function update($action, $member_id, $description = '') { if (array_key_exists($action, $this->actions) && !empty($member_id)) { $rule = $this->actions[$action]['rule']; $can_update = $this->checkIfCanUpdate($member_id, $rule, $action); if ($can_update) { $point = abs($this->actions[$action]['point']); switch ($this->actions[$action]['do']) { case "inc": $updated = $this->increase($point, $member_id); break; case "dec": $updated = $this->decrease($point, $member_id); break; default: break; } $sql = "INSERT INTO {$this->table_prefix}pointlogs (member_id,action_name,points,description,ip_address,created) VALUE ({$member_id},'" . $action . "'," . $point . ",'" . $description . "','" . pb_get_client_ip('str') . "'," . $this->timestamp . ")"; $this->dbstuff->Execute($sql); } else { return; } } else { return; } }
function checkUserLogin($uname, $upass, $set = true) { $uname = trim($uname); $upass = trim($upass); $_this =& Members::getInstance(); if (empty($uname) || empty($upass)) { return -1; } $sql = "SELECT m.id,m.username,m.userpass,af.first_name,af.last_name,af.expired FROM {$this->table_prefix}adminfields af LEFT JOIN {$this->table_prefix}members m ON af.member_id=m.id WHERE m.username='******'"; $tmpUser = $this->dbstuff->GetRow($sql); if (!$_this->checkUserExist($uname)) { $this->error = L("member_not_exists"); return -2; } elseif ($tmpUser['expired'] != 0 && $tmpUser['expired'] < $this->timestamp) { $this->error = L("account_expired"); return; } elseif (!pb_strcomp($tmpUser['userpass'], $_this->authPasswd($upass))) { $this->error = L("login_pwd_wrong"); return -3; } else { $this->dbstuff->Execute("UPDATE {$this->table_prefix}adminfields SET last_login="******",last_ip='" . pb_get_client_ip("str") . "' WHERE member_id=" . $tmpUser['id']); $tAuth = $tmpUser['id'] . "\n" . $tmpUser['username'] . "\n" . $tmpUser['userpass']; usetcookie("admin", authcode($tAuth, "ENCODE")); return true; } }
function Add($data) { if (empty($data['created'])) { $data['created'] = $this->timestamp; } return $this->dbstuff->Execute("INSERT INTO {$this->table_prefix}logs (handle_type,source_module,description,ip_address,created,modified) VALUE ('" . $data['handle_type'] . "','" . $data['source_module'] . "','" . $data['description'] . "','" . pb_get_client_ip() . "','" . $data['created'] . "','" . $this->timestamp . "')"); }
function Add() { global $_PB_CACHE; if (isset($this->params['data']['market']['name'])) { $this->params['data']['market']['created'] = $this->params['data']['market']['modified'] = $this->timestamp; $this->params['data']['market']['ip_address'] = pb_get_client_ip('str'); $this->params['data']['market']['status'] = 0; return $this->save($this->params['data']['market']); } return false; }
function post() { require CLASS_PATH . "validation.class.php"; $validate = new Validation(); if (isset($_POST['save_service'])) { pb_submit_check('service'); $vals = array(); $vals['status'] = 0; $vals['member_id'] = 0; $vals['content'] = $_POST['service']['content']; if (isset($_POST['service']['nick_name'])) { $vals['nick_name'] = $_POST['service']['nick_name']; } $vals['email'] = $_POST['service']['email']; $vals['type_id'] = $_POST['service']['type_id']; $vals['created'] = $time_stamp; $vals['user_ip'] = pb_get_client_ip(); $vals['title'] = $_POST['service']['title']; $this->service->doValidation($vals); if (!empty($this->service->validationErrors)) { setvar("item", $vals); setvar("Errors", $validate->show($service)); render("service/index"); } else { if (empty($vals['title'])) { $vals['title'] = L("comments_and_suggestions", "tpl"); } if ($this->service->save($vals)) { flash('thanks_for_advise', URL); } else { flash(); } } } else { flash("pls_enter_your_advise", "index.php"); } }
function Add() { global $_PB_CACHE, $memberfield, $phpb2b_auth_key, $if_need_check; $error_msg = array(); if (empty($this->params['data']['member']['username']) or empty($this->params['data']['member']['userpass']) or empty($this->params['data']['member']['email'])) { return false; } $space_name = $this->params['data']['member']['username']; $userpass = $this->params['data']['member']['userpass']; $this->params['data']['member']['userpass'] = $this->authPasswd($this->params['data']['member']['userpass']); if (empty($this->params['data']['member']['space_name'])) { $this->params['data']['member']['space_name'] = PbController::toAlphabets($space_name); } //Todo: $uip = pb_ip2long(pb_getenv('REMOTE_ADDR')); if (empty($uip)) { pheader("location:" . URL . "redirect.php?message=" . urlencode(L('sys_error'))); } $this->params['data']['member']['last_login'] = $this->params['data']['member']['created'] = $this->params['data']['member']['modified'] = $this->timestamp; $this->params['data']['member']['last_ip'] = pb_get_client_ip('str'); $email_exists = $this->checkUserExistsByEmail($this->params['data']['member']['email']); if ($email_exists) { flash("email_exists", null, 0); } $if_exists = $this->checkUserExist($this->params['data']['member']['username']); if ($if_exists) { flash('member_has_exists', null, 0); } else { $this->save($this->params['data']['member']); $key = $this->table_name . "_id"; if ($this->ins_passport) { $this->passport(array($this->{$key}, $this->params['data']['member']['username'], $userpass, $this->params['data']['member']['email']), "reg"); } $memberfield->primaryKey = "member_id"; $memberfield->params['data']['memberfield']['member_id'] = $this->{$key}; $memberfield->params['data']['memberfield']['reg_ip'] = $this->params['data']['member']['last_ip']; $memberfield->save($memberfield->params['data']['memberfield']); if (!$if_need_check) { $user_info['id'] = $this->{$key}; $user_info['username'] = $this->params['data']['member']['username']; $user_info['userpass'] = $userpass; $user_info['useremail'] = $this->params['data']['member']['email']; $user_info['lifetime'] = $this->timestamp + 86400; $user_info['is_admin'] = 0; $this->putLoginStatus($user_info); } } return true; }
* * @version $Revision: 2075 $ */ define('IN_PBADMIN', TRUE); if (empty($_COOKIE[$cookiepre . 'admin']) || !$_COOKIE[$cookiepre . 'admin']) { echo "<script language='javascript'>top.location.href='login.php';</script>"; exit; } else { uses("adminfield"); $adminer = new Adminfields(); $tAdminInfo = authcode($_COOKIE[$cookiepre . 'admin'], "DECODE"); $tAdminInfo = explode("\n", $tAdminInfo); $current_adminer_id = $tAdminInfo[0]; $current_adminer = $tAdminInfo[1]; $current_pass = $tAdminInfo[2]; $adminer->loadsession($current_adminer_id, pb_get_client_ip("str"), $cfg_checkip); $adminer_info = $adminer->info; uaAssign(array("current_adminer" => $current_adminer, "current_adminer_id" => $current_adminer_id)); } $sections = array('admin', 'message', 'adminmenu'); $smarty->configLoad('default.conf', $sections); require PHPB2B_ROOT . 'phpb2b_version.php'; $ADODB_CACHE_DIR = DATA_PATH . 'dbcache'; $smarty->template_dir = PHPB2B_ROOT . "templates/admin/"; $smarty->assign("admin_theme_path", "../templates/admin/"); $smarty->setCompileDir($smarty->getCompileDir() . "pb-admin" . DS); $smarty->flash_layout = "flash"; $smarty->assign("addParams", $viewhelper->addParams); $smarty->assign("today_timestamp", mktime(0, 0, 0, date("m"), date("d"), date("Y"))); function size_info($fileSize) {
function Add($params = '') { $result = false; if (!empty($this->params['expire_days'])) { $trade_controller =& Trade::getInstance(); if (array_key_exists($this->params['expire_days'], $trade_controller->getOfferExpires())) { $this->params['data']['trade']['expire_time'] = $this->timestamp + 24 * 3600 * $_POST['expire_days']; $this->params['data']['trade']['expire_days'] = $_POST['expire_days']; } else { $this->params['data']['trade']['expire_time'] = $this->timestamp + 24 * 3600 * 10; $this->params['data']['trade']['expire_days'] = 10; } } $this->params['data']['trade']['submit_time'] = $this->params['data']['trade']['created'] = $this->params['data']['trade']['modified'] = $this->timestamp; $this->params['data']['trade']['ip_addr'] = pb_get_client_ip('str'); if (isset($this->params['data']['trade']['title'])) { $trade_info = $this->params['data']['trade']; $result = $this->save($trade_info); $key = $this->table_name . "_id"; $last_tradeid = $this->{$key}; $_this =& Tradefields::getInstance(); $_this->params['data']['tradefield']['trade_id'] = $last_tradeid; $tradefield_info = $_this->params['data']['tradefield'] + $this->params['data']['tradefield']; $_this->primaryKey = "trade_id"; $_this->save($tradefield_info); } return $result; }
} } $serverinfo = PHP_VERSION; $serverinfo .= @ini_get('safe_mode') ? ' Safe Mode' : NULL; $dbversion = $pdb->GetOne("SELECT VERSION()"); $system_info['PhpVersion'] = $serverinfo; $system_info["MysqlVersion"] = $dbversion; $when_to_backup = $_PB_CACHE['setting']['backup_type']; $system_info["LastBackupTime"] = $_PB_CACHE['setting']['last_backup']; $system_info['InstallDate'] = df(file_exists(DATA_PATH . 'install.lock') ? filemtime(DATA_PATH . 'install.lock') : $pdb->GetOne("SELECT valued FROM {$tb_prefix}settings WHERE variable='install_dateline'")); $system_info['last_login'] = !empty($adminer_info['last_login']) ? date("Y-m-d H:i", $adminer_info['last_login']) : L("your_first_login", "tpl"); $system_info['last_ip'] = $adminer_info['last_ip']; $system_info['safe_mode'] = (bool) ini_get('safe_mode') ? L("correct", "tpl") : L("deny", "tpl"); $system_info['safe_mode_gid'] = (bool) ini_get('safe_mode_gid') ? L("correct", "tpl") : L("deny", "tpl"); if (!isset($_SESSION['last_adminer_time'])) { $pdb->Execute("update {$tb_prefix}adminfields set last_login={$time_stamp},last_ip='" . pb_get_client_ip('str') . "' where member_id={$adminer_info['member_id']}"); $_SESSION['last_adminer_time'] = $time_stamp; } if (isset($_POST['addAdminnote'])) { $info = $_POST['data']['adminnote']; $info['created'] = $time_stamp; $info['create_dateline'] = $date_line; $adminnote->save($info); } function checkGDSupport() { if (!function_exists("gd_info")) { return false; } else { if (function_exists("ImageCreateFromGIF")) { $return[] = L('gd_picture_ok', 'tpl', 'GIF');
$backupfilename = DATA_PATH . "backup_" . $backupdir . DS . str_replace(array('/', '\\', '.'), '', $filename); $volume = intval($_GET['volume']) + 1; if ($_GET['method'] == 'multivol') { $sqldump = ''; $tableid = intval($_GET['tableid']); $startfrom = intval($_GET['startfrom']); $complete = TRUE; for (; $complete && $tableid < count($tables) && strlen($sqldump) + 500 < $sizelimit * 1000; $tableid++) { $sqldump .= sqldumptable($tables[$tableid], $startfrom, strlen($sqldump)); $startfrom = 0; } $dumpfile = $backupfilename . "-%s" . '.sql'; @unlink($dumpfile); !$complete && $tableid--; if (trim($sqldump)) { $sqldump = "# PHPB2B Data Dump Vol.{$volume}\n" . "# Version: PHPB2B " . PHPB2B_VERSION . "\n" . "# Time: " . date("Y-m-d H:i:s") . "\n" . "# IP Address: " . pb_get_client_ip() . "\n" . "# Table Prefix: {$tb_prefix}\n" . "#\n" . "# --------------------------------------------------------\n\n\n" . $sqldump; $dumpfilename = sprintf($dumpfile, $volume); $fp = file_put_contents($dumpfilename, $sqldump); unset($sqldump); $result = $pdb->Execute("UPDATE {$tb_prefix}settings SET valued=" . $time_stamp . " WHERE variable='last_backup'"); flash("backup_and_wait", 'db.php?do=backup&filename=' . rawurlencode($filename) . "&method=multivol&" . "&volume=" . rawurlencode($volume) . "&tableid=" . rawurlencode($tableid) . "&startfrom=" . rawurlencode($startrow) . "&extendins=" . rawurlencode($extendins), 2, $volume); } else { $volume--; flash("success", "db.php?do=restore"); } } else { $sqldump = ''; $tableid = 0; $startfrom = 0; $complete = TRUE; for (; $tableid < count($tables); $tableid++) {
uses("service"); $validate = new Validation(); $service = new Services(); if (isset($_POST['save_service'])) { pb_submit_check('service'); $vals = array(); $vals['status'] = 0; $vals['member_id'] = 0; $vals['content'] = $_POST['service']['content']; if (isset($_POST['service']['nick_name'])) { $vals['nick_name'] = $_POST['service']['nick_name']; } $vals['email'] = $_POST['service']['email']; $vals['type_id'] = $_POST['service']['type_id']; $vals['created'] = $time_stamp; $vals['user_ip'] = pb_get_client_ip(); $vals['title'] = $_POST['service']['title']; $service->doValidation($vals); if (!empty($service->validationErrors)) { setvar("item", $vals); setvar("Errors", $validate->show($service)); render("service/index"); } else { if (empty($vals['title'])) { $vals['title'] = L("comments_and_suggestions", "tpl"); } if ($service->save($vals)) { flash('thanks_for_advise', URL); } else { flash(); }
function synlogin($get, $post) { global $_PB_CACHE, $phpb2b_auth_key, $pdb, $charset; session_start(); $uid = $get['uid']; $username = $get['username']; if (!API_SYNLOGIN) { return API_RETURN_FORBIDDEN; } if (!$_PB_CACHE['setting']['passport_support']) { return API_RETURN_FORBIDDEN; } header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $username = trim($username); //get userinfo from phpb2b db $sql = "SELECT * FROM " . $this->tablepre . "members WHERE username='******'"; $user_info = $pdb->GetRow($sql); if ($user_info) { //update login times $loginip = pb_get_client_ip(); $pdb->Execute("UPDATE {$this->tablepre}members SET last_login="******",last_ip='" . $loginip . "' WHERE id='{$user_info['id']}'"); $_SESSION["MemberID"] = $user_info['id']; $_SESSION["MemberName"] = $user_info['username']; //synlogin to phpb2b $auth = authcode($user_info['id'] . "\t" . $user_info['username'] . "\t" . md5($user_info['userpass']) . "\t" . $user_info['is_admin'], 'ENCODE', $phpb2b_auth_key); usetcookie('auth', $auth, time() + 3600); } else { //not exists, add a new member } }
<?php /** * [PHPB2B] Copyright (C) 2007-2099, Ualink Inc. All Rights Reserved. * The contents of this file are subject to the License; you may not use this file except in compliance with the License. * * @version $Revision: 2075 $ */ define('ANTI_FORCE', true); define('ANTI_LEVEL', 3); //higher,will be more secure,default 3. if (ANTI_FORCE) { $GLOBALS['log']->lwrite($_SERVER['HTTP_USER_AGENT']); $ip_addr = pb_get_client_ip("long"); if (strpos($referer, pb_getenv('HTTP_HOST')) === false || empty($ip_addr)) { header_sent(L("invalid_submit")); exit; } $client_agent = $_SERVER['HTTP_USER_AGENT']; if (preg_match('/windows 2000/', $client_agent)) { header("Location:" . URL); exit; } $temp = explode('(', $client_agent); $Part = $temp[0]; $ext_info = $temp[1]; $ext_info = explode(')', $ext_info); $temp = explode(';', trim($ext_info[0])); $r_info = array(); if (!empty($ext_info[1])) { $r_info = trim($ext_info[1]);