/**
* Log the user in
* @param uname the name of the user logging in
* @param pass the password of the user logging in
* @param whether or not to remember this login
* @returns bool
* @return true if the user successfully logged in, false otherwise
*/
function pnUserLogIn($uname, $pass, $rememberme)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnUserLoggedIn()) {
// Get user information
$userscolumn =& $pntable['users_column'];
$userstable = $pntable['users'];
$query = "SELECT {$userscolumn['uid']},\n {$userscolumn['pass']}\n FROM {$userstable}\n WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
$result = $dbconn->Execute($query);
if ($result->EOF) {
return false;
}
list($uid, $realpass) = $result->fields;
$result->Close();
// Confirm that passwords match
if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
return false;
}
// Set user session information (new table)
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$query = "UPDATE {$sessioninfotable}\n SET {$sessioninfocolumn['uid']} = " . pnVarPrepForStore($uid) . "\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore(session_id()) . "'";
$dbconn->Execute($query);
// Set session variables
pnSessionSetVar('uid', (int) $uid);
if (!empty($rememberme)) {
pnSessionSetVar('rememberme', 1);
}
}
return true;
}
/**
* confirm an authorisation key is valid
* <br>
* See description of <code>pnSecGenAuthKey</code> for information on
* this function
* @public
* @returns bool
* @return true if the key is valid, false if it is not
*/
function pnSecConfirmAuthKey($preview = false)
{
list($module, $authid) = pnVarCleanFromInput('module', 'authid');
// Regenerate static part of key
$partkey = pnSessionGetVar('rand') . strtolower($module);
if (md5($partkey) == $authid) {
// Match - generate new random number for next key and leave happy
if (!$preview) {
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
}
return true;
}
// Not found, assume invalid
return false;
}
/**
* This is a standard function to update the configuration parameters of the
* module given the information passed back by the modification form
*/
function template_admin_updateconfig()
{
// Get parameters from whatever input we need. All arguments to this
// function should be obtained from pnVarCleanFromInput(), getting them
// from other places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
$bold = pnVarCleanFromInput('bold');
// Confirm authorisation code. This checks that the form had a valid
// authorisation code attached to it. If it did not then the function will
// proceed no further as it is possible that this is an attempt at sending
// in false data to the system
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Template', 'admin', 'view'));
return true;
}
// Update module variables. Note that depending on the HTML structure used
// to obtain the information from the user it is possible that the values
// might be unset, so it is important to check them all and assign them
// default values if required
if (!isset($bold)) {
$bold = 0;
}
pnModSetVar('template', 'bold', $bold);
if (!isset($itemsperpage)) {
$itemsperpage = 10;
}
pnModSetVar('template', 'itemsperpage', $itemsperpage);
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
pnRedirect(pnModURL('Template', 'admin', 'view'));
// Return
return true;
}
/**
* Selects all of a given item from database.
*
* @param $from STRING required table name to select items from.
* @return array of options for dropdowns.
*/
function Meds_userapi_DBselect($args)
{
// Initialize the return variable early on.
$select = array();
// Permission check.
if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) {
return $select;
}
// Define table to select from. (comparable to $object in other functions)
$from = (string) $args['from'];
// Define tables that can be selected from for dropdowns.
$tables = array('chem', 'company', 'moa', 'preserve');
// Ensure a valid table name was passed.
if (!in_array($from, $tables)) {
pnSessionSetVar('errormsg', 'Error selecting table from database.');
return false;
}
// Get database connection and tables references.
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Dynamically create the table/field references based on $from.
$table =& $pntable['rx_' . $from];
$field =& $pntable['rx_' . $from . '_column'];
// Dynamically create the $id_field to select by.
$id_field = substr($from, 0, 4) . '_id';
// Create SQL to select the id and name of the item.
$sql = "SELECT {$field[$id_field]},\n {$field['name']}\n FROM {$table}\n ORDER BY {$field['name']}";
// Execute query.
$result = $dbconn->Execute($sql);
// Check for database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _GETFAILED);
return false;
}
// Loop through $result set.
for (; !$result->EOF; $result->MoveNext()) {
// Extract data from result set.
list($id, $name) = $result->fields;
// Assign the data to the select array.
$select[$id] = array($id_field => $id, 'name' => $name);
}
// Close $result set.
$result->Close();
// Return.
return $select;
}
/**
* confirm an authorisation key is valid
* <br />
* See description of <code>pnSecGenAuthKey</code> for information on
* this function
*
* @public
* @return bool true if the key is valid, false if it is not
*/
function pnSecConfirmAuthKey()
{
list($module, $authid) = pnVarCleanFromInput('module', 'authid');
// get the module info
$modinfo = pnModGetInfo(pnModGetIDFromName($module));
// Regenerate static part of key
$partkey = pnSessionGetVar('rand') . strtolower($modinfo['name']);
// Not using time-sensitive keys for the moment
// // Key life is 5 minutes, so search backwards and forwards 5
// // minutes to see if there is a match anywhere
// for ($i=-5; $i<=5; $i++) {
// $testdate = mktime(date('G'), date('i')+$i, 0, date('m') , date('d'), date('Y'));
// $testauthid = md5($partkey . date('YmdGi', $testdate));
// if ($testauthid == $authid) {
// // Match
// // We've used up the current random
// // number, make up a new one
// srand((double)microtime()*1000000);
// pnSessionSetVar('rand', rand());
// return true;
// }
// }
if (md5($partkey) == $authid) {
// Match - generate new random number for next key and leave happy
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
return true;
}
// Not found, assume invalid
return false;
}
/**
* Initialise PostNuke
* <br>
* Carries out a number of initialisation tasks to get PostNuke up and
* running.
* @returns void
*/
function pnInit()
{
// proper error_repoting
// e_all for development
// error_reporting(E_ALL);
// without warnings and notices for release
error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING & ~E_DEPRECATED);
// Hack for some weird PHP systems that should have the
// LC_* constants defined, but don't
if (!defined('LC_TIME')) {
define('LC_TIME', 'LC_TIME');
}
// ADODB configuration
define('ADODB_DIR', 'pnadodb');
require 'pnadodb/adodb.inc.php';
// Temporary fix for hacking the hlpfile global
// TODO - remove with pre-0.71 code
global $hlpfile;
$hlpfile = '';
// Initialise and load configuration
global $pnconfig, $pndebug;
$pnconfig = array();
include 'config.php';
// Set up multisites
// added this @define for .71, ugly ?
// i guess the E_ALL stuff.
@define('WHERE_IS_PERSO', '');
// Initialise and load pntables
global $pntable;
$pntable = array();
// if a multisite has its own pntables.
if (file_exists(WHERE_IS_PERSO . 'pntables.php')) {
include WHERE_IS_PERSO . 'pntables.php';
} else {
require 'pntables.php';
}
// Decode encoded DB parameters
if ($pnconfig['encoded']) {
$pnconfig['dbuname'] = base64_decode($pnconfig['dbuname']);
$pnconfig['dbpass'] = base64_decode($pnconfig['dbpass']);
$pnconfig['encoded'] = 0;
}
// Connect to database
if (!pnDBInit()) {
die('Database initialisation failed');
}
// debugger if required
if ($pndebug['debug']) {
include_once 'includes/lensdebug.inc.php';
global $dbg, $debug_sqlcalls;
$dbg = new LensDebug();
$debug_sqlcalls = 0;
}
// Build up old config array
pnConfigInit();
// Set compression on if desired
//
if (pnConfigGetVar('UseCompression') == 1) {
ob_start("ob_gzhandler");
}
// Other includes
include 'includes/pnSession.php';
include 'includes/pnUser.php';
// Start session
if (!pnSessionSetup()) {
die('Session setup failed');
}
if (!pnSessionInit()) {
die('Session initialisation failed');
}
include 'includes/security.php';
// See if a language update is required
$newlang = pnVarCleanFromInput('newlang');
if (!empty($newlang)) {
$lang = $newlang;
pnSessionSetVar('lang', $newlang);
} else {
$lang = pnSessionGetVar('lang');
}
// Load global language defines
if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
$currentlang = $lang;
} else {
$currentlang = pnConfigGetVar('language');
pnSessionSetVar('lang', $currentlang);
}
include 'language/' . pnVarPrepForOS($currentlang) . '/global.php';
include 'modules/NS-Languages/api.php';
// Cross-Site Scripting attack defense - Sent by larsneo
// some syntax checking against injected javascript
$pnAntiCrackerMode = pnConfigGetVar('pnAntiCracker');
if ($pnAntiCrackerMode == 1) {
pnSecureInput();
//.........这里部分代码省略.........
/**
* upgrade the template module from an old version
* This function can be called multiple times
*/
function template_upgrade($oldversion)
{
// Upgrade dependent on old version number
switch ($oldversion) {
case 0.5:
// Version 0.5 didn't have a 'number' field, it was added
// in version 1.0
// Get datbase setup - note that both pnDBGetConn() and pnDBGetTables()
// return arrays but we handle them differently. For pnDBGetConn()
// we currently just want the first item, which is the official
// database handle. For pnDBGetTables() we want to keep the entire
// tables array together for easy reference later on
// This code could be moved outside of the switch statement if
// multiple upgrades need it
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// It's good practice to name the table and column definitions you
// are getting - $table and $column don't cut it in more complex
// modules
// This code could be moved outside of the switch statement if
// multiple upgrades need it
$templatetable = $pntable['template'];
$templatecolumn =& $pntable['template_column'];
// Add a column to the table - the formatting here is not
// mandatory, but it does make the SQL statement relatively easy
// to read. Also, separating out the SQL statement from the
// Execute() command allows for simpler debug operation if it is
// ever needed
$sql = "ALTER TABLE {$templatetable}\n ADD {$templatecolumn['number']} int(5) NOT NULL default 0";
$dbconn->Execute($sql);
// Check for an error with the database code, and if so set an
// appropriate error message and return
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _UPDATETABLEFAILED);
return false;
}
// At the end of the successful completion of this function we
// recurse the upgrade to handle any other upgrades that need
// to be done. This allows us to upgrade from any version to
// the current version with ease
return template_upgrade(1.0);
case 1.0:
// Code to upgrade from version 1.0 goes here
break;
case 2.0:
// Code to upgrade from version 2.0 goes here
break;
}
// Update successful
return true;
}
/** Initialise session.
* @return bool
*/
function pnSessionInit()
{
global $HTTP_SERVER_VARS;
// Fetch database aliases
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// First thing we do is ensure that there is no attempted pollution
// of the session namespace
foreach ($GLOBALS as $k => $v) {
if (preg_match('/^PNSV/', $k)) {
return false;
}
}
// Kick it
session_start();
// Have to re-write the cache control header to remove no-save, this
// allows downloading of files to disk for application handlers
// adam_baum - no-cache was stopping modules (andromeda) from caching the playlists, et al.
// any strange behaviour encountered, revert to commented out code.
//Header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
Header('Cache-Control: cache');
// Get session id
$sessid = session_id();
// Get (actual) client IP addr
$ipaddr = $HTTP_SERVER_VARS['REMOTE_ADDR'];
if (empty($ipaddr)) {
$ipaddr = getenv('REMOTE_ADDR');
}
if (!empty($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
$ipaddr = $HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
}
$tmpipaddr = getenv('HTTP_CLIENT_IP');
if (!empty($tmpipaddr)) {
$ipaddr = $tmpipaddr;
}
if (!empty($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
$ipaddr = preg_replace('/,.*/', '', $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
}
$tmpipaddr = getenv('HTTP_X_FORWARDED_FOR');
if (!empty($tmpipaddr)) {
$ipaddr = preg_replace('/,.*/', '', $tmpipaddr);
}
// END IP addr retrieval
// Table columns used to store session data in database
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
// Find out if session already exists
$query = "SELECT {$sessioninfocolumn['ipaddr']}\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'";
$result = $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
// Die on any error except "no results"
// Session already exists, we define it as current
if (!$result->EOF) {
$result->Close();
pnSessionCurrent($sessid);
} else {
pnSessionNew($sessid, $ipaddr);
// Generate a random number, used for
// some authentication
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
}
return true;
}
function httpreferer()
{
/***
* Here we set up some variables for the rest of the script.
* if you want to see whats going on, set $DEBUG to 1
* I use $httphost here because i dont want to deal with the need to have
* to see if $nuke_url is set correctly and whatnot. if you prefer to use
* $nuke_url isntead of HTTP_HOST, just uncomment the appropriate lines.
*/
$DEBUG = 0;
$httpreferer = pnServerGetVar('HTTP_REFERER');
$httphost = pnServerGetVar('HTTP_HOST');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
if ($DEBUG == 1) {
echo 'HTTP_HOST = ' . pnVarPrepForDisplay($httphost) . '<br /> HTTP_REFERER = ' . pnVarPrepForDisplay($httpreferer) . '<br />';
}
/***
* This is the first thing we need to check. what this does is see if
* HTTP_HOST is anywhere in HTTP_REFERER. This is so we dont log hits coming
* from our own domain.
*/
if (!ereg("{$httphost}", $httpreferer)) {
/***
* If $httpreferer is not set, set $httpreferer to value "bookmark"
* This is to show how many people have this bookmarked or type in the
* URL into the browser. also so we dont have empty referers.
*/
if ($httpreferer == '') {
$httpreferer = 'bookmark';
}
$httpreferer = trim($httpreferer);
$writeref = true;
$refex = pnConfigGetVar('httprefexcluded');
if (!empty($refex)) {
$refexclusion = explode(' ', $refex);
$count = count($refexclusion);
$eregicondition = "((";
for ($i = 0; $i < $count; $i++) {
if ($i != $count - 1) {
$eregicondition .= $refexclusion[$i] . ")|(";
} else {
$eregicondition .= $refexclusion[$i] . "))";
}
}
if (eregi($eregicondition, $httpreferer)) {
$writeref = false;
}
}
if ($writeref == true) {
// grab a reference to our table column defs for easier reading below
$column =& $pntable['referer_column'];
/***
* Lets select from the table where we have $httpreferer (whether it be
* a valid referer or 'bookmark'. if we return 1 row, that means someones
* used this referer before and update the set appropriatly.
*
* If we dont have any rows (it returns 0), we have a new entry in the
* table, update accordingly.
*
* After we figure out what SQL statement we are using, lets perform the
* query and we're done !
*/
$check_sql = "SELECT count({$column['rid']}) as c\n FROM {$pntable['referer']}\n WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'";
$result =& $dbconn->Execute($check_sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return false;
}
$row = $result->fields;
$count = $row[0];
if ($count == 1) {
$update_sql = "UPDATE {$pntable['referer']}\n SET {$column['frequency']} = {$column['frequency']} + 1\n WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'";
} else {
/***
* "auto-increment" isn't portable so we have to use the standard
* interface for grabbing sequence numbers. The underlying
* implementation handles the correct method for the RDBMS we are
* using.
*/
$rid = $dbconn->GenId($pntable['referer'], true);
$update_sql = "INSERT INTO {$pntable['referer']}\n ({$column['rid']},\n {$column['url']},\n {$column['frequency']})\n VALUES\n (" . pnVarPrepForStore($rid) . ",\n '" . pnVarPrepForStore($httpreferer) . "',\n 1)";
}
$result =& $dbconn->Execute($update_sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return false;
}
if ($DEBUG == 1) {
echo "<br />" . $check_sql . "<br />" . $update_sql . "<br />";
}
}
}
}
function Lenses_delete()
{
// Get a reference to the database connection and PN tables.
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Create a new data object.
$dict =& NewDataDictionary($dbconn);
// The SQL to delete all module tables is setup inside $schema.
// Notable is that table names are passed directly by reference
// instead of pre-assigning the references to an intermediary
// variable. Setting up the tables as $schema allows for a loop
// to delete all tables with only a single block of table-deletion
// and error-checking code.
$schema[] = $dict->DropTableSQL(&$pntable['lenses']);
$schema[] = $dict->DropTableSQL(&$pntable['lenses_companies']);
$schema[] = $dict->DropTableSQL(&$pntable['lenses_polymers']);
// Loop through $schema array.
foreach ($schema as $sqlarray) {
// Run SQL query and check for database error.
if ($dict->ExecuteSQLArray($sqlarray) != 2) {
// Set an error message.
pnSessionSetVar('errormsg', _LENSES_DROP_TABLE_FAILURE);
// Report failure.
return false;
}
}
// Delete any lingering module variables.
pnModDelVar('Lenses');
// Module deletion successful. Report success.
return true;
}
开发者ID:grlf,项目名称:eyedock,代码行数:31,代码来源:pninit.php
示例15: dplink_admin_updateconfig
function dplink_admin_updateconfig()
{
// Get parameters from whatever input we need.
$_loc = pnVarCleanFromInput('url');
$_window = pnVarCleanFromInput('use_window');
$_wrap = pnVarCleanFromInput('use_postwrap');
// Confirm authorisation code.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('dplink', 'admin', ''));
return true;
}
// Update module variables.
pnModSetVar('dplink', 'url', $_loc);
pnModSetVar('dplink', 'use_window', $_window);
pnModSetVar('dplink', 'use_postwrap', $_wrap);
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
pnRedirect('admin.php');
// Return
return true;
}
请发表评论