public function execute()
{
if (false === ($mod_pay = GWF_Module::getModule('Payment'))) {
return GWF_HTML::err('ERR_MODULE_MISSING', array('Payment'));
}
// INIT
$isAdmin = GWF_User::isAdminS();
$modules = GWF_Module::loadModulesFS();
foreach ($modules as $i => $m) {
if (!$isAdmin) {
if ($m->getPrice() > 100000) {
unset($modules[$i]);
}
}
}
GWF_Module::sortModules($modules, 'module_name', 'asc');
$this->modules = $modules;
// Modules to purchase
if (false !== Common::getPost('on_order_2_x')) {
return $this->onOrder();
}
// Actions
if (Common::getPost('purchase')) {
return $this->onPurchase();
}
if (false !== Common::getGet('zipper')) {
return $this->onZip();
}
return $this->templatePurchase();
}
private function sanitize()
{
if (false === ($this->site = WC_Site::getByID(Common::getGetInt('siteid', 0)))) {
return array($this->module->lang('err_site'));
}
require_once GWF_CORE_PATH . 'module/WeChall/WC_SiteAdmin.php';
if (!WC_SiteAdmin::isSiteAdmin(GWF_Session::getUserID(), $this->site->getID()) && !GWF_User::isAdminS()) {
return array(GWF_HTML::lang('ERR_NO_PERMISSION'));
}
return false;
}
public function templateShow()
{
if (false === ($news = GWF_News::getNewsQuick($this->module->getNewsPerPage(), $this->catid, $this->page, GWF_Language::getCurrentID()))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$date = count($news) > 0 ? $news[0]['news_date'] : GWF_Settings::getSetting('gwf_site_birthday') . '090000';
$date = GWF_Time::displayDate($date);
GWF_Website::setPageTitle($this->module->lang('pt_news', array($date)));
GWF_Website::setMetaTags($this->module->lang('mt_news', array($date)));
GWF_Website::setMetaDescr($this->module->lang('md_news', array($this->page, $this->nPages)));
// $mod_forum = GWF_Module::getModule('Forum', true);
$tVars = array('news' => $news, 'titles' => GWF_News::getTitlesQuick($this->catid, GWF_Language::getCurrentID()), 'cats' => GWF_News::getCategories(), 'catid' => $this->catid, 'cat' => GWF_HTML::display($this->catTitle), 'page_menu' => $this->getPageMenu(), 'page' => $this->page, 'can_sign' => $this->module->canSignNewsletter(GWF_Session::getUser()), 'href_sign_news' => $this->module->hrefSignNewsletter(), 'may_add' => GWF_User::isAdminS() || GWF_User::isStaffS(), 'href_add' => $this->module->hrefAddNews());
return $this->module->templatePHP('show.php', $tVars);
}
private function getForm()
{
$data = array();
if (false === ($file = $this->getFile())) {
$name = '';
$size = '';
} else {
$_POST['filename'] = $name = $file['name'];
$size = $file['size'];
}
$data['filename'] = array(GWF_Form::STRING, $name, $this->module->lang('th_dl_filename'));
if ($file === false) {
$data['file'] = array(GWF_Form::FILE_OPT, '', $this->module->lang('th_file'));
if (GWF_User::isLoggedIn()) {
$data['upload'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_upload'));
}
} else {
$data['size'] = array(GWF_Form::SSTRING, $size, $this->module->lang('th_dl_size'));
$data['remove'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_remove'));
}
$data['group'] = array(GWF_Form::SELECT, GWF_GroupSelect::single('group', Common::getPost('group')), $this->module->lang('th_dl_gid'));
$data['level'] = array(GWF_Form::INT, '0', $this->module->lang('th_dl_level'));
if (GWF_User::isAdminS()) {
$data['price'] = array(GWF_Form::FLOAT, '0.00', $this->module->lang('th_dl_price'));
}
$data['expire'] = array(GWF_Form::STRING, '0 seconds', $this->module->lang('th_dl_expire'), $this->module->lang('tt_dl_expire'));
$data['guest_view'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_dl_guest_view'), $this->module->lang('tt_dl_guest_view'));
$data['guest_down'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_dl_guest_down'), $this->module->lang('tt_dl_guest_down'));
$data['adult'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_adult'));
if (GWF_User::isLoggedIn()) {
$data['huname'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_huname'));
}
$data['descr'] = array(GWF_Form::MESSAGE, '', $this->module->lang('th_dl_descr'));
if (!GWF_User::isLoggedIn() && $this->module->cfgGuestCaptcha()) {
$data['captcha'] = array(GWF_Form::CAPTCHA);
}
$data['add'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_add'));
return new GWF_Form($this, $data);
}
<?php
require_once 'settings.php';
require_once 'vuln.php';
chdir("../../../");
require_once "challenge/html_head.php";
$title = 'Light in the Darkness';
html_head("Install: {$title}");
if (!GWF_User::isAdminS()) {
return htmlSendToLogin("Better be admin !");
}
$solution = false;
$score = 6;
$url = "challenge/Mawekl/light_in_the_darkness/index.php";
$creators = "Mawekl";
$tags = 'MySQL,Exploit';
if (false === blightInstall()) {
die('DB ERROR!');
}
WC_Challenge::installChallenge($title, $solution, $score, $url, $creators, $tags, true);
require_once "challenge/html_foot.php";
<?php
$is_admin = GWF_User::isAdminS();
$wc = Module_WeChall::instance();
echo $tVars['page_menu'];
if ($tVars['page'] === 1) {
echo $wc->showBirthdayNews();
echo $wc->showChallengeNews();
echo $wc->showSiteMasterNews();
echo $wc->showAccountLinkNews();
}
?>
<div class="gwf_newsbox">
<?php
foreach ($tVars['news'] as $newsid => $news) {
$t = $news->getTranslation();
$news instanceof GWF_News;
$newsid = $news->getID();
?>
<div class="gwf_newsbox_item">
<div class="gwf_newsbox_head">
<span class="gwf_newsbox_title"><?php
echo $news->displayTitle();
?>
</span>
<span class="gwf_newsbox_date"><?php
echo $news->displayDate();
?>
</span>
<span class="gwf_newsbox_author"><?php
public static function displayMenuAdmin(Module_WeChall $module)
{
$sel = '';
if (Common::getGet('mo') === 'Admin') {
$sel = ' class="wc_menu_sel"';
self::$LEFT_PANEL = false;
self::$RIGHT_PANEL = false;
}
return GWF_User::isAdminS() ? '<li><a' . $sel . ' href="' . GWF_WEB_ROOT . 'nanny">' . $module->lang('menu_admin') . '</a></li>' : '';
}
private function onEdit(GWF_Download $dl)
{
$form = $this->getForm($dl);
if (false !== ($err = $form->validate($this->module))) {
return $err . $this->templateEdit($dl);
}
if (GWF_User::isAdminS()) {
if (false === $dl->saveVar('dl_price', $form->getVar('price'))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templateEdit($dl);
}
}
$options = 0;
$options |= isset($_POST['enabled']) ? GWF_Download::ENABLED : 0;
$options |= isset($_POST['adult']) ? GWF_Download::ADULT : 0;
$options |= isset($_POST['huname']) ? GWF_Download::HIDE_UNAME : 0;
$options |= isset($_POST['guest_view']) ? GWF_Download::GUEST_VISIBLE : 0;
$options |= isset($_POST['guest_down']) ? GWF_Download::GUEST_DOWNLOAD : 0;
if (false === $dl->saveVars(array('dl_filename' => $form->getVar('filename'), 'dl_gid' => $form->getVar('group'), 'dl_level' => $form->getVar('level'), 'dl_descr' => $form->getVar('descr'), 'dl_options' => $options, 'dl_expire' => GWF_TimeConvert::humanToSeconds($form->getVar('expire'))))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templateEdit($dl);
}
return $this->module->message('msg_edited') . $this->templateEdit($dl);
}
public function mayView($user)
{
if (GWF_User::isAdminS()) {
return true;
}
if ($this->isInModeration()) {
return false;
}
if (is_object($user)) {
return $this->mayUserView($user);
} else {
return $this->mayGuestView();
}
}
private static function displayMenuAdmin(Module_PoolTool $module)
{
if (!GWF_User::isAdminS()) {
return '';
}
$sel = Common::getGet('mo') === 'Admin';
$sel = $sel ? ' class="menu_sel"' : '';
$href = GWF_WEB_ROOT . 'nanny';
return sprintf('<a %shref="%s">%s</a>', $sel, $href, $module->lang('menu_admin'));
}
private function onInFaq(GWF_HelpdeskTicket $ticket, $bool)
{
if (!GWF_User::isAdminS()) {
return GWF_HTML::err('ERR_NO_PERMISSION');
}
if (!$ticket->isFAQ()) {
return $this->module->error('err_no_faq');
}
if (false === $ticket->saveOption(GWF_HelpdeskTicket::VISIBLE_FAQ, $bool)) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$key = $bool ? 'msg_infaq' : 'msg_noinfaq';
return $this->module->message($key);
}
