function user_check_url_rewrite()
{
global $allgAr;
if (!loggedin() and $allgAr['show_session_id'] == 0) {
// loescht die sessionid von allen urls
// auch urls wie formulare usw. damit
// suchmaschienen bots nicht iritiert sind ;)
// output_reset_rewrite_vars ist eine php funktion
// nicht unnoetig dannach suchen ;) ...
output_reset_rewrite_vars();
}
}
function SessionStart()
{
$r = base64_encode(dirname($_SERVER['REQUEST_URI']));
//Lock down the session per install
session_name($r);
//See line above
session_start();
output_reset_rewrite_vars();
if (!session_id()) {
ini_set("session.use_trans_sid", "Off");
}
}
// This program is free software. You may use, modify, and/or redistribute //
// it under the terms of the MIT License. //
// //
//***************************************************************************//
// Reverse magic quotes if they are enabled.
if (get_magic_quotes_gpc()) {
$_REQUEST = dmq($_REQUEST);
}
// Set errors accordingly.
error_reporting(E_ALL ^ E_NOTICE);
// Start the session.
ini_set('arg_separator.output', '&');
session_name('s');
session_start();
// Don't screw with our URLs, you crazy PHP you.
output_reset_rewrite_vars();
// Add the session ID to all local URLs (if it hasn't been saved to a cookie).
if (SID) {
output_add_rewrite_var('s', stripslashes(session_id()));
}
// Are they specifying a step?
if ($_REQUEST['step'] == 1) {
// Yes, so set the step.
$_SESSION['step'] = 1;
}
// Are they specifying an install type?
if (isset($_REQUEST['setup'])) {
// Yes, so set the install type.
$_SESSION['setup'] = $_REQUEST['setup'];
}
// Are they wanting to install or upgrade?
function processApiRequest()
{
global $wp_version, $wp_db_version;
global $wpdb, $bvVersion;
if (array_key_exists('obend', $_REQUEST) && function_exists('ob_end_clean')) {
@ob_end_clean();
}
if (array_key_exists('op_reset', $_REQUEST) && function_exists('output_reset_rewrite_vars')) {
output_reset_rewrite_vars();
}
if (array_key_exists('binhead', $_REQUEST)) {
header("Content-type: application/binary");
header('Content-Transfer-Encoding: binary');
}
$method = urldecode($_REQUEST['bvMethod']);
$this->addStatus("signature", "Blogvault API");
$this->addStatus("callback", $method);
$this->addStatus("public", substr($this->getOption('bvPublic'), 0, 6));
if (!$this->authenticateControlRequest()) {
$this->addStatus("statusmsg", 'failed authentication');
$this->terminate();
}
$this->addStatus("bvVersion", $bvVersion);
$this->addStatus("abspath", urldecode(ABSPATH));
$this->addStatus("serverip", urlencode($_SERVER['SERVER_ADDR']));
$this->addStatus("siteurl", urlencode($this->wpurl()));
if (!array_key_exists('stripquotes', $_REQUEST) && (get_magic_quotes_gpc() || function_exists('wp_magic_quotes'))) {
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
if (array_key_exists('b64', $_REQUEST)) {
foreach ($_REQUEST['b64'] as $key) {
if (is_array($_REQUEST[$key])) {
$_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]);
} else {
$_REQUEST[$key] = base64_decode($_REQUEST[$key]);
}
}
}
if (array_key_exists('memset', $_REQUEST)) {
$val = intval(urldecode($_REQUEST['memset']));
@ini_set('memory_limit', $val . 'M');
}
switch ($method) {
case "sendmanyfiles":
$files = $_REQUEST['files'];
$offset = intval(urldecode($_REQUEST['offset']));
$limit = intval(urldecode($_REQUEST['limit']));
$bsize = intval(urldecode($_REQUEST['bsize']));
$this->addStatus("status", $this->uploadFiles($files, $offset, $limit, $bsize));
break;
case "sendfilesmd5":
$files = $_REQUEST['files'];
$offset = intval(urldecode($_REQUEST['offset']));
$limit = intval(urldecode($_REQUEST['limit']));
$bsize = intval(urldecode($_REQUEST['bsize']));
$this->addStatus("status", $this->uploadFilesMd5($files, $offset, $limit, $bsize));
break;
case "getfilesstats":
$files = $_REQUEST['files'];
$offset = intval(urldecode($_REQUEST['offset']));
$limit = intval(urldecode($_REQUEST['limit']));
$bsize = intval(urldecode($_REQUEST['bsize']));
$this->addStatus("status", $this->getFilesStats($files, $offset, $limit, $bsize));
break;
case "listtables":
$this->addStatus("status", $this->listTables());
break;
case "tableinfo":
$table = urldecode($_REQUEST['table']);
$offset = intval(urldecode($_REQUEST['offset']));
$limit = intval(urldecode($_REQUEST['limit']));
$bsize = intval(urldecode($_REQUEST['bsize']));
$filter = urldecode($_REQUEST['filter']);
$rcount = intval(urldecode($_REQUEST['rcount']));
$tname = urldecode($_REQUEST['tname']);
$this->addStatus("status", $this->tableInfo($table, $tname, $rcount, $offset, $limit, $bsize, $filter));
break;
case "uploadrows":
$table = urldecode($_REQUEST['table']);
$offset = intval(urldecode($_REQUEST['offset']));
$limit = intval(urldecode($_REQUEST['limit']));
$bsize = intval(urldecode($_REQUEST['bsize']));
$filter = urldecode($_REQUEST['filter']);
$rcount = intval(urldecode($_REQUEST['rcount']));
$tname = urldecode($_REQUEST['tname']);
$this->addStatus("status", $this->uploadRows($table, $tname, $rcount, $offset, $limit, $bsize, $filter));
break;
case "sendactivate":
$this->addStatus("status", $this->activate());
break;
case "scanfilesdefault":
$this->addStatus("status", $this->scanFiles());
break;
case "scanfiles":
$initdir = urldecode($_REQUEST['initdir']);
$offset = intval(urldecode($_REQUEST['offset']));
$limit = intval(urldecode($_REQUEST['limit']));
$bsize = intval(urldecode($_REQUEST['bsize']));
$this->addStatus("status", $this->scanFiles($initdir, $offset, $limit, $bsize));
break;
case "setdynsync":
$this->updateOption('bvDynSyncActive', $_REQUEST['dynsync']);
break;
case "setwoodyn":
$this->updateOption('bvWooDynSync', $_REQUEST['woodyn']);
break;
case "setserverid":
$this->updateOption('bvServerId', $_REQUEST['serverid']);
break;
case "updatekeys":
$this->addStatus("status", $this->updateKeys($_REQUEST['public'], $_REQUEST['secret']));
break;
case "setignorednames":
switch ($_REQUEST['table']) {
case "options":
$this->updateOption('bvIgnoredOptions', $_REQUEST['names']);
break;
case "postmeta":
$this->updateOption('bvIgnoredPostmeta', $_REQUEST['names']);
break;
}
break;
case "getignorednames":
switch ($_REQUEST['table']) {
case "options":
$names = $this->getOption('bvIgnoredOptions');
break;
case "postmeta":
$names = $this->getOption('bvIgnoredPostmeta');
break;
}
$this->addStatus("names", $names);
break;
case "phpinfo":
phpinfo();
die;
break;
case "getposts":
$post_type = urldecode($_REQUEST['post_type']);
$args = array('numberposts' => 5, 'post_type' => $post_type);
$posts = get_posts($args);
$keys = array('post_title', 'guid', 'ID', 'post_date');
foreach ($posts as $post) {
$pdata = array();
$post_array = get_object_vars($post);
foreach ($keys as $key) {
$pdata[$key] = $post_array[$key];
}
$this->addArrayToStatus("posts", $pdata);
$this->addArrayToStatus("post_type", $post_type);
}
break;
case "getstats":
$this->addStatus("posts", get_object_vars(wp_count_posts()));
$this->addStatus("pages", get_object_vars(wp_count_posts("page")));
$this->addStatus("comments", get_object_vars(wp_count_comments()));
break;
case "getinfo":
if (array_key_exists('wp', $_REQUEST)) {
$wp_info = array('current_theme' => (string) (function_exists('wp_get_theme') ? wp_get_theme() : get_current_theme()), 'dbprefix' => $wpdb->base_prefix ? $wpdb->base_prefix : $wpdb->prefix, 'wpmu' => $this->isMultisite(), 'mainsite' => $this->isMainSite(), 'name' => get_bloginfo('name'), 'site_url' => get_bloginfo('wpurl'), 'home_url' => get_bloginfo('url'), 'charset' => get_bloginfo('charset'), 'wpversion' => $wp_version, 'dbversion' => $wp_db_version, 'abspath' => ABSPATH, 'uploadpath' => $this->uploadPath(), 'uploaddir' => wp_upload_dir(), 'contentdir' => defined('WP_CONTENT_DIR') ? WP_CONTENT_DIR : null, 'contenturl' => defined('WP_CONTENT_URL') ? WP_CONTENT_URL : null, 'plugindir' => defined('WP_PLUGIN_DIR') ? WP_PLUGIN_DIR : null, 'dbcharset' => defined('DB_CHARSET') ? DB_CHARSET : null, 'disallow_file_edit' => defined('DISALLOW_FILE_EDIT'), 'disallow_file_mods' => defined('DISALLOW_FILE_MODS'), 'bvversion' => $bvVersion);
$this->addStatus("wp", $wp_info);
}
if (array_key_exists('plugins', $_REQUEST)) {
if (!function_exists('get_plugins')) {
require_once ABSPATH . "wp-admin/includes/plugin.php";
}
$plugins = get_plugins();
foreach ($plugins as $plugin_file => $plugin_data) {
$pdata = array('file' => $plugin_file, 'title' => $plugin_data['Title'], 'version' => $plugin_data['Version'], 'active' => is_plugin_active($plugin_file));
$this->addArrayToStatus("plugins", $pdata);
}
}
if (array_key_exists('themes', $_REQUEST)) {
$themes = function_exists('wp_get_themes') ? wp_get_themes() : get_themes();
foreach ($themes as $theme) {
if (is_object($theme)) {
$pdata = array('name' => $theme->Name, 'title' => $theme->Title, 'stylesheet' => $theme->get_stylesheet(), 'template' => $theme->Template, 'version' => $theme->Version);
} else {
$pdata = array('name' => $theme["Name"], 'title' => $theme["Title"], 'stylesheet' => $theme["Stylesheet"], 'template' => $theme["Template"], 'version' => $theme["Version"]);
}
$this->addArrayToStatus("themes", $pdata);
}
}
if (array_key_exists('users', $_REQUEST)) {
$users = array();
if (function_exists('get_users')) {
$users = get_users('search=admin');
} else {
if (function_exists('get_users_of_blog')) {
$users = get_users_of_blog();
}
}
foreach ($users as $user) {
if (stristr($user->user_login, 'admin')) {
$pdata = array('login' => $user->user_login, 'ID' => $user->ID);
$this->addArrayToStatus("users", $pdata);
}
}
}
if (array_key_exists('system', $_REQUEST)) {
$sys_info = array('serverip' => $_SERVER['SERVER_ADDR'], 'host' => $_SERVER['HTTP_HOST'], 'phpversion' => phpversion(), 'uid' => getmyuid(), 'gid' => getmygid(), 'user' => get_current_user());
if (function_exists('posix_getuid')) {
$sys_info['webuid'] = posix_getuid();
$sys_info['webgid'] = posix_getgid();
}
$this->addStatus("sys", $sys_info);
}
break;
case "setsecurityconf":
$new_conf = $_REQUEST['secconf'];
if (!is_array($new_conf)) {
$new_conf = array();
}
$this->updateOption('bvsecurityconfig', $new_conf);
break;
case "getsecurityconf":
$new_conf = $this->getOption('bvsecurityconfig');
$this->addStatus("secconf", $new_conf);
break;
case "describetable":
$table = urldecode($_REQUEST['table']);
$this->describeTable($table);
break;
case "checktable":
$table = urldecode($_REQUEST['table']);
$type = urldecode($_REQUEST['type']);
$this->checkTable($table, $type);
break;
case "repairtable":
$table = urldecode($_REQUEST['table']);
$this->repairTable($table);
break;
case "tablekeys":
$table = urldecode($_REQUEST['table']);
$this->tableKeys($table);
break;
case "gettablecreate":
$table = urldecode($_REQUEST['table']);
$this->addStatus("create", $this->tableCreate($table));
break;
case "getrowscount":
$table = urldecode($_REQUEST['table']);
$this->addStatus("count", $this->rowsCount($table));
break;
case "updatedailyping":
$value = $_REQUEST['value'];
$this->addStatus("bvDailyPing", $this->updateDailyPing($value));
break;
default:
$this->addStatus("statusmsg", "Bad Command");
$this->addStatus("status", false);
break;
}
$this->terminate();
}
/**
* Reset the URL rewriter and remove all rewrite variables previously set by the output_add_rewrite_var() function or the session mechanism.
*/
public static function resetUrlRewriteVars()
{
output_reset_rewrite_vars();
self::$rewriteVars = array();
}
