function GamePage()
{
global $base_uri;
$uid = params('user');
if (!isset($_SESSION['uid'])) {
return 0;
} else {
createToken($_SESSION['uid']);
}
$reg = 0;
$shit = 0;
if (!isset($uid) || $uid == "") {
$uid = $_SESSION['uid'];
} else {
if (!check_registration($uid)) {
$reg = 1;
}
$shit = 1;
}
$user = getUserInfo($_SESSION['access_token'], $uid, 'photo_max');
if ($reg) {
register($uid, $user['first_name'], $user['last_name']);
}
echo $user['first_name'] . " " . $user['last_name'];
echo "<img src=\"" . $user['photo_max'] . "\" /><br><br>";
if ($shit) {
echo "<a href=\"/shit/" . $_SESSION['uid'] . "/" . $uid . "/" . getToken($_SESSION['uid']) . "\">shit</a><br>";
}
$friends = getUserFriends($_SESSION['access_token'], $uid);
foreach ($friends as $friend) {
echo $friend["first_name"] . " " . $friend["last_name"] . "<br>";
echo "<a href=\"{$base_uri}/game/" . $friend['uid'] . "\"><img src=\"" . $friend["photo_50"] . "\" /></a><hr>";
}
}
public function va()
{
$usr_info = array('Id' => I('post.usrid'), 'psw' => I('post.psw'), 'lastLogin' => date('Y-m-d H:i:s', time()), 'lastIp' => get_client_ip());
$usrs = M('usr');
$map = array('Id=' => $usr_info['Id'], 'psw' => $usr_info['psw']);
$res = array(response => "数据创建失败,请联系管理员以解决问题。错误代码:0。", status => "0");
if ($usrs->create($usr_info)) {
if (checkUsr($map)) {
//创建token
$token = createToken($usr_info['Id']);
//清空token
session(C('SESSION_KEY_TOKEN'), null);
//写入token(重新密码登录代表重新获取令牌)
session(C('SESSION_KEY_TOKEN'), $token);
$usr_info['token'] = $token;
$usr_info['grantTime'] = date('Y-m-d H:i:s', time());
$list = $usrs->where($map)->save($usr_info);
$res = array(response => "登陆成功", status => "1");
cookie('login', array(id => $usr_info["id"], token => $token), 3600);
} else {
$res = array(response => "用户名密码验证信息错误", status => "2");
}
}
$this->ajaxReturn(json_encode($res), 'JSON');
}
/**
* Ask them for their login information. (shows a page for the user to type
* in their username and password.)
* It caches the referring URL in $_SESSION['login_url'].
* It is accessed from ?action=login.
* @uses Login template and language file with the login sub-template.
* @uses the protocol_login sub-template in the Wireless template,
* if you are using a wireless device
*/
function Login()
{
global $txt, $context, $scripturl, $user_info;
// You are already logged in, go take a tour of the boards
if (!empty($user_info['id'])) {
redirectexit();
}
// In wireless? If so, use the correct sub template.
if (WIRELESS) {
$context['sub_template'] = WIRELESS_PROTOCOL . '_login';
} else {
loadLanguage('Login');
loadTemplate('Login');
$context['sub_template'] = 'login';
}
// Get the template ready.... not really much else to do.
$context['page_title'] = $txt['login'];
$context['default_username'] =& $_REQUEST['u'];
$context['default_password'] = '';
$context['never_expire'] = false;
// Add the login chain to the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']);
// Set the login URL - will be used when the login process is done (but careful not to send us to an attachment).
if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) {
$_SESSION['login_url'] = $_SESSION['old_url'];
} else {
unset($_SESSION['login_url']);
}
// Create a one time token.
createToken('login');
}
function login($data, $ip)
{
//separate data
if ($obs = json_decode($data, true)) {
//sanitization
$user = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['n']), ENT_QUOTES, "utf-8");
$pw = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['p']), ENT_QUOTES, "utf-8");
//retrieve pass and id from DB
$res = json_decode(processLogin($user), true);
$dbPass = $res[0]['password'];
$id = $res[0]['userId'];
//hash entered password
$cPass = hashPass($pw);
//compare hashed pws
if ($cPass == $dbPass) {
//generate token
$token = createToken($ip, $id);
//set cookie to token value
$time = time() + 86400 / 2;
setcookie("token", $token, $time, "/");
session_start();
setLoginData($_SESSION['user_id'], $user);
return 1;
} else {
setcookie("token", " ", time() - 1);
return -1;
}
} else {
return -1;
}
}
function signIn($username, $password, $name, $dbConn, $id, $module_type)
{
// never trust data coming from lua
$username = htmlspecialchars($username);
$password = htmlspecialchars($password);
$name = htmlspecialchars($name);
$id = htmlspecialchars($id);
$module_type = htmlspecialchars($module_type);
// hash is created in the lua now
// $salt = '';
// $query = "select salt from users where username = '******';";
// $result = mysql_query($query);
// $row = mysql_fetch_array($result, MYSQL_ASSOC);
// $salt = $row['salt'];
// $hash = sha1($salt.$password);
$query2 = "select user_id from users where username = '******' AND password = '******';";
$result2 = mysql_query($query2);
$row2 = mysql_fetch_array($result2, MYSQL_ASSOC);
if ($row2['user_id'] != '') {
$token = createToken($dbConn, $row2['user_id'], $name, $id, $username, $module_type);
if ($module_type == '4') {
createRedstoneEntry($dbConn, $token, $id);
}
if ($module_type == '3') {
createTankEntry($dbConn, $token, $id);
}
if ($module_type == '2') {
createEnergyEntry($dbConn, $token, $id);
}
echo $token;
} else {
echo 'error';
}
}
public function va()
{
$usr_info = array('id' => I('post.usrid', 0), 'psw' => I('post.psw', 0), 'lastLogin' => date('Y-m-d H:i:s', time()), 'lastIp' => get_client_ip());
$usrs = M('admin');
$map = array('id' => $usr_info['id'], 'psw' => $usr_info['psw']);
$res = array(response => "数据创建失败,请联系管理员以解决问题。错误代码:0。", status => "0");
if ($usrs->create($usr_info)) {
if (checkUsr($map)) {
//创建token
$token = createToken($usr_info['Id']);
//清空token
session(C('SESSION_KEY_TOKEN_ADMIN'), null);
//写入token(重新密码登录代表重新获取令牌)
session(C('SESSION_KEY_TOKEN_ADMIN'), $token);
$usr['token'] = $token;
$usr['grantTime'] = date('Y-m-d H:i:s', time());
$usr['lastLogin'] = date('Y-m-d H:i:s', time());
$usr['lastIp'] = get_client_ip();
$list = $usrs->field(array('token', 'grantTime', 'lastLogin', 'lastIp'))->where($map)->save($usr);
$list = $usrs->field(array('id', 'expiretime'))->where($map)->find();
$res = array(response => "登陆成功", status => "1");
cookie(C('COOKIE_KEY_TOKEN_ADMIN'), array(id => $list["id"], token => $token), $list['expiretime']);
} else {
$res = array(response => "用户名密码验证信息错误", status => "2");
}
}
$this->ajaxReturn(json_encode($res), 'JSON');
// $this->redirect(Edit/logined);
}
function EnableCoreFeatures()
{
global $context, $smcFunc, $sourcedir, $modSettings, $txt;
$context['xml_data'] = array();
// Just in case, maybe we don't need it
loadLanguage('Errors');
// We need (at least) this to ensure that mod files are included
if (!empty($modSettings['integrate_admin_include'])) {
$admin_includes = explode(',', $modSettings['integrate_admin_include']);
foreach ($admin_includes as $include) {
$include = strtr(trim($include), array('$boarddir' => $boarddir, '$sourcedir' => $sourcedir, '$themedir' => $settings['theme_dir']));
if (file_exists($include)) {
require_once $include;
}
}
}
$errors = array();
$returns = array();
$tokens = array();
if (allowedTo('admin_forum')) {
$validation = validateSession();
if (empty($validation)) {
require_once $sourcedir . '/ManageSettings.php';
$result = ModifyCoreFeatures();
if (empty($result)) {
$id = isset($_POST['feature_id']) ? $_POST['feature_id'] : '';
if (!empty($id) && isset($context['features'][$id])) {
$feature = $context['features'][$id];
$returns[] = array('value' => !empty($_POST['feature_' . $id]) && $feature['url'] ? '<a href="' . $feature['url'] . '">' . $feature['title'] . '</a>' : $feature['title']);
createToken('admin-core', 'post');
$tokens = array(array('value' => $context['admin-core_token'], 'attributes' => array('type' => 'token_var')), array('value' => $context['admin-core_token_var'], 'attributes' => array('type' => 'token')));
} else {
$errors[] = array('value' => $txt['feature_no_exists']);
}
} else {
$errors[] = array('value' => $txt[$result]);
}
} else {
$errors[] = array('value' => $txt[$validation]);
}
} else {
$errors[] = array('value' => $txt['cannot_admin_forum']);
}
$context['sub_template'] = 'generic_xml';
$context['xml_data'] = array('corefeatures' => array('identifier' => 'corefeature', 'children' => $returns), 'tokens' => array('identifier' => 'token', 'children' => $tokens), 'errors' => array('identifier' => 'error', 'children' => $errors));
}
public static function check($receivedToken, $receivedData)
{
/* Recreate the generic part of token using secretKey and other stuff */
$tokenGeneric = $REG->secret_key . $_SERVER["SERVER_NAME"];
// We create a token which should match
$token = hash('sha256', $tokenGeneric . $receivedData);
// We check if token is ok !
if ($receivedToken != $token) {
echo 'wrong Token !';
return false;
}
list($tokenDate, $userData) = explode("_", $receivedData);
// here we compare tokenDate with current time using VALIDITY_TIME to check if the token is expired
// if token expired we return false
// otherwise it's ok and we return a new token
return createToken(time() . "#" . $userData);
}
/**
* This action handler method displays and allows to change avatar settings.
*
* - Called by index.php?action=admin;area=manageattachments;sa=avatars.
*
* @uses 'avatars' sub-template.
*/
public function action_avatarSettings_display()
{
global $txt, $context, $scripturl;
// Initialize the form
$this->_initAvatarSettingsForm();
$config_vars = $this->_avatarSettings->settings();
// Saving avatar settings?
if (isset($_GET['save'])) {
checkSession();
call_integration_hook('integrate_save_avatar_settings');
// Disable if invalid values would result
if (isset($_POST['custom_avatar_enabled']) && $_POST['custom_avatar_enabled'] == 1 && (empty($_POST['custom_avatar_dir']) || empty($_POST['custom_avatar_url']))) {
$_POST['custom_avatar_enabled'] = 0;
}
Settings_Form::save_db($config_vars);
redirectexit('action=admin;area=manageattachments;sa=avatars');
}
// Attempt to figure out if the admin is trying to break things.
$context['settings_save_onclick'] = 'return document.getElementById(\'custom_avatar_enabled\').value == 1 && (document.getElementById(\'custom_avatar_dir\').value == \'\' || document.getElementById(\'custom_avatar_url\').value == \'\') ? confirm(\'' . $txt['custom_avatar_check_empty'] . '\') : true;';
// We need this for the in-line permissions
createToken('admin-mp');
// Prepare the context.
$context['post_url'] = $scripturl . '?action=admin;area=manageattachments;save;sa=avatars';
Settings_Form::prepare_db($config_vars);
// Add a layer for the javascript.
Template_Layers::getInstance()->add('avatar_settings');
$context['sub_template'] = 'show_settings';
}
function login($mail, $password)
{
$db = new MysqliDb();
$db->where("mail", $mail);
$results = $db->get("clientes");
global $jwt_enabled;
if ($db->count > 0) {
$hash = $results[0]['password'];
if (password_verify($password, $hash) && $results[0]['status'] != 0) {
if ($jwt_enabled) {
echo json_encode(createToken($results[0]['cliente_id'], $mail, $results[0]['nombre'], $results[0]['rol_id']));
} else {
echo json_encode($results);
}
} else {
echo json_encode(-1);
}
} else {
echo json_encode(-1);
}
}
$user = User::whereRaw('email = ? and password = ?', array($email, $password))->get();
if ($user->isEmpty()) {
return $response->withHeader('Content-type', 'application/json')->write('{"msg":"Hatalı kullanıcı adı veya parola"}');
}
$user = $user->first();
if ($user->deleted == 1) {
return $response->withHeader('Content-type', 'application/json')->write('{"msg":"Hesabınız engellendi !"}');
}
$token = Token::where('user_id', $user->user_id)->get();
if ($token->isEmpty()) {
$token = new Token();
$token->user_id = $user->user_id;
} else {
$token = $token->first();
}
$token->token = createToken();
$token->create_date = date("YmdHi");
$token->save();
$user["token"] = $token;
$user->password = null;
$response->write(json_encode($user) . ' ');
return $response->withHeader('Content-type', 'application/json');
});
$app->post('/register', function ($request, $response, $args) {
$newUser = new User();
$email = $request->getParsedBody()["email"];
$password = $request->getParsedBody()["password"];
if (!isset($email) && !isset($password)) {
return $response->write('{"msg":"email ve password bilgisi zorunludur"}')->withHeader('Content-type', 'application/json');
}
$newUser->email = $request->getParsedBody()["email"];
/**
* Show the log of all tasks that have taken place.
*
* @uses ManageScheduledTasks language file
*/
public function action_log()
{
global $scripturl, $context, $txt;
require_once SUBSDIR . '/ScheduledTasks.subs.php';
// Lets load the language just in case we are outside the Scheduled area.
loadLanguage('ManageScheduledTasks');
// Empty the log?
if (!empty($_POST['removeAll'])) {
checkSession();
validateToken('admin-tl');
emptyTaskLog();
}
// Setup the list.
$listOptions = array('id' => 'task_log', 'items_per_page' => 30, 'title' => $txt['scheduled_log'], 'no_items_label' => $txt['scheduled_log_empty'], 'base_href' => $context['admin_area'] == 'scheduledtasks' ? $scripturl . '?action=admin;area=scheduledtasks;sa=tasklog' : $scripturl . '?action=admin;area=logs;sa=tasklog', 'default_sort_col' => 'date', 'get_items' => array('function' => array($this, 'list_getTaskLogEntries')), 'get_count' => array('function' => array($this, 'list_getNumTaskLogEntries')), 'columns' => array('name' => array('header' => array('value' => $txt['scheduled_tasks_name']), 'data' => array('db' => 'name')), 'date' => array('header' => array('value' => $txt['scheduled_log_time_run']), 'data' => array('function' => create_function('$rowData', '
return standardTime($rowData[\'time_run\'], true);
')), 'sort' => array('default' => 'lst.id_log DESC', 'reverse' => 'lst.id_log')), 'time_taken' => array('header' => array('value' => $txt['scheduled_log_time_taken']), 'data' => array('sprintf' => array('format' => $txt['scheduled_log_time_taken_seconds'], 'params' => array('time_taken' => false))), 'sort' => array('default' => 'lst.time_taken', 'reverse' => 'lst.time_taken DESC')), 'task_completed' => array('header' => array('value' => $txt['scheduled_log_completed']), 'data' => array('function' => create_function('$rowData', '
global $settings, $txt;
return \'<img src="\' . $settings[\'images_url\'] . \'/admin/complete_\' . ($rowData[\'task_completed\'] ? \'success\' : \'fail\') . \'.png" alt="\' . sprintf($txt[$rowData[\'task_completed\'] ? \'maintain_done\' : \'maintain_fail\'], $rowData[\'name\']) . \'" />\';
')))), 'form' => array('href' => $context['admin_area'] == 'scheduledtasks' ? $scripturl . '?action=admin;area=scheduledtasks;sa=tasklog' : $scripturl . '?action=admin;area=logs;sa=tasklog', 'token' => 'admin-tl'), 'additional_rows' => array(array('position' => 'below_table_data', 'value' => '
<input type="submit" name="removeAll" value="' . $txt['scheduled_log_empty_log'] . '" onclick="return confirm(\'' . $txt['scheduled_log_empty_log_confirm'] . '\');" class="right_submit" />'), array('position' => 'after_title', 'value' => $txt['scheduled_tasks_time_offset'], 'class' => 'windowbg2')));
createToken('admin-tl');
require_once SUBSDIR . '/GenericList.class.php';
createList($listOptions);
$context['sub_template'] = 'show_list';
$context['default_list'] = 'task_log';
// Make it all look tify.
$context[$context['admin_menu_name']]['current_subsection'] = 'tasklog';
$context['page_title'] = $txt['scheduled_log'];
}
/**
* Show the log of all tasks that have taken place.
*
* @uses ManageScheduledTasks language file
*/
function TaskLog()
{
global $scripturl, $context, $txt, $smcFunc, $sourcedir;
// Lets load the language just incase we are outside the Scheduled area.
loadLanguage('ManageScheduledTasks');
// Empty the log?
if (!empty($_POST['removeAll'])) {
checkSession();
validateToken('admin-tl');
$smcFunc['db_query']('truncate_table', '
TRUNCATE {db_prefix}log_scheduled_tasks', array());
}
// Setup the list.
$listOptions = array('id' => 'task_log', 'items_per_page' => 30, 'title' => $txt['scheduled_log'], 'no_items_label' => $txt['scheduled_log_empty'], 'base_href' => $context['admin_area'] == 'scheduledtasks' ? $scripturl . '?action=admin;area=scheduledtasks;sa=tasklog' : $scripturl . '?action=admin;area=logs;sa=tasklog', 'default_sort_col' => 'date', 'get_items' => array('function' => 'list_getTaskLogEntries'), 'get_count' => array('function' => 'list_getNumTaskLogEntries'), 'columns' => array('name' => array('header' => array('value' => $txt['scheduled_tasks_name']), 'data' => array('db' => 'name')), 'date' => array('header' => array('value' => $txt['scheduled_log_time_run']), 'data' => array('function' => create_function('$rowData', '
return timeformat($rowData[\'time_run\'], true);
')), 'sort' => array('default' => 'lst.id_log DESC', 'reverse' => 'lst.id_log')), 'time_taken' => array('header' => array('value' => $txt['scheduled_log_time_taken']), 'data' => array('sprintf' => array('format' => $txt['scheduled_log_time_taken_seconds'], 'params' => array('time_taken' => false))), 'sort' => array('default' => 'lst.time_taken', 'reverse' => 'lst.time_taken DESC'))), 'form' => array('href' => $context['admin_area'] == 'scheduledtasks' ? $scripturl . '?action=admin;area=scheduledtasks;sa=tasklog' : $scripturl . '?action=admin;area=logs;sa=tasklog', 'token' => 'admin-tl'), 'additional_rows' => array(array('position' => 'below_table_data', 'value' => '
<input type="submit" name="removeAll" value="' . $txt['scheduled_log_empty_log'] . '" onclick="return confirm(\'' . $txt['scheduled_log_empty_log_confirm'] . '\');" class="button_submit" />', 'style' => 'text-align: right;'), array('position' => 'after_title', 'value' => $txt['scheduled_tasks_time_offset'], 'class' => 'windowbg2')));
createToken('admin-tl');
require_once $sourcedir . '/Subs-List.php';
createList($listOptions);
$context['sub_template'] = 'show_list';
$context['default_list'] = 'task_log';
// Make it all look tify.
$context[$context['admin_menu_name']]['current_subsection'] = 'tasklog';
$context['page_title'] = $txt['scheduled_log'];
}
/**
* Set general news and newsletter settings and permissions.
*
* What it does:
* - Called by ?action=admin;area=news;sa=settings.
* - Requires the forum_admin permission.
*
* @uses ManageNews template, news_settings sub-template.
*/
public function action_newsSettings_display()
{
global $context, $txt, $scripturl;
// Initialize the form
$this->_initNewsSettingsForm();
$config_vars = $this->_newsSettings->settings();
// Add some javascript at the bottom...
addInlineJavascript('
document.getElementById("xmlnews_maxlen").disabled = !document.getElementById("xmlnews_enable").checked;
document.getElementById("xmlnews_limit").disabled = !document.getElementById("xmlnews_enable").checked;', true);
$context['page_title'] = $txt['admin_edit_news'] . ' - ' . $txt['settings'];
$context['sub_template'] = 'show_settings';
// Wrap it all up nice and warm...
$context['post_url'] = $scripturl . '?action=admin;area=news;save;sa=settings';
$context['permissions_excluded'] = array(-1);
// Saving the settings?
if (isset($_GET['save'])) {
checkSession();
call_integration_hook('integrate_save_news_settings');
Settings_Form::save_db($config_vars);
redirectexit('action=admin;area=news;sa=settings');
}
// We need this for the in-line permissions
createToken('admin-mp');
Settings_Form::prepare_db($config_vars);
}
/api.php?token=<token>&action=catalog returns the list with all courses and lessons of the system
/api.php?token=<token>&action=logout logs out from eFront API
API returns xml corresponding to the action argument. For actions like efrontlogin, activate_user etc it returns a status entity ("ok" or "error").
In case of error it returns also a message entity with description of the error occured.
*/
$path = "../libraries/";
require_once $path . "configuration.php";
$data = eF_getTableData("configuration", "value", "name='api'");
//Read current values
$api = $data[0]['value'];
if ($api == 1) {
if (isset($_GET['action'])) {
$action = $_GET['action'];
switch ($_GET['action']) {
case 'token':
$token = createToken(30);
if (strlen($token) == 30) {
$insert['token'] = $token;
$insert['status'] = "unlogged";
$insert['expired'] = 0;
$insert['create_timestamp'] = time();
eF_insertTableData("tokens", $insert);
echo "<xml>";
echo "<token>" . $token . "</token>";
echo "</xml>";
}
break;
case 'efrontlogin':
if (isset($_GET['token']) && checkToken($_GET['token'])) {
$token = $_GET['token'];
$creds = eF_getTableData("tokens t, users u", "u.login, u.password, u.user_type", "t.users_LOGIN = u.LOGIN and t.token='{$token}'");
/**
* Edit settings related to the sphinx or sphinxQL search function.
*
* - Called by ?action=admin;area=managesearch;sa=sphinx.
* - Checks if connection to search daemon is possible
*/
public function action_managesphinx()
{
global $txt, $context, $modSettings;
// Saving the settings
if (isset($_POST['save'])) {
checkSession();
validateToken('admin-mssphinx');
updateSettings(array('sphinx_data_path' => rtrim($_POST['sphinx_data_path'], '/'), 'sphinx_log_path' => rtrim($_POST['sphinx_log_path'], '/'), 'sphinx_stopword_path' => $_POST['sphinx_stopword_path'], 'sphinx_indexer_mem' => (int) $_POST['sphinx_indexer_mem'], 'sphinx_searchd_server' => $_POST['sphinx_searchd_server'], 'sphinx_searchd_port' => (int) $_POST['sphinx_searchd_port'], 'sphinxql_searchd_port' => (int) $_POST['sphinxql_searchd_port'], 'sphinx_max_results' => (int) $_POST['sphinx_max_results']));
} elseif (isset($_POST['checkconnect'])) {
checkSession();
validateToken('admin-mssphinx');
// If they have not picked sphinx yet, let them know, but we can still check connections
if (empty($modSettings['search_index']) || $modSettings['search_index'] !== 'sphinx' && $modSettings['search_index'] !== 'sphinxql') {
$context['settings_message'][] = $txt['sphinx_test_not_selected'];
$context['error_type'] = 'notice';
}
// Try to connect via Sphinx API?
if (!empty($modSettings['search_index']) && ($modSettings['search_index'] === 'sphinx' || empty($modSettings['search_index']))) {
if (@file_exists(SOURCEDIR . '/sphinxapi.php')) {
include_once SOURCEDIR . '/sphinxapi.php';
$mySphinx = new SphinxClient();
$mySphinx->SetServer($modSettings['sphinx_searchd_server'], (int) $modSettings['sphinx_searchd_port']);
$mySphinx->SetLimits(0, (int) $modSettings['sphinx_max_results']);
$mySphinx->SetMatchMode(SPH_MATCH_BOOLEAN);
$mySphinx->SetSortMode(SPH_SORT_ATTR_ASC, 'id_topic');
$request = $mySphinx->Query('test', 'elkarte_index');
if ($request === false) {
$context['settings_message'][] = $txt['sphinx_test_connect_failed'];
$context['error_type'] = 'serious';
} else {
$context['settings_message'][] = $txt['sphinx_test_passed'];
}
} else {
$context['settings_message'][] = $txt['sphinx_test_api_missing'];
$context['error_type'] = 'serious';
}
}
// Try to connect via SphinxQL
if (!empty($modSettings['search_index']) && ($modSettings['search_index'] === 'sphinxql' || empty($modSettings['search_index']))) {
if (!empty($modSettings['sphinx_searchd_server']) && !empty($modSettings['sphinxql_searchd_port'])) {
$result = @mysqli_connect($modSettings['sphinx_searchd_server'] === 'localhost' ? '127.0.0.1' : $modSettings['sphinx_searchd_server'], '', '', '', (int) $modSettings['sphinxql_searchd_port']);
if ($result === false) {
$context['settings_message'][] = $txt['sphinxql_test_connect_failed'];
$context['error_type'] = 'serious';
} else {
$context['settings_message'][] = $txt['sphinxql_test_passed'];
}
} else {
$context['settings_message'][] = $txt['sphinxql_test_connect_failed'];
$context['error_type'] = 'serious';
}
}
} elseif (isset($_POST['createconfig'])) {
checkSession();
validateToken('admin-mssphinx');
require_once SUBSDIR . '/ManageSearch.subs.php';
createSphinxConfig();
}
// Setup for the template
$context['page_title'] = $txt['search_sphinx'];
$context['page_description'] = $txt['sphinx_description'];
$context['sub_template'] = 'manage_sphinx';
createToken('admin-mssphinx');
}
function sendMailReinitPassword($user)
{
global $db;
global $LIEN_SITE;
$req = $db->prepare("SELECT mail FROM `camagru`.`users` WHERE name = :name");
$req->execute(array(":name" => $user));
$res = $req->fetchAll();
if (empty($res)) {
return false;
} else {
$token = createToken();
$message = "Bonjour vous avez demande une reinitialisation de votre mot de passe Camagru merci de cliquer sur ce lien pour continuer !\n" . $LIEN_SITE . "index.php?href=reinit_password&action=recup&token=" . $token . "\nSi vous n'avez pas effectue cette demande merci de l'ignorer.";
if (!mail($res[0]['mail'], "reinitialisation de votre mot de passe Camagru", $message)) {
return false;
} else {
$req = $db->prepare("UPDATE `camagru`.`users` SET token_recup = :token WHERE name = :name");
$req->execute(array(":token" => $token, ":name" => $user));
return true;
}
}
}
/**
* Edit the search method and search index used.
* Calculates the size of the current search indexes in use.
* Allows to create and delete a fulltext index on the messages table.
* Allows to delete a custom index (that CreateMessageIndex() created).
* Called by ?action=admin;area=managesearch;sa=method.
* Requires the admin_forum permission.
*
* @uses ManageSearch template, 'select_search_method' sub-template.
*/
function EditSearchMethod()
{
global $txt, $context, $modSettings, $smcFunc, $db_type, $db_prefix;
$context[$context['admin_menu_name']]['current_subsection'] = 'method';
$context['page_title'] = $txt['search_method_title'];
$context['sub_template'] = 'select_search_method';
$context['supports_fulltext'] = $smcFunc['db_search_support']('fulltext');
// Load any apis.
$context['search_apis'] = loadSearchAPIs();
// Detect whether a fulltext index is set.
if ($context['supports_fulltext']) {
detectFulltextIndex();
}
if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'createfulltext') {
checkSession('get');
validateToken('admin-msm', 'get');
// Make sure it's gone before creating it.
$smcFunc['db_query']('', '
ALTER TABLE {db_prefix}messages
DROP INDEX body', array('db_error_skip' => true));
$smcFunc['db_query']('', '
ALTER TABLE {db_prefix}messages
ADD FULLTEXT body (body)', array());
$context['fulltext_index'] = 'body';
} elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removefulltext' && !empty($context['fulltext_index'])) {
checkSession('get');
validateToken('admin-msm', 'get');
$smcFunc['db_query']('', '
ALTER TABLE {db_prefix}messages
DROP INDEX ' . implode(',
DROP INDEX ', $context['fulltext_index']), array('db_error_skip' => true));
$context['fulltext_index'] = '';
// Go back to the default search method.
if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'fulltext') {
updateSettings(array('search_index' => ''));
}
} elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removecustom') {
checkSession('get');
validateToken('admin-msm', 'get');
db_extend();
$tables = $smcFunc['db_list_tables'](false, $db_prefix . 'log_search_words');
if (!empty($tables)) {
$smcFunc['db_search_query']('drop_words_table', '
DROP TABLE {db_prefix}log_search_words', array());
}
updateSettings(array('search_custom_index_config' => '', 'search_custom_index_resume' => ''));
// Go back to the default search method.
if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'custom') {
updateSettings(array('search_index' => ''));
}
} elseif (isset($_POST['save'])) {
checkSession();
validateToken('admin-msmpost');
updateSettings(array('search_index' => empty($_POST['search_index']) || !in_array($_POST['search_index'], array('fulltext', 'custom')) && !isset($context['search_apis'][$_POST['search_index']]) ? '' : $_POST['search_index'], 'search_force_index' => isset($_POST['search_force_index']) ? '1' : '0', 'search_match_words' => isset($_POST['search_match_words']) ? '1' : '0'));
}
$context['table_info'] = array('data_length' => 0, 'index_length' => 0, 'fulltext_length' => 0, 'custom_index_length' => 0);
// Get some info about the messages table, to show its size and index size.
if ($db_type == 'mysql') {
if (preg_match('~^`(.+?)`\\.(.+?)$~', $db_prefix, $match) !== 0) {
$request = $smcFunc['db_query']('', '
SHOW TABLE STATUS
FROM {string:database_name}
LIKE {string:table_name}', array('database_name' => '`' . strtr($match[1], array('`' => '')) . '`', 'table_name' => str_replace('_', '\\_', $match[2]) . 'messages'));
} else {
$request = $smcFunc['db_query']('', '
SHOW TABLE STATUS
LIKE {string:table_name}', array('table_name' => str_replace('_', '\\_', $db_prefix) . 'messages'));
}
if ($request !== false && $smcFunc['db_num_rows']($request) == 1) {
// Only do this if the user has permission to execute this query.
$row = $smcFunc['db_fetch_assoc']($request);
$context['table_info']['data_length'] = $row['Data_length'];
$context['table_info']['index_length'] = $row['Index_length'];
$context['table_info']['fulltext_length'] = $row['Index_length'];
$smcFunc['db_free_result']($request);
}
// Now check the custom index table, if it exists at all.
if (preg_match('~^`(.+?)`\\.(.+?)$~', $db_prefix, $match) !== 0) {
$request = $smcFunc['db_query']('', '
SHOW TABLE STATUS
FROM {string:database_name}
LIKE {string:table_name}', array('database_name' => '`' . strtr($match[1], array('`' => '')) . '`', 'table_name' => str_replace('_', '\\_', $match[2]) . 'log_search_words'));
} else {
$request = $smcFunc['db_query']('', '
SHOW TABLE STATUS
LIKE {string:table_name}', array('table_name' => str_replace('_', '\\_', $db_prefix) . 'log_search_words'));
}
if ($request !== false && $smcFunc['db_num_rows']($request) == 1) {
// Only do this if the user has permission to execute this query.
$row = $smcFunc['db_fetch_assoc']($request);
$context['table_info']['index_length'] += $row['Data_length'] + $row['Index_length'];
$context['table_info']['custom_index_length'] = $row['Data_length'] + $row['Index_length'];
$smcFunc['db_free_result']($request);
}
} elseif ($db_type == 'postgresql') {
// In order to report the sizes correctly we need to perform vacuum (optimize) on the tables we will be using.
db_extend();
$temp_tables = $smcFunc['db_list_tables']();
foreach ($temp_tables as $table) {
if ($table == $db_prefix . 'messages' || $table == $db_prefix . 'log_search_words') {
$smcFunc['db_optimize_table']($table);
}
}
// PostGreSql has some hidden sizes.
$request = $smcFunc['db_query']('', '
SELECT relname, relpages * 8 *1024 AS "KB" FROM pg_class
WHERE relname = {string:messages} OR relname = {string:log_search_words}
ORDER BY relpages DESC', array('messages' => $db_prefix . 'messages', 'log_search_words' => $db_prefix . 'log_search_words'));
if ($request !== false && $smcFunc['db_num_rows']($request) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if ($row['relname'] == $db_prefix . 'messages') {
$context['table_info']['data_length'] = (int) $row['KB'];
$context['table_info']['index_length'] = (int) $row['KB'];
// Doesn't support fulltext
$context['table_info']['fulltext_length'] = $txt['not_applicable'];
} elseif ($row['relname'] == $db_prefix . 'log_search_words') {
$context['table_info']['index_length'] = (int) $row['KB'];
$context['table_info']['custom_index_length'] = (int) $row['KB'];
}
}
$smcFunc['db_free_result']($request);
} else {
// Didn't work for some reason...
$context['table_info'] = array('data_length' => $txt['not_applicable'], 'index_length' => $txt['not_applicable'], 'fulltext_length' => $txt['not_applicable'], 'custom_index_length' => $txt['not_applicable']);
}
} else {
$context['table_info'] = array('data_length' => $txt['not_applicable'], 'index_length' => $txt['not_applicable'], 'fulltext_length' => $txt['not_applicable'], 'custom_index_length' => $txt['not_applicable']);
}
// Format the data and index length in kilobytes.
foreach ($context['table_info'] as $type => $size) {
// If it's not numeric then just break. This database engine doesn't support size.
if (!is_numeric($size)) {
break;
}
$context['table_info'][$type] = comma_format($context['table_info'][$type] / 1024) . ' ' . $txt['search_method_kilobytes'];
}
$context['custom_index'] = !empty($modSettings['search_custom_index_config']);
$context['partial_custom_index'] = !empty($modSettings['search_custom_index_resume']) && empty($modSettings['search_custom_index_config']);
$context['double_index'] = !empty($context['fulltext_index']) && $context['custom_index'];
createToken('admin-msmpost');
createToken('admin-msm', 'get');
}
/**
* Question the verity of the admin by asking for his or her password.
* - loads Login.template.php and uses the admin_login sub template.
* - sends data to template so the admin is sent on to the page they
* wanted if their password is correct, otherwise they can try again.
*
* @param string $type = 'admin'
*/
function adminLogin($type = 'admin')
{
global $context, $scripturl, $txt, $user_info, $user_settings;
loadLanguage('Admin');
loadTemplate('Login');
// Validate what type of session check this is.
$types = array();
call_integration_hook('integrate_validateSession', array($types));
$type = in_array($type, $types) || $type == 'moderate' ? $type : 'admin';
// They used a wrong password, log it and unset that.
if (isset($_POST[$type . '_hash_pass']) || isset($_POST[$type . '_pass'])) {
$txt['security_wrong'] = sprintf($txt['security_wrong'], isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $txt['unknown'], $_SERVER['HTTP_USER_AGENT'], $user_info['ip']);
log_error($txt['security_wrong'], 'critical');
if (isset($_POST[$type . '_hash_pass'])) {
unset($_POST[$type . '_hash_pass']);
}
if (isset($_POST[$type . '_pass'])) {
unset($_POST[$type . '_pass']);
}
$context['incorrect_password'] = true;
}
createToken('admin-login');
// Figure out the get data and post data.
$context['get_data'] = '?' . construct_query_string($_GET);
$context['post_data'] = '';
// Now go through $_POST. Make sure the session hash is sent.
$_POST[$context['session_var']] = $context['session_id'];
foreach ($_POST as $k => $v) {
$context['post_data'] .= adminLogin_outputPostVars($k, $v);
}
// Now we'll use the admin_login sub template of the Login template.
$context['sub_template'] = 'admin_login';
// And title the page something like "Login".
if (!isset($context['page_title'])) {
$context['page_title'] = $txt['login'];
}
// The type of action.
$context['sessionCheckType'] = $type;
obExit();
// We MUST exit at this point, because otherwise we CANNOT KNOW that the user is privileged.
trigger_error('Hacking attempt...', E_USER_ERROR);
}
/**
* Step 0
* Let's welcome them in and ask them to login!
* Preforms several checks to make sure the appropriate files are available to do the updates
* Validates php and db versions meet the minimum requirements
* Validates the credentials supplied have db alter privileges
* Checks that needed files/directories are writable
*/
function action_welcomeLogin()
{
global $modSettings, $upgradeurl, $upcontext, $db_type, $databases, $txt, $db_character_set;
$db = database();
$upcontext['sub_template'] = 'welcome_message';
// Check for some key files - one template, one language, and a new and an old source file.
$check = @file_exists($modSettings['theme_dir'] . '/index.template.php') && @file_exists(SOURCEDIR . '/QueryString.php') && @file_exists(SOURCEDIR . '/database/Db-' . $db_type . '.class.php') && @file_exists(dirname(__FILE__) . '/upgrade_elk_1-0_' . $db_type . '.sql');
// Need scripts to migrate from SMF?
if (isset($modSettings['smfVersion']) && $modSettings['smfVersion'] < 2.1) {
$check &= @file_exists(dirname(__FILE__) . '/upgrade_2-0_' . $db_type . '.sql');
}
if (isset($modSettings['smfVersion']) && $modSettings['smfVersion'] < 2.0) {
$check &= @file_exists(dirname(__FILE__) . '/upgrade_1-1.sql');
}
if (isset($modSettings['smfVersion']) && $modSettings['smfVersion'] < 1.1) {
$check &= @file_exists(dirname(__FILE__) . '/upgrade_1-0.sql');
}
// If the db is not UTF
if (!isset($modSettings['elkVersion']) && ($db_type == 'mysql' || $db_type == 'mysqli') && (!isset($db_character_set) || $db_character_set !== 'utf8' || empty($modSettings['global_character_set']) || $modSettings['global_character_set'] !== 'UTF-8')) {
return throw_error('The upgrader detected your database is not UTF-8. In order to be able to upgrade, please first convert your database to the UTF-8 charset.');
}
// Don't tell them what files exactly because it's a spot check -
// just like teachers don't tell which problems they are spot checking, that's dumb.
if (!$check) {
return throw_error('The upgrader was unable to find some crucial files.<br /><br />Please make sure you uploaded all of the files included in the package, including the themes, sources, and other directories.');
}
// Do they meet the install requirements?
if (version_compare(REQUIRED_PHP_VERSION, PHP_VERSION, '>=')) {
return throw_error('Warning! You do not appear to have a version of PHP installed on your webserver that meets ElkArte\'s minimum installations requirements.<br /><br />Please ask your host to upgrade.');
}
if (!db_version_check()) {
return throw_error('Your ' . $databases[$db_type]['name'] . ' version does not meet the minimum requirements of ElkArte.<br /><br />Please ask your host to upgrade.');
}
// Do they have ALTER privileges?
if (!empty($databases[$db_type]['alter_support']) && $db->query('alter_boards', 'ALTER TABLE {db_prefix}boards ORDER BY id_board', array()) === false) {
return throw_error('The ' . $databases[$db_type]['name'] . ' user you have set in Settings.php does not have proper privileges.<br /><br />Please ask your host to give this user the ALTER, CREATE, and DROP privileges.');
}
// Do a quick version spot check.
$temp = substr(@implode('', @file(BOARDDIR . '/index.php')), 0, 4096);
preg_match('~\\*\\s@version\\s+(.+)[\\s]{2}~i', $temp, $match);
if (empty($match[1]) || trim(str_replace('Release Candidate', 'RC', $match[1])) != CURRENT_VERSION) {
return throw_error('The upgrader found some old or outdated files.<br /><br />Please make certain you uploaded the new versions of all the files included in the package.');
}
// What absolutely needs to be writable?
$writable_files = array(BOARDDIR . '/Settings.php', BOARDDIR . '/Settings_bak.php');
// Check the cache directory.
$CACHEDIR_temp = !defined('CACHEDIR') ? BOARDDIR . '/cache' : CACHEDIR;
if (!file_exists($CACHEDIR_temp)) {
@mkdir($CACHEDIR_temp);
}
if (!file_exists($CACHEDIR_temp)) {
return throw_error('The cache directory could not be found.<br /><br />Please make sure you have a directory called "cache" in your forum directory before continuing.');
}
if (!file_exists($modSettings['theme_dir'] . '/languages/' . $upcontext['language'] . '/index.' . $upcontext['language'] . '.php') && !isset($modSettings['elkVersion']) && !isset($_GET['lang'])) {
return throw_error('The upgrader was unable to find language files for the language specified in Settings.php.<br />ElkArte will not work without the primary language files installed.<br /><br />Please either install them, or <a href="' . $upgradeurl . '?step=0;lang=english">use english instead</a>.');
} elseif (!isset($_GET['skiplang'])) {
$temp = substr(@implode('', @file($modSettings['theme_dir'] . '/languages/' . $upcontext['language'] . '/index.' . $upcontext['language'] . '.php')), 0, 4096);
preg_match('~(?://|/\\*)\\s*Version:\\s+(.+?);\\s*index(?:[\\s]{2}|\\*/)~i', $temp, $match);
if (empty($match[1]) || $match[1] != CURRENT_LANG_VERSION) {
return throw_error('The upgrader found some old or outdated language files, for the forum default language, ' . $upcontext['language'] . '.<br /><br />Please make certain you uploaded the new versions of all the files included in the package, even the theme and language files for the default theme.<br /> [<a href="' . $upgradeurl . '?skiplang">SKIP</a>] [<a href="' . $upgradeurl . '?lang=english">Try English</a>]');
}
}
// This needs to exist!
if (!file_exists($modSettings['theme_dir'] . '/languages/' . $upcontext['language'] . '/Install.' . $upcontext['language'] . '.php')) {
return throw_error('The upgrader could not find the "Install" language file for the forum default language, ' . $upcontext['language'] . '.<br /><br />Please make certain you uploaded all the files included in the package, even the theme and language files for the default theme.<br /> [<a href="' . $upgradeurl . '?lang=english">Try English</a>]');
} else {
require_once $modSettings['theme_dir'] . '/languages/' . $upcontext['language'] . '/Install.' . $upcontext['language'] . '.php';
}
if (!makeFilesWritable($writable_files)) {
return false;
}
// Check agreement.txt. (it may not exist, in which case BOARDDIR must be writable.)
if (isset($modSettings['agreement']) && (!is_writable(BOARDDIR) || file_exists(BOARDDIR . '/agreement.txt')) && !is_writable(BOARDDIR . '/agreement.txt')) {
return throw_error('The upgrader was unable to obtain write access to agreement.txt.<br /><br />If you are using a linux or unix based server, please ensure that the file is chmod\'d to 777, or if it does not exist that the directory this upgrader is in is 777.<br />If your server is running Windows, please ensure that the internet guest account has the proper permissions on it or its folder.');
} elseif (isset($modSettings['agreement'])) {
$fp = fopen(BOARDDIR . '/agreement.txt', 'w');
fwrite($fp, $modSettings['agreement']);
fclose($fp);
}
// We're going to check that their board dir setting is right in case they've been moving stuff around.
if (strtr(BOARDDIR, array('/' => '', '\\' => '')) != strtr(dirname(__FILE__), array('/' => '', '\\' => ''))) {
$upcontext['warning'] = '
It looks as if your board directory settings <em>might</em> be incorrect. Your board directory is currently set to "' . BOARDDIR . '" but should probably be "' . dirname(__FILE__) . '". Settings.php currently lists your paths as:<br />
<ul>
<li>Board Directory: ' . BOARDDIR . '</li>
<li>Source Directory: ' . BOARDDIR . '</li>
<li>Cache Directory: ' . $CACHEDIR_temp . '</li>
</ul>
If these seem incorrect please open Settings.php in a text editor before proceeding with this upgrade. If they are incorrect due to you moving your forum to a new location please download and execute the <a href="https://github.com/emanuele45/tools/downloads">Repair Settings</a> tool from the ElkArte website before continuing.';
}
// Either we're logged in or we're going to present the login.
if (checkLogin()) {
return true;
}
require_once SOURCEDIR . '/Security.php';
$upcontext += createToken('login');
return false;
}
/**
* Editing personal messages settings
*
* - Accessed with ?action=admin;area=featuresettings;sa=pmsettings
*/
public function action_pmsettings()
{
global $txt, $scripturl, $context;
// Initialize the form
$this->_initPMSettingsForm();
// Retrieve the current config settings
$config_vars = $this->_PMSettings->settings();
require_once SUBSDIR . '/PersonalMessage.subs.php';
loadLanguage('ManageMembers');
$context['pm_limits'] = loadPMLimits();
// Saving?
if (isset($_GET['save'])) {
checkSession();
require_once SUBSDIR . '/Membergroups.subs.php';
foreach ($context['pm_limits'] as $group_id => $group) {
if (isset($_POST['group'][$group_id]) && $_POST['group'][$group_id] != $group['max_messages']) {
updateMembergroupProperties(array('current_group' => $group_id, 'max_messages' => $_POST['group'][$group_id]));
}
}
call_integration_hook('integrate_save_pmsettings_settings');
Settings_Form::save_db($config_vars);
redirectexit('action=admin;area=featuresettings;sa=pmsettings');
}
$context['post_url'] = $scripturl . '?action=admin;area=featuresettings;save;sa=pmsettings';
$context['settings_title'] = $txt['personal_messages'];
// We need this for the in-line permissions
createToken('admin-mp');
Settings_Form::prepare_db($config_vars);
}
/**
* 检查是token登录是否合法
* @param array $token 要检查的token值
* @return boolean/token
*/
function isTokenL($token)
{
$usr_info = array('token' => $token);
//判断是否有token若有必然在此次登录有效期内
if (session(C('SESSION_KEY_TOKEN')) != null) {
//判断是否和session一致,一致说明还处在本次登录有效期内
if (session(C('SESSION_KEY_TOKEN')) == $usr_info['token']) {
return true;
} else {
return false;
}
}
//查询数据库
$usrs = M('usr');
if ($usrs->create($usr_info)) {
$map['Id'] = $usr_info['Id'];
$list = $usrs->where($map)->find();
//若用户提交token为null,token和数据库不符,当前时间减去授予时间大于有效时间,则该token是无效的
if ($usr_info['token'] != null && $list['token'] == $usr_info['token'] && time() - strtotime($list['granttime']) <= $list['expiretime']) {
//更新token
$token = createToken($usr_info['id']);
//session清空token
session(C('SESSION_KEY_TOKEN'), null);
//session写入token
session(C('SESSION_KEY_TOKEN'), $token);
$usr_info['token'] = $token;
$usr_info['grantTime'] = date('Y-m-d H:i:s', time());
//更新数据库token,和授予时间
$list = $usrs->where($map)->save($usr_info);
return $token;
} else {
return false;
}
} else {
return false;
}
return false;
}
/**
* Shows an interface to set and test censored words.
*
* - It uses the censor_vulgar, censor_proper, censorWholeWord, and
* censorIgnoreCase settings.
* - Requires the admin_forum permission.
* - Accessed from ?action=admin;area=postsettings;sa=censor.
*
* @uses the Admin template and the edit_censored sub template.
*/
public function action_censor()
{
global $txt, $modSettings, $context;
if (!empty($_POST['save_censor'])) {
// Make sure censoring is something they can do.
checkSession();
validateToken('admin-censor');
$censored_vulgar = array();
$censored_proper = array();
// Rip it apart, then split it into two arrays.
if (isset($_POST['censortext'])) {
$_POST['censortext'] = explode("\n", strtr($_POST['censortext'], array("\r" => '')));
foreach ($_POST['censortext'] as $c) {
list($censored_vulgar[], $censored_proper[]) = array_pad(explode('=', trim($c)), 2, '');
}
} elseif (isset($_POST['censor_vulgar'], $_POST['censor_proper'])) {
if (is_array($_POST['censor_vulgar'])) {
foreach ($_POST['censor_vulgar'] as $i => $value) {
if (trim(strtr($value, '*', ' ')) == '') {
unset($_POST['censor_vulgar'][$i], $_POST['censor_proper'][$i]);
}
}
$censored_vulgar = $_POST['censor_vulgar'];
$censored_proper = $_POST['censor_proper'];
} else {
$censored_vulgar = explode("\n", strtr($_POST['censor_vulgar'], array("\r" => '')));
$censored_proper = explode("\n", strtr($_POST['censor_proper'], array("\r" => '')));
}
}
// Set the new arrays and settings in the database.
$updates = array('censor_vulgar' => implode("\n", $censored_vulgar), 'censor_proper' => implode("\n", $censored_proper), 'censorWholeWord' => empty($_POST['censorWholeWord']) ? '0' : '1', 'censorIgnoreCase' => empty($_POST['censorIgnoreCase']) ? '0' : '1');
call_integration_hook('integrate_save_censors', array(&$updates));
updateSettings($updates);
}
// Testing a word to see how it will be censored?
if (isset($_POST['censortest'])) {
require_once SUBSDIR . '/Post.subs.php';
$censorText = htmlspecialchars($_POST['censortest'], ENT_QUOTES, 'UTF-8');
preparsecode($censorText);
$pre_censor = $censorText;
$context['censor_test'] = strtr(censorText($censorText), array('"' => '"'));
}
// Set everything up for the template to do its thang.
$censor_vulgar = explode("\n", $modSettings['censor_vulgar']);
$censor_proper = explode("\n", $modSettings['censor_proper']);
$context['censored_words'] = array();
for ($i = 0, $n = count($censor_vulgar); $i < $n; $i++) {
if (empty($censor_vulgar[$i])) {
continue;
}
// Skip it, it's either spaces or stars only.
if (trim(strtr($censor_vulgar[$i], '*', ' ')) == '') {
continue;
}
$context['censored_words'][htmlspecialchars(trim($censor_vulgar[$i]))] = isset($censor_proper[$i]) ? htmlspecialchars($censor_proper[$i], ENT_COMPAT, 'UTF-8') : '';
}
call_integration_hook('integrate_censors');
createToken('admin-censor');
// Using ajax?
if (isset($_REQUEST['xml'], $_POST['censortest'])) {
// Clear the templates
$template_layers = Template_Layers::getInstance();
$template_layers->removeAll();
// Send back a response
loadTemplate('Json');
$context['sub_template'] = 'send_json';
$context['json_data'] = array('result' => true, 'censor' => $pre_censor . ' <i class="fa fa-arrow-circle-right"></i> ' . $context['censor_test'], 'token_val' => $context['admin-censor_token_var'], 'token' => $context['admin-censor_token']);
} else {
$context['sub_template'] = 'edit_censored';
$context['page_title'] = $txt['admin_censored_words'];
}
}
function list_integration_hooks()
{
global $sourcedir, $scripturl, $context, $txt, $modSettings, $settings;
$context['filter'] = '';
$currentHooks = get_integration_hooks();
if (isset($_GET['filter']) && in_array($_GET['filter'], array_keys($currentHooks))) {
$context['filter'] = ';filter=' . $_GET['filter'];
}
if (!empty($modSettings['handlinghooks_enabled'])) {
if (!empty($_REQUEST['do']) && isset($_REQUEST['hook']) && isset($_REQUEST['function'])) {
checkSession('request');
validateToken('admin-hook', 'request');
if ($_REQUEST['do'] == 'remove') {
remove_integration_function($_REQUEST['hook'], urldecode($_REQUEST['function']));
} else {
if ($_REQUEST['do'] == 'disable') {
// It's a hack I know...but I'm way too lazy!!!
$function_remove = $_REQUEST['function'];
$function_add = $_REQUEST['function'] . ']';
} else {
$function_remove = $_REQUEST['function'] . ']';
$function_add = $_REQUEST['function'];
}
$file = !empty($_REQUEST['includedfile']) ? urldecode($_REQUEST['includedfile']) : '';
remove_integration_function($_REQUEST['hook'], $function_remove, $file);
add_integration_function($_REQUEST['hook'], $function_add, $file);
redirectexit('action=admin;area=modsettings;sa=hooks' . $context['filter']);
}
}
}
$list_options = array('id' => 'list_integration_hooks', 'title' => $txt['hooks_title_list'], 'items_per_page' => 20, 'base_href' => $scripturl . '?action=admin;area=modsettings;sa=hooks' . $context['filter'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'default_sort_col' => 'hook_name', 'get_items' => array('function' => 'get_integration_hooks_data'), 'get_count' => array('function' => 'get_integration_hooks_count'), 'no_items_label' => $txt['hooks_no_hooks'], 'columns' => array('hook_name' => array('header' => array('value' => $txt['hooks_field_hook_name']), 'data' => array('db' => 'hook_name'), 'sort' => array('default' => 'hook_name', 'reverse' => 'hook_name DESC')), 'function_name' => array('header' => array('value' => $txt['hooks_field_function_name']), 'data' => array('function' => create_function('$data', '
global $txt;
if (!empty($data[\'included_file\']))
return $txt[\'hooks_field_function\'] . \': \' . $data[\'real_function\'] . \'<br />\' . $txt[\'hooks_field_included_file\'] . \': \' . $data[\'included_file\'];
else
return $data[\'real_function\'];
')), 'sort' => array('default' => 'function_name', 'reverse' => 'function_name DESC')), 'file_name' => array('header' => array('value' => $txt['hooks_field_file_name']), 'data' => array('db' => 'file_name'), 'sort' => array('default' => 'file_name', 'reverse' => 'file_name DESC')), 'status' => array('header' => array('value' => $txt['hooks_field_hook_exists'], 'style' => 'width:3%'), 'data' => array('function' => create_function('$data', '
global $txt, $settings, $scripturl, $context;
$change_status = array(\'before\' => \'\', \'after\' => \'\');
if ($data[\'can_be_disabled\'] && $data[\'status\'] != \'deny\')
{
$change_status[\'before\'] = \'<a href="\' . $scripturl . \'?action=admin;area=modsettings;sa=hooks;do=\' . ($data[\'enabled\'] ? \'disable\' : \'enable\') . \';hook=\' . $data[\'hook_name\'] . \';function=\' . $data[\'real_function\'] . (!empty($data[\'included_file\']) ? \';includedfile=\' . urlencode($data[\'included_file\']) : \'\') . $context[\'filter\'] . \';\' . $context[\'admin-hook_token_var\'] . \'=\' . $context[\'admin-hook_token\'] . \';\' . $context[\'session_var\'] . \'=\' . $context[\'session_id\'] . \'" onclick="return confirm(\' . javaScriptEscape($txt[\'quickmod_confirm\']) . \');">\';
$change_status[\'after\'] = \'</a>\';
}
return $change_status[\'before\'] . \'<img src="\' . $settings[\'images_url\'] . \'/admin/post_moderation_\' . $data[\'status\'] . \'.png" alt="\' . $data[\'img_text\'] . \'" title="\' . $data[\'img_text\'] . \'" />\' . $change_status[\'after\'];
'), 'class' => 'centertext'), 'sort' => array('default' => 'status', 'reverse' => 'status DESC'))), 'additional_rows' => array(array('position' => 'after_title', 'value' => $txt['hooks_disable_instructions'] . '<br />
' . $txt['hooks_disable_legend'] . ':
<ul style="list-style: none;">
<li><img src="' . $settings['images_url'] . '/admin/post_moderation_allow.png" alt="' . $txt['hooks_active'] . '" title="' . $txt['hooks_active'] . '" /> ' . $txt['hooks_disable_legend_exists'] . '</li>
<li><img src="' . $settings['images_url'] . '/admin/post_moderation_moderate.png" alt="' . $txt['hooks_disabled'] . '" title="' . $txt['hooks_disabled'] . '" /> ' . $txt['hooks_disable_legend_disabled'] . '</li>
<li><img src="' . $settings['images_url'] . '/admin/post_moderation_deny.png" alt="' . $txt['hooks_missing'] . '" title="' . $txt['hooks_missing'] . '" /> ' . $txt['hooks_disable_legend_missing'] . '</li>
</ul>')));
if (!empty($modSettings['handlinghooks_enabled'])) {
createToken('admin-hook', 'request');
$list_options['columns']['remove'] = array('header' => array('value' => $txt['hooks_button_remove'], 'style' => 'width:3%'), 'data' => array('function' => create_function('$data', '
global $txt, $settings, $scripturl, $context;
if (!$data[\'hook_exists\'])
return \'
<a href="\' . $scripturl . \'?action=admin;area=modsettings;sa=hooks;do=remove;hook=\' . $data[\'hook_name\'] . \';function=\' . urlencode($data[\'function_name\']) . $context[\'filter\'] . \';\' . $context[\'admin-hook_token_var\'] . \'=\' . $context[\'admin-hook_token\'] . \';\' . $context[\'session_var\'] . \'=\' . $context[\'session_id\'] . \'" onclick="return confirm(\' . javaScriptEscape($txt[\'quickmod_confirm\']) . \');">
<img src="\' . $settings[\'images_url\'] . \'/icons/quick_remove.png" alt="\' . $txt[\'hooks_button_remove\'] . \'" title="\' . $txt[\'hooks_button_remove\'] . \'" />
</a>\';
'), 'class' => 'centertext'));
$list_options['form'] = array('href' => $scripturl . '?action=admin;area=modsettings;sa=hooks' . $context['filter'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => 'list_integration_hooks');
}
require_once $sourcedir . '/Subs-List.php';
createList($list_options);
$context['page_title'] = $txt['hooks_title_list'];
$context['sub_template'] = 'show_list';
$context['default_list'] = 'list_integration_hooks';
}
/**
* Set some general membergroup settings and permissions.
* Called by ?action=admin;area=membergroups;sa=settings
* Requires the admin_forum permission (and manage_permissions for changing permissions)
* Redirects to itself.
*
* @uses membergroup_settings sub template of ManageMembergroups.
*/
function ModifyMembergroupsettings()
{
global $context, $sourcedir, $scripturl, $modSettings, $txt;
$context['sub_template'] = 'show_settings';
$context['page_title'] = $txt['membergroups_settings'];
// Needed for the settings functions.
require_once $sourcedir . '/ManageServer.php';
// Don't allow assignment of guests.
$context['permissions_excluded'] = array(-1);
// Only one thing here!
$config_vars = array(array('permissions', 'manage_membergroups'));
call_integration_hook('integrate_modify_membergroup_settings', array(&$config_vars));
if (isset($_REQUEST['save'])) {
checkSession();
call_integration_hook('integrate_save_membergroup_settings');
// Yeppers, saving this...
saveDBSettings($config_vars);
redirectexit('action=admin;area=membergroups;sa=settings');
}
// Some simple context.
$context['post_url'] = $scripturl . '?action=admin;area=membergroups;save;sa=settings';
$context['settings_title'] = $txt['membergroups_settings'];
// We need this for the in-line permissions
createToken('admin-mp');
prepareDBSettingContext($config_vars);
}
function getToken($userId, $emr = "openemr", $password = '', $device_token = '')
{
$token = createToken($userId, false, $device_token);
if ($token) {
return $token;
} else {
return false;
}
}
function createSession($usr)
{
return new Session(createToken(), 0, $usr, expiration());
}
/**
* Shows the contact form for the user to fill out
* Needs to be enabled to be used
*/
public function action_contact()
{
global $context, $txt, $user_info, $modSettings;
// Already inside, no need to use this, just send a PM
// Disabled, you cannot enter.
if (!$user_info['is_guest'] || empty($modSettings['enable_contactform']) || $modSettings['enable_contactform'] == 'disabled') {
redirectexit();
}
loadLanguage('Login');
loadTemplate('Register');
if (isset($_REQUEST['send'])) {
checkSession('post');
validateToken('contact');
spamProtection('contact');
// No errors, yet.
$context['errors'] = array();
loadLanguage('Errors');
// Could they get the right send topic verification code?
require_once SUBSDIR . '/VerificationControls.class.php';
require_once SUBSDIR . '/Members.subs.php';
// form validation
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->sanitation_rules(array('emailaddress' => 'trim', 'contactmessage' => 'trim|Util::htmlspecialchars'));
$validator->validation_rules(array('emailaddress' => 'required|valid_email', 'contactmessage' => 'required'));
$validator->text_replacements(array('emailaddress' => $txt['error_email'], 'contactmessage' => $txt['error_message']));
// Any form errors
if (!$validator->validate($_POST)) {
$context['errors'] = $validator->validation_errors();
}
// How about any verification errors
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$context['errors'][] = $txt['error_' . $error];
}
}
// No errors, then send the PM to the admins
if (empty($context['errors'])) {
$admins = admins();
if (!empty($admins)) {
require_once SUBSDIR . '/PersonalMessage.subs.php';
sendpm(array('to' => array_keys($admins), 'bcc' => array()), $txt['contact_subject'], $_REQUEST['contactmessage'], false, array('id' => 0, 'name' => $validator->emailaddress, 'username' => $validator->emailaddress));
}
// Send the PM
redirectexit('action=contact;sa=done');
} else {
$context['emailaddress'] = $validator->emailaddress;
$context['contactmessage'] = $validator->contactmessage;
}
}
if (isset($_GET['sa']) && $_GET['sa'] == 'done') {
$context['sub_template'] = 'contact_form_done';
} else {
$context['sub_template'] = 'contact_form';
$context['page_title'] = $txt['admin_contact_form'];
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions);
$context['visual_verification_id'] = $verificationOptions['id'];
}
createToken('contact');
}
/**
* 检查是token登录是否合法
* @param array $token 要检查的token值
* @return boolean
*/
function isTokenL($token)
{
$admin_info = array('token' => $token, 'id' => cookie(C('COOKIE_KEY_TOKEN_ADMIN'))['id']);
//判断是否有token若有必然在此次登录有效期内
if (session(C('SESSION_KEY_TOKEN_ADMIN')) != null) {
//判断是否和session一致,一致说明还处在本次登录有效期内
if (session(C('SESSION_KEY_TOKEN_ADMIN')) == $admin_info['token']) {
return true;
} else {
return false;
}
}
//查询数据库
$usrs = M('admin');
if ($usrs->create($admin_info)) {
$map['Id'] = $admin_info['Id'];
$list = $usrs->where($map)->find();
//若用户给出的id为空,提交token为null,token和数据库不符,当前时间减去授予时间大于有效时间,则该token是无效的
if ($admin_info['id'] != "" && $admin_info['token'] != null && $list['token'] == $admin_info['token'] && time() - strtotime($list['granttime']) <= $list['expiretime']) {
//更新token
$token = createToken($admin_info['id']);
//session清空token
session(C('SESSION_KEY_TOKEN_ADMIN'), null);
//session写入token
session(C('SESSION_KEY_TOKEN_ADMIN'), $token);
$admin_info['token'] = $token;
$admin_info['grantTime'] = date('Y-m-d H:i:s', time());
cookie(C("COOKIE_KEY_TOKEN_ADMIN"), array(id => $admin_info["id"], token => $token), $list['expiretime']);
//更新数据库token,和授予时间
$list = $usrs->where($map)->save($admin_info);
return true;
} else {
return false;
}
}
return false;
}
/**
* Edit a 'it bounced' template.
*
* @uses bounce_template sub template
*/
public function action_modify_bounce_templates()
{
global $context, $txt, $user_info;
require_once SUBSDIR . '/Moderation.subs.php';
$context['id_template'] = isset($_REQUEST['tid']) ? (int) $_REQUEST['tid'] : 0;
$context['is_edit'] = (bool) $context['id_template'];
// Standard template things, you know the drill
$context['page_title'] = $context['is_edit'] ? $txt['ml_bounce_template_modify'] : $txt['ml_bounce_template_add'];
$context['sub_template'] = 'bounce_template';
$context[$context['admin_menu_name']]['current_subsection'] = 'templates';
// Defaults to show
$context['template_data'] = array('title' => '', 'body' => $txt['ml_bounce_template_body_default'], 'subject' => $txt['ml_bounce_template_subject_default'], 'personal' => false, 'can_edit_personal' => true);
// If it's an edit load it.
if ($context['is_edit']) {
modLoadTemplate($context['id_template'], 'bnctpl');
}
// Wait, we are saving?
if (isset($_POST['save'])) {
checkSession('post');
validateToken('mod-mlt');
// To check the BBC is good...
require_once SUBSDIR . '/Post.subs.php';
// Bit of cleaning!
$template_body = trim($_POST['template_body']);
$template_title = trim($_POST['template_title']);
// Need something in both boxes.
if (!empty($template_body) && !empty($template_title)) {
// Safety first.
$template_title = Util::htmlspecialchars($template_title);
// Clean up BBC.
preparsecode($template_body);
// But put line breaks back!
$template_body = strtr($template_body, array('<br />' => "\n"));
// Is this personal?
$recipient_id = !empty($_POST['make_personal']) ? $user_info['id'] : 0;
// Updating or adding ?
if ($context['is_edit']) {
// Simple update...
modAddUpdateTemplate($recipient_id, $template_title, $template_body, $context['id_template'], true, 'bnctpl');
// If it wasn't visible and now is they've effectively added it.
if ($context['template_data']['personal'] && !$recipient_id) {
logAction('add_bounce_template', array('template' => $template_title));
} elseif (!$context['template_data']['personal'] && $recipient_id) {
logAction('delete_bounce_template', array('template' => $template_title));
} else {
logAction('modify_bounce_template', array('template' => $template_title));
}
} else {
modAddUpdateTemplate($recipient_id, $template_title, $template_body, $context['id_template'], false, 'bnctpl');
logAction('add_bounce_template', array('template' => $template_title));
}
// Get out of town...
redirectexit('action=admin;area=maillist;sa=emailtemplates');
} else {
$context['warning_errors'] = array();
$context['template_data']['title'] = !empty($template_title) ? $template_title : '';
$context['template_data']['body'] = !empty($template_body) ? $template_body : $txt['ml_bounce_template_body_default'];
$context['template_data']['personal'] = !empty($recipient_id);
if (empty($template_title)) {
$context['warning_errors'][] = $txt['ml_bounce_template_error_no_title'];
}
if (empty($template_body)) {
$context['warning_errors'][] = $txt['ml_bounce_template_error_no_body'];
}
}
}
createToken('mod-mlt');
}
