function login($username, $password, $makehash = true)
{
global $mod;
// SHA1 password
if ($makehash) {
$password = sha1($password);
}
$query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $username);
$query->execute() or error(db_error($query));
if ($user = $query->fetch(PDO::FETCH_ASSOC)) {
if ($user['password'] === hash('sha256', $user['salt'] . $password)) {
return $mod = array('id' => $user['id'], 'type' => $user['type'], 'username' => $username, 'hash' => mkhash($username, $user['password']), 'boards' => explode(',', $user['boards']));
}
}
return false;
}
function login($username, $password, $makehash = true)
{
global $mod;
// SHA1 password
if ($makehash) {
$password = sha1($password);
}
$query = prepare("SELECT `id`,`type`,`boards` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
$query->bindValue(':username', $username);
$query->bindValue(':password', $password);
$query->execute() or error(db_error($query));
if ($user = $query->fetch()) {
return $mod = array('id' => $user['id'], 'type' => $user['type'], 'username' => $username, 'hash' => mkhash($username, $password), 'boards' => explode(',', $user['boards']));
} else {
return false;
}
}
<?php
set_time_limit(0);
include 'func.php';
$rootdir = getbase($_GET['base']);
if (($dir = safepath($rootdir, $_GET['dir'])) === false) {
redirect('index.php');
}
$hash = mkhash($rootdir . $dir);
$thash = $_GET['base'] . '-' . $hash;
$hash = $_GET['base'] . '/' . $hash;
$path = rtrim(joinpath($rootdir, $dir), '/');
$apath = explode('/', $path);
$bdir = array_pop($apath);
chdir(r(implode('/', $apath)));
$zfile = $bdir . '.7z';
#header('Content-type: application/x-zip-compressed');
#header('Content-Disposition: attachment; filename*=utf-8"'.preg_replace('![\\/?]!i','',$zfile).'"');
$cmd = $CFG['sevenzip'] . ' a -t7z ' . escapeshellarg($CFG['cachedir'] . $zfile) . ' ' . escapeshellarg(r($bdir));
exe($cmd);
redirect($CFG['cacheurl'] . $zfile);
#passthru($cmd);
<?php
ignore_user_abort(true);
include 'func.php';
$rootdir = getbase($_GET['base']);
if (($file = safepath($rootdir, $_GET['file'])) === false) {
die;
}
$hash = mkhash($rootdir . $file);
$thash = $_GET['base'] . '-' . $hash;
$hash = $_GET['base'] . '/' . $hash;
if (preg_match('/^[0-9]+x[0-9]+$/', $_GET['size'])) {
$size = $_GET['size'];
} else {
$size = $CFG['thumb_size'];
}
$extmap = array('zip' => 'archive.gif', 'rar' => 'archive.gif', '7z' => 'archive.gif', '7zip' => 'archive.gif', 'txz' => 'archive.gif', 'xz' => 'archive.gif', 'tgz' => 'archive.gif', 'gz' => 'archive.gif', 'tar' => 'archive.gif', 'xls' => 'xls.gif', 'doc' => 'doc.gif', 'ppt' => 'ppt.gif', 'txt' => 'txt.gif', 'kmz' => 'ge.gif', 'kml' => 'ge.gif', 'htm' => 'html.gif', 'html' => 'html.gif', 'mht' => 'html.gif', 'wav' => 'audio.gif', 'mp3' => 'audio.gif', 'wma' => 'audio.gif', 'mid' => 'audio.gif', 'ogg' => 'audio.gif', 'flac' => 'audio.gif', 'swf' => 'swf.gif', 'fla' => 'fla.gif', 'aac' => 'aac.gif', 'ace' => 'ace.gif', 'aiff' => 'aiff.gif', 'arj' => 'arj.gif', 'cab' => 'cab.gif', 'mpc' => 'mpc.gif', 'pdf' => 'pdf.gif', 'vqf' => 'vqf.gif', 'xml' => 'xml.gif');
if (thumb_able($file)) {
if (!newer($rootdir . $file, $CFG['cachedir'] . $hash . '_' . $size . '.jpg')) {
echo $CFG['cacheurl'] . $hash . '_' . $size . '.jpg';
exit;
}
$job = array('base' => $_GET['base'], 'file' => $file, 'size' => $size);
$gmc = new Gearmanclient();
$gmc->addServer();
$gmc->doBackground("webnautilus", serialize($job));
header('HTTP/1.1 491');
exit;
} elseif (isset($extmap[getext($file)])) {
echo 'images/' . $extmap[getext($file)];
} else {
function check_login($prompt = false)
{
global $config, $mod;
// Validate session
if (isset($_COOKIE[$config['cookies']['mod']])) {
// Should be username:hash:salt
$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
if (count($cookie) != 3) {
// Malformed cookies
destroyCookies();
if ($prompt) {
mod_login();
}
exit;
}
$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $cookie[0]);
$query->execute() or error(db_error($query));
$user = $query->fetch(PDO::FETCH_ASSOC);
// validate password hash
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
// Malformed cookies
destroyCookies();
if ($prompt) {
mod_login();
}
exit;
}
$mod = array('id' => $user['id'], 'type' => $user['type'], 'username' => $cookie[0], 'boards' => explode(',', $user['boards']));
}
if ($config['debug']) {
$parse_start_time = microtime(true);
}
// Fix for magic quotes
if (get_magic_quotes_gpc()) {
function strip_array($var)
{
return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
}
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
}
<?php
include 'func.php';
$rootdir = getbase($_GET['base']);
if (($file = safepath($rootdir, $_GET['file'])) === false) {
die;
}
$hash = $_GET['base'] . '/' . mkhash($rootdir . $file);
if (isvideo($file)) {
$ext = 'mp4';
} elseif (isaudio($file)) {
$ext = 'mp3';
}
if (ufile_exists($CFG['cachedir'] . $hash . '.' . $ext)) {
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="common.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="flowplayer/example/flowplayer-3.2.6.min.js"></script>
</head>
<body><!-- <?php
echo $hash;
?>
-->
<div style="font-size:10pt;"><?php
echo mklink(getbasename($_GET['base']), $file);
?>
</div>
<center>
<span id="player" style="display:block;width:640px;height:480px"></span>
while (count($todo)) {
list($b, $p) = array_shift($todo);
# echo $b.$p."\n";
$rootdir = getbase($b);
$fp = pathjoin($rootdir, $p);
if (uis_dir($fp)) {
$fs = uscandir($fp);
foreach ($fs as $f) {
if ($f == '.' || $f == '..') {
continue;
}
$todo[] = array($b, pathjoin($p, $f));
}
continue;
}
$hash = mkhash($fp);
$hash = $b . '/' . $hash;
$size = $CFG['thumb_size'];
if (isimage($fp)) {
$t1 = $CFG['cachedir'] . $hash . '_' . $size . '.jpg';
if (!newer($fp, $t1)) {
touch($t1, filemtime($t1), $_now);
continue;
}
} elseif (isvideo($fp)) {
$t1 = $CFG['cachedir'] . $hash . '.mp4';
$t2 = $CFG['cachedir'] . $hash . '_L.jpg';
$t3 = $CFG['cachedir'] . $hash . '_' . $size . '.jpg';
if (!(newer($fp, $t1) || newer($fp, $t2) || newer($fp, $t3))) {
touch($t1, filemtime($t1), $_now);
touch($t2, filemtime($t2), $_now);