function generateSubscriptionError($text) { global $modSettings, $notify_users, $smcFunc; // Send an email? if (!empty($modSettings['paid_email'])) { $replacements = array('ERROR' => $text); emailAdmins('paid_subscription_error', $replacements, $notify_users); } // Maybe we can try to give them the post data? if (!empty($_POST)) { foreach ($_POST as $key => $val) { $text .= '<br />' . commonAPI::htmlspecialchars($key) . ': ' . commonAPI::htmlspecialchars($val); } } // Then just log and die. log_error($text); exit; }
<?php include '../include.php'; if (url_action('delete')) { if (!isset($_GET['delete_id']) && isset($_GET['id'])) { $_GET['delete_id'] = $_GET['id']; } $r = db_grab('SELECT firstname, lastname, endDate FROM users WHERE id = ' . $_GET['delete_id']); if ($r['endDate']) { db_query('UPDATE users SET is_active = 0, deleted_user = '******'user_id'] . ', deleted_date = GETDATE() WHERE id = ' . $_GET['delete_id']); } else { db_query('UPDATE users SET is_active = 0, deleted_user = '******'user_id'] . ', deleted_date = GETDATE(), endDate = GETDATE() WHERE id = ' . $_GET['delete_id']); } if (getOption('staff_alertdelete')) { emailAdmins('Intranet: Staff Deleted', draw_link(url_base() . '/staff/view.php?id=' . $_GET['staffID'], $r['firstname'] . ' ' . $r['lastname']) . ' was just deactivated on the Intranet.'); } url_query_drop('action,delete_id'); } function drawJumpToStaff($selectedID = false) { global $page; $nullable = $selectedID === false; $return = drawPanel(getString('jump_to') . ' ' . drawSelectUser('', $selectedID, $nullable, 0, true, true, 'Staff Member:')); if ($page['is_admin'] && db_grab('SELECT COUNT(*) FROM users_requests WHERE is_active = 1')) { $return = drawMessage('There are pending <a href="requests.php">account requests</a> for you to review.') . $return; } return $return; }
function createAttachment(&$attachmentOptions) { global $modSettings, $sourcedir, $backend_subdir; require_once $sourcedir . '/lib/Subs-Graphics.php'; // We need to know where this thing is going. if (!empty($modSettings['currentAttachmentUploadDir'])) { if (!is_array($modSettings['attachmentUploadDir'])) { $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']); } // Just use the current path for temp files. $attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']]; $id_folder = $modSettings['currentAttachmentUploadDir']; } else { $attach_dir = $modSettings['attachmentUploadDir']; $id_folder = 1; } $attachmentOptions['errors'] = array(); if (!isset($attachmentOptions['post'])) { $attachmentOptions['post'] = 0; } if (!isset($attachmentOptions['approved'])) { $attachmentOptions['approved'] = 1; } $already_uploaded = preg_match('~^post_tmp_' . $attachmentOptions['poster'] . '_\\d+$~', $attachmentOptions['tmp_name']) != 0; $file_restricted = @ini_get('open_basedir') != '' && !$already_uploaded; if ($already_uploaded) { $attachmentOptions['tmp_name'] = $attach_dir . '/' . $attachmentOptions['tmp_name']; } // Make sure the file actually exists... sometimes it doesn't. if (!$file_restricted && !file_exists($attachmentOptions['tmp_name']) || !$already_uploaded && !is_uploaded_file($attachmentOptions['tmp_name'])) { $attachmentOptions['errors'] = array('could_not_upload'); return false; } // These are the only valid image types for SMF. $validImageTypes = array(1 => 'gif', 2 => 'jpeg', 3 => 'png', 5 => 'psd', 6 => 'bmp', 7 => 'tiff', 8 => 'tiff', 9 => 'jpeg', 14 => 'iff'); if (!$file_restricted || $already_uploaded) { $size = @getimagesize($attachmentOptions['tmp_name']); list($attachmentOptions['width'], $attachmentOptions['height']) = $size; // If it's an image get the mime type right. if (empty($attachmentOptions['mime_type']) && $attachmentOptions['width']) { // Got a proper mime type? if (!empty($size['mime'])) { $attachmentOptions['mime_type'] = $size['mime']; } elseif (isset($validImageTypes[$size[2]])) { $attachmentOptions['mime_type'] = 'image/' . $validImageTypes[$size[2]]; } } } // Get the hash if no hash has been given yet. if (empty($attachmentOptions['file_hash'])) { $attachmentOptions['file_hash'] = getAttachmentFilename($attachmentOptions['name'], false, null, true); } // Is the file too big? if (!empty($modSettings['attachmentSizeLimit']) && $attachmentOptions['size'] > $modSettings['attachmentSizeLimit'] * 1024) { $attachmentOptions['errors'][] = 'too_large'; } if (!empty($modSettings['attachmentCheckExtensions'])) { $allowed = explode(',', strtolower($modSettings['attachmentExtensions'])); foreach ($allowed as $k => $dummy) { $allowed[$k] = trim($dummy); } if (!in_array(strtolower(substr(strrchr($attachmentOptions['name'], '.'), 1)), $allowed)) { $attachmentOptions['errors'][] = 'bad_extension'; } } if (!empty($modSettings['attachmentDirSizeLimit'])) { // This is a really expensive operation for big numbers of // attachments, which is also very easy to cache. Only do it // every ten minutes. if (empty($modSettings['attachment_dirsize']) || empty($modSettings['attachment_dirsize_time']) || $modSettings['attachment_dirsize_time'] < time() - 600) { // It has been cached - just work with this value for now! $dirSize = $modSettings['attachment_dirsize']; } else { // Make sure the directory isn't full. $dirSize = 0; $dir = @opendir($attach_dir) or fatal_lang_error('cant_access_upload_path', 'critical'); while ($file = readdir($dir)) { if ($file == '.' || $file == '..') { continue; } if (preg_match('~^post_tmp_\\d+_\\d+$~', $file) != 0) { // Temp file is more than 5 hours old! if (filemtime($attach_dir . '/' . $file) < time() - 18000) { @unlink($attach_dir . '/' . $file); } continue; } $dirSize += filesize($attach_dir . '/' . $file); } closedir($dir); updateSettings(array('attachment_dirsize' => $dirSize, 'attachment_dirsize_time' => time())); } // Too big! Maybe you could zip it or something... if ($attachmentOptions['size'] + $dirSize > $modSettings['attachmentDirSizeLimit'] * 1024) { $attachmentOptions['errors'][] = 'directory_full'; } elseif (!isset($modSettings['attachment_full_notified']) && $modSettings['attachmentDirSizeLimit'] > 4000 && $attachmentOptions['size'] + $dirSize > ($modSettings['attachmentDirSizeLimit'] - 2000) * 1024) { require_once $sourcedir . '/lib/Subs-Admin.php'; emailAdmins('admin_attachments_full'); updateSettings(array('attachment_full_notified' => 1)); } } // Check if the file already exists.... (for those who do not encrypt their filenames...) if (empty($modSettings['attachmentEncryptFilenames'])) { // Make sure they aren't trying to upload a nasty file. $disabledFiles = array('con', 'com1', 'com2', 'com3', 'com4', 'prn', 'aux', 'lpt1', '.htaccess', 'index.php'); if (in_array(strtolower(basename($attachmentOptions['name'])), $disabledFiles)) { $attachmentOptions['errors'][] = 'bad_filename'; } // Check if there's another file with that name... $request = smf_db_query(' SELECT id_attach FROM {db_prefix}attachments WHERE filename = {string:filename} LIMIT 1', array('filename' => strtolower($attachmentOptions['name']))); if (mysql_num_rows($request) > 0) { $attachmentOptions['errors'][] = 'taken_filename'; } mysql_free_result($request); } if (!empty($attachmentOptions['errors'])) { return false; } if (!is_writable($attach_dir)) { fatal_lang_error('attachments_no_write', 'critical'); } // Assuming no-one set the extension let's take a look at it. if (empty($attachmentOptions['fileext'])) { $attachmentOptions['fileext'] = strtolower(strrpos($attachmentOptions['name'], '.') !== false ? substr($attachmentOptions['name'], strrpos($attachmentOptions['name'], '.') + 1) : ''); if (strlen($attachmentOptions['fileext']) > 8 || '.' . $attachmentOptions['fileext'] == $attachmentOptions['name']) { $attachmentOptions['fileext'] = ''; } } smf_db_insert('', '{db_prefix}attachments', array('id_folder' => 'int', 'id_msg' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-40', 'fileext' => 'string-8', 'size' => 'int', 'width' => 'int', 'height' => 'int', 'mime_type' => 'string-20', 'approved' => 'int'), array($id_folder, (int) $attachmentOptions['post'], $attachmentOptions['name'], $attachmentOptions['file_hash'], $attachmentOptions['fileext'], (int) $attachmentOptions['size'], empty($attachmentOptions['width']) ? 0 : (int) $attachmentOptions['width'], empty($attachmentOptions['height']) ? '0' : (int) $attachmentOptions['height'], !empty($attachmentOptions['mime_type']) ? $attachmentOptions['mime_type'] : '', (int) $attachmentOptions['approved']), array('id_attach')); $attachmentOptions['id'] = smf_db_insert_id('{db_prefix}attachments', 'id_attach'); if (empty($attachmentOptions['id'])) { return false; } // If it's not approved add to the approval queue. if (!$attachmentOptions['approved']) { smf_db_insert('', '{db_prefix}approval_queue', array('id_attach' => 'int', 'id_msg' => 'int'), array($attachmentOptions['id'], (int) $attachmentOptions['post']), array()); } $attachmentOptions['destination'] = getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], $id_folder, false, $attachmentOptions['file_hash']); if ($already_uploaded) { rename($attachmentOptions['tmp_name'], $attachmentOptions['destination']); } elseif (!move_uploaded_file($attachmentOptions['tmp_name'], $attachmentOptions['destination'])) { fatal_lang_error('attach_timeout', 'critical'); } // Udate the cached directory size, if we care for it. if (!empty($modSettings['attachmentDirSizeLimit'])) { updateSettings(array('attachment_dirsize' => $modSettings['attachment_dirsize'] + $attachmentOptions['size'], 'attachment_dirsize_time' => time())); } // Attempt to chmod it. @chmod($attachmentOptions['destination'], 0644); $size = @getimagesize($attachmentOptions['destination']); list($attachmentOptions['width'], $attachmentOptions['height']) = empty($size) ? array(null, null, null) : $size; // We couldn't access the file before... if ($file_restricted) { // Have a go at getting the right mime type. if (empty($attachmentOptions['mime_type']) && $attachmentOptions['width']) { if (!empty($size['mime'])) { $attachmentOptions['mime_type'] = $size['mime']; } elseif (isset($validImageTypes[$size[2]])) { $attachmentOptions['mime_type'] = 'image/' . $validImageTypes[$size[2]]; } } if (!empty($attachmentOptions['width']) && !empty($attachmentOptions['height'])) { smf_db_query(' UPDATE {db_prefix}attachments SET width = {int:width}, height = {int:height}, mime_type = {string:mime_type} WHERE id_attach = {int:id_attach}', array('width' => (int) $attachmentOptions['width'], 'height' => (int) $attachmentOptions['height'], 'id_attach' => $attachmentOptions['id'], 'mime_type' => empty($attachmentOptions['mime_type']) ? '' : $attachmentOptions['mime_type'])); } } // Security checks for images // Do we have an image? If yes, we need to check it out! if (isset($validImageTypes[$size[2]])) { if (!checkImageContents($attachmentOptions['destination'], !empty($modSettings['attachment_image_paranoid']))) { // It's bad. Last chance, maybe we can re-encode it? if (empty($modSettings['attachment_image_reencode']) || !reencodeImage($attachmentOptions['destination'], $size[2])) { // Nothing to do: not allowed or not successful re-encoding it. require_once $sourcedir . '/lib/Subs-ManageAttachments.php'; removeAttachments(array('id_attach' => $attachmentOptions['id'])); $attachmentOptions['id'] = null; $attachmentOptions['errors'][] = 'bad_attachment'; return false; } // Success! However, successes usually come for a price: // we might get a new format for our image... $old_format = $size[2]; $size = @getimagesize($attachmentOptions['destination']); if (!empty($size) && $size[2] != $old_format) { // Let's update the image information // !!! This is becoming a mess: we keep coming back and update the database, // instead of getting it right the first time. if (isset($validImageTypes[$size[2]])) { $attachmentOptions['mime_type'] = 'image/' . $validImageTypes[$size[2]]; smf_db_query(' UPDATE {db_prefix}attachments SET mime_type = {string:mime_type} WHERE id_attach = {int:id_attach}', array('id_attach' => $attachmentOptions['id'], 'mime_type' => $attachmentOptions['mime_type'])); } } } } if (!empty($attachmentOptions['skip_thumbnail']) || empty($attachmentOptions['width']) && empty($attachmentOptions['height'])) { return true; } // Like thumbnails, do we? if (!empty($modSettings['attachmentThumbnails']) && !empty($modSettings['attachmentThumbWidth']) && !empty($modSettings['attachmentThumbHeight']) && ($attachmentOptions['width'] > $modSettings['attachmentThumbWidth'] || $attachmentOptions['height'] > $modSettings['attachmentThumbHeight'])) { if (createThumbnail($attachmentOptions['destination'], $modSettings['attachmentThumbWidth'], $modSettings['attachmentThumbHeight'])) { // Figure out how big we actually made it. $size = @getimagesize($attachmentOptions['destination'] . '_thumb'); list($thumb_width, $thumb_height) = $size; if (!empty($size['mime'])) { $thumb_mime = $size['mime']; } elseif (isset($validImageTypes[$size[2]])) { $thumb_mime = 'image/' . $validImageTypes[$size[2]]; } else { $thumb_mime = ''; } $thumb_filename = $attachmentOptions['name'] . '_thumb'; $thumb_size = filesize($attachmentOptions['destination'] . '_thumb'); $thumb_file_hash = getAttachmentFilename($thumb_filename, false, null, true); // To the database we go! smf_db_insert('', '{db_prefix}attachments', array('id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-40', 'fileext' => 'string-8', 'size' => 'int', 'width' => 'int', 'height' => 'int', 'mime_type' => 'string-20', 'approved' => 'int'), array($id_folder, (int) $attachmentOptions['post'], 3, $thumb_filename, $thumb_file_hash, $attachmentOptions['fileext'], $thumb_size, $thumb_width, $thumb_height, $thumb_mime, (int) $attachmentOptions['approved']), array('id_attach')); $attachmentOptions['thumb'] = smf_db_insert_id('{db_prefix}attachments', 'id_attach'); if (!empty($attachmentOptions['thumb'])) { smf_db_query(' UPDATE {db_prefix}attachments SET id_thumb = {int:id_thumb} WHERE id_attach = {int:id_attach}', array('id_thumb' => $attachmentOptions['thumb'], 'id_attach' => $attachmentOptions['id'])); rename($attachmentOptions['destination'] . '_thumb', getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], $id_folder, false, $thumb_file_hash)); } } } return true; }
/** * After post created * @param array $msgOptions * @param array $topicOptions * @param array $posterOptions */ function cleantalk_after_create_topic($msgOptions, $topicOptions, $posterOptions) { global $sourcedir, $scripturl; if (isset($msgOptions['cleantalk_check_message_result'])) { require_once $sourcedir . '/Subs-Admin.php'; $link = $scripturl . '?topic=' . $topicOptions['id'] . '.msg' . $msgOptions['id'] . '#msg' . $msgOptions['id']; $message = $msgOptions['cleantalk_check_message_result'] . "\n\n" . $link; emailAdmins('send_email', array('EMAILSUBJECT' => '[Antispam for the board]', 'EMAILBODY' => "CleanTalk antispam failed: \n{$message}")); } }
/** * Performs various checks on an uploaded file. * * What it does: * - Requires that $_SESSION['temp_attachments'][$attachID] be properly populated. * * @package Attachments * @param int $attachID id of the attachment to check */ function attachmentChecks($attachID) { global $modSettings, $context, $attachmentOptions; $db = database(); // No data or missing data .... Not necessarily needed, but in case a mod author missed something. if (empty($_SESSION['temp_attachments'][$attachID])) { $error = '$_SESSION[\'temp_attachments\'][$attachID]'; } elseif (empty($attachID)) { $error = '$attachID'; } elseif (empty($context['attachments'])) { $error = '$context[\'attachments\']'; } elseif (empty($context['attach_dir'])) { $error = '$context[\'attach_dir\']'; } // Let's get their attention. if (!empty($error)) { fatal_lang_error('attach_check_nag', 'debug', array($error)); } // These are the only valid image types. $validImageTypes = array(1 => 'gif', 2 => 'jpeg', 3 => 'png', 5 => 'psd', 6 => 'bmp', 7 => 'tiff', 8 => 'tiff', 9 => 'jpeg', 14 => 'iff'); // Just in case this slipped by the first checks, we stop it here and now if ($_SESSION['temp_attachments'][$attachID]['size'] == 0) { $_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_0_byte_file'; return false; } // First, the dreaded security check. Sorry folks, but this should't be avoided $size = @getimagesize($_SESSION['temp_attachments'][$attachID]['tmp_name']); if (isset($validImageTypes[$size[2]])) { require_once SUBSDIR . '/Graphics.subs.php'; if (!checkImageContents($_SESSION['temp_attachments'][$attachID]['tmp_name'], !empty($modSettings['attachment_image_paranoid']))) { // It's bad. Last chance, maybe we can re-encode it? if (empty($modSettings['attachment_image_reencode']) || !reencodeImage($_SESSION['temp_attachments'][$attachID]['tmp_name'], $size[2])) { // Nothing to do: not allowed or not successful re-encoding it. $_SESSION['temp_attachments'][$attachID]['errors'][] = 'bad_attachment'; return false; } // Success! However, successes usually come for a price: // we might get a new format for our image... $old_format = $size[2]; $size = @getimagesize($attachmentOptions['tmp_name']); if (!empty($size) && $size[2] != $old_format) { if (isset($validImageTypes[$size[2]])) { $_SESSION['temp_attachments'][$attachID]['type'] = 'image/' . $validImageTypes[$size[2]]; } } } } // Is there room for this in the directory? if (!empty($modSettings['attachmentDirSizeLimit']) || !empty($modSettings['attachmentDirFileLimit'])) { // Check the folder size and count. If it hasn't been done already. if (empty($context['dir_size']) || empty($context['dir_files'])) { $request = $db->query('', ' SELECT COUNT(*), SUM(size) FROM {db_prefix}attachments WHERE id_folder = {int:folder_id} AND attachment_type != {int:type}', array('folder_id' => $modSettings['currentAttachmentUploadDir'], 'type' => 1)); list($context['dir_files'], $context['dir_size']) = $db->fetch_row($request); $db->free_result($request); } $context['dir_size'] += $_SESSION['temp_attachments'][$attachID]['size']; $context['dir_files']++; // Are we about to run out of room? Let's notify the admin then. if (empty($modSettings['attachment_full_notified']) && !empty($modSettings['attachmentDirSizeLimit']) && $modSettings['attachmentDirSizeLimit'] > 4000 && $context['dir_size'] > ($modSettings['attachmentDirSizeLimit'] - 2000) * 1024 || !empty($modSettings['attachmentDirFileLimit']) && $modSettings['attachmentDirFileLimit'] * 0.95 < $context['dir_files'] && $modSettings['attachmentDirFileLimit'] > 500) { require_once SUBSDIR . '/Admin.subs.php'; emailAdmins('admin_attachments_full'); updateSettings(array('attachment_full_notified' => 1)); } // No room left.... What to do now??? if (!empty($modSettings['attachmentDirFileLimit']) && $context['dir_files'] + 2 > $modSettings['attachmentDirFileLimit'] || !empty($modSettings['attachmentDirSizeLimit']) && $context['dir_size'] > $modSettings['attachmentDirSizeLimit'] * 1024) { // If we are managing the directories space automatically, lets get to it if (!empty($modSettings['automanage_attachments']) && $modSettings['automanage_attachments'] == 1) { // Move it to the new folder if we can. if (automanage_attachments_by_space()) { rename($_SESSION['temp_attachments'][$attachID]['tmp_name'], $context['attach_dir'] . '/' . $attachID); $_SESSION['temp_attachments'][$attachID]['tmp_name'] = $context['attach_dir'] . '/' . $attachID; $_SESSION['temp_attachments'][$attachID]['id_folder'] = $modSettings['currentAttachmentUploadDir']; $context['dir_size'] = 0; $context['dir_files'] = 0; } else { if (isset($context['dir_creation_error'])) { $_SESSION['temp_attachments'][$attachID]['errors'][] = $context['dir_creation_error']; } else { $_SESSION['temp_attachments'][$attachID]['errors'][] = 'ran_out_of_space'; } } } else { $_SESSION['temp_attachments'][$attachID]['errors'][] = 'ran_out_of_space'; } } } // Is the file too big? if (!empty($modSettings['attachmentSizeLimit']) && $_SESSION['temp_attachments'][$attachID]['size'] > $modSettings['attachmentSizeLimit'] * 1024) { $_SESSION['temp_attachments'][$attachID]['errors'][] = array('file_too_big', array(comma_format($modSettings['attachmentSizeLimit'], 0))); } // Check the total upload size for this post... $context['attachments']['total_size'] += $_SESSION['temp_attachments'][$attachID]['size']; if (!empty($modSettings['attachmentPostLimit']) && $context['attachments']['total_size'] > $modSettings['attachmentPostLimit'] * 1024) { $_SESSION['temp_attachments'][$attachID]['errors'][] = array('attach_max_total_file_size', array(comma_format($modSettings['attachmentPostLimit'], 0), comma_format($modSettings['attachmentPostLimit'] - ($context['attachments']['total_size'] - $_SESSION['temp_attachments'][$attachID]['size']) / 1024, 0))); } // Have we reached the maximum number of files we are allowed? $context['attachments']['quantity']++; // Set a max limit if none exists if (empty($modSettings['attachmentNumPerPostLimit']) && $context['attachments']['quantity'] >= 50) { $modSettings['attachmentNumPerPostLimit'] = 50; } if (!empty($modSettings['attachmentNumPerPostLimit']) && $context['attachments']['quantity'] > $modSettings['attachmentNumPerPostLimit']) { $_SESSION['temp_attachments'][$attachID]['errors'][] = array('attachments_limit_per_post', array($modSettings['attachmentNumPerPostLimit'])); } // File extension check if (!empty($modSettings['attachmentCheckExtensions'])) { $allowed = explode(',', strtolower($modSettings['attachmentExtensions'])); foreach ($allowed as $k => $dummy) { $allowed[$k] = trim($dummy); } if (!in_array(strtolower(substr(strrchr($_SESSION['temp_attachments'][$attachID]['name'], '.'), 1)), $allowed)) { $allowed_extensions = strtr(strtolower($modSettings['attachmentExtensions']), array(',' => ', ')); $_SESSION['temp_attachments'][$attachID]['errors'][] = array('cant_upload_type', array($allowed_extensions)); } } // Undo the math if there's an error if (!empty($_SESSION['temp_attachments'][$attachID]['errors'])) { if (isset($context['dir_size'])) { $context['dir_size'] -= $_SESSION['temp_attachments'][$attachID]['size']; } if (isset($context['dir_files'])) { $context['dir_files']--; } $context['attachments']['total_size'] -= $_SESSION['temp_attachments'][$attachID]['size']; $context['attachments']['quantity']--; return false; } return true; }
/** * This function handles submission of a template file. * It checks the file for syntax errors, and if it passes, it saves it. * * This function is forwarded to, from * ?action=admin;area=theme;sa=edit */ private function _action_edit_submit() { global $context, $settings, $user_info; $selectedTheme = isset($_GET['th']) ? (int) $_GET['th'] : (isset($_GET['id']) ? (int) $_GET['id'] : 0); if (empty($selectedTheme)) { // This should never be happening. Never I say. But... in case it does :P fatal_lang_error('theme_edit_missing'); } $theme_dir = themeDirectory($context['theme_id']); $file = isset($_POST['entire_file']) ? $_POST['entire_file'] : ''; // You did submit *something*, didn't you? if (empty($file)) { // @todo a better error message fatal_lang_error('theme_edit_missing'); } // Checking PHP syntax on css files is not a most constructive use of processing power :P // We need to know what kind of file we have $is_php = substr($_REQUEST['filename'], -4) == '.php'; $is_template = substr($_REQUEST['filename'], -13) == '.template.php'; $is_css = substr($_REQUEST['filename'], -4) == '.css'; // Check you up if (checkSession('post', '', false) == '' && validateToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']), 'post', false) == true) { // Consolidate the format in which we received the file contents if (is_array($file)) { $entire_file = implode("\n", $file); } else { $entire_file = $file; } // Convert our tabs back to tabs! $entire_file = rtrim(strtr($entire_file, array("\r" => '', ' ' => "\t"))); // Errors? No errors! $errors = array(); // For PHP files, we check the syntax. if ($is_php) { require_once SUBSDIR . '/DataValidator.class.php'; require_once SUBSDIR . '/Modlog.subs.php'; // Since we are running php code, let's track it, but only once in a while. if (!recentlyLogged('editing_theme', 60)) { logAction('editing_theme', array('member' => $user_info['id']), 'admin'); // But the email only once every 60 minutes should be fine if (!recentlyLogged('editing_theme', 3600)) { require_once SUBSDIR . '/Themes.subs.php'; require_once SUBSDIR . '/Admin.subs.php'; $theme_info = getBasicThemeInfos($context['theme_id']); emailAdmins('editing_theme', array('EDIT_REALNAME' => $user_info['name'], 'FILE_EDITED' => $_REQUEST['filename'], 'THEME_NAME' => $theme_info[$context['theme_id']])); } } $validator = new Data_Validator(); $validator->validation_rules(array('entire_file' => 'php_syntax')); $validator->validate(array('entire_file' => $entire_file)); // Retrieve the errors $errors = $validator->validation_errors(); } // If successful so far, we'll take the plunge and save this piece of art. if (empty($errors)) { // Try to save the new file contents $fp = fopen($theme_dir . '/' . $_REQUEST['filename'], 'w'); fwrite($fp, $entire_file); fclose($fp); if (function_exists('opcache_invalidate')) { opcache_invalidate($theme_dir . '/' . $_REQUEST['filename']); } // We're done here. redirectexit('action=admin;area=theme;th=' . $selectedTheme . ';' . $context['session_var'] . '=' . $context['session_id'] . ';sa=browse;directory=' . dirname($_REQUEST['filename'])); } else { // Pick the right sub-template for the next try if ($is_template) { $context['sub_template'] = 'edit_template'; } else { $context['sub_template'] = 'edit_file'; } // Fill contextual data for the template, the errors to show foreach ($errors as $error) { $context['parse_error'][] = $error; } // The format of the data depends on template/non-template file. if (!is_array($file)) { $file = array($file); } // Send back the file contents $context['entire_file'] = htmlspecialchars(strtr(implode('', $file), array("\t" => ' ')), ENT_COMPAT, 'UTF-8'); foreach ($file as $i => $file_part) { $context['file_parts'][$i]['lines'] = strlen($file_part); $context['file_parts'][$i]['data'] = $file_part; } // Re-create token for another try createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename'])); return; } } else { loadLanguage('Errors'); // Notify the template of trouble $context['session_error'] = true; // Recycle the submitted data. if (is_array($file)) { $context['entire_file'] = htmlspecialchars(implode("\n", $file), ENT_COMPAT, 'UTF-8'); } else { $context['entire_file'] = htmlspecialchars($file, ENT_COMPAT, 'UTF-8'); } $context['edit_filename'] = htmlspecialchars($_POST['filename'], ENT_COMPAT, 'UTF-8'); // Choose sub-template if ($is_template) { $context['sub_template'] = 'edit_template'; } elseif ($is_css) { addJavascriptVar(array('previewData' => '\'\'', 'previewTimeout' => '\'\'', 'refreshPreviewCache' => '\'\'', 'editFilename' => JavaScriptEscape($context['edit_filename']), 'theme_id' => $settings['theme_id'])); $context['sub_template'] = 'edit_style'; } else { $context['sub_template'] = 'edit_file'; } // Re-create the token so that it can be used createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename'])); return; } }
if ($key == 'email') { $value = draw_link('mailto:' . $value); } elseif ($key == 'departmentID' && $value) { $value = db_grab('SELECT departmentName FROM departments WHERE departmentID = ' . $value); } elseif ($key == 'officeID' && $value) { $value = db_grab('SELECT name FROM offices WHERE id = ' . $value); } elseif ($key == 'organization_id' && $value) { $value = db_grab('SELECT title from organizations WHERE id = ' . $value); } elseif ($key == 'Additional Info') { $value = nl2br($value); } $message .= '<tr><td class="left">' . $key . '</td><td>' . $value . '</td></tr>'; } $message .= '<tr><td colspan="2" class="bottom">' . draw_link($link, 'click here') . '</td></tr>'; $message = '<table border="1">' . $message . '</table>'; emailAdmins($message, $subject); } url_change('account_confirm.php'); } echo drawSimpleTop(getString('login_account_request')); echo drawMessage(getString('login_account_request_msg')); $f = new form('users_requests', false, getString('login_account_request')); $f->set_field(array('type' => 'select', 'sql' => 'SELECT id, title' . langExt() . ' title FROM organizations WHERE is_active = 1 ORDER BY precedence', 'name' => 'organization_id', 'label' => getString('organization'), 'required' => true, 'null_value' => getString('please_select'))); $f->set_field(array('type' => 'text', 'name' => 'firstname', 'label' => getString('name_first'))); $f->set_field(array('type' => 'text', 'name' => 'nickname', 'label' => getString('nickname'))); $f->set_field(array('type' => 'text', 'name' => 'lastname', 'label' => getString('name_last'))); $f->set_field(array('type' => 'text', 'name' => 'title', 'label' => getString('staff_title'))); $f->set_field(array('type' => 'text', 'name' => 'phone', 'label' => getString('telephone'))); $f->set_field(array('type' => 'text', 'name' => 'email', 'label' => getString('email'))); if (getOption('staff_showoffice')) { $f->set_field(array('type' => 'select', 'name' => 'officeID', 'label' => getString('location'), 'sql' => 'SELECT id, name FROM offices ORDER BY precedence', 'required' => true));
/** * Handling function for the backup stuff. * * - It requires an administrator and the session hash by post. * - This method simply forwards to DumpDatabase2(). */ public function action_backup_display() { global $context, $txt, $user_info; validateToken('admin-maint'); // Administrators only! if (!allowedTo('admin_forum')) { fatal_lang_error('no_dump_database', 'critical'); } checkSession('post'); if (empty($iknowitmaybeunsafe)) { require_once SUBSDIR . '/FtpConnection.class.php'; $ftp = new Ftp_Connection($_POST['ftp_server'], $_POST['ftp_port'], $_POST['ftp_username'], $_POST['ftp_password']); if ($ftp->error === false) { // I know, I know... but a lot of people want to type /home/xyz/... which is wrong, but logical. if (!$ftp->chdir($_POST['ftp_path'])) { $ftp_error = $ftp->error; $ftp->chdir(preg_replace('~^/home[2]?/[^/]+?~', '', $_POST['ftp_path'])); } } // If we had an error... if ($ftp->error !== false) { loadLanguage('Packages'); $ftp_error = $ftp->last_message === null ? isset($txt['package_ftp_' . $ftp->error]) ? $txt['package_ftp_' . $ftp->error] : '' : $ftp->last_message; // Fill the boxes for a FTP connection with data from the previous attempt $context['package_ftp'] = array('form_elements_only' => 1, 'server' => $_POST['ftp_server'], 'port' => $_POST['ftp_port'], 'username' => $_POST['ftp_username'], 'path' => $_POST['ftp_path'], 'error' => empty($ftp_error) ? null : $ftp_error); return $this->action_database(); } } require_once SUBSDIR . '/Admin.subs.php'; emailAdmins('admin_backup_database', array('BAK_REALNAME' => $user_info['name'])); logAction('database_backup', array('member' => $user_info['id']), 'admin'); require_once SOURCEDIR . '/DumpDatabase.php'; DumpDatabase2(); }