function mysql2_query_secure($sql, $link, $arg = '', $log = false)
{
global $l, $lbl_log;
$query = generate_secure_sql($sql, $arg);
if ($log) {
addLog($log, $query, $lbl_log);
}
if ($_SESSION['OCS']['DEBUG'] == 'ON') {
$_SESSION['OCS']['SQL_DEBUG'][] = html_entity_decode($query, ENT_QUOTES);
}
if (DEMO) {
$rest = mb_strtoupper(substr($query, 0, 6));
if ($rest == 'UPDATE' or $rest == 'INSERT' or $rest == 'DELETE') {
if (DEMO_MSG != 'show') {
msg_info($l->g(2103));
define('DEMO_MSG', 'show');
}
return false;
}
}
$result = mysqli_query($link, $query);
if ($_SESSION['OCS']['DEBUG'] == 'ON' and !$result) {
msg_error(mysqli_error($link));
}
return $result;
}
function show_computer_summary($computer)
{
global $l;
$urls = $_SESSION['OCS']['url_service'];
$labels = array('SYSTEM' => array('USERID' => $l->g(24), 'OSNAME' => $l->g(274), 'OSVERSION' => $l->g(275), 'OSCOMMENTS' => $l->g(286), 'DESCRIPTION' => $l->g(53), 'WINCOMPANY' => $l->g(51), 'WINOWNER' => $l->g(348), 'WINPRODID' => $l->g(111), 'WINPRODKEY' => $l->g(553), 'VMTYPE' => $l->g(1267)), 'NETWORK' => array('WORKGROUP' => $l->g(33), 'USERDOMAIN' => $l->g(557), 'IPADDR' => $l->g(34), 'NAME_RZ' => $l->g(304)), 'HARDWARE' => array('SWAP' => $l->g(50), 'MEMORY' => $l->g(26), 'UUID' => $l->g(1268), 'ARCH' => $l->g(1247)), 'AGENT' => array('USERAGENT' => $l->g(357), 'LASTDATE' => $l->g(46), 'LASTCOME' => $l->g(820)));
$cat_labels = array('SYSTEM' => $l->g(1387), 'NETWORK' => $l->g(1388), 'HARDWARE' => $l->g(1389), 'AGENT' => $l->g(1390));
foreach ($labels as $cat_key => $cat) {
foreach ($cat as $key => $lbl) {
if ($key == "MEMORY") {
$sqlMem = "SELECT SUM(capacity) AS 'capa' FROM memories WHERE hardware_id=%s";
$argMem = $computer->ID;
$resMem = mysql2_query_secure($sqlMem, $_SESSION['OCS']["readServer"], $argMem);
$valMem = mysqli_fetch_array($resMem);
if ($valMem["capa"] > 0) {
$memory = $valMem["capa"];
} else {
$memory = $computer->{$key};
}
$data[$key] = $memory;
} elseif ($key == "LASTDATE" or $key == "LASTCOME") {
$data[$key] = dateTimeFromMysql($computer->{$key});
} elseif ($key == "NAME_RZ") {
$data[$key] = "";
$data_RZ = subnet_name($computer->ID);
$nb_val = count($data_RZ);
if ($nb_val == 1) {
$data[$key] = $data_RZ[0];
} elseif (isset($data_RZ)) {
foreach ($data_RZ as $index => $value) {
$data[$key] .= $index . " => " . $value . "<br>";
}
}
} elseif ($key == "VMTYPE" and $computer->UUID != '') {
$sqlVM = "select vm.hardware_id,vm.vmtype, h.name from virtualmachines vm left join hardware h on vm.hardware_id=h.id where vm.uuid='%s' order by h.name DESC";
$argVM = $computer->UUID;
$resVM = mysql2_query_secure($sqlVM, $_SESSION['OCS']["readServer"], $argVM);
$valVM = mysqli_fetch_array($resVM);
$data[$key] = $valVM['vmtype'];
$link_vm = "<a href='index.php?" . PAG_INDEX . "=" . $urls->getUrl('ms_computer') . "&head=1&systemid=" . $valVM['hardware_id'] . "' target='_blank'><font color=red>" . $valVM['name'] . "</font></a>";
$link[$key] = true;
if ($data[$key] != '') {
msg_info($l->g(1266) . "<br>" . $l->g(1269) . ': ' . $link_vm);
}
} elseif ($key == "IPADDR" and $_SESSION['OCS']['profile']->getRestriction('WOL', 'NO') == "NO") {
$data[$key] = $computer->{$key} . " <a href=# OnClick='confirme(\"\",\"WOL\",\"bandeau\",\"WOL\",\"" . $l->g(1283) . "\");'><i>WOL</i></a>";
$link[$key] = true;
} elseif ($computer->{$key} != '') {
$data[$key] = $computer->{$key};
}
}
}
echo open_form("bandeau");
show_summary($data, $labels, $cat_labels, $link);
echo "<input type='hidden' id='WOL' name='WOL' value=''>";
echo close_form();
}
if ($infos_status['NIV_BIS'] == "") {
msg_warning($l->g(1089));
} else {
//define tab
$data_on[1] = $l->g(1072);
$data_on[2] = $l->g(1073);
}
if ($_SESSION['OCS']['CONFIGURATION']['TELEDIFF_WK'] == 'YES') {
$data_on[4] = $l->g(107);
}
$form_name = "admins";
echo open_form($form_name);
if (isset($data_on)) {
onglet($data_on, $form_name, "onglet", 4);
$table_name = $form_name;
echo '<div class="mlt_bordure" >';
if ($protectedPost['onglet'] == 2) {
dde_form($form_name);
} elseif ($protectedPost['onglet'] == 4) {
dde_conf($form_name);
} elseif ($protectedPost['onglet'] == 1) {
dde_show($form_name);
}
echo '</div>';
} else {
msg_info($l->g(1187));
}
echo close_form();
} else {
msg_info($l->g(1075));
}
$tooltip = tooltip($msg_header_error_sol[$poub]);
$msg_tooltip .= "<div " . $tooltip . ">" . $values . "</div>";
}
}
msg_error("<big>" . $l->g(1263) . "</big><br>" . $msg_tooltip, "top_msg_alert");
}
//warning are detected
if ($msg_header_warning != array()) {
msg_warning(implode('<br>', $msg_header_warning), "top_msg_warning");
}
}
if (isset($_SESSION['OCS']['TRUE_USER'])) {
msg_info($_SESSION['OCS']['TRUE_USER'] . " " . $l->g(889) . " " . $_SESSION['OCS']["loggeduser"]);
}
if (isset($_SESSION['OCS']["TRUE_mesmachines"])) {
msg_info($l->g(890));
}
echo "</td></tr></table></td></tr>";
if (!isset($_SESSION['OCS']["loggeduser"])) {
echo "<tr><td colspan=20 align=right>";
require_once 'plugins/language/language.php';
echo "</td></tr>";
}
echo "</table>";
echo "<div class='fond'>";
if ($_SESSION['OCS']["mesmachines"] == "NOTAG" and !(array_search('ms_debug', $_SESSION['OCS']['TRUE_PAGES']['ms_debug']) and $protectedGet[PAG_INDEX] == $pages_refs['ms_debug'])) {
if (isset($LIST_ERROR)) {
$msg_error = $LIST_ERROR;
} else {
$msg_error = $l->g(893);
}
$version_database = $_SESSION['OCS']['SQL_BASE_VERS'];
$form_name = 'form_update';
$rep_maj = 'files/update/';
//search all sql files for update
$list_fichier = ScanDirectory($rep_maj, "sql");
echo "<form name='" . $form_name . "' id='" . $form_name . "' method='POST'>";
$msg_info[] = $l->g(2057);
if (GUI_VER < $_SESSION['OCS']['SQL_BASE_VERS']) {
msg_info(implode("<br />", $msg_info));
msg_error($l->g(2107) . "<br>" . $l->g(2108) . "<br>" . $l->g(2109) . ":" . $version_database . "=>" . $l->g(2110) . ":" . GUI_VER);
echo "</form>";
require_once 'require/footer.php';
die;
}
$msg_info[] = $l->g(2109) . ":" . $version_database . "=>" . $l->g(2110) . ":" . GUI_VER;
msg_info(implode("<br />", $msg_info));
echo "<br><input type=submit name='update' value='" . $l->g(2111) . "'>";
if (isset($_POST['update'])) {
while ($version_database < GUI_VER) {
$version_database++;
if (in_array($version_database . ".sql", $list_fichier['name'])) {
if ($_SESSION['OCS']['DEBUG'] == 'ON') {
msg_success("Mise à jour effectuée: " . $version_database . ".sql");
}
exec_fichier_sql($rep_maj . '/' . $version_database . ".sql");
$sql = "update config set tvalue='%s' where name='GUI_VERSION'";
$arg = $version_database;
$res_column = mysql2_query_secure($sql, $_SESSION['OCS']["writeServer"], $arg);
$_SESSION['OCS']['SQL_BASE_VERS'] = $version_database;
} else {
msg_error($l->g(2114) . " " . $version_database);
show_computer_title($item);
if (isset($protectedGet['cat']) and $protectedGet['cat'] == 'admin') {
show_computer_summary($item);
}
//Wake On Lan function
if (isset($protectedPost["WOL"]) and $protectedPost["WOL"] == 'WOL' and $_SESSION['OCS']['profile']->getRestriction('WOL', 'NO') == "NO") {
require_once 'require/function_wol.php';
$wol = new Wol();
$sql = "select MACADDR,IPADDRESS from networks WHERE (hardware_id=%s) and status='Up'";
$arg = array($item->ID);
$resultDetails = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"], $arg);
$msg = "";
while ($item = mysqli_fetch_object($resultDetails)) {
$wol->wake($item->MACADDR, $item->IPADDRESS);
if ($wol->wol_send == $l->g(1282)) {
msg_info($wol->wol_send . "=>" . $item->MACADDR . "/" . $item->IPADDRESS);
} else {
msg_error($wol->wol_send . "=>" . $item->MACADDR . "/" . $item->IPADDRESS);
}
}
}
if ($ajax) {
ob_end_clean();
}
$plugins_serializer = new XMLPluginsSerializer();
$plugins = $plugins_serializer->unserialize(file_get_contents('config/computer/plugins.xml'));
if (isset($protectedGet['cat']) and in_array($protectedGet['cat'], array('software', 'hardware', 'devices', 'admin', 'config', 'other'))) {
// If category
foreach ($plugins as $plugin) {
if ($plugin->getCategory() == $protectedGet['cat']) {
$plugin_file = PLUGINS_DIR . "computer_detail/" . $plugin->getId() . "/" . $plugin->getId() . ".php";
function multi_lot($form_name, $lbl_choise)
{
global $protectedPost, $protectedGet, $l;
$list_id = "";
//print_r($protectedPost);
if (!isset($protectedGet['origine'])) {
if (isset($protectedGet['idchecked']) and $protectedGet['idchecked'] != "") {
$choise_req_selection['REQ'] = $l->g(584);
$choise_req_selection['SEL'] = $l->g(585);
$select_choise = show_modif($choise_req_selection, 'CHOISE', 2, $form_name);
echo "<center>" . $lbl_choise . " " . $select_choise . "</center><br>";
}
if ($protectedPost['CHOISE'] == 'REQ' or $protectedGet['idchecked'] == '') {
msg_info($l->g(901));
if ($protectedGet['idchecked'] == '') {
echo "<input type='hidden' name='CHOISE' value='" . $protectedPost['CHOISE'] . "'>";
$protectedPost['CHOISE'] = 'REQ';
}
$list_id = $_SESSION['OCS']['ID_REQ'];
}
if ($protectedPost['CHOISE'] == 'SEL') {
msg_info($l->g(902));
$list_id = $protectedGet['idchecked'];
}
//gestion tableau
if (is_array($list_id)) {
$list_id = implode(",", $list_id);
}
} else {
$list_id = $protectedGet['idchecked'];
}
if ($list_id != "") {
return $list_id;
} else {
return false;
}
}
fwrite($ch, "define(\"DB_NAME\", \"" . $_POST['database'] . "\");\n");
fwrite($ch, "define(\"SERVER_READ\",\"" . $_POST["host"] . "\");\n");
fwrite($ch, "define(\"SERVER_WRITE\",\"" . $_POST["host"] . "\");\n");
fwrite($ch, "define(\"COMPTE_BASE\",\"" . $_POST["name"] . "\");\n");
fwrite($ch, "define(\"PSWD_BASE\",\"" . $_POST["pass"] . "\");\n");
fwrite($ch, "?>");
fclose($ch);
msg_success("<b><a href='index.php'>" . $l->g(2051) . "</a></b>");
unset($_SESSION['OCS']['SQL_BASE_VERS']);
die;
}
}
if (!$error) {
ob_flush();
flush();
msg_info($l->g(2030));
exec_fichier_sql($db_file, $link);
$ch = @fopen(CONF_MYSQL, "w");
fwrite($ch, "<?php\n");
fwrite($ch, "define(\"DB_NAME\", \"" . $_POST['database'] . "\");\n");
fwrite($ch, "define(\"SERVER_READ\",\"" . $_POST["host"] . "\");\n");
fwrite($ch, "define(\"SERVER_WRITE\",\"" . $_POST["host"] . "\");\n");
fwrite($ch, "define(\"COMPTE_BASE\",\"" . $name_connect . "\");\n");
fwrite($ch, "define(\"PSWD_BASE\",\"" . $pass_connect . "\");\n");
fwrite($ch, "?>");
fclose($ch);
if (!mysqli_connect($_POST["host"], $name_connect, $pass_connect)) {
if (mysqli_connect_errno() == 0) {
echo "<br><center><font color=red><b>" . $l->g(2043) . " " . $l->g(2044) . "</b><br></font></center>";
die;
} else {
$tab_options['FILTRE']['h.ipaddr'] = $l->g(34);
}
printEnTete($title);
echo "<br><br>";
$tab_options['LBL']['MAC'] = $l->g(95);
$list_col_cant_del = array($l->g(66) => $l->g(66), 'SUP' => 'SUP', 'MODIF' => 'MODIF');
$table_name = "IPDISCOVER_" . $protectedGet['prov'];
$form_name = $table_name;
echo open_form($form_name);
$result_exist = tab_req($table_name, $list_fields, $default_fields, $list_col_cant_del, $sql, $form_name, 80, $tab_options);
$fipdisc = "ipdiscover-util.pl";
$values = look_config_default_values(array('IPDISCOVER_IPD_DIR'));
$IPD_DIR = $values['tvalue']['IPDISCOVER_IPD_DIR'] . "/ipd";
if ($scriptPresent = @stat($fipdisc)) {
$filePresent = true;
if (!is_executable($fipdisc)) {
$msg_info = $fipdisc . " " . $l->g(341);
} else {
if (!is_writable($IPD_DIR)) {
$msg_info = $l->g(342) . " " . $fipdisc . " (" . $IPD_DIR . ")";
}
}
if (!isset($msg_info)) {
echo "<br><input type='button' onclick=window.open(\"index.php?" . PAG_INDEX . "=" . $pages_refs['ms_ipdiscover_analyse'] . "&head=1&rzo=" . $protectedGet['value'] . "\",\"analyse\",\"location=0,status=0,scrollbars=1,menubar=0,resizable=0,width=800,height=650\") name='analyse' value='" . $l->g(317) . "'>";
} else {
msg_info($msg_info);
}
}
echo close_form();
}
}
$protectedPost['document_root'] = $document_root;
}
echo "<input type='hidden' name='document_root' value='" . $protectedPost['document_root'] . "'>\t \n\t <input type='hidden' id='timestamp' name='timestamp' value='" . $protectedPost['timestamp'] . "'>";
echo "<script language='javascript'>\n\t\tfunction verif()\n\t\t {\n\t\t\tvar msg = '';\n\t\t\tchamps = new Array('NAME','DESCRIPTION','OS','PROTOCOLE','PRIORITY','ACTION','ACTION_INPUT','REDISTRIB_USE');\n\t\t\tchamps_OS = new Array('NOTIFY_USER','NEED_DONE_ACTION');\n\t\t\tchamps_ACTION=new Array('teledeploy_file');\n\t\t\tchamps_REDISTRIB_USE=new Array('REDISTRIB_PRIORITY');\n\t\t\tchamps_NOTIFY_USER=new Array('NOTIFY_TEXT','NOTIFY_COUNTDOWN','NOTIFY_CAN_ABORT','NOTIFY_CAN_DELAY');\n\t\t\tchamps_NEED_DONE_ACTION=new Array('NEED_DONE_ACTION_TEXT');\n\t\t\t\n\n\n\t\t\n\t\t\tfor (var n = 0; n < champs.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById(champs[n]).value == ''){\n\t\t\t\t document.getElementById(champs[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs[n]).style.backgroundColor = '';\n\t\t\t}\n\n\t\t\tfor (var n = 0; n < champs_OS.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById('OS').value == 'WINDOWS' && document.getElementById(champs_OS[n]).value == ''){\n\t\t\t\t document.getElementById(champs_OS[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs_OS[n]).style.backgroundColor = '';\n\t\t\t}\n\t\t\tfor (var n = 0; n < champs_ACTION.length; n++)\n\t\t\t{\n\t\t\t\tvar name_file=document.getElementById(champs_ACTION[n]).value;\n\t\t\t\tname_file=name_file.toUpperCase();\n\t\t\t\tif (document.getElementById(\"OS\").value == 'WINDOWS')\n\t\t\t\t\tvar debut=name_file.length-3;\n\t\t\t\telse\n\t\t\t\t\tvar debut=name_file.length-6;\n\t\t\t\tif (document.getElementById('ACTION').value != 'EXECUTE' && document.getElementById(champs_ACTION[n]).value == ''){\n\t\t\t\t\talert('" . $l->g(602) . "');\n\t\t\t\t \tdocument.getElementById(champs_ACTION[n]).style.backgroundColor = 'RED';\n\t\t\t\t \tmsg='NULL';\n\t\t\t\t }\n\t\t\t\telse if (document.getElementById('ACTION').value != 'EXECUTE' && name_file.substring(debut,name_file.length) != 'ZIP' && document.getElementById(\"OS\").value == 'WINDOWS'){\n\t\t\t\t\talert('" . $l->g(1231) . "');\n\t\t\t\t\tdocument.getElementById(champs_ACTION[n]).style.backgroundColor = 'RED';\n\t\t\t\t\tmsg='NULL';\n\t\t\t\t}else if (document.getElementById('ACTION').value != 'EXECUTE' && name_file.substring(debut,name_file.length) != 'TAR.GZ' && document.getElementById(\"OS\").value != 'WINDOWS'){\n\t\t\t\t\talert('" . $l->g(1232) . "');\n\t\t\t\t\tdocument.getElementById(champs_ACTION[n]).style.backgroundColor = 'RED';\n\t\t\t\t\tmsg='NULL';\n\t\t\t\t}\n\t\t\t\t document.getElementById(champs_ACTION[n]).style.backgroundColor = '';\n\n\t\t\t}\n\t\t\t\n\t\t\tfor (var n = 0; n < champs_REDISTRIB_USE.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById('REDISTRIB_USE').value == 1 && document.getElementById(champs_REDISTRIB_USE[n]).value == ''){\n\t\t\t\t document.getElementById(champs_REDISTRIB_USE[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs_REDISTRIB_USE[n]).style.backgroundColor = '';\n\t\t\t}\n\n\t\t\tfor (var n = 0; n < champs_NOTIFY_USER.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById('NOTIFY_USER').value == 1 && document.getElementById(champs_NOTIFY_USER[n]).value == ''){\n\t\t\t\t document.getElementById(champs_NOTIFY_USER[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs_NOTIFY_USER[n]).style.backgroundColor = '';\n\t\t\t}\n\n\t\t\tfor (var n = 0; n < champs_NEED_DONE_ACTION.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById('NEED_DONE_ACTION').value == 1 && document.getElementById(champs_NEED_DONE_ACTION[n]).value == ''){\n\t\t\t\t document.getElementById(champs_NEED_DONE_ACTION[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs_NEED_DONE_ACTION[n]).style.backgroundColor = '';\n\t\t\t}\n\n\t\t\tif (msg != ''){\n\t\t\talert ('" . $l->g(1001) . "');\n\t\t\treturn false;\n\t\t\t}else\n\t\t\treturn true;\t\t\t\n\t\t}\n\t</script>";
echo "<div ";
if ($protectedPost['valid']) {
echo " style='display:none;'";
}
echo ">";
printEnTete($l->g(434));
echo "<br>";
$activate = option_conf_activate('TELEDIFF_WK');
//If workflow for teledeploy is activated
//We show only the package we can create
if ($activate) {
msg_info($l->g(1105) . "<br>" . $l->g(1106) . "<br>" . $l->g(1107));
//get all request with the status "Create a Package"
$conf_creat_Wk = look_config_default_values(array('IT_SET_NIV_CREAT'));
$info_dde_statut_creat = info_dde(find_dde_by_status($conf_creat_Wk['tvalue']['IT_SET_NIV_CREAT']));
if ($info_dde_statut_creat != '') {
$array_id_fields = find_id_field(array('NAME_TELEDEPLOY', 'PRIORITY', 'NOTIF_USER', 'REPORT_USER', 'INFO_PACK'));
//build the seach
$id_name = "fields_" . $array_id_fields['NAME_TELEDEPLOY']->id;
$id_description = "fields_" . $array_id_fields['INFO_PACK']->id;
$id_priority = "fields_" . $array_id_fields['PRIORITY']->id;
$id_notify_user = "******" . $array_id_fields['NOTIF_USER']->id;
foreach ($info_dde_statut_creat as $id => $tab_value) {
$list_dde_creat[$tab_value->ID] = $tab_value->{$id_name};
}
echo "<br><b>" . $l->g(1183) . ":</b>" . show_modif($list_dde_creat, 'LIST_DDE_CREAT', 2, $form_name);
if (!$protectedPost['LIST_DDE_CREAT'] or $protectedPost['LIST_DDE_CREAT'] == "") {
function media_invoke()
{
$popup_form = '';
list($path, $opt) = GET('folder, opt', 'GETPOST');
list($do_action, $pending) = GET('do_action, pending', 'POST');
// Change default uploads dir
$udir = cn_path_construct(SERVDIR, 'uploads');
if (getoption('uploads_dir')) {
$udir = preparation_path(getoption('uploads_dir'));
}
$edir = getoption('uploads_ext') ? getoption('uploads_ext') : getoption('http_script_dir') . '/uploads';
$dfile = cn_path_construct($udir, $path);
// Remove root identifier
$path = preparation_path($path);
// Path detection
$path = preg_replace('/[^a-z0-9\\/_\\\\]/i', '-', $path);
$root_dir = cn_path_construct($udir, $path) . DIRECTORY_SEPARATOR;
$just_uploaded = array();
// Get path struct
$pathes = spsep($path, DIRECTORY_SEPARATOR);
if (isset($pathes[0]) && $pathes[0] === '') {
unset($pathes[0]);
}
// Do upload files
if (request_type('POST')) {
cn_dsi_check();
// Allowed Exts.
$AE = spsep(getoption('allowed_extensions'));
// Generate thumbnail after upload
$thumbnail_with_upload = getoption('thumbnail_with_upload');
// UPLOAD FILES
if (REQ('upload', 'POST')) {
list($overwrite) = GET('overwrite');
$is_uploaded = FALSE;
// Try for fopen url upload
if ($upload_from_inet = REQ('upload_from_inet')) {
if (ini_get('allow_url_fopen')) {
// Get filename
$url_name = spsep($upload_from_inet, '/');
$url_name = $url_name[count($url_name) - 1];
$url_name = preg_replace('/(%20|\\s|\\?|&|\\/)/', '_', $url_name);
$url_name = str_replace('%', '_', $url_name);
// resolve filename
$c_file = $dfile . $url_name;
// Overwrite [if can], or add file
if ($overwrite && file_exists($c_file) || !file_exists($c_file)) {
// Use context for disable error notices
if (function_exists('stream_context_create')) {
$context = stream_context_create(array('http' => array('ignore_errors' => true)));
$fw = fopen($upload_from_inet, 'rb', false, $context);
} else {
// Read file
$fw = fopen($upload_from_inet, 'rb');
}
// --------- (fetch content) ------
ob_start();
fpassthru($fw);
$file_image = ob_get_clean();
fclose($fw);
// ---------
// write2disk
if ($wf = fopen($c_file, 'w')) {
fwrite($wf, $file_image);
fclose($wf);
}
// check image
list($w, $h) = getimagesize($c_file);
if ($w && $h) {
cn_throw_message('File uploaded');
$max_width = getoption('max_thumbnail_width');
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
$is_uploaded = TRUE;
$just_uploaded[$url_name] = TRUE;
} else {
cn_throw_message("Wrong image file", 'e');
unlink($c_file);
}
} else {
cn_throw_message("Can't overwrite or save", 'e');
}
} else {
cn_throw_message('allow_url_fopen=0, check server configurations');
}
}
// Upload from local
foreach ($_FILES['upload_file']['name'] as $id => $name) {
if ($name) {
$ext = NULL;
if (preg_match('/\\.(\\w+)$/i', $name, $c)) {
$ext = strtolower($c[1]);
}
// Check allowed ext
if ($ext && in_array($ext, $AE)) {
// encode url
$name = str_replace('%2F', '/', urlencode($name));
// encoded? replace filename
if (strpos($name, '%') !== FALSE) {
$name = str_replace('%', '', strtolower($name));
}
// check file for exist
if (file_exists($c_file = $dfile . $name)) {
if ($overwrite) {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] overwritten', 'w');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] already exists', 'e');
continue;
}
}
// Upload file to server
if (move_uploaded_file($_FILES['upload_file']['tmp_name'][$id], $c_file)) {
$just_uploaded[$name] = TRUE;
cn_throw_message('File uploaded [<b>' . cn_htmlspecialchars($name) . '</b>]');
$max_width = getoption('max_thumbnail_width');
list($w, $h) = getimagesize($c_file);
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] not uploaded! Please, check upload_max_filesize in PHP settings.', 'e');
}
} else {
cn_throw_message('File extension [' . cn_htmlspecialchars($ext) . '] not allowed', 'e');
}
} elseif (!$is_uploaded) {
cn_throw_message('No selected files for upload', 'e');
}
}
} elseif ($do_action || $pending) {
list($rm) = GET('rm', 'POST');
// action --> delete entries
if ($do_action == 'delete') {
if (empty($rm)) {
cn_throw_message('No files selected', 'w');
} else {
foreach ($rm as $file) {
if (file_exists($cfile = $dfile . $file)) {
if (is_dir($cfile)) {
rmdir($cfile);
} else {
//get thumbnail path
$path_parts = pathinfo($cfile);
$thumbnail_path = $path_parts['dirname'] . DIRECTORY_SEPARATOR . '.thumb.' . $path_parts['basename'];
if (file_exists($thumbnail_path)) {
unlink($thumbnail_path);
}
unlink($cfile);
}
}
if (file_exists($cfile)) {
cn_throw_message('File [' . cn_htmlspecialchars($cfile) . '] not deleted!', 'e');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($file) . '] deleted successfully');
}
}
}
} elseif ($do_action == 'create') {
$popup_form = i18n('Enter directory name') . ' <input type="text" name="new_dir" value="" />';
} elseif ($pending == 'create') {
$new_dir_arr = GET('new_dir', 'POST');
$new_folder = array_pop($new_dir_arr);
$new_folder = preg_replace('/[^a-z0-9_]/i', '-', $new_folder);
if ($new_folder) {
$cfile = $dfile . $new_folder;
if (is_dir($cfile)) {
cn_throw_message('Folder [' . $new_folder . '] already exists!', 'e');
} else {
mkdir($cfile);
if (!is_dir($cfile)) {
cn_throw_message('Folder [' . cn_htmlspecialchars($cfile) . ' not created]', 'e');
} else {
cn_throw_message('Folder [' . $new_folder . '] created!');
}
}
} else {
cn_throw_message('Specify folder name', 'w');
}
$popup_form = '';
} elseif ($do_action == 'rename') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Rename file to') . '</div>';
$popup_form .= i18n('Tip: Write new file name') . '<br />';
$popup_form .= '<table>';
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td><input style="width: 300px;" type="text" name="place[' . $id . ']" value="' . $hfn . '" /> ';
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to rename', 'w');
}
} elseif ($pending == 'rename') {
// ...
list($ids, $place) = GET('ids, place', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
if (in_array(md5($file), $safe_dir)) {
$filename = $place[$id];
if (strpos($filename, '\\') || strpos($filename, '/')) {
cn_throw_message(i18n('The name of file [%1] should not contain special characters', cn_htmlspecialchars($file)), 'e');
continue;
}
$renameto = $root_dir . $filename;
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $renameto)) {
if (file_exists($thumb)) {
rename($thumb, $root_dir . '.thumb.' . $filename);
}
cn_throw_message(i18n('File [%1] renamed to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($filename)));
} else {
cn_throw_message(i18n('File [%1] not renamed', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'move') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Move files to') . '</div>';
$popup_form .= i18n('Tip: You can select the folder to move the file') . '<br />';
$popup_form .= '<table>';
$folders = array();
$dirs = scan_dir($root_dir);
foreach ($dirs as $entry) {
if (is_dir($root_dir . $entry) && !($entry === '..' || $entry === '.')) {
$folders[] = $entry;
}
}
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td>';
$cnt_folders = count($folders);
if ($cnt_folders != 0 && !($cnt_folders == 1 && in_array($hfn, $folders))) {
$popup_form .= '<select name="place_folder_' . $id . '">';
foreach ($folders as $dirn) {
if ($dirn != $hfn) {
$popup_form .= '<option value="' . $dirn . '">' . $dirn . '</option>';
}
}
$popup_form .= '</select>';
}
if ($root_dir != $udir) {
$popup_form .= '<nobr><input type="checkbox" onclick="javascript:hideFolderList(this,' . $id . ')" name="moveup[' . $id . ']" value="Y" /> Move up</nobr>';
} else {
$popup_form .= '<nobr> X Move up (You are in root folder)</nobr>';
}
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to move', 'w');
}
} elseif ($pending == 'move') {
// ...
list($ids, $moveup) = GET('ids, moveup', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
list($place_folder) = GET('place_folder_' . $id);
if (in_array(md5($file), $safe_dir)) {
$NF = '';
$foldername = preg_replace('/\\.\\//i', '', $place_folder);
// move this file up
if (isset($moveup[$id]) && count($pathes) > 0) {
$nwfolder = dirname($root_dir);
$foldername = 'up folder';
} else {
$nwfolder = $root_dir . ($NF = isset($rm[0]) ? $rm[0] : '') . DIRECTORY_SEPARATOR . $foldername;
if ($rm[0]) {
$NF = $rm[0] . DIRECTORY_SEPARATOR;
}
}
$moveto = $nwfolder . DIRECTORY_SEPARATOR . $file;
//check for image thumbnail
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $moveto)) {
if (file_exists($thumb)) {
rename($thumb, $nwfolder . DIRECTORY_SEPARATOR . '.thumb.' . $file);
}
cn_throw_message(i18n('File [%1] moved to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($foldername)));
} else {
cn_throw_message(i18n('File [%1] not moved', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'thumb') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Make thumbnails', $do_action);
} else {
cn_throw_message('Select files to make thumbnail', 'w');
}
} elseif ($pending == 'thumb') {
do_resize_image($root_dir);
} elseif ($do_action == 'resize') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Resize source image', $do_action);
} else {
cn_throw_message('Select files to resize', 'w');
}
} elseif ($pending == 'resize') {
do_resize_image($root_dir, false);
} elseif (!hook('media/post_action')) {
msg_info("Action error");
}
}
}
// Check dir exists
if (is_dir($root_dir)) {
$raw_files = scan_dir($root_dir);
} else {
cn_throw_message('Dir not exists', 'e');
$raw_files = array();
}
$dirs = $files = array();
foreach ($raw_files as $file) {
if (preg_match('/avatar_/', $file)) {
continue;
}
$file_location = "{$root_dir}/{$file}";
if (is_dir($file_location)) {
$dirs[] = array('url' => "{$path}/{$file}", 'name' => $file);
} elseif (filesize(cn_path_construct($udir, $path) . $file) != 0) {
list($w, $h) = getimagesize(cn_path_construct($udir, $path) . $file);
$is_thumb = preg_match('/\\.thumb\\./', $file);
$files[] = array('name' => $file, 'url' => $edir . '/' . ($path ? $path . '/' : '') . $file, 'thumb' => file_exists($root_dir . '/.thumb.' . pathinfo($file, PATHINFO_BASENAME)) ? $edir . '/' . ($path ? $path . '/' : '') . '.thumb.' . pathinfo($file, PATHINFO_BASENAME) : '', 'local' => ($path ? $path . '/' : '') . $file, 'just_uploaded' => isset($just_uploaded[$file]) ? TRUE : FALSE, 'is_thumb' => $is_thumb, 'w' => $w, 'h' => $h, 'fs' => round(filesize($file_location) / 1024, 1));
}
}
uasort($dirs, 'usort_by_name_asc');
uasort($files, 'usort_by_name_asc');
// Top level (dashboard)
cn_bc_add('Dashboard', cn_url_modify(array('reset')));
cn_bc_add('Media manager', cn_url_modify());
cn_assign("files, dirs, path, pathes, popup_form, root_dir", $files, $dirs, $path, $pathes, $popup_form, $root_dir);
if ($opt === 'inline') {
echo exec_tpl('window', 'title=Quick insert image', 'style=media/style.css', 'content=' . exec_tpl('media/general'));
} else {
echoheader('-@media/style.css', 'Media manager');
echo exec_tpl('media/general');
echofooter();
}
}
function edit_news_delete()
{
cn_dsi_check();
if (!test('Nud')) {
msg_info("Unable to delete news: no permission");
}
$FlatDB = new FlatDB();
list($id, $source) = GET('id, source', 'GET');
$ida = db_index_load($source);
$nloc = db_get_nloc($id);
$db = db_news_load($nloc);
// ------
$FlatDB->cn_remove_categories($db[$id]['c'], $db[$id]['id']);
$FlatDB->cn_update_date(0, $db[$id]['id']);
$FlatDB->cn_user_sync($db[$id]['u'], 0, $db[$id]['id']);
$FlatDB->cn_remove_tags($db[$id]['tg'], $db[$id]['id']);
// ------
unset($db[$id]);
unset($ida[$id]);
// Remove from meta-index
$_ts_id = bt_get_id($id, 'nts_id');
bt_del_id($id, 'nts_id');
bt_del_id($_ts_id, 'nid_ts');
// Remove page alias
$_ts_pg = bt_get_id($id, 'ts_pg');
bt_del_id($id, 'ts_pg');
bt_del_id($_ts_pg, 'pg_ts');
// save block
db_save_news($db, $nloc);
db_index_save($ida, $source);
db_index_update_overall($source);
cn_relocation(cn_url_modify(array('reset'), 'mod=editnews', "source={$source}"));
$FlatDB->cache_clean();
}
function create_pack($sql_details, $info_details)
{
global $l;
if (DEMO) {
msg_info($l->g(2103));
return;
}
$info_details = xml_escape_string($info_details);
//get temp file
$fname = $sql_details['document_root'] . $sql_details['timestamp'] . "/tmp";
//cut this package
if ($size = @filesize($fname)) {
$handle = fopen($fname, "rb");
$read = 0;
for ($i = 1; $i < $sql_details['nbfrags']; $i++) {
$contents = fread($handle, $size / $sql_details['nbfrags']);
$read += strlen($contents);
$handfrag = fopen($sql_details['document_root'] . $sql_details['timestamp'] . "/" . $sql_details['timestamp'] . "-" . $i, "w+b");
fwrite($handfrag, $contents);
fclose($handfrag);
}
$contents = fread($handle, $size - $read);
$read += strlen($contents);
$handfrag = fopen($sql_details['document_root'] . $sql_details['timestamp'] . "/" . $sql_details['timestamp'] . "-" . $i, "w+b");
fwrite($handfrag, $contents);
fclose($handfrag);
fclose($handle);
unlink($sql_details['document_root'] . $sql_details['timestamp'] . "/tmp");
} else {
if (!file_exists($sql_details['document_root'] . $sql_details['timestamp'])) {
mkdir($sql_details['document_root'] . $sql_details['timestamp']);
}
}
//if $info_details['DIGEST'] is null => no file to deploy, only execute commande in info file
// so nb_frag=0
if (!isset($info_details['DIGEST']) or $info_details['DIGEST'] == "") {
$sql_details['nbfrags'] = 0;
}
//create info
$info = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
$info .= "<DOWNLOAD ID=\"" . $sql_details['timestamp'] . "\" " . "PRI=\"" . $info_details['PRI'] . "\" " . "ACT=\"" . $info_details['ACT'] . "\" " . "DIGEST=\"" . $info_details['DIGEST'] . "\" " . "PROTO=\"" . $info_details['PROTO'] . "\" " . "FRAGS=\"" . $sql_details['nbfrags'] . "\" " . "DIGEST_ALGO=\"" . $info_details['DIGEST_ALGO'] . "\" " . "DIGEST_ENCODE=\"" . $info_details['DIGEST_ENCODE'] . "\" ";
if ($info_details['ACT'] == 'STORE') {
$info .= "PATH=\"" . $info_details['PATH'] . "\" ";
}
if ($info_details['ACT'] == 'LAUNCH') {
$info .= "NAME=\"" . $info_details['NAME'] . "\" ";
}
if ($info_details['ACT'] == 'EXECUTE') {
$info .= "COMMAND=\"" . $info_details['COMMAND'] . "\" ";
}
$info .= "NOTIFY_USER=\"" . $info_details['NOTIFY_USER'] . "\" " . "NOTIFY_TEXT=\"" . $info_details['NOTIFY_TEXT'] . "\" " . "NOTIFY_COUNTDOWN=\"" . $info_details['NOTIFY_COUNTDOWN'] . "\" " . "NOTIFY_CAN_ABORT=\"" . $info_details['NOTIFY_CAN_ABORT'] . "\" " . "NOTIFY_CAN_DELAY=\"" . $info_details['NOTIFY_CAN_DELAY'] . "\" " . "NEED_DONE_ACTION=\"" . $info_details['NEED_DONE_ACTION'] . "\" " . "NEED_DONE_ACTION_TEXT=\"" . $info_details['NEED_DONE_ACTION_TEXT'] . "\" " . "GARDEFOU=\"" . $info_details['GARDEFOU'] . "\" />\n";
$handinfo = fopen($sql_details['document_root'] . $sql_details['timestamp'] . "/info", "w+");
fwrite($handinfo, utf8_decode($info));
fclose($handinfo);
//delete all package with the same id
mysql2_query_secure("DELETE FROM download_available WHERE FILEID='%s'", $_SESSION['OCS']["writeServer"], $sql_details['timestamp']);
//insert new package
$req = "INSERT INTO download_available(FILEID, NAME, PRIORITY, FRAGMENTS, SIZE, OSNAME, COMMENT,ID_WK) VALUES\n\t\t( '%s', '%s','%s', '%s','%s', '%s', '%s','%s' )";
$arg = array($sql_details['timestamp'], $sql_details['name'], $info_details['PRI'], $sql_details['nbfrags'], $sql_details['size'], $sql_details['os'], $sql_details['description'], $sql_details['id_wk']);
mysql2_query_secure($req, $_SESSION['OCS']["writeServer"], $arg);
addLog($l->g(512), $l->g(617) . " " . $sql_details['timestamp']);
//info message
msg_success($l->g(437) . " " . $sql_details['document_root'] . $sql_details['timestamp']);
//delete cache for activation
unset($_SESSION['OCS']['DATA_CACHE']['LIST_PACK']);
unset($_SESSION['OCS']['NUM_ROW']['LIST_PACK']);
}
function tab_req($table_name, $list_fields, $default_fields, $list_col_cant_del, $queryDetails, $form_name, $width = '100', $tab_options = '')
{
global $protectedPost, $l, $pages_refs;
if (!$tab_options['AS']) {
$tab_options['AS'] = array();
}
if ($_SESSION['OCS']["tabcache"] == 0) {
$tab_options['CACHE'] = 'RESET';
}
echo "<script language='javascript'>\n\t\tfunction checkall()\n\t\t {\n\t\t\tfor(i=0; i<document." . $form_name . ".elements.length; i++)\n\t\t\t{\n\t\t\t\tif(document." . $form_name . ".elements[i].name.substring(0,5) == 'check'){\n\t\t\t if (document." . $form_name . ".elements[i].checked)\n\t\t\t\t\t\tdocument." . $form_name . ".elements[i].checked = false;\n\t\t\t\t\telse\n\t\t\t\t\t\tdocument." . $form_name . ".elements[i].checked = true;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t</script>";
$link = $_SESSION['OCS']["readServer"];
//show select nb page
$limit = nb_page($form_name, 100, "", "", $table_name);
//you want to filter your result
if (isset($tab_options['FILTRE'])) {
$Details = filtre($tab_options['FILTRE'], $form_name, $queryDetails, $tab_options['ARG_SQL'], $tab_options['ARG_SQL_COUNT']);
$queryDetails = $Details['SQL'];
if (is_array($Details['ARG'])) {
$tab_options['ARG_SQL'] = $Details['ARG'];
}
if (is_array($Details['ARG_COUNT'])) {
$tab_options['ARG_SQL_COUNT'] = $Details['ARG_COUNT'];
}
}
//by default, sort by column 1
if ($protectedPost['tri_' . $table_name] == "" or !in_array($protectedPost['tri_' . $table_name], $list_fields) and !in_array($protectedPost['tri_' . $table_name], $tab_options['AS'])) {
$protectedPost['tri_' . $table_name] = 1;
}
//by default, sort ASC
if ($protectedPost['sens_' . $table_name] == "") {
$protectedPost['sens_' . $table_name] = 'ASC';
}
//if data is signed and data = ip
$tab_iplike = array('H.IPADDR', 'IPADDRESS', 'IP', 'IPADDR');
if (in_array(mb_strtoupper($protectedPost['tri_' . $table_name]), $tab_iplike)) {
$queryDetails .= " order by INET_ATON(" . $protectedPost['tri_' . $table_name] . ") " . $protectedPost['sens_' . $table_name];
} elseif ($tab_options['TRI']['SIGNED'][$protectedPost['tri_' . $table_name]]) {
$queryDetails .= " order by cast(" . $protectedPost['tri_' . $table_name] . " as signed) " . $protectedPost['sens_' . $table_name];
} elseif ($tab_options['TRI']['DATE'][$protectedPost['tri_' . $table_name]]) {
if (isset($tab_options['ARG_SQL'])) {
$queryDetails .= " order by STR_TO_DATE(%s,'%s') %s";
$tab_options['ARG_SQL'][] = $protectedPost['tri_' . $table_name];
$tab_options['ARG_SQL'][] = $tab_options['TRI']['DATE'][$protectedPost['tri_' . $table_name]];
$tab_options['ARG_SQL'][] = $protectedPost['sens_' . $table_name];
} else {
$queryDetails .= " order by STR_TO_DATE(" . $protectedPost['tri_' . $table_name] . ",'" . $tab_options['TRI']['DATE'][$protectedPost['tri_' . $table_name]] . "') " . $protectedPost['sens_' . $table_name];
}
} else {
$queryDetails .= " order by " . $protectedPost['tri_' . $table_name] . " " . $protectedPost['sens_' . $table_name];
}
if (isset($protectedPost["pcparpage"]) and $protectedPost["pcparpage"] <= 200) {
$limit_result_cache = 200;
$force_no_cache = false;
} elseif (isset($protectedPost["pcparpage"])) {
$limit_result_cache = $protectedPost["pcparpage"];
$force_no_cache = true;
}
//$tab_options['CACHE']='RESET';
//suppression de la limite de cache
//si on est sur la m�me page mais pas sur le m�me onglet
if ($_SESSION['OCS']['csv']['SQL'][$table_name] != $queryDetails or isset($tab_options['ARG_SQL']) and $tab_options['ARG_SQL'] != $_SESSION['OCS']['csv']['ARG'][$table_name]) {
unset($protectedPost['page']);
$tab_options['CACHE'] = 'RESET';
}
//Delete cache
if ($tab_options['CACHE'] == 'RESET' or isset($protectedPost['SUP_PROF']) and $protectedPost['SUP_PROF'] != '' or isset($protectedPost['RESET']) and $protectedPost['RESET'] != '') {
if ($_SESSION['OCS']['DEBUG'] == 'ON') {
msg_info($l->g(5003));
}
unset($_SESSION['OCS']['DATA_CACHE'][$table_name]);
unset($_SESSION['OCS']['NUM_ROW'][$table_name]);
}
if (isset($_SESSION['OCS']['NUM_ROW'][$table_name]) and $_SESSION['OCS']['NUM_ROW'][$table_name] > $limit["BEGIN"] and $_SESSION['OCS']['NUM_ROW'][$table_name] <= $limit["END"] and !isset($_SESSION['OCS']['DATA_CACHE'][$table_name][$limit["END"]])) {
if ($_SESSION['OCS']['DEBUG'] == 'ON') {
msg_info($l->g(5004) . " " . $limit["END"] . " => " . ($_SESSION['OCS']['NUM_ROW'][$table_name] - 1));
}
$limit["END"] = $_SESSION['OCS']['NUM_ROW'][$table_name] - 1;
}
if (isset($_SESSION['OCS']['DATA_CACHE'][$table_name][$limit["END"]]) and isset($_SESSION['OCS']['NUM_ROW'][$table_name])) {
if ($_SESSION['OCS']['DEBUG'] == 'ON') {
msg_info($l->g(5005));
}
$var_limit = $limit["BEGIN"];
while ($var_limit <= $limit["END"]) {
$sql_data[$var_limit] = $_SESSION['OCS']['DATA_CACHE'][$table_name][$var_limit];
$var_limit++;
}
$num_rows_result = $_SESSION['OCS']['NUM_ROW'][$table_name];
if (isset($_SESSION['OCS']['REPLACE_VALUE_ALL_TIME'])) {
$tab_options['REPLACE_VALUE_ALL_TIME'] = $_SESSION['OCS']['REPLACE_VALUE_ALL_TIME'];
}
$result_data = gestion_donnees($sql_data, $list_fields, $tab_options, $form_name, $default_fields, $list_col_cant_del, $queryDetails, $table_name);
$data = $result_data['DATA'];
$entete = $result_data['ENTETE'];
$correct_list_col_cant_del = $result_data['correct_list_col_cant_del'];
$correct_list_fields = $result_data['correct_list_fields'];
$i = 1;
} else {
//search static values
if (isset($_SESSION['OCS']['SQL_DATA_FIXE'][$table_name])) {
foreach ($_SESSION['OCS']['SQL_DATA_FIXE'][$table_name] as $key => $sql) {
if (!isset($_SESSION['OCS']['ARG_DATA_FIXE'][$table_name][$key])) {
$arg = array();
} else {
$arg = $_SESSION['OCS']['ARG_DATA_FIXE'][$table_name][$key];
}
if ($table_name == "TAB_MULTICRITERE") {
$sql .= " and hardware_id in (" . implode(',', $_SESSION['OCS']['ID_REQ']) . ") group by hardware_id ";
//ajout du group by pour r�gler le probl�me des r�sultats multiples sur une requete
//on affiche juste le premier crit�re qui match
$result = mysql_query($sql, $_SESSION['OCS']["readServer"]);
} else {
//add sort on column if need it
if ($protectedPost['tri_fixe'] != '' and strstr($sql, $protectedPost['tri_fixe'])) {
$sql .= " order by '%s' %s";
array_push($protectedPost['tri_fixe'], $arg);
array_push($protectedPost['sens_' . $table_name], $arg);
}
$result = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"], $arg);
}
while ($item = mysql_fetch_object($result)) {
if ($item->HARDWARE_ID != "") {
$champs_index = $item->HARDWARE_ID;
} elseif ($item->FILEID != "") {
$champs_index = $item->FILEID;
}
//echo $champs_index."<br>";
if (isset($tablename_fixe_value)) {
if (strstr($sql, $tablename_fixe_value[0])) {
$list_id_tri_fixe[] = $champs_index;
}
}
foreach ($item as $field => $value) {
if ($field != "HARDWARE_ID" and $field != "FILEID" and $field != "ID") {
// echo "<br>champs => ".$field." valeur => ".$value;
$tab_options['REPLACE_VALUE_ALL_TIME'][$field][$champs_index] = $value;
}
}
}
}
if (isset($tab_options['REPLACE_VALUE_ALL_TIME'])) {
$_SESSION['OCS']['REPLACE_VALUE_ALL_TIME'] = $tab_options['REPLACE_VALUE_ALL_TIME'];
}
}
// print_r($tab_options['VALUE']);
// print_r($list_id_tri_fixe);
//on vide les valeurs pr�c�dentes
//pour optimiser la place sur le serveur
if (!isset($tab_options['SAVE_CACHE'])) {
unset($_SESSION['OCS']['csv'], $_SESSION['OCS']['list_fields']);
}
$_SESSION['OCS']['csv']['SQL'][$table_name] = $queryDetails;
if (isset($tab_options['ARG_SQL'])) {
$_SESSION['OCS']['csv']['ARG'][$table_name] = $tab_options['ARG_SQL'];
}
//requete de count
unset($_SESSION['OCS']['NUM_ROW']);
if (!isset($_SESSION['OCS']['NUM_ROW'][$table_name])) {
unset($_SESSION['OCS']['NUM_ROW']);
if (!isset($tab_options['SQL_COUNT'])) {
$querycount_begin = "select count(*) count_nb_ligne ";
if (stristr($queryDetails, "group by") and substr_count($queryDetails, "group by") == 1) {
$querycount_end = "," . substr($queryDetails, 6);
} else {
$querycount_end = stristr($queryDetails, 'from ');
}
$querycount = $querycount_begin . $querycount_end;
} else {
$querycount = $tab_options['SQL_COUNT'];
}
if (isset($tab_options['ARG_SQL_COUNT'])) {
$resultcount = mysql2_query_secure($querycount, $link, $tab_options['ARG_SQL_COUNT']);
} elseif (isset($tab_options['ARG_SQL'])) {
$resultcount = mysql2_query_secure($querycount, $link, $tab_options['ARG_SQL']);
} else {
$resultcount = mysql2_query_secure($querycount, $link);
}
//if this query is only for show data (like :
//select '%s' as NOM,'%s' as LIBELLE)
if (!stristr($queryDetails, "from")) {
unset($resultcount);
}
//En dernier recourt, si le count n'est pas bon,
//on joue la requete initiale
if (!$resultcount) {
if (isset($tab_options['ARG_SQL'])) {
$resultcount = mysql2_query_secure($queryDetails, $link, $tab_options['ARG_SQL']);
} else {
$resultcount = mysql2_query_secure($queryDetails, $link);
}
}
if ($resultcount) {
$num_rows_result = mysql_num_rows($resultcount);
}
//echo "<b>".$num_rows_result."</b>";
if ($num_rows_result == 1) {
$count = mysql_fetch_object($resultcount);
// echo $queryDetails;
if ($count->count_nb_ligne > 0) {
$num_rows_result = $count->count_nb_ligne;
}
}
$_SESSION['OCS']['NUM_ROW'][$table_name] = $num_rows_result;
} else {
$num_rows_result = $_SESSION['OCS']['NUM_ROW'][$table_name];
if ($_SESSION['OCS']['DEBUG'] == 'ON') {
msg_info($l->g(5007));
}
}
//echo $querycount;
//FIN REQUETE COUNT
if (isset($limit)) {
if ($limit["END"] < $limit_result_cache) {
$queryDetails .= " limit " . $limit_result_cache;
} else {
$queryDetails .= " limit " . floor($limit["END"] / $limit_result_cache) * $limit_result_cache . "," . $limit_result_cache;
}
}
if (isset($tab_options['ARG_SQL'])) {
$resultDetails = mysql2_query_secure($queryDetails, $link, $tab_options['ARG_SQL']);
} else {
$resultDetails = mysql2_query_secure($queryDetails, $link);
}
flush();
$i = floor($limit["END"] / $limit_result_cache) * $limit_result_cache;
$index = $limit["BEGIN"];
$value_data_begin = $limit["BEGIN"];
$value_data_end = $limit["END"] + 1;
//echo $num_rows_result;
if ($index > $num_rows_result) {
$value_data_end = $num_rows_result - 1;
}
//echo $queryDetails;
while ($item = mysql_fetch_object($resultDetails)) {
if ($i >= $index) {
unset($champs_index);
if ($item->ID != "") {
$champs_index = $item->ID;
} elseif ($item->FILEID != "") {
$champs_index = $item->FILEID;
}
if (isset($list_id_tri_fixe)) {
$index = $champs_index;
}
if ($index > $num_rows_result) {
break;
}
//on arr�te le traitement si on est au dessus du nombre de ligne
foreach ($item as $key => $value) {
$sql_data_cache[$index][$key] = $value;
if ($index < $value_data_end and $index >= $value_data_begin) {
flush();
$sql_data[$index][$key] = $value;
foreach ($list_fields as $key => $value) {
if ($tab_options['VALUE'][$key]) {
if ($tab_options['VALUE'][$key][$champs_index] == "" and isset($tab_options['VALUE_DEFAULT'][$key])) {
$sql_data[$index][$value] = $tab_options['VALUE_DEFAULT'][$key];
} else {
$sql_data[$index][$value] = $tab_options['VALUE'][$key][$champs_index];
}
}
}
}
//ajout des valeurs statiques
foreach ($list_fields as $key => $value) {
if ($tab_options['VALUE'][$key]) {
if ($tab_options['VALUE'][$key][$champs_index] == "" and isset($tab_options['VALUE_DEFAULT'][$key])) {
$sql_data_cache[$index][$value] = $tab_options['VALUE_DEFAULT'][$key];
} else {
$sql_data_cache[$index][$value] = $tab_options['VALUE'][$key][$champs_index];
}
}
}
}
$index++;
}
$i++;
}
// if ($i == 1){
// $num_rows_result=1;
// $_SESSION['OCS']['NUM_ROW'][$table_name]=1;
// }
flush();
//traitement du tri des r�sultats sur une valeur fixe
if (isset($list_id_tri_fixe)) {
$i = 0;
//parcourt des id tri�s
while ($list_id_tri_fixe[$i]) {
if ($limit["BEGIN"] <= $i and $i < $limit["BEGIN"] + $limit_result_cache) {
$sql_data_tri_fixe[$i] = $sql_data[$list_id_tri_fixe[$i]];
}
$i++;
}
unset($sql_data);
$sql_data = $sql_data_tri_fixe;
}
// print_r($sql_data_cache);
//on vide le cache des autres tableaux
//pour optimiser la place dispo sur le serveur
unset($_SESSION['OCS']['DATA_CACHE']);
if (!$force_no_cache) {
$_SESSION['OCS']['DATA_CACHE'][$table_name] = $sql_data_cache;
}
$result_data = gestion_donnees($sql_data, $list_fields, $tab_options, $form_name, $default_fields, $list_col_cant_del, $queryDetails, $table_name);
$data = $result_data['DATA'];
$entete = $result_data['ENTETE'];
$correct_list_col_cant_del = $result_data['correct_list_col_cant_del'];
$correct_list_fields = $result_data['correct_list_fields'];
}
if ($num_rows_result > 0) {
if (count($data) == 1 and (!isset($protectedPost['page']) or $protectedPost['page'] == 0)) {
$num_rows_result = 1;
}
$title = $num_rows_result . " " . $l->g(90);
if (isset($tab_options['LOGS'])) {
addLog($tab_options['LOGS'], $num_rows_result . " " . $l->g(90));
}
if (!isset($tab_options['no_download_result'])) {
$title .= "<a href='index.php?" . PAG_INDEX . "=" . $pages_refs['ms_csv'] . "&no_header=1&tablename=" . $table_name . "&base=" . $tab_options['BASE'] . "'><small> (" . $l->g(183) . ")</small></a>";
}
$result_with_col = gestion_col($entete, $data, $correct_list_col_cant_del, $form_name, $table_name, $list_fields, $correct_list_fields, $form_name);
$no_result = tab_entete_fixe($result_with_col['entete'], $result_with_col['data'], $title, $width, "", array(), $tab_options);
if ($no_result) {
show_page($num_rows_result, $form_name);
echo "<input type='hidden' id='tri_" . $table_name . "' name='tri_" . $table_name . "' value='" . $protectedPost['tri_' . $table_name] . "'>";
echo "<input type='hidden' id='tri_fixe' name='tri_fixe' value='" . $protectedPost['tri_fixe'] . "'>";
echo "<input type='hidden' id='sens_" . $table_name . "' name='sens_" . $table_name . "' value='" . $protectedPost['sens_' . $table_name] . "'>";
echo "<input type='hidden' id='SUP_PROF' name='SUP_PROF' value=''>";
echo "<input type='hidden' id='MODIF' name='MODIF' value=''>";
echo "<input type='hidden' id='SELECT' name='SELECT' value=''>";
echo "<input type='hidden' id='OTHER' name='OTHER' value=''>";
echo "<input type='hidden' id='ACTIVE' name='ACTIVE' value=''>";
echo "<input type='hidden' id='CONFIRM_CHECK' name='CONFIRM_CHECK' value=''>";
echo "<input type='hidden' id='OTHER_BIS' name='OTHER_BIS' value=''>";
echo "<input type='hidden' id='OTHER_TER' name='OTHER_TER' value=''>";
return TRUE;
} else {
return FALSE;
}
} else {
echo "</td></tr></table>";
msg_warning($l->g(766));
return FALSE;
}
}
msg_success($nb_line_affected . " " . $l->g(1026));
}
//CAS OF WOL
if (isset($protectedPost['WOL']) and $protectedPost['WOL'] != '') {
require_once 'require/function_wol.php';
$wol = new Wol();
$sql = "select IPADDRESS,MACADDR from networks WHERE status='Up' and hardware_id in ";
$arg = array();
$tab_result = mysql2_prepare($sql, $arg, $list_id);
$resultDetails = mysql2_query_secure($tab_result['SQL'], $_SESSION['OCS']["writeServer"], $tab_result['ARG']);
$msg = "";
while ($item = mysqli_fetch_object($resultDetails)) {
$wol->wake($item->MACADDR, $item->IPADDRESS);
$msg .= "<br>" . $wol->wol_send . "=>" . $item->MACADDR . "/" . $item->IPADDRESS;
}
msg_info($msg);
}
//tab definition
if ($_SESSION['OCS']['profile']->getConfigValue('CHANGE_ACCOUNTINFO') == "YES") {
$def_onglets['TAG'] = $l->g(1022);
} else {
$protectedPost['onglet'] = 'SUP_PACK';
}
$def_onglets['SUP_PACK'] = $l->g(1021);
if ($_SESSION['OCS']['profile']->getRestriction('WOL', 'NO') == "NO") {
$def_onglets['WOL'] = $l->g(1280);
}
if ($protectedPost['onglet'] == "") {
$protectedPost['onglet'] = "TAG";
}
//show onglet
function dashboard_selfchk()
{
$errors = array();
$check_dirs = array('cdata', 'cdata/backup', 'cdata/btree', 'cdata/log', 'cdata/news', 'cdata/plugins');
// 'uploads',
// --- Check dirs
foreach (hook('cnsc_dirs', $check_dirs) as $dir) {
// Try create file in cdata
$test_file = cn_path_construct(SERVDIR, $dir) . 'test.html';
fclose(fopen($test_file, 'w+'));
// File exists?
if (file_exists($test_file)) {
unlink($test_file);
} else {
$errors[] = array('perm' => '---', 'file' => SERVDIR . DIRECTORY_SEPARATOR . $dir, 'msg' => i18n('<b>Directory not writable</b>'));
}
}
// --- Check uploads dir
if (getoption('uploads_dir')) {
$updir = getoption('uploads_dir');
} else {
$updir = cn_path_construct(SERVDIR, 'uploads');
}
fclose(fopen($cfile = $updir . 'test.html', 'w+'));
if (file_exists($cfile)) {
unlink($cfile);
} else {
$errors[] = array('perm' => '---', 'file' => $updir, 'msg' => i18n('<b>Directory not writable</b>'));
}
// ---
$check_files = array('/cdata/users.txt', '/cdata/flood.txt', '/cdata/conf.php');
foreach (hook('cnsc_files', $check_files) as $file) {
$the_file = SERVDIR . $file;
// Check exists
if (file_exists($the_file)) {
// Check readable
if (is_readable($the_file)) {
// FS. BEFORE
clearstatcache();
$fs0 = filesize($the_file);
$af = fopen($the_file, 'a+');
fwrite($af, "\n");
fclose($af);
// FS. AFTER
clearstatcache();
$fs1 = filesize($the_file);
// REVERT
$aw = fopen($the_file, 'a+');
ftruncate($aw, $fs0);
fclose($aw);
// Check writable status: no change in filesize
if ($fs0 == $fs1) {
$errors[] = array('perm' => decoct(fileperms($the_file)), 'file' => $the_file, 'msg' => i18n('File not writable'));
}
} else {
$errors[] = array('perm' => decoct(fileperms($the_file)), 'file' => $the_file, 'msg' => i18n('File not writable'));
}
} else {
$errors[] = array('perm' => '---', 'file' => $the_file, 'msg' => i18n('Not exists'));
}
}
if ($errors) {
cn_assign('errors', $errors);
echoheader('', 'Permission self check');
echo exec_tpl('dashboard/selfchk');
echofooter();
} else {
msg_info('All is fine, necessary permits have');
}
}
$msg_warning .= $l->g(2043);
}
if ($msg_warning != "") {
msg_warning($msg_warning);
}
mysql_select_db($_POST['database']);
if (isset($_POST["label"])) {
if ($_POST["label"] != "") {
@mysql_query("DELETE FROM deploy WHERE NAME='label'");
$query = "INSERT INTO deploy VALUES('label','%s');";
$arg = $_POST["label"];
mysql2_query_secure($query, $link, $arg);
//mysql_query($query) or die(mysql_error());
msg_info($l->g(2044));
} else {
msg_info($l->g(2045));
}
}
if ($_POST["fin"] == "fin") {
// Configuration done, so try with account from config file
if (!@mysql_connect($valServ, $valNme, $valPass)) {
if (mysql_errno() == 0) {
echo "<br><center><font color=red><b>" . $l->g(2043) . " " . $l->g(2044) . "</b><br></font></center>";
die;
} else {
echo "<br><center><font color=red><b>" . $l->g(2043) . " (" . $l->g(2017) . " " . $l->g(2010) . "=" . $_POST["host"] . " " . $l->g(2011) . "=ocs " . $l->g(2014) . "=ocs)" . "</b><br></font></center>";
}
echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
unlink(CONF_MYSQL);
} else {
msg_success("<b>" . $l->g(2050) . "</b><br><br><b><a href='index.php'>" . $l->g(2051) . "</a></b>");
$tab_nom = $l->g(674) . " " . show_modif($protectedPost['RULE_NAME'], "RULE_NAME", "0");
$tab = "<table align='center'>";
$i = 1;
while ($i < $numero + 1) {
if ($i == 1) {
$entete = 'YES';
} else {
$entete = 'NO';
}
$tab .= fields_conditions_rules($i, $entete);
$i++;
}
echo $tab_nom;
echo $tab;
echo "</tr></table>";
echo "<a onclick='return pag(" . $numero . ",\"NUM_RULES\",\"rules\")'><font color=green>" . $l->g(682) . "</font></a> <a onclick='return pag(\"RAZ\",\"RAZ\",\"rules\");'><font color=\"red\">" . $l->g(113) . "</font></a><br><br>";
if ($protectedPost['MODIF'] != "" or $protectedPost['OLD_MODIF'] != "") {
echo "<input type='submit' value='" . $l->g(625) . "' name='MODIF_RULE' onclick='return check();'>";
} else {
echo "<input type='submit' value='" . $l->g(683) . "' name='ADD_RULE' onclick='return check();'>";
}
echo "<input type='hidden' id='NUM_RULES' name='NUM_RULES' value=''>";
echo "<input type='hidden' id='RAZ' name='RAZ' value=''>";
echo "<input type='hidden' id='OLD_MODIF' name='OLD_MODIF' value='" . $modif . "'>";
} else {
echo "<input type='submit' value='" . $l->g(685) . "' name='NEW_RULE'>";
}
echo close_form();
} else {
msg_info($l->g(1182));
}
printEntete($l->g(1245));
echo "<br>";
ajaxtab_entete_fixe($list_fields, $default_fields, $tab_options, $list_col_cant_del);
//echo show_modif($name,'ADD_FILE',8,"",$configinput=array('DDE'=>100));
echo "<input type=submit name=ADD_FILE value='" . $l->g(1048) . "'>";
echo close_form();
}
if (isset($protectedPost['ADD_FILE']) and $protectedPost['ADD_FILE'] != '') {
$css = "mvt_bordure";
$form_name1 = "SEND_FILE";
//search max_allowed_packet value on mysql conf
$sql = "SHOW VARIABLES LIKE 'max_allowed_packet'";
$result = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"]);
$value = mysqli_fetch_array($result);
//pass oct to Mo
$upload_max_filesize = $value['Value'] / 1048576;
msg_info($l->g(2022) . ' ' . $valBumf . $l->g(1240) . "<br>" . $l->g(2106) . " " . $upload_max_filesize . $l->g(1240));
//echo "post_max_size=".$valTpms.$l->g(1240).'//upload_max_filesize='.$valTumf.$l->g(1240);
echo open_form($form_name1, '', "enctype='multipart/form-data' onsubmit=\"return verif_file_format('file_upload');\"");
echo '<div class="' . $css . '" >';
echo $l->g(1048) . ": <input id='file_upload' name='file_upload' type='file' accept=''>";
echo "<br><br><input name='GO' id='GO' type='submit' value='" . $l->g(13) . "'> ";
//echo "<input type='button' name='RESET' id='RESET' value='".$l->g(113)."' onclick='submit(".$form_name.")'>";
echo "</div>";
echo close_form();
echo "<br>";
}
if ($ajax) {
ob_end_clean();
tab_req($list_fields, $default_fields, $list_col_cant_del, $sql, $tab_options);
}
require_once 'require/function_telediff_wk.php';
$activate = option_conf_activate('TELEDIFF_WK');
if ($activate) {
$conf_Wk = look_config_default_values(array('IT_SET_PERIM', 'IT_SET_NAME_TEST', 'IT_SET_NAME_LIMIT', 'IT_SET_TAG_NAME', 'IT_SET_NIV_TEST', 'IT_SET_NIV_REST'));
//configuration sur le groupe
if ($conf_Wk['ivalue']['IT_SET_PERIM'] != 1) {
$mes_wk = "";
if ($conf_Wk['tvalue']['IT_SET_NAME_TEST'] == $name) {
$mes_wk = $l->g(1188);
}
if ($conf_Wk['tvalue']['IT_SET_NAME_LIMIT'] == $name) {
$mes_wk .= "<br>" . $l->g(1189);
}
}
if ($mes_wk != '') {
msg_info($l->g(1047) . ": " . $mes_wk);
}
}
echo "<tr>" . $tdhd . $l->g(577) . $tdhf . $tdhdpb . $name . $tdhfpb;
echo $tdhd . $l->g(593) . $tdhf . $tdhdpb . dateTimeFromMysql($item->LASTDATE) . $tdhfpb;
if (!$pureStat) {
echo "</tr><tr>" . $tdhd . $l->g(594) . $tdhf . $tdhdpb . date("F j, Y, g:i a", $item->CREATE_TIME) . $tdhfpb;
}
echo "</tr><tr><td> </td></tr>";
echo $tdhd . $l->g(615) . $tdhf . "<td align='left' width='20%' colspan='3'>";
if (!$pureStat) {
echo $item->REQUEST;
//affichage des requetes qui ont form� ce groupe
if ($item->XMLDEF != "") {
$tab_list_sql = regeneration_sql($item->XMLDEF);
$i = 1;
require_once HEADER_HTML;
if (isset($protectedPost['Valid_CNX'])) {
$login_successful = $l->g(180);
msg_error($login_successful);
flush();
//you can't send a new login/passwd before 2 seconds
sleep(2);
}
echo "<br/>";
$name_field = array("LOGIN", "PASSWD");
$tab_name = array($l->g(24) . ": ", $l->g(217) . ":");
$type_field = array(0, 4);
$value_field = array($protectedPost['LOGIN'], '');
$tab_typ_champ = show_field($name_field, $type_field, $value_field);
foreach ($tab_typ_champ as $id => $values) {
$tab_typ_champ[$id]['CONFIG']['SIZE'] = 20;
}
if (DEMO) {
msg_info($l->g(24) . ": " . DEMO_LOGIN . "<br/>" . $l->g(217) . ": " . DEMO_PASSWD);
}
if (isset($tab_typ_champ)) {
tab_modif_values($tab_name, $tab_typ_champ, array(), array('button_name' => 'CNX', 'show_button' => 'BUTTON'));
}
require_once FOOTER_HTML;
die;
} else {
header('WWW-Authenticate: Basic realm="OcsinventoryNG"');
header('HTTP/1.0 401 Unauthorized');
die;
}
}
if($protectedPost['ACTION'] != 'DEL'){
$tab_typ_champ[3]['DEFAULT_VALUE']=$protectedPost['UPDATE'];
$tab_typ_champ[3]['INPUT_NAME']="UPDATE";
$tab_typ_champ[3]['INPUT_TYPE']=0;
$tab_typ_champ[3]['CONFIG']['SIZE']=60;
$tab_typ_champ[3]['CONFIG']['MAXLENGTH']=255;
$tab_name[3]=$l->g(1133).":";
}
$show_buttons=true;
}else
$show_buttons=false;
tab_modif_values($tab_name,$tab_typ_champ,'',$l->g(1130),$comment="","EDITION",$show_buttons,$form_language);*/
}
if ($_SESSION['OCS']['DEBUG'] == 'ON') {
if (isset($_SESSION['OCS']['SQL_DEBUG'])) {
msg_info("<b>" . $l->g(5001) . "</b><br><br>" . implode('<br><hr>', $_SESSION['OCS']['SQL_DEBUG']));
}
echo "<hr/>";
echo "<div align=center>VAR POST</div>";
if (isset($protectedPost)) {
print_r_V2($protectedPost);
}
echo "<hr/>";
echo "<div align=center>VAR SESSION</div>";
foreach ($_SESSION['OCS'] as $key => $value) {
if ($key != "fichLang" and $key != "LANGUAGE_FILE" and $key != "mac" and $key != "writeServer" and $key != "readServer") {
$tab_session[$key] = $value;
}
}
if (isset($tab_session)) {
print_r_V2($tab_session);
$ssh->exec('sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem -subj "/C=AU/ST=AU/L=AU/O=Internet Widgits Pty Ltd/OU=IT/CN=' . $root . '"');
$ssh->exec('service vsftpd restart');
$stmt = $mysqli->prepare("INSERT INTO dedicated(name,os,ip,port,user,password,status,language,os_bit) VALUES (?, ?, ?, ? ,? ,? ,?, ? ,?)");
$stmt->bind_param('sssissisi', $name, $os_version, $ip, $port, $user, $password, $status, $language, $os_bit);
$stmt->execute();
$stmt->close();
unset($root_password);
unset($root);
}
msg_okay(_dedicated_message_added);
} else {
msg_error('Something went wrong, ' . $msg);
}
}
}
msg_info(_dedicated_message_info_abort);
?>
<form class="form-horizontal" action="index.php?page=rootserver?add" method="post">
<div class="form-group">
<label class="control-label col-sm-2">Name:</label>
<div class="col-sm-6">
<input type="text" class="form-control input-sm" name="name" placeholder="Chewbacca">
</div>
<div class="col-sm-2">
<select class="form-control input-sm" name="os">
<option disabled selected>Debian</option>
<option>Debian 8 32bit</option>
<option>Debian 8 64bit</option>
<option disabled selected>Ubuntu</option>
<option>Ubuntu 14.04 32bit</option>
<option>Ubuntu 14.04 64bit</option>
//This group is define as RESTRICT zone
if ($item->NAME == $conf_Wk['tvalue']['IT_SET_NAME_LIMIT']) {
$restrict = $conf_Wk['tvalue']['IT_SET_NIV_REST'];
$msg_wk .= $l->g(1193) . "<br>";
array_push($arg_affect_pack, $restrict);
$fileid_show = array_merge($fileid_rest, $fileid_show);
}
//This group is not define for the teledeploy
if (!isset($restrict)) {
$msg_wk .= $l->g(1194) . " " . $conf_Wk['tvalue']['IT_SET_NIV_REST'] . " " . $l->g(1195);
}
$fileid_show = array_merge($fileid_total, $fileid_show);
}
}
if (isset($msg_wk)) {
msg_info($msg_wk);
}
}
//activation options
if ($protectedPost['MODIF'] != '' and isset($protectedPost['DWL_OPT']) and $protectedPost['DWL_OPT'] == "YES") {
$tab_hidden['SELECT'] = $protectedPost['MODIF'];
$tab_hidden['onglet'] = $protectedPost['onglet'];
$tab_hidden['rule_choise'] = $protectedPost['rule_choise'];
$action = array('REBOOT' => $l->g(1311), 'SHUTDOWN' => $l->g(1310));
$min = array('00' => '00', '15' => '15', '30' => '30', '45' => '45');
$hour = array('00' => '00', '01' => '01', '02' => '02', '03' => '03', '04' => '04', '05' => '05', '06' => '06', '07' => '07', '08' => '08', '09' => '09', '10' => '10', '11' => '11', '12' => '12');
$i = 0;
while ($i <= 1) {
if ($i == 0) {
$am_pm = '';
} else {
mysql2_query_secure($sql_del, $_SESSION['OCS']["writeServer"], $arg_del);
//delete cache
unset($_SESSION['OCS']["ipdiscover"]);
require_once BACKEND . 'ipdiscover/ipdiscover.php';
$tab_options['CACHE'] = 'RESET';
}
if (isset($_SESSION['OCS']["ipdiscover"])) {
$dpt = array_keys($_SESSION['OCS']["ipdiscover"]);
array_unshift($dpt, "");
foreach ($dpt as $key => $value) {
$list_index[$key] = $value;
}
asort($list_index);
echo $l->g(562) . " " . show_modif($list_index, 'DPT_CHOISE', 2, $form_name, array('DEFAULT' => "NO"));
} else {
msg_info(mb_strtoupper($l->g(1134)));
}
if (isset($protectedPost['DPT_CHOISE']) and $protectedPost['DPT_CHOISE'] != '0') {
$array_rsx = find_all_subnet($dpt[$protectedPost['DPT_CHOISE']]);
$tab_options['VALUE']['LBL_RSX'] = $_SESSION['OCS']["ipdiscover"][$dpt[$protectedPost['DPT_CHOISE']]];
$arg_sql = array();
$sql = " select * from (select inv.RSX as ID,\n\t\t\t\t\t inv.c as 'INVENTORIE',\n\t\t\t\t\t non_ident.c as 'NON_INVENTORIE',\n\t\t\t\t\t ipdiscover.c as 'IPDISCOVER',\n\t\t\t\t\t ident.c as 'IDENTIFIE',\n\t\t\t\t\t CASE WHEN ident.c IS NULL and ipdiscover.c IS NULL THEN 100 WHEN ident.c IS NULL THEN 0 ELSE round(100-(non_ident.c*100/(ident.c+non_ident.c)),1) END as 'pourcentage'\n\t\t\t from (SELECT COUNT(DISTINCT hardware_id) as c,'IPDISCOVER' as TYPE,tvalue as RSX\n\t\t\t\t\tFROM devices \n\t\t\t\t\tWHERE name='IPDISCOVER' and tvalue in ";
$arg = mysql2_prepare($sql, $arg_sql, $array_rsx);
$arg['SQL'] .= " GROUP BY tvalue) \n\t\t\t\tipdiscover right join\n\t\t\t\t (SELECT count(distinct(hardware_id)) as c,'INVENTORIE' as TYPE,ipsubnet as RSX\n\t\t\t\t\tFROM networks left join subnet on networks.ipsubnet=subnet.netid\n\t\t\t\t\tWHERE ipsubnet in ";
$arg = mysql2_prepare($arg['SQL'], $arg['ARG'], $array_rsx);
$arg['SQL'] .= " and status='Up' GROUP BY ipsubnet) \n\t\t\t\tinv on ipdiscover.RSX=inv.RSX left join\n\t\t\t\t\t(SELECT COUNT(DISTINCT mac) as c,'IDENTIFIE' as TYPE,netid as RSX\n\t\t\t\t\tFROM netmap \n\t\t\t\t\tWHERE mac IN (SELECT DISTINCT(macaddr) FROM network_devices) \n\t\t\t\t\t\tand netid in ";
$arg = mysql2_prepare($arg['SQL'], $arg['ARG'], $array_rsx);
$arg['SQL'] .= " GROUP BY netid) \n\t\t\t\tident on ipdiscover.RSX=ident.RSX left join\n\t\t\t\t\t(SELECT COUNT(DISTINCT mac) as c,'NON IDENTIFIE' as TYPE,netid as RSX\n\t\t\t\t\tFROM netmap n\n\t\t\t\t\tLEFT JOIN networks ns ON ns.macaddr=n.mac\n\t\t\t\t\tWHERE n.mac NOT IN (SELECT DISTINCT(macaddr) FROM network_devices) \n\t\t\t\t\t\tand (ns.macaddr IS NULL OR ns.IPSUBNET <> n.netid) \n\t \t\t\t\t\tand ns.HARDWARE_ID IS NULL\n\t\t\t\t\t\tand n.netid in ";
$arg = mysql2_prepare($arg['SQL'], $arg['ARG'], $array_rsx);
$arg['SQL'] .= " GROUP BY netid) \n\t\t\t\tnon_ident on non_ident.RSX=inv.RSX \n\t\t\t\t) toto";
$tab_options['ARG_SQL'] = $arg['ARG'];
echo _PREFIX_FIELD;
?>
_form" id="by_options" method="post" action="<?php
echo str_replace('%7E', '~', $_SERVER['REQUEST_URI']);
?>
">
<input type="hidden" name="<?php
echo _OPTION_CHECK_UPDATE;
?>
" value="Y">
<?php
if ($byrev_hotlink_gtfo_copy['enable_hotlink_gtfo'][0] == 'Disable') {
msg_info(false, 'NOTE: Pugin is not active yet. Please set <b>Enable</b> from <b>Enable Hotlink Protection</b> option!', '');
}
if ($byrev_hotlink_gtfo_copy['watermark_enabled'][0] == 'Disable') {
msg_info(false, 'WARNING NOTE: Images are not fully protected - Watermark over Hotlink images is Disabled. Set <b>Enable</b> from <b>Enabled Watermark</b> option and click <b>Update Options</b>.', '');
}
foreach ($byrev_hotlink_gtfo_copy as $key_index => $this_default) {
if (is_array($this_default)) {
$db_field = _PREFIX_FIELD . '[' . $key_index . ']';
list($_value, $_name, $_info, $_input) = $this_default;
if ($_input == 'hidden') {
echo '<input type="hidden" name="' . $db_field . '" value="' . $_value . '">';
continue;
}
echo '<p class="by_item">';
echo '<div class="by_item_name" >';
_e($_name . ": ");
echo '</div>';
if (!is_array($_input)) {
if ($_input == 'hidden') {
<?php
if (!defined('EXEC_TIME')) {
die('Access restricted');
}
// Loading filters
require_once SERVDIR . '/core/modules/hooks/common.php';
// Require module -----
$_module = REQ('mod', 'GPG');
// Loading all modules (internal + external)
$_init_modules = hook('modules/init_modules', array('main' => array('path' => 'dashboard', 'acl' => 'Cd'), 'addnews' => array('path' => 'add_news', 'acl' => 'Can'), 'editnews' => array('path' => 'edit_news', 'acl' => 'Cvn'), 'media' => array('path' => 'media', 'acl' => 'Cmm'), 'maint' => array('path' => 'maint', 'acl' => 'Cmt'), 'help' => array('path' => 'help', 'acl' => ''), 'logout' => array('path' => 'logout', 'acl' => '')));
// Required module not exist
if (!isset($_init_modules[$_module])) {
// external module chk
$_module = hook('modules/init', 'main', $_module);
}
// Check restrictions, if user is authorized
if (($user = member_get()) && defined('AREA') && AREA == 'ADMIN') {
if (test($_init_modules[$_module]['acl'])) {
// Request module
$_mod_cfg = $_init_modules[$_module];
include MODULE_DIR . '/' . $_mod_cfg['path'] . '.php';
} else {
//check user for ban group
if ($user['acl'] == ACL_LEVEL_BANNED) {
global $_SESS;
$_SESSION = array();
}
msg_info('Section [' . cn_htmlspecialchars($_module) . '] disabled for you', PHP_SELF);
}
}
$debug .= $l->g(5013) . "<br>";
if (isset($field_value_complement)) {
foreach ($field_value_complement as $key => $value) {
$debug .= $key . " => " . $value . "<br>";
}
}
$debug .= $l->g(5014) . "<br>";
if (isset($field_and_or)) {
foreach ($field_and_or as $key => $value) {
if ($value != '') {
$debug .= $key . " => " . $value . "<br>";
}
}
}
if (isset($debug) and $debug != '') {
msg_info($debug);
}
}
$i = 0;
//tableau des requêtes à executer
//qui est contruit au fur et a mesure
$sql_search = array();
while ($table[$i]) {
//initialisation de la variable des requêtes temporaires
$sql_temp = "";
if ($field_compar[$i] == "" and substr($field_value[$i], 0, 4) != "ALL_") {
$field_compar[$i] = "exact";
}
//traitement du champ de comparaison
switch ($field_compar[$i]) {
case "exact":
if (!preg_match("/^[a-zA-Z0-9._ -]+\$/", $parameter)) {
$msg = _gameserver_map_invalid . "<br>";
$error = true;
}
}
if (port_exists($row[3], $port, $row[2])) {
$msg = _gameserver_port_in_use;
$error = true;
}
if ($error == false) {
$stmt = $mysqli->prepare("UPDATE gameservers SET map = ?,parameter = ?, slots = ?, port = ?, parameters_active = ?, restart = ?,restart_time = ?,autoupdate = ?, game = ? WHERE id = ?");
$stmt->bind_param('ssiiiiiiii', $map, $parameter, $slots, $port, $parameter_active, $restart_active, $time, $updates_active, $game, $row[0]);
$stmt->execute();
$stmt->close();
if ($db_game != $game) {
msg_info(_gameserver_game_change);
}
} else {
msg_error($msg);
}
}
}
$stmt = $mysqli->prepare("SELECT map,parameter,slots,port,parameters_active,restart,restart_time,autoupdate FROM gameservers WHERE id = ?");
$stmt->bind_param('i', $row[0]);
$stmt->execute();
$stmt->bind_result($db_map, $db_parameter, $db_slots, $db_port, $db_parameter_active, $db_restart, $restart_time, $autoupdate);
$stmt->fetch();
$stmt->close();
$stmt = $mysqli->prepare("SELECT map_path FROM templates WHERE id = ?");
if (false === $stmt) {
die('prepare() failed: ' . htmlspecialchars($mysqli->error));