function generateSubscriptionError($text)
{
global $modSettings, $notify_users, $smcFunc;
// Send an email?
if (!empty($modSettings['paid_email'])) {
$replacements = array('ERROR' => $text);
emailAdmins('paid_subscription_error', $replacements, $notify_users);
}
// Maybe we can try to give them the post data?
if (!empty($_POST)) {
foreach ($_POST as $key => $val) {
$text .= '<br />' . commonAPI::htmlspecialchars($key) . ': ' . commonAPI::htmlspecialchars($val);
}
}
// Then just log and die.
log_error($text);
exit;
}
<?php
include '../include.php';
if (url_action('delete')) {
if (!isset($_GET['delete_id']) && isset($_GET['id'])) {
$_GET['delete_id'] = $_GET['id'];
}
$r = db_grab('SELECT firstname, lastname, endDate FROM users WHERE id = ' . $_GET['delete_id']);
if ($r['endDate']) {
db_query('UPDATE users SET is_active = 0, deleted_user = '******'user_id'] . ', deleted_date = GETDATE() WHERE id = ' . $_GET['delete_id']);
} else {
db_query('UPDATE users SET is_active = 0, deleted_user = '******'user_id'] . ', deleted_date = GETDATE(), endDate = GETDATE() WHERE id = ' . $_GET['delete_id']);
}
if (getOption('staff_alertdelete')) {
emailAdmins('Intranet: Staff Deleted', draw_link(url_base() . '/staff/view.php?id=' . $_GET['staffID'], $r['firstname'] . ' ' . $r['lastname']) . ' was just deactivated on the Intranet.');
}
url_query_drop('action,delete_id');
}
function drawJumpToStaff($selectedID = false)
{
global $page;
$nullable = $selectedID === false;
$return = drawPanel(getString('jump_to') . ' ' . drawSelectUser('', $selectedID, $nullable, 0, true, true, 'Staff Member:'));
if ($page['is_admin'] && db_grab('SELECT COUNT(*) FROM users_requests WHERE is_active = 1')) {
$return = drawMessage('There are pending <a href="requests.php">account requests</a> for you to review.') . $return;
}
return $return;
}
function createAttachment(&$attachmentOptions)
{
global $modSettings, $sourcedir, $backend_subdir;
require_once $sourcedir . '/lib/Subs-Graphics.php';
// We need to know where this thing is going.
if (!empty($modSettings['currentAttachmentUploadDir'])) {
if (!is_array($modSettings['attachmentUploadDir'])) {
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
}
// Just use the current path for temp files.
$attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
$id_folder = $modSettings['currentAttachmentUploadDir'];
} else {
$attach_dir = $modSettings['attachmentUploadDir'];
$id_folder = 1;
}
$attachmentOptions['errors'] = array();
if (!isset($attachmentOptions['post'])) {
$attachmentOptions['post'] = 0;
}
if (!isset($attachmentOptions['approved'])) {
$attachmentOptions['approved'] = 1;
}
$already_uploaded = preg_match('~^post_tmp_' . $attachmentOptions['poster'] . '_\\d+$~', $attachmentOptions['tmp_name']) != 0;
$file_restricted = @ini_get('open_basedir') != '' && !$already_uploaded;
if ($already_uploaded) {
$attachmentOptions['tmp_name'] = $attach_dir . '/' . $attachmentOptions['tmp_name'];
}
// Make sure the file actually exists... sometimes it doesn't.
if (!$file_restricted && !file_exists($attachmentOptions['tmp_name']) || !$already_uploaded && !is_uploaded_file($attachmentOptions['tmp_name'])) {
$attachmentOptions['errors'] = array('could_not_upload');
return false;
}
// These are the only valid image types for SMF.
$validImageTypes = array(1 => 'gif', 2 => 'jpeg', 3 => 'png', 5 => 'psd', 6 => 'bmp', 7 => 'tiff', 8 => 'tiff', 9 => 'jpeg', 14 => 'iff');
if (!$file_restricted || $already_uploaded) {
$size = @getimagesize($attachmentOptions['tmp_name']);
list($attachmentOptions['width'], $attachmentOptions['height']) = $size;
// If it's an image get the mime type right.
if (empty($attachmentOptions['mime_type']) && $attachmentOptions['width']) {
// Got a proper mime type?
if (!empty($size['mime'])) {
$attachmentOptions['mime_type'] = $size['mime'];
} elseif (isset($validImageTypes[$size[2]])) {
$attachmentOptions['mime_type'] = 'image/' . $validImageTypes[$size[2]];
}
}
}
// Get the hash if no hash has been given yet.
if (empty($attachmentOptions['file_hash'])) {
$attachmentOptions['file_hash'] = getAttachmentFilename($attachmentOptions['name'], false, null, true);
}
// Is the file too big?
if (!empty($modSettings['attachmentSizeLimit']) && $attachmentOptions['size'] > $modSettings['attachmentSizeLimit'] * 1024) {
$attachmentOptions['errors'][] = 'too_large';
}
if (!empty($modSettings['attachmentCheckExtensions'])) {
$allowed = explode(',', strtolower($modSettings['attachmentExtensions']));
foreach ($allowed as $k => $dummy) {
$allowed[$k] = trim($dummy);
}
if (!in_array(strtolower(substr(strrchr($attachmentOptions['name'], '.'), 1)), $allowed)) {
$attachmentOptions['errors'][] = 'bad_extension';
}
}
if (!empty($modSettings['attachmentDirSizeLimit'])) {
// This is a really expensive operation for big numbers of
// attachments, which is also very easy to cache. Only do it
// every ten minutes.
if (empty($modSettings['attachment_dirsize']) || empty($modSettings['attachment_dirsize_time']) || $modSettings['attachment_dirsize_time'] < time() - 600) {
// It has been cached - just work with this value for now!
$dirSize = $modSettings['attachment_dirsize'];
} else {
// Make sure the directory isn't full.
$dirSize = 0;
$dir = @opendir($attach_dir) or fatal_lang_error('cant_access_upload_path', 'critical');
while ($file = readdir($dir)) {
if ($file == '.' || $file == '..') {
continue;
}
if (preg_match('~^post_tmp_\\d+_\\d+$~', $file) != 0) {
// Temp file is more than 5 hours old!
if (filemtime($attach_dir . '/' . $file) < time() - 18000) {
@unlink($attach_dir . '/' . $file);
}
continue;
}
$dirSize += filesize($attach_dir . '/' . $file);
}
closedir($dir);
updateSettings(array('attachment_dirsize' => $dirSize, 'attachment_dirsize_time' => time()));
}
// Too big! Maybe you could zip it or something...
if ($attachmentOptions['size'] + $dirSize > $modSettings['attachmentDirSizeLimit'] * 1024) {
$attachmentOptions['errors'][] = 'directory_full';
} elseif (!isset($modSettings['attachment_full_notified']) && $modSettings['attachmentDirSizeLimit'] > 4000 && $attachmentOptions['size'] + $dirSize > ($modSettings['attachmentDirSizeLimit'] - 2000) * 1024) {
require_once $sourcedir . '/lib/Subs-Admin.php';
emailAdmins('admin_attachments_full');
updateSettings(array('attachment_full_notified' => 1));
}
}
// Check if the file already exists.... (for those who do not encrypt their filenames...)
if (empty($modSettings['attachmentEncryptFilenames'])) {
// Make sure they aren't trying to upload a nasty file.
$disabledFiles = array('con', 'com1', 'com2', 'com3', 'com4', 'prn', 'aux', 'lpt1', '.htaccess', 'index.php');
if (in_array(strtolower(basename($attachmentOptions['name'])), $disabledFiles)) {
$attachmentOptions['errors'][] = 'bad_filename';
}
// Check if there's another file with that name...
$request = smf_db_query('
SELECT id_attach
FROM {db_prefix}attachments
WHERE filename = {string:filename}
LIMIT 1', array('filename' => strtolower($attachmentOptions['name'])));
if (mysql_num_rows($request) > 0) {
$attachmentOptions['errors'][] = 'taken_filename';
}
mysql_free_result($request);
}
if (!empty($attachmentOptions['errors'])) {
return false;
}
if (!is_writable($attach_dir)) {
fatal_lang_error('attachments_no_write', 'critical');
}
// Assuming no-one set the extension let's take a look at it.
if (empty($attachmentOptions['fileext'])) {
$attachmentOptions['fileext'] = strtolower(strrpos($attachmentOptions['name'], '.') !== false ? substr($attachmentOptions['name'], strrpos($attachmentOptions['name'], '.') + 1) : '');
if (strlen($attachmentOptions['fileext']) > 8 || '.' . $attachmentOptions['fileext'] == $attachmentOptions['name']) {
$attachmentOptions['fileext'] = '';
}
}
smf_db_insert('', '{db_prefix}attachments', array('id_folder' => 'int', 'id_msg' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-40', 'fileext' => 'string-8', 'size' => 'int', 'width' => 'int', 'height' => 'int', 'mime_type' => 'string-20', 'approved' => 'int'), array($id_folder, (int) $attachmentOptions['post'], $attachmentOptions['name'], $attachmentOptions['file_hash'], $attachmentOptions['fileext'], (int) $attachmentOptions['size'], empty($attachmentOptions['width']) ? 0 : (int) $attachmentOptions['width'], empty($attachmentOptions['height']) ? '0' : (int) $attachmentOptions['height'], !empty($attachmentOptions['mime_type']) ? $attachmentOptions['mime_type'] : '', (int) $attachmentOptions['approved']), array('id_attach'));
$attachmentOptions['id'] = smf_db_insert_id('{db_prefix}attachments', 'id_attach');
if (empty($attachmentOptions['id'])) {
return false;
}
// If it's not approved add to the approval queue.
if (!$attachmentOptions['approved']) {
smf_db_insert('', '{db_prefix}approval_queue', array('id_attach' => 'int', 'id_msg' => 'int'), array($attachmentOptions['id'], (int) $attachmentOptions['post']), array());
}
$attachmentOptions['destination'] = getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], $id_folder, false, $attachmentOptions['file_hash']);
if ($already_uploaded) {
rename($attachmentOptions['tmp_name'], $attachmentOptions['destination']);
} elseif (!move_uploaded_file($attachmentOptions['tmp_name'], $attachmentOptions['destination'])) {
fatal_lang_error('attach_timeout', 'critical');
}
// Udate the cached directory size, if we care for it.
if (!empty($modSettings['attachmentDirSizeLimit'])) {
updateSettings(array('attachment_dirsize' => $modSettings['attachment_dirsize'] + $attachmentOptions['size'], 'attachment_dirsize_time' => time()));
}
// Attempt to chmod it.
@chmod($attachmentOptions['destination'], 0644);
$size = @getimagesize($attachmentOptions['destination']);
list($attachmentOptions['width'], $attachmentOptions['height']) = empty($size) ? array(null, null, null) : $size;
// We couldn't access the file before...
if ($file_restricted) {
// Have a go at getting the right mime type.
if (empty($attachmentOptions['mime_type']) && $attachmentOptions['width']) {
if (!empty($size['mime'])) {
$attachmentOptions['mime_type'] = $size['mime'];
} elseif (isset($validImageTypes[$size[2]])) {
$attachmentOptions['mime_type'] = 'image/' . $validImageTypes[$size[2]];
}
}
if (!empty($attachmentOptions['width']) && !empty($attachmentOptions['height'])) {
smf_db_query('
UPDATE {db_prefix}attachments
SET
width = {int:width},
height = {int:height},
mime_type = {string:mime_type}
WHERE id_attach = {int:id_attach}', array('width' => (int) $attachmentOptions['width'], 'height' => (int) $attachmentOptions['height'], 'id_attach' => $attachmentOptions['id'], 'mime_type' => empty($attachmentOptions['mime_type']) ? '' : $attachmentOptions['mime_type']));
}
}
// Security checks for images
// Do we have an image? If yes, we need to check it out!
if (isset($validImageTypes[$size[2]])) {
if (!checkImageContents($attachmentOptions['destination'], !empty($modSettings['attachment_image_paranoid']))) {
// It's bad. Last chance, maybe we can re-encode it?
if (empty($modSettings['attachment_image_reencode']) || !reencodeImage($attachmentOptions['destination'], $size[2])) {
// Nothing to do: not allowed or not successful re-encoding it.
require_once $sourcedir . '/lib/Subs-ManageAttachments.php';
removeAttachments(array('id_attach' => $attachmentOptions['id']));
$attachmentOptions['id'] = null;
$attachmentOptions['errors'][] = 'bad_attachment';
return false;
}
// Success! However, successes usually come for a price:
// we might get a new format for our image...
$old_format = $size[2];
$size = @getimagesize($attachmentOptions['destination']);
if (!empty($size) && $size[2] != $old_format) {
// Let's update the image information
// !!! This is becoming a mess: we keep coming back and update the database,
// instead of getting it right the first time.
if (isset($validImageTypes[$size[2]])) {
$attachmentOptions['mime_type'] = 'image/' . $validImageTypes[$size[2]];
smf_db_query('
UPDATE {db_prefix}attachments
SET
mime_type = {string:mime_type}
WHERE id_attach = {int:id_attach}', array('id_attach' => $attachmentOptions['id'], 'mime_type' => $attachmentOptions['mime_type']));
}
}
}
}
if (!empty($attachmentOptions['skip_thumbnail']) || empty($attachmentOptions['width']) && empty($attachmentOptions['height'])) {
return true;
}
// Like thumbnails, do we?
if (!empty($modSettings['attachmentThumbnails']) && !empty($modSettings['attachmentThumbWidth']) && !empty($modSettings['attachmentThumbHeight']) && ($attachmentOptions['width'] > $modSettings['attachmentThumbWidth'] || $attachmentOptions['height'] > $modSettings['attachmentThumbHeight'])) {
if (createThumbnail($attachmentOptions['destination'], $modSettings['attachmentThumbWidth'], $modSettings['attachmentThumbHeight'])) {
// Figure out how big we actually made it.
$size = @getimagesize($attachmentOptions['destination'] . '_thumb');
list($thumb_width, $thumb_height) = $size;
if (!empty($size['mime'])) {
$thumb_mime = $size['mime'];
} elseif (isset($validImageTypes[$size[2]])) {
$thumb_mime = 'image/' . $validImageTypes[$size[2]];
} else {
$thumb_mime = '';
}
$thumb_filename = $attachmentOptions['name'] . '_thumb';
$thumb_size = filesize($attachmentOptions['destination'] . '_thumb');
$thumb_file_hash = getAttachmentFilename($thumb_filename, false, null, true);
// To the database we go!
smf_db_insert('', '{db_prefix}attachments', array('id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-40', 'fileext' => 'string-8', 'size' => 'int', 'width' => 'int', 'height' => 'int', 'mime_type' => 'string-20', 'approved' => 'int'), array($id_folder, (int) $attachmentOptions['post'], 3, $thumb_filename, $thumb_file_hash, $attachmentOptions['fileext'], $thumb_size, $thumb_width, $thumb_height, $thumb_mime, (int) $attachmentOptions['approved']), array('id_attach'));
$attachmentOptions['thumb'] = smf_db_insert_id('{db_prefix}attachments', 'id_attach');
if (!empty($attachmentOptions['thumb'])) {
smf_db_query('
UPDATE {db_prefix}attachments
SET id_thumb = {int:id_thumb}
WHERE id_attach = {int:id_attach}', array('id_thumb' => $attachmentOptions['thumb'], 'id_attach' => $attachmentOptions['id']));
rename($attachmentOptions['destination'] . '_thumb', getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], $id_folder, false, $thumb_file_hash));
}
}
}
return true;
}
/**
* After post created
* @param array $msgOptions
* @param array $topicOptions
* @param array $posterOptions
*/
function cleantalk_after_create_topic($msgOptions, $topicOptions, $posterOptions)
{
global $sourcedir, $scripturl;
if (isset($msgOptions['cleantalk_check_message_result'])) {
require_once $sourcedir . '/Subs-Admin.php';
$link = $scripturl . '?topic=' . $topicOptions['id'] . '.msg' . $msgOptions['id'] . '#msg' . $msgOptions['id'];
$message = $msgOptions['cleantalk_check_message_result'] . "\n\n" . $link;
emailAdmins('send_email', array('EMAILSUBJECT' => '[Antispam for the board]', 'EMAILBODY' => "CleanTalk antispam failed: \n{$message}"));
}
}
/**
* Performs various checks on an uploaded file.
*
* What it does:
* - Requires that $_SESSION['temp_attachments'][$attachID] be properly populated.
*
* @package Attachments
* @param int $attachID id of the attachment to check
*/
function attachmentChecks($attachID)
{
global $modSettings, $context, $attachmentOptions;
$db = database();
// No data or missing data .... Not necessarily needed, but in case a mod author missed something.
if (empty($_SESSION['temp_attachments'][$attachID])) {
$error = '$_SESSION[\'temp_attachments\'][$attachID]';
} elseif (empty($attachID)) {
$error = '$attachID';
} elseif (empty($context['attachments'])) {
$error = '$context[\'attachments\']';
} elseif (empty($context['attach_dir'])) {
$error = '$context[\'attach_dir\']';
}
// Let's get their attention.
if (!empty($error)) {
fatal_lang_error('attach_check_nag', 'debug', array($error));
}
// These are the only valid image types.
$validImageTypes = array(1 => 'gif', 2 => 'jpeg', 3 => 'png', 5 => 'psd', 6 => 'bmp', 7 => 'tiff', 8 => 'tiff', 9 => 'jpeg', 14 => 'iff');
// Just in case this slipped by the first checks, we stop it here and now
if ($_SESSION['temp_attachments'][$attachID]['size'] == 0) {
$_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_0_byte_file';
return false;
}
// First, the dreaded security check. Sorry folks, but this should't be avoided
$size = @getimagesize($_SESSION['temp_attachments'][$attachID]['tmp_name']);
if (isset($validImageTypes[$size[2]])) {
require_once SUBSDIR . '/Graphics.subs.php';
if (!checkImageContents($_SESSION['temp_attachments'][$attachID]['tmp_name'], !empty($modSettings['attachment_image_paranoid']))) {
// It's bad. Last chance, maybe we can re-encode it?
if (empty($modSettings['attachment_image_reencode']) || !reencodeImage($_SESSION['temp_attachments'][$attachID]['tmp_name'], $size[2])) {
// Nothing to do: not allowed or not successful re-encoding it.
$_SESSION['temp_attachments'][$attachID]['errors'][] = 'bad_attachment';
return false;
}
// Success! However, successes usually come for a price:
// we might get a new format for our image...
$old_format = $size[2];
$size = @getimagesize($attachmentOptions['tmp_name']);
if (!empty($size) && $size[2] != $old_format) {
if (isset($validImageTypes[$size[2]])) {
$_SESSION['temp_attachments'][$attachID]['type'] = 'image/' . $validImageTypes[$size[2]];
}
}
}
}
// Is there room for this in the directory?
if (!empty($modSettings['attachmentDirSizeLimit']) || !empty($modSettings['attachmentDirFileLimit'])) {
// Check the folder size and count. If it hasn't been done already.
if (empty($context['dir_size']) || empty($context['dir_files'])) {
$request = $db->query('', '
SELECT COUNT(*), SUM(size)
FROM {db_prefix}attachments
WHERE id_folder = {int:folder_id}
AND attachment_type != {int:type}', array('folder_id' => $modSettings['currentAttachmentUploadDir'], 'type' => 1));
list($context['dir_files'], $context['dir_size']) = $db->fetch_row($request);
$db->free_result($request);
}
$context['dir_size'] += $_SESSION['temp_attachments'][$attachID]['size'];
$context['dir_files']++;
// Are we about to run out of room? Let's notify the admin then.
if (empty($modSettings['attachment_full_notified']) && !empty($modSettings['attachmentDirSizeLimit']) && $modSettings['attachmentDirSizeLimit'] > 4000 && $context['dir_size'] > ($modSettings['attachmentDirSizeLimit'] - 2000) * 1024 || !empty($modSettings['attachmentDirFileLimit']) && $modSettings['attachmentDirFileLimit'] * 0.95 < $context['dir_files'] && $modSettings['attachmentDirFileLimit'] > 500) {
require_once SUBSDIR . '/Admin.subs.php';
emailAdmins('admin_attachments_full');
updateSettings(array('attachment_full_notified' => 1));
}
// No room left.... What to do now???
if (!empty($modSettings['attachmentDirFileLimit']) && $context['dir_files'] + 2 > $modSettings['attachmentDirFileLimit'] || !empty($modSettings['attachmentDirSizeLimit']) && $context['dir_size'] > $modSettings['attachmentDirSizeLimit'] * 1024) {
// If we are managing the directories space automatically, lets get to it
if (!empty($modSettings['automanage_attachments']) && $modSettings['automanage_attachments'] == 1) {
// Move it to the new folder if we can.
if (automanage_attachments_by_space()) {
rename($_SESSION['temp_attachments'][$attachID]['tmp_name'], $context['attach_dir'] . '/' . $attachID);
$_SESSION['temp_attachments'][$attachID]['tmp_name'] = $context['attach_dir'] . '/' . $attachID;
$_SESSION['temp_attachments'][$attachID]['id_folder'] = $modSettings['currentAttachmentUploadDir'];
$context['dir_size'] = 0;
$context['dir_files'] = 0;
} else {
if (isset($context['dir_creation_error'])) {
$_SESSION['temp_attachments'][$attachID]['errors'][] = $context['dir_creation_error'];
} else {
$_SESSION['temp_attachments'][$attachID]['errors'][] = 'ran_out_of_space';
}
}
} else {
$_SESSION['temp_attachments'][$attachID]['errors'][] = 'ran_out_of_space';
}
}
}
// Is the file too big?
if (!empty($modSettings['attachmentSizeLimit']) && $_SESSION['temp_attachments'][$attachID]['size'] > $modSettings['attachmentSizeLimit'] * 1024) {
$_SESSION['temp_attachments'][$attachID]['errors'][] = array('file_too_big', array(comma_format($modSettings['attachmentSizeLimit'], 0)));
}
// Check the total upload size for this post...
$context['attachments']['total_size'] += $_SESSION['temp_attachments'][$attachID]['size'];
if (!empty($modSettings['attachmentPostLimit']) && $context['attachments']['total_size'] > $modSettings['attachmentPostLimit'] * 1024) {
$_SESSION['temp_attachments'][$attachID]['errors'][] = array('attach_max_total_file_size', array(comma_format($modSettings['attachmentPostLimit'], 0), comma_format($modSettings['attachmentPostLimit'] - ($context['attachments']['total_size'] - $_SESSION['temp_attachments'][$attachID]['size']) / 1024, 0)));
}
// Have we reached the maximum number of files we are allowed?
$context['attachments']['quantity']++;
// Set a max limit if none exists
if (empty($modSettings['attachmentNumPerPostLimit']) && $context['attachments']['quantity'] >= 50) {
$modSettings['attachmentNumPerPostLimit'] = 50;
}
if (!empty($modSettings['attachmentNumPerPostLimit']) && $context['attachments']['quantity'] > $modSettings['attachmentNumPerPostLimit']) {
$_SESSION['temp_attachments'][$attachID]['errors'][] = array('attachments_limit_per_post', array($modSettings['attachmentNumPerPostLimit']));
}
// File extension check
if (!empty($modSettings['attachmentCheckExtensions'])) {
$allowed = explode(',', strtolower($modSettings['attachmentExtensions']));
foreach ($allowed as $k => $dummy) {
$allowed[$k] = trim($dummy);
}
if (!in_array(strtolower(substr(strrchr($_SESSION['temp_attachments'][$attachID]['name'], '.'), 1)), $allowed)) {
$allowed_extensions = strtr(strtolower($modSettings['attachmentExtensions']), array(',' => ', '));
$_SESSION['temp_attachments'][$attachID]['errors'][] = array('cant_upload_type', array($allowed_extensions));
}
}
// Undo the math if there's an error
if (!empty($_SESSION['temp_attachments'][$attachID]['errors'])) {
if (isset($context['dir_size'])) {
$context['dir_size'] -= $_SESSION['temp_attachments'][$attachID]['size'];
}
if (isset($context['dir_files'])) {
$context['dir_files']--;
}
$context['attachments']['total_size'] -= $_SESSION['temp_attachments'][$attachID]['size'];
$context['attachments']['quantity']--;
return false;
}
return true;
}
/**
* This function handles submission of a template file.
* It checks the file for syntax errors, and if it passes, it saves it.
*
* This function is forwarded to, from
* ?action=admin;area=theme;sa=edit
*/
private function _action_edit_submit()
{
global $context, $settings, $user_info;
$selectedTheme = isset($_GET['th']) ? (int) $_GET['th'] : (isset($_GET['id']) ? (int) $_GET['id'] : 0);
if (empty($selectedTheme)) {
// This should never be happening. Never I say. But... in case it does :P
fatal_lang_error('theme_edit_missing');
}
$theme_dir = themeDirectory($context['theme_id']);
$file = isset($_POST['entire_file']) ? $_POST['entire_file'] : '';
// You did submit *something*, didn't you?
if (empty($file)) {
// @todo a better error message
fatal_lang_error('theme_edit_missing');
}
// Checking PHP syntax on css files is not a most constructive use of processing power :P
// We need to know what kind of file we have
$is_php = substr($_REQUEST['filename'], -4) == '.php';
$is_template = substr($_REQUEST['filename'], -13) == '.template.php';
$is_css = substr($_REQUEST['filename'], -4) == '.css';
// Check you up
if (checkSession('post', '', false) == '' && validateToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']), 'post', false) == true) {
// Consolidate the format in which we received the file contents
if (is_array($file)) {
$entire_file = implode("\n", $file);
} else {
$entire_file = $file;
}
// Convert our tabs back to tabs!
$entire_file = rtrim(strtr($entire_file, array("\r" => '', ' ' => "\t")));
// Errors? No errors!
$errors = array();
// For PHP files, we check the syntax.
if ($is_php) {
require_once SUBSDIR . '/DataValidator.class.php';
require_once SUBSDIR . '/Modlog.subs.php';
// Since we are running php code, let's track it, but only once in a while.
if (!recentlyLogged('editing_theme', 60)) {
logAction('editing_theme', array('member' => $user_info['id']), 'admin');
// But the email only once every 60 minutes should be fine
if (!recentlyLogged('editing_theme', 3600)) {
require_once SUBSDIR . '/Themes.subs.php';
require_once SUBSDIR . '/Admin.subs.php';
$theme_info = getBasicThemeInfos($context['theme_id']);
emailAdmins('editing_theme', array('EDIT_REALNAME' => $user_info['name'], 'FILE_EDITED' => $_REQUEST['filename'], 'THEME_NAME' => $theme_info[$context['theme_id']]));
}
}
$validator = new Data_Validator();
$validator->validation_rules(array('entire_file' => 'php_syntax'));
$validator->validate(array('entire_file' => $entire_file));
// Retrieve the errors
$errors = $validator->validation_errors();
}
// If successful so far, we'll take the plunge and save this piece of art.
if (empty($errors)) {
// Try to save the new file contents
$fp = fopen($theme_dir . '/' . $_REQUEST['filename'], 'w');
fwrite($fp, $entire_file);
fclose($fp);
if (function_exists('opcache_invalidate')) {
opcache_invalidate($theme_dir . '/' . $_REQUEST['filename']);
}
// We're done here.
redirectexit('action=admin;area=theme;th=' . $selectedTheme . ';' . $context['session_var'] . '=' . $context['session_id'] . ';sa=browse;directory=' . dirname($_REQUEST['filename']));
} else {
// Pick the right sub-template for the next try
if ($is_template) {
$context['sub_template'] = 'edit_template';
} else {
$context['sub_template'] = 'edit_file';
}
// Fill contextual data for the template, the errors to show
foreach ($errors as $error) {
$context['parse_error'][] = $error;
}
// The format of the data depends on template/non-template file.
if (!is_array($file)) {
$file = array($file);
}
// Send back the file contents
$context['entire_file'] = htmlspecialchars(strtr(implode('', $file), array("\t" => ' ')), ENT_COMPAT, 'UTF-8');
foreach ($file as $i => $file_part) {
$context['file_parts'][$i]['lines'] = strlen($file_part);
$context['file_parts'][$i]['data'] = $file_part;
}
// Re-create token for another try
createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']));
return;
}
} else {
loadLanguage('Errors');
// Notify the template of trouble
$context['session_error'] = true;
// Recycle the submitted data.
if (is_array($file)) {
$context['entire_file'] = htmlspecialchars(implode("\n", $file), ENT_COMPAT, 'UTF-8');
} else {
$context['entire_file'] = htmlspecialchars($file, ENT_COMPAT, 'UTF-8');
}
$context['edit_filename'] = htmlspecialchars($_POST['filename'], ENT_COMPAT, 'UTF-8');
// Choose sub-template
if ($is_template) {
$context['sub_template'] = 'edit_template';
} elseif ($is_css) {
addJavascriptVar(array('previewData' => '\'\'', 'previewTimeout' => '\'\'', 'refreshPreviewCache' => '\'\'', 'editFilename' => JavaScriptEscape($context['edit_filename']), 'theme_id' => $settings['theme_id']));
$context['sub_template'] = 'edit_style';
} else {
$context['sub_template'] = 'edit_file';
}
// Re-create the token so that it can be used
createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']));
return;
}
}
if ($key == 'email') {
$value = draw_link('mailto:' . $value);
} elseif ($key == 'departmentID' && $value) {
$value = db_grab('SELECT departmentName FROM departments WHERE departmentID = ' . $value);
} elseif ($key == 'officeID' && $value) {
$value = db_grab('SELECT name FROM offices WHERE id = ' . $value);
} elseif ($key == 'organization_id' && $value) {
$value = db_grab('SELECT title from organizations WHERE id = ' . $value);
} elseif ($key == 'Additional Info') {
$value = nl2br($value);
}
$message .= '<tr><td class="left">' . $key . '</td><td>' . $value . '</td></tr>';
}
$message .= '<tr><td colspan="2" class="bottom">' . draw_link($link, 'click here') . '</td></tr>';
$message = '<table border="1">' . $message . '</table>';
emailAdmins($message, $subject);
}
url_change('account_confirm.php');
}
echo drawSimpleTop(getString('login_account_request'));
echo drawMessage(getString('login_account_request_msg'));
$f = new form('users_requests', false, getString('login_account_request'));
$f->set_field(array('type' => 'select', 'sql' => 'SELECT id, title' . langExt() . ' title FROM organizations WHERE is_active = 1 ORDER BY precedence', 'name' => 'organization_id', 'label' => getString('organization'), 'required' => true, 'null_value' => getString('please_select')));
$f->set_field(array('type' => 'text', 'name' => 'firstname', 'label' => getString('name_first')));
$f->set_field(array('type' => 'text', 'name' => 'nickname', 'label' => getString('nickname')));
$f->set_field(array('type' => 'text', 'name' => 'lastname', 'label' => getString('name_last')));
$f->set_field(array('type' => 'text', 'name' => 'title', 'label' => getString('staff_title')));
$f->set_field(array('type' => 'text', 'name' => 'phone', 'label' => getString('telephone')));
$f->set_field(array('type' => 'text', 'name' => 'email', 'label' => getString('email')));
if (getOption('staff_showoffice')) {
$f->set_field(array('type' => 'select', 'name' => 'officeID', 'label' => getString('location'), 'sql' => 'SELECT id, name FROM offices ORDER BY precedence', 'required' => true));
/**
* Handling function for the backup stuff.
*
* - It requires an administrator and the session hash by post.
* - This method simply forwards to DumpDatabase2().
*/
public function action_backup_display()
{
global $context, $txt, $user_info;
validateToken('admin-maint');
// Administrators only!
if (!allowedTo('admin_forum')) {
fatal_lang_error('no_dump_database', 'critical');
}
checkSession('post');
if (empty($iknowitmaybeunsafe)) {
require_once SUBSDIR . '/FtpConnection.class.php';
$ftp = new Ftp_Connection($_POST['ftp_server'], $_POST['ftp_port'], $_POST['ftp_username'], $_POST['ftp_password']);
if ($ftp->error === false) {
// I know, I know... but a lot of people want to type /home/xyz/... which is wrong, but logical.
if (!$ftp->chdir($_POST['ftp_path'])) {
$ftp_error = $ftp->error;
$ftp->chdir(preg_replace('~^/home[2]?/[^/]+?~', '', $_POST['ftp_path']));
}
}
// If we had an error...
if ($ftp->error !== false) {
loadLanguage('Packages');
$ftp_error = $ftp->last_message === null ? isset($txt['package_ftp_' . $ftp->error]) ? $txt['package_ftp_' . $ftp->error] : '' : $ftp->last_message;
// Fill the boxes for a FTP connection with data from the previous attempt
$context['package_ftp'] = array('form_elements_only' => 1, 'server' => $_POST['ftp_server'], 'port' => $_POST['ftp_port'], 'username' => $_POST['ftp_username'], 'path' => $_POST['ftp_path'], 'error' => empty($ftp_error) ? null : $ftp_error);
return $this->action_database();
}
}
require_once SUBSDIR . '/Admin.subs.php';
emailAdmins('admin_backup_database', array('BAK_REALNAME' => $user_info['name']));
logAction('database_backup', array('member' => $user_info['id']), 'admin');
require_once SOURCEDIR . '/DumpDatabase.php';
DumpDatabase2();
}
