secure_serialized_data PHP代码示例

示例#1

0

显示文件

文件： comments.php 项目： erico-deh/ocPortal

 /**
  * Standard modular run function for snippet hooks. Generates XHTML to insert into a page using AJAX.
  *
  * @return tempcode  The snippet
  */
 function run()
 {
     if (get_option('is_on_comments') == '0') {
         warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
     }
     $serialized_options = get_param('serialized_options', false, true);
     $hash = get_param('hash');
     if (best_hash($serialized_options, get_site_salt()) != $hash) {
         warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
     }
     secure_serialized_data($serialized_options);
     list($topic_id, $num_to_show_limit, $allow_comments, $invisible_if_no_comments, $forum, $reverse, $may_reply, $highlight_by_user, $allow_reviews) = unserialize($serialized_options);
     $posts = array_map('intval', explode(',', get_param('ids', false, true)));
     $_parent_id = get_param('id', '');
     $parent_id = $_parent_id == '' ? mixed() : intval($_parent_id);
     require_code('topics');
     $renderer = new OCP_Topic();
     return $renderer->render_posts_from_topic($topic_id, $num_to_show_limit, $allow_comments, $invisible_if_no_comments, $forum, NULL, $reverse, $may_reply, $highlight_by_user, $allow_reviews, $posts, $parent_id);
 }

示例#2

0

显示文件

文件： feedback.php 项目： erico-deh/ocPortal

/**
 * Do an AJAX comment post
 */
function post_comment_script()
{
    header("Cache-Control: no-cache, must-revalidate");
    // HTTP/1.1
    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
    // Date in the past
    // Read in context of what we're doing
    $options = post_param('options');
    secure_serialized_data($options);
    list($page_name, $content_id, $allow_comments, $submitter, $content_url, $content_title, $forum) = unserialize($options);
    // Check security
    $hash = post_param('hash');
    if (best_hash($options, get_site_salt()) != $hash) {
        header('Content-Type: text/plain; charset=' . get_charset());
        exit;
    }
    // Post comment
    actualise_post_comment($allow_comments >= 1, $page_name, $content_id, $content_url, $content_title, $forum);
    // Get new comments state
    $comment_details = get_comments($page_name, $allow_comments == 1, $content_id, false, $forum, NULL, NULL, false, false, $submitter, $allow_comments == 2);
    // And output as text
    header('Content-Type: text/plain; charset=' . get_charset());
    $comment_details->evaluate_echo();
}

示例#3

0

显示文件

文件： users_inactive_occasionals.php 项目： erico-deh/ocPortal

/**
 * Do a cookie login.
 *
 * @return MEMBER			Logged in member (NULL: no login happened)
 */
function try_cookie_login()
{
    $member = NULL;
    // Preprocess if this is a serialized cookie
    $member_cookie_name = get_member_cookie();
    $bar_pos = strpos($member_cookie_name, '|');
    $colon_pos = strpos($member_cookie_name, ':');
    if ($colon_pos !== false) {
        $base = substr($member_cookie_name, 0, $colon_pos);
        if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
            $real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
            $real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
            $the_cookie = $_COOKIE[$base];
            if (get_magic_quotes_gpc()) {
                $the_cookie = stripslashes($_COOKIE[$base]);
            }
            secure_serialized_data($the_cookie, array());
            $unserialize = @unserialize($the_cookie);
            if (is_array($unserialize)) {
                if (array_key_exists($real_member_cookie, $unserialize)) {
                    $the_member = $unserialize[$real_member_cookie];
                    if (get_magic_quotes_gpc()) {
                        $the_member = addslashes(@strval($the_member));
                    }
                    $_COOKIE[get_member_cookie()] = $the_member;
                }
                if (array_key_exists($real_pass_cookie, $unserialize)) {
                    $the_pass = $unserialize[$real_pass_cookie];
                    if (get_magic_quotes_gpc()) {
                        $the_pass = addslashes($the_pass);
                    }
                    $_COOKIE[get_pass_cookie()] = $the_pass;
                }
            }
        }
    } elseif ($bar_pos !== false) {
        $base = substr($member_cookie_name, 0, $bar_pos);
        if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
            $real_member_cookie = substr($member_cookie_name, $bar_pos + 1);
            $real_pass_cookie = substr(get_pass_cookie(), $bar_pos + 1);
            $the_cookie = $_COOKIE[$base];
            if (get_magic_quotes_gpc()) {
                $the_cookie = stripslashes($_COOKIE[$base]);
            }
            $cookie_contents = explode('||', $the_cookie);
            $the_member = $cookie_contents[intval($real_member_cookie)];
            if (get_magic_quotes_gpc()) {
                $the_member = addslashes($the_member);
            }
            $_COOKIE[get_member_cookie()] = $the_member;
            $the_pass = $cookie_contents[intval($real_pass_cookie)];
            if (get_magic_quotes_gpc()) {
                $the_pass = addslashes($the_pass);
            }
            $_COOKIE[get_pass_cookie()] = $the_pass;
        }
    }
    if (array_key_exists(get_member_cookie(), $_COOKIE) && array_key_exists(get_pass_cookie(), $_COOKIE)) {
        $store = $_COOKIE[get_member_cookie()];
        $pass = $_COOKIE[get_pass_cookie()];
        if (get_magic_quotes_gpc()) {
            $store = stripslashes($store);
            $pass = stripslashes($pass);
        }
        if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) {
            $username = $store;
            $store = strval($GLOBALS['FORUM_DRIVER']->get_member_from_username($store));
        } else {
            $username = $GLOBALS['FORUM_DRIVER']->get_username(intval($store));
        }
        $member = intval($store);
        if (!is_guest($member)) {
            if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
                // Test password hash
                $login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, $pass, $pass, true);
                $member = $login_array['id'];
            } else {
                // Test password plain
                $login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, apply_forum_driver_md5_variant($pass, $username), $pass, true);
                $member = $login_array['id'];
            }
            if (!is_null($member)) {
                global $IS_A_COOKIE_LOGIN;
                $IS_A_COOKIE_LOGIN = true;
                create_session($member, 0, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
            }
        }
    }
    return $member;
}

示例#4

0

显示文件

文件： newsletter.php 项目： erico-deh/ocPortal

/**
 * Find a group of members the newsletter will go to.
 *
 * @param  array				A map describing what newsletters and newsletter levels the newsletter is being sent to
 * @param  LANGUAGE_NAME	The language
 * @param  integer			Start position in result set (results are returned in parallel for each category of result)
 * @param  integer			Maximum records to return from each category
 * @param  boolean			Whether to get raw rows rather than mailer-ready correspondance lists
 * @param  string				Serialized CSV data to also consider
 * @return array				Returns a tuple of corresponding detail lists, emails,hashes,usernames,forenames,surnames,ids, and a record count for levels (depending on requests: csv, 1, <newsletterID>, g<groupID>) [record counts not returned if $start is not zero, for performance reasons]
 */
function newsletter_who_send_to($send_details, $lang, $start, $max, $get_raw_rows = false, $csv_data = '')
{
    // Find who to send to
    $level = 0;
    $usernames = array();
    $forenames = array();
    $surnames = array();
    $emails = array();
    $ids = array();
    $hashes = array();
    $total = array();
    $raw_rows = array();
    // Standard newsletter subscribers
    $newsletters = $GLOBALS['SITE_DB']->query_select('newsletters', array('*'));
    foreach ($newsletters as $newsletter) {
        $this_level = array_key_exists(strval($newsletter['id']), $send_details) ? $send_details[strval($newsletter['id'])] : 0;
        if ($this_level != 0) {
            $where_lang = multi_lang() ? db_string_equal_to('language', $lang) . ' AND ' : '';
            $query = ' FROM ' . get_table_prefix() . 'newsletter_subscribe s LEFT JOIN ' . get_table_prefix() . 'newsletter n ON n.email=s.email WHERE ' . $where_lang . 'code_confirm=0 AND s.newsletter_id=' . strval($newsletter['id']) . ' AND the_level>=' . strval((int) $this_level);
            $temp = $GLOBALS['SITE_DB']->query('SELECT n.id,n.email,the_password,n_forename,n_surname' . $query, $max, $start);
            if ($start == 0) {
                $test = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'newsletter_subscribe WHERE newsletter_id=' . strval($newsletter['id']) . ' AND the_level>=' . strval((int) $this_level));
                if ($test > 10000) {
                    $total[strval($newsletter['id'])] = $test;
                } else {
                    $total[strval($newsletter['id'])] = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*)' . $query);
                }
            }
            foreach ($temp as $_temp) {
                if (!in_array($_temp['email'], $emails)) {
                    if (!$get_raw_rows) {
                        $emails[] = $_temp['email'];
                        $forenames[] = $_temp['n_forename'];
                        $surnames[] = $_temp['n_surname'];
                        $username = trim($_temp['n_forename'] . ' ' . $_temp['n_surname']);
                        if ($username == '') {
                            $username = do_lang('NEWSLETTER_SUBSCRIBER', get_site_name());
                        }
                        $usernames[] = $username;
                        $ids[] = 'n' . strval($_temp['id']);
                        $hashes[] = best_hash($_temp['the_password'], 'xunsub');
                    } else {
                        $raw_rows[] = $_temp;
                    }
                }
            }
        }
        $level = max($level, $this_level);
    }
    // OCF imports
    if (get_forum_type() == 'ocf') {
        $where_lang = multi_lang() ? '(' . db_string_equal_to('m_language', $lang) . ' OR ' . db_string_equal_to('m_language', '') . ') AND ' : '';
        // Usergroups
        $groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list();
        foreach ($send_details as $_id => $is_on) {
            if (is_string($_id) && substr($_id, 0, 1) == 'g' && $is_on == 1) {
                $id = intval(substr($_id, 1));
                global $SITE_INFO;
                if (isset($SITE_INFO['mysql_old']) && $SITE_INFO['mysql_old'] == '1' || !isset($SITE_INFO['mysql_old']) && is_file(get_file_base() . '/mysql_old')) {
                    $query = 'SELECT xxxxx FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members m LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_group_members g ON m.id=g.gm_member_id AND g.gm_validated=1 WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1 AND (gm_group_id=' . strval($id) . ' OR m_primary_group=' . strval($id) . ')';
                    if (get_option('allow_email_from_staff_disable') == '1') {
                        $query .= ' AND m_allow_emails=1';
                    }
                    $query .= ' AND m_is_perm_banned=0';
                } else {
                    $query = 'SELECT xxxxx  FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members m LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_group_members g ON m.id=g.gm_member_id AND g.gm_validated=1 WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1 AND gm_group_id=' . strval($id);
                    if (get_option('allow_email_from_staff_disable') == '1') {
                        $query .= ' AND m_allow_emails=1';
                    }
                    $query .= ' AND m_is_perm_banned=0';
                    $query .= ' UNION SELECT xxxxx FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members m WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1 AND m_primary_group=' . strval($id);
                    if (get_option('allow_email_from_staff_disable') == '1') {
                        $query .= ' AND m_allow_emails=1';
                    }
                    $query .= ' AND m_is_perm_banned=0';
                }
                $_rows = $GLOBALS['FORUM_DB']->query(str_replace('xxxxx', 'm.id,m.m_email_address,m.m_username', $query), $max, $start, false, true);
                if ($start == 0) {
                    $total['g' . strval($id)] = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT (' . str_replace(' UNION ', ') + (', str_replace('xxxxx', 'COUNT(*)', $query)) . ')', false, true);
                }
                foreach ($_rows as $row) {
                    if (!in_array($row['m_email_address'], $emails)) {
                        if (!$get_raw_rows) {
                            $emails[] = $row['m_email_address'];
                            $forenames[] = '';
                            $surnames[] = '';
                            $usernames[] = $row['m_username'];
                            $ids[] = 'm' . strval($row['id']);
                            $hashes[] = '';
                        } else {
                            $raw_rows[] = $row;
                        }
                    }
                }
            }
        }
        // *All* OCF members (we could have chosen all usergroups, but for legacy reasons we still have this option)
        if (array_key_exists('-1', $send_details) ? $send_details['-1'] : 0 == 1) {
            $query = ' FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1';
            if (get_option('allow_email_from_staff_disable') == '1') {
                $query .= ' AND m_allow_emails=1';
            }
            $query .= ' AND m_is_perm_banned=0';
            $_rows = $GLOBALS['FORUM_DB']->query('SELECT id,m_email_address,m_username' . $query, $max, $start);
            if ($start == 0) {
                $total['-1'] = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT COUNT(*)' . $query);
            }
            foreach ($_rows as $_temp) {
                if (!in_array($_temp['m_email_address'], $emails)) {
                    if (!$get_raw_rows) {
                        $emails[] = $_temp['m_email_address'];
                        $forenames[] = '';
                        $surnames[] = '';
                        $usernames[] = $_temp['m_username'];
                        $ids[] = 'm' . strval($_temp['id']);
                        $hashes[] = '';
                    } else {
                        $raw_rows[] = $_temp;
                    }
                }
            }
        }
    }
    // From CSV
    if ($csv_data != '') {
        secure_serialized_data($csv_data, array());
        $_csv_data = unserialize($csv_data);
        $email_index = 0;
        $forename_index = 1;
        $surname_index = 2;
        $username_index = 3;
        $id_index = 4;
        $hash_index = 5;
        if ($start == 0) {
            $total['csv'] = 0;
        }
        $pos = 0;
        foreach ($_csv_data as $i => $csv_line) {
            if ($i <= 1 && count($csv_line) >= 1 && isset($csv_line[0]) && strpos($csv_line[0], '@') === false && isset($csv_line[1]) && strpos($csv_line[1], '@') === false) {
                foreach ($csv_line as $j => $val) {
                    if (in_array(strtolower($val), array('e-mail', 'email', 'email address', 'e-mail address'))) {
                        $email_index = $j;
                    }
                    if (in_array(strtolower($val), array('forename', 'forenames', 'first name'))) {
                        $forename_index = $j;
                    }
                    if (in_array(strtolower($val), array('surname', 'surnames', 'last name'))) {
                        $surname_index = $j;
                    }
                    if (in_array(strtolower($val), array('username'))) {
                        $username_index = $j;
                    }
                    if (in_array(strtolower($val), array('id', 'identifier'))) {
                        $id_index = $j;
                    }
                    if (in_array(strtolower($val), array('hash', 'password', 'pass', 'code', 'secret'))) {
                        $hash_index = $j;
                    }
                }
                continue;
            }
            if (count($csv_line) >= 1 && !is_null($csv_line[$email_index]) && strpos($csv_line[$email_index], '@') !== false) {
                if ($pos >= $start && $pos - $start < $max) {
                    if (!$get_raw_rows) {
                        $emails[] = $csv_line[$email_index];
                        $forenames[] = array_key_exists($forename_index, $csv_line) ? $csv_line[$forename_index] : '';
                        $surnames[] = array_key_exists($surname_index, $csv_line) ? $csv_line[$surname_index] : '';
                        $usernames[] = array_key_exists($username_index, $csv_line) ? $csv_line[$username_index] : '';
                        $ids[] = array_key_exists($id_index, $csv_line) ? $csv_line[$id_index] : '';
                        $hashes[] = array_key_exists($hash_index, $csv_line) ? $csv_line[$hash_index] : '';
                    } else {
                        $raw_rows[] = $csv_line;
                    }
                }
                if ($start == 0) {
                    $total['csv']++;
                }
                $pos++;
            }
        }
    }
    return array($emails, $hashes, $usernames, $forenames, $surnames, $ids, $total, $raw_rows);
}

示例#5

0

显示文件

文件： ajax.php 项目： erico-deh/ocPortal

/**
 * AJAX script for dynamically extended selection tree.
 */
function ajax_tree_script()
{
    // Closed site
    $site_closed = get_option('site_closed');
    if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
        header('Content-Type: text/plain');
        @exit(get_option('closed'));
    }
    header("Cache-Control: no-cache, must-revalidate");
    // HTTP/1.1
    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
    // Date in the past
    header('Content-Type: text/xml');
    $hook = filter_naughty_harsh(get_param('hook'));
    require_code('hooks/systems/ajax_tree/' . $hook);
    $object = object_factory('Hook_' . $hook);
    convert_data_encodings(true);
    $id = get_param('id', '', true);
    if ($id == '') {
        $id = NULL;
    }
    @ini_set('ocproducts.xss_detect', '0');
    $html_mask = get_param_integer('html_mask', 0) == 1;
    if (!$html_mask) {
        echo '<?xml version="1.0" encoding="' . get_charset() . '"?' . '>';
    }
    echo $html_mask ? '<html>' : '<request>';
    $_options = get_param('options', '', true);
    if ($_options == '') {
        $_options = serialize(array());
    }
    secure_serialized_data($_options);
    $options = @unserialize($_options);
    if ($options === false) {
        warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
    }
    $val = $object->run($id, $options, get_param('default', NULL, true));
    echo str_replace('</body>', '<br id="ended" /></body>', $val);
    echo $html_mask ? '</html>' : '</request>';
}

PHP secure_serialized_data示例