Nemcio/Kleeja
1
0
Fork 0
mirror of https://github.com/kleeja-official/kleeja.git synced 2025-12-15 20:49:41 +01:00
Code Issues Packages Projects Releases Activity

Miscellaneous changes

Browse Source 
* PHP code style fixes
* Updated database schema for upgrade
This commit is contained in:
H.Rouatbi
2024-10-07 17:15:05 +01:00
parent 552423c700
commit 3cdfa9ce5a
47 changed files with 5007 additions and 4639 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -31,5 +31,5 @@ Project_Default.xml
.project .project
.vscode/launch.json .vscode/launch.json
.htaccess .htaccess
.php_cs.cache .php-cs-fixer.cache
kleeja.db kleeja.db

6
.php_cs → .php-cs-fixer.php
View File

@@ -5,13 +5,13 @@ $finder = PhpCsFixer\Finder::create()
->in(__DIR__) ->in(__DIR__)
; ;
return PhpCsFixer\Config::create() return (new PhpCsFixer\Config())
->setRules([ ->setRules([
'binary_operator_spaces' => ['default' => 'align'], 'binary_operator_spaces' => ['default' => 'align'],
'phpdoc_align' => true, 'phpdoc_align' => true,
'array_indentation' => true, 'array_indentation' => true,
'blank_line_before_statement' => ['statements' => [ 'blank_line_before_statement' => ['statements' => [
'break', 'case', 'continue', 'default', 'die', 'for', 'foreach', 'if'] 'break', 'case', 'continue', 'default', 'exit', 'for', 'foreach', 'if']
], ],
'braces' => ['position_after_control_structures' => 'next'], 'braces' => ['position_after_control_structures' => 'next'],
'cast_spaces' => true, 'cast_spaces' => true,
@@ -22,7 +22,7 @@ return PhpCsFixer\Config::create()
'include' => true, 'include' => true,
'indentation_type' => true, 'indentation_type' => true,
'array_syntax' => ['syntax' => 'short'], 'array_syntax' => ['syntax' => 'short'],
'lowercase_constants' => true, 'constant_case' => ['case' => 'lower'],
'method_chaining_indentation' => true, 'method_chaining_indentation' => true,
'method_argument_space' => true, 'method_argument_space' => true,
'no_closing_tag' => true, 'no_closing_tag' => true,

18
CHANGELOG.md
View File

@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
## 3.1.7
* add the ability to toggle multipart download for groups
* introduce custom admin path option
* compatibility with PHP 8.X
* add group max storage limit feature
* add the ability to delete files by extension
* change the default style to Bootstrap
* fix pagination issue with incorrect link generation
* introduce ajax upload (show upload progress bar and upload speed)
* fix the issue where correct username, password, and security code still shows "The security code is incorrect!"
* various bug fixes and improvements
## 3.1.6
* compatibility with `m3u` files
* change dashboard box colors
* fix rtl issue in bootstrap template
* kleeja new domain is `kleeja.net`
## 3.1.5 ## 3.1.5
* fix hiding error msgs when updating kleeja * fix hiding error msgs when updating kleeja
* hide update all buttun , when empty update's list * hide update all buttun , when empty update's list

12
do.php
View File

@@ -505,9 +505,13 @@ elseif (ig('down') || ig('downf') ||
//send file headers //send file headers
header('Pragma: public'); header('Pragma: public');
if ($resuming_on) {
if ($resuming_on)
{
header('Accept-Ranges: bytes'); header('Accept-Ranges: bytes');
} else { }
else
{
header('Accept-Ranges: none'); header('Accept-Ranges: none');
} }
header('Content-Description: File Transfer'); header('Content-Description: File Transfer');
@@ -540,10 +544,12 @@ elseif (ig('down') || ig('downf') ||
$range = round(floatval($range), 0); $range = round(floatval($range), 0);
$range_end = ! $range_end ? $size - 1 : round(floatval($range_end), 0); $range_end = ! $range_end ? $size - 1 : round(floatval($range_end), 0);
if ($range < 0 || $range >= $size || $range > $range_end || $range_end >= $size ) { if ($range < 0 || $range >= $size || $range > $range_end || $range_end >= $size)
{
header('HTTP/1.1 416 Requested Range Not Satisfiable'); header('HTTP/1.1 416 Requested Range Not Satisfiable');
header("Content-Range: bytes */$size"); header("Content-Range: bytes */$size");
fclose($fp); fclose($fp);
exit; exit;
} }

11
go.php
View File

@@ -53,9 +53,11 @@ switch ($current_go_case)
'ext' => $ext, 'ext' => $ext,
'size' => readable_size($size), 'size' => readable_size($size),
'group' => $gid, 'group' => $gid,
'group_name' => str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], 'group_name' => str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$gid]['data']['group_name']), $d_groups[$gid]['data']['group_name']
),
'most_firstrow' => $same_group == 0 ? true : false, 'most_firstrow' => $same_group == 0 ? true : false,
'firstrow' => $same_group ==0 or $same_group != $gid ? true : false, 'firstrow' => $same_group ==0 or $same_group != $gid ? true : false,
'rando' => $rando, 'rando' => $rando,
@@ -376,6 +378,7 @@ switch ($current_go_case)
while ($row=$SQL->fetch_array($result)) while ($row=$SQL->fetch_array($result))
{ {
@kleeja_unlink($row['folder'] . '/' . $row['name']); @kleeja_unlink($row['folder'] . '/' . $row['name']);
//delete thumb //delete thumb
if (file_exists($row['folder'] . '/thumbs/' . $row['name'])) if (file_exists($row['folder'] . '/thumbs/' . $row['name']))
{ {
@@ -426,7 +429,9 @@ switch ($current_go_case)
} }
$SQL->freeresult($result); $SQL->freeresult($result);
} else { }
else
{
kleeja_info($lang['NOT_FOUND']); kleeja_info($lang['NOT_FOUND']);
} }
} }

1
includes/KleejaUploader.php
View File

@@ -18,7 +18,6 @@ if (! defined('IN_COMMON'))
interface KleejaUploader interface KleejaUploader
{ {
/** /**
* set the allowed extensions of uploaded files * set the allowed extensions of uploaded files
* @param array $allowed_file_extensions an array of allowed extensions, and sizes ['gif'=>122, 'png'=>2421 ..] * @param array $allowed_file_extensions an array of allowed extensions, and sizes ['gif'=>122, 'png'=>2421 ..]

4
includes/adm/a_configs.php
View File

@@ -277,7 +277,8 @@ foreach ($types as $typekey => $type)
$options .= str_replace( $options .= str_replace(
['<input ', '<select ', '<td>', '</td>', '<label>', '<tr>', '</tr>'], ['<input ', '<select ', '<td>', '</td>', '<label>', '<tr>', '</tr>'],
['<input class="form-control" ', '<select class="form-control" ', '<div class="form-group">', '</div>', '<label class="form-check-label">', '', ''], ['<input class="form-control" ', '<select class="form-control" ', '<div class="form-group">', '</div>', '<label class="form-check-label">', '', ''],
$option['option']); $option['option']
);
} }
} }
} }
@@ -285,7 +286,6 @@ foreach ($types as $typekey => $type)
//after submit //after submit
if (ip('submit')) if (ip('submit'))
{ {
//some configs need refresh page .. //some configs need refresh page ..
$need_refresh_configs = ['language']; $need_refresh_configs = ['language'];

12
includes/adm/c_files.php
View File

@@ -77,6 +77,7 @@ if (ip('submit'))
{ {
//delete from folder .. //delete from folder ..
@kleeja_unlink(PATH . $row['folder'] . '/' . $row['name']); @kleeja_unlink(PATH . $row['folder'] . '/' . $row['name']);
//delete thumb //delete thumb
if (file_exists(PATH . $row['folder'] . '/thumbs/' . $row['name'])) if (file_exists(PATH . $row['folder'] . '/thumbs/' . $row['name']))
{ {
@@ -98,8 +99,9 @@ if (ip('submit'))
$sizes += $row['size']; $sizes += $row['size'];
//Subtract size from storage of the user //Subtract size from storage of the user
if ($row['user'] != -1) { if ($row['user'] != -1)
$SQL->query("UPDATE {$dbprefix}users SET storage_size=storage_size-".$row['size']." WHERE id=".$row['user']); {
$SQL->query("UPDATE {$dbprefix}users SET storage_size=storage_size-" . $row['size'] . ' WHERE id=' . $row['user']);
} }
} }
} }
@@ -141,7 +143,6 @@ if (ip('submit'))
} }
elseif ($current_smt == '') elseif ($current_smt == '')
{ {
// //
//Delete all user files [only one user] //Delete all user files [only one user]
// //
@@ -470,8 +471,9 @@ elseif ($current_smt == 'delete_by_extension')
$deleted_files[] = $file['id']; $deleted_files[] = $file['id'];
//Subtract size from storage of the user //Subtract size from storage of the user
if ($file['user'] != -1) { if ($file['user'] != -1)
$SQL->query("UPDATE {$dbprefix}users SET storage_size=storage_size-".$file['size']." WHERE id=".$file['user']); {
$SQL->query("UPDATE {$dbprefix}users SET storage_size=storage_size-" . $file['size'] . ' WHERE id=' . $file['user']);
} }
} }

6
includes/adm/d_img_ctrl.php
View File

@@ -63,6 +63,7 @@ if (ip('submit'))
{ {
//delete from folder .. //delete from folder ..
@kleeja_unlink(PATH . $row['folder'] . '/' . $row['name']); @kleeja_unlink(PATH . $row['folder'] . '/' . $row['name']);
//delete thumb //delete thumb
if (file_exists(PATH . $row['folder'] . '/thumbs/' . $row['name'])) if (file_exists(PATH . $row['folder'] . '/thumbs/' . $row['name']))
{ {
@@ -73,8 +74,9 @@ if (ip('submit'))
$sizes += $row['size']; $sizes += $row['size'];
//Subtract size from storage of the user //Subtract size from storage of the user
if ($row['user'] != -1) { if ($row['user'] != -1)
$SQL->query("UPDATE {$dbprefix}users SET storage_size=storage_size-".$row['size']." WHERE id=".$row['user']); {
$SQL->query("UPDATE {$dbprefix}users SET storage_size=storage_size-" . $row['size'] . ' WHERE id=' . $row['user']);
} }
} }

75
includes/adm/g_users.php
View File

@@ -136,6 +136,7 @@ if (ig('deleteuserfile'))
{ {
//delete from folder .. //delete from folder ..
kleeja_unlink(PATH . $row['folder'] . '/' . $row['name']); kleeja_unlink(PATH . $row['folder'] . '/' . $row['name']);
//delete thumb //delete thumb
if (file_exists(PATH . $row['folder'] . '/thumbs/' . $row['name'])) if (file_exists(PATH . $row['folder'] . '/thumbs/' . $row['name']))
{ {
@@ -178,6 +179,7 @@ if (ig('deleteuserfile'))
kleeja_admin_info($lang['ADMIN_DELETE_FILE_OK'], true, '', true, $action_all, 3); kleeja_admin_info($lang['ADMIN_DELETE_FILE_OK'], true, '', true, $action_all, 3);
} }
} }
// //
//Delete a user //Delete a user
// //
@@ -589,12 +591,16 @@ if (ip('delgroup'))
$SQL->build($update_query); $SQL->build($update_query);
//get those groups name //get those groups name
$group_name_from = str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], $group_name_from = str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$from_group]['data']['group_name']); $d_groups[$from_group]['data']['group_name']
$group_name_to =str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], );
$group_name_to =str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$to_group]['data']['group_name']); $d_groups[$to_group]['data']['group_name']
);
//delete cache .. //delete cache ..
delete_cache('data_groups'); delete_cache('data_groups');
@@ -643,9 +649,11 @@ case 'general':
{ {
$r = [ $r = [
'id' => $row['group_id'], 'id' => $row['group_id'],
'name' => str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], 'name' => str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$row['group_name']), $row['group_name']
),
'style' => ! empty($groups_background_color[$row['group_id']]) 'style' => ! empty($groups_background_color[$row['group_id']])
? $groups_background_color[$row['group_id']] ? $groups_background_color[$row['group_id']]
: ['background' => 'secondary', 'icon' => ''], : ['background' => 'secondary', 'icon' => ''],
@@ -681,9 +689,11 @@ case 'group_acl':
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=g_users'); kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
} }
$group_name = str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], $group_name = str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$req_group]['data']['group_name']); $d_groups[$req_group]['data']['group_name']
);
$query = [ $query = [
'SELECT' => 'acl_name, acl_can', 'SELECT' => 'acl_name, acl_can',
@@ -807,14 +817,21 @@ case 'group_data':
//msg, done //msg, done
kleeja_admin_info($lang['CONFIGS_UPDATED'] . ', ' . $lang['LANGUAGE'] . ':' . $got_lang . ' - ' . $lang['FOR'] . ':' . $group_name, kleeja_admin_info(
true, '', true, basename(ADMIN_PATH) . '?cp=start'); $lang['CONFIGS_UPDATED'] . ', ' . $lang['LANGUAGE'] . ':' . $got_lang . ' - ' . $lang['FOR'] . ':' . $group_name,
true,
'',
true,
basename(ADMIN_PATH) . '?cp=start'
);
} }
$group_name = str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], $group_name = str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$req_group]['data']['group_name']); $d_groups[$req_group]['data']['group_name']
);
$gdata = $d_groups[$req_group]['data']; $gdata = $d_groups[$req_group]['data'];
$query = [ $query = [
@@ -869,6 +886,7 @@ case 'group_data':
} }
$guest_disallowed_configs = ['enable_userfile', 'max_storage']; $guest_disallowed_configs = ['enable_userfile', 'max_storage'];
if ($req_group == 2 && in_array($row['name'], $guest_disallowed_configs)) if ($req_group == 2 && in_array($row['name'], $guest_disallowed_configs))
{ {
continue; continue;
@@ -882,7 +900,8 @@ case 'group_data':
'<div class="form-group">' . "\n" . '<div class="form-group">' . "\n" .
'<label for="' . $row['name'] . '">' . (! empty($lang[strtoupper($row['name'])]) ? $lang[strtoupper($row['name'])] : $olang[strtoupper($row['name'])]) . '</label>' . "\n" . '<label for="' . $row['name'] . '">' . (! empty($lang[strtoupper($row['name'])]) ? $lang[strtoupper($row['name'])] : $olang[strtoupper($row['name'])]) . '</label>' . "\n" .
'<div class="box">' . (empty($row['option']) ? '' : $tpl->admindisplayoption(preg_replace(['!{con.[a-z0-9_]+}!', '!NAME="con.!'], ['{cdata.' . $row['name'] . '}', 'NAME="cdata.'], $row['option']))) . '</div>' . "\n" . '<div class="box">' . (empty($row['option']) ? '' : $tpl->admindisplayoption(preg_replace(['!{con.[a-z0-9_]+}!', '!NAME="con.!'], ['{cdata.' . $row['name'] . '}', 'NAME="cdata.'], $row['option']))) . '</div>' . "\n" .
'</div>' . "\n" . '<div class="clearfix"></div>') '</div>' . "\n" . '<div class="clearfix"></div>'
)
]; ];
} }
@@ -930,9 +949,11 @@ case 'group_exts':
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php')); kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
} }
$group_name =str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], $group_name =str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$req_group]['data']['group_name']); $d_groups[$req_group]['data']['group_name']
);
@@ -1096,9 +1117,11 @@ case 'show_group':
{ {
$is_search = true; $is_search = true;
$req_group = ig('qg') ? g('qg', 'int') : 0; $req_group = ig('qg') ? g('qg', 'int') : 0;
$group_name =str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], $group_name =str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$req_group]['data']['group_name']); $d_groups[$req_group]['data']['group_name']
);
$query['WHERE'] = "name != '' AND group_id = " . $req_group; $query['WHERE'] = "name != '' AND group_id = " . $req_group;
} }
@@ -1144,9 +1167,11 @@ case 'users':
'editusr_link' => basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . '&amp;smt=edit_user&amp;uid=' . $row['id'] . (ig('page') ? '&amp;page=' . g('page', 'int') : ''), 'editusr_link' => basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . '&amp;smt=edit_user&amp;uid=' . $row['id'] . (ig('page') ? '&amp;page=' . g('page', 'int') : ''),
'founder' => (int) $row['founder'], 'founder' => (int) $row['founder'],
'last_visit' => empty($row['last_visit']) ? $lang['NOT_YET'] : kleeja_date($row['last_visit']), 'last_visit' => empty($row['last_visit']) ? $lang['NOT_YET'] : kleeja_date($row['last_visit']),
'group' => str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], 'group' => str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$row['group_id']]['data']['group_name']) $d_groups[$row['group_id']]['data']['group_name']
)
]; ];
} }
@@ -1225,9 +1250,11 @@ case 'edit_user':
{ {
$u_groups[] = [ $u_groups[] = [
'id' => $id, 'id' => $id,
'name' => str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], 'name' => str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$id]['data']['group_name']), $d_groups[$id]['data']['group_name']
),
'default' => $config['default_group'] == $id ? true : false, 'default' => $config['default_group'] == $id ? true : false,
'selected' => $id == $u_group 'selected' => $id == $u_group
]; ];
@@ -1257,9 +1284,11 @@ case 'new_u':
{ {
$u_groups[] = [ $u_groups[] = [
'id' => $id, 'id' => $id,
'name' => str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], 'name' => str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$id]['data']['group_name']), $d_groups[$id]['data']['group_name']
),
'default' => $config['default_group'] == $id ? true : false, 'default' => $config['default_group'] == $id ? true : false,
'selected' => ip('lgroup') ? p('lgroup') == $id : $id == $config['default_group'] 'selected' => ip('lgroup') ? p('lgroup') == $id : $id == $config['default_group']
]; ];

4
includes/adm/h_search.php
View File

@@ -53,7 +53,7 @@ if (ip('search_file'))
//delete all searches greater than 3 days //delete all searches greater than 3 days
$query_del = [ $query_del = [
'DELETE' => "{$dbprefix}filters", 'DELETE' => "{$dbprefix}filters",
'WHERE' => "filter_type='file_search' AND filter_user=" . $userinfo['id'] . " AND filter_time > " . (time() - 3600 * 24 * 3) 'WHERE' => "filter_type='file_search' AND filter_user=" . $userinfo['id'] . ' AND filter_time > ' . (time() - 3600 * 24 * 3)
]; ];
$SQL->build($query_del); $SQL->build($query_del);
@@ -96,7 +96,7 @@ if (ip('search_user'))
//delete all searches greater than 3 days //delete all searches greater than 3 days
$query_del = [ $query_del = [
'DELETE' => "{$dbprefix}filters", 'DELETE' => "{$dbprefix}filters",
'WHERE' => "filter_type='user_search' AND filter_user=" . $userinfo['id'] . " AND filter_time > " . (time() - 3600 * 24 * 3) 'WHERE' => "filter_type='user_search' AND filter_user=" . $userinfo['id'] . ' AND filter_time > ' . (time() - 3600 * 24 * 3)
]; ];
$SQL->build($query_del); $SQL->build($query_del);

4
includes/adm/j_plugins.php
View File

@@ -233,6 +233,7 @@ switch ($case):
$store_plugins_count = sizeof($store_plugins); $store_plugins_count = sizeof($store_plugins);
break; break;
// //
//upload a plugin //upload a plugin
// //
@@ -291,6 +292,7 @@ switch ($case):
} }
break; break;
// //
//install a plugin //install a plugin
// //
@@ -435,6 +437,7 @@ switch ($case):
} }
break; break;
// //
//uninstall a plugin //uninstall a plugin
// //
@@ -516,6 +519,7 @@ switch ($case):
} }
break; break;
// //
// disable a plugin // disable a plugin
// //

6
includes/adm/start.php
View File

@@ -266,9 +266,11 @@ $hurry_groups_list .= '<option value="' . $config['default_group'] . '">' . $lan
foreach ($d_groups as $id=>$ddt) foreach ($d_groups as $id=>$ddt)
{ {
$hurry_groups_list .= '<option value="' . $id . '">' . $hurry_groups_list .= '<option value="' . $id . '">' .
str_replace(['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'], str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']], [$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$id]['data']['group_name']) . $d_groups[$id]['data']['group_name']
) .
'</option>'; '</option>';
} }

7
includes/cache.php
View File

@@ -62,14 +62,17 @@ class cache
$data_for_save .= 'if(time() > ' . (time() + $time) . ') return false;' . "\n\n"; $data_for_save .= 'if(time() > ' . (time() + $time) . ') return false;' . "\n\n";
$data_for_save .= '$data = ' . var_export($data, true) . ";\n\n//end of cache"; $data_for_save .= '$data = ' . var_export($data, true) . ";\n\n//end of cache";
try { try
{
$fd = fopen(PATH . 'cache/' . $name . '.php', 'w'); $fd = fopen(PATH . 'cache/' . $name . '.php', 'w');
flock($fd, LOCK_EX); // exclusive look flock($fd, LOCK_EX); // exclusive look
fwrite($fd, $data_for_save); fwrite($fd, $data_for_save);
flock($fd, LOCK_UN); flock($fd, LOCK_UN);
fclose($fd); fclose($fd);
return true; return true;
} catch (Exception $e) { }
catch (Exception $e)
{
return false; return false;
} }
} }

14
includes/captcha.php
View File

@@ -82,17 +82,19 @@ function kleeja_cpatcha_image()
//Throw in some lines to make it a little bit harder for any bots to break //Throw in some lines to make it a little bit harder for any bots to break
imagerectangle($image, 0, 0, $width-1, $height-1, $grey); imagerectangle($image, 0, 0, $width-1, $height-1, $grey);
for( $i=0; $i<$lines; $i++ ) {
for ($i=0; $i<$lines; $i++)
{
imageline($image, rand(0, $width), rand(0, $height), rand(0, $width), rand(0, $height), $grey); imageline($image, rand(0, $width), rand(0, $height), rand(0, $width), rand(0, $height), $grey);
} }
//Tell the browser what kind of file is come in and prevent client side caching //Tell the browser what kind of file is come in and prevent client side caching
header("Expires: Wed, 1 Jan 1997 00:00:00 GMT"); header('Expires: Wed, 1 Jan 1997 00:00:00 GMT');
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header("Cache-Control: no-store, no-cache, must-revalidate"); header('Cache-Control: no-store, no-cache, must-revalidate');
header("Cache-Control: post-check=0, pre-check=0", FALSE); header('Cache-Control: post-check=0, pre-check=0', false);
header("Pragma: no-cache"); header('Pragma: no-cache');
header('Content-Type: image/png'); header('Content-Type: image/png');
//Output the newly created image in jpeg format //Output the newly created image in jpeg format

30
includes/common.php
View File

@@ -150,19 +150,21 @@ if ((empty($dbname) || empty($dbuser)) && ($dbtype !== 'sqlite'))
{ {
$install_file_url = (defined('IN_ADMIN') ? '.' : '') . './install/index.php'; $install_file_url = (defined('IN_ADMIN') ? '.' : '') . './install/index.php';
if (file_exists(PATH . '/install/index.php')) { if (file_exists(PATH . '/install/index.php'))
{
header("Location: {$install_file_url}"); header("Location: {$install_file_url}");
exit; exit;
} }
kleeja_show_error( kleeja_show_error(
'', '',
"There is no (install) folder, and the config file is not correct", 'There is no (install) folder, and the config file is not correct',
'includes/common.php', 'includes/common.php',
__LINE__ __LINE__
); );
exit;
exit;
} }
// solutions for hosts running under suexec, add define('HAS_SUEXEC', true) to config.php. // solutions for hosts running under suexec, add define('HAS_SUEXEC', true) to config.php.
@@ -196,18 +198,28 @@ if (defined('IN_ADMIN'))
$currentDirectoryPathParts = explode('/', $currentDirectoryPath); $currentDirectoryPathParts = explode('/', $currentDirectoryPath);
$currentDir = array_pop($currentDirectoryPathParts); $currentDir = array_pop($currentDirectoryPathParts);
$adminDirErrorMsg = ''; $adminDirErrorMsg = '';
if ($customadminpath == 'admin' && $currentDir != $customadminpath) {
if ($customadminpath == 'admin' && $currentDir != $customadminpath)
{
$adminDirErrorMsg = 'You are trying to access the admin area through a directory that is not configured. Please either revert to the default admin directory name, or see our documentation for customizing the admin directory.'; $adminDirErrorMsg = 'You are trying to access the admin area through a directory that is not configured. Please either revert to the default admin directory name, or see our documentation for customizing the admin directory.';
} else { }
if ($currentDir != $customadminpath) { else
{
if ($currentDir != $customadminpath)
{
$adminDirErrorMsg = 'You are trying to access the admin area through a directory different from the one configured. Please refer to the Customize Administrator\'s Guide documentation for instructions on how to update it.'; $adminDirErrorMsg = 'You are trying to access the admin area through a directory different from the one configured. Please refer to the Customize Administrator\'s Guide documentation for instructions on how to update it.';
} else { }
if ($customadminpath != 'admin' && is_dir(PATH . 'admin')) { else
{
if ($customadminpath != 'admin' && is_dir(PATH . 'admin'))
{
$adminDirErrorMsg = 'You are trying to access the admin area through a custom directory, but we also detected that there is a default directory \'admin\'. This may indicate that files from a recent update were uploaded to the default admin path location instead of the custom location, resulting in these files becoming outdated. Please make sure your custom admin folder contains the latest files, and delete the default admin directory to continue.'; $adminDirErrorMsg = 'You are trying to access the admin area through a custom directory, but we also detected that there is a default directory \'admin\'. This may indicate that files from a recent update were uploaded to the default admin path location instead of the custom location, resulting in these files becoming outdated. Please make sure your custom admin folder contains the latest files, and delete the default admin directory to continue.';
} }
} }
} }
if ($adminDirErrorMsg) {
if ($adminDirErrorMsg)
{
kleeja_show_error('', 'Critical Error', $adminDirErrorMsg); kleeja_show_error('', 'Critical Error', $adminDirErrorMsg);
} }
include PATH . 'includes/functions_adm.php'; include PATH . 'includes/functions_adm.php';

7
includes/functions.php
View File

@@ -268,7 +268,6 @@ function send_mail($to, $body, $subject, $fromAddress, $fromName, $bcc = '')
*/ */
function delete_cache($name, $all=false) function delete_cache($name, $all=false)
{ {
//Those files are exceptions and not for deletion //Those files are exceptions and not for deletion
$exceptions = ['.htaccess', 'index.html', 'php.ini', 'web.config']; $exceptions = ['.htaccess', 'index.html', 'php.ini', 'web.config'];
@@ -487,7 +486,7 @@ function get_config($name)
$result = $SQL->build($query); $result = $SQL->build($query);
$v = $SQL->fetch($result); $v = $SQL->fetch($result);
$return = isset($v['value']) ? $v['value'] : NULL; $return = isset($v['value']) ? $v['value'] : null;
is_array($plugin_run_result = Plugins::getInstance()->run('get_config_func', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook is_array($plugin_run_result = Plugins::getInstance()->run('get_config_func', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
return $return; return $return;
@@ -759,7 +758,8 @@ function delete_olang($words = '', $lang = 'en', $plg_id = 0)
{ {
if (is_array($lang)) if (is_array($lang))
{ {
foreach ($lang as $index=>$current_lang) { foreach ($lang as $index=>$current_lang)
{
$lang[$index] = $SQL->escape($lang[$index]); $lang[$index] = $SQL->escape($lang[$index]);
} }
$lang_sql = "(lang_id = '" . implode("' OR lang_id = '", $lang) . "')"; $lang_sql = "(lang_id = '" . implode("' OR lang_id = '", $lang) . "')";
@@ -900,6 +900,7 @@ function klj_clean_old_files($from = 0)
{ {
@kleeja_unlink($row['folder'] . '/' . $row['name']); @kleeja_unlink($row['folder'] . '/' . $row['name']);
} }
//delete thumb //delete thumb
if (file_exists($row['folder'] . '/thumbs/' . $row['name'])) if (file_exists($row['folder'] . '/thumbs/' . $row['name']))
{ {

1
includes/functions_adm.php
View File

@@ -258,6 +258,7 @@ function build_search_query($search)
//if searched by a username //if searched by a username
$usernamee = ''; $usernamee = '';
if (! empty($search['username']) && (int) $config['user_system'] == 1) if (! empty($search['username']) && (int) $config['user_system'] == 1)
{ {
$query = [ $query = [

5
includes/functions_display.php
View File

@@ -671,6 +671,7 @@ function kleeja_style_info($style_name)
} }
$t = array_map('trim', @explode('=', $m, 2)); $t = array_map('trim', @explode('=', $m, 2));
// ':' mean something secondary as in sub-array // ':' mean something secondary as in sub-array
if (strpos($t[0], ':') !== false) if (strpos($t[0], ':') !== false)
{ {
@@ -771,6 +772,7 @@ function is_browser($b)
$return = strpos(strtolower($u_agent), trim('applewebkit/' . $r)) !== false ? true : false; $return = strpos(strtolower($u_agent), trim('applewebkit/' . $r)) !== false ? true : false;
break; break;
/** /**
* Mobile Phones are so popular those days, so we have to support them ... * Mobile Phones are so popular those days, so we have to support them ...
* This is still in our test lab. * This is still in our test lab.
@@ -951,7 +953,8 @@ function time_zones()
*/ */
function configField($name, $type = 'text', $select_options = []) function configField($name, $type = 'text', $select_options = [])
{ {
switch ($type) { switch ($type)
{
default: default:
case 'text': case 'text':
return '<input type="text" id="kj_meta_seo_home_meta_keywords" name="' . $name . '"' . return '<input type="text" id="kj_meta_seo_home_meta_keywords" name="' . $name . '"' .

2
includes/mime_types.php
View File

@@ -1232,5 +1232,3 @@ return [
'zsh' => 'text/x-scriptzsh', 'zsh' => 'text/x-scriptzsh',
// Add more MIME types here // Add more MIME types here
]; ];
?>

165
includes/mysqli.php
View File

@@ -9,7 +9,8 @@
//no for directly open //no for directly open
if (! defined('IN_COMMON')) { if (! defined('IN_COMMON'))
{
exit(); exit();
} }
@@ -44,7 +45,8 @@ class KleejaDatabase
{ {
$port = 3306; $port = 3306;
if (strpos($host, ':') !== false) { if (strpos($host, ':') !== false)
{
$host = substr($host, 0, strpos($host, ':')); $host = substr($host, 0, strpos($host, ':'));
$port = (int) substr($host, strpos($host, ':')+1); $port = (int) substr($host, strpos($host, ':')+1);
} }
@@ -56,12 +58,14 @@ class KleejaDatabase
$this->connect_id = @mysqli_connect($host, $db_username, $db_password, $db_name, $port); $this->connect_id = @mysqli_connect($host, $db_username, $db_password, $db_name, $port);
//no error //no error
if (defined('SQL_NO_ERRORS') || defined('MYSQL_NO_ERRORS')) { if (defined('SQL_NO_ERRORS') || defined('MYSQL_NO_ERRORS'))
{
$this->show_errors = false; $this->show_errors = false;
} }
if (! $this->connect_id) { if (! $this->connect_id)
{
//loggin -> no database -> close connection //loggin -> no database -> close connection
$this->close(); $this->close();
$this->error_msg('We can not connect to the server ...'); $this->error_msg('We can not connect to the server ...');
@@ -72,8 +76,10 @@ class KleejaDatabase
kleeja_log('[Connected] : ' . kleeja_get_page()); kleeja_log('[Connected] : ' . kleeja_get_page());
if (! defined('DISABLE_MYSQL_UTF8')) { if (! defined('DISABLE_MYSQL_UTF8'))
if (mysqli_set_charset($this->connect_id, 'utf8')) { {
if (mysqli_set_charset($this->connect_id, 'utf8'))
{
kleeja_log('[Set to UTF8] : --> '); kleeja_log('[Set to UTF8] : --> ');
} }
} }
@@ -94,19 +100,22 @@ class KleejaDatabase
// close the connection // close the connection
public function close() public function close()
{ {
if (! $this->is_connected()) { if (! $this->is_connected())
{
return true; return true;
} }
// Commit any remaining transactions // Commit any remaining transactions
if ($this->in_transaction) { if ($this->in_transaction)
{
mysqli_commit($this->connect_id); mysqli_commit($this->connect_id);
} }
//loggin -> close connection //loggin -> close connection
kleeja_log('[Closing connection] : ' . kleeja_get_page()); kleeja_log('[Closing connection] : ' . kleeja_get_page());
if (! is_resource($this->connect_id)) { if (! is_resource($this->connect_id))
{
return true; return true;
} }
@@ -148,7 +157,8 @@ class KleejaDatabase
public function query($query, $transaction = false) public function query($query, $transaction = false)
{ {
//no connection //no connection
if (! $this->is_connected()) { if (! $this->is_connected())
{
return false; return false;
} }
@@ -157,13 +167,16 @@ class KleejaDatabase
// //
unset($this->result); unset($this->result);
if (! empty($query)) { if (! empty($query))
{
//debug .. ////////////// //debug .. //////////////
$srartum_sql = get_microtime(); $srartum_sql = get_microtime();
//////////////// ////////////////
if ($transaction && ! $this->in_transaction) { if ($transaction && ! $this->in_transaction)
if (! mysqli_autocommit($this->connect_id, false)) { {
if (! mysqli_autocommit($this->connect_id, false))
{
return false; return false;
} }
@@ -176,24 +189,33 @@ class KleejaDatabase
$this->debugr[$this->query_num+1] = [$query, sprintf('%.5f', get_microtime() - $srartum_sql)]; $this->debugr[$this->query_num+1] = [$query, sprintf('%.5f', get_microtime() - $srartum_sql)];
//////////////// ////////////////
if (! $this->result) { if (! $this->result)
{
$this->error_msg('Error In query'); $this->error_msg('Error In query');
} else { }
else
{
//let's debug it //let's debug it
kleeja_log('[Query] : --> ' . $query); kleeja_log('[Query] : --> ' . $query);
} }
} else { }
if ($this->in_transaction) { else
{
if ($this->in_transaction)
{
$this->result = mysqli_commit($this->connect_id); $this->result = mysqli_commit($this->connect_id);
} }
} }
//is there any result //is there any result
if ($this->result) { if ($this->result)
if ($this->in_transaction) { {
if ($this->in_transaction)
{
$this->in_transaction = false; $this->in_transaction = false;
if (! mysqli_commit($this->connect_id)) { if (! mysqli_commit($this->connect_id))
{
mysqli_rollback($this->connect_id); mysqli_rollback($this->connect_id);
return false; return false;
} }
@@ -201,8 +223,11 @@ class KleejaDatabase
$this->query_num++; $this->query_num++;
return $this->result; return $this->result;
} else { }
if ($this->in_transaction) { else
{
if ($this->in_transaction)
{
mysqli_rollback($this->connect_id); mysqli_rollback($this->connect_id);
$this->in_transaction = false; $this->in_transaction = false;
} }
@@ -220,62 +245,83 @@ class KleejaDatabase
{ {
$sql = ''; $sql = '';
if (isset($query['SELECT']) && isset($query['FROM'])) { if (isset($query['SELECT']) && isset($query['FROM']))
{
$sql = 'SELECT ' . $query['SELECT'] . ' FROM ' . $query['FROM']; $sql = 'SELECT ' . $query['SELECT'] . ' FROM ' . $query['FROM'];
if (isset($query['JOINS'])) { if (isset($query['JOINS']))
foreach ($query['JOINS'] as $cur_join) { {
foreach ($query['JOINS'] as $cur_join)
{
$sql .= ' ' . key($cur_join) . ' ' . @current($cur_join) . ' ON ' . $cur_join['ON']; $sql .= ' ' . key($cur_join) . ' ' . @current($cur_join) . ' ON ' . $cur_join['ON'];
} }
} }
if (! empty($query['WHERE'])) { if (! empty($query['WHERE']))
{
$sql .= ' WHERE ' . $query['WHERE']; $sql .= ' WHERE ' . $query['WHERE'];
} }
if (! empty($query['GROUP BY'])) { if (! empty($query['GROUP BY']))
{
$sql .= ' GROUP BY ' . $query['GROUP BY']; $sql .= ' GROUP BY ' . $query['GROUP BY'];
} }
if (! empty($query['HAVING'])) { if (! empty($query['HAVING']))
{
$sql .= ' HAVING ' . $query['HAVING']; $sql .= ' HAVING ' . $query['HAVING'];
} }
if (! empty($query['ORDER BY'])) { if (! empty($query['ORDER BY']))
{
$sql .= ' ORDER BY ' . $query['ORDER BY']; $sql .= ' ORDER BY ' . $query['ORDER BY'];
} }
if (! empty($query['LIMIT'])) { if (! empty($query['LIMIT']))
{
$sql .= ' LIMIT ' . $query['LIMIT']; $sql .= ' LIMIT ' . $query['LIMIT'];
} }
} elseif (isset($query['INSERT'])) { }
elseif (isset($query['INSERT']))
{
$sql = 'INSERT INTO ' . $query['INTO']; $sql = 'INSERT INTO ' . $query['INTO'];
if (! empty($query['INSERT'])) { if (! empty($query['INSERT']))
{
$sql .= ' (' . $query['INSERT'] . ')'; $sql .= ' (' . $query['INSERT'] . ')';
} }
$sql .= ' VALUES(' . $query['VALUES'] . ')'; $sql .= ' VALUES(' . $query['VALUES'] . ')';
} elseif (isset($query['UPDATE'])) { }
if (isset($query['PARAMS']['LOW_PRIORITY'])) { elseif (isset($query['UPDATE']))
{
if (isset($query['PARAMS']['LOW_PRIORITY']))
{
$query['UPDATE'] = 'LOW_PRIORITY ' . $query['UPDATE']; $query['UPDATE'] = 'LOW_PRIORITY ' . $query['UPDATE'];
} }
$sql = 'UPDATE ' . $query['UPDATE'] . ' SET ' . $query['SET']; $sql = 'UPDATE ' . $query['UPDATE'] . ' SET ' . $query['SET'];
if (! empty($query['WHERE'])) { if (! empty($query['WHERE']))
{
$sql .= ' WHERE ' . $query['WHERE']; $sql .= ' WHERE ' . $query['WHERE'];
} }
} elseif (isset($query['DELETE'])) { }
elseif (isset($query['DELETE']))
{
$sql = 'DELETE FROM ' . $query['DELETE']; $sql = 'DELETE FROM ' . $query['DELETE'];
if (! empty($query['WHERE'])) { if (! empty($query['WHERE']))
{
$sql .= ' WHERE ' . $query['WHERE']; $sql .= ' WHERE ' . $query['WHERE'];
} }
} elseif (isset($query['REPLACE'])) { }
elseif (isset($query['REPLACE']))
{
$sql = 'REPLACE INTO ' . $query['INTO']; $sql = 'REPLACE INTO ' . $query['INTO'];
if (! empty($query['REPLACE'])) { if (! empty($query['REPLACE']))
{
$sql .= ' (' . $query['REPLACE'] . ')'; $sql .= ' (' . $query['REPLACE'] . ')';
} }
@@ -293,14 +339,18 @@ class KleejaDatabase
*/ */
public function freeresult($query_id = 0) public function freeresult($query_id = 0)
{ {
if (! $query_id) { if (! $query_id)
{
$query_id = $this->result; $query_id = $this->result;
} }
if ($query_id) { if ($query_id)
{
mysqli_free_result($query_id); mysqli_free_result($query_id);
return true; return true;
} else { }
else
{
return false; return false;
} }
} }
@@ -325,7 +375,8 @@ class KleejaDatabase
*/ */
public function fetch_array($query_id = 0) public function fetch_array($query_id = 0)
{ {
if (! $query_id) { if (! $query_id)
{
$query_id = $this->result; $query_id = $this->result;
} }
@@ -340,7 +391,8 @@ class KleejaDatabase
*/ */
public function num_rows($query_id = 0) public function num_rows($query_id = 0)
{ {
if (! $query_id) { if (! $query_id)
{
$query_id = $this->result; $query_id = $this->result;
} }
@@ -379,7 +431,8 @@ class KleejaDatabase
*/ */
public function real_escape($msg) public function real_escape($msg)
{ {
if (! $this->is_connected()) { if (! $this->is_connected())
{
return false; return false;
} }
@@ -414,7 +467,8 @@ class KleejaDatabase
*/ */
private function error_msg($msg) private function error_msg($msg)
{ {
if (! $this->show_errors || (defined('SQL_NO_ERRORS') || defined('MYSQL_NO_ERRORS'))) { if (! $this->show_errors || (defined('SQL_NO_ERRORS') || defined('MYSQL_NO_ERRORS')))
{
kleeja_log('MySQL: ' . $msg); kleeja_log('MySQL: ' . $msg);
return false; return false;
} }
@@ -423,7 +477,8 @@ class KleejaDatabase
$error_sql = $this->connect_id ? @current($this->debugr[$this->query_num+1]) : ''; $error_sql = $this->connect_id ? @current($this->debugr[$this->query_num+1]) : '';
//some ppl want hide their table names //some ppl want hide their table names
if (! defined('DEV_STAGE')) { if (! defined('DEV_STAGE'))
{
$error_sql = preg_replace_callback("#\s{1,3}`*{$this->dbprefix}([a-z0-9]+)`*\s{1,3}#", function ($m) { $error_sql = preg_replace_callback("#\s{1,3}`*{$this->dbprefix}([a-z0-9]+)`*\s{1,3}#", function ($m) {
return ' <span style="color:blue">' . substr($m[1], 0, 1) . '</span> '; return ' <span style="color:blue">' . substr($m[1], 0, 1) . '</span> ';
}, $error_sql); }, $error_sql);
@@ -445,7 +500,8 @@ class KleejaDatabase
//is this error related to updating? //is this error related to updating?
$updating_related = false; $updating_related = false;
if (strpos($error_msg, 'Unknown column') !== false) { if (strpos($error_msg, 'Unknown column') !== false)
{
$updating_related = true; $updating_related = true;
} }
@@ -457,12 +513,14 @@ class KleejaDatabase
$error_message .= " <a href='#' onclick='window.location.reload( false );'>click to Refresh this page ...</a><br />"; $error_message .= " <a href='#' onclick='window.location.reload( false );'>click to Refresh this page ...</a><br />";
$error_message .= '<h2>Sorry , We encountered a MySQL error: ' . ($msg !='' ? $msg : '') . '</h2>'; $error_message .= '<h2>Sorry , We encountered a MySQL error: ' . ($msg !='' ? $msg : '') . '</h2>';
if ($error_sql != '') { if ($error_sql != '')
{
$error_message .= "<br />--[query]-------------------------- <br />$error_sql<br />---------------------------------<br /><br />"; $error_message .= "<br />--[query]-------------------------- <br />$error_sql<br />---------------------------------<br /><br />";
} }
$error_message .= "[$error_no : $error_msg] <br />"; $error_message .= "[$error_no : $error_msg] <br />";
if ($updating_related) { if ($updating_related)
{
global $config; global $config;
$error_message .= '<br /><strong>Your Kleeja database might be old, try to update it now from: ' . rtrim($config['siteurl'], '/') . '/install</strong>'; $error_message .= '<br /><strong>Your Kleeja database might be old, try to update it now from: ' . rtrim($config['siteurl'], '/') . '/install</strong>';
$error_message .= "<br /><br><strong>If this error happened after installing a plugin, add <span style=\"background-color:#ccc; padding:2px\">define('STOP_PLUGINS', true);</span> to end of config.php file.</strong>"; $error_message .= "<br /><br><strong>If this error happened after installing a plugin, add <span style=\"background-color:#ccc; padding:2px\">define('STOP_PLUGINS', true);</span> to end of config.php file.</strong>";
@@ -490,9 +548,12 @@ class KleejaDatabase
*/ */
public function get_error() public function get_error()
{ {
if ($this->is_connected()) { if ($this->is_connected())
{
return [@mysqli_errno($this->connect_id), @mysqli_error($this->connect_id)]; return [@mysqli_errno($this->connect_id), @mysqli_error($this->connect_id)];
} else { }
else
{
return [@mysqli_connect_errno(), @mysqli_connect_error()]; return [@mysqli_connect_errno(), @mysqli_connect_error()];
} }
} }

17
includes/phpass.php
View File

@@ -51,6 +51,7 @@ class PasswordHash
$this->portable_hashes = $portable_hashes; $this->portable_hashes = $portable_hashes;
$this->random_state = microtime(); $this->random_state = microtime();
if (function_exists('getmypid')) if (function_exists('getmypid'))
{ {
$this->random_state .= getmypid(); $this->random_state .= getmypid();
@@ -114,7 +115,8 @@ class PasswordHash
break; break;
} }
$output .= $this->itoa64[($value >> 18) & 0x3f]; $output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count); }
while ($i < $count);
return $output; return $output;
} }
@@ -138,6 +140,7 @@ class PasswordHash
} }
$id = substr($setting, 0, 3); $id = substr($setting, 0, 3);
// We use "$P$", phpBB3 uses "$H$" for the same thing // We use "$P$", phpBB3 uses "$H$" for the same thing
if ($id !== '$P$' && $id !== '$H$') if ($id !== '$P$' && $id !== '$H$')
{ {
@@ -170,7 +173,8 @@ class PasswordHash
do do
{ {
$hash = md5($hash . $password, true); $hash = md5($hash . $password, true);
} while (--$count); }
while (--$count);
$output = substr($setting, 0, 12); $output = substr($setting, 0, 12);
$output .= $this->encode64($hash, 16); $output .= $this->encode64($hash, 16);
@@ -218,7 +222,8 @@ class PasswordHash
$c1 |= $c2 >> 6; $c1 |= $c2 >> 6;
$output .= $itoa64[$c1]; $output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f]; $output .= $itoa64[$c2 & 0x3f];
} while (1); }
while (1);
return $output; return $output;
} }
@@ -243,8 +248,10 @@ class PasswordHash
$random = $this->get_random_bytes(6); $random = $this->get_random_bytes(6);
} }
$hash = $hash =
$this->crypt_private($password, $this->crypt_private(
$this->gensalt_private($random)); $password,
$this->gensalt_private($random)
);
if (strlen($hash) === 34) if (strlen($hash) === 34)
{ {

173
includes/sqlite.php
View File

@@ -9,7 +9,8 @@
//no for directly open //no for directly open
if (! defined('IN_COMMON')) { if (! defined('IN_COMMON'))
{
exit(); exit();
} }
@@ -43,13 +44,19 @@ class KleejaDatabase
*/ */
public function __construct($location, $db_username, $db_password, $db_name, $dbprefix) public function __construct($location, $db_username, $db_password, $db_name, $dbprefix)
{ {
try { try
if (class_exists('SQLite3')) { {
if (class_exists('SQLite3'))
{
$this->connect_id = new SQLite3(PATH . $db_name, SQLITE3_OPEN_READWRITE); $this->connect_id = new SQLite3(PATH . $db_name, SQLITE3_OPEN_READWRITE);
} else { }
else
{
$this->error_msg('SQLite3 extension is not installed in your server!'); $this->error_msg('SQLite3 extension is not installed in your server!');
} }
} catch (Exception $e) { }
catch (Exception $e)
{
//... //...
} }
@@ -57,11 +64,13 @@ class KleejaDatabase
$this->dbname = $db_name; $this->dbname = $db_name;
//no error //no error
if (defined('SQL_NO_ERRORS')) { if (defined('SQL_NO_ERRORS'))
{
$this->show_errors = false; $this->show_errors = false;
} }
if (! $this->connect_id) { if (! $this->connect_id)
{
//loggin -> no database -> close connection //loggin -> no database -> close connection
$this->close(); $this->close();
$this->error_msg('We can not connect to the sqlite database, check location or existence of the SQLite dirver ...'); $this->error_msg('We can not connect to the sqlite database, check location or existence of the SQLite dirver ...');
@@ -88,19 +97,22 @@ class KleejaDatabase
// close the connection // close the connection
public function close() public function close()
{ {
if (! $this->is_connected()) { if (! $this->is_connected())
{
return true; return true;
} }
// Commit any remaining transactions // Commit any remaining transactions
if ($this->in_transaction) { if ($this->in_transaction)
{
$this->query('COMMIT;'); $this->query('COMMIT;');
} }
//loggin -> close connection //loggin -> close connection
kleeja_log('[Closing connection] : ' . kleeja_get_page()); kleeja_log('[Closing connection] : ' . kleeja_get_page());
if (! is_resource($this->connect_id)) { if (! is_resource($this->connect_id))
{
return true; return true;
} }
@@ -136,7 +148,8 @@ class KleejaDatabase
public function query($query, $transaction = false) public function query($query, $transaction = false)
{ {
//no connection //no connection
if (! $this->is_connected()) { if (! $this->is_connected())
{
return false; return false;
} }
@@ -145,7 +158,8 @@ class KleejaDatabase
// //
unset($this->result); unset($this->result);
if (strpos($query, 'CREATE TABLE') !== false || strpos($query, 'ALTER DATABASE') !== false) { if (strpos($query, 'CREATE TABLE') !== false || strpos($query, 'ALTER DATABASE') !== false)
{
$sqlite_types = [ $sqlite_types = [
'/AUTO_INCREMENT/i' => '', '/AUTO_INCREMENT/i' => '',
'/VARCHAR\s?(\\([0-9]+\\))?/i' => 'TEXT', '/VARCHAR\s?(\\([0-9]+\\))?/i' => 'TEXT',
@@ -160,16 +174,19 @@ class KleejaDatabase
//todo extract keys and add as CREATE INDEX index_name ON table (column); //todo extract keys and add as CREATE INDEX index_name ON table (column);
foreach ($sqlite_types as $old_type => $new_type) { foreach ($sqlite_types as $old_type => $new_type)
{
$query = preg_replace($old_type, $new_type, $query); $query = preg_replace($old_type, $new_type, $query);
} }
} }
if (! empty($query)) { if (! empty($query))
{
//debug //debug
$srartum_sql = get_microtime(); $srartum_sql = get_microtime();
if ($transaction && ! $this->in_transaction) { if ($transaction && ! $this->in_transaction)
{
$this->query('BEGIN;'); $this->query('BEGIN;');
$this->in_transaction = true; $this->in_transaction = true;
} }
@@ -180,24 +197,33 @@ class KleejaDatabase
$this->debugr[$this->query_num+1] = [$query, sprintf('%.5f', get_microtime() - $srartum_sql)]; $this->debugr[$this->query_num+1] = [$query, sprintf('%.5f', get_microtime() - $srartum_sql)];
//////////////// ////////////////
if (! $this->result) { if (! $this->result)
{
$this->error_msg('Error In query'); $this->error_msg('Error In query');
} else { }
else
{
//let's debug it //let's debug it
kleeja_log('[Query] : --> ' . $query); kleeja_log('[Query] : --> ' . $query);
} }
} else { }
if ($this->in_transaction) { else
{
if ($this->in_transaction)
{
$this->result = $this->connect_id->query('COMMIT;'); $this->result = $this->connect_id->query('COMMIT;');
} }
} }
//is there any result //is there any result
if ($this->result) { if ($this->result)
if ($this->in_transaction) { {
if ($this->in_transaction)
{
$this->in_transaction = false; $this->in_transaction = false;
if (! $this->connect_id->query('COMMIT;')) { if (! $this->connect_id->query('COMMIT;'))
{
$this->connect_id->query('ROLLBACK;'); $this->connect_id->query('ROLLBACK;');
return false; return false;
} }
@@ -205,8 +231,11 @@ class KleejaDatabase
$this->query_num++; $this->query_num++;
return $this->result; return $this->result;
} else { }
if ($this->in_transaction) { else
{
if ($this->in_transaction)
{
$this->connect_id->query('ROLLBACK;'); $this->connect_id->query('ROLLBACK;');
$this->in_transaction = false; $this->in_transaction = false;
} }
@@ -224,58 +253,78 @@ class KleejaDatabase
{ {
$sql = ''; $sql = '';
if (isset($query['SELECT']) && isset($query['FROM'])) { if (isset($query['SELECT']) && isset($query['FROM']))
{
$sql = 'SELECT ' . $query['SELECT'] . ' FROM ' . $query['FROM']; $sql = 'SELECT ' . $query['SELECT'] . ' FROM ' . $query['FROM'];
if (isset($query['JOINS'])) { if (isset($query['JOINS']))
foreach ($query['JOINS'] as $cur_join) { {
foreach ($query['JOINS'] as $cur_join)
{
$sql .= ' ' . key($cur_join) . ' ' . current($cur_join) . ' ON ' . $cur_join['ON']; $sql .= ' ' . key($cur_join) . ' ' . current($cur_join) . ' ON ' . $cur_join['ON'];
} }
} }
if (! empty($query['WHERE'])) { if (! empty($query['WHERE']))
{
$sql .= ' WHERE ' . $query['WHERE']; $sql .= ' WHERE ' . $query['WHERE'];
} }
if (! empty($query['GROUP BY'])) { if (! empty($query['GROUP BY']))
{
$sql .= ' GROUP BY ' . $query['GROUP BY']; $sql .= ' GROUP BY ' . $query['GROUP BY'];
} }
if (! empty($query['HAVING'])) { if (! empty($query['HAVING']))
{
$sql .= ' HAVING ' . $query['HAVING']; $sql .= ' HAVING ' . $query['HAVING'];
} }
if (! empty($query['ORDER BY'])) { if (! empty($query['ORDER BY']))
{
$sql .= ' ORDER BY ' . $query['ORDER BY']; $sql .= ' ORDER BY ' . $query['ORDER BY'];
} }
if (! empty($query['LIMIT'])) { if (! empty($query['LIMIT']))
{
$sql .= ' LIMIT ' . $query['LIMIT']; $sql .= ' LIMIT ' . $query['LIMIT'];
} }
} elseif (isset($query['INSERT'])) { }
elseif (isset($query['INSERT']))
{
$sql = 'INSERT INTO ' . $query['INTO']; $sql = 'INSERT INTO ' . $query['INTO'];
if (! empty($query['INSERT'])) { if (! empty($query['INSERT']))
{
$sql .= ' (' . $query['INSERT'] . ')'; $sql .= ' (' . $query['INSERT'] . ')';
} }
$sql .= ' VALUES(' . $query['VALUES'] . ')'; $sql .= ' VALUES(' . $query['VALUES'] . ')';
} elseif (isset($query['UPDATE'])) { }
elseif (isset($query['UPDATE']))
{
$sql = 'UPDATE ' . $query['UPDATE'] . ' SET ' . $query['SET']; $sql = 'UPDATE ' . $query['UPDATE'] . ' SET ' . $query['SET'];
if (! empty($query['WHERE'])) { if (! empty($query['WHERE']))
{
$sql .= ' WHERE ' . $query['WHERE']; $sql .= ' WHERE ' . $query['WHERE'];
} }
} elseif (isset($query['DELETE'])) { }
elseif (isset($query['DELETE']))
{
$sql = 'DELETE FROM ' . $query['DELETE']; $sql = 'DELETE FROM ' . $query['DELETE'];
if (! empty($query['WHERE'])) { if (! empty($query['WHERE']))
{
$sql .= ' WHERE ' . $query['WHERE']; $sql .= ' WHERE ' . $query['WHERE'];
} }
} elseif (isset($query['REPLACE'])) { }
elseif (isset($query['REPLACE']))
{
$sql = 'REPLACE INTO ' . $query['INTO']; $sql = 'REPLACE INTO ' . $query['INTO'];
if (! empty($query['REPLACE'])) { if (! empty($query['REPLACE']))
{
$sql .= ' (' . $query['REPLACE'] . ')'; $sql .= ' (' . $query['REPLACE'] . ')';
} }
@@ -293,14 +342,18 @@ class KleejaDatabase
*/ */
public function freeresult($query_id = 0) public function freeresult($query_id = 0)
{ {
if (! $query_id) { if (! $query_id)
{
$query_id = $this->result; $query_id = $this->result;
} }
if ($query_id) { if ($query_id)
{
$query_id->finalize(); $query_id->finalize();
return true; return true;
} else { }
else
{
return false; return false;
} }
} }
@@ -324,11 +377,13 @@ class KleejaDatabase
*/ */
public function fetch_array($query_id = 0) public function fetch_array($query_id = 0)
{ {
if (! $query_id) { if (! $query_id)
{
$query_id = $this->result; $query_id = $this->result;
} }
if ($query_id && $query_id->numColumns() > 0) { if ($query_id && $query_id->numColumns() > 0)
{
return $query_id->fetchArray(SQLITE3_ASSOC); return $query_id->fetchArray(SQLITE3_ASSOC);
} }
@@ -343,13 +398,15 @@ class KleejaDatabase
*/ */
public function num_rows($query_id = 0) public function num_rows($query_id = 0)
{ {
if (! $query_id) { if (! $query_id)
{
$query_id = $this->result; $query_id = $this->result;
} }
if ($query_id && $results = $query_id->numColumns()) { if ($query_id && $results = $query_id->numColumns())
{
return $results; return $results;
} }
@@ -418,7 +475,8 @@ class KleejaDatabase
*/ */
private function error_msg($msg) private function error_msg($msg)
{ {
if (! $this->show_errors || (defined('SQL_NO_ERRORS') || defined('MYSQL_NO_ERRORS'))) { if (! $this->show_errors || (defined('SQL_NO_ERRORS') || defined('MYSQL_NO_ERRORS')))
{
kleeja_log('SQLite3: ' . $msg); kleeja_log('SQLite3: ' . $msg);
return false; return false;
} }
@@ -427,7 +485,8 @@ class KleejaDatabase
$error_sql = $this->connect_id ? @current($this->debugr[$this->query_num+1]) : ''; $error_sql = $this->connect_id ? @current($this->debugr[$this->query_num+1]) : '';
//some ppl want hide their table names //some ppl want hide their table names
if (! defined('DEV_STAGE')) { if (! defined('DEV_STAGE'))
{
$error_sql = preg_replace_callback("#\s{1,3}`*{$this->dbprefix}([a-z0-9]+)`*\s{1,3}#", function ($m) { $error_sql = preg_replace_callback("#\s{1,3}`*{$this->dbprefix}([a-z0-9]+)`*\s{1,3}#", function ($m) {
return ' <span style="color:blue">' . substr($m[1], 0, 1) . '</span> '; return ' <span style="color:blue">' . substr($m[1], 0, 1) . '</span> ';
}, $error_sql); }, $error_sql);
@@ -449,7 +508,8 @@ class KleejaDatabase
//is this error related to updating? //is this error related to updating?
$updating_related = false; $updating_related = false;
if (strpos($error_msg, 'Unknown column') !== false || strpos($error_msg, 'no such table') !== false) { if (strpos($error_msg, 'Unknown column') !== false || strpos($error_msg, 'no such table') !== false)
{
$updating_related = true; $updating_related = true;
} }
@@ -461,12 +521,14 @@ class KleejaDatabase
$error_message .= " <a href='#' onclick='window.location.reload( false );'>click to Refresh this page ...</a><br />"; $error_message .= " <a href='#' onclick='window.location.reload( false );'>click to Refresh this page ...</a><br />";
$error_message .= '<h2>Sorry , We encountered a MySQL error: ' . ($msg !='' ? $msg : '') . '</h2>'; $error_message .= '<h2>Sorry , We encountered a MySQL error: ' . ($msg !='' ? $msg : '') . '</h2>';
if ($error_sql != '') { if ($error_sql != '')
{
$error_message .= "<br />--[query]-------------------------- <br />$error_sql<br />---------------------------------<br /><br />"; $error_message .= "<br />--[query]-------------------------- <br />$error_sql<br />---------------------------------<br /><br />";
} }
$error_message .= "[$error_no : $error_msg] <br />"; $error_message .= "[$error_no : $error_msg] <br />";
if ($updating_related) { if ($updating_related)
{
global $config; global $config;
$error_message .= '<br /><strong>Your Kleeja database might be old, try to update it now from: ' . rtrim($config['siteurl'], '/') . '/install</strong>'; $error_message .= '<br /><strong>Your Kleeja database might be old, try to update it now from: ' . rtrim($config['siteurl'], '/') . '/install</strong>';
$error_message .= "<br /><br><strong>If this error happened after installing a plugin, add <span style=\"background-color:#ccc; padding:2px\">define('STOP_PLUGINS', true);</span> to end of config.php file.</strong>"; $error_message .= "<br /><br><strong>If this error happened after installing a plugin, add <span style=\"background-color:#ccc; padding:2px\">define('STOP_PLUGINS', true);</span> to end of config.php file.</strong>";
@@ -494,9 +556,12 @@ class KleejaDatabase
*/ */
public function get_error() public function get_error()
{ {
if ($this->connect_id) { if ($this->connect_id)
{
return [$this->connect_id->lastErrorCode(), $this->connect_id->lastErrorMsg()]; return [$this->connect_id->lastErrorCode(), $this->connect_id->lastErrorMsg()];
} else { }
else
{
return [0, 'uknown-error-not-connected']; return [0, 'uknown-error-not-connected'];
} }
} }

77
includes/style.php
View File

@@ -9,7 +9,8 @@
//no direct access //no direct access
if (! defined('IN_COMMON')) { if (! defined('IN_COMMON'))
{
exit; exit;
} }
@@ -30,7 +31,8 @@ class kleeja_style
global $config, $THIS_STYLE_PATH_ABS, $STYLE_PATH_ADMIN_ABS, $DEFAULT_PATH_ADMIN_ABS; global $config, $THIS_STYLE_PATH_ABS, $STYLE_PATH_ADMIN_ABS, $DEFAULT_PATH_ADMIN_ABS;
if (! ($template_path = $this->template_exists($template_name, $style_path))) { if (! ($template_path = $this->template_exists($template_name, $style_path)))
{
big_error('No Template !', 'Requested <b>"' . $template_name . '"</b> template doesnt exist!'); big_error('No Template !', 'Requested <b>"' . $template_name . '"</b> template doesnt exist!');
} }
@@ -39,7 +41,8 @@ class kleeja_style
$html = "<!-- file generated by kleeja {kleeja.net} -->\n" . $html; $html = "<!-- file generated by kleeja {kleeja.net} -->\n" . $html;
//use 'b' to force binary mode //use 'b' to force binary mode
if ($filename = @fopen(PATH . 'cache/tpl_' . $this->re_name_tpl($template_name, $style_path) . '.php', 'wb')) { if ($filename = @fopen(PATH . 'cache/tpl_' . $this->re_name_tpl($template_name, $style_path) . '.php', 'wb'))
{
is_array($plugin_run_result = Plugins::getInstance()->run('style_load_template_func', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook is_array($plugin_run_result = Plugins::getInstance()->run('style_load_template_func', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
@@ -67,10 +70,13 @@ class kleeja_style
$style_path = str_replace(DIRECTORY_SEPARATOR, '/', $style_path ?? ''); $style_path = str_replace(DIRECTORY_SEPARATOR, '/', $style_path ?? '');
//admin template always begin with admin_ //admin template always begin with admin_
if (substr($template_name, 0, 6) == 'admin_') { if (substr($template_name, 0, 6) == 'admin_')
{
$current_style_path = ! empty($style_path) ? $style_path : $STYLE_PATH_ADMIN_ABS; $current_style_path = ! empty($style_path) ? $style_path : $STYLE_PATH_ADMIN_ABS;
$is_admin_template = true; $is_admin_template = true;
} else { }
else
{
$current_style_path = ! empty($style_path) ? $style_path : $THIS_STYLE_PATH_ABS; $current_style_path = ! empty($style_path) ? $style_path : $THIS_STYLE_PATH_ABS;
} }
@@ -82,21 +88,29 @@ class kleeja_style
$is_tpl_exist = file_exists($template_path); $is_tpl_exist = file_exists($template_path);
if (! $is_tpl_exist) { if (! $is_tpl_exist)
if (trim($config['style_depend_on']) != '') { {
if (trim($config['style_depend_on']) != '')
{
$template_path_alternative = str_replace('/' . $config['style'] . '/', '/' . $config['style_depend_on'] . '/', $template_path); $template_path_alternative = str_replace('/' . $config['style'] . '/', '/' . $config['style_depend_on'] . '/', $template_path);
if (file_exists($template_path_alternative)) { if (file_exists($template_path_alternative))
{
$template_path = $template_path_alternative; $template_path = $template_path_alternative;
$is_tpl_exist = true; $is_tpl_exist = true;
} }
} elseif ($is_admin_template) { }
elseif ($is_admin_template)
{
$template_path = $DEFAULT_PATH_ADMIN_ABS . $template_name . '.html'; $template_path = $DEFAULT_PATH_ADMIN_ABS . $template_name . '.html';
$is_tpl_exist = true; $is_tpl_exist = true;
} elseif ($config['style'] != 'default' && ! $is_admin_template) { }
elseif ($config['style'] != 'default' && ! $is_admin_template)
{
$template_path_alternative = str_replace('/' . $config['style'] . '/', '/default/', $template_path); $template_path_alternative = str_replace('/' . $config['style'] . '/', '/default/', $template_path);
if (file_exists($template_path_alternative)) { if (file_exists($template_path_alternative))
{
$template_path = $template_path_alternative; $template_path = $template_path_alternative;
$is_tpl_exist = true; $is_tpl_exist = true;
} }
@@ -160,8 +174,10 @@ class kleeja_style
foreach ([ foreach ([
'NAME' => '', 'LOOP' => '', 'AND' => ' && ', 'OR' => ' || ', 'ISSET' => ' isset', 'EMPTY' => ' empty' 'NAME' => '', 'LOOP' => '', 'AND' => ' && ', 'OR' => ' || ', 'ISSET' => ' isset', 'EMPTY' => ' empty'
] as $attribute=>$separator) { ] as $attribute=> $separator)
if (isset($atts[$attribute])) { {
if (isset($atts[$attribute]))
{
$haveParentheses = in_array($attribute, ['ISSET', 'EMPTY']); $haveParentheses = in_array($attribute, ['ISSET', 'EMPTY']);
$condition .= $separator . ($haveParentheses ? '(' : '') . $condition .= $separator . ($haveParentheses ? '(' : '') .
@@ -181,25 +197,30 @@ class kleeja_style
$char = [' eq ', ' lt ', ' gt ', ' lte ', ' gte ', ' neq ', '==', '!=', '>=', '<=', '<', '>']; $char = [' eq ', ' lt ', ' gt ', ' lte ', ' gte ', ' neq ', '==', '!=', '>=', '<=', '<', '>'];
$reps = ['==', '<', '>', '<=', '>=', '!=', '==', '!=', '>=', '<=', '<', '>']; $reps = ['==', '<', '>', '<=', '>=', '!=', '==', '!=', '>=', '<=', '<', '>'];
if (trim($condition) == '') { if (trim($condition) == '')
{
return ''; return '';
} }
$con = str_replace('$this->vars', '[----this-vars----]', $condition); $con = str_replace('$this->vars', '[----this-vars----]', $condition);
if (preg_match('/(.*)(' . implode('|', $char) . ')(.*)/i', $con, $arr)) { if (preg_match('/(.*)(' . implode('|', $char) . ')(.*)/i', $con, $arr))
{
$arr[1] = trim($arr[1]); $arr[1] = trim($arr[1]);
$var1 = $arr[1][0] != '$' ? call_user_func(['kleeja_style', '_var_callback'], (! $is_loop ? '{' . $arr[1] . '}' : '{{' . $arr[1] . '}}')) : $arr[1]; $var1 = $arr[1][0] != '$' ? call_user_func(['kleeja_style', '_var_callback'], (! $is_loop ? '{' . $arr[1] . '}' : '{{' . $arr[1] . '}}')) : $arr[1];
$opr = str_replace($char, $reps, $arr[2]); $opr = str_replace($char, $reps, $arr[2]);
$var2 = trim($arr[3]); $var2 = trim($arr[3]);
//check for type //check for type
if (strpos($var2, '$')!==0 && ! preg_match('/[0-9]/', $var2)) { if (strpos($var2, '$')!==0 && ! preg_match('/[0-9]/', $var2))
{
$var2 = '"' . str_replace('"', '\"', $var2) . '"'; $var2 = '"' . str_replace('"', '\"', $var2) . '"';
} }
$con = "$var1 $opr $var2"; $con = "$var1 $opr $var2";
} elseif ($con[0] !== '$' && strpos($con, '(') === false) { }
elseif ($con[0] !== '$' && strpos($con, '(') === false)
{
$con = call_user_func(['kleeja_style', '_var_callback'], (! $is_loop ? '{' . $con . '}' : '{{' . $con . '}}')); $con = call_user_func(['kleeja_style', '_var_callback'], (! $is_loop ? '{' . $con . '}' : '{{' . $con . '}}'));
} }
@@ -216,7 +237,8 @@ class kleeja_style
{ {
$variable = call_user_func(['kleeja_style', '_var_callback'], $matches); $variable = call_user_func(['kleeja_style', '_var_callback'], $matches);
if (strpos($matches[0], '{lang') !== false || strpos($matches[0], '{olang') !== false) { if (strpos($matches[0], '{lang') !== false || strpos($matches[0], '{olang') !== false)
{
return '<?=' . $variable . ' ?? \'' . $matches[0] . '\'?>'; return '<?=' . $variable . ' ?? \'' . $matches[0] . '\'?>';
} }
@@ -231,13 +253,15 @@ class kleeja_style
*/ */
protected function _var_callback($matches) protected function _var_callback($matches)
{ {
if (! is_array($matches)) { if (! is_array($matches))
{
preg_match(kleeja_style::reg('var'), $matches, $matches); preg_match(kleeja_style::reg('var'), $matches, $matches);
} }
$var = trim(! empty($matches[2]) ? str_replace('.', '\'][\'', $matches[2]) : ''); $var = trim(! empty($matches[2]) ? str_replace('.', '\'][\'', $matches[2]) : '');
if (empty($var)) { if (empty($var))
{
return ''; return '';
} }
@@ -278,7 +302,8 @@ class kleeja_style
$attributes = []; $attributes = [];
for ($i = 0; $i < count($attribute[1]); $i++) { for ($i = 0; $i < count($attribute[1]); $i++)
{
$att = strtoupper($attribute[1][$i]); $att = strtoupper($attribute[1][$i]);
$attributes[$att] = preg_replace_callback(kleeja_style::reg('var'), ['kleeja_style', '_var_callback'], $attribute[2][$i]); $attributes[$att] = preg_replace_callback(kleeja_style::reg('var'), ['kleeja_style', '_var_callback'], $attribute[2][$i]);
@@ -310,7 +335,8 @@ class kleeja_style
$this->vars = $GLOBALS; $this->vars = $GLOBALS;
//is there ? //is there ?
if (! file_exists(PATH . 'cache/tpl_' . $this->re_name_tpl($template_name, $style_path) . '.php') || ! $this->caching) { if (! file_exists(PATH . 'cache/tpl_' . $this->re_name_tpl($template_name, $style_path) . '.php') || ! $this->caching)
{
$this->_load_template($template_name, $style_path); $this->_load_template($template_name, $style_path);
} }
@@ -338,9 +364,12 @@ class kleeja_style
ob_start(); ob_start();
if ($eval_on) { if ($eval_on)
{
eval(' ?' . '>' . $parsed_html . '<' . '?php '); eval(' ?' . '>' . $parsed_html . '<' . '?php ');
} else { }
else
{
$path = PATH . 'cache/tpl_' . md5($parsed_html) . '.php'; $path = PATH . 'cache/tpl_' . md5($parsed_html) . '.php';
file_put_contents($path, $parsed_html); file_put_contents($path, $parsed_html);
include_once $path; include_once $path;

26
includes/up_helpers/thumbs.php
View File

@@ -123,10 +123,14 @@ function helper_thumb($source_path, $ext, $dest_image, $dw, $dh)
imagecopyresampled( imagecopyresampled(
$temp_gdim, $temp_gdim,
$source_gdim, $source_gdim,
0, 0, 0,
0, 0, 0,
$temp_width, $temp_height, 0,
$source_width, $source_height 0,
$temp_width,
$temp_height,
$source_width,
$source_height
); );
// Copy cropped region from temporary image into the desired GD image // Copy cropped region from temporary image into the desired GD image
@@ -137,9 +141,12 @@ function helper_thumb($source_path, $ext, $dest_image, $dw, $dh)
imagecopy( imagecopy(
$desired_gdim, $desired_gdim,
$temp_gdim, $temp_gdim,
0, 0, 0,
$x0, $y0, 0,
$dw, $dh $x0,
$y0,
$dw,
$dh
); );
// Create thumbnail // Create thumbnail
@@ -237,18 +244,21 @@ function helper_thumb_imagick($name, $ext, $filename, $new_w, $new_h)
$im->getImageWidth(), $im->getImageWidth(),
$im->getImageHeight(), $im->getImageHeight(),
$new_w, $new_w,
$new_h); $new_h
);
//an exception for gif image //an exception for gif image
//generating thumb with 10 frames only, big gif is a devil //generating thumb with 10 frames only, big gif is a devil
if ($ext == 'gif') if ($ext == 'gif')
{ {
$i = 0; $i = 0;
//$gif_new = new Imagick(); //$gif_new = new Imagick();
foreach ($im as $frame) foreach ($im as $frame)
{ {
$frame->thumbnailImage($thumb_w, $thumb_h); $frame->thumbnailImage($thumb_w, $thumb_h);
$frame->setImagePage($thumb_w, $thumb_h, 0, 0); $frame->setImagePage($thumb_w, $thumb_h, 0, 0);
// $gif_new->addImage($frame->getImage()); // $gif_new->addImage($frame->getImage());
if ($i >= 10) if ($i >= 10)
{ {

1
includes/up_helpers/watermark.php
View File

@@ -182,6 +182,7 @@ function helper_watermark_imagick($name, $ext, $logo)
if ($ext == 'gif') if ($ext == 'gif')
{ {
$i = 0; $i = 0;
//$gif_new = new Imagick(); //$gif_new = new Imagick();
foreach ($im as $frame) foreach ($im as $frame)
{ {

109
includes/up_methods/defaultUploader.php
View File

@@ -9,7 +9,8 @@
//no for directly open //no for directly open
if (! defined('IN_COMMON')) { if (! defined('IN_COMMON'))
{
exit(); exit();
} }
@@ -234,7 +235,8 @@ class defaultUploader implements KleejaUploader
// show del code link box // show del code link box
$extra_del = ''; $extra_del = '';
if ($config['del_url_file']) { if ($config['del_url_file'])
{
$extra_del = get_up_tpl_box( $extra_del = get_up_tpl_box(
'del_file_code', 'del_file_code',
[ [
@@ -245,13 +247,15 @@ class defaultUploader implements KleejaUploader
} }
//show imgs //show imgs
if ($is_img) { if ($is_img)
{
$img_html_result = ''; $img_html_result = '';
// get default thumb dimensions // get default thumb dimensions
$thmb_dim_w = $thmb_dim_h = 150; $thmb_dim_w = $thmb_dim_h = 150;
if (strpos($config['thmb_dims'], '*') !== false) { if (strpos($config['thmb_dims'], '*') !== false)
{
list($thmb_dim_w, $thmb_dim_h) = array_map('trim', explode('*', $config['thmb_dims'])); list($thmb_dim_w, $thmb_dim_h) = array_map('trim', explode('*', $config['thmb_dims']));
} }
@@ -276,7 +280,8 @@ class defaultUploader implements KleejaUploader
// watermark on image // watermark on image
if ($config['write_imgs'] != 0 && in_array($fileInfo['fileExtension'], ['gif', 'png', 'jpg', 'jpeg', 'bmp'])) { if ($config['write_imgs'] != 0 && in_array($fileInfo['fileExtension'], ['gif', 'png', 'jpg', 'jpeg', 'bmp']))
{
helper_watermark($fileInfo['saveToFolder'] . '/' . $fileInfo['generatedFileName'], $fileInfo['fileExtension']); helper_watermark($fileInfo['saveToFolder'] . '/' . $fileInfo['generatedFileName'], $fileInfo['fileExtension']);
} }
@@ -302,7 +307,9 @@ class defaultUploader implements KleejaUploader
htmlspecialchars($fileInfo['originalFileName']) . '</div>' . "\n" . htmlspecialchars($fileInfo['originalFileName']) . '</div>' . "\n" .
$img_html_result $img_html_result
); );
} else { }
else
{
//then show other files //then show other files
$else_html_result = get_up_tpl_box( $else_html_result = get_up_tpl_box(
'file', 'file',
@@ -356,28 +363,34 @@ class defaultUploader implements KleejaUploader
// check folder our real folder // check folder our real folder
if (! file_exists($current_uploading_folder)) { if (! file_exists($current_uploading_folder))
if (! make_folder($current_uploading_folder)) { {
if (! make_folder($current_uploading_folder))
{
$this->addErrorMessage($lang['CANT_DIR_CRT']); $this->addErrorMessage($lang['CANT_DIR_CRT']);
} }
} }
if ($return_now) { if ($return_now)
{
return; return;
} }
// is captcha on, and there is uploading going on // is captcha on, and there is uploading going on
if ($captcha_enabled) { if ($captcha_enabled)
{
//captcha is wrong //captcha is wrong
if (! kleeja_check_captcha()) { if (! kleeja_check_captcha())
{
$this->addErrorMessage($lang['WRONG_VERTY_CODE']); $this->addErrorMessage($lang['WRONG_VERTY_CODE']);
return; return;
} }
} }
// to prevent flooding, user must wait, waiting-time is grapped from Kleeja settings, admin is exceptional // to prevent flooding, user must wait, waiting-time is grapped from Kleeja settings, admin is exceptional
if (! user_can('enter_acp') && user_is_flooding($current_user_id)) { if (! user_can('enter_acp') && user_is_flooding($current_user_id))
{
$this->addErrorMessage(sprintf( $this->addErrorMessage(sprintf(
$lang['YOU_HAVE_TO_WAIT'], $lang['YOU_HAVE_TO_WAIT'],
$config['usersectoupload'] $config['usersectoupload']
@@ -387,8 +400,10 @@ class defaultUploader implements KleejaUploader
//detect flooding, TODO fix it or remove it //detect flooding, TODO fix it or remove it
if (isset($_SESSION['FIILES_NOT_DUPLI'])) { if (isset($_SESSION['FIILES_NOT_DUPLI']))
if (! empty($_SESSION['FIILES_NOT_DUPLI']) && $_SESSION['FIILES_NOT_DUPLI'] == sha1(serialize(array_column($_FILES, 'name')))) { {
if (! empty($_SESSION['FIILES_NOT_DUPLI']) && $_SESSION['FIILES_NOT_DUPLI'] == sha1(serialize(array_column($_FILES, 'name'))))
{
unset($_SESSION['FIILES_NOT_DUPLI']); unset($_SESSION['FIILES_NOT_DUPLI']);
$this->addErrorMessage($lang['U_R_FLOODER']); $this->addErrorMessage($lang['U_R_FLOODER']);
@@ -397,7 +412,8 @@ class defaultUploader implements KleejaUploader
} }
// flooding code, making sure every ok session is cleared // flooding code, making sure every ok session is cleared
if (sizeof($_FILES) > 0) { if (sizeof($_FILES) > 0)
{
$_SESSION['FIILES_NOT_DUPLI'] = sha1(serialize(array_column($_FILES, 'name'))); $_SESSION['FIILES_NOT_DUPLI'] = sha1(serialize(array_column($_FILES, 'name')));
} }
@@ -405,16 +421,20 @@ class defaultUploader implements KleejaUploader
//now close session to let user open any other page in Kleeja //now close session to let user open any other page in Kleeja
session_write_close(); session_write_close();
if (! empty($_FILES['file']['tmp_name'])) { if (! empty($_FILES['file']['tmp_name']))
{
$_FILES['file'][0] = $_FILES['file']; $_FILES['file'][0] = $_FILES['file'];
} }
// loop the uploaded files // loop the uploaded files
for ($i=0; $i<=$this->getUploadFieldsLimit(); $i++) { for ($i=0; $i<=$this->getUploadFieldsLimit(); $i++)
{
//no file! //no file!
if (empty($_FILES['file_' . $i . '_']['tmp_name']) && empty($_FILES['file'][$i]['tmp_name'])) { if (empty($_FILES['file_' . $i . '_']['tmp_name']) && empty($_FILES['file'][$i]['tmp_name']))
if (! isset($_FILES['file_' . $i . '_'], $_FILES['file'][$i])) { {
if (! isset($_FILES['file_' . $i . '_'], $_FILES['file'][$i]))
{
continue; continue;
} }
@@ -428,8 +448,10 @@ class defaultUploader implements KleejaUploader
$upload_max_size = ini_get('upload_max_filesize'); $upload_max_size = ini_get('upload_max_filesize');
if ($error !== UPLOAD_ERR_OK) { if ($error !== UPLOAD_ERR_OK)
switch ($error) { {
switch ($error)
{
case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE: case UPLOAD_ERR_FORM_SIZE:
$this->addErrorMessage( $this->addErrorMessage(
@@ -469,7 +491,6 @@ class defaultUploader implements KleejaUploader
$this->addErrorMessage(sprintf($lang['CANT_UPLAOD'], htmlspecialchars($filename))); $this->addErrorMessage(sprintf($lang['CANT_UPLAOD'], htmlspecialchars($filename)));
break; break;
} }
} }
@@ -482,7 +503,8 @@ class defaultUploader implements KleejaUploader
// well, no file uploaded, ask user to choose a file before submit // well, no file uploaded, ask user to choose a file before submit
if ($this->total_uploaded_files == 0 && sizeof($this->messages) == 0) { if ($this->total_uploaded_files == 0 && sizeof($this->messages) == 0)
{
$this->addErrorMessage($lang['CHOSE_F']); $this->addErrorMessage($lang['CHOSE_F']);
} }
} }
@@ -512,7 +534,8 @@ class defaultUploader implements KleejaUploader
$fileInfo['currentUserId'] = $current_user_id; $fileInfo['currentUserId'] = $current_user_id;
if (! isset($_FILES['file_' . $fieldNumber . '_']) && isset($_FILES['file'][$fieldNumber])) { if (! isset($_FILES['file_' . $fieldNumber . '_']) && isset($_FILES['file'][$fieldNumber]))
{
$_FILES['file_' . $fieldNumber . '_'] = $_FILES['file'][$fieldNumber]; $_FILES['file_' . $fieldNumber . '_'] = $_FILES['file'][$fieldNumber];
} }
@@ -521,7 +544,8 @@ class defaultUploader implements KleejaUploader
? urldecode(str_replace([';',','], '', $_FILES['file_' . $fieldNumber . '_']['name'])) ? urldecode(str_replace([';',','], '', $_FILES['file_' . $fieldNumber . '_']['name']))
: ''; : '';
if (empty($fileInfo['originalFileName'])) { if (empty($fileInfo['originalFileName']))
{
$this->addErrorMessage(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $fieldNumber . '_']['name']))); $this->addErrorMessage(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $fieldNumber . '_']['name'])));
return; return;
} }
@@ -546,7 +570,8 @@ class defaultUploader implements KleejaUploader
// file exists before? change it a little // file exists before? change it a little
if (file_exists($current_uploading_folder . '/' . $fileInfo['generatedFileName'])) { if (file_exists($current_uploading_folder . '/' . $fileInfo['generatedFileName']))
{
$fileInfo['generatedFileName'] = change_filename_decoding( $fileInfo['generatedFileName'] = change_filename_decoding(
$fileInfo['generatedFileName'], $fileInfo['generatedFileName'],
$fieldNumber, $fieldNumber,
@@ -559,9 +584,11 @@ class defaultUploader implements KleejaUploader
// now, let process it // now, let process it
if (! in_array(strtolower($fileInfo['fileExtension']), array_keys($this->getAllowedFileExtensions()))) { if (! in_array(strtolower($fileInfo['fileExtension']), array_keys($this->getAllowedFileExtensions())))
{
// guest // guest
if ($current_user_id == '-1') { if ($current_user_id == '-1')
{
$this->addErrorMessage( $this->addErrorMessage(
sprintf($lang['FORBID_EXT'], $fileInfo['fileExtension']) sprintf($lang['FORBID_EXT'], $fileInfo['fileExtension'])
. '<br> <a href="' . ($config['mod_writer'] ? 'register.html' : 'ucp.php?go=register') . . '<br> <a href="' . ($config['mod_writer'] ? 'register.html' : 'ucp.php?go=register') .
@@ -569,24 +596,29 @@ class defaultUploader implements KleejaUploader
); );
} }
// a member // a member
else { else
{
$this->addErrorMessage(sprintf($lang['FORBID_EXT'], $fileInfo['fileExtension'])); $this->addErrorMessage(sprintf($lang['FORBID_EXT'], $fileInfo['fileExtension']));
} }
} }
// bad chars in the filename // bad chars in the filename
elseif (preg_match("#[\\\/\:\*\?\<\>\|\"]#", $fileInfo['generatedFileName'])) { elseif (preg_match("#[\\\/\:\*\?\<\>\|\"]#", $fileInfo['generatedFileName']))
{
$this->addErrorMessage(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $fieldNumber . '_']['name']))); $this->addErrorMessage(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $fieldNumber . '_']['name'])));
} }
// check file extension for bad stuff // check file extension for bad stuff
elseif (ext_check_safe($_FILES['file_' . $fieldNumber . '_']['name']) == false) { elseif (ext_check_safe($_FILES['file_' . $fieldNumber . '_']['name']) == false)
{
$this->addErrorMessage(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $fieldNumber . '_']['name']))); $this->addErrorMessage(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $fieldNumber . '_']['name'])));
} }
// check the mime-type for the file // check the mime-type for the file
elseif (check_mime_type($_FILES['file_' . $fieldNumber . '_']['type'], $fileInfo['fileExtension'], $_FILES['file_' . $fieldNumber . '_']['tmp_name']) == false) { elseif (check_mime_type($_FILES['file_' . $fieldNumber . '_']['type'], $fileInfo['fileExtension'], $_FILES['file_' . $fieldNumber . '_']['tmp_name']) == false)
{
$this->addErrorMessage(sprintf($lang['NOT_SAFE_FILE'], htmlspecialchars($_FILES['file_' . $fieldNumber . '_']['name']))); $this->addErrorMessage(sprintf($lang['NOT_SAFE_FILE'], htmlspecialchars($_FILES['file_' . $fieldNumber . '_']['name'])));
} }
// check file size // check file size
elseif ($this->getAllowedFileExtensions()[$fileInfo['fileExtension']] > 0 && $fileInfo['fileSize'] >= $this->getAllowedFileExtensions()[$fileInfo['fileExtension']]) { elseif ($this->getAllowedFileExtensions()[$fileInfo['fileExtension']] > 0 && $fileInfo['fileSize'] >= $this->getAllowedFileExtensions()[$fileInfo['fileExtension']])
{
$this->addErrorMessage( $this->addErrorMessage(
sprintf( sprintf(
$lang['SIZE_F_BIG'], $lang['SIZE_F_BIG'],
@@ -600,19 +632,24 @@ class defaultUploader implements KleejaUploader
$this->addErrorMessage($lang['TOTAL_SIZE_EXCEEDED']); $this->addErrorMessage($lang['TOTAL_SIZE_EXCEEDED']);
} }
// no errors, so upload it // no errors, so upload it
else { else
{
is_array($plugin_run_result = Plugins::getInstance()->run('defaultUploader_uploadTypeFile_2nd', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook is_array($plugin_run_result = Plugins::getInstance()->run('defaultUploader_uploadTypeFile_2nd', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
// now, upload the file // now, upload the file
$file = move_uploaded_file($_FILES['file_' . $fieldNumber . '_']['tmp_name'], $current_uploading_folder . '/' . $fileInfo['generatedFileName']); $file = move_uploaded_file($_FILES['file_' . $fieldNumber . '_']['tmp_name'], $current_uploading_folder . '/' . $fileInfo['generatedFileName']);
if ($file) { if ($file)
{
$this->saveToDatabase($fileInfo); $this->saveToDatabase($fileInfo);
if ($remaining_storage != -1) if ($remaining_storage != -1)
{ {
$remaining_storage -= $fileInfo['fileSize']; $remaining_storage -= $fileInfo['fileSize'];
} }
} else { }
else
{
$this->addErrorMessage(sprintf($lang['CANT_UPLAOD'], $fileInfo['originalFileName'])); $this->addErrorMessage(sprintf($lang['CANT_UPLAOD'], $fileInfo['originalFileName']));
} }
} }

95
includes/usr.php
View File

@@ -9,7 +9,8 @@
//no for directly open //no for directly open
if (! defined('IN_COMMON')) { if (! defined('IN_COMMON'))
{
exit(); exit();
} }
@@ -33,7 +34,8 @@ class usrcp
is_array($plugin_run_result = Plugins::getInstance()->run('data_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook is_array($plugin_run_result = Plugins::getInstance()->run('data_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
if ($return_now) { if ($return_now)
{
return $login_status; return $login_status;
} }
@@ -48,7 +50,8 @@ class usrcp
is_array($plugin_run_result = Plugins::getInstance()->run('auth_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook is_array($plugin_run_result = Plugins::getInstance()->run('auth_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
if ($return_now) { if ($return_now)
{
return $auth_status; return $auth_status;
} }
@@ -73,18 +76,24 @@ class usrcp
'LIMIT' => '1' 'LIMIT' => '1'
]; ];
if ($hashed) { if ($hashed)
{
$query['WHERE'] = 'id=' . intval($name) . " and password='" . $SQL->escape($pass) . "'"; $query['WHERE'] = 'id=' . intval($name) . " and password='" . $SQL->escape($pass) . "'";
} else { }
else
{
$query['WHERE'] = "clean_name='" . $SQL->real_escape($this->cleanusername($name)) . "'"; $query['WHERE'] = "clean_name='" . $SQL->real_escape($this->cleanusername($name)) . "'";
} }
is_array($plugin_run_result = Plugins::getInstance()->run('qr_select_usrdata_n_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook is_array($plugin_run_result = Plugins::getInstance()->run('qr_select_usrdata_n_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
$result = $SQL->build($query); $result = $SQL->build($query);
if ($SQL->num_rows($result)) { if ($SQL->num_rows($result))
while ($row=$SQL->fetch_array($result)) { {
if (empty($row['password'])) { while ($row=$SQL->fetch_array($result))
{
if (empty($row['password']))
{
//more security //more security
return false; return false;
} }
@@ -92,10 +101,13 @@ class usrcp
$phppass = $hashed ? $pass : $pass . $row['password_salt']; $phppass = $hashed ? $pass : $pass . $row['password_salt'];
//CHECK IF IT'S MD5 PASSWORD //CHECK IF IT'S MD5 PASSWORD
if (strlen($row['password']) == '32' && empty($row['password_salt']) && defined('CONVERTED_SCRIPT')) { if (strlen($row['password']) == '32' && empty($row['password_salt']) && defined('CONVERTED_SCRIPT'))
{
$passmd5 = md5($pass); $passmd5 = md5($pass);
////update old md5 hash to phpass hash ////update old md5 hash to phpass hash
if ($row['password'] == $passmd5) { if ($row['password'] == $passmd5)
{
////new salt ////new salt
$new_salt = substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7); $new_salt = substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
////new password hash ////new password hash
@@ -111,12 +123,15 @@ class usrcp
]; ];
$SQL->build($update_query); $SQL->build($update_query);
} else { //if the password is wrong }
else //if the password is wrong
{
return false; return false;
} }
} }
if (($phppass != $row['password'] && $hashed) || ($this->kleeja_hash_password($phppass, $row['password']) != true && $hashed == false)) { if (($phppass != $row['password'] && $hashed) || ($this->kleeja_hash_password($phppass, $row['password']) != true && $hashed == false))
{
return false; return false;
} }
@@ -131,13 +146,15 @@ class usrcp
$user_y = base64_encode(serialize(['id'=>$row['id'], 'name'=>$row['name'], 'mail'=>$row['mail'], 'last_visit'=>$row['last_visit']])); $user_y = base64_encode(serialize(['id'=>$row['id'], 'name'=>$row['name'], 'mail'=>$row['mail'], 'last_visit'=>$row['last_visit']]));
if (! $hashed && ! $loginadm) { if (! $hashed && ! $loginadm)
{
$hash_key_expire = sha1(md5($config['h_key'] . $row['password']) . $expire); $hash_key_expire = sha1(md5($config['h_key'] . $row['password']) . $expire);
$this->kleeja_set_cookie('ulogu', $this->en_de_crypt($row['id'] . '|' . $row['password'] . '|' . $expire . '|' . $hash_key_expire . '|' . $row['group_id'] . '|' . $user_y), $expire); $this->kleeja_set_cookie('ulogu', $this->en_de_crypt($row['id'] . '|' . $row['password'] . '|' . $expire . '|' . $hash_key_expire . '|' . $row['group_id'] . '|' . $user_y), $expire);
} }
//if last visit > 1 minute then update it //if last visit > 1 minute then update it
if (empty($row['last_visit']) || time() - $row['last_visit'] > 60) { if (empty($row['last_visit']) || time() - $row['last_visit'] > 60)
{
$this->last_visit = time(); $this->last_visit = time();
$update_last_visit = [ $update_last_visit = [
'UPDATE' => "{$dbprefix}users", 'UPDATE' => "{$dbprefix}users",
@@ -154,7 +171,9 @@ class usrcp
unset($pass); unset($pass);
return true; return true;
} else { }
else
{
return false; return false;
} }
} }
@@ -167,7 +186,8 @@ class usrcp
{ {
global $dbprefix, $SQL; global $dbprefix, $SQL;
if (! $user_id) { if (! $user_id)
{
$user_id = $this->id(); $user_id = $this->id();
} }
@@ -233,7 +253,8 @@ class usrcp
is_array($plugin_run_result = Plugins::getInstance()->run('logout_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook is_array($plugin_run_result = Plugins::getInstance()->run('logout_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
//acp //acp
if (user_can('enter_acp') && ! empty($_SESSION['ADMINLOGIN'])) { if (user_can('enter_acp') && ! empty($_SESSION['ADMINLOGIN']))
{
$this->logout_cp(); $this->logout_cp();
} }
@@ -254,7 +275,8 @@ class usrcp
{ {
is_array($plugin_run_result = Plugins::getInstance()->run('logout_cp_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook is_array($plugin_run_result = Plugins::getInstance()->run('logout_cp_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
if (! empty($_SESSION['ADMINLOGIN'])) { if (! empty($_SESSION['ADMINLOGIN']))
{
unset($_SESSION['ADMINLOGIN'], $_SESSION['USER_SESS'] /*, $_SESSION['LAST_VISIT']*/); unset($_SESSION['ADMINLOGIN'], $_SESSION['USER_SESS'] /*, $_SESSION['LAST_VISIT']*/);
} }
@@ -272,7 +294,8 @@ class usrcp
['a','a','a','a','a','a','a','a','a','a','e','e','e','e','e','e','e','i','i','i','i','i','i','i','i','o','o','o','o','o','o','o','o','o','o','o','u','u','u','u','u','u','c','c','n','n','y','e'] ['a','a','a','a','a','a','a','a','a','a','e','e','e','e','e','e','e','i','i','i','i','i','i','i','i','o','o','o','o','o','o','o','o','o','o','o','u','u','u','u','u','u','c','c','n','n','y','e']
]; ];
if (empty($arabic_t)) { if (empty($arabic_t))
{
//Arabic chars must be stay in utf8 format, so we encoded them //Arabic chars must be stay in utf8 format, so we encoded them
$arabic_t = unserialize(base64_decode('YToyOntpOjA7YToxMjp7aTowO3M6Mjoi2KMiO2k6MTtzOjI6ItilIjtpOjI7czoyOiLYpCI7aTozO3M6Mjoi2YAiO2k6NDtzOjI6Itm' . $arabic_t = unserialize(base64_decode('YToyOntpOjA7YToxMjp7aTowO3M6Mjoi2KMiO2k6MTtzOjI6ItilIjtpOjI7czoyOiLYpCI7aTozO3M6Mjoi2YAiO2k6NDtzOjI6Itm' .
'LIjtpOjU7czoyOiLZjCI7aTo2O3M6Mjoi2Y8iO2k6NztzOjI6ItmOIjtpOjg7czoyOiLZkCI7aTo5O3M6Mjoi2ZIiO2k6MTA7czoyOiLYoiI7aToxMTtzOjI6ItimIjt9aToxO' . 'LIjtpOjU7czoyOiLZjCI7aTo2O3M6Mjoi2Y8iO2k6NztzOjI6ItmOIjtpOjg7czoyOiLZkCI7aTo5O3M6Mjoi2ZIiO2k6MTA7czoyOiLYoiI7aToxMTtzOjI6ItimIjt9aToxO' .
@@ -321,7 +344,8 @@ class usrcp
// //
//when user add define('FORCE_COOKIES', true) in config.php we will make our settings of cookies //when user add define('FORCE_COOKIES', true) in config.php we will make our settings of cookies
// //
if (defined('FORCE_COOKIES')) { if (defined('FORCE_COOKIES'))
{
$config['cookie_domain'] = ! empty($_SERVER['HTTP_HOST']) ? strtolower($_SERVER['HTTP_HOST']) : (! empty($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : @getenv('SERVER_NAME')); $config['cookie_domain'] = ! empty($_SERVER['HTTP_HOST']) ? strtolower($_SERVER['HTTP_HOST']) : (! empty($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : @getenv('SERVER_NAME'));
$config['cookie_domain'] = str_replace('www.', '.', substr($config['cookie_domain'], 0, strpos($config['cookie_domain'], ':'))); $config['cookie_domain'] = str_replace('www.', '.', substr($config['cookie_domain'], 0, strpos($config['cookie_domain'], ':')));
$config['cookie_path'] = '/'; $config['cookie_path'] = '/';
@@ -344,22 +368,27 @@ class usrcp
global $config; global $config;
static $txt = []; static $txt = [];
if (empty($txt)) { if (empty($txt))
if (empty($config['h_key'])) { {
if (empty($config['h_key']))
{
$config['h_key'] = sha1(microtime()); $config['h_key'] = sha1(microtime());
} }
$chars = str_split($config['h_key']); $chars = str_split($config['h_key']);
foreach (range('a', 'z') as $k=>$v) { foreach (range('a', 'z') as $k=>$v)
if (! isset($chars[$k])) { {
if (! isset($chars[$k]))
{
break; break;
} }
$txt[$v] = $chars[$k] . $k . '-'; $txt[$v] = $chars[$k] . $k . '-';
} }
} }
switch ($type) { switch ($type)
{
case 1: case 1:
$data = str_replace('=', '_', base64_encode($data)); $data = str_replace('=', '_', base64_encode($data));
$data = strtr($data, $txt); $data = strtr($data, $txt);
@@ -405,14 +434,17 @@ class usrcp
]; ];
//if login up //if login up
if ($this->kleeja_get_cookie('ulogu')) { if ($this->kleeja_get_cookie('ulogu'))
{
$user_data = false; $user_data = false;
list($user_id, $hashed_password, $expire_at, $hashed_expire, $group_id, $u_info) = @explode('|', $this->en_de_crypt($this->kleeja_get_cookie('ulogu'), 2)); list($user_id, $hashed_password, $expire_at, $hashed_expire, $group_id, $u_info) = @explode('|', $this->en_de_crypt($this->kleeja_get_cookie('ulogu'), 2));
//if not expire //if not expire
if (($hashed_expire == sha1(md5($config['h_key'] . $hashed_password) . $expire_at)) && ($expire_at > time())) { if (($hashed_expire == sha1(md5($config['h_key'] . $hashed_password) . $expire_at)) && ($expire_at > time()))
if (! empty($u_info)) { {
if (! empty($u_info))
{
$userinfo = unserialize(base64_decode($u_info)); $userinfo = unserialize(base64_decode($u_info));
$userinfo['group_id'] = $group_id; $userinfo['group_id'] = $group_id;
$userinfo['password'] = $hashed_password; $userinfo['password'] = $hashed_password;
@@ -420,9 +452,12 @@ class usrcp
} }
} }
if ($user_data == false) { if ($user_data == false)
{
$this->logout(); $this->logout();
} else { }
else
{
$this->user_id = $userinfo['id']; $this->user_id = $userinfo['id'];
$this->group_id = $userinfo['group_id']; $this->group_id = $userinfo['group_id'];
$this->user_name = $userinfo['name']; $this->user_name = $userinfo['name'];

4
index.php
View File

@@ -54,8 +54,10 @@ $action = $config['siteurl'];
$uploadingMethodClassBaseName = basename($uploadingMethodClass, '.php'); $uploadingMethodClassBaseName = basename($uploadingMethodClass, '.php');
$uploader = new $uploadingMethodClassBaseName; $uploader = new $uploadingMethodClassBaseName;
if (! $uploader instanceof KleejaUploader) { if (! $uploader instanceof KleejaUploader)
{
kleeja_err('Your upload Method class is not implemented our KleejaUploader Interface'); kleeja_err('Your upload Method class is not implemented our KleejaUploader Interface');
exit; exit;
} }

1
install/includes/functions_install.php
View File

@@ -113,6 +113,7 @@ function kleeja_eval($code)
* @param mixed $pass * @param mixed $pass
* @param mixed $nm * @param mixed $nm
* @param mixed $prf * @param mixed $prf
* @param mixed $type
*/ */
function do_config_export($srv, $usr, $pass, $nm, $prf, $type = 'mysqli') function do_config_export($srv, $usr, $pass, $nm, $prf, $type = 'mysqli')
{ {

6
install/includes/install_sqls.php
View File

@@ -8,12 +8,14 @@
*/ */
// not for directly open // not for directly open
if (! defined('IN_COMMON')) { if (! defined('IN_COMMON'))
{
exit(); exit();
} }
if (empty($install_sqls) || ! is_array($install_sqls)) { if (empty($install_sqls) || ! is_array($install_sqls))
{
$install_sqls = []; $install_sqls = [];
} }

4
install/includes/update_schema.php
View File

@@ -36,4 +36,8 @@ $update_schema[9]['sql'] = [
$update_schema[10]['sql'] = [ $update_schema[10]['sql'] = [
'about_files' => "ALTER TABLE `{$dbprefix}files` ADD `about` LONGTEXT NULL DEFAULT NULL AFTER `real_filename`;", 'about_files' => "ALTER TABLE `{$dbprefix}files` ADD `about` LONGTEXT NULL DEFAULT NULL AFTER `real_filename`;",
'enable_multipart' => "INSERT INTO `{$dbprefix}groups_data` (`group_id`, `name`, `value`) SELECT `group_id`, 'enable_multipart', 1 FROM `{$dbprefix}groups`;", 'enable_multipart' => "INSERT INTO `{$dbprefix}groups_data` (`group_id`, `name`, `value`) SELECT `group_id`, 'enable_multipart', 1 FROM `{$dbprefix}groups`;",
'user_storage_size' => "ALTER TABLE `{$dbprefix}users` ADD `storage_size` bigint(20) NOT NULL DEFAULT '0' AFTER `hash_key`;",
'group_max_storage' => "INSERT INTO `{$dbprefix}groups_data` (`group_id`, `name`, `value`) SELECT `group_id`, 'max_storage', 0 FROM `{$dbprefix}groups`;",
'multipart_config' => 'INSERT INTO `' . $dbprefix . 'config` (`name`, `value`, `option`, `display_order`, `type`, `plg_id`, `dynamic`) VALUES (\'enable_multipart\', 1, \'<label>{lang.YES}<input type=\"radio\" id=\"enable_multipart\" name=\"enable_multipart\" value=\"1\" <IF NAME=\"con.enable_multipart==1\"> checked=\"checked\"</IF> /></label>\r\n <label>{lang.NO}<input type=\"radio\" id=\"enable_multipart\" name=\"enable_multipart\" value=\"0\" <IF NAME=\"con.enable_multipart==0\"> checked=\"checked\"</IF> /></label>\', 45, \'groups\', 0, 0);',
'max_storage_config' => 'INSERT INTO `' . $dbprefix . 'config` (`name`, `value`, `option`, `display_order`, `type`, `plg_id`, `dynamic`) VALUES (\'max_storage\', 0, \'<input type=\"text\" id=\"max_storage\" name=\"max_storage\" value=\"{con.max_storage}\" size=\"20\" style=\"direction:ltr\" />\', 11, \'groups\', 0, 0);',
]; ];

4
install/install.php
View File

@@ -195,6 +195,7 @@ case 'data' :
{ {
echo $lang['EMPTY_FIELDS']; echo $lang['EMPTY_FIELDS'];
echo gettpl('footer.html'); echo gettpl('footer.html');
exit(); exit();
} }
@@ -203,6 +204,7 @@ case 'data' :
{ {
echo $lang['PASS_NEQ_PASS2']; echo $lang['PASS_NEQ_PASS2'];
echo gettpl('footer.html'); echo gettpl('footer.html');
exit(); exit();
} }
@@ -210,6 +212,7 @@ case 'data' :
{ {
echo $lang['WRONG_EMAIL']; echo $lang['WRONG_EMAIL'];
echo gettpl('footer.html'); echo gettpl('footer.html');
exit(); exit();
} }
@@ -417,6 +420,7 @@ break;
case 'end' : case 'end' :
echo gettpl('end.html'); echo gettpl('end.html');
//for safe .. //for safe ..
//@rename("install.php", "install.lock"); //@rename("install.php", "install.lock");
break; break;

4
install/style/update_end.html
View File

@@ -10,8 +10,8 @@
{{if($GLOBALS['complete_update']):}} {{if($GLOBALS['complete_update']):}}
<div class="hr"></div> <div class="hr"></div>
<div class="notice"> <div class="notice">
<h6><img src="style/images/info2.png" class="img" alt="" /> {{echo $lang['INST_NOTES_UPDATE']}} :</h6> <h6><img src="style/images/info2.png" class="img" alt="" /> {{echo $lang['KLEEJA_TEAM_MSG_NAME']}}</h6>
<p><img src="style/images/inst_notes.png" class="img" alt="" />{{echo $lang['INST_NOTE_RC6_TO_1.0.0']}}</p> <p><img src="style/images/inst_notes.png" class="img" alt="" />{{echo $lang['KLEEJA_TEAM_MSG_TEXT']}}</p>
</div> </div>
{{else:}} {{else:}}
<div class="notice TN"> <div class="notice TN">

50
install/update.php
View File

@@ -19,7 +19,8 @@ define('IN_COMMON', true);
define('STOP_PLUGINS', true); define('STOP_PLUGINS', true);
define('PATH', '../'); define('PATH', '../');
if (file_exists(PATH . 'config.php')) { if (file_exists(PATH . 'config.php'))
{
include_once PATH . 'config.php'; include_once PATH . 'config.php';
} }
@@ -27,9 +28,12 @@ include_once PATH . 'includes/plugins.php';
include_once PATH . 'includes/functions.php'; include_once PATH . 'includes/functions.php';
include_once PATH . 'includes/functions_alternative.php'; include_once PATH . 'includes/functions_alternative.php';
if (isset($dbtype) && $dbtype == 'sqlite') { if (isset($dbtype) && $dbtype == 'sqlite')
{
include PATH . 'includes/sqlite.php'; include PATH . 'includes/sqlite.php';
} else { }
else
{
include PATH . 'includes/mysqli.php'; include PATH . 'includes/mysqli.php';
} }
@@ -44,7 +48,8 @@ $SQL = new KleejaDatabase($dbserver, $dbuser, $dbpass, $dbname, $dbprefix);
// //
$config['db_version'] = inst_get_config('db_version'); $config['db_version'] = inst_get_config('db_version');
if ($config['db_version'] == false) { if ($config['db_version'] == false)
{
$SQL->query("INSERT INTO `{$dbprefix}config` (`name` ,`value`) VALUES ('db_version', '')"); $SQL->query("INSERT INTO `{$dbprefix}config` (`name` ,`value`) VALUES ('db_version', '')");
} }
@@ -55,7 +60,8 @@ $IN_UPDATE = true;
/** /**
* print header * print header
*/ */
if (! ip('action_file_do')) { if (! ip('action_file_do'))
{
echo gettpl('header.html'); echo gettpl('header.html');
} }
@@ -63,7 +69,8 @@ if (! ip('action_file_do')) {
/** /**
* Navigation .. * Navigation ..
*/ */
switch (g('step', 'str', 'action_file')) { switch (g('step', 'str', 'action_file'))
{
default: default:
case 'update_now': case 'update_now':
@@ -79,7 +86,8 @@ case 'update_now':
sort($available_db_updates); sort($available_db_updates);
if (! sizeof($available_db_updates)) { if (! sizeof($available_db_updates))
{
$update_msgs_arr[] = '<span style="color:green;">' . $lang['INST_UPDATE_CUR_VER_IS_UP'] . '</span>'; $update_msgs_arr[] = '<span style="color:green;">' . $lang['INST_UPDATE_CUR_VER_IS_UP'] . '</span>';
$complete_update = false; $complete_update = false;
} }
@@ -87,34 +95,43 @@ case 'update_now':
// //
//is there any sqls //is there any sqls
// //
if ($complete_update) { if ($complete_update)
{
//loop through available updates //loop through available updates
foreach ($available_db_updates as $db_update_version) { foreach ($available_db_updates as $db_update_version)
{
$SQL->hideErrors(); $SQL->hideErrors();
//sqls //sqls
if (isset($update_schema[$db_update_version]['sql']) if (isset($update_schema[$db_update_version]['sql'])
&& sizeof($update_schema[$db_update_version]['sql']) > 0) { && sizeof($update_schema[$db_update_version]['sql']) > 0)
{
$err = ''; $err = '';
$complete_update = true; $complete_update = true;
foreach ($update_schema[$db_update_version]['sql'] as $name=>$sql_content) { foreach ($update_schema[$db_update_version]['sql'] as $name=>$sql_content)
{
$err = ''; $err = '';
$SQL->query($sql_content); $SQL->query($sql_content);
$err = $SQL->get_error(); $err = $SQL->get_error();
if (strpos($err[1], 'Duplicate') !== false || $err[0] == '1062' || $err[0] == '1060') { if (strpos($err[1], 'Duplicate') !== false || $err[0] == '1062' || $err[0] == '1060')
{
$complete_update = false; $complete_update = false;
} }
} }
} }
//functions //functions
if ($complete_update) { if ($complete_update)
if (isset($update_schema[$db_update_version]['functions']) && sizeof($update_schema[$db_update_version]['functions']) > 0) { {
foreach ($update_schema[$db_update_version]['functions'] as $n) { if (isset($update_schema[$db_update_version]['functions']) && sizeof($update_schema[$db_update_version]['functions']) > 0)
if (is_callable($n)) { {
foreach ($update_schema[$db_update_version]['functions'] as $n)
{
if (is_callable($n))
{
$n(); $n();
} }
} }
@@ -123,6 +140,7 @@ case 'update_now':
$sql = "UPDATE `{$dbprefix}config` SET `value` = '" . KLEEJA_DB_VERSION . "' WHERE `name` = 'db_version'"; $sql = "UPDATE `{$dbprefix}config` SET `value` = '" . KLEEJA_DB_VERSION . "' WHERE `name` = 'db_version'";
$SQL->query($sql); $SQL->query($sql);
$update_msgs_arr[] = '<span style="color:green;">' . $lang['INST_UPDATE_IS_FINISH'] . '</span>';
} }
} }

2
lang/fa/common.php
View File

@@ -45,7 +45,7 @@ return [
'VERTY_CODE' => 'کد امنیتی:', 'VERTY_CODE' => 'کد امنیتی:',
'NOTE_CODE' => 'حروف و اعدادی که در شکل می بینید دقیقا وارد کنید', 'NOTE_CODE' => 'حروف و اعدادی که در شکل می بینید دقیقا وارد کنید',
'WRONG_EMAIL' => 'آدرس پست الکترونیک اشتباه است!', 'WRONG_EMAIL' => 'آدرس پست الکترونیک اشتباه است!',
'WRONG_NAME' => 'نام کاربری باید حداقل 4 حرف باشد!', # CHECK 'WRONG_NAME' => 'نام کاربری باید حداقل 4 حرف باشد!', // CHECK
'EXIST_NAME' => 'این نام قبلا توسط کسی انتخاب شده است.', 'EXIST_NAME' => 'این نام قبلا توسط کسی انتخاب شده است.',
'EXIST_EMAIL' => 'این ایمیل قبلا توسط شخصی در سیستم ما ثبت شده است!', 'EXIST_EMAIL' => 'این ایمیل قبلا توسط شخصی در سیستم ما ثبت شده است!',
'WRONG_VERTY_CODE' => 'کد امنیتی نادرست است!', 'WRONG_VERTY_CODE' => 'کد امنیتی نادرست است!',

7
ucp.php
View File

@@ -343,11 +343,13 @@ switch (g('go'))
$start = $Pager->getStartRow(); $start = $Pager->getStartRow();
$your_fileuser = $config['siteurl'] . ($config['mod_writer'] ? 'fileuser-' . $usrcp->id() . '.html' : 'ucp.php?go=fileuser&amp;id=' . $usrcp->id()); $your_fileuser = $config['siteurl'] . ($config['mod_writer'] ? 'fileuser-' . $usrcp->id() . '.html' : 'ucp.php?go=fileuser&amp;id=' . $usrcp->id());
if($user_himself) if($user_himself)
{ {
$used_storage = $userinfo['storage_size']; $used_storage = $userinfo['storage_size'];
$max_storage = $d_groups[$usrcp->group_id()]['configs']['max_storage']; $max_storage = $d_groups[$usrcp->group_id()]['configs']['max_storage'];
$is_limited = $max_storage>0; $is_limited = $max_storage>0;
if($is_limited) if($is_limited)
{ {
$storage_per = ($used_storage*100)/$max_storage; $storage_per = ($used_storage*100)/$max_storage;
@@ -378,6 +380,7 @@ switch (g('go'))
//set page title //set page title
$titlee = $lang['FILEUSER'] . ': ' . $user_name; $titlee = $lang['FILEUSER'] . ': ' . $user_name;
//there is result ? show them //there is result ? show them
if ($nums_rows != 0) if ($nums_rows != 0)
{ {
@@ -816,6 +819,7 @@ switch (g('go'))
$ERRORS = []; $ERRORS = [];
is_array($plugin_run_result = Plugins::getInstance()->run('submit_get_pass', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook is_array($plugin_run_result = Plugins::getInstance()->run('submit_get_pass', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
//check for form key //check for form key
if (! kleeja_check_form_key('get_pass')) if (! kleeja_check_form_key('get_pass'))
{ {
@@ -914,7 +918,8 @@ switch (g('go'))
exit; exit;
break;; break;
;
// //
//add your own code here //add your own code here