本文整理汇总了PHP中log_hack_attack_and_exit函数的典型用法代码示例。如果您正苦于以下问题:PHP log_hack_attack_and_exit函数的具体用法?PHP log_hack_attack_and_exit怎么用?PHP log_hack_attack_and_exit使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了log_hack_attack_and_exit函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。
示例1: do_netlink
/**
* Get a netlink block / direct to a netlink site.
*
* @param URLPATH The URL we grab our netlink from. If this is not blank, instead of getting a netlink block, we direct to a netlink site.
* @return tempcode The netlink block
*/
function do_netlink($redir_url = '')
{
header('Content-type: text/plain; charset=' . get_charset());
// If we are redirecting
if ($redir_url != '') {
if (strpos($redir_url, chr(10)) !== false || strpos($redir_url, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Location: ' . $redir_url);
exit;
}
// Ok we're displaying a netlink, which will be dumped right into the body of the reading site
// - this isn't actually a weburl that is actually displayed, its loaded by ocPortal and embedded-inline
// For all the names in our network
require_code('textfiles');
$lines = explode(chr(10), read_text_file('netlink', NULL, true));
if (count($lines) == 0) {
return new ocp_tempcode();
}
$content = new ocp_tempcode();
foreach ($lines as $line) {
$parts = explode('=', $line, 2);
if (count($parts) != 2) {
continue;
}
$name = rtrim($parts[0]);
$url = trim($parts[1]);
// Are we looking at the source site in the network?
$selected = strtolower($url) == strtolower(get_param('source', ''));
$content->attach(form_input_list_entry(base64_encode($url), $selected, $name));
}
return do_template('NETLINK', array('_GUID' => '180321222dc5dc99a231597c803f0726', 'CONTENT' => $content));
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:39,代码来源:multi_site_networks.php
示例2: check_naughty_javascript_url
/**
* Check the specified URL for potentially malicious JavaScript/etc. If any is found, the hack attack is logged if in an active post request by the submitting member otherwise filtered out.
*
* @param MEMBER The member who submitted the URL
* @param URLPATH The URL to check
* @param boolean Whether to check as arbitrary admin
* @return URLPATH Filtered input URL.
*/
function check_naughty_javascript_url($source_member, $url, $as_admin)
{
global $POTENTIAL_JS_NAUGHTY_ARRAY;
if (!$as_admin && !has_specific_permission($source_member, 'use_very_dangerous_comcode')) {
$url2 = strtolower($url);
$matches = array();
$bad = preg_match_all('#&\\#(\\d+)#', preg_replace('#\\s#', '', $url), $matches) != 0;
if ($bad) {
for ($i = 0; $i < count($matches[0]); $i++) {
$matched_entity = intval($matches[1][$i]);
if ($matched_entity < 127 && array_key_exists(chr($matched_entity), $POTENTIAL_JS_NAUGHTY_ARRAY)) {
if (count($_POST) != 0 && get_member() == $source_member) {
log_hack_attack_and_exit('ASCII_ENTITY_URL_HACK', $url);
}
return '';
}
}
}
$bad = preg_match_all('#&\\#x([\\dA-Za-z][\\dA-Za-z]+)#', preg_replace('#\\s#', '', $url), $matches) != 0;
if ($bad) {
for ($i = 0; $i < count($matches[0]); $i++) {
$matched_entity = intval(base_convert($matches[1][$i], 16, 10));
if ($matched_entity < 127 && array_key_exists(chr($matched_entity), $POTENTIAL_JS_NAUGHTY_ARRAY)) {
if (count($_POST) != 0 && get_member() == $source_member) {
log_hack_attack_and_exit('ASCII_ENTITY_URL_HACK', $url);
}
return '';
}
}
}
$bad = strpos($url2, 'script:') !== false || strpos($url2, 'data:') !== false;
if ($bad) {
if (count($_POST) != 0 && get_member() == $source_member) {
log_hack_attack_and_exit('SCRIPT_URL_HACK', $url2);
}
return '';
}
}
return $url;
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:48,代码来源:comcode_renderer.php
示例3: moderate_chat_room
/**
* The main user interface for moderating a chat room.
*
* @return tempcode The UI.
*/
function moderate_chat_room()
{
$title = get_page_title('CHAT_MOD_PANEL');
breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('CHOOSE'))));
$room_id = get_param_integer('id');
check_chatroom_access($room_id);
$room_details = $GLOBALS['SITE_DB']->query_select('chat_rooms', array('*'), array('id' => $room_id), '', 1);
if (!array_key_exists(0, $room_details)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$row = $room_details[0];
$has_mod_access = has_specific_permission(get_member(), 'edit_lowrange_content', 'cms_chat', array('chat', $room_id)) || $row['room_owner'] == get_member() && has_specific_permission(get_member(), 'moderate_my_private_rooms');
if (!$has_mod_access) {
access_denied('SPECIFIC_PERMISSION', 'edit_lowrange_content');
}
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 50);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'user_id' => do_lang_tempcode('MEMBER'));
$test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$max_rows = $GLOBALS['SITE_DB']->query_value('chat_messages', 'COUNT(*)', array('room_id' => $room_id));
$rows = $GLOBALS['SITE_DB']->query_select('chat_messages', array('*'), array('room_id' => $room_id), 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
$fields = new ocp_tempcode();
require_code('templates_results_table');
$array = array(do_lang_tempcode('MEMBER'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('MESSAGE'));
if (has_js()) {
$array[] = do_lang_tempcode('DELETE');
}
$fields_title = results_field_title($array, $sortables, 'sort', $sortable . ' ' . $sort_order);
foreach ($rows as $myrow) {
$url = build_url(array('page' => '_SELF', 'type' => 'ed', 'room_id' => $room_id, 'id' => $myrow['id']), '_SELF');
$username = $GLOBALS['FORUM_DRIVER']->get_username($myrow['user_id']);
if (is_null($username)) {
$username = '';
}
//do_lang('UNKNOWN');
$message = get_translated_tempcode($myrow['the_message']);
$link_time = hyperlink($url, escape_html(get_timezoned_date($myrow['date_and_time'])));
$_row = array($GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($GLOBALS['FORUM_DRIVER']->get_member_from_username($username), false, $username), escape_html($link_time), $message);
if (has_js()) {
$deletion_tick = do_template('RESULTS_TABLE_TICK', array('ID' => strval($myrow['id'])));
$_row[] = $deletion_tick;
}
$fields->attach(results_entry($_row));
}
if ($fields->is_empty()) {
if ($start != 0) {
$_GET['start'] = strval(max(0, $start - $max));
return $this->moderate_chat_room();
}
inform_exit(do_lang_tempcode('NO_ENTRIES'));
}
$content = results_table(do_lang_tempcode('MESSAGES'), $start, 'start', $max, 'max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort');
$mod_link = hyperlink(build_url(array('page' => '_SELF', 'type' => 'delete', 'stage' => 0, 'id' => $room_id), '_SELF'), do_lang_tempcode('DELETE_ALL_MESSAGES'));
$view_link = hyperlink(build_url(array('page' => 'chat', 'type' => 'room', 'id' => $room_id), get_module_zone('chat')), do_lang_tempcode('VIEW'));
$logs_link = hyperlink(build_url(array('page' => 'chat', 'type' => 'download_logs', 'id' => $room_id), get_module_zone('chat')), do_lang_tempcode('CHAT_DOWNLOAD_LOGS'));
$links = array($mod_link, $view_link, $logs_link);
$delete_url = build_url(array('page' => '_SELF', 'type' => 'mass_delete', 'room_id' => $room_id, 'start' => $start, 'max' => $max), '_SELF');
return do_template('CHAT_MODERATE_SCREEN', array('_GUID' => '940de7e8c9a0ac3c575892887c7ef3c0', 'URL' => $delete_url, 'TITLE' => $title, 'INTRODUCTION' => '', 'CONTENT' => $content, 'LINKS' => $links));
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:73,代码来源:cms_chat.php
示例4: nice_get_choose_table
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return ?array A quartet: The choose table, Whether re-ordering is supported from this screen, Search URL, Archive URL (NULL: nothing to select).
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'date_and_time DESC');
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('title' => do_lang_tempcode('TITLE'), 'date_and_time' => do_lang_tempcode('_ADDED'), 'news_views' => do_lang_tempcode('_VIEWS'));
if (addon_installed('unvalidated')) {
$sortables['validated'] = do_lang_tempcode('VALIDATED');
}
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$fh = array();
$fh[] = do_lang_tempcode('TITLE');
$fh[] = do_lang_tempcode('_ADDED');
$fh[] = do_lang_tempcode('_VIEWS');
if (addon_installed('unvalidated')) {
$fh[] = do_lang_tempcode('VALIDATED');
}
$fh[] = do_lang_tempcode('ACTIONS');
$header_row = results_field_title($fh, $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
$only_owned = has_specific_permission(get_member(), 'edit_midrange_content', 'cms_news') ? NULL : get_member();
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering, is_null($only_owned) ? NULL : array('submitter' => $only_owned), false, ' JOIN ' . get_table_prefix() . 'news_categories c ON c.id=r.news_category AND nc_owner IS NOT NULL');
if (count($rows) == 0) {
return NULL;
}
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$fr = array();
$fr[] = protect_from_escaping(hyperlink(build_url(array('page' => 'news', 'type' => 'view', 'id' => $row['id']), get_module_zone('news')), get_translated_text($row['title']), false, true));
$fr[] = get_timezoned_date($row['date_and_time']);
$fr[] = integer_format($row['news_views']);
if (addon_installed('unvalidated')) {
$fr[] = $row['validated'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO');
}
$fr[] = protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])));
$fields->attach(results_entry($fr, true));
}
$search_url = build_url(array('page' => 'search', 'id' => 'news'), get_module_zone('search'));
$archive_url = build_url(array('page' => 'news'), get_module_zone('news'));
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false, $search_url, $archive_url);
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:55,代码来源:cms_blogs.php
示例5: run
/**
* Standard modular run function.
*
* @param array A map of parameters.
* @return tempcode The result of execution.
*/
function run($map)
{
unset($map);
require_all_lang();
require_css('adminzone');
require_code('actionlog');
$start = get_param_integer('sa_start', 0);
$max = get_param_integer('sa_max', 10);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'the_type' => do_lang_tempcode('ACTION'));
$test = explode(' ', get_param('sa_sort', 'date_and_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sa_sort';
require_code('templates_results_table');
$fields_title = results_field_title(array(do_lang_tempcode('USERNAME'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('ACTION'), do_lang_tempcode('PARAMETER_A'), do_lang_tempcode('PARAMETER_B')), $sortables, 'sa_sort', $sortable . ' ' . $sort_order);
$max_rows = $max;
//Don't want to encourage pagination (there's a better module they can go to) $GLOBALS['SITE_DB']->query_value('adminlogs','COUNT(*)');
$rows = $GLOBALS['SITE_DB']->query_select('adminlogs', array('the_type', 'param_a', 'param_b', 'the_user', 'ip', 'date_and_time'), NULL, 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
$fields = new ocp_tempcode();
foreach ($rows as $myrow) {
$username = $GLOBALS['FORUM_DRIVER']->get_username($myrow['the_user']);
if (is_null($username)) {
$username = do_lang('UNKNOWN');
}
$date = get_timezoned_date($myrow['date_and_time']);
if (!is_null($myrow['param_a'])) {
$a = $myrow['param_a'];
} else {
$a = '';
}
if (!is_null($myrow['param_b'])) {
$b = $myrow['param_b'];
} else {
$b = '';
}
require_code('templates_interfaces');
$_a = tpl_crop_text_mouse_over($a, 8);
$_b = tpl_crop_text_mouse_over($b, 15);
$type_str = do_lang($myrow['the_type'], $_a, $_b, NULL, NULL, false);
if (is_null($type_str)) {
$type_str = $myrow['the_type'];
}
$test = actionlog_linkage($myrow['the_type'], $a, $b, $_a, $_b);
if (!is_null($test)) {
list($_a, $_b) = $test;
}
$ip = tpl_crop_text_mouse_over($myrow['ip'], 12);
$fields->attach(results_entry(array(escape_html($username), escape_html($date), $type_str, $_a, $_b)));
}
return results_table(do_lang_tempcode('ACTIONS'), $start, 'sa_start', $max, 'sa_max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sa_sort', new ocp_tempcode(), NULL, NULL, 5);
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:63,代码来源:main_staff_actions.php
示例6: nice_get_choose_table
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'w_name ASC');
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('w_name' => do_lang_tempcode('NAME'), 'w_subject' => do_lang_tempcode('SUBJECT'), 'w_send_time' => do_lang_tempcode('SEND_TIME'));
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$header_row = results_field_title(array(do_lang_tempcode('NAME'), do_lang_tempcode('SUBJECT'), do_lang_tempcode('SEND_TIME'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$fields->attach(results_entry(array($row['w_name'], get_translated_text($row['w_subject']), do_lang_tempcode('HOURS', escape_html(strval($row['w_send_time']))), protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])))), true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:30,代码来源:admin_ocf_welcome_emails.php
示例7: check_posted_field
/**
* Check a posted field isn't 'evil'.
*
* @param string The name of the parameter
* @param string The value retrieved
* @return string The filtered value
*/
function check_posted_field($name, &$val)
{
if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') {
$true_referer = substr(ocp_srv('HTTP_REFERER'), 0, 7) == 'http://' || substr(ocp_srv('HTTP_REFERER'), 0, 8) == 'https://';
$canonical_referer = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', ocp_srv('HTTP_REFERER')))));
$canonical_baseurl = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', get_base_url()))));
if ($true_referer && substr(strtolower($canonical_referer), 0, strlen($canonical_baseurl)) != strtolower($canonical_baseurl) && !is_guest()) {
if (!in_array($name, array('login_username', 'password', 'remember', 'login_invisible'))) {
$allowed_partners = explode(chr(10), get_option('allowed_post_submitters'));
$allowed_partners[] = 'paypal.com';
$allowed_partners[] = 'www.paypal.com';
$found = false;
foreach ($allowed_partners as $partner) {
if (trim($partner) == '') {
continue;
}
if (strpos(ocp_srv('HTTP_REFERER'), trim($partner)) !== false) {
$found = true;
break;
}
}
if (!$found) {
$_POST = array();
// To stop loops
log_hack_attack_and_exit('EVIL_POSTED_FORM_HACK', ocp_srv('HTTP_REFERER'));
}
}
}
}
// Custom fields.xml filter system
$val = filter_form_field_default($name, $val);
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:39,代码来源:input_filter.php
示例8: get_sort_order
/**
* Read in the sort order currently active, and a suffix to the select statement to allow it to work. Apply security.
*
* @return array A quarter: The sort order, The sort order (for backwards sorting), SQL suffix for select statement for images, SQL suffix for select statement for videos
*/
function get_sort_order()
{
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$NON_CANONICAL_PARAMS[] = 'select';
$NON_CANONICAL_PARAMS[] = 'video_select';
$sort = get_param('sort', 'add_date DESC');
if ($sort == 'random ASC') {
$sort = 'add_date ASC';
}
if ($sort != 'fixed_random ASC' && $sort != 'compound_rating DESC' && $sort != 'compound_rating ASC' && $sort != 'add_date DESC' && $sort != 'add_date ASC' && $sort != 'url DESC' && $sort != 'url ASC' && $sort != 'title DESC' && $sort != 'title ASC') {
log_hack_attack_and_exit('ORDERBY_HACK');
}
list($_sort, $_dir) = explode(' ', $sort, 2);
$sort_backwards = $_sort . ' ' . ($_dir == 'ASC' ? 'DESC' : 'ASC');
if ($sort == 'compound_rating ASC' || $sort == 'compound_rating DESC') {
$suffix_images = ',(SELECT AVG(rating) FROM ' . get_table_prefix() . 'rating WHERE ' . db_string_equal_to('rating_for_type', 'images') . ' AND rating_for_id=e.id) AS compound_rating';
$suffix_videos = ',(SELECT AVG(rating) FROM ' . get_table_prefix() . 'rating WHERE ' . db_string_equal_to('rating_for_type', 'videos') . ' AND rating_for_id=e.id) AS compound_rating';
} elseif ($sort == 'fixed_random ASC') {
$suffix_images = ',(MOD(id,3.142)) AS fixed_random';
$suffix_videos = ',(MOD(id,3.142)) AS fixed_random';
} else {
$suffix_images = '';
$suffix_videos = '';
}
return array($sort, $sort_backwards, $suffix_images, $suffix_videos);
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:32,代码来源:galleries.php
示例9: _survey_results
/**
* View survey results.
*
* @return tempcode The result of execution.
*/
function _survey_results()
{
$title = get_page_title('SURVEY_RESULTS');
breadcrumb_set_parents(array(array('_SELF:_SELF', do_lang_tempcode('MANAGE_QUIZZES'))));
$GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/survey_results';
$id = get_param_integer('id');
// quiz ID
$fields = new ocp_tempcode();
require_code('templates_results_table');
require_code('templates_view_space');
// Show summary
$question_rows = $GLOBALS['SITE_DB']->query_select('quiz_questions', array('*'), array('q_quiz' => $id), 'ORDER BY id');
foreach ($question_rows as $q) {
$question = get_translated_text($q['q_question_text']);
$answers = new ocp_tempcode();
$answer_rows = $GLOBALS['SITE_DB']->query_select('quiz_question_answers', array('*'), array('q_question' => $q['id']), 'ORDER BY id');
$all_answers = array();
foreach ($answer_rows as $i => $a) {
$answer = get_translated_text($a['q_answer_text']);
$count = $GLOBALS['SITE_DB']->query_value('quiz_entry_answer', 'COUNT(*)', array('q_answer' => strval($a['id'])));
$all_answers[serialize(array($answer, $i))] = $count;
}
arsort($all_answers);
foreach ($all_answers as $bits => $count) {
list($answer, $i) = unserialize($bits);
$answers->attach(paragraph(do_lang_tempcode('SURVEY_ANSWER_RESULT', escape_html($answer), integer_format($count), integer_format($i + 1))));
}
if ($answers->is_empty()) {
$answers = do_lang_tempcode('FREE_ENTRY_ANSWER');
}
$fields->attach(view_space_field($question, $answers, true));
}
$summary = do_template('VIEW_SPACE', array('_GUID' => '2b0c2ba0070ba810c5e4b5b4aedcb15f', 'WIDTH' => '300', 'FIELDS' => $fields));
// Show results table
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 50);
$sortables = array('q_time' => do_lang_tempcode('DATE'));
$test = explode(' ', get_param('sort', 'q_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$max_rows = $GLOBALS['SITE_DB']->query_value('quiz_entries', 'COUNT(*)', array('q_quiz' => $id));
$rows = $GLOBALS['SITE_DB']->query_select('quiz_entries', array('id', 'q_time', 'q_member'), array('q_quiz' => $id), 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
if (count($rows) == 0) {
return inform_screen($title, do_lang_tempcode('NO_ENTRIES'));
}
$fields = new ocp_tempcode();
$fields_title = results_field_title(array(do_lang_tempcode('DATE'), do_lang_tempcode('USERNAME')), $sortables, 'sort', $sortable . ' ' . $sort_order);
foreach ($rows as $myrow) {
$date_link = hyperlink(build_url(array('page' => '_SELF', 'type' => '__survey_results', 'id' => $myrow['id']), '_SELF'), escape_html(get_timezoned_date($myrow['q_time'])));
$member_link = $GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($myrow['q_member']);
$fields->attach(results_entry(array($date_link, $member_link), false));
}
if ($fields->is_empty()) {
warn_exit(do_lang_tempcode('NO_ENTRIES'));
}
$results = results_table(do_lang_tempcode('SURVEY_RESULTS'), $start, 'start', $max, 'max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort');
return do_template('SURVEY_RESULTS_SCREEN', array('_GUID' => '3f38ac1b94fb4de8219b8f7108c7b0a3', 'TITLE' => $title, 'SUMMARY' => $summary, 'RESULTS' => $results));
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:70,代码来源:admin_quiz.php
示例10: nice_get_choose_table
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'id ASC', true);
list($sortable, $sort_order) = array(substr($current_ordering, 0, strrpos($current_ordering, ' ')), substr($current_ordering, strrpos($current_ordering, ' ') + 1));
$sortables = array('id' => do_lang_tempcode('CODENAME'), 't_is_textual' => do_lang_tempcode('BANNER_IS_TEXTUAL'), 't_image_width' => do_lang_tempcode('WIDTH'), 't_image_height' => do_lang_tempcode('HEIGHT'), 't_max_file_size' => do_lang_tempcode('_FILE_SIZE'), 't_comcode_inline' => do_lang_tempcode('COMCODE_INLINE'));
if (db_has_subqueries($GLOBALS['SITE_DB']->connection_read)) {
$sortables['(SELECT COUNT(*) FROM ' . get_table_prefix() . 'banners WHERE b_type=r.id)'] = do_lang_tempcode('COUNT_TOTAL');
}
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$header_row = results_field_title(array(do_lang_tempcode('CODENAME'), do_lang_tempcode('BANNER_IS_TEXTUAL'), do_lang_tempcode('WIDTH'), do_lang_tempcode('HEIGHT'), do_lang_tempcode('_FILE_SIZE'), do_lang_tempcode('COMCODE_INLINE'), do_lang_tempcode('COUNT_TOTAL'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$total = integer_format($GLOBALS['SITE_DB']->query_value('banners', 'COUNT(*)', array('b_type' => $row['id'])));
$fields->attach(results_entry(array($row['id'] == '' ? do_lang('GENERAL') : $row['id'], $row['t_is_textual'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), integer_format($row['t_image_width']), integer_format($row['t_image_height']), clean_file_size($row['t_max_file_size'] * 1024), $row['t_comcode_inline'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), $total, protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . $row['id']))), true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', get_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:31,代码来源:cms_banners.php
示例11: security_interface
/**
* The UI to view security logs.
*
* @return tempcode The UI
*/
function security_interface()
{
$title = get_page_title('SECURITY_LOGGING');
// Failed logins
$start = get_param_integer('failed_start', 0);
$max = get_param_integer('failed_max', 50);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'ip' => do_lang_tempcode('IP_ADDRESS'));
$test = explode(' ', get_param('failed_sort', 'date_and_time DESC'));
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($_sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($_sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'failed_sort';
require_code('templates_results_table');
$fields_title = results_field_title(array(do_lang_tempcode('USERNAME'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('IP_ADDRESS')), $sortables, 'failed_sort', $_sortable . ' ' . $sort_order);
$member_id = post_param_integer('member_id', NULL);
$map = !is_null($member_id) ? array('failed_account' => $GLOBALS['FORUM_DRIVER']->get_username($member_id)) : NULL;
$max_rows = $GLOBALS['SITE_DB']->query_value('failedlogins', 'COUNT(*)', $map);
$rows = $GLOBALS['SITE_DB']->query_select('failedlogins', array('*'), $map, 'ORDER BY ' . $_sortable . ' ' . $sort_order, $max, $start);
$fields = new ocp_tempcode();
foreach ($rows as $row) {
$time = get_timezoned_date($row['date_and_time']);
$lookup_url = build_url(array('page' => 'admin_lookup', 'param' => $row['ip']), '_SELF');
$fields->attach(results_entry(array(escape_html($row['failed_account']), escape_html($time), hyperlink($lookup_url, escape_html($row['ip'])))));
}
$failed_logins = results_table(do_lang_tempcode('FAILED_LOGINS'), $start, 'failed_start', $max, 'failed_max', $max_rows, $fields_title, $fields, $sortables, $_sortable, $sort_order, 'failed_sort', new ocp_tempcode());
$member_id = post_param_integer('member_id', NULL);
$map = !is_null($member_id) ? array('the_user' => $member_id) : NULL;
$alerts = find_security_alerts($map);
$post_url = build_url(array('page' => '_SELF', 'type' => 'clean', 'start' => $start, 'max' => $max), '_SELF');
return do_template('SECURITY_SCREEN', array('_GUID' => 'e0b5e6557686b2320a8ce8166df07328', 'TITLE' => $title, 'FAILED_LOGINS' => $failed_logins, 'ALERTS' => $alerts, 'URL' => $post_url));
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:41,代码来源:admin_security.php
示例12: run
/**
* Standard modular run function.
*
* @return tempcode The result of execution.
*/
function run()
{
$GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/errorlog';
$GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_disaster';
require_lang('errorlog');
$title = get_page_title('ERROR_LOG');
require_code('templates_internalise_screen');
$test_tpl = internalise_own_screen($title);
if (is_object($test_tpl)) {
return $test_tpl;
}
// Read in errors
if (is_readable(get_custom_file_base() . '/data_custom/errorlog.php')) {
if (filesize(get_custom_file_base() . '/data_custom/errorlog.php') > 1024 * 1024) {
$myfile = fopen(get_custom_file_base() . '/data_custom/errorlog.php', 'rt');
fseek($myfile, -1024 * 500, SEEK_END);
$lines = explode(chr(10), fread($myfile, 1024 * 500));
fclose($myfile);
unset($lines[0]);
$lines[] = '...';
} else {
$lines = file(get_custom_file_base() . '/data_custom/errorlog.php');
}
} else {
$lines = array();
}
$stuff = array();
foreach ($lines as $line) {
$_line = trim($line);
if ($_line != '' && strpos($_line, '<?php') === false) {
$matches = array();
if (preg_match('#\\[(.+?) (.+?)\\] (.+?): ?(.*)#', $_line, $matches) != 0) {
$stuff[] = $matches;
}
}
}
// Put errors into table
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 50);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'));
$test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
if ($sort_order == 'DESC') {
$stuff = array_reverse($stuff);
}
require_code('templates_results_table');
$fields_title = results_field_title(array(do_lang_tempcode('DATE_TIME'), do_lang_tempcode('TYPE'), do_lang_tempcode('MESSAGE')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
for ($i = $start; $i < $start + $max; $i++) {
if (!array_key_exists($i, $stuff)) {
break;
}
$message = str_replace(get_file_base(), '', $stuff[$i][4]);
$fields->attach(results_entry(array(escape_html($stuff[$i][1] . ' ' . $stuff[$i][2]), escape_html($stuff[$i][3]), escape_html($message))));
}
$error = results_table(do_lang_tempcode('ERROR_LOG'), $start, 'start', $max, 'max', $i, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort', new ocp_tempcode());
// Read in end of permissions file
require_all_lang();
if (is_readable(get_custom_file_base() . '/data_custom/permissioncheckslog.php')) {
$myfile = @fopen(get_custom_file_base() . '/data_custom/permissioncheckslog.php', 'rt');
if ($myfile !== false) {
fseek($myfile, -40000, SEEK_END);
$data = '';
while (!feof($myfile)) {
$data .= fread($myfile, 8192);
}
fclose($myfile);
$lines = explode(chr(10), $data);
if (count($lines) != 0) {
if (strpos($lines[0], '<' . '?php') !== false) {
array_shift($lines);
} else {
if (strlen($data) == 40000) {
$lines[0] = '...';
}
}
}
foreach ($lines as $i => $line) {
$matches = array();
if (preg_match('#^\\s+has\\_specific\\_permission: (\\w+)#', $line, $matches) != 0) {
$looked_up = do_lang('PT_' . $matches[1], NULL, NULL, NULL, NULL, false);
if (!is_null($looked_up)) {
$line = str_replace($matches[1], $looked_up, $line);
$lines[$i] = $line;
}
}
}
//.........这里部分代码省略.........
开发者ID:erico-deh,项目名称:ocPortal,代码行数:101,代码来源:admin_errorlog.php
示例13: nice_get_choose_table
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'the_message ASC');
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('the_message' => do_lang_tempcode('MESSAGE'), 'days' => do_lang_tempcode('NUMBER_DAYS'), 'order_time' => do_lang_tempcode('ORDER_DATE'), 'user_id' => do_lang_tempcode('OWNER'));
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$header_row = results_field_title(array(do_lang_tempcode('MESSAGE'), do_lang_tempcode('NUMBER_DAYS'), do_lang_tempcode('ORDER_DATE'), do_lang_tempcode('_UP_FOR'), do_lang_tempcode('OWNER'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$username = protect_from_escaping($GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($row['user_id']));
$activation_time = $row['activation_time'];
$days = is_null($activation_time) ? '' : float_format(round((time() - $activation_time) / 60 / 60 / 24, 3));
$fields->attach(results_entry(array(protect_from_escaping(get_translated_tempcode($row['the_message'])), integer_format($row['days']), get_timezoned_date($row['order_time']), $row['active_now'] == 1 ? $days : do_lang_tempcode('NA_EM'), $username, protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])))), true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:33,代码来源:admin_flagrant.php
示例14: choose_action
/**
* The UI to show a results table of moderation actions for a moderator.
*
* @return tempcode The UI
*/
function choose_action()
{
breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('VIEW_ACTION_LOGS'))));
breadcrumb_set_self(do_lang_tempcode('RESULTS'));
$title = get_page_title('VIEW_ACTION_LOGS');
require_code('templates_internalise_screen');
$test_tpl = internalise_own_screen($title);
if (is_object($test_tpl)) {
return $test_tpl;
}
$id = get_param_integer('id', -1);
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 50);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'the_type' => do_lang_tempcode('ACTION'));
$test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
require_code('templates_results_table');
$field_titles = array(do_lang_tempcode('USERNAME'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('ACTION'), do_lang_tempcode('PARAMETER_A'), do_lang_tempcode('PARAMETER_B'));
if (addon_installed('securitylogging')) {
$field_titles[] = do_lang_tempcode('_BANNED');
}
$fields_title = results_field_title($field_titles, $sortables, 'sort', $sortable . ' ' . $sort_order);
$filter_to_type = get_param('to_type', '');
$filter_param_a = get_param('param_a', '');
$filter_param_b = get_param('param_b', '');
$max_rows = 0;
// Pull up our rows: forum
if (get_forum_type() == 'ocf') {
// Possible filter (called up by URL)
$where = '1=1';
if ($filter_to_type != '') {
$where .= ' AND ' . db_string_equal_to('l_the_type', $filter_to_type);
}
if ($filter_param_a != '') {
$where .= ' AND l_param_a LIKE \'' . db_encode_like('%' . $filter_param_a . '%') . '\'';
}
if ($filter_param_b != '') {
$where .= ' AND l_param_b LIKE \'' . db_encode_like('%' . $filter_param_b . '%') . '\'';
}
if ($id != -1) {
$where .= ' AND l_by=' . strval($id);
}
// Fetch
$rows1 = $GLOBALS['FORUM_DB']->query('SELECT l_reason,id,l_by AS the_user,l_date_and_time AS date_and_time,l_the_type AS the_type,l_param_a AS param_a,l_param_b AS param_b FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_moderator_logs WHERE ' . $where . ' ORDER BY ' . $sortable . ' ' . $sort_order, $max + $start);
$max_rows += $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_moderator_logs WHERE ' . $where);
} else {
$rows1 = array();
}
// Possible filter (called up by URL)
$where = '1=1';
if ($filter_to_type != '') {
$where .= ' AND ' . db_string_equal_to('the_type', $filter_to_type);
}
if ($filter_param_a != '') {
$where .= ' AND param_a LIKE \'' . db_encode_like('%' . $filter_param_a . '%') . '\'';
}
if ($filter_param_b != '') {
$where .= ' AND param_b LIKE \'' . db_encode_like('%' . $filter_param_b . '%') . '\'';
}
if ($id != -1) {
$where .= ' AND the_user=' . strval($id);
}
// Fetch
$rows2 = $GLOBALS['SITE_DB']->query('SELECT id,the_user,date_and_time,the_type,param_a,param_b,ip FROM ' . get_table_prefix() . 'adminlogs WHERE ' . $where . ' ORDER BY ' . $sortable . ' ' . $sort_order, $max + $start);
$max_rows += $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'adminlogs WHERE ' . $where);
$rows = array_merge($rows1, $rows2);
require_code('actionlog');
$fields = new ocp_tempcode();
$pos = 0;
while (count($rows) != 0 && $pos - $start < $max) {
$best = 0;
// Initialise type to integer
$_best = 0;
// Initialise type to integer
$best = NULL;
$_best = NULL;
foreach ($rows as $x => $row) {
if (is_null($best) || $row['date_and_time'] < $_best && $sortable == 'date_and_time' && $sort_order == 'ASC' || $row['date_and_time'] > $_best && $sortable == 'date_and_time' && $sort_order == 'DESC' || intval($row['the_type']) < $_best && $sortable == 'the_type' && $sort_order == 'ASC' || intval($row['the_type']) > $_best && $sortable == 'the_type' && $sort_order == 'DESC') {
$best = $x;
if ($sortable == 'date_and_time') {
$_best = $row['date_and_time'];
}
if ($sortable == 'the_type') {
$_best = $row['the_type'];
}
}
}
//.........这里部分代码省略.........
开发者ID:erico-deh,项目名称:ocPortal,代码行数:101,代码来源:admin_actionlog.php
示例15: check_id
/**
* Checks the ticket ID is valid, and there is access for the current member to view it. Bombs out if there's a problem.
*
* @param string The ticket ID to check
*/
function check_id($id)
{
// Check we are allowed
$_temp = explode('_', $id);
if (array_key_exists(2, $_temp)) {
log_hack_attack_and_exit('TICKET_SYSTEM_WEIRD');
}
if (!has_specific_permission(get_member(), 'view_others_tickets') && intval($_temp[0]) != get_member()) {
if (is_guest()) {
access_denied('NOT_AS_GUEST');
}
if (is_guest(intval($_temp[0]))) {
access_denied(do_lang('TICKET_OTHERS_HACK'));
}
log_hack_attack_and_exit('TICKET_OTHERS_HACK');
}
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:22, |
客服电话
APP下载
官方微信
请发表评论