function doExec($title, $file, $args) { echo $title . "\n"; $ext = pathinfo($file, PATHINFO_EXTENSION); $cmd = ''; switch (strtolower($ext)) { case 'php': $cmd = PHP_BIN . ' -f ' . escapeshellarg($file) . ' --'; break; default: $cmd = escapeshellarg($file); } foreach ($args as $k => $v) { if (is_null($v)) { if (is_string($k)) { $cmd .= ' ' . $k; } } else { if (is_string($k)) { $cmd .= ' ' . $k . '=' . escapeshellarg($v); } else { $cmd .= ' ' . escapeshellarg($v); } } } $desc = array(1 => array("pipe", "w"), 2 => array("pipe", "w")); $opts = array('binary_pipes' => true, 'bypass_shell' => true); $pipes = array(); if (false === ($handle = proc_open($cmd, $desc, $pipes, null, null, $opts))) { doError('Can`t execute \'' . $cmd . '\' command'); } if (1) { while (!feof($pipes[1])) { fputs(STDOUT, fgets($pipes[1])); } } else { stream_copy_to_stream($pipes[1], STDOUT); } $stderr = trim(stream_get_contents($pipes[2])); fclose($pipes[1]); fclose($pipes[2]); $errorcode = proc_close($handle); if ($errorcode) { doError("\n\nCommand '" . $cmd . '\' exit with code = ' . $errorcode . ', error = \'' . $stderr . '\''); } echo "OK.\n"; }
function PluginAdmin($pluginName) { global $manager; include_once $DIR_LIBS . 'ADMIN.php'; $this->strFullName = 'NP_' . $pluginName; // check if plugin exists and is installed if (!$manager->pluginInstalled($this->strFullName)) { doError(_ERROR_INVALID_PLUGIN); } $this->plugin =& $manager->getPlugin($this->strFullName); $this->bValid = $this->plugin; if (!$this->bValid) { doError(_ERROR_INVALID_PLUGIN); } $this->admin = new ADMIN(); $this->admin->action = 'plugin_' . $pluginName; }
break; case "vote-skip-action": doOutput(getVoteSkipAction(), "vote-skip-action"); break; case "upload-file": doUploadFile(); break; case "download-file": doOutput(doDownloadFilelist(), "download-file"); break; case "download-file-do": if (!isset($_GET["id"])) { doError("No id specified"); } doDownloadFileDo($_GET["id"]); break; case "download-playlist": if (!isset($_GET["name"])) { doError("No name specified"); } doDownloadPlaylistDo($_GET["name"]); break; case "remove-my-vote": if (!isset($_GET["id"])) { doError("No id specified"); } doOutput(doRemoveMyVote($_SERVER['REMOTE_ADDR'], $_GET["id"]), "remove-my-vote"); break; default: doError("No valid action specified"); }
function _trackback($bid, $path) { $blog_id = intval($bid); $TrackBack = $this->pluginCheck('TrackBack'); if ($TrackBack) { if (substr($path, -5, 5) == '.html') { $linkObj = array('linkparam' => 'item', 'bid' => $blog_id, 'name' => $path); $item_id = $this->getRequestPathInfo($linkObj); if ($item_id) { $tb_id = intval($item_id); } else { doError(_NO_SUCH_URI); } } else { $tb_id = intval($path); } $errorMsg = $TrackBack->handlePing($tb_id); if ($errorMsg != '') { $TrackBack->xmlResponse($errorMsg); } else { $TrackBack->xmlResponse(); } } exit; }
<?php // if your 'plugin' directory is not in the default location, // edit this variable to point to your site directory // (where config.php is) $strRel = '../../../'; include $strRel . 'config.php'; if (!$member->isLoggedIn()) { doError('You\'re not logged in.'); } include $DIR_LIBS . 'PLUGINADMIN.php'; // create the admin area page $oPluginAdmin = new PluginAdmin('TinyMCE'); if (strpos($_GET['file'], '/') !== false) { exit; } $file = file_get_contents('inc/' . $_GET['file']); global $manager; $mce = $manager->getPlugin('NP_TinyMCE'); header('Content-Type: application/x-javascript'); $mce->parse($file);
} include_libs('PLUGINADMIN.php'); // some functions function SE_unlockLogin($login) { sql_query("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'"); } // checks // create the admin area page $oPluginAdmin = new PluginAdmin('SecurityEnforcer'); // add styles to the <HEAD> $oPluginAdmin->start(''); // if form to unlock is posted if (postVar('action') == 'unlock') { if (!$manager->checkTicket()) { doError('Invalid Ticket'); } $logins = postVar('unlock'); $message = ''; if (is_array($logins)) { foreach ($logins as $entity) { SE_unlockLogin($entity); $message .= '<br />' . $entity . _SECURITYENFORCER_ADMIN_UNLOCKED; } } } $plug =& $oPluginAdmin->plugin; // page title echo '<h2>' . _SECURITYENFORCER_ADMIN_TITLE . '</h2>'; // error output if ($message) {
); // Init the JSON parser $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); error_reporting(E_ALL); session_start(); // Show the shout history, if that's what the client wants. if (isset($_GET['history'])){ echo history(); exit; } // Exit if there are no POST variables if (!isset($_POST['reqType'])) doError('No reqType.'); if (isset($_SESSION['AdminLoggedIn'])) checkBanned(); $reqType = $_POST['reqType']; switch($reqType) { case 'init': initVars(); checkCookies(); checkBanned(); echo newShouts(true); break; case 'shout':
{ return file_put_contents(pathwrap($args['id']), $args['data']); } function apiList($args) { $d = dir(PATH); $res = '['; while (false !== ($entry = $d->read())) { if (preg_match('/^jqb_(' . VALID_PATTERN . ')\\.json$/', $entry, $match)) { $res .= '"' . $match[1] . '",'; } } if (strlen($res) > 2) { $res = substr($res, 0, strlen($res) - 1); } $res .= ']'; $d->close(); return $res; } $res = $restApi[$args['op']]($args); if ($res === false) { $error = true; } else { if (is_string($res)) { header('content-type: json; charset=utf-8'); echo $res; } } if ($error === true) { doError(); }
<?php # Author: Krzysztof Kowalczyk (krzysztofk@pobox.com) # # Script called from dl.php, just redirects the download # to the file if login/pwd/name of the product are valid require "../phpinc/settings.inc"; error_reporting(E_ALL); set_error_handler("errorHandler"); # make sure we got login, pwd, name variables verifyGetVarExists('login'); verifyGetVarExists('pwd'); verifyGetVarExists('name'); $login = stripQuotes(myUrlDecode(getGetVar('login'))); $pwd = stripQuotes(myUrlDecode(getGetVar('pwd'))); $productName = getGetVar(myUrlDecode('name')); if (!canDownloadProduct($login, $pwd, $productName)) { doError("Cannot download for login={$login}, pwd={$pwd}, product={$productName}\n"); } $fullPath = getProductFilePath($productName); $fileName = getProductFileName($productName); verifyFileExists($fullPath); updateDlCount($login, $pwd, $productName); // and finally return the file header("Content-Type: application/octet-stream\n"); header("Content-disposition: attachment; filename={$fileName}\n"); header("Content-transfer-encoding: binary\n"); header("Content-Length: " . filesize($fullPath) . "\n"); $fp = fopen($fullPath, "rb"); fpassthru($fp);
<?php require_once 'include_prepare.php'; require_once 'include_system.php'; if (sys_statusavailable() == 0) { doHeader(); doError($GLOBALS['language']['status']['nosupport'], $GLOBALS['language']['status']['nosupport_desc']); doFooter(); exit; } $system = sys_getinfoclass(); doHeader(); ?> <table class="box"> <tr> <td class="box-headline">>> <?php echo $GLOBALS['language']['status']['status']; ?> </td> </tr> <tr> <td> <table class="box" style="border-style: none;"> <tr><td colspan="5" class="box-subheadspace" style="line-height: 10px;"> </td></tr> <tr> <td colspan="2" class="box-subheadline" width="300"><?php echo $GLOBALS['language']['status']['system']; ?> </td> <td width="100"> </td> <td colspan="2" class="box-subheadline" width="300"><?php
function parseFile($filename, $includeMode = 'normal', $includePrefix = '') { $handler = new ACTIONS('fileparser'); $parser = new PARSER(SKIN::getAllowedActionsForType('fileparser'), $handler); $handler->parser =& $parser; // set IncludeMode properties of parser PARSER::setProperty('IncludeMode', $includeMode); PARSER::setProperty('IncludePrefix', $includePrefix); if (!file_exists($filename)) { doError(_GFUNCTIONS_PARSEFILE_FILEMISSING); } $fsize = filesize($filename); if ($fsize <= 0) { return; } // read file $fd = fopen($filename, 'r'); $contents = fread($fd, $fsize); fclose($fd); // parse file contents $parser->parse($contents); }
} if (isset($_POST["frm_password1"]) && isset($_POST["frm_password2"]) && strlen($_POST["frm_password2"]) != 0 && $_POST["frm_password1"] == $_POST["frm_password2"]) { $db->do_set_user_password($_GET["viewID"], $_POST["frm_password1"]); } $user_list = $db->get_userlist_by_id($_GET["viewID"]); if (count($user_list) == 0) { // User specified, but the user specified does not exist doError($GLOBALS['language']['userv']['user_error'], $GLOBALS['language']['userv']['user_no_such_user']); $sel_ok = false; } else { $res_data = $user_list[0]; $sel_ok = true; } } else { // No user was specified doError($GLOBALS['language']['userv']['user_error'], $GLOBALS['language']['userv']['user_no_user_specified']); $sel_ok = false; } if ($sel_ok == false) { doFooter(); exit; } if (isset($_GET["section"]) && $_GET["section"] == "delete" && isset($_GET["deletion_confirmed"]) && $_GET["deletion_confirmed"] == "1") { $db->do_delete_user($_GET["viewID"]); if ($config_deleteuser_command != '') { $params = '"' . $res_data["userid"] . '" "' . $res_data["uid"] . '" "' . $res_data["gid"] . '" "' . $res_data["homedir"] . '" "' . $res_data["det_mail"] . '"'; $cmd_output = shell_exec($config_deleteuser_command . ' ' . $params . ' 2>&1'); } ?> <table class="box"> <tr>
/** * Checks if an IP or IP range is banned */ function checkban($blogid) { // check if banned $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR')); if ($ban != 0) { doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3); } }
function getBrowseOftenPlayed() { $subFiles = array(); $stmt = $GLOBALS["db"]->prepare("SELECT files.id,filename,artist,title,length,size,COUNT(*) as count from playlog INNER JOIN files on(files.id=playlog.fileid) GROUP BY files.id ORDER BY count DESC LIMIT 100"); if ($stmt->execute()) { while ($row = $stmt->fetchObject()) { $subFiles[] = $row; } for ($i = 0; $i < count($subFiles); $i++) { $stmt = $GLOBALS["db"]->prepare("SELECT date FROM votes WHERE fileid =:fid AND ip=:ip ORDER BY date DESC LIMIT 1"); $dateLastVote = null; if ($stmt->execute(array(":fid" => $subFiles[$i]->id, ":ip" => $_SERVER['REMOTE_ADDR']))) { if ($row = $stmt->fetchObject()) { $dateLastVote = $row->date; } } $stmt = $GLOBALS["db"]->prepare("SELECT date FROM playlog WHERE fileid =:fid ORDER BY date DESC LIMIT 1"); $dateLastPlay = null; if ($stmt->execute(array(":fid" => $subFiles[$i]->id))) { if ($row = $stmt->fetchObject()) { $dateLastPlay = $row->date; } } if ($dateLastVote === null && $dateLastPlay === null) { $subFiles[$i]->alreadyVoted = false; } elseif ($dateLastVote === null && $dateLastPlay !== null) { $subFiles[$i]->alreadyVoted = false; } elseif ($dateLastVote !== null && $dateLastPlay === null) { $subFiles[$i]->alreadyVoted = true; } elseif ($dateLastVote !== null && $dateLastPlay !== null) { $subFiles[$i]->alreadyVoted = $dateLastVote > $dateLastPlay; } } } else { doError("getBrowseOftenPlayed (getSubFiles) db query failed"); } return ["files" => $subFiles]; }
function loadError($msg) { doError($msg); }
function verifyCartItems() { $cartItems = getPostVar('num_cart_items'); if ($cartItems < 1) { doError("num_cart_items should be >0 and is {$cartItems}\n"); } }
<?php /* * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) * Copyright (C) 2002-2011 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * (see nucleus/documentation/index.html#license for more info) */ /** * File containing actions that can be performed by visitors of the site, * like adding comments, etc... * @license http://nucleuscms.org/license.txt GNU General Public License * @copyright Copyright (C) 2002-2011 The Nucleus Group * @version $Id: action.php 1131 2011-02-01 06:19:31Z sakamocchi $ * $NucleusJP: action.php,v 1.8.2.1 2007/09/05 05:50:12 kimitake Exp $ */ $CONF = array(); require './config.php'; // common functions //include_once($DIR_LIBS . 'ACTION.php'); include_libs('ACTION.php', true, false); $action = requestVar('action'); $a =& new ACTION(); $errorInfo = $a->doAction($action); if ($errorInfo) { doError($errorInfo['message'], new SKIN($errorInfo['skinid'])); }
doHeader(); $sel_ok = false; $res_data = array(); if (isset($_GET["viewID"]) && strlen($_GET["viewID"]) != 0) { if (isset($_POST["frm_description"])) { $db->do_set_group($_GET["viewID"], $_POST["frm_description"]); } $group_list = $db->get_grouplist_by_id($_GET["viewID"]); if (count($group_list) == 0) { doError('User Error', 'A group ID was specified, but no group exists with that ID - select the user via the grouplist instead of accessing this file manually.'); } else { $res_data = $group_list[0]; $sel_ok = true; } } else { doError('User Error', 'No group ID was specified - select the group via the grouplist instead of accessing this file manually.'); $sel_ok = false; } if ($sel_ok == false) { doFooter(); exit; } if (isset($_GET["section"]) && $_GET["section"] == "delete" && isset($_GET["deletion_confirmed"]) && $_GET["deletion_confirmed"] == "1") { $db->do_delete_group($_GET["viewID"]); ?> <table class="box"> <tr> <td class="box-headline">>> Delete group</td> </tr> <tr> <td>