private function botJFUploader( &$row, &$params, $page=0 ) { global $prefix_path; $mainframe = &JFactory::getApplication(); $regex = '/\{jfuploader.*}/'; $regexhide = '/<!--\s*\{jfuploader.*}\s*-->/'; $plugin =& JPluginHelper::getPlugin('content', 'jfuploader'); $pluginParams = new JParameter( $plugin->params ); // check if the plugin has been published if (!$pluginParams->get( 'enabled', 1 )) { $row->text = preg_replace( $regex, '', $row->text ); return true; } if (!file_exists("administrator/components/com_jfuploader/jfuploader.class.php")) { $mycode .= "<div style='padding:10px; margin:10px; border: 1px solid #555555;color: #000000;background-color: #f8f8f8; text-align:center; width:360px;'><b>Installation error</b><br>The JFUploader component can not be found. This component is required. Please install JFUploader first before you use this plugin.</div>"; $row->text = preg_replace ($regex, $mycode, $row->text); return; } $skip_error_handling = "true"; // avoids that the jfu logfile is used for everything! $debug_file = ''; @ob_start(); if (file_exists('components/com_jfuploader/tfu/tfu_helper.php')) { // frontend! require_once('components/com_jfuploader/tfu/tfu_helper.php'); } else { require_once("administrator/components/com_jfuploader/tfu/tfu_helper.php"); } @ob_end_clean(); require_once("components/com_jfuploader/jfuploader.html.php"); require_once("administrator/components/com_jfuploader/jfuploader.class.php"); // find all instances of mambot and put in $matches preg_match_all( $regex, $row->text, $matches ); // Number of mambots $count = count( $matches[0] ); // only processes if there are any instances of the plugin in the text if ( $count ) { JFUHelper::printCss(); JPlugin::loadLanguage( 'com_jfuploader' ); preg_match ( '/{jfuploader.*id=([\w_-]+).*}/', $row->text, $treffer ); $id = $treffer[1]; preg_match ( '/{jfuploader.*type=([0,1]{1}).*}/', $row->text, $treffer ); $selector = $treffer[1]; preg_match ( '/{jfuploader.*securitytoken=([\w_-]+).*}/', $row->text, $treffer ); $securitytoken = $treffer[1]; preg_match ( '/{jfuploader.*twgpath=([\/\w_-]+).*}/', $row->text, $treffer ); if (isset($treffer[1])) { $twgpath = $treffer[1]; } else { $twgpath = ''; } echo '<!-- JFU type: \'' . $selector . '\' id: \'' . $id . '\' -->'; if (isset($selector) && isset($id)) { if ($selector == "0" && $id == "1") { // admin profile! $mycode = HTML_joomla_flash_uploader::wrongId($id,true); } else if ($this->securityTokenIsValid($selector, $id, $securitytoken)) { $user = JFactory::getUser(); $old_error = error_reporting(0); $myId = JFUHelper::getProfileId($selector, $id, $user); error_reporting($old_error); if ($myId >=0) { $mycode = $this->showFlashPlugin($myId, $twgpath); } else { $mycode = HTML_joomla_flash_uploader::wrongId($id, true); } } else { $mycode = "<div class='errordiv'>". JText::_("ERR_PLUGIN") ."</div>"; } } else { $mycode = "<div class='errordiv'>". JText::_("ERR_PLUGIN") ."</div>"; } // Replace the text $row->text = preg_replace ($regexhide, $mycode, $row->text); $row->text = preg_replace ($regex, $mycode, $row->text); } // we remove the JFU error handler if ($old_error_handler) { set_error_handler($old_error_handler); } else { // no other error handler set set_error_handler('on_error_no_output'); } }
require_once JApplicationHelper::getPath('front_html'); require_once JApplicationHelper::getPath('class'); $skip_error_handling = "true"; // avoids that the jfu logfile is used for everything! $debug_file = ''; include_once "administrator/components/com_joomla_flash_uploader/tfu/tfu_helper.php"; JFUHelper::printCss(); // The administrator profile was selected and because of security issue it is not allowed to use this profile in the frontend. If you really like to use a profile that has access to the full installation please create a new profile and set the folder like in the administration profile. $my =& JFactory::getUser(); $_SESSION["TFU_USER"] = $my->username; echo '<!-- JFU sel_id: \'' . $sel_id . '\' id: \'' . $id . '\' -->'; if ($sel_id == "0" && $id == "1") { // admin profile! HTML_joomla_flash_uploader::wrongId($id); } else { $myId = JFUHelper::getProfileId($sel_id, $id, $my); if ($myId >= 0) { showFlashComponent($myId); } else { HTML_joomla_flash_uploader::wrongId($id); } } // we remove the JFU error handler if ($old_error_handler) { set_error_handler($old_error_handler); } else { // no other error handler set set_error_handler('on_error_no_output'); } function showFlashComponent($id) {
function display($tpl = null) { global $Itemid, $m, $prefix_dir_path, $prefix_path; require_once JApplicationHelper::getPath('class'); require_once JApplicationHelper::getPath('front_html'); $public_profile = false; $user =& JFactory::getUser(); $type = JRequest::getVar('type'); $editor_plugin = $type == 'jfuploader_editor'; $block_type = 'span'; // Parameters $id = JRequest::getString('tfu_id'); $sel_id = JRequest::getString('tfu_sel_id'); $jfu_params = array(); // we check if we where called by the editor plugin if ($editor_plugin) { $error_text = "<center>Username and security token do not match. Most likely your session or the timestamp (30 min) has expired or the request was modified. If this happens all the time please get help at <a href=\"http://jfu.tinywebgallery.com\" target=\"_blank\">jfu.tinywebgallery.com.</center>"; $plugin =& JPluginHelper::getPlugin('editors-xtd', 'jfuploader_editor'); $pluginParams = new JParameter($plugin->params); $id = $pluginParams->get('tfu_id', 'not set'); $sel_id = $pluginParams->get('tfu_sel_id', 'not set'); $block_type = $pluginParams->get('block_type', 'span'); $jfu_params['tfu_show_resize'] = $pluginParams->get('tfu_show_resize', 1); $jfu_params['tfu_enable_resize'] = $pluginParams->get('tfu_enable_resize', 1); $jfu_params['tfu_insert_resize'] = $pluginParams->get('tfu_insert_resize', 1); $jfu_params['tfu_show_border'] = $pluginParams->get('tfu_show_border', 1); $jfu_params['tfu_show_alignment'] = $pluginParams->get('tfu_show_alignment', 1); $jfu_params['tfu_show_spacing'] = $pluginParams->get('tfu_show_spacing', 1); $jfu_params['tfu_show_thumbnail_create'] = $pluginParams->get('tfu_show_thumbnail_create', 1); $jfu_params['tfu_show_help'] = $pluginParams->get('tfu_show_help', 1); $jfu_params['tfu_show_image_extra'] = $pluginParams->get('tfu_show_image_extra', 1); $jfu_params['tfu_show_caption'] = $pluginParams->get('tfu_show_caption', 1); $jfu_params['tfu_show_ruler'] = $pluginParams->get('tfu_show_ruler', 1); $jfu_params['tfu_show_google_doc'] = $pluginParams->get('tfu_show_google_doc', 1); $jfu_params['e_name'] = JRequest::getVar('e_name', 'text'); $param_id = JRequest::getVar('myid', 'not set'); if ($param_id != 'not set') { // the token has to be validated again the database with the current user name! $my_first_daughters_name = "Anna"; $mytoken = JRequest::getVar('mytoken', 'not set'); $ts = JRequest::getVar('ts', time() - 100); // time is valid for only 30 m if (time() - $ts > 1800) { die($error_text); } $jConfig = new JConfig(); $secret = $jConfig->secret; $usertoken = md5($param_id . $my_first_daughters_name . $secret . $ts); if ($usertoken == $mytoken) { $user =& JFactory::getUser($param_id); } else { die($error_text); } } else { // check if public access is allowed $public_profiles = $pluginParams->get('tfu_public_profiles', '0'); if ($sel_id == '0' && $public_profiles == '1') { $public_profile = true; } } if (!$public_profile && !$user->id) { die($error_text); } } $skip_error_handling = "true"; // avoids that the jfu logfile is used for everything! $debug_file = ''; @ob_start(); if (file_exists('components/com_jfuploader/tfu/tfu_helper.php')) { // frontend! $prefix_path = ''; $prefix_dir_path = ''; include_once 'components/com_jfuploader/tfu/tfu_helper.php'; } else { $prefix_path = 'administrator/'; $prefix_dir_path = '../'; include_once $prefix_path . 'components/com_jfuploader/tfu/tfu_helper.php'; } @ob_end_clean(); JFUHelper::printCss(); // we include the js echo '<script type="text/javascript" src="components/com_jfuploader/jfuploader.js"></script>'; if ($id == 'not set' || $sel_id == 'not set') { HTML_joomla_flash_uploader::wrongId('ERR_ID_NO_XTD'); return; } // The administrator profile was selected and because of security issue it is not allowed to use this profile in the frontend. If you really like to use a profile that has access to the full installation please create a new profile and set the folder like in the administration profile. if ($user) { $_SESSION["TFU_USER"] = $user->username; } echo '<!-- JFU sel_id: \'' . $sel_id . '\' id: \'' . $id . '\' -->'; if ($sel_id == '0' && $id == '1' || $sel_id == '' || $id == '') { // admin profile or no id! HTML_joomla_flash_uploader::wrongId($id); } else { $myId = JFUHelper::getProfileId($sel_id, $id, $user); if ($myId > 1) { // admin profile is not allowed in the frontend JFUploaderViewJFUploader::showFlashComponent($myId, $user, $editor_plugin, $block_type, $jfu_params); } else { HTML_joomla_flash_uploader::wrongId($myId); } } // we remove the JFU error handler if ($old_error_handler) { set_error_handler($old_error_handler); } else { // no other error handler set set_error_handler('on_error_no_output'); } }