function process_attachment($post, $url)
{
// if the URL is absolute, but does not contain address, then upload it assuming base_site_url
//if ( preg_match( '|^/[\w\W]+$|', $url ) )
// $url = rtrim( $this->base_url, '/' ) . $url;
global $url_remap;
$upload = fetch_remote_file($url, $post);
if (is_wp_error($upload)) {
return $upload;
}
if ($info = wp_check_filetype($upload['file'])) {
$post['post_mime_type'] = $info['type'];
} else {
return new WP_Error('attachment_processing_error', __('Invalid file type', 'wordpress-importer'));
}
$post['guid'] = $upload['url'];
// as per wp-admin/includes/upload.php
$post_id = wp_insert_attachment($post, $upload['file']);
wp_update_attachment_metadata($post_id, wp_generate_attachment_metadata($post_id, $upload['file']));
// remap resized image URLs, works by stripping the extension and remapping the URL stub.
if (preg_match('!^image/!', $info['type'])) {
$parts = pathinfo($url);
$name = basename($parts['basename'], ".{$parts['extension']}");
// PATHINFO_FILENAME in PHP 5.2
$parts_new = pathinfo($upload['url']);
$name_new = basename($parts_new['basename'], ".{$parts_new['extension']}");
$url_remap[$parts['dirname'] . '/' . $name] = $parts_new['dirname'] . '/' . $name_new;
}
return $post_id;
}
function automedia_xxxymovies($message)
{
global $mybb, $width, $height;
$w = $width;
$h = $height;
/**
*Example:
*http://www.xxxymovies.com/164396/
*/
$pattern = "<http://www.xxxymovies.com/([0-9]{1,12})/\" target>";
if (preg_match($pattern, $message)) {
preg_match_all($pattern, $message, $links);
$link = $links[1];
foreach ($link as $url) {
$site = htmlspecialchars_uni("http://www.xxxymovies.com/" . $url . "/");
$data = fetch_remote_file($site);
if ($data) {
$nrxxx = get_avmatch('~rel="video_src" href="([\\w\\.\\/:-_]+)"~i', $data);
$vid = array($nrxxx);
}
$limit = 1;
foreach ($vid as $id) {
$n = htmlspecialchars_uni($id);
$message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)(?:www\\.)?xxxymovies\\.com/([0-9]{1,12})/(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><embed src=\"{$n}\" loop=\"false\" width=\"{$w}\" height=\"{$h}\" allowfullscreen=\"true\" allowScriptAccess=\"always\" type=\"application/x-shockwave-flash\" pluginspage=\"http://www.macromedia.com/go/getflashplayer\" /></div>", $message, $limit);
}
}
}
return $message;
}
/**
* MyBB 1.8
* Copyright 2014 MyBB Group, All Rights Reserved
*
* Website: http://www.mybb.com
* License: http://www.mybb.com/about/license
*
*/
function task_versioncheck($task)
{
global $cache, $lang, $mybb;
$current_version = rawurlencode($mybb->version_code);
$updated_cache = array('last_check' => TIME_NOW);
// Check for the latest version
require_once MYBB_ROOT . 'inc/class_xml.php';
$contents = fetch_remote_file("http://www.mybb.com/version_check.php");
if (!$contents) {
add_task_log($task, $lang->task_versioncheck_ran_errors);
return false;
}
$pos = strpos($contents, "<");
if ($pos > 1) {
$contents = substr($contents, $pos);
}
$pos = strpos(strrev($contents), ">");
if ($pos > 1) {
$contents = substr($contents, 0, -1 * ($pos - 1));
}
$parser = new XMLParser($contents);
$tree = $parser->get_tree();
$latest_code = (int) $tree['mybb']['version_code']['value'];
$latest_version = "<strong>" . htmlspecialchars_uni($tree['mybb']['latest_version']['value']) . "</strong> (" . $latest_code . ")";
if ($latest_code > $mybb->version_code) {
$latest_version = "<span style=\"color: #C00;\">" . $latest_version . "</span>";
$version_warn = 1;
$updated_cache['latest_version'] = $latest_version;
$updated_cache['latest_version_code'] = $latest_code;
} else {
$latest_version = "<span style=\"color: green;\">" . $latest_version . "</span>";
}
// Check for the latest news
require_once MYBB_ROOT . "inc/class_feedparser.php";
$feed_parser = new FeedParser();
$feed_parser->parse_feed("http://feeds.feedburner.com/MyBBDevelopmentBlog");
$updated_cache['news'] = array();
require_once MYBB_ROOT . '/inc/class_parser.php';
$post_parser = new postParser();
if ($feed_parser->error == '') {
foreach ($feed_parser->items as $item) {
if (isset($updated_cache['news'][2])) {
break;
}
$description = $item['description'];
$description = $post_parser->parse_message($description, array('allow_html' => true));
$description = preg_replace('#<img(.*)/>#', '', $description);
$updated_cache['news'][] = array('title' => htmlspecialchars_uni($item['title']), 'description' => $description, 'link' => htmlspecialchars_uni($item['link']), 'author' => htmlspecialchars_uni($item['author']), 'dateline' => $item['date_timestamp']);
}
}
$cache->update("update_check", $updated_cache);
add_task_log($task, $lang->task_versioncheck_ran);
}
function automedia_divshare($message)
{
global $mybb, $width, $height;
$w = $width;
$h = $height;
/**
*Example:
*http://www.divshare.com/download/7714880-d76
*/
if (preg_match('<a href=\\"(http://)(?:www\\.)?divshare\\.com/download/([^\\"]*)\\">isU', $message)) {
$pattern = "<http://www.divshare.com/download/([-\\w]+)\" target>";
preg_match_all($pattern, $message, $links);
$link = $links[1];
foreach ($link as $url) {
$site = htmlspecialchars_uni("http://www.divshare.com/download/{$url}");
//Find the video id
$data = utf8_encode(fetch_remote_file($site));
if ($data) {
$nrdv = get_avmatch('/data=([-\\w =]*)&/isU', $data);
$vid = array($nrdv);
$nrdi = get_avmatch('/ class=\\"img_thumb\\" id=\\"([-\\w =]{6,40}?)\\" border=/isU', $data);
$img = array($nrdi);
}
$limit = 1;
if ($vid) {
foreach ($vid as $video_id) {
if (!in_array("ajaxData_img_thumb", $img)) {
$message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(?:www\\.)?divshare\\.com/download/([-\\w]{6,18}?)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><div id=\"kadoo_video_container_\$3\"><object height=\"{$h}\" width=\"{$w}\" id=\"video_detector_\$3\"><param value=\"http://divshare.com/flash/video_flash_detector.php?data={$video_id}&autoplay=default&id=\$3\" name=\"movie\"></param><param name=\"allowFullScreen\" value=\"true\"></param><param name=\"allowscriptaccess\" value=\"always\"></param><param name=\"wmode\" value=\"opaque\"></param><embed wmode=\"opaque\" height=\"{$h}\" width=\"{$w}\" type=\"application/x-shockwave-flash\" allowscriptaccess=\"always\" allowfullscreen=\"true\" src=\"http://divshare.com/flash/video_flash_detector.php?data={$video_id}&autoplay=default&id=\$3\"></embed></object></div>", $message, $limit);
}
}
}
if ($img) {
foreach ($img as $image_id) {
if ($image_id == "ajaxData_img_thumb") {
$message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(?:www\\.)?divshare\\.com/download/([-\\w]{6,18}?)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,18,0\" width=\"{$w}\" height=\"{$h}\" id=\"divslide\"><param name=\"movie\" value=\"http://www.divshare.com/flash/slide?myId=\$3\" /><param name=\"allowFullScreen\" value=\"true\" /><embed src=\"http://www.divshare.com/flash/slide?myId=\$3\" width=\"{$h}\" height=\"{$h}\" name=\"divslide\" allowfullscreen=\"true\" type=\"application/x-shockwave-flash\" pluginspage=\"http://www.macromedia.com/go/getflashplayer\"></embed></object></div>", $message, $limit);
}
}
}
}
}
return $message;
}
/**
* Parses a feed with the specified filename (or URL)
*
* @param string $feed The path or URL of the feed
* @return boolean True if parsing was a success, false if failure
*/
function parse_feed($feed)
{
// Include the XML parser
require_once MYBB_ROOT . "inc/class_xml.php";
// Load the feed we want to parse
$contents = fetch_remote_file($feed);
// This is to work around some dodgy bug we've detected with certain installations of PHP
// where certain characters would magically appear between the fetch_remote_file call
// and here which break the feed being imported.
if (strpos($contents, "<") !== 0) {
$contents = substr($contents, strpos($contents, "<"));
}
if (strrpos($contents, ">") + 1 !== strlen($contents)) {
$contents = substr($contents, 0, strrpos($contents, ">") + 1);
}
// Could not load the feed, return an error
if (!$contents) {
$this->error = "invalid_file";
return false;
}
// Parse the feed and get the tree
$parser = new XMLParser($contents);
$tree = $parser->get_tree();
// If the feed is invalid, throw back an error
if ($tree == false) {
$this->error = "invalid_feed_xml";
return false;
}
// Change array key names to lower case
$tree = $this->keys_to_lowercase($tree);
// This is an RSS feed, parse it
if (array_key_exists("rss", $tree)) {
$this->parse_rss($tree['rss']);
} else {
$this->error = "unknown_feed_type";
return false;
}
return true;
}
function dt_geodir_insert_taxonomy($post_type, $catname, $folder_name, $last_catid)
{
$uploads = wp_upload_dir();
// Array of key => value pairs
$dummy_image_url = get_template_directory_uri() . "/assets/images";
$uploaded = (array) fetch_remote_file("{$dummy_image_url}/cat_icon.png");
$new_path = null;
$new_url = null;
if (empty($uploaded['error'])) {
$new_path = $uploaded['file'];
$new_url = $uploaded['url'];
}
$wp_filetype = wp_check_filetype(basename($new_path), null);
$attachment = array('guid' => $uploads['baseurl'] . '/' . basename($new_path), 'post_mime_type' => $wp_filetype['type'], 'post_title' => preg_replace('/\\.[^.]+$/', '', basename($new_path)), 'post_content' => '', 'post_status' => 'inherit');
$attach_id = wp_insert_attachment($attachment, $new_path);
// you must first include the image.php file
// for the function wp_generate_attachment_metadata() to work
require_once ABSPATH . 'wp-admin/includes/image.php';
$attach_data = wp_generate_attachment_metadata($attach_id, $new_path);
wp_update_attachment_metadata($attach_id, $attach_data);
if (!get_tax_meta($last_catid['term_id'], 'ct_cat_icon', false, $post_type)) {
update_tax_meta($last_catid['term_id'], 'ct_cat_icon', array('id' => 'icon', 'src' => $new_url), $post_type);
}
}
die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
}
$page->add_breadcrumb_item($lang->mybb_credits, "index.php?module=home-credits");
$plugins->run_hooks("admin_home_credits_begin");
if (!$mybb->input['action']) {
$page->output_header($lang->mybb_credits);
$sub_tabs['credits'] = array('title' => $lang->mybb_credits, 'link' => "index.php?module=home-credits", 'description' => $lang->mybb_credits_description);
$sub_tabs['credits_about'] = array('title' => $lang->about_the_team, 'link' => "http://www.mybb.com/about/team", 'link_target' => "_blank");
$sub_tabs['check_for_updates'] = array('title' => $lang->check_for_updates, 'link' => "index.php?module=home-credits&fetch_new=1");
$plugins->run_hooks("admin_home_credits_start");
$page->output_nav_tabs($sub_tabs, 'credits');
$mybb_credits = $cache->read('mybb_credits');
if ($mybb->get_input('fetch_new', MyBB::INPUT_INT) == 1 || $mybb->get_input('fetch_new', MyBB::INPUT_INT) == -2 || $mybb->get_input('fetch_new', MyBB::INPUT_INT) != -1 && (!is_array($mybb_credits) || $mybb_credits['last_check'] <= TIME_NOW - 60 * 60 * 24 * 14)) {
$new_mybb_credits = array('last_check' => TIME_NOW);
require_once MYBB_ROOT . "inc/class_xml.php";
$contents = fetch_remote_file("http://www.mybb.com/mybb_team.xml");
if (!$contents) {
flash_message($lang->error_communication, 'error');
if ($mybb->get_input('fetch_new', MyBB::INPUT_INT) == -2) {
admin_redirect('index.php?module=tools-cache');
}
admin_redirect('index.php?module=home-credits&fetch_new=-1');
}
$parser = new XMLParser($contents);
$tree = $parser->get_tree();
$mybbgroup = array();
foreach ($tree['mybbgroup']['team'] as $team) {
$members = array();
foreach ($team['member'] as $member) {
$members[] = array('name' => htmlspecialchars_uni($member['name']['value']), 'username' => htmlspecialchars_uni($member['username']['value']), 'profile' => htmlspecialchars_uni($member['profile']['value']), 'lead' => (bool) $member['attributes']['lead'] or false);
}
if (!defined("IN_MYBB")) {
die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
}
$page->add_breadcrumb_item($lang->version_check, "index.php?module=home-version_check");
$plugins->run_hooks("admin_home_version_check_begin");
if (!$mybb->input['action']) {
$plugins->run_hooks("admin_home_version_check_start");
$page->output_header($lang->version_check);
$sub_tabs['version_check'] = array('title' => $lang->version_check, 'link' => "index.php?module=home-version_check", 'description' => $lang->version_check_description);
$sub_tabs['download_mybb'] = array('title' => $lang->dl_the_latest_mybb, 'link' => "http://mybb.com/downloads", 'link_target' => '_blank');
$sub_tabs['check_plugins'] = array('title' => $lang->check_plugin_versions, 'link' => "index.php?module=config-plugins&action=check");
$page->output_nav_tabs($sub_tabs, 'version_check');
$current_version = rawurlencode($mybb->version_code);
$updated_cache = array("last_check" => TIME_NOW);
require_once MYBB_ROOT . "inc/class_xml.php";
$contents = fetch_remote_file("http://www.mybb.com/version_check.php");
if (!$contents) {
$page->output_inline_error($lang->error_communication);
$page->output_footer();
exit;
}
// We do this because there is some weird symbols that show up in the xml file for unknown reasons
$pos = strpos($contents, "<");
if ($pos > 1) {
$contents = substr($contents, $pos);
}
$pos = strpos(strrev($contents), ">");
if ($pos > 1) {
$contents = substr($contents, 0, -1 * ($pos - 1));
}
$parser = new XMLParser($contents);
function update_core($step = '1', $v)
{
global $dbprefix, $SQL, $lang, $config;
$ftp = $this->check_what_method();
$v = $v['version_number'];
//$this->f_method = 'zfile'; //standard
if ($ftp && $this->is_ftp_supported) {
$this->f_method = 'kftp';
if (!empty($config['ftp_info'])) {
$ftp_info = @unserialize($config['ftp_info']);
$this->info = $ftp_info;
} else {
$this->f_method = 'zfile';
//return to file
}
}
$this->check_connect();
switch ($step) {
case '1':
//....... download files
# code...
if (file_exists(PATH . $config['foldername'] . '/' . 'aupdatekleeja' . $v . '.tar')) {
return true;
}
$b_url = empty($_SERVER['SERVER_NAME']) ? $config['siteurl'] : $_SERVER['SERVER_NAME'];
if (defined("DEV_STAGE")) {
$data = fetch_remote_file('http://localhost/saanina-kleeja/check_vers2/?i=' . urlencode($b_url));
} else {
$data = fetch_remote_file('http://www.kleeja.com/check_vers2/?i=' . urlencode($b_url));
}
if ($data != false) {
//then ..write new file
$re = $this->f > _write(PATH . $config['foldername'] . '/' . 'aupdatekleeja' . $v . '.tar', $data);
if ($this->f->check()) {
$this->zipped_files = $this->f->push('aupdate' . $v);
return 'zipped';
}
return $re;
} else {
return false;
}
break;
case '2':
//extract / untar
return $this->untar(PATH . $config['foldername'] . '/' . 'aupdatekleeja' . $v . '.tar', PATH);
break;
case '3':
//database
include PATH . 'cache/sqlupdate_' . $v . '.php';
if ($config['db_version'] >= DB_VERSION && !defined('DEV_STAGE')) {
$update_msgs_arr[] = '<span style="color:green;">' . $lang['INST_UPDATE_CUR_VER_IS_UP'] . '</span>';
}
//
//is there any sqls
//
$SQL->show_errors = false;
if (isset($update_sqls) && sizeof($update_sqls) > 0) {
$err = '';
foreach ($update_sqls as $name => $sql_content) {
$err = '';
$SQL->query($sql_content);
$err = $SQL->get_error();
if (strpos($err[1], 'Duplicate') !== false || $err[0] == '1062' || $err[0] == '1060') {
$sql = "UPDATE `{$dbprefix}config` SET `value` = '" . DB_VERSION . "' WHERE `name` = 'db_version'";
$SQL->query($sql);
$update_msgs_arr[] = '<span style="color:green;">' . $lang['INST_UPDATE_CUR_VER_IS_UP'] . '</span>';
$complete_upate = false;
}
}
return $update_msgs_arr;
} else {
return false;
}
break;
case '4':
//functions
include PATH . 'cache/sqlupdate_' . $v . '.php';
if ($config['db_version'] >= DB_VERSION && !defined('DEV_STAGE')) {
return 'updated';
}
//
//is there any functions
//
if (isset($update_functions) && sizeof($update_functions) > 0) {
foreach ($update_functions as $n) {
call_user_func($n);
}
return true;
} else {
return false;
}
break;
case '5':
include PATH . 'cache/sqlupdate_' . $v . '.php';
//
//is there any notes
//
$NOTES_CUP = false;
if (isset($update_notes) && sizeof($update_notes) > 0) {
$i = 1;
$NOTES_CUP = array();
foreach ($update_notes as $n) {
$NOTES_CUP[$i] = $n;
++$i;
}
}
return $NOTES_CUP;
break;
case '6':
//finish delete temps show results
# code...
break;
}
}
if (!defined("IN_MYBB")) {
die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
}
@set_time_limit(0);
$page->add_breadcrumb_item($lang->file_verification, "index.php?module=tools-file_verification");
$plugins->run_hooks("admin_tools_file_verification_begin");
if (!$mybb->input['action']) {
$plugins->run_hooks("admin_tools_file_verification_check");
if ($mybb->request_method == "post") {
// User clicked no
if ($mybb->input['no']) {
admin_redirect("index.php?module=tools-system_health");
}
$page->add_breadcrumb_item($lang->checking, "index.php?module=tools-file_verification");
$page->output_header($lang->file_verification . " - " . $lang->checking);
$file = explode("\n", fetch_remote_file("http://www.mybb.com/checksums/release_mybb_{$mybb->version_code}.txt"));
if (strstr($file[0], "<?xml") !== false || empty($file[0])) {
$page->output_inline_error($lang->error_communication);
$page->output_footer();
exit;
}
// Parser-up our checksum file from the MyBB Server
foreach ($file as $line) {
$parts = explode(" ", $line, 2);
if (empty($parts[0]) || empty($parts[1])) {
continue;
}
if (substr($parts[1], 0, 7) == "./admin") {
$parts[1] = "./{$mybb->config['admin_dir']}" . substr($parts[1], 7);
}
if (file_exists(MYBB_ROOT . "forums.php") && !file_exists(MYBB_ROOT . "portal.php")) {
/**
* Default taxonomies
*
* Adds the default terms for taxonomies - placecategory. Modify at your own risk.
*
* @since 1.0.0
* @package GeoDirectory
* @global object $wpdb WordPress Database object.
* @global string $dummy_image_path The dummy image path.
*/
function geodir_default_taxonomies()
{
global $wpdb, $dummy_image_path;
$category_array = array('Attractions', 'Hotels', 'Restaurants', 'Food Nightlife', 'Festival', 'Videos', 'Feature');
$last_catid = isset($last_catid) ? $last_catid : '';
$last_term = get_term($last_catid, 'gd_placecategory');
$uploads = wp_upload_dir();
// Array of key => value pairs
//print_r($uploads) ;
for ($i = 0; $i < count($category_array); $i++) {
$parent_catid = 0;
if (is_array($category_array[$i])) {
$cat_name_arr = $category_array[$i];
for ($j = 0; $j < count($cat_name_arr); $j++) {
$catname = $cat_name_arr[$j];
if (!term_exists($catname, 'gd_placecategory')) {
$last_catid = wp_insert_term($catname, 'gd_placecategory', $args = array('parent' => $parent_catid));
if ($j == 0) {
$parent_catid = $last_catid;
}
if (geodir_dummy_folder_exists()) {
$dummy_image_url = geodir_plugin_url() . "/geodirectory-admin/dummy/cat_icon";
} else {
$dummy_image_url = 'http://www.wpgeodirectory.com/dummy/cat_icon';
}
$catname = str_replace(' ', '_', $catname);
$uploaded = (array) fetch_remote_file("{$dummy_image_url}/" . $catname . ".png");
if (empty($uploaded['error'])) {
$new_path = $uploaded['file'];
$new_url = $uploaded['url'];
}
$wp_filetype = wp_check_filetype(basename($new_path), null);
$attachment = array('guid' => $uploads['baseurl'] . '/' . basename($new_path), 'post_mime_type' => $wp_filetype['type'], 'post_title' => preg_replace('/\\.[^.]+$/', '', basename($new_path)), 'post_content' => '', 'post_status' => 'inherit');
$attach_id = wp_insert_attachment($attachment, $new_path);
// you must first include the image.php file
// for the function wp_generate_attachment_metadata() to work
require_once ABSPATH . 'wp-admin/includes/image.php';
$attach_data = wp_generate_attachment_metadata($attach_id, $new_path);
wp_update_attachment_metadata($attach_id, $attach_data);
if (!get_tax_meta($last_catid['term_id'], 'ct_cat_icon', false, 'gd_place')) {
update_tax_meta($last_catid['term_id'], 'ct_cat_icon', array('id' => 'icon', 'src' => $new_url), 'gd_place');
}
}
}
} else {
$catname = $category_array[$i];
if (!term_exists($catname, 'gd_placecategory')) {
$last_catid = wp_insert_term($catname, 'gd_placecategory');
if (geodir_dummy_folder_exists()) {
$dummy_image_url = geodir_plugin_url() . "/geodirectory-admin/dummy/cat_icon";
} else {
$dummy_image_url = 'http://www.wpgeodirectory.com/dummy/cat_icon';
}
$catname = str_replace(' ', '_', $catname);
$uploaded = (array) fetch_remote_file("{$dummy_image_url}/" . $catname . ".png");
if (empty($uploaded['error'])) {
$new_path = $uploaded['file'];
$new_url = $uploaded['url'];
}
$wp_filetype = wp_check_filetype(basename($new_path), null);
$attachment = array('guid' => $uploads['baseurl'] . '/' . basename($new_path), 'post_mime_type' => $wp_filetype['type'], 'post_title' => preg_replace('/\\.[^.]+$/', '', basename($new_path)), 'post_content' => '', 'post_status' => 'inherit');
$attach_id = wp_insert_attachment($attachment, $new_path);
// you must first include the image.php file
// for the function wp_generate_attachment_metadata() to work
require_once ABSPATH . 'wp-admin/includes/image.php';
$attach_data = wp_generate_attachment_metadata($attach_id, $new_path);
wp_update_attachment_metadata($attach_id, $attach_data);
if (!get_tax_meta($last_catid['term_id'], 'ct_cat_icon', false, 'gd_place')) {
update_tax_meta($last_catid['term_id'], 'ct_cat_icon', array('id' => $attach_id, 'src' => $new_url), 'gd_place');
}
}
}
}
}
function tt_update_avatar_url($avatar_url)
{
global $mybb, $user, $db;
$avatar_url = preg_replace("#script:#i", "", $avatar_url);
$avatar_url = preg_replace("/^(https)/", 'http', $avatar_url);
$ext = get_extension($avatar_url);
// Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
$file = fetch_remote_file($avatar_url);
if (!$file) {
return false;
} else {
$tmp_name = $mybb->settings['avataruploadpath'] . "/remote_" . md5(random_str());
$fp = @fopen($tmp_name, "wb");
if (!$fp) {
return false;
} else {
fwrite($fp, $file);
fclose($fp);
list($width, $height, $type) = @getimagesize($tmp_name);
@unlink($tmp_name);
if (!$type) {
return false;
}
}
}
if ($width && $height && $mybb->settings['maxavatardims'] != "") {
list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
if ($maxwidth && $width > $maxwidth || $maxheight && $height > $maxheight) {
return false;
}
}
if ($width > 0 && $height > 0) {
$avatar_dimensions = intval($width) . "|" . intval($height);
}
$updated_avatar = array("avatar" => $db->escape_string($avatar_url . '?dateline=' . TIME_NOW), "avatardimensions" => $avatar_dimensions, "avatartype" => "remote");
return $updated_avatar;
}
/**
* Get remote files
*
* @param string $url the file link
* @param bool|string $save_in save file to this path, or false if not
* @param int $timeout trying getting the file timeout
* @param bool $head_only gets only the headers without the contents
* @param int $max_redirects allowed number of redirects
* @param bool $binary is the file content binary or not
* @author punbb and kleeja team
*/
function fetch_remote_file($url, $save_in = false, $timeout = 20, $head_only = false, $max_redirects = 10, $binary = false)
{
global $plugin;
($hook = $plugin->run_hook('kleeja_fetch_remote_file_func')) ? eval($hook) : null;
//run hook
#Quite unlikely that this will be allowed on a shared host, but it can't hurt
if (function_exists('ini_set')) {
@ini_set('default_socket_timeout', $timeout);
}
$allow_url_fopen = function_exists('ini_get') ? strtolower(@ini_get('allow_url_fopen')) : strtolower(@get_cfg_var('allow_url_fopen'));
if (function_exists('curl_init') && !$save_in) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_NOBODY, $head_only);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Kleeja)');
// Grab the page
$data = @curl_exec($ch);
$responce_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
// Process 301/302 redirect
if ($data !== false && ($responce_code == '301' || $responce_code == '302') && $max_redirects > 0) {
$headers = explode("\r\n", trim($data));
foreach ($headers as $header) {
if (substr($header, 0, 10) == 'Location: ') {
$responce = fetch_remote_file(substr($header, 10), $save_in, $timeout, $head_only, $max_redirects - 1);
if ($head_only) {
if ($responce != false) {
$headers[] = $responce;
}
return $headers;
} else {
return false;
}
}
}
}
#Ignore everything except a 200 response code
if ($data !== false && $responce_code == '200') {
if ($head_only) {
return explode("\r\n", str_replace("\r\n\r\n", "\r\n", trim($data)));
} else {
preg_match('#HTTP/1.[01] 200 OK#', $data, $match, PREG_OFFSET_CAPTURE);
$last_content = substr($data, $match[0][1]);
$content_start = strpos($last_content, "\r\n\r\n");
if ($content_start !== false) {
return substr($last_content, $content_start + 4);
}
}
}
} else {
if (function_exists('fsockopen')) {
$url_parsed = parse_url($url);
$host = $url_parsed['host'];
$port = empty($url_parsed['port']) || $url_parsed['port'] == 0 ? 80 : $url_parsed['port'];
$path = $url_parsed['path'];
if (isset($url_parsed["query"]) && $url_parsed["query"] != '') {
$path .= '?' . $url_parsed['query'];
}
if (!($fp = @fsockopen($host, $port, $errno, $errstr, $timeout))) {
return false;
}
#Send a standard HTTP 1.0 request for the page
fwrite($fp, ($head_only ? 'HEAD' : 'GET') . " {$path} HTTP/1.0\r\n");
fwrite($fp, "Host: {$host}\r\n");
fwrite($fp, 'User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Kleeja)' . "\r\n");
fwrite($fp, 'Connection: Close' . "\r\n\r\n");
stream_set_timeout($fp, $timeout);
$stream_meta = stream_get_meta_data($fp);
#let's open new file to save it in.
if ($save_in) {
$fp2 = @fopen($save_in, 'w' . ($binary ? '' : ''));
}
#Fetch the response 1024 bytes at a time and watch out for a timeout
$in = false;
$h = false;
$s = '';
while (!feof($fp) && !$stream_meta['timed_out']) {
$s = fgets($fp, 1024);
if ($save_in) {
if ($s == "\r\n") {
$h = true;
continue;
}
if ($h) {
@fwrite($fp2, $s);
}
}
$in .= $s;
$stream_meta = stream_get_meta_data($fp);
}
fclose($fp);
if ($save_in) {
unset($in);
@fclose($fp2);
return true;
}
#Process 301/302 redirect
if ($in !== false && $max_redirects > 0 && preg_match('#^HTTP/1.[01] 30[12]#', $in)) {
$headers = explode("\r\n", trim($in));
foreach ($headers as $header) {
if (substr($header, 0, 10) == 'Location: ') {
$responce = get_remote_file(substr($header, 10), $save_in, $timeout, $head_only, $max_redirects - 1);
if ($responce != false) {
$headers[] = $responce;
}
return $headers;
}
}
}
#Ignore everything except a 200 response code
if ($in !== false && preg_match('#^HTTP/1.[01] 200 OK#', $in)) {
if ($head_only) {
return explode("\r\n", trim($in));
} else {
$content_start = strpos($in, "\r\n\r\n");
if ($content_start !== false) {
return substr($in, $content_start + 4);
}
}
}
return $in;
} else {
if (in_array($allow_url_fopen, array('on', 'true', '1'))) {
#PHP5's version of file_get_contents() supports stream options
if (version_compare(PHP_VERSION, '5.0.0', '>=')) {
#Setup a stream context
$stream_context = stream_context_create(array('http' => array('method' => $head_only ? 'HEAD' : 'GET', 'user_agent' => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Kleeja)', 'max_redirects' => $max_redirects + 1, 'timeout' => $timeout)));
$content = @file_get_contents($url, false, $stream_context);
} else {
$content = @file_get_contents($url);
}
# Did we get anything?
if ($content !== false) {
#Gotta love the fact that $http_response_header just appears in the global scope (*cough* hack! *cough*)
if ($head_only) {
return $http_response_header;
}
if ($save_in) {
$fp2 = fopen($save_in, 'w' . ($binary ? 'b' : ''));
@fwrite($fp2, $content);
@fclose($fp2);
unset($content);
return true;
}
return $content;
}
}
}
}
return false;
}
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>';
//-----------------//-----------------//-----------------//-----------------//-----------------
$con = '/////////////////////////////////////صفحه ی اعلام نتایج ysc//////////////////////////////////////////////////' . PHP_EOL . fetch_remote_file('http://ysc.ac.ir/include_news_post.php?id+post=196', array('postid' => '196')) . PHP_EOL . '/////////////////////////////////////سایت کمیته//////////////////////////////////////////////////' . PHP_EOL . fetch_remote_file('http://inoi.ir') . PHP_EOL . '/////////////////////////////////////صفحه اصلی ysc//////////////////////////////////////////////////' . PHP_EOL . fetch_remote_file('http://ysc.ac.ir/');
$old = file_get_contents("ysc.txt");
$all = file_get_contents("all.txt");
if ($old != $con) {
//یک بار دیگر چک می کنیم
$con = '/////////////////////////////////////صفحه ی اعلام نتایج ysc//////////////////////////////////////////////////' . PHP_EOL . fetch_remote_file('http://ysc.ac.ir/include_news_post.php?id+post=196', array('postid' => '196')) . PHP_EOL . '/////////////////////////////////////سایت کمیته//////////////////////////////////////////////////' . PHP_EOL . fetch_remote_file('http://inoi.ir') . PHP_EOL . '/////////////////////////////////////صفحه اصلی ysc//////////////////////////////////////////////////' . PHP_EOL . fetch_remote_file('http://ysc.ac.ir/');
if ($old != $con) {
echo ' <item>
<title>' . date("Y/m/d H:i:s") . ' update</title>
</item>' . $all;
file_put_contents("all.txt", ' <item>
<title>' . date("Y/m/d H:i:s") . ' update</title>
</item>' . $all);
file_put_contents("ysc.txt", $con);
file_put_contents('./changelog/' . date("YmdHis") . '.txt', $old);
}
} else {
echo $all;
}
echo ' </channel>
</rss>
function processURL($url)
{
global $USER, $CONF;
$ok = false;
//generate a unique "upload id" - we use this to hold the image until
//they've confirmed they want to submit
$upload_id = md5(uniqid('upload'));
$pendingfile = $this->_pendingJPEG($upload_id);
function fetch_remote_file($url, $filename)
{
$data = file_get_contents($url);
if (strlen($data) > 0) {
file_put_contents($filename, $data);
return true;
}
return false;
}
if (preg_match('/^http:\\/\\/[\\w\\.-]+\\/[\\w\\.\\/-]+\\.jpg$/', $url) || preg_match('/^http:\\/\\/www\\.picnik\\.com\\/file\\/\\d+$/', $url)) {
if (fetch_remote_file($url, $pendingfile)) {
if ($this->_isJpeg($pendingfile)) {
$ok = $this->_processFile($upload_id, $pendingfile);
} else {
$this->error("We only accept JPEG images - your upload did not appear to be a valid JPEG file");
}
} else {
//playing silly buggers?
$this->error("There were problems processing your upload - please contact us");
}
} else {
//playing silly buggers?
$this->error("We where unable to fetch that image - please contact us");
}
return $ok;
}
/**
* Check a user against the 3rd party service to determine whether they are a spammer.
*
* @param string $username The username of the user to check.
* @param string $email The email address of the user to check.
* @param string $ip_address The IP address sof the user to check.
* @return bool Whether the user is considered a spammer or not.
* @throws Exception Thrown when there's an error fetching from the StopForumSpam API or when the data cannot be decoded.
*/
public function is_user_a_spammer($username = '', $email = '', $ip_address = '')
{
$is_spammer = false;
$confidence = 0;
if (filter_var($email, FILTER_VALIDATE_EMAIL) && filter_var($ip_address, FILTER_VALIDATE_IP)) {
$username_encoded = urlencode($username);
$email_encoded = urlencode($email);
$check_url = sprintf(self::STOP_FORUM_SPAM_API_URL_FORMAT, $username_encoded, $email_encoded, $ip_address);
$result = fetch_remote_file($check_url);
if ($result !== false) {
$result_json = @json_decode($result);
if ($result_json != null && !isset($result_json->error)) {
if ($this->check_usernames && $result_json->username->appears) {
$confidence += $result_json->username->confidence;
}
if ($this->check_emails && $result_json->email->appears) {
$confidence += $result_json->email->confidence;
}
if ($this->check_ips && $result_json->ip->appears) {
$confidence += $result_json->ip->confidence;
}
if ($confidence > $this->min_weighting_before_spam) {
$is_spammer = true;
}
} else {
throw new Exception('stopforumspam_error_decoding');
}
} else {
throw new Exception('stopforumspam_error_retrieving');
}
}
if ($this->plugins) {
$params = array('username' => &$username, 'email' => &$email, 'ip_address' => &$ip_address, 'is_spammer' => &$is_spammer, 'confidence' => &$confidence);
$this->plugins->run_hooks('stopforumspam_check_spammer_pre_return', $params);
}
if ($this->log_blocks && $is_spammer) {
log_spam_block($username, $email, $ip_address, array('confidence' => (double) $confidence));
}
return $is_spammer;
}
$names[$plugininfo['codename']] = array('name' => $plugininfo['name'], 'version' => $plugininfo['version']);
} elseif ($plugininfo['guid'] != "") {
$info[] = $plugininfo['guid'];
$names[$plugininfo['guid']] = array('name' => $plugininfo['name'], 'version' => $plugininfo['version']);
}
}
$plugins->hooks = $active_hooks;
}
if (empty($info)) {
flash_message($lang->error_vcheck_no_supported_plugins, 'error');
admin_redirect("index.php?module=config-plugins");
}
$url = "http://community.mybb.com/version_check.php?";
$url .= http_build_query(array("info" => $info)) . "&";
require_once MYBB_ROOT . "inc/class_xml.php";
$contents = fetch_remote_file($url);
if (!$contents) {
flash_message($lang->error_vcheck_communications_problem, 'error');
admin_redirect("index.php?module=config-plugins");
}
$parser = new XMLParser($contents);
$tree = $parser->get_tree();
if (!is_array($tree) || !isset($tree['plugins'])) {
flash_message($lang->error_communication_problem, 'error');
admin_redirect("index.php?module=config-plugins");
}
if (array_key_exists('error', $tree['plugins'])) {
switch ($tree['plugins'][0]['error']) {
case "1":
$error_msg = $lang->error_no_input;
break;
function process()
{
global $SQL, $dbprefix, $config, $lang;
global $use_ftp, $ftp_server, $ftp_user, $ftp_pass, $ch;
($hook = kleeja_run_hook('start_process_kljuploader')) ? eval($hook) : null;
//run hook
//check prefix
if (preg_match("/{rand:([0-9]+)}/i", $this->filename, $m)) {
$this->filename = preg_replace("/{rand:([0-9]+)}/i", substr(md5(time()), 0, $m[1]), $this->filename);
}
if (preg_match("/{date:([a-zA-Z-_]+)}/i", $this->filename, $m)) {
$this->filename = preg_replace("/{date:([a-zA-Z-_]+)}/i", date($m[1]), $this->filename);
}
($hook = kleeja_run_hook('no_folder_check_kljuploader')) ? eval($hook) : null;
//run hook
// check folder
if (!file_exists($this->folder)) {
($hook = kleeja_run_hook('no_uploadfolder_kljuploader')) ? eval($hook) : null;
//run hook
$jadid = mkdir($this->folder);
$jadid2 = mkdir($this->folder . '/thumbs');
if ($jadid) {
$this->errs[] = array($lang['NEW_DIR_CRT'], 'index_info');
$htaccess_data = "<Files ~ \"^.*\\.(php|php*|cgi|pl|phtml|shtml|sql|asp|aspx)\">\nOrder allow,deny\nDeny from all\n</Files>\n<IfModule mod_php4.c>\nphp_flag engine off\n</IfModule>\n<IfModule mod_php5.c>\nphp_flag engine off\n</IfModule>\nRemoveType .php .php* .phtml .pl .cgi .asp .aspx .sql";
$fo = @fopen($this->folder . "/index.html", "w");
$fo2 = @fopen($this->folder . "/thumbs/index.html", "w");
$fw = @fwrite($fo, '<a href="http://kleeja.com"><p>KLEEJA ..</p></a>');
$fw2 = @fwrite($fo2, '<a href="http://kleeja.com"><p>KLEEJA ..</p></a>');
$fi = @fopen($this->folder . "/.htaccess", "w");
$fi2 = @fopen($this->folder . "/thumbs/.htaccess", "w");
$fy = @fwrite($fi, $htaccess_data);
$fy2 = @fwrite($fi2, $htaccess_data);
$chmod = @chmod($this->folder, 0777);
$chmod2 = @chmod($this->folder . '/thumbs/', 0777);
if (!$chmod) {
$this->errs[] = array($lang['PR_DIR_CRT'], 'index_err');
}
} else {
$this->errs[] = array($lang['CANT_DIR_CRT'], 'index_err');
}
}
//then wut did u click
$wut = false;
//clicked, _file uploading
if (isset($_POST['submitr'])) {
$wut = 1;
} elseif (isset($_POST['submittxt'])) {
$wut = 2;
}
//add your clicked actions
($hook = kleeja_run_hook('another_wut_kljuploader')) ? eval($hook) : null;
//run hook
if (!$wut) {
//no uploading yet, or just go to index.php, so we have make a new session
unset($_SESSION['FIILES_NOT_DUPLI'], $_SESSION['FIILES_NOT_DUPLI_LINKS']);
}
//safe_code .. captcha is on
if ($this->safe_code && $wut) {
if (!kleeja_check_captcha()) {
($hook = kleeja_run_hook('wrong_captcha_kljuploader_w1')) ? eval($hook) : null;
//run hook
return $this->errs[] = array($lang['WRONG_VERTY_CODE'], 'index_err');
}
}
if (!$this->user_is_adm && $this->user_is_flooding()) {
return $this->errs[] = array(sprintf($lang['YOU_HAVE_TO_WAIT'], $this->id_user == '-1' ? $config['guestsectoupload'] : $config['usersectoupload']), 'index_err');
}
if ($wut == 1 && isset($_SESSION['FIILES_NOT_DUPLI'])) {
for ($i = 0; $i <= $this->filesnum; $i++) {
if (!empty($_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name']) && !empty($_FILES['file_' . $i . '_']['name']) && $_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name'] == $_FILES['file_' . $i . '_']['name']) {
redirect('./');
//return $this->errs[] = array($lang['NO_REPEATING_UPLOADING'], 'index_err');
}
}
}
if ($wut == 2 && isset($_SESSION['FIILES_NOT_DUPLI_LINKS'])) {
for ($i = 0; $i <= $this->filesnum; $i++) {
if (!empty($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) && !empty($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && trim($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && $_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_'] == $_POST['file_' . $i . '_']) {
redirect('./');
//return $this->errs[] = array($lang['NO_REPEATING_UPLOADING'], 'index_err');
}
}
}
// uploading process
$check = false;
//add your hook here, if wut == 'my_action' ...
($hook = kleeja_run_hook('wuts_processes_kljuploader')) ? eval($hook) : null;
//run hook
if ($wut == 1) {
($hook = kleeja_run_hook('submit_filesupload_kljuploader')) ? eval($hook) : null;
//run hook
for ($i = 0; $i <= $this->filesnum; $i++) {
$check .= isset($_FILES['file_' . $i . '_']['name']) ? $_FILES['file_' . $i . '_']['name'] : '';
$this->filename2 = @explode(".", $_FILES['file_' . $i . '_']['name']);
$this->filename2 = strtolower($this->filename2[sizeof($this->filename2) - 1]);
$this->typet = $this->filename2;
$this->sizet = !empty($_FILES['file_' . $i . '_']['size']) ? $_FILES['file_' . $i . '_']['size'] : null;
($hook = kleeja_run_hook('for_wut1_filesupload_kljuploader')) ? eval($hook) : null;
//run hook
// decoding
if ($this->decode == "time") {
$zaid = time();
$this->filename2 = $this->filename . $zaid . $i . "." . $this->filename2;
} elseif ($this->decode == "md5") {
$zaid = md5(time());
$zaid = substr($zaid, 0, 10);
$this->filename2 = $this->filename . $zaid . $i . "." . $this->filename2;
} else {
//real name of file
$filename = substr(@$_FILES['file_' . $i . '_']['name'], 0, -strlen($this->typet) - 1);
$this->filename2 = $this->filename . preg_replace('/[,.?\\/*&^\\\\$%#@()_!|"\\~\'><=+}{; ]/', '-', $filename) . '.' . $this->typet;
$this->filename2 = preg_replace('/-+/', '-', $this->filename2);
($hook = kleeja_run_hook('another_decode_type_kljuploader')) ? eval($hook) : null;
//run hook
}
if (empty($_FILES['file_' . $i . '_']['tmp_name'])) {
//if no file ? natin to do ,, why ? becuase its multiple fields
} elseif (file_exists($this->folder . '/' . $this->filename2)) {
$this->errs[] = array(sprintf($lang['SAME_FILE_EXIST'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif (preg_match("#[\\\\/\\:\\*\\?\\<\\>\\|\"]#", $this->filename2)) {
$this->errs[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif ($this->ext_check_safe($_FILES['file_' . $i . '_']['name']) == false) {
$this->errs[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif (!in_array(strtolower($this->typet), array_keys($this->types))) {
//guest
if ($this->id_user == '-1') {
$this->errs[] = array(sprintf($lang['FORBID_EXT'], $this->typet) . '<br /> <a href="' . ($config['mod_writer'] ? "register.html" : "ucp.php?go=register") . '" title="' . htmlspecialchars($lang['REGISTER']) . '">' . $lang['REGISTER'] . '</a>', 'index_err');
} else {
$this->errs[] = array(sprintf($lang['FORBID_EXT'], $this->typet), 'index_err');
}
} elseif (kleeja_check_mime($_FILES['file_' . $i . '_']['type'], $this->types[strtolower($this->typet)]['group_id'], $_FILES['file_' . $i . '_']['tmp_name']) == false) {
$this->errs[] = array(sprintf($lang['NOT_SAFE_FILE'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif ($this->types[strtolower($this->typet)]['size'] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]['size']) {
$this->errs[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_FILES['file_' . $i . '_']['name']), Customfile_size($this->types[strtolower($this->typet)]['size'])), 'index_err');
} else {
//
// no errors , so uploading
//
//if (!$use_ftp)
//{
($hook = kleeja_run_hook('move_uploaded_file_kljuploader')) ? eval($hook) : null;
//run hook
$file = move_uploaded_file($_FILES['file_' . $i . '_']['tmp_name'], $this->folder . "/" . $this->filename2);
/*}
else // use ftp account
{
($hook = kleeja_run_hook('ftp_connect_kljuploader')) ? eval($hook) : null; //run hook
// set up a connection or die
$conn_id = ftp_connect($ftp_server);
// Login with username and password
$login_result = ftp_login($conn_id, $ftp_user, $ftp_pass);
ftp_pasv($conn_id,false);
// Check the connection
if ((!$conn_id) || (!$login_result))
{
$this->errs[]= array($lang['CANT_CON_FTP'] . $ftp_server, 'index_err');
}
//ftp method
if (in_array(strtolower($this->typet), array('png','gif','jpg','jpeg','tif','tiff')))
{
$ftp_method = FTP_BINARY;
}
else
{
$ftp_method = FTP_ASCII;
}
// Upload the file
$file = ftp_put($conn_id, $this->folder . "/" . $this->filename2, $_FILES['file_' . $i . '_']['tmp_name'], $ftp_method);
ftp_close($conn_id);
}*/
if ($file) {
$this->saveit($this->filename2, $this->folder, $this->sizet, $this->typet, $_FILES['file_' . $i . '_']['name']);
} else {
$this->errs[] = array(sprintf($lang['CANT_UPLAOD'], $this->filename2), 'index_err');
}
}
}
#for ... lmean loop
if (!isset($check) || empty($check)) {
$this->errs[] = array($lang['CHOSE_F'], 'index_err');
}
} elseif ($wut == 2 && $config['www_url'] == '1') {
($hook = kleeja_run_hook('submit_urlupload_kljuploader')) ? eval($hook) : null;
//run hook
//looop text inputs
for ($i = 0; $i < $this->filesnum; $i++) {
$check .= isset($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] ? $_POST['file_' . $i . '_'] : '';
$filename = isset($_POST['file_' . $i . '_']) ? basename($_POST['file_' . $i . '_']) : '';
$this->filename2 = explode(".", $filename);
($hook = kleeja_run_hook('for_wut2_filesupload_kljuploader')) ? eval($hook) : null;
//run hook
if (in_array($this->filename2[count($this->filename2) - 1], array('html', 'php', 'html'))) {
$this->filename2 = $this->typet = strtolower($this->filename2[count($this->filename2) - 2]);
} else {
$this->filename2 = $this->typet = strtolower($this->filename2[count($this->filename2) - 1]);
}
//transfer [decode]
if ($this->decode == "time") {
$zaid = time();
$this->filename2 = $this->filename . $zaid . $i . "." . $this->filename2;
} elseif ($this->decode == "md5") {
$zaid = md5(time());
$zaid = substr($zaid, 0, 10);
$this->filename2 = $this->filename . $zaid . $i . "." . $this->filename2;
} else {
// real name of file
$this->filename2 = $this->filename . preg_replace('/[,.?\\/*&^\\\\$%#@()_!|"\\~\'><=+}{; ]/', '-', $filename) . '.' . $this->typet;
$this->filename2 = preg_replace('/-+/', '-', $this->filename2);
($hook = kleeja_run_hook('another_decode_type_kljuploader')) ? eval($hook) : null;
//run hook
}
//end tashfer
if (empty($_POST['file_' . $i . '_']) || trim($_POST['file_' . $i . '_']) == $lang['PAST_URL_HERE']) {
//nathin
} else {
if (file_exists($this->folder . '/' . $filename)) {
$this->errs[] = array(sprintf($lang['SAME_FILE_EXIST'], htmlspecialchars($_POST['file_' . $i . '_'])), 'index_err');
} elseif (!in_array(strtolower($this->typet), array_keys($this->types))) {
$this->errs[] = array(sprintf($lang['FORBID_EXT'], htmlspecialchars($_POST['file_' . $i . '_']), $this->typet), 'index_err');
} else {
($hook = kleeja_run_hook('start_upload_wut2_kljuploader')) ? eval($hook) : null;
//run hook
//
//end err .. start upload from url
//
if (!in_array(substr($_POST['file_' . $i . '_'], 0, 4), array('http', 'ftp:'))) {
$_POST['file_' . $i . '_'] = 'http://' . $_POST['file_' . $i . '_'];
}
if (function_exists("curl_init")) {
$data = fetch_remote_file($_POST['file_' . $i . '_']);
if ($data != false) {
$this->sizet = strlen($data);
if ($this->types[strtolower($this->typet)]['size'] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]['size']) {
$this->errs[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_POST['file_' . $i . '_']), Customfile_size($this->types[strtolower($this->typet)]['size'])), 'index_err');
} else {
//then ..write new file
$fp2 = @fopen($this->folder . "/" . $this->filename2, "w");
@fwrite($fp2, $data);
@fclose($fp2);
$this->saveit($this->filename2, $this->folder, $this->sizet, $this->typet);
}
} else {
$this->errs[] = array($lang['URL_CANT_GET'], 'index_err');
}
} else {
$this->sizet = $this->get_remote_file_size($_POST['file_' . $i . '_']);
if ($this->types[strtolower($this->typet)]['size'] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]['size']) {
$this->errs[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_POST['file_' . $i . '_']), Customfile_size($this->types[strtolower($this->typet)]['size'])), 'index_err');
} else {
$data = fetch_remote_file($_POST['file_' . $i . '_'], $this->folder . "/" . $this->filename2);
if ($data === false) {
$this->errs[] = array($lang['URL_CANT_GET'], 'index_err');
} else {
$this->saveit($this->filename2, $this->folder, $this->sizet, $this->typet);
}
}
}
}
#else
}
//big else
}
#end loop
if (!isset($check) || empty($check)) {
$this->errs[] = array($lang['CHOSE_F'], 'index_err');
}
}
#end wut2
}
/**
* Synchronizes Facebook's data with MyBB's data
*/
public function sync($user, $data = '')
{
if (!$user['uid']) {
return false;
}
global $mybb, $db, $session, $lang;
$update = array();
$userfield = array();
$detailsid = "fid" . (int) $mybb->settings['myfbconnect_fbdetailsfield'];
$locationid = "fid" . (int) $mybb->settings['myfbconnect_fblocationfield'];
$bioid = "fid" . (int) $mybb->settings['myfbconnect_fbbiofield'];
$sexid = "fid" . (int) $mybb->settings['myfbconnect_fbsexfield'];
// No data available? Let's get some
if (!$data) {
$data = $this->get_user();
}
$query = $db->simple_select("userfields", "ufid", "ufid = {$user['uid']}");
$check = $db->fetch_field($query, "ufid");
$db->free_result($query);
if (!$check) {
$userfield['ufid'] = $user['uid'];
}
// No Facebook ID? Sync it too!
if (!$user['myfb_uid'] and $data['id']) {
$update['myfb_uid'] = $data['id'];
}
// Avatar
if ($user['fbavatar'] and $data['id'] and $mybb->settings['myfbconnect_fbavatar']) {
list($maxwidth, $maxheight) = explode('x', my_strtolower($mybb->settings['maxavatardims']));
$update["avatar"] = $db->escape_string("http://graph.facebook.com/{$data['id']}/picture?width={$maxwidth}&height={$maxheight}");
$update["avatartype"] = "remote";
// Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
$file = fetch_remote_file($update["avatar"]);
$tmp_name = $mybb->settings['avataruploadpath'] . "/remote_" . md5(random_str());
$fp = @fopen($tmp_name, "wb");
if ($fp) {
fwrite($fp, $file);
fclose($fp);
list($width, $height, $type) = @getimagesize($tmp_name);
@unlink($tmp_name);
if (!$type) {
$avatar_error = true;
}
}
if (!$avatar_error) {
if ($width and $height and $mybb->settings['maxavatardims'] != "") {
if ($maxwidth and $width > $maxwidth or $maxheight and $height > $maxheight) {
$avatardims = $maxheight . "|" . $maxwidth;
}
}
if ($width > 0 and $height > 0 and !$avatardims) {
$avatardims = $width . "|" . $height;
}
$update["avatardimensions"] = $avatardims;
} else {
$update["avatardimensions"] = $maxheight . "|" . $maxwidth;
}
}
// Birthday
if ($user['fbbday'] and $data['birthday'] and $mybb->settings['myfbconnect_fbbday']) {
$birthday = explode("/", $data['birthday']);
$birthday['0'] = ltrim($birthday['0'], '0');
$update["birthday"] = $birthday['1'] . "-" . $birthday['0'] . "-" . $birthday['2'];
}
// Cover, if Profile Picture plugin is installed
if ($user['fbavatar'] and $data['cover']['source'] and $mybb->settings['myfbconnect_fbavatar'] and $db->field_exists("profilepic", "users")) {
$cover = $data['cover']['source'];
$update["profilepic"] = str_replace('/s720x720/', '/p851x315/', $cover);
$update["profilepictype"] = "remote";
if ($mybb->usergroup['profilepicmaxdimensions']) {
list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->usergroup['profilepicmaxdimensions']));
$update["profilepicdimensions"] = $maxwidth . "|" . $maxheight;
} else {
$update["profilepicdimensions"] = "851|315";
}
}
// Sex
if ($user['fbsex'] and $data['gender'] and $mybb->settings['myfbconnect_fbsex']) {
if ($db->field_exists($sexid, "userfields")) {
if ($data['gender'] == "male") {
$userfield[$sexid] = $lang->myfbconnect_male;
} else {
if ($data['gender'] == "female") {
$userfield[$sexid] = $lang->myfbconnect_female;
}
}
}
}
// Name and last name
if ($user['fbdetails'] and $data['name'] and $mybb->settings['myfbconnect_fbdetails']) {
if ($db->field_exists($detailsid, "userfields")) {
$userfield[$detailsid] = $db->escape_string($data['name']);
}
}
// Bio
if ($user['fbbio'] and $data['bio'] and $mybb->settings['myfbconnect_fbbio']) {
if ($db->field_exists($bioid, "userfields")) {
$userfield[$bioid] = $db->escape_string(htmlspecialchars_decode(my_substr($data['bio'], 0, 400, true)));
}
}
// Location
if ($user['fblocation'] and $data['location']['name'] and $mybb->settings['myfbconnect_fblocation']) {
if ($db->field_exists($locationid, "userfields")) {
$userfield[$locationid] = $db->escape_string($data['location']['name']);
}
}
if ($update) {
$query = $db->update_query("users", $update, "uid = {$user['uid']}");
}
// Make sure we can do it
if ($userfield) {
if ($userfield['ufid']) {
$query = $db->insert_query("userfields", $userfield);
} else {
$query = $db->update_query("userfields", $userfield, "ufid = {$user['uid']}");
}
}
return true;
}
}
}
*/
// Clear the profile
$userhandler->clear_profile($uid, $mybb->settings['purgespammerbangroup']);
$cache->update_banned();
$cache->update_bannedips();
$cache->update_awaitingactivation();
// Update reports cache
$cache->update_reportedcontent();
} elseif ($mybb->settings['purgespammerbandelete'] == "delete") {
$user_deleted = $userhandler->delete_user($uid, 1);
}
// Submit the user to stop forum spam
if (!empty($mybb->settings['purgespammerapikey'])) {
$sfs = @fetch_remote_file("http://stopforumspam.com/add.php?username="******"&ip_addr=" . urlencode(my_inet_ntop($db->unescape_binary($user['lastip']))) . "&email=" . urlencode($user['email']) . "&api_key=" . urlencode($mybb->settings['purgespammerapikey']));
}
log_moderator_action(array('uid' => $uid, 'username' => $user['username']), $lang->purgespammer_modlog);
if ($user_deleted) {
redirect($mybb->settings['bburl'], $lang->purgespammer_success);
} else {
redirect(get_profile_link($uid), $lang->purgespammer_success);
}
} else {
if ($mybb->input['action'] == "purgespammer") {
$plugins->run_hooks("moderation_purgespammer_show");
add_breadcrumb($lang->purgespammer);
$lang->purgespammer_purge = $lang->sprintf($lang->purgespammer_purge, $user['username']);
if ($mybb->settings['purgespammerbandelete'] == "ban") {
$lang->purgespammer_purge_desc = $lang->sprintf($lang->purgespammer_purge_desc, $lang->purgespammer_ban);
} else {
/**
* Save post attachments.
*
* @since 1.0.0
* @package GeoDirectory
* @global object $wpdb WordPress Database object.
* @global string $plugin_prefix Geodirectory plugin table prefix.
* @global object $current_user Current user object.
* @param int $post_id The post ID.
* @param array $post_image Post image urls as an array.
* @param bool $dummy Optional. Is this a dummy listing? Default false.
*/
function geodir_save_post_images($post_id = 0, $post_image = array(), $dummy = false)
{
global $wpdb, $plugin_prefix, $current_user;
$post_type = get_post_type($post_id);
$table = $plugin_prefix . $post_type . '_detail';
$post_images = geodir_get_images($post_id);
$wpdb->query($wpdb->prepare("UPDATE " . $table . " SET featured_image = '' where post_id =%d", array($post_id)));
$invalid_files = $post_images;
$valid_file_ids = array();
$valid_files_condition = '';
$geodir_uploaddir = '';
$remove_files = array();
if (!empty($post_image)) {
$uploads = wp_upload_dir();
$uploads_dir = $uploads['path'];
$geodir_uploadpath = $uploads['path'];
$geodir_uploadurl = $uploads['url'];
$sub_dir = isset($uploads['subdir']) ? $uploads['subdir'] : '';
$invalid_files = array();
$postcurr_images = array();
for ($m = 0; $m < count($post_image); $m++) {
$menu_order = $m + 1;
$file_path = '';
/* --------- start ------- */
$split_img_path = explode($uploads['baseurl'], $post_image[$m]);
$split_img_file_path = isset($split_img_path[1]) ? $split_img_path[1] : '';
if (!($find_image = $wpdb->get_var($wpdb->prepare("SELECT ID FROM " . GEODIR_ATTACHMENT_TABLE . " WHERE file=%s AND post_id = %d", array($split_img_file_path, $post_id))))) {
/* --------- end ------- */
$curr_img_url = $post_image[$m];
$image_name_arr = explode('/', $curr_img_url);
$count_image_name_arr = count($image_name_arr) - 2;
$count_image_name_arr = $count_image_name_arr >= 0 ? $count_image_name_arr : 0;
$curr_img_dir = $image_name_arr[$count_image_name_arr];
$filename = end($image_name_arr);
if (strpos($filename, '?') !== false) {
list($filename) = explode('?', $filename);
}
$curr_img_dir = str_replace($uploads['baseurl'], "", $curr_img_url);
$curr_img_dir = str_replace($filename, "", $curr_img_dir);
$img_name_arr = explode('.', $filename);
$file_title = isset($img_name_arr[0]) ? $img_name_arr[0] : $filename;
if (!empty($img_name_arr) && count($img_name_arr) > 2) {
$new_img_name_arr = $img_name_arr;
if (isset($new_img_name_arr[count($img_name_arr) - 1])) {
unset($new_img_name_arr[count($img_name_arr) - 1]);
$file_title = implode('.', $new_img_name_arr);
}
}
$file_title = sanitize_file_name($file_title);
$file_name = sanitize_file_name($filename);
$arr_file_type = wp_check_filetype($filename);
$uploaded_file_type = $arr_file_type['type'];
// Set an array containing a list of acceptable formats
$allowed_file_types = array('image/jpg', 'image/jpeg', 'image/gif', 'image/png');
// If the uploaded file is the right format
if (in_array($uploaded_file_type, $allowed_file_types)) {
if (!function_exists('wp_handle_upload')) {
require_once ABSPATH . 'wp-admin/includes/file.php';
}
if (!is_dir($geodir_uploadpath)) {
mkdir($geodir_uploadpath);
}
$external_img = false;
if (strpos($curr_img_url, $uploads['baseurl']) !== false) {
} else {
$external_img = true;
}
if ($dummy || $external_img) {
$uploaded_file = array();
$uploaded = (array) fetch_remote_file($curr_img_url);
if (empty($uploaded['error'])) {
$new_name = basename($uploaded['file']);
$uploaded_file = $uploaded;
}
$external_img = false;
} else {
$new_name = $post_id . '_' . $file_name;
if ($curr_img_dir == $sub_dir) {
$img_path = $geodir_uploadpath . '/' . $filename;
$img_url = $geodir_uploadurl . '/' . $filename;
} else {
$img_path = $uploads_dir . '/temp_' . $current_user->data->ID . '/' . $filename;
$img_url = $uploads['url'] . '/temp_' . $current_user->data->ID . '/' . $filename;
}
$uploaded_file = '';
if (file_exists($img_path)) {
$uploaded_file = copy($img_path, $geodir_uploadpath . '/' . $new_name);
$file_path = '';
} else {
if (file_exists($uploads['basedir'] . $curr_img_dir . $filename)) {
$uploaded_file = true;
$file_path = $curr_img_dir . '/' . $filename;
}
}
if ($curr_img_dir != $geodir_uploaddir && file_exists($img_path)) {
unlink($img_path);
}
}
if (!empty($uploaded_file)) {
if (!isset($file_path) || !$file_path) {
$file_path = $sub_dir . '/' . $new_name;
}
$postcurr_images[] = $uploads['baseurl'] . $file_path;
if ($menu_order == 1) {
$wpdb->query($wpdb->prepare("UPDATE " . $table . " SET featured_image = %s where post_id =%d", array($file_path, $post_id)));
}
// Set up options array to add this file as an attachment
$attachment = array();
$attachment['post_id'] = $post_id;
$attachment['title'] = $file_title;
$attachment['content'] = '';
$attachment['file'] = $file_path;
$attachment['mime_type'] = $uploaded_file_type;
$attachment['menu_order'] = $menu_order;
$attachment['is_featured'] = 0;
$attachment_set = '';
foreach ($attachment as $key => $val) {
if ($val != '') {
$attachment_set .= $key . " = '" . $val . "', ";
}
}
$attachment_set = trim($attachment_set, ", ");
$wpdb->query("INSERT INTO " . GEODIR_ATTACHMENT_TABLE . " SET " . $attachment_set);
$valid_file_ids[] = $wpdb->insert_id;
}
}
} else {
$valid_file_ids[] = $find_image;
$postcurr_images[] = $post_image[$m];
$wpdb->query($wpdb->prepare("UPDATE " . GEODIR_ATTACHMENT_TABLE . " SET menu_order = %d where file =%s AND post_id =%d", array($menu_order, $split_img_path[1], $post_id)));
if ($menu_order == 1) {
$wpdb->query($wpdb->prepare("UPDATE " . $table . " SET featured_image = %s where post_id =%d", array($split_img_path[1], $post_id)));
}
}
}
if (!empty($valid_file_ids)) {
$remove_files = $valid_file_ids;
$remove_files_length = count($remove_files);
$remove_files_format = array_fill(0, $remove_files_length, '%d');
$format = implode(',', $remove_files_format);
$valid_files_condition = " ID NOT IN ({$format}) AND ";
}
//Get and remove all old images of post from database to set by new order
if (!empty($post_images)) {
foreach ($post_images as $img) {
if (!in_array($img->src, $postcurr_images)) {
$invalid_files[] = (object) array('src' => $img->src);
}
}
}
$invalid_files = (object) $invalid_files;
}
$remove_files[] = $post_id;
$wpdb->query($wpdb->prepare("DELETE FROM " . GEODIR_ATTACHMENT_TABLE . " WHERE " . $valid_files_condition . " post_id = %d", $remove_files));
if (!empty($invalid_files)) {
geodir_remove_attachments($invalid_files);
}
}
/**
* MyBB 1.6
* Copyright 2010 MyBB Group, All Rights Reserved
*
* Website: http://mybb.com
* License: http://mybb.com/about/license
*
* $Id$
*/
function build_server_stats($is_install = 1, $prev_version = '', $current_version = '', $charset = '')
{
$info = array();
// Is this an upgrade or an install?
if ($is_install == 1) {
$info['is_install'] = 1;
} else {
$info['is_install'] = 0;
}
// If we are upgrading....
if ($info['is_install'] == 0) {
// What was the previous version?
$info['prev_version'] = $prev_version;
}
// What's our current version?
$info['current_version'] = $current_version;
// What is our current charset?
$info['charset'] = $charset;
// Parse phpinfo into array
$phpinfo = parse_php_info();
// PHP Version
$info['phpversion'] = phpversion();
// MySQL Version
$info['mysql'] = 0;
if (array_key_exists('mysql', $phpinfo)) {
$info['mysql'] = $phpinfo['mysql']['Client API version'];
}
// PostgreSQL Version
$info['pgsql'] = 0;
if (array_key_exists('pgsql', $phpinfo)) {
$info['pgsql'] = $phpinfo['pgsql']['PostgreSQL(libpq) Version'];
}
// SQLite Version
$info['sqlite'] = 0;
if (array_key_exists('sqlite', $phpinfo)) {
$info['sqlite'] = $phpinfo['sqlite']['SQLite Library'];
}
// Iconv Library Extension Version
$info['iconvlib'] = 0;
if (array_key_exists('iconv', $phpinfo)) {
$info['iconvlib'] = html_entity_decode($phpinfo['iconv']['iconv implementation']) . "|" . $phpinfo['iconv']['iconv library version'];
}
// Check GD & Version
$info['gd'] = 0;
if (array_key_exists('gd', $phpinfo)) {
$info['gd'] = $phpinfo['gd']['GD Version'];
}
// CGI Mode
$sapi_type = php_sapi_name();
$info['cgimode'] = 0;
if (strpos($sapi_type, 'cgi') !== false) {
$info['cgimode'] = 1;
}
// Server Software
$info['server_software'] = $_SERVER['SERVER_SOFTWARE'];
// Allow url fopen php.ini setting
$info['allow_url_fopen'] = 0;
if (ini_get('safe_mode') == 0 && ini_get('allow_url_fopen')) {
$info['allow_url_fopen'] = 1;
}
// Check classes, extensions, php info, functions, and php ini settings
$check = array('classes' => array('dom' => array('bitwise' => 1, 'title' => 'DOMElement'), 'soap' => array('bitwise' => 2, 'title' => 'SoapClient'), 'xmlwriter' => array('bitwise' => 4, 'title' => 'XMLWriter'), 'imagemagick' => array('bitwise' => 8, 'title' => 'Imagick')), 'extensions' => array('zendopt' => array('bitwise' => 1, 'title' => 'Zend Optimizer'), 'xcache' => array('bitwise' => 2, 'title' => 'XCache'), 'eaccelerator' => array('bitwise' => 4, 'title' => 'eAccelerator'), 'ioncube' => array('bitwise' => 8, 'title' => 'ionCube Loader'), 'PDO' => array('bitwise' => 16, 'title' => 'PDO'), 'pdo_mysql' => array('bitwise' => 32, 'title' => 'pdo_mysql'), 'pdo_pgsql' => array('bitwise' => 64, 'title' => 'pdo_pgsql'), 'pdo_sqlite' => array('bitwise' => 128, 'title' => 'pdo_sqlite'), 'pdo_oci' => array('bitwise' => 256, 'title' => 'pdo_oci'), 'pdo_odbc' => array('bitwise' => 512, 'title' => 'pdo_odbc')), 'phpinfo' => array('zlib' => array('bitwise' => 1, 'title' => 'zlib'), 'mbstring' => array('bitwise' => 2, 'title' => 'mbstring'), 'exif' => array('bitwise' => 4, 'title' => 'exif'), 'zlib' => array('bitwise' => 8, 'title' => 'zlib')), 'functions' => array('sockets' => array('bitwise' => 1, 'title' => 'fsockopen'), 'mcrypt' => array('bitwise' => 2, 'title' => 'mcrypt_encrypt'), 'simplexml' => array('bitwise' => 4, 'title' => 'simplexml_load_string'), 'ldap' => array('bitwise' => 8, 'title' => 'ldap_connect'), 'mysqli' => array('bitwise' => 16, 'title' => 'mysqli_connect'), 'imap' => array('bitwise' => 32, 'title' => 'imap_open'), 'ftp' => array('bitwise' => 64, 'title' => 'ftp_login'), 'pspell' => array('bitwise' => 128, 'title' => 'pspell_new'), 'apc' => array('bitwise' => 256, 'title' => 'apc_cache_info'), 'curl' => array('bitwise' => 512, 'title' => 'curl_init'), 'iconv' => array('bitwise' => 1024, 'title' => 'iconv')), 'php_ini' => array('post_max_size' => 'post_max_size', 'upload_max_filesize' => 'upload_max_filesize', 'safe_mode' => 'safe_mode'));
foreach ($check as $cat_name => $category) {
foreach ($category as $name => $what) {
switch ($cat_name) {
case "classes":
if (class_exists($what['title'])) {
$info[$cat_name] |= $what['bitwise'];
}
break;
case "extensions":
if (extension_loaded($what['title'])) {
$info[$cat_name] |= $what['bitwise'];
}
break;
case "phpinfo":
if (array_key_exists($what['title'], $phpinfo)) {
$info[$cat_name] |= $what['bitwise'];
}
break;
case "functions":
if (function_exists($what['title'])) {
$info[$cat_name] |= $what['bitwise'];
}
break;
case "php_ini":
if (ini_get($what) != 0) {
$info[$name] = ini_get($what);
} else {
$info[$name] = 0;
}
break;
}
}
}
// Host URL & hostname
$info['hosturl'] = $info['hostname'] = "unknown/local";
if ($_SERVER['HTTP_HOST'] == 'localhost') {
$info['hosturl'] = $info['hostname'] = "localhost";
}
// Check the hosting company
if (strpos($_SERVER['HTTP_HOST'], ".") !== false) {
$host_url = "http://www.whoishostingthis.com/" . str_replace(array('http://', 'www.'), '', $_SERVER['HTTP_HOST']);
$hosting = fetch_remote_file($host_url);
if ($hosting) {
preg_match('#We believe \\<a href\\="http:\\/\\/www.whoishostingthis.com\\/linkout\\/\\?t\\=[0-9]&url\\=?([^"]*)" (title="([^"]*)" )target\\=\\_blank\\>([^<]*)\\<\\/a\\>#ism', $hosting, $matches);
$info['hosturl'] = "unknown/no-url";
if (isset($matches[1]) && strlen(trim($matches[1])) != 0 && strpos($matches[1], '.') !== false) {
$info['hosturl'] = strtolower($matches[1]);
} else {
if (isset($matches[3]) && strlen(trim($matches[3])) != 0 && strpos($matches[3], '.') !== false) {
$info['hosturl'] = strtolower($matches[3]);
}
}
if (isset($matches[4]) && strlen(trim($matches[4])) != 0) {
$info['hostname'] = $matches[4];
} elseif (isset($matches[3]) && strlen(trim($matches[3])) != 0) {
$info['hostname'] = $matches[3];
} elseif (isset($matches[2]) && strlen(trim($matches[2])) != 0) {
$info['hostname'] = str_replace(array('title=', '"'), '', $matches[2][0]);
} elseif (strlen(trim($info['hosturl'])) != 0 && $info['hosturl'] != "unknown/no-url") {
$info['hostname'] = $info['hosturl'];
} else {
$info['hostname'] = "unknown/no-name";
}
}
}
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$info['useragent'] = $_SERVER['HTTP_USER_AGENT'];
}
// We need a unique ID for the host so hash it to keep it private and send it over
$id = $_SERVER['HTTP_HOST'] . time();
if (function_exists('sha1')) {
$info['id'] = sha1($id);
} else {
$info['id'] = md5($id);
}
$string = "";
$amp = "";
foreach ($info as $key => $value) {
$string .= $amp . $key . "=" . urlencode($value);
$amp = "&";
}
$server_stats_url = 'http://www.mybb.com/stats.php?' . $string;
$return = array();
$return['info_sent_success'] = false;
if (fetch_remote_file($url) !== false) {
$return['info_sent_success'] = true;
}
$return['info_image'] = "<img src='http://www.mybb.com/stats.php?{$string}&img=1' />";
$return['info_get_string'] = $string;
return $return;
}
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_username = false)
{
global $lang, $config, $usrcp, $userinfo;
global $script_path, $script_api_key, $script_cp1256;
//URL must be begin with http://
if (empty($script_path) || $script_path[0] != 'h') {
big_error('Forum URL must be begin with http://', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'API'));
}
//api key is the key to make the query between the remote script and kleeja more secure !
//this must be changed in the real use
if (empty($script_api_key)) {
big_error('api key', 'To connect to the remote script you have to write the API key ...');
}
$pass = empty($script_cp1256) || !$script_cp1256 ? $pass : $usrcp->kleeja_utf8($pass, false);
$name = empty($script_cp1256) || !$script_cp1256 || $hashed ? $name : $usrcp->kleeja_utf8($name, false);
/*
@see file : docs/kleeja_(vb,mysmartbb,phpbb)_api.txt
*/
$api_http_query = 'api_key=' . kleeja_base64_encode($script_api_key) . '&' . ($hashed ? 'userid' : 'username') . '=' . urlencode($name) . '&pass='******'&return_username=1' : '';
//get it
$remote_data = fetch_remote_file($script_path . '?' . $api_http_query);
//no responde
//empty or can not connect
if ($remote_data == false || empty($remote_data)) {
return false;
}
//see kleeja_api.php file
//split the data , the first one is always 0 or 1
//0 : error
//1: ok
$user_info = explode('%|%', kleeja_base64_decode($remote_data));
//omg, it's 0 , 0 : error, lets die here
if ((int) $user_info[0] == 0) {
return false;
}
//
//if we want username only we have to return it quickly and die here
//
if ($return_username) {
return empty($script_cp1256) || !$script_cp1256 ? $user_info[1] : $usrcp->kleeja_utf8($user_info[1]);
}
//
//when loggin to admin, we just want a check, no data setup ..
//
if (!$loginadm) {
define('USER_ID', $user_info[1]);
define('GROUP_ID', 3);
define('USER_NAME', empty($script_cp1256) || !$script_cp1256 ? $user_info[2] : $usrcp->kleeja_utf8($user_info[2]));
define('USER_MAIL', $user_info[3]);
define('USER_ADMIN', (int) $user_info[5] == 1 ? 1 : 0);
}
//user ifo
//and this must be filled with user data comming from url
$userinfo = array();
$userinfo['group_id'] = GROUP_ID;
$user_y = kleeja_base64_encode(serialize(array('id' => USER_ID, 'name' => USER_NAME, 'mail' => USER_MAIL, 'last_visit' => time())));
//add cookies
if (!$loginadm) {
$usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($user_info[1] . '|' . $user_info[4] . '|' . $expire . '|' . sha1(md5($config['h_key'] . $user_info[4]) . $expire) . '|' . GROUP_ID . '|' . $user_y), $expire);
}
//no need after now
unset($pass);
//yes ! he is a real user
return true;
}
/**
* Processing current upload, aka 'after user click upload button to upload his files'
*/
function process()
{
global $SQL, $dbprefix, $config, $lang;
($hook = kleeja_run_hook('kljuploader_process_func')) ? eval($hook) : null;
//run hook
# check folder our real folder
if (!file_exists($this->folder)) {
if (!make_folder($this->folder)) {
$this->messages[] = array($lang['CANT_DIR_CRT'], 'index_err');
}
}
# check the live-exts-folder, live exts plugin codes
if (!empty($config['imagefolderexts']) && !file_exists($config['imagefolder'])) {
if (!make_folder($config['imagefolder'])) {
$this->messages[] = array($lang['CANT_DIR_CRT'], 'index_err');
}
}
# when uploading_type = 1, then we upload from _file input
# if uploading_type = 2, then we uploading from url which is disabled by default and is buggy
$uploading_type = isset($_POST['submitr']) ? 1 : (isset($_POST['submittxt']) ? 2 : false);
# add your uploading_type through the hook
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type')) ? eval($hook) : null;
//run hook
#no uploading yet, or just go to index.php, so we have make a new session
if (!$uploading_type) {
unset($_SESSION['FIILES_NOT_DUPLI'], $_SESSION['FIILES_NOT_DUPLI_LINKS']);
}
# is captcha on, and there is uploading going on
if ($this->safe_code && $uploading_type) {
#captcha is wrong
if (!kleeja_check_captcha()) {
return $this->messages[] = array($lang['WRONG_VERTY_CODE'], 'index_err');
}
}
# to prevent flooding, user must wait, waiting-time is grapped from Kleeja settings, admin is exceptional
if (!$this->user_is_adm && user_is_flooding($this->id_user)) {
return $this->messages[] = array(sprintf($lang['YOU_HAVE_TO_WAIT'], $this->id_user == '-1' ? $config['guestsectoupload'] : $config['usersectoupload']), 'index_err');
}
# flooading ..
if ($uploading_type == 1 && isset($_SESSION['FIILES_NOT_DUPLI'])) {
for ($i = 0; $i <= $this->filesnum; $i++) {
if (!empty($_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name']) && !empty($_FILES['file_' . $i . '_']['name']) && $_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name'] == $_FILES['file_' . $i . '_']['name']) {
redirect('./');
}
}
}
if ($uploading_type == 2 && isset($_SESSION['FIILES_NOT_DUPLI_LINKS'])) {
for ($i = 0; $i <= $this->filesnum; $i++) {
if (!empty($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) && !empty($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && trim($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && $_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_'] == $_POST['file_' . $i . '_']) {
redirect('./');
}
}
}
# flooding code, making sure every ok session is cleared
if (isset($_POST['submitr'])) {
if (isset($_SESSION['FIILES_NOT_DUPLI'])) {
unset($_SESSION['FIILES_NOT_DUPLI']);
}
$_SESSION['FIILES_NOT_DUPLI'] = $_FILES;
} elseif (isset($_POST['submittxt'])) {
if (isset($_SESSION['FIILES_NOT_DUPLI_LINKS'])) {
unset($_SESSION['FIILES_NOT_DUPLI_LINKS']);
}
$_SESSION['FIILES_NOT_DUPLI_LINKS'] = $_POST;
}
#now close session to let user open any other page in Kleeja
@session_write_close();
# uploading process, empty check-list for now
$check = false;
# add your uploading_type through the hook
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_later')) ? eval($hook) : null;
//run hook
# do upload
switch ($uploading_type) {
#uploading from a _files input
case 1:
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1')) ? eval($hook) : null;
//run hook
# loop the uploaded files
for ($i = 0; $i <= $this->filesnum; $i++) {
//no file!
if (empty($_FILES['file_' . $i . '_']['tmp_name'])) {
continue;
}
# file name
$this->filename = isset($_FILES['file_' . $i . '_']['name']) ? htmlspecialchars(str_replace(array(';', ','), '', $_FILES['file_' . $i . '_']['name'])) : '';
# add the file to the check-list
$check .= isset($_FILES['file_' . $i . '_']['name']) ? $_FILES['file_' . $i . '_']['name'] : '';
# get the extension of file
$this->typet = strtolower(array_pop(explode('.', $this->filename)));
# them the size
$this->sizet = !empty($_FILES['file_' . $i . '_']['size']) ? intval($_FILES['file_' . $i . '_']['size']) : null;
# get the other filename, changed depend on kleeja settings
$this->filename2 = change_filename_decoding($this->filename, $i, $this->typet, $this->decode);
# filename templates {rand:..}, {date:..}
$this->filename2 = change_filename_templates(trim($this->prefix) . $this->filename2);
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1_loop')) ? eval($hook) : null;
//run hook
# file exists before? change it a little
if (file_exists($this->folder . '/' . $this->filename2)) {
$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'exists');
}
# now, let process it
if (!in_array(strtolower($this->typet), array_keys($this->types))) {
# guest
if ($this->id_user == '-1') {
$this->messages[] = array(sprintf($lang['FORBID_EXT'], $this->typet) . '<br /> <a href="' . ($config['mod_writer'] ? "register.html" : "ucp.php?go=register") . '" title="' . htmlspecialchars($lang['REGISTER']) . '">' . $lang['REGISTER'] . '</a>', 'index_err');
} else {
$this->messages[] = array(sprintf($lang['FORBID_EXT'], $this->typet), 'index_err');
}
} elseif (preg_match("#[\\\\/\\:\\*\\?\\<\\>\\|\"]#", $this->filename2)) {
$this->messages[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif (ext_check_safe($_FILES['file_' . $i . '_']['name']) == false) {
$this->messages[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif (check_mime_type($_FILES['file_' . $i . '_']['type'], in_array(strtolower($this->typet), array('gif', 'png', 'jpg', 'jpeg', 'bmp')), $_FILES['file_' . $i . '_']['tmp_name']) == false) {
$this->messages[] = array(sprintf($lang['NOT_SAFE_FILE'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif ($this->types[strtolower($this->typet)] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]) {
$this->messages[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_FILES['file_' . $i . '_']['name']), Customfile_size($this->types[strtolower($this->typet)])), 'index_err');
} else {
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1_loop_upload')) ? eval($hook) : null;
//run hook
#if this is listed as live-ext from Kleeja settings
$live_exts = array_map('trim', explode(',', $config['imagefolderexts']));
$folder_to_upload = $this->folder;
if (in_array(strtolower($this->typet), $live_exts)) {
# live-exts folder, if empty use default folder
$folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : trim($config['imagefolder']);
# change to time decoding for filename
if ((int) $config['imagefoldere']) {
//$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'time');
}
}
# now, upload the file
$file = move_uploaded_file($_FILES['file_' . $i . '_']['tmp_name'], $folder_to_upload . "/" . $this->filename2);
if ($file) {
$this->saveit($this->filename2, $folder_to_upload, $this->sizet, $this->typet, $this->filename);
} else {
$this->messages[] = array(sprintf($lang['CANT_UPLAOD'], $this->filename2), 'index_err');
}
}
}
#loop
# well, there is no file uploaded
if (!isset($check) || empty($check)) {
$this->messages[] = array($lang['CHOSE_F'], 'index_err');
}
break;
#uploading from a url text-input
#uploading from a url text-input
case 2:
#if not enabled, quit it
if ((int) $config['www_url'] != '1') {
break;
}
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2')) ? eval($hook) : null;
//run hook
#loop text inputs
for ($i = 0; $i <= $this->filesnum; $i++) {
# get file name
$this->filename = isset($_POST['file_' . $i . '_']) ? basename(htmlspecialchars($_POST['file_' . $i . '_'])) : '';
//print $this->filename;
# add it to the check-list
$check .= isset($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] ? $_POST['file_' . $i . '_'] : '';
# file extension, type
$this->typet = explode(".", $this->filename);
if (in_array($this->typet[count($this->typet) - 1], array('html', 'php', 'html'))) {
$this->typet = strtolower($this->typet[count($this->typet) - 2]);
} else {
$this->typet = strtolower($this->typet[count($this->typet) - 1]);
}
# change to another filename depend on kleeja settings
$this->filename2 = change_filename_decoding($this->filename, $i, $this->typet, $this->decode);
$this->filename2 = change_filename_templates(trim($this->prefix) . $this->filename2);
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2_loop')) ? eval($hook) : null;
//run hook
# process is begun
if (empty($_POST['file_' . $i . '_']) || trim($_POST['file_' . $i . '_']) == $lang['PAST_URL_HERE']) {
#if empty is not big deal, it's a multi-text-input, remember?
} elseif (!in_array(strtolower($this->typet), array_keys($this->types))) {
$this->messages[] = array(sprintf($lang['FORBID_EXT'], htmlspecialchars($_POST['file_' . $i . '_']), $this->typet), 'index_err');
} elseif (file_exists($this->folder . '/' . $this->filename2)) {
$this->messages[] = array(sprintf($lang['SAME_FILE_EXIST'], htmlspecialchars($this->filename2)), 'index_err');
} else {
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2_loop_upload')) ? eval($hook) : null;
//run hook
#if this is listed as live-ext from Kleeja settings
$live_exts = explode(',', $config['imagefolderexts']);
$folder_to_upload = $this->folder;
if (in_array(strtolower($this->typet), $live_exts)) {
# live-exts folder, if empty use default folder
$folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : trim($config['imagefolder']);
# change to time decoding for filename
if ((int) $config['imagefoldere']) {
//$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'time');
}
}
#no prefix ? http or even ftp, then add one
if (!in_array(substr($_POST['file_' . $i . '_'], 0, 4), array('http', 'ftp:'))) {
$_POST['file_' . $i . '_'] = 'http://' . $_POST['file_' . $i . '_'];
}
#get size, if big quit it
$this->sizet = get_remote_file_size($_POST['file_' . $i . '_']);
if ($this->types[strtolower($this->typet)] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]) {
$this->messages[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_POST['file_' . $i . '_']), Customfile_size($this->types[strtolower($this->typet)])), 'index_err');
} else {
#get remote data, if no data quit it
$data = fetch_remote_file($_POST['file_' . $i . '_'], $folder_to_upload . "/" . $this->filename2, 6, false, 2, true);
if ($data === false) {
$this->messages[] = array($lang['URL_CANT_GET'], 'index_err');
} else {
$this->saveit($this->filename2, $folder_to_upload, $this->sizet, $this->typet);
}
}
}
#else
}
#end loop
# if not file uploaded as the check-list said, then show error
if (!isset($check) || empty($check)) {
$this->messages[] = array($lang['CHOSE_F'], 'index_err');
}
break;
default:
($hook = kleeja_run_hook('kljuploader_process_switch_default_func')) ? eval($hook) : null;
//run hook
}
#end switch
}
if (!is_uploaded_file($_FILES['local_file']['tmp_name'])) {
$errors[] = $lang->error_uploadfailed_lost;
}
// Get the contents
$contents = @file_get_contents($_FILES['local_file']['tmp_name']);
// Delete the temporary file if possible
@unlink($_FILES['local_file']['tmp_name']);
// Are there contents?
if (!trim($contents)) {
$errors[] = $lang->error_uploadfailed_nocontents;
}
}
} else {
if (!empty($mybb->input['url'])) {
// Get the contents
$contents = @fetch_remote_file($mybb->input['url']);
if (!$contents) {
$errors[] = $lang->error_local_file;
}
} else {
// UPLOAD_ERR_NO_FILE
$errors[] = $lang->error_uploadfailed_php4;
}
}
if (!$errors) {
$options = array('no_stylesheets' => $mybb->input['import_stylesheets'] ? 0 : 1, 'no_templates' => $mybb->input['import_templates'] ? 0 : 1, 'version_compat' => $mybb->get_input('version_compat', MyBB::INPUT_INT), 'parent' => $mybb->get_input('tid', MyBB::INPUT_INT), 'force_name_check' => true);
$theme_id = import_theme_xml($contents, $options);
if ($theme_id > -1) {
$plugins->run_hooks("admin_style_themes_import_commit");
// Log admin action
log_admin_action($theme_id);
/**
* @return bool
*/
function jb_download_core()
{
// No need to try anything if we can't unzip the file at the end
if (!class_exists("ZipArchive")) {
return false;
}
$branch = "master";
if (defined("USE_DEVELOPMENT") && USE_DEVELOPMENT === true) {
$branch = "development";
}
$content = fetch_remote_file("https://codeload.github.com/JN-Jones/JonesCore/zip/{$branch}");
// Wasn't able to get the zip from github
if ($content === false || empty($content)) {
return false;
}
// Now save the zip!
$file = @fopen(MYBB_ROOT . "inc/plugins/jones/core/temp.zip", "w");
// Wasn't able to create the file
if ($file === false) {
return false;
}
@fwrite($file, $content);
@fclose($file);
// We got the file - now unzip it
$zip = new ZipArchive();
$zip->open(MYBB_ROOT . "inc/plugins/jones/core/temp.zip");
$success = $zip->extractTo(MYBB_ROOT . "inc/plugins/jones/core/temp/");
$zip->close();
// Something went wrong
if ($success === false) {
return false;
}
// Now move the core recursive and then delete everything
jb_move_recursive(MYBB_ROOT . "inc/plugins/jones/core/temp/JonesCore-{$branch}/");
jb_remove_recursive(MYBB_ROOT . "inc/plugins/jones/core/temp/");
@unlink(MYBB_ROOT . "inc/plugins/jones/core/temp.zip");
return true;
}
function xthreads_install()
{
global $db, $cache, $plugins;
$plugins->run_hooks('xthreads_install_start');
$create_table_suffix = $db->build_create_table_collation();
$dbtype = xthreads_db_type();
switch ($dbtype) {
case 'mysql':
$engine = 'MyISAM';
// try to see if a custom table engine is being used
$query = $db->query('SHOW TABLE STATUS LIKE "' . $db->table_prefix . 'threads"', true);
if ($query) {
$eng = $db->fetch_field($query, 'Engine');
if (in_array(strtolower($eng), array('innodb', 'aria', 'xtradb'))) {
// only stick to common possibilities to avoid issues with exquisite setups
$engine = $eng;
}
}
$create_table_suffix = ' ENGINE=' . $engine . $create_table_suffix;
$auto_increment = ' auto_increment';
break;
case 'sqlite':
$auto_increment = ' PRIMARY KEY';
break;
case 'pgsql':
$auto_increment = '';
}
if ($dbtype != 'mysql') {
die('XThreads currently does not support database systems other than MySQL/i.');
}
if (!$db->table_exists('threadfields_data')) {
$db->write_query('CREATE TABLE ' . $db->table_prefix . 'threadfields_data (
tid ' . xthreads_db_fielddef('int') . ' not null
' . ($dbtype != 'sqlite' ? ', PRIMARY KEY (tid)' : '') . '
)' . $create_table_suffix);
}
if (!$db->table_exists('xtattachments')) {
$db->write_query('CREATE TABLE ' . $db->table_prefix . 'xtattachments (
aid ' . xthreads_db_fielddef('int') . ' not null' . $auto_increment . ',
downloads ' . xthreads_db_fielddef('bigint') . ' not null default 0,
tid ' . xthreads_db_fielddef('int') . ' not null,
uid ' . xthreads_db_fielddef('int') . ' not null default 0,
field varchar(50) not null default \'\',
posthash varchar(50) not null default \'\',
filename varchar(255) not null default \'\',
uploadmime varchar(120) not null default \'\',
filesize ' . xthreads_db_fielddef('bigint') . ' not null default 0,
attachname varchar(120) not null default \'\',
indir varchar(40) not null default \'\',
md5hash ' . xthreads_db_fielddef('binary', 16) . ' default null,
uploadtime ' . xthreads_db_fielddef('bigint') . ' not null default 0,
updatetime ' . xthreads_db_fielddef('bigint') . ' not null default 0,
thumbs text not null
' . ($dbtype != 'sqlite' ? ',
PRIMARY KEY (aid)
' . ($dbtype != 'pg' ? ',
KEY (tid),
KEY (tid,uid),
KEY (posthash),
KEY (field)
' : '') . '
' : '') . '
)' . $create_table_suffix);
}
if (!$db->table_exists('threadfields')) {
$fieldprops = xthreads_threadfields_props();
$query = '';
foreach ($fieldprops as $field => &$prop) {
$query .= ($query ? ',' : '') . '`' . $field . '` ' . xthreads_db_fielddef($prop['db_type'], $prop['db_size'], $prop['db_unsigned']) . ' not null';
if (isset($prop['default']) && $prop['db_type'] != 'text') {
if ($prop['datatype'] == 'string') {
$query .= ' default \'' . $db->escape_string($prop['default']) . '\'';
} elseif ($prop['datatype'] == 'double') {
$query .= ' default ' . (double) $prop['default'];
} else {
$query .= ' default ' . (int) $prop['default'];
}
}
if ($field == 'field' && $dbtype == 'sqlite') {
$query .= ' PRIMARY KEY';
}
}
$db->write_query('CREATE TABLE ' . $db->table_prefix . 'threadfields (
' . $query . '
' . ($dbtype != 'sqlite' ? ',
PRIMARY KEY (field)
' . ($dbtype != 'pg' ? ',
KEY (disporder)
' : '') . '
' : '') . '
)' . $create_table_suffix);
// `allowsort` '.xthreads_db_numdef('tinyint').' not null default 0,
}
foreach (array('grouping' => xthreads_db_fielddef('int') . ' not null default 0', 'firstpostattop' => xthreads_db_fielddef('tinyint') . ' not null default 0', 'inlinesearch' => xthreads_db_fielddef('tinyint') . ' not null default 0', 'tplprefix' => 'text not null', 'langprefix' => 'text not null', 'allow_blankmsg' => xthreads_db_fielddef('tinyint') . ' not null default 0', 'nostatcount' => xthreads_db_fielddef('tinyint') . ' not null default 0', 'fdcolspan_offset' => xthreads_db_fielddef('smallint', null, false) . ' not null default 0', 'settingoverrides' => 'text not null', 'postsperpage' => xthreads_db_fielddef('smallint') . ' not null default 0', 'hideforum' => xthreads_db_fielddef('tinyint') . ' not null default 0', 'hidebreadcrumb' => xthreads_db_fielddef('tinyint') . ' not null default 0', 'defaultfilter' => 'text not null', 'wol_announcements' => 'varchar(255) not null default \'\'', 'wol_forumdisplay' => 'varchar(255) not null default \'\'', 'wol_newthread' => 'varchar(255) not null default \'\'', 'wol_attachment' => 'varchar(255) not null default \'\'', 'wol_newreply' => 'varchar(255) not null default \'\'', 'wol_showthread' => 'varchar(255) not null default \'\'') as $field => $fdef) {
if (!$db->field_exists($field, 'forums')) {
$db->write_query('ALTER TABLE ' . $db->table_prefix . 'forums ADD COLUMN xthreads_' . $field . ' ' . $fdef);
}
}
// add indexes
foreach (array('uid', 'lastposteruid', 'prefix', 'icon') as $afe) {
if ($afe == 'uid') {
continue;
}
// we won't remove this from the above array
$db->write_query('ALTER TABLE `' . $db->table_prefix . 'threads` ADD KEY `xthreads_' . $afe . '` (`' . $afe . '`)', true);
}
// increase size of sorting column
$db->write_query('ALTER TABLE `' . $db->table_prefix . 'forums` MODIFY `defaultsortby` varchar(255) NOT NULL default \'\'');
$cache->update_forums();
// check for xthreads_attachment.php supported URL type
if (file_exists(MYBB_ROOT . 'xthreads_attach.php')) {
// if not, our admin is a dufus
$rand = 'aA0._|' . mt_rand();
$rand_md5 = md5($rand);
$baseurl = $GLOBALS['mybb']->settings['bburl'] . '/xthreads_attach.php';
if (fetch_remote_file($baseurl . '/test/' . $rand) == $rand_md5) {
define('XTHREADS_ATTACH_USE_QUERY', -1);
} elseif (fetch_remote_file($baseurl . '?file=test/' . $rand) == $rand_md5) {
define('XTHREADS_ATTACH_USE_QUERY', 1);
} elseif (fetch_remote_file($baseurl . '?file=test|' . $rand) == $rand_md5) {
define('XTHREADS_ATTACH_USE_QUERY', 2);
}
// else, well, sucks for the user...
}
xthreads_buildtfcache();
xthreads_write_xtcachefile();
xthreads_insert_templates(xthreads_new_templates(), -2);
xthreads_plugins_quickthread_tplmod();
// admin permissions - default to all allow
$query = $db->simple_select('adminoptions', 'uid,permissions');
while ($adminopt = $db->fetch_array($query)) {
$perms = @unserialize($adminopt['permissions']);
if (empty($perms)) {
continue;
}
// inherited or just messed up
$perms['config']['threadfields'] = 1;
$db->update_query('adminoptions', array('permissions' => $db->escape_string(serialize($perms))), 'uid=' . $adminopt['uid']);
}
$db->free_result($query);
$plugins->run_hooks('xthreads_install_end');
}
/**
* @return bool
*/
function validate_captcha()
{
global $db, $lang, $mybb, $session, $plugins;
$plugins->run_hooks('captcha_validate_start', $this);
if ($this->type == 1) {
// We have a normal CAPTCHA to handle
$imagehash = $db->escape_string($mybb->input['imagehash']);
$imagestring = $db->escape_string(my_strtolower($mybb->input['imagestring']));
switch ($db->type) {
case 'mysql':
case 'mysqli':
$field = 'imagestring';
break;
default:
$field = 'LOWER(imagestring)';
break;
}
$query = $db->simple_select("captcha", "*", "imagehash = '{$imagehash}' AND {$field} = '{$imagestring}'");
$imgcheck = $db->fetch_array($query);
if (!$imgcheck) {
$this->set_error($lang->invalid_captcha_verify);
$db->delete_query("captcha", "imagehash = '{$imagehash}'");
}
} elseif ($this->type == 2) {
$challenge = $mybb->input['recaptcha_challenge_field'];
$response = $mybb->input['recaptcha_response_field'];
if (!$challenge || strlen($challenge) == 0 || !$response || strlen($response) == 0) {
$this->set_error($lang->invalid_captcha);
} else {
// We have a reCAPTCHA to handle
$data = $this->_qsencode(array('privatekey' => $mybb->settings['captchaprivatekey'], 'remoteip' => $session->ipaddress, 'challenge' => $challenge, 'response' => $response));
// Contact Google and see if our reCAPTCHA was successful
$http_request = "POST /recaptcha/api/verify HTTP/1.0\r\n";
$http_request .= "Host: {$this->verify_server}\r\n";
$http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
$http_request .= "Content-Length: " . strlen($data) . "\r\n";
$http_request .= "User-Agent: reCAPTCHA/PHP\r\n";
$http_request .= "\r\n";
$http_request .= $data;
$fs = @fsockopen($this->verify_server, 80, $errno, $errstr, 10);
if ($fs == false) {
$this->set_error($lang->invalid_captcha_transmit);
} else {
// We connected, but is it correct?
fwrite($fs, $http_request);
while (!feof($fs)) {
$response .= fgets($fs, 1160);
}
fclose($fs);
$response = explode("\r\n\r\n", $response, 2);
$answer = explode("\n", $response[1]);
if (trim($answer[0]) != 'true') {
// We got it wrong! Oh no...
$this->set_error($lang->invalid_captcha_verify);
}
}
}
} elseif ($this->type == 4) {
$response = $mybb->input['g-recaptcha-response'];
if (!$response || strlen($response) == 0) {
$this->set_error($lang->invalid_nocaptcha);
} else {
// We have a noCAPTCHA to handle
// Contact Google and see if our reCAPTCHA was successful
$response = fetch_remote_file($this->verify_server, array('secret' => $mybb->settings['captchaprivatekey'], 'remoteip' => $session->ipaddress, 'response' => $response));
if ($response == false) {
$this->set_error($lang->invalid_nocaptcha_transmit);
} else {
$answer = json_decode($response, true);
if ($answer['success'] != 'true') {
// We got it wrong! Oh no...
$this->set_error($lang->invalid_nocaptcha);
}
}
}
} elseif ($this->type == 3) {
define('AYAH_PUBLISHER_KEY', $this->ayah_publisher_key);
define('AYAH_SCORING_KEY', $this->ayah_scoring_key);
define('AYAH_USE_CURL', $this->ayah_use_curl);
define('AYAH_DEBUG_MODE', $this->ayah_debug_mode);
define('AYAH_WEB_SERVICE_HOST', $this->ayah_web_service_host);
require_once MYBB_ROOT . "inc/3rdparty/ayah/ayah.php";
$ayah = new AYAH();
$result = $ayah->scoreResult();
if ($result == false) {
$this->set_error($lang->invalid_ayah_result);
}
}
$plugins->run_hooks('captcha_validate_end', $this);
if (count($this->errors) > 0) {
return false;
} else {
return true;
}
}
if ($_FILES['avatar_upload']['name']) {
$avatar = upload_avatar($_FILES['avatar_upload'], $user['uid']);
if ($avatar['error']) {
$errors = array($avatar['error']);
} else {
if ($avatar['width'] > 0 && $avatar['height'] > 0) {
$avatar_dimensions = $avatar['width'] . "|" . $avatar['height'];
}
$extra_user_updates = array("avatar" => $avatar['avatar'] . '?dateline=' . TIME_NOW, "avatardimensions" => $avatar_dimensions, "avatartype" => "upload");
}
} else {
if ($mybb->input['avatar_url'] && $mybb->input['avatar_url'] != $user['avatar']) {
$mybb->input['avatar_url'] = preg_replace("#script:#i", "", $mybb->input['avatar_url']);
$ext = get_extension($mybb->input['avatar_url']);
// Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
$file = fetch_remote_file($mybb->input['avatar_url']);
if (!$file) {
$avatar_error = $lang->error_invalidavatarurl;
} else {
$tmp_name = "../" . $mybb->settings['avataruploadpath'] . "/remote_" . md5(random_str());
$fp = @fopen($tmp_name, "wb");
if (!$fp) {
$avatar_error = $lang->error_invalidavatarurl;
} else {
fwrite($fp, $file);
fclose($fp);
list($width, $height, $type) = @getimagesize($tmp_name);
@unlink($tmp_name);
echo $type;
if (!$type) {
$avatar_error = $lang->error_invalidavatarurl;
* @license http://www.kleeja.com/license
*
*/
// not for directly open
if (!defined('IN_ADMIN')) {
exit;
}
$current_template = 'check_update.php';
$current_smt = isset($_GET['smt']) ? preg_match('![a-z0-9_]!i', trim($_GET['smt'])) ? trim($_GET['smt']) : 'general' : 'general';
$error = false;
$update_link = $config['siteurl'] . 'install/update.php?lang=' . $config['language'];
#to prevent getting the url data for all cats
if ($current_smt == 'general') {
#get data from kleeja database
$b_url = empty($_SERVER['SERVER_NAME']) ? $config['siteurl'] : $_SERVER['SERVER_NAME'];
$b_data = fetch_remote_file('http://www.kleeja.com/check_vers/?i=' . urlencode($b_url) . '&v=' . KLEEJA_VERSION, false, 6);
if ($b_data === false && !isset($_GET['show_msg'])) {
$text = $lang['ERROR_CHECK_VER'];
$error = true;
} else {
//
// there is a file that we brought it !
//
$b_data = @explode('|', $b_data);
$version_data = trim(htmlspecialchars($b_data[0]));
if (version_compare(strtolower(KLEEJA_VERSION), strtolower($version_data), '<')) {
$error = true;
$text = sprintf($lang['UPDATE_NOW_S'], KLEEJA_VERSION, strtolower($version_data)) . '<br /><br />' . $lang['UPDATE_KLJ_NOW'];
} else {
if (version_compare(strtolower(KLEEJA_VERSION), strtolower($version_data), '=')) {
$text = $lang['U_LAST_VER_KLJ'];