$actiontemplates = array(); // ######################### REQUIRE BACK-END ############################ define('CWD', ($getcwd = getcwd()) ? $getcwd : '.'); require_once CWD . '/includes/init.php'; $vbulletin->input->clean_array_gpc('r', array('pictureid' => TYPE_UINT, 'albumid' => TYPE_UINT, 'groupid' => TYPE_UINT)); // ####################################################################### // ######################## START MAIN SCRIPT ############################ // ####################################################################### $imageinfo = false; if ($vbulletin->GPC['pictureid'] and $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums'] and ($vbulletin->GPC['albumid'] or $vbulletin->GPC['groupid'])) { $imageinfo = $db->query_first_slave("\n SELECT pl.attachmentid\n FROM " . TABLE_PREFIX . "picturelegacy AS pl\n INNER JOIN " . TABLE_PREFIX . "attachment AS a ON (pl.attachmentid = a.attachmentid)\n WHERE pl.pictureid = " . $vbulletin->GPC['pictureid'] . "\n " . ($vbulletin->GPC['albumid'] ? "AND pl.type = 'album' AND pl.primaryid = " . $vbulletin->GPC['albumid'] : "") . "\n " . ($vbulletin->GPC['groupid'] ? "AND pl.type = 'group' AND pl.primaryid = " . $vbulletin->GPC['groupid'] : "") . "\n "); } if ($imageinfo) { exec_header_redirect("attachment.php?attachmentid={$imageinfo['attachmentid']}", 301); } else { $filedata = vb_base64_decode('R0lGODlhAQABAIAAAMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=='); $filesize = strlen($filedata); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); // Date in the past header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); // always modified header('Cache-Control: no-cache, must-revalidate'); // HTTP/1.1 header('Pragma: no-cache'); // HTTP/1.0 header("Content-disposition: inline; filename=clear.gif"); header('Content-transfer-encoding: binary'); header("Content-Length: {$filesize}"); header('Content-type: image/gif'); echo $filedata; exit;
/** * Generates the style for the style generator * * @param array contains all color data * @param int Number for the parent id * @param string Title for the genrated style * @param boolean Override version check * @param int Display order for the style * @param boolean True / False whether it will be user selectable * @param int Version * */ function generate_style($data, $parentid, $title, $anyversion = false, $displayorder, $userselect, $version) { global $vbulletin; require_once DIR . '/includes/class_xml.php'; // Need to check variable for values - Check to make sure we have a name etc $arr = explode('{', stripslashes($data)); // checked below $hex = array(0 => ''); // start at one $match = $match2 = array(); // initialize $type = 'lps'; // checked below // Get master stylevar data $svdata = $vbulletin->db->query_read("\n\t\tSELECT stylevarid\n\t\tFROM " . TABLE_PREFIX . "stylevar\n\t\tWHERE styleid = -1\n\t"); // Generate list $masterlist = array(); while ($svlist = $vbulletin->db->fetch_array($svdata)) { $masterlist[$svlist['stylevarid']] = true; } foreach ($arr as $key => $value) { if (preg_match("/\"hex\":\"([0-9A-F]{6})\"/", $value, $match) == 1) { $hex[] = '#' . $match[1]; } if (preg_match("/\"type\":\"([a-z0-9]{3})\"/", $value, $match2) == 1) { $type = $match2[1]; } } switch (count($hex)) { case '11': break; default: print_stop_message('incorrect_color_mapping'); } switch ($type) { case 'lpt': // White : Similar to the current style $sample_file = "style_generator_sample_white.xml"; $from = array('#A60000', '#BF3030', '#FF4040', '#FF7373'); $to = array($hex[3], $hex[2], $hex[1], $hex[1]); break; case 'gry': // Grey :: Primary 3 and Primary 4 only $sample_file = "style_generator_sample_gray.xml"; $from = array('#A60000', '#FF4040'); $to = array($hex[1], $hex[4]); break; case 'drk': // Dark : Primary 3 and Primary 4 only $sample_file = "style_generator_sample_dark.xml"; $from = array('#A60000', '#FF4040'); $to = array($hex[1], $hex[4]); break; case 'lps': // Light : Primary and Secondary // Light : Primary and Secondary default: // Default to lps (as previously set at start of function, not dark). $sample_file = "style_generator_sample_light.xml"; $from = array('#FF0000', '#BF3030', '#A60000', '#FF4040', '#FF7373', '#009999', '#1D7373', '#5CCCCC'); $to = array($hex[1], $hex[2], $hex[3], $hex[4], $hex[5], $hex[6], $hex[7], $hex[10]); break; } $decode = $match = array(); $xmlobj = new vB_XML_Parser(false, DIR . '/includes/xml/' . $sample_file); $styledata = $xmlobj->parse(); foreach ($styledata['stylevars']['stylevar'] as $stylevars) { // The XML Parser outputs 2 values for the value field when one is set as an attribute. // The work around for now is to specify the first value (the attribute). In reality // the parser shouldn't add a blank 'value' if it exists as an attribute. $decode[$stylevars['name']] = vb_base64_decode($stylevars['value'][0]); } // Preg match and then replace. Shutter, a better method is on the way. $match = array(); foreach ($decode as $name => $value) { if (preg_match("/\"(#[a-zA-Z0-9]{6})\"/", $value, $match) == 1) { $upper = '"' . strtoupper($match[1]) . '"'; $stylevarparts[$name] = str_replace($from, $to, preg_replace("/\"(#[a-zA-Z0-9]{6})\"/", $upper, $value)); } } if ($title === '') { $title = 'Style ' . time(); } $xml = new vB_XML_Builder($vbulletin); $xml->add_group('style', array('name' => $title, 'vbversion' => $version, 'product' => 'vbulletin', 'type' => 'custom')); $xml->add_group('stylevars'); foreach ($stylevarparts as $stylevarid => $stylevar) { // Add if exists if ($masterlist[$stylevarid]) { $xml->add_tag('stylevar', '', array('name' => htmlspecialchars_uni($stylevarid), 'value' => vb_base64_encode($stylevar))); } } // Close stylevar group $xml->close_group(); // Close style group $xml->close_group(); $doc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n\r\n"; $doc .= $xml->output(); $xml = null; if ($parentid == -1 or $parentid == -2) { $masterstyleid = $parentid; } else { $style = $vbulletin->db->query_first("\n\t\t\tSELECT IF(type = 'standard', '-1', '-2') AS masterstyleid\n\t\t\tFROM " . TABLE_PREFIX . "style\n\t\t\tWHERE styleid = {$parentid}\n\t\t"); $masterstyleid = $style['masterstyleid']; } xml_import_style($doc, $masterstyleid, $parentid, $title, $anyversion, $displayorder, $userselect, null, null, 1); print_cp_redirect("template.php?" . $vbulletin->session->vars['sessionurl'] . "do=rebuild&goto=template.php?" . $vbulletin->session->vars['sessionurl']); }
/** * Verifies a string return from a client that it has been unaltered * * @param string String from the client to be verified * * @return string|boolean String without the verification hash or false on failure */ function verify_client_string($string, $extra_entropy = '') { if (substr($string, 0, 4) == 'B64:') { $firstpart = substr($string, 4, 40); $return = substr($string, 44); $decode = true; } else { $firstpart = substr($string, 0, 40); $return = substr($string, 40); $decode = false; } if (sha1($return . sha1(COOKIE_SALT) . $extra_entropy) === $firstpart) { return $decode ? vb_base64_decode($return) : $return; } return false; }
function fetch_blank_image() { $filedata = vb_base64_decode('R0lGODlhAQABAIAAAMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=='); $filesize = strlen($filedata); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); // Date in the past header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); // always modified header('Cache-Control: no-cache, must-revalidate'); // HTTP/1.1 header('Pragma: no-cache'); // HTTP/1.0 header("Content-disposition: inline; filename=clear.gif"); header('Content-transfer-encoding: binary'); header("Content-Length: {$filesize}"); header('Content-type: image/gif'); return $filedata; }