function data() { checktoken(); global $db; $usertable = TABLE_PREFIX . DB_USERTABLE; $usertable_username = DB_USERTABLE_NAME; $usertable_userid = DB_USERTABLE_USERID; $response = array(); $messages = array(); $criteria = "cometchat.id > '" . mysql_real_escape_string($_POST['timestamp']) . "' and "; $criteria2 = 'desc'; if (empty($_POST['timestamp'])) { $criteria = ''; $criteria2 = 'desc limit 20'; } $sql = "select cometchat.id, cometchat.from, cometchat.to, cometchat.message, cometchat.sent, cometchat.read, f.{$usertable_username} fromu, t.{$usertable_username} tou from cometchat, {$usertable} f, {$usertable} t where {$criteria} f.{$usertable_userid} = cometchat.from and t.{$usertable_userid} = cometchat.to order by cometchat.id {$criteria2}"; $query = mysql_query($sql); $timestamp = $_POST['timestamp']; while ($chat = mysql_fetch_array($query)) { if (function_exists('processName')) { $chat['fromu'] = processName($chat['fromu']); $chat['tou'] = processName($chat['tou']); } $time = date('g:iA M dS', $chat['sent']); array_unshift($messages, array('id' => $chat['id'], 'from' => $chat['from'], 'to' => $chat['to'], 'fromu' => $chat['fromu'], 'tou' => $chat['tou'], 'message' => $chat['message'], 'time' => $time)); if ($chat['id'] > $timestamp) { $timestamp = $chat['id']; } } $response['timestamp'] = $timestamp; if (!empty($messages)) { $response['messages'] = $messages; } header('Content-type: application/json; charset=utf-8'); echo json_encode($response); exit; }
function searchlogs() { checktoken(); global $usertable_userid; global $usertable_username; global $usertable; global $navigation; global $body; $username = $_POST['susername']; if (empty($username)) { // Base 64 Encoded $username = '******'; } $sql = "select {$usertable_userid} id, {$usertable_username} username from {$usertable} where {$usertable_username} LIKE '%" . mysql_real_escape_string(sanitize_core($username)) . "%'"; $query = mysql_query($sql); $userslist = ''; while ($user = mysql_fetch_array($query)) { if (function_exists('processName')) { $user['username'] = processName($user['username']); } $userslist .= '<li class="ui-state-default"><span style="font-size:11px;float:left;margin-top:2px;margin-left:5px;">' . $user['username'] . ' - ' . $user['id'] . '</span><div style="clear:both"></div></li>'; } $body = <<<EOD \t{$navigation} \t<div id="rightcontent" style="float:left;width:720px;border-left:1px dotted #ccc;padding-left:20px;"> \t\t<h2>Search results</h2> \t\t<h3>Please find the user id next to each username. <a href="?module=chatrooms&action=finduser">Click here to search again</a></h3> \t\t<div> \t\t\t<ul id="modules_logs"> \t\t\t\t{$userslist} \t\t\t</ul> \t\t</div> \t\t<div style="clear:both;padding:7.5px;"></div> \t</div> \t<div style="clear:both"></div> EOD; template(); }
function checkfile($p_path, $p_file, $p_quiet = false) { if (!$p_quiet) { echo "Testing language file '{$p_file}' (phase 1)...<br />"; flush(); } $file = $p_path . $p_file; set_error_handler('lang_error_handler'); $result = checktoken($file, $p_file == STRINGS_ENGLISH); restore_error_handler(); if (!$result) { print_error("Language file '{$p_file}' failed at phase 1.", 'FAILED'); if ($p_quiet) { return false; } } if (!$p_quiet) { echo "Testing language file '{$p_file}' (phase 2)...<br />"; flush(); } else { return true; } set_error_handler('lang_error_handler'); ob_start(); $result = eval("require_once( '{$file}' );"); $data = ob_get_contents(); ob_end_clean(); restore_error_handler(); if ($result === false) { print_error("Language file '{$p_file}' failed at eval", 'FAILED'); if ($p_quiet) { return false; } } if (!empty($data)) { print_error("Language file '{$p_file}' failed at require_once (data output: " . var_export($data, true) . ")", 'FAILED'); if ($p_quiet) { return false; } } return true; }
function uploadthemeprocess() { checktoken(); global $db; global $body; global $trayicon; global $navigation; global $themes; $extension = ''; $error = ''; if (!empty($_FILES["file"]["size"])) { if ($_FILES["file"]["error"] > 0) { $error = "Theme corrupted. Please try again."; } else { if (file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $_FILES["file"]["name"])) { unlink(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $_FILES["file"]["name"]); } if (!move_uploaded_file($_FILES["file"]["tmp_name"], dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $_FILES["file"]["name"])) { $error = "Unable to copy to temp folder. Please CHMOD temp folder to 777."; } } } else { $error = "Theme not found. Please try again."; } if (!empty($error)) { $_SESSION['cometchat']['error'] = $error; header("Location: ?module=themes&action=uploadtheme"); exit; } require_once 'pclzip.lib.php'; $filename = $_FILES['file']['name']; $archive = new PclZip(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $_FILES["file"]["name"]); if ($archive->extract(PCLZIP_OPT_PATH, dirname(dirname(__FILE__))) == 0) { $error = "Unable to unzip archive. Please upload the contents of the zip file to themes folder."; } if (!empty($error)) { $_SESSION['cometchat']['error'] = $error; header("Location: ?module=themes&action=uploadtheme"); exit; } unlink(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $_FILES["file"]["name"]); header("Location: ?module=themes"); exit; }
function newannouncementprocess() { checktoken(); $announcement = $_POST['announcement']; $zero = '0'; if ($_POST['sli'] == 0) { $zero = '-1'; } $sql = "insert into cometchat_announcements (announcement,time,`to`) values ('" . mysql_real_escape_string($announcement) . "', '" . getTimeStamp() . "','" . $zero . "')"; $query = mysql_query($sql); header("Location: ?module=announcements"); }
setmsg(t("No such package defined."), 'warning', 'package.php'); } $op = $_REQUEST['op']; if (checktoken() && 'remove' == $op) { if (ZPackage::removePackage($id)) { setmsg(t('Package Removed.'), 'notice'); } } if (checktoken() && 'suspend' == $_REQUEST['op']) { if (ZPackage::suspendPackage($id, !intval($_REQUEST['suspend']))) { setmsg('', 'notice'); } else { setmsg(t('Error')); } } if (checktoken() && 'edit' == $op) { $package = array(); $package['name'] = strip_tags($_REQUEST['name']); $package['desc'] = strip_tags($_REQUEST['desc']); $package['space'] = $_REQUEST['space']; $package['bandwidth'] = $_REQUEST['bandwidth']; $package['site'] = intval($_REQUEST['site']); $package['ftp'] = intval($_REQUEST['ftp']); $package['sql'] = intval($_REQUEST['sql']); $package['state'] = intval($_REQUEST['state']); $package['updated'] = date('Y-m-d H:i:s'); if (ZPackage::updatePackage($id, $package)) { setmsg(t("Package Updated."), 'notice', 'package.php'); } } break;
function createmoduleprocess() { checktoken(); $extension = ''; $error = ''; $modulename = createslug($_POST['title'], true); if ($_FILES["file"]["type"] == "image/gif" || $_FILES["file"]["type"] == "image/jpeg" || $_FILES["file"]["type"] == "image/pjpeg" || $_FILES["file"]["type"] == "image/png") { if ($_FILES["file"]["error"] > 0) { $error = "Module icon incorrect. Please try again."; } else { if (file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $modulename)) { unlink(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $modulename); } $extension = extension($_FILES["file"]["name"]); if (!move_uploaded_file($_FILES["file"]["tmp_name"], dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $modulename)) { $error = "Unable to copy to temp folder. Please CHMOD temp folder to 777."; } } } else { $error = "Module icon not found. Please try again."; } if (empty($_POST['title'])) { $error = "Module title is empty. Please try again."; } if (empty($_POST['link'])) { $error = "Module link is empty. Please try again."; } if (!empty($error)) { $_SESSION['cometchat']['error'] = $error; header("Location: ?module=modules&action=createmodule"); exit; } mkdir(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'modules' . DIRECTORY_SEPARATOR . $modulename); copy(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $modulename, dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'modules' . DIRECTORY_SEPARATOR . $modulename . DIRECTORY_SEPARATOR . 'icon.png'); unlink(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . "temp" . DIRECTORY_SEPARATOR . $modulename); $code = "\$trayicon[] = array('" . $modulename . "','" . addslashes(addslashes(addslashes(str_replace('"', '', $_POST['title'])))) . "','" . $_POST['link'] . "','" . $_POST['type'] . "','" . $_POST['width'] . "','" . $_POST['height'] . "','','');"; configeditor('ICONS', $code, 1); header("Location:?module=modules"); }
$nowTimestamp = $date->getTimestamp(); $date->modify('first day of next month'); $et = $date->getTimestamp() - 300; //cuối tháng chọn in timespan format //$et = strtotime('first day of next month'))-300; $datestring = $tmp . ' first day of last month'; $dt = date_create($datestring); $lastmon = $dt->format('Y-m-d'); $lastmonthstr = explode('-', $lastmon); //echo '<pre>'; print_r($lastmonthstr); $lmstr = (int) $lastmonthstr[0] . '-' . (int) $lastmonthstr[1]; //tháng trước in Y-m format //echo $st.' == '.$et.' == '.$lmstr; exit(); CONNECT_DB(); mysql_query("SET NAMES utf8"); $checktoken = checktoken($userid, $token); if (!$checktoken) { die('404'); } $data['dauky'] = null; $data['cuoiky'] = null; /* * Khởi tạo giá trị confirm ban đầu, nếu tồn tại thì rewrite lại confirm */ $confirminfo = array('month' => '', 'sub_confirm' => 0, 'pc_confirm' => 0, 'fullname_sub_confirm' => '', 'fullname_pc_confirm' => '', 'date_pc_confirm' => '', 'date_confirm' => '', 'edit_date_confirm' => '', 'edit_count' => 0); //tạm ẩn đi để xem nguồn h1 lấy ở đâu $data['confirminfo'] = $confirminfo; /* * Lây các thông số unit, số sau dấu phẩy, hệ số nhân, hệ số tổn thất ĐZ của meter */ $unitmeter = 0;
function addchatroomplugin() { checktoken(); global $crplugins; if (!empty($_GET['data'])) { $plugindata = '$crplugins = array('; foreach ($crplugins as $plugin) { $plugindata .= "'{$plugin}',"; } $plugindata .= "'{$_GET['data']}',"; $plugindata = substr($plugindata, 0, -1) . ');'; configeditor('CHATROOMPLUGINS', $plugindata); } header("Location:?module=plugins&action=chatroomplugins"); }
function getlanguage($lang) { checktoken(); global $db; global $body; global $trayicon; global $navigation; $filestoedit = array("" => "", "i" => "i", "m" => "m", "desktop" => "desktop"); if ($handle = opendir(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'modules')) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != ".." && is_dir(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'modules' . DIRECTORY_SEPARATOR . $file) && file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'modules' . DIRECTORY_SEPARATOR . $file . DIRECTORY_SEPARATOR . 'code.php') && file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'modules' . DIRECTORY_SEPARATOR . $file . DIRECTORY_SEPARATOR . 'lang' . DIRECTORY_SEPARATOR . 'en.php')) { $filestoedit["modules" . DIRECTORY_SEPARATOR . $file] = $file; } } closedir($handle); } if ($handle = opendir(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'plugins')) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != ".." && is_dir(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'plugins' . DIRECTORY_SEPARATOR . $file) && file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'plugins' . DIRECTORY_SEPARATOR . $file . DIRECTORY_SEPARATOR . 'code.php') && file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'plugins' . DIRECTORY_SEPARATOR . $file . DIRECTORY_SEPARATOR . 'lang' . DIRECTORY_SEPARATOR . 'en.php')) { $filestoedit["plugins" . DIRECTORY_SEPARATOR . $file] = $file; } } closedir($handle); } if ($handle = opendir(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'extensions')) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != ".." && is_dir(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'extensions' . DIRECTORY_SEPARATOR . $file) && file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'extensions' . DIRECTORY_SEPARATOR . $file . DIRECTORY_SEPARATOR . 'code.php') && file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'extensions' . DIRECTORY_SEPARATOR . $file . DIRECTORY_SEPARATOR . 'lang' . DIRECTORY_SEPARATOR . 'en.php')) { $filestoedit["extensions" . DIRECTORY_SEPARATOR . $file] = $file; } } closedir($handle); } $data = '<?php ' . "\r\n" . '// CometChat Language File - ' . $lang . "\r\n" . "\r\n"; foreach ($filestoedit as $name => $file) { if (empty($name)) { $namews = $name; } else { $namews = $name . '/'; } if (file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . $namews . 'lang' . DIRECTORY_SEPARATOR . 'en.php')) { if (file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . $namews . 'lang' . DIRECTORY_SEPARATOR . $lang . '.php')) { if (!empty($file)) { $file .= '_'; } $array = $file . 'language'; $file = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . $namews . 'lang' . DIRECTORY_SEPARATOR . $lang . '.php'; $fh = fopen($file, 'r'); $readdata = @fread($fh, filesize($file)); fclose($fh); $data .= '$file["' . $name . '"]=\'' . base64_encode($readdata) . '\';' . "\r\n\r\n"; } } } $data .= ' ?>'; return $data; }
function viewuserconversation() { checktoken(); global $db; global $body; global $trayicon; global $navigation; global $usertable_userid; global $usertable_username; global $usertable; $userid = $_GET['data']; $userid2 = $_GET['data2']; $sql = "select {$usertable_username} username from {$usertable} where {$usertable_userid} = '" . mysql_real_escape_string($userid) . "'"; $query = mysql_query($sql); $usern = mysql_fetch_array($query); $sql = "select {$usertable_username} username from {$usertable} where {$usertable_userid} = '" . mysql_real_escape_string($userid2) . "'"; $query = mysql_query($sql); $usern2 = mysql_fetch_array($query); $sql = "(select m.* from cometchat m where (m.from = '" . mysql_real_escape_string($userid) . "' and m.to = '" . mysql_real_escape_string($userid2) . "') or (m.to = '" . mysql_real_escape_string($userid) . "' and m.from = '" . mysql_real_escape_string($userid2) . "'))\n\torder by id desc"; $query = mysql_query($sql); $userslist = ''; while ($chat = mysql_fetch_array($query)) { $time = date('g:iA M dS', $chat['sent']); if ($userid == $chat['from']) { $dir = '>'; } else { $dir = '<'; } $userslist .= '<li class="ui-state-default"><span style="font-size:11px;float:left;margin-top:2px;margin-left:0px;width:10px;margin-right:10px;color:#fff;background-color:#333;padding:0px;-moz-border-radius:5px;-webkit-border-radius:5px;"><b>' . $dir . '</b></span><span style="font-size:11px;float:left;margin-top:2px;margin-left:5px;width:560px;"> ' . $chat['message'] . '</span><span style="font-size:11px;float:right;width:100px;overflow:hidden;margin-top:2px;margin-left:10px;">' . $time . '</span><div style="clear:both"></div></li>'; } if (function_exists('processName')) { $usern['username'] = processName($usern['username']); $usern2['username'] = processName($usern2['username']); } $body = <<<EOD \t{$navigation} \t<form action="?module=logs&action=newlogprocess" method="post" enctype="multipart/form-data"> \t<div id="rightcontent" style="float:left;width:720px;border-left:1px dotted #ccc;padding-left:20px;"> \t\t<h2>Log between {$usern['username']} and {$usern2['username']}</h2> \t\t<h3>To see other conversations of {$usern['username']}, <a href="?module=logs&action=viewuser&data={$userid}">click here</a></h3> \t\t<div> \t\t\t<ul id="modules_logslong"> \t\t\t\t{$userslist} \t\t\t</ul> \t\t</div> \t</div> \t<div style="clear:both"></div> EOD; template(); }
function action_checktokens() { # -- CHECKTOKENS -- # validate callsigns and tokens (clears tokens) global $link, $checktokens, $groups; debug(" ::::: ", 2); if ($checktokens != '') { function remove_empty($value) { return empty($value) ? false : true; } $garray = array_filter(explode("\r\n", $groups), 'remove_empty'); foreach (array_filter(explode("\r\n", $checktokens), 'remove_empty') as $checktoken) { list($callsign, $rest) = explode('@', $checktoken); if ($rest) { list($ip, $token) = explode('=', $rest); } else { $ip = ''; list($callsign, $token) = explode('=', $checktoken); } if ($token) { checktoken($callsign, $ip, $token, $garray); } } } }
$dbhost = $host; // overwrites the global $dbhost // create user if (ZDatabase::addmysqluser($user)) { $sql = "DROP USER '{$user}'@'{$old_host}'"; $res = mysql_query($sql); if (!$res) { setmsg(mysql_error()); break; } setmsg(t('Updated.'), 'notice'); } else { setmsg(t('Database Error. ') . mysql_error(), 'error'); } } if (checktoken() && ('deluser' == $op || 'remove' == $op)) { $deldb = isset($_REQUEST['deldb']); $host = $_REQUEST['host']; $host || ($host = 'localhost'); $user = $name; // delete user $sql = "DROP USER '{$user}'@'{$host}'"; $res = mysql_query($sql); if (!$res) { setmsg(mysql_error()); break; } if ($deldb) { foreach ($databases as $dbname) { $sql = "DROP DATABASE `{$dbname}`;"; $res = mysql_query($sql);
function newchatroomprocess() { checktoken(); $chatroom = $_POST['chatroom']; $type = $_POST['type']; $password = $_POST['ppassword']; if (!empty($password) && ($type == 1 || $type == 2)) { $password = md5($password); } else { $password = ''; } $sql = "insert into cometchat_chatrooms (name,createdby,lastactivity,password,type) values ('" . mysql_real_escape_string(sanitize_core($chatroom)) . "', '0','" . getTimeStamp() . "','" . mysql_real_escape_string($password) . "','" . mysql_real_escape_string($type) . "')"; $query = mysql_query($sql); header("Location: ?module=chatrooms"); }
function data() { if (USE_COMET == 1 && SAVE_LOGS == 0) { echo 0; } else { checktoken(); global $db; global $guestsMode; global $guestnamePrefix; $usertable = TABLE_PREFIX . DB_USERTABLE; $usertable_username = DB_USERTABLE_NAME; $usertable_userid = DB_USERTABLE_USERID; $guestpart = ""; $criteria = "cometchat.id > '" . mysql_real_escape_string($_POST['timestamp']) . "' and "; $criteria2 = 'desc'; if ($guestsMode) { $guestpart = "UNION (select cometchat.id id, cometchat.from, cometchat.to, cometchat.message, cometchat.sent, cometchat.read,CONCAT('{$guestnamePrefix}',' ',f.name) fromu, CONCAT('{$guestnamePrefix}',' ',t.name) tou from cometchat, cometchat_guests f, cometchat_guests t where {$criteria} f.id = cometchat.from and t.id = cometchat.to) UNION (select cometchat.id id, cometchat.from, cometchat.to, cometchat.message, cometchat.sent, cometchat.read, f." . $usertable_username . " fromu, CONCAT('{$guestnamePrefix}',' ',t.name) tou from cometchat, " . $usertable . " f, cometchat_guests t where {$criteria} f." . $usertable_userid . " = cometchat.from and t.id = cometchat.to) UNION (select cometchat.id id, cometchat.from, cometchat.to, cometchat.message, cometchat.sent, cometchat.read, CONCAT('{$guestnamePrefix}',' ',f.name) fromu, t." . $usertable_username . " tou from cometchat, cometchat_guests f, " . $usertable . " t where {$criteria} f.id = cometchat.from and t." . $usertable_userid . " = cometchat.to) "; } $response = array(); $messages = array(); if (empty($_POST['timestamp'])) { $criteria = ''; $criteria2 = 'desc limit 20'; } $sql = "(select cometchat.id id, cometchat.from, cometchat.to, cometchat.message, cometchat.sent, cometchat.read, f.{$usertable_username} fromu, t.{$usertable_username} tou from cometchat, {$usertable} f, {$usertable} t where {$criteria} f.{$usertable_userid} = cometchat.from and t.{$usertable_userid} = cometchat.to ) " . $guestpart . " order by id {$criteria2}"; $query = mysql_query($sql); $timestamp = $_POST['timestamp']; while ($chat = mysql_fetch_array($query)) { if (function_exists('processName')) { $chat['fromu'] = processName($chat['fromu']); $chat['tou'] = processName($chat['tou']); } $time = date('g:iA M dS', $chat['sent']); array_unshift($messages, array('id' => $chat['id'], 'from' => $chat['from'], 'to' => $chat['to'], 'fromu' => $chat['fromu'], 'tou' => $chat['tou'], 'message' => $chat['message'], 'time' => $time)); if ($chat['id'] > $timestamp) { $timestamp = $chat['id']; } } $response['timestamp'] = $timestamp; $response['online'] = onlineusers(); if (!empty($messages)) { $response['messages'] = $messages; } header('Content-type: application/json; charset=utf-8'); echo json_encode($response); } exit; }
if (!checktoken($args['user_id'], $args['token'])) { //request not authorised $newresponse = $newresponse->withStatus(401); //return $newresponse; return $newresponse; } $tmp = json_encode(scandirectory(".")); $newresponse->getBody()->write($tmp); return $newresponse; }); //API function:GET:Download specific file $app->get('/getfile/{id}/{token}/{user_id}', function (Request $request, Response $response, $args) use($app) { //set output header: content-type $newresponse = $response->withHeader('Content-type', 'application/json'); //check if token is expired or invalid if (!checktoken($args['user_id'], $args['token'])) { //request not authorised $newresponse = $newresponse->withStatus(401); //return $newresponse; return $newresponse; } //id is id of file from database //here you should put functionality for getting file path from database by id $filepath = "./download/test.jpg"; //setting test value //set output headers //content headers $newresponse = $newresponse->withHeader('Content-type', 'application/octet-stream'); //rewriting content type from application/json to application/octet-stream for sending file $newresponse = $newresponse->withHeader('Content-Description', 'File Transfer'); $newresponse = $newresponse->withHeader('Content-Disposition', 'attachment; filename=' . basename($filepath));
function addextension() { checktoken(); global $extensions; if (!empty($_GET['data'])) { $extensiondata = '$extensions = array('; foreach ($extensions as $extension) { $extensiondata .= "'{$extension}',"; } $extensiondata .= "'{$_GET['data']}',"; $extensiondata = substr($extensiondata, 0, -1) . ');'; configeditor('EXTENSIONS', $extensiondata); } header("Location:?module=extensions"); }
function updateorder() { checktoken(); if (!empty($_POST['order'])) { $extensiondata = '$extensions = array('; $extensiondata .= $_POST['order']; $extensiondata = substr($extensiondata, 0, -1) . ');'; configeditor('EXTENSIONS', $extensiondata); } else { $extensiondata = '$extensions = array();'; configeditor('EXTENSIONS', $extensiondata); } echo "1"; }
foreach ($sites as $v) { chmod("/home/{$v->owner}", 0711); chgrp($v->root, 'www'); chmod($v->root, 0750); } setmsg(t('saved'), 'notice'); break; case 'errdoc': $name = preg_replace("/[^0-9a-z\\-\\.]/", '', $_REQUEST['name']); $do = preg_replace("/[^0-9a-z\\-\\.]/", '', $_REQUEST['do']); $token = token(); $vhost = ZVhosts::getVhost($name); $item = intval($_REQUEST['item']); $doc = (in_array($item, $error_documents) ? $item : 404) . '.shtml'; $file = "{$home}/{$vhost->owner}/{$name}/{$doc}"; if (checktoken()) { $content = $_REQUEST['content']; $written = file_put_contents($file, $content); if ($written) { chown($file, $vhost->owner); chgrp($file, $vhost->owner); chmod($file, 0755); setmsg(t('Saved'), 'notice', "?task=edit&name={$name}"); } } if ($do == 'reset') { $def_dir = ZH . "/data/errdoc"; $user_dir = "{$home}/{$vhost->owner}/{$name}"; foreach ($error_documents as $doc) { $docfile = intval($doc) . '.shtml'; if (file_exists($def_dir . "/{$docfile}")) {
$fullname = isset($_REQUEST['fullname']) ? $_REQUEST['fullname'] : ''; $kdstatus = (int) isset($_REQUEST['kdstatus']) ? $_REQUEST['kdstatus'] : 0; $fullname = clean_text($fullname); $dauky = clean_text($dauky); $cuoiky = clean_text($cuoiky); $token = clean_text($token); $serial = clean_text($serial); $month = clean_text($month); //$userid = (int)(clean_text($userid)); //if (!checktoken($userid, $token)){die ('201')} /* * chưa có token */ CONNECT_DB(); mysql_query("SET NAMES utf8"); if (!checktoken($userid, $token)) { die('201'); } function record_exist($serial, $month, $kdstatus) { $sql = 'SELECT * FROM `h1_confirm` WHERE `meter_serial` = "' . $serial . '" AND `month_confirm` = "' . $month . '" AND `type` = ' . $kdstatus; $result = mysql_query($sql) or die('500'); $row = 0; while ($rows = mysql_fetch_array($result)) { $row = $rows['ID']; } if ($row == null || $row == '') { $returnvalue = 0; } else { $returnvalue = 1;
function importlanguage() { checktoken(); if (!empty($_POST['data'])) { $lang = $_POST['data']['name']; $data = $_POST['data']['data']; $data = str_replace('<?php', '', $data); $data = str_replace('?>', '', $data); eval($data); if (file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'lang' . DIRECTORY_SEPARATOR . strtolower($lang) . ".php")) { $_SESSION['cometchat']['error'] = 'Language already exists. Please remove it and then import the language.'; } else { foreach ($file as $f => $d) { if (!empty($f)) { $f .= '/'; } if (is_dir(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . $f . 'lang') && !file_exists(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . $f . 'lang' . DIRECTORY_SEPARATOR . strtolower($lang) . ".php")) { $file = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . $f . 'lang' . DIRECTORY_SEPARATOR . strtolower($lang) . ".php"; $fh = fopen($file, 'w'); if (fwrite($fh, base64_decode($d)) === FALSE) { echo "Cannot write to file ({$file})"; exit; } fclose($fh); chmod($file, 0777); } } } } echo "1"; }
/** * Check Language File * * @param string $p_path Path. * @param string $p_file File. * @param boolean $p_quiet Quiet output. * @return boolean */ function checkfile($p_path, $p_file, $p_quiet = false) { if (!$p_quiet) { echo 'Testing language file \'' . $p_file . '\' (phase 1)...<br />'; flush(); } $t_file = $p_path . $p_file; set_error_handler('lang_error_handler'); $t_result = checktoken($t_file, $p_file == STRINGS_ENGLISH); restore_error_handler(); if (!$t_result) { print_error('Language file \'' . $p_file . '\' failed at phase 1.', 'FAILED'); if ($p_quiet) { return false; } } if (!$p_quiet) { echo 'Testing language file \'' . $p_file . '\' (phase 2)...<br />'; flush(); } else { return true; } set_error_handler('lang_error_handler'); ob_start(); $t_result = eval('require_once( \'' . $t_file . '\' );'); $t_data = ob_get_contents(); ob_end_clean(); restore_error_handler(); if ($t_result === false) { print_error('Language file \'' . $p_file . '\' failed at eval', 'FAILED'); if ($p_quiet) { return false; } } if (!empty($t_data)) { print_error('Language file \'' . $p_file . '\' failed at require_once (data output: ' . var_export($t_data, true) . ')', 'FAILED'); if ($p_quiet) { return false; } } return true; }