/** * Comment object constructor * * @param database $db * @return privileges * @access public */ function privileges(&$db, $gid) { global $my; $this->gid = intval($this->escapeString($gid)); if (isset($my->gids) && $my->gid == $gid) { $db->setQuery("SELECT priv_upload, priv_editmedium, priv_delmedium, priv_creategal, priv_editgal, priv_delgal " . " FROM #__zoom_priv WHERE gid IN (" . $this->escapeString($my->gids) . ")"); } else { $db->setQuery("SELECT priv_upload, priv_editmedium, priv_delmedium, priv_creategal, priv_editgal, priv_delgal " . " FROM #__zoom_priv WHERE gid = '{$this->gid}'"); } $result = $db->query(); while ($row = mysql_fetch_object($result)) { foreach ($row as $priv => $value) { if ($value) { $this->{$priv} = $value; } } } }
function send_mail($to_email, $to_name, $subject, $content, $from_name = '') { $table = array("account"); $db = new database(); $query = $db->createQueryAll($table); $db->setQuery($query); $result1 = $db->loadAllRow(); //var_dump($result1); $pass = encrypt_decrypt('decrypt', $result1[0]['pass']); //var_dump($pass); //tài khoản gmail dùng để gửi mail $from_email = $result1[0]['name']; // Reply to this email $from_email_pass = $pass; return send_gmail($from_email, $from_email_pass, $to_email, $to_name, $subject, $content, $from_name); }
$configArray['DBpassword'] = $DBpassword; $configArray['DBname'] = $DBname; $configArray['DBPort'] = $DBPort; $configArray['DBPrefix'] = $DBPrefix; $sql = "CREATE DATABASE `{$DBname}`"; $mysql_result = mysql_query($sql); $test = mysql_errno(); if ($test != 0 && $test != 1007) { db_err("stepBack", "A database error occurred: " . mysql_error()); } // db is now new or existing, create the db object connector to do the serious work $DBserver = $DBPort ? "{$DBhostname}:{$DBPort}" : "{$DBhostname}"; $database = new database($DBserver, $DBuserName, $DBpassword, $DBname, $DBPrefix); // delete existing mos table if requested if ($DBDel) { $database->setQuery("SHOW TABLES FROM `{$DBname}`"); $errors = array(); if ($tables = $database->loadResultArray()) { foreach ($tables as $table) { if ($DBPrefix) { if (strpos($table, $DBPrefix) === 0) { if ($DBBackup) { $butable = str_replace($DBPrefix, $BUPrefix, $table); $database->setQuery("DROP TABLE IF EXISTS `{$butable}`"); $database->query(); if ($database->getErrorNum()) { $errors[$database->getQuery()] = $database->getErrorMsg(); } $database->setQuery("RENAME TABLE `{$table}` TO `{$butable}`"); $database->query(); if ($database->getErrorNum()) {
} // Does this code actually do anything??? $configArray['DBhostname'] = $DBhostname; $configArray['DBuserName'] = $DBuserName; $configArray['DBpassword'] = $DBpassword; $configArray['DBname'] = $DBname; $configArray['DBPrefix'] = $DBPrefix; $sql = "CREATE DATABASE `{$DBname}`"; $mysql_result = mysql_query($sql); $test = mysql_errno(); if ($test != 0 && $test != 1007) { db_err("stepBack", "访问数据库出错: " . mysql_error()); } // db is now new or existing, create the db object connector to do the serious work $database = new database($DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix); $database->setQuery("set names 'gb2312'"); // set charset $database->query(); // kilin did it // delete existing mos table if requested if ($DBDel) { $database->setQuery("SHOW TABLES FROM {$DBname}"); $errors = array(); if ($tables = $database->loadResultArray()) { foreach ($tables as $table) { if (strpos($table, $DBPrefix) === 0) { if ($DBBackup) { $butable = str_replace($DBPrefix, $BUPrefix, $table); $database->setQuery("DROP TABLE IF EXISTS {$butable}"); $database->query(); if ($database->getErrorNum()) {
public static function run() { if (!isset($_POST['expr'])) { $_POST['expr'] = ""; } if (!isset($_POST['evaltype'])) { $_POST['evaltype'] = "none"; } // include("udf_phpdump.php"); $_POST['expr'] = rtrim(stripslashes(stripslashes($_POST['expr']))); ?> <form action="<?php echo bfTools::ME(); ?> " method="post"> PHP Expression: <table width="100%"> <tr valign="top"> <td width="10%"><label><input type="radio" name="evaltype" value="none" accesskey="n" tabindex="3" <?php if ($_POST['evaltype'] == "none") { echo ' checked="checked"'; } ?> /> <span style="text-decoration: underline">n</span>one</label><br/> <label><input type="radio" name="evaltype" value="echo" accesskey="n" tabindex="4" <?php if (!isset($_POST['submit']) or $_POST['evaltype'] == "echo") { echo ' checked="checked"'; } ?> /> e<span style="text-decoration: underline">c</span>ho</label><br/> <label><input type="radio" name="evaltype" value="vardump" accesskey="v" tabindex="5" <?php if ($_POST['evaltype'] == "vardump") { echo ' checked="checked"'; } ?> /> <span style="text-decoration: underline">v</span>ardump</label><br/> <label><input type="radio" name="evaltype" value="phpdump" accesskey="d" tabindex="6" <?php if ($_POST['evaltype'] == "phpdump") { echo ' checked="checked"'; } ?> /> php<span style="text-decoration: underline">d</span>ump</label><br/> <label><input type="radio" name="evaltype" value="dbclasscreator" accesskey="d" tabindex="7" <?php if ($_POST['evaltype'] == "dbclasscreator") { echo ' checked="checked"'; } ?> /> <span style="text-decoration: underline">d</span>bclasscreator</label><br/> <label><input type="radio" name="evaltype" value="loadObjectList" accesskey="l" tabindex="7" <?php if ($_POST['evaltype'] == "loadObjectList") { echo ' checked="checked"'; } ?> /> <span style="text-decoration: underline">l</span>oadObjectList</label><br/> <label><input type="radio" name="evaltype" value="md5" accesskey="m" tabindex="7" <?php if ($_POST['evaltype'] == "md5") { echo ' checked="checked"'; } ?> /> <span style="text-decoration: underline">m</span>d5</label><br/> <label><input type="radio" name="evaltype" value="passthru" accesskey="p" tabindex="8" <?php if ($_POST['evaltype'] == "passthru") { echo ' checked="checked"'; } ?> /> <span style="text-decoration: underline">p</span>assthru</label><br/> <label><input type="radio" name="evaltype" value="wget" accesskey="w" tabindex="9" <?php if ($_POST['evaltype'] == "wget") { echo ' checked="checked"'; } ?> /> <span style="text-decoration: underline">w</span>get</label><br/> </td> <td width="92%"><textarea rows="5" cols="45" name="expr" accesskey="e" tabindex="1" style="width: 90%"><?php echo htmlspecialchars($_POST['expr']); ?> </textarea> </td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value=" Evaluate " tabindex="2"/></td> </tr> </table> </form> <?php if (strlen($_POST['expr'])) { switch ($_POST['evaltype']) { case "echo": $_POST['expr'] = "echo " . $_POST['expr']; break; case "vardump": $_POST['expr'] = "var_dump(" . $_POST['expr'] . ")"; break; case "phpdump": $_POST['expr'] = "phpdump(" . $_POST['expr'] . ")"; break; case "md5": $_POST['expr'] = "echo md5('" . $_POST['expr'] . "')"; break; case "passthru": $_POST['expr'] = "passthru('" . $_POST['expr'] . "')"; break; case "wget": $_POST['expr'] = "passthru('wget " . $_POST['expr'] . "')"; break; case "loadObjectList": include 'database.php'; // $database = new // database('localhost','root','root','componentsdev','jos'); $database->setQuery($_POST['expr']); echo '<pre style="background-color: #EEE; padding: 0.5em; overflow: auto;">'; print_R($database->loadObjectList()); echo "</pre>"; die; break; case "dbclasscreator": include 'database.php'; // $database = new // database('localhost','root','root','componentsdev','jos'); $dbname = explode('.', $_POST['expr']); $e = explode('_', $dbname[1]); $prefix = $e[0] . '_'; $db = new database('localhost', 'root', 'root', $dbname[0], $prefix); $db->setQuery('DESCRIBE ' . $dbname[1]); $fields = $db->loadObjectList(); $str = array(); $str[] = 'class CLASSNAME extends mosDBTable {'; $str[] = ''; $_tbl_key = $fields[0]->Field; foreach ($fields as $field) { $str[] = "\t" . 'var $' . $field->Field . '=null;'; } $str[] = ''; $str[] = "\t" . 'function CLASSNAME() {'; $str[] = "\t" . "\t" . 'global $database;'; $dbname[1] = str_replace('jos_', '', $dbname[1]); $dbname[1] = str_replace('mos_', '', $dbname[1]); $str[] = "\t" . "\t" . '$this->mosDBTable( "#__' . $dbname[1] . '", "' . $_tbl_key . '", $database );'; $str[] = "\t" . '}'; $str[] = '}'; $text = implode("\n", $str); echo '<pre style="background-color: #EEE; padding: 0.5em; overflow: auto;">'; print_R($text); echo "</pre>"; break; default: break; } if (substr($_POST['expr'], -1) != ";") { $_POST['expr'] .= ";"; } echo '<pre style="background-color: #EEE; padding: 0.5em; overflow: auto;">'; eval($_POST['expr']); echo "</pre>"; } }
function MakePass() { $uid = JSYS_Utils::getParam('user_id', 0, 'integer', false); $npass = JSYS_Utils::getParam('new_password', '', 'string', false); if (!$npass || !$uid) { echo "Bad or empty password"; return; } $conf = 'configuration.php'; if (!file_exists($conf)) { echo "Joomla Configuration File not found. Cannot connect to the database"; } require_once $conf; classCreator::createDatabase(); $database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix, false); $database->setQuery("UPDATE #__users SET password='******' WHERE id='{$uid}'"); $database->query(); echo "The new password is {$npass}"; }
$database = new database($DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix); $databasehist = new database($DBhostname, $DBuserName, $DBpassword, $DBHistname, $DBPrefix); // delete existing mos table if requested if ($DBDel) { $database->setQuery("SHOW TABLES FROM `{$DBname}`"); $errors = array(); if ($tables = $database->loadResultArray()) { foreach ($tables as $table) { $database->setQuery("DROP TABLE IF EXISTS `{$table}`"); $database->query(); if ($database->getErrorNum()) { $errors[$database->getQuery()] = $database->getErrorMsg(); } } } $databasehist->setQuery("SHOW TABLES FROM `{$DBname}`"); $errors = array(); if ($tables = $databasehist->loadResultArray()) { foreach ($tables as $table) { $databasehist->setQuery("DROP TABLE IF EXISTS `{$table}`"); $databasehist->query(); if ($databasehist->getErrorNum()) { $errors[$databasehist->getQuery()] = $databasehist->getErrorMsg(); } } } } populate_db($DBname, $DBPrefix, 'knomos.sql'); populate_db($DBHistname, $DBPrefix, 'knomos_hist.sql'); if ($DBSample) { populate_db($DBname, $DBPrefix, 'sample_data.sql');
function getSuggestions($keyword) { //get DB if (defined('_JEXEC')) { $dbi =& JDatabase::getInstance(array('driver' => DB_DRIVER, 'host' => DB_HOST, 'user' => DB_USER, 'password' => DB_PASSWORD, 'database' => DB_DATABASE, 'prefix' => DB_PREFIX)); } else { $dbi = new database(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE, DB_PREFIX, DB_OFFLINE); } // escape the keyword string if (get_magic_quotes_gpc()) { //Addded by AW $keyword = stripslashes($keyword); } $keyword = addcslashes(mysql_real_escape_string($keyword), "%_"); //$patterns = array('/\s+/', '/"+/', '/%+/'); //$replace = array(''); //$keyword = preg_replace($patterns, $replace, $keyword); // build the SQL query that gets the matching functions from the database $tit = "title"; $id = "id"; $link = "link"; // execute the SQL query $output = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'; $output .= '<response>'; $filter = '=""'; if ($keyword != '') { $filter = ' LIKE "' . $keyword . '%"'; } // if the keyword is empty build a SQL query that will return no results $query = ''; if (defined('_JEXEC')) { $query = 'SELECT ' . $tit . ',' . $link . ',' . $id . ' FROM (SELECT c.' . $tit . ' ,m.' . $link . ',m.id,c.created FROM #__content c JOIN ( SELECT ' . $link . ',' . $id . ' FROM #__menu WHERE ' . $link . ' like "index.php?option=com_content&view=article&id=%" AND published = 1 ) as m on m.' . $link . ' = concat("index.php?option=com_content&view=article&id=",c.' . $id . ') WHERE c.' . $tit . $filter . ' UNION SELECT c.' . $tit . ' ,concat("index.php?option=com_content&view=article&id=",cast(c.' . $id . ' as char(11))) as link ,0 as id,c.created FROM #__content c LEFT JOIN ( SELECT ' . $link . ',' . $id . ' FROM #__menu WHERE ' . $link . ' like "index.php?option=com_content&view=article&id=%" AND published = 1 ) as m on m.' . $link . ' = concat("index.php?option=com_content&view=article&id=",c.' . $id . ') WHERE c.' . $tit . $filter . ' AND m.' . $id . ' is null AND c.sectionid = 0 AND c.catid = 0 AND c.state = 1 UNION SELECT i.' . $tit . ' as title,concat("index.php?option=com_content&view=article&id=",cast(i.' . $id . ' as char(11))) as link, IFNULL(ms.' . $id . ' ,mc.' . $id . ' ) as id,i.created FROM #__content AS i JOIN #__sections AS s ON i.sectionid = s.' . $id . ' LEFT JOIN #__menu AS ms ON ms.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ') OR ms.' . $link . ' = concat("index.php?option=com_content&view=section&id=",s.' . $id . ') JOIN #__categories AS c ON i.catid = c.' . $id . ' LEFT JOIN #__menu AS mc ON mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ') OR mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ') WHERE (ms.id is not null or mc.id is not null) AND (ms.published = 1 or mc.published=1) AND i.' . $tit . $filter . ' UNION select i.' . $tit . ',concat("index.php?option=com_content&view=article&id=",cast(i.' . $id . ' as char(11))) as link, 0 as id,i.created FROM #__content i LEFT join #__menu m on m.link = concat("index.php?option=com_content&view=article&id=",i.' . $id . ') JOIN #__sections AS s ON i.sectionid = s.' . $id . ' LEFT JOIN #__menu AS ms ON ms.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ') OR ms.' . $link . ' = concat("index.php?option=com_content&view=section&id=",s.' . $id . ') JOIN #__categories AS c ON i.catid = c.' . $id . ' LEFT JOIN #__menu AS mc ON mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ') OR mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ') WHERE m.' . $id . ' is null AND ms.' . $id . ' is null AND mc.' . $id . ' is null AND state = 1 AND i.' . $tit . $filter . ' UNION SELECT IFNULL(s.' . $tit . ',c.' . $tit . '),m.link,m.id,"0000-00-00 00:00:00" as created FROM #__menu AS m LEFT JOIN #__sections AS s ON m.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ') OR m.' . $link . ' = concat("index.php?option=com_content&view=section&id=",s.' . $id . ') LEFT JOIN #__categories AS c ON m.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ') OR m.' . $link . ' = concat("iindex.php?option=com_content&view=category&id=",c.' . $id . ') WHERE (s.id is not null or c.id is not null) AND m.published = 1 AND IFNULL(s.' . $tit . ',c.' . $tit . ') ' . $filter . ' UNION SELECT s.' . $tit . ',concat("index.php?option=com_content&view=section&id=",cast(s.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created FROM #__sections AS s LEFT JOIN #__menu AS m ON m.' . $link . ' = concat("index.php?option=com_content&view=section&layout=blog&id=",s.' . $id . ') OR m.' . $link . ' = concat("index.php?option=com_content&view=section&id=",s.' . $id . ') WHERE m.id is null AND s.published = 1 AND s.' . $tit . $filter . ' UNION SELECT c.title,concat("index.php?option=com_content&view=category&id=",cast(c.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created FROM #__categories AS c LEFT JOIN #__menu AS m ON m.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ') OR m.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ') WHERE m.id is null AND c.published = 1 AND c.section REGEXP "^[0-9]+$" AND c.' . $tit . $filter . ' ORDER BY created desc) a WHERE ' . $tit . $filter; } else { $query = 'SELECT ' . $tit . ',' . $link . ',' . $id . ' FROM (SELECT c.' . $tit . ' ,m.' . $link . ',m.id,c.created FROM #__content c JOIN ( SELECT componentid,' . $link . ',' . $id . ' FROM #__menu WHERE type in ("content_item_link","content_typed") AND published = 1 ) as m on m.' . $link . ' = concat("index.php?option=com_content&task=view&id=",c.' . $id . ') WHERE c.' . $tit . $filter . ' union SELECT c.' . $tit . ' ,concat("index.php?option=com_content&task=view&id=",cast(c.' . $id . ' as char(11))) as link ,0 as id,c.created FROM #__content c LEFT JOIN ( SELECT ' . $link . ',' . $id . ' FROM #__menu WHERE type in ("content_item_link","content_typed") AND published = 1 ) as m on m.' . $link . ' = concat("index.php?option=com_content&task=view&id=",c.' . $id . ') WHERE m.' . $id . ' is null AND c.sectionid = 0 AND c.catid = 0 AND c.' . $tit . $filter . ' union SELECT i.' . $tit . ' as title,concat("index.php?option=com_content&task=view&id=",cast(i.' . $id . ' as char(11))) as link, IFNULL(ms.' . $id . ' ,mc.' . $id . ' ) as id,i.created FROM #__content i LEFT JOIN #__sections AS s ON i.sectionid = s.' . $id . ' LEFT JOIN #__menu AS ms ON ms.componentid = s.' . $id . ' LEFT JOIN #__categories AS c ON i.catid = c.' . $id . ' LEFT JOIN #__menu AS mc ON mc.componentid = c.' . $id . ' WHERE ( ms.type IN ( "content_section", "content_blog_section" ) OR mc.type IN ( "content_blog_category", "content_category" ) ) AND ms.published = 1 or mc.published=1 AND i.' . $tit . $filter . ' union select uc.' . $tit . ',concat("index.php?option=com_content&task=view&id=",cast(uc.' . $id . ' as char(11))) as link,um.' . $id . ',uc.created FROM #__content uc JOIN #__menu um on um.componentid = uc.' . $id . ' WHERE type = "url" AND um.published = 1 AND ' . $link . ' LIKE "index.php?%" AND uc.' . $tit . $filter . ' union select i.' . $tit . ',concat("index.php?option=com_content&task=view&id=",cast(i.' . $id . ' as char(11))) as link, 0 as id,i.created from #__content i LEFT join #__menu m on m.link = concat("index.php?option=com_content&task=view&id=",i.' . $id . ') LEFT join #__menu um on um.componentid = i.' . $id . ' LEFT JOIN #__sections AS s ON i.sectionid = s.' . $id . ' LEFT JOIN #__menu AS ms ON ms.componentid = s.' . $id . ' AND ms.type IN ( "content_section", "content_blog_section" ) LEFT JOIN #__categories AS c ON i.catid = c.' . $id . ' LEFT JOIN #__menu AS mc ON mc.componentid = c.' . $id . ' AND mc.type IN ( "content_blog_category", "content_category" ) WHERE m.' . $id . ' is null AND um.' . $id . ' is null AND ms.' . $id . ' is null and mc.id is null AND state = 1 AND i.' . $tit . $filter . ' union SELECT IFNULL(s.' . $tit . ',c.' . $tit . '),m.link,m.id,"0000-00-00 00:00:00" as created FROM #__menu AS m LEFT JOIN #__sections AS s ON m.componentid = s.' . $id . ' LEFT JOIN #__categories AS c ON m.componentid = c.' . $id . ' WHERE m.type IN ( "content_section", "content_blog_section" ,"content_blog_category", "content_category" ) AND m.published = 1 AND IFNULL(s.' . $tit . ',c.' . $tit . ') ' . $filter . ' union SELECT s.' . $tit . ',concat("index.php?option=com_content&view=section&id=",cast(s.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created FROM #__sections AS s LEFT JOIN #__menu AS m ON m.componentid = s.' . $id . ' AND m.type IN ( "content_section", "content_blog_section" ) WHERE m.id is null AND s.published = 1 AND s.' . $tit . $filter . ' union SELECT c.title,concat("index.php?option=com_content&view=category&id=",cast(c.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created FROM #__categories AS c LEFT JOIN #__menu AS m ON m.componentid = c.' . $id . ' AND m.type IN ( "content_blog_category", "content_category" ) WHERE m.id is null AND c.published = 1 AND c.section REGEXP "^[0-9]+$" AND c.' . $tit . $filter . ' ORDER BY created desc) a WHERE ' . $tit . $filter; } // execute the SQL query //get DB intstance $dbi->setQuery($query); $rows = $dbi->loadAssocList(); // if we have results, loop through them and add them to the output if ($rows) { foreach ($rows as $row) { //$output .= '<name>' . '<![CDATA[' . htmlentities($row[$tit], ENT_QUOTES) . ']]>' . '</name>'; $output .= '<name>' . '<![CDATA[' . $row[$tit] . ']]>' . '</name>'; $output .= '<pid>' . $row[$id] . '</pid>'; $output .= '<link>' . '<![CDATA[' . $row[$link] . ']]>' . '</link>'; } } // add debug information // $output .= '<query>' . $query . '</query>'; $output .= '<error>' . $dbi->getErrorMsg() . '</error>'; // add the final closing tag $output .= '</response>'; // return the results return $output; }
$no_html = strtolower(trim(mosGetParam($_REQUEST, 'no_html', ''))); if ($option == 'logout') { require 'logout.php'; exit; } // restore some session variables $my = new mosUser($database); $my->id = mosGetParam($_SESSION, 'session_user_id', ''); $my->username = mosGetParam($_SESSION, 'session_username', ''); $my->usertype = mosGetParam($_SESSION, 'session_usertype', ''); $my->gid = mosGetParam($_SESSION, 'session_gid', ''); $session_id = mosGetParam($_SESSION, 'session_id', ''); $logintime = mosGetParam($_SESSION, 'session_logintime', ''); // check against db record of session if ($session_id == md5($my->id . $my->username . $my->usertype . $logintime)) { $database->setQuery("SELECT * FROM #__session" . "\nWHERE session_id='{$session_id}'"); if (!($result = $database->query())) { echo $database->stderr(); } if ($database->getNumRows($result) != 1) { echo "<script>document.location.href='index.php'</script>\n"; exit; } } else { echo "<script>document.location.href='index.php'</script>\n"; exit; } // update session timestamp $current_time = time(); $database->setQuery("UPDATE #__session SET time='{$current_time}'" . "\nWHERE session_id='{$session_id}'"); $database->query();
/** * Sets the SQL query string for later execution. * * This function replaces a string identifier $prefix with the * string held is the $this->getPrefix() class variable. * * @param string $sql The SQL query (casted to (string) ) * @param int $offset The offset to start selection * @param int $limit The number of results to return * @param string $prefix The common table prefix search for replacement string */ function setQuery($sql, $offset = 0, $limit = 0, $prefix = '#__') { $sql = (string) $sql; if (in_array(checkJversion('product'), array('Mambo', 'Elxis', 'MiaCMS'))) { if ($offset || $limit) { $sql .= " LIMIT "; if ($offset) { $sql .= (int) abs($offset) . ', '; } $sql .= (int) abs($limit); } $this->_db->setQuery($sql, $prefix); } else { $this->_db->setQuery($sql, (int) abs($offset), (int) abs($limit), $prefix); } }
/** * @version $Id: pollwindow.php,v 1.1 2004/09/27 08:04:38 dappa Exp $ * @package Mambo_4.5.1 * @copyright (C) 2000 - 2004 Miro International Pty Ltd * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL * Mambo is Free Software */ /** Set flag that this is a parent file */ define("_VALID_MOS", 1); require_once "../includes/auth.php"; $database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix); $database->debug($mosConfig_debug); $pollid = mosGetParam($_REQUEST, 'pollid', 0); $css = mosGetParam($_REQUEST, 't', ''); $database->setQuery("SELECT title FROM #__polls WHERE id='{$pollid}'"); $title = $database->loadResult(); $database->setQuery("SELECT text FROM #__poll_data WHERE pollid='{$pollid}' order by id"); $options = $database->loadResultArray(); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title><?php echo $adminLanguage->A_TITLE_PPRE; ?> </title> <link rel="stylesheet" href="../../templates/<?php echo $css; ?> /css/template_css.css" type="text/css">
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix); $database->debug($mosConfig_debug); $acl = new gacl_api(); $option = mosGetParam($_REQUEST, 'option', null); // mainframe is an API workhorse, lots of 'core' interaction routines $mainframe = new mosMainFrame($database, $option, '..', true); if (isset($_POST['submit'])) { /** escape and trim to minimise injection of malicious sql */ $usrname = $database->getEscaped(trim(mosGetParam($_POST, 'usrname', ''))); $pass = $database->getEscaped(trim(mosGetParam($_POST, 'pass', ''))); if (!$pass) { echo "<script>alert('" . $adminLanguage->A_ALERT_ENTER_PASSWORD . "'); document.location.href='index.php';</script>\n"; } else { $pass = md5($pass); } $database->setQuery("SELECT COUNT(*)" . "\nFROM #__users" . "\nWHERE (usertype='administrator' OR usertype='superadministrator')"); $count = intval($database->loadResult()); if ($count < 1) { echo "<script>alert(\"" . _LOGIN_NOADMINS . "\"); window.history.go(-1); </script>\n"; exit; } $database->setQuery("SELECT * FROM #__users WHERE username='******' AND block='0'"); $my = null; $database->loadObject($my); /** find the user group (or groups in the future) */ $grp = $acl->getAroGroup($my->id); $my->gid = $grp->group_id; $my->usertype = $grp->name; if ($my->id) { if (strcmp($my->password, $pass) || !$acl->acl_check('administration', 'login', 'users', $my->usertype)) { echo "<script>alert('" . $adminLanguage->A_ALERT_INCORRECT . "'); document.location.href='index.php';</script>\n";
/** * @version $Id: modulewindow.php,v 1.2 2004/10/11 03:36:33 dappa Exp $ * @package Mambo_4.5.1 * @copyright (C) 2000 - 2004 Miro International Pty Ltd * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL * Mambo is Free Software */ /** Set flag that this is a parent file */ define("_VALID_MOS", 1); require_once '../includes/auth.php'; include_once $mosConfig_absolute_path . '/language/' . $mosConfig_lang . '.php'; $database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix); $database->debug($mosConfig_debug); $title = mosGetParam($_REQUEST, 'title', 0); $css = mosGetParam($_REQUEST, 't', ''); $database->setQuery("SELECT * FROM #__modules WHERE title='{$title}'"); $row = null; $database->loadObject($row); $pat = "src=images"; $replace = "src=../../images"; $pat2 = "\\\\'"; $replace2 = "'"; $content = eregi_replace($pat, $replace, $row->content); $content = eregi_replace($pat2, $replace2, $row->content); $title = eregi_replace($pat2, $replace2, $row->title); $iso = split('=', _ISO); // xml prolog echo '<?xml version="1.0" encoding="' . $iso[1] . '"?' . '>'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
/** * Tests connection to a MySQL database using the provided settings * * @param string $host MySQL server's hostname * @param string $port MySQL server's port * @param string $user MySQL server's username * @param string $pass MySQL server's password * @param string $database MySQL database * @return boolean|string True on success, error description on failure */ function testConnection($host, $port, $user, $pass, $database) { $host = $host . ($port != '' ? ":{$port}" : ''); if (!defined('_JEXEC')) { $database = new database($host, $user, $pass, $database, '', false); // A dummy SQL statement which shouldn't fail $sql = 'SHOW TABLES'; $database->setQuery($sql); $database->query(); // If the query failed, I guess we're not connected to the database if ($database->getErrorNum() != 0) { return false; } } else { jimport('joomla.database.database'); jimport('joomla.database.table'); $conf =& JFactory::getConfig(); $driver = $conf->getValue('config.dbtype'); $options = array('driver' => $driver, 'host' => $host, 'user' => $user, 'password' => $pass, 'database' => $database, 'prefix' => ''); $database =& JDatabase::getInstance($options); if (JError::isError($database)) { return false; } if ($database->getErrorNum() > 0) { return false; } } return true; }
function getSuggestions($keyword) { //get DB if (defined('_JEXEC')) { $dbi = JDatabase::getInstance(array('driver' => DB_DRIVER, 'host' => DB_HOST, 'user' => DB_USER, 'password' => DB_PASSWORD, 'database' => DB_DATABASE, 'prefix' => DB_PREFIX)); } else { $dbi = new database(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE, DB_PREFIX, DB_OFFLINE); } // escape the keyword string if (get_magic_quotes_gpc()) { //Addded by AW $keyword = stripslashes($keyword); } $keyword = $dbi->getEscaped($keyword); //$patterns = array('/\s+/', '/"+/', '/%+/'); //$replace = array(''); //$keyword = preg_replace($patterns, $replace, $keyword); //set SQL BIG SELECT option to ensure it is set to true $dbi->setQuery("SET OPTION SQL_BIG_SELECTS=1"); $dbi->query(); // build the SQL query that gets the matching functions from the database $tit = "title"; $id = "id"; $link = "link"; // execute the SQL query $output = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'; $output .= '<response>'; $filter = '=""'; if ($keyword != '') { $filter = ' LIKE "' . $keyword . '%"'; } // if the keyword is empty build a SQL query that will return no results $query = ''; if (defined('_JEXEC')) { $query = 'SELECT ' . $tit . ',' . $link . ',' . $id . ' FROM (SELECT c.' . $tit . ' ,m.' . $link . ',m.id,c.created FROM #__content c JOIN ( SELECT ' . $link . ',' . $id . ' FROM #__menu WHERE ' . $link . ' like "index.php?option=com_content&view=article&id=%" AND published = 1 ) as m on m.' . $link . ' = concat("index.php?option=com_content&view=article&id=",c.' . $id . ') WHERE c.' . $tit . $filter . ' UNION SELECT i.' . $tit . ' as title,concat(concat(concat("index.php?option=com_content&view=article&catid=",c.' . $id . '),"&id="),cast(i.' . $id . ' as char(11))) as link, mc.' . $id . ' as id,i.created FROM #__content AS i JOIN #__categories AS c ON i.catid = c.' . $id . ' JOIN #__menu AS mc ON mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ') OR mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ') WHERE mc.published=1 AND i.' . $tit . $filter . ' UNION select i.' . $tit . ',concat(concat(concat("index.php?option=com_content&view=article&catid=",c.' . $id . '),"&id="),cast(i.' . $id . ' as char(11))) as link, 0 as id,i.created FROM #__content i LEFT join #__menu m on m.link = concat("index.php?option=com_content&view=article&id=",i.' . $id . ') JOIN #__categories AS c ON i.catid = c.' . $id . ' LEFT JOIN #__menu AS mc ON mc.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ') OR mc.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ') WHERE m.' . $id . ' is null AND mc.' . $id . ' is null AND state = 1 AND i.' . $tit . $filter . ' UNION SELECT c.' . $tit . ',m.link,m.id,"0000-00-00 00:00:00" as created FROM #__menu AS m JOIN #__categories AS c ON m.' . $link . ' = concat("index.php?option=com_content&view=category&layout=blog&id=",c.' . $id . ') OR m.' . $link . ' = concat("index.php?option=com_content&view=category&id=",c.' . $id . ') WHERE m.published = 1 AND m.parent_id = 1 AND c.' . $tit . $filter . ' UNION SELECT c.title,concat("index.php?option=com_content&view=categories&id=",cast(c.' . $id . ' as char(11))) as link,0 as id,"0000-00-00 00:00:00" as created FROM #__categories AS c JOIN #__menu AS m ON m.' . $link . ' = concat("index.php?option=com_content&view=categories&id=",c.' . $id . ') WHERE m.published = 1 AND c.' . $tit . $filter . ' ORDER BY created desc) a WHERE ' . $tit . $filter; } // execute the SQL query //get DB intstance $dbi->setQuery($query); $rows = $dbi->loadAssocList(); // if we have results, loop through them and add them to the output if ($rows) { foreach ($rows as $row) { //$output .= '<name>' . '<![CDATA[' . htmlentities($row[$tit], ENT_QUOTES) . ']]>' . '</name>'; $output .= '<name>' . '<![CDATA[' . $row[$tit] . ']]>' . '</name>'; $output .= '<pid>' . $row[$id] . '</pid>'; $output .= '<link>' . '<![CDATA[' . $row[$link] . ']]>' . '</link>'; } } // add debug information // $output .= '<query>' . $query . '</query>'; $output .= '<error>' . $dbi->getErrorMsg() . '</error>'; // add the final closing tag $output .= '</response>'; // return the results return $output; }
#$appapikey = 'd8520a0693d090e98286086ffd49f76a'; #$appsecret = '681174282fd1e16189127346e7764726'; #$facebook = new Facebook($appapikey, $appsecret); #$uid = $facebook->require_login(); // get session require_once $CONFIG['dir']->includes . '/session.php'; // get database object require_once $CONFIG['dir']->includes . '/database.php'; $database = new database($CONFIG['db']->host, $CONFIG['db']->user, $CONFIG['db']->pass, $CONFIG['db']->name, null); //$database->debug( $CONFIG['site']->debug ); // check if user is logging in if ($_REQUEST['login']) { // check username and password $user = new stdClass(); $sql = "SELECT *\n\t\t\tFROM Users\n\t\t\tWHERE username='******'username'] . "'\n\t\t\t\tAND password='******'password'] . "'"; $database->setQuery($sql); if ($database->loadObject($user)) { // successful login $GLOBALS['user'] = $user; // get preferences $GLOBALS['preferences']->regions = textarea_to_array($user->regions); $GLOBALS['preferences']->sites = textarea_to_array($user->sites); setSessionVar('uname', $user->username); } else { $err = 'Login failed. Please try again.'; } } else { if (isset($_REQUEST['logout'])) { // logout user unset($GLOBALS['user']); unset($GLOBALS['preferences']);
require_once $mosConfig_absolute_path . '/includes/gacl.class.php'; require_once $mosConfig_absolute_path . '/includes/gacl_api.class.php'; $database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix); $acl = new gacl_api(); if (isset($_REQUEST['uid'])) { $uid = intval(trim($_REQUEST['uid'])); } else { if (isset($_REQUEST['dnd_uid'])) { $uid = intval(trim($_REQUEST['dnd_uid'])); } else { $uid = '0'; } } $my = $mainframe->getUser(); session_start(); $database->setQuery("SELECT id, gid, username, usertype FROM #__users WHERE id={$uid}"); $row = null; if ($database->loadObject($row)) { // fudge the group stuff $grp = $acl->getAroGroup($row->id); $row->gid = 1; if ($acl->is_group_child_of($grp->name, 'Registered', 'ARO') || $acl->is_group_child_of($grp->name, 'Public Backend', 'ARO')) { // fudge Authors, Editors, Publishers and Super Administrators into the Special Group $row->gid = 2; } $row->usertype = $grp->name; $my->id = intval($row->id); $my->username = $row->username; $my->usertype = $row->usertype; $my->gid = intval($row->gid); }
if (file_exists('installation/index.php')) { include 'offline.php'; exit; } /** retrieve some expected url (or form) arguments */ $option = trim(strtolower(mosGetParam($_REQUEST, 'option'))); //µÃµ½$option=$_REQUEST['option']; $Itemid = intval(mosGetParam($_REQUEST, 'Itemid', null)); //µÃµ½$Itemid=$_REQUEST['Itemid']; $database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix); $database->debug($mosConfig_debug); $acl = new gacl_api(); if ($option == '') { if ($Itemid) { $query = "SELECT id, link" . "\n FROM #__menu" . "\n WHERE menutype='mainmenu'" . "\n AND id = '{$Itemid}'" . "\n AND published = '1'"; $database->setQuery($query); //Ìæ»»µô#__; } else { $query = "SELECT id, link" . "\n FROM #__menu" . "\n WHERE menutype='mainmenu' AND published='1'" . "\n ORDER BY parent, ordering LIMIT 1"; $database->setQuery($query); //Ìæ»»µô#__; } $menu = new mosMenu($database); if ($database->loadObject($menu)) { $Itemid = $menu->id; } $link = $menu->link; if (($pos = strpos($link, '?')) !== false) { $link = substr($link, $pos + 1) . '&Itemid=' . $Itemid; } parse_str($link, $temp);
/** * Return an instance of JDatabase * * @return JDatabase */ function _getDB() { if ($this->_isJoomla) { // Core Joomla! database, get the existing instance $db = JoomlapackAbstraction::getDatabase(); return $db; } else { // We have to connect ourselves if (defined('_JEXEC')) { // Joomla! 1.5.x jimport('joomla.database.database'); jimport('joomla.database.table'); $conf =& JFactory::getConfig(); $host = $this->_host . ($this->_port != '' ? ':' . $this->_port : ''); $user = $this->_username; $password = $this->_password; $database = $this->_database; $prefix = ''; $driver = $conf->getValue('config.dbtype'); $debug = $conf->getValue('config.debug'); $options = array('driver' => $driver, 'host' => $host, 'user' => $user, 'password' => $password, 'database' => $database, 'prefix' => $prefix); $db =& JDatabase::getInstance($options); if (JError::isError($db)) { $this->_errorMessage = "JoomlapackDumperDefault :: Database Error:" . $db->toString(); $this->_isError = true; $this->setError($this->_errorMessage); return false; } if ($db->getErrorNum() > 0) { $this->_errorMessage = 'JDatabase::getInstance: Could not connect to database <br/>' . 'joomla.library:' . $db->getErrorNum() . ' - ' . $db->getErrorMsg(); $this->_isError = true; $this->setError($this->_errorMessage); return false; } $db->debug($debug); return $db; } else { // Joomla! 1.0.x $host = $this->_host . ($this->_port != '' ? ':' . $this->_port : ''); $user = $this->_username; $password = $this->_password; $database = $this->_database; $prefix = ''; $db = new database($host, $user, $password, $database, $prefix, false); // A dummy SQL statement which shouldn't fail $sql = 'SHOW TABLES'; $db->setQuery($sql); $db->query(); // If the query failed, I guess we're not connected to the database if ($db->getErrorNum() > 0) { $this->_errorMessage = 'database(): Could not connect to database <br/>' . 'joomla.library:' . $db->getErrorNum() . ' - ' . $db->getErrorMsg(); $this->_isError = true; $this->setError($this->_errorMessage); return false; } return $db; } } }