コード例 #1
0
ファイル: none.php プロジェクト: erico-deh/ocPortal
 /**
  * Find if the given member id and password is valid. If username is NULL, then the member id is used instead.
  * All authorisation, cookies, and form-logins, are passed through this function.
  * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login.
  *
  * @param  ?SHORT_TEXT	The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
  * @param  MEMBER			The member id
  * @param  MD5				The md5-hashed password
  * @param  string			The raw password
  * @param  boolean		Whether this is a cookie login
  * @return array			A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set
  */
 function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false)
 {
     unset($cookie_login);
     $out = array();
     $out['id'] = NULL;
     if ($username != $this->get_admin_username() && $userid != 1) {
         $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username);
         return $out;
     }
     if (!check_master_password($password_raw)) {
         $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD');
         return $out;
     }
     $out['id'] = 1;
     return $out;
 }
コード例 #2
0
ファイル: upgrade.php プロジェクト: erico-deh/ocPortal
/**
 * The upgrader.php script handler.
 */
function upgrade_script()
{
    @ini_set('ocproducts.xss_detect', '0');
    require_lang('upgrade');
    require_code('database_action');
    require_code('config2');
    if (function_exists('set_time_limit')) {
        @set_time_limit(180);
    }
    if (array_key_exists('given_password', $_POST)) {
        $given_password = post_param('given_password');
        if (check_master_password($given_password)) {
            $type = get_param('type', 'misc');
            require_code('abstract_file_manager');
            up_do_header();
            if (post_param('ftp_username', '') != '') {
                $_POST['uses_ftp'] = '1';
                _ftp_info(true);
                // To give early error if there's a problem
            }
            // Handle shared site upgrading with no per-site UI
            global $SITE_INFO;
            if (isset($SITE_INFO['custom_file_base_stub'])) {
                require_code('shared_installs');
                $u = current_share_user();
                if (!is_null($u)) {
                    upgrade_sharedinstall_sites();
                    echo '<p>Now regenerate <kbd>template.sql</kbd>, using something like <kbd>mysqldump -uroot -p myocp_site_shareddemo > ~/public_html/template.sql</kbd></p>';
                    up_do_footer();
                    return;
                }
            }
            $show_more_link = true;
            switch ($type) {
                case 'misc':
                    clear_caches_1();
                    $l_choices = do_lang('FU_CHOICES');
                    $oc = get_option('site_closed') == '0' ? do_lang('SITE_OPEN') : do_lang('SITE_CLOSED');
                    $a = float_to_raw_string(ocp_version_number());
                    $b = get_value('version');
                    if (is_null($b)) {
                        $b = '2.5';
                    }
                    $l_up_info = do_lang('FU_UP_INFO' . ($a == $b ? '_1' : '_2'), $a, $b);
                    $l_fu_closedness = do_lang('FU_CLOSENESS', $oc);
                    $l_maintenance = do_lang('FU_MAINTENANCE');
                    $l_upgrading = do_lang('FU_UPGRADING');
                    $l_take_backup = do_lang('FU_TAKE_BACKUP');
                    $l_clear_caches = fu_link('upgrader.php?type=decache', do_lang('FU_CLEAR_CACHES'));
                    $l_check_permissions = fu_link('upgrader.php?type=check_perms', do_lang('FU_CHECK_PERMISSIONS'));
                    $l_fix_permissions = fu_link('upgrader.php?type=fix_perms', do_lang('FU_FIX_PERMISSIONS'));
                    $l_close_site = fu_link('upgrader.php?type=close_site', do_lang('FU_CLOSE_SITE'), get_option('site_closed') == '1');
                    $l_integrity_scan = fu_link('upgrader.php?type=integrity_scan&allow_merging=1', do_lang('FU_INTEGRITY_SCAN'), false, do_lang('FU_WILL_MERGE'));
                    $l_integrity_scan_no_merging = fu_link('upgrader.php?type=integrity_scan', do_lang('FU_INTEGRITY_SCAN_NO_CSS_MERGE'));
                    $l_database_upgrade = fu_link('upgrader.php?type=db_upgrade', do_lang('FU_DATABASE_UPGRADE'));
                    $l_theme_upgrade = fu_link('upgrader.php?type=theme_upgrade', do_lang('FU_THEME_UPGRADE'));
                    $l_open_site = fu_link('upgrader.php?type=open_site', do_lang('FU_OPEN_SITE'), get_option('site_closed') == '0');
                    $l_error_correction = do_lang('FU_ERROR_CORRECTION');
                    $l_not_for_patch = do_lang('FU_NOT_FOR_PATCH');
                    $l_tutorial = fu_link('http://ocportal.com/docs/tut_upgrade.htm', do_lang('FU_TUTORIAL'));
                    $l_release_notes = do_lang('FU_RELEASE_NOTES');
                    $l_refer_release_notes = do_lang('FU_REFER_RELEASE_NOTES');
                    $news_id = post_param_integer('news_id', NULL);
                    $tar_url = '';
                    if (!is_null($news_id)) {
                        require_code('files');
                        $fetch_url = 'http://ocportal.com/uploads/website_specific/ocportal.com/scripts/fetch_release_details.php?news_id=' . strval($news_id) . '&from_version=' . urlencode(strval(ocp_version()) . '.' . ocp_version_minor());
                        $news = http_download_file($fetch_url, NULL, true, false, 'ocPortal', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 30.0);
                        $details = unserialize($news);
                        if ($details[0] != '') {
                            $l_refer_release_notes = $details[0] . '<div style="overflow: auto; height: 150px">' . $details[2] . '</div>';
                        }
                        $tar_url = $details[1];
                    }
                    $l_download = fu_link('upgrader.php?type=file_upgrade&tar_url=' . urlencode(base64_encode($tar_url)), do_lang('FU_DOWNLOAD'));
                    $l_important = do_lang('IMPORTANT');
                    $l_bugs = do_lang('FU_BUGS');
                    $l_upgrade_steps = do_lang('FU_UPGRADE_STEPS');
                    $l_action = do_lang('ACTION');
                    $l_step = do_lang('FU_STEP');
                    $l_estimated_time = do_lang('FU_ESTIMATED_TIME');
                    $l_safe_mode = fu_link('index.php?keep_safe_mode=1', do_lang('FU_SAFE_MODE'));
                    $num_addons = $GLOBALS['SITE_DB']->query_value('addons', 'COUNT(*)');
                    $l_addon_management = fu_link('adminzone/index.php?page=admin_addons&keep_safe_mode=1', do_lang('FU_ADDON_MANAGEMENT', integer_format($num_addons)), $num_addons == 0);
                    $l_customisations = do_lang('FU_CUSTOMISATIONS');
                    $closed = comcode_to_tempcode(get_option('closed'), NULL, true);
                    $closed_url = build_url(array('page' => 'admin_config', 'type' => 'category', 'id' => 'SITE'), get_module_zone('admin_config'), NULL, false, false, false, 'group_CLOSED_SITE');
                    echo "\n<p>{$l_choices}</p>\n\n<div style=\"margin: 0 50px\">\n\t<h2>{$l_maintenance}&hellip;</h2><ul>\n\t\t<li>{$l_clear_caches}</li>\n\t\t<li>{$l_check_permissions}</li>\n\t\t<li>{$l_fix_permissions}</li>\n\t</ul>\n\n\t<h2 style=\"margin-top: 40px\">{$l_upgrading}&hellip;</h2>\n\n\t<h3>{$l_important}</h3>\n\n\t<p>{$l_bugs}</p>\n\n\t<h3>{$l_release_notes}</h3>\n\n\t<p>{$l_refer_release_notes}</p>\n\n\t<h3>{$l_upgrade_steps}</h3>\n\n\t<div class=\"wide_table_wrap\"><table style=\"margin-top: 5px\" class=\"solidborder wide_table spaced_table\">\n\t\t<tr>\n\t\t\t<th>{$l_step}</th>\n\t\t\t<th>{$l_action}</th>\n\t\t\t<th>{$l_estimated_time}</th>\n\t\t</tr>\n\t\t<tr><th>X</th><td>{$l_not_for_patch} {$l_tutorial}</td><td>" . escape_html(display_time_period(60 * 120)) . "</td></tr>\n\t\t<tr><th>1</th><td>{$l_take_backup}</td><td>" . escape_html(display_time_period(60 * 120)) . "</td></tr>\n\t\t<tr><th>2</th><td>{$l_close_site}  {$l_fu_closedness}<br /><q style=\"font-style: italic\">" . $closed->evaluate() . "</q> <span class=\"associated_link_to_small\">[<a href=\"" . escape_html($closed_url->evaluate()) . "\" title=\"(this link will open in a new window)\" target=\"_blank\">" . do_lang('CHANGE') . "</a>]</span></td><td>" . escape_html(display_time_period(60)) . "</td></tr>\n\t\t<tr><th>3</th><td>{$l_download}</td><td>" . escape_html(display_time_period(60 * 5)) . "</td></tr>\n\t\t<tr><th>4</th><td>{$l_not_for_patch} {$l_integrity_scan_no_merging}<!-- " . do_lang('OR') . " {$l_integrity_scan}--></td><td>" . str_replace(' ', '&nbsp;', escape_html(display_time_period(60 * 10))) . "&nbsp;&dagger;</td></tr>\n\t\t<tr><th>5</th><td>{$l_not_for_patch} {$l_database_upgrade}<br />{$l_up_info}</td><td>" . escape_html(display_time_period(60 * 5)) . "</td></tr>\n\t\t<tr><th>6</th><td>{$l_not_for_patch} {$l_theme_upgrade}</td><td>" . escape_html(display_time_period(60 * 5)) . "</td></tr>\n\t\t<tr><th>7</th><td>{$l_clear_caches}</td><td>1 minute</td></tr>\n\t\t<tr><th>8</th><td>{$l_open_site}  {$l_fu_closedness}</td><td>1 minute</td></tr>\n\t</table></div>\n\n\t<p>&dagger; {$l_customisations}</p>\n\n\t<h2 style=\"margin-top: 40px\">{$l_error_correction}&hellip;</h2><ul style=\"margin-top: 5px\">\n\t\t<li>{$l_safe_mode}</li>\n\t\t<li>{$l_addon_management}</li>\n\t</ul>\n</div>\n";
                    $show_more_link = false;
                    break;
                case 'decache':
                    clear_caches_2();
                    echo '<p>' . do_lang('SUCCESS') . '</p>';
                    break;
                case 'check_perms':
                    echo check_perms();
                    break;
                case 'fix_perms':
                    echo fix_perms();
                    break;
                case 'open_site':
                    set_option('site_closed', '0');
                    echo '<p>' . do_lang('SUCCESS') . '</p>';
                    break;
                case 'close_site':
                    set_option('closed', do_lang('FU_CLOSED_FOR_UPGRADES', get_site_name()));
                    set_option('site_closed', '1');
                    echo '<p>' . do_lang('SUCCESS') . '</p>';
                    break;
                case 'file_upgrade':
                    if (get_param('tar_url', '') == '') {
                        echo do_lang('FU_FILE_UPGRADE_INFO');
                    }
                    echo do_lang('FU_FILE_UPGRADE_INFO_MANUAL');
                    echo '<form title="' . do_lang('PROCEED') . '" enctype="multipart/form-data" action="upgrader.php?type=_file_upgrade" method="post">' . post_fields_relay();
                    echo '<label for="url">' . do_lang('URL') . '</label> <input type="text" id="url" name="url" value="' . escape_html(base64_decode(get_param('tar_url', ''))) . '" /> ';
                    if (ocp_srv('HTTP_HOST') == 'ocportal.com' || $GLOBALS['DEBUG_MODE']) {
                        echo '<br /><label for="upload">' . do_lang('UPLOAD') . '</label> <input type="file" id="upload" name="upload" />';
                    }
                    echo '<input type="submit" value="' . do_lang('PROCEED') . '" />';
                    echo '</form>';
                    $show_more_link = false;
                    break;
                case '_file_upgrade':
                    require_code('tar');
                    if (function_exists('set_time_limit')) {
                        @set_time_limit(0);
                    }
                    if (post_param('url', '') == '' && (ocp_srv('HTTP_HOST') == 'ocportal.com' || $GLOBALS['DEBUG_MODE'])) {
                        $temp_path = $_FILES['upload']['tmp_name'];
                    } else {
                        if (post_param('url', '') == '') {
                            warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN'));
                        }
                        $temp_path = ocp_tempnam('ocpfu');
                        $myfile = fopen($temp_path, 'wb');
                        http_download_file(post_param('url'), NULL, true, false, 'ocPortal', NULL, NULL, NULL, NULL, NULL, $myfile);
                        fclose($myfile);
                    }
                    $upgrade_resource = tar_open($temp_path, 'rb');
                    //tar_extract_to_folder($upgrade_resource,'',true);
                    disable_php_memory_limit();
                    $directory = tar_get_directory($upgrade_resource);
                    // Uses up to around 5MB
                    $data = array('todo' => array());
                    $popup_simple_extract = _ftp_info() === false;
                    if (!$popup_simple_extract) {
                        echo '<p>' . do_lang('EXTRACTING_MESSAGE') . '</p>';
                    }
                    $addon_contents = array();
                    // Find addons
                    foreach ($directory as $upgrade_file2) {
                        // See if we can find an addon registry file in our upgrade TAR
                        if (strpos($upgrade_file2['path'], '/addon_registry/') !== false && substr($upgrade_file2['path'], -4) == '.php') {
                            $file_data = tar_get_file($upgrade_resource, $upgrade_file2['path']);
                            $addon_contents[basename($upgrade_file2['path'], '.php')] = $file_data['data'];
                        }
                    }
                    // Process files
                    foreach ($directory as $offset => $upgrade_file) {
                        // skip over these, from manually installer package (which may be used for an upgrade)
                        if ($upgrade_file['path'] == 'info.php') {
                            continue;
                        }
                        if ($upgrade_file['path'] == 'install.php') {
                            continue;
                        }
                        if ($upgrade_file['path'] == 'install.sql') {
                            continue;
                        }
                        if ($upgrade_file['path'] == 'info.php.template') {
                            continue;
                        }
                        if (!$popup_simple_extract) {
                            // See if we can skip the file, if the on-disk version is identical?
                            if (file_exists(get_file_base() . '/' . $upgrade_file['path']) && filesize(get_file_base() . '/' . $upgrade_file['path']) == $upgrade_file['size']) {
                                $tar_data = tar_get_file($upgrade_resource, $upgrade_file['path']);
                                if (file_get_contents(get_file_base() . '/' . $upgrade_file['path']) == $tar_data['data']) {
                                    echo do_lang('U_SKIPPING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />';
                                    continue;
                                }
                            }
                        }
                        // Addon registry file, for installed addon
                        if (strpos($upgrade_file['path'], '/addon_registry/') !== false && file_exists(get_file_base() . '/' . $upgrade_file['path'])) {
                            if (substr($upgrade_file['path'], -1) != '/') {
                                if ($popup_simple_extract) {
                                    $data['todo'][] = array($upgrade_file['path'], $upgrade_file['mtime'], $offset + 512, $upgrade_file['size'], ($upgrade_file['mode'] & 02) != 0);
                                } else {
                                    $file_data = tar_get_file($upgrade_resource, $upgrade_file['path']);
                                    afm_make_file($upgrade_file['path'], $file_data['data'], ($file_data['mode'] & 02) != 0);
                                    echo do_lang('U_EXTRACTING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />';
                                }
                            }
                        } else {
                            // Some other file
                            $found = NULL;
                            if (substr($upgrade_file['path'], -1) != '/') {
                                foreach ($addon_contents as $addon_name => $addon_data) {
                                    // See if this is the addon for the file
                                    $shortened_path = $upgrade_file['path'];
                                    $shortened_path = preg_replace('#^themes/default/(templates|css)/#', '', $shortened_path);
                                    if (strpos($addon_data, '\'' . addslashes($shortened_path) . '\'') !== false) {
                                        $found = $addon_name;
                                        break;
                                    }
                                }
                            }
                            // Install if either of the following is true:
                            //  - it's some file not in an addon (shouldn't actually happen)
                            //  - it's a new addon (addon that is not installed or uninstalled i.e. does not have an exported mod file)
                            //  - it's a file in an addon we have installed
                            //  - we're upgrading from an ocPortal version that doesn't support addons yet
                            if (is_null($found) || !file_exists(get_file_base() . '/imports/mods/' . $found . '.tar') || file_exists(get_file_base() . '/sources/hooks/systems/addon_registry/' . $found . '.php') || !file_exists(get_file_base() . '/sources/hooks/systems/addon_registry')) {
                                if (substr($upgrade_file['path'], -1) == '/') {
                                    afm_make_directory($upgrade_file['path'], false, true);
                                } else {
                                    if ($popup_simple_extract) {
                                        $data['todo'][] = array($upgrade_file['path'], $upgrade_file['mtime'], $offset + 512, $upgrade_file['size'], ($upgrade_file['mode'] & 02) != 0);
                                    } else {
                                        $file_data = tar_get_file($upgrade_resource, $upgrade_file['path']);
                                        if (!file_exists(get_file_base() . '/' . dirname($upgrade_file['path']))) {
                                            afm_make_directory(dirname($upgrade_file['path']), false, true);
                                        }
                                        afm_make_file($upgrade_file['path'], $file_data['data'], ($file_data['mode'] & 02) != 0);
                                        echo do_lang('U_EXTRACTING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />';
                                    }
                                }
                            }
                            if (substr($upgrade_file['path'], -1) != '/') {
                                // If true: We need to copy it into our archived addon so that addon is kept up-to-date
                                if (!is_null($found) && file_exists(get_file_base() . '/imports/mods/' . $found . '.tar')) {
                                    $old_mod_file = tar_open(get_file_base() . '/imports/mods/' . $found . '.tar', 'rb');
                                    $new_mod_file = tar_open(get_file_base() . '/imports/mods/' . $found . '.new.tar', 'wb');
                                    $directory2 = tar_get_directory($old_mod_file, true);
                                    if (!is_null($directory2)) {
                                        foreach ($directory2 as $d) {
                                            if ($d['path'] == $upgrade_file['path']) {
                                                continue;
                                            }
                                            $file_data = tar_get_file($old_mod_file, $d['path']);
                                            if ($d['path'] == 'mod.inf') {
                                                $file_data['data'] = preg_replace('#^version=.*#m', 'version=(version-synched)', $file_data['data']);
                                            }
                                            tar_add_file($new_mod_file, $d['path'], $file_data['data'], $d['mode'], $d['mtime']);
                                        }
                                        $file_data = tar_get_file($upgrade_resource, $upgrade_file['path']);
                                        tar_add_file($new_mod_file, $upgrade_file['path'], $file_data['data'], $upgrade_file['mode'], $upgrade_file['mtime']);
                                        tar_close($new_mod_file);
                                        tar_close($old_mod_file);
                                        unlink(get_file_base() . '/imports/mods/' . $found . '.tar');
                                        rename(get_file_base() . '/imports/mods/' . $found . '.new.tar', get_file_base() . '/imports/mods/' . $found . '.tar');
                                        echo do_lang('U_PACKING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />';
                                    }
                                }
                            }
                        }
                    }
                    tar_close($upgrade_resource);
                    if ($popup_simple_extract) {
                        copy($temp_path, get_custom_file_base() . '/data_custom/upgrader.tar.tmp');
                        @unlink($temp_path);
                        $temp_path = get_custom_file_base() . '/data_custom/upgrader.tar.tmp';
                        $tmp_data_path = get_custom_file_base() . '/data_custom/upgrader.tmp';
                        $tmp_data_file = fopen($tmp_data_path, 'wb');
                        fwrite($tmp_data_file, serialize($data));
                        fclose($tmp_data_file);
                        global $SITE_INFO;
                        $extract_url = get_base_url() . '/data/upgrader2.php?hashed_password='******'admin_password']) . '&tmp_path=' . urlencode($temp_path) . '&file_offset=0&tmp_data_path=' . urlencode($tmp_data_path) . '&done=' . urlencode(do_lang('DONE'));
                        echo '<p>' . do_lang('FU_EXTRACTING_WINDOW', integer_format(count($data['todo']))) . '</p>';
                        echo '<iframe frameBorder="0" title="" style="width: 100%; height: 400px" src="' . escape_html($extract_url) . '"></iframe>';
                    } else {
                        echo '<p>' . do_lang('SUCCESS') . '</p>';
                        @unlink($temp_path);
                    }
                    unset($_POST['news_id']);
                    break;
                case 'integrity_scan':
                    $allow_merging = either_param_integer('allow_merging', 0);
                    echo run_integrity_check(false, $allow_merging == 1);
                    break;
                case '_integrity_scan':
                    _integrity_scan();
                    echo '<p>' . do_lang('SUCCESS') . '</p>';
                    break;
                case 'db_upgrade':
                    $something_done = false;
                    clear_caches_2();
                    if (version_specific()) {
                        echo do_lang('FU_UPGRADED_CORE_TABLES');
                        $something_done = true;
                    }
                    $done = upgrade_modules();
                    if ($done != '') {
                        echo do_lang('FU_UPGRADE_MODULES', $done);
                        $something_done = true;
                    }
                    if (!$something_done) {
                        echo do_lang('NO_UPGRADE_DONE');
                    }
                    $version_files = ocp_version_number();
                    $_version_database = get_value('ocf_version');
                    $version_database = floatval($_version_database);
                    if (is_null($_version_database)) {
                        $version_database = 2.1;
                    }
                    // Either 2.0 or 2.1, and they are equivalent in terms of what we need to do
                    if ($version_database < $version_files) {
                        echo do_lang('FU_MUST_UPGRADE_OCF', fu_link('upgrader.php?type=ocf', do_lang('FU_UPGRADE_OCF')));
                    }
                    break;
                case 'theme_upgrade':
                    echo upgrade_themes();
                    break;
                case 'ocf':
                    // Only to be launched as a consequent of db_upgrade
                    if (ocf_upgrade()) {
                        echo '<p>' . do_lang('SUCCESS') . '</p>';
                    } else {
                        echo do_lang('FU_NO_OCF_UPGRADE');
                    }
                    break;
            }
            if ($show_more_link) {
                echo '<hr /><div>' . fu_link('upgrader.php?type=misc', do_lang('MORE_OPTIONS')) . '</div>';
            }
        } else {
            up_do_header();
            up_do_login(do_lang('USER_BAD_PASSWORD'));
        }
    } else {
        up_do_header();
        up_do_login();
    }
    up_do_footer();
}