/** * Redirect the user - transparently, storing a message that will be shown on their destination page. * * @param tempcode Title to display on redirect page * @param mixed Destination URL (may be Tempcode) * @param mixed Message to show (may be Tempcode) * @param boolean For intermediatory hops, don't mark so as to read status messages - save them up for the next hop (which will not be intermediatory) * @param ID_TEXT Code of message type to show * @set warn inform fatal * @return tempcode Redirection message (likely to not actually be seen due to instant redirection) */ function _redirect_screen($title, $url, $text, $intermediatory_hop = false, $msg_type = 'inform') { if (is_object($url)) { $url = $url->evaluate(); } global $FORCE_META_REFRESH, $ATTACHED_MESSAGES_RAW; $special_page_type = get_param('special_page_type', 'view'); if ($special_page_type == 'view' && $GLOBALS['NON_PAGE_SCRIPT'] == 0 && !headers_sent() && !$FORCE_META_REFRESH) { foreach ($ATTACHED_MESSAGES_RAW as $message) { $GLOBALS['SITE_DB']->query_insert('messages_to_render', array('r_session_id' => get_session_id(), 'r_message' => is_object($message[0]) ? $message[0]->evaluate() : escape_html($message[0]), 'r_type' => $message[1], 'r_time' => time())); } $_message = is_object($text) ? $text->evaluate() : escape_html($text); if ($_message != '' && (count($ATTACHED_MESSAGES_RAW) == 0 || $_message != do_lang('SUCCESS') && $_message != do_lang('REDIRECTING'))) { $GLOBALS['SITE_DB']->query_insert('messages_to_render', array('r_session_id' => get_session_id(), 'r_message' => $_message, 'r_type' => $msg_type, 'r_time' => time())); } if (!$intermediatory_hop) { $hash_pos = strpos($url, '#'); if ($hash_pos !== false) { $hash_bit = substr($url, $hash_pos); $url = substr($url, 0, $hash_pos); } else { $hash_bit = ''; } $url .= (strpos($url, '?') === false ? '?' : '&') . 'redirected=1' . $hash_bit; } } require_code('site2'); assign_refresh($url, 0.0); return do_template('REDIRECT_SCREEN', array('_GUID' => '44ce3d1ffc6536b299ed0944e8ca7253', 'URL' => $url, 'TITLE' => $title, 'TEXT' => $text)); }
function setUp() { parent::setUp(); require_code('ecommerce'); require_code('autosave'); require_code('shopping'); require_code('form_templates'); require_lang('ecommerce'); $this->access_mapping = array(db_get_first_id() => 4); // Creating cms catalogues object require_code('adminzone/pages/modules/admin_ecommerce.php'); $this->admin_ecom = new Module_admin_ecommerce(); /*require_code('adminzone/pages/modules/admin_shipping.php'); $this->admin_shipping = new Module_admin_shipping(); $this->admin_shipping->run_start('misc');*/ /*require_code('adminzone/pages/modules_custom/admin_credits.php'); $this->admin_credits = new Module_admin_credits();*/ require_code('adminzone/pages/modules/admin_orders.php'); $this->admin_orders = new Module_admin_orders(); $this->admin_orders->run(); $GLOBALS['SITE_DB']->query_insert('shopping_order', array('c_member' => get_member(), 'session_id' => get_session_id(), 'add_date' => time(), 'tot_price' => 0.0, 'order_status' => 'NEW', 'notes' => '', 'transaction_id' => 'ddfsfdsdfsdfs', 'purchase_through' => 'paypal', 'tax_opted_out' => 0)); /*require_code('adminzone/pages/modules/admin_permissions_products.php'); $this->admin_permission_products = new Module_admin_permissions_products(); $this->admin_permission_products->run();*/ }
/** * Standard modular run function for snippet hooks. Generates XHTML to insert into a page using AJAX. * * @return tempcode The snippet */ function run() { $sup = get_param('block_map_sup', '', true); $_map = get_param('block_map', false, true); if ($sup != '') { $_map .= ',' . $sup; } require_code('blocks'); $map = block_params_str_to_arr($_map); if (!array_key_exists('block', $map)) { return new ocp_tempcode(); } $auth_key = get_param_integer('auth_key'); // Check permissions $test = $GLOBALS['SITE_DB']->query_value_null_ok('temp_block_permissions', 'p_block_constraints', array('p_session_id' => get_session_id(), 'id' => $auth_key)); if (is_null($test) || !block_signature_check(block_params_str_to_arr($test), $map)) { require_lang('permissions'); return paragraph(do_lang_tempcode('ACCESS_DENIED__ACCESS_DENIED', escape_html($map['block']))); } // Cleanup $GLOBALS['SITE_DB']->query('DELETE FROM ' . get_table_prefix() . 'temp_block_permissions WHERE p_time<' . strval(time() - 60 * 60 * intval(get_option('session_expiry_time')))); // Return block snippet global $CSSS, $JAVASCRIPTS; $CSSS = array(); $JAVASCRIPTS = array(); $out = new ocp_tempcode(); $out->attach(symbol_tempcode('CSS_TEMPCODE')); $out->attach(symbol_tempcode('JS_TEMPCODE')); $out->attach(do_block($map['block'], $map)); return $out; }
function start_session_tracking() { session_start(); return true; clean_session_db(); error_reporting(E_ALL); $sessionhash = md5(get_session_id()); $idhash = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']); // see: mysql.lib.php $s = q("select * from `session` where `hash` = '" . clean_query($sessionhash) . "' limit 1;"); if (n($s) == 0) { $s = q("insert into `session` values('', '0', '" . clean_query($sessionhash) . "', '" . clean_query($idhash) . "', '" . clean_query(time()) . "');"); if (a() == 1) { // success return true; } else { // failure return false; } } else { while ($r = f($s)) { //4c5b06225553e12bed914e6836ff4859 if ($r["identity"] != $idhash) { return false; } $s = q("update `session` set `activity` = '" . clean_query(time()) . "' where `hash` = '" . clean_query($sessionhash) . "' limit 1;"); return true; /*if (a() == 1) { // success return true; } else { // failure return false; }*/ } } return false; }
function check_and_login() { $session_id = get_session_id(); if ($session_id) { $username = get_username($session_id); //get user id from Wordpress $user = get_user_by('login', $username); if (!$user) { if (user_creation_enabled()) { //Create a new user $password = wp_generate_password(); $user_id = wp_create_user($username, $password); $user = get_user_by('id', $user_id); } else { // TODO: What to do if the user cant be created //$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: User cannot access blog.')); } } else { $user_id = $user->ID; } login($user_id, $username); } }
/** * Standard modular run function for symbol hooks. Searches for tasks to perform. * * @param array Symbol parameters * @return string Result */ function run($param) { $value = ''; if (get_option('sitewide_im', true) === '1' && !is_guest() && (!array_key_exists(get_session_id(), $GLOBALS['SESSION_CACHE']) || $GLOBALS['SESSION_CACHE'][get_session_id()]['session_invisible'] == 0)) { require_code('chat'); require_lang('chat'); $messages_php = find_script('messages'); $im_area_template = do_template('CHAT_LOBBY_IM_AREA', array('_GUID' => '38de4f030d5980790d6d1db1a7e2ff39', 'MESSAGES_PHP' => $messages_php, 'ROOM_ID' => '__room_id__')); $im_area_template = do_template('CHAT_SITEWIDE_IM_POPUP', array('_GUID' => 'e520e557f86d0dd4e32d25a208d8f154', 'CONTENT' => $im_area_template)); $im_area_template = do_template('STYLED_HTML_WRAP', array('_GUID' => '5032bfa802af3fe14e610d09078ef849', 'CSS' => 'sitewide_im_popup_body', 'TITLE' => '__room_name__', 'TARGET' => '_site_opener', 'CONTENT' => $im_area_template)); $make_buddy_url = build_url(array('page' => '_SELF', 'type' => 'buddy_add', 'member_id' => '__id__'), '_SELF'); $block_member_url = build_url(array('page' => '_SELF', 'type' => 'blocking_add', 'member_id' => '__id__'), '_SELF'); $profile_url = $GLOBALS['FORUM_DRIVER']->member_profile_url(-100, false, true); if (is_object($profile_url)) { $profile_url = $profile_url->evaluate(); } $profile_url = str_replace('-100', '__id__', $profile_url); $im_participant_template = do_template('CHAT_LOBBY_IM_PARTICIPANT', array('_GUID' => '0c5e080d0afb29814a6e3059f0204ad1', 'PROFILE_URL' => $profile_url, 'ID' => '__id__', 'ROOM_ID' => '__room_id__', 'USERNAME' => '__username__', 'ONLINE' => '__online__', 'AVATAR_URL' => '__avatar_url__', 'MAKE_BUDDY_URL' => $make_buddy_url, 'BLOCK_MEMBER_URL' => $block_member_url)); $_value = do_template('CHAT_SITEWIDE_IM', array('_GUID' => '5ab0404b3dac4578e8b4be699bd43c95', 'IM_AREA_TEMPLATE' => $im_area_template, 'IM_PARTICIPANT_TEMPLATE' => $im_participant_template, 'CHAT_SOUND' => get_chat_sound_tpl())); $value = $_value->evaluate(); } return $value; }
/** * Get the ID of the currently active member. * It see's if the session exists / cookie is valid -- and gets the member id accordingly * * @param boolean Whether to just do a quick check, don't establish new sessions * @return MEMBER The member requesting this web page (possibly the guest member - which strictly speaking, is not a member) */ function get_member($quick_only = false) { global $SESSION_CACHE, $MEMBER_CACHED, $GETTING_MEMBER, $SITE_INFO; if ($MEMBER_CACHED !== NULL) { $GETTING_MEMBER = false; return $MEMBER_CACHED; } // If lots of aging sessions, clean out reset($SESSION_CACHE); if (count($SESSION_CACHE) > 50 && $SESSION_CACHE[key($SESSION_CACHE)]['last_activity'] < time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) { delete_expired_sessions_or_recover(); } // Try via backdoor that someone with full server access can place $backdoor_ip_address = mixed(); // Enable to a real IP address to force login from FTP access (if lost admin password) if (array_key_exists('backdoor_ip', $SITE_INFO)) { $backdoor_ip_address = $SITE_INFO['backdoor_ip']; } if (is_string($backdoor_ip_address) && get_ip_address() == $backdoor_ip_address) { require_code('users_active_actions'); $MEMBER_CACHED = restricted_manually_enabled_backdoor(); // Will have created a session in here already return $MEMBER_CACHED; } if ($GETTING_MEMBER) { if (!isset($GLOBALS['FORUM_DRIVER'])) { return db_get_first_id(); } // :S return $GLOBALS['FORUM_DRIVER']->get_guest_id(); } $GETTING_MEMBER = true; global $FORCE_INVISIBLE_GUEST; if ($FORCE_INVISIBLE_GUEST) { $GETTING_MEMBER = false; if (!isset($GLOBALS['FORUM_DRIVER'])) { fatal_exit(do_lang_tempcode('INTERNAL_ERROR')); } $MEMBER_CACHED = $GLOBALS['FORUM_DRIVER']->get_guest_id(); return $MEMBER_CACHED; } $member = NULL; $cookie_bits = explode(':', str_replace('|', ':', get_member_cookie())); $base = $cookie_bits[0]; // Try by session $session = get_session_id(); if ($session != -1 && get_param_integer('keep_force_htaccess', 0) == 0) { $ip = get_ip_address(3); // I hope AOL can cope with this $allow_unbound_guest = true; // Note: Guest sessions are not IP bound $member_row = NULL; if ($SESSION_CACHE !== NULL && array_key_exists($session, $SESSION_CACHE) && $SESSION_CACHE[$session] !== NULL && array_key_exists('the_user', $SESSION_CACHE[$session]) && (get_option('ip_strict_for_sessions') == '0' || $SESSION_CACHE[$session]['ip'] == $ip || is_guest($SESSION_CACHE[$session]['the_user']) && $allow_unbound_guest || $SESSION_CACHE[$session]['session_confirmed'] == 0 && !is_guest($SESSION_CACHE[$session]['the_user'])) && $SESSION_CACHE[$session]['last_activity'] > time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) { $member_row = $SESSION_CACHE[$session]; } if ($member_row !== NULL && (!array_key_exists($base, $_COOKIE) || !is_guest($member_row['the_user']))) { $member = $member_row['the_user']; if ($member !== NULL && time() - $member_row['last_activity'] > 10) { //$GLOBALS['SITE_DB']->query_update('sessions',array('last_activity'=>time(),'the_zone'=>get_zone_name(),'the_page'=>get_page_name()),array('the_session'=>$session),'',1); Done in get_page_title now $SESSION_CACHE[$session]['last_activity'] = time(); if (get_value('session_prudence') !== '1') { persistant_cache_set('SESSION_CACHE', $SESSION_CACHE); } } global $SESSION_CONFIRMED; $SESSION_CONFIRMED = $member_row['session_confirmed']; if (get_forum_type() == 'ocf') { $GLOBALS['FORUM_DRIVER']->ocf_flood_control($member); } if (!is_guest($member) && $GLOBALS['FORUM_DRIVER']->is_banned($member)) { warn_exit(do_lang_tempcode('USER_BANNED')); } // Test this member still exists if ($GLOBALS['FORUM_DRIVER']->get_username($member) === NULL) { $member = $GLOBALS['FORUM_DRIVER']->get_guest_id(); } if (array_key_exists($base, $_COOKIE)) { global $IS_A_COOKIE_LOGIN; $IS_A_COOKIE_LOGIN = true; } } else { require_code('users_inactive_occasionals'); set_session_id(-1); } } if ($member === NULL && get_session_id() == -1 && get_param_integer('keep_force_htaccess', 0) == 0) { // Try by cookie (will defer to forum driver to authorise against detected cookie) require_code('users_inactive_occasionals'); $member = try_cookie_login(); // Can forum driver help more directly? if (method_exists($GLOBALS['FORUM_DRIVER'], 'get_member')) { $member = $GLOBALS['FORUM_DRIVER']->get_member(); } } // Try via additional login providers. They can choose whether to respect existing $member of get_session_id() settings. Some may do an account linkage, so we need to let them decide what to do. $hooks = find_all_hooks('systems', 'login_providers'); foreach (array_keys($hooks) as $hook) { require_code('hooks/systems/login_providers/' . $hook); $ob = object_factory('Hook_login_provider_' . $hook); $member = $ob->try_login($member); } // Guest or banned if ($member === NULL) { $member = $GLOBALS['FORUM_DRIVER']->get_guest_id(); $is_guest = true; } else { $is_guest = is_guest($member); } // If we are doing a very quick init, bomb out now - no need to establish session etc global $SITE_INFO; if ($quick_only) { $GETTING_MEMBER = false; return $member; } // If one of the try_* functions hasn't actually created the session, call it here $session = get_session_id(); if ($session == -1) { require_code('users_inactive_occasionals'); create_session($member); } // If we are logged in, maybe do some further processing if (!$is_guest) { // Is there a su operation? $ks = get_param('keep_su', ''); if ($ks != '') { require_code('users_inactive_occasionals'); $member = try_su_login($member); } // Run hooks, if any exist $hooks = find_all_hooks('systems', 'upon_login'); foreach (array_keys($hooks) as $hook) { require_code('hooks/systems/upon_login/' . filter_naughty($hook)); $ob = object_factory('upon_login' . filter_naughty($hook), true); if ($ob === NULL) { continue; } $ob->run(false, NULL, $member); // false means "not a new login attempt" } } // Ok we have our answer $MEMBER_CACHED = $member; $GETTING_MEMBER = false; // We call this to ensure any HTTP-auth specific code has a chance to run is_httpauth_login(); return $member; }
/** * Finish step. * * @return tempcode The result of execution. */ function finish() { $title = get_page_title('_PURCHASE_FINISHED'); breadcrumb_set_parents(array(array('_SELF:catalogues:misc:ecommerce=1', do_lang_tempcode('CATALOGUES')), array('_SELF:_SELF:misc', do_lang_tempcode('SHOPPING')))); $message = get_param('message', NULL, true); // TODO: Assumption, needs to really go through the payment gateway API if (get_param_integer('cancel', 0) == 0) { //Empty cart. $where = array(); if (is_guest()) { $where['session_id'] = get_session_id(); } else { $where['ordered_by'] = get_member(); } $GLOBALS['SITE_DB']->query_delete('shopping_cart', $where); log_cart_actions('Completed payment'); if (perform_local_payment()) { $trans_id = post_param('trans_id'); $transaction_rows = $GLOBALS['SITE_DB']->query_select('trans_expecting', array('*'), array('id' => $trans_id), '', 1); if (!array_key_exists(0, $transaction_rows)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $transaction_row = $transaction_rows[0]; $amount = $transaction_row['e_amount']; $length = $transaction_row['e_length']; $length_units = $transaction_row['e_length_units']; $via = get_option('payment_gateway'); require_code('hooks/systems/ecommerce_via/' . filter_naughty_harsh($via)); $object = object_factory('Hook_' . $via); $name = post_param('name'); $card_number = post_param('card_number'); $expiry_date = str_replace('/', '', post_param('expiry_date')); $issue_number = post_param_integer('issue_number', NULL); $start_date = str_replace('/', '', post_param('start_date')); $card_type = post_param('card_type'); $cv2 = post_param('cv2'); list($success, , $message, $message_raw) = $object->do_transaction($trans_id, $name, $card_number, $amount, $expiry_date, $issue_number, $start_date, $card_type, $cv2, $length, $length_units); if ($success || !is_null($length)) { $status = !is_null($length) && !$success ? 'SCancelled' : 'Completed'; handle_confirmed_transaction($transaction_row['e_purchase_id'], $transaction_row['e_item_name'], $status, $message_raw, '', '', $amount, get_option('currency'), $trans_id, '', $via, is_null($length) ? '' : strtolower(strval($length) . ' ' . $length_units)); } if ($success) { $member_id = $transaction_row['e_member_id']; require_code('notifications'); dispatch_notification('payment_received', NULL, do_lang('PAYMENT_RECEIVED_SUBJECT', $trans_id), do_lang('PAYMENT_RECEIVED_BODY', float_format(floatval($amount)), get_option('currency'), get_site_name()), array($member_id), A_FROM_SYSTEM_PRIVILEGED); } } attach_message(do_lang_tempcode('SUCCESS'), 'inform'); if (count($_POST) != 0) { $order_id = handle_transaction_script(); $object = find_product(do_lang('CART-ORDER', $order_id)); if (method_exists($object, 'get_finish_url')) { return redirect_screen($title, $object->get_finish_url(), $message); } } return $this->wrap(do_template('PURCHASE_WIZARD_STAGE_FINISH', array('TITLE' => $title, 'MESSAGE' => $message)), $title, NULL); } if (!is_null($message)) { return $this->wrap(do_template('PURCHASE_WIZARD_STAGE_FINISH', array('TITLE' => $title, 'MESSAGE' => $message)), $title, NULL); } warn_exit(do_lang_tempcode('PRODUCT_PURCHASE_CANCEL')); return new ocp_tempcode(); // Will never get here }
/** * Add order - (order coming from purchase module) * * @param AUTO_LINK Product id * @param array Product details * @return AUTO_LINK order id */ function add_purchase_order($product, $product_det) { require_lang('shopping'); if (get_option('allow_opting_out_of_tax') == '1' && post_param_integer('tax_opted_out', 0) == 1) { $tax_opted_out = 1; } else { $tax_opted_out = 0; } if (method_exists($this, 'calculate_tax') && $tax_opted_out == 0) { $tax_percentage = array_key_exists(0, $product_det[3]) ? $product_det[3][0] : 0; $tax = round($this->calculate_tax($product_det[1], $tax_percentage), 2); } else { $tax = 0.0; } $order_id = $GLOBALS['SITE_DB']->query_insert('shopping_order', array('c_member' => get_member(), 'session_id' => get_session_id(), 'add_date' => time(), 'tot_price' => $product_det[1], 'order_status' => 'ORDER_STATUS_awaiting_payment', 'notes' => '', 'purchase_through' => 'purchase_module', 'transaction_id' => '', 'tax_opted_out' => $tax_opted_out), true); $GLOBALS['SITE_DB']->query_insert('shopping_order_details', array('p_id' => $product, 'p_name' => $product_det[4], 'p_code' => $product_det[0], 'p_type' => 'catalogue_items', 'p_quantity' => 1, 'p_price' => $product_det[1], 'order_id' => $order_id, 'dispatch_status' => '', 'included_tax' => $tax)); return $order_id; }
/** * Find whether the current user is invisible. * * @return boolean Whether the current user is invisible */ function is_invisible() { global $SESSION_CACHE; $s = get_session_id(); foreach ($SESSION_CACHE as $row) { if (!array_key_exists('the_user', $row)) { continue; } // Workaround to HipHop PHP weird bug if ($row['the_session'] == $s && $row['session_invisible'] == 1) { return true; } } return false; }
function init_session() { // get_session_id will generated sid and set a cookie, if needed get_session_id(); }
/** * Farm out the files for downloads. */ function dload_script() { // Closed site $site_closed = get_option('site_closed'); if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) { header('Content-Type: text/plain'); @exit(get_option('closed')); } global $SITE_INFO; if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') { if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') { warn_exit(do_lang_tempcode('LEECH_BLOCK')); } } require_lang('downloads'); $id = get_param_integer('id', 0); // Lookup $rows = $GLOBALS['SITE_DB']->query_select('download_downloads', array('*'), array('id' => $id), '', 1); if (!array_key_exists(0, $rows)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $myrow = $rows[0]; // Permission if (!has_category_access(get_member(), 'downloads', strval($myrow['category_id']))) { access_denied('CATEGORY_ACCESS'); } // Cost? $got_before = $GLOBALS['SITE_DB']->query_value_null_ok('download_logging', 'the_user', array('the_user' => get_member(), 'id' => $id)); if (addon_installed('points')) { if ($myrow['download_cost'] > 0) { require_code('points2'); $member = get_member(); if (is_guest($member)) { access_denied('NOT_AS_GUEST'); } // Check they haven't downloaded this before (they only get charged once - maybe they are resuming) if (is_null($got_before)) { $cost = $myrow['download_cost']; $member = get_member(); if (is_guest($member)) { access_denied('NOT_AS_GUEST'); } $dif = $cost - available_points($member); if ($dif > 0 && !has_specific_permission(get_member(), 'have_negative_gift_points')) { warn_exit(do_lang_tempcode('LACKING_POINTS', integer_format($dif))); } require_code('points2'); charge_member($member, $cost, do_lang('DOWNLOADED_THIS', get_translated_text($myrow['name']))); if ($myrow['download_submitter_gets_points'] == 1) { system_gift_transfer(do_lang('THEY_DOWNLOADED_THIS', get_translated_text($myrow['name'])), $cost, $myrow['submitter']); } } } } // Filename $full = $myrow['url']; $breakdown = @pathinfo($full) or warn_exit(do_lang_tempcode('HTTP_DOWNLOAD_NO_SERVER', $full)); // $filename=$breakdown['basename']; if (!array_key_exists('extension', $breakdown)) { $extension = ''; } else { $extension = strtolower($breakdown['extension']); } if (url_is_local($full)) { $_full = get_custom_file_base() . '/' . rawurldecode($full); } else { $_full = rawurldecode($full); } // Is it non-local? If so, redirect if (!url_is_local($full) || !file_exists(get_file_base() . '/' . rawurldecode(filter_naughty($full)))) { if (url_is_local($full)) { $full = get_custom_base_url() . '/' . $full; } if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } header('Location: ' . $full); log_download($id, 0, !is_null($got_before)); // Bandwidth used is 0 for an external download return; } // Some basic security: don't fopen php files if ($extension == 'php') { log_hack_attack_and_exit('PHP_DOWNLOAD_INNOCENT', integer_format($id)); } // Size, bandwidth, logging $size = filesize($_full); if (is_null($got_before)) { $bandwidth = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT SUM(file_size) AS answer FROM ' . get_table_prefix() . 'download_logging l LEFT JOIN ' . get_table_prefix() . 'download_downloads d ON l.id=d.id WHERE date_and_time>' . strval(time() - 24 * 60 * 60 * 32)); if ($bandwidth + floatval($size) > floatval(get_option('maximum_download')) * 1024 * 1024 * 1024 && !has_specific_permission(get_member(), 'bypass_bandwidth_restriction')) { warn_exit(do_lang_tempcode('TOO_MUCH_DOWNLOAD')); } require_code('files2'); check_shared_bandwidth_usage($size); } log_download($id, $size, !is_null($got_before)); // Send header if (strpos($myrow['original_filename'], chr(10)) !== false || strpos($myrow['original_filename'], chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } header('Content-Type: application/octet-stream' . '; authoritative=true;'); if (get_option('immediate_downloads') == '1') { require_code('mime_types'); header('Content-Type: ' . get_mime_type(get_file_extension($myrow['original_filename'])) . '; authoritative=true;'); header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"'); } else { if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) { header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"'); } else { header('Content-Disposition: attachment; filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"'); } } header('Accept-Ranges: bytes'); // Caching header("Pragma: private"); header("Cache-Control: private"); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT'); $time = is_null($myrow['edit_date']) ? $myrow['add_date'] : $myrow['edit_date']; $time = max($time, filemtime($_full)); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $time) . ' GMT'); // Default to no resume $from = 0; $new_length = $size; @ini_set('zlib.output_compression', 'Off'); // They're trying to resume (so update our range) $httprange = ocp_srv('HTTP_RANGE'); if (strlen($httprange) > 0) { $_range = explode('=', ocp_srv('HTTP_RANGE')); if (count($_range) == 2) { if (strpos($_range[0], '-') === false) { $_range = array_reverse($_range); } $range = $_range[0]; if (substr($range, 0, 1) == '-') { $range = strval($size - intval(substr($range, 1)) - 1) . $range; } if (substr($range, -1, 1) == '-') { $range .= strval($size - 1); } $bits = explode('-', $range); if (count($bits) == 2) { list($from, $to) = array_map('intval', $bits); if ($to - $from != 0 || $from == 0) { $new_length = $to - $from + 1; header('HTTP/1.1 206 Partial Content'); header('Content-Range: bytes ' . $range . '/' . strval($size)); } else { $from = 0; } } } } header('Content-Length: ' . strval($new_length)); if (function_exists('set_time_limit')) { @set_time_limit(0); } error_reporting(0); // Send actual data $myfile = fopen($_full, 'rb'); fseek($myfile, $from); $i = 0; flush(); // Works around weird PHP bug that sends data before headers, on some PHP versions while ($i < $new_length) { $content = fread($myfile, min($new_length - $i, 1048576)); echo $content; $len = strlen($content); if ($len == 0) { break; } $i += $len; } fclose($myfile); /* Security note... at the download adding/editing stage, we ensured that only files accessible to the web server (in raw form) could end up in our database. Therefore we did not check here that our file was accessible in raw form. */ }
/** * Make a subscription (payment) button. * * @param ID_TEXT The product codename. * @param SHORT_TEXT The human-readable product title. * @param ID_TEXT The purchase ID. * @param float A transaction amount. * @param integer The subscription length in the units. * @param ID_TEXT The length units. * @set d w m y * @param ID_TEXT The currency to use. * @return tempcode The button */ function make_subscription_button($product, $item_name, $purchase_id, $amount, $length, $length_units, $currency) { $username = $this->_get_username(); $ipn_url = $this->get_ipn_url(); $trans_id = $this->generate_trans_id(); $digest = md5($trans_id . float_to_raw_string($amount) . get_option('ipn_password')); list($length_units_2, $first_repeat) = $this->_translate_subscription_details($length, $length_units); $GLOBALS['SITE_DB']->query_insert('trans_expecting', array('id' => $trans_id, 'e_purchase_id' => $purchase_id, 'e_item_name' => $item_name, 'e_member_id' => get_member(), 'e_amount' => float_to_raw_string($amount), 'e_ip_address' => get_ip_address(), 'e_session_id' => get_session_id(), 'e_time' => time(), 'e_length' => $length, 'e_length_units' => $length_units)); return do_template('ECOM_SUBSCRIPTION_BUTTON_VIA_SECPAY', array('_GUID' => 'e5e6d6835ee6da1a6cf02ff8c2476aa6', 'PRODUCT' => $product, 'DIGEST' => $digest, 'TEST' => ecommerce_test_mode(), 'TRANS_ID' => $trans_id, 'FIRST_REPEAT' => $first_repeat, 'LENGTH' => strval($length), 'LENGTH_UNITS_2' => $length_units_2, 'ITEM_NAME' => $item_name, 'PURCHASE_ID' => strval($purchase_id), 'AMOUNT' => float_to_raw_string($amount), 'CURRENCY' => $currency, 'USERNAME' => $username, 'IPN_URL' => $ipn_url)); }
/** * Log statistics for the page view. * * @param string The string to the page file * @param integer The time taken for page loading in milliseconds */ function log_stats($string, $pg_time) { if (!addon_installed('stats')) { return; } if (get_option('site_closed') == '1' && get_option('no_stats_when_closed', true) === '1') { return; } if (get_option('super_logging') == '1' || get_param('track', NULL) !== NULL) { $get = substr(flatten_slashed_array($_GET), 0, 255); $post2 = $_POST; unset($post2['password']); unset($post2['password_confirm']); unset($post2['decrypt']); $post = flatten_slashed_array($post2); } else { $get = ''; $post = ''; } $page = $string; $ip = get_ip_address(); $member = get_member(); if (is_guest($member)) { $member = -get_session_id(); } $time = time(); $referer = substr(ocp_srv('HTTP_REFERER'), 0, 255); $browser = substr(get_browser_string(), 0, 255); $os = substr(get_os_string(), 0, 255); if ($os === NULL) { $os = ''; } if (get_option('no_bot_stats', true) === '1' && (strpos(strtolower($browser), 'http:') !== false || strpos(strtolower($browser), 'bot') !== false || get_bot_type() !== NULL)) { return; } $GLOBALS['SITE_DB']->query_insert('stats', array('access_denied_counter' => 0, 'browser' => $browser, 'operating_system' => $os, 'the_page' => $page, 'ip' => $ip, 'the_user' => $member, 'date_and_time' => $time, 'referer' => $referer, 'get' => $get, 'post' => $post, 'milliseconds' => intval($pg_time * 1000)), false, true); if (mt_rand(0, 1000) == 1) { $GLOBALS['SITE_DB']->query('DELETE FROM ' . get_table_prefix() . 'stats WHERE date_and_time<' . strval(time() - 60 * 60 * 24 * intval(get_option('stats_store_time')))); } global $SITE_INFO; if (isset($SITE_INFO['throttle_bandwidth_views_per_meg'])) { set_value('page_views', strval(intval(get_value('page_views')) + 1)); } }
/** * Checks a CAPTCHA. * * @param string CAPTCHA entered. * @param boolean Whether to possibly regenerate upon error. * @return boolean Whether it is valid for the current session. */ function check_captcha($code_entered, $regenerate_on_error = true) { if (use_captcha()) { $_code_needed = $GLOBALS['SITE_DB']->query_value_null_ok('security_images', 'si_code', array('si_session_id' => get_session_id())); if (get_value('captcha_single_guess') === '1') { if (!running_script('snippet')) { $GLOBALS['SITE_DB']->query_delete('security_images', array('si_session_id' => get_session_id())); // Only allowed to check once } } if (is_null($_code_needed)) { if (get_value('captcha_single_guess') === '1') { generate_captcha(); } $GLOBALS['HTTP_STATUS_CODE'] = '500'; if (!headers_sent()) { if (function_exists('browser_matches')) { if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 500 Internal server error'); } } } warn_exit(do_lang_tempcode('NO_SESSION_SECURITY_CODE')); } if (strlen(strval($_code_needed)) > 6) { $__code_needed = str_pad(strval($_code_needed), 12, '0', STR_PAD_LEFT); $code_needed = ''; for ($i = 0; $i < strlen($__code_needed); $i += 2) { $code_needed .= chr(intval(substr($__code_needed, $i, 2))); } } else { $code_needed = str_pad(strval($_code_needed), 6, '0', STR_PAD_LEFT); } $ret = strtolower($code_needed) == strtolower($code_entered); if ($regenerate_on_error) { if (get_value('captcha_single_guess') === '1') { if (!$ret) { generate_captcha(); } } } return $ret; } return true; }
/** * Set the session ID of the user. * * @param integer The session ID * @param boolean Whether this is a guest session (guest sessions will use persistent cookies) */ function set_session_id($id, $guest_session = false) { // Save cookie $timeout = $guest_session ? time() + 60 * 60 * max(1, intval(get_option('session_expiry_time'))) : NULL; $test = @setcookie('ocp_session', strval($id), $timeout, get_cookie_path()); // Set a session cookie with our session ID. We only use sessions for secure browser-session login... the database and url's do the rest $_COOKIE['ocp_session'] = strval($id); // So we remember for this page view // If we really have to, store in URL if ((!has_cookies() || !$test) && is_null(get_bot_type())) { $_GET['keep_session'] = strval($id); } if ($id != get_session_id()) { decache('side_users_online'); } }
/** * Get the tempcode for a page title. (Ones below the page header, not in the browser title bar.) * * @param mixed The title to use (usually, a language string code, see below) * @param boolean Whether the given title is actually a language string code, and hence gets dereferenced * @param ?array Parameters sent to the language string (NULL: none) * @param ?tempcode Separate title to put into the 'currently viewing' data (NULL: use $title) * @param ?array Awards to say this has won (NULL: none) * @return tempcode The title tempcode */ function get_page_title($title, $dereference_lang = true, $params = NULL, $user_online_title = NULL, $awards = NULL) { global $TITLE_CALLED; $TITLE_CALLED = true; global $SKIP_TITLING; if ($SKIP_TITLING) { return new ocp_tempcode(); } if ($dereference_lang && strpos($title, ' ') !== false) { $dereference_lang = false; } if ($params === NULL) { $params = array(); } $our_help_term = ''; $our_help_url = ''; if ($dereference_lang) { $our_help_term = $title; $_title = do_lang_tempcode($title, array_key_exists(0, $params) ? $params[0] : NULL, array_key_exists(1, $params) ? $params[1] : NULL, array_key_exists(2, $params) ? $params[2] : NULL); } else { $_title = is_object($title) ? $title : make_string_tempcode($title); } if (function_exists('get_session_id')) { $GLOBALS['SITE_DB']->query_update('sessions', array('the_title' => is_null($user_online_title) ? substr($_title->evaluate(), 0, 255) : $user_online_title->evaluate(), 'the_zone' => get_zone_name(), 'the_page' => substr(get_page_name(), 0, 80), 'the_type' => substr(get_param('type', '', true), 0, 80), 'last_activity' => time(), 'the_id' => substr(get_param('id', '', true), 0, 80)), array('the_session' => get_session_id()), '', 1, NULL, false, true); } global $DISPLAYED_TITLE; $DISPLAYED_TITLE = $_title; if ($our_help_url != '') { global $HELP_URL; $HELP_URL = $our_help_url . '#' . $our_help_term; } if ($awards === NULL) { $awards = array(); } return do_template('SCREEN_TITLE', array('_GUID' => '847ffbe4823eca6d2d5eac42828ee552', 'AWARDS' => $awards, 'TITLE' => $_title, 'HELP_URL' => $our_help_url, 'HELP_TERM' => $our_help_term)); }
/** * Standard modular run function. * * @param array A map of parameters. * @return tempcode The result of execution. */ function run($map) { unset($map); require_css('side_blocks'); $member = get_member(); $forum = get_forum_type(); $content = new ocp_tempcode(); $links = new ocp_tempcode(); if (!is_guest()) { // Admins can jump user $has_su = get_option('ocp_show_su') == '1' && has_specific_permission(get_member(), 'assume_any_member'); $staff_actions = new ocp_tempcode(); $username = $GLOBALS['FORUM_DRIVER']->get_username(get_member()); if ($forum != 'none') { if (!has_no_forum() && get_option('forum_show_personal_stats_posts') == '1') { // Post count $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE', array('_GUID' => '371dfee46e8c40b1b109e0350055f8cc', 'KEY' => do_lang_tempcode('COUNT_POSTSCOUNT'), 'VALUE' => integer_format($GLOBALS['FORUM_DRIVER']->get_post_count($member))))); } if (!has_no_forum() && get_option('forum_show_personal_stats_topics') == '1') { // Topic count $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE', array('KEY' => do_lang_tempcode('COUNT_TOPICSCOUNT'), 'VALUE' => integer_format($GLOBALS['FORUM_DRIVER']->get_topic_count($member))))); } // Member profile view link if (get_option('ocf_show_profile_link') == '1') { $url = $GLOBALS['FORUM_DRIVER']->member_profile_url($member, true, true); $links->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINK', array('_GUID' => '2c8648c953c802a9de41c3adeef0e97f', 'NAME' => do_lang_tempcode('MY_PROFILE'), 'URL' => $url, 'REL' => 'me'))); } } // Point count and point profile link if (addon_installed('points')) { require_lang('points'); require_code('points'); if (get_option('points_show_personal_stats_points_left') == '1') { $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE', array('_GUID' => '6241e58e30457576735f3a2618fd7fff', 'KEY' => do_lang_tempcode('COUNT_POINTS_LEFT'), 'VALUE' => integer_format(available_points($member))))); } if (get_option('points_show_personal_stats_points_used') == '1') { $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE', array('_GUID' => '6241e58edfdsf735f3a2618fd7fff', 'KEY' => do_lang_tempcode('COUNT_POINTS_USED'), 'VALUE' => integer_format(points_used($member))))); } if (get_option('points_show_personal_stats_total_points') == '1') { $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE', array('_GUID' => '3e6183abf9054574c0cd292d25a4fe5c', 'KEY' => do_lang_tempcode('COUNT_POINTS_EVER'), 'VALUE' => integer_format(total_points($member))))); } if (get_option('points_show_personal_stats_gift_points_left') == '1') { $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE', array('_GUID' => '6241e5ssd45ddsdsdsa2618fd7fff', 'KEY' => do_lang_tempcode('COUNT_GIFT_POINTS_LEFT'), 'VALUE' => integer_format(get_gift_points_to_give($member))))); } if (get_option('points_show_personal_stats_gift_points_used') == '1') { $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE', array('_GUID' => '6241eddsd4sdddssdsa2618fd7fff', 'KEY' => do_lang_tempcode('COUNT_GIFT_POINTS_USED'), 'VALUE' => integer_format(get_gift_points_used($member))))); } } if (get_option('ocp_show_personal_usergroup') == '1') { $group_id = $GLOBALS['FORUM_DRIVER']->pname_group($GLOBALS['FORUM_DRIVER']->pget_row($username)); $usergroups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(); if (array_key_exists($group_id, $usergroups)) { if (get_forum_type() == 'ocf') { $group_url = build_url(array('page' => 'groups', 'type' => 'view', 'id' => $group_id), get_module_zone('groups')); $hyperlink = hyperlink($group_url, $usergroups[$group_id], false, true); $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE_COMPLEX', array('_GUID' => 'sas41eddsd4sdddssdsa2618fd7fff', 'KEY' => do_lang_tempcode('GROUP'), 'VALUE' => $hyperlink))); } else { $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE', array('_GUID' => '65180134fbc4cf7e227011463d466677', 'KEY' => do_lang_tempcode('GROUP'), 'VALUE' => $usergroups[$group_id]))); } } } if (get_option('ocp_show_personal_last_visit') == '1') { $row = $GLOBALS['FORUM_DRIVER']->pget_row($username); if (get_forum_type() == 'ocf') { $last_visit = intval(ocp_admirecookie('last_visit', strval($GLOBALS['FORUM_DRIVER']->pnamelast_visit($row)))); } else { $last_visit = $GLOBALS['FORUM_DRIVER']->pnamelast_visit($row); } $_last_visit = get_timezoned_date($last_visit, false); $content->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINE', array('_GUID' => 'sas41eddsdsdsdsdsa2618fd7fff', 'KEY' => do_lang_tempcode('LAST_HERE'), 'RAW_KEY' => strval($last_visit), 'VALUE' => $_last_visit))); } $avatar_url = ''; if (!has_no_forum()) { if (get_option('ocp_show_avatar') === '1') { $avatar_url = $GLOBALS['FORUM_DRIVER']->get_member_avatar_url($member); } } // Subscription links if (get_forum_type() == 'ocf' && addon_installed('ecommerce') && get_option('ocp_show_personal_sub_links') == '1' && !has_zone_access(get_member(), 'adminzone') && has_actual_page_access(get_member(), 'purchase')) { $usergroup_subs = $GLOBALS['FORUM_DB']->query_select('f_usergroup_subs', array('id', 's_title', 's_group_id', 's_cost'), array('s_enabled' => 1)); $in_one = false; $members_groups = $GLOBALS['FORUM_DRIVER']->get_members_groups($member); foreach ($usergroup_subs as $i => $sub) { $usergroup_subs[$i]['s_cost'] = floatval($sub['s_cost']); if (in_array($sub['s_group_id'], $members_groups)) { $in_one = true; break; } } if (!$in_one) { global $M_SORT_KEY; $M_SORT_KEY = 's_cost'; usort($usergroup_subs, 'multi_sort'); foreach ($usergroup_subs as $sub) { $url = build_url(array('page' => 'purchase', 'type' => 'message', 'product' => 'USERGROUP' . strval($sub['id'])), get_module_zone('purchase')); $links->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINK', array('NAME' => do_lang_tempcode('UPGRADE_TO', escape_html(get_translated_text($sub['s_title']))), 'URL' => $url))); } } } // Admin Zone link if (get_option('ocp_show_personal_adminzone_link') == '1' && has_zone_access(get_member(), 'adminzone')) { $url = build_url(array('page' => ''), 'adminzone'); $links->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINK', array('_GUID' => 'ae243058f780f9528016f7854763a5fa', 'ACCESSKEY' => 'I', 'NAME' => do_lang_tempcode('ADMIN_ZONE'), 'URL' => $url))); } // Conceded mode link if ($GLOBALS['SESSION_CONFIRMED'] == 1 && get_option('ocp_show_conceded_mode_link') == '1') { $url = build_url(array('page' => 'login', 'type' => 'concede', 'redirect' => get_page_name() == 'login' ? NULL : SELF_REDIRECT), get_module_zone('login')); $links->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINK_2', array('_GUID' => '81fa81cfd3130e42996bf72b0e03d8aa', 'POST' => true, 'NAME' => do_lang_tempcode('CONCEDED_MODE'), 'DESCRIPTION' => do_lang_tempcode('DESCRIPTION_CONCEDED_MODE'), 'URL' => $url))); } // Becomes-invisible link if (get_option('is_on_invisibility') == '1') { $visible = array_key_exists(get_session_id(), $GLOBALS['SESSION_CACHE']) && $GLOBALS['SESSION_CACHE'][get_session_id()]['session_invisible'] == 0; $url = build_url(array('page' => 'login', 'type' => 'invisible', 'redirect' => get_page_name() == 'login' ? NULL : SELF_REDIRECT), get_module_zone('login')); $links->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LINK_2', array('NAME' => do_lang_tempcode($visible ? 'INVISIBLE' : 'BE_VISIBLE'), 'DESCRIPTION' => '', 'URL' => $url))); } // Logout link $url = build_url(array('page' => 'login', 'type' => 'logout'), get_module_zone('login')); if (!is_httpauth_login()) { $links->attach(do_template('BLOCK_SIDE_PERSONAL_STATS_LOGOUT', array('_GUID' => 'd1caacba272a7ee3bf5b2a758e4e54ee', 'NAME' => do_lang_tempcode('LOGOUT'), 'URL' => $url))); } return do_template('BLOCK_SIDE_PERSONAL_STATS', array('_GUID' => '99f9bc3387102daaeeedf99843b0502e', 'AVATAR_URL' => $avatar_url, 'LINKS' => $links, 'HAS_SU' => $has_su, 'CONTENT' => $content, 'USERNAME' => $username, 'STAFF_ACTIONS' => $staff_actions)); } else { $title = do_lang_tempcode('NOT_LOGGED_IN'); if (get_page_name() != 'join' && get_page_name() != 'login') { if (count($_POST) > 0) { $_this_url = build_url(array('page' => ''), '', array('keep_session' => 1, 'redirect' => 1)); } else { $_this_url = build_url(array('page' => '_SELF'), '_SELF', array('keep_session' => 1, 'redirect' => 1), true); } } else { $_this_url = build_url(array('page' => ''), '', array('keep_session' => 1, 'redirect' => 1)); } $this_url = $_this_url->evaluate(); $login_url = build_url(array('page' => 'login', 'type' => 'login', 'redirect' => $this_url), get_module_zone('login')); $full_link = build_url(array('page' => 'login', 'type' => 'misc', 'redirect' => $this_url), get_module_zone('login')); $join_url = get_forum_type() != 'none' ? $GLOBALS['FORUM_DRIVER']->join_url() : ''; return do_template('BLOCK_SIDE_PERSONAL_STATS_NO', array('_GUID' => '32aade68b98dfd191f0f84c6648f7dde', 'TITLE' => $title, 'FULL_LINK' => $full_link, 'JOIN_LINK' => $join_url, 'LOGIN_URL' => $login_url)); } }
/** * Set a mapping, indicating completion of importing some kind of content. This mapping may be used later for importing related content that requires a remapped identifier. * * @param ID_TEXT An importation type code, from those ocPortal has defined * @param string The source (old, original) ID of the mapping * @param AUTO_LINK The destination (new) ID of the mapping */ function import_id_remap_put($type, $id_old, $id_new) { $GLOBALS['SITE_DB']->query_insert('import_id_remap', array('id_session' => get_session_id(), 'id_type' => $type, 'id_old' => $id_old, 'id_new' => $id_new)); }
/** * Handle hooks supported bot commands. Note multiple bots may support the same commands, and all respond. It is recommended all bots support the command 'help'. * * @param AUTO_LINK The ID of the chat room * @param string The command used. This is just the chat message, so you can encode and recognise your own parameter scheme if you like. * @return ?string Bot reply (NULL: bot does not handle the command) */ function handle_commands($room_id, $string) { require_code('developer_tools'); destrictify(); if ($string == '((SHAKE))') { return NULL; } if (file_exists(get_custom_file_base() . '/sources_custom/programe')) { if (get_value('octavius_installed') !== '1') { disable_php_memory_limit(); if (function_exists('set_time_limit')) { @set_time_limit(600); } $GLOBALS['SITE_DB']->query("DROP TABLE bot", NULL, NULL, true); $GLOBALS['SITE_DB']->query("DROP TABLE bots", NULL, NULL, true); $GLOBALS['SITE_DB']->query("DROP TABLE conversationlog", NULL, NULL, true); $GLOBALS['SITE_DB']->query("DROP TABLE dstore", NULL, NULL, true); $GLOBALS['SITE_DB']->query("DROP TABLE gmcache", NULL, NULL, true); $GLOBALS['SITE_DB']->query("DROP TABLE gossip", NULL, NULL, true); $GLOBALS['SITE_DB']->query("DROP TABLE patterns", NULL, NULL, true); $GLOBALS['SITE_DB']->query("DROP TABLE templates", NULL, NULL, true); $GLOBALS['SITE_DB']->query("DROP TABLE thatindex", NULL, NULL, true); $GLOBALS['SITE_DB']->query("DROP TABLE thatstack", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE bot (\n\t\t\t\t id int(11) NOT NULL auto_increment,\n\t\t\t\t bot tinyint(4) NOT NULL default '0',\n\t\t\t\t name varchar(255) NOT NULL default '',\n\t\t\t\t value text NOT NULL,\n\t\t\t\t PRIMARY KEY (id),\n\t\t\t\t KEY botname (bot,name)\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE bots (\n\t\t\t\t id tinyint(3) unsigned NOT NULL auto_increment,\n\t\t\t\t botname varchar(255) NOT NULL default '',\n\t\t\t\t PRIMARY KEY (botname),\n\t\t\t\t KEY id (id)\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE conversationlog (\n\t\t\t\t bot tinyint(3) unsigned NOT NULL default '0',\n\t\t\t\t id int(11) NOT NULL auto_increment,\n\t\t\t\t input text,\n\t\t\t\t response text,\n\t\t\t\t uid varchar(255) default NULL,\n\t\t\t\t enteredtime timestamp(14) NOT NULL,\n\t\t\t\t PRIMARY KEY (id),\n\t\t\t\t KEY botid (bot)\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE dstore (\n\t\t\t\t uid varchar(255) default NULL,\n\t\t\t\t name text,\n\t\t\t\t value text,\n\t\t\t\t enteredtime timestamp(14) NOT NULL,\n\t\t\t\t id int(11) NOT NULL auto_increment,\n\t\t\t\t PRIMARY KEY (id),\n\t\t\t\t KEY nameidx (name(40))\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE gmcache (\n\t\t\t\t id int(11) NOT NULL auto_increment,\n\t\t\t\t bot tinyint(3) unsigned NOT NULL default '0',\n\t\t\t\t template int(11) NOT NULL default '0',\n\t\t\t\t inputstarvals text,\n\t\t\t\t thatstarvals text,\n\t\t\t\t topicstarvals text,\n\t\t\t\t patternmatched text,\n\t\t\t\t inputmatched text,\n\t\t\t\t combined text NOT NULL,\n\t\t\t\t PRIMARY KEY (id),\n\t\t\t\t KEY combined (bot,combined(255))\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE gossip (\n\t\t\t\t bot tinyint(3) unsigned NOT NULL default '0',\n\t\t\t\t gossip text,\n\t\t\t\t id int(11) NOT NULL auto_increment,\n\t\t\t\t PRIMARY KEY (id),\n\t\t\t\t KEY botidx (bot)\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE patterns (\n\t\t\t\t bot tinyint(3) unsigned NOT NULL default '0',\n\t\t\t\t id int(11) NOT NULL auto_increment,\n\t\t\t\t word varchar(255) default NULL,\n\t\t\t\t ordera tinyint(4) NOT NULL default '0',\n\t\t\t\t parent int(11) NOT NULL default '0',\n\t\t\t\t isend tinyint(4) NOT NULL default '0',\n\t\t\t\t PRIMARY KEY (id),\n\t\t\t\t KEY wordparent (parent,word),\n\t\t\t\t KEY botid (bot)\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE templates (\n\t\t\t\t bot tinyint(3) unsigned NOT NULL default '0',\n\t\t\t\t id int(11) NOT NULL default '0',\n\t\t\t\t template text NOT NULL,\n\t\t\t\t pattern varchar(255) default NULL,\n\t\t\t\t that varchar(255) default NULL,\n\t\t\t\t topic varchar(255) default NULL,\n\t\t\t\t PRIMARY KEY (id),\n\t\t\t\t KEY bot (id)\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE thatindex (\n\t\t\t\t uid varchar(255) default NULL,\n\t\t\t\t enteredtime timestamp(14) NOT NULL,\n\t\t\t\t id int(11) NOT NULL auto_increment,\n\t\t\t\t PRIMARY KEY (id)\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $GLOBALS['SITE_DB']->query("CREATE TABLE thatstack (\n\t\t\t\t thatid int(11) NOT NULL default '0',\n\t\t\t\t id int(11) NOT NULL auto_increment,\n\t\t\t\t value varchar(255) default NULL,\n\t\t\t\t enteredtime timestamp(14) NOT NULL,\n\t\t\t\t PRIMARY KEY (id)\n\t\t\t\t) TYPE=MyISAM", NULL, NULL, true); $fp = ""; $templatesinserted = 0; $depth = array(); $whaton = ""; $pattern = ""; $topic = ""; $that = ""; $template = ""; $startupwhich = ""; $splitterarray = array(); $inputarray = array(); $genderarray = array(); $personarray = array(); $person2array = array(); require_code('programe/botloaderfuncs'); loadstartup(); makesubscode(); set_value('octavius_installed', '1'); } require_code('programe/respond'); $response = replybotname(str_replace('?', '.', $string), get_session_id(), 'octavius'); restrictify(); if (is_null($response) || $response->response == '') { return NULL; } return '[html]' . $response->response . '[/html]'; } // Eliza... // setup initial variables and values $kwarray = array(); $vararray = array(); $resparray = array(); $priarray = array(); $wordarray = array(); $kwcount = 0; $varcount = 0; $respcount = 0; $syncount = 0; mt_srand((double) microtime() * 1000000); // load knowledge file $lines_array = file(get_custom_file_base() . "/sources_custom/hooks/modules/chat_bots/knowledge.txt"); $count = count($lines_array); // This for loop goes through the entire knowledge file and places // the elements into arrays. This later allows us to pull the information // (ie. key words, variances on the keywords, and responses) out of the // arrays. for ($x = 0; $x < $count; $x++) { $lines_array[$x] = trim($lines_array[$x]); $lines_array[$x] = ereg_replace("[\\]", "", $lines_array[$x]); if (strstr($lines_array[$x], "key:")) { eregi("key: (.*)", $lines_array[$x], $kw); $kwarray[$kwcount] = strtoupper($kw[1]); $currentkw = $kwcount; $kwcount++; $varcount = 0; // reset varcount to null $respcount = 0; // reset respcount to null $pricount = 0; // reset pricount to null } else { if (strstr($lines_array[$x], "var:")) { eregi("var: (.*)", $lines_array[$x], $variance); $vararray[$currentkw][$varcount] = strtoupper($variance[1]); $varcurrent = $varcount; $varcount++; $respcount = 0; } else { if (strstr($lines_array[$x], "pri:")) { eregi("pri: (.*)", $lines_array[$x], $priority); $priarray[$currentkw] = $priority[1]; } else { if (strstr($lines_array[$x], "resp:")) { eregi("resp: (.*)", $lines_array[$x], $response); $resparray[$currentkw][$varcurrent][$respcount] = $response[1]; $respcount++; } else { if (strstr($lines_array[$x], "syn:")) { eregi("syn: (.*)", $lines_array[$x], $synonym); $synonymarray[$syncount] = strtoupper($synonym[1]); $syncount++; } else { if (strstr($lines_array[$x], "goto:")) { eregi("goto: (.*)", $lines_array[$x], $goto); $goto = strtoupper($goto[1]); // find the keyword for ($zcount = 0; $zcount < count($kwarray); $zcount++) { // if the keyword already exists if (eregi($goto, $kwarray[$zcount])) { // then we assign properties of the keyword $vararray[$currentkw][0] = $kwarray[$currentkw]; $resparray[$currentkw] = $resparray[$zcount]; } } } } } } } } } $y = 0; $z = 0; $v = 0; $bestpriority = -2; $originalstring = $string; if (!$string) { $string = "hello"; } $string = strtoupper($string); // Figures out what word in the string has the most priority. // It can then check words to the left/right of this word depending // upon settings in the knowledge.txt file. while ($y < count($kwarray)) { // remove beginning and trailing white space, breaks, etc $string = trim($string); // remove puncuation from string $string = ereg_replace('[!?,.]', '', $string); // split the string up into seperate words $wordarray = explode(" ", $string); while ($v < count($wordarray)) { if (eregi($wordarray[$v] . "\$", $kwarray[$y])) { // find which word holds the most weight in the sentance if ($bestpriority == -2) { $bestpriority = $y; } else { if ($priarray[$bestpriority] < $priarray[$y]) { $bestpriority = $y; } } } $v++; } $v = 0; $y++; } // find the variance with the most matching words $vcount = 0; while ($vcount < count($vararray[$bestpriority])) { if (strstr($vararray[$bestpriority][$vcount], "@")) { eregi("@(.*)", $vararray[$bestpriority][$vcount], $syn); // fix this $syn = $syn[1]; for ($x = 0; $x < count($synonymarray); $x++) { if (eregi($syn, strtoupper($synonymarray[$x]))) { $sarray = explode(" ", $synonymarray[$x]); for ($f = 0; $f < count($sarray); $f++) { $newstring = ereg_replace("@(.*)\$", $sarray[$f], $vararray[$bestpriority][$vcount]); // works to this point if (eregi($newstring . "\$", $string)) { $varray = explode(" ", $vararray[$bestpriority][$vcount]); if (count($varray) > $pvarray) { $bestvariance = $vcount; $pvarray = count($varray); } } } } } } else { if (ereg($vararray[$bestpriority][$vcount], $string)) { $varray = explode(" ", $vararray[$bestpriority][$vcount]); if (count($varray) > $pvarray) { $bestvariance = $vcount; $pvarray = count($varray); } } } $vcount++; } // Using the bestpriority (aka the keyword (key:) with the most weight in the sentence) // and the bestvariance (aka, the variance (var:) phrase that most fits the context of // the original sentence, we form a response. if (count($resparray[$bestpriority][$bestvariance]) > 1) { $random = mt_rand(0, count($resparray[$bestpriority][$bestvariance]) - 1); } else { $random = 0; } $response = $resparray[$bestpriority][$bestvariance][$random]; if ($response == "") { $response = "Sorry, I don't understand what you're trying to say."; } $originalstring = ereg_replace("[\\]", "", $originalstring); restrictify(); return $response; }
/** * The actualiser for toggling invisible mode. * * @return tempcode The UI. */ function invisible() { if (get_option('is_on_invisibility') == '1') { $visible = array_key_exists(get_session_id(), $GLOBALS['SESSION_CACHE']) && $GLOBALS['SESSION_CACHE'][get_session_id()]['session_invisible'] == 0; } else { $visible = false; // Small fudge: always say thay are not visible now, so this will make them visible -- because they don't have permission to be invisible } $title = get_page_title($visible ? 'INVISIBLE' : 'BE_VISIBLE'); $GLOBALS['SITE_DB']->query_update('sessions', array('session_invisible' => $visible ? 1 : 0), array('the_user' => get_member(), 'the_session' => get_session_id()), '', 1); global $SESSION_CACHE; if ($SESSION_CACHE[get_session_id()]['the_user'] == get_member()) { $SESSION_CACHE[get_session_id()]['session_invisible'] = $visible ? 1 : 0; if (get_value('session_prudence') !== '1') { persistant_cache_set('SESSION_CACHE', $SESSION_CACHE); } } decache('side_users_online'); // Store in cookie, if we have login cookies around if (array_key_exists(get_member_cookie(), $_COOKIE)) { require_code('users_active_actions'); ocp_setcookie(get_member_cookie() . '_invisible', strval($visible ? 1 : 0)); $_COOKIE[get_member_cookie() . '_invisible'] = strval($visible ? 1 : 0); } $url = get_param('redirect', NULL); if (is_null($url)) { $_url = build_url(array('page' => ''), ''); $url = $_url->evaluate(); } return redirect_screen($title, $url, do_lang_tempcode('SUCCESS')); }
/** * The actualiser to do an import. * * @return tempcode The UI */ function do_import() { $refresh_url = get_self_url(true, false, array('type' => 'import'), true); $refresh_time = either_param_integer('refresh_time', 15); // Shouldn't default, but reported on some systems to do so if (function_exists('set_time_limit')) { @set_time_limit($refresh_time); } header('Content-type: text/html; charset=' . get_charset()); @ini_set('log_errors', '0'); global $I_REFRESH_URL; $I_REFRESH_URL = $refresh_url; require_code('database_action'); $title = get_page_title('IMPORT'); $importer = get_param('importer'); require_code('hooks/modules/admin_import/' . filter_naughty_harsh($importer)); $object = object_factory('Hook_' . filter_naughty_harsh($importer)); // Get data $old_base_dir = either_param('old_base_dir'); if (method_exists($object, 'verify_base_path') && !$object->verify_base_path($old_base_dir)) { warn_exit(do_lang_tempcode('BAD_IMPORT_PATH', escape_html($old_base_dir))); } if (method_exists($object, 'probe_db_access')) { list($db_name, $db_user, $db_password, $db_table_prefix) = $object->probe_db_access(either_param('old_base_dir')); } else { $db_name = either_param('db_name'); $db_user = either_param('db_user'); $db_password = either_param('db_password'); $db_table_prefix = either_param('db_table_prefix'); } if ($db_name == get_db_site() && $importer == 'ocp_merge' && $db_table_prefix == $GLOBALS['SITE_DB']->get_table_prefix()) { warn_exit(do_lang_tempcode('IMPORT_SELF_NO')); } $import_source = is_null($db_name) ? NULL : new database_driver($db_name, get_db_site_host(), $db_user, $db_password, $db_table_prefix); // Some preliminary tests $happy = get_param_integer('happy', 0); if (method_exists($object, 'pre_import_tests') && $happy == 0) { $ui = $object->pre_import_tests($import_source, $db_table_prefix, $old_base_dir); if (!is_null($ui)) { return $ui; } } // Save data $GLOBALS['SITE_DB']->query_delete('import_session', array('imp_session' => get_session_id()), '', 1); $GLOBALS['SITE_DB']->query_insert('import_session', array('imp_hook' => '', 'imp_old_base_dir' => $old_base_dir, 'imp_db_name' => is_null($db_name) ? '' : $db_name, 'imp_db_user' => is_null($db_user) ? '' : $db_user, 'imp_db_table_prefix' => is_null($db_table_prefix) ? '' : $db_table_prefix, 'imp_refresh_time' => $refresh_time, 'imp_session' => get_session_id())); $info = $object->info(); $_import_list = $info['import']; $out = new ocp_tempcode(); $parts_done = collapse_2d_complexity('imp_id', 'imp_session', $GLOBALS['SITE_DB']->query_select('import_parts_done', array('imp_id', 'imp_session'), array('imp_session' => get_session_id()))); $import_last = '-1'; if (get_forum_type() != 'ocf') { require_code('forum/ocf'); $GLOBALS['OCF_DRIVER'] = new forum_driver_ocf(); $GLOBALS['OCF_DRIVER']->connection = $GLOBALS['SITE_DB']; $GLOBALS['OCF_DRIVER']->MEMBER_ROWS_CACHED = array(); } $_import_list[] = 'ocf_switch'; $all_skipped = true; $lang_array = array(); $hooks = find_all_hooks('modules', 'admin_import_types'); foreach (array_keys($hooks) as $hook) { require_code('hooks/modules/admin_import_types/' . filter_naughty_harsh($hook)); $_hook = object_factory('Hook_admin_import_types_' . filter_naughty_harsh($hook)); $lang_array += $_hook->run(); } foreach ($_import_list as $import) { $import_this = either_param_integer('import_' . $import, 0); if ($import_this == 1) { $dependency = NULL; if (array_key_exists('dependencies', $info) && array_key_exists($import, $info['dependencies'])) { foreach ($info['dependencies'][$import] as $_dependency) { if (!array_key_exists($_dependency, $parts_done) && isset($lang_array[$_dependency])) { $dependency = $_dependency; } } } if (is_null($dependency)) { if ($import == 'ocf_switch') { $out->attach($this->ocf_switch()); } else { $function_name = 'import_' . $import; ocf_over_local(); $func_output = call_user_func_array(array($object, $function_name), array($import_source, $db_table_prefix, $old_base_dir)); if (!is_null($func_output)) { $out->attach($func_output); } ocf_over_msn(); } $parts_done[$import] = get_session_id(); $import_last = $import; $all_skipped = false; $GLOBALS['SITE_DB']->query_delete('import_parts_done', array('imp_id' => $import, 'imp_session' => get_session_id()), '', 1); $GLOBALS['SITE_DB']->query_insert('import_parts_done', array('imp_id' => $import, 'imp_session' => get_session_id())); } else { $out->attach(do_template('IMPORT_MESSAGE', array('_GUID' => 'b2a853f5fb93beada51a3eb8fbd1575f', 'MESSAGE' => do_lang_tempcode('IMPORT_OF_SKIPPED', escape_html($import), escape_html($dependency))))); } } } if (!$all_skipped) { $lang_code = 'SUCCESS'; if (count($GLOBALS['ATTACHED_MESSAGES_RAW']) != 0) { $lang_code = 'SOME_ERRORS_OCCURRED'; } $out->attach(do_template('IMPORT_MESSAGE', array('_GUID' => '4c4860d021814ffd1df6e21e712c7b44', 'MESSAGE' => do_lang_tempcode($lang_code)))); } log_it('IMPORT'); // Quick and simple decacheing. No need to be smart about this. delete_value('ocf_member_count'); delete_value('ocf_topic_count'); delete_value('ocf_post_count'); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('IMPORT')), array('_SELF:_SELF:session', do_lang_tempcode('IMPORT_SESSION')), array('_SELF:_SELF:hook:importer=' . $importer . ':session=' . get_param('session'), do_lang_tempcode('IMPORT')))); breadcrumb_set_self(do_lang_tempcode('START')); $back_url = build_url(array('page' => '_SELF', 'type' => 'hook', 'importer' => get_param('importer'), 'just' => $import_last), '_SELF'); $_GET['just'] = $import_last; return $this->choose_actions($out); }
/** * Standard import function. * * @param object The DB connection to import from * @param string The table prefix the target prefix is using * @param PATH The base directory we are importing from */ function import_ocf_groups($db, $table_prefix, $file_base) { $globals = array(); require $file_base . '/universal.php'; //avatar dementions are set in av_width and av_height values from aef_registry db table $rows = $db->query('SELECT * FROM ' . $table_prefix . 'registry WHERE ' . db_string_equal_to('name', 'av_width') . ' OR ' . db_string_equal_to('name', 'av_height') . ' OR ' . db_string_equal_to('name', 'usersiglen')); $INFO = array(); foreach ($rows as $row) { $key = $row['name']; $val = $row['regval']; $INFO[$key] = $val; } $rows = $db->query('SELECT * FROM ' . $table_prefix . 'user_groups WHERE post_count=-1 ORDER BY member_group'); foreach ($rows as $row) { if (import_check_if_imported('group', strval($row['member_group']))) { continue; } $is_super_admin = $row['mem_gr_name'] == 'Administrator' ? 1 : 0; $is_super_moderator = $row['mem_gr_name'] == 'Universal Moderator' ? 1 : 0; $id_new = $GLOBALS['FORUM_DB']->query_value_null_ok('f_groups g LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'translate t ON g.g_name=t.id WHERE ' . db_string_equal_to('text_original', $row['mem_gr_name']), 'g.id'); if (is_null($id_new)) { $id_new = ocf_make_group($row['mem_gr_name'], 0, $is_super_admin, $is_super_moderator, '', '', NULL, NULL, NULL, 5, 0, 5, 5, $INFO['av_width'], $INFO['av_height'], 30000, $INFO['usersiglen']); } // privileges set_specific_permission($id_new, 'comcode_dangerous', true); $check_id_exists = $GLOBALS['FORUM_DB']->query_value_null_ok('import_id_remap WHERE id_old=' . strval($row['member_group']) . ' AND id_type=\'group\' AND id_session=' . strval(get_session_id()), 'id_old'); if (is_null($check_id_exists)) { import_id_remap_put('group', strval($row['member_group']), $id_new); } } }
/** * Show the image of an attachment/thumbnail. */ function attachments_script() { // Closed site $site_closed = get_option('site_closed'); if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) { header('Content-Type: text/plain'); @exit(get_option('closed')); } $id = get_param_integer('id', 0); $connection = $GLOBALS[get_param_integer('forum_db', 0) == 1 ? 'FORUM_DB' : 'SITE_DB']; $has_no_restricts = !is_null($connection->query_value_null_ok('attachment_refs', 'id', array('r_referer_type' => 'null', 'a_id' => $id))); if (!$has_no_restricts) { global $SITE_INFO; if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') { if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') { warn_exit(do_lang_tempcode('LEECH_BLOCK')); } } } require_lang('comcode'); // Lookup $rows = $connection->query_select('attachments', array('*'), array('id' => $id), 'ORDER BY a_add_time DESC'); if (!array_key_exists(0, $rows)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $myrow = $rows[0]; header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', $myrow['a_add_time'])); if ($myrow['a_url'] == '') { warn_exit(do_lang_tempcode('INTERNAL_ERROR')); } if (!$has_no_restricts) { // Permission if (substr($myrow['a_url'], 0, 20) == 'uploads/attachments/') { if (!has_attachment_access(get_member(), $id, $connection)) { access_denied('ATTACHMENT_ACCESS'); } } } $thumb = get_param_integer('thumb', 0); if ($thumb == 1) { $full = $myrow['a_thumb_url']; require_code('images'); $myrow['a_thumb_url'] = ensure_thumbnail($myrow['a_url'], $myrow['a_thumb_url'], 'attachments', 'attachments', intval($myrow['id']), 'a_thumb_url'); } else { $full = $myrow['a_url']; if (get_param_integer('no_count', 0) == 0) { // Update download count if (ocp_srv('HTTP_RANGE') == '') { $connection->query_update('attachments', array('a_num_downloads' => $myrow['a_num_downloads'] + 1, 'a_last_downloaded_time' => time()), array('id' => $id), '', 1, NULL, false, true); } } } // Is it non-local? If so, redirect if (!url_is_local($full)) { if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } header('Location: ' . $full); return; } // $breakdown=pathinfo($full); // $filename=$breakdown['basename']; $_full = get_custom_file_base() . '/' . rawurldecode($full); if (!file_exists($_full)) { warn_exit(do_lang_tempcode('_MISSING_RESOURCE', 'url:' . escape_html($full))); } // File is missing, we can't do anything $size = filesize($_full); $original_filename = $myrow['a_original_filename']; $extension = get_file_extension($original_filename); require_code('files2'); check_shared_bandwidth_usage($size); require_code('mime_types'); $mime_type = get_mime_type($extension); /*$myfile2=fopen('test','wb'); fwrite($myfile2,var_export($_SERVER,true)); fwrite($myfile2,var_export($_ENV,true)); fclose($myfile2);*/ // Send header if (strpos($original_filename, chr(10)) !== false || strpos($original_filename, chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } header('Content-Type: ' . $mime_type . '; authoritative=true;'); if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) { header('Content-Disposition: filename="' . $original_filename . '"'); } else { header('Content-Disposition: inline; filename="' . $original_filename . '"'); } header('Accept-Ranges: bytes'); // Caching header("Pragma: private"); header("Cache-Control: private"); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $myrow['a_add_time']) . ' GMT'); // Default to no resume $from = 0; $new_length = $size; @ini_set('zlib.output_compression', 'Off'); // They're trying to resume (so update our range) $httprange = ocp_srv('HTTP_RANGE'); if (strlen($httprange) > 0) { $_range = explode('=', ocp_srv('HTTP_RANGE')); if (count($_range) == 2) { if (strpos($_range[0], '-') === false) { $_range = array_reverse($_range); } $range = $_range[0]; if (substr($range, 0, 1) == '-') { $range = strval($size - intval(substr($range, 1)) - 1) . $range; } if (substr($range, -1, 1) == '-') { $range .= strval($size - 1); } $bits = explode('-', $range); if (count($bits) == 2) { list($from, $to) = array_map('intval', $bits); if ($to - $from != 0 || $from == 0) { $new_length = $to - $from + 1; header('HTTP/1.1 206 Partial Content'); header('Content-Range: bytes ' . $range . '/' . strval($size)); } else { $from = 0; } } } } header('Content-Length: ' . strval($new_length)); if (function_exists('set_time_limit')) { @set_time_limit(0); } error_reporting(0); if ($from == 0) { $GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'values SET the_value=(the_value+' . strval((int) $size) . ') WHERE the_name=\'download_bandwidth\'', 1); } @ini_set('ocproducts.xss_detect', '0'); // Send actual data $myfile = fopen($_full, 'rb'); fseek($myfile, $from); $i = 0; flush(); // Works around weird PHP bug that sends data before headers, on some PHP versions while ($i < $new_length) { $content = fread($myfile, min($new_length - $i, 1048576)); echo $content; $len = strlen($content); if ($len == 0) { break; } $i += $len; } fclose($myfile); }
/** * Find current order id * * @return AUTO_LINK Order id */ function get_current_order_id() { $where = array(); if (is_guest()) { $where['session_id'] = get_session_id(); } else { $where['c_member'] = get_member(); } $row = $GLOBALS['SITE_DB']->query_select('shopping_order', array('id'), $where, 'ORDER BY add_date DESC', 1); if (!array_key_exists(0, $row)) { return 0; } else { return $row[0]['id']; } }
function login() { if (!empty($GLOBALS['__SESSION']["s_user"])) { if (!activate_user($GLOBALS['__SESSION']["s_user"], $GLOBALS['__SESSION']["s_pass"])) { logout(); } } else { if (isset($GLOBALS['__POST']["p_pass"])) { $p_pass = $GLOBALS['__POST']["p_pass"]; } else { $p_pass = ""; } if (isset($GLOBALS['__POST']["p_user"])) { // Check Login if (!activate_user(stripslashes($GLOBALS['__POST']["p_user"]), extEncodePassword(stripslashes($p_pass)))) { ext_Result::sendResult('login', false, ext_Lang::msg('actlogin_failure')); } ext_Result::sendResult('login', true, ext_Lang::msg('actlogin_success')); } else { session_write_close(); session_id(get_session_id()); session_start(); // Ask for Login $GLOBALS['mainframe']->setPageTitle(ext_Lang::msg('actlogin')); $GLOBALS['mainframe']->addcustomheadtag(' <script type="text/javascript" src="' . _EXT_URL . '/fetchscript.php?' . '&subdir[0]=scripts/extjs/&file[0]=yui-utilities.js' . '&subdir[1]=scripts/extjs/&file[1]=ext-yui-adapter.js' . '&subdir[2]=scripts/extjs/&file[2]=ext-all.js&gzip=1"></script> <script type="text/javascript" src="' . $GLOBALS['script_name'] . '?option=com_extplorer&action=include_javascript&file=functions.js"></script> <link rel="stylesheet" href="' . _EXT_URL . '/fetchscript.php?subdir[0]=scripts/extjs/css/&file[0]=ext-all.css&subdir[1]=scripts/extjs/css/&file[1]=xtheme-aero.css&gzip=1" />'); $langs = get_languages(); ?> <div id="formContainer"> <?php show_footer(); ?> <div class="x-box-tl"><div class="x-box-tr"><div class="x-box-tc"></div></div></div> <div class="x-box-ml"><div class="x-box-mr"><div class="x-box-mc"> <h3 style="margin-bottom:5px;"><?php echo ext_Lang::msg('actlogin'); ?> </h3> <div id="adminForm"> </div><div class="ext_statusbar" id="statusBar"></div> </div></div></div> <div class="x-box-bl"><div class="x-box-br"><div class="x-box-bc"></div></div></div> </div> <script type="text/javascript"> var languages = new Ext.data.SimpleStore({ fields: ['language', 'langname'], data : [ <?php $i = 0; $c = count($langs); foreach ($langs as $language => $name) { echo "['{$language}', '{$name}' ]"; if (++$i < $c) { echo ','; } } ?> ] }); var simple = new Ext.form.Form({ labelWidth: 125, // label settings here cascade unless overridden url:'<?php echo basename($GLOBALS['script_name']); ?> ' }); simple.add( new Ext.form.TextField({ fieldLabel: '<?php echo ext_Lang::msg('miscusername', true); ?> ', name: 'p_user', width:175, allowBlank:false }), new Ext.form.TextField({ fieldLabel: '<?php echo ext_Lang::msg('miscpassword', true); ?> ', name: 'p_pass', inputType: 'password', width:175, allowBlank:false }), new Ext.form.ComboBox({ fieldLabel: '<?php echo ext_Lang::msg('misclang', true); ?> ', store: languages, displayField:'langname', valueField: 'language', value: '<?php echo ext_Lang::detect_lang(); ?> ', hiddenName: 'lang', disableKeyFilter: true, editable: false, triggerAction: 'all', mode: 'local', allowBlank: false, selectOnFocus:true }) ); simple.addButton({text: '<?php echo ext_Lang::msg('btnlogin', true); ?> ', type: 'submit'}, function() { Ext.get( 'statusBar').update( 'Please wait...' ); simple.submit({ //reset: true, reset: false, success: function(form, action) { Ext.get( 'statusBar').update( action.result.message ); location.href = '<?php echo basename($GLOBALS['script_name']); ?> ?extplorer'; }, failure: function(form, action) { if( !action.result ) return; Ext.MessageBox.alert('Error!', action.result.error); Ext.get( 'statusBar').update( action.result.error ); simple.findField( 'p_pass').setValue(''); simple.findField( 'p_user').focus(); }, scope: simple, // add some vars to the request, similar to hidden fields params: {option: 'com_extplorer', action: 'login' } }) }); simple.addButton('<?php echo ext_Lang::msg('btnreset', true); ?> ', function() { simple.reset(); } ); simple.render('adminForm'); Ext.get( 'formContainer').center(); Ext.get( 'formContainer').setTop(100); simple.findField('p_user').focus(); </script><?php define('_LOGIN_REQUIRED', 1); } } }
/** * Make a subscription (payment) button. * * @param ID_TEXT The product codename. * @param SHORT_TEXT The human-readable product title. * @param AUTO_LINK The purchase ID. * @param float A transaction amount. * @param integer The subscription length in the units. * @param ID_TEXT The length units. * @set d w m y * @param ID_TEXT The currency to use. * @return tempcode The button */ function make_subscription_button($product, $item_name, $purchase_id, $amount, $length, $length_units, $currency) { $username = $this->_get_username(); $ipn_url = $this->get_ipn_url(); $trans_id = $this->generate_trans_id(); $length_units_2 = '1'; $first_repeat = time(); switch ($length_units) { case 'd': $length_units_2 = '1'; $first_repeat = 60 * 60 * 24 * $length; break; case 'w': $length_units_2 = '2'; $first_repeat = 60 * 60 * 24 * 7 * $length; break; case 'm': $length_units_2 = '3'; $first_repeat = 60 * 60 * 24 * 31 * $length; break; case 'y': $length_units_2 = '4'; $first_repeat = 60 * 60 * 24 * 365 * $length; break; } $digest = md5(get_option('ipn_digest') . ':' . $trans_id . ':' . float_to_raw_string($amount) . ':' . $currency . $length_units_2 . strval($length)); $GLOBALS['SITE_DB']->query_insert('trans_expecting', array('id' => $trans_id, 'e_purchase_id' => $purchase_id, 'e_item_name' => $item_name, 'e_member_id' => get_member(), 'e_amount' => float_to_raw_string($amount), 'e_ip_address' => get_ip_address(), 'e_session_id' => get_session_id(), 'e_time' => time(), 'e_length' => NULL, 'e_length_units' => '')); return do_template('ECOM_SUBSCRIPTION_BUTTON_VIA_WORLDPAY', array('_GUID' => '1f88716137762a467edbf5fbb980c6fe', 'PRODUCT' => $product, 'DIGEST' => $digest, 'TEST' => ecommerce_test_mode(), 'LENGTH' => strval($length), 'LENGTH_UNITS_2' => $length_units_2, 'ITEM_NAME' => $item_name, 'PURCHASE_ID' => strval($trans_id), 'AMOUNT' => float_to_raw_string($amount), 'FIRST_REPEAT' => date('Y-m-d', $first_repeat), 'CURRENCY' => $currency, 'USERNAME' => $username, 'IPN_URL' => $ipn_url)); }
/** * Script to handle iframe. */ function iframe_script() { $zone = get_param('zone'); $page = get_param('page'); $zones = $GLOBALS['SITE_DB']->query_select('zones', array('*'), array('zone_name' => $zone), '', 1); if (!array_key_exists(0, $zones)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } if ($zones[0]['zone_require_session'] == 1) { header('X-Frame-Options: SAMEORIGIN'); } // Clickjacking protection if ($zones[0]['zone_name'] != '' && get_option('windows_auth_is_enabled', true) != '1' && (get_session_id() == -1 || $GLOBALS['SESSION_CONFIRMED'] == 0) && !is_guest() && $zones[0]['zone_require_session'] == 1) { access_denied('ZONE_ACCESS_SESSION'); } if (!has_actual_page_access(get_member(), $page, $zone)) { access_denied('ZONE_ACCESS'); } // Closed site $site_closed = get_option('site_closed'); if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) { header('Content-Type: text/plain'); @exit(get_option('closed')); } global $EXTRA_HEAD; if (!isset($EXTRA_HEAD)) { $EXTRA_HEAD = new ocp_tempcode(); } $EXTRA_HEAD->attach('<meta name="robots" content="noindex" />'); // XHTMLXHTML $output = request_page($page, true); global $ATTACHED_MESSAGES; $output->handle_symbol_preprocessing(); $tpl = do_template('STYLED_HTML_WRAP', array('TITLE' => is_null($GLOBALS['DISPLAYED_TITLE']) ? do_lang_tempcode('NA') : $GLOBALS['DISPLAYED_TITLE'], 'EXTRA_HEAD' => $GLOBALS['EXTRA_HEAD'], 'EXTRA_FOOT' => $GLOBALS['EXTRA_FOOT'], 'MESSAGE_TOP' => $ATTACHED_MESSAGES, 'FRAME' => true, 'TARGET' => '_top', 'CONTENT' => $output)); $tpl->handle_symbol_preprocessing(); $tpl->evaluate_echo(); }
function login() { global $auth, $authentication_type; if (!is_object($auth)) { return false; } if (!empty($GLOBALS['__POST']['username']) || !empty($_SESSION['credentials_' . $authentication_type])) { if (!empty($GLOBALS['__POST']['username'])) { $username = $GLOBALS['__POST']['username']; $password = $GLOBALS['__POST']['password']; } else { $username = $_SESSION['credentials_' . $authentication_type]['username']; $password = $_SESSION['credentials_' . $authentication_type]['password']; } $res = $auth->onAuthenticate(array('username' => $username, 'password' => $password)); if (!PEAR::isError($res) && $res !== false) { if (@$GLOBALS['__POST']['action'] == 'login' && ext_isXHR()) { session_write_close(); ext_Result::sendResult('login', true, ext_Lang::msg('actlogin_success')); } return true; } else { if ($authentication_type == 'extplorer') { // Second attempt to authenticate, since we've switched password hashing algorithm // now we fall back to md5 hashing. $password = md5((string) $GLOBALS['__POST']['password']); $res = $auth->onAuthenticate(array('username' => $username, 'password' => $password)); if (!PEAR::isError($res) && $res !== false) { if (@$GLOBALS['__POST']['action'] == 'login' && ext_isXHR()) { session_write_close(); ext_Result::sendResult('login', true, ext_Lang::msg('actlogin_success')); } return true; } } if (ext_isXHR()) { $errmsg = PEAR::isError($res) ? $res->getMessage() : ext_Lang::msg('actlogin_failure'); ext_Result::sendResult('login', false, $errmsg); } return false; } } if (ext_isXHR() && $GLOBALS['action'] != 'login') { echo '<script type="text/javascript>document.location="' . _EXT_URL . '/index.php";</script>'; exit; } session_write_close(); session_id(get_session_id()); session_start(); // Ask for Login $GLOBALS['mainframe']->setPageTitle(ext_Lang::msg('actlogin')); $GLOBALS['mainframe']->addcustomheadtag(' <script type="text/javascript" src="scripts/extjs3/adapter/ext/ext-base.js"></script> <script type="text/javascript" src="scripts/extjs3/ext-all.js"></script> <script type="text/javascript" src="' . $GLOBALS['script_name'] . '?option=com_extplorer&action=include_javascript&file=functions.js"></script> <link rel="stylesheet" href="' . _EXT_URL . '/scripts/extjs3/resources/css/ext-all.css" /> <link rel="stylesheet" href="scripts/extjs3/resources/css/xtheme-blue.css" />'); ?> <div style="width: 400px;" id="formContainer"> <div id="ext_logo" style="text-align:center;"> <a href="http://extplorer.net" target="_blank"> <img src="<?php echo _EXT_URL; ?> /images/eXtplorer-horizontal2.png" align="middle" alt="eXtplorer Logo" style="border:none;" /> </a> </div> <noscript> <div style="width:400px;text-align:center;"> <h1>eXtplorer Login</h1> <p style="color:red;">Oh, Javascript is disabled!</p> <p>Find out <a target="_blank" href="https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=12654">how you can enable Javascript in your browser.</a> </p> </div> </noscript> <div id="adminForm"></div> </div> <script type="text/javascript"> Ext.onReady( function() { var simple = new Ext.FormPanel(<?php $auth->onShowLoginForm(); ?> ); Ext.get( 'formContainer').center(); Ext.get( 'formContainer').setTop(100); simple.getForm().findField('username').focus(); Ext.EventManager.onWindowResize( function() { Ext.get( 'formContainer').center();Ext.get( 'formContainer').setTop(100); } ); }); </script><?php define('_LOGIN_REQUIRED', 1); }
/** * Process a logout. */ function handle_active_logout() { // Kill cookie // $expire=time()-300; $member_cookie_name = get_member_cookie(); $colon_pos = strpos($member_cookie_name, ':'); if ($colon_pos !== false) { $base = substr($member_cookie_name, 0, $colon_pos); } else { $real_member_cookie = get_member_cookie(); $base = $real_member_cookie; } ocp_eatcookie($base); unset($_COOKIE[$base]); // Kill session $session = get_session_id(); if ($session != -1) { delete_session($session); } }