/** * To execute a query to the db * * @param string $q The query string * @return resource|false */ public function query($q) { $this->result = mysqli_query($this->connect_id, $q); if (!$this->result && mysqli_errno($this->connect_id)) { big_error('MySQL Query Error', $this->error()); } $this->query_num++; return $this->result; }
function _load_template($template_name) { global $config, $THIS_STYLE_PATH_ABS, $STYLE_PATH_ADMIN_ABS, $DEFAULT_PATH_ADMIN_ABS; $is_admin_template = false; $style_path = $THIS_STYLE_PATH_ABS; //admin template always begin with admin_ if (substr($template_name, 0, 6) == 'admin_') { $style_path = $STYLE_PATH_ADMIN_ABS; $is_admin_template = true; } $template_path = $style_path . $template_name . '.html'; //if template not found and default style is there and not admin tpl $is_tpl_exist = file_exists($template_path); if (!$is_tpl_exist) { if (trim($config['style_depend_on']) != '') { $template_path_alternative = str_replace('/' . $config['style'] . '/', '/' . $config['style_depend_on'] . '/', $template_path); if (file_exists($template_path_alternative)) { $template_path = $template_path_alternative; $is_tpl_exist = true; } } else { if ($is_admin_template) { $template_path = $DEFAULT_PATH_ADMIN_ABS . $template_name . '.html'; $is_tpl_exist = true; } else { if ($config['style'] != 'default' && !$is_admin_template) { $template_path_alternative = str_replace('/' . $config['style'] . '/', '/default/', $template_path); if (file_exists($template_path_alternative)) { $template_path = $template_path_alternative; $is_tpl_exist = true; } } } } } if (!$is_tpl_exist) { big_error('No Template !', 'Requested "' . $template_path . '" template doesnt exists or an empty !! '); } $this->HTML = file_get_contents($template_path); $this->_parse($this->HTML); //use 'b' to force binary mode if ($filename = @fopen(PATH . 'cache/tpl_' . $this->re_name_tpl($template_name) . '.php', 'wb')) { @flock($filename, LOCK_EX); @fwrite($filename, $this->HTML); @flock($filename, LOCK_UN); @fclose($filename); // Read and write for owner, read for everybody else @chmod(PATH . 'cache/tpl_' . $this->re_name_tpl($template_name) . '.php', 0644); } }
function _load_template($template_name) { global $config, $root_path, $STYLE_PATH, $STYLE_PATH_ADMIN; $is_admin_template = false; $style_path = $STYLE_PATH; //admin template always begin with admin_ if (substr($template_name, 0, 6) == 'admin_') { $style_path = $STYLE_PATH_ADMIN; $is_admin_template = true; } $template_path = $style_path . $template_name . '.html'; //if template not found and default style is there and not admin tpl $is_tpl_exist = file_exists($template_path); if (!$is_tpl_exist) { if (file_exists($style_path . 'depend_on.txt')) { $depend_on = file_get_contents($style_path . 'depend_on.txt'); $template_path_alternative = str_replace('/' . $config['style'] . '/', '/' . trim($depend_on) . '/', $template_path); if (file_exists($template_path_alternative)) { $template_path = $template_path_alternative; $is_tpl_exist = true; } } else { if ($config['style'] != 'default' && !$is_admin_template) { $template_path_alternative = str_replace('/' . $config['style'] . '/', '/default/', $template_path); if (file_exists($template_path_alternative)) { $template_path = $template_path_alternative; $is_tpl_exist = true; } } } } if (!$is_tpl_exist) { big_error('No Template !', 'Requested "' . $template_path . '" template doesnt exists or an empty !! '); } /* if(!is_writable($root_path . 'cache')) { big_error('No Template !', '"Cache" folder is not writable!! '); } */ $this->HTML = file_get_contents($template_path); $this->_parse($this->HTML); $filename = @fopen($root_path . 'cache/tpl_' . $this->re_name_tpl($template_name) . '.php', 'w'); @flock($filename, LOCK_EX); // exlusive look @fwrite($filename, $this->HTML); @fclose($filename); }
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_name = false) { global $lang, $config, $usrcp, $userinfo; global $script_path, $script_encoding, $script_srv, $script_db, $script_user, $script_pass, $script_prefix; //check for last slash / if (isset($script_path)) { if (isset($script_path[strlen($script_path)]) && $script_path[strlen($script_path)] == '/') { $script_path = substr($script_path, 0, strlen($script_path)); } //get some useful data from phbb config file if (file_exists(PATH . $script_path . SCRIPT_CONFIG_PATH)) { include PATH . $script_path . SCRIPT_CONFIG_PATH; $forum_srv = $dbhost; $forum_db = $dbname; $forum_user = $dbuser; $forum_pass = $dbpasswd; $forum_prefix = $table_prefix; if (empty($dbhost)) { $forum_srv = 'localhost'; } if (!empty($dbport)) { $forum_srv .= ':' . $dbport; } } else { big_error('Forum path is not correct', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'phpBB3')); } } else { $forum_srv = $script_srv; $forum_db = $script_db; $forum_user = $script_user; $forum_pass = $script_pass; $forum_prefix = $script_prefix; } //if no variables of db if (empty($forum_srv) || empty($forum_user) || empty($forum_db)) { return; } //conecting ... $SQLBB = new SSQL($forum_srv, $forum_user, $forum_pass, $forum_db, true); $SQLBB->set_names('utf8'); unset($forum_pass); // We do not need this any longer //get utf tools global $phpbb_root_path, $phpEx; $phpbb_root_path = PATH . $script_path . '/'; $phpEx = 'php'; define('IN_PHPBB', true); include_once PATH . $script_path . '/includes/utf/utf_tools.' . $phpEx; $row_leve = 'user_type'; $admin_level = 3; $query2 = array('SELECT' => '*', 'FROM' => "`{$forum_prefix}users`"); $query2['WHERE'] = $hashed ? "user_id=" . intval($name) . " AND user_password='******' " : "username_clean='" . $SQLBB->escape(utf8_clean_string($name)) . "'"; if ($return_name) { $query2['SELECT'] = "username"; $query2['WHERE'] = "user_id=" . intval($name); } $query = ''; if (!$hashed) { $result2 = $SQLBB->build($query2); while ($row = $SQLBB->fetch($result2)) { $SQLBB->free($result2); if ($return_name) { return $row['username']; } else { if (phpbb_check_hash($pass, $row['user_password'])) { $query = $query2; } } } } else { $query = $query2; } if (empty($query)) { $SQLBB->close(); return false; } ($hook = $plugin->run_hook('qr_select_usrdata_phpbb_usr_class')) ? eval($hook) : null; //run hook $result = $SQLBB->build($query); if ($SQLBB->num($result) != 0) { while ($row = $SQLBB->fetch($result)) { if ($SQLBB->num($SQLBB->query("SELECT ban_userid FROM `{$forum_prefix}banlist` WHERE ban_userid=" . intval($row['user_id']))) == 0) { if (!$loginadm) { define('USER_ID', $row['user_id']); define('GROUP_ID', $row[$row_leve] == $admin_level ? '1' : '3'); define('USER_NAME', $row['username']); define('USER_MAIL', $row['user_email']); if ($row[$row_leve] == $admin_level) { define('USER_ADMIN', true); } } $userinfo = $row; $userinfo['group_id'] = $row[$row_leve] == $admin_level ? '1' : '3'; $user_y = kleeja_base64_encode(serialize(array('id' => $row['user_id'], 'name' => $row['username'], 'mail' => $row['user_email'], 'last_visit' => time()))); if (!$hashed && !$loginadm) { $usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($row['user_id'] . '|' . $row['user_password'] . '|' . $expire . '|' . sha1(md5($config['h_key'] . $row['user_password']) . $expire) . '|' . ($row[$row_leve] == $admin_level ? '1' : '3') . '|' . $user_y), $expire); } ($hook = $plugin->run_hook('qr_while_usrdata_phpbb_usr_class')) ? eval($hook) : null; //run hook } else { //he is banned from phpBB $SQLBB->free($result); unset($pass); $SQLBB->close(); return false; } } $SQLBB->free($result); unset($pass); $SQLBB->close(); return true; } else { $SQLBB->free($result); $SQLBB->close(); return false; } //dont know why they come here ! return false; }
/** * Include language file */ function get_lang($name, $folder = '') { global $config, $lang, $plugin; ($hook = $plugin->run_hook('get_lang_func')) ? eval($hook) : null; //run hook $name = str_replace('..', '', $name); if ($folder != '') { $folder = str_replace('..', '', $folder); $name = $folder . '/' . $name; } $path = PATH . 'languages/' . $config['language'] . '/' . str_replace('.php', '', $name) . '.php'; $s = defined('DEBUG') ? include $path : @(include $path); if ($s === false) { //$pathen = PATH . 'lang/en/' . str_replace('.php', '', $name) . '.php'; //$sen = defined('DEBUG') ? include_once($pathen) : @include_once($pathen); //if($sen === false) //{ big_error('There is no language file in the current path', 'languages/' . $config['language'] . '/' . str_replace('.php', '', $name) . '.php not found'); //} } return true; }
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_name = false) { global $lang, $config, $usrcp, $userinfo; global $script_path, $script_cp1256, $script_srv, $script_db, $script_user, $script_pass, $script_prefix, $script_db_charset; if (isset($script_path)) { //check for last slash if (isset($script_path[strlen($script_path)]) && $script_path[strlen($script_path)] == '/') { $script_path = substr($script_path, 0, strlen($script_path)); } //get some useful data from vb config file if (file_exists(PATH . $script_path . SCRIPT_CONFIG_PATH)) { require_once PATH . $script_path . SCRIPT_CONFIG_PATH; // //get config from config file // $forum_srv = $config['MasterServer']['servername']; $forum_db = $config['Database']['dbname']; $forum_user = $config['MasterServer']['username']; $forum_pass = $config['MasterServer']['password']; $forum_prefix = $config['Database']['tableprefix']; if ($config['MasterServer']['port'] != 3306) { $forum_srv .= ':' . $config['MasterServer']['port']; } //some people change their db charset if (isset($config['Mysqli']['charset'])) { $forum_db_charset = $config['Mysqli']['charset']; } } else { big_error('Forum path is not correct', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'Vbulletin')); } } else { // //custom config data // $forum_srv = $script_srv; $forum_db = $script_db; $forum_user = $script_user; $forum_pass = $script_pass; $forum_prefix = $script_prefix; //some people change their db charset if (isset($script_db_charset)) { $forum_db_charset = $script_db_charset; } } if (empty($forum_srv) || empty($forum_user) || empty($forum_db)) { return; } $SQLVB = new SSQL($forum_srv, $forum_user, $forum_pass, $forum_db, true); if (isset($forum_db_charset)) { //config $SQLVB->set_names($forum_db_charset); } else { $SQLVB->set_names('latin1'); } unset($forum_pass); // We do not need this any longer $pass = empty($script_cp1256) || !$script_cp1256 ? $pass : $usrcp->kleeja_utf8($pass, false); $name = empty($script_cp1256) || !$script_cp1256 || $hashed ? $name : $usrcp->kleeja_utf8($name, false); $query_salt = array('SELECT' => $hashed ? '*' : 'salt', 'FROM' => "`{$forum_prefix}user`"); $query_salt['WHERE'] = $hashed ? "userid=" . intval($name) . " AND password='******' AND usergroupid != '8'" : "username='******' AND usergroupid != '8'"; //if return only name let's ignore the obove if ($return_name) { $query_salt['SELECT'] = "username"; $query_salt['WHERE'] = "userid=" . intval($name); } ($hook = kleeja_run_hook('qr_select_usrdata_vb_usr_class')) ? eval($hook) : null; //run hook $result_salt = $SQLVB->build($query_salt); if ($SQLVB->num_rows($result_salt) > 0) { while ($row1 = $SQLVB->fetch_array($result_salt)) { if ($return_name) { return empty($script_cp1256) || !$script_cp1256 ? $row1['username'] : $usrcp->kleeja_utf8($row1['username']); } if (!$hashed) { $pass = md5(md5($pass) . $row1['salt']); // without normal md5 $query = array('SELECT' => '*', 'FROM' => "`{$forum_prefix}user`", 'WHERE' => "username='******' AND password='******' AND usergroupid != '8'"); $result = $SQLVB->build($query); if ($SQLVB->num_rows($result) != 0) { while ($row = $SQLVB->fetch_array($result)) { if (!$loginadm) { define('USER_ID', $row['userid']); define('GROUP_ID', $row['usergroupid'] == 6 ? 1 : 3); define('USER_NAME', empty($script_cp1256) || !$script_cp1256 ? $row['username'] : $usrcp->kleeja_utf8($row['username'])); define('USER_MAIL', $row['email']); define('USER_ADMIN', $row['usergroupid'] == 6 ? 1 : 0); } //define('LAST_VISIT',$row['last_visit']); $userinfo = $row; $userinfo['group_id'] = $row['usergroupid'] == 6 ? 1 : 3; $user_y = kleeja_base64_encode(serialize(array('id' => $row['userid'], 'name' => USER_NAME, 'mail' => $row['email'], 'last_visit' => time()))); $hash_key_expire = sha1(md5($config['h_key'] . $row['password']) . $expire); if (!$loginadm) { $usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($row['userid'] . '|' . $row['password'] . '|' . $expire . '|' . $hash_key_expire . '|' . ($row['usergroupid'] == 6 ? 1 : 3) . '|' . $user_y), $expire); } ($hook = kleeja_run_hook('qr_while_usrdata_vb_usr_class')) ? eval($hook) : null; //run hook } $SQLVB->freeresult($result); } else { $SQLVB->close(); return false; } } else { if (!$loginadm) { define('USER_ID', $row1['userid']); define('USER_NAME', empty($script_cp1256) || !$script_cp1256 ? $row1['username'] : $usrcp->kleeja_utf8($row1['username'])); define('USER_MAIL', $row1['email']); define('USER_ADMIN', $row1['usergroupid'] == 6 ? 1 : 0); define('GROUP_ID', $row1['usergroupid'] == 6 ? 1 : 3); $userinfo = $row1; $userinfo['group_id'] = $row1['usergroupid'] == 6 ? 1 : 3; } } } #whil1 $SQLVB->freeresult($result_salt); unset($pass); $SQLVB->close(); return true; } else { $SQLVB->close(); return false; } }
//run hook } #to attach kleeja version in the menu start item $assigned_klj_ver = preg_replace('!#([a-z0-9]+)!', '', KLEEJA_VERSION); //get it if (file_exists($path_adm . '/' . $go_to . '.php')) { ($hook = kleeja_run_hook("require_admin_page_begin_{$go_to}")) ? eval($hook) : null; //run hook include_once $path_adm . '/' . $go_to . '.php'; ($hook = kleeja_run_hook("require_admin_page_end_{$go_to}")) ? eval($hook) : null; //run hook } else { if (isset($_GET['_ajax_'])) { echo_ajax(888, 'Error while loading : ' . $go_to); } big_error('In Loading !', 'Error while loading : ' . $go_to); } ($hook = kleeja_run_hook('end_admin_page')) ? eval($hook) : null; //run hook //no style defined if (empty($stylee)) { $text = $lang['NO_TPL_SHOOSED']; $stylee = 'admin_info'; } $go_menu_html = ''; if (isset($go_menu)) { foreach ($go_menu as $m => $d) { $go_menu_html .= '<li class="' . ($d['current'] ? 'active' : '') . '" id="c_' . $d['goto'] . '"><a href="' . $d['link'] . '" onclick="javascript:get_kleeja_link(\'' . $d['link'] . '\', \'#content\', {\'current_id\':\'c_' . $d['goto'] . '\', \'current_class\':\'active\'' . ($d['confirm'] ? ', \'confirm\':true' : '') . '}); return false;">' . $d['name'] . '</a></li>'; } } //header
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_username = false) { global $lang, $config, $usrcp, $userinfo; global $script_path, $script_api_key, $script_cp1256; //URL must be begin with http:// if (empty($script_path) || $script_path[0] != 'h') { big_error('Forum URL must be begin with http://', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'API')); } //api key is the key to make the query between the remote script and kleeja more secure ! //this must be changed in the real use if (empty($script_api_key)) { big_error('api key', 'To connect to the remote script you have to write the API key ...'); } $pass = empty($script_cp1256) || !$script_cp1256 ? $pass : $usrcp->kleeja_utf8($pass, false); $name = empty($script_cp1256) || !$script_cp1256 || $hashed ? $name : $usrcp->kleeja_utf8($name, false); /* @see file : docs/kleeja_(vb,mysmartbb,phpbb)_api.txt */ $api_http_query = 'api_key=' . kleeja_base64_encode($script_api_key) . '&' . ($hashed ? 'userid' : 'username') . '=' . urlencode($name) . '&pass='******'&return_username=1' : ''; //get it $remote_data = fetch_remote_file($script_path . '?' . $api_http_query); //no responde //empty or can not connect if ($remote_data == false || empty($remote_data)) { return false; } //see kleeja_api.php file //split the data , the first one is always 0 or 1 //0 : error //1: ok $user_info = explode('%|%', kleeja_base64_decode($remote_data)); //omg, it's 0 , 0 : error, lets die here if ((int) $user_info[0] == 0) { return false; } // //if we want username only we have to return it quickly and die here // if ($return_username) { return empty($script_cp1256) || !$script_cp1256 ? $user_info[1] : $usrcp->kleeja_utf8($user_info[1]); } // //when loggin to admin, we just want a check, no data setup .. // if (!$loginadm) { define('USER_ID', $user_info[1]); define('GROUP_ID', 3); define('USER_NAME', empty($script_cp1256) || !$script_cp1256 ? $user_info[2] : $usrcp->kleeja_utf8($user_info[2])); define('USER_MAIL', $user_info[3]); define('USER_ADMIN', (int) $user_info[5] == 1 ? 1 : 0); } //user ifo //and this must be filled with user data comming from url $userinfo = array(); $userinfo['group_id'] = GROUP_ID; $user_y = kleeja_base64_encode(serialize(array('id' => USER_ID, 'name' => USER_NAME, 'mail' => USER_MAIL, 'last_visit' => time()))); //add cookies if (!$loginadm) { $usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($user_info[1] . '|' . $user_info[4] . '|' . $expire . '|' . sha1(md5($config['h_key'] . $user_info[4]) . $expire) . '|' . GROUP_ID . '|' . $user_y), $expire); } //no need after now unset($pass); //yes ! he is a real user return true; }
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $ftime) . ' GMT'); header('Content-Encoding: none'); header('Content-Disposition: ' . ($is_image || $is_live ? 'inline' : 'attachment') . '; ' . $h_name); #if($is_image) #{ # header('Content-Transfer-Encoding: binary'); #} if (!$is_image && !$is_live && $is_ie8) { header('X-Download-Options: noopen'); } #header(($is_ie6 ? 'Expires: -1' : 'Expires: Mon, 26 Jul 1997 05:00:00 GMT')); #(($is_ie8) ? '; authoritative=true; X-Content-Type-Options: nosniff;' : '') if (($pfile = @fopen($path_file, 'rb')) === false) { #so ... it's failed to open ! header("HTTP/1.0 404 Not Found"); big_error('----', 'Error - can not open file.'); } #sending some headers header('Accept-Ranges: bytes'); #prevent some limits @set_time_limit(0); // multipart-download and download resuming support $range_enable = false; if (isset($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== false && !$is_image && !$is_live && $resuming_on) { header('HTTP/1.1 206 Partial Content'); $ranges = explode(',', substr(trim($_SERVER['HTTP_RANGE']), 6)); $boundary = substr(md5($name . microtime()), 24); # many ranges requested if (sizeof($ranges) > 1) { $content_length = 0; foreach ($ranges as $range) {
} #page info $current_template = 'get_pass.php'; $current_title = $lang['GET_LOSTPASS']; $action = 'ucp.php?go=get_pass'; #no error yet $ERRORS = false; # As in ucp.php?go=get_pass&activation_key=1af3405662ec373d672d003cf27cf998&uid=1 if (ig('activation_key') && ig('uid')) { ($hook = $plugin->run_hook('get_pass_activation_key')) ? eval($hook) : null; //run hook $h_key = preg_replace('![^a-z0-9]!', '', g('activation_key', 'str')); $u_id = g('uid', 'int'); #if it's empty ? if (trim($h_key) == '') { big_error('No hash key', 'This is not a good link for activation ... Try again!'); } $query = array('SELECT' => 'new_password', 'FROM' => "{$dbprefix}users", 'WHERE' => "hash_key='" . $SQL->escape($h_key) . "' AND id=" . $u_id); ($hook = $plugin->run_hook('get_pass_f_query')) ? eval($hook) : null; //run hook $result = $SQL->build($query); if ($SQL->num($result)) { $npass = $SQL->fetch($result); $npass = $npass['new_password']; #user password now will be set to the new password $update_query = array('UPDATE' => "{$dbprefix}users", 'SET' => "password = '******', new_password = '', hash_key = ''", 'WHERE' => 'id=' . $u_id); ($hook = $plugin->run_hook('qr_update_newpass_activation')) ? eval($hook) : null; //run hook $SQL->build($update_query); #show message and exit $text = $lang['OK_APPLY_NEWPASS'] . '<br /><a href="' . $config['siteurl'] . ($config['mod_writer'] ? 'login.html' : 'ucp.php?go=login') . '">' . $lang['LOGIN'] . '</a>';
header('Content-Encoding: none'); header('Content-Disposition: ' . ($is_image || $is_live ? 'inline' : 'attachment') . '; ' . $h_name); #if($is_image) #{ # header('Content-Transfer-Encoding: binary'); #} if (!$is_image && !$is_live && $is_ie8) { header('X-Download-Options: noopen'); } #header(($is_ie6 ? 'Expires: -1' : 'Expires: Mon, 26 Jul 1997 05:00:00 GMT')); #(($is_ie8) ? '; authoritative=true; X-Content-Type-Options: nosniff;' : '') if (($pfile = @fopen($path_file, 'rb')) === false) { #so ... it's failed to open ! header("HTTP/1.0 404 Not Found"); @fclose($pfile); big_error($lang['FILE_NO_FOUNDED'], $lang['NOT_FOUND']); } #sending some headers header('Accept-Ranges: bytes'); #prevent some limits @set_time_limit(0); // multipart-download and download resuming support $range_enable = false; if (isset($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== false && !$is_image && !$is_live && $resuming_on) { header('HTTP/1.1 206 Partial Content'); $ranges = explode(',', substr(trim($_SERVER['HTTP_RANGE']), 6)); $boundary = substr(md5($name . microtime()), 24); # many ranges requested if (sizeof($ranges) > 1) { $content_length = 0; foreach ($ranges as $range) {
function add_plugin($contents) { global $dbprefix, $SQL, $lang, $config, $STYLE_PATH_ADMIN, $STYLE_PATH, $THIS_STYLE_PATH, $olang; //initiate file handler if (empty($this->f) && $this->f_method != '') { $this->f = new $this->f_method(); } //parse xml content $XML = new kxml(); $gtree = $XML->xml_to_array($contents); //sekelton of Kleeja plugin file $tree = empty($gtree['kleeja']) ? null : $gtree['kleeja']; $plg_info = empty($tree['info']) ? null : $tree['info']; $plg_install = empty($tree['install']) ? null : $tree['install']; $plg_uninstall = empty($tree['uninstall']) ? null : $tree['uninstall']; $plg_tpl = empty($tree['templates']) ? null : $tree['templates']; $plg_hooks = empty($tree['hooks']) ? null : $tree['hooks']; $plg_langs = empty($tree['langs']) ? null : $tree['langs']; $plg_updates = empty($tree['updates']) ? null : $tree['updates']; $plg_instructions = empty($tree['instructions']) ? null : $tree['instructions']; $plg_phrases = empty($tree['phrases']) ? null : $tree['phrases']; $plg_options = empty($tree['options']) ? null : $tree['options']; $plg_files = empty($tree['files']) ? null : $tree['files']; //important tags not exists if (empty($plg_info)) { big_error('Error', $lang['ERR_XML_NO_G_TAGS'] . (defined('DEV_STAGE') ? __FILE__ . ':' . __LINE__ : '')); } if (!empty($plg_info['plugin_kleeja_version']['value']) && version_compare(strtolower($plg_info['plugin_kleeja_version']['value']), strtolower(KLEEJA_VERSION), '>=') == false) { big_error('Error', $lang['PLUGIN_N_CMPT_KLJ']); } $plg_errors = array(); $plg_new = true; $plugin_name = preg_replace("/[^a-z0-9-_]/", "-", strtolower($plg_info['plugin_name']['value'])); //is this plugin exists before ! $is_query = array('SELECT' => 'plg_id, plg_name, plg_ver', 'FROM' => "{$dbprefix}plugins", 'WHERE' => 'plg_name="' . $plugin_name . '"'); $res = $SQL->build($is_query); if ($SQL->num_rows($res)) { //it's not new one ! , let's see if it same version $plg_new = false; $cur_ver = $SQL->fetch_array($res); $this->plg_id = $cur_ver['plg_id']; $cur_ver = $cur_ver['plg_ver']; $new_ver = $SQL->escape($plg_info['plugin_version']['value']); if (version_compare(strtolower($cur_ver), strtolower($new_ver), '>=')) { return 'xyz'; } else { if (!empty($plg_updates)) { if (is_array($plg_updates['update'])) { if (array_key_exists("attributes", $plg_updates['update'])) { $plg_updates['update'] = array($plg_updates['update']); } } foreach ($plg_updates['update'] as $up) { if (version_compare(strtolower($cur_ver), strtolower($up['attributes']['to']), '<')) { eval($up['value']); } } } } } $there_is_intruct = false; if (isset($plg_instructions)) { if (is_array($plg_instructions['instruction']) && array_key_exists("attributes", $plg_instructions['instruction'])) { $plg_instructions['instruction'] = array($plg_instructions['instruction']); } $instarr = array(); foreach ($plg_instructions['instruction'] as $in) { if (empty($in['attributes']['lang']) || !isset($in['attributes']['lang'])) { big_error('Error', $lang['ERR_XML_NO_G_TAGS'] . (defined('DEV_STAGE') ? __FILE__ . ':' . __LINE__ : '')); } $instarr[$in['attributes']['lang']] = $in['value']; } $there_is_intruct = isset($instarr) && !empty($instarr) ? true : false; } $there_is_files = false; if (isset($plg_files)) { if (is_array($plg_files['file']) && array_key_exists("attributes", $plg_files['file'])) { $plg_files['file'] = array($plg_files['file']); } $newfiles = array(); foreach ($plg_files['file'] as $in) { if (empty($in['attributes']['path']) || !isset($in['attributes']['path'])) { big_error('Error', $lang['ERR_XML_NO_G_TAGS'] . (defined('DEV_STAGE') ? __FILE__ . ':' . __LINE__ : '')); } $newfiles[$in['attributes']['path']] = $in['value']; } $there_is_files = isset($newfiles) && !empty($newfiles) ? true : false; } if (isset($plg_info['plugin_description'])) { if (is_array($plg_info['plugin_description']['description']) && array_key_exists("attributes", $plg_info['plugin_description']['description'])) { $plg_info['plugin_description']['description'] = array($plg_info['plugin_description']['description']); } $p_desc = array(); foreach ($plg_info['plugin_description']['description'] as $in) { if (empty($in['attributes']['lang']) || !isset($in['attributes']['lang'])) { big_error('Error', $lang['ERR_XML_NO_G_TAGS'] . (defined('DEV_STAGE') ? __FILE__ . ':' . __LINE__ : '')); } $p_desc[$in['attributes']['lang']] = $in['value']; } } //store important tags (for now only "install" and "templates" tags) $store = ''; //storing unreached elements if (isset($plg_install) && trim($plg_install['value']) != '') { $store .= '<install><![CDATA[' . $plg_install['value'] . ']]></install>' . "\n\n"; } if (isset($plg_updates)) { $updates = explode("<updates>", $contents); $updates = explode("</updates>", $updates[1]); $store .= '<updates>' . $updates[0] . '</updates>' . "\n\n"; } if (isset($plg_tpl)) { $templates = explode("<templates>", $contents); $templates = explode("</templates>", $templates[1]); $store .= '<templates>' . $templates[0] . '</templates>' . "\n\n"; } //eval install code if (isset($plg_install) && trim($plg_install['value']) != '' && $plg_new) { eval($plg_install['value']); } //if there is an icon with the plugin $plugin_icon = false; if (!empty($plg_info['plugin_icon']['value'])) { $plugin_icon = $SQL->escape($plg_info['plugin_version']['value']); } //if the plugin was new if ($plg_new) { //insert in plugin table $insert_query = array('INSERT' => 'plg_name, plg_ver, plg_author, plg_dsc, plg_icon, plg_uninstall, plg_instructions, plg_store, plg_files', 'INTO' => "{$dbprefix}plugins", 'VALUES' => "'" . $SQL->escape($plugin_name) . "','" . $SQL->escape($plg_info['plugin_version']['value']) . "','" . $SQL->escape($plg_info['plugin_author']['value']) . "','" . $SQL->escape(kleeja_base64_encode(serialize($p_desc))) . "','" . ($plugin_icon ? $plugin_icon . "','" : '') . $SQL->real_escape($plg_uninstall['value']) . "','" . ($there_is_intruct ? $SQL->escape(kleeja_base64_encode(serialize($instarr))) : '') . "','" . $SQL->real_escape($store) . "','" . ($there_is_files ? $SQL->escape(kleeja_base64_encode(serialize(array_keys($newfiles)))) : '') . "'"); $SQL->build($insert_query); $this->plg_id = $SQL->insert_id(); } else { //update language delete_olang('', '', $this->plg_id); $update_query = array('UPDATE' => "{$dbprefix}plugins", 'SET' => "plg_ver='" . $new_ver . "', plg_author='" . $SQL->escape($plg_info['plugin_author']['value']) . "', plg_dsc='" . $SQL->escape($plg_info['plugin_description']['value']) . "', plg_uninstall='" . $SQL->real_escape($plg_uninstall['value']) . ($plugin_icon ? "', plg_icon='" . $plugin_icon : '') . "', plg_instructions='" . ($there_is_intruct ? $SQL->escape(kleeja_base64_encode(serialize($instarr))) : '') . "', plg_files='" . ($there_is_files ? $SQL->escape(kleeja_base64_encode(serialize(array_keys($newfiles)))) : '') . "', plg_store='" . $SQL->escape($store) . "'", 'WHERE' => "plg_id=" . $this->plg_id); $SQL->build($update_query); } if (isset($plg_phrases)) { if (is_array($plg_phrases['lang']) && array_key_exists("attributes", $plg_phrases['lang'])) { $plg_phrases['lang'] = array($plg_phrases['lang']); } $phrases = array(); foreach ($plg_phrases['lang'] as $in) { if (empty($in['attributes']['name']) || !isset($in['attributes']['name'])) { big_error('Error', $lang['ERR_XML_NO_G_TAGS']); } //first we create a new array that can carry language phrases $phrases[$in['attributes']['name']] = array(); if (is_array($in['phrase']) && array_key_exists("attributes", $in['phrase'])) { $in['phrase'] = array($in['phrase']); } //get phrases value foreach ($in['phrase'] as $phrase) { $phrases[$in['attributes']['name']][$phrase['attributes']['name']] = $phrase['value']; } //finally we add it to the database add_olang($phrases[$in['attributes']['name']], $in['attributes']['name'], $this->plg_id); } } if (isset($plg_options)) { if (is_array($plg_options['option']) && array_key_exists("attributes", $plg_options['option'])) { $plg_options['option'] = array($plg_options['option']); } foreach ($plg_options['option'] as $in) { add_config($in['attributes']['name'], $in['attributes']['value'], $in['attributes']['order'], $in['value'], $in['attributes']['menu'], $this->plg_id); } //delete_cache('data_config'); } //add new files if ($there_is_files) { foreach ($newfiles as $path => $content) { $this->f->_write($this->_fixpath_newfile($path), kleeja_base64_decode($content)); } unset($newfiles); } //cache important instruction $cached_instructions = array(); //some actions with tpls if (isset($plg_tpl)) { //edit template if (isset($plg_tpl['edit'])) { include_once "s_strings.php"; $finder = new sa_srch(); if (is_array($plg_tpl['edit']['template']) && array_key_exists("attributes", $plg_tpl['edit']['template'])) { $plg_tpl['edit']['template'] = array($plg_tpl['edit']['template']); } foreach ($plg_tpl['edit']['template'] as $temp) { $template_name = $SQL->real_escape($temp['attributes']['name']); if (isset($temp['find']['value']) && isset($temp['findend']['value'])) { $finder->find_word = array(1 => $temp['find']['value'], 2 => $temp['findend']['value']); } else { $finder->find_word = $temp['find']['value']; } $finder->another_word = $temp['action']['value']; switch ($temp['action']['attributes']['type']) { case 'add_after': $action_type = 3; break; case 'add_after_same_line': $action_type = 4; break; case 'add_before': $action_type = 5; break; case 'add_before_same_line': $action_type = 6; break; case 'replace_with': $action_type = 1; break; } $style_path = substr($template_name, 0, 6) == 'admin_' ? $STYLE_PATH_ADMIN : $THIS_STYLE_PATH; //if template not found and default style is there and not admin tpl $template_path = $style_path . $template_name . '.html'; if (!file_exists($template_path)) { if (trim($config['style_depend_on']) != '') { $depend_on = $config['style_depend_on']; $template_path_alternative = str_replace('/' . $config['style'] . '/', '/' . trim($depend_on) . '/', $template_path); if (file_exists($template_path_alternative)) { $template_path = $template_path_alternative; } } else { if ($config['style'] != 'default' && !$is_admin_template) { $template_path_alternative = str_replace('/' . $config['style'] . '/', '/default/', $template_path); if (file_exists($template_path_alternative)) { $template_path = $template_path_alternative; } } } } $d_contents = file_exists($template_path) ? file_get_contents($template_path) : ''; $finder->text = trim($d_contents); $finder->do_search($action_type); if ($d_contents != '' && $finder->text != $d_contents) { //update $this->f->_write($style_path . $template_name . '.html', $finder->text); //delete cache .. delete_cache('tpl_' . $template_name); } else { $cached_instructions[$template_name] = array('action' => $temp['action']['attributes']['type'], 'find' => $temp['find']['value'], 'action_text' => $temp['action']['value']); } } } #end edit //new templates if (isset($plg_tpl['new'])) { if (is_array($plg_tpl['new']['template'])) { if (array_key_exists("attributes", $plg_tpl['new']['template'])) { $plg_tpl['new']['template'] = array($plg_tpl['new']['template']); } } foreach ($plg_tpl['new']['template'] as $temp) { $style_path = substr($template_name, 0, 6) == 'admin_' ? $STYLE_PATH_ADMIN : $THIS_STYLE_PATH; $template_name = $temp['attributes']['name']; $template_content = trim($temp['value']); $this->f->_write($style_path . $template_name . '.html', $template_content); /** $cached_instructions[$template_name] = array( 'action' => 'new', 'find' => '', 'action_text' => $template_content, ); **/ } } #end new } #ens tpl //hooks if (isset($plg_hooks['hook'])) { $plugin_author = strip_tags($plg_info['plugin_author']['value'], '<a><span>'); $plugin_author = $SQL->real_escape($plugin_author); //if the plugin is not new then replace the old hooks with the new hooks if (!$plg_new) { //delete old hooks ! $query_del = array('DELETE' => "{$dbprefix}hooks", 'WHERE' => "plg_id=" . $this->plg_id); $SQL->build($query_del); } //then if (is_array($plg_hooks['hook'])) { if (array_key_exists("attributes", $plg_hooks['hook'])) { $plg_hooks['hook'] = array($plg_hooks['hook']); } } foreach ($plg_hooks['hook'] as $hk) { $hook_for = $SQL->real_escape($hk['attributes']['name']); $hk_value = $SQL->real_escape($hk['value']); $insert_query = array('INSERT' => 'plg_id, hook_name, hook_content', 'INTO' => "{$dbprefix}hooks", 'VALUES' => "'" . $this->plg_id . "','" . $hook_for . "', '" . $hk_value . "'"); $SQL->build($insert_query); } //delete cache .. //delete_cache('data_hooks'); } //done ! if (sizeof($plg_errors) < 1) { //add cached instuctions to cache if there if (sizeof($cached_instructions) > 0) { //fix if (file_exists(PATH . 'cache/styles_cached.php')) { $cached_content = file_get_contents(PATH . 'cache/styles_cached.php'); $cached_content = kleeja_base64_decode($cached_content); $cached_content = unserialize($cached_content); $cached_instructions += $cached_content; } $filename = @fopen(PATH . 'cache/styles_cached.php', 'w'); fwrite($filename, kleeja_base64_encode(serialize($cached_instructions))); fclose($filename); } if ($this->f_method === 'zfile') { if ($this->f->check()) { $this->zipped_files = $this->f->push($plugin_name); return $there_is_intruct ? 'zipped/inst' : 'zipped'; } } return $plg_new ? $there_is_intruct ? 'inst' : 'done' : 'upd'; } else { return $plg_errors; } return false; }
function kleeja_auth_login($name, $pass, $hashed = false, $expire, $loginadm = false, $return_name = false) { global $lang, $config, $usrcp, $userinfo; global $script_path, $script_encoding, $script_srv, $script_db, $script_user, $script_pass, $script_prefix; if (isset($script_path)) { //check for last slash / if (isset($script_path[strlen($script_path)]) && $script_path[strlen($script_path)] == '/') { $script_path = substr($script_path, 0, strlen($script_path)); } //get database data from mysmartbb config file if (file_exists(PATH . $script_path . SCRIPT_CONFIG_PATH)) { require_once PATH . $script_path . SCRIPT_CONFIG_PATH; $forum_srv = $config['db']['server']; $forum_db = $config['db']['name']; $forum_user = $config['db']['username']; $forum_pass = $config['db']['password']; $forum_prefix = $config['db']['prefix']; } else { big_error('Forum path is not correct', sprintf($lang['SCRIPT_AUTH_PATH_WRONG'], 'MySmartBB')); } } else { $forum_srv = $script_srv; $forum_db = $script_db; $forum_user = $script_user; $forum_pass = $script_pass; $forum_prefix = $script_prefix; } if (empty($forum_srv) || empty($forum_user) || empty($forum_db)) { return; } $SQLMS = new SSQL($forum_srv, $forum_user, $forum_pass, $forum_db, true); $SQLVB->set_names('latin1'); $pass = $usrcp->kleeja_utf8($pass, false); $name = $usrcp->kleeja_utf8($name, false); $query = array('SELECT' => '*', 'FROM' => "`{$forum_prefix}member`"); $query['WHERE'] = $hashed ? "id=" . intval($name) . " AND password='******'" : "username='******' AND password='******'"; //if return only name let's ignore the obove if ($return_name) { $query_salt['SELECT'] = "username"; $query_salt['WHERE'] = "id=" . intval($name); } ($hook = kleeja_run_hook('qr_select_usrdata_mysbb_usr_class')) ? eval($hook) : null; //run hook $result = $SQLMS->build($query); if ($SQLMS->num_rows($result) != 0) { while ($row = $SQLMS->fetch_array($result)) { if ($return_name) { return $row['username']; } if (!$loginadm) { define('USER_ID', $row['id']); define('GROUP_ID', $row['usergroup'] == 1 ? 1 : 3); define('USER_NAME', $usrcp->kleeja_utf8($row['username'])); define('USER_MAIL', $row['email']); define('USER_ADMIN', $row['usergroup'] == 1 ? 1 : 0); } $userinfo = $row; $userinfo['group_id'] = GROUP_ID; $user_y = kleeja_base64_encode(serialize(array('id' => $row['id'], 'name' => $usrcp->kleeja_utf8($row['username']), 'mail' => $row['email'], 'last_visit' => time()))); $hash_key_expire = sha1(md5($config['h_key'] . $row['password']) . $expire); if (!$hashed && !$loginadm) { $usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt($row['id'] . '|' . $row['password'] . '|' . $expire . '|' . $hash_key_expire . '|' . GROUP_ID . '|' . $user_y), $expire); } ($hook = kleeja_run_hook('qr_while_usrdata_mysbb_usr_class')) ? eval($hook) : null; //run hook } $SQLMS->freeresult($result); unset($pass); $SQLMS->close(); return true; } else { $SQLMS->close(); return false; } }
} ++$i; $adm_extensions_menu[$i] = array('i' => $i + 1, 'i2' => $i + 2, 'icon' => file_exists(ADMIN_STYLE_PATH_ABS . 'images/menu/' . $m . '_button.png') ? ADMIN_STYLE_PATH . 'images/menu/' . $m . '_button.png' : ADMIN_STYLE_PATH . 'images/menu/no_icon.png', 'title' => !empty($lang['R_' . strtoupper($m)]) ? $lang['R_' . strtoupper($m)] : (!empty($olang['R_' . strtoupper($m)]) ? $olang['R_' . strtoupper($m)] : strtoupper($m)), 'link' => ADMIN_PATH . '?cp=' . $m . (@in_array($m, $ext_formkey) ? '&' . $GET_FORM_KEY_GLOBAL : ''), 'confirm' => @in_array($m, $ext_confirm) ? true : false, 'current' => $m == $go_to ? true : false, 'goto' => $m, 'kbubble' => in_array($m, array_keys($kbubbles)) ? '<span class="badge pull-' . ($lang['DIR'] == 'rtl' ? 'left' : 'right') . '" id="t_' . $m . '"' . ($kbubbles[$m] == 0 ? ' style="display:none"' : '') . '>' . $kbubbles[$m] . '</span>' : ''); ($hook = $plugin->run_hook('endforeach_ext_admin_page')) ? eval($hook) : null; //run hook } #to attach kleeja version in the menu start item $assigned_klj_ver = preg_replace('!#([a-z0-9]+)!', '', KLEEJA_VERSION); if (file_exists($adm_extensions[$go_to] . '/' . $go_to . '.php')) { ($hook = $plugin->run_hook("require_admin_page_begin_{$go_to}")) ? eval($hook) : null; //run hook include $adm_extensions[$go_to] . '/' . $go_to . '.php'; ($hook = $plugin->run_hook("require_admin_page_end_{$go_to}")) ? eval($hook) : null; //run hook } else { big_error('Loading !', 'Error while loading: ' . $adm_extensions[$go_to] . '/' . $go_to); } ($hook = $plugin->run_hook('end_admin_page')) ? eval($hook) : null; //run hook #no style defined if (empty($current_template)) { $text = 'THERE IS NO TEMPLATE ASSIGNED FOR THIS PAGE!'; $current_template = 'info.php'; } $go_menu_html = ''; if (isset($go_menu)) { foreach ($go_menu as $m => $d) { $go_menu_html .= '<li class="' . ($d['current'] ? 'active' : '') . '" id="c_' . $d['goto'] . '"><a href="' . $d['link'] . '" onclick="' . (isset($d['confirm']) && $d['confirm'] ? 'javascript:return confirm_from();' : '') . '">' . $d['name'] . '</a></li>'; } } #header
$titlee = $lang['GET_LOSTPASS']; $action = 'ucp.php?go=get_pass'; $H_FORM_KEYS = kleeja_add_form_key('get_pass'); //no error yet $ERRORS = false; //after sent mail .. come here //example: http://www.moyad.com/up/ucp.php?go=get_pass&activation_key=1af3405662ec373d672d003cf27cf998&uid=1 # if (isset($_GET['activation_key']) && isset($_GET['uid'])) { ($hook = kleeja_run_hook('get_pass_activation_key')) ? eval($hook) : null; //run hook $h_key = preg_replace('![^a-z0-9]!', '', $_GET['activation_key']); $u_id = intval($_GET['uid']); #if it's empty ? if (trim($h_key) == '') { big_error('No hash key', 'This is not a good link ... try again!'); } $result = $SQL->query("SELECT new_password FROM {$dbprefix}users WHERE hash_key='" . $SQL->escape($h_key) . "' AND id=" . $u_id . ""); if ($SQL->num_rows($result)) { $npass = $SQL->fetch_array($result); $npass = $npass['new_password']; //password now will be same as new password $update_query = array('UPDATE' => "{$dbprefix}users", 'SET' => "password = '******', new_password = '', hash_key = ''", 'WHERE' => 'id=' . $u_id); ($hook = kleeja_run_hook('qr_update_newpass_activation')) ? eval($hook) : null; //run hook $SQL->build($update_query); $text = $lang['OK_APPLY_NEWPASS'] . '<br /><a href="' . $config['siteurl'] . ($config['mod_writer'] ? 'login.html' : 'ucp.php?go=login') . '">' . $lang['LOGIN'] . '</a>'; kleeja_info($text); exit; } //no else .. just do nothing cuz it's wrong and wrong mean spams !
/** * Include language file */ function get_lang($name, $folder = '') { global $config, $lang; ($hook = kleeja_run_hook('get_lang_func')) ? eval($hook) : null; //run hook $name = str_replace('..', '', $name); if ($folder != '') { $folder = str_replace('..', '', $folder); $name = $folder . '/' . $name; } $path = PATH . 'lang/' . $config['language'] . '/' . str_replace('.php', '', $name) . '.php'; if (file_exists($path)) { include_once $path; } else { if (file_exists(PATH . 'lang/en/' . str_replace('.php', '', $name) . '.php')) { include_once PATH . 'lang/en/' . str_replace('.php', '', $name) . '.php'; } else { big_error('There is no language file in the current path', '' . $path . ' not found'); } } return true; }