// Using an pre-PHP 5.1 version? if (@version_compare(PHP_VERSION, '5.1') == -1) { require_once $sourcedir . '/Subs-Compat.php'; } // If $maintenance is set specifically to 2, then we're upgrading or something. if (!empty($maintenance) && $maintenance == 2) { db_fatal_error(); } // Create a variable to store some SMF specific functions in. $smcFunc = array(); // Initate the database connection and define some database functions to use. loadDatabase(); // Load the settings from the settings table, and perform operations like optimizing. reloadSettings(); // Clean the request variables, add slashes, etc. cleanRequest(); $context = array(); // Seed the random generator. if (empty($modSettings['rand_seed']) || mt_rand(1, 250) == 69) { smf_seed_generator(); } // Before we get carried away, are we doing a scheduled task? If so save CPU cycles by jumping out! if (isset($_GET['scheduled'])) { require_once $sourcedir . '/ScheduledTasks.php'; AutoTask(); } // Check if compressed output is enabled, supported, and not already being done. if (!empty($modSettings['enableCompressedOutput']) && !headers_sent()) { // If zlib is being used, turn off output compression. if (@ini_get('zlib.output_compression') == '1' || @ini_get('output_handler') == 'ob_gzhandler' || @version_compare(PHP_VERSION, '4.2.0') == -1) { $modSettings['enableCompressedOutput'] = '0';
/** * Load all essential data and connect to the DB as this is pre SSI.php */ function loadEssentialData() { global $db_server, $db_user, $db_passwd, $db_name, $db_connection, $db_prefix, $db_character_set, $db_type, $db_port, $modSettings; // Do the non-SSI stuff... @set_magic_quotes_runtime(0); error_reporting(E_ALL); if (!defined('ELK')) { define('ELK', 1); } // Start the session. if (ini_get('session.save_handler') == 'user') { @ini_set('session.save_handler', 'files'); } @session_start(); // Initialize everything... initialize_inputs(); // Get the database going! if (empty($db_type)) { $db_type = 'mysql'; } if (file_exists(SOURCEDIR . '/database/Database.subs.php')) { require_once SOURCEDIR . '/database/Database.subs.php'; // Make the connection... $db_connection = elk_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, array('non_fatal' => true, 'port' => $db_port), $db_type); // Oh dear god!! if ($db_connection === null) { die('Unable to connect to database - please check username and password are correct in Settings.php'); } $db = database(); if ($db_type == 'mysql' && isset($db_character_set) && preg_match('~^\\w+$~', $db_character_set) === 1) { $db->query('', ' SET NAMES ' . $db_character_set, array('db_error_skip' => true)); } // Load the modSettings data... $request = $db->query('', ' SELECT variable, value FROM {db_prefix}settings', array('db_error_skip' => true)); $modSettings = array(); while ($row = $db->fetch_assoc($request)) { $modSettings[$row['variable']] = $row['value']; } $db->free_result($request); } else { return throw_error('Cannot find ' . SOURCEDIR . '/database/Database.subs.php. Please check you have uploaded all source files and have the correct paths set.'); } // If they don't have the file, they're going to get a warning anyway so we won't need to clean request vars. if (file_exists(SOURCEDIR . '/QueryString.php')) { require_once SUBSDIR . '/Util.class.php'; require_once SOURCEDIR . '/Subs.php'; require_once SOURCEDIR . '/QueryString.php'; cleanRequest(); } // Set a session life limit for the admin if (isset($modSettings['admin_session_lifetime'])) { $modSettings['admin_session_lifetime'] = 5; } if (!isset($_GET['substep'])) { $_GET['substep'] = 0; } }
<?php require_once '_init.php'; $emailQueueId = cleanRequest('id'); if (!$emailQueueId) { die("REQUEST = NULL"); } else { $mail_queue = new Mail_Queue($container_options, $mail_options); $contanier = new Mail_Queue_Container_db($container_options); if ($contanier->getMailById($emailQueueId)) { $mail_queue->deleteMail($emailQueueId); } header("Location: ../index.php"); }
function loadEssentialData() { global $db_server, $db_user, $db_passwd, $db_name, $db_connection, $db_prefix, $db_character_set, $db_type; global $modSettings, $sourcedir, $smcFunc, $upcontext; // Do the non-SSI stuff... @set_magic_quotes_runtime(0); error_reporting(E_ALL); define('SMF', 1); // Start the session. if (@ini_get('session.save_handler') == 'user') { @ini_set('session.save_handler', 'files'); } @session_start(); if (empty($smcFunc)) { $smcFunc = array(); } // Initialize everything... initialize_inputs(); // Get the database going! if (empty($db_type)) { $db_type = 'mysql'; } if (file_exists($sourcedir . '/lib/Subs-Db-' . $db_type . '.php')) { require_once $sourcedir . '/lib/Subs-Db-' . $db_type . '.php'; // Make the connection... $db_connection = smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, array('non_fatal' => true)); // Oh dear god!! if ($db_connection === null) { die('Unable to connect to database - please check username and password are correct in Settings.php'); } if ($db_type == 'mysql' && isset($db_character_set) && preg_match('~^\\w+$~', $db_character_set) === 1) { $smcFunc['db_query']('', ' SET NAMES ' . $db_character_set, array('db_error_skip' => true)); } // Load the modSettings data... $request = $smcFunc['db_query']('', ' SELECT variable, value FROM {db_prefix}settings', array('db_error_skip' => true)); $modSettings = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $modSettings[$row['variable']] = $row['value']; } $smcFunc['db_free_result']($request); } else { return throw_error('Cannot find ' . $sourcedir . '/lib/Subs-Db-' . $db_type . '.php' . '. Please check you have uploaded all source files and have the correct paths set.'); } // If they don't have the file, they're going to get a warning anyway so we won't need to clean request vars. if (file_exists($sourcedir . '/QueryString.php')) { require_once $sourcedir . '/QueryString.php'; cleanRequest(); } if (!isset($_GET['substep'])) { $_GET['substep'] = 0; } }
<?php require_once '_init.php'; $userId = cleanRequest('userId'); $emailId = cleanRequest('emailId'); if (!$userId && !$emailId) { die("REQUEST = NULL"); } else { $mail = new ManageMailQueue($container_options, $mail_options); $mail->extractDataFromUserId($userId); $mail->addByEmailId($emailId); header("Location: ../index.php"); }
<?php require_once '_init.php'; $emailQueueId = cleanRequest('id'); $emailQueueType = cleanRequest('type', '%s'); if (!$emailQueueId && !$emailQueueType) { die("REQUEST = NULL"); } else { $mq = a("select * from mail_queue where id = " . $emailQueueId); if ($emailQueueType == 'sent') { $sql[] = "insert into mail_queue set id = ''"; foreach ($mq as $k => $v) { if ($k != 'id') { if ($k == 'sent_time') { $sql[] = $k . " = NULL"; } elseif ($k == 'try_sent') { $sql[] = $k . " = '0'"; } elseif ($k == 'log') { $sql[] = $k . " = ''"; } else { $sql[] = $k . " = '" . $v . "'"; } } } $duplicateQueueRow = sq(join(", ", $sql)); $updateSeq = sq("update mail_queue_seq set id = id+1"); } if ($emailQueueType == 'bounced') { $result = sq("update mail_queue set sent_time = null, try_sent = 0 where id = " . $mq['id']); } header("Location: ../index.php");
function tt_clean_request() { foreach (array_merge(array_keys($_POST), array_keys($_GET), array_keys($_FILES)) as $key) { if (is_numeric($key)) { if (isset($_POST[$key])) { unset($_POST[$key]); } if (isset($_GET[$key])) { unset($_GET[$key]); } if (isset($_FILES[$key])) { unset($_FILES[$key]); } } } cleanRequest(); }
function initialize_inputs() { global $sourcedir; // Turn off magic quotes runtime, enable error reporting, and define SMF. @set_magic_quotes_runtime(0); error_reporting(E_ALL); define('SMF', 1); umask(0); // Fun. Low PHP version... if (!isset($_GET)) { $GLOBALS['_GET']['step'] = 0; return; } ob_start(); if (@ini_get('session.save_handler') == 'user') { @ini_set('session.save_handler', 'files'); } @session_start(); // Better to upgrade cleanly and fall apart than to screw everything up if things take too long. ignore_user_abort(true); // If they don't have the file, they're going to get a warning anyway so we won't need to clean request vars. if (file_exists($sourcedir . '/QueryString.php')) { require_once $sourcedir . '/QueryString.php'; $GLOBALS['func'] = array('htmlspecialchars' => 'htmlspecialchars', 'htmltrim' => create_function('$string', ' return preg_replace(\'~^([ \\t\\n\\r\\x0B\\x00\\xA0]| )+|([ \\t\\n\\r\\x0B\\x00\\xA0]| )+$~\', \'\', $string);')); cleanRequest(); } // This is really quite simple; if ?delete is on the URL, delete the upgrader... if (isset($_GET['delete'])) { @unlink(__FILE__); // And the extra little files ;). @unlink(dirname(__FILE__) . '/upgrade_1-0.sql'); @unlink(dirname(__FILE__) . '/upgrade_1-1.sql'); @unlink(dirname(__FILE__) . '/webinstall.php'); header('Location: http://' . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT']) . dirname($_SERVER['PHP_SELF']) . '/Themes/default/images/blank.gif'); exit; } // Something is causing this to happen, and it's annoying. Stop it. $temp = 'upgrade_php?step'; while (strlen($temp) > 4) { if (isset($_GET[$temp])) { unset($_GET[$temp]); } $temp = substr($temp, 1); } // Force a step, defaulting to 0. $_GET['step'] = (int) @$_GET['step']; $_GET['substep'] = (int) @$_GET['substep']; }
<?php // INCLUDE GENERAL CONFIG require_once 'admin/config/general/config.php'; // INCLUDE ALL if ($_SERVER['SERVER_ADDR'] == '127.0.0.1') { require_once $_SERVER['DOCUMENT_ROOT'] . $config['localCorePath'] . 'includes/include.AllBackEnd.php'; } else { require_once $_SERVER['DOCUMENT_ROOT'] . $config['root'] . 'admin/includes/include.AllBackEnd.php'; } $id = cleanRequest("id"); $words = cleanRequest("words", "%s"); if ($id) { $producto = a("select * from productos where id = " . $id); if (!$producto) { header("Location: productos.php"); } } else { header("Location: productos.php"); } $bodyCls = "productos"; $sectionName = $producto['nombre']; $descriptionById = $producto['nombre']; $keywordsById = $producto['nombre']; $titleById = "Productos » " . $producto['nombre']; require_once "includes/head.php"; require_once "includes/top.php"; ?> <div id="main">
<?php // INCLUDE GENERAL CONFIG require_once 'admin/config/general/config.php'; // INCLUDE ALL if ($_SERVER['SERVER_ADDR'] == '127.0.0.1') { require_once $_SERVER['DOCUMENT_ROOT'] . $config['localCorePath'] . 'includes/include.AllBackEnd.php'; } else { require_once $_SERVER['DOCUMENT_ROOT'] . $config['root'] . 'admin/includes/include.AllBackEnd.php'; } $id = cleanRequest("id"); if ($id) { $noticia = a("select *, DATE_FORMAT(date,'%d-%m-%Y') as df from noticias where id = " . $id); if (!$noticia) { header("Location: noticias.php"); } } else { header("Location: noticias.php"); } $bodyCls = "noticias"; $sectionName = $noticia['titulo']; $descriptionById = $noticia['titulo']; $keywordsById = $noticia['titulo']; $titleById = $noticia['titulo']; require_once "includes/head.php"; require_once "includes/top.php"; ?> <div id="main"> <div class="wrapper">