Exemplo n.º 1
0
 public static function chobits_addslashes($string, $force = 0)
 {
     !defined('MAGIC_QUOTES_GPC') && define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
     if (!MAGIC_QUOTES_GPC || $force) {
         if (is_array($string)) {
             foreach ($string as $key => $val) {
                 $string[$key] = GlobalCore::chobits_addslashes($val, $force);
             }
         } else {
             $string = addslashes($string);
         }
     }
     return $string;
 }
Exemplo n.º 2
0
 public static function RecvPortraits($input_name, $img_id, $dir, $hash_type = 'null')
 {
     if (GlobalCore::disuploadedfile($_FILES[$input_name]['tmp_name']) && $_FILES[$input_name]['tmp_name'] != 'none' && $_FILES[$input_name]['tmp_name'] && trim($_FILES[$input_name]['name'])) {
         $pic_extarray = array('gif', 'jpg', 'png');
         $_FILES[$input_name]['name'] = GlobalCore::chobits_addslashes($_FILES[$input_name]['name']);
         $pic_ext = strtolower(GlobalCore::fileext($_FILES[$input_name]['name']));
         if (is_array($pic_extarray) && !in_array($pic_ext, $pic_extarray)) {
             GlobalCore::showmessage('profile_avatar_invalid');
         }
         if ($hash_type == 'id') {
             $filename = $img_id;
             $pic = $dir . '/l/' . GlobalCore::mkdir_by_uid($img_id, NOWHERE_ROOT . $dir . '/l') . '/' . $filename . '.' . $pic_ext;
         } else {
             $filename = $img_id . '_' . GlobalCore::random(5);
             $pic = $dir . '/l/' . GlobalCore::mkdir_hash($img_id, NOWHERE_ROOT . $dir . '/l') . '/' . $filename . '.' . $pic_ext;
         }
         $pic_target = NOWHERE_ROOT . './' . $pic;
         if (!@copy($_FILES[$input_name]['tmp_name'], $pic_target)) {
             @move_uploaded_file($_FILES[$input_name]['tmp_name'], $pic_target);
         }
         if (file_exists($pic_target)) {
             $port['pic'] = $pic;
             $port['filename'] = $filename;
             $port['pic_target'] = $pic_target;
             $port['pic_ext'] = $pic_ext;
             return $port;
         }
     }
 }
<?php

foreach (array('_COOKIE', '_POST', '_GET') as $_request) {
    foreach (${$_request} as $_key => $_value) {
        $_key[0] != '_' && (${$_key} = GlobalCore::chobits_addslashes($_value));
    }
}
$sid = GlobalCore::chobits_addslashes($transsidstatus && (isset($_GET['sid']) || isset($_POST['sid'])) ? isset($_GET['sid']) ? $_GET['sid'] : $_POST['sid'] : (isset($_DCOOKIE['sid']) ? $_DCOOKIE['sid'] : ''));
$authkey = AUTHKEY;
$chobits_auth_key = md5($authkey . $_SERVER['HTTP_USER_AGENT']);
list($nw_pw, $nw_uid) = empty($_DCOOKIE['auth']) ? array('', '', 0) : GlobalCore::chobits_addslashes(explode("\t", GlobalCore::authcode($_DCOOKIE['auth'], 'DECODE')), 1);
$sessionexists = 0;
if (!defined('NO_SESSION')) {
    $membertablefields = 'm.uid AS nw_uid, m.username AS nw_user, m.nickname AS nw_nick,m.password AS nw_pw,m.avatar AS nw_avatar, m.regdate AS nw_regdate,
    	m.adminid, m.groupid, m.email, m.timeoffset, m.timeformat, m.dateformat, m.lastvisit, m.lastactivity';
    if ($sid) {
        if ($nw_uid) {
            $query = $db->query("SELECT s.sid, s.groupid='6' AS ipbanned, {$membertablefields}\r\n    \t\t\tFROM {$tablepre}sessions s, {$tablepre}members m\r\n    \t\t\tWHERE m.uid=s.uid AND s.sid='{$sid}' AND CONCAT_WS('.',s.ip1,s.ip2,s.ip3,s.ip4)='{$onlineip}' AND m.uid='{$nw_uid}'\r\n    \t\t\tAND m.password='******'");
        } else {
            $query = $db->query("SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned\r\n    \t\t\tFROM {$tablepre}sessions WHERE sid='{$sid}' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='{$onlineip}'");
        }
        if ($_DSESSION = $db->fetch_array($query)) {
            $sessionexists = 1;
            if (!empty($_DSESSION['sessionuid'])) {
                $_DSESSION = array_merge($_DSESSION, $db->fetch_first("SELECT {$membertablefields}\r\n    \t\t\t\tFROM {$tablepre}members m WHERE uid='{$_DSESSION['sessionuid']}'"));
            }
        } else {
            if ($_DSESSION = $db->fetch_first("SELECT sid, groupid, groupid='6' AS ipbanned\r\n    \t\t\tFROM {$tablepre}sessions WHERE sid='{$sid}' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='{$onlineip}'")) {
                GlobalCore::clearcookies();
                $sessionexists = 1;
            }
Exemplo n.º 4
0
require_once NOWHERE_ROOT . './inc/config.inc.php';
foreach (array('_COOKIE', '_POST', '_GET') as $_request) {
    foreach (${$_request} as $_key => $_value) {
        $_key[0] != '_' && (${$_key} = GlobalCore::chobits_addslashes($_value));
    }
}
if (!MAGIC_QUOTES_GPC && $_FILES) {
    $_FILES = GlobalCore::chobits_addslashes($_FILES);
}
$dbcharset = $forumfounders = $metakeywords = $extrahead = $seodescription = '';
$plugins = $hooks = $admincp = $jsmenu = $forum = $thread = $language = $actioncode = $modactioncode = $lang = $subject = array();
$_DCOOKIE = $_DSESSION = $_NCACHE = $_DPLUGIN = $_CHOBITS = array();
$prelength = strlen($cookiepre);
foreach ($_COOKIE as $key => $val) {
    if (substr($key, 0, $prelength) == $cookiepre) {
        $_DCOOKIE[substr($key, $prelength)] = MAGIC_QUOTES_GPC ? $val : GlobalCore::chobits_addslashes($val);
    }
}
unset($prelength, $_request, $_key, $_value, $_request, $protected);
$inajax = !empty($inajax);
$timestamp = time();
require_once NOWHERE_ROOT . './core/DBCore.php';
$PHP_SELF = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$SCRIPT_FILENAME = str_replace('\\\\', '/', isset($_SERVER['PATH_TRANSLATED']) ? $_SERVER['PATH_TRANSLATED'] : $_SERVER['SCRIPT_FILENAME']);
if (getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
    $onlineip = getenv('HTTP_CLIENT_IP');
} elseif (getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
    $onlineip = getenv('HTTP_X_FORWARDED_FOR');
} elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
    $onlineip = getenv('REMOTE_ADDR');
} elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
Exemplo n.º 5
0
     $chobits_action = 6;
     $referer = GlobalCore::nwReferer();
     $thetimenow = '(GMT ' . ($timeoffset > 0 ? '+' : '') . $timeoffset . ') ' . gmdate("{$dateformat} {$timeformat}", $timestamp + $timeoffset * 3600) . ($_DCOOKIE['cookietime'] = isset($_DCOOKIE['cookietime']) ? $_DCOOKIE['cookietime'] : 2592000);
     $cookietimecheck = array(isset($_DCOOKIE['cookietime']) ? intval($_DCOOKIE['cookietime']) : 2592000 => 'checked');
     include GlobalCore::template('login');
 } else {
     $nw_uid = 0;
     $nw_user = $nw_pw = $md5_password = '';
     $member = array();
     $loginperm = GlobalCore::logincheck();
     if (!$loginperm) {
         GlobalCore::showmessage('login_strike');
     }
     if (isset($loginauth)) {
         $password = '******';
         list($email, $md5_password) = GlobalCore::chobits_addslashes(explode("\t", GlobalCore::authcode($loginauth, 'DECODE')), 1);
     } else {
         $md5_password = md5($password);
         $password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password);
     }
     if (preg_match("%^[A-Za-z][A-Za-z0-9]*_?[A-Za-z0-9]*\$%i", $email)) {
         $where = "m.username = '******'";
     } else {
         $where = "m.email = '{$email}'";
     }
     $query = $db->query("SELECT m.uid AS nw_uid, m.username AS nw_user, m.nickname AS nw_nick,m.password AS nw_pw,\r\n\t\t\t\t\tm.adminid, m.groupid, m.lastvisit\r\n\t\t\t\t\tFROM {$tablepre}members m\r\n\t\t\t\t\tWHERE {$where}");
     $member = $db->fetch_array($query);
     if ($member['nw_uid'] && $member['nw_pw'] == $md5_password) {
         extract($member);
         $nw_userss = $nw_user;
         $nw_user = addslashes($nw_user);
Exemplo n.º 6
0
 public static function UpdateSettings()
 {
     global $db, $nw_uid, $nw_pw, $tablepre, $timestamp, $adminid, $basic_settings, $webservice_settings, $password_old, $password_new, $password_new2;
     $define_settings = self::FetchDefineSettings();
     foreach ($define_settings as $key) {
         $val = GlobalCore::chobits_addslashes(trim($_POST[$key]));
         $db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('{$key}', '{$val}')");
     }
     if ($_POST['nickname']) {
         $nickname = GlobalCore::chobits_addslashes(GlobalCore::cutstr(GlobalCore::nwHtmlspecialchars($_POST['nickname']), 25, ''));
         $avatar = GlobalCore::chobits_addslashes(GlobalCore::nwHtmlspecialchars($_POST['avatar']));
         $db->query("UPDATE {$tablepre}members SET nickname='{$nickname}',avatar='{$avatar}' WHERE uid = '{$nw_uid}'");
         $db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('avatar', '{$avatar}')");
     }
     if ($_POST['password_new']) {
         if (md5($password_old) != $nw_pw) {
             GlobalCore::showmessage('profile_passwd_wrong', NULL, 'HALTED');
         }
         if ($password_new) {
             if ($password_new != addslashes($password_new)) {
                 GlobalCore::showmessage('profile_passwd_illegal');
             } elseif ($password_new != $password_new2) {
                 GlobalCore::showmessage('profile_passwd_notmatch');
             }
             $newpasswd = md5($password_new);
             $db->query("UPDATE {$tablepre}members SET password ='******' WHERE uid = '{$nw_uid}'");
             GlobalCore::showmessage('password_set_succeed', NWDIR . '/login', 'DONE');
         }
     }
     self::UpdateSettingsCache();
     GlobalCore::nwHeader('Location: ' . NWDIR . '/settings');
 }