function file_store_encrypted($data, $access = 0, $blocked = 0) { file_check_tables(); for (;;) { $t = md5(time() . '#SEPARATOR#' . time()); if (db_count('files', "`name`=\"{$t}\"") == 0) { break; } } $d = config_get('storage-enc'); $t2 = $t; $t = $t . '.php'; $fn = $d . '/' . $t; @($f = fopen($fn, 'wb')); if (!$f) { return -1; } fwrite($f, "<?php\n /**\n * Gate - Wiki engine and web-interface for WebTester Server\n *\n * Copyright (c) 2008-2009 Sergey I. Sharybin <*****@*****.**>\n *\n * This program can be distributed under the terms of the GNU GPL.\n * See the file COPYING.\n */\n\n include '../../globals.php';\n include \$DOCUMENT_ROOT.'/inc/include.php';\n function _die(\$msg='') { header ('content-type: text/html;'); print ((\$msg!='')?(\$msg):('HACKERS?')); die; }\n session_start ();\n db_connect ();\n security_initialize ();\n \$fn=filename (\$PHP_SELF);\n \$d=db_row_value ('files', '`name`=\"'.\$fn.'\"');\n if (\$d['id']=='') _die ();\n if (\$d['access']>user_access ()) _die ('Access denied');\n if (\$d['blocked'] && !\$_SESSION['file_encrypted_allowed']) _die ('Content is blocked');\n header ('Content-Type: application/octet-stream');\n header ('Content-Disposition: attachment; filename=' . \$d['orig_name']);\n \$fp = fopen(__FILE__, 'r');\n fseek (\$fp, __COMPILER_HALT_OFFSET__);\n print (stream_get_contents (\$fp));\n __halt_compiler();"); $f2 = fopen($data['tmp_name'], 'rb'); if ($f2) { $n = filesize($data['tmp_name']); for ($i = 0; $i < $n; $i++) { $ch = fgetc($f2); fwrite($f, $ch); } fclose($f2); } fclose($f); db_insert('files', array('name' => db_string($t), 'orig_name' => db_string($data['name']), 'access' => $access, 'blocked' => $blocked)); return db_last_insert(); }
function user_create($login, $name, $passwd, $email, $authorized = false, $access = 1, $groups = array()) { // Check da values if (!user_check_fields($login, $name, $passwd, $email)) { return false; } // Checking has been passed db_insert('user', array('name' => '"' . htmlspecialchars(addslashes($name)) . '"', 'login' => '"' . addslashes($login) . '"', 'password' => 'MD5("' . addslashes(user_password_hash($login, $passwd)) . '")', 'access' => $access, 'email' => '"' . addslashes($email) . '"', 'authorized' => $authorized ? '1' : '0', 'settings' => '""', 'timestamp' => time())); $uid = db_last_insert(); user_add_to_default_groups($uid); user_add_to_groups($uid, $groups); return true; }
function AddTagToProblem($problem_id, $tag) { $tag_id = db_field_value('tester_tags_dict', 'id', '`tag`="' . addslashes($tag) . '"'); if (!isnumber($tag_id)) { db_insert('tester_tags_dict', array('tag' => db_string($tag))); $tag_id = db_last_insert(); } if (db_count('tester_problem_tags', "`problem_id`={$problem_id} AND `tag_id`={$tag_id}") == 0) { db_insert('tester_problem_tags', array('problem_id' => $problem_id, 'tag_id' => $tag_id)); return true; } else { return false; } }
function AppendCatFromDataset($name, $dataset) { if ($dataset == nil) { return false; } if (trim($name) == '') { add_info('Название подкаталога не может быть пустым.'); return false; } $fields = array('pid' => 'INT', 'uid' => 'INT', 'order' => 'INT'); $arr = $dataset->GenCreateFields(); foreach ($arr as $k => $v) { $fields[$k] = $v; } db_insert($this->settings['content'], array('name' => db_html_string($name), 'dataset' => $dataset->GetID(), 'timestamp' => time(), 'user_id' => user_id(), 'ip' => db_html_string(get_real_ip()))); $cat_id = db_last_insert(); $this->settings['cat_' . $cat_id . '_dsset'] = $dataset->settings; content_create_support_table($this->content_id, $dataset->GetID(), $fields, $cat_id); $dataset->Ref(); $this->SaveSettings(); return true; }
function Editor_Save($formname = '', $receive = true) { global $redirect; if (!$this->GetAllowed('ADDINFO')) { return; } if ($receive) { $this->dataset->ReceiveData($formname); } $arr = $this->dataset->GetFieldValues(true); $clause = ''; if ($this->IsDated()) { $clause = '`date`="' . $this->dataset->FieldValue('date') . '"'; } $arr['order'] = db_next_order($this->settings['content'], $clause); $arr['timestamp'] = time(); $arr['user_id'] = '"' . user_id() . '"'; $arr['ip'] = '"' . get_real_ip() . '"'; db_insert($this->settings['content'], $arr); $uid = db_last_insert(); db_update($this->settings['content'], array('uid' => $uid), '`id`=' . $uid); $this->dataset->FreeValues(); $this->ReceiveContent(); if ($redirect != '') { redirect(); } }
function Problems_Create($contest_id, $catid) { global $anstype, $anscount; if (!$this->GetAllowed('CONTEST.MANAGE')) { return; } if ($contest_id < 0) { $contest_id = $_SESSION['WT_contest_id']; } $name = stripslashes(FormPOSTValue('name', 'ProblemSettings')); $desc = iframe_accept_content('desc', ''); $s = array(); $s['anstype'] = $anstype; $s['anscount'] = $anscount; $ans = array(); for ($i = 0; $i < $anscount; $i++) { $ans[$i] = array('text' => htmlspecialchars(stripslashes($_POST['ans_text_' . $i])), 'correct' => $_POST['ans_correct_' . $i] ? 1 : 0, 'static' => $_POST['ans_static_' . $i] ? 1 : 0); } $s['ans'] = $ans; db_insert('tester_problems', array('lid' => 1, 'name' => db_string($name), 'description' => db_string($desc), 'settings' => db_string(serialize($s)), 'uploaded' => true)); $pid = db_last_insert(); db_insert('tester_tasks', array('contest_id' => $contest_id, 'problem_id' => $pid, 'catid' => $catid)); }
function SpawnEntry($user_id = -1) { if ($this->id < 0) { return -1; } db_insert('storage_volume_' . $this->id, array('file' => '""', 'user_id' => $user_id, 'timestamp' => time(), 'params' => '""')); if (db_error() != '') { return -1; } return db_last_insert(); }
function Create() { db_insert('templates', array('name' => '"' . addslashes($this->GetName()) . '"', 'text' => '"' . addslashes($this->GetText()) . '"')); $this->id = db_last_insert(); manage_register_template($this->id, $this->GetName()); }