<?php
/*
Admin area for NP_SecurityEnforcer
*/
// if your 'plugin' directory is not in the default location,
// edit this variable to point to your site directory
// (where config.php is)
$strRel = '../../../';
include $strRel . 'config.php';
if (!$member->isAdmin()) {
doError('Insufficient Permissions.');
}
include_libs('PLUGINADMIN.php');
// some functions
function SE_unlockLogin($login)
{
sql_query("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'");
}
// checks
// create the admin area page
$oPluginAdmin = new PluginAdmin('SecurityEnforcer');
// add styles to the <HEAD>
$oPluginAdmin->start('');
// if form to unlock is posted
if (postVar('action') == 'unlock') {
if (!$manager->checkTicket()) {
doError('Invalid Ticket');
}
$logins = postVar('unlock');
$message = '';
<?php
/*
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
* Copyright (C) 2002-2011 The Nucleus Group
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* (see nucleus/documentation/index.html#license for more info)
*/
/**
* File containing actions that can be performed by visitors of the site,
* like adding comments, etc...
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2011 The Nucleus Group
* @version $Id: action.php 1131 2011-02-01 06:19:31Z sakamocchi $
* $NucleusJP: action.php,v 1.8.2.1 2007/09/05 05:50:12 kimitake Exp $
*/
$CONF = array();
require './config.php';
// common functions
//include_once($DIR_LIBS . 'ACTION.php');
include_libs('ACTION.php', true, false);
$action = requestVar('action');
$a =& new ACTION();
$errorInfo = $a->doAction($action);
if ($errorInfo) {
doError($errorInfo['message'], new SKIN($errorInfo['skinid']));
}
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2011 The Nucleus Group
* @version $Id: media.php 1131 2011-02-01 06:19:31Z sakamocchi $
* $NucleusJP: media.php,v 1.8.2.1 2007/09/07 07:36:44 kimitake Exp $
*
*/
$CONF = array();
// defines how much media items will be shown per page. You can override this
// in config.php if you like. (changing it in config.php instead of here will
// allow your settings to be kept even after a Nucleus upgrade)
$CONF['MediaPerPage'] = 10;
// include all classes and config data
$DIR_LIBS = '';
require_once '../config.php';
//include($DIR_LIBS . 'MEDIA.php'); // media classes
include_libs('MEDIA.php', false, false);
sendContentType('application/xhtml+xml', 'media');
// user needs to be logged in to use this
if (!$member->isLoggedIn()) {
media_loginAndPassThrough();
exit;
}
// check if member is on at least one teamlist
$query = 'SELECT * FROM ' . sql_table('team') . ' WHERE tmember=' . $member->getID();
$teams = sql_query($query);
if (sql_num_rows($teams) == 0 && !$member->isAdmin()) {
media_doError(_ERROR_DISALLOWEDUPLOAD);
}
// get action
$action = requestVar('action');
if ($action == '') {
*
* mt.supportedMethods
*
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2011 The Nucleus Group
* @version $Id: server.php 1131 2011-02-01 06:19:31Z sakamocchi $
* @version $NucleusJP: server.php,v 1.8.2.1 2007/09/07 07:12:42 kimitake Exp $
*/
$CONF = array();
$DIR_LIBS = '';
require "../../config.php";
// include Nucleus libs and code
//include($DIR_LIBS . "xmlrpc.inc.php");
//include($DIR_LIBS . "xmlrpcs.inc.php");
include_libs('xmlrpc.inc.php', false, false);
include_libs('xmlrpcs.inc.php', false, false);
/* define xmlrpc settings */
//$xmlrpc_internalencoding = _CHARSET;
$xmlrpc_internalencoding = 'UTF-8';
$xmlrpc_defencoding = 'UTF-8';
/* definition of available methods */
$functionDefs = array();
// load server functions
include 'api_blogger.inc.php';
include 'api_metaweblog.inc.php';
// include('api_nucleus.inc.php'); // uncomment if you still want to use the nucleus.* methods
include 'api_mt.inc.php';
// create server
$s = new xmlrpc_server($functionDefs);
/* ------------------------------ private functions ---------------------------------- */
/**
public function sendPings($data)
{
if (!class_exists('xmlrpcmsg')) {
include_libs('xmlrpc.inc.php');
}
$this->myBlogId = $data['blogid'];
$ping_result = '';
if ($this->getOption('pingpong_pingomatic') == 'yes') {
$ping_result .= _PINGING . "Ping-o-matic:\n";
$ping_result .= $this->pingPingomatic();
$ping_result .= " | ";
}
if ($this->getOption('pingpong_weblogs') == 'yes') {
$ping_result .= _PINGING . "Weblogs.com:\n";
$ping_result .= $this->pingWeblogs();
$ping_result .= " | ";
}
if ($this->getOption('pingpong_technorati') == 'yes') {
$ping_result .= _PINGING . "Technorati:\n";
$ping_result .= $this->pingTechnorati();
$ping_result .= " | ";
}
if ($this->getOption('pingpong_blogrolling') == 'yes') {
$ping_result .= _PINGING . "Blogrolling.com:\n";
$ping_result .= $this->pingBlogRollingDotCom();
$ping_result .= " | ";
}
if ($this->getOption('pingpong_blogs') == 'yes') {
$ping_result .= _PINGING . "Blog.gs:\n";
$ping_result .= $this->pingBloGs();
$ping_result .= " | ";
}
if ($this->getOption('pingpong_weblogues') == 'yes') {
$ping_result .= _PINGING . "Weblogues.com:\n";
$ping_result .= $this->pingWebloguesDotCom();
$ping_result .= " | ";
}
if ($this->getOption('pingpong_bloggde') == 'yes') {
$ping_result .= _PINGING . "Blog.de:\n";
$ping_result .= $this->pingBloggDe();
$ping_result .= " | ";
}
ACTIONLOG::add(INFO, $ping_result);
return;
}
$CONF['allowDrafts'] = 0;
$CONF['allowFuture'] = 0;
if (getNucleusPatchLevel() > 0) {
$nucleus['version'] .= '/' . getNucleusPatchLevel();
}
// Avoid notices
if (!isset($CONF['installscript'])) {
$CONF['installscript'] = 0;
}
/*
* Include multibyte function if some functions related to mbstring are not loaded.
* By Japanese Packaging Team, Jan.31, 2011
*/
if (!function_exists('mb_convert_encoding')) {
global $mbemu_internals;
include_libs('mb_emulator/mb-emulator.php', true, false);
}
// we will use postVar, getVar, ... methods instead of HTTP_GET_VARS or _GET
if ($CONF['installscript'] != 1) {
// vars were already included in install.php
if (phpversion() >= '4.1.0') {
include_once $DIR_LIBS . 'vars4.1.0.php';
} else {
include_once $DIR_LIBS . 'vars4.0.6.php';
}
}
// sanitize option
$bLoggingSanitizedResult = 0;
$bSanitizeAndContinue = 0;
$orgRequestURI = serverVar('REQUEST_URI');
sanitizeParams();
function _newMediaObject($blogid, $username, $password, $info)
{
global $CONF, $DIR_MEDIA, $DIR_LIBS;
// - login
$mem = new MEMBER();
if (!$mem->login($username, $password)) {
return _error(1, 'Could not log in');
}
// - check if team member
if (!BLOG::existsID($blogid)) {
return _error(2, "No such blog ({$blogid})");
}
if (!$mem->teamRights($blogid)) {
return _error(3, 'Not a team member');
}
$b = new BLOG($blogid);
// - decode data
$data = $info['bits'];
// decoding was done transparantly by xmlrpclib
// - check filesize
if (strlen($data) > $CONF['MaxUploadSize']) {
return _error(9, 'filesize is too big');
}
// - check if filetype is allowed (check filename)
$filename = $info['name'];
$ok = 0;
$allowedtypes = explode(',', $CONF['AllowedTypes']);
foreach ($allowedtypes as $type) {
//if (eregi("\." .$type. "$",$filename)) $ok = 1;
if (preg_match("#\\." . $type . "\$#i", $filename)) {
$ok = 1;
}
}
if (!$ok) {
_error(8, 'Filetype is not allowed');
}
// - add file to media library
//include_once($DIR_LIBS . 'MEDIA.php'); // media classes
include_libs('MEDIA.php', true, false);
// always use private media library of member
$collection = $mem->getID();
// prefix filename with current date (YYYY-MM-DD-)
// this to avoid nameclashes
if ($CONF['MediaPrefix']) {
$filename = strftime("%Y%m%d-", time()) . $filename;
}
$res = MEDIA::addMediaObjectRaw($collection, $filename, $data);
if ($res) {
return _error(10, $res);
}
// - return URL
$urlstruct = new xmlrpcval(array("url" => new xmlrpcval($CONF['MediaURL'] . $collection . '/' . $filename, 'string')), 'struct');
return new xmlrpcresp($urlstruct);
}