/**
* Parse any get params that might be hidden in the URL
*/
function parse_params()
{
// --[ mod_rewrite code ]--
if (!isset($_GET[ROSTER_PAGE])) {
$uri = request_uri();
$page = substr($uri, strlen(ROSTER_PATH));
list($page) = explode('.', $page);
// Build the Roster page var
$pages = array();
foreach (explode('/', $page) as $get) {
if (strpos($get, '=') === false) {
$pages[] = $get;
} else {
parse_str($get, $get);
if (!get_magic_quotes_gpc()) {
$get = escape_array($get);
}
$_GET = array_overlay($get, $_GET);
}
}
// Needed in case someone specified www.example.com/roster/index.php.
// That format is the only one that works in IIS
if ($pages == array('index')) {
$pages = array();
}
$_GET[ROSTER_PAGE] = implode('-', $pages);
}
}
function processPlugin()
{
global $roster, $installer;
$addon_name = $_POST['addon'];
$addon_parent = $_POST['addonparent'];
$addon_file = $_POST['addonfile'];
if (preg_match('/[^a-zA-Z0-9_]/', $addon_name)) {
$installer->seterrors($roster->locale->act['invalid_char_module'], $roster->locale->act['installer_error']);
return;
}
if (false === $roster->db->query("CREATE TEMPORARY TABLE `test` (id int);")) {
$installer->temp_tables = false;
$roster->db->query("UPDATE `" . $roster->db->table('config') . "` SET `config_value` = '0' WHERE `id` = 1180;");
} else {
$installer->temp_tables = true;
}
$addonDir = ROSTER_PLUGINS . $addon_name . DIR_SEP;
$addon_install_file = $addonDir . 'install.def.php';
$install_class = $addon_name . 'Install';
if (!file_exists($addon_install_file)) {
$installer->seterrors(sprintf($roster->locale->act['installer_no_installdef'], $addon_name), $roster->locale->act['installer_error']);
return;
}
require $addon_install_file;
$addon = new $install_class();
$addata = escape_array((array) $addon);
$addata['basename'] = $addon_name;
if ($addata['basename'] == '') {
$installer->seterrors($roster->locale->act['installer_no_empty'], $roster->locale->act['installer_error']);
return;
}
// Get existing addon record if available
$query = 'SELECT * FROM `' . $roster->db->table('plugin') . '` WHERE `basename` = "' . $addata['basename'] . '";';
$result = $roster->db->query($query);
if (!$result) {
$installer->seterrors(sprintf($roster->locale->act['installer_fetch_failed'], $addata['basename']) . '.<br />MySQL said: ' . $roster->db->error(), $roster->locale->act['installer_error']);
return;
}
$previous = $roster->db->fetch($result);
$roster->db->free_result($result);
// Give the installer the addon data
$installer->addata = $addata;
$success = false;
// Collect data for this install type
switch ($_POST['type']) {
case 'install':
if ($previous) {
$installer->seterrors(sprintf($roster->locale->act['installer_addon_exist'], $installer->addata['basename'], $previous['fullname']));
break;
}
// check to see if any requred addons if so and not enabled disable addon after install and give a message
if (isset($installer->addata['requires'])) {
if (!active_addon($installer->addata['requires'])) {
$installer->addata['active'] = false;
$installer->setmessages('Addon Dependency "' . $installer->addata['requires'] . '" not active or installed, "' . $installer->addata['fullname'] . '" has been disabled');
break;
}
}
$query = 'INSERT INTO `' . $roster->db->table('plugin') . '` VALUES
(NULL,"' . $installer->addata['basename'] . '",
"' . $installer->addata['parent'] . '",
"' . $installer->addata['scope'] . '",
"' . $installer->addata['version'] . '",
"' . (int) $installer->addata['active'] . '",
0,
"' . $installer->addata['fullname'] . '",
"' . $installer->addata['description'] . '",
"' . $roster->db->escape(serialize($installer->addata['credits'])) . '",
"' . $installer->addata['icon'] . '",
"' . $installer->addata['wrnet_id'] . '",NULL);';
$result = $roster->db->query($query);
if (!$result) {
$installer->seterrors('DB error while creating new addon record. <br /> MySQL said:' . $roster->db->error(), $roster->locale->act['installer_error']);
break;
}
$installer->addata['addon_id'] = $roster->db->insert_id();
// We backup the addon config table to prevent damage
$installer->add_backup($roster->db->table('plugin_config'));
$success = $addon->install();
// Delete the addon record if there is an error
if (!$success) {
$query = 'DELETE FROM `' . $roster->db->table('plugin') . "` WHERE `addon_id` = '" . $installer->addata['addon_id'] . "';";
$result = $roster->db->query($query);
} else {
$installer->sql[] = 'UPDATE `' . $roster->db->table('plugin') . '` SET `active` = ' . (int) $installer->addata['active'] . " WHERE `addon_id` = '" . $installer->addata['addon_id'] . "';";
}
break;
case 'upgrade':
if (!$previous) {
$installer->seterrors(sprintf($roster->locale->act['installer_no_upgrade'], $installer->addata['basename']));
break;
}
$query = "UPDATE `" . $roster->db->table('plugin') . "` SET `basename`='" . $installer->addata['basename'] . "', `version`='" . $installer->addata['version'] . "', `active`=" . (int) $installer->addata['active'] . ", `fullname`='" . $installer->addata['fullname'] . "', `description`='" . $installer->addata['description'] . "', `credits`='" . serialize($installer->addata['credits']) . "', `icon`='" . $installer->addata['icon'] . "', `wrnet_id`='" . $installer->addata['wrnet_id'] . "' WHERE `addon_id`=" . $previous['addon_id'] . ';';
$result = $roster->db->query($query);
if (!$result) {
$installer->seterrors('DB error while updating the addon record. <br /> MySQL said:' . $roster->db->error(), $roster->locale->act['installer_error']);
break;
}
$installer->addata['addon_id'] = $previous['addon_id'];
// We backup the addon config table to prevent damage
$installer->add_backup($roster->db->table('plugin_config'));
$success = $addon->upgrade($previous['version']);
break;
case 'uninstall':
if (!$previous) {
$installer->seterrors(sprintf($roster->locale->act['installer_no_uninstall'], $installer->addata['basename']));
break;
}
if ($previous['basename'] != $installer->addata['basename']) {
$installer->seterrors(sprintf($roster->locale->act['installer_not_uninstallable'], $installer->addata['basename'], $previous['fullname']));
break;
}
$query = 'DELETE FROM `' . $roster->db->table('plugin') . '` WHERE `addon_id`=' . $previous['addon_id'] . ';';
$result = $roster->db->query($query);
if (!$result) {
$installer->seterrors('DB error while deleting the addon record. <br /> MySQL said:' . $roster->db->error(), $roster->locale->act['installer_error']);
break;
}
$installer->addata['addon_id'] = $previous['addon_id'];
// We backup the addon config table to prevent damage
$installer->add_backup($roster->db->table('plugin_config'));
$success = $addon->uninstall();
break;
case 'purge':
$success = purge($installer->addata['basename']);
break;
default:
$installer->seterrors($roster->locale->act['installer_invalid_type']);
$success = false;
break;
}
if (!$success) {
$installer->seterrors($roster->locale->act['installer_no_success_sql']);
return false;
} else {
$success = $installer->install();
$installer->setmessages(sprintf($roster->locale->act['installer_' . $_POST['type'] . '_' . $success], $installer->addata['basename']));
}
unset($addon);
// Restore our locale array
return true;
}
/**
* Addon installer/upgrader/uninstaller
*
*/
function processAddon()
{
global $roster, $installer;
$addon_name = $_POST['addon'];
if (preg_match('/[^a-zA-Z0-9_]/', $addon_name)) {
$installer->seterrors($roster->locale->act['invalid_char_module'], $roster->locale->act['installer_error']);
return;
}
// Check for temp tables
//$old_error_die = $roster->db->error_die(false);
if (false === $roster->db->query("CREATE TEMPORARY TABLE `test` (id int);")) {
$installer->temp_tables = false;
$roster->db->query("UPDATE `" . $roster->db->table('config') . "` SET `config_value` = '0' WHERE `id` = 1180;");
} else {
$installer->temp_tables = true;
}
//$roster->db->error_die($old_error_die);
// Include addon install definitions
$addonDir = ROSTER_ADDONS . $addon_name . DIR_SEP;
$addon_install_file = $addonDir . 'inc' . DIR_SEP . 'install.def.php';
$install_class = $addon_name . 'Install';
if (!file_exists($addon_install_file)) {
$installer->seterrors(sprintf($roster->locale->act['installer_no_installdef'], $addon_name), $roster->locale->act['installer_error']);
return;
}
require $addon_install_file;
$addon = new $install_class();
$addata = escape_array((array) $addon);
$addata['basename'] = $addon_name;
if ($addata['basename'] == '') {
$installer->seterrors($roster->locale->act['installer_no_empty'], $roster->locale->act['installer_error']);
return;
}
// Get existing addon record if available
$query = 'SELECT * FROM `' . $roster->db->table('addon') . '` WHERE `basename` = "' . $addata['basename'] . '";';
$result = $roster->db->query($query);
if (!$result) {
$installer->seterrors(sprintf($roster->locale->act['installer_fetch_failed'], $addata['basename']) . '.<br />MySQL said: ' . $roster->db->error(), $roster->locale->act['installer_error']);
return;
}
$previous = $roster->db->fetch($result);
$roster->db->free_result($result);
// Give the installer the addon data
$installer->addata = $addata;
$success = false;
// Save current locale array
// Since we add all locales for localization, we save the current locale array
// This is in case one addon has the same locale strings as another, and keeps them from overwritting one another
$localetemp = $roster->locale->wordings;
foreach ($roster->multilanguages as $lang) {
$roster->locale->add_locale_file(ROSTER_ADDONS . $addata['basename'] . DIR_SEP . 'locale' . DIR_SEP . $lang . '.php', $lang);
}
// Collect data for this install type
switch ($_POST['type']) {
case 'install':
if ($previous) {
$installer->seterrors(sprintf($roster->locale->act['installer_addon_exist'], $installer->addata['basename'], $previous['fullname']));
break;
}
// check to see if any requred addons if so and not enabled disable addon after install and give a message
if (isset($installer->addata['requires'])) {
if (!active_addon($installer->addata['requires'])) {
$installer->addata['active'] = false;
$installer->setmessages('Addon Dependency "' . $installer->addata['requires'] . '" not active or installed, "' . $installer->addata['fullname'] . '" has been disabled');
break;
}
}
$query = 'INSERT INTO `' . $roster->db->table('addon') . '` VALUES (NULL,"' . $installer->addata['basename'] . '","' . $installer->addata['version'] . '","' . (int) $installer->addata['active'] . '",0,"' . $installer->addata['fullname'] . '","' . $installer->addata['description'] . '","' . $roster->db->escape(serialize($installer->addata['credits'])) . '","' . $installer->addata['icon'] . '","' . $installer->addata['wrnet_id'] . '",NULL);';
$result = $roster->db->query($query);
if (!$result) {
$installer->seterrors('DB error while creating new addon record. <br /> MySQL said:' . $roster->db->error(), $roster->locale->act['installer_error']);
break;
}
$installer->addata['addon_id'] = $roster->db->insert_id();
// We backup the addon config table to prevent damage
$installer->add_backup($roster->db->table('addon_config'));
$success = $addon->install();
// Delete the addon record if there is an error
if (!$success) {
$query = 'DELETE FROM `' . $roster->db->table('addon') . "` WHERE `addon_id` = '" . $installer->addata['addon_id'] . "';";
$result = $roster->db->query($query);
} else {
$installer->sql[] = 'UPDATE `' . $roster->db->table('addon') . '` SET `active` = ' . (int) $installer->addata['active'] . " WHERE `addon_id` = '" . $installer->addata['addon_id'] . "';";
$installer->sql[] = "INSERT INTO `" . $roster->db->table('permissions') . "` VALUES ('', 'roster', '" . $installer->addata['addon_id'] . "', 'addon', '" . $installer->addata['fullname'] . "', 'addon_access_desc' , '" . $installer->addata['basename'] . "_access');";
}
break;
case 'upgrade':
if (!$previous) {
$installer->seterrors(sprintf($roster->locale->act['installer_no_upgrade'], $installer->addata['basename']));
break;
}
/* Carry Over from AP branch
if( !in_array($previous['basename'],$addon->upgrades) )
{
$installer->seterrors(sprintf($roster->locale->act['installer_not_upgradable'],$addon->fullname,$previous['fullname'],$previous['basename']));
break;
}
*/
$query = "UPDATE `" . $roster->db->table('addon') . "` SET `basename`='" . $installer->addata['basename'] . "', `version`='" . $installer->addata['version'] . "', `active`=" . (int) $installer->addata['active'] . ", `fullname`='" . $installer->addata['fullname'] . "', `description`='" . $installer->addata['description'] . "', `credits`='" . serialize($installer->addata['credits']) . "', `icon`='" . $installer->addata['icon'] . "', `wrnet_id`='" . $installer->addata['wrnet_id'] . "' WHERE `addon_id`=" . $previous['addon_id'] . ';';
$result = $roster->db->query($query);
if (!$result) {
$installer->seterrors('DB error while updating the addon record. <br /> MySQL said:' . $roster->db->error(), $roster->locale->act['installer_error']);
break;
}
$installer->addata['addon_id'] = $previous['addon_id'];
// We backup the addon config table to prevent damage
$installer->add_backup($roster->db->table('addon_config'));
$success = $addon->upgrade($previous['version']);
break;
case 'uninstall':
if (!$previous) {
$installer->seterrors(sprintf($roster->locale->act['installer_no_uninstall'], $installer->addata['basename']));
break;
}
if ($previous['basename'] != $installer->addata['basename']) {
$installer->seterrors(sprintf($roster->locale->act['installer_not_uninstallable'], $installer->addata['basename'], $previous['fullname']));
break;
}
$query = 'DELETE FROM `' . $roster->db->table('addon') . '` WHERE `addon_id`=' . $previous['addon_id'] . ';';
$result = $roster->db->query($query);
if (!$result) {
$installer->seterrors('DB error while deleting the addon record. <br /> MySQL said:' . $roster->db->error(), $roster->locale->act['installer_error']);
break;
}
$installer->addata['addon_id'] = $previous['addon_id'];
// We backup the addon config table to prevent damage
$installer->add_backup($roster->db->table('addon_config'));
$success = $addon->uninstall();
if ($success) {
$installer->remove_permissions($previous['addon_id']);
}
break;
case 'purge':
$success = purge($installer->addata['basename']);
break;
default:
$installer->seterrors($roster->locale->act['installer_invalid_type']);
$success = false;
break;
}
if (!$success) {
$installer->seterrors($roster->locale->act['installer_no_success_sql']);
return false;
} else {
$success = $installer->install();
$installer->setmessages(sprintf($roster->locale->act['installer_' . $_POST['type'] . '_' . $success], $installer->addata['basename']));
}
// Restore our locale array
$roster->locale->wordings = $localetemp;
unset($localetemp);
return true;
}
private static function escape_array($value)
{
$ret = [];
foreach ($value as $v) {
if (is_array($v)) {
$ret[] = escape_array($v);
} else {
if (is_numeric($v)) {
} elseif (is_null($v)) {
$ret[] = 'NULL';
} elseif (is_bool($v)) {
$ret[] = self::escape_bool($v);
} else {
$v = str_replace('\\', '\\\\', $v);
$v = '"' . str_replace('"', '\\"', $v) . '"';
}
$ret[] = $v;
}
}
return '{' . implode(',', $ret) . '}';
}
/**
* Slash global data if magic_quotes_gpc is off.
* Checking for function existance for php6
*/
if (function_exists('get_magic_quotes_gpc')) {
if (!get_magic_quotes_gpc()) {
$_GET = escape_array($_GET);
$_POST = escape_array($_POST);
$_COOKIE = escape_array($_COOKIE);
$_REQUEST = escape_array($_REQUEST);
}
} else {
$_GET = escape_array($_GET);
$_POST = escape_array($_POST);
$_COOKIE = escape_array($_COOKIE);
$_REQUEST = escape_array($_REQUEST);
}
// --[ Check to see if we need to install ]--
if (!file_exists(ROSTER_CONF_FILE)) {
require ROSTER_BASE . 'install.php';
die;
} else {
require_once ROSTER_CONF_FILE;
}
if (!defined('ROSTER_INSTALLED')) {
require ROSTER_BASE . 'install.php';
die;
}
include ROSTER_LIB . 'roster.php';
$roster = new roster();
/**
/**
* Recursively escape $array
*
* @param array $array
* The array to escape
* @return array
* The same array, escaped
*/
function escape_array($array)
{
foreach ($array as $key => $value) {
if (is_array($value)) {
$array[$key] = escape_array($value);
} else {
$array[$key] = addslashes($value);
}
}
return $array;
}