public function __construct() { parent::__construct(); $this->load->driver('auth'); $this->load->helper('auth'); if (!auth_check()) { // put your code here for example: redirect('Testauth/deny'); // don't fotget to make 'Testauth/deny' allowed for all, else you will have infinte loop ;) } }
/** * Add a comment * * This function will add a comment to the database * using the credentials passed to it. * * @access public * @param string $pageUrl The page url * @param string $userName The user adding the comment * @param string $note The note to add * @param string $approved Is it approved ? "Default: pending" */ function addComment($pageUrl, $userName, $note, $approved = 'pending') { $user = isset($GLOBALS['auth_user']) ? $GLOBALS['auth_user']->handle : ''; if ($user) { $sql = "\n INSERT INTO {$this->notesTableName}\n (page_url, user_name, user_handle, note_text, note_time,\n note_approved, note_approved_by, note_deleted)\n VALUES (?, ?, ?, ?, NOW(), ?, ?, 0)\n "; // always approve pear.dev account holder comments, moderate others $res = $this->dbc->query($sql, array($pageUrl, $userName, $user, $note, auth_check('pear.dev') ? 'yes' : $approved, auth_check('pear.dev') ? $user : '')); } else { $sql = "\n INSERT INTO {$this->notesTableName}\n (page_url, user_name, user_handle, note_text, note_time,\n note_approved, note_approved_by, note_deleted)\n VALUES (?, ?, ?, ?, NOW(), ?, null, 0)\n "; $res = $this->dbc->query($sql, array($pageUrl, $userName, $user, $note, $approved)); } if (PEAR::isError($res)) { return $res; } $this->_compileComment($this->dbc->getOne('SELECT LAST_INSERT_ID()'), $note); return true; }
function printForm($data = array()) { foreach (array('name', 'email', 'copy_me', 'subject', 'text') as $value) { if (!isset($data[$value])) { $data[$value] = ''; } } $form = new HTML_QuickForm2('contect', 'post', array('action' => '/account-mail.php?handle=' . htmlspecialchars($_GET['handle']))); $form->removeAttribute('name'); // Set defaults for the form elements $form->addDataSource(new HTML_QuickForm2_DataSource_Array(array('name' => htmlspecialchars($data['name']), 'email' => htmlspecialchars($data['email']), 'copy_me' => htmlspecialchars($data['copy_me']), 'subject' => htmlspecialchars($data['subject']), 'text' => htmlspecialchars($data['text'])))); $form->addElement('text', 'name', array('required' => 'required'))->setLabel('Y<span class="accesskey">o</span>ur Name:', 'size="40" accesskey="o"'); $form->addElement('email', 'email', array('required' => 'required'))->setLabel('Email Address:'); $form->addElement('checkbox', 'copy_me')->setLabel('CC me?:'); $form->addElement('text', 'subject', array('required' => 'required', 'size' => '80'))->setLabel('Subject:'); $form->addElement('textarea', 'text', array('cols' => 80, 'rows' => 10, 'required' => 'required'))->setLabel('Text:'); if (!auth_check('pear.dev')) { $numeralCaptcha = new Text_CAPTCHA_Numeral(); $form->addElement('number', 'captcha', array('maxlength' => 4, 'required' => 'required'))->setLabel("What is " . $numeralCaptcha->getOperation() . '?'); $_SESSION['answer'] = $numeralCaptcha->getAnswer(); } $form->addElement('submit', 'submit')->setLabel('Send Email'); print $form; }
function checkUser($user) { global $dbh; // It's a lead or user of the package $query = ' SELECT m.handle FROM packages p, maintains m WHERE m.handle = ? AND p.id = m.package AND m.role = ?'; $res = $dbh->getOne($query, array($user, 'lead')); if ($res !== null) { return true; } // Try to see if the user is an admin return auth_check('pear.qa'); }
<?php $sub_menu = "200200"; include_once './_common.php'; auth_check($auth[$sub_menu], 'r'); $token = get_token(); $sql_common = " from {$g5['point_table']} "; $sql_search = " where (1) "; if ($stx) { $sql_search .= " and ( "; switch ($sfl) { case 'mb_id': $sql_search .= " ({$sfl} = '{$stx}') "; break; default: $sql_search .= " ({$sfl} like '%{$stx}%') "; break; } $sql_search .= " ) "; } if (!$sst) { $sst = "po_id"; $sod = "desc"; } $sql_order = " order by {$sst} {$sod} "; $sql = " select count(*) as cnt\n {$sql_common}\n {$sql_search}\n {$sql_order} "; $row = sql_fetch($sql); $total_count = $row['cnt']; $rows = $config['cf_page_rows']; $total_page = ceil($total_count / $rows); // 전체 페이지 계산
$cols_name[] = array("日期", "類別", "平台/論壇", "評價層級", "問題", "問題網址", "問題回覆/解答者", "問題回覆/解答日期", "關鍵字"); //$_SESSION['report_value'] = $result; /*echo $col++; echo "<pre>"; print_r( $_SESSION['report_value'] ); echo "</pre>"; foreach($_SESSION['report_value'] as $rows){ foreach($rows as $key => $val ){ print_r( $rows["$key"] ); print "Key $key, Value $val\n"; } }*/ export_xls($_SESSION['report_value'], $cols_name, "export", "export"); exit; } auth_check("member", false, false); $user_id = get_login_id(); $get_member_group_sql = "SELECT group_id,name FROM plu_member WHERE account = '{$user_id}'"; $member_info = $db->get_results($get_member_group_sql, ARRAY_A); $_SESSION['member_group'] = $member_info[0]['group_id']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>CMS後台管理系統-商品服務列表</title> <script src="js/jquery.js" type="text/javascript"></script> <script src="js/jquery.history_remote.pack.js" type="text/javascript"></script> <script src="js/jquery.tabs.pack.js" type="text/javascript"></script> <script type="text/javascript">
<?php require_once 'src/db.php'; session_start(); //make sure user is allowed if ($_SESSION != null) { if (!auth_check($_SESSION['email'], $_SESSION['password'])) { session_destroy(); header('Location: index.php'); } } else { session_destroy(); header('Location: index.php'); } //User is allowed! //Check to see if user posted data if (isset($_POST['title'])) { if (strlen($_POST['title']) > 0) { $title = filter_var($_POST["title"], FILTER_SANITIZE_STRING); $tags = to_pg_array(explode(" ", filter_var($_POST['tags'], FILTER_SANITIZE_STRING))); $visible = isset($_POST['visible']) ? 't' : 'f'; $is_on_odua = isset($_POST['is_on_odua']) ? 't' : 'f'; $content = $_POST['content']; $name = isset($_GET['p']) ? $_GET['p'] : $title; //Data grabed and sanatized, add to database $dbconn = post_connect(); $query = "UPDATE blog SET title='{$title}',entry='{$content}',tags='{$tags}',visible='{$visible}',is_on_odua='{$is_on_odua}' WHERE title='{$name}';\n INSERT INTO blog (title, entry, tags, visible, is_on_odua) SELECT '{$title}', '{$content}', '{$tags}', '{$visible}', '{$is_on_odua}'\n WHERE NOT EXISTS (SELECT 1 FROM blog WHERE title='{$title}');"; $results = pg_query($dbconn, $query) or die('Query failed: ' . pg_last_error()); pg_close($dbconn); if ($results) { pg_free_result($results);
<?php foreach ($inactive_channels as $channel) { ?> <li> <a href="<?php print $channel['project_link']; ?> " title="<?php print $channel['name']; ?> "><?php print $channel['project_label']; ?> </a> <?php if (auth_check('pear.admin')) { ?> (<a href="edit.php?channel=<?php print $channel['name']; ?> ">edit</a>)<?php } ?> </li> <?php } ?> </ul> <?php } ?>
/** * Generates and returns the notes comments HTML. * * @param string $uri Manual page id * * @return string HTML */ function getComments($uri) { $output = ''; require_once 'notes/ManualNotes.class.php'; $manualNotes = new Manual_Notes(); $comments = $manualNotes->getPageComments($uri, auth_check('pear.dev')); if (empty($comments)) { $output .= 'There are no user contributed notes for this page.'; } foreach ($comments as $comment) { $manualNotes->display($comment); } return $output; }
$maintain = !empty($_GET['maintain']) ? $_GET['maintain'] : ''; $bug_type = !empty($_GET['bug_type']) && $_GET['bug_type'] != 'All' ? $_GET['bug_type'] : ''; $boolean_search = isset($_GET['boolean']) ? (int) $_GET['boolean'] : 0; define('BOOLEAN_SEARCH', $boolean_search); $package_name = isset($_GET['package_name']) && is_array($_GET['package_name']) ? $_GET['package_name'] : array(); $package_nname = isset($_GET['package_nname']) && is_array($_GET['package_nname']) ? $_GET['package_nname'] : array(); if (isset($_GET['cmd']) && $_GET['cmd'] == 'display') { $query = 'SELECT SQL_CALC_FOUND_ROWS bugdb.*, ' . ' TO_DAYS(NOW())-TO_DAYS(bugdb.ts2) AS unchanged FROM bugdb' . ' LEFT JOIN packages ON packages.name = bugdb.package_name'; if ($maintain != '' || $handle != '') { $query .= ' LEFT JOIN maintains ON packages.id = maintains.package'; $query .= ' AND maintains.handle = '; $query .= $maintain != '' ? $dbh->quoteSmart($maintain) : $dbh->quoteSmart($handle); $query .= ' AND maintains.active = 1'; } $where_clause = ' WHERE bugdb.registered IN('; $where_clause .= !auth_check('pear.dev') ? '1)' : '1,0)'; if (!empty($package_name)) { $where_clause .= ' AND bugdb.package_name'; if (count($package_name) > 1) { $where_clause .= " IN ('" . join("', '", escapeSQL($package_name)) . "')"; } else { $where_clause .= ' = ' . $dbh->quoteSmart($package_name[0]); } } if (!empty($package_nname)) { $where_clause .= ' AND bugdb.package_name'; if (count($package_nname) > 1) { $where_clause .= " NOT IN ('" . join("', '", escapeSQL($package_nname)) . "')"; } else { $where_clause .= ' <> ' . $dbh->quoteSmart($package_nname[0]); }
function output_note($com_id, $ts, $email, $comment, $showemail = 1, $handle = null, $comment_name = null, $registered) { global $edit, $id, $user, $dbh; echo '<div class="comment">'; echo '<a name="' . urlencode($ts) . '"> </a>'; echo "<strong>[", format_date($ts), "] "; if (!$registered) { echo 'User who submitted this comment has not confirmed identity</strong>'; if (!auth_check('pear.dev')) { echo '<pre class="note">If you submitted this note, check your email.'; echo 'If you do not have a message, <a href="resend-request-email.php?' . 'handle=' . urlencode($handle) . "\">click here to re-send</a>\n", 'MANUAL CONFIRMATION IS NOT POSSIBLE. Write a message to <a href="mailto:' . PEAR_DEV_EMAIL . '">' . PEAR_DEV_EMAIL . '</a>' . "\n", "to request the confirmation link. All bugs/comments/patches associated with this\n\nemail address will be deleted within 48 hours if the account request is not confirmed!"; echo "</pre>\n</div>"; return; } } else { if ($handle) { echo '<a href="/user/' . $handle . '">' . $handle . "</a></strong>\n"; } else { require_once 'bugs/pear-bugs-utils.php'; $pbu = new PEAR_Bugs_Utils(); echo $pbu->spamProtect(htmlspecialchars($email)) . "</strong>\n"; } } if ($comment_name && $registered) { echo '(' . htmlspecialchars($comment_name) . ')'; } if ($edit === 1 && $com_id !== 0 && auth_check('pear.dev')) { echo " <a href=\"bug.php?id={$id}&edit=1&hide_comment={$com_id}\">[delete]</a>\n"; } echo '<div class="note" style="white-space: pre-wrap; width: 60em; overflow: auto; max-height: 20em; padding: 1.0em; margin: 1.0em; background-color: rgb(240, 240, 240)">'; // This has to be done so we don't wordwrap the changeset part again $fix = $comment; $status = ""; $search = "</div>"; $needle = strrpos($comment, $search); if ($needle !== false) { $fix = substr($comment, $needle + strlen($search)); // Get from last div until end of string $status = substr($comment, 0, $needle) . $search; } $comment = make_ticket_links(addlinks(clean($fix))); $comment = $status . $comment; echo $comment; echo "</div>\n"; echo '</div>' . "\n"; }
if (!isset($_POST['admintag'])) { $_POST['admintag'] = 0; } $errors = $manager->validateNewTag($_POST['tag'], $_POST['desc'], $_POST['admintag']); if (!count($errors)) { try { if ($_POST['admintag']) { $manager->createAdminTag($_POST['tag'], $_POST['desc']); } else { $manager->createRegularTag($_POST['tag'], $_POST['desc']); } } catch (Exception $e) { $errors[] = $e->getMessage(); } } } elseif (isset($_POST['deltag'])) { if (isset($_POST['tags']) && is_array($_POST['tags'])) { foreach ($_POST['tags'] as $id => $unused) { try { $manager->deleteTag($id); } catch (Exception $e) { $errors[] = $e->getMessage(); } } } } $tags = $manager->getTags(); $tagname = isset($_POST['tag']) ? strip_tags($_POST['tag']) : ''; $desc = isset($_POST['desc']) ? $_POST['desc'] : ''; $admin = auth_check('pear.admin'); require PEARWEB_TEMPLATEDIR . '/tags/admin.tpl.php';
function auth($type, $forum_id, $ug_data, $f_access = array(), $group_perm = UG_PERM_BOTH) { global $lang, $bf, $datastore; $is_guest = true; $is_admin = false; $auth = $auth_fields = $u_access = array(); $add_auth_type_desc = $forum_id != AUTH_LIST_ALL; // // Get $auth_fields // if ($type == AUTH_ALL) { $auth_fields = array_keys($bf['forum_perm']); } else { if ($auth_type = array_search($type, $bf['forum_perm'])) { $auth_fields = array($auth_type); } } if (empty($auth_fields)) { trigger_error(__FUNCTION__ . '(): empty $auth_fields', E_USER_ERROR); } // // Get $f_access // // If f_access has been passed, or auth is needed to return an array of forums // then we need to pull the auth information on the given forum (or all forums) if (empty($f_access)) { if (!($forums = $datastore->get('cat_forums'))) { $datastore->update('cat_forums'); $forums = $datastore->get('cat_forums'); } if ($forum_id == AUTH_LIST_ALL) { $f_access = $forums['f']; } else { if (isset($forums['f'][$forum_id])) { $f_access[$forum_id] = $forums['f'][$forum_id]; } } } else { if (isset($f_access['forum_id'])) { // Change passed $f_access format for later using in foreach() $f_access = array($f_access['forum_id'] => $f_access); } } if (empty($f_access)) { trigger_error(__FUNCTION__ . '(): empty $f_access', E_USER_ERROR); } // // Get user or group permissions // $forum_match_sql = $forum_id != AUTH_LIST_ALL ? "AND aa.forum_id = " . (int) $forum_id : ''; // GROUP mode if (!empty($ug_data['group_id'])) { $is_guest = false; $is_admin = false; $sql = "SELECT aa.forum_id, aa.forum_perm\n\t\t\tFROM " . BB_AUTH_ACCESS . " aa\n\t\t\tWHERE aa.group_id = " . (int) $ug_data['group_id'] . "\n\t\t\t\t{$forum_match_sql}"; foreach (DB()->fetch_rowset($sql) as $row) { $u_access[$row['forum_id']] = $row['forum_perm']; } } else { if (!empty($ug_data['user_id'])) { $is_guest = empty($ug_data['session_logged_in']); $is_admin = !$is_guest && $ug_data['user_level'] == ADMIN; if ($group_perm != UG_PERM_BOTH) { $group_single_user = $group_perm == UG_PERM_USER_ONLY ? 1 : 0; $sql = "\n\t\t\t\tSELECT\n\t\t\t\t\taa.forum_id, BIT_OR(aa.forum_perm) AS forum_perm\n\t\t\t\tFROM\n\t\t\t\t\t" . BB_USER_GROUP . " ug,\n\t\t\t\t\t" . BB_GROUPS . " g,\n\t\t\t\t\t" . BB_AUTH_ACCESS . " aa\n\t\t\t\tWHERE\n\t\t\t\t\t ug.user_id = " . (int) $ug_data['user_id'] . "\n\t\t\t\t\tAND ug.user_pending = 0\n\t\t\t\t\tAND g.group_id = ug.group_id\n\t\t\t\t\tAND g.group_single_user = {$group_single_user}\n\t\t\t\t\tAND aa.group_id = g.group_id\n\t\t\t\t\t\t{$forum_match_sql}\n\t\t\t\t\tGROUP BY aa.forum_id\n\t\t\t"; foreach (DB()->fetch_rowset($sql) as $row) { $u_access[$row['forum_id']] = $row['forum_perm']; } } else { if (!$is_guest && !$is_admin) { $sql = "SELECT SQL_CACHE aa.forum_id, aa.forum_perm\n\t\t\t\t\tFROM " . BB_AUTH_ACCESS_SNAP . " aa\n\t\t\t\t\tWHERE aa.user_id = " . (int) $ug_data['user_id'] . "\n\t\t\t\t\t\t{$forum_match_sql}"; foreach (DB()->fetch_rowset($sql) as $row) { $u_access[$row['forum_id']] = $row['forum_perm']; } } } } } // If the user is logged on and the forum type is either ALL or REG then the user has access // // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions // to do whatever it is they want to do ... to do this we pull relevant information for the // user (and any groups they belong to) // // Now we compare the users access level against the forums. We assume here that a moderator // and admin automatically have access to an ACL forum, similarly we assume admins meet an // auth requirement of MOD // foreach ($f_access as $f_id => $f_data) { $auth[$f_id]['auth_mod'] = auth_check('forum_perm', 'auth_mod', $u_access, $f_id, $is_admin); foreach ($auth_fields as $auth_type) { if (!isset($f_data[$auth_type])) { continue; } switch ($f_data[$auth_type]) { case AUTH_ALL: $auth[$f_id][$auth_type] = true; break; case AUTH_REG: $auth[$f_id][$auth_type] = !$is_guest; break; case AUTH_ACL: $auth[$f_id][$auth_type] = auth_check('forum_perm', $auth_type, $u_access, $f_id, $is_admin) || $auth[$f_id]['auth_mod']; break; case AUTH_MOD: $auth[$f_id][$auth_type] = $auth[$f_id]['auth_mod']; break; case AUTH_ADMIN: $auth[$f_id][$auth_type] = $is_admin; break; default: $auth[$f_id][$auth_type] = false; } if ($add_auth_type_desc) { $auth[$f_id][$auth_type . '_type'] =& $lang['AUTH_TYPES'][$f_data[$auth_type]]; } } } return $forum_id == AUTH_LIST_ALL ? $auth : $auth[$forum_id]; }
function auth_require($admin = false) { global $auth_user; $res = true; if (!is_logged_in()) { auth_reject(); // exits } $num = func_num_args(); for ($i = 0; $i < $num; $i++) { $arg = func_get_arg($i); $res = auth_check($arg); if ($res == true) { return true; } } if ($res == false) { response_header("Insufficient Privileges"); report_error("Insufficient Privileges"); response_footer(); exit; } return true; }
function auth_need($domain, $did, $auth, $level = 1) { $flag = auth_check($domain, $did, $auth, $level); if ($flag > 0) { return true; } global $_TPL; $_TPL['hidemenu'] = true; switch ($flag) { case -1: message('并不拥有指定权限' . $auth, '警告'); break; case -2: message('并不拥有指定权限' . $auth . ',该权限已经被取消', '警告'); break; case -3: message('并不拥有指定权限' . $auth . ',授权等级不足', '警告'); break; case 0: message('授权操作被拒绝', '警告'); break; } }
<?php include_once 'error_converted_exception_handler.php'; require_once 'library.php'; auth_check();
<?php require_once './commonAPI.php'; require_once './constantAPI.php'; require_once './auth.php'; require_once './phpError.php'; $realm = $_SERVER['SERVER_NAME']; $authError = ""; if (!$myUser && !($myUser = auth_check($realm))) { auth_request($realm); } else { header('Cache-Control: no-cache, must-revalidate'); header('Expires:' . gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600)); header('Content-type: application/json'); $jsonOutput = "{\"error\":{\"id\":\"0\",\"message\":\"no error\"}}\n"; } $_SESSION['currentUser'] = serialize($myUser); if ($isErrorPHP == true) { echo $msgErrorPHP; $_SESSION = array(); session_unset(); session_destroy(); } else { echo $jsonOutput; }
ini_set('default_socket_timeout', 1800); ini_set('date.timezone', 'Asia/Chongqing'); if (function_exists('mysql_set_timeout')) { mysql_set_timeout(99999999); } $db_admin_user = '******'; $db_admin_pass = '******'; $backup_user = '******'; ////////////////////////////// // Main ////////////////////////////// $validate_arg_array = array("mode" => array("required" => 0, "value_expected" => 1, "default_val" => 'create', "help_alias" => "[ seed | statement | clean ]"), "ddl_file" => array("required" => 0, "value_expected" => 1, "help_alias" => "Required for mode statement.\n File with ALTER or CREATE statements"), "seed_tables" => array("required" => 0, "value_expected" => 1, "help_alias" => "Required for mode seed.\n Comma seperated list of tables for which schema\n should be replicated from seed db"), "seed_host" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "Required for mode seed.\n Host with example of desired table structure"), "seed_db" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "Required for mode seed.\n Schema with example of desired table structure"), "socket" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "mysqld socket file (default is to run on all)"), "dbname" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "Run on named database\n Default is all not like test, mysql, localinfo,\n snapshot%, %_restored"), "skip_fk_check" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Skip foreign key check (not advisable outside udb)"), "skip_trigger_check" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Skip trigger check (not advisable)"), "eliminate_dups" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Removes duplicate entries for PK/uniques.\n Dangerous if run on slaves before masters."), "eliminate_unused_columns" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Allows a column to be dropped if it is not\n the in the new schema"), "use_new_pk" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Use new tables PK for doing merging of data.\n This option will use more diskspace and be slower."), "create_missing_table" => array("required" => 0, "value_expected" => 0, "default_val" => 0, "help_alias" => "If this option is set the script will create\n a missing table"), "ignore_partition_differences" => array("required" => 0, "value_expected" => 0, "default_val" => 0, "help_alias" => "If this option is set the script will not consider\n differences in partitions in its view of whether a table\n is already in the desired state"), "tmpdir" => array("required" => 0, "value_expected" => 1, "default_val" => null, "help_alias" => "Directory to temporarily store data\n Default is schema data directory"), "verbose" => array("required" => 0, "value_expected" => 1, "default_val" => 1, "help_alias" => "A value of 0 only shows errors,\n 1 is the default and shows most interesting information,\n 2 is has more detail than is normally useful,\n 3 is very verbose and can break servers"), "long_trx_time" => array("required" => 0, "value_expected" => 1, "default_val" => 3600, "help_alias" => "Do not run OSC if a trx running longer than X exists"), "osc_class" => array("required" => 0, "value_expected" => 1, "default_val" => "OnlineSchemaChange", "help_alias" => "OnlineSchemaChange class to use instead of default"), "connection_limit" => array("required" => 0, "value_expected" => 1, "default_val" => CONNECTION_LIMIT, "help_alias" => "Wait to run if more than XXX connection exist\n DEFAULT is " . CONNECTION_LIMIT . " with a 10 minute timeout"), "scratch_schema" => array("required" => 0, "value_expected" => 1, "default_val" => "test", "help_alias" => "Schema to use instead of test for conversions of ALTERs\n into CREATE TABLE statements"), "accept_mysql_version" => array("required" => 0, "value_expected" => 0, "default_val" => null, "help_alias" => "Accept a version of MySQL that has not been white listed\n in the main OSC code"), "safe_compression_version" => array("required" => 0, "value_expected" => 1, "default_val" => "5.1.53", "help_alias" => "Strip InnoDB compression from CREATE TABLE statements\n if mysql is less than this version (default 5.1.53)")); if (!($arg_list = validate_args($validate_arg_array))) { gen_help($validate_arg_array); } if (auth_check() == false) { print "ERROR: You have to run this script as root user\n"; gen_help($validate_arg_array); exit(1); } foreach ($arg_list as $arg => $value) { ${$arg} = $value; } if ($osc_class != "OnlineSchemaChange") { require_once 'osc_helpers/' . $osc_class . '.php'; } // get localhost $op = "/bin/hostname | sed -e 's/\\.facebook\\.com//'"; $basename = trim(shell_exec($op)); $allowed_modes = array('seed', 'statement', 'clean'); $check_mode = array_search($mode, $allowed_modes);
} $patchcontents = $patchinfo->getPatch($buginfo['id'], $patch, $revision); if (PEAR::isError($patchcontents)) { response_header('Error :: Cannot retrieve patch'); report_error('Internal error: Invalid patch/revision specified (is in database, but not in filesystem)'); response_footer(); exit; } $package = $buginfo['package_name']; $bug = $buginfo['id']; $handle = $patchinfo->getDeveloper($bug, $patch, $revision); $obsoletedby = $patchinfo->getObsoletingPatches($bug, $patch, $revision); $obsoletes = $patchinfo->getObsoletePatches($bug, $patch, $revision); $patches = $patchinfo->listPatches($bug); $revisions = $patchinfo->listRevisions($bug, $patch); $canpatch = auth_check('pear.bug') || auth_check('pear.dev'); response_header('Bug #' . clean($bug) . ' :: Patches'); if (isset($_GET['diff']) && $_GET['diff'] && isset($_GET['old']) && is_numeric($_GET['old'])) { /** * Display patch diff */ $diffoldrev = (int) $_GET['old']; $old = $patchinfo->getPatchFullpath($bug_id, $patch, $diffoldrev); $new = $path; if (!realpath($old) || !realpath($new)) { response_header('Error :: Cannot retrieve patch'); report_error('Internal error: Invalid patch revision specified for diff'); response_footer(); exit; } require_once 'Horde/Text/Diff.php';
logme($lang['ok_login'], 'no', 'user'); } else { $s = 'login'; $message = $log_in; logme($lang['failed_login'], 'yes', 'error'); } } else { if (isset($s) && $s == 'logout') { setcookie('pixie_login', ' ', time() - 3600, '/'); $s = 'login'; if (isset($tool) && $tool == 'home') { header('Location: ../'); exit; } } else { $log_in = auth_check(); if (isset($GLOBALS['pixie_user'])) { if ($GLOBALS['pixie_user']) { if (isset($s) && $s) { /* Then use $s */ } else { $s = 'myaccount'; } } else { /*if ($s == 'help') { $s = 'help'; } else {*/ $s = 'login'; /*}*/ $message = $log_in; }
/** * Assigns the header urls to the smarty engine * * @param string $help The helpfile to display (optional, without extension) * @param string $title The text to add to html <title> tag (optional, will be html-encoded) */ function tpl_header($help = '', $title = '') { global $smarty, $lang, $config; global $id, $diskid; // viewing is only availble if autorized or public access if (auth_check(false)) { $header['browse'] = 'index.php'; if (check_permission(PERM_READ, PERM_ANY)) { $header['random'] = 'show.php'; $header['search'] = 'search.php'; } $header['stats'] = 'stats.php'; if ($config['imdbBrowser']) { $header['trace'] = 'trace.php'; } $header['help'] = 'help.php'; if ($help) { $header['help'] .= '?page=' . $help . '.html'; } } // editing is only available in local network if (localnet()) { if (check_permission(PERM_WRITE, PERM_ANY)) { //2015-10-6 Alex ADD start $header['studio'] = 'studiolist.php'; //2015-10-6 Alex ADD end $header['new'] = 'edit.php'; if ($config['showtools']) { $header['contrib'] = 'contrib.php'; } } if (check_permission(PERM_ADMIN)) { $header['setup'] = 'setup.php'; } // edit or show? if ($id) { if (check_videopermission(PERM_WRITE, $id)) { $header['edit'] = 'edit.php?id=' . $id; } if (!preg_match('/show.php$/', $_SERVER['PHP_SELF'])) { $header['view'] = 'show.php?id=' . $id; } if (check_videopermission(PERM_WRITE, $id)) { $header['del'] = 'delete.php?id=' . $id; } } if (check_permission(PERM_WRITE, PERM_ANY)) { $header['borrow'] = 'borrow.php'; if (isset($diskid)) { $header['borrow'] .= '?diskid=' . $diskid; } } } // multiuser settings if ($config['multiuser']) { $header['login'] = '******'; // logged in? if (!empty($_COOKIE['VDBusername']) && $_COOKIE['VDBuserid'] != $config['guestid']) { $header['profile'] = 'profile.php'; $smarty->assign('loggedin', $_COOKIE['VDBusername']); } else { // make sure anonymous users don't get access to trace for security reasons unset($header['trace']); } if (check_permission(PERM_ADMIN)) { $header['users'] = 'users.php'; } } // determine active tab if (preg_match('/(\\w+)\\.php/', $_SERVER['PHP_SELF'], $m)) { $tab = strtolower($m[1]); switch ($tab) { case 'show': case 'edit': if (!empty($id)) { $header['active'] = $tab; } else { $header['active'] = $tab == 'show' ? 'random' : 'new'; } break; default: /* legacy version $translate = array('index' => 'browse', 'users' => 'setup', 'permissions' => 'setup', 'delete' => 'show'); */ $translate = array('index' => 'browse', 'permissions' => 'users', 'delete' => 'show'); if (in_array($tab, array_keys($translate))) { $tab = $translate[$tab]; } $header['active'] = $tab; } } // breadcrumbs $breadcrumbs = session_get('breadcrumbs', array()); $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('title', htmlspecialchars($title)); $smarty->assign('header', $header); $smarty->assign('style', $config['style']); $smarty->assign('langcode', $config['language']); }
function draw_navigation() { global $auth_user; // SELF doesn't cut it here, using REQUEST URI instead $self = strip_tags(htmlspecialchars(@$_SERVER['REQUEST_URI'], ENT_QUOTES, 'iso-8859-1')); if ($self === '/') { $self = '/index.php'; } include_once 'pear-auth.php'; init_auth_user(); $main_order = $main = $data = $sub = $rel = array(); $main_order[1] = '/index.php'; $main['/index.php'] = 'Main'; $sub['/index.php'] = array(); $sub['/index.php']['/index.php'] = 'Home'; $sub['/index.php']['/news/'] = 'News'; $sub['/index.php']['/qa/'] = 'Quality Assurance'; $sub['/index.php']['/group/'] = 'The PEAR Group'; $sub['/index.php']['/mirrors.php'] = 'Mirrors'; $main_order[2] = '/support/'; $main['/support/'] = 'Support'; $sub['/support/'] = array(); $sub['/support/']['/support/'] = 'Overview'; $sub['/support/']['/support/lists.php'] = 'Mailing Lists'; $sub['/support/']['/support/books.php'] = 'Books'; $sub['/support/']['/support/tutorials.php'] = 'Tutorials'; $sub['/support/']['/support/slides.php'] = 'Presentation Slides'; $sub['/support/']['/support/icons.php'] = 'Icons'; $sub['/support/']['/support/forums.php'] = 'Forums'; $main_order[3] = '/manual/'; $main['/manual/'] = 'Documentation'; $sub['/manual/'] = array(); $sub['/manual/']['/manual/en/about-pear.php'] = 'About PEAR'; $sub['/manual/']['/manual/'] = 'Manual'; $sub['/manual/']['/manual/en/faq.php'] = 'FAQ'; $main_order[4] = '/packages.php'; $main['/packages.php'] = 'Packages'; $sub['/packages.php'] = array(); if (!empty($auth_user) && !empty($auth_user->registered) && auth_check('pear.dev')) { $sub['/packages.php']['/package-new.php'] = 'New Package'; $sub['/packages.php']['/release-upload.php'] = 'Upload Release'; } $sub['/packages.php']['/packages.php'] = 'List Packages'; $sub['/packages.php']['/search.php'] = 'Search Packages'; $sub['/packages.php']['/package-stats.php'] = 'Statistics'; $sub['/packages.php']['/channels/'] = 'Channels'; $main_order[6] = '/accounts.php'; $main['/accounts.php'] = 'Developers'; $sub['/accounts.php'] = array(); $sub['/accounts.php']['/map/'] = 'Find a Developer'; $sub['/accounts.php']['/accounts.php'] = 'List Accounts'; $sub['/accounts.php']['/bugs/stats_dev.php'] = 'Developers Bug Statistics'; if (!empty($auth_user) && !empty($auth_user->registered) && auth_check('pear.dev')) { $sub['/accounts.php']['/release-upload.php'] = 'Upload Release'; $sub['/accounts.php']['/package-new.php'] = 'New Package'; $sub['/accounts.php']['/notes/admin/'] = 'Manage User Notes'; $sub['/accounts.php']['/election/'] = 'View Elections'; } $main_order[5] = '/pepr/'; $main['/pepr/'] = 'Package Proposals'; $sub['/pepr/'] = array(); $sub['/pepr/']['/pepr/'] = 'Browse Proposals'; $sub['/pepr/']['/pepr/pepr-proposal-edit.php'] = 'New Proposal'; $main_order[7] = '/bugs/'; $main['/bugs/'] = 'Bugs'; $sub['/bugs/'] = array(); $sub['/bugs/']['/bugs/search.php'] = 'Search for bugs'; $sub['/bugs/']['/bugs/stats.php'] = 'Package Bug Statistics'; if (!empty($auth_user) && $auth_user->isAdmin()) { $main_order[8] = '/admin/'; $main['/admin/'] = 'Administrators'; $sub['/admin/'] = array(); $sub['/admin/']['/admin/'] = 'Overview'; $sub['/admin/']['/admin/package-approval.php'] = 'Package approvals'; $sub['/admin/']['/admin/category-manager.php'] = 'Manage categories'; $sub['/admin/']['/tags/admin.php'] = 'Manage tags'; $sub['/admin/']['/admin/karma.php'] = 'Karma'; $sub['/admin/']['/admin/apidoc-log.php'] = 'APIdoc log'; } // Orders the main items in the proper order according to $main_order ksort($main_order); foreach ($main_order as $mo) { if (isset($main[$mo])) { $data[$mo] = $main[$mo]; } } // Relationship linker foreach (array_keys($sub) as $path) { $keys = array_keys($sub[$path]); $temp = array_fill_keys($keys, $path); $rel += $temp; } // Can't find a match, lets cut pieces of the url // lets first try sub dir + a php file if (!isset($rel[$self]) || $rel[$self] === null) { $pos = strpos($self, '.php'); $self = $pos !== false ? substr($self, 0, $pos + 4) : $self; } // Can't find a match, lets cut pieces of the url if ((!isset($rel[$self]) || $rel[$self] === null) && strlen($self) > 0) { $pos = strpos($self, '/', 1); $self = $pos !== false ? substr($self, 0, $pos + 1) : $self; } /* Check if it's a top level item. * There are cases were we don't want to put fake second level * menu item, like Bugs -> Index, the top level link serves as Index */ if (isset($data[$self])) { $rel += array($self => $self); } // avoid a notice if the array key isn't set if (!array_key_exists($self, $rel)) { $rel[$self] = null; } // Not really menu items but required so the correct // sub menu item gets selected $fake = array('/developers/' => '/accounts.php', '/user/' => '/accounts.php', '/package/' => '/packages.php', '/package-edit.php' => '/packages.php', '/package-delete.php' => '/packages.php'); if (isset($fake[$self])) { $self = $fake[$self]; } // Still no luck, lets fallback on index.php if ($rel[$self] === null) { $self = '/index.php'; } $menu = array(); $menu['main'] = make_menu($data, 'menu', $rel[$self]); $menu['sub'] = make_menu($sub[$rel[$self]], 'submenu', $self); return $menu; }
<?php $sub_menu = "300100"; include_once './_common.php'; include_once G5_LIB_PATH . '/json.lib.php'; $data = array(); $data['error'] = ''; $data['error'] = auth_check($auth[$sub_menu], 'w', true); if ($data['error']) { die(json_encode($data)); } if (!$config['cf_theme']) { $data['error'] = '사용 중인 테마가 없습니다.'; die(json_encode($data)); } $theme_dir = get_theme_dir(); if (!in_array($config['cf_theme'], $theme_dir)) { $data['error'] = $config['cf_theme'] . ' 테마는 설치된 테마가 아닙니다.'; die(json_encode($data)); } $type = $_POST['type']; $arr_type = array('board', 'conf_skin', 'conf_member', 'shop_skin', 'shop_img_size'); if (!in_array($type, $arr_type)) { $data['error'] = '올바른 방법으로 이용해 주십시오.'; die(json_encode($data)); } if ($type == 'board') { $keys = array('bo_gallery_cols', 'bo_gallery_width', 'bo_gallery_height', 'bo_mobile_gallery_width', 'bo_mobile_gallery_height', 'bo_image_width'); $tconfig = get_theme_config_value($config['cf_theme'], implode(',', $keys)); $i = 0; foreach ($keys as $val) {
function response_header($title = 'The PHP Extension Community Library', $style = false) { global $_style, $_header_done, $SIDEBAR_DATA, $extra_styles, $auth_user; if ($_header_done) { return; } $_header_done = true; $_style = $style; $rts = rtrim($SIDEBAR_DATA); if (substr($rts, -1) == '-') { $SIDEBAR_DATA = substr($rts, 0, -1); } else { global $main_menu, $docu_menu, $downloads_menu; $SIDEBAR_DATA .= draw_navigation($main_menu); $SIDEBAR_DATA .= draw_navigation($docu_menu, 'Documentation:'); $SIDEBAR_DATA .= draw_navigation($downloads_menu, 'Downloads:'); if (!$GLOBALS['_NODB']) { init_auth_user(); } else { $auth_user = null; } if (is_logged_in()) { global $developer_menu; $SIDEBAR_DATA .= draw_navigation($developer_menu, 'Developers:'); if (auth_check(true)) { global $admin_menu; $SIDEBAR_DATA .= draw_navigation($admin_menu, 'Administrators:'); } } } echo '<?xml version="1.0" encoding="ISO-8859-1" ?>'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>PECL :: <?php echo $title; ?> </title> <link rel="shortcut icon" href="/gifs/pecl-favicon.ico" /> <link rel="stylesheet" href="/css/style.css" /> <?php foreach ($extra_styles as $style_file) { echo ' <link rel="stylesheet" href="' . $style_file . "\" />\n"; } ?> <link rel="alternate" type="application/rss+xml" title="RSS feed" href="http://<?php echo $_SERVER['HTTP_HOST']; ?> /feeds/latest.rss" /> </head> <body <?php if (!empty($GLOBALS['ONLOAD'])) { print "onload=\"" . $GLOBALS['ONLOAD'] . "\""; } ?> > <div> <a id="TOP"></a> </div> <!-- START HEADER --> <table class="head" cellspacing="0" cellpadding="0" width="100%"> <tr> <td class="head-logo"> <?php print_link('/', make_image('peclsmall.gif', 'PECL :: The PHP Extension Community Library', false, false, false, false, 'margin: 5px;')); ?> <br /> </td> <td class="head-menu"> <?php if (empty($auth_user)) { print_link('/login.php', 'Login', false, 'class="menuBlack"'); } else { print '<small class="menuWhite">'; print 'Logged in as ' . strtoupper($auth_user->handle) . ' ('; print '<a class="menuWhite" href="/user/' . $auth_user->handle . '">Info</a> | '; print '<a class="menuWhite" href="/account-edit.php?handle=' . $auth_user->handle . '">Profile</a> | '; print '<a class="menuWhite" href="https://bugs.php.net/search.php?cmd=display&status=Open&assign=' . $auth_user->handle . '">Bugs</a>'; print ")</small><br />\n"; print_link('/?logout=1', 'Logout', false, 'class="menuBlack"'); } echo delim(); print_link('/packages.php', 'Packages', false, 'class="menuBlack"'); echo delim(); print_link('/support.php', 'Support', false, 'class="menuBlack"'); echo delim(); print_link('/bugs/', 'Bugs', false, 'class="menuBlack"'); ?> <br /> <?php spacer(2, 2); ?> <br /> </td> </tr> <tr> <td class="head-search" colspan="2"> <form method="post" action="/search.php"> <p class="head-search"><span class="accesskey">S</span>earch for <input class="small" type="text" name="search_string" value="" size="20" accesskey="s" /> in the <select name="search_in" class="small"> <option value="packages">Packages</option> <option value="site">This site (using Google)</option> <option value="developers">Developers</option> <option value="pecl-dev">Developer mailing list</option> <option value="pecl-cvs">SVN commits mailing list</option> </select> <input type="image" src="/gifs/small_submit_white.gif" alt="search" style="vertical-align: middle;" /> <br /> </p> </form> </td> </tr> </table> <!-- END HEADER --> <!-- START MIDDLE --> <table class="middle" cellspacing="0" cellpadding="0"> <tr> <?php if (isset($SIDEBAR_DATA)) { ?> <!-- START LEFT SIDEBAR --> <td class="sidebar_left"> <?php echo $SIDEBAR_DATA; ?> </td> <!-- END LEFT SIDEBAR --> <?php } ?> <!-- START MAIN CONTENT --> <td class="content"> <?php }
<?php if (isset($_REQUEST['bug_type'])) { $selectedBt = $_REQUEST['bug_type']; } else { $selectedBt = $_POST['in']['bug_type']; } ?> <select name="in[bug_type]" id="in[bug_type]"> <?php show_type_options($selectedBt); ?> </select> </td> </tr> <?php if (auth_check('pear.dev')) { $content = ''; Bug_DataObject::init(); $db = Bug_DataObject::bugDB('bugdb_roadmap'); $db->package = $clean_package; $db->orderBy('releasedate ASC'); $myroadmaps = array(); if (isset($_POST['in']) && isset($_POST['in']['roadmap']) && is_array($_POST['in']['roadmap'])) { $myroadmaps = array_flip($_POST['in']['roadmap']); } if ($db->find(false)) { while ($db->fetch()) { $released = $dbh->getOne('SELECT releases.id FROM packages, releases, bugdb_roadmap b WHERE b.id = ? AND
function auth_require() { global $auth_user; $res = true; $user = @$_COOKIE['PEAR_USER']; $passwd = @$_COOKIE['PEAR_PW']; if (!auth_verify($user, $passwd)) { auth_reject(); // exits } $num = func_num_args(); for ($i = 0; $i < $num; $i++) { $arg = func_get_arg($i); $res = auth_check($arg); if ($res === true) { return true; } } if ($res === false) { response_header("Insufficient Privileges"); report_error("Insufficient Privileges"); response_footer(); exit; } return true; }
<?php $sub_menu = "200100"; include_once "./_common.php"; check_demo(); auth_check($auth[$sub_menu], "d"); $mb = get_member($_POST['mb_id']); if (!$mb[mb_id]) { alert("회원자료가 존재하지 않습니다."); } else { if ($member[mb_id] == $mb[mb_id]) { alert("로그인 중인 관리자는 삭제 할 수 없습니다."); } else { if (is_admin($mb[mb_id]) == "super") { alert("최고 관리자는 삭제할 수 없습니다."); } else { if ($mb[mb_level] >= $member[mb_level]) { alert("자신보다 권한이 높거나 같은 회원은 삭제할 수 없습니다."); } } } } check_token(); // 회원자료 삭제 member_delete($mb[mb_id]); if ($url) { goto_url("{$url}?{$qstr}&w=u&mb_id={$mb_id}"); } else { goto_url("./member_list.php?{$qstr}"); }
function removePackageTag($tag, $package) { if (!is_int($package)) { $package = package::info($package, 'id'); } if (!is_numeric($tag)) { $tagid = $this->tagExists($tag); } else { $tagid = $tag; } if (!$package || !$tagid) { return; } if ($this->dbh->getOne('SELECT adminkey FROM tagnames WHERE tagid=?', array($tagid))) { if (!auth_check('pear.group') && !auth_check('pear.admin')) { throw new Exception('Only PEAR administrators can set or remove this tag'); } } $this->dbh->query('DELETE FROM tag_package_link WHERE package_id=? AND tagid=?', array($package, $tagid)); }