public function execute() { if (false === ($mod_pay = GWF_Module::getModule('Payment'))) { return GWF_HTML::err('ERR_MODULE_MISSING', array('Payment')); } // INIT $isAdmin = GWF_User::isAdminS(); $modules = GWF_Module::loadModulesFS(); foreach ($modules as $i => $m) { if (!$isAdmin) { if ($m->getPrice() > 100000) { unset($modules[$i]); } } } GWF_Module::sortModules($modules, 'module_name', 'asc'); $this->modules = $modules; // Modules to purchase if (false !== Common::getPost('on_order_2_x')) { return $this->onOrder(); } // Actions if (Common::getPost('purchase')) { return $this->onPurchase(); } if (false !== Common::getGet('zipper')) { return $this->onZip(); } return $this->templatePurchase(); }
private function sanitize() { if (false === ($this->site = WC_Site::getByID(Common::getGetInt('siteid', 0)))) { return array($this->module->lang('err_site')); } require_once GWF_CORE_PATH . 'module/WeChall/WC_SiteAdmin.php'; if (!WC_SiteAdmin::isSiteAdmin(GWF_Session::getUserID(), $this->site->getID()) && !GWF_User::isAdminS()) { return array(GWF_HTML::lang('ERR_NO_PERMISSION')); } return false; }
public function templateShow() { if (false === ($news = GWF_News::getNewsQuick($this->module->getNewsPerPage(), $this->catid, $this->page, GWF_Language::getCurrentID()))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } $date = count($news) > 0 ? $news[0]['news_date'] : GWF_Settings::getSetting('gwf_site_birthday') . '090000'; $date = GWF_Time::displayDate($date); GWF_Website::setPageTitle($this->module->lang('pt_news', array($date))); GWF_Website::setMetaTags($this->module->lang('mt_news', array($date))); GWF_Website::setMetaDescr($this->module->lang('md_news', array($this->page, $this->nPages))); // $mod_forum = GWF_Module::getModule('Forum', true); $tVars = array('news' => $news, 'titles' => GWF_News::getTitlesQuick($this->catid, GWF_Language::getCurrentID()), 'cats' => GWF_News::getCategories(), 'catid' => $this->catid, 'cat' => GWF_HTML::display($this->catTitle), 'page_menu' => $this->getPageMenu(), 'page' => $this->page, 'can_sign' => $this->module->canSignNewsletter(GWF_Session::getUser()), 'href_sign_news' => $this->module->hrefSignNewsletter(), 'may_add' => GWF_User::isAdminS() || GWF_User::isStaffS(), 'href_add' => $this->module->hrefAddNews()); return $this->module->templatePHP('show.php', $tVars); }
private function getForm() { $data = array(); if (false === ($file = $this->getFile())) { $name = ''; $size = ''; } else { $_POST['filename'] = $name = $file['name']; $size = $file['size']; } $data['filename'] = array(GWF_Form::STRING, $name, $this->module->lang('th_dl_filename')); if ($file === false) { $data['file'] = array(GWF_Form::FILE_OPT, '', $this->module->lang('th_file')); if (GWF_User::isLoggedIn()) { $data['upload'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_upload')); } } else { $data['size'] = array(GWF_Form::SSTRING, $size, $this->module->lang('th_dl_size')); $data['remove'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_remove')); } $data['group'] = array(GWF_Form::SELECT, GWF_GroupSelect::single('group', Common::getPost('group')), $this->module->lang('th_dl_gid')); $data['level'] = array(GWF_Form::INT, '0', $this->module->lang('th_dl_level')); if (GWF_User::isAdminS()) { $data['price'] = array(GWF_Form::FLOAT, '0.00', $this->module->lang('th_dl_price')); } $data['expire'] = array(GWF_Form::STRING, '0 seconds', $this->module->lang('th_dl_expire'), $this->module->lang('tt_dl_expire')); $data['guest_view'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_dl_guest_view'), $this->module->lang('tt_dl_guest_view')); $data['guest_down'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_dl_guest_down'), $this->module->lang('tt_dl_guest_down')); $data['adult'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_adult')); if (GWF_User::isLoggedIn()) { $data['huname'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_huname')); } $data['descr'] = array(GWF_Form::MESSAGE, '', $this->module->lang('th_dl_descr')); if (!GWF_User::isLoggedIn() && $this->module->cfgGuestCaptcha()) { $data['captcha'] = array(GWF_Form::CAPTCHA); } $data['add'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_add')); return new GWF_Form($this, $data); }
<?php require_once 'settings.php'; require_once 'vuln.php'; chdir("../../../"); require_once "challenge/html_head.php"; $title = 'Light in the Darkness'; html_head("Install: {$title}"); if (!GWF_User::isAdminS()) { return htmlSendToLogin("Better be admin !"); } $solution = false; $score = 6; $url = "challenge/Mawekl/light_in_the_darkness/index.php"; $creators = "Mawekl"; $tags = 'MySQL,Exploit'; if (false === blightInstall()) { die('DB ERROR!'); } WC_Challenge::installChallenge($title, $solution, $score, $url, $creators, $tags, true); require_once "challenge/html_foot.php";
<?php $is_admin = GWF_User::isAdminS(); $wc = Module_WeChall::instance(); echo $tVars['page_menu']; if ($tVars['page'] === 1) { echo $wc->showBirthdayNews(); echo $wc->showChallengeNews(); echo $wc->showSiteMasterNews(); echo $wc->showAccountLinkNews(); } ?> <div class="gwf_newsbox"> <?php foreach ($tVars['news'] as $newsid => $news) { $t = $news->getTranslation(); $news instanceof GWF_News; $newsid = $news->getID(); ?> <div class="gwf_newsbox_item"> <div class="gwf_newsbox_head"> <span class="gwf_newsbox_title"><?php echo $news->displayTitle(); ?> </span> <span class="gwf_newsbox_date"><?php echo $news->displayDate(); ?> </span> <span class="gwf_newsbox_author"><?php
public static function displayMenuAdmin(Module_WeChall $module) { $sel = ''; if (Common::getGet('mo') === 'Admin') { $sel = ' class="wc_menu_sel"'; self::$LEFT_PANEL = false; self::$RIGHT_PANEL = false; } return GWF_User::isAdminS() ? '<li><a' . $sel . ' href="' . GWF_WEB_ROOT . 'nanny">' . $module->lang('menu_admin') . '</a></li>' : ''; }
private function onEdit(GWF_Download $dl) { $form = $this->getForm($dl); if (false !== ($err = $form->validate($this->module))) { return $err . $this->templateEdit($dl); } if (GWF_User::isAdminS()) { if (false === $dl->saveVar('dl_price', $form->getVar('price'))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templateEdit($dl); } } $options = 0; $options |= isset($_POST['enabled']) ? GWF_Download::ENABLED : 0; $options |= isset($_POST['adult']) ? GWF_Download::ADULT : 0; $options |= isset($_POST['huname']) ? GWF_Download::HIDE_UNAME : 0; $options |= isset($_POST['guest_view']) ? GWF_Download::GUEST_VISIBLE : 0; $options |= isset($_POST['guest_down']) ? GWF_Download::GUEST_DOWNLOAD : 0; if (false === $dl->saveVars(array('dl_filename' => $form->getVar('filename'), 'dl_gid' => $form->getVar('group'), 'dl_level' => $form->getVar('level'), 'dl_descr' => $form->getVar('descr'), 'dl_options' => $options, 'dl_expire' => GWF_TimeConvert::humanToSeconds($form->getVar('expire'))))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templateEdit($dl); } return $this->module->message('msg_edited') . $this->templateEdit($dl); }
public function mayView($user) { if (GWF_User::isAdminS()) { return true; } if ($this->isInModeration()) { return false; } if (is_object($user)) { return $this->mayUserView($user); } else { return $this->mayGuestView(); } }
private static function displayMenuAdmin(Module_PoolTool $module) { if (!GWF_User::isAdminS()) { return ''; } $sel = Common::getGet('mo') === 'Admin'; $sel = $sel ? ' class="menu_sel"' : ''; $href = GWF_WEB_ROOT . 'nanny'; return sprintf('<a %shref="%s">%s</a>', $sel, $href, $module->lang('menu_admin')); }
private function onInFaq(GWF_HelpdeskTicket $ticket, $bool) { if (!GWF_User::isAdminS()) { return GWF_HTML::err('ERR_NO_PERMISSION'); } if (!$ticket->isFAQ()) { return $this->module->error('err_no_faq'); } if (false === $ticket->saveOption(GWF_HelpdeskTicket::VISIBLE_FAQ, $bool)) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } $key = $bool ? 'msg_infaq' : 'msg_noinfaq'; return $this->module->message($key); }