/** * Find if the given member id and password is valid. If username is NULL, then the member id is used instead. * All authorisation, cookies, and form-logins, are passed through this function. * Some forums do cookie logins differently, so a Boolean is passed in to indicate whether it is a cookie login. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param MEMBER The member id * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @return array A map of 'id' and 'error'. If 'id' is NULL, an error occurred and 'error' is set */ function forum_authorise_login($username, $userid, $password_hashed, $password_raw, $cookie_login = false) { unset($cookie_login); $out = array(); $out['id'] = NULL; if ($username != $this->get_admin_username() && $userid != 1) { $out['error'] = do_lang_tempcode('_USER_NO_EXIST', $username); return $out; } if (!check_master_password($password_raw)) { $out['error'] = do_lang_tempcode('USER_BAD_PASSWORD'); return $out; } $out['id'] = 1; return $out; }
/** * The upgrader.php script handler. */ function upgrade_script() { @ini_set('ocproducts.xss_detect', '0'); require_lang('upgrade'); require_code('database_action'); require_code('config2'); if (function_exists('set_time_limit')) { @set_time_limit(180); } if (array_key_exists('given_password', $_POST)) { $given_password = post_param('given_password'); if (check_master_password($given_password)) { $type = get_param('type', 'misc'); require_code('abstract_file_manager'); up_do_header(); if (post_param('ftp_username', '') != '') { $_POST['uses_ftp'] = '1'; _ftp_info(true); // To give early error if there's a problem } // Handle shared site upgrading with no per-site UI global $SITE_INFO; if (isset($SITE_INFO['custom_file_base_stub'])) { require_code('shared_installs'); $u = current_share_user(); if (!is_null($u)) { upgrade_sharedinstall_sites(); echo '<p>Now regenerate <kbd>template.sql</kbd>, using something like <kbd>mysqldump -uroot -p myocp_site_shareddemo > ~/public_html/template.sql</kbd></p>'; up_do_footer(); return; } } $show_more_link = true; switch ($type) { case 'misc': clear_caches_1(); $l_choices = do_lang('FU_CHOICES'); $oc = get_option('site_closed') == '0' ? do_lang('SITE_OPEN') : do_lang('SITE_CLOSED'); $a = float_to_raw_string(ocp_version_number()); $b = get_value('version'); if (is_null($b)) { $b = '2.5'; } $l_up_info = do_lang('FU_UP_INFO' . ($a == $b ? '_1' : '_2'), $a, $b); $l_fu_closedness = do_lang('FU_CLOSENESS', $oc); $l_maintenance = do_lang('FU_MAINTENANCE'); $l_upgrading = do_lang('FU_UPGRADING'); $l_take_backup = do_lang('FU_TAKE_BACKUP'); $l_clear_caches = fu_link('upgrader.php?type=decache', do_lang('FU_CLEAR_CACHES')); $l_check_permissions = fu_link('upgrader.php?type=check_perms', do_lang('FU_CHECK_PERMISSIONS')); $l_fix_permissions = fu_link('upgrader.php?type=fix_perms', do_lang('FU_FIX_PERMISSIONS')); $l_close_site = fu_link('upgrader.php?type=close_site', do_lang('FU_CLOSE_SITE'), get_option('site_closed') == '1'); $l_integrity_scan = fu_link('upgrader.php?type=integrity_scan&allow_merging=1', do_lang('FU_INTEGRITY_SCAN'), false, do_lang('FU_WILL_MERGE')); $l_integrity_scan_no_merging = fu_link('upgrader.php?type=integrity_scan', do_lang('FU_INTEGRITY_SCAN_NO_CSS_MERGE')); $l_database_upgrade = fu_link('upgrader.php?type=db_upgrade', do_lang('FU_DATABASE_UPGRADE')); $l_theme_upgrade = fu_link('upgrader.php?type=theme_upgrade', do_lang('FU_THEME_UPGRADE')); $l_open_site = fu_link('upgrader.php?type=open_site', do_lang('FU_OPEN_SITE'), get_option('site_closed') == '0'); $l_error_correction = do_lang('FU_ERROR_CORRECTION'); $l_not_for_patch = do_lang('FU_NOT_FOR_PATCH'); $l_tutorial = fu_link('http://ocportal.com/docs/tut_upgrade.htm', do_lang('FU_TUTORIAL')); $l_release_notes = do_lang('FU_RELEASE_NOTES'); $l_refer_release_notes = do_lang('FU_REFER_RELEASE_NOTES'); $news_id = post_param_integer('news_id', NULL); $tar_url = ''; if (!is_null($news_id)) { require_code('files'); $fetch_url = 'http://ocportal.com/uploads/website_specific/ocportal.com/scripts/fetch_release_details.php?news_id=' . strval($news_id) . '&from_version=' . urlencode(strval(ocp_version()) . '.' . ocp_version_minor()); $news = http_download_file($fetch_url, NULL, true, false, 'ocPortal', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 30.0); $details = unserialize($news); if ($details[0] != '') { $l_refer_release_notes = $details[0] . '<div style="overflow: auto; height: 150px">' . $details[2] . '</div>'; } $tar_url = $details[1]; } $l_download = fu_link('upgrader.php?type=file_upgrade&tar_url=' . urlencode(base64_encode($tar_url)), do_lang('FU_DOWNLOAD')); $l_important = do_lang('IMPORTANT'); $l_bugs = do_lang('FU_BUGS'); $l_upgrade_steps = do_lang('FU_UPGRADE_STEPS'); $l_action = do_lang('ACTION'); $l_step = do_lang('FU_STEP'); $l_estimated_time = do_lang('FU_ESTIMATED_TIME'); $l_safe_mode = fu_link('index.php?keep_safe_mode=1', do_lang('FU_SAFE_MODE')); $num_addons = $GLOBALS['SITE_DB']->query_value('addons', 'COUNT(*)'); $l_addon_management = fu_link('adminzone/index.php?page=admin_addons&keep_safe_mode=1', do_lang('FU_ADDON_MANAGEMENT', integer_format($num_addons)), $num_addons == 0); $l_customisations = do_lang('FU_CUSTOMISATIONS'); $closed = comcode_to_tempcode(get_option('closed'), NULL, true); $closed_url = build_url(array('page' => 'admin_config', 'type' => 'category', 'id' => 'SITE'), get_module_zone('admin_config'), NULL, false, false, false, 'group_CLOSED_SITE'); echo "\n<p>{$l_choices}</p>\n\n<div style=\"margin: 0 50px\">\n\t<h2>{$l_maintenance}…</h2><ul>\n\t\t<li>{$l_clear_caches}</li>\n\t\t<li>{$l_check_permissions}</li>\n\t\t<li>{$l_fix_permissions}</li>\n\t</ul>\n\n\t<h2 style=\"margin-top: 40px\">{$l_upgrading}…</h2>\n\n\t<h3>{$l_important}</h3>\n\n\t<p>{$l_bugs}</p>\n\n\t<h3>{$l_release_notes}</h3>\n\n\t<p>{$l_refer_release_notes}</p>\n\n\t<h3>{$l_upgrade_steps}</h3>\n\n\t<div class=\"wide_table_wrap\"><table style=\"margin-top: 5px\" class=\"solidborder wide_table spaced_table\">\n\t\t<tr>\n\t\t\t<th>{$l_step}</th>\n\t\t\t<th>{$l_action}</th>\n\t\t\t<th>{$l_estimated_time}</th>\n\t\t</tr>\n\t\t<tr><th>X</th><td>{$l_not_for_patch} {$l_tutorial}</td><td>" . escape_html(display_time_period(60 * 120)) . "</td></tr>\n\t\t<tr><th>1</th><td>{$l_take_backup}</td><td>" . escape_html(display_time_period(60 * 120)) . "</td></tr>\n\t\t<tr><th>2</th><td>{$l_close_site} {$l_fu_closedness}<br /><q style=\"font-style: italic\">" . $closed->evaluate() . "</q> <span class=\"associated_link_to_small\">[<a href=\"" . escape_html($closed_url->evaluate()) . "\" title=\"(this link will open in a new window)\" target=\"_blank\">" . do_lang('CHANGE') . "</a>]</span></td><td>" . escape_html(display_time_period(60)) . "</td></tr>\n\t\t<tr><th>3</th><td>{$l_download}</td><td>" . escape_html(display_time_period(60 * 5)) . "</td></tr>\n\t\t<tr><th>4</th><td>{$l_not_for_patch} {$l_integrity_scan_no_merging}<!-- " . do_lang('OR') . " {$l_integrity_scan}--></td><td>" . str_replace(' ', ' ', escape_html(display_time_period(60 * 10))) . " †</td></tr>\n\t\t<tr><th>5</th><td>{$l_not_for_patch} {$l_database_upgrade}<br />{$l_up_info}</td><td>" . escape_html(display_time_period(60 * 5)) . "</td></tr>\n\t\t<tr><th>6</th><td>{$l_not_for_patch} {$l_theme_upgrade}</td><td>" . escape_html(display_time_period(60 * 5)) . "</td></tr>\n\t\t<tr><th>7</th><td>{$l_clear_caches}</td><td>1 minute</td></tr>\n\t\t<tr><th>8</th><td>{$l_open_site} {$l_fu_closedness}</td><td>1 minute</td></tr>\n\t</table></div>\n\n\t<p>† {$l_customisations}</p>\n\n\t<h2 style=\"margin-top: 40px\">{$l_error_correction}…</h2><ul style=\"margin-top: 5px\">\n\t\t<li>{$l_safe_mode}</li>\n\t\t<li>{$l_addon_management}</li>\n\t</ul>\n</div>\n"; $show_more_link = false; break; case 'decache': clear_caches_2(); echo '<p>' . do_lang('SUCCESS') . '</p>'; break; case 'check_perms': echo check_perms(); break; case 'fix_perms': echo fix_perms(); break; case 'open_site': set_option('site_closed', '0'); echo '<p>' . do_lang('SUCCESS') . '</p>'; break; case 'close_site': set_option('closed', do_lang('FU_CLOSED_FOR_UPGRADES', get_site_name())); set_option('site_closed', '1'); echo '<p>' . do_lang('SUCCESS') . '</p>'; break; case 'file_upgrade': if (get_param('tar_url', '') == '') { echo do_lang('FU_FILE_UPGRADE_INFO'); } echo do_lang('FU_FILE_UPGRADE_INFO_MANUAL'); echo '<form title="' . do_lang('PROCEED') . '" enctype="multipart/form-data" action="upgrader.php?type=_file_upgrade" method="post">' . post_fields_relay(); echo '<label for="url">' . do_lang('URL') . '</label> <input type="text" id="url" name="url" value="' . escape_html(base64_decode(get_param('tar_url', ''))) . '" /> '; if (ocp_srv('HTTP_HOST') == 'ocportal.com' || $GLOBALS['DEBUG_MODE']) { echo '<br /><label for="upload">' . do_lang('UPLOAD') . '</label> <input type="file" id="upload" name="upload" />'; } echo '<input type="submit" value="' . do_lang('PROCEED') . '" />'; echo '</form>'; $show_more_link = false; break; case '_file_upgrade': require_code('tar'); if (function_exists('set_time_limit')) { @set_time_limit(0); } if (post_param('url', '') == '' && (ocp_srv('HTTP_HOST') == 'ocportal.com' || $GLOBALS['DEBUG_MODE'])) { $temp_path = $_FILES['upload']['tmp_name']; } else { if (post_param('url', '') == '') { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN')); } $temp_path = ocp_tempnam('ocpfu'); $myfile = fopen($temp_path, 'wb'); http_download_file(post_param('url'), NULL, true, false, 'ocPortal', NULL, NULL, NULL, NULL, NULL, $myfile); fclose($myfile); } $upgrade_resource = tar_open($temp_path, 'rb'); //tar_extract_to_folder($upgrade_resource,'',true); disable_php_memory_limit(); $directory = tar_get_directory($upgrade_resource); // Uses up to around 5MB $data = array('todo' => array()); $popup_simple_extract = _ftp_info() === false; if (!$popup_simple_extract) { echo '<p>' . do_lang('EXTRACTING_MESSAGE') . '</p>'; } $addon_contents = array(); // Find addons foreach ($directory as $upgrade_file2) { // See if we can find an addon registry file in our upgrade TAR if (strpos($upgrade_file2['path'], '/addon_registry/') !== false && substr($upgrade_file2['path'], -4) == '.php') { $file_data = tar_get_file($upgrade_resource, $upgrade_file2['path']); $addon_contents[basename($upgrade_file2['path'], '.php')] = $file_data['data']; } } // Process files foreach ($directory as $offset => $upgrade_file) { // skip over these, from manually installer package (which may be used for an upgrade) if ($upgrade_file['path'] == 'info.php') { continue; } if ($upgrade_file['path'] == 'install.php') { continue; } if ($upgrade_file['path'] == 'install.sql') { continue; } if ($upgrade_file['path'] == 'info.php.template') { continue; } if (!$popup_simple_extract) { // See if we can skip the file, if the on-disk version is identical? if (file_exists(get_file_base() . '/' . $upgrade_file['path']) && filesize(get_file_base() . '/' . $upgrade_file['path']) == $upgrade_file['size']) { $tar_data = tar_get_file($upgrade_resource, $upgrade_file['path']); if (file_get_contents(get_file_base() . '/' . $upgrade_file['path']) == $tar_data['data']) { echo do_lang('U_SKIPPING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />'; continue; } } } // Addon registry file, for installed addon if (strpos($upgrade_file['path'], '/addon_registry/') !== false && file_exists(get_file_base() . '/' . $upgrade_file['path'])) { if (substr($upgrade_file['path'], -1) != '/') { if ($popup_simple_extract) { $data['todo'][] = array($upgrade_file['path'], $upgrade_file['mtime'], $offset + 512, $upgrade_file['size'], ($upgrade_file['mode'] & 02) != 0); } else { $file_data = tar_get_file($upgrade_resource, $upgrade_file['path']); afm_make_file($upgrade_file['path'], $file_data['data'], ($file_data['mode'] & 02) != 0); echo do_lang('U_EXTRACTING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />'; } } } else { // Some other file $found = NULL; if (substr($upgrade_file['path'], -1) != '/') { foreach ($addon_contents as $addon_name => $addon_data) { // See if this is the addon for the file $shortened_path = $upgrade_file['path']; $shortened_path = preg_replace('#^themes/default/(templates|css)/#', '', $shortened_path); if (strpos($addon_data, '\'' . addslashes($shortened_path) . '\'') !== false) { $found = $addon_name; break; } } } // Install if either of the following is true: // - it's some file not in an addon (shouldn't actually happen) // - it's a new addon (addon that is not installed or uninstalled i.e. does not have an exported mod file) // - it's a file in an addon we have installed // - we're upgrading from an ocPortal version that doesn't support addons yet if (is_null($found) || !file_exists(get_file_base() . '/imports/mods/' . $found . '.tar') || file_exists(get_file_base() . '/sources/hooks/systems/addon_registry/' . $found . '.php') || !file_exists(get_file_base() . '/sources/hooks/systems/addon_registry')) { if (substr($upgrade_file['path'], -1) == '/') { afm_make_directory($upgrade_file['path'], false, true); } else { if ($popup_simple_extract) { $data['todo'][] = array($upgrade_file['path'], $upgrade_file['mtime'], $offset + 512, $upgrade_file['size'], ($upgrade_file['mode'] & 02) != 0); } else { $file_data = tar_get_file($upgrade_resource, $upgrade_file['path']); if (!file_exists(get_file_base() . '/' . dirname($upgrade_file['path']))) { afm_make_directory(dirname($upgrade_file['path']), false, true); } afm_make_file($upgrade_file['path'], $file_data['data'], ($file_data['mode'] & 02) != 0); echo do_lang('U_EXTRACTING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />'; } } } if (substr($upgrade_file['path'], -1) != '/') { // If true: We need to copy it into our archived addon so that addon is kept up-to-date if (!is_null($found) && file_exists(get_file_base() . '/imports/mods/' . $found . '.tar')) { $old_mod_file = tar_open(get_file_base() . '/imports/mods/' . $found . '.tar', 'rb'); $new_mod_file = tar_open(get_file_base() . '/imports/mods/' . $found . '.new.tar', 'wb'); $directory2 = tar_get_directory($old_mod_file, true); if (!is_null($directory2)) { foreach ($directory2 as $d) { if ($d['path'] == $upgrade_file['path']) { continue; } $file_data = tar_get_file($old_mod_file, $d['path']); if ($d['path'] == 'mod.inf') { $file_data['data'] = preg_replace('#^version=.*#m', 'version=(version-synched)', $file_data['data']); } tar_add_file($new_mod_file, $d['path'], $file_data['data'], $d['mode'], $d['mtime']); } $file_data = tar_get_file($upgrade_resource, $upgrade_file['path']); tar_add_file($new_mod_file, $upgrade_file['path'], $file_data['data'], $upgrade_file['mode'], $upgrade_file['mtime']); tar_close($new_mod_file); tar_close($old_mod_file); unlink(get_file_base() . '/imports/mods/' . $found . '.tar'); rename(get_file_base() . '/imports/mods/' . $found . '.new.tar', get_file_base() . '/imports/mods/' . $found . '.tar'); echo do_lang('U_PACKING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />'; } } } } } tar_close($upgrade_resource); if ($popup_simple_extract) { copy($temp_path, get_custom_file_base() . '/data_custom/upgrader.tar.tmp'); @unlink($temp_path); $temp_path = get_custom_file_base() . '/data_custom/upgrader.tar.tmp'; $tmp_data_path = get_custom_file_base() . '/data_custom/upgrader.tmp'; $tmp_data_file = fopen($tmp_data_path, 'wb'); fwrite($tmp_data_file, serialize($data)); fclose($tmp_data_file); global $SITE_INFO; $extract_url = get_base_url() . '/data/upgrader2.php?hashed_password='******'admin_password']) . '&tmp_path=' . urlencode($temp_path) . '&file_offset=0&tmp_data_path=' . urlencode($tmp_data_path) . '&done=' . urlencode(do_lang('DONE')); echo '<p>' . do_lang('FU_EXTRACTING_WINDOW', integer_format(count($data['todo']))) . '</p>'; echo '<iframe frameBorder="0" title="" style="width: 100%; height: 400px" src="' . escape_html($extract_url) . '"></iframe>'; } else { echo '<p>' . do_lang('SUCCESS') . '</p>'; @unlink($temp_path); } unset($_POST['news_id']); break; case 'integrity_scan': $allow_merging = either_param_integer('allow_merging', 0); echo run_integrity_check(false, $allow_merging == 1); break; case '_integrity_scan': _integrity_scan(); echo '<p>' . do_lang('SUCCESS') . '</p>'; break; case 'db_upgrade': $something_done = false; clear_caches_2(); if (version_specific()) { echo do_lang('FU_UPGRADED_CORE_TABLES'); $something_done = true; } $done = upgrade_modules(); if ($done != '') { echo do_lang('FU_UPGRADE_MODULES', $done); $something_done = true; } if (!$something_done) { echo do_lang('NO_UPGRADE_DONE'); } $version_files = ocp_version_number(); $_version_database = get_value('ocf_version'); $version_database = floatval($_version_database); if (is_null($_version_database)) { $version_database = 2.1; } // Either 2.0 or 2.1, and they are equivalent in terms of what we need to do if ($version_database < $version_files) { echo do_lang('FU_MUST_UPGRADE_OCF', fu_link('upgrader.php?type=ocf', do_lang('FU_UPGRADE_OCF'))); } break; case 'theme_upgrade': echo upgrade_themes(); break; case 'ocf': // Only to be launched as a consequent of db_upgrade if (ocf_upgrade()) { echo '<p>' . do_lang('SUCCESS') . '</p>'; } else { echo do_lang('FU_NO_OCF_UPGRADE'); } break; } if ($show_more_link) { echo '<hr /><div>' . fu_link('upgrader.php?type=misc', do_lang('MORE_OPTIONS')) . '</div>'; } } else { up_do_header(); up_do_login(do_lang('USER_BAD_PASSWORD')); } } else { up_do_header(); up_do_login(); } up_do_footer(); }