/**
* Helper function: Clean up any leftover files on failed re-authentication
* When re-authentication fails, we need to clean up any files that may have
* been rescued during the original POST request with the expired token. Note
* that the uploaded files are now in the site's 'data' directory.
*
* @param mixed $files original or recreated $_FILES array
* @return void
* @access private
*/
function SECINT_cleanupFiles($files)
{
global $_CONF;
// first, some sanity checks
if (!is_array($files)) {
if (empty($files)) {
return;
// nothing to do
} else {
$files = @unserialize($files);
}
}
if (!is_array($files) || empty($files)) {
return;
// bogus
}
foreach ($files as $key => $value) {
if (!empty($value['tmp_name'])) {
// ignore path - file is in $_CONF['path_data']
$filename = COM_sanitizeFilename(basename($value['tmp_name']), true);
$orphan = $_CONF['path_data'] . $filename;
if (file_exists($orphan)) {
if (!@unlink($orphan)) {
COM_errorLog("SECINT_cleanupFile: Unable to remove file {$filename} from 'data' directory");
}
}
}
}
}
function DBADMIN_backupTableAjax()
{
global $_VARS;
if (!COM_isAjax()) {
die;
}
$retval = array();
if (!isset($_VARS['_dbback_allstructs'])) {
$_VARS['_dbback_allstructs'] = 0;
}
$filename = '';
if (isset($_POST['backup_filename'])) {
$filename = $_POST['backup_filename'];
$filename = COM_sanitizeFilename($filename, true);
}
$table = COM_applyFilter($_POST['table']);
if (isset($_POST['start'])) {
$start = COM_applyFilter($_POST['start'], true);
} else {
$start = 0;
}
$backup = new dbBackup();
$backup->setBackupFilename($filename);
list($rc, $sessionCounter, $recordCounter) = $backup->backupTable($table, $_VARS['_dbback_allstructs'], $start);
switch ($rc) {
case 1:
$retval['errorCode'] = 2;
$retval['startrecord'] = $recordCounter;
$retval['processed'] = $sessionCounter;
$return["json"] = json_encode($retval);
echo json_encode($return);
exit;
case -2:
// serious error
$retval['errorCode'] = 3;
$return["json"] = json_encode($retval);
echo json_encode($return);
exit;
default:
$retval['errorCode'] = 0;
$retval['processed'] = $sessionCounter;
$return["json"] = json_encode($retval);
echo json_encode($return);
exit;
}
exit;
}
function CACHE_instance_filename($iid, $bypass_lang = false)
{
global $TEMPLATE_OPTIONS, $_CONF;
$path_cache = $TEMPLATE_OPTIONS['path_cache'];
if (!$bypass_lang && $TEMPLATE_OPTIONS['cache_by_language']) {
$path_cache .= $_CONF['language'] . '/';
}
$iid = COM_sanitizeFilename($iid, true);
$filename = $path_cache . 'instance__' . $iid . '.php';
return $filename;
}
require_once $_CONF['path_system'] . 'lib-admin.php';
if (!SEC_inGroup('Root')) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the log viewer screen.");
COM_output($display);
exit;
}
if (isset($_GET['log'])) {
$log = COM_applyFilter($_GET['log']);
} elseif (isset($_POST['log'])) {
$log = COM_applyFilter($_POST['log']);
} else {
$log = '';
}
$log = COM_sanitizeFilename($log, true);
if (empty($log)) {
$log = 'error.log';
}
$display = '';
$menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$display = COM_startBlock($LANG_LOGVIEW['log_viewer'], '', COM_getBlockTemplate('_admin_block', 'header')) . ADMIN_createMenu($menu_arr, $LANG_LOGVIEW['info'], $_CONF['layout_url'] . '/images/icons/log_viewer.' . $_IMAGE_TYPE);
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/logviewer.php" class="uk-form"><div>' . $LANG_LOGVIEW['logs'] . ': ' . '<select name="log">';
foreach (glob($_CONF['path_log'] . '*.log') as $file) {
$file = basename($file);
$display .= '<option value="' . $file . '"';
if ($log === $file) {
$display .= ' selected="selected"';
}
$display .= '>' . $file . '</option>';
}
/**
* Determine current language
*
* @return string name of the language file (minus the '.php' extension)
*
*/
function COM_getLanguage()
{
global $_CONF, $_USER;
$langfile = '';
if (!empty($_USER['language'])) {
$langfile = $_USER['language'];
} elseif (!empty($_COOKIE[$_CONF['cookie_language']])) {
$langfile = $_COOKIE[$_CONF['cookie_language']];
} elseif (isset($_CONF['languages'])) {
$langfile = COM_getLanguageFromBrowser();
}
$langfile = COM_sanitizeFilename($langfile);
if (!empty($langfile)) {
if (is_file($_CONF['path_language'] . $langfile . '.php')) {
return $langfile;
}
}
// if all else fails, return the default language
return $_CONF['language'];
}
/**
* Prepare and perform plugin auto install
*
* @param string $plugin Plugin name (internal name, i.e. directory name)
* @return boolean true on success, false otherwise
*
*/
function plugin_autoinstall($plugin)
{
global $_CONF, $LANG32;
$plugin = COM_applyFilter($plugin);
$plugin = COM_sanitizeFilename($plugin);
$autoinstall = $_CONF['path'] . 'plugins/' . $plugin . '/autoinstall.php';
if (empty($plugin) || !file_exists($autoinstall)) {
COM_errorLog('autoinstall.php not found', 1);
return false;
}
require_once $autoinstall;
$check_compatible = 'plugin_compatible_with_this_version_' . $plugin;
if (function_exists($check_compatible)) {
if (!$check_compatible($plugin)) {
COM_errorLog($LANG32[9]);
return false;
}
}
$auto_install = 'plugin_autoinstall_' . $plugin;
if (!function_exists($auto_install)) {
COM_errorLog("Function '{$auto_install}' not found", 1);
return false;
}
$inst_parms = $auto_install($plugin);
if ($inst_parms === false || empty($inst_parms)) {
COM_errorLog('No install parameters', 1);
return false;
}
return plugin_do_autoinstall($plugin, $inst_parms);
}
/**
* Check to see if we can authenticate this user with a remote server
*
* A user has not managed to login localy, but has an @ in their user
* name and we have enabled distributed authentication. Firstly, try to
* see if we have cached the module that we used to authenticate them
* when they signed up (i.e. they've actualy changed their password
* elsewhere and we need to synch.) If not, then try to authenticate
* them with /every/ authentication module. If this suceeds, create
* a user for them.
*
* @param string $loginname Their username
* @param string $passwd The password entered
* @param string $server The server portion of $username
* @param string $uid OUTPUT parameter, pass it by ref to get uid back.
* @return int user status, -1 for fail.
*/
function SEC_remoteAuthentication(&$loginname, $passwd, $service, &$uid)
{
global $_CONF, $_TABLES;
/* First try a local cached login */
$remoteusername = addslashes($loginname);
$remoteservice = addslashes($service);
$result = DB_query("SELECT passwd, status, uid FROM {$_TABLES['users']} WHERE remoteusername='******' AND remoteservice='{$remoteservice}'");
$tmp = DB_error();
$nrows = DB_numRows($result);
if ($tmp == 0 && $nrows == 1) {
$U = DB_fetchArray($result);
$uid = $U['uid'];
$mypass = $U['passwd'];
// also used to see if the user existed later.
if ($mypass == SEC_encryptPassword($passwd)) {
/* Valid password for cached user, return status */
return $U['status'];
}
}
$service = COM_sanitizeFilename($service);
$servicefile = $_CONF['path_system'] . 'classes/authentication/' . $service . '.auth.class.php';
if (file_exists($servicefile)) {
require_once $servicefile;
$authmodule = new $service();
if ($authmodule->authenticate($loginname, $passwd)) {
/* check to see if they have logged in before: */
if (empty($mypass)) {
// no such user, create them
// Check to see if their remoteusername is unique locally
$checkName = DB_getItem($_TABLES['users'], 'username', "username='******'");
if (!empty($checkName)) {
// no, call custom function.
if (function_exists('CUSTOM_uniqueRemoteUsername')) {
$loginname = CUSTOM_uniqueRemoteUsername($loginname, $service);
}
}
USER_createAccount($loginname, $authmodule->email, SEC_encryptPassword($passwd), $authmodule->fullname, $authmodule->homepage, $remoteusername, $remoteservice);
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$remoteservice}'");
// Store full remote account name:
DB_query("UPDATE {$_TABLES['users']} SET remoteusername='******', remoteservice='{$remoteservice}', status=3 WHERE uid='{$uid}'");
// Add to remote users:
$remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Remote Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$remote_grp}, {$uid})");
return 3;
// Remote auth precludes usersubmission,
// and integrates user activation, see?
} else {
// user existed, update local password:
DB_change($_TABLES['users'], 'passwd', SEC_encryptPassword($passwd), array('remoteusername', 'remoteservice'), array($remoteusername, $remoteservice));
// and return their status
return DB_getItem($_TABLES['users'], 'status', "remoteusername='******' AND remoteservice='{$remoteservice}'");
}
} else {
return -1;
}
} else {
return -1;
}
}
$display .= '<p>' . $LANG_PLUGINS[20] . '</p>' . LB . '<form action="install-plugins.php" method="POST">' . LB . '<input type="submit" class="button big-button" name="refresh" value="' . $LANG_PLUGINS[19] . '"' . XHTML . '>' . LB . '</form></p>' . LB;
}
break;
/**
* Step 2 - Install the selected plugins
*/
/**
* Step 2 - Install the selected plugins
*/
case 2:
$error = 0;
foreach ($_POST['plugins'] as $plugin) {
// If the plugin was selected to be installed
if (isset($plugin['install']) && $plugin['install'] == 'on') {
$pi_name = COM_applyFilter($plugin['name']);
$pi_name = COM_sanitizeFilename($pi_name);
$plugin_inst = $_CONF['path'] . 'plugins/' . $pi_name . '/autoinstall.php';
if (file_exists($plugin_inst)) {
require_once $plugin_inst;
$check_compatible = 'plugin_compatible_with_this_version_' . $pi_name;
if (function_exists($check_compatible)) {
if (!$check_compatible($pi_name)) {
continue;
// with next plugin
}
}
$auto_install = 'plugin_autoinstall_' . $pi_name;
if (!function_exists($auto_install)) {
continue;
// with next plugin
}
$expected = array('edit', 'pedit', 'save', 'psave', 'delete', 'list', 'cancel');
foreach ($expected as $provided) {
if (isset($_POST[$provided])) {
$action = $provided;
} elseif (isset($_GET[$provided])) {
$action = $provided;
}
}
// parse parameter(s) we're likely going to use
$tag = '';
if (isset($_POST['tag'])) {
$tag = COM_applyFilter($_POST['tag']);
} elseif (isset($_GET['tag'])) {
$tag = COM_applyFilter($_GET['tag']);
}
$tag = COM_sanitizeFilename($tag);
if (isset($_POST['tagenabler']) && SEC_checkToken()) {
$enabledtags = array();
if (isset($_POST['enabledtags'])) {
$enabledtags = $_POST['enabledtags'];
}
$tagarray = array();
if (isset($_POST['tagarray'])) {
$tagarray = $_POST['tagarray'];
}
AT_toggleStatus($enabledtags, $tagarray);
$action = 'list';
}
$autotag_id = 0;
if (isset($_POST['autotag_id'])) {
$autotag_id = COM_applyFilter($_POST['autotag_id']);
if ($filename == '') {
$value = '';
}
$_FILES[$fkey]['_data_dir'][$offset] = true;
}
$_FILES[$fkey][$key][$offset] = $value;
if (!isset($_FILES[$fkey]['tmp_name']) || !isset($_FILES[$fkey]['tmp_name'][$offset]) || !file_exists($_FILES[$fkey]['tmp_name'][$offset])) {
$_FILES[$fkey]['tmp_name'][$offset] = '';
$_FILES[$fkey]['error'][$offset] = 4;
}
}
}
} else {
foreach ($file as $key => $value) {
if ($key == 'tmp_name') {
$filename = COM_sanitizeFilename(basename($value), true);
$value = $_CONF['path_data'] . 'temp/' . $filename;
if ($filename == '') {
$value = '';
}
// set _data_dir attribute to key upload class to not use move_uploaded_file()
$_FILES[$fkey]['_data_dir'] = true;
}
$_FILES[$fkey][$key] = $value;
}
if (!file_exists($_FILES[$fkey]['tmp_name'])) {
$_FILES[$fkey]['tmp_name'] = '';
$_FILES[$fkey]['error'] = 4;
}
}
}
/**
* Save the current values to the database.
*
* @param array $A Optional array of values from $_POST
* @return boolean True if no errors, False otherwise
*/
public function Save($A = array())
{
global $_TABLES, $_PP_CONF;
if (is_array($A)) {
$this->SetVars($A);
}
// Handle image uploads.
// We don't want to delete the existing image if one isn't
// uploaded, we should leave it unchanged. So we'll first
// retrieve the existing image filename, if any.
if (!$this->isNew) {
$img_filename = DB_getItem($_TABLES['paypal.categories'], 'image', "cat_id='" . $this->cat_id . "'");
} else {
// New entry, assume no image
$img_filename = '';
}
if (is_uploaded_file($_FILES['imagefile']['tmp_name'])) {
$img_filename = rand(100, 999) . "_" . COM_sanitizeFilename($_FILES['imagefile']['name'], true);
$status = IMG_resizeImage($_FILES['imagefile']['tmp_name'], $_PP_CONF['catimgpath'] . "/{$img_filename}", $_PP_CONF['max_thumb_size'], $_PP_CONF['max_thumb_size'], '', true);
if ($status[0] == false) {
$this->AddError('Error Moving Image');
} else {
// If a new image was uploaded, and this is an existing
// category, then delete the old image file, if any.
// The DB still has the old filename at this point.
if (!$this->isNew) {
$this->DeleteImage(false);
}
}
}
$this->image = $img_filename;
// Insert or update the record, as appropriate, as long as a
// previous error didn't occur.
if (empty($this->Errors)) {
if ($this->isNew) {
$sql1 = "INSERT INTO {$_TABLES['paypal.categories']} SET ";
$sql3 = '';
} else {
$sql1 = "UPDATE {$_TABLES['paypal.categories']} SET ";
$sql3 = " WHERE cat_id='{$this->cat_id}'";
}
$sql2 = "parent_id='" . $this->parent_id . "',\n cat_name='" . DB_escapeString($this->cat_name) . "',\n description='" . DB_escapeString($this->description) . "',\n enabled='{$this->enabled}',\n grp_access ='{$this->grp_access}',\n image='" . DB_escapeString($this->image) . "'";
$sql = $sql1 . $sql2 . $sql3;
DB_query($sql);
if (!DB_error()) {
if ($this->isNew) {
$this->cat_id = DB_insertID();
}
} else {
$this->AddError('Failed to insert or update record');
}
}
if (empty($this->Errors)) {
return true;
} else {
return false;
}
}
/**
* Save feed.
*
* @param array $A
* @return string HTML redirect on success or feed editor + error message
*
*/
function savefeed($A)
{
global $_CONF, $_TABLES, $LANG33;
foreach ($A as $name => $value) {
$A[$name] = COM_stripslashes($value);
}
if (isset($A['is_enabled']) && $A['is_enabled'] == 'on') {
$A['is_enabled'] = 1;
} else {
$A['is_enabled'] = 0;
}
// Make sure correct format returned and correct file extenstion
$A['filename'] = COM_sanitizeFilename($A['filename'], true);
$file_parts = pathinfo($A['filename']);
$A['filename'] = '';
// Clear out filename. If it doesn't get recreated then we know there is an error
if (!empty($file_parts['filename'])) {
$formats = find_feedFormats();
foreach ($formats as $f) {
if ($A['format'] == $f['name'] . '-' . $f['version']) {
switch ($f['name']) {
case 'Atom':
if (!in_array(@$file_parts['extension'], array('atm', 'xml'))) {
$file_parts['extension'] = 'xml';
}
$A['filename'] = $file_parts['filename'] . '.' . $file_parts['extension'];
break;
case 'RSS':
if (!in_array(@$file_parts['extension'], array('rss', 'xml'))) {
$file_parts['extension'] = 'rss';
}
$A['filename'] = $file_parts['filename'] . '.' . $file_parts['extension'];
break;
case 'RDF':
$A['filename'] = $file_parts['filename'] . '.rdf';
break;
}
}
}
}
if (empty($A['title']) || empty($A['description']) || empty($A['filename'])) {
$retval = COM_showMessageText($LANG33[39], $LANG33[38]) . editfeed($A['fid'], $A['type']);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG33[38]));
return $retval;
}
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['syndication']} WHERE filename = '{$A['filename']}' AND (fid <> '{$A['fid']}')");
$C = DB_fetchArray($result);
if ($C['count'] > 0) {
$retval = COM_showMessageText($LANG33[51], $LANG33[52]) . editfeed($A['fid'], $A['type']);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG33[52]));
return $retval;
}
if ($A['limits'] <= 0) {
$retval = COM_showMessageText($LANG33[40], $LANG33[38]) . editfeed($A['fid'], $A['type']);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG33[38]));
return $retval;
}
if ($A['limits_in'] == 1) {
$A['limits'] .= 'h';
}
// we can compensate if these are missing ...
if (!empty($A['charset'])) {
$A['charset'] = preg_replace('/[^0-9a-zA-Z_\\-]/', '', $A['charset']);
}
if (empty($A['charset'])) {
$A['charset'] = $_CONF['default_charset'];
if (empty($A['charset'])) {
$A['charset'] = 'UTF-8';
}
}
if (!empty($A['language'])) {
$A['language'] = preg_replace('/[^0-9a-zA-Z_\\.\\-]/', '', $A['language']);
}
if (empty($A['language'])) {
$A['language'] = $_CONF['rdf_language'];
if (empty($A['language'])) {
$A['language'] = $_CONF['locale'];
}
}
if (!empty($A['content_length'])) {
$A['content_length'] = intval($A['content_length'], 10);
}
if (empty($A['content_length']) || $A['content_length'] < 0) {
$A['content_length'] = 0;
}
foreach ($A as $name => $value) {
$A[$name] = DB_escapeString($value);
}
DB_save($_TABLES['syndication'], 'fid,type,topic,header_tid,format,limits,content_length,title,description,feedlogo,filename,charset,language,is_enabled,updated,update_info', "{$A['fid']},'{$A['type']}','{$A['topic']}','{$A['header_tid']}','{$A['format']}','{$A['limits']}',{$A['content_length']},'{$A['title']}','{$A['description']}','{$A['feedlogo']}','{$A['filename']}','{$A['charset']}','{$A['language']}',{$A['is_enabled']},'0000-00-00 00:00:00',NULL");
if ($A['fid'] == 0) {
$A['fid'] = DB_insertId();
}
if ($A['is_enabled'] == 1) {
SYND_updateFeed($A['fid']);
} else {
deleteFeedFile($A['filename']);
}
return COM_refresh($_CONF['site_admin_url'] . '/syndication.php?msg=58');
}
// would have preferred rename (i.e. move), but ran into file permission
// problems on www.geeklog.net ...
copy($filename, $filemgmt_FileStore . 'tmp/' . $tmpfilename);
$logourl = '';
DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedetail']} (cid, title, url, homepage, version, size, platform, logourl, submitter, status, date, hits, rating, votes, comments) VALUES ('{$cid}', '{$title}', '{$url}', '{$homepage}', '{$version}', '{$size}', '{$tmpfilename}', '{$logourl}', '{$submitter}', 0, '{$date}', 0, 0, 0, '{$comments}')");
$newid = DB_insertId();
DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '{$description}')");
return true;
}
// MAIN
$display = '';
$nightly = $_CONF['path_html'] . 'nightly/';
if (count($_GET) == 3) {
if (isset($_GET['md5']) && isset($_GET['filename']) && isset($_GET['action'])) {
if ($_GET['action'] == 'geeklog_release') {
$filename = COM_sanitizeFilename($_GET['filename'], true);
if (!empty($filename)) {
if (substr($filename, 0, strlen('geeklog')) == 'geeklog') {
$filename = $nightly . $filename;
if (file_exists($filename)) {
$md5 = md5_file($filename);
if ($md5 == $_GET['md5']) {
COM_errorLog("Accepting submission of {$filename}");
} else {
unset($filename);
unset($md5);
}
} else {
unset($filename);
}
} else {
* @author Tony Bibbs, tony AT tonybibbs DOT com
*
*/
require_once 'lib-common.php';
require_once $_CONF['path_system'] . 'classes/downloader.class.php';
$downloader = new downloader();
$downloader->setLogFile($_CONF['path_log'] . 'error.log');
$downloader->setLogging(true);
$downloader->setAllowedExtensions(array('gif' => 'image/gif', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'png' => 'image/png', 'png' => 'image/x-png'));
$mode = '';
if (isset($_GET['mode'])) {
$mode = $_GET['mode'];
}
$image = '';
if (isset($_GET['image'])) {
$image = COM_sanitizeFilename(COM_applyFilter($_GET['image']));
}
if (strstr($image, '..')) {
// Can you believe this, some jackass tried to relative pathing to access
// files they shouldn't have access to?
COM_accessLog('Someone tried to illegally access files using getimage.php');
exit;
}
// Set the path properly
switch ($mode) {
case 'show':
case 'articles':
$downloader->setPath($_CONF['path_images'] . 'articles/');
break;
case 'topics':
$downloader->setPath($_CONF['path_images'] . 'topics/');
SESS_completeLogin($uid);
$_GROUPS = SEC_getUserGroups($_USER['uid']);
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_SYSTEM['admin_session'] > 0 && $local_login) {
if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
$admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
}
if (!isset($_USER['theme'])) {
$_USER['theme'] = $_CONF['theme'];
$_CONF['path_layout'] = $_CONF['path_themes'] . $_USER['theme'] . '/';
$_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $_USER['theme'];
if ($_CONF['allow_user_themes'] == 1) {
if (isset($_COOKIE[$_CONF['cookie_theme']])) {
$theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true);
if (is_dir($_CONF['path_themes'] . $theme)) {
$_USER['theme'] = $theme;
$_CONF['path_layout'] = $_CONF['path_themes'] . $theme . '/';
$_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $theme;
}
}
}
}
COM_resetSpeedlimit('login');
// we are now fully logged in, let's see if there is someplace we need to go....
if (SESS_isSet('login_referer')) {
$_SERVER['HTTP_REFERER'] = SESS_getVar('login_referer');
SESS_unSet('login_referer');
}
if (!empty($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '/users.php') === false && substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) {
/**
* Delete selected backup files
*
* @return string empty string (nothing to do), or HTML error or success msg
*
*/
function deletebackups()
{
global $_CONF, $LANG_DB_BACKUP;
$retval = '';
$files = 0;
$failed = 0;
foreach ($_POST['delitem'] as $delfile) {
$delfile = basename($delfile);
$file = COM_sanitizeFilename($delfile, true);
if (!empty($file)) {
$files++;
if (!@unlink($_CONF['backup_path'] . $file)) {
COM_errorLog('Unable to remove backup file "' . $file . '"');
$failed++;
}
}
}
if ($files > 0) {
if ($failed > 0) {
$retval .= COM_showMessageText($LANG_DB_BACKUP['delete_failure']);
} else {
$retval .= COM_showMessageText($LANG_DB_BACKUP['delete_success']);
}
}
return $retval;
}
/**
* Get list of install parameters for a plugin (including dependencies)
* For plugins with new install this works like a charm. For the older plugins, not so much.
*
* @param $pi_name string The short name of the plugin
* @return array An array containing the installation parameters of a plugin
*
* @since Geeklog 1.8.0
*
*/
function PLG_getParams($pi_name)
{
global $_CONF, $LANG_ADMIN, $_DB_table_prefix;
$retval = array();
$file = $_CONF['path'] . 'plugins/' . COM_sanitizeFilename($pi_name) . '/autoinstall.php';
if (file_exists($file)) {
// new install system
include_once $file;
$function = 'plugin_autoinstall_' . $pi_name;
if (function_exists($function)) {
$retval = $function($pi_name);
}
} else {
// old install system
$file = $_CONF['path'] . 'plugins/' . COM_sanitizeFilename($pi_name) . '/config.php';
if (file_exists($file)) {
// find out what variables are included by $file
$ar1 = get_defined_vars();
include_once $file;
$ar2 = get_defined_vars();
$ar3 = array();
foreach ($ar2 as $key => $value) {
if (empty($ar1[$key]) && $key != '_TABLES' && $key != 'ar1' && $key != 'retval') {
$ar3[] = $ar2[$key];
}
}
// some of these included variables could be pi_version and pi_gl_version
foreach ($ar3 as $key => $value) {
if (is_array($value)) {
foreach ($value as $rkey => $rvalue) {
switch ($rkey) {
case 'version':
$retval['info']['pi_version'] = $rvalue;
break;
case 'gl_version':
$retval['info']['pi_gl_version'] = $rvalue;
break;
}
}
}
}
}
}
// If we have a geeklog version requirement...
if (!empty($retval['info']['pi_gl_version'])) {
// treat it like a requirement for a plugin and use the "new-style" dependency array
$retval['requires'][] = array('core' => 'geeklog', 'version' => $retval['info']['pi_gl_version']);
} else {
// We need to initialise this index of the array, so we place a string in it.
$retval['info']['pi_gl_version'] = $LANG_ADMIN['na'];
}
// If we don't know the plugin version
if (empty($retval['info']['pi_version'])) {
// We need to initialise this index of the array, so we place a string in it.
$retval['info']['pi_version'] = $LANG_ADMIN['na'];
}
return $retval;
}
$result = DB_Query("SELECT * FROM {$_TABLES['monitor_ban']} WHERE bantype='newuser'", 1);
$nrows = DB_numRows($result);
$content .= "<li>New user {$nrows} IP Adress</li>";
$result = DB_Query("SELECT * FROM {$_TABLES['monitor_ban']} WHERE bantype='profile'", 1);
$nrows = DB_numRows($result);
$content .= "<li>Profile {$nrows} IP Adress</li></ul>";
if (in_array('sphere', $_PLUGINS)) {
$last_run = DB_getItem($_TABLES['vars'], 'value', "name='last_sphere_whatsnew'");
$days_diff = floor((time() - $last_run) / (60 * 60 * 24));
$content .= "<hr><p>Sphere - Last newsletter " . $days_diff . "/{$_SPHERE_CONF['whatsnew_days']} days ago.</p><hr>";
}
//Plugins updates
$token = SEC_createToken();
$pluginToUpdate = '';
if ($action == 'continue_upgrade') {
$content .= MONITOR_continue_upgrade(COM_sanitizeFilename($_GET['plugin_update']), $_GET['piversion'], $_GET['codeversion']);
}
if ($action == 'update_plugin' && in_array($_GET['plugin'], $ready_plugins)) {
$pluginToUpdate = $_GET['plugin'];
}
$msg = MONITOR_plugin_upload($pluginToUpdate);
if ($msg != '') {
$content .= COM_showMessageText($MESSAGE[$msg]);
}
if ($_MONITOR_CONF['repository'] != '') {
$content .= MONITOR_listplugins($token);
}
$content .= '<p>' . $LANG_MONITOR_1['github_limit'] . ' <strong>' . GITHUB_RATELIMIT . '</strong></p>';
break;
}
$T->set_var(array('admin_body' => $content));
/**
* Main driver to handle the uploaded autotag
*
* Determines if a new style (supports automated installer) or
* an old style.
*
* @return string Formatted HTML containing the page body
*
*/
function processAutotagUpload()
{
global $_CONF, $_PLUGINS, $_TABLES, $autotagData, $LANG32, $_DB_dbms, $_DB_table_prefix;
$retval = '';
$upgrade = false;
$errors = '';
if (count($_FILES) > 0 && $_FILES['autotagfile']['error'] != UPLOAD_ERR_NO_FILE) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads(1);
$upload->setMaxFileSize(4194304);
$upload->setAllowedMimeTypes(array('application/x-gzip' => '.gz,.gzip,tgz', 'application/zip' => '.zip'));
$upload->setFieldName('autotagfile');
if (!$upload->setPath($_CONF['path_data'] . 'temp')) {
return _at_errorBox($upload->printErrors(false));
exit;
}
$filename = COM_sanitizeFilename($_FILES['autotagfile']['name'], true);
$upload->setFileNames($filename);
$upload->uploadFiles();
if ($upload->areErrors()) {
return _at_errorBox($upload->printErrors(false));
exit;
}
$Finalfilename = $_CONF['path_data'] . 'temp/' . $filename;
} else {
return _at_errorBox($LANG32[46]);
}
// decompress into temp directory
if (function_exists('set_time_limit')) {
@set_time_limit(60);
}
if (!($tmp = _io_mktmpdir())) {
return _at_errorBox($LANG32[47]);
}
if (!COM_decompress($Finalfilename, $_CONF['path_data'] . $tmp)) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox($LANG32[48]);
}
@unlink($Finalfilename);
// read XML data file, places in $autotagData;
$autotagData = array();
$rc = _at_parseXML($_CONF['path_data'] . $tmp);
if ($rc == -1) {
// no xml file found
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
}
if (!isset($autotagData['id']) || !isset($autotagData['version'])) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
}
// proper glfusion version
if (!COM_checkVersion(GVERSION, $autotagData['glfusionversion'])) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
}
if (!COM_checkVersion(phpversion(), $autotagData['phpversion'])) {
$retval .= sprintf($LANG32[50], $autotagData['phpversion']);
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox(sprintf($LANG32[50], $autotagData['phpversion']));
}
if ($errors != '') {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox($errors);
}
// check to see if an auto tag already exists...
// removed so we can update existing auto tags
/*
$result = DB_query("SELECT * FROM {$_TABLES['autotags']} WHERE tag='".DB_escapeString($autotagData['id'])."'");
if ( DB_numRows($result) > 0 ) {
_pi_deleteDir($_CONF['path_data'].$tmp);
return _at_errorBox(sprintf($LANG32[52],$autotagData['id']));
}
*/
$permError = 0;
$permErrorList = '';
if (function_exists('set_time_limit')) {
@set_time_limit(30);
}
// test copy to proper directories
$autotagData['id'] = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $autotagData['id']);
list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $autotagData['id'] . '/', $_CONF['path_system'] . 'autotags/');
if ($rc > 0) {
$permError = 1;
foreach ($failed as $filename) {
$permErrorList .= sprintf($LANG32[41], $filename);
}
}
if ($permError != 0) {
$errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox($errorMessage);
}
$T = new Template($_CONF['path_layout'] . 'admin/autotag');
$T->set_file('form', 'autotag_upload_confirm.thtml');
$T->set_var(array('form_action_url' => $_CONF['site_admin_url'] . '/autotag_upload.php', 'action' => 'processupload', 'pi_name' => $autotagData['id'], 'pi_version' => $autotagData['version'], 'pi_url' => $autotagData['url'], 'pi_gl_version' => $autotagData['glfusionversion'], 'pi_desc' => $autotagData['description'], 'pi_author' => $autotagData['author'], 'upgrade' => $upgrade, 'temp_dir' => $tmp));
$retval .= $T->parse('output', 'form');
return $retval;
}
function _rebuild_data()
{
global $_CONF;
$method = '';
if (SESS_isSet('glfusion.auth.method')) {
$method = SESS_getVar('glfusion.auth.method');
SESS_unSet('glfusion.auth.method');
}
$postdata = '';
if (SESS_isSet('glfusion.auth.post')) {
$postdata = SESS_getVar('glfusion.auth.post');
SESS_unSet('glfusion.auth.post');
}
$getdata = '';
if (SESS_isSet('glfusion.auth.get')) {
$getdata = SESS_getVar('glfusion.auth.get');
SESS_unSet('glfusion.auth.get');
}
$filedata = '';
if (SESS_isSet('glfusion.auth.file')) {
$filedata = SESS_getVar('glfusion.auth.file');
SESS_unSet('glfusion.auth.file');
$file_array = unserialize($filedata);
}
$filedata = '';
if (empty($_FILES) && isset($file_array) && is_array($file_array)) {
foreach ($file_array as $fkey => $file) {
if (isset($file['name']) && is_array($file['name'])) {
foreach ($file as $key => $data) {
foreach ($data as $offset => $value) {
if ($key == 'tmp_name') {
$filename = COM_sanitizeFilename(basename($value), true);
$value = $_CONF['path_data'] . 'temp/' . $filename;
if ($filename == '') {
$value = '';
}
$_FILES[$fkey]['_data_dir'][$offset] = true;
}
$_FILES[$fkey][$key][$offset] = $value;
if (!isset($_FILES[$fkey]['tmp_name']) || !isset($_FILES[$fkey]['tmp_name'][$offset]) || !file_exists($_FILES[$fkey]['tmp_name'][$offset])) {
$_FILES[$fkey]['tmp_name'][$offset] = '';
$_FILES[$fkey]['error'][$offset] = 4;
}
}
}
} else {
foreach ($file as $key => $value) {
if ($key == 'tmp_name') {
$filename = COM_sanitizeFilename(basename($value), true);
$value = $_CONF['path_data'] . 'temp/' . $filename;
if ($filename == '') {
$value = '';
}
// set _data_dir attribute to key upload class to not use move_uploaded_file()
$_FILES[$fkey]['_data_dir'] = true;
}
$_FILES[$fkey][$key] = $value;
}
if (!file_exists($_FILES[$fkey]['tmp_name'])) {
$_FILES[$fkey]['tmp_name'] = '';
$_FILES[$fkey]['error'] = 4;
}
}
}
}
$_POST = array();
$_GET = array();
$_SERVER['REQUEST_METHOD'] = $method;
$_POST = unserialize($postdata);
$_GET = unserialize($getdata);
// refresh the token (easier to create new one than try to fake referer)
if (@array_key_exists(CSRF_TOKEN, $_POST) || @array_key_exists(CSRF_TOKEN, $_GET)) {
$newToken = SEC_createToken();
$_POST[CSRF_TOKEN] = $newToken;
$_GET[CSRF_TOKEN] = $newToken;
}
if (!isset($_GET) || !is_array($_GET)) {
$_GET = array();
}
if (!isset($_POST) || !is_array($_POST)) {
$_POST = array();
}
$_REQUEST = array_merge($_GET, $_POST);
return;
}
