//show cached temaplte process ... //that came from plugins or return backup or even if style folder //is not writable case 'cached': $cached_file = PATH . 'cache/styles_cached.php'; //delete cached styles if (isset($_GET['del'])) { delete_cache('styles_cached'); $text = $lang['CACHED_STYLES_DELETED']; $stylee = 'admin_info'; } elseif (!file_exists($cached_file)) { $text = $lang['NO_CACHED_STYLES']; $stylee = 'admin_info'; } else { $content = file_get_contents($cached_file); $content = kleeja_base64_decode($content); $content = unserialize($content); ob_start(); foreach ($content as $template_name => $do) { echo '<strong>' . $lang['OPEN'] . '</strong> : <br /> ' . (substr($template_name, 0, 6) == 'admin_' ? $STYLE_PATH_ADMIN : $STYLE_PATH) . $template_name . '<br />'; switch (trim($do['action'])) { case 'replace_with': echo '<strong> ' . $lang['SEARCH_FOR'] . '<strong> : <br />'; //if it's to code if (strpos($do['find'], '(.*?)') !== false) { $do['find'] = explode('(.*?)', $do['find']); echo '<textarea style="direction:ltr;width:90%">' . trim(htmlspecialchars($do['find'][0])) . '</textarea> <br />'; echo '<strong> ' . $lang['REPLACE_TO_REACH'] . '<strong> : <br />'; echo '<textarea style="direction:ltr;width:90%">' . trim(htmlspecialchars($do['find'][1])) . '</textarea> <br />'; } else { if (trim($do['find']) == '') {
function kleeja_check_user() { global $config, $SQL, $dbprefix; ($hook = kleeja_run_hook('kleeja_check_user_func_usr_class')) ? eval($hook) : null; //run hook //if login up if ($this->kleeja_get_cookie('ulogu')) { $user_data = false; list($user_id, $hashed_password, $expire_at, $hashed_expire, $adm_or_not, $u_info) = @explode('|', $this->en_de_crypt($this->kleeja_get_cookie('ulogu'), 2)); //if not expire if ($hashed_expire == sha1(md5($config['h_key'] . $hashed_password) . $expire_at) && $expire_at > time()) { /* For better performance we will take the risks */ /* !defined('IN_DOWNLOAD') */ if ((int) $adm_or_not == 1) { $user_data = $this->data($user_id, $hashed_password, true, $expire_at); } else { if (!empty($u_info)) { $uu_info = unserialize(kleeja_base64_decode($u_info)); define('USER_ID', $uu_info['id']); define('USER_NAME', $uu_info['name']); define('USER_MAIL', $uu_info['mail']); define('USER_ADMIN', '0'); define('LAST_VISIT', $uu_info['last_visit']); $user_data = true; } } } if ($user_data == false) { $this->logout(); } else { return $user_data; } } return false; //nothing }
if ($_SERVER['REQUEST_METHOD'] == 'POST' && defined('STOP_CSRF')) { $t_reff = explode('/', $_SERVER['HTTP_REFERER']); $t_host = explode('/', $_SERVER['HTTP_HOST']); if ($t_reff[2] != $t_host[0]) { $usrcp->logout_cp(); if (isset($_GET['_ajax_'])) { //echo_ajax(999, ''); } redirect($config['siteurl']); $SQL->close(); exit; } } $gt = kleeja_filesize(PATH . 'includes/st' . 'yl' . 'e.php'); if (!empty($gt) && $gt != 10235) { exit(kleeja_base64_decode('V2hlcmUgVGhlIENvcHlyaWdodHMgOikgLi4u')); } !defined('LAST_VISIT') ? define('LAST_VISIT', time() - 3600 * 12) : ''; //last visit $last_visit = defined('LAST_VISIT') && preg_match('/[0-9]{10}/', LAST_VISIT) ? kleeja_date(LAST_VISIT) : false; //path of admin extensions $path_adm = PATH . 'includes/adm'; //exception extentions $ext_expt = array(); $ext_expt[] = 'start'; $ext_expt[] = 'php_info'; $ext_expt[] = 'b_lgoutcp'; $ext_expt[] = 'i_exts'; //confirm msgs $ext_confirm = array(); //$ext_confirm[] = 'repair';
kleeja_admin_info($lang['PLUGIN_DELETED'], false, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&' . $current_smt); } //if there is a zip? $text = sprintf($lang['PLUGIN_DELETED_ZIPPED'], '<a target="_blank" href="' . basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&do_plg=' . $plg->plg_id . '&m=6&fn=' . $plg->zipped_files . '&smt=' . $current_smt . '">', '</a>'); $text .= '<br /><br /><a onclick="javascript:get_kleeja_link(this.href); return false;" href="' . basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&smt=' . $current_smt . '">' . $lang['GO_BACK_BROWSER'] . '</a>'; kleeja_admin_info($text, false, '', true, false); } break; case '4': //plugin instructions $query = array('SELECT' => 'p.plg_name, p.plg_ver, p.plg_instructions', 'FROM' => "{$dbprefix}plugins p", 'WHERE' => "p.plg_id=" . $plg_id); $result = $SQL->fetch_array($SQL->build($query)); if (empty($result)) { redirect(basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php')); } $info = unserialize(kleeja_base64_decode($result['plg_instructions'])); $info = isset($info[$config['language']]) ? $info[$config['language']] : $info['en']; kleeja_admin_info('<h3>' . $result['plg_name'] . ' ' . $result['plg_ver'] . ' : </h3>' . $info . '<br /><a onclick="javascript:get_kleeja_link(this.href); return false;" href="' . basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&smt=' . $current_smt . '">' . $lang['GO_BACK_BROWSER'] . '</a>'); break; //downaloding zipped changes .. //downaloding zipped changes .. case 6: if (!isset($_GET['fn'])) { kleeja_admin_err($lang['ERROR']); } $_f = preg_replace('![^a-z0-9]!', '', $_GET['fn']); $name = 'changes_of_' . $_f . '.zip'; if (!file_exists(PATH . 'cache/' . $name)) { kleeja_admin_err($lang['ERROR']); } if (is_browser('mozilla')) {
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_username = false) { global $lang, $config, $usrcp, $userinfo; global $script_path, $script_api_key, $script_cp1256; //URL must be begin with http:// if (empty($script_path) || $script_path[0] != 'h') { big_error('Forum URL must be begin with http://', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'API')); } //api key is the key to make the query between the remote script and kleeja more secure ! //this must be changed in the real use if (empty($script_api_key)) { big_error('api key', 'To connect to the remote script you have to write the API key ...'); } $pass = empty($script_cp1256) || !$script_cp1256 ? $pass : $usrcp->kleeja_utf8($pass, false); $name = empty($script_cp1256) || !$script_cp1256 || $hashed ? $name : $usrcp->kleeja_utf8($name, false); /* @see file : docs/kleeja_(vb,mysmartbb,phpbb)_api.txt */ $api_http_query = 'api_key=' . kleeja_base64_encode($script_api_key) . '&' . ($hashed ? 'userid' : 'username') . '=' . urlencode($name) . '&pass='******'&return_username=1' : ''; //get it $remote_data = fetch_remote_file($script_path . '?' . $api_http_query); //no responde //empty or can not connect if ($remote_data == false || empty($remote_data)) { return false; } //see kleeja_api.php file //split the data , the first one is always 0 or 1 //0 : error //1: ok $user_info = explode('%|%', kleeja_base64_decode($remote_data)); //omg, it's 0 , 0 : error, lets die here if ((int) $user_info[0] == 0) { return false; } // //if we want username only we have to return it quickly and die here // if ($return_username) { return empty($script_cp1256) || !$script_cp1256 ? $user_info[1] : $usrcp->kleeja_utf8($user_info[1]); } // //when loggin to admin, we just want a check, no data setup .. // if (!$loginadm) { define('USER_ID', $user_info[1]); define('GROUP_ID', 3); define('USER_NAME', empty($script_cp1256) || !$script_cp1256 ? $user_info[2] : $usrcp->kleeja_utf8($user_info[2])); define('USER_MAIL', $user_info[3]); define('USER_ADMIN', (int) $user_info[5] == 1 ? 1 : 0); } //user ifo //and this must be filled with user data comming from url $userinfo = array(); $userinfo['group_id'] = GROUP_ID; $user_y = kleeja_base64_encode(serialize(array('id' => USER_ID, 'name' => USER_NAME, 'mail' => USER_MAIL, 'last_visit' => time()))); //add cookies if (!$loginadm) { $usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($user_info[1] . '|' . $user_info[4] . '|' . $expire . '|' . sha1(md5($config['h_key'] . $user_info[4]) . $expire) . '|' . GROUP_ID . '|' . $user_y), $expire); } //no need after now unset($pass); //yes ! he is a real user return true; }
//begin default files page // $query = array('SELECT' => 'COUNT(f.id) AS total_files', 'FROM' => "{$dbprefix}files f", 'ORDER BY' => 'f.id '); #if user system is default, we use users table if ((int) $config['user_system'] == 1) { $query['JOINS'] = array(array('LEFT JOIN' => "{$dbprefix}users u", 'ON' => 'u.id=f.user')); } //posts search .. if (isset($_POST['search_file'])) { redirect(basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&search=' . kleeja_base64_encode(serialize($_POST))); $SQL->close(); exit; } else { if (isset($_GET['search'])) { $deletelink = basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&deletefiles=' . $SQL->escape($_GET['search']); $search = unserialize(kleeja_base64_decode($_GET['search'])); $search['filename'] = !isset($search['filename']) ? '' : $search['filename']; $search['username'] = !isset($search['username']) ? '' : $search['username']; $search['than'] = !isset($search['than']) ? 1 : $search['than']; $search['size'] = !isset($search['size']) ? '' : $search['size']; $search['ups'] = !isset($search['ups']) ? '' : $search['ups']; $search['uthan'] = !isset($search['uthan']) ? 1 : $search['uthan']; $search['rep'] = !isset($search['rep']) ? '' : $search['rep']; $search['rthan'] = !isset($search['rthan']) ? 1 : $search['rthan']; $search['lastdown'] = !isset($search['lastdown']) ? '' : $search['lastdown']; $search['ext'] = !isset($search['ext']) ? '' : $search['ext']; $search['user_ip'] = !isset($search['user_ip']) ? '' : $search['user_ip']; $file_namee = $search['filename'] != '' ? 'AND f.real_filename LIKE \'%' . $SQL->escape($search['filename']) . '%\' ' : ''; $usernamee = $search['username'] != '' ? 'AND u.name LIKE \'%' . $SQL->escape($search['username']) . '%\'' : ''; $size_than = ' f.size ' . ($search['than'] != 1 ? '<=' : '>=') . intval($search['size']) * 1024 . ' '; $ups_than = $search['ups'] != '' ? 'AND f.uploads ' . ($search['uthan'] != 1 ? '<' : '>') . intval($search['ups']) . ' ' : '';
function kleeja_check_user() { global $config, $SQL, $dbprefix, $userinfo; ($hook = kleeja_run_hook('kleeja_check_user_func_usr_class')) ? eval($hook) : null; //run hook #to make sure $userinfo = array('id' => -1, 'group_id' => 2); //if login up if ($this->kleeja_get_cookie('ulogu')) { $user_data = false; list($user_id, $hashed_password, $expire_at, $hashed_expire, $group_id, $u_info) = @explode('|', $this->en_de_crypt($this->kleeja_get_cookie('ulogu'), 2)); //if not expire if ($hashed_expire == sha1(md5($config['h_key'] . $hashed_password) . $expire_at) && $expire_at > time()) { /* For better performance we will take the risks */ /* !defined('IN_DOWNLOAD') */ //exit(print_r( @explode('|', $this->en_de_crypt($this->kleeja_get_cookie('ulogu'), 2)))); if (user_can('enter_acp', $group_id)) { $user_data = $this->data($user_id, $hashed_password, true, $expire_at); } else { if (!empty($u_info)) { $userinfo = unserialize(kleeja_base64_decode($u_info)); $userinfo['group_id'] = $group_id; $userinfo['password'] = $hashed_password; define('USER_ID', $userinfo['id']); define('GROUP_ID', $userinfo['group_id']); define('USER_NAME', $userinfo['name']); define('USER_MAIL', $userinfo['mail']); define('LAST_VISIT', $userinfo['last_visit']); $user_data = true; } } } if ($user_data == false) { $this->logout(); } else { return $user_data; } } else { #guest define('USER_ID', $userinfo['id']); define('GROUP_ID', $userinfo['group_id']); } return false; //nothing }
kleeja_admin_err($errs); } } } // //begin of default users page // $query = array('SELECT' => 'COUNT(id) AS total_users', 'FROM' => "{$dbprefix}users", 'ORDER BY' => 'id ASC'); //posts search .. if (isset($_POST['search_user'])) { redirect(basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&search=' . kleeja_base64_encode(serialize($_POST))); $SQL->close(); exit; } else { if (isset($_GET['search'])) { $search = kleeja_base64_decode($_GET['search']); $search = unserialize($search); $usernamee = $search['username'] != '' ? 'AND name LIKE \'%' . $SQL->escape($search['username']) . '%\' ' : ''; $usermailee = $search['usermail'] != '' ? 'AND mail LIKE \'%' . $SQL->escape($search['usermail']) . '%\' ' : ''; $is_search = true; $isn_search = false; $query['WHERE'] = "name != '' {$usernamee} {$usermailee}"; } else { if (isset($_GET['admin'])) { $admin = (int) $_GET['admin'] == 1 ? "AND admin = 1 " : ''; $is_search = true; $isn_search = false; $is_asearch = true; $query['WHERE'] = "name != '' {$admin}"; } }
/** * delete any content from any template , this will used in plugins * used in unistall tag at plugin xml file * * todo : use file handler, require ftp info at uninstalling */ function delete_ch_tpl($template_name, $delete_txt = array()) { global $dbprefix, $lang, $config, $STYLE_PATH_ADMIN, $STYLE_PATH, $THIS_STYLE_PATH; if (is_array($template_name)) { foreach ($template_name as $tn) { $this->delete_ch_tpl($tn, $delete_txt); } return; } $style_path = substr($template_name, 0, 6) == 'admin_' ? $STYLE_PATH_ADMIN : $THIS_STYLE_PATH; $is_admin_template = substr($template_name, 0, 6) == 'admin_' ? true : false; //if template not found and default style is there and not admin tpl $template_path = $style_path . $template_name . '.html'; if (!file_exists($template_path)) { if ($config['style'] != 'default' && !$is_admin_template) { $template_path_alternative = str_replace('/' . $config['style'] . '/', '/default/', $template_path); if (file_exists($template_path_alternative)) { $template_path = $template_path_alternative; } } } if (file_exists($template_path)) { $d_contents = file_get_contents($template_path); } else { $d_contents = ''; } include_once "s_strings.php"; $finder = new sa_srch(); $finder->find_word = $delete_txt; $finder->another_word = '<!-- deleted ' . md5(implode(null, $delete_txt)) . ' -->'; $finder->text = trim($d_contents); $finder->do_search(2); $cached_instructions = array(); if ($d_contents != '' && md5($finder->text) != md5($d_contents) && is_writable($style_path)) { //update $this->f->_write($style_path . $template_name . '.html', $finder->text); //delete cache .. delete_cache('tpl_' . $template_name); } else { $cached_instructions[$template_name] = array('action' => 'replace_with', 'find' => $finder->find_word[0] . '(.*?)' . $finder->find_word[1], 'action_text' => $finder->another_word); } //add cached instuctions to cache if there if (sizeof($cached_instructions) > 0) { //fix if (file_exists(PATH . 'cache/styles_cached.php')) { $cached_content = file_get_contents(PATH . 'cache/styles_cached.php'); $cached_content = kleeja_base64_decode($cached_content); $cached_content = unserialize($cached_content); $cached_instructions += $cached_content; } $filename = @fopen(PATH . 'cache/styles_cached.php', 'w'); fwrite($filename, kleeja_base64_encode(serialize($cached_instructions))); fclose($filename); } if ($this->f_method === 'zfile') { if ($this->f->check()) { $this->zipped_files = $this->f->push($plugin_name); } } return true; }
echo "\t" . '<options>' . "\n"; while ($config = $SQL->fetch_array($queryconfig)) { echo "\t\t" . '<option name="' . $config['name'] . '" value="' . $config['value'] . '" order="' . $config['display_order'] . '" menu="' . $config['type'] . '"><![CDATA[' . clean_xml_cdata($config['option']) . ']]></option>' . "\n"; } echo "\t" . '</options>' . "\n"; } $queryhooks = $SQL->build(array('SELECT' => '*', 'FROM' => "{$dbprefix}hooks", 'WHERE' => "plg_id=" . $plg_id)); if ($SQL->num_rows($queryhooks) > 0) { echo "\t" . '<hooks>' . "\n"; while ($hook = $SQL->fetch_array($queryhooks)) { echo "\t\t" . '<hook name="' . $hook['hook_name'] . '"><![CDATA[' . clean_xml_cdata($hook['hook_content']) . ']]></hook>' . "\n"; } echo "\t" . '</hooks>' . "\n"; } if (!empty($row['plg_files'])) { $nfiles = unserialize(kleeja_base64_decode($row['plg_files'])); echo "\t" . '<files>' . "\n"; foreach ($nfiles as $f) { if ($f[0] == '/') { $f = substr($f, 1); } echo "\t\t" . '<file path="' . $f . '"><![CDATA[' . kleeja_base64_encode(@file_get_contents(PATH . $f)) . ']]></file>' . "\n"; } echo "\t" . '</files>' . "\n"; } echo '</kleeja>'; exit; } else { kleeja_admin_err($lang['ERROR']); } break;