function isSelected($name, $option, $default = false, $return = false) { if (postVar($name, true) == $option || getVar($name, true) == $option) { /* make sure == not used (for string to int comparison) */ if ($return) { return 'selected'; } echo 'selected'; } else { if (!postVar($name, true) && !getVar($name, true) && $default) { if ($return) { return 'selected'; } echo 'selected'; } } }
// some functions function SE_unlockLogin($login) { sql_query("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'"); } // checks // create the admin area page $oPluginAdmin = new PluginAdmin('SecurityEnforcer'); // add styles to the <HEAD> $oPluginAdmin->start(''); // if form to unlock is posted if (postVar('action') == 'unlock') { if (!$manager->checkTicket()) { doError('Invalid Ticket'); } $logins = postVar('unlock'); $message = ''; if (is_array($logins)) { foreach ($logins as $entity) { SE_unlockLogin($entity); $message .= '<br />' . $entity . _SECURITYENFORCER_ADMIN_UNLOCKED; } } } $plug =& $oPluginAdmin->plugin; // page title echo '<h2>' . _SECURITYENFORCER_ADMIN_TITLE . '</h2>'; // error output if ($message) { echo "<p><strong>"; echo $message;
function doInstall() { global $mysql_usePrefix, $mysql_prefix, $weblog_ping; // 0. put all POST-vars into vars $mysql_host = postVar('mySQL_host'); $mysql_user = postVar('mySQL_user'); $mysql_password = postVar('mySQL_password'); $mysql_database = postVar('mySQL_database'); $mysql_create = postVar('mySQL_create'); $mysql_usePrefix = postVar('mySQL_usePrefix'); $mysql_prefix = postVar('mySQL_tablePrefix'); $config_indexurl = postVar('IndexURL'); $config_adminurl = postVar('AdminURL'); $config_adminpath = postVar('AdminPath'); $config_mediaurl = postVar('MediaURL'); $config_skinsurl = postVar('SkinsURL'); $config_pluginurl = postVar('PluginURL'); $config_actionurl = postVar('ActionURL'); $config_mediapath = postVar('MediaPath'); $config_skinspath = postVar('SkinsPath'); $user_name = postVar('User_name'); $user_realname = postVar('User_realname'); $user_password = postVar('User_password'); $user_password2 = postVar('User_password2'); $user_email = postVar('User_email'); $blog_name = postVar('Blog_name'); $blog_shortname = postVar('Blog_shortname'); $charset = postVar('charset'); $config_adminemail = $user_email; $config_sitename = $blog_name; $weblog_ping = postVar('Weblog_ping'); $_POST = array(); $config_indexurl = replaceDoubleBackslash($config_indexurl); $config_adminurl = replaceDoubleBackslash($config_adminurl); $config_mediaurl = replaceDoubleBackslash($config_mediaurl); $config_skinsurl = replaceDoubleBackslash($config_skinsurl); $config_pluginurl = replaceDoubleBackslash($config_pluginurl); $config_actionurl = replaceDoubleBackslash($config_actionurl); $config_adminpath = replaceDoubleBackslash($config_adminpath); $config_skinspath = replaceDoubleBackslash($config_skinspath); $config_mediapath = replaceDoubleBackslash($config_mediapath); /** * Include and initialize multibyte functions as a replacement for mbstring extension * if mbstring extension is not loaded. * Jan.28, 2011. Japanese Package Release Team */ if (!function_exists('mb_convert_encoding')) { global $mbemu_internals; include_once $config_adminpath . 'libs/mb_emulator/mb-emulator.php'; } if (function_exists('date_default_timezone_set')) { @date_default_timezone_set(function_exists('date_default_timezone_get') ? @date_default_timezone_get() : 'UTC'); } if ($charset == 'ujis') { define('_CHARSET', 'EUC-JP'); $config_sitename = mb_convert_encoding($config_sitename, _CHARSET, 'UTF-8'); $user_realname = mb_convert_encoding($user_realname, _CHARSET, 'UTF-8'); $blog_name = mb_convert_encoding($blog_name, _CHARSET, 'UTF-8'); } else { define('_CHARSET', 'UTF-8'); } // 1. check all the data $errors = array(); if (!$mysql_database) { array_push($errors, _ERROR2); } if ($mysql_usePrefix == 1 && strlen($mysql_prefix) == 0) { array_push($errors, _ERROR3); } if ($mysql_usePrefix == 1 && !preg_match('#^[a-zA-Z0-9_]+$#', $mysql_prefix)) { array_push($errors, _ERROR4); } // TODO: add action.php check if (!endsWithSlash($config_indexurl) || !endsWithSlash($config_adminurl) || !endsWithSlash($config_mediaurl) || !endsWithSlash($config_pluginurl) || !endsWithSlash($config_skinsurl)) { array_push($errors, _ERROR5); } if (!endsWithSlash($config_adminpath)) { array_push($errors, _ERROR6); } if (!endsWithSlash($config_mediapath)) { array_push($errors, _ERROR7); } if (!endsWithSlash($config_skinspath)) { array_push($errors, _ERROR8); } if (!is_dir($config_adminpath)) { array_push($errors, _ERROR9); } if (!_isValidMailAddress($user_email)) { array_push($errors, _ERROR10); } if (!_isValidDisplayName($user_name)) { array_push($errors, _ERROR11); } if (!$user_password || !$user_password2) { array_push($errors, _ERROR12); } if ($user_password != $user_password2) { array_push($errors, _ERROR13); } if (!_isValidShortName($blog_shortname)) { array_push($errors, _ERROR14); } if (sizeof($errors) > 0) { showErrorMessages($errors); } // 2. try to log in to mySQL global $MYSQL_CONN; // this will need to be changed if we ever allow $MYSQL_CONN = @sql_connect_args($mysql_host, $mysql_user, $mysql_password); if ($MYSQL_CONN == false) { _doError(_ERROR15 . ': ' . sql_error()); } // 3. try to create database (if needed) $mySqlVer = implode('.', array_map('intval', explode('.', sql_get_server_info()))); $collation = $charset == 'utf8' ? 'utf8_general_ci' : 'ujis_japanese_ci'; if ($mysql_create == 1) { $sql = 'CREATE DATABASE ' . $mysql_database; // <add for garble measure> if (version_compare($mySqlVer, '4.1.0', '>=')) { $sql .= ' DEFAULT CHARACTER SET ' . $charset . ' COLLATE ' . $collation; } // </add for garble measure>*/ sql_query($sql, $MYSQL_CONN) or _doError(_ERROR16 . ': ' . sql_error($MYSQL_CONN)); } // 4. try to select database sql_select_db($mysql_database, $MYSQL_CONN) or _doError(_ERROR17); /* * 4.5. set character set to this database in MySQL server * This processing is added by Nucleus CMS Japanese Package Release Team as of Mar.30, 2011 */ sql_set_charset_jp($charset); // 5. execute queries $filename = 'install.sql'; $fd = fopen($filename, 'r'); $queries = fread($fd, filesize($filename)); fclose($fd); $queries = split("(;\n|;\r)", $queries); $aTableNames = array('nucleus_actionlog', 'nucleus_ban', 'nucleus_blog', 'nucleus_category', 'nucleus_comment', 'nucleus_config', 'nucleus_item', 'nucleus_karma', 'nucleus_member', 'nucleus_plugin', 'nucleus_skin', 'nucleus_template', 'nucleus_team', 'nucleus_activation', 'nucleus_tickets'); // these are unneeded (one of the replacements above takes care of them) // 'nucleus_plugin_event', // 'nucleus_plugin_option', // 'nucleus_plugin_option_desc', // 'nucleus_skin_desc', // 'nucleus_template_desc', $aTableNamesPrefixed = array($mysql_prefix . 'nucleus_actionlog', $mysql_prefix . 'nucleus_ban', $mysql_prefix . 'nucleus_blog', $mysql_prefix . 'nucleus_category', $mysql_prefix . 'nucleus_comment', $mysql_prefix . 'nucleus_config', $mysql_prefix . 'nucleus_item', $mysql_prefix . 'nucleus_karma', $mysql_prefix . 'nucleus_member', $mysql_prefix . 'nucleus_plugin', $mysql_prefix . 'nucleus_skin', $mysql_prefix . 'nucleus_template', $mysql_prefix . 'nucleus_team', $mysql_prefix . 'nucleus_activation', $mysql_prefix . 'nucleus_tickets'); // these are unneeded (one of the replacements above takes care of them) // $mysql_prefix . 'nucleus_plugin_event', // $mysql_prefix . 'nucleus_plugin_option', // $mysql_prefix . 'nucleus_plugin_option_desc', // $mysql_prefix . 'nucleus_skin_desc', // $mysql_prefix . 'nucleus_template_desc', $count = count($queries); for ($idx = 0; $idx < $count; $idx++) { $query = trim($queries[$idx]); // echo "QUERY = " . htmlspecialchars($query) . "<p>"; if ($query) { if ($mysql_usePrefix == 1) { $query = str_replace($aTableNames, $aTableNamesPrefixed, $query); } // <add for garble measure> if ($mysql_create != 1 && strpos($query, 'CREATE TABLE') === 0 && version_compare($mySqlVer, '4.1.0', '>=')) { $query .= ' DEFAULT CHARACTER SET ' . $charset . ' COLLATE ' . $collation; } // </add for garble measure>*/ sql_query($query, $MYSQL_CONN) or _doError(_ERROR30 . ' (' . htmlspecialchars($query) . '): ' . sql_error($MYSQL_CONN)); } } // 5a make first post if (strtoupper(_CHARSET) != 'UTF-8') { $itm_title = mb_convert_encoding(_1ST_POST_TITLE, _CHARSET, 'UTF-8'); $itm_body = mb_convert_encoding(_1ST_POST, _CHARSET, 'UTF-8'); $itm_more = mb_convert_encoding(_1ST_POST2, _CHARSET, 'UTF-8'); } else { $itm_title = _1ST_POST_TITLE; $itm_body = _1ST_POST; $itm_more = _1ST_POST2; } $newpost = "INSERT INTO " . tableName('nucleus_item') . " VALUES (" . "1, " . "'" . $itm_title . "'," . " '" . $itm_body . "'," . " '" . $itm_more . "'," . " 1, 1, '2005-08-15 11:04:26', 0, 0, 0, 1, 0, 1);"; sql_query($newpost, $MYSQL_CONN) or _doError(_ERROR18 . ' (' . htmlspecialchars($newpost) . '): ' . sql_error($MYSQL_CONN)); // 6. update global settings updateConfig('IndexURL', $config_indexurl); updateConfig('AdminURL', $config_adminurl); updateConfig('MediaURL', $config_mediaurl); updateConfig('SkinsURL', $config_skinsurl); updateConfig('PluginURL', $config_pluginurl); updateConfig('ActionURL', $config_actionurl); updateConfig('AdminEmail', $config_adminemail); updateConfig('SiteName', $config_sitename); if ($charset == 'ujis') { updateConfig('Language', 'japanese-euc'); } // 7. update GOD member $query = 'UPDATE ' . tableName('nucleus_member') . " SET mname\t = '" . addslashes($user_name) . "'," . " mrealname\t = '" . addslashes($user_realname) . "'," . " mpassword\t = '" . md5(addslashes($user_password)) . "'," . " murl\t\t = '" . addslashes($config_indexurl) . "'," . " memail\t\t= '" . addslashes($user_email) . "'," . " madmin\t\t= 1," . " mcanlogin\t = 1" . " WHERE" . " mnumber\t = 1"; sql_query($query, $MYSQL_CONN) or _doError(_ERROR19 . ': ' . sql_error($MYSQL_CONN)); // 8. update weblog settings $query = 'UPDATE ' . tableName('nucleus_blog') . " SET bname = '" . addslashes($blog_name) . "'," . " bshortname = '" . addslashes($blog_shortname) . "'," . " burl\t = '" . addslashes($config_indexurl) . "'" . " WHERE" . " bnumber\t= 1"; sql_query($query, $MYSQL_CONN) or _doError(_ERROR20 . ': ' . sql_error($MYSQL_CONN)); // 8-2. update category settings if (strtoupper(_CHARSET) != 'UTF-8') { $cat_name = mb_convert_encoding(_GENERALCAT_NAME, _CHARSET, 'UTF-8'); $cat_desc = mb_convert_encoding(_GENERALCAT_DESC, _CHARSET, 'UTF-8'); } else { $cat_name = _GENERALCAT_NAME; $cat_desc = _GENERALCAT_DESC; } $query = 'UPDATE ' . tableName('nucleus_category') . " SET cname = '" . $cat_name . "'," . " cdesc\t = '" . $cat_desc . "'" . " WHERE" . " catid\t = 1"; sql_query($query, $MYSQL_CONN) or _doError(_ERROR20 . ': ' . sql_error($MYSQL_CONN)); // 9. update item date $query = 'UPDATE ' . tableName('nucleus_item') . " SET itime = '" . date('Y-m-d H:i:s', time()) . "'" . " WHERE inumber = 1"; sql_query($query, $MYSQL_CONN) or _doError(_ERROR21 . ': ' . sql_error($MYSQL_CONN)); global $aConfPlugsToInstall, $aConfSkinsToImport; $aSkinErrors = array(); $aPlugErrors = array(); if (count($aConfPlugsToInstall) > 0 || count($aConfSkinsToImport) > 0) { // 10. set global variables global $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE, $MYSQL_PREFIX; $MYSQL_HOST = $mysql_host; $MYSQL_USER = $mysql_user; $MYSQL_PASSWORD = $mysql_password; $MYSQL_DATABASE = $mysql_database; $MYSQL_PREFIX = $mysql_usePrefix == 1 ? $mysql_prefix : ''; global $DIR_NUCLEUS, $DIR_MEDIA, $DIR_SKINS, $DIR_PLUGINS, $DIR_LANG, $DIR_LIBS; $DIR_NUCLEUS = $config_adminpath; $DIR_MEDIA = $config_mediapath; $DIR_SKINS = $config_skinspath; $DIR_PLUGINS = $DIR_NUCLEUS . 'plugins/'; $DIR_LANG = $DIR_NUCLEUS . 'language/'; $DIR_LIBS = $DIR_NUCLEUS . 'libs/'; // close database connection (needs to be closed if we want to include globalfunctions.php) sql_close($MYSQL_CONN); $manager = ''; include_once $DIR_LIBS . 'globalfunctions.php'; // 11. install custom skins $aSkinErrors = installCustomSkins($manager); $defskinQue = 'SELECT `sdnumber` as result FROM ' . sql_table('skin_desc') . ' WHERE `sdname` = "default"'; $defSkinID = quickQuery($defskinQue); $updateQuery = 'UPDATE ' . sql_table('blog') . ' SET `bdefskin` = ' . intval($defSkinID) . ' WHERE `bnumber` = 1'; sql_query($updateQuery); $updateQuery = 'UPDATE ' . sql_table('config') . ' SET `value` = ' . intval($defSkinID) . ' WHERE `name` = "BaseSkin"'; sql_query($updateQuery); // 12. install NP_Ping, if decided if ($weblog_ping == 1) { global $aConfPlugsToInstall; array_push($aConfPlugsToInstall, "NP_Ping"); } // 13. install custom plugins $aPlugErrors = installCustomPlugs($manager); } // 14. Write config file ourselves (if possible) $bConfigWritten = 0; if (@file_exists('../config.php') && is_writable('../config.php') && ($fp = @fopen('../config.php', 'w'))) { $config_data = '<' . '?php' . "\n\n"; //$config_data .= "\n"; (extraneous, just added extra \n to previous line $config_data .= " // mySQL connection information\n"; $config_data .= " \$MYSQL_HOST\t = '" . $mysql_host . "';\n"; $config_data .= " \$MYSQL_USER\t = '" . $mysql_user . "';\n"; $config_data .= " \$MYSQL_PASSWORD = '******';\n"; $config_data .= " \$MYSQL_DATABASE = '" . $mysql_database . "';\n"; $config_data .= " \$MYSQL_PREFIX = '" . ($mysql_usePrefix == 1 ? $mysql_prefix : '') . "';\n"; $config_data .= " // new in 3.50. first element is db handler, the second is the db driver used by the handler\n"; $config_data .= " // default is \$MYSQL_HANDLER = array('mysql','');\n"; $config_data .= " //\$MYSQL_HANDLER = array('mysql','mysql');\n"; $config_data .= " //\$MYSQL_HANDLER = array('pdo','mysql');\n"; $config_data .= " \$MYSQL_HANDLER = array('" . $MYSQL_HANDLER[0] . "','" . $MYSQL_HANDLER[1] . "');\n"; $config_data .= "\n"; $config_data .= " // main nucleus directory\n"; $config_data .= " \$DIR_NUCLEUS = '" . $config_adminpath . "';\n"; $config_data .= "\n"; $config_data .= " // path to media dir\n"; $config_data .= " \$DIR_MEDIA = '" . $config_mediapath . "';\n"; $config_data .= "\n"; $config_data .= " // extra skin files for imported skins\n"; $config_data .= " \$DIR_SKINS = '" . $config_skinspath . "';\n"; $config_data .= "\n"; $config_data .= " // these dirs are normally sub dirs of the nucleus dir, but \n"; $config_data .= " // you can redefine them if you wish\n"; $config_data .= " \$DIR_PLUGINS = \$DIR_NUCLEUS . 'plugins/';\n"; $config_data .= " \$DIR_LANG\t= \$DIR_NUCLEUS . 'language/';\n"; $config_data .= " \$DIR_LIBS\t= \$DIR_NUCLEUS . 'libs/';\n"; $config_data .= "\n"; $config_data .= " // include libs\n"; $config_data .= " include(\$DIR_LIBS . 'globalfunctions.php');\n"; $config_data .= "?" . ">"; $result = @fputs($fp, $config_data, strlen($config_data)); fclose($fp); if ($result) { $bConfigWritten = 1; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title><?php echo _TITLE; ?> </title> <style>@import url('../nucleus/styles/manual.css');</style> </head> <body> <div style="text-align:center"><img src="../nucleus/styles/logo.gif" alt="<?php echo _ALT_NUCLEUS_CMS_LOGO; ?> " /></div> <!-- Nucleus logo --> <?php $aAllErrors = array_merge($aSkinErrors, $aPlugErrors); if (count($aAllErrors) > 0) { echo '<h1>' . _TITLE2 . '</h1>'; echo '<ul><li>' . implode('</li><li>', $aAllErrors) . '</li></ul>'; } if (!$bConfigWritten) { ?> <h1><?php echo _TITLE3; ?> </h1> <?php echo _TEXT10; ?> <pre><code><?php // mySQL connection information $MYSQL_HOST = '<b><?php echo $mysql_host; ?> </b>'; $MYSQL_USER = '******'; $MYSQL_PASSWORD = '******'; $MYSQL_DATABASE = '<b><?php echo $mysql_database; ?> </b>'; $MYSQL_PREFIX = '<b><?php echo $mysql_usePrefix == 1 ? $mysql_prefix : ''; ?> </b>'; // new in 3.50. first element is db handler, the second is the db driver used by the handler // default is $MYSQL_HANDLER = array('mysql',''); $MYSQL_HANDLER = array('<?php echo $MYSQL_HANDLER[0]; ?> ','<?php echo $MYSQL_HANDLER[1]; ?> '); // main nucleus directory $DIR_NUCLEUS = '<b><?php echo $config_adminpath; ?> </b>'; // path to media dir $DIR_MEDIA = '<b><?php echo $config_mediapath; ?> </b>'; // extra skin files for imported skins $DIR_SKINS = '<b><?php echo $config_skinspath; ?> </b>'; // these dirs are normally sub dirs of the nucleus dir, but // you can redefine them if you wish $DIR_PLUGINS = $DIR_NUCLEUS . 'plugins/'; $DIR_LANG = $DIR_NUCLEUS . 'language/'; $DIR_LIBS = $DIR_NUCLEUS . 'libs/'; // include libs include($DIR_LIBS . 'globalfunctions.php'); ?></code></pre> <?php echo _TEXT11; ?> <div class="note"> <?php echo _TEXT12; ?> </div> <?php } else { ?> <h1><?php echo _TITLE4; ?> </h1> <?php echo _TEXT13; ?> <?php } ?> <h1><?php echo _TITLE5; ?> </h1> <?php echo _TEXT14; ?> <ul> <li><?php echo _TEXT14_L1; ?> </li> <li><?php echo _TEXT14_L2; ?> </li> </ul> <h1><?php echo _HEADER10; ?> </h1> <?php echo _TEXT15; ?> <ul> <li><?php echo _TEXT15_L1; ?> </li> <li><?php echo _TEXT15_L2; ?> </li> <li><?php echo _TEXT15_L3; ?> </li> </ul> <?php echo _TEXT16; ?> <h1><?php echo _HEADER11; ?> </h1> <p><?php echo _TEXT16_H; ?> <ul> <li><a href="<?php echo $config_adminurl; ?> "><?php echo _TEXT16_L1; ?> </a></li> <li><a href="<?php echo $config_indexurl; ?> "><?php echo _TEXT16_L2; ?> </a></li> </ul> </p> </body> </html> <?php }
function requestVar($name) { return postVar($name) ? postVar($name) : getVar($name); }
<?php include 'default.php'; $name = postVar('name'); $price = postVar('price'); if (is_null($name) || is_null($price)) { echo jsonErr('One of the required fields was not sent successfully.'); return; } $to = '*****@*****.**'; $subject = 'Item Price Change Ticket'; $message = "An item price change ticket has been submitted.\nName: {$name}\nPrice: {$price}"; mail($to, $subject, $message); echo jsonSuccess(array('message' => 'Your ticket has successfully been submitted. Thank you!'));
function bm_doEditItem() { global $member, $manager, $CONF; $itemid = intRequestVar('itemid'); $catid = postVar('catid'); // only allow if user is allowed to alter item if (!$member->canUpdateItem($itemid, $catid)) { bm_doError(_ERROR_DISALLOWED); } $body = postVar('body'); $title = postVar('title'); $more = postVar('more'); $closed = intPostVar('closed'); $actiontype = postVar('actiontype'); $draftid = intPostVar('draftid'); // redirect to admin area on delete (has delete confirmation) if ($actiontype == 'delete') { redirect('index.php?action=itemdelete&itemid=' . $itemid); exit; } // create new category if needed (only on edit/changedate) if (strstr($catid, 'newcat')) { // get blogid list($blogid) = sscanf($catid, "newcat-%d"); // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong if (!$catid) { bm_doError(_BOOKMARKLET_ERROR_COULDNTNEWCAT); } } // only edit action is allowed for bookmarklet edit switch ($actiontype) { case 'changedate': $publish = 1; $wasdraft = 0; $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year')); break; case 'edit': $publish = 1; $wasdraft = 0; $timestamp = 0; break; case 'backtodrafts': $publish = 0; $wasdraft = 0; $timestamp = 0; break; default: bm_doError(_BOOKMARKLET_ERROR_SOMETHINGWRONG); } // update item for real ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); if ($draftid > 0) { ITEM::delete($draftid); } // show success message if ($catid != intPostVar('catid')) { $href = 'index.php?action=categoryedit&blogid=' . $blog->getID() . '&catid=' . $catid; $onclick = 'if (event && event.preventDefault) event.preventDefault(); window.open(this.href); return false;'; $title = _BOOKMARKLET_NEW_WINDOW; $aTag = ' <a href="' . $href . '" onclick="' . $onclick . '" title="' . $title . '">'; $message = _BOOKMARKLET_NEW_CATEGORY . $aTag . _BOOKMARKLET_NEW_CATEGORY_EDIT . '</a>'; bm_message(_ITEM_UPDATED, _ITEM_UPDATED, _BOOKMARKLET_NEW_CATEGORY . $aTag . _BOOKMARKLET_NEW_CATEGORY_EDIT . '</a>', ''); } else { bm_message(_ITEM_UPDATED, _ITEM_UPDATED, _ITEM_UPDATED, ''); } }
function intPostVar($name) { return intval(postVar($name)); }
/** * @todo document this */ function action_pluginadd() { global $member, $manager, $DIR_PLUGINS; // check if allowed $member->isAdmin() or $this->disallow(); $name = postVar('filename'); if ($manager->pluginInstalled($name)) { $this->error(_ERROR_DUPPLUGIN); } if (!checkPlugin($name)) { $this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')'); } // get number of currently installed plugins $res = sql_query('SELECT * FROM ' . sql_table('plugin')); $numCurrent = sql_num_rows($res); // plugin will be added as last one in the list $newOrder = $numCurrent + 1; $manager->notify('PreAddPlugin', array('file' => &$name)); // do this before calling getPlugin (in case the plugin id is used there) $query = 'INSERT INTO ' . sql_table('plugin') . ' (porder, pfile) VALUES (' . $newOrder . ',"' . sql_real_escape_string($name) . '")'; sql_query($query); $iPid = sql_insert_id(); $manager->clearCachedInfo('installedPlugins'); // Load the plugin for condition checking and instalation $plugin =& $manager->getPlugin($name); // check if it got loaded (could have failed) if (!$plugin) { sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . intval($iPid)); $manager->clearCachedInfo('installedPlugins'); $this->error(_ERROR_PLUGIN_LOAD); } // check if plugin needs a newer Nucleus version if (getNucleusVersion() < $plugin->getMinNucleusVersion()) { // uninstall plugin again... $this->deleteOnePlugin($plugin->getID()); // ...and show error $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion())); } // check if plugin needs a newer Nucleus version if (getNucleusVersion() == $plugin->getMinNucleusVersion() && getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) { // uninstall plugin again... $this->deleteOnePlugin($plugin->getID()); // ...and show error $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel())); } $pluginList = $plugin->getPluginDep(); foreach ($pluginList as $pluginName) { $res = sql_query('SELECT * FROM ' . sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"'); if (sql_num_rows($res) == 0) { // uninstall plugin again... $this->deleteOnePlugin($plugin->getID()); $this->error(sprintf(_ERROR_INSREQPLUGIN, htmlspecialchars($pluginName, ENT_QUOTES))); } } // call the install method of the plugin $plugin->install(); $manager->notify('PostAddPlugin', array('plugin' => &$plugin)); // update all events $this->action_pluginupdate(); }
/** * Parse skinvar membermailform */ function parse_membermailform($rows = 10, $cols = 40, $desturl = '') { global $member, $CONF, $memberid; if ($desturl == '') { if ($CONF['URLMode'] == 'pathinfo') { $desturl = createMemberLink($memberid); } else { $desturl = $CONF['IndexURL'] . createMemberLink($memberid); } } $message = postVar('message'); $frommail = postVar('frommail'); $this->formdata = array('url' => htmlspecialchars($desturl), 'actionurl' => htmlspecialchars($CONF['ActionURL'], ENT_QUOTES), 'memberid' => $memberid, 'rows' => $rows, 'cols' => $cols, 'message' => htmlspecialchars($message, ENT_QUOTES), 'frommail' => htmlspecialchars($frommail, ENT_QUOTES)); if ($member->isLoggedIn()) { $this->doForm('membermailform-loggedin'); } else { if ($CONF['NonmemberMail']) { $this->doForm('membermailform-notloggedin'); } else { $this->doForm('membermailform-disallowed'); } } }
/** * Called when a comment or member mail message is validated. We'll check if the * provided captcha solution is correct here. If not, we'll return an error. */ function event_ValidateForm(&$data) { switch ($data['type']) { case 'comment': case 'membermail': case 'activation': break; default: return; } // initialize on first call if (!$this->inited) { $this->init_captcha(); } // don't do anything when no GD libraries are available if (!$this->isAvailable()) { return; } global $member; // captchas are not used for registered members if ($member->isLoggedIn()) { return; } // get key and attempted solution from request $ver_key = postVar('ver_key'); $ver_sol = postVar('ver_sol'); // check if the solution matches what is in the database if (!$this->check($ver_key, $ver_sol)) { $data['error'] = $this->getOption('FailedMsg'); } }
* This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General * Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ require_once '../config.php'; $logfile = LACE_LOGDIR . postVar('log') . '.dat'; if (!file_exists($logfile)) { $logfile = LACE_LOGFILE; } ?> <div id="subnav"> <?php printLogList($logfile); ?> </div> <h4 id="windowTitle"><?php echo LACE_SITE_NAME; ?> Logs</h4>
function _skinfiles_editfile_process() { global $manager; $skinfiles = $manager->getPlugin('NP_SkinFiles'); $file = _skinfiles_basename(trim(requestVar('file'))); $directory = dirname(trim(requestVar('file'))); $directory = sfExpandDirectory($directory); if (requestVar('sure') == 'yes') { if (sfValidPath($directory) && file_exists($directory . $file) && is_file($directory . $file) && is_writable($directory . $file) && sfAllowEditing($file)) { if ($skinfiles->getOption('generate_backup') == 'yes') { copy($directory . $file, $directory . $skinfiles->getOption('backup_prefix') . $file); } $content = postVar('content'); $success = false; if ($fh = @fopen($directory . $file, 'wb')) { if (@fwrite($fh, $content) !== false) { $success = true; } @fclose($fh); } if ($success) { echo "<p class='message'>" . _SKINFILES_ERR_EDIT_FILE4 . "«" . htmlspecialchars($file) . "» " . _SKINFILES_ERR_EDIT_FILE5 . "</p>"; } else { echo "<p class='error'>" . _SKINFILES_ERR_EDIT_FILE6 . "«" . htmlspecialchars($file) . "» " . _SKINFILES_ERR_EDIT_FILE7 . "</p>"; } /* begin modification by katsumi */ if ($success && strlen($content) == 0) { _skinfiles_delbutton('file', trim(requestVar('file'))); } /* end modification */ _skinfiles_editfile(); } else { echo "<p class='error'>" . _SKINFILES_ERR_EDIT_FILE1 . "«" . htmlspecialchars($file) . "» " . _SKINFILES_ERR_EDIT_FILE2; echo _SKINFILES_ERR_EDIT_FILE3 . "</p>"; } } else { // User cancelled sfShowDirectory($directory); } }
/** * Sends a new password */ function forgotPassword() { $membername = trim(postVar('name')); if (!MEMBER::exists($membername)) { doError(_ERROR_NOSUCHMEMBER); } $mem = MEMBER::createFromName($membername); /* below keeps regular users from resetting passwords using forgot password feature Removing for now until clear why it is required.*/ /*if (!$mem->canLogin()) doError(_ERROR_NOLOGON_NOACTIVATE);*/ // check if e-mail address is correct if (!($mem->getEmail() == postVar('email'))) { doError(_ERROR_INCORRECTEMAIL); } // send activation link $mem->sendActivationLink('forgot'); if (postVar('url')) { redirect(postVar('url')); } else { // header ("Content-Type: text/html; charset="._CHARSET); sendContentType('text/html', '', _CHARSET); echo _MSG_ACTIVATION_SENT; echo '<br /><br />Return to <a href="' . $CONF['IndexURL'] . '" title="' . $CONF['SiteName'] . '">' . $CONF['SiteName'] . '</a>'; } exit; }
<?php include 'default.php'; $db = getDB(); $name = postVar('name'); $email = postVar('email'); $steamProfileLink = postVar('steamProfileLink'); $desc = postVar('desc'); if (is_null($name) || is_null($email) || is_null($steamProfileLink) || is_null($desc)) { echo jsonErr('One of the required fields was left blank or not sent correctly.'); return; } # Check steam profile link to make sure it is valid if (!filter_var($steamProfileLink, FILTER_VALIDATE_URL)) { echo jsonErr('Your steam profile link was not a valid url.'); return; } # Add to support database table $stmt = $db->prepare('INSERT INTO support (name, email, steamProfileLink, desc, date, time) VALUES (:name, :email, :steamProfileLink, :desc, CURDATE(), CURTIME())'); $stmt->bindValue(':name', $name); $stmt->bindValue(':email', $email); $stmt->bindValue(':steamProfileLink', $steamProfileLink); $stmt->bindValue(':desc', $desc); $stmt->execute(); # Send email to our email $to = '*****@*****.**'; $subject = 'Support Ticket Submitted'; $message = "A support ticket has been sent.\n\nName: {$name}\nEmail: {$email}\nProfile link: {$steamProfileLink}\nDescription: {$desc}"; mail($to, $subject, $message); # Send email to user confirming their support ticket $subject = 'Support ticket received';
/** * Tries to create an draft from the data in the current request (comes from * bookmarklet or admin area * * Returns an array with status info: * status = 'added', 'error', 'newcategory' * * @static * * Used by xmlHTTPRequest AutoDraft */ function createDraftFromRequest() { global $member, $manager; $i_author = $member->getID(); $i_body = postVar('body'); $i_title = postVar('title'); $i_more = postVar('more'); if (strtoupper(_CHARSET) != 'UTF-8') { $i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8"); $i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8"); $i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8"); } //$i_actiontype = postVar('actiontype'); $i_closed = intPostVar('closed'); //$i_hour = intPostVar('hour'); //$i_minutes = intPostVar('minutes'); //$i_month = intPostVar('month'); //$i_day = intPostVar('day'); //$i_year = intPostVar('year'); $i_catid = postVar('catid'); $i_draft = 1; $type = postVar('type'); if ($type == 'edit') { $i_blogid = getBlogIDFromItemID(intPostVar('itemid')); } else { $i_blogid = intPostVar('blogid'); } $i_draftid = intPostVar('draftid'); if (!$member->canAddItem($i_catid)) { return array('status' => 'error', 'message' => _ERROR_DISALLOWED); } if (!trim($i_body)) { return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS); } // create new category if needed if (strstr($i_catid, 'newcat')) { // Set in default category $blog =& $manager->getBlog($i_blogid); $i_catid = $blog->getDefaultCategory(); } else { // force blogid (must be same as category id) $i_blogid = getBlogIDFromCatID($i_catid); $blog =& $manager->getBlog($i_blogid); } $posttime = 0; if ($i_draftid > 0) { ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0); $itemid = $i_draftid; } else { $itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft); } // No plugin support in AutoSaveDraft yet //Setting the itemOptions //$aOptions = requestArray('plugoption'); //NucleusPlugin::_applyPluginOptions($aOptions, $itemid); //$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid))); // success return array('status' => 'added', 'draftid' => $itemid); }
<?php require HTMLView::pathForTemplate('layout.head'); ?> <body> <div class="container"> <h1>Register</h1> <form method="post" style="text-align: center;"> <?php if (isset($alert)) { $alert->renderHTML(); } ?> <?php CSRFPRotection::generateHTMLTag(); ?> <p><input type="text" name="email" placeholder="Email Address" value="<?php postVar('email'); ?> "></p> <p><input type="password" name="password" placeholder="Password"></p> <p><button type="submit">Submit</button></p> </form> <p><a href="<?php echo RouteController::fqURL('user.login'); ?> ">Login</a></p> </div> </body> </html>
/** * laceListener() * * Checks POST variables for incoming messages or * update requests. */ function laceListener($fromListener = true) { $cookie_name = cookieVar(LACE_NAME_COOKIE, false); $post_name = postVar('name', false); // name $post_text = postVar('text', false); // text if ($post_name !== false && $post_text !== false) { if (validateSession() === false) { return '"chat":{"nodata":"1"}'; } if (isFlooding() === true) { return '"chat":{"nodata":"1"}'; } $message = prepareMessage($post_name, $post_text); if ($message !== false) { if ($cookie_name && $cookie_name != $post_name) { addNameChange($cookie_name, $post_name); } else { global $A; // Activity object joinMessage($post_name); $A->update($post_name); } // Reset $name just in case it has been changed global $name; $name = $post_name; setcookie(LACE_NAME_COOKIE, $post_name, time() + 259200, LACE_URL_REL); addMessage($message); } } if ($fromListener) { $chatHash = postVar('chatHash', false); if ($chatHash) { $hash = getMessageHash(); if (validateSession() === false || $chatHash == $hash) { return '"chat":{"nodata":""}'; } $json = '"chat":{"hash":"' . $hash . '","data":"'; $json .= addslashes(str_replace("\n", "", printFileContentsHTML())) . '"}'; return $json; } return '"chat":{"nodata":""}'; } return '"chat":{"nodata":""}'; }
public function event_PostRegister(&$data) { if ($this->enable_security == 'yes') { $password = postVar('password'); if (postVar('action') == 'memberadd') { $message = $this->_validate_and_messsage($password, $this->pwd_min_length, $this->pwd_complexity); if ($message) { $errormessage = _SECURITYENFORCER_ACCOUNT_CREATED . $message . "<br /><br />\n"; global $admin; $admin->error($errormessage); } } } return; }
<?php include 'default.php'; $name = postVar('name'); $price = postVar('price'); $link = postVar('link'); if (is_null($name) || is_null($price) || is_null($link)) { echo jsonErr('One of the required fields was not send correctly.'); return; } $to = '*****@*****.**'; $subject = 'New Item Ticket'; $message = "A new item ticket has been submitted.\nName: {$name}\nPrice: {$price}\nLink: {$link}\n"; mail($to, $subject, $message); echo jsonSuccess(array('message' => 'Your ticket has successfully been submitted. Thank you!'));
function _linklist_delete() { $type = postVar('type'); $msg = _linklist_doDelete($type); _linklist_index($msg); }
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ // Initialize the form's name value to // be overridden during session init. global $name; $name = ''; require_once 'common.php'; if ($name == '') { $name = getName(); } // This is only ever used if XMLHttpRequest is // not accessible (JavaScript disabled, etc.) // Otherwise, Lace just passes through it unaffected. laceListener(false); // Front Controller dirty work $op = postVar('op', false); switch ($op) { case 'log': $id = 'log'; $include = 'log.inc.php'; $title = LACE_SITE_NAME . ' Logs'; break; case 'help': $id = 'help'; $include = 'help.inc.php'; $title = LACE_SITE_NAME . ' Tips'; break; default: if ($_SERVER['REQUEST_URI'] != LACE_URL_REL && $_SERVER['REQUEST_URI'] != LACE_URL_REL . basename(__FILE__)) { // Redirect invalid URLs to the main page header('Location: ' . LACE_URL_ABS);