function RemoteInit() { global $langmessage; if (empty($_REQUEST['name']) || empty($_REQUEST['type']) || empty($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) { message($langmessage['OOPS']); return false; } if ($_REQUEST['type'] != 'plugin' && $_REQUEST['type'] != 'theme') { message($langmessage['OOPS']); return false; } if (!admin_tools::CanRemoteInstall()) { message($langmessage['OOPS']); return false; } $addonName =& $_REQUEST['name']; $this->addon_name = $addonName; $this->InitInstall_Vars(); return true; }
/** * Prepare and output any inline Javascript for the current page * @static */ function GetHead_InlineJS() { global $page, $linkPrefix; ob_start(); if (gpdebugjs) { echo 'var debugjs=true;'; } if (common::LoggedIn()) { echo 'var isadmin=true'; echo ',gpBLink="' . common::HrefEncode($linkPrefix) . '"'; //here because of index.php gpsession::GPUIVars(); if (!admin_tools::CanRemoteInstall()) { echo ',gpRem=false'; } echo ',post_nonce="' . common::new_nonce('post', true) . '"'; echo ';'; gpOutput::GP_STYLES(); } echo $page->head_script; if (!empty($page->jQueryCode)) { echo '$(function(){'; echo $page->jQueryCode; echo '});'; } $inline = ob_get_clean(); if (!empty($inline)) { echo "\n<script type=\"text/javascript\">/* <![CDATA[ */\n"; echo $inline; echo "\n/* ]]> */</script>"; } }
/** * Determine if $session_id represents a valid session and if so start the session * */ static function start($session_id, $sessions = false) { global $langmessage, $dataDir, $wbMessageBuffer; static $locked_message = false; //get the session file if (!$sessions) { $sessions = self::GetSessionIds(); if (!isset($sessions[$session_id])) { msg('hmm: ' . gp_session_cookie); self::cookie(gp_session_cookie); //make sure the cookie is deleted msg($langmessage['Session Expired'] . ' (timeout)'); return false; } } $sess_info = $sessions[$session_id]; //check ~ip, ~user agent ... if (gp_browser_auth && !empty($sess_info['uid'])) { $auth_uid = self::auth_browseruid(); $auth_uid_legacy = self::auth_browseruid(true); //legacy option added to prevent logging users out, added 2.0b2 if ($sess_info['uid'] != $auth_uid && $sess_info['uid'] != $auth_uid_legacy) { self::cookie(gp_session_cookie); //make sure the cookie is deleted msg($langmessage['Session Expired'] . ' (browser auth)'); return false; } } $session_file = $dataDir . '/data/_sessions/' . $sess_info['file_name']; if ($session_file === false || !gpFiles::Exists($session_file)) { self::cookie(gp_session_cookie); //make sure the cookie is deleted msg($langmessage['Session Expired'] . ' (invalid)'); return false; } //prevent browser caching when editing Header('Last-Modified: ' . gmdate('D, j M Y H:i:s') . ' GMT'); Header('Expires: ' . gmdate('D, j M Y H:i:s', time()) . ' GMT'); Header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1 Header('Cache-Control: post-check=0, pre-check=0', false); Header('Pragma: no-cache'); // HTTP/1.0 $GLOBALS['gpAdmin'] = self::SessionData($session_file, $checksum); //lock to prevent conflicting edits if (gp_lock_time > 0 && (!empty($GLOBALS['gpAdmin']['editing']) || !empty($GLOBALS['gpAdmin']['granted']))) { $expires = gp_lock_time; if (!gpFiles::Lock('admin', sha1(sha1($session_id)), $expires)) { msg($langmessage['site_locked'] . ' ' . sprintf($langmessage['lock_expires_in'], ceil($expires / 60))); $locked_message = true; } else { unset($GLOBALS['gpAdmin']['locked']); } } //extend cookie? if (isset($GLOBALS['gpAdmin']['remember'])) { $elapsed = time() - $GLOBALS['gpAdmin']['remember']; if ($elapsed > 604800) { //7 days $GLOBALS['gpAdmin']['remember'] = time(); self::cookie(gp_session_cookie, $session_id); } } register_shutdown_function(array('gpsession', 'close'), $session_file, $checksum); self::SaveSetting(); //make sure forms have admin nonce ob_start(array('gpsession', 'AdminBuffer')); gpOutput::$lang_values += array('cancel' => 'ca', 'update' => 'up', 'caption' => 'cp', 'Width' => 'Width', 'Height' => 'Height'); common::LoadComponents('sortable,autocomplete,gp-admin,gp-admin-css'); admin_tools::VersionsAndCheckTime(); gpOutput::$inline_vars += array('gpRem' => admin_tools::CanRemoteInstall()); //prepend messages from message buffer if (isset($GLOBALS['gpAdmin']['message_buffer']) && count($GLOBALS['gpAdmin']['message_buffer'])) { $wbMessageBuffer = array_merge($GLOBALS['gpAdmin']['message_buffer'], $wbMessageBuffer); unset($GLOBALS['gpAdmin']['message_buffer']); } //alias if (isset($_COOKIE['gp_alias'])) { $GLOBALS['gpAdmin']['useralias'] = $_COOKIE['gp_alias']; } else { $GLOBALS['gpAdmin']['useralias'] = $GLOBALS['gpAdmin']['username']; } return true; }
/** * Get the remote package * */ function GetRemote() { global $langmessage; includeFile('tool/RemoteGet.php'); // check values if (empty($this->type) || empty($this->id) || !is_numeric($this->id)) { $this->message($langmessage['OOPS'] . ' (Invalid Request)'); return false; } // allowed to remote install? switch ($this->type) { case 'plugin': if (!gp_remote_plugins) { $this->message($langmessage['OOPS'] . ' (Can\'t remote install plugins)'); return false; } break; case 'theme': if (!gp_remote_themes) { $this->message($langmessage['OOPS'] . ' (Can\'t remote install themes)'); return false; } break; default: $this->message($langmessage['OOPS'] . ' (Invalid Type)'); return false; } // able to remote install? if (!admin_tools::CanRemoteInstall()) { $this->message($langmessage['OOPS'] . ' (Can\'t remote install)'); return false; } // download $download_link = addon_browse_path; if ($this->type == 'theme') { $download_link .= '/Themes'; } else { $download_link .= '/Plugins'; } $download_link .= '?cmd=install&id=' . rawurlencode($this->id); // purchase order id if (!$this->order) { $this->order = $this->GetOrder($this->id); } if ($this->order) { $download_link .= '&order=' . rawurlencode($this->order); } // get package from remote $full_result = gpRemoteGet::Get($download_link); if ((int) $full_result['response']['code'] < 200 && (int) $full_result['response']['code'] >= 300) { $this->message($langmessage['download_failed'] . ' (1)'); return false; } // download failed and a message was sent if (isset($full_result['headers']['x-error'])) { $this->message(htmlspecialchars($full_result['headers']['x-error'])); $this->message(sprintf($langmessage['download_failed_xerror'], 'href="' . $this->DetailUrl($_POST['type'], $_POST['id']) . '" data-cmd="remote"')); return false; } $result = $full_result['body']; $md5 =& $full_result['headers']['x-md5']; //check md5 $package_md5 = md5($result); if ($package_md5 != $md5) { $this->message($langmessage['download_failed_md5'] . ' <br/> (Package Checksum ' . $package_md5 . ' != Expected Checksum ' . $md5 . ')'); return false; } //save contents $tempfile = $this->TempFile('.zip'); if (!gpFiles::Save($tempfile, $result)) { $this->message($langmessage['download_failed'] . ' (Package not saved)'); return false; } $this->source = $this->TempFile(); $success = $this->ExtractArchive($this->source, $tempfile); unlink($tempfile); return $success; }