function mysql2_query_secure($sql, $link, $arg = '', $log = false)
{
    global $l, $lbl_log;
    $query = generate_secure_sql($sql, $arg);
    if ($log) {
        addLog($log, $query, $lbl_log);
    }
    if ($_SESSION['OCS']['DEBUG'] == 'ON') {
        $_SESSION['OCS']['SQL_DEBUG'][] = html_entity_decode($query, ENT_QUOTES);
    }
    if (DEMO) {
        $rest = mb_strtoupper(substr($query, 0, 6));
        if ($rest == 'UPDATE' or $rest == 'INSERT' or $rest == 'DELETE') {
            if (DEMO_MSG != 'show') {
                msg_info($l->g(2103));
                define('DEMO_MSG', 'show');
            }
            return false;
        }
    }
    $result = mysqli_query($link, $query);
    if ($_SESSION['OCS']['DEBUG'] == 'ON' and !$result) {
        msg_error(mysqli_error($link));
    }
    return $result;
}
function show_computer_summary($computer)
{
    global $l;
    $urls = $_SESSION['OCS']['url_service'];
    $labels = array('SYSTEM' => array('USERID' => $l->g(24), 'OSNAME' => $l->g(274), 'OSVERSION' => $l->g(275), 'OSCOMMENTS' => $l->g(286), 'DESCRIPTION' => $l->g(53), 'WINCOMPANY' => $l->g(51), 'WINOWNER' => $l->g(348), 'WINPRODID' => $l->g(111), 'WINPRODKEY' => $l->g(553), 'VMTYPE' => $l->g(1267)), 'NETWORK' => array('WORKGROUP' => $l->g(33), 'USERDOMAIN' => $l->g(557), 'IPADDR' => $l->g(34), 'NAME_RZ' => $l->g(304)), 'HARDWARE' => array('SWAP' => $l->g(50), 'MEMORY' => $l->g(26), 'UUID' => $l->g(1268), 'ARCH' => $l->g(1247)), 'AGENT' => array('USERAGENT' => $l->g(357), 'LASTDATE' => $l->g(46), 'LASTCOME' => $l->g(820)));
    $cat_labels = array('SYSTEM' => $l->g(1387), 'NETWORK' => $l->g(1388), 'HARDWARE' => $l->g(1389), 'AGENT' => $l->g(1390));
    foreach ($labels as $cat_key => $cat) {
        foreach ($cat as $key => $lbl) {
            if ($key == "MEMORY") {
                $sqlMem = "SELECT SUM(capacity) AS 'capa' FROM memories WHERE hardware_id=%s";
                $argMem = $computer->ID;
                $resMem = mysql2_query_secure($sqlMem, $_SESSION['OCS']["readServer"], $argMem);
                $valMem = mysqli_fetch_array($resMem);
                if ($valMem["capa"] > 0) {
                    $memory = $valMem["capa"];
                } else {
                    $memory = $computer->{$key};
                }
                $data[$key] = $memory;
            } elseif ($key == "LASTDATE" or $key == "LASTCOME") {
                $data[$key] = dateTimeFromMysql($computer->{$key});
            } elseif ($key == "NAME_RZ") {
                $data[$key] = "";
                $data_RZ = subnet_name($computer->ID);
                $nb_val = count($data_RZ);
                if ($nb_val == 1) {
                    $data[$key] = $data_RZ[0];
                } elseif (isset($data_RZ)) {
                    foreach ($data_RZ as $index => $value) {
                        $data[$key] .= $index . " => " . $value . "<br>";
                    }
                }
            } elseif ($key == "VMTYPE" and $computer->UUID != '') {
                $sqlVM = "select vm.hardware_id,vm.vmtype, h.name from virtualmachines vm left join hardware h on vm.hardware_id=h.id where vm.uuid='%s' order by h.name DESC";
                $argVM = $computer->UUID;
                $resVM = mysql2_query_secure($sqlVM, $_SESSION['OCS']["readServer"], $argVM);
                $valVM = mysqli_fetch_array($resVM);
                $data[$key] = $valVM['vmtype'];
                $link_vm = "<a href='index.php?" . PAG_INDEX . "=" . $urls->getUrl('ms_computer') . "&head=1&systemid=" . $valVM['hardware_id'] . "'  target='_blank'><font color=red>" . $valVM['name'] . "</font></a>";
                $link[$key] = true;
                if ($data[$key] != '') {
                    msg_info($l->g(1266) . "<br>" . $l->g(1269) . ': ' . $link_vm);
                }
            } elseif ($key == "IPADDR" and $_SESSION['OCS']['profile']->getRestriction('WOL', 'NO') == "NO") {
                $data[$key] = $computer->{$key} . " <a href=# OnClick='confirme(\"\",\"WOL\",\"bandeau\",\"WOL\",\"" . $l->g(1283) . "\");'><i>WOL</i></a>";
                $link[$key] = true;
            } elseif ($computer->{$key} != '') {
                $data[$key] = $computer->{$key};
            }
        }
    }
    echo open_form("bandeau");
    show_summary($data, $labels, $cat_labels, $link);
    echo "<input type='hidden' id='WOL' name='WOL' value=''>";
    echo close_form();
}
    if ($infos_status['NIV_BIS'] == "") {
        msg_warning($l->g(1089));
    } else {
        //define tab
        $data_on[1] = $l->g(1072);
        $data_on[2] = $l->g(1073);
    }
    if ($_SESSION['OCS']['CONFIGURATION']['TELEDIFF_WK'] == 'YES') {
        $data_on[4] = $l->g(107);
    }
    $form_name = "admins";
    echo open_form($form_name);
    if (isset($data_on)) {
        onglet($data_on, $form_name, "onglet", 4);
        $table_name = $form_name;
        echo '<div class="mlt_bordure" >';
        if ($protectedPost['onglet'] == 2) {
            dde_form($form_name);
        } elseif ($protectedPost['onglet'] == 4) {
            dde_conf($form_name);
        } elseif ($protectedPost['onglet'] == 1) {
            dde_show($form_name);
        }
        echo '</div>';
    } else {
        msg_info($l->g(1187));
    }
    echo close_form();
} else {
    msg_info($l->g(1075));
}
                $tooltip = tooltip($msg_header_error_sol[$poub]);
                $msg_tooltip .= "<div " . $tooltip . ">" . $values . "</div>";
            }
        }
        msg_error("<big>" . $l->g(1263) . "</big><br>" . $msg_tooltip, "top_msg_alert");
    }
    //warning are detected
    if ($msg_header_warning != array()) {
        msg_warning(implode('<br>', $msg_header_warning), "top_msg_warning");
    }
}
if (isset($_SESSION['OCS']['TRUE_USER'])) {
    msg_info($_SESSION['OCS']['TRUE_USER'] . " " . $l->g(889) . " " . $_SESSION['OCS']["loggeduser"]);
}
if (isset($_SESSION['OCS']["TRUE_mesmachines"])) {
    msg_info($l->g(890));
}
echo "</td></tr></table></td></tr>";
if (!isset($_SESSION['OCS']["loggeduser"])) {
    echo "<tr><td colspan=20 align=right>";
    require_once 'plugins/language/language.php';
    echo "</td></tr>";
}
echo "</table>";
echo "<div class='fond'>";
if ($_SESSION['OCS']["mesmachines"] == "NOTAG" and !(array_search('ms_debug', $_SESSION['OCS']['TRUE_PAGES']['ms_debug']) and $protectedGet[PAG_INDEX] == $pages_refs['ms_debug'])) {
    if (isset($LIST_ERROR)) {
        $msg_error = $LIST_ERROR;
    } else {
        $msg_error = $l->g(893);
    }
Пример #5
0
$version_database = $_SESSION['OCS']['SQL_BASE_VERS'];
$form_name = 'form_update';
$rep_maj = 'files/update/';
//search all sql files for update
$list_fichier = ScanDirectory($rep_maj, "sql");
echo "<form name='" . $form_name . "' id='" . $form_name . "' method='POST'>";
$msg_info[] = $l->g(2057);
if (GUI_VER < $_SESSION['OCS']['SQL_BASE_VERS']) {
    msg_info(implode("<br />", $msg_info));
    msg_error($l->g(2107) . "<br>" . $l->g(2108) . "<br>" . $l->g(2109) . ":" . $version_database . "=>" . $l->g(2110) . ":" . GUI_VER);
    echo "</form>";
    require_once 'require/footer.php';
    die;
}
$msg_info[] = $l->g(2109) . ":" . $version_database . "=>" . $l->g(2110) . ":" . GUI_VER;
msg_info(implode("<br />", $msg_info));
echo "<br><input type=submit name='update' value='" . $l->g(2111) . "'>";
if (isset($_POST['update'])) {
    while ($version_database < GUI_VER) {
        $version_database++;
        if (in_array($version_database . ".sql", $list_fichier['name'])) {
            if ($_SESSION['OCS']['DEBUG'] == 'ON') {
                msg_success("Mise à jour effectuée: " . $version_database . ".sql");
            }
            exec_fichier_sql($rep_maj . '/' . $version_database . ".sql");
            $sql = "update config set tvalue='%s' where name='GUI_VERSION'";
            $arg = $version_database;
            $res_column = mysql2_query_secure($sql, $_SESSION['OCS']["writeServer"], $arg);
            $_SESSION['OCS']['SQL_BASE_VERS'] = $version_database;
        } else {
            msg_error($l->g(2114) . " " . $version_database);
show_computer_title($item);
if (isset($protectedGet['cat']) and $protectedGet['cat'] == 'admin') {
    show_computer_summary($item);
}
//Wake On Lan function
if (isset($protectedPost["WOL"]) and $protectedPost["WOL"] == 'WOL' and $_SESSION['OCS']['profile']->getRestriction('WOL', 'NO') == "NO") {
    require_once 'require/function_wol.php';
    $wol = new Wol();
    $sql = "select MACADDR,IPADDRESS from networks WHERE (hardware_id=%s) and status='Up'";
    $arg = array($item->ID);
    $resultDetails = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"], $arg);
    $msg = "";
    while ($item = mysqli_fetch_object($resultDetails)) {
        $wol->wake($item->MACADDR, $item->IPADDRESS);
        if ($wol->wol_send == $l->g(1282)) {
            msg_info($wol->wol_send . "=>" . $item->MACADDR . "/" . $item->IPADDRESS);
        } else {
            msg_error($wol->wol_send . "=>" . $item->MACADDR . "/" . $item->IPADDRESS);
        }
    }
}
if ($ajax) {
    ob_end_clean();
}
$plugins_serializer = new XMLPluginsSerializer();
$plugins = $plugins_serializer->unserialize(file_get_contents('config/computer/plugins.xml'));
if (isset($protectedGet['cat']) and in_array($protectedGet['cat'], array('software', 'hardware', 'devices', 'admin', 'config', 'other'))) {
    // If category
    foreach ($plugins as $plugin) {
        if ($plugin->getCategory() == $protectedGet['cat']) {
            $plugin_file = PLUGINS_DIR . "computer_detail/" . $plugin->getId() . "/" . $plugin->getId() . ".php";
function multi_lot($form_name, $lbl_choise)
{
    global $protectedPost, $protectedGet, $l;
    $list_id = "";
    //print_r($protectedPost);
    if (!isset($protectedGet['origine'])) {
        if (isset($protectedGet['idchecked']) and $protectedGet['idchecked'] != "") {
            $choise_req_selection['REQ'] = $l->g(584);
            $choise_req_selection['SEL'] = $l->g(585);
            $select_choise = show_modif($choise_req_selection, 'CHOISE', 2, $form_name);
            echo "<center>" . $lbl_choise . " " . $select_choise . "</center><br>";
        }
        if ($protectedPost['CHOISE'] == 'REQ' or $protectedGet['idchecked'] == '') {
            msg_info($l->g(901));
            if ($protectedGet['idchecked'] == '') {
                echo "<input type='hidden' name='CHOISE' value='" . $protectedPost['CHOISE'] . "'>";
                $protectedPost['CHOISE'] = 'REQ';
            }
            $list_id = $_SESSION['OCS']['ID_REQ'];
        }
        if ($protectedPost['CHOISE'] == 'SEL') {
            msg_info($l->g(902));
            $list_id = $protectedGet['idchecked'];
        }
        //gestion tableau
        if (is_array($list_id)) {
            $list_id = implode(",", $list_id);
        }
    } else {
        $list_id = $protectedGet['idchecked'];
    }
    if ($list_id != "") {
        return $list_id;
    } else {
        return false;
    }
}
         fwrite($ch, "define(\"DB_NAME\", \"" . $_POST['database'] . "\");\n");
         fwrite($ch, "define(\"SERVER_READ\",\"" . $_POST["host"] . "\");\n");
         fwrite($ch, "define(\"SERVER_WRITE\",\"" . $_POST["host"] . "\");\n");
         fwrite($ch, "define(\"COMPTE_BASE\",\"" . $_POST["name"] . "\");\n");
         fwrite($ch, "define(\"PSWD_BASE\",\"" . $_POST["pass"] . "\");\n");
         fwrite($ch, "?>");
         fclose($ch);
         msg_success("<b><a href='index.php'>" . $l->g(2051) . "</a></b>");
         unset($_SESSION['OCS']['SQL_BASE_VERS']);
         die;
     }
 }
 if (!$error) {
     ob_flush();
     flush();
     msg_info($l->g(2030));
     exec_fichier_sql($db_file, $link);
     $ch = @fopen(CONF_MYSQL, "w");
     fwrite($ch, "<?php\n");
     fwrite($ch, "define(\"DB_NAME\", \"" . $_POST['database'] . "\");\n");
     fwrite($ch, "define(\"SERVER_READ\",\"" . $_POST["host"] . "\");\n");
     fwrite($ch, "define(\"SERVER_WRITE\",\"" . $_POST["host"] . "\");\n");
     fwrite($ch, "define(\"COMPTE_BASE\",\"" . $name_connect . "\");\n");
     fwrite($ch, "define(\"PSWD_BASE\",\"" . $pass_connect . "\");\n");
     fwrite($ch, "?>");
     fclose($ch);
     if (!mysqli_connect($_POST["host"], $name_connect, $pass_connect)) {
         if (mysqli_connect_errno() == 0) {
             echo "<br><center><font color=red><b>" . $l->g(2043) . " " . $l->g(2044) . "</b><br></font></center>";
             die;
         } else {
Пример #9
0
            $tab_options['FILTRE']['h.ipaddr'] = $l->g(34);
        }
        printEnTete($title);
        echo "<br><br>";
        $tab_options['LBL']['MAC'] = $l->g(95);
        $list_col_cant_del = array($l->g(66) => $l->g(66), 'SUP' => 'SUP', 'MODIF' => 'MODIF');
        $table_name = "IPDISCOVER_" . $protectedGet['prov'];
        $form_name = $table_name;
        echo open_form($form_name);
        $result_exist = tab_req($table_name, $list_fields, $default_fields, $list_col_cant_del, $sql, $form_name, 80, $tab_options);
        $fipdisc = "ipdiscover-util.pl";
        $values = look_config_default_values(array('IPDISCOVER_IPD_DIR'));
        $IPD_DIR = $values['tvalue']['IPDISCOVER_IPD_DIR'] . "/ipd";
        if ($scriptPresent = @stat($fipdisc)) {
            $filePresent = true;
            if (!is_executable($fipdisc)) {
                $msg_info = $fipdisc . " " . $l->g(341);
            } else {
                if (!is_writable($IPD_DIR)) {
                    $msg_info = $l->g(342) . " " . $fipdisc . " (" . $IPD_DIR . ")";
                }
            }
            if (!isset($msg_info)) {
                echo "<br><input type='button' onclick=window.open(\"index.php?" . PAG_INDEX . "=" . $pages_refs['ms_ipdiscover_analyse'] . "&head=1&rzo=" . $protectedGet['value'] . "\",\"analyse\",\"location=0,status=0,scrollbars=1,menubar=0,resizable=0,width=800,height=650\") name='analyse' value='" . $l->g(317) . "'>";
            } else {
                msg_info($msg_info);
            }
        }
        echo close_form();
    }
}
Пример #10
0
    $protectedPost['document_root'] = $document_root;
}
echo "<input type='hidden' name='document_root' value='" . $protectedPost['document_root'] . "'>\t  \n\t <input type='hidden' id='timestamp' name='timestamp' value='" . $protectedPost['timestamp'] . "'>";
echo "<script language='javascript'>\n\t\tfunction verif()\n\t\t {\n\t\t\tvar msg = '';\n\t\t\tchamps = new Array('NAME','DESCRIPTION','OS','PROTOCOLE','PRIORITY','ACTION','ACTION_INPUT','REDISTRIB_USE');\n\t\t\tchamps_OS = new Array('NOTIFY_USER','NEED_DONE_ACTION');\n\t\t\tchamps_ACTION=new Array('teledeploy_file');\n\t\t\tchamps_REDISTRIB_USE=new Array('REDISTRIB_PRIORITY');\n\t\t\tchamps_NOTIFY_USER=new Array('NOTIFY_TEXT','NOTIFY_COUNTDOWN','NOTIFY_CAN_ABORT','NOTIFY_CAN_DELAY');\n\t\t\tchamps_NEED_DONE_ACTION=new Array('NEED_DONE_ACTION_TEXT');\n\t\t\t\n\n\n\t\t\n\t\t\tfor (var n = 0; n < champs.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById(champs[n]).value == ''){\n\t\t\t\t document.getElementById(champs[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs[n]).style.backgroundColor = '';\n\t\t\t}\n\n\t\t\tfor (var n = 0; n < champs_OS.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById('OS').value == 'WINDOWS' && document.getElementById(champs_OS[n]).value == ''){\n\t\t\t\t document.getElementById(champs_OS[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs_OS[n]).style.backgroundColor = '';\n\t\t\t}\n\t\t\tfor (var n = 0; n < champs_ACTION.length; n++)\n\t\t\t{\n\t\t\t\tvar name_file=document.getElementById(champs_ACTION[n]).value;\n\t\t\t\tname_file=name_file.toUpperCase();\n\t\t\t\tif (document.getElementById(\"OS\").value == 'WINDOWS')\n\t\t\t\t\tvar debut=name_file.length-3;\n\t\t\t\telse\n\t\t\t\t\tvar debut=name_file.length-6;\n\t\t\t\tif (document.getElementById('ACTION').value != 'EXECUTE' && document.getElementById(champs_ACTION[n]).value == ''){\n\t\t\t\t\talert('" . $l->g(602) . "');\n\t\t\t\t \tdocument.getElementById(champs_ACTION[n]).style.backgroundColor = 'RED';\n\t\t\t\t \tmsg='NULL';\n\t\t\t\t }\n\t\t\t\telse if (document.getElementById('ACTION').value != 'EXECUTE' && name_file.substring(debut,name_file.length) != 'ZIP' && document.getElementById(\"OS\").value == 'WINDOWS'){\n\t\t\t\t\talert('" . $l->g(1231) . "');\n\t\t\t\t\tdocument.getElementById(champs_ACTION[n]).style.backgroundColor = 'RED';\n\t\t\t\t\tmsg='NULL';\n\t\t\t\t}else if (document.getElementById('ACTION').value != 'EXECUTE' && name_file.substring(debut,name_file.length) != 'TAR.GZ' && document.getElementById(\"OS\").value != 'WINDOWS'){\n\t\t\t\t\talert('" . $l->g(1232) . "');\n\t\t\t\t\tdocument.getElementById(champs_ACTION[n]).style.backgroundColor = 'RED';\n\t\t\t\t\tmsg='NULL';\n\t\t\t\t}\n\t\t\t\t document.getElementById(champs_ACTION[n]).style.backgroundColor = '';\n\n\t\t\t}\n\t\t\t\n\t\t\tfor (var n = 0; n < champs_REDISTRIB_USE.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById('REDISTRIB_USE').value == 1 && document.getElementById(champs_REDISTRIB_USE[n]).value == ''){\n\t\t\t\t document.getElementById(champs_REDISTRIB_USE[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs_REDISTRIB_USE[n]).style.backgroundColor = '';\n\t\t\t}\n\n\t\t\tfor (var n = 0; n < champs_NOTIFY_USER.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById('NOTIFY_USER').value == 1 && document.getElementById(champs_NOTIFY_USER[n]).value == ''){\n\t\t\t\t document.getElementById(champs_NOTIFY_USER[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs_NOTIFY_USER[n]).style.backgroundColor = '';\n\t\t\t}\n\n\t\t\tfor (var n = 0; n < champs_NEED_DONE_ACTION.length; n++)\n\t\t\t{\n\t\t\t\tif (document.getElementById('NEED_DONE_ACTION').value == 1 && document.getElementById(champs_NEED_DONE_ACTION[n]).value == ''){\n\t\t\t\t document.getElementById(champs_NEED_DONE_ACTION[n]).style.backgroundColor = 'RED';\n\t\t\t\t msg='NULL';\n\t\t\t\t }\n\t\t\t\telse\n\t\t\t\t document.getElementById(champs_NEED_DONE_ACTION[n]).style.backgroundColor = '';\n\t\t\t}\n\n\t\t\tif (msg != ''){\n\t\t\talert ('" . $l->g(1001) . "');\n\t\t\treturn false;\n\t\t\t}else\n\t\t\treturn true;\t\t\t\n\t\t}\n\t</script>";
echo "<div ";
if ($protectedPost['valid']) {
    echo " style='display:none;'";
}
echo ">";
printEnTete($l->g(434));
echo "<br>";
$activate = option_conf_activate('TELEDIFF_WK');
//If workflow for teledeploy is activated
//We show only the package we can create
if ($activate) {
    msg_info($l->g(1105) . "<br>" . $l->g(1106) . "<br>" . $l->g(1107));
    //get all request with the status "Create a Package"
    $conf_creat_Wk = look_config_default_values(array('IT_SET_NIV_CREAT'));
    $info_dde_statut_creat = info_dde(find_dde_by_status($conf_creat_Wk['tvalue']['IT_SET_NIV_CREAT']));
    if ($info_dde_statut_creat != '') {
        $array_id_fields = find_id_field(array('NAME_TELEDEPLOY', 'PRIORITY', 'NOTIF_USER', 'REPORT_USER', 'INFO_PACK'));
        //build the seach
        $id_name = "fields_" . $array_id_fields['NAME_TELEDEPLOY']->id;
        $id_description = "fields_" . $array_id_fields['INFO_PACK']->id;
        $id_priority = "fields_" . $array_id_fields['PRIORITY']->id;
        $id_notify_user = "******" . $array_id_fields['NOTIF_USER']->id;
        foreach ($info_dde_statut_creat as $id => $tab_value) {
            $list_dde_creat[$tab_value->ID] = $tab_value->{$id_name};
        }
        echo "<br><b>" . $l->g(1183) . ":</b>" . show_modif($list_dde_creat, 'LIST_DDE_CREAT', 2, $form_name);
        if (!$protectedPost['LIST_DDE_CREAT'] or $protectedPost['LIST_DDE_CREAT'] == "") {
Пример #11
0
function media_invoke()
{
    $popup_form = '';
    list($path, $opt) = GET('folder, opt', 'GETPOST');
    list($do_action, $pending) = GET('do_action, pending', 'POST');
    // Change default uploads dir
    $udir = cn_path_construct(SERVDIR, 'uploads');
    if (getoption('uploads_dir')) {
        $udir = preparation_path(getoption('uploads_dir'));
    }
    $edir = getoption('uploads_ext') ? getoption('uploads_ext') : getoption('http_script_dir') . '/uploads';
    $dfile = cn_path_construct($udir, $path);
    // Remove root identifier
    $path = preparation_path($path);
    // Path detection
    $path = preg_replace('/[^a-z0-9\\/_\\\\]/i', '-', $path);
    $root_dir = cn_path_construct($udir, $path) . DIRECTORY_SEPARATOR;
    $just_uploaded = array();
    // Get path struct
    $pathes = spsep($path, DIRECTORY_SEPARATOR);
    if (isset($pathes[0]) && $pathes[0] === '') {
        unset($pathes[0]);
    }
    // Do upload files
    if (request_type('POST')) {
        cn_dsi_check();
        // Allowed Exts.
        $AE = spsep(getoption('allowed_extensions'));
        // Generate thumbnail after upload
        $thumbnail_with_upload = getoption('thumbnail_with_upload');
        // UPLOAD FILES
        if (REQ('upload', 'POST')) {
            list($overwrite) = GET('overwrite');
            $is_uploaded = FALSE;
            // Try for fopen url upload
            if ($upload_from_inet = REQ('upload_from_inet')) {
                if (ini_get('allow_url_fopen')) {
                    // Get filename
                    $url_name = spsep($upload_from_inet, '/');
                    $url_name = $url_name[count($url_name) - 1];
                    $url_name = preg_replace('/(%20|\\s|\\?|&|\\/)/', '_', $url_name);
                    $url_name = str_replace('%', '_', $url_name);
                    // resolve filename
                    $c_file = $dfile . $url_name;
                    // Overwrite [if can], or add file
                    if ($overwrite && file_exists($c_file) || !file_exists($c_file)) {
                        // Use context for disable error notices
                        if (function_exists('stream_context_create')) {
                            $context = stream_context_create(array('http' => array('ignore_errors' => true)));
                            $fw = fopen($upload_from_inet, 'rb', false, $context);
                        } else {
                            // Read file
                            $fw = fopen($upload_from_inet, 'rb');
                        }
                        // --------- (fetch content) ------
                        ob_start();
                        fpassthru($fw);
                        $file_image = ob_get_clean();
                        fclose($fw);
                        // ---------
                        // write2disk
                        if ($wf = fopen($c_file, 'w')) {
                            fwrite($wf, $file_image);
                            fclose($wf);
                        }
                        // check image
                        list($w, $h) = getimagesize($c_file);
                        if ($w && $h) {
                            cn_throw_message('File uploaded');
                            $max_width = getoption('max_thumbnail_width');
                            if ($w > $max_width && $thumbnail_with_upload) {
                                $resize_result = resize_image($c_file, $max_width, 0);
                                cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
                            }
                            $is_uploaded = TRUE;
                            $just_uploaded[$url_name] = TRUE;
                        } else {
                            cn_throw_message("Wrong image file", 'e');
                            unlink($c_file);
                        }
                    } else {
                        cn_throw_message("Can't overwrite or save", 'e');
                    }
                } else {
                    cn_throw_message('allow_url_fopen=0, check server configurations');
                }
            }
            // Upload from local
            foreach ($_FILES['upload_file']['name'] as $id => $name) {
                if ($name) {
                    $ext = NULL;
                    if (preg_match('/\\.(\\w+)$/i', $name, $c)) {
                        $ext = strtolower($c[1]);
                    }
                    // Check allowed ext
                    if ($ext && in_array($ext, $AE)) {
                        // encode url
                        $name = str_replace('%2F', '/', urlencode($name));
                        // encoded? replace filename
                        if (strpos($name, '%') !== FALSE) {
                            $name = str_replace('%', '', strtolower($name));
                        }
                        // check file for exist
                        if (file_exists($c_file = $dfile . $name)) {
                            if ($overwrite) {
                                cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] overwritten', 'w');
                            } else {
                                cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] already exists', 'e');
                                continue;
                            }
                        }
                        // Upload file to server
                        if (move_uploaded_file($_FILES['upload_file']['tmp_name'][$id], $c_file)) {
                            $just_uploaded[$name] = TRUE;
                            cn_throw_message('File uploaded [<b>' . cn_htmlspecialchars($name) . '</b>]');
                            $max_width = getoption('max_thumbnail_width');
                            list($w, $h) = getimagesize($c_file);
                            if ($w > $max_width && $thumbnail_with_upload) {
                                $resize_result = resize_image($c_file, $max_width, 0);
                                cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
                            }
                        } else {
                            cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] not uploaded! Please, check upload_max_filesize in PHP settings.', 'e');
                        }
                    } else {
                        cn_throw_message('File extension [' . cn_htmlspecialchars($ext) . '] not allowed', 'e');
                    }
                } elseif (!$is_uploaded) {
                    cn_throw_message('No selected files for upload', 'e');
                }
            }
        } elseif ($do_action || $pending) {
            list($rm) = GET('rm', 'POST');
            // action --> delete entries
            if ($do_action == 'delete') {
                if (empty($rm)) {
                    cn_throw_message('No files selected', 'w');
                } else {
                    foreach ($rm as $file) {
                        if (file_exists($cfile = $dfile . $file)) {
                            if (is_dir($cfile)) {
                                rmdir($cfile);
                            } else {
                                //get thumbnail path
                                $path_parts = pathinfo($cfile);
                                $thumbnail_path = $path_parts['dirname'] . DIRECTORY_SEPARATOR . '.thumb.' . $path_parts['basename'];
                                if (file_exists($thumbnail_path)) {
                                    unlink($thumbnail_path);
                                }
                                unlink($cfile);
                            }
                        }
                        if (file_exists($cfile)) {
                            cn_throw_message('File [' . cn_htmlspecialchars($cfile) . '] not deleted!', 'e');
                        } else {
                            cn_throw_message('File [' . cn_htmlspecialchars($file) . '] deleted successfully');
                        }
                    }
                }
            } elseif ($do_action == 'create') {
                $popup_form = i18n('Enter directory name') . ' <input type="text" name="new_dir" value="" />';
            } elseif ($pending == 'create') {
                $new_dir_arr = GET('new_dir', 'POST');
                $new_folder = array_pop($new_dir_arr);
                $new_folder = preg_replace('/[^a-z0-9_]/i', '-', $new_folder);
                if ($new_folder) {
                    $cfile = $dfile . $new_folder;
                    if (is_dir($cfile)) {
                        cn_throw_message('Folder [' . $new_folder . '] already exists!', 'e');
                    } else {
                        mkdir($cfile);
                        if (!is_dir($cfile)) {
                            cn_throw_message('Folder [' . cn_htmlspecialchars($cfile) . ' not created]', 'e');
                        } else {
                            cn_throw_message('Folder [' . $new_folder . '] created!');
                        }
                    }
                } else {
                    cn_throw_message('Specify folder name', 'w');
                }
                $popup_form = '';
            } elseif ($do_action == 'rename') {
                if ($rm) {
                    $popup_form = '<div class="big_font">' . i18n('Rename file to') . '</div>';
                    $popup_form .= i18n('Tip: Write new file name') . '<br />';
                    $popup_form .= '<table>';
                    foreach ($rm as $id => $fn) {
                        $hfn = cn_htmlspecialchars($fn);
                        $popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
                        $popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>&rarr;</td>';
                        $popup_form .= '<td><input style="width: 300px;" type="text" name="place[' . $id . ']" value="' . $hfn . '" /> ';
                        $popup_form .= '</td></tr>';
                    }
                    $popup_form .= '</table>';
                } else {
                    cn_throw_message('Select files to rename', 'w');
                }
            } elseif ($pending == 'rename') {
                // ...
                list($ids, $place) = GET('ids, place', 'POST');
                // prevent illegal moves
                $safe_dir = scan_dir($root_dir);
                foreach ($safe_dir as $id => $v) {
                    $safe_dir[$id] = md5($v);
                }
                // do move all files / dirs
                foreach ($ids as $id => $file) {
                    if (in_array(md5($file), $safe_dir)) {
                        $filename = $place[$id];
                        if (strpos($filename, '\\') || strpos($filename, '/')) {
                            cn_throw_message(i18n('The name of file [%1] should not contain special characters', cn_htmlspecialchars($file)), 'e');
                            continue;
                        }
                        $renameto = $root_dir . $filename;
                        $thumb = $root_dir . '.thumb.' . $file;
                        // do move
                        if (rename($root_dir . $file, $renameto)) {
                            if (file_exists($thumb)) {
                                rename($thumb, $root_dir . '.thumb.' . $filename);
                            }
                            cn_throw_message(i18n('File [%1] renamed to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($filename)));
                        } else {
                            cn_throw_message(i18n('File [%1] not renamed', cn_htmlspecialchars($file)), 'e');
                        }
                    }
                }
            } elseif ($do_action == 'move') {
                if ($rm) {
                    $popup_form = '<div class="big_font">' . i18n('Move files to') . '</div>';
                    $popup_form .= i18n('Tip: You can select the folder to move the file') . '<br />';
                    $popup_form .= '<table>';
                    $folders = array();
                    $dirs = scan_dir($root_dir);
                    foreach ($dirs as $entry) {
                        if (is_dir($root_dir . $entry) && !($entry === '..' || $entry === '.')) {
                            $folders[] = $entry;
                        }
                    }
                    foreach ($rm as $id => $fn) {
                        $hfn = cn_htmlspecialchars($fn);
                        $popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
                        $popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>&rarr;</td>';
                        $popup_form .= '<td>';
                        $cnt_folders = count($folders);
                        if ($cnt_folders != 0 && !($cnt_folders == 1 && in_array($hfn, $folders))) {
                            $popup_form .= '<select name="place_folder_' . $id . '">';
                            foreach ($folders as $dirn) {
                                if ($dirn != $hfn) {
                                    $popup_form .= '<option value="' . $dirn . '">' . $dirn . '</option>';
                                }
                            }
                            $popup_form .= '</select>';
                        }
                        if ($root_dir != $udir) {
                            $popup_form .= '<nobr><input type="checkbox" onclick="javascript:hideFolderList(this,' . $id . ')" name="moveup[' . $id . ']" value="Y" /> Move up</nobr>';
                        } else {
                            $popup_form .= '<nobr> X Move up (You are in root folder)</nobr>';
                        }
                        $popup_form .= '</td></tr>';
                    }
                    $popup_form .= '</table>';
                } else {
                    cn_throw_message('Select files to move', 'w');
                }
            } elseif ($pending == 'move') {
                // ...
                list($ids, $moveup) = GET('ids, moveup', 'POST');
                // prevent illegal moves
                $safe_dir = scan_dir($root_dir);
                foreach ($safe_dir as $id => $v) {
                    $safe_dir[$id] = md5($v);
                }
                // do move all files / dirs
                foreach ($ids as $id => $file) {
                    list($place_folder) = GET('place_folder_' . $id);
                    if (in_array(md5($file), $safe_dir)) {
                        $NF = '';
                        $foldername = preg_replace('/\\.\\//i', '', $place_folder);
                        // move this file up
                        if (isset($moveup[$id]) && count($pathes) > 0) {
                            $nwfolder = dirname($root_dir);
                            $foldername = 'up folder';
                        } else {
                            $nwfolder = $root_dir . ($NF = isset($rm[0]) ? $rm[0] : '') . DIRECTORY_SEPARATOR . $foldername;
                            if ($rm[0]) {
                                $NF = $rm[0] . DIRECTORY_SEPARATOR;
                            }
                        }
                        $moveto = $nwfolder . DIRECTORY_SEPARATOR . $file;
                        //check for image thumbnail
                        $thumb = $root_dir . '.thumb.' . $file;
                        // do move
                        if (rename($root_dir . $file, $moveto)) {
                            if (file_exists($thumb)) {
                                rename($thumb, $nwfolder . DIRECTORY_SEPARATOR . '.thumb.' . $file);
                            }
                            cn_throw_message(i18n('File [%1] moved to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($foldername)));
                        } else {
                            cn_throw_message(i18n('File [%1] not moved', cn_htmlspecialchars($file)), 'e');
                        }
                    }
                }
            } elseif ($do_action == 'thumb') {
                if (!empty($_POST['rm'])) {
                    $popup_form = get_sizes_form('Make thumbnails', $do_action);
                } else {
                    cn_throw_message('Select files to make thumbnail', 'w');
                }
            } elseif ($pending == 'thumb') {
                do_resize_image($root_dir);
            } elseif ($do_action == 'resize') {
                if (!empty($_POST['rm'])) {
                    $popup_form = get_sizes_form('Resize source image', $do_action);
                } else {
                    cn_throw_message('Select files to resize', 'w');
                }
            } elseif ($pending == 'resize') {
                do_resize_image($root_dir, false);
            } elseif (!hook('media/post_action')) {
                msg_info("Action error");
            }
        }
    }
    // Check dir exists
    if (is_dir($root_dir)) {
        $raw_files = scan_dir($root_dir);
    } else {
        cn_throw_message('Dir not exists', 'e');
        $raw_files = array();
    }
    $dirs = $files = array();
    foreach ($raw_files as $file) {
        if (preg_match('/avatar_/', $file)) {
            continue;
        }
        $file_location = "{$root_dir}/{$file}";
        if (is_dir($file_location)) {
            $dirs[] = array('url' => "{$path}/{$file}", 'name' => $file);
        } elseif (filesize(cn_path_construct($udir, $path) . $file) != 0) {
            list($w, $h) = getimagesize(cn_path_construct($udir, $path) . $file);
            $is_thumb = preg_match('/\\.thumb\\./', $file);
            $files[] = array('name' => $file, 'url' => $edir . '/' . ($path ? $path . '/' : '') . $file, 'thumb' => file_exists($root_dir . '/.thumb.' . pathinfo($file, PATHINFO_BASENAME)) ? $edir . '/' . ($path ? $path . '/' : '') . '.thumb.' . pathinfo($file, PATHINFO_BASENAME) : '', 'local' => ($path ? $path . '/' : '') . $file, 'just_uploaded' => isset($just_uploaded[$file]) ? TRUE : FALSE, 'is_thumb' => $is_thumb, 'w' => $w, 'h' => $h, 'fs' => round(filesize($file_location) / 1024, 1));
        }
    }
    uasort($dirs, 'usort_by_name_asc');
    uasort($files, 'usort_by_name_asc');
    // Top level (dashboard)
    cn_bc_add('Dashboard', cn_url_modify(array('reset')));
    cn_bc_add('Media manager', cn_url_modify());
    cn_assign("files, dirs, path, pathes, popup_form, root_dir", $files, $dirs, $path, $pathes, $popup_form, $root_dir);
    if ($opt === 'inline') {
        echo exec_tpl('window', 'title=Quick insert image', 'style=media/style.css', 'content=' . exec_tpl('media/general'));
    } else {
        echoheader('-@media/style.css', 'Media manager');
        echo exec_tpl('media/general');
        echofooter();
    }
}
Пример #12
0
function edit_news_delete()
{
    cn_dsi_check();
    if (!test('Nud')) {
        msg_info("Unable to delete news: no permission");
    }
    $FlatDB = new FlatDB();
    list($id, $source) = GET('id, source', 'GET');
    $ida = db_index_load($source);
    $nloc = db_get_nloc($id);
    $db = db_news_load($nloc);
    // ------
    $FlatDB->cn_remove_categories($db[$id]['c'], $db[$id]['id']);
    $FlatDB->cn_update_date(0, $db[$id]['id']);
    $FlatDB->cn_user_sync($db[$id]['u'], 0, $db[$id]['id']);
    $FlatDB->cn_remove_tags($db[$id]['tg'], $db[$id]['id']);
    // ------
    unset($db[$id]);
    unset($ida[$id]);
    // Remove from meta-index
    $_ts_id = bt_get_id($id, 'nts_id');
    bt_del_id($id, 'nts_id');
    bt_del_id($_ts_id, 'nid_ts');
    // Remove page alias
    $_ts_pg = bt_get_id($id, 'ts_pg');
    bt_del_id($id, 'ts_pg');
    bt_del_id($_ts_pg, 'pg_ts');
    // save block
    db_save_news($db, $nloc);
    db_index_save($ida, $source);
    db_index_update_overall($source);
    cn_relocation(cn_url_modify(array('reset'), 'mod=editnews', "source={$source}"));
    $FlatDB->cache_clean();
}
function create_pack($sql_details, $info_details)
{
    global $l;
    if (DEMO) {
        msg_info($l->g(2103));
        return;
    }
    $info_details = xml_escape_string($info_details);
    //get temp file
    $fname = $sql_details['document_root'] . $sql_details['timestamp'] . "/tmp";
    //cut this package
    if ($size = @filesize($fname)) {
        $handle = fopen($fname, "rb");
        $read = 0;
        for ($i = 1; $i < $sql_details['nbfrags']; $i++) {
            $contents = fread($handle, $size / $sql_details['nbfrags']);
            $read += strlen($contents);
            $handfrag = fopen($sql_details['document_root'] . $sql_details['timestamp'] . "/" . $sql_details['timestamp'] . "-" . $i, "w+b");
            fwrite($handfrag, $contents);
            fclose($handfrag);
        }
        $contents = fread($handle, $size - $read);
        $read += strlen($contents);
        $handfrag = fopen($sql_details['document_root'] . $sql_details['timestamp'] . "/" . $sql_details['timestamp'] . "-" . $i, "w+b");
        fwrite($handfrag, $contents);
        fclose($handfrag);
        fclose($handle);
        unlink($sql_details['document_root'] . $sql_details['timestamp'] . "/tmp");
    } else {
        if (!file_exists($sql_details['document_root'] . $sql_details['timestamp'])) {
            mkdir($sql_details['document_root'] . $sql_details['timestamp']);
        }
    }
    //if $info_details['DIGEST'] is null =>  no file to deploy, only execute commande in info file
    // so nb_frag=0
    if (!isset($info_details['DIGEST']) or $info_details['DIGEST'] == "") {
        $sql_details['nbfrags'] = 0;
    }
    //create info
    $info = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
    $info .= "<DOWNLOAD ID=\"" . $sql_details['timestamp'] . "\" " . "PRI=\"" . $info_details['PRI'] . "\" " . "ACT=\"" . $info_details['ACT'] . "\" " . "DIGEST=\"" . $info_details['DIGEST'] . "\" " . "PROTO=\"" . $info_details['PROTO'] . "\" " . "FRAGS=\"" . $sql_details['nbfrags'] . "\" " . "DIGEST_ALGO=\"" . $info_details['DIGEST_ALGO'] . "\" " . "DIGEST_ENCODE=\"" . $info_details['DIGEST_ENCODE'] . "\" ";
    if ($info_details['ACT'] == 'STORE') {
        $info .= "PATH=\"" . $info_details['PATH'] . "\" ";
    }
    if ($info_details['ACT'] == 'LAUNCH') {
        $info .= "NAME=\"" . $info_details['NAME'] . "\" ";
    }
    if ($info_details['ACT'] == 'EXECUTE') {
        $info .= "COMMAND=\"" . $info_details['COMMAND'] . "\" ";
    }
    $info .= "NOTIFY_USER=\"" . $info_details['NOTIFY_USER'] . "\" " . "NOTIFY_TEXT=\"" . $info_details['NOTIFY_TEXT'] . "\" " . "NOTIFY_COUNTDOWN=\"" . $info_details['NOTIFY_COUNTDOWN'] . "\" " . "NOTIFY_CAN_ABORT=\"" . $info_details['NOTIFY_CAN_ABORT'] . "\" " . "NOTIFY_CAN_DELAY=\"" . $info_details['NOTIFY_CAN_DELAY'] . "\" " . "NEED_DONE_ACTION=\"" . $info_details['NEED_DONE_ACTION'] . "\" " . "NEED_DONE_ACTION_TEXT=\"" . $info_details['NEED_DONE_ACTION_TEXT'] . "\" " . "GARDEFOU=\"" . $info_details['GARDEFOU'] . "\" />\n";
    $handinfo = fopen($sql_details['document_root'] . $sql_details['timestamp'] . "/info", "w+");
    fwrite($handinfo, utf8_decode($info));
    fclose($handinfo);
    //delete all package with the same id
    mysql2_query_secure("DELETE FROM download_available WHERE FILEID='%s'", $_SESSION['OCS']["writeServer"], $sql_details['timestamp']);
    //insert new package
    $req = "INSERT INTO download_available(FILEID, NAME, PRIORITY, FRAGMENTS, SIZE, OSNAME, COMMENT,ID_WK) VALUES\n\t\t( '%s', '%s','%s', '%s','%s', '%s', '%s','%s' )";
    $arg = array($sql_details['timestamp'], $sql_details['name'], $info_details['PRI'], $sql_details['nbfrags'], $sql_details['size'], $sql_details['os'], $sql_details['description'], $sql_details['id_wk']);
    mysql2_query_secure($req, $_SESSION['OCS']["writeServer"], $arg);
    addLog($l->g(512), $l->g(617) . " " . $sql_details['timestamp']);
    //info message
    msg_success($l->g(437) . " " . $sql_details['document_root'] . $sql_details['timestamp']);
    //delete cache for activation
    unset($_SESSION['OCS']['DATA_CACHE']['LIST_PACK']);
    unset($_SESSION['OCS']['NUM_ROW']['LIST_PACK']);
}
Пример #14
0
function tab_req($table_name, $list_fields, $default_fields, $list_col_cant_del, $queryDetails, $form_name, $width = '100', $tab_options = '')
{
    global $protectedPost, $l, $pages_refs;
    if (!$tab_options['AS']) {
        $tab_options['AS'] = array();
    }
    if ($_SESSION['OCS']["tabcache"] == 0) {
        $tab_options['CACHE'] = 'RESET';
    }
    echo "<script language='javascript'>\n\t\tfunction checkall()\n\t\t {\n\t\t\tfor(i=0; i<document." . $form_name . ".elements.length; i++)\n\t\t\t{\n\t\t\t\tif(document." . $form_name . ".elements[i].name.substring(0,5) == 'check'){\n\t\t\t        if (document." . $form_name . ".elements[i].checked)\n\t\t\t\t\t\tdocument." . $form_name . ".elements[i].checked = false;\n\t\t\t\t\telse\n\t\t\t\t\t\tdocument." . $form_name . ".elements[i].checked = true;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t</script>";
    $link = $_SESSION['OCS']["readServer"];
    //show select nb page
    $limit = nb_page($form_name, 100, "", "", $table_name);
    //you want to filter your result
    if (isset($tab_options['FILTRE'])) {
        $Details = filtre($tab_options['FILTRE'], $form_name, $queryDetails, $tab_options['ARG_SQL'], $tab_options['ARG_SQL_COUNT']);
        $queryDetails = $Details['SQL'];
        if (is_array($Details['ARG'])) {
            $tab_options['ARG_SQL'] = $Details['ARG'];
        }
        if (is_array($Details['ARG_COUNT'])) {
            $tab_options['ARG_SQL_COUNT'] = $Details['ARG_COUNT'];
        }
    }
    //by default, sort by column 1
    if ($protectedPost['tri_' . $table_name] == "" or !in_array($protectedPost['tri_' . $table_name], $list_fields) and !in_array($protectedPost['tri_' . $table_name], $tab_options['AS'])) {
        $protectedPost['tri_' . $table_name] = 1;
    }
    //by default, sort ASC
    if ($protectedPost['sens_' . $table_name] == "") {
        $protectedPost['sens_' . $table_name] = 'ASC';
    }
    //if data is signed and data = ip
    $tab_iplike = array('H.IPADDR', 'IPADDRESS', 'IP', 'IPADDR');
    if (in_array(mb_strtoupper($protectedPost['tri_' . $table_name]), $tab_iplike)) {
        $queryDetails .= " order by INET_ATON(" . $protectedPost['tri_' . $table_name] . ") " . $protectedPost['sens_' . $table_name];
    } elseif ($tab_options['TRI']['SIGNED'][$protectedPost['tri_' . $table_name]]) {
        $queryDetails .= " order by cast(" . $protectedPost['tri_' . $table_name] . " as signed) " . $protectedPost['sens_' . $table_name];
    } elseif ($tab_options['TRI']['DATE'][$protectedPost['tri_' . $table_name]]) {
        if (isset($tab_options['ARG_SQL'])) {
            $queryDetails .= " order by STR_TO_DATE(%s,'%s') %s";
            $tab_options['ARG_SQL'][] = $protectedPost['tri_' . $table_name];
            $tab_options['ARG_SQL'][] = $tab_options['TRI']['DATE'][$protectedPost['tri_' . $table_name]];
            $tab_options['ARG_SQL'][] = $protectedPost['sens_' . $table_name];
        } else {
            $queryDetails .= " order by STR_TO_DATE(" . $protectedPost['tri_' . $table_name] . ",'" . $tab_options['TRI']['DATE'][$protectedPost['tri_' . $table_name]] . "') " . $protectedPost['sens_' . $table_name];
        }
    } else {
        $queryDetails .= " order by " . $protectedPost['tri_' . $table_name] . " " . $protectedPost['sens_' . $table_name];
    }
    if (isset($protectedPost["pcparpage"]) and $protectedPost["pcparpage"] <= 200) {
        $limit_result_cache = 200;
        $force_no_cache = false;
    } elseif (isset($protectedPost["pcparpage"])) {
        $limit_result_cache = $protectedPost["pcparpage"];
        $force_no_cache = true;
    }
    //$tab_options['CACHE']='RESET';
    //suppression de la limite de cache
    //si on est sur la m�me page mais pas sur le m�me onglet
    if ($_SESSION['OCS']['csv']['SQL'][$table_name] != $queryDetails or isset($tab_options['ARG_SQL']) and $tab_options['ARG_SQL'] != $_SESSION['OCS']['csv']['ARG'][$table_name]) {
        unset($protectedPost['page']);
        $tab_options['CACHE'] = 'RESET';
    }
    //Delete cache
    if ($tab_options['CACHE'] == 'RESET' or isset($protectedPost['SUP_PROF']) and $protectedPost['SUP_PROF'] != '' or isset($protectedPost['RESET']) and $protectedPost['RESET'] != '') {
        if ($_SESSION['OCS']['DEBUG'] == 'ON') {
            msg_info($l->g(5003));
        }
        unset($_SESSION['OCS']['DATA_CACHE'][$table_name]);
        unset($_SESSION['OCS']['NUM_ROW'][$table_name]);
    }
    if (isset($_SESSION['OCS']['NUM_ROW'][$table_name]) and $_SESSION['OCS']['NUM_ROW'][$table_name] > $limit["BEGIN"] and $_SESSION['OCS']['NUM_ROW'][$table_name] <= $limit["END"] and !isset($_SESSION['OCS']['DATA_CACHE'][$table_name][$limit["END"]])) {
        if ($_SESSION['OCS']['DEBUG'] == 'ON') {
            msg_info($l->g(5004) . " " . $limit["END"] . " => " . ($_SESSION['OCS']['NUM_ROW'][$table_name] - 1));
        }
        $limit["END"] = $_SESSION['OCS']['NUM_ROW'][$table_name] - 1;
    }
    if (isset($_SESSION['OCS']['DATA_CACHE'][$table_name][$limit["END"]]) and isset($_SESSION['OCS']['NUM_ROW'][$table_name])) {
        if ($_SESSION['OCS']['DEBUG'] == 'ON') {
            msg_info($l->g(5005));
        }
        $var_limit = $limit["BEGIN"];
        while ($var_limit <= $limit["END"]) {
            $sql_data[$var_limit] = $_SESSION['OCS']['DATA_CACHE'][$table_name][$var_limit];
            $var_limit++;
        }
        $num_rows_result = $_SESSION['OCS']['NUM_ROW'][$table_name];
        if (isset($_SESSION['OCS']['REPLACE_VALUE_ALL_TIME'])) {
            $tab_options['REPLACE_VALUE_ALL_TIME'] = $_SESSION['OCS']['REPLACE_VALUE_ALL_TIME'];
        }
        $result_data = gestion_donnees($sql_data, $list_fields, $tab_options, $form_name, $default_fields, $list_col_cant_del, $queryDetails, $table_name);
        $data = $result_data['DATA'];
        $entete = $result_data['ENTETE'];
        $correct_list_col_cant_del = $result_data['correct_list_col_cant_del'];
        $correct_list_fields = $result_data['correct_list_fields'];
        $i = 1;
    } else {
        //search static values
        if (isset($_SESSION['OCS']['SQL_DATA_FIXE'][$table_name])) {
            foreach ($_SESSION['OCS']['SQL_DATA_FIXE'][$table_name] as $key => $sql) {
                if (!isset($_SESSION['OCS']['ARG_DATA_FIXE'][$table_name][$key])) {
                    $arg = array();
                } else {
                    $arg = $_SESSION['OCS']['ARG_DATA_FIXE'][$table_name][$key];
                }
                if ($table_name == "TAB_MULTICRITERE") {
                    $sql .= " and hardware_id in (" . implode(',', $_SESSION['OCS']['ID_REQ']) . ") group by hardware_id ";
                    //ajout du group by pour r�gler le probl�me des r�sultats multiples sur une requete
                    //on affiche juste le premier crit�re qui match
                    $result = mysql_query($sql, $_SESSION['OCS']["readServer"]);
                } else {
                    //add sort on column if need it
                    if ($protectedPost['tri_fixe'] != '' and strstr($sql, $protectedPost['tri_fixe'])) {
                        $sql .= " order by '%s' %s";
                        array_push($protectedPost['tri_fixe'], $arg);
                        array_push($protectedPost['sens_' . $table_name], $arg);
                    }
                    $result = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"], $arg);
                }
                while ($item = mysql_fetch_object($result)) {
                    if ($item->HARDWARE_ID != "") {
                        $champs_index = $item->HARDWARE_ID;
                    } elseif ($item->FILEID != "") {
                        $champs_index = $item->FILEID;
                    }
                    //echo $champs_index."<br>";
                    if (isset($tablename_fixe_value)) {
                        if (strstr($sql, $tablename_fixe_value[0])) {
                            $list_id_tri_fixe[] = $champs_index;
                        }
                    }
                    foreach ($item as $field => $value) {
                        if ($field != "HARDWARE_ID" and $field != "FILEID" and $field != "ID") {
                            //			echo "<br>champs => ".$field."   valeur => ".$value;
                            $tab_options['REPLACE_VALUE_ALL_TIME'][$field][$champs_index] = $value;
                        }
                    }
                }
            }
            if (isset($tab_options['REPLACE_VALUE_ALL_TIME'])) {
                $_SESSION['OCS']['REPLACE_VALUE_ALL_TIME'] = $tab_options['REPLACE_VALUE_ALL_TIME'];
            }
        }
        //	print_r($tab_options['VALUE']);
        //	print_r($list_id_tri_fixe);
        //on vide les valeurs pr�c�dentes
        //pour optimiser la place sur le serveur
        if (!isset($tab_options['SAVE_CACHE'])) {
            unset($_SESSION['OCS']['csv'], $_SESSION['OCS']['list_fields']);
        }
        $_SESSION['OCS']['csv']['SQL'][$table_name] = $queryDetails;
        if (isset($tab_options['ARG_SQL'])) {
            $_SESSION['OCS']['csv']['ARG'][$table_name] = $tab_options['ARG_SQL'];
        }
        //requete de count
        unset($_SESSION['OCS']['NUM_ROW']);
        if (!isset($_SESSION['OCS']['NUM_ROW'][$table_name])) {
            unset($_SESSION['OCS']['NUM_ROW']);
            if (!isset($tab_options['SQL_COUNT'])) {
                $querycount_begin = "select count(*) count_nb_ligne ";
                if (stristr($queryDetails, "group by") and substr_count($queryDetails, "group by") == 1) {
                    $querycount_end = "," . substr($queryDetails, 6);
                } else {
                    $querycount_end = stristr($queryDetails, 'from ');
                }
                $querycount = $querycount_begin . $querycount_end;
            } else {
                $querycount = $tab_options['SQL_COUNT'];
            }
            if (isset($tab_options['ARG_SQL_COUNT'])) {
                $resultcount = mysql2_query_secure($querycount, $link, $tab_options['ARG_SQL_COUNT']);
            } elseif (isset($tab_options['ARG_SQL'])) {
                $resultcount = mysql2_query_secure($querycount, $link, $tab_options['ARG_SQL']);
            } else {
                $resultcount = mysql2_query_secure($querycount, $link);
            }
            //if this query is only for show data (like :
            //select '%s' as NOM,'%s' as LIBELLE)
            if (!stristr($queryDetails, "from")) {
                unset($resultcount);
            }
            //En dernier recourt, si le count n'est pas bon,
            //on joue la requete initiale
            if (!$resultcount) {
                if (isset($tab_options['ARG_SQL'])) {
                    $resultcount = mysql2_query_secure($queryDetails, $link, $tab_options['ARG_SQL']);
                } else {
                    $resultcount = mysql2_query_secure($queryDetails, $link);
                }
            }
            if ($resultcount) {
                $num_rows_result = mysql_num_rows($resultcount);
            }
            //echo "<b>".$num_rows_result."</b>";
            if ($num_rows_result == 1) {
                $count = mysql_fetch_object($resultcount);
                //	echo $queryDetails;
                if ($count->count_nb_ligne > 0) {
                    $num_rows_result = $count->count_nb_ligne;
                }
            }
            $_SESSION['OCS']['NUM_ROW'][$table_name] = $num_rows_result;
        } else {
            $num_rows_result = $_SESSION['OCS']['NUM_ROW'][$table_name];
            if ($_SESSION['OCS']['DEBUG'] == 'ON') {
                msg_info($l->g(5007));
            }
        }
        //echo $querycount;
        //FIN REQUETE COUNT
        if (isset($limit)) {
            if ($limit["END"] < $limit_result_cache) {
                $queryDetails .= " limit " . $limit_result_cache;
            } else {
                $queryDetails .= " limit " . floor($limit["END"] / $limit_result_cache) * $limit_result_cache . "," . $limit_result_cache;
            }
        }
        if (isset($tab_options['ARG_SQL'])) {
            $resultDetails = mysql2_query_secure($queryDetails, $link, $tab_options['ARG_SQL']);
        } else {
            $resultDetails = mysql2_query_secure($queryDetails, $link);
        }
        flush();
        $i = floor($limit["END"] / $limit_result_cache) * $limit_result_cache;
        $index = $limit["BEGIN"];
        $value_data_begin = $limit["BEGIN"];
        $value_data_end = $limit["END"] + 1;
        //echo $num_rows_result;
        if ($index > $num_rows_result) {
            $value_data_end = $num_rows_result - 1;
        }
        //echo $queryDetails;
        while ($item = mysql_fetch_object($resultDetails)) {
            if ($i >= $index) {
                unset($champs_index);
                if ($item->ID != "") {
                    $champs_index = $item->ID;
                } elseif ($item->FILEID != "") {
                    $champs_index = $item->FILEID;
                }
                if (isset($list_id_tri_fixe)) {
                    $index = $champs_index;
                }
                if ($index > $num_rows_result) {
                    break;
                }
                //on arr�te le traitement si on est au dessus du nombre de ligne
                foreach ($item as $key => $value) {
                    $sql_data_cache[$index][$key] = $value;
                    if ($index < $value_data_end and $index >= $value_data_begin) {
                        flush();
                        $sql_data[$index][$key] = $value;
                        foreach ($list_fields as $key => $value) {
                            if ($tab_options['VALUE'][$key]) {
                                if ($tab_options['VALUE'][$key][$champs_index] == "" and isset($tab_options['VALUE_DEFAULT'][$key])) {
                                    $sql_data[$index][$value] = $tab_options['VALUE_DEFAULT'][$key];
                                } else {
                                    $sql_data[$index][$value] = $tab_options['VALUE'][$key][$champs_index];
                                }
                            }
                        }
                    }
                    //ajout des valeurs statiques
                    foreach ($list_fields as $key => $value) {
                        if ($tab_options['VALUE'][$key]) {
                            if ($tab_options['VALUE'][$key][$champs_index] == "" and isset($tab_options['VALUE_DEFAULT'][$key])) {
                                $sql_data_cache[$index][$value] = $tab_options['VALUE_DEFAULT'][$key];
                            } else {
                                $sql_data_cache[$index][$value] = $tab_options['VALUE'][$key][$champs_index];
                            }
                        }
                    }
                }
                $index++;
            }
            $i++;
        }
        //		if ($i == 1){
        //			$num_rows_result=1;
        //			$_SESSION['OCS']['NUM_ROW'][$table_name]=1;
        //		}
        flush();
        //traitement du tri des r�sultats sur une valeur fixe
        if (isset($list_id_tri_fixe)) {
            $i = 0;
            //parcourt des id tri�s
            while ($list_id_tri_fixe[$i]) {
                if ($limit["BEGIN"] <= $i and $i < $limit["BEGIN"] + $limit_result_cache) {
                    $sql_data_tri_fixe[$i] = $sql_data[$list_id_tri_fixe[$i]];
                }
                $i++;
            }
            unset($sql_data);
            $sql_data = $sql_data_tri_fixe;
        }
        //	print_r($sql_data_cache);
        //on vide le cache des autres tableaux
        //pour optimiser la place dispo sur le serveur
        unset($_SESSION['OCS']['DATA_CACHE']);
        if (!$force_no_cache) {
            $_SESSION['OCS']['DATA_CACHE'][$table_name] = $sql_data_cache;
        }
        $result_data = gestion_donnees($sql_data, $list_fields, $tab_options, $form_name, $default_fields, $list_col_cant_del, $queryDetails, $table_name);
        $data = $result_data['DATA'];
        $entete = $result_data['ENTETE'];
        $correct_list_col_cant_del = $result_data['correct_list_col_cant_del'];
        $correct_list_fields = $result_data['correct_list_fields'];
    }
    if ($num_rows_result > 0) {
        if (count($data) == 1 and (!isset($protectedPost['page']) or $protectedPost['page'] == 0)) {
            $num_rows_result = 1;
        }
        $title = $num_rows_result . " " . $l->g(90);
        if (isset($tab_options['LOGS'])) {
            addLog($tab_options['LOGS'], $num_rows_result . " " . $l->g(90));
        }
        if (!isset($tab_options['no_download_result'])) {
            $title .= "<a href='index.php?" . PAG_INDEX . "=" . $pages_refs['ms_csv'] . "&no_header=1&tablename=" . $table_name . "&base=" . $tab_options['BASE'] . "'><small> (" . $l->g(183) . ")</small></a>";
        }
        $result_with_col = gestion_col($entete, $data, $correct_list_col_cant_del, $form_name, $table_name, $list_fields, $correct_list_fields, $form_name);
        $no_result = tab_entete_fixe($result_with_col['entete'], $result_with_col['data'], $title, $width, "", array(), $tab_options);
        if ($no_result) {
            show_page($num_rows_result, $form_name);
            echo "<input type='hidden' id='tri_" . $table_name . "' name='tri_" . $table_name . "' value='" . $protectedPost['tri_' . $table_name] . "'>";
            echo "<input type='hidden' id='tri_fixe' name='tri_fixe' value='" . $protectedPost['tri_fixe'] . "'>";
            echo "<input type='hidden' id='sens_" . $table_name . "' name='sens_" . $table_name . "' value='" . $protectedPost['sens_' . $table_name] . "'>";
            echo "<input type='hidden' id='SUP_PROF' name='SUP_PROF' value=''>";
            echo "<input type='hidden' id='MODIF' name='MODIF' value=''>";
            echo "<input type='hidden' id='SELECT' name='SELECT' value=''>";
            echo "<input type='hidden' id='OTHER' name='OTHER' value=''>";
            echo "<input type='hidden' id='ACTIVE' name='ACTIVE' value=''>";
            echo "<input type='hidden' id='CONFIRM_CHECK' name='CONFIRM_CHECK' value=''>";
            echo "<input type='hidden' id='OTHER_BIS' name='OTHER_BIS' value=''>";
            echo "<input type='hidden' id='OTHER_TER' name='OTHER_TER' value=''>";
            return TRUE;
        } else {
            return FALSE;
        }
    } else {
        echo "</td></tr></table>";
        msg_warning($l->g(766));
        return FALSE;
    }
}
     msg_success($nb_line_affected . " " . $l->g(1026));
 }
 //CAS OF WOL
 if (isset($protectedPost['WOL']) and $protectedPost['WOL'] != '') {
     require_once 'require/function_wol.php';
     $wol = new Wol();
     $sql = "select IPADDRESS,MACADDR from networks WHERE status='Up' and hardware_id in ";
     $arg = array();
     $tab_result = mysql2_prepare($sql, $arg, $list_id);
     $resultDetails = mysql2_query_secure($tab_result['SQL'], $_SESSION['OCS']["writeServer"], $tab_result['ARG']);
     $msg = "";
     while ($item = mysqli_fetch_object($resultDetails)) {
         $wol->wake($item->MACADDR, $item->IPADDRESS);
         $msg .= "<br>" . $wol->wol_send . "=>" . $item->MACADDR . "/" . $item->IPADDRESS;
     }
     msg_info($msg);
 }
 //tab definition
 if ($_SESSION['OCS']['profile']->getConfigValue('CHANGE_ACCOUNTINFO') == "YES") {
     $def_onglets['TAG'] = $l->g(1022);
 } else {
     $protectedPost['onglet'] = 'SUP_PACK';
 }
 $def_onglets['SUP_PACK'] = $l->g(1021);
 if ($_SESSION['OCS']['profile']->getRestriction('WOL', 'NO') == "NO") {
     $def_onglets['WOL'] = $l->g(1280);
 }
 if ($protectedPost['onglet'] == "") {
     $protectedPost['onglet'] = "TAG";
 }
 //show onglet
Пример #16
0
function dashboard_selfchk()
{
    $errors = array();
    $check_dirs = array('cdata', 'cdata/backup', 'cdata/btree', 'cdata/log', 'cdata/news', 'cdata/plugins');
    //         'uploads',
    // --- Check dirs
    foreach (hook('cnsc_dirs', $check_dirs) as $dir) {
        // Try create file in cdata
        $test_file = cn_path_construct(SERVDIR, $dir) . 'test.html';
        fclose(fopen($test_file, 'w+'));
        // File exists?
        if (file_exists($test_file)) {
            unlink($test_file);
        } else {
            $errors[] = array('perm' => '---', 'file' => SERVDIR . DIRECTORY_SEPARATOR . $dir, 'msg' => i18n('<b>Directory not writable</b>'));
        }
    }
    // --- Check uploads dir
    if (getoption('uploads_dir')) {
        $updir = getoption('uploads_dir');
    } else {
        $updir = cn_path_construct(SERVDIR, 'uploads');
    }
    fclose(fopen($cfile = $updir . 'test.html', 'w+'));
    if (file_exists($cfile)) {
        unlink($cfile);
    } else {
        $errors[] = array('perm' => '---', 'file' => $updir, 'msg' => i18n('<b>Directory not writable</b>'));
    }
    // ---
    $check_files = array('/cdata/users.txt', '/cdata/flood.txt', '/cdata/conf.php');
    foreach (hook('cnsc_files', $check_files) as $file) {
        $the_file = SERVDIR . $file;
        // Check exists
        if (file_exists($the_file)) {
            // Check readable
            if (is_readable($the_file)) {
                // FS. BEFORE
                clearstatcache();
                $fs0 = filesize($the_file);
                $af = fopen($the_file, 'a+');
                fwrite($af, "\n");
                fclose($af);
                // FS. AFTER
                clearstatcache();
                $fs1 = filesize($the_file);
                // REVERT
                $aw = fopen($the_file, 'a+');
                ftruncate($aw, $fs0);
                fclose($aw);
                // Check writable status: no change in filesize
                if ($fs0 == $fs1) {
                    $errors[] = array('perm' => decoct(fileperms($the_file)), 'file' => $the_file, 'msg' => i18n('File not writable'));
                }
            } else {
                $errors[] = array('perm' => decoct(fileperms($the_file)), 'file' => $the_file, 'msg' => i18n('File not writable'));
            }
        } else {
            $errors[] = array('perm' => '---', 'file' => $the_file, 'msg' => i18n('Not exists'));
        }
    }
    if ($errors) {
        cn_assign('errors', $errors);
        echoheader('', 'Permission self check');
        echo exec_tpl('dashboard/selfchk');
        echofooter();
    } else {
        msg_info('All is fine, necessary permits have');
    }
}
Пример #17
0
    $msg_warning .= $l->g(2043);
}
if ($msg_warning != "") {
    msg_warning($msg_warning);
}
mysql_select_db($_POST['database']);
if (isset($_POST["label"])) {
    if ($_POST["label"] != "") {
        @mysql_query("DELETE FROM deploy WHERE NAME='label'");
        $query = "INSERT INTO deploy VALUES('label','%s');";
        $arg = $_POST["label"];
        mysql2_query_secure($query, $link, $arg);
        //mysql_query($query) or die(mysql_error());
        msg_info($l->g(2044));
    } else {
        msg_info($l->g(2045));
    }
}
if ($_POST["fin"] == "fin") {
    // Configuration done, so try with account from config file
    if (!@mysql_connect($valServ, $valNme, $valPass)) {
        if (mysql_errno() == 0) {
            echo "<br><center><font color=red><b>" . $l->g(2043) . " " . $l->g(2044) . "</b><br></font></center>";
            die;
        } else {
            echo "<br><center><font color=red><b>" . $l->g(2043) . " (" . $l->g(2017) . " " . $l->g(2010) . "=" . $_POST["host"] . " " . $l->g(2011) . "=ocs " . $l->g(2014) . "=ocs)" . "</b><br></font></center>";
        }
        echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
        unlink(CONF_MYSQL);
    } else {
        msg_success("<b>" . $l->g(2050) . "</b><br><br><b><a href='index.php'>" . $l->g(2051) . "</a></b>");
Пример #18
0
        $tab_nom = $l->g(674) . " " . show_modif($protectedPost['RULE_NAME'], "RULE_NAME", "0");
        $tab = "<table align='center'>";
        $i = 1;
        while ($i < $numero + 1) {
            if ($i == 1) {
                $entete = 'YES';
            } else {
                $entete = 'NO';
            }
            $tab .= fields_conditions_rules($i, $entete);
            $i++;
        }
        echo $tab_nom;
        echo $tab;
        echo "</tr></table>";
        echo "<a onclick='return pag(" . $numero . ",\"NUM_RULES\",\"rules\")'><font color=green>" . $l->g(682) . "</font></a>&nbsp<a onclick='return pag(\"RAZ\",\"RAZ\",\"rules\");'><font color=\"red\">" . $l->g(113) . "</font></a><br><br>";
        if ($protectedPost['MODIF'] != "" or $protectedPost['OLD_MODIF'] != "") {
            echo "<input type='submit'  value='" . $l->g(625) . "' name='MODIF_RULE' onclick='return check();'>";
        } else {
            echo "<input type='submit'  value='" . $l->g(683) . "' name='ADD_RULE' onclick='return check();'>";
        }
        echo "<input type='hidden' id='NUM_RULES' name='NUM_RULES' value=''>";
        echo "<input type='hidden' id='RAZ' name='RAZ' value=''>";
        echo "<input type='hidden' id='OLD_MODIF' name='OLD_MODIF' value='" . $modif . "'>";
    } else {
        echo "<input type='submit'  value='" . $l->g(685) . "' name='NEW_RULE'>";
    }
    echo close_form();
} else {
    msg_info($l->g(1182));
}
    printEntete($l->g(1245));
    echo "<br>";
    ajaxtab_entete_fixe($list_fields, $default_fields, $tab_options, $list_col_cant_del);
    //echo show_modif($name,'ADD_FILE',8,"",$configinput=array('DDE'=>100));
    echo "<input type=submit name=ADD_FILE value='" . $l->g(1048) . "'>";
    echo close_form();
}
if (isset($protectedPost['ADD_FILE']) and $protectedPost['ADD_FILE'] != '') {
    $css = "mvt_bordure";
    $form_name1 = "SEND_FILE";
    //search max_allowed_packet value on mysql conf
    $sql = "SHOW VARIABLES LIKE 'max_allowed_packet'";
    $result = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"]);
    $value = mysqli_fetch_array($result);
    //pass oct to Mo
    $upload_max_filesize = $value['Value'] / 1048576;
    msg_info($l->g(2022) . ' ' . $valBumf . $l->g(1240) . "<br>" . $l->g(2106) . " " . $upload_max_filesize . $l->g(1240));
    //echo "post_max_size=".$valTpms.$l->g(1240).'//upload_max_filesize='.$valTumf.$l->g(1240);
    echo open_form($form_name1, '', "enctype='multipart/form-data' onsubmit=\"return verif_file_format('file_upload');\"");
    echo '<div class="' . $css . '" >';
    echo $l->g(1048) . ": <input id='file_upload' name='file_upload' type='file' accept=''>";
    echo "<br><br><input name='GO' id='GO' type='submit' value='" . $l->g(13) . "'>&nbsp;&nbsp;";
    //echo "<input type='button' name='RESET' id='RESET' value='".$l->g(113)."' onclick='submit(".$form_name.")'>";
    echo "</div>";
    echo close_form();
    echo "<br>";
}
if ($ajax) {
    ob_end_clean();
    tab_req($list_fields, $default_fields, $list_col_cant_del, $sql, $tab_options);
}
Пример #20
0
require_once 'require/function_telediff_wk.php';
$activate = option_conf_activate('TELEDIFF_WK');
if ($activate) {
    $conf_Wk = look_config_default_values(array('IT_SET_PERIM', 'IT_SET_NAME_TEST', 'IT_SET_NAME_LIMIT', 'IT_SET_TAG_NAME', 'IT_SET_NIV_TEST', 'IT_SET_NIV_REST'));
    //configuration sur le groupe
    if ($conf_Wk['ivalue']['IT_SET_PERIM'] != 1) {
        $mes_wk = "";
        if ($conf_Wk['tvalue']['IT_SET_NAME_TEST'] == $name) {
            $mes_wk = $l->g(1188);
        }
        if ($conf_Wk['tvalue']['IT_SET_NAME_LIMIT'] == $name) {
            $mes_wk .= "<br>" . $l->g(1189);
        }
    }
    if ($mes_wk != '') {
        msg_info($l->g(1047) . ": " . $mes_wk);
    }
}
echo "<tr>" . $tdhd . $l->g(577) . $tdhf . $tdhdpb . $name . $tdhfpb;
echo $tdhd . $l->g(593) . $tdhf . $tdhdpb . dateTimeFromMysql($item->LASTDATE) . $tdhfpb;
if (!$pureStat) {
    echo "</tr><tr>" . $tdhd . $l->g(594) . $tdhf . $tdhdpb . date("F j, Y, g:i a", $item->CREATE_TIME) . $tdhfpb;
}
echo "</tr><tr><td>&nbsp;</td></tr>";
echo $tdhd . $l->g(615) . $tdhf . "<td  align='left' width='20%' colspan='3'>";
if (!$pureStat) {
    echo $item->REQUEST;
    //affichage des requetes qui ont form� ce groupe
    if ($item->XMLDEF != "") {
        $tab_list_sql = regeneration_sql($item->XMLDEF);
        $i = 1;
Пример #21
0
        require_once HEADER_HTML;
        if (isset($protectedPost['Valid_CNX'])) {
            $login_successful = $l->g(180);
            msg_error($login_successful);
            flush();
            //you can't send a new login/passwd before 2 seconds
            sleep(2);
        }
        echo "<br/>";
        $name_field = array("LOGIN", "PASSWD");
        $tab_name = array($l->g(24) . ": ", $l->g(217) . ":");
        $type_field = array(0, 4);
        $value_field = array($protectedPost['LOGIN'], '');
        $tab_typ_champ = show_field($name_field, $type_field, $value_field);
        foreach ($tab_typ_champ as $id => $values) {
            $tab_typ_champ[$id]['CONFIG']['SIZE'] = 20;
        }
        if (DEMO) {
            msg_info($l->g(24) . ": " . DEMO_LOGIN . "<br/>" . $l->g(217) . ": " . DEMO_PASSWD);
        }
        if (isset($tab_typ_champ)) {
            tab_modif_values($tab_name, $tab_typ_champ, array(), array('button_name' => 'CNX', 'show_button' => 'BUTTON'));
        }
        require_once FOOTER_HTML;
        die;
    } else {
        header('WWW-Authenticate: Basic realm="OcsinventoryNG"');
        header('HTTP/1.0 401 Unauthorized');
        die;
    }
}
Пример #22
0
    		if($protectedPost['ACTION'] != 'DEL'){
    			$tab_typ_champ[3]['DEFAULT_VALUE']=$protectedPost['UPDATE'];
    			$tab_typ_champ[3]['INPUT_NAME']="UPDATE";
    			$tab_typ_champ[3]['INPUT_TYPE']=0;
    			$tab_typ_champ[3]['CONFIG']['SIZE']=60;
    			$tab_typ_champ[3]['CONFIG']['MAXLENGTH']=255;
    			$tab_name[3]=$l->g(1133).":";
    		}
    		$show_buttons=true;
    	}else
    	$show_buttons=false;
    	tab_modif_values($tab_name,$tab_typ_champ,'',$l->g(1130),$comment="","EDITION",$show_buttons,$form_language);*/
}
if ($_SESSION['OCS']['DEBUG'] == 'ON') {
    if (isset($_SESSION['OCS']['SQL_DEBUG'])) {
        msg_info("<b>" . $l->g(5001) . "</b><br><br>" . implode('<br><hr>', $_SESSION['OCS']['SQL_DEBUG']));
    }
    echo "<hr/>";
    echo "<div align=center>VAR POST</div>";
    if (isset($protectedPost)) {
        print_r_V2($protectedPost);
    }
    echo "<hr/>";
    echo "<div align=center>VAR SESSION</div>";
    foreach ($_SESSION['OCS'] as $key => $value) {
        if ($key != "fichLang" and $key != "LANGUAGE_FILE" and $key != "mac" and $key != "writeServer" and $key != "readServer") {
            $tab_session[$key] = $value;
        }
    }
    if (isset($tab_session)) {
        print_r_V2($tab_session);
Пример #23
0
                 $ssh->exec('sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem -subj "/C=AU/ST=AU/L=AU/O=Internet Widgits Pty Ltd/OU=IT/CN=' . $root . '"');
                 $ssh->exec('service vsftpd restart');
                 $stmt = $mysqli->prepare("INSERT INTO dedicated(name,os,ip,port,user,password,status,language,os_bit) VALUES (?, ?, ?, ? ,? ,? ,?, ? ,?)");
                 $stmt->bind_param('sssissisi', $name, $os_version, $ip, $port, $user, $password, $status, $language, $os_bit);
                 $stmt->execute();
                 $stmt->close();
                 unset($root_password);
                 unset($root);
             }
             msg_okay(_dedicated_message_added);
         } else {
             msg_error('Something went wrong, ' . $msg);
         }
     }
 }
 msg_info(_dedicated_message_info_abort);
 ?>
         <form class="form-horizontal" action="index.php?page=rootserver?add" method="post">
           <div class="form-group">
             <label class="control-label col-sm-2">Name:</label>
             <div class="col-sm-6">
               <input type="text" class="form-control input-sm" name="name" placeholder="Chewbacca">
             </div>
             <div class="col-sm-2">
               <select class="form-control input-sm" name="os">
                 <option disabled selected>Debian</option>
                 <option>Debian 8 32bit</option>
                 <option>Debian 8 64bit</option>
                 <option disabled selected>Ubuntu</option>
                 <option>Ubuntu 14.04 32bit</option>
                 <option>Ubuntu 14.04 64bit</option>
Пример #24
0
            //This group is define as RESTRICT zone
            if ($item->NAME == $conf_Wk['tvalue']['IT_SET_NAME_LIMIT']) {
                $restrict = $conf_Wk['tvalue']['IT_SET_NIV_REST'];
                $msg_wk .= $l->g(1193) . "<br>";
                array_push($arg_affect_pack, $restrict);
                $fileid_show = array_merge($fileid_rest, $fileid_show);
            }
            //This group is not define for the teledeploy
            if (!isset($restrict)) {
                $msg_wk .= $l->g(1194) . " " . $conf_Wk['tvalue']['IT_SET_NIV_REST'] . " " . $l->g(1195);
            }
            $fileid_show = array_merge($fileid_total, $fileid_show);
        }
    }
    if (isset($msg_wk)) {
        msg_info($msg_wk);
    }
}
//activation options
if ($protectedPost['MODIF'] != '' and isset($protectedPost['DWL_OPT']) and $protectedPost['DWL_OPT'] == "YES") {
    $tab_hidden['SELECT'] = $protectedPost['MODIF'];
    $tab_hidden['onglet'] = $protectedPost['onglet'];
    $tab_hidden['rule_choise'] = $protectedPost['rule_choise'];
    $action = array('REBOOT' => $l->g(1311), 'SHUTDOWN' => $l->g(1310));
    $min = array('00' => '00', '15' => '15', '30' => '30', '45' => '45');
    $hour = array('00' => '00', '01' => '01', '02' => '02', '03' => '03', '04' => '04', '05' => '05', '06' => '06', '07' => '07', '08' => '08', '09' => '09', '10' => '10', '11' => '11', '12' => '12');
    $i = 0;
    while ($i <= 1) {
        if ($i == 0) {
            $am_pm = '';
        } else {
Пример #25
0
    mysql2_query_secure($sql_del, $_SESSION['OCS']["writeServer"], $arg_del);
    //delete cache
    unset($_SESSION['OCS']["ipdiscover"]);
    require_once BACKEND . 'ipdiscover/ipdiscover.php';
    $tab_options['CACHE'] = 'RESET';
}
if (isset($_SESSION['OCS']["ipdiscover"])) {
    $dpt = array_keys($_SESSION['OCS']["ipdiscover"]);
    array_unshift($dpt, "");
    foreach ($dpt as $key => $value) {
        $list_index[$key] = $value;
    }
    asort($list_index);
    echo $l->g(562) . " " . show_modif($list_index, 'DPT_CHOISE', 2, $form_name, array('DEFAULT' => "NO"));
} else {
    msg_info(mb_strtoupper($l->g(1134)));
}
if (isset($protectedPost['DPT_CHOISE']) and $protectedPost['DPT_CHOISE'] != '0') {
    $array_rsx = find_all_subnet($dpt[$protectedPost['DPT_CHOISE']]);
    $tab_options['VALUE']['LBL_RSX'] = $_SESSION['OCS']["ipdiscover"][$dpt[$protectedPost['DPT_CHOISE']]];
    $arg_sql = array();
    $sql = " select * from (select inv.RSX as ID,\n\t\t\t\t\t  inv.c as 'INVENTORIE',\n\t\t\t\t\t  non_ident.c as 'NON_INVENTORIE',\n\t\t\t\t\t  ipdiscover.c as 'IPDISCOVER',\n\t\t\t\t\t  ident.c as 'IDENTIFIE',\n\t\t\t\t\t  CASE WHEN ident.c IS NULL and ipdiscover.c IS NULL THEN 100 WHEN ident.c IS NULL THEN 0 ELSE round(100-(non_ident.c*100/(ident.c+non_ident.c)),1) END as 'pourcentage'\n\t\t\t  from (SELECT COUNT(DISTINCT hardware_id) as c,'IPDISCOVER' as TYPE,tvalue as RSX\n\t\t\t\t\tFROM devices \n\t\t\t\t\tWHERE name='IPDISCOVER' and tvalue in  ";
    $arg = mysql2_prepare($sql, $arg_sql, $array_rsx);
    $arg['SQL'] .= " GROUP BY tvalue) \n\t\t\t\tipdiscover right join\n\t\t\t\t   (SELECT count(distinct(hardware_id)) as c,'INVENTORIE' as TYPE,ipsubnet as RSX\n\t\t\t\t\tFROM networks left join subnet on networks.ipsubnet=subnet.netid\n\t\t\t\t\tWHERE ipsubnet in  ";
    $arg = mysql2_prepare($arg['SQL'], $arg['ARG'], $array_rsx);
    $arg['SQL'] .= " and status='Up' GROUP BY ipsubnet) \n\t\t\t\tinv on ipdiscover.RSX=inv.RSX left join\n\t\t\t\t\t(SELECT COUNT(DISTINCT mac) as c,'IDENTIFIE' as TYPE,netid as RSX\n\t\t\t\t\tFROM netmap \n\t\t\t\t\tWHERE mac IN (SELECT DISTINCT(macaddr) FROM network_devices) \n\t\t\t\t\t\tand netid in  ";
    $arg = mysql2_prepare($arg['SQL'], $arg['ARG'], $array_rsx);
    $arg['SQL'] .= " GROUP BY netid) \n\t\t\t\tident on ipdiscover.RSX=ident.RSX left join\n\t\t\t\t\t(SELECT COUNT(DISTINCT mac) as c,'NON IDENTIFIE' as TYPE,netid as RSX\n\t\t\t\t\tFROM netmap n\n\t\t\t\t\tLEFT JOIN networks ns ON ns.macaddr=n.mac\n\t\t\t\t\tWHERE n.mac NOT IN (SELECT DISTINCT(macaddr) FROM network_devices) \n\t\t\t\t\t\tand (ns.macaddr IS NULL OR ns.IPSUBNET <> n.netid) \n\t \t\t\t\t\tand ns.HARDWARE_ID IS NULL\n\t\t\t\t\t\tand n.netid in  ";
    $arg = mysql2_prepare($arg['SQL'], $arg['ARG'], $array_rsx);
    $arg['SQL'] .= " GROUP BY netid) \n\t\t\t\tnon_ident on non_ident.RSX=inv.RSX \n\t\t\t\t) toto";
    $tab_options['ARG_SQL'] = $arg['ARG'];
echo _PREFIX_FIELD;
?>
_form" id="by_options" method="post" action="<?php 
echo str_replace('%7E', '~', $_SERVER['REQUEST_URI']);
?>
">  
        <input type="hidden" name="<?php 
echo _OPTION_CHECK_UPDATE;
?>
" value="Y">  
		<?php 
if ($byrev_hotlink_gtfo_copy['enable_hotlink_gtfo'][0] == 'Disable') {
    msg_info(false, 'NOTE: Pugin is not active yet. Please set <b>Enable</b> from <b>Enable Hotlink Protection</b> option!', '');
}
if ($byrev_hotlink_gtfo_copy['watermark_enabled'][0] == 'Disable') {
    msg_info(false, 'WARNING NOTE: Images are not fully protected - Watermark over Hotlink images is Disabled. Set <b>Enable</b> from <b>Enabled Watermark</b> option and click <b>Update Options</b>.', '');
}
foreach ($byrev_hotlink_gtfo_copy as $key_index => $this_default) {
    if (is_array($this_default)) {
        $db_field = _PREFIX_FIELD . '[' . $key_index . ']';
        list($_value, $_name, $_info, $_input) = $this_default;
        if ($_input == 'hidden') {
            echo '<input type="hidden" name="' . $db_field . '" value="' . $_value . '">';
            continue;
        }
        echo '<p class="by_item">';
        echo '<div class="by_item_name" >';
        _e($_name . ": ");
        echo '</div>';
        if (!is_array($_input)) {
            if ($_input == 'hidden') {
Пример #27
0
<?php

if (!defined('EXEC_TIME')) {
    die('Access restricted');
}
// Loading filters
require_once SERVDIR . '/core/modules/hooks/common.php';
// Require module -----
$_module = REQ('mod', 'GPG');
// Loading all modules (internal + external)
$_init_modules = hook('modules/init_modules', array('main' => array('path' => 'dashboard', 'acl' => 'Cd'), 'addnews' => array('path' => 'add_news', 'acl' => 'Can'), 'editnews' => array('path' => 'edit_news', 'acl' => 'Cvn'), 'media' => array('path' => 'media', 'acl' => 'Cmm'), 'maint' => array('path' => 'maint', 'acl' => 'Cmt'), 'help' => array('path' => 'help', 'acl' => ''), 'logout' => array('path' => 'logout', 'acl' => '')));
// Required module not exist
if (!isset($_init_modules[$_module])) {
    // external module chk
    $_module = hook('modules/init', 'main', $_module);
}
// Check restrictions, if user is authorized
if (($user = member_get()) && defined('AREA') && AREA == 'ADMIN') {
    if (test($_init_modules[$_module]['acl'])) {
        // Request module
        $_mod_cfg = $_init_modules[$_module];
        include MODULE_DIR . '/' . $_mod_cfg['path'] . '.php';
    } else {
        //check user for ban group
        if ($user['acl'] == ACL_LEVEL_BANNED) {
            global $_SESS;
            $_SESSION = array();
        }
        msg_info('Section [' . cn_htmlspecialchars($_module) . '] disabled for you', PHP_SELF);
    }
}
     $debug .= $l->g(5013) . "<br>";
     if (isset($field_value_complement)) {
         foreach ($field_value_complement as $key => $value) {
             $debug .= $key . " => " . $value . "<br>";
         }
     }
     $debug .= $l->g(5014) . "<br>";
     if (isset($field_and_or)) {
         foreach ($field_and_or as $key => $value) {
             if ($value != '') {
                 $debug .= $key . " => " . $value . "<br>";
             }
         }
     }
     if (isset($debug) and $debug != '') {
         msg_info($debug);
     }
 }
 $i = 0;
 //tableau des requêtes à executer
 //qui est contruit au fur et a mesure
 $sql_search = array();
 while ($table[$i]) {
     //initialisation de la variable des requêtes temporaires
     $sql_temp = "";
     if ($field_compar[$i] == "" and substr($field_value[$i], 0, 4) != "ALL_") {
         $field_compar[$i] = "exact";
     }
     //traitement du champ de comparaison
     switch ($field_compar[$i]) {
         case "exact":
Пример #29
0
             if (!preg_match("/^[a-zA-Z0-9._ -]+\$/", $parameter)) {
                 $msg = _gameserver_map_invalid . "<br>";
                 $error = true;
             }
         }
         if (port_exists($row[3], $port, $row[2])) {
             $msg = _gameserver_port_in_use;
             $error = true;
         }
         if ($error == false) {
             $stmt = $mysqli->prepare("UPDATE gameservers SET map = ?,parameter = ?, slots = ?, port = ?, parameters_active = ?, restart = ?,restart_time = ?,autoupdate = ?, game = ?  WHERE id = ?");
             $stmt->bind_param('ssiiiiiiii', $map, $parameter, $slots, $port, $parameter_active, $restart_active, $time, $updates_active, $game, $row[0]);
             $stmt->execute();
             $stmt->close();
             if ($db_game != $game) {
                 msg_info(_gameserver_game_change);
             }
         } else {
             msg_error($msg);
         }
     }
 }
 $stmt = $mysqli->prepare("SELECT map,parameter,slots,port,parameters_active,restart,restart_time,autoupdate FROM gameservers WHERE id = ?");
 $stmt->bind_param('i', $row[0]);
 $stmt->execute();
 $stmt->bind_result($db_map, $db_parameter, $db_slots, $db_port, $db_parameter_active, $db_restart, $restart_time, $autoupdate);
 $stmt->fetch();
 $stmt->close();
 $stmt = $mysqli->prepare("SELECT map_path FROM templates WHERE id = ?");
 if (false === $stmt) {
     die('prepare() failed: ' . htmlspecialchars($mysqli->error));