'] : $usrcp->kleeja_utf8($row1['username']);
}
if (!$hashed) {
$pass = md5(md5($pass) . $row1['salt']);
// without normal md5
$query = array('SELECT' => '*', 'FROM' => "`{$forum_prefix}user`", 'WHERE' => "username='******' AND password='******' AND usergroupid != '8'");
$result = $SQLVB->build($query);
if ($SQLVB->num_rows($result) != 0) {
while ($row = $SQLVB->fetch_array($result)) {
if (!$loginadm) {
define('USER_ID', $row['userid']);
define('GROUP_ID', $row['usergroupid'] == 6 ? 1 : 3);
define('USER_NAME', empty($script_cp1256) || !$script_cp1256 ? $row['username'] : $usrcp->kleeja_utf8($row['username']));
define('USER_MAIL', $row['email']);
define('USER_ADMIN', $row['usergroupid'] == 6 ? 1 : 0);
}
//define('LAST_VISIT',$row['last_visit']);
$userinfo = $row;
$userinfo['group_id'] = $row['usergroupid'] == 6 ? 1 : 3;
$user_y = kleeja_base64_encode(serialize(array('id' => $row['userid'], 'name' => USER_NAME, 'mail' => $row['email'], 'last_visit' => time())));
$hash_key_expire = sha1(md5($config['h_key'] . $row['password']) . $expire);
if (!$loginadm) {
$usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($row['userid'] . '|' . $row['password'] . '|' . $expire . '|' . $hash_key_expire . '|' . ($row['usergroupid'] == 6 ? 1 : 3) . '|' . $user_y), $expire);
}
($hook = kleeja_run_hook('qr_while_usrdata_vb_usr_class')) ? eval($hook) : null;
//run hook
}
$SQLVB->freeresult($result);
} else {
$SQLVB->close();
return false;
}
} else {
if (!$loginadm) {
define('USER_ID', $row1['userid']);
define('USER_NAME', empty($script_cp1256) || !$script_cp1256 ? $row1['username'] : $usrcp->kleeja_utf8($row1['username']));
define('USER_MAIL', $row1['email']);
define('USER_ADMIN', $row1['usergroupid'] == 6 ? 1 : 0);
define('GROUP_ID', $row1['usergroupid'] == 6 ? 1 : 3);
$userinfo = $row1;
$userinfo['group_id'] = $row1['usergroupid'] == 6 ? 1 : 3;
}
}
}
#whil1
$SQLVB->freeresult($result_salt);
unset($pass);
$SQLVB->close();
return true;
} else {
$SQLVB->close();
return false;
}
}
//run hook
}
#to attach kleeja version in the menu start item
$assigned_klj_ver = preg_replace('!#([a-z0-9]+)!', '', KLEEJA_VERSION);
//get it
if (file_exists($path_adm . '/' . $go_to . '.php')) {
($hook = kleeja_run_hook("require_admin_page_begin_{$go_to}")) ? eval($hook) : null;
//run hook
include_once $path_adm . '/' . $go_to . '.php';
($hook = kleeja_run_hook("require_admin_page_end_{$go_to}")) ? eval($hook) : null;
//run hook
} else {
if (isset($_GET['_ajax_'])) {
echo_ajax(888, 'Error while loading : ' . $go_to);
}
big_error('In Loading !', 'Error while loading : ' . $go_to);
}
($hook = kleeja_run_hook('end_admin_page')) ? eval($hook) : null;
//run hook
//no style defined
if (empty($stylee)) {
$text = $lang['NO_TPL_SHOOSED'];
$stylee = 'admin_info';
}
$go_menu_html = '';
if (isset($go_menu)) {
foreach ($go_menu as $m => $d) {
$go_menu_html .= '<li class="' . ($d['current'] ? 'active' : '') . '" id="c_' . $d['goto'] . '"><a href="' . $d['link'] . '" onclick="javascript:get_kleeja_link(\'' . $d['link'] . '\', \'#content\', {\'current_id\':\'c_' . $d['goto'] . '\', \'current_class\':\'active\'' . ($d['confirm'] ? ', \'confirm\':true' : '') . '}); return false;">' . $d['name'] . '</a></li>';
}
}
//header
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_username = false)
{
global $lang, $config, $usrcp, $userinfo;
global $script_path, $script_api_key, $script_cp1256;
//URL must be begin with http://
if (empty($script_path) || $script_path[0] != 'h') {
big_error('Forum URL must be begin with http://', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'API'));
}
//api key is the key to make the query between the remote script and kleeja more secure !
//this must be changed in the real use
if (empty($script_api_key)) {
big_error('api key', 'To connect to the remote script you have to write the API key ...');
}
$pass = empty($script_cp1256) || !$script_cp1256 ? $pass : $usrcp->kleeja_utf8($pass, false);
$name = empty($script_cp1256) || !$script_cp1256 || $hashed ? $name : $usrcp->kleeja_utf8($name, false);
/*
@see file : docs/kleeja_(vb,mysmartbb,phpbb)_api.txt
*/
$api_http_query = 'api_key=' . kleeja_base64_encode($script_api_key) . '&' . ($hashed ? 'userid' : 'username') . '=' . urlencode($name) . '&pass='******'&return_username=1' : '';
//get it
$remote_data = fetch_remote_file($script_path . '?' . $api_http_query);
//no responde
//empty or can not connect
if ($remote_data == false || empty($remote_data)) {
return false;
}
//see kleeja_api.php file
//split the data , the first one is always 0 or 1
//0 : error
//1: ok
$user_info = explode('%|%', kleeja_base64_decode($remote_data));
//omg, it's 0 , 0 : error, lets die here
if ((int) $user_info[0] == 0) {
return false;
}
//
//if we want username only we have to return it quickly and die here
//
if ($return_username) {
return empty($script_cp1256) || !$script_cp1256 ? $user_info[1] : $usrcp->kleeja_utf8($user_info[1]);
}
//
//when loggin to admin, we just want a check, no data setup ..
//
if (!$loginadm) {
define('USER_ID', $user_info[1]);
define('GROUP_ID', 3);
define('USER_NAME', empty($script_cp1256) || !$script_cp1256 ? $user_info[2] : $usrcp->kleeja_utf8($user_info[2]));
define('USER_MAIL', $user_info[3]);
define('USER_ADMIN', (int) $user_info[5] == 1 ? 1 : 0);
}
//user ifo
//and this must be filled with user data comming from url
$userinfo = array();
$userinfo['group_id'] = GROUP_ID;
$user_y = kleeja_base64_encode(serialize(array('id' => USER_ID, 'name' => USER_NAME, 'mail' => USER_MAIL, 'last_visit' => time())));
//add cookies
if (!$loginadm) {
$usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($user_info[1] . '|' . $user_info[4] . '|' . $expire . '|' . sha1(md5($config['h_key'] . $user_info[4]) . $expire) . '|' . GROUP_ID . '|' . $user_y), $expire);
}
//no need after now
unset($pass);
//yes ! he is a real user
return true;
}
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $ftime) . ' GMT');
header('Content-Encoding: none');
header('Content-Disposition: ' . ($is_image || $is_live ? 'inline' : 'attachment') . '; ' . $h_name);
#if($is_image)
#{
# header('Content-Transfer-Encoding: binary');
#}
if (!$is_image && !$is_live && $is_ie8) {
header('X-Download-Options: noopen');
}
#header(($is_ie6 ? 'Expires: -1' : 'Expires: Mon, 26 Jul 1997 05:00:00 GMT'));
#(($is_ie8) ? '; authoritative=true; X-Content-Type-Options: nosniff;' : '')
if (($pfile = @fopen($path_file, 'rb')) === false) {
#so ... it's failed to open !
header("HTTP/1.0 404 Not Found");
big_error('----', 'Error - can not open file.');
}
#sending some headers
header('Accept-Ranges: bytes');
#prevent some limits
@set_time_limit(0);
// multipart-download and download resuming support
$range_enable = false;
if (isset($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== false && !$is_image && !$is_live && $resuming_on) {
header('HTTP/1.1 206 Partial Content');
$ranges = explode(',', substr(trim($_SERVER['HTTP_RANGE']), 6));
$boundary = substr(md5($name . microtime()), 24);
# many ranges requested
if (sizeof($ranges) > 1) {
$content_length = 0;
foreach ($ranges as $range) {
}
#page info
$current_template = 'get_pass.php';
$current_title = $lang['GET_LOSTPASS'];
$action = 'ucp.php?go=get_pass';
#no error yet
$ERRORS = false;
# As in ucp.php?go=get_pass&activation_key=1af3405662ec373d672d003cf27cf998&uid=1
if (ig('activation_key') && ig('uid')) {
($hook = $plugin->run_hook('get_pass_activation_key')) ? eval($hook) : null;
//run hook
$h_key = preg_replace('![^a-z0-9]!', '', g('activation_key', 'str'));
$u_id = g('uid', 'int');
#if it's empty ?
if (trim($h_key) == '') {
big_error('No hash key', 'This is not a good link for activation ... Try again!');
}
$query = array('SELECT' => 'new_password', 'FROM' => "{$dbprefix}users", 'WHERE' => "hash_key='" . $SQL->escape($h_key) . "' AND id=" . $u_id);
($hook = $plugin->run_hook('get_pass_f_query')) ? eval($hook) : null;
//run hook
$result = $SQL->build($query);
if ($SQL->num($result)) {
$npass = $SQL->fetch($result);
$npass = $npass['new_password'];
#user password now will be set to the new password
$update_query = array('UPDATE' => "{$dbprefix}users", 'SET' => "password = '******', new_password = '', hash_key = ''", 'WHERE' => 'id=' . $u_id);
($hook = $plugin->run_hook('qr_update_newpass_activation')) ? eval($hook) : null;
//run hook
$SQL->build($update_query);
#show message and exit
$text = $lang['OK_APPLY_NEWPASS'] . '<br /><a href="' . $config['siteurl'] . ($config['mod_writer'] ? 'login.html' : 'ucp.php?go=login') . '">' . $lang['LOGIN'] . '</a>';
header('Content-Encoding: none');
header('Content-Disposition: ' . ($is_image || $is_live ? 'inline' : 'attachment') . '; ' . $h_name);
#if($is_image)
#{
# header('Content-Transfer-Encoding: binary');
#}
if (!$is_image && !$is_live && $is_ie8) {
header('X-Download-Options: noopen');
}
#header(($is_ie6 ? 'Expires: -1' : 'Expires: Mon, 26 Jul 1997 05:00:00 GMT'));
#(($is_ie8) ? '; authoritative=true; X-Content-Type-Options: nosniff;' : '')
if (($pfile = @fopen($path_file, 'rb')) === false) {
#so ... it's failed to open !
header("HTTP/1.0 404 Not Found");
@fclose($pfile);
big_error($lang['FILE_NO_FOUNDED'], $lang['NOT_FOUND']);
}
#sending some headers
header('Accept-Ranges: bytes');
#prevent some limits
@set_time_limit(0);
// multipart-download and download resuming support
$range_enable = false;
if (isset($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== false && !$is_image && !$is_live && $resuming_on) {
header('HTTP/1.1 206 Partial Content');
$ranges = explode(',', substr(trim($_SERVER['HTTP_RANGE']), 6));
$boundary = substr(md5($name . microtime()), 24);
# many ranges requested
if (sizeof($ranges) > 1) {
$content_length = 0;
foreach ($ranges as $range) {
function add_plugin($contents)
{
global $dbprefix, $SQL, $lang, $config, $STYLE_PATH_ADMIN, $STYLE_PATH, $THIS_STYLE_PATH, $olang;
//initiate file handler
if (empty($this->f) && $this->f_method != '') {
$this->f = new $this->f_method();
}
//parse xml content
$XML = new kxml();
$gtree = $XML->xml_to_array($contents);
//sekelton of Kleeja plugin file
$tree = empty($gtree['kleeja']) ? null : $gtree['kleeja'];
$plg_info = empty($tree['info']) ? null : $tree['info'];
$plg_install = empty($tree['install']) ? null : $tree['install'];
$plg_uninstall = empty($tree['uninstall']) ? null : $tree['uninstall'];
$plg_tpl = empty($tree['templates']) ? null : $tree['templates'];
$plg_hooks = empty($tree['hooks']) ? null : $tree['hooks'];
$plg_langs = empty($tree['langs']) ? null : $tree['langs'];
$plg_updates = empty($tree['updates']) ? null : $tree['updates'];
$plg_instructions = empty($tree['instructions']) ? null : $tree['instructions'];
$plg_phrases = empty($tree['phrases']) ? null : $tree['phrases'];
$plg_options = empty($tree['options']) ? null : $tree['options'];
$plg_files = empty($tree['files']) ? null : $tree['files'];
//important tags not exists
if (empty($plg_info)) {
big_error('Error', $lang['ERR_XML_NO_G_TAGS'] . (defined('DEV_STAGE') ? __FILE__ . ':' . __LINE__ : ''));
}
if (!empty($plg_info['plugin_kleeja_version']['value']) && version_compare(strtolower($plg_info['plugin_kleeja_version']['value']), strtolower(KLEEJA_VERSION), '>=') == false) {
big_error('Error', $lang['PLUGIN_N_CMPT_KLJ']);
}
$plg_errors = array();
$plg_new = true;
$plugin_name = preg_replace("/[^a-z0-9-_]/", "-", strtolower($plg_info['plugin_name']['value']));
//is this plugin exists before !
$is_query = array('SELECT' => 'plg_id, plg_name, plg_ver', 'FROM' => "{$dbprefix}plugins", 'WHERE' => 'plg_name="' . $plugin_name . '"');
$res = $SQL->build($is_query);
if ($SQL->num_rows($res)) {
//it's not new one ! , let's see if it same version
$plg_new = false;
$cur_ver = $SQL->fetch_array($res);
$this->plg_id = $cur_ver['plg_id'];
$cur_ver = $cur_ver['plg_ver'];
$new_ver = $SQL->escape($plg_info['plugin_version']['value']);
if (version_compare(strtolower($cur_ver), strtolower($new_ver), '>=')) {
return 'xyz';
} else {
if (!empty($plg_updates)) {
if (is_array($plg_updates['update'])) {
if (array_key_exists("attributes", $plg_updates['update'])) {
$plg_updates['update'] = array($plg_updates['update']);
}
}
foreach ($plg_updates['update'] as $up) {
if (version_compare(strtolower($cur_ver), strtolower($up['attributes']['to']), '<')) {
eval($up['value']);
}
}
}
}
}
$there_is_intruct = false;
if (isset($plg_instructions)) {
if (is_array($plg_instructions['instruction']) && array_key_exists("attributes", $plg_instructions['instruction'])) {
$plg_instructions['instruction'] = array($plg_instructions['instruction']);
}
$instarr = array();
foreach ($plg_instructions['instruction'] as $in) {
if (empty($in['attributes']['lang']) || !isset($in['attributes']['lang'])) {
big_error('Error', $lang['ERR_XML_NO_G_TAGS'] . (defined('DEV_STAGE') ? __FILE__ . ':' . __LINE__ : ''));
}
$instarr[$in['attributes']['lang']] = $in['value'];
}
$there_is_intruct = isset($instarr) && !empty($instarr) ? true : false;
}
$there_is_files = false;
if (isset($plg_files)) {
if (is_array($plg_files['file']) && array_key_exists("attributes", $plg_files['file'])) {
$plg_files['file'] = array($plg_files['file']);
}
$newfiles = array();
foreach ($plg_files['file'] as $in) {
if (empty($in['attributes']['path']) || !isset($in['attributes']['path'])) {
big_error('Error', $lang['ERR_XML_NO_G_TAGS'] . (defined('DEV_STAGE') ? __FILE__ . ':' . __LINE__ : ''));
}
$newfiles[$in['attributes']['path']] = $in['value'];
}
$there_is_files = isset($newfiles) && !empty($newfiles) ? true : false;
}
if (isset($plg_info['plugin_description'])) {
if (is_array($plg_info['plugin_description']['description']) && array_key_exists("attributes", $plg_info['plugin_description']['description'])) {
$plg_info['plugin_description']['description'] = array($plg_info['plugin_description']['description']);
}
$p_desc = array();
foreach ($plg_info['plugin_description']['description'] as $in) {
if (empty($in['attributes']['lang']) || !isset($in['attributes']['lang'])) {
big_error('Error', $lang['ERR_XML_NO_G_TAGS'] . (defined('DEV_STAGE') ? __FILE__ . ':' . __LINE__ : ''));
}
$p_desc[$in['attributes']['lang']] = $in['value'];
}
}
//store important tags (for now only "install" and "templates" tags)
$store = '';
//storing unreached elements
if (isset($plg_install) && trim($plg_install['value']) != '') {
$store .= '<install><![CDATA[' . $plg_install['value'] . ']]></install>' . "\n\n";
}
if (isset($plg_updates)) {
$updates = explode("<updates>", $contents);
$updates = explode("</updates>", $updates[1]);
$store .= '<updates>' . $updates[0] . '</updates>' . "\n\n";
}
if (isset($plg_tpl)) {
$templates = explode("<templates>", $contents);
$templates = explode("</templates>", $templates[1]);
$store .= '<templates>' . $templates[0] . '</templates>' . "\n\n";
}
//eval install code
if (isset($plg_install) && trim($plg_install['value']) != '' && $plg_new) {
eval($plg_install['value']);
}
//if there is an icon with the plugin
$plugin_icon = false;
if (!empty($plg_info['plugin_icon']['value'])) {
$plugin_icon = $SQL->escape($plg_info['plugin_version']['value']);
}
//if the plugin was new
if ($plg_new) {
//insert in plugin table
$insert_query = array('INSERT' => 'plg_name, plg_ver, plg_author, plg_dsc, plg_icon, plg_uninstall, plg_instructions, plg_store, plg_files', 'INTO' => "{$dbprefix}plugins", 'VALUES' => "'" . $SQL->escape($plugin_name) . "','" . $SQL->escape($plg_info['plugin_version']['value']) . "','" . $SQL->escape($plg_info['plugin_author']['value']) . "','" . $SQL->escape(kleeja_base64_encode(serialize($p_desc))) . "','" . ($plugin_icon ? $plugin_icon . "','" : '') . $SQL->real_escape($plg_uninstall['value']) . "','" . ($there_is_intruct ? $SQL->escape(kleeja_base64_encode(serialize($instarr))) : '') . "','" . $SQL->real_escape($store) . "','" . ($there_is_files ? $SQL->escape(kleeja_base64_encode(serialize(array_keys($newfiles)))) : '') . "'");
$SQL->build($insert_query);
$this->plg_id = $SQL->insert_id();
} else {
//update language
delete_olang('', '', $this->plg_id);
$update_query = array('UPDATE' => "{$dbprefix}plugins", 'SET' => "plg_ver='" . $new_ver . "', plg_author='" . $SQL->escape($plg_info['plugin_author']['value']) . "', plg_dsc='" . $SQL->escape($plg_info['plugin_description']['value']) . "', plg_uninstall='" . $SQL->real_escape($plg_uninstall['value']) . ($plugin_icon ? "', plg_icon='" . $plugin_icon : '') . "', plg_instructions='" . ($there_is_intruct ? $SQL->escape(kleeja_base64_encode(serialize($instarr))) : '') . "', plg_files='" . ($there_is_files ? $SQL->escape(kleeja_base64_encode(serialize(array_keys($newfiles)))) : '') . "', plg_store='" . $SQL->escape($store) . "'", 'WHERE' => "plg_id=" . $this->plg_id);
$SQL->build($update_query);
}
if (isset($plg_phrases)) {
if (is_array($plg_phrases['lang']) && array_key_exists("attributes", $plg_phrases['lang'])) {
$plg_phrases['lang'] = array($plg_phrases['lang']);
}
$phrases = array();
foreach ($plg_phrases['lang'] as $in) {
if (empty($in['attributes']['name']) || !isset($in['attributes']['name'])) {
big_error('Error', $lang['ERR_XML_NO_G_TAGS']);
}
//first we create a new array that can carry language phrases
$phrases[$in['attributes']['name']] = array();
if (is_array($in['phrase']) && array_key_exists("attributes", $in['phrase'])) {
$in['phrase'] = array($in['phrase']);
}
//get phrases value
foreach ($in['phrase'] as $phrase) {
$phrases[$in['attributes']['name']][$phrase['attributes']['name']] = $phrase['value'];
}
//finally we add it to the database
add_olang($phrases[$in['attributes']['name']], $in['attributes']['name'], $this->plg_id);
}
}
if (isset($plg_options)) {
if (is_array($plg_options['option']) && array_key_exists("attributes", $plg_options['option'])) {
$plg_options['option'] = array($plg_options['option']);
}
foreach ($plg_options['option'] as $in) {
add_config($in['attributes']['name'], $in['attributes']['value'], $in['attributes']['order'], $in['value'], $in['attributes']['menu'], $this->plg_id);
}
//delete_cache('data_config');
}
//add new files
if ($there_is_files) {
foreach ($newfiles as $path => $content) {
$this->f->_write($this->_fixpath_newfile($path), kleeja_base64_decode($content));
}
unset($newfiles);
}
//cache important instruction
$cached_instructions = array();
//some actions with tpls
if (isset($plg_tpl)) {
//edit template
if (isset($plg_tpl['edit'])) {
include_once "s_strings.php";
$finder = new sa_srch();
if (is_array($plg_tpl['edit']['template']) && array_key_exists("attributes", $plg_tpl['edit']['template'])) {
$plg_tpl['edit']['template'] = array($plg_tpl['edit']['template']);
}
foreach ($plg_tpl['edit']['template'] as $temp) {
$template_name = $SQL->real_escape($temp['attributes']['name']);
if (isset($temp['find']['value']) && isset($temp['findend']['value'])) {
$finder->find_word = array(1 => $temp['find']['value'], 2 => $temp['findend']['value']);
} else {
$finder->find_word = $temp['find']['value'];
}
$finder->another_word = $temp['action']['value'];
switch ($temp['action']['attributes']['type']) {
case 'add_after':
$action_type = 3;
break;
case 'add_after_same_line':
$action_type = 4;
break;
case 'add_before':
$action_type = 5;
break;
case 'add_before_same_line':
$action_type = 6;
break;
case 'replace_with':
$action_type = 1;
break;
}
$style_path = substr($template_name, 0, 6) == 'admin_' ? $STYLE_PATH_ADMIN : $THIS_STYLE_PATH;
//if template not found and default style is there and not admin tpl
$template_path = $style_path . $template_name . '.html';
if (!file_exists($template_path)) {
if (trim($config['style_depend_on']) != '') {
$depend_on = $config['style_depend_on'];
$template_path_alternative = str_replace('/' . $config['style'] . '/', '/' . trim($depend_on) . '/', $template_path);
if (file_exists($template_path_alternative)) {
$template_path = $template_path_alternative;
}
} else {
if ($config['style'] != 'default' && !$is_admin_template) {
$template_path_alternative = str_replace('/' . $config['style'] . '/', '/default/', $template_path);
if (file_exists($template_path_alternative)) {
$template_path = $template_path_alternative;
}
}
}
}
$d_contents = file_exists($template_path) ? file_get_contents($template_path) : '';
$finder->text = trim($d_contents);
$finder->do_search($action_type);
if ($d_contents != '' && $finder->text != $d_contents) {
//update
$this->f->_write($style_path . $template_name . '.html', $finder->text);
//delete cache ..
delete_cache('tpl_' . $template_name);
} else {
$cached_instructions[$template_name] = array('action' => $temp['action']['attributes']['type'], 'find' => $temp['find']['value'], 'action_text' => $temp['action']['value']);
}
}
}
#end edit
//new templates
if (isset($plg_tpl['new'])) {
if (is_array($plg_tpl['new']['template'])) {
if (array_key_exists("attributes", $plg_tpl['new']['template'])) {
$plg_tpl['new']['template'] = array($plg_tpl['new']['template']);
}
}
foreach ($plg_tpl['new']['template'] as $temp) {
$style_path = substr($template_name, 0, 6) == 'admin_' ? $STYLE_PATH_ADMIN : $THIS_STYLE_PATH;
$template_name = $temp['attributes']['name'];
$template_content = trim($temp['value']);
$this->f->_write($style_path . $template_name . '.html', $template_content);
/**
$cached_instructions[$template_name] = array(
'action' => 'new',
'find' => '',
'action_text' => $template_content,
);
**/
}
}
#end new
}
#ens tpl
//hooks
if (isset($plg_hooks['hook'])) {
$plugin_author = strip_tags($plg_info['plugin_author']['value'], '<a><span>');
$plugin_author = $SQL->real_escape($plugin_author);
//if the plugin is not new then replace the old hooks with the new hooks
if (!$plg_new) {
//delete old hooks !
$query_del = array('DELETE' => "{$dbprefix}hooks", 'WHERE' => "plg_id=" . $this->plg_id);
$SQL->build($query_del);
}
//then
if (is_array($plg_hooks['hook'])) {
if (array_key_exists("attributes", $plg_hooks['hook'])) {
$plg_hooks['hook'] = array($plg_hooks['hook']);
}
}
foreach ($plg_hooks['hook'] as $hk) {
$hook_for = $SQL->real_escape($hk['attributes']['name']);
$hk_value = $SQL->real_escape($hk['value']);
$insert_query = array('INSERT' => 'plg_id, hook_name, hook_content', 'INTO' => "{$dbprefix}hooks", 'VALUES' => "'" . $this->plg_id . "','" . $hook_for . "', '" . $hk_value . "'");
$SQL->build($insert_query);
}
//delete cache ..
//delete_cache('data_hooks');
}
//done !
if (sizeof($plg_errors) < 1) {
//add cached instuctions to cache if there
if (sizeof($cached_instructions) > 0) {
//fix
if (file_exists(PATH . 'cache/styles_cached.php')) {
$cached_content = file_get_contents(PATH . 'cache/styles_cached.php');
$cached_content = kleeja_base64_decode($cached_content);
$cached_content = unserialize($cached_content);
$cached_instructions += $cached_content;
}
$filename = @fopen(PATH . 'cache/styles_cached.php', 'w');
fwrite($filename, kleeja_base64_encode(serialize($cached_instructions)));
fclose($filename);
}
if ($this->f_method === 'zfile') {
if ($this->f->check()) {
$this->zipped_files = $this->f->push($plugin_name);
return $there_is_intruct ? 'zipped/inst' : 'zipped';
}
}
return $plg_new ? $there_is_intruct ? 'inst' : 'done' : 'upd';
} else {
return $plg_errors;
}
return false;
}
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_name = false)
{
global $lang, $config, $usrcp, $userinfo;
global $script_path, $script_encoding, $script_srv, $script_db, $script_user, $script_pass, $script_prefix;
if (isset($script_path)) {
//check for last slash /
if (isset($script_path[strlen($script_path)]) && $script_path[strlen($script_path)] == '/') {
$script_path = substr($script_path, 0, strlen($script_path));
}
//get database data from mysmartbb config file
if (file_exists(PATH . $script_path . SCRIPT_CONFIG_PATH)) {
require_once PATH . $script_path . SCRIPT_CONFIG_PATH;
$forum_srv = $config['db']['server'];
$forum_db = $config['db']['name'];
$forum_user = $config['db']['username'];
$forum_pass = $config['db']['password'];
$forum_prefix = $config['db']['prefix'];
} else {
big_error('Forum path is not correct', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'MySmartBB'));
}
} else {
$forum_srv = $script_srv;
$forum_db = $script_db;
$forum_user = $script_user;
$forum_pass = $script_pass;
$forum_prefix = $script_prefix;
}
if (empty($forum_srv) || empty($forum_user) || empty($forum_db)) {
return;
}
$SQLMS = new SSQL($forum_srv, $forum_user, $forum_pass, $forum_db, true);
$SQLVB->set_names('latin1');
$pass = $usrcp->kleeja_utf8($pass, false);
$name = $usrcp->kleeja_utf8($name, false);
$query = array('SELECT' => '*', 'FROM' => "`{$forum_prefix}member`");
$query['WHERE'] = $hashed ? "id=" . intval($name) . " AND password='******'" : "username='******' AND password='******'";
//if return only name let's ignore the obove
if ($return_name) {
$query_salt['SELECT'] = "username";
$query_salt['WHERE'] = "id=" . intval($name);
}
($hook = kleeja_run_hook('qr_select_usrdata_mysbb_usr_class')) ? eval($hook) : null;
//run hook
$result = $SQLMS->build($query);
if ($SQLMS->num_rows($result) != 0) {
while ($row = $SQLMS->fetch_array($result)) {
if ($return_name) {
return $row['username'];
}
if (!$loginadm) {
define('USER_ID', $row['id']);
define('GROUP_ID', $row['usergroup'] == 1 ? 1 : 3);
define('USER_NAME', $usrcp->kleeja_utf8($row['username']));
define('USER_MAIL', $row['email']);
define('USER_ADMIN', $row['usergroup'] == 1 ? 1 : 0);
}
$userinfo = $row;
$userinfo['group_id'] = GROUP_ID;
$user_y = kleeja_base64_encode(serialize(array('id' => $row['id'], 'name' => $usrcp->kleeja_utf8($row['username']), 'mail' => $row['email'], 'last_visit' => time())));
$hash_key_expire = sha1(md5($config['h_key'] . $row['password']) . $expire);
if (!$hashed && !$loginadm) {
$usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($row['id'] . '|' . $row['password'] . '|' . $expire . '|' . $hash_key_expire . '|' . GROUP_ID . '|' . $user_y), $expire);
}
($hook = kleeja_run_hook('qr_while_usrdata_mysbb_usr_class')) ? eval($hook) : null;
//run hook
}
$SQLMS->freeresult($result);
unset($pass);
$SQLMS->close();
return true;
} else {
$SQLMS->close();
return false;
}
}
}
++$i;
$adm_extensions_menu[$i] = array('i' => $i + 1, 'i2' => $i + 2, 'icon' => file_exists(ADMIN_STYLE_PATH_ABS . 'images/menu/' . $m . '_button.png') ? ADMIN_STYLE_PATH . 'images/menu/' . $m . '_button.png' : ADMIN_STYLE_PATH . 'images/menu/no_icon.png', 'title' => !empty($lang['R_' . strtoupper($m)]) ? $lang['R_' . strtoupper($m)] : (!empty($olang['R_' . strtoupper($m)]) ? $olang['R_' . strtoupper($m)] : strtoupper($m)), 'link' => ADMIN_PATH . '?cp=' . $m . (@in_array($m, $ext_formkey) ? '&' . $GET_FORM_KEY_GLOBAL : ''), 'confirm' => @in_array($m, $ext_confirm) ? true : false, 'current' => $m == $go_to ? true : false, 'goto' => $m, 'kbubble' => in_array($m, array_keys($kbubbles)) ? '<span class="badge pull-' . ($lang['DIR'] == 'rtl' ? 'left' : 'right') . '" id="t_' . $m . '"' . ($kbubbles[$m] == 0 ? ' style="display:none"' : '') . '>' . $kbubbles[$m] . '</span>' : '');
($hook = $plugin->run_hook('endforeach_ext_admin_page')) ? eval($hook) : null;
//run hook
}
#to attach kleeja version in the menu start item
$assigned_klj_ver = preg_replace('!#([a-z0-9]+)!', '', KLEEJA_VERSION);
if (file_exists($adm_extensions[$go_to] . '/' . $go_to . '.php')) {
($hook = $plugin->run_hook("require_admin_page_begin_{$go_to}")) ? eval($hook) : null;
//run hook
include $adm_extensions[$go_to] . '/' . $go_to . '.php';
($hook = $plugin->run_hook("require_admin_page_end_{$go_to}")) ? eval($hook) : null;
//run hook
} else {
big_error('Loading !', 'Error while loading: ' . $adm_extensions[$go_to] . '/' . $go_to);
}
($hook = $plugin->run_hook('end_admin_page')) ? eval($hook) : null;
//run hook
#no style defined
if (empty($current_template)) {
$text = 'THERE IS NO TEMPLATE ASSIGNED FOR THIS PAGE!';
$current_template = 'info.php';
}
$go_menu_html = '';
if (isset($go_menu)) {
foreach ($go_menu as $m => $d) {
$go_menu_html .= '<li class="' . ($d['current'] ? 'active' : '') . '" id="c_' . $d['goto'] . '"><a href="' . $d['link'] . '" onclick="' . (isset($d['confirm']) && $d['confirm'] ? 'javascript:return confirm_from();' : '') . '">' . $d['name'] . '</a></li>';
}
}
#header
$titlee = $lang['GET_LOSTPASS'];
$action = 'ucp.php?go=get_pass';
$H_FORM_KEYS = kleeja_add_form_key('get_pass');
//no error yet
$ERRORS = false;
//after sent mail .. come here
//example: http://www.moyad.com/up/ucp.php?go=get_pass&activation_key=1af3405662ec373d672d003cf27cf998&uid=1
#
if (isset($_GET['activation_key']) && isset($_GET['uid'])) {
($hook = kleeja_run_hook('get_pass_activation_key')) ? eval($hook) : null;
//run hook
$h_key = preg_replace('![^a-z0-9]!', '', $_GET['activation_key']);
$u_id = intval($_GET['uid']);
#if it's empty ?
if (trim($h_key) == '') {
big_error('No hash key', 'This is not a good link ... try again!');
}
$result = $SQL->query("SELECT new_password FROM {$dbprefix}users WHERE hash_key='" . $SQL->escape($h_key) . "' AND id=" . $u_id . "");
if ($SQL->num_rows($result)) {
$npass = $SQL->fetch_array($result);
$npass = $npass['new_password'];
//password now will be same as new password
$update_query = array('UPDATE' => "{$dbprefix}users", 'SET' => "password = '******', new_password = '', hash_key = ''", 'WHERE' => 'id=' . $u_id);
($hook = kleeja_run_hook('qr_update_newpass_activation')) ? eval($hook) : null;
//run hook
$SQL->build($update_query);
$text = $lang['OK_APPLY_NEWPASS'] . '<br /><a href="' . $config['siteurl'] . ($config['mod_writer'] ? 'login.html' : 'ucp.php?go=login') . '">' . $lang['LOGIN'] . '</a>';
kleeja_info($text);
exit;
}
//no else .. just do nothing cuz it's wrong and wrong mean spams !
/**
* Include language file
*/
function get_lang($name, $folder = '')
{
global $config, $lang;
($hook = kleeja_run_hook('get_lang_func')) ? eval($hook) : null;
//run hook
$name = str_replace('..', '', $name);
if ($folder != '') {
$folder = str_replace('..', '', $folder);
$name = $folder . '/' . $name;
}
$path = PATH . 'lang/' . $config['language'] . '/' . str_replace('.php', '', $name) . '.php';
if (file_exists($path)) {
include_once $path;
} else {
if (file_exists(PATH . 'lang/en/' . str_replace('.php', '', $name) . '.php')) {
include_once PATH . 'lang/en/' . str_replace('.php', '', $name) . '.php';
} else {
big_error('There is no language file in the current path', '' . $path . ' not found');
}
}
return true;
}
