Esempio n. 1
0
$joomla_config = dirname(__FILE__) . "/" . $path_c . "../../../configuration.php";
if (file_exists($joomla_config)) {
    include $joomla_config;
}
@ob_end_clean();
set_error_handler('on_error');
$goon = true;
if (isset($_SESSION["IS_ADMIN"])) {
    $joomla_path = $path_1 . 'components/com_jfuploader/tfu/';
    $path_fix = "../";
} else {
    if (isset($_SESSION["IS_FRONTEND"])) {
        $joomla_path = $path_2 . 'components/com_jfuploader/tfu/';
        $path_fix = "../";
    } else {
        tfu_debug("Config call, illegal direct access or missing session settings - your browser has to be closed to get a new session. Please check your session_save_path if you get this error all the time or create the folder session_cache in the tfu folder to activate the session workaround.");
        echo '
  <style type="text/css">
  body { 	font-family : Arial, Helvetica, sans-serif; font-size: 12px; background-color:#ffffff; }
  td { vertical-align: top; font-size: 12px; }
  .install { text-align:center; margin-left: auto;  margin-right: auto;  margin-top: 3em;  margin-bottom: 3em; padding: 10px; border: 1px solid #cccccc;  width: 450px; background: #F1F1F1; }
  </style>';
        echo '<div class="install">';
        echo 'You server is configured properly to access the needed files of JFU.<br>Please go to the Joomla Administration of JFU to see your server limits.';
        echo '</div>';
        // maybe the session is lost - we try to do the workaround if the file was called by a parameter!
        if (strlen($_SERVER['QUERY_STRING']) > 5) {
            checkSessionTempDir();
        }
        die;
        $goon = false;
Esempio n. 2
0
function check_multiple_extensions($image, $remove_multiple_php_extension)
{
    if ($remove_multiple_php_extension) {
        $ext = getExtension($image);
        if (substr($ext, 0, 2) != "php") {
            $image2 = str_replace(".php", "", $image);
            if ($image != $image2) {
                tfu_debug("SECURITY WARNING: Please check the file " . $image2 . ". It was uploaded with an image extensions and also a nested php extension. On some server this is a security problem (multiple extensions) and therefore the .php part of the file name was removed!");
                $image = $image2;
            }
        }
    }
    return $image;
}
Esempio n. 3
0
$install_path = '';
// do not change!
include 'tfu_helper.php';
restore_temp_session();
// this restores a lost session if your server handles sessions wrong and increases the session time!
include 'tfu_config.php';
// check if all included files have the same version to avoid problems during update!
if ($tfu_config_version != '2.15' || $tfu_help_version != '2.15') {
    tfu_debug('Not all files belong to this version. Please update all files.');
}
if (isset($_SESSION['TFU_LOGIN']) && isset($_SESSION['TFU_RN']) && isset($_GET['tfu_rn']) && $_SESSION['TFU_RN'] == parseInputParameter($_GET['tfu_rn'])) {
    $dir = getCurrentDir();
    // if you have more complex filenames you can use the index
    $action = parseInputParameter($_GET['action']);
    if ($enable_enhanced_debug) {
        tfu_debug("Action:" . $action . "; Directory: " . $dir);
    }
    // The extra functionality for twg is on an exern class to make updating much easier
    if (file_exists('twg_plugin.php')) {
        include_once 'twg_plugin.php';
        reset_twg_cache($action);
    }
    // end plugin
    if (isset($_GET['index']) && $action != 'dir') {
        // file functions!
        if (isset($_GET['copyfolder']) && $_GET['copyfolder'] == "true" || isset($_GET['createfile'])) {
            $file = "";
            // not needed for this task
        } else {
            $file = getFileName($dir);
            // returns an array if more than one is selected!
Esempio n. 4
0
    }
    if ($remaining == 0) {
        // cleanup
        unset($_SESSION['TFU_PRE_UPLOAD_DATA']);
    }
    // end of e-mail section
    if ($enable_upload_debug) {
        tfu_debug('9. End upload');
    }
    store_temp_session();
    if ($enable_upload_debug) {
        tfu_debug('10. End store session');
    }
} else {
    if (isset($_GET['remaining']) && isset($_GET['firstStart'])) {
        // seems like the session is lost! therefore we create a temp dir that enables TFU session handling
        if ($enable_upload_debug) {
            tfu_debug('2. Authenification NOT sucessfull');
        }
        checkSessionTempDir();
        echo 'Not logged in!';
    } else {
        if ($enable_upload_debug) {
            tfu_debug('2a. Authenification NOT sucessfull');
        }
        echo 'Not logged in!';
    }
}
echo ' ';
// important - solves bug for Mac!
flush();
Esempio n. 5
0
  * Only be aware that you have to do something!
  * ----------------------------
  */
 /**
  * Start parameters - don't remove the parameters part - 
  * The paramters are needed even if you implement your own 
  * authentification It makes sure that the flash is the client     
  */
 $user = parseInputParameter($_POST['twg_user']);
 $pass = parseInputParameter($_POST['twg_pass']);
 $rn = parseInputParameter($_POST['twg_rn']);
 $rn = substr(session_id(), 0, 5) . $rn . session_id();
 include $install_path . "tfu_config.php";
 // check if all included files have the same version to avoid problems during update!
 if ($tfu_config_version != '2.15' || $tfu_help_version != '2.15') {
     tfu_debug('Not all files belong to this version. Please update all files.');
 }
 /**
  * end parameters - now you can implement your own authentification and autorisation
  */
 /**
  * AUTHENTIFICATION
  *
  * This part is interesting if you want to use the login!
  */
 /**
  * TFU has a very simply user managment included -
  * add users/folders/paths at .htusers.php.
  * The password is encrypted - please use the password generator that is included.
  * Read the "Important" part on top!
  */