Esempio n. 1
0
function db_session_gc($maxlifetime)
{
    // hack - it seems that the db gets closed before the session info is written
    if (!db_ping()) {
        init_db_connection();
    }
    $query = "DELETE FROM php_session " . " WHERE expiration < " . time() - $maxlifetime;
    $result = db_query($query);
    if ($result && db_affected_rows() > 0) {
        return TRUE;
    } else {
        return FALSE;
    }
}
Esempio n. 2
0
function validate_form()
{
    global $input;
    // Test connection to DB
    $errors = array();
    $res = db_ping($input['db_type'], $input['db_host'], $input['db_login'], $input['db_passwd'], $input['db_name']);
    if (!$res) {
        $errors['db_error'] = 'Could not connect to database ' . $input['db_host'];
    }
    if (count($errors) > 0) {
        require template_getpath('install.php');
        die;
    }
    try {
        // used for the verification of existing tables and columns
        $tables = array(escapeshellarg($input['db_prefix'] . 'classrooms') => array(escapeshellarg('room_id'), escapeshellarg('name'), escapeshellarg('IP'), escapeshellarg('enabled')), escapeshellarg($input['db_prefix'] . 'courses') => array(escapeshellarg('course_code'), escapeshellarg('course_name'), escapeshellarg('shortname'), escapeshellarg('in_recorders'), escapeshellarg('has_albums'), escapeshellarg('date_created'), escapeshellarg('origin')), escapeshellarg($input['db_prefix'] . 'logs') => array(escapeshellarg('ID'), escapeshellarg('time'), escapeshellarg('table'), escapeshellarg('message'), escapeshellarg('author')), escapeshellarg($input['db_prefix'] . 'users') => array(escapeshellarg('user_ID'), escapeshellarg('surname'), escapeshellarg('forename'), escapeshellarg('passwd'), escapeshellarg('recorder_passwd'), escapeshellarg('permissions'), escapeshellarg('origin')), escapeshellarg($input['db_prefix'] . 'users_courses') => array(escapeshellarg('ID'), escapeshellarg('course_code'), escapeshellarg('user_ID'), escapeshellarg('origin')));
        $db = new PDO($input['db_type'] . ':host=' . $input['db_host'] . ';dbname=' . $input['db_name'], $input['db_login'], $input['db_passwd']);
        // checks if tables already exist
        $data = $db->query('SELECT table_name FROM information_schema.tables ' . 'WHERE table_schema = ' . escapeshellarg($input['db_name']) . ' ' . 'AND table_name IN (' . implode(', ', array_keys($tables)) . ')');
        $result = $data->fetchAll(PDO::FETCH_ASSOC);
        if (count($result) <= 0) {
            // tables don't exist yet, we can create them
            create_tables();
        } else {
            // saves values from user
            $_SESSION['user_inputs'] = $input;
            // prepare radio buttons for next view
            $radio_buttons = array('replace' => '<b>Replace</b> the existing tables. <b style="color:red">All contents of the existing tables will be erased.</b>', 'prefix' => 'Choose another prefix for the tables of EZcast. This will create new tables for EZcast. <br/><input type="text" name="new_prefix"/>');
            if (count($result) >= count(array_keys($tables))) {
                // all tables already exist
                $all_columns = true;
                foreach ($tables as $table => $columns) {
                    // checks if table contains all required columns
                    $data = $db->query('SELECT * FROM information_schema.columns ' . 'WHERE table_schema = ' . escapeshellarg($input['db_name']) . ' ' . 'AND table_name = ' . $table . ' ' . 'AND column_name IN (' . implode(', ', array_keys($columns)) . ')');
                    $result = $data->fetchAll(PDO::FETCH_ASSOC);
                    if (count($result) < count($columns)) {
                        $all_columns = false;
                        break;
                    }
                }
                if ($all_columns) {
                    $radio_buttons['use'] = 'Use the existing tables for EZcast. None table will be created.';
                }
            }
            require template_getpath('install_db_choice.php');
            die;
        }
    } catch (PDOException $e) {
        $errors['db_error'] = $e->getMessage();
        require template_getpath('install.php');
        die;
    }
}
Esempio n. 3
0
function do_upload_xtattachment($attachment, &$tf, $update_attachment = 0, $tid = 0, $timestamp = TIME_NOW)
{
    global $db, $mybb, $lang;
    $posthash = $db->escape_string($mybb->input['posthash']);
    $tid = (int) $tid;
    // may be possible for this to be null, if so, change to 0
    $path = $mybb->settings['uploadspath'] . '/xthreads_ul/';
    if (!$lang->xthreads_threadfield_attacherror) {
        $lang->load('xthreads');
    }
    if (is_array($attachment)) {
        if (isset($attachment['error']) && $attachment['error']) {
            if ($attachment['error'] == 2) {
                return array('error' => $lang->sprintf($lang->xthreads_xtaerr_error_attachsize, get_friendly_size($tf['filemaxsize'])));
            } elseif ($attachment['error'] >= 1 && $attachment['error'] <= 7) {
                $langvar = 'error_uploadfailed_php' . $attachment['error'];
                $langstr = $lang->{$langvar};
            } else {
                $langstr = $lang->sprintf($lang->error_uploadfailed_phpx, $attachment['error']);
            }
            return array('error' => $lang->error_uploadfailed . $lang->error_uploadfailed_detail . $langstr);
        }
        if (!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_name'])) {
            return array('error' => $lang->error_uploadfailed . $lang->error_uploadfailed_php4);
        }
        $file_size = $attachment['size'];
        // @filesize($attachment['tmp_name'])
        $attachment['name'] = strtr($attachment['name'], array('/' => '', "" => ''));
        if ($error = xthreads_validate_attachment($attachment, $tf)) {
            @unlink($attachment['tmp_name']);
            return array('error' => $error);
        }
        $movefunc = 'move_uploaded_file';
    } elseif ($mybb->usergroup['cancp'] == 1 && substr($attachment, 0, 7) == 'file://') {
        // admin file move
        $filename = strtr(substr($attachment, 7), array('/' => '', DIRECTORY_SEPARATOR => '', "" => ''));
        $file = $path . 'admindrop/' . $filename;
        if (xthreads_empty($filename) || !file_exists($file)) {
            return array('error' => $lang->sprintf($lang->xthreads_xtaerr_admindrop_not_found, htmlspecialchars_uni($filename), htmlspecialchars_uni($file)));
        }
        if (!is_writable($file)) {
            return array('error' => $lang->sprintf($lang->xthreads_xtaerr_admindrop_file_unwritable, htmlspecialchars_uni($filename)));
        }
        if (strtolower($file) == 'index.html') {
            return array('error' => $lang->xthreads_xtaerr_admindrop_index_error);
        }
        $attachment = array('name' => $filename, 'tmp_name' => $file, 'size' => @filesize($file));
        unset($file, $filename);
        if ($error = xthreads_validate_attachment($attachment, $tf)) {
            return array('error' => $error);
        }
        $file_size = $attachment['size'];
        $movefunc = 'rename';
    } else {
        // fetch URL
        if (!empty($tf['filemagic'])) {
            $magic =& $tf['filemagic'];
        } else {
            $magic = array();
        }
        $attachment = xthreads_fetch_url($attachment, $tf['filemaxsize'], $tf['fileexts'], $magic);
        db_ping($db);
        if ($attachment['error']) {
            return array('error' => $attachment['error']);
        }
        $file_size = $attachment['size'];
        if (xthreads_empty($attachment['name']) || $file_size < 1) {
            return array('error' => $lang->error_uploadfailed);
        }
        $attachment['name'] = strtr($attachment['name'], array('/' => '', "" => ''));
        $movefunc = 'rename';
    }
    if ($tf['fileimage']) {
        $img_dimensions = @getimagesize($attachment['tmp_name']);
        if (empty($img_dimensions) || !in_array($img_dimensions[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG))) {
            @unlink($attachment['tmp_name']);
            return array('error' => $lang->error_attachtype);
        }
        if (preg_match('~^([0-9]+)x([0-9]+)(\\|([0-9]+)x([0-9]+))?$~', $tf['fileimage'], $match)) {
            // check if image exceeds max/min dimensions
            if ($img_dimensions[0] < $match[1] || $img_dimensions[1] < $match[2] || $match[3] && ($img_dimensions[0] > $match[4] || $img_dimensions[1] > $match[5])) {
                @unlink($attachment['tmp_name']);
                return array('error' => $lang->sprintf($lang->xthreads_xtaerr_error_imgdims, $img_dimensions[0], $img_dimensions[1]));
            }
        }
        /*
        // convert WBMP -> PNG (saves space, bandwidth and works with MyBB's thumbnail generator)
        // unfortunately, although this is nice, we have a problem of filetype checking etc...
        if($img_dimensions[2] == IMAGETYPE_WBMP) {
        	if(function_exists('imagecreatefromwbmp') && $img = @imagecreatefromwbmp($attachment['tmp_name'])) {
        		@unlink($attachment['tmp_name']);
        		@imagepng($img, $attachment['tmp_name'], 6); // use zlib's recommended compression level
        		imgdestroy($img);
        		unset($img);
        		// double check that we have a file
        		if(!file_exists($attachment['tmp_name']))
        			return array('error' => $lang->error_attachtype); // get user to upload a non-WBMP file, lol
        		// change extension + update filesize, do MIME as well
        		if(strtolower(substr($attachment['name'], -5)) == '.wbmp')
        			$attachment['name'] = substr($attachment['name'], 0, -5).'.png';
        		$file_size = @filesize($attachment['tmp_name']);
        		if(strtolower($attachment['type']) == 'image/wbmp')
        			$attachment['type'] = 'image/png';
        		// update type too
        		$img_dimensions[2] = IMAGETYPE_PNG;
        	}
        	else {
        		// can't do much, error out
        		@unlink($attachment['tmp_name']);
        		return array('error' => $lang->error_attachtype);
        	}
        }
        */
        // we won't actually bother checking MIME types - not a big issue anyway
    }
    if (!XTHREADS_UPLOAD_LARGEFILE_SIZE || $file_size < XTHREADS_UPLOAD_LARGEFILE_SIZE) {
        @set_time_limit(30);
        // as md5_file may take a while
        $md5_start = time();
        $file_md5 = @md5_file($attachment['tmp_name'], true);
        if (strlen($file_md5) == 32) {
            // perhaps not PHP5
            $file_md5 = pack('H*', $file_md5);
        }
        if (time() - $md5_start > 2) {
            // ping DB if process took longer than 2 secs
            db_ping($db);
        }
        unset($md5_start);
    }
    if ($update_attachment) {
        $prevattach = $db->fetch_array($db->simple_select('xtattachments', 'aid,attachname,indir,md5hash', 'aid=' . (int) $update_attachment));
        if (!$prevattach['aid']) {
            $update_attachment = false;
        }
    }
    /* else {
    		// Check if attachment already uploaded
    		// TODO: this is actually a little problematic - perhaps verify that this is attached to this field (or maybe rely on checks in xt_updatehooks file)
    		if(isset($file_md5))
    			$md5check = ' OR md5hash='.xthreads_db_escape_binary($file_md5);
    		else
    			$md5check = '';
    		$prevattach = $db->fetch_array($db->simple_select('xtattachments', 'aid', 'filename="'.$db->escape_string($attachment['name']).'" AND (md5hash IS NULL'.$md5check.') AND filesize='.$file_size.' AND (posthash="'.$posthash.'" OR (tid='.$tid.' AND tid!=0))'));
    		if($prevattach['aid']) {
    			@unlink($attachment['tmp_name']);
    			// TODO: maybe return aid instead?
    			return array('error' => $lang->error_alreadyuploaded);
    		}
    	} */
    // We won't use MyBB's nice monthly directories, instead, we'll use a more confusing system based on the timestamps
    // note, one month = 2592000 seconds, so if we split up by 1mil, it'll be approx 11.5 days
    // If safe_mode is enabled, don't attempt to use the monthly directories as it won't work
    if (ini_get('safe_mode') == 1 || strtolower(ini_get('safe_mode')) == 'on') {
        $month_dir = '';
    } else {
        $month_dir = 'ts_' . floor(TIME_NOW / 1000000) . '/';
        if (!@is_dir($path . $month_dir)) {
            @mkdir($path . $month_dir);
            // Still doesn't exist - oh well, throw it in the main directory
            if (@is_dir($path . $month_dir)) {
                // write index file
                if ($index = fopen($path . $month_dir . 'index.html', 'w')) {
                    fwrite($index, '<html><body></body></html>');
                    fclose($index);
                    @my_chmod($path . $month_dir . 'index.html', 0644);
                }
                @my_chmod($path . $month_dir, 0755);
            } else {
                $month_dir = '';
            }
        }
    }
    // All seems to be good, lets move the attachment!
    $basename = substr(md5(uniqid(mt_rand(), true) . substr($mybb->post_code, 16)), 12, 8) . '_' . preg_replace('~[^a-zA-Z0-9_\\-%]~', '', str_replace(array(' ', '.', '+'), '_', $attachment['name'])) . '.upload';
    $filename = 'file_' . ($prevattach['aid'] ? $prevattach['aid'] : 't' . TIME_NOW) . '_' . $basename;
    @ignore_user_abort(true);
    // don't let the user break this integrity between file system and DB
    if (isset($GLOBALS['xtfurl_tmpfiles'])) {
        // if using url fetch, remove this from list of temp files
        unset($GLOBALS['xtfurl_tmpfiles'][$attachment['tmp_name']]);
    }
    while (!@$movefunc($attachment['tmp_name'], $path . $month_dir . $filename)) {
        if ($month_dir) {
            // try doing it again without the month_dir
            $month_dir = '';
        } else {
            // failed
            @ignore_user_abort(false);
            return array('error' => $lang->error_uploadfailed . $lang->error_uploadfailed_detail . $lang->error_uploadfailed_movefailed);
        }
    }
    // Lets just double check that it exists
    if (!file_exists($path . $month_dir . $filename)) {
        @ignore_user_abort(false);
        return array('error' => $lang->error_uploadfailed . $lang->error_uploadfailed_detail . $lang->error_uploadfailed_lost);
    }
    // Generate the array for the insert_query
    $attacharray = array('posthash' => $posthash, 'tid' => $tid, 'uid' => (int) $mybb->user['uid'], 'field' => $tf['field'], 'filename' => strval($attachment['name']), 'uploadmime' => strval($attachment['type']), 'filesize' => $file_size, 'attachname' => $basename, 'indir' => $month_dir, 'downloads' => 0, 'uploadtime' => $timestamp, 'updatetime' => $timestamp);
    if (isset($file_md5)) {
        $attacharray['md5hash'] = new xthreads_db_binary_value($file_md5);
    } else {
        $attacharray['md5hash'] = null;
    }
    if (!empty($img_dimensions)) {
        $origdimarray = array('w' => $img_dimensions[0], 'h' => $img_dimensions[1], 'type' => $img_dimensions[2]);
        $attacharray['thumbs'] = serialize(array('orig' => $origdimarray));
    }
    if ($update_attachment) {
        unset($attacharray['downloads'], $attacharray['uploadtime']);
        //$attacharray['updatetime'] = TIME_NOW;
        xthreads_db_update('xtattachments', $attacharray, 'aid=' . $prevattach['aid']);
        $attacharray['aid'] = $prevattach['aid'];
        // and finally, delete old attachment
        xthreads_rm_attach_fs($prevattach);
        $new_file = $path . $month_dir . $filename;
    } else {
        $attacharray['aid'] = xthreads_db_insert('xtattachments', $attacharray);
        // now that we have the aid, move the file
        $new_file = $path . $month_dir . 'file_' . $attacharray['aid'] . '_' . $basename;
        @rename($path . $month_dir . $filename, $new_file);
        if (!file_exists($new_file)) {
            // oh dear, all our work for nothing...
            @unlink($path . $month_dir . $filename);
            $db->delete_query('xtattachments', 'aid=' . $attacharray['aid']);
            @ignore_user_abort(false);
            return array('error' => $lang->error_uploadfailed . $lang->error_uploadfailed_detail . $lang->error_uploadfailed_lost);
        }
    }
    @my_chmod($new_file, '0644');
    @ignore_user_abort(false);
    if (!empty($img_dimensions) && !empty($tf['fileimgthumbs'])) {
        // generate thumbnails
        $attacharray['thumbs'] = xthreads_build_thumbnail($tf['fileimgthumbs'], $attacharray['aid'], $tf['field'], $new_file, $path, $month_dir, $img_dimensions);
        $attacharray['thumbs']['orig'] = $origdimarray;
        $attacharray['thumbs'] = serialize($attacharray['thumbs']);
    }
    return $attacharray;
}