function autologin() { if (isset($_COOKIE['user']) && isset($_COOKIE['passwd']) && isset($_COOKIE['userid'])) { global $db; $pass = $_COOKIE['passwd']; $user = $_COOKIE['user']; $userid = $_COOKIE['userid']; $res =& $db->query("SELECT * FROM " . db_tablename('users') . " WHERE id=" . $db->quote((int) $userid) . " AND user=" . $db->quote($user)); if (DB::isError($res)) { return; } $row = $res->fetchRow(DB_FETCHMODE_ASSOC); if (!isset($row['password'])) { return; } $passchk = md5($row['password'] . $row['salt']); if ($pass == $passchk) { $_SESSION['user'] = $row['user']; $_SESSION['level'] = $row['level']; $_SESSION['userid'] = $row['id']; $_SESSION['logged_in'] = 1; mk_cookie('user', $row['user']); mk_cookie('userid', $row['id']); mk_cookie('passwd', $passchk); } } }
function autologin() { if (isset($_COOKIE['user']) && isset($_COOKIE['passwd']) && isset($_COOKIE['userid'])) { global $db; $pass = $_COOKIE['passwd']; $user = $_COOKIE['user']; $userid = $_COOKIE['userid']; $sql = 'SELECT * FROM ' . db_tablename('users') . ' WHERE id=' . $db->quote((int) $userid) . ' AND user='******'password'])) { return; } $passchk = md5($row['password'] . $row['salt']); if ($pass == $passchk) { $_SESSION['user'] = $row['user']; $_SESSION['level'] = $row['level']; $_SESSION['userid'] = $row['id']; $_SESSION['logged_in'] = 1; mk_cookie('user', $row['user']); mk_cookie('userid', $row['id']); mk_cookie('passwd', $passchk); } } }
function setBackup() { global $dbname, $dbh; global $PARAM, $SUBS, $MSG, $MONTHS; if (!is_dir(getAdmSetting('BACKUP_DIR'))) { MkDir(getAdmSetting('BACKUP_DIR'), 0777); } if ($PARAM['upload'] == 1) { global $bckFile, $bckFile_name; if ($bckFile_name == '') { $SUBS['ERROR'] = $MSG[20108]; $SUBS['BACKUP_ERROR'] = fileParse('_admin_error.htmlt'); } else { if (!($UPLOAD = @file($bckFile))) { setLogAndStatus("Reading", $bckFile, 0, "setBackup()", 'READ_UPLOAD'); } $file = date('d F Y H_i_s'); $filename = getAdmSetting('BACKUP_DIR') . "/{$file}.sql"; $upload = '## ' . $MSG[20109] . date(' d F Y H:i:s') . "\n"; $upload .= "## {$MSG['20110']} {$bckFile_name}\n"; $upload .= join('', $UPLOAD); if (!($fp = fopen($filename, 'w'))) { setLogAndStatus("Opening", $filename, 0, "setBackup()", 'OPEN_FILE'); } fwrite($fp, $upload); fclose($fp); $SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20050"; printPage('_admin_done.htmlt'); return; } } //export database backup if ($PARAM['export'] == 1) { $file = date('d F Y H_i_s'); $filename = getAdmSetting('BACKUP_DIR') . "/{$file}.sql"; if (!($fp = fopen($filename, 'w'))) { setLogAndStatus("Opening", 0, $filename, "setBackup()", 'OPEN_FILE'); } //write comments if any if ($PARAM['bckComments'] != '') { $comments = '##' . ereg_replace("\n", "\n##", $PARAM['bckComments']) . "\n"; fwrite($fp, $comments); } if (!($res = db_list_tables($dbname, $dbh))) { setLogAndStatus("db_list_tables()", 0, $dbname, "setBackup()", 'LIST_TABLES'); } $num_tables = db_num_rows($res); $i = 0; while ($i < $num_tables) { $table = db_tablename($res, $i); $fields = db_list_fields($dbname, $table, $dbh); $columns = db_num_fields($fields); $tablelist = ''; for ($j = 0; $j < $columns; $j++) { if ($columns - $j == 1) { $tablelist .= db_field_name($fields, $j); } else { $tablelist .= db_field_name($fields, $j) . ','; } } $schema = "REPLACE INTO {$table} ({$tablelist}) VALUES ("; $query = "SELECT * FROM {$dbname}.{$table}"; $result = runQuery($query, 'setBackup()', 'SELECT_TABLES'); while ($row = db_fetch_row($result)) { $schema_insert = ''; for ($j = 0; $j < $columns; $j++) { if (!isset($row[$j])) { $schema_insert .= ' NULL,'; } else { $schema_insert .= ' ' . dbQuote($row[$j]) . ','; } } $schema_insert = $schema . ereg_replace(',$', '', $schema_insert); $schema_insert .= ");\r\n"; fwrite($fp, $schema_insert); } $i++; } fclose($fp); // the ZIP thing -------------------- $fp = fopen($filename, "rb"); $data = fread($fp, filesize($filename)); fclose($fp); $name = array(baseName($filename)); $data = array($data); $content = makezip($name, $data); $fp = fopen('./zip/' . basename($filename) . '.ZIP', "wb"); fputs($fp, $content); fclose($fp); // the ZIP thing -------------------- $SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20052"; printPage('_admin_done.htmlt'); return; } //prepare for import or delete $backups = opendir(getAdmSetting('BACKUP_DIR')); while (($file = readdir($backups)) != false) { if (!is_dir($file)) { $BCKUPS[eregi_replace('[^a-z0-9]', '_', $file)] = getAdmSetting('BACKUP_DIR') . "/{$file}"; } } closedir($backups); reset($PARAM); while (list($k, $v) = each($PARAM)) { if (ereg('^bck_(.*)$', $k, $R)) { $BACKUPS[] = $R[1]; } } reset($PARAM); //delete backups if ($PARAM['delete'] == 1) { if (count($BACKUPS) == 0) { $SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20008"; printPage('_admin_done.htmlt'); return; } for ($i = 0; $i < count($BACKUPS); $i++) { if (!@unlink($BCKUPS[$BACKUPS[$i]])) { setLogAndStatus("Deleting", $BCKUPS[$BACKUPS[$i]], "setBackup()", 'DEL_BACKUP'); } } $SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20054"; printPage('_admin_done.htmlt'); return; } //import database backup if ($PARAM['import'] == 1) { if (count($BACKUPS) > 1) { $SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20053"; printPage('_admin_done.htmlt'); return; } if (count($BACKUPS) == 0) { $SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20008"; printPage('_admin_done.htmlt'); return; } //get backup file $file = fread(fopen($BCKUPS[$BACKUPS[0]], 'r'), filesize($BCKUPS[$BACKUPS[0]])); ////---- [Mrasnika's] Edition 21.03.2002 split_sql_file($BACKUP, $file); //reset tables if (!($res = db_list_tables($dbname, $dbh))) { setLogAndStatus("db_list_tables()", 1, $dbname, "databaseBackup()", 'LIST_TABLES_2'); } $num_tables = db_num_rows($res); $i = 0; while ($i < $num_tables) { $table = db_tablename($res, $i); $query = "DELETE FROM {$dbname}.{$table}"; $result = runQuery($query, 'setBackup()', 'RESET_TABLES'); $i++; } //fill tables while (list($k, $query) = each($BACKUP)) { if (!ereg('^#', $query)) { if (!($result = db_query($query, $dbh))) { setLogAndStatus($query, db_errno($dbh), db_error($dbh), "databaseBackup()", 'RESTORE_DB'); $SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20055"; printPage('_admin_done.htmlt'); return; } } } $SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20056"; printPage('_admin_done.htmlt'); return; } $backups = opendir(getAdmSetting('BACKUP_DIR')); $last = 0; while (($file = readdir($backups)) != false) { if (!is_dir($file)) { $date = stat(getAdmSetting('BACKUP_DIR') . "/{$file}"); if ($last < $date[9]) { $month = intval(date('m')); $SUBS['LAST'] = $MSG[20051] . date(' d ', $date[9]) . $MONTHS[$month] . date(' Y H.i.s', $date[9]); } $SUBS['SIZE'] = sprintf('%0.2f KB', $date[7] / 1024); $SUBS['NAME'] = eregi_replace('_', ':', $file); $SUBS['CHECK'] = eregi_replace('[^a-z0-9]', '_', $file); //checkbox name $SUBS['WHERE'] = getAdmSetting('BACKUP_DIR') . "/{$file}"; if (!($BACKUP = @file(getAdmSetting('BACKUP_DIR') . "/{$file}"))) { setLogAndStatus("Reading", 0, getAdmSetting('BACKUP_DIR') . "/{$file}", "setBackup()", 'READ_FILE'); } $comments = ''; //get comments from the beginning of the file for ($i = 0; $i < count($BACKUP); $i++) { if (eregi('^##(.*)$', $BACKUP[$i], $R)) { $comments .= $R[1]; } } if ($comments != '') { $SUBS['COMMENTS'] = ' ' . ereg_replace("\n", '<BR> ', htmlEncode($comments)); $SUBS['COMMENTS'] = ereg_replace('<BR> $', '', $SUBS['COMMENTS']); } else { $SUBS['COMMENTS'] = ''; } $SUBS['BACKUPS'] .= fileParse('_admin_backup_row.htmlt'); } } closedir($backups); if ($PARAM['err'] != '') { $SUBS['ERROR'] = $MSG[$PARAM['err']]; $SUBS['BACKUP_ERROR'] = fileParse('_admin_error.htmlt'); } printPage('_admin_backup.htmlt'); }
if (file_exists('settings.php')) { die("settings.php already exists."); } if (!isset($_POST['template'])) { header('Location: install.php'); exit; } $data = array('template' => "'" . $_POST['template'] . "'", 'phptype' => "'" . $_POST['phptype'] . "'", 'hostspec' => "'" . $_POST['hostspec'] . "'", 'port' => "''", 'socket' => "''", 'database' => "'" . $_POST['database'] . "'", 'username' => "'" . $_POST['username'] . "'", 'password' => "'" . $_POST['password'] . "'", 'db_table_prefix' => "'" . $_POST['db_table_prefix'] . "'", 'site_short_title' => "'" . $_POST['site_short_title'] . "'", 'site_long_title' => "'" . $_POST['site_long_title'] . "'", 'prefix_short_title' => $_POST['prefix_short_title'] == 'on' ? 1 : 0, 'rss_url' => "'" . preg_replace('/\\/$/', '', $_POST['rss_url']) . "'", 'rss_title' => "'" . $_POST['rss_title'] . "'", 'rss_desc' => "'" . $_POST['rss_desc'] . "'", 'rss_entries' => !isset($_POST['rss_entries']) || $_POST['rss_entries'] < 1 ? 15 : $_POST['rss_entries'], 'secret_salt' => "'" . $_POST['secret_salt'] . "'", 'language' => "'" . $_POST['language'] . "'", 'captcha' => "'" . $_POST['captcha'] . "'", 'use_captcha' => "array(" . (isset($_POST['use_captcha']) ? "'" . implode("'=>1, '", $_POST['use_captcha']) . "'=>1" : '') . ")", 'spam_regex' => "'" . $_POST['spam_regex'] . "'", 'auto_block_spam_ip' => $_POST['auto_block_spam_ip'], 'spam_expire_time' => $_POST['spam_expire_time'], 'admin_email' => "'" . $_POST['admin_email'] . "'", 'quote_limit' => $_POST['quote_limit'], 'page_limit' => $_POST['page_limit'], 'quote_list_limit' => $_POST['quote_list_limit'], 'min_latest' => $_POST['min_latest'], 'min_quote_length' => $_POST['min_quote_length'], 'moderated_quotes' => isset($_POST['moderated_quotes']) && $_POST['moderated_quotes'] == 'on' ? 1 : 0, 'login_required' => isset($_POST['login_required']) && $_POST['login_required'] == 'on' ? 1 : 0, 'auto_flagged_quotes' => $_POST['auto_flagged_quotes'] == 'on' ? 0 : 1, 'public_queue' => isset($_POST['public_queue']) && $_POST['public_queue'] == 'on' ? 0 : 1, 'timezone' => "'" . $_POST['timezone'] . "'", 'news_time_format' => "'" . $_POST['news_time_format'] . "'", 'quote_time_format' => "'" . $_POST['quote_time_format'] . "'", 'GET_SEPARATOR' => "ini_get('arg_separator.output')", 'GET_SEPARATOR_HTML' => 'htmlspecialchars($CONFIG[\'GET_SEPARATOR\'], ENT_QUOTES)'); if (!write_settings('settings.php', $data)) { die("Sorry, cannot write settings.php"); } if (!file_exists('settings.php')) { die("settings.php does not exist."); } $salt = str_rand(); $sqldata = array_merge($data, array('QUOTETABLE' => db_tablename('quotes'), 'QUEUETABLE' => db_tablename('queue'), 'USERSTABLE' => db_tablename('users'), 'TRACKINGTABLE' => db_tablename('tracking'), 'NEWSTABLE' => db_tablename('news'), 'SPAMTABLE' => db_tablename('spamlog'), 'DUPETABLE' => db_tablename('dupes'), 'ADMINUSER' => "'" . $_POST['adminuser'] . "'", 'ADMINPASS' => "'\\\$1" . crypt($_POST['adminpass'], "\$1\$" . substr($salt, 0, 8) . "\$") . "'", 'ADMINSALT' => '\'\\$1\\$' . $salt . '\\$\'')); $sql = mangle_sql('install.sql', $sqldata); print '<pre>' . $sql . '</pre>'; $CONFIG = remove_quotes($data); include 'db.php'; $db = get_db($CONFIG); if ($db) { db_query($sql); $db = null; } else { print '<p>Sorry, cannot access the database. You may need to do the commands manually.'; } } else { if (!file_exists('settings.php')) { if (!write_settings('settings.php', null)) { die('Cannot write settings.');
function mk_user($username, $password) { print 'Creating user ' . $username . ': '; $salt = str_rand(); $level = 1; $str = "INSERT INTO " . db_tablename('users') . " (user, password, level, salt) VALUES('{$username}', '" . crypt($password, "\$1\$" . substr($salt, 0, 8) . "\$") . "', '{$level}', '\$1\$" . $salt . "\$');"; return db_query($str); }
function add_quote_do_inner() { global $CONFIG, $TEMPLATE, $db; $flag = isset($CONFIG['auto_flagged_quotes']) && $CONFIG['auto_flagged_quotes'] == 1 ? 2 : 0; $quotxt = htmlspecialchars(trim($_POST["rash_quote"])); $innerhtml = $TEMPLATE->add_quote_outputmsg(mangle_quote_text($quotxt)); $res =& $db->query("INSERT INTO " . db_tablename('quotes') . " (quote, rating, flag, queue, date) VALUES(" . $db->quote($quotxt) . ", 0, " . $flag . ", " . $CONFIG['moderated_quotes'] . ", '" . mktime() . "')"); if (DB::isError($res)) { die($res->getMessage()); } return $innerhtml; }
phpMyBackup v.0.4 Beta - Documentation Homepage: http://www.nm-service.de/phpmybackup Copyright (c) 2000-2001 by Holger Mauermann, mauermann@nm-service.de phpMyBackup is distributed in the hope that it will be useful for you, but WITHOUT ANY WARRANTY. This programm may be used freely as long as all credit and copyright information are left intact. */ if ($writer->countWriters()) { $version = "0.4 beta"; $cur_time = date("Y-m-d H:i"); $writer->write("-- Dump created with 'phpMyBackup v." . $version . "' on " . $cur_time . "\r\n"); $tables = db_list_tables(DBDATE); $num_tables = @db_num_rows($tables); $i = 0; while ($i < $num_tables) { $table = db_tablename($tables, $i); if (isset($_POST['prefix']) and strpos($table, DBPREF) === false) { $i++; continue; } get_def(DBDATE, $table, $writer); get_content(DBDATE, $table, $writer); $i++; } $writer->close(); } } else { $design = new design('Ilch Admin-Control-Panel :: Backup', '', 2); $design->header(); $tpl = new tpl('backup', 1); $tpl->out(0);
function import_quotes_do_inner() { global $CONFIG, $TEMPLATE, $db; $flag = isset($CONFIG['auto_flagged_quotes']) && $CONFIG['auto_flagged_quotes'] == 1 ? 2 : 0; $spamre = isset($CONFIG['spam_regex']) && $CONFIG['spam_regex'] != '' ? $CONFIG['spam_regex'] : NULL; $sep = html_entity_decode($_POST['separator_regex']); $quotes = preg_split("/" . $sep . "/m", html_entity_decode(trim($_POST['rash_quote']))); foreach ($quotes as $quotxt) { $quotxt = htmlspecialchars(trim($quotxt)); if (!(strlen($quotxt) < $CONFIG['min_quote_length'])) { $t = time(); $ip = $_SERVER['REMOTE_ADDR']; if ($CONFIG['moderated_quotes']) { $table = 'queue'; } else { $table = 'quotes'; } $db->query("INSERT INTO " . db_tablename($table) . " (quote, submitip, date) VALUES(" . $db->quote($quotxt) . ", " . $db->quote($ip) . ", " . $t . ")"); } } return ''; }
function do_queue($db, $params) { $qt = db_tablename('quotes', $params); return make_query($db, "SELECT * FROM {$qt} where queue=1"); }