$company->setId($id);
if (!empty($company->info['member_id'])) {
$member->setId($company->info['member_id']);
}
$push_data['company'] = $company->info;
$push_data['member'] = $member->info;
if (!empty($company->info)) {
$pdb->Execute("REPLACE INTO {$tb_prefix}spacecaches (cache_spacename,company_id,data1,data2,expiration) VALUE ('" . $company->info['cache_spacename'] . "','" . $id . "','" . @serialize($push_data) . "',''," . ($time_stamp + $space_cache_cycle) . ")");
}
}
}
if (isset($company->info['status']) && $company->info['status'] === 0) {
header_sent(L('company_checking'));
exit;
} elseif (empty($company->info) || !$company->info) {
header_sent(L('data_not_exists'));
exit;
}
if (!empty($company->info['created'])) {
$time_tmp = $time_stamp - $company->info['created'];
$company->info['year_sep'] = $time_tmp = ceil($time_tmp / (3600 * 24 * 365));
}
if (empty($company->info['email'])) {
$company->info['email'] = $_PB_CACHE['setting']['service_email'];
}
if (empty($company->info['picture'])) {
$company->info['logo'] = $absolute_uri . pb_get_attachmenturl('', '', 'big');
} else {
$company->info['logo'] = $absolute_uri . $attachment_url . $company->info['picture'];
}
$pdb->setFetchMode(ADODB_FETCH_BOTH);
$msg .= "<br />" . L("db_conn_error_no", 'msg', $pdb->ErrorNo());
if (!file_exists(DATA_PATH . "install.lock")) {
$msg .= "<br /><a href='install/install.php'>" . L("please_reinstall_program", "msg") . "</a>";
}
header_sent($msg);
exit;
}
if ($dbcharset && mysql_get_server_info() > '4.1') {
$pdb->Execute("SET NAMES '{$dbcharset}'");
}
if (!file_exists(CACHE_PATH . "cache_setting.php")) {
require_once LIB_PATH . "cache.class.php";
$cache = new Caches();
if ($cache->cacheAll()) {
$msg .= "<a href='index.php'>" . L("cached_and_refresh") . "</a>";
header_sent($msg);
exit;
}
}
$cachelost = (include CACHE_PATH . 'cache_setting.php') ? '' : 'settings';
$phpb2b_auth_key = md5($_PB_CACHE['setting']['auth_key'] . pb_getenv('HTTP_USER_AGENT'));
$php_self = pb_getenv('PHP_SELF');
$base_script = basename($php_self);
list($basefilename) = explode('.', $base_script);
if ($headercharset) {
@header('Content-Type: text/html; charset=' . $charset);
}
//timezone
$time_offset = isset($_PB_CACHE['setting']['time_offset']) ? $_PB_CACHE['setting']['time_offset'] : 0;
$date_format = isset($_PB_CACHE['setting']['date_format']) ? $_PB_CACHE['setting']['date_format'] : "Y-m-d";
$time_now = array('time' => gmdate("{$date_format} H:i", $time_stamp + 3600 * $time_offset), 'offset' => $time_offset >= 0 ? $time_offset == 0 ? '' : '+' . $time_offset : $time_offset);
function pb_attack_filter($StrFiltKey, $StrFiltValue, $ArrFiltReq)
{
if (is_array($StrFiltValue)) {
$StrFiltValue = @implode(",", $StrFiltValue);
}
if (preg_match("/" . $ArrFiltReq . "/is", $StrFiltValue) == 1) {
echo $StrFiltValue;
header_sent("Warning : Illegal operation!");
exit;
}
}
public function init()
{
global $subdomain_support, $rewrite_able, $pdb, $time_stamp, $tb_prefix, $absolute_uri, $attachment_url, $G, $viewhelper;
//espcial done for multi arrTemplate
$this->loadModel("space");
$sections = 'space';
$this->view->configLoad('default.conf', $sections);
if (isset($_GET['userid'])) {
$this->userid = trim(htmlspecialchars($_GET['userid']));
}
if ($subdomain_support && $rewrite_able) {
$hosts = explode($subdomain_support, pb_getenv('HTTP_HOST'));
if ($hosts[0] != "www") {
// $this->userid = trim($hosts[0]);
}
}
$G['membergroup'] = cache_read("membergroup");
using("member", "company");
$member = new Members();
$company = new Companies();
$space_name = '';
if (empty($theme_name)) {
$theme_name = "default";
$style_name = isset($G['setting']['theme']) && !empty($G['setting']['theme']) ? $G['setting']['theme'] : "default";
$ADODB_CACHE_DIR = DATA_PATH . 'dbcache';
}
$this->view->assign("theme_img_path", "templates/" . $theme_name . "/");
$this->view->assign('ThemeName', $theme_name);
$cache_data = $push_data = array();
if (!empty($this->userid)) {
$userid = $this->userid;
$member->setInfoBySpaceName($this->userid);
if (!empty($member->info['id'])) {
$this->member_id = $member->info['id'];
$company->setInfoByMemberId($member->info['id']);
} else {
$company->setInfoBySpaceName($this->userid);
}
$push_data['company'] = $company->info;
$this->company_id = $company->info['id'];
$push_data['member'] = $member->info;
} elseif (!empty($_GET['id'])) {
$id = intval($_GET['id']);
$company->id = $this->company_id = $id;
$company->setInfoById($id);
if (!empty($company->info['member_id'])) {
$member->id = $this->member_id = $company->info['member_id'];
}
$push_data['company'] = $company->info;
$push_data['member'] = $member->info;
}
if (isset($company->info['status']) && $company->info['status'] === 0) {
header_sent(L('company_checking'));
exit;
} elseif (empty($company->info) || !$company->info) {
header_sent(L('data_not_exists'));
exit;
}
$cache_data = $pdb->GetRow("SELECT data2 AS style FROM {$tb_prefix}spacecaches WHERE company_id='" . $company->info['id'] . "'");
if (isset($cache_data['style'])) {
$skin_extra_style = $cache_data['style'];
}
if (!empty($company->info['created'])) {
$time_tmp = $time_stamp - $company->info['created'];
$company->info['year_sep'] = $time_tmp = ceil($time_tmp / (3600 * 24 * 365));
}
if (empty($company->info['email'])) {
$company->info['email'] = $G['setting']['service_email'];
}
if (empty($company->info['picture'])) {
$company->info['logo'] = $absolute_uri . pb_get_attachmenturl('', '', 'big');
} else {
$company->info['logo'] = $absolute_uri . $attachment_url . $company->info['picture'];
}
$company->info = pb_lang_split_recursive($company->info);
$company->info['description'] = nl2br(strip_tags($company->info['description']));
$is_set_default_skins = false;
$member_templet_id = $member->info['templet_id'];
if (isset($_GET['force_templet_id'])) {
$member_templet_id = intval($_GET['force_templet_id']);
}
if (!empty($member_templet_id)) {
$skin_path_info = $pdb->GetRow("SELECT name,directory FROM {$tb_prefix}templets WHERE type='user' AND status='1' AND id='" . $member_templet_id . "'");
}
if (empty($skin_path_info)) {
$skin_path_info = $pdb->GetRow("SELECT name,directory FROM {$tb_prefix}templets WHERE type='user' AND is_default='1'");
if (empty($skin_path_info)) {
$is_set_default_skins = true;
}
} elseif (!is_dir(PHPB2B_ROOT . $skin_path_info)) {
$is_set_default_skins = true;
}
if ($is_set_default_skins) {
$skin_path_info = array();
$skin_path_info[] = "default";
$skin_path_info[] = "templates/skins/default/";
}
list($skin_path, $skin_dir) = $skin_path_info;
if (strpos($skin_dir, "templates") === false) {
$skin_dir = "templates/" . $skin_dir;
//for 4.3 upgrade from 4.3 below,begin 2012.10
}
$this->skin_path = $skin_path;
$this->skin_dir = $skin_dir;
uaAssign(array("SkinName" => $skin_path, "ThemeName" => $skin_path, "SkinPath" => $skin_dir, "COMPANY" => $company->info, "MEMBER" => $member->info));
$this->view->setTemplateDir(PHPB2B_ROOT . "templates" . DS . "skins" . DS);
$this->view->setCompileDir(DATA_PATH . "templates_c" . DS . $this->lang . DS . "skin" . DS . $skin_path . DS);
if (isset($member->info['id'])) {
$this->setLinks($member->info['id']);
}
$this->setMenu($company->info['cache_spacename'], $this->spaceModules);
$product_types = $pdb->GetArray("SELECT *,id as typeid,name as typename FROM {$tb_prefix}producttypes WHERE company_id=" . $company->info['id']);
//set and get db cache
setvar("ProductTypes", $product_types);
$group_info = array();
$group_info['year'] = $time_tmp;
if (!empty($member->info['membergroup_id']['name'])) {
$group_info['name'] = $G['membergroup'][$member->info['membergroup_id']]['name'];
} else {
$group_info['name'] = L("undefined_image", "tpl");
}
if (!empty($member->info['membergroup_id']['avatar'])) {
$group_info['image'] = $absolute_uri . STATICURL . "images/group/" . $G['membergroup'][$member->info['membergroup_id']]['avatar'];
} else {
$group_info['image'] = $absolute_uri . STATICURL . "images/group/formal.gif";
}
setvar("GROUP", $group_info);
//for old version
if (isset($member->info['membergroup_id']['name'])) {
setvar("GroupName", $G['membergroup'][$member->info['membergroup_id']]['name']);
}
if (isset($member->info['membergroup_id']['avatar'])) {
setvar("GroupImage", $absolute_uri . STATICURL . "images/group/" . $G['membergroup'][$member->info['membergroup_id']]['avatar']);
}
setvar("Menus", $this->getMenu());
setvar("Links", $this->getLinks());
$space_url = $this->rewrite($company->info['cache_spacename'], $company->info['id']);
setvar("space_url", $space_url);
setvar("SpaceUrl", $absolute_uri . $skin_dir);
$space_extra_style = '';
setvar("SpaceExtraStyle", $space_extra_style);
if (!empty($skin_extra_style)) {
$space_extra_style = $absolute_uri . $skin_dir . "styles/" . $skin_extra_style . "/";
setvar("SpaceExtraStyle", $space_extra_style);
}
setvar("BASEMAP", $absolute_uri . $skin_dir);
$pdb->Execute("UPDATE {$tb_prefix}companies SET clicked=clicked+1 WHERE id='" . $company->info['id'] . "'");
if (!empty($arrTemplate)) {
$this->view->assign($arrTemplate);
}
if (!empty($_GET['module'])) {
$this->module = trim($_GET['module']);
}
$this->view->assign("cur", "space_" . $this->module);
}
function pb_submit_check($var)
{
$referer = pb_getenv('HTTP_REFERER');
if (is_file(DATA_PATH . 'antispam' . DS . 'index.php')) {
require DATA_PATH . 'antispam' . DS . 'index.php';
}
if (!empty($_POST[$var]) && $_SERVER['REQUEST_METHOD'] == 'POST') {
if ((empty($referer) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $referer) == preg_replace("/([^\\:]+).*/", "\\1", pb_getenv('HTTP_HOST'))) && $_POST['formhash'] == formhash()) {
return true;
}
}
header_sent(L("invalid_submit"));
exit;
}
<?php
/**
* [PHPB2B] Copyright (C) 2007-2099, Ualink Inc. All Rights Reserved.
* The contents of this file are subject to the License; you may not use this file except in compliance with the License.
*
* @version $Revision: 2075 $
*/
define('ANTI_FORCE', true);
define('ANTI_LEVEL', 3);
//higher,will be more secure,default 3.
if (ANTI_FORCE) {
$GLOBALS['log']->lwrite($_SERVER['HTTP_USER_AGENT']);
$ip_addr = pb_get_client_ip("long");
if (strpos($referer, pb_getenv('HTTP_HOST')) === false || empty($ip_addr)) {
header_sent(L("invalid_submit"));
exit;
}
$client_agent = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/windows 2000/', $client_agent)) {
header("Location:" . URL);
exit;
}
$temp = explode('(', $client_agent);
$Part = $temp[0];
$ext_info = $temp[1];
$ext_info = explode(')', $ext_info);
$temp = explode(';', trim($ext_info[0]));
$r_info = array();
if (!empty($ext_info[1])) {
$r_info = trim($ext_info[1]);