function update($action, $member_id, $description = '')
{
if (array_key_exists($action, $this->actions) && !empty($member_id)) {
$rule = $this->actions[$action]['rule'];
$can_update = $this->checkIfCanUpdate($member_id, $rule, $action);
if ($can_update) {
$point = abs($this->actions[$action]['point']);
switch ($this->actions[$action]['do']) {
case "inc":
$updated = $this->increase($point, $member_id);
break;
case "dec":
$updated = $this->decrease($point, $member_id);
break;
default:
break;
}
$sql = "INSERT INTO {$this->table_prefix}pointlogs (member_id,action_name,points,description,ip_address,created) VALUE ({$member_id},'" . $action . "'," . $point . ",'" . $description . "','" . pb_get_client_ip('str') . "'," . $this->timestamp . ")";
$this->dbstuff->Execute($sql);
} else {
return;
}
} else {
return;
}
}
function checkUserLogin($uname, $upass, $set = true)
{
$uname = trim($uname);
$upass = trim($upass);
$_this =& Members::getInstance();
if (empty($uname) || empty($upass)) {
return -1;
}
$sql = "SELECT m.id,m.username,m.userpass,af.first_name,af.last_name,af.expired FROM {$this->table_prefix}adminfields af LEFT JOIN {$this->table_prefix}members m ON af.member_id=m.id WHERE m.username='******'";
$tmpUser = $this->dbstuff->GetRow($sql);
if (!$_this->checkUserExist($uname)) {
$this->error = L("member_not_exists");
return -2;
} elseif ($tmpUser['expired'] != 0 && $tmpUser['expired'] < $this->timestamp) {
$this->error = L("account_expired");
return;
} elseif (!pb_strcomp($tmpUser['userpass'], $_this->authPasswd($upass))) {
$this->error = L("login_pwd_wrong");
return -3;
} else {
$this->dbstuff->Execute("UPDATE {$this->table_prefix}adminfields SET last_login="******",last_ip='" . pb_get_client_ip("str") . "' WHERE member_id=" . $tmpUser['id']);
$tAuth = $tmpUser['id'] . "\n" . $tmpUser['username'] . "\n" . $tmpUser['userpass'];
usetcookie("admin", authcode($tAuth, "ENCODE"));
return true;
}
}
function Add($data)
{
if (empty($data['created'])) {
$data['created'] = $this->timestamp;
}
return $this->dbstuff->Execute("INSERT INTO {$this->table_prefix}logs (handle_type,source_module,description,ip_address,created,modified) VALUE ('" . $data['handle_type'] . "','" . $data['source_module'] . "','" . $data['description'] . "','" . pb_get_client_ip() . "','" . $data['created'] . "','" . $this->timestamp . "')");
}
function Add()
{
global $_PB_CACHE;
if (isset($this->params['data']['market']['name'])) {
$this->params['data']['market']['created'] = $this->params['data']['market']['modified'] = $this->timestamp;
$this->params['data']['market']['ip_address'] = pb_get_client_ip('str');
$this->params['data']['market']['status'] = 0;
return $this->save($this->params['data']['market']);
}
return false;
}
function post()
{
require CLASS_PATH . "validation.class.php";
$validate = new Validation();
if (isset($_POST['save_service'])) {
pb_submit_check('service');
$vals = array();
$vals['status'] = 0;
$vals['member_id'] = 0;
$vals['content'] = $_POST['service']['content'];
if (isset($_POST['service']['nick_name'])) {
$vals['nick_name'] = $_POST['service']['nick_name'];
}
$vals['email'] = $_POST['service']['email'];
$vals['type_id'] = $_POST['service']['type_id'];
$vals['created'] = $time_stamp;
$vals['user_ip'] = pb_get_client_ip();
$vals['title'] = $_POST['service']['title'];
$this->service->doValidation($vals);
if (!empty($this->service->validationErrors)) {
setvar("item", $vals);
setvar("Errors", $validate->show($service));
render("service/index");
} else {
if (empty($vals['title'])) {
$vals['title'] = L("comments_and_suggestions", "tpl");
}
if ($this->service->save($vals)) {
flash('thanks_for_advise', URL);
} else {
flash();
}
}
} else {
flash("pls_enter_your_advise", "index.php");
}
}
function Add()
{
global $_PB_CACHE, $memberfield, $phpb2b_auth_key, $if_need_check;
$error_msg = array();
if (empty($this->params['data']['member']['username']) or empty($this->params['data']['member']['userpass']) or empty($this->params['data']['member']['email'])) {
return false;
}
$space_name = $this->params['data']['member']['username'];
$userpass = $this->params['data']['member']['userpass'];
$this->params['data']['member']['userpass'] = $this->authPasswd($this->params['data']['member']['userpass']);
if (empty($this->params['data']['member']['space_name'])) {
$this->params['data']['member']['space_name'] = PbController::toAlphabets($space_name);
}
//Todo:
$uip = pb_ip2long(pb_getenv('REMOTE_ADDR'));
if (empty($uip)) {
pheader("location:" . URL . "redirect.php?message=" . urlencode(L('sys_error')));
}
$this->params['data']['member']['last_login'] = $this->params['data']['member']['created'] = $this->params['data']['member']['modified'] = $this->timestamp;
$this->params['data']['member']['last_ip'] = pb_get_client_ip('str');
$email_exists = $this->checkUserExistsByEmail($this->params['data']['member']['email']);
if ($email_exists) {
flash("email_exists", null, 0);
}
$if_exists = $this->checkUserExist($this->params['data']['member']['username']);
if ($if_exists) {
flash('member_has_exists', null, 0);
} else {
$this->save($this->params['data']['member']);
$key = $this->table_name . "_id";
if ($this->ins_passport) {
$this->passport(array($this->{$key}, $this->params['data']['member']['username'], $userpass, $this->params['data']['member']['email']), "reg");
}
$memberfield->primaryKey = "member_id";
$memberfield->params['data']['memberfield']['member_id'] = $this->{$key};
$memberfield->params['data']['memberfield']['reg_ip'] = $this->params['data']['member']['last_ip'];
$memberfield->save($memberfield->params['data']['memberfield']);
if (!$if_need_check) {
$user_info['id'] = $this->{$key};
$user_info['username'] = $this->params['data']['member']['username'];
$user_info['userpass'] = $userpass;
$user_info['useremail'] = $this->params['data']['member']['email'];
$user_info['lifetime'] = $this->timestamp + 86400;
$user_info['is_admin'] = 0;
$this->putLoginStatus($user_info);
}
}
return true;
}
*
* @version $Revision: 2075 $
*/
define('IN_PBADMIN', TRUE);
if (empty($_COOKIE[$cookiepre . 'admin']) || !$_COOKIE[$cookiepre . 'admin']) {
echo "<script language='javascript'>top.location.href='login.php';</script>";
exit;
} else {
uses("adminfield");
$adminer = new Adminfields();
$tAdminInfo = authcode($_COOKIE[$cookiepre . 'admin'], "DECODE");
$tAdminInfo = explode("\n", $tAdminInfo);
$current_adminer_id = $tAdminInfo[0];
$current_adminer = $tAdminInfo[1];
$current_pass = $tAdminInfo[2];
$adminer->loadsession($current_adminer_id, pb_get_client_ip("str"), $cfg_checkip);
$adminer_info = $adminer->info;
uaAssign(array("current_adminer" => $current_adminer, "current_adminer_id" => $current_adminer_id));
}
$sections = array('admin', 'message', 'adminmenu');
$smarty->configLoad('default.conf', $sections);
require PHPB2B_ROOT . 'phpb2b_version.php';
$ADODB_CACHE_DIR = DATA_PATH . 'dbcache';
$smarty->template_dir = PHPB2B_ROOT . "templates/admin/";
$smarty->assign("admin_theme_path", "../templates/admin/");
$smarty->setCompileDir($smarty->getCompileDir() . "pb-admin" . DS);
$smarty->flash_layout = "flash";
$smarty->assign("addParams", $viewhelper->addParams);
$smarty->assign("today_timestamp", mktime(0, 0, 0, date("m"), date("d"), date("Y")));
function size_info($fileSize)
{
function Add($params = '')
{
$result = false;
if (!empty($this->params['expire_days'])) {
$trade_controller =& Trade::getInstance();
if (array_key_exists($this->params['expire_days'], $trade_controller->getOfferExpires())) {
$this->params['data']['trade']['expire_time'] = $this->timestamp + 24 * 3600 * $_POST['expire_days'];
$this->params['data']['trade']['expire_days'] = $_POST['expire_days'];
} else {
$this->params['data']['trade']['expire_time'] = $this->timestamp + 24 * 3600 * 10;
$this->params['data']['trade']['expire_days'] = 10;
}
}
$this->params['data']['trade']['submit_time'] = $this->params['data']['trade']['created'] = $this->params['data']['trade']['modified'] = $this->timestamp;
$this->params['data']['trade']['ip_addr'] = pb_get_client_ip('str');
if (isset($this->params['data']['trade']['title'])) {
$trade_info = $this->params['data']['trade'];
$result = $this->save($trade_info);
$key = $this->table_name . "_id";
$last_tradeid = $this->{$key};
$_this =& Tradefields::getInstance();
$_this->params['data']['tradefield']['trade_id'] = $last_tradeid;
$tradefield_info = $_this->params['data']['tradefield'] + $this->params['data']['tradefield'];
$_this->primaryKey = "trade_id";
$_this->save($tradefield_info);
}
return $result;
}
}
}
$serverinfo = PHP_VERSION;
$serverinfo .= @ini_get('safe_mode') ? ' Safe Mode' : NULL;
$dbversion = $pdb->GetOne("SELECT VERSION()");
$system_info['PhpVersion'] = $serverinfo;
$system_info["MysqlVersion"] = $dbversion;
$when_to_backup = $_PB_CACHE['setting']['backup_type'];
$system_info["LastBackupTime"] = $_PB_CACHE['setting']['last_backup'];
$system_info['InstallDate'] = df(file_exists(DATA_PATH . 'install.lock') ? filemtime(DATA_PATH . 'install.lock') : $pdb->GetOne("SELECT valued FROM {$tb_prefix}settings WHERE variable='install_dateline'"));
$system_info['last_login'] = !empty($adminer_info['last_login']) ? date("Y-m-d H:i", $adminer_info['last_login']) : L("your_first_login", "tpl");
$system_info['last_ip'] = $adminer_info['last_ip'];
$system_info['safe_mode'] = (bool) ini_get('safe_mode') ? L("correct", "tpl") : L("deny", "tpl");
$system_info['safe_mode_gid'] = (bool) ini_get('safe_mode_gid') ? L("correct", "tpl") : L("deny", "tpl");
if (!isset($_SESSION['last_adminer_time'])) {
$pdb->Execute("update {$tb_prefix}adminfields set last_login={$time_stamp},last_ip='" . pb_get_client_ip('str') . "' where member_id={$adminer_info['member_id']}");
$_SESSION['last_adminer_time'] = $time_stamp;
}
if (isset($_POST['addAdminnote'])) {
$info = $_POST['data']['adminnote'];
$info['created'] = $time_stamp;
$info['create_dateline'] = $date_line;
$adminnote->save($info);
}
function checkGDSupport()
{
if (!function_exists("gd_info")) {
return false;
} else {
if (function_exists("ImageCreateFromGIF")) {
$return[] = L('gd_picture_ok', 'tpl', 'GIF');
$backupfilename = DATA_PATH . "backup_" . $backupdir . DS . str_replace(array('/', '\\', '.'), '', $filename);
$volume = intval($_GET['volume']) + 1;
if ($_GET['method'] == 'multivol') {
$sqldump = '';
$tableid = intval($_GET['tableid']);
$startfrom = intval($_GET['startfrom']);
$complete = TRUE;
for (; $complete && $tableid < count($tables) && strlen($sqldump) + 500 < $sizelimit * 1000; $tableid++) {
$sqldump .= sqldumptable($tables[$tableid], $startfrom, strlen($sqldump));
$startfrom = 0;
}
$dumpfile = $backupfilename . "-%s" . '.sql';
@unlink($dumpfile);
!$complete && $tableid--;
if (trim($sqldump)) {
$sqldump = "# PHPB2B Data Dump Vol.{$volume}\n" . "# Version: PHPB2B " . PHPB2B_VERSION . "\n" . "# Time: " . date("Y-m-d H:i:s") . "\n" . "# IP Address: " . pb_get_client_ip() . "\n" . "# Table Prefix: {$tb_prefix}\n" . "#\n" . "# --------------------------------------------------------\n\n\n" . $sqldump;
$dumpfilename = sprintf($dumpfile, $volume);
$fp = file_put_contents($dumpfilename, $sqldump);
unset($sqldump);
$result = $pdb->Execute("UPDATE {$tb_prefix}settings SET valued=" . $time_stamp . " WHERE variable='last_backup'");
flash("backup_and_wait", 'db.php?do=backup&filename=' . rawurlencode($filename) . "&method=multivol&" . "&volume=" . rawurlencode($volume) . "&tableid=" . rawurlencode($tableid) . "&startfrom=" . rawurlencode($startrow) . "&extendins=" . rawurlencode($extendins), 2, $volume);
} else {
$volume--;
flash("success", "db.php?do=restore");
}
} else {
$sqldump = '';
$tableid = 0;
$startfrom = 0;
$complete = TRUE;
for (; $tableid < count($tables); $tableid++) {
uses("service");
$validate = new Validation();
$service = new Services();
if (isset($_POST['save_service'])) {
pb_submit_check('service');
$vals = array();
$vals['status'] = 0;
$vals['member_id'] = 0;
$vals['content'] = $_POST['service']['content'];
if (isset($_POST['service']['nick_name'])) {
$vals['nick_name'] = $_POST['service']['nick_name'];
}
$vals['email'] = $_POST['service']['email'];
$vals['type_id'] = $_POST['service']['type_id'];
$vals['created'] = $time_stamp;
$vals['user_ip'] = pb_get_client_ip();
$vals['title'] = $_POST['service']['title'];
$service->doValidation($vals);
if (!empty($service->validationErrors)) {
setvar("item", $vals);
setvar("Errors", $validate->show($service));
render("service/index");
} else {
if (empty($vals['title'])) {
$vals['title'] = L("comments_and_suggestions", "tpl");
}
if ($service->save($vals)) {
flash('thanks_for_advise', URL);
} else {
flash();
}
function synlogin($get, $post)
{
global $_PB_CACHE, $phpb2b_auth_key, $pdb, $charset;
session_start();
$uid = $get['uid'];
$username = $get['username'];
if (!API_SYNLOGIN) {
return API_RETURN_FORBIDDEN;
}
if (!$_PB_CACHE['setting']['passport_support']) {
return API_RETURN_FORBIDDEN;
}
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$username = trim($username);
//get userinfo from phpb2b db
$sql = "SELECT * FROM " . $this->tablepre . "members WHERE username='******'";
$user_info = $pdb->GetRow($sql);
if ($user_info) {
//update login times
$loginip = pb_get_client_ip();
$pdb->Execute("UPDATE {$this->tablepre}members SET last_login="******",last_ip='" . $loginip . "' WHERE id='{$user_info['id']}'");
$_SESSION["MemberID"] = $user_info['id'];
$_SESSION["MemberName"] = $user_info['username'];
//synlogin to phpb2b
$auth = authcode($user_info['id'] . "\t" . $user_info['username'] . "\t" . md5($user_info['userpass']) . "\t" . $user_info['is_admin'], 'ENCODE', $phpb2b_auth_key);
usetcookie('auth', $auth, time() + 3600);
} else {
//not exists, add a new member
}
}
<?php
/**
* [PHPB2B] Copyright (C) 2007-2099, Ualink Inc. All Rights Reserved.
* The contents of this file are subject to the License; you may not use this file except in compliance with the License.
*
* @version $Revision: 2075 $
*/
define('ANTI_FORCE', true);
define('ANTI_LEVEL', 3);
//higher,will be more secure,default 3.
if (ANTI_FORCE) {
$GLOBALS['log']->lwrite($_SERVER['HTTP_USER_AGENT']);
$ip_addr = pb_get_client_ip("long");
if (strpos($referer, pb_getenv('HTTP_HOST')) === false || empty($ip_addr)) {
header_sent(L("invalid_submit"));
exit;
}
$client_agent = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/windows 2000/', $client_agent)) {
header("Location:" . URL);
exit;
}
$temp = explode('(', $client_agent);
$Part = $temp[0];
$ext_info = $temp[1];
$ext_info = explode(')', $ext_info);
$temp = explode(';', trim($ext_info[0]));
$r_info = array();
if (!empty($ext_info[1])) {
$r_info = trim($ext_info[1]);
