private function onPurchase() { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('Purchase GWF Modules', $error) . $this->templatePurchase(); } if (!isset($_POST['mod']) || !is_array($_POST['mod'])) { return $this->module->error('err_select_modules') . $this->templatePurchase(); // return GWF_HTML::err('ERR_GENERAL', array( __FILE__, __LINE__)).$this->templatePurchase(); } $purchased_modules = array(); foreach ($_POST['mod'] as $mname => $yes) { if (isset($this->modules[$mname])) { $purchased_modules[] = $mname; } } if (count($purchased_modules) === 0) { return $this->module->error('err_select_modules') . $this->templatePurchase(); } $designs = GWF_Design::getDesigns(); $purchased_designs = array(); foreach ($_POST['design'] as $dname => $yes) { if (array_key_exists($dname, $designs)) { $purchased_designs[] = $dname; } } $user = GWF_User::getStaticOrGuest(); $userid = GWF_Session::getUserID(); if (false === ($client = GWF_Client::getClient($userid))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templatePurchase(); } $order = new GWF_ClientOrder(array('vsco_uid' => $userid, 'vsco_modules' => implode(',', $purchased_modules), 'vsco_designs' => implode(',', $purchased_designs))); Module_Payment::saveTempOrder($order); $tVars = array('order' => Module_Payment::displayOrderS($this->module, $order, $user)); return $this->module->template('order.tpl', $tVars); }
private function onJoin($array) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('Join Group', $error); } if (false === ($group = GWF_Group::getByID(key($array)))) { return $this->module->error('err_unk_group'); } return $this->module->getMethod('Join')->onQuickJoin($group, GWF_User::getStaticOrGuest()); }
private function onDeleteFolders() { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('PM', $error, false); } $back = ''; foreach (Common::getPostArray('folder', array()) as $folderid => $stub) { $back .= $this->onDeleteFolder($folderid); } return $back; }
public static function onUpload(Module_PageBuilder $module) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return $error; } if (false === ($file = GWF_Upload::getFile('file'))) { return GWF_HTML::err('ERR_MISSING_UPLOAD'); } $back = ''; # TODO: There are more unsafe languages! # But we want to keep the file extension. # Not really a big deal, unless you have malicious admin users. $name = $file['name']; // $name = str_replace(array('/', '\\'), '', $name); // $forbidden = array('.php',/* '.pl', '.py', '.asp'*/); // foreach ($forbidden as $ext) // { // if (Common::endsWith($name, $ext)) // if (Common::endsWith($name, '.php')) // { // $name .= '.html'; // $back .= $module->error('err_file_ext'); // return $back; // } // } # This is evil, sometimes even with foo.php.html if (stripos($name, '.php') !== false) { return $module->error('err_file_ext'); } # We do a sanity check here if (!preg_match('#^[a-z0-9_][a-z0-9_\\.]{0,62}$#iD', $name)) { $back .= $module->error('err_file_name'); return $back; } # Copy the file $path = 'dbimg/content/' . $name; $epath = htmlspecialchars($path); if (Common::isFile($path)) { return $back . $module->error('err_upload_exists'); } if (false === GWF_Upload::moveTo($file, $path)) { return $back . GWF_HTML::err('ERR_WRITE_FILE', array($epath)); } # Is bbcode mode? $bbcode = (Common::getPostInt('type', 0) & (GWF_Page::HTML | GWF_Page::SMARTY)) === 0; # Append to page content as image or anchor. $_POST['content'] .= self::fileToContent($name, $path, $bbcode); return $module->message('msg_file_upped', array($epath)); }
private function onDelete($array) { if (!GWF_User::isInGroupS('moderator')) { return GWF_HTML::err('ERR_NO_PERMISSION'); } if (!is_array($array)) { return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__)); } if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('Shoutbox', $error); } foreach ($array as $id => $foo) { break; } if (false === ($row = GWF_Shoutbox::getByID($id))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } if (false === $row->delete()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return $this->module->message('msg_deleted'); }
private function onDelete() { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return $error; } if (isset($_POST['user']) && is_array($_POST['user'])) { $to_delete = implode(',', array_keys($_POST['user'])); if ($to_delete !== '') { $userid = GWF_Session::getUserID(); $table = GDO::table('GWF_ProfilePOIWhitelist'); if (!$table->deleteWhere("pw_uida={$userid} AND pw_uidb IN ({$to_delete})")) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } $numDeleted = $table->affectedRows(); if ($numDeleted > 0) { return $this->module->message('msg_white_removed', array($numDeleted)); } } } return ''; }
private function onUnFreeze($data) { if (false !== ($err = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('WeChall', $err); } if (!is_array($data)) { return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__)); } foreach ($data as $key => $value) { break; } $data = explode(',', $key); if (count($data) !== 2) { return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__)); } $userid = intval($data[0]); $siteid = intval($data[1]); if (false === ($user = GWF_User::getByID($userid))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } if (false === ($site = WC_Site::getByID($siteid))) { return $this->module->error('err_site'); } if (WC_Freeze::isUserFrozenOnSite($userid, $siteid)) { # Unfreeze if (false === WC_Freeze::unfreezeUser($userid, $siteid)) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } # Insert event. $rank = WC_RegAt::calcExactRank($user); WC_HistoryUser2::insertEntry($user, $site, 'unban'); } # Done return $this->module->message('msg_unfrozen', array($user->displayUsername(), $site->displayName())); }
private function onEnable($enum) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('', $error); } if ($this->mod->isCoreModule()) { return $this->module->error('err_disable_core_module'); } if (false === $this->mod->saveOption(GWF_Module::ENABLED, $enum === 'enabled')) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } if (false === GWF_ModuleLoader::reinstallHTAccess()) { return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__)); } return $this->module->message('msg_module_' . $enum, array($this->mod->display('module_name'))); }
private function onUnLinkSite($array) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('WeChall', $error); } if (!is_array($array)) { return ''; } // TODO: Replace with appropiate PHP function foreach ($array as $siteid => $stub) { break; } if (false === ($site = WC_Site::getByID($siteid))) { return $this->module->error('err_site'); } $user = GWF_Session::getUser(); $userid = GWF_Session::getUserID(); $old_totalscore = $user->getVar('user_level'); if (WC_Freeze::isUserFrozen($userid)) { return $this->module->error('err_frozen'); } if (false === ($regat = WC_RegAt::getRegatRow($userid, $site->getID()))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } if (false === WC_RegAt::unlink($userid, $site->getID())) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } $site->increase('site_linkcount', -1); WC_RegAt::calcTotalscores(); # (GWF_Session::getUser()); $user = GWF_User::getByID($userid); $new_totalscore = $user->getVar('user_level'); require_once GWF_CORE_PATH . 'module/WeChall/WC_HistoryUser2.php'; WC_HistoryUser2::insertEntry($user, $site, 'unlink', 0, $regat->getOnsiteScore(), $new_totalscore - $old_totalscore); return $this->module->message('msg_site_unlinked', array($site->displayName())); }