/** * @brief Display license messages */ function dispInstallIntroduce() { $install_config_file = FileHandler::getRealPath('./config/install.config.php'); if (file_exists($install_config_file)) { include $install_config_file; if (is_array($install_config)) { foreach ($install_config as $k => $v) { $v = $k == 'db_table_prefix' ? $v . '_' : $v; Context::set($k, $v, true); } unset($GLOBALS['__DB__']); Context::set('install_config', true, true); $oInstallController = getController('install'); $output = $oInstallController->procInstall(); if (!$output->toBool()) { return $output; } header("location: ./"); Context::close(); exit; } } Context::set('l', Context::getLangType()); $this->setTemplateFile('introduce'); }
function printContent($content) { header("Content-Type: text/xml; charset=UTF-8"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); print $content; Context::close(); exit; }
function alertMsg($message) { //입력된 메세지 없으면 리턴 if (!$message) { return; } header("Content-Type: text/html; charset=UTF-8"); //헤더설정 직접 해주거나(한글인코딩) 아래주석 제거하거나 선택적 사용 //htmlHeader(); alertScript($message); echo '<script type="text/javascript">history.back()</script>'; //htmlFooter(); Context::close(); exit; }
/** * @brief Display license messages */ function dispInstallIntroduce() { $install_config_file = FileHandler::getRealPath('./config/install.config.php'); if (file_exists($install_config_file)) { /** * If './config/install.config.php' file created and write array shown in the example below, XE installed using config file. * ex ) $install_config = array( 'db_type' =>'mysqli_innodb', 'db_port' =>'3306', 'db_hostname' =>'localhost', 'db_userid' =>'root', 'db_password' =>'root', 'db_database' =>'rx_database', 'db_table_prefix' =>'rx', 'user_rewrite' =>'N', 'time_zone' =>'0000', 'email_address' =>'*****@*****.**', 'password' =>'pass', 'password2' =>'pass', 'nick_name' =>'admin', 'user_id' =>'admin', 'lang_type' =>'ko', // en, jp, ... ); */ include $install_config_file; if (is_array($install_config)) { foreach ($install_config as $k => $v) { $v = $k == 'db_table_prefix' ? $v . '_' : $v; Context::set($k, $v, true); } unset($GLOBALS['__DB__']); Context::set('install_config', true, true); $oInstallController = getController('install'); $output = $oInstallController->procInstall(); if (!$output->toBool()) { return $output; } header("location: ./"); Context::close(); exit; } } Context::set('l', Context::getLangType()); return $this->dispInstallLicenseAgreement(); //$this->setTemplateFile('introduce'); }
/** * prepares variables to use in moduleHandler * @param string $module name of module * @param string $act name of action * @param int $mid * @param int $document_srl * @param int $module_srl * @return void **/ function ModuleHandler($module = '', $act = '', $mid = '', $document_srl = '', $module_srl = '') { // If XE has not installed yet, set module as install if (!Context::isInstalled()) { $this->module = 'install'; $this->act = Context::get('act'); return; } // Set variables from request arguments $this->module = $module ? $module : Context::get('module'); $this->act = $act ? $act : Context::get('act'); $this->mid = $mid ? $mid : Context::get('mid'); $this->document_srl = $document_srl ? (int) $document_srl : (int) Context::get('document_srl'); $this->module_srl = $module_srl ? (int) $module_srl : (int) Context::get('module_srl'); $this->entry = Context::convertEncodingStr(Context::get('entry')); // Validate variables to prevent XSS $isInvalid = null; if ($this->module && !preg_match("/^([a-z0-9\\_\\-]+)\$/i", $this->module)) { $isInvalid = true; } if ($this->mid && !preg_match("/^([a-z0-9\\_\\-]+)\$/i", $this->mid)) { $isInvalid = true; } if ($this->act && !preg_match("/^([a-z0-9\\_\\-]+)\$/i", $this->act)) { $isInvalid = true; } if ($isInvalid) { htmlHeader(); echo Context::getLang("msg_invalid_request"); htmlFooter(); Context::close(); exit; } if (isset($this->act) && substr($this->act, 0, 4) == 'disp') { if (Context::get('_use_ssl') == 'optional' && Context::isExistsSSLAction($this->act) && $_SERVER['HTTPS'] != 'on') { header('location:https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); return; } } // execute addon (before module initialization) $called_position = 'before_module_init'; $oAddonController =& getController('addon'); $addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? 'mobile' : 'pc'); @(include $addon_file); }
/** * @brief 계층구조 추출 * document_category테이블을 이용해서 위키 문서의 계층 구조도를 그림 * document_category테이블에 등록되어 있지 않은 경우 depth = 0 으로 하여 신규 생성 **/ function getWikiTreeList() { header("Content-Type: text/xml; charset=UTF-8"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); $oModuleModel =& getModel('module'); $mid = Context::get('mid'); $cache_file = sprintf('%sfiles/cache/wiki/%d.xml', _XE_PATH_, $this->module_srl); if ($this->grant->write_document || !file_exists($cache_file)) { FileHandler::writeFile($cache_file, $this->loadWikiTreeList($this->module_srl)); } print FileHandler::readFile($cache_file); Context::close(); exit; }
/** * Trackbacks sent * @return object */ function procTrackbackSend() { // Yeokingeul to post numbers and shipping addresses Wanted $document_srl = Context::get('target_srl'); $trackback_url = Context::get('trackback_url'); $charset = Context::get('charset'); if (!$document_srl || !$trackback_url || !$charset) { return new Object(-1, 'msg_invalid_request'); } // Login Information Wanted $logged_info = Context::get('logged_info'); if (!$logged_info->member_srl) { return new Object(-1, 'msg_not_permitted'); } // Posts of the information obtained permission to come and check whether $oDocumentModel =& getModel('document'); $oDocument = $oDocumentModel->getDocument($document_srl); if (!$oDocument->isExists() || !$oDocument->getSummary()) { return new Object(-1, 'msg_invalid_request'); } if ($oDocument->getMemberSrl() != $logged_info->member_srl) { return new Object(-1, 'msg_not_permitted'); } // Specify the title of the module, the current article $oModuleModel =& getModel('module'); $module_info = $oModuleModel->getModuleInfoByModuleSrl($oDocument->get('module_srl')); Context::setBrowserTitle($module_info->browser_title); // Shipping yeokingeul $output = $this->sendTrackback($oDocument, $trackback_url, $charset); if ($output->toBool() && !in_array(Context::getRequestMethod(), array('XMLRPC', 'JSON'))) { global $lang; htmlHeader(); alertScript($lang->success_registed); reload(true); closePopupScript(); htmlFooter(); Context::close(); exit; } return $output; }
/** * @brief faceoff export * **/ function procLayoutAdminUserLayoutExport() { $layout_srl = Context::get('layout_srl'); if (!$layout_srl) { return new Object('-1', 'msg_invalid_request'); } require_once _XE_PATH_ . 'libs/tar.class.php'; // 압축할 파일 목록을 가져온다 $oLayoutModel =& getModel('layout'); $file_list = $oLayoutModel->getUserLayoutFileList($layout_srl); // 압축을 한다. $tar = new tar(); $user_layout_path = FileHandler::getRealPath($oLayoutModel->getUserLayoutPath($layout_srl)); chdir($user_layout_path); $replace_path = getNumberingPath($layout_srl, 3); foreach ($file_list as $key => $file) { $tar->addFile($file, $replace_path, '__LAYOUT_PATH__'); } $stream = $tar->toTarStream(); $filename = 'faceoff_' . date('YmdHis') . '.tar'; header("Cache-Control: "); header("Pragma: "); header("Content-Type: application/x-compressed"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // header("Content-Length: " .strlen($stream)); ?? why?? header('Content-Disposition: attachment; filename="' . $filename . '"'); header("Content-Transfer-Encoding: binary\n"); echo $stream; // Context를 강제로 닫고 종료한다. Context::close(); exit; }
/** * @brief List permissions of the module */ function procModuleAdminModuleGrantSetup() { $module_srls = Context::get('module_srls'); if (!$module_srls) { return new Object(-1, 'msg_invalid_request'); } $modules = explode(',', $module_srls); if (count($modules) < 1) { return new Object(-1, 'msg_invalid_request'); } $oModuleController = getController('module'); $oModuleModel = getModel('module'); $columnList = array('module_srl', 'module'); $module_info = $oModuleModel->getModuleInfoByModuleSrl($modules[0], $columnList); $xml_info = $oModuleModel->getModuleActionXml($module_info->module); $grant_list = $xml_info->grant; $grant_list->access = new stdClass(); $grant_list->access->default = 'guest'; $grant_list->manager = new stdClass(); $grant_list->manager->default = 'manager'; $grant = new stdClass(); foreach ($grant_list as $grant_name => $grant_info) { // Get the default value $default = Context::get($grant_name . '_default'); // -1 = Sign only, 0 = all users $grant->{$grant_name} = array(); if (strlen($default)) { $grant->{$grant_name}[] = $default; continue; // Users in a particular group } else { $group_srls = Context::get($grant_name); if ($group_srls) { if (!is_array($group_srls)) { if (strpos($group_srls, '|@|') !== false) { $group_srls = explode('|@|', $group_srls); } elseif (strpos($group_srls, ',') !== false) { $group_srls = explode(',', $group_srls); } else { $group_srls = array($group_srls); } } $grant->{$grant_name} = $group_srls; } continue; } $grant->{$group_srls} = array(); // dead code, too?? } // Stored in the DB foreach ($modules as $module_srl) { $args = new stdClass(); $args->module_srl = $module_srl; $output = executeQuery('module.deleteModuleGrants', $args); if (!$output->toBool()) { continue; } // Permissions stored in the DB foreach ($grant as $grant_name => $group_srls) { foreach ($group_srls as $val) { $args = new stdClass(); $args->module_srl = $module_srl; $args->name = $grant_name; $args->group_srl = $val; $output = executeQuery('module.insertModuleGrant', $args); if (!$output->toBool()) { return $output; } } } } $this->setMessage('success_registed'); if (!in_array(Context::getRequestMethod(), array('XMLRPC', 'JSON'))) { if (Context::get('success_return_url')) { $this->setRedirectUrl(Context::get('success_return_url')); } else { global $lang; htmlHeader(); alertScript($lang->success_registed); closePopupScript(); htmlFooter(); Context::close(); exit; } } }
function before_module_init_captchaCompare() { if (!$this->compareCaptcha()) { return false; } header("Content-Type: text/xml; charset=UTF-8"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); print "<response>\r\n<error>0</error>\r\n<message>success</message>\r\n</response>"; Context::close(); exit; }
/** * Download Attachment * * <pre> * Receive a request directly * file_srl: File sequence * sid : value in DB for comparison, No download if not matched * * This method call trigger 'file.downloadFile'. * before, after. * Trigger object contains: * - download_url * - file_srl * - upload_target_srl * - upload_target_type * - sid * - module_srl * - member_srl * - download_count * - direct_download * - source_filename * - uploaded_filename * - file_size * - comment * - isvalid * - regdate * - ipaddress * </pre> * * return void **/ function procFileDownload() { $oFileModel =& getModel('file'); $file_srl = Context::get('file_srl'); $sid = Context::get('sid'); $logged_info = Context::get('logged_info'); // Get file information from the DB $columnList = array('file_srl', 'sid', 'isvalid', 'source_filename', 'module_srl', 'uploaded_filename', 'file_size', 'member_srl', 'upload_target_srl', 'upload_target_type'); $file_obj = $oFileModel->getFile($file_srl, $columnList); // If the requested file information is incorrect, an error that file cannot be found appears if ($file_obj->file_srl != $file_srl || $file_obj->sid != $sid) { return $this->stop('msg_file_not_found'); } // Notify that file download is not allowed when standing-by(Only a top-administrator is permitted) if ($logged_info->is_admin != 'Y' && $file_obj->isvalid != 'Y') { return $this->stop('msg_not_permitted_download'); } // File name $filename = $file_obj->source_filename; $file_module_config = $oFileModel->getFileModuleConfig($file_obj->module_srl); // Not allow the file outlink if ($file_module_config->allow_outlink == 'N') { // Handles extension to allow outlink if ($file_module_config->allow_outlink_format) { $allow_outlink_format_array = array(); $allow_outlink_format_array = explode(',', $file_module_config->allow_outlink_format); if (!is_array($allow_outlink_format_array)) { $allow_outlink_format_array[0] = $file_module_config->allow_outlink_format; } foreach ($allow_outlink_format_array as $val) { $val = trim($val); if (preg_match("/\\.{$val}\$/i", $filename)) { $file_module_config->allow_outlink = 'Y'; break; } } } // Sites that outlink is allowed if ($file_module_config->allow_outlink != 'Y') { $referer = parse_url($_SERVER["HTTP_REFERER"]); if ($referer['host'] != $_SERVER['HTTP_HOST']) { if ($file_module_config->allow_outlink_site) { $allow_outlink_site_array = array(); $allow_outlink_site_array = explode("\n", $file_module_config->allow_outlink_site); if (!is_array($allow_outlink_site_array)) { $allow_outlink_site_array[0] = $file_module_config->allow_outlink_site; } foreach ($allow_outlink_site_array as $val) { $site = parse_url(trim($val)); if ($site['host'] == $referer['host']) { $file_module_config->allow_outlink = 'Y'; break; } } } } else { $file_module_config->allow_outlink = 'Y'; } } if ($file_module_config->allow_outlink != 'Y') { return $this->stop('msg_not_allowed_outlink'); } } // Check if a permission for file download is granted $downloadGrantCount = 0; if (is_array($file_module_config->download_grant)) { foreach ($file_module_config->download_grant as $value) { if ($value) { $downloadGrantCount++; } } } if (is_array($file_module_config->download_grant) && $downloadGrantCount > 0) { if (!Context::get('is_logged')) { return $this->stop('msg_not_permitted_download'); } $logged_info = Context::get('logged_info'); if ($logged_info->is_admin != 'Y') { $oModuleModel =& getModel('module'); $columnList = array('module_srl', 'site_srl'); $module_info = $oModuleModel->getModuleInfoByModuleSrl($file_obj->module_srl, $columnList); if (!$oModuleModel->isSiteAdmin($logged_info, $module_info->site_srl)) { $oMemberModel =& getModel('member'); $member_groups = $oMemberModel->getMemberGroups($logged_info->member_srl, $module_info->site_srl); $is_permitted = false; for ($i = 0; $i < count($file_module_config->download_grant); $i++) { $group_srl = $file_module_config->download_grant[$i]; if ($member_groups[$group_srl]) { $is_permitted = true; break; } } if (!$is_permitted) { return $this->stop('msg_not_permitted_download'); } } } } // Call a trigger (before) $output = ModuleHandler::triggerCall('file.downloadFile', 'before', $file_obj); if (!$output->toBool()) { return $this->stop($output->message ? $output->message : 'msg_not_permitted_download'); } // File Output if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { $filename = rawurlencode($filename); $filename = preg_replace('/\\./', '%2e', $filename, substr_count($filename, '.') - 1); } $uploaded_filename = $file_obj->uploaded_filename; if (!file_exists($uploaded_filename)) { return $this->stop('msg_file_not_found'); } $fp = fopen($uploaded_filename, 'rb'); if (!$fp) { return $this->stop('msg_file_not_found'); } header("Cache-Control: "); header("Pragma: "); header("Content-Type: application/octet-stream"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Content-Length: " . (string) $file_obj->file_size); header('Content-Disposition: attachment; filename="' . $filename . '"'); header("Content-Transfer-Encoding: binary\n"); // if file size is lager than 10MB, use fread function (#18675748) if (filesize($uploaded_filename) > 1024 * 1024) { while (!feof($fp)) { echo fread($fp, 1024); } fclose($fp); } else { fpassthru($fp); } // Increase download_count $args->file_srl = $file_srl; executeQuery('file.updateFileDownloadCount', $args); // Call a trigger (after) $output = ModuleHandler::triggerCall('file.downloadFile', 'after', $file_obj); Context::close(); exit; }
function returnPage($query = null) { $js = $this->session->getSession('js'); $skin = $this->session->getSession('widget_skin'); $mode = $this->session->getSession('mode'); $info = $this->session->getSession('info'); // 쿼리가 파라미터로 넘어왔으면 사용하고 아니면 세션을 사용 if (empty($query)) { $query = $this->session->getSession('callback_query'); } // 로그인되어 있지 않고, 로그인되어 있다면 소셜 정보 통합 기능을 사용하지 않을 때만 세션을 전송한다. $is_logged = Context::get('is_logged'); if (!$mode && (!$is_logged || $is_logged && $this->config->use_social_info != 'Y')) { $this->communicator->sendSession(); } // 로그인에 사용되는 세션을 지운다. $this->session->clearSession('js'); $this->session->clearSession('mode'); $this->session->clearSession('callback_query'); $this->session->clearSession('widget_skin'); // JS 사용이면 창을 닫는다. if ($js) { Context::set('skin', $skin); Context::set('info', $info); $template_path = sprintf("%stpl/", $this->module_path); $this->setTemplatePath($template_path); $this->setTemplateFile('completeLogin'); return; } // XE주소 $url = Context::getRequestUri(); // SSL 항상 사용이 아니면 https를 http로 변경. // if(Context::get('_use_ssl') != 'always') { // $url = str_replace('https', 'http', $url); // } // 쿼리가 있으면 붙인다. if ($query) { if (strpos($query, 'http') !== false) { $url = urldecode($query); } else { $url .= '?' . urldecode($query); } } header('Location: ' . $url); Context::close(); exit; }
function close() { Context::close(); exit; }
/** * Add a group of friends * @return void|Object (success : void, fail : Object) **/ function procCommunicationAddFriendGroup() { // Check login information if (!Context::get('is_logged')) { return new Object(-1, 'msg_not_logged'); } $logged_info = Context::get('logged_info'); // Variables $args->friend_group_srl = trim(Context::get('friend_group_srl')); $args->member_srl = $logged_info->member_srl; $args->title = Context::get('title'); $args->title = htmlspecialchars($args->title); if (!$args->title) { return new Object(-1, 'msg_invalid_request'); } // modify if friend_group_srl exists. if ($args->friend_group_srl) { $output = executeQuery('communication.renameFriendGroup', $args); $msg_code = 'success_updated'; // add if not exists } else { $output = executeQuery('communication.addFriendGroup', $args); $msg_code = 'success_registed'; } if (!$output->toBool()) { if (!in_array(Context::getRequestMethod(), array('XMLRPC', 'JSON'))) { global $lang; htmlHeader(); alertScript($lang->fail_to_registed); closePopupScript(); htmlFooter(); Context::close(); exit; } else { return $output; } } else { if (!in_array(Context::getRequestMethod(), array('XMLRPC', 'JSON'))) { global $lang; htmlHeader(); alertScript($lang->success_registed); reload(true); closePopupScript(); htmlFooter(); Context::close(); exit; } else { $this->setMessage($msg_code); } } }
/** * Update a group of selected memebrs * @return void|Object (void : success, Object : fail) */ function procMemberAdminUpdateMembersGroup() { $member_srl = Context::get('member_srl'); if (!$member_srl) { return new Object(-1, 'msg_invalid_request'); } $member_srls = explode(',', $member_srl); $group_srl = Context::get('group_srls'); if (!is_array($group_srl)) { $group_srls = explode('|@|', $group_srl); } else { $group_srls = $group_srl; } $oDB =& DB::getInstance(); $oDB->begin(); // Delete a group of selected members $args = new stdClass(); $args->member_srl = $member_srl; $output = executeQuery('member.deleteMembersGroup', $args); if (!$output->toBool()) { $oDB->rollback(); return $output; } // Add to a selected group $group_count = count($group_srls); $member_count = count($member_srls); for ($j = 0; $j < $group_count; $j++) { $group_srl = (int) trim($group_srls[$j]); if (!$group_srl) { continue; } for ($i = 0; $i < $member_count; $i++) { $member_srl = (int) trim($member_srls[$i]); if (!$member_srl) { continue; } $args = new stdClass(); $args->member_srl = $member_srl; $args->group_srl = $group_srl; $output = executeQuery('member.addMemberToGroup', $args); if (!$output->toBool()) { $oDB->rollback(); return $output; } } } $oDB->commit(); $this->_deleteMemberGroupCache(); $this->setMessage('success_updated'); if (!in_array(Context::getRequestMethod(), array('XMLRPC', 'JSON'))) { global $lang; htmlHeader(); alertScript($lang->success_updated); reload(true); closePopupScript(); htmlFooter(); Context::close(); exit; } }
/** * layout copy * @return void */ function procLayoutAdminCopyLayout() { $sourceArgs = Context::getRequestVars(); if ($sourceArgs->layout == 'faceoff') { return $this->stop('not supported'); } if (!$sourceArgs->layout_srl) { return $this->stop('msg_empty_origin_layout'); } $oLayoutModel = getModel('layout'); $layout = $oLayoutModel->getLayout($sourceArgs->layout_srl); if (!$sourceArgs->title) { $sourceArgs->title = array($layout->title . '_' . $this->_makeRandomMid()); } if (!is_array($sourceArgs->title) || count($sourceArgs->title) == 0) { return $this->stop('msg_empty_target_layout'); } $output = $oLayoutModel->getLayoutRawData($sourceArgs->layout_srl, array('extra_vars')); $args = new stdClass(); $args->extra_vars = $output->extra_vars; $extra_vars = unserialize($args->extra_vars); if ($layout->extra_var_count) { $reg = "/^.\\/files\\/attach\\/images\\/([0-9]+)\\/(.*)/"; if ($extra_vars) { foreach ($extra_vars as $key => $val) { if ($layout->extra_var->{$key}->type == 'image') { if (!preg_match($reg, $val, $matches)) { continue; } $image_list[$key]->filename = $matches[2]; $image_list[$key]->old_file = $val; } } } } $oModuleController = getController('module'); $layout_config = new stdClass(); $layout_config->header_script = $extra_vars->header_script; // Get information to create a layout $args->site_srl = (int) $layout->site_srl; $args->layout = $layout->layout; $args->layout_type = $layout->layout_type; if (!$args->layout_type) { $args->layout_type = "P"; } $oDB =& DB::getInstance(); $oDB->begin(); if (is_array($sourceArgs->title)) { foreach ($sourceArgs->title as $key => $value) { if (!trim($value)) { continue; } $args->layout_srl = getNextSequence(); $args->title = $value; if (is_array($image_list)) { foreach ($image_list as $key => $val) { $new_file = sprintf("./files/attach/images/%s/%s", $args->layout_srl, $val->filename); FileHandler::copyFile($val->old_file, $new_file); $extra_vars->{$key} = $new_file; } $args->extra_vars = serialize($extra_vars); } // for header script $oModuleController->insertModulePartConfig('layout', $args->layout_srl, $layout_config); // Insert into the DB $output = $this->insertLayout($args); if (!$output->toBool()) { $oDB->rollback(); return $output; } // initiate if it is faceoff layout $this->initLayout($args->layout_srl, $args->layout); // update layout info $output = $this->updateLayout($args); if (!$output->toBool()) { $oDB->rollback(); return $output; } $this->_copyLayoutFile($layout->layout_srl, $args->layout_srl); } } $oDB->commit(); $this->setMessage('success_registed'); if (!in_array(Context::getRequestMethod(), array('XMLRPC', 'JSON'))) { global $lang; htmlHeader(); alertScript($lang->success_registed); reload(true); closePopupScript(); htmlFooter(); Context::close(); exit; } }
public function procFileOutput() { $oFileModel = getModel('file'); $file_srl = Context::get('file_srl'); $file_key = Context::get('file_key'); if (strstr($_SERVER['HTTP_USER_AGENT'], "Android")) { $is_android = true; } if ($is_android && $_SESSION['__XE_FILE_KEY_AND__'][$file_srl]) { $session_key = '__XE_FILE_KEY_AND__'; } else { $session_key = '__XE_FILE_KEY__'; } $columnList = array('source_filename', 'uploaded_filename', 'file_size'); $file_obj = $oFileModel->getFile($file_srl, $columnList); $uploaded_filename = $file_obj->uploaded_filename; if (!file_exists($uploaded_filename)) { return $this->stop('msg_file_not_found'); } if (!$file_key || $_SESSION[$session_key][$file_srl] != $file_key) { unset($_SESSION[$session_key][$file_srl]); return $this->stop('msg_invalid_request'); } $file_size = $file_obj->file_size; $filename = $file_obj->source_filename; if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE || strpos($_SERVER['HTTP_USER_AGENT'], 'Windows') !== FALSE && strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== FALSE && strpos($_SERVER['HTTP_USER_AGENT'], 'rv:') !== FALSE) { $filename = rawurlencode($filename); $filename = preg_replace('/\\./', '%2e', $filename, substr_count($filename, '.') - 1); } if ($is_android) { if ($_SESSION['__XE_FILE_KEY__'][$file_srl]) { $_SESSION['__XE_FILE_KEY_AND__'][$file_srl] = $file_key; } } unset($_SESSION[$session_key][$file_srl]); Context::close(); $fp = fopen($uploaded_filename, 'rb'); if (!$fp) { return $this->stop('msg_file_not_found'); } header("Cache-Control: "); header("Pragma: "); header("Content-Type: application/octet-stream"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Content-Length: " . (string) $file_size); header('Content-Disposition: attachment; filename="' . $filename . '"'); header("Content-Transfer-Encoding: binary\n"); // if file size is lager than 10MB, use fread function (#18675748) if (filesize($uploaded_filename) > 1024 * 1024) { while (!feof($fp)) { echo fread($fp, 1024); } fclose($fp); } else { fpassthru($fp); } exit; }
* ----------------------------------------------------------------------------- * * Rhymix is a derivative work of XpressEngine (XE) version 1.x. * The license has been changed from LGPL v2.1 to GPL v2 in accordance with * section 3 of LGPL v2.1. This change is irreversible and applies to all of * Rhymix, including parts that were copied verbatim from XpressEngine. * * ----------------------------------------------------------------------------- */ /** * Include the autoloader. */ require dirname(__FILE__) . '/common/autoload.php'; /** * @brief Initialize by creating Context object * Set all Request Argument/Environment variables **/ $oContext = Context::getInstance(); $oContext->init(); /** * @brief If default_url is set and it is different from the current url, attempt to redirect for SSO authentication and then process the module **/ if ($oContext->checkSSO()) { $oModuleHandler = new ModuleHandler(); if ($oModuleHandler->init()) { $oModuleHandler->displayContent($oModuleHandler->procModule()); } } Context::close(); /* End of file index.php */ /* Location: ./index.php */
public function procFileOutput() { // Get requsted file info $oFileModel = getModel('file'); $file_srl = Context::get('file_srl'); $file_key = Context::get('file_key'); $columnList = array('source_filename', 'uploaded_filename', 'file_size'); $file_obj = $oFileModel->getFile($file_srl, $columnList); $filesize = $file_obj->file_size; $filename = $file_obj->source_filename; $etag = md5($file_srl . $file_key . $_SERVER['HTTP_USER_AGENT']); // Check file key if (strlen($file_key) != 32 || !isset($_SESSION['__XE_FILE_KEY__']) || !is_string($_SESSION['__XE_FILE_KEY__'])) { return $this->stop('msg_invalid_request'); } $file_key_data = $file_srl . $file_obj->file_size . $file_obj->uploaded_filename . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']; $file_key_compare = substr(hash_hmac('sha256', $file_key_data, $_SESSION['__XE_FILE_KEY__']), 0, 32); if ($file_key !== $file_key_compare) { return $this->stop('msg_invalid_request'); } // Check if file exists $uploaded_filename = $file_obj->uploaded_filename; if (!file_exists($uploaded_filename)) { return $this->stop('msg_file_not_found'); } // If client sent an If-None-Match header with the correct ETag, do not download again if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim(trim($_SERVER['HTTP_IF_NONE_MATCH']), '\'"') === $etag) { header('HTTP/1.1 304 Not Modified'); exit; } // If client sent an If-Modified-Since header with a recent modification date, do not download again if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) > filemtime($uploaded_filename)) { header('HTTP/1.1 304 Not Modified'); exit; } // Encode the filename. $filename_param = Rhymix\Framework\UA::encodeFilenameForDownload($filename); // Close context to prevent blocking the session Context::close(); // Open file $fp = fopen($uploaded_filename, 'rb'); if (!$fp) { return $this->stop('msg_file_not_found'); } // Take care of pause and resume if (isset($_SERVER['HTTP_RANGE']) && preg_match('/^bytes=(\\d+)-(\\d+)?/', $_SERVER['HTTP_RANGE'], $matches)) { $range_start = $matches[1]; $range_end = $matches[2] ? $matches[2] : $filesize - 1; $range_length = $range_end - $range_start + 1; if ($range_length < 1 || $range_start < 0 || $range_start >= $filesize || $range_end >= $filesize) { header('HTTP/1.1 416 Requested Range Not Satisfiable'); fclose($fp); exit; } fseek($fp, $range_start); header('HTTP/1.1 206 Partial Content'); header('Content-Range: bytes ' . $range_start . '-' . $range_end . '/' . $filesize); } else { $range_start = 0; $range_length = $filesize - $range_start; } // Clear buffer while (ob_get_level()) { ob_end_clean(); } // Set headers header("Cache-Control: private; max-age=3600"); header("Pragma: "); header("Content-Type: application/octet-stream"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header('Content-Disposition: attachment; ' . $filename_param); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . $range_length); header('Accept-Ranges: bytes'); header('Etag: "' . $etag . '"'); // Print the file contents for ($offset = 0; $offset < $range_length; $offset += 4096) { $buffer_size = min(4096, $range_length - $offset); echo fread($fp, $buffer_size); flush(); } exit; }
function procNcenterliteRedirect() { $logged_info = Context::get('logged_info'); $url = Context::get('url'); $notify = Context::get('notify'); if (!$logged_info || !$url || !$notify) { return new Object(-1, 'msg_invalid_request'); } $output = $this->updateNotifyRead($notify, $logged_info->member_srl); if (!$output->toBool()) { return $output; } $url = str_replace('&', '&', $url); header('Location: ' . $url, TRUE, 302); Context::close(); exit; }
function procAjaxboardAdminSendPush() { $message = Context::get('message'); $notice = Context::get('notice'); $receiver_srl = Context::get('receiver_srl'); $receiver_srls = Context::get('receiver_srls'); if (!$message) { return new Object(-1, 'msg_invalid_request'); } if ($notice != 'Y' && !$receiver_srl && !(is_array($receiver_srls) && count($receiver_srls))) { return new Object(-1, 'msg_not_exists_member'); } if ($notice == 'Y') { $oAjaxboardModel = getModel('ajaxboard'); $module_config = $oAjaxboardModel->getConfig(); $args = array('type' => 'noticeOfServer', 'receiver_tokens' => $module_config->token, 'message' => $message); } else { if ($receiver_srl) { $oMemberModel = getModel('member'); $receiver_info = $oMemberModel->getMemberInfoByMemberSrl($receiver_srl); if ($receiver_info->member_srl != $receiver_srl) { return new Object(-1, 'msg_not_exists_member'); } $args = array('type' => 'notice', 'receiver_srls' => $receiver_srl, 'message' => $message); } else { $message = nl2br(htmlspecialchars($message, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)); $receiver_srls = implode(',', $receiver_srls); $args = array('type' => 'notice', 'receiver_srls' => $receiver_srls, 'message' => $message); } } $oAjaxboardController = getController('ajaxboard'); $oAjaxboardController->emitEvent($args); if (Context::get('is_popup') != 'Y') { $this->setMessage('success_sended'); $this->setRedirectUrl(getNotEncodedUrl('', 'module', 'admin', 'act', 'dispAjaxboardAdminSendPush')); } else { htmlHeader(); alertScript(Context::getLang('success_sended')); closePopupScript(); htmlFooter(); Context::close(); exit; } }
/** * compile specified file and immediately return * @param string $tpl_path path of the directory containing target template file * @param string $tpl_filename target template file's name * @return string Returns compiled content in case of success or NULL in case of failure */ public function compileDirect($tpl_path, $tpl_filename) { $this->init($tpl_path, $tpl_filename, null); // if target file does not exist exit if (!$this->file || !file_exists($this->file)) { Context::close(); exit("Cannot find the template file: '{$this->file}'"); } return $this->parse(); }
/** * @brief 첨부파일 다운로드 * 직접 요청을 받음 * file_srl : 파일의 sequence * sid : db에 저장된 비교 값, 틀리면 다운로드 하지 않음 **/ function procFileDownload() { $oFileModel =& getModel('file'); $file_srl = Context::get('file_srl'); $sid = Context::get('sid'); $logged_info = Context::get('logged_info'); // 파일의 정보를 DB에서 받아옴 $file_obj = $oFileModel->getFile($file_srl); // 요청된 파일 정보가 잘못되었다면 파일을 찾을 수 없다는 오류 출력 if ($file_obj->file_srl != $file_srl || $file_obj->sid != $sid) { return $this->stop('msg_file_not_found'); } // 대기 상태일 경우 파일 다운로드 권한이 없음을 알림 (최고관리자는 다운 로드 허용) if ($logged_info->is_admin != 'Y' && $file_obj->isvalid != 'Y') { return $this->stop('msg_not_permitted_download'); } // 파일 이름 $filename = $file_obj->source_filename; $file_module_config = $oFileModel->getFileModuleConfig($file_obj->module_srl); // 파일 외부링크 차단 if ($file_module_config->allow_outlink == 'N') { //외부링크 허용 확장자 처리 if ($file_module_config->allow_outlink_format) { $allow_outlink_format_array = array(); $allow_outlink_format_array = explode(',', $file_module_config->allow_outlink_format); if (!is_array($allow_outlink_format_array)) { $allow_outlink_format_array[0] = $file_module_config->allow_outlink_format; } foreach ($allow_outlink_format_array as $val) { $val = trim($val); if (preg_match("/\\.{$val}\$/i", $filename)) { $file_module_config->allow_outlink = 'Y'; break; } } } //외부링크 허용 사이트 처리 if ($file_module_config->allow_outlink != 'Y') { $referer = parse_url($_SERVER["HTTP_REFERER"]); if ($referer['host'] != $_SERVER['HTTP_HOST']) { if ($file_module_config->allow_outlink_site) { $allow_outlink_site_array = array(); $allow_outlink_site_array = explode("\n", $file_module_config->allow_outlink_site); if (!is_array($allow_outlink_site_array)) { $allow_outlink_site_array[0] = $file_module_config->allow_outlink_site; } foreach ($allow_outlink_site_array as $val) { $site = parse_url(trim($val)); if ($site['host'] == $referer['host']) { $file_module_config->allow_outlink = 'Y'; break; } } } } else { $file_module_config->allow_outlink = 'Y'; } } if ($file_module_config->allow_outlink != 'Y') { return $this->stop('msg_not_permitted_download'); } } // 파일 다운로드 권한이 있는지 확인 if (is_array($file_module_config->download_grant) && count($file_module_config->download_grant) > 0) { if (!Context::get('is_logged')) { return $this->stop('msg_not_permitted_download'); } $logged_info = Context::get('logged_info'); if ($logged_info->is_admin != 'Y') { $is_permitted = false; for ($i = 0; $i < count($file_module_config->download_grant); $i++) { $group_srl = $file_module_config->download_grant[$i]; if ($logged_info->group_list[$group_srl]) { $is_permitted = true; break; } } if (!$is_permitted) { return $this->stop('msg_not_permitted_download'); } } } // trigger 호출 (before) $output = ModuleHandler::triggerCall('file.downloadFile', 'before', $file_obj); if (!$output->toBool()) { return $this->stop('msg_not_permitted_download'); } // 파일 출력 if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { $filename = urlencode($filename); $filename = preg_replace('/\\./', '%2e', $filename, substr_count($filename, '.') - 1); } $uploaded_filename = $file_obj->uploaded_filename; if (!file_exists($uploaded_filename)) { return $this->stop('msg_file_not_found'); } $fp = fopen($uploaded_filename, 'rb'); if (!$fp) { return $this->stop('msg_file_not_found'); } header("Cache-Control: "); header("Pragma: "); header("Content-Type: application/octet-stream"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Content-Length: " . (string) $file_obj->file_size); header('Content-Disposition: attachment; filename="' . $filename . '"'); header("Content-Transfer-Encoding: binary\n"); fpassthru($fp); // 이상이 없으면 download_count 증가 $args->file_srl = $file_srl; executeQuery('file.updateFileDownloadCount', $args); // trigger 호출 (after) $output = ModuleHandler::triggerCall('file.downloadFile', 'after', $file_obj); Context::close(); exit; }
/** * @brief 가상계좌 입금시 처리 */ function processReport($order_srl, $amount) { $oEpayModel = getModel('epay'); $transaction_info = $oEpayModel->getTransactionByOrderSrl($order_srl); if (!$transaction_info) { return new Object(-1, 'could not find transaction'); } $TEMP_IP = $_SERVER["REMOTE_ADDR"]; $PG_IP = substr($TEMP_IP, 0, 10); //PG에서 보냈는지 IP로 체크 if ($PG_IP == "203.238.37" || $PG_IP == "210.98.138") { return new Object(-1, 'msg_invalid_request'); } //입금액 체크 if ($transaction_info->payment_amount == $amount) { $payArgs = new Object(0, 'success'); $payArgs->add('state', '2'); $payArgs->add('result_code', '0'); $payArgs->add('result_message', 'success'); } else { $payArgs = new Object(-1, '입금액이 일치하지않습니다.'); $payArgs->add('state', '3'); $payArgs->add('result_code', '1'); $payArgs->add('result_message', '입금액이 일치하지않습니다.'); } $payArgs->add('transaction_srl', $transaction_info->transaction_srl); $payArgs->add('payment_method', 'VA'); $payArgs->add('payment_amount', $transaction_info->payment_amount); $payArgs->add('pg_tid', $transaction_ifno->pg_tid); $payArgs->add('vact_bankname', $transaction_info->vact_bankname); $payArgs->add('vact_num', $transaction_info->vact_num); $payArgs->add('vact_name', $transaction_info->vact_name); $payArgs->add('vact_inputname', $transaction_info->vact_inputname); $oEpayController = getController('epay'); $output = $oEpayController->afterPayment($payArgs); if (!$output->toBool()) { return $output; } Context::close(); echo "OK"; exit; }
/** * prepares variables to use in moduleHandler * @param string $module name of module * @param string $act name of action * @param int $mid * @param int $document_srl * @param int $module_srl * @return void * */ function ModuleHandler($module = '', $act = '', $mid = '', $document_srl = '', $module_srl = '') { // If XE has not installed yet, set module as install if (!Context::isInstalled()) { $this->module = 'install'; $this->act = Context::get('act'); return; } $oContext = Context::getInstance(); if ($oContext->isSuccessInit == FALSE) { $logged_info = Context::get('logged_info'); if ($logged_info->is_admin != "Y") { $this->error = 'msg_invalid_request'; return; } } // Set variables from request arguments $this->module = $module ? $module : Context::get('module'); $this->act = $act ? $act : Context::get('act'); $this->mid = $mid ? $mid : Context::get('mid'); $this->document_srl = $document_srl ? (int) $document_srl : (int) Context::get('document_srl'); $this->module_srl = $module_srl ? (int) $module_srl : (int) Context::get('module_srl'); if ($entry = Context::get('entry')) { $this->entry = Context::convertEncodingStr($entry); } // Validate variables to prevent XSS $isInvalid = NULL; if ($this->module && !preg_match("/^([a-z0-9\\_\\-]+)\$/i", $this->module)) { $isInvalid = TRUE; } if ($this->mid && !preg_match("/^([a-z0-9\\_\\-]+)\$/i", $this->mid)) { $isInvalid = TRUE; } if ($this->act && !preg_match("/^([a-z0-9\\_\\-]+)\$/i", $this->act)) { $isInvalid = TRUE; } if ($isInvalid) { htmlHeader(); echo Context::getLang("msg_invalid_request"); htmlFooter(); Context::close(); exit; } if (isset($this->act) && (strlen($this->act) >= 4 && substr_compare($this->act, 'disp', 0, 4) === 0)) { if (Context::get('_use_ssl') == 'optional' && Context::isExistsSSLAction($this->act) && $_SERVER['HTTPS'] != 'on') { if (Context::get('_https_port') != null) { header('location:https://' . $_SERVER['HTTP_HOST'] . ':' . Context::get('_https_port') . $_SERVER['REQUEST_URI']); } else { header('location:https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); } return; } } // call a trigger before moduleHandler init ModuleHandler::triggerCall('moduleHandler.init', 'before', $this); // execute addon (before module initialization) $called_position = 'before_module_init'; $oAddonController = getController('addon'); $addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? 'mobile' : 'pc'); if (file_exists($addon_file)) { include $addon_file; } }
/** * user skin export * @return Object */ public function procShopToolUserSkinExport(){ if(!$this->module_srl) return new Object('-1','msg_invalid_request'); $oShopModel = $this->model; $skin_path = FileHandler::getRealPath($oShopModel->getShopPath($this->module_srl)); $tar_list = FileHandler::readDir($skin_path,'/(\.css|\.html|\.htm|\.js)$/'); $img_list = FileHandler::readDir($skin_path."img",'/(\.png|\.jpeg|\.jpg|\.gif|\.swf)$/'); for($i=0,$c=count($img_list);$i<$c;$i++) $tar_list[] = 'img/' . $img_list[$i]; $userimages_list = FileHandler::readDir($skin_path."user_images",'/(\.png|\.jpeg|\.jpg|\.gif|\.swf)$/'); for($i=0,$c=count($userimages_list);$i<$c;$i++) $tar_list[] = 'user_images/' . $userimages_list[$i]; require_once(_XE_PATH_.'libs/tar.class.php'); chdir($skin_path); $tar = new tar(); $replace_path = getNumberingPath($this->module_srl,3); foreach($tar_list as $key => $file) $tar->addFile($file,$replace_path,'__SHOP_SKIN_PATH__'); $stream = $tar->toTarStream(); $filename = 'ShopUserSkin_' . date('YmdHis') . '.tar'; header("Cache-Control: "); header("Pragma: "); header("Content-Type: application/x-compressed"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header('Content-Disposition: attachment; filename="'. $filename .'"'); header("Content-Transfer-Encoding: binary\n"); echo $stream; Context::close(); exit(); }
function _returnPage($verifier) { // 관리자 화면의 요즘 액세스 얻기 인지 확인한다. if ($this->session->getSession('yozmgetaccess')) { $url = './?module=socialxeserver&act=dispSocialxeserverAdminCallback&verifier=' . $verifier; $this->session->clearSession('yozmgetaccess'); } else { $url = $this->session->getSession('callback') . '?module=socialxe&act=dispSocialxeCallback&provider=' . Context::get('provider') . '&verifier=' . $verifier; $this->session->clearSession('callback'); } header('Location: ' . $url); Context::close(); exit; }
/** * @brief 오픈아이디 연결 요청 마무리 **/ function procMemberValidateAddOpenIDToMember() { $openid = $this->doOpenIDValidate($_GET['openid_identity']); $openid_identity = $openid->GetIdentity(); $openid_validation_result = $openid->validation_result; if ($openid_validation_result == true) { $logged_info = Context::get('logged_info'); if (!Context::get('is_logged')) { return $this->stop('msg_not_logged'); } $member_srl = $logged_info->member_srl; $args->member_srl = $member_srl; $args->openid = $openid_identity; $output = executeQuery('member.addOpenIDToMember', $args); if (!$output->toBool()) { return $output; } Context::close(); if (Context::get('goto')) { $goto = Context::get('goto'); header("location:" . $goto); } else { header("location:./"); } exit; } else { if ($openid->IsError() == true) { $error = $openid->GetError(); return $this->stop($error['description']); } else { return $this->stop('invalid_authorization'); } } }
public static function main() { $context = new Context(); $context->setLiftState(new ClosingState()); $context->open(); $context->close(); $context->run(); $context->stop(); }
/** * layout copy * @return void */ function procLayoutAdminCopyLayout() { $sourceArgs = Context::getRequestVars(); if ($sourceArgs->layout == 'faceoff') { return $this->stop('not supported'); } if (!$sourceArgs->layout_srl) { return $this->stop('msg_empty_origin_layout'); } if (!is_array($sourceArgs->title) || count($sourceArgs->title) == 0) { return $this->stop('msg_empty_target_layout'); } $oLayoutModel =& getModel('layout'); $layout = $oLayoutModel->getLayout($sourceArgs->layout_srl); $args->extra_vars = $oLayoutModel->getLayoutRawData($sourceArgs->layout_srl, array('extra_vars')); $extra_vars = unserialize($args->extra_vars); $oModuleController =& getController('module'); $layout_config->header_script = $extra_vars->header_script; // Get information to create a layout $args->site_srl = (int) $layout->site_srl; $args->layout = $layout->layout; $args->layout_type = $layout->type; if (!$args->layout_type) { $args->layout_type = "P"; } $oDB =& DB::getInstance(); $oDB->begin(); if (is_array($sourceArgs->title)) { foreach ($sourceArgs->title as $key => $value) { if (!trim($value)) { continue; } $args->layout_srl = getNextSequence(); $args->title = $value; // for header script $oModuleController->insertModulePartConfig('layout', $args->layout_srl, $layout_config); // Insert into the DB $output = $this->insertLayout($args); if (!$output->toBool()) { $oDB->rollback(); return $output; } // initiate if it is faceoff layout $this->initLayout($args->layout_srl, $args->layout); // update layout info $output = $this->updateLayout($args); if (!$output->toBool()) { $oDB->rollback(); return $output; } $this->_copyLayoutFile($layout->layout_srl, $args->layout_srl); } } $oDB->commit(); $this->setMessage('success_registed'); if (!in_array(Context::getRequestMethod(), array('XMLRPC', 'JSON'))) { global $lang; htmlHeader(); alertScript($lang->success_registed); reload(true); closePopupScript(); htmlFooter(); Context::close(); exit; } }