本文整理汇总了PHP中SEC_createToken函数的典型用法代码示例。如果您正苦于以下问题:PHP SEC_createToken函数的具体用法?PHP SEC_createToken怎么用?PHP SEC_createToken使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SEC_createToken函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: getWidget
/**
* Return HTML widget
*
* @return string
*/
protected function getWidget()
{
global $_CONF, $LANG_SX00;
$this->csrfToken = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB . $this->getList() . '<p>' . $LANG_SX00['e2'] . '</p>' . LB . '<form method="post" class="uk-form" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">' . LB . '<table border="0" width="100%">' . LB . '<tr><td align="right"><b>Header:</b></td>' . LB . '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB . '<tr><td align="right"><b>Content:</b></td>' . LB . '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB . '</table>' . LB . '<p><button type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '" class="uk-button">' . $LANG_SX00['addentry'] . '</button>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $this->csrfToken . '"' . XHTML . '></p>' . LB . '</form>' . LB;
return $display;
}
示例2: DBADMIN_menu
/**
* Create the main menu
*
* @param string $explanation Instruction text
* @return string HTML for menu area
*/
function DBADMIN_menu($explanation = '')
{
global $_CONF, $LANG_ADMIN, $LANG_DB_BACKUP, $LANG_LGLIB, $_IMAGE_TYPE, $token, $pi_title;
USES_lib_admin();
$retval = '';
$token = SEC_createToken();
$menu_arr = array(array('url' => LGLIB_ADMIN_URL, 'text' => $LANG_LGLIB['list_backups']), array('url' => LGLIB_ADMIN_URL . '/index.php?backup=x&' . CSRF_TOKEN . '=' . $token, 'text' => $LANG_ADMIN['create_new']), array('url' => LGLIB_ADMIN_URL . '/index.php?config=x', 'text' => 'Configure'), array('url' => $_CONF['site_admin_url'] . '/index.php', 'text' => $LANG_ADMIN['admin_home']));
//$retval .= COM_startBlock($pi_title,
$retval .= COM_startBlock(LGLIB_getGlobal('pi_title'), COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $explanation, $_CONF['layout_url'] . '/images/icons/database.' . $_IMAGE_TYPE);
return $retval;
}
示例3: display
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = $_GET['entry'];
if (!empty($entry)) {
$dbentry = addslashes($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('HTTPHeader', $dbentry));
}
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
$entry = '';
$name = COM_applyFilter($_REQUEST['header-name']);
$n = explode(':', $name);
$name = $n[0];
$value = $_REQUEST['header-value'];
if (!empty($name) && !empty($value)) {
$entry = $name . ': ' . $value;
}
$dbentry = addslashes($entry);
if (!empty($entry)) {
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','{$dbentry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['headerblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
list($e) = DB_fetchArray($result);
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">' . LB;
$display .= '<table border="0" width="100%">' . LB;
$display .= '<tr><td align="right"><b>Header:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;
$display .= '<tr><td align="right"><b>Content:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;
$display .= '</table>' . LB;
$display .= '<p><input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>';
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '></p>' . LB;
$display .= '</form>' . LB;
return $display;
}
示例4: display
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
if (isset($_GET['entry'])) {
$entry = COM_stripslashes($_GET['entry']);
} elseif (isset($_POST['pentry'])) {
$entry = COM_stripslashes($_POST['pentry']);
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry));
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
if (!empty($entry)) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
} elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) {
foreach ($_CONF['censorlist'] as $entry) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['pblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$e = $A['value'];
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
$display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '<p>' . $LANG_SX00['e3'] . '</p> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
return $display;
}
示例5: MG_editCategory
function MG_editCategory($cat_id, $mode)
{
global $album_jumpbox, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_ACCESS;
$retval = '';
$T = new Template($_MG_CONF['template_path'] . '/admin');
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
if ($cat_id == 0 && $mode == 'create') {
// set the album_id
$sql = "SELECT MAX(cat_id) + 1 AS nextcat_id FROM " . $_TABLES['mg_category'];
$result = DB_query($sql);
$row = DB_fetchArray($result);
$A['cat_id'] = $row['nextcat_id'];
if ($A['cat_id'] < 1) {
$A['cat_id'] = 1;
}
if ($A['cat_id'] == 0) {
COM_errorLog("Media Gallery Error - Returned 0 as cat_id");
$A['cat_id'] = 1;
}
$A['cat_name'] = '';
$A['cat_description'] = '';
} else {
$A['cat_id'] = $cat_id;
// pull info from DB
$sql = "SELECT * FROM {$_TABLES['mg_category']} WHERE cat_id=" . (int) $cat_id;
$result = DB_query($sql);
$numRows = DB_numRows($result);
if ($numRows > 0) {
$A = DB_fetchArray($result);
}
}
$T->set_var('cat_id', $A['cat_id']);
// If edit, pull up the existing album information...
$T->set_file(array('admin' => 'editcategory.thtml'));
$T->set_var(array('action' => 'category', 'cat_id' => $A['cat_id'], 'cat_name' => $A['cat_name'], 'cat_description' => $A['cat_description'], 'lang_save' => $LANG_MG01['save'], 'lang_edit_category' => $mode == 'create' ? $LANG_MG01['create_category'] : $LANG_MG01['edit_category'], 's_form_action' => $_MG_CONF['admin_url'] . 'category.php', 'lang_cat_edit_help' => $LANG_MG01['cat_edit_help'], 'lang_title' => $LANG_MG01['title'], 'lang_description' => $LANG_MG01['description'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_delete_confirm' => $LANG_MG01['delete_item_confirm'], 'gltoken_name' => CSRF_TOKEN, 'gltoken' => SEC_createToken()));
// if ( $_MG_CONF['htmlallowed'] == 1 ) {
// $T->set_var('allowed_html',COM_allowedHTML(SEC_getUserPermissions(),false,'mediagallery','category_title'));
// }
$T->parse('output', 'admin');
$retval .= $T->finish($T->get_var('output'));
return $retval;
}
示例6: fncDisply
function fncDisply($pi_name)
{
global $_CONF;
global $LANG_ASSIST_ADMIN;
$pi_name = "assist";
$tmplfld = assist_templatePath('admin', 'default', $pi_name);
$templates = new Template($tmplfld);
$templates->set_file(array('list' => 'backuprestore.thtml'));
//@@@@@ $templates->set_var('about_thispage', $LANG_ASSIST_ADMIN['about_admin_backuprestore']);
$templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$token = SEC_createToken();
$retval .= SEC_getTokenExpiryNotice($token);
$templates->set_var('gltoken_name', CSRF_TOKEN);
$templates->set_var('gltoken', $token);
$templates->set_var('xhtml', XHTML);
$templates->set_var('config', $LANG_ASSIST_ADMIN['config']);
$templates->set_var('config_backup', $LANG_ASSIST_ADMIN['config_backup']);
$templates->set_var('config_init', $LANG_ASSIST_ADMIN['config_init']);
$templates->set_var('config_restore', $LANG_ASSIST_ADMIN['config_restore']);
$templates->set_var('config_update', $LANG_ASSIST_ADMIN['config_update']);
$templates->set_var('config_backup_help', $LANG_ASSIST_ADMIN['config_backup_help']);
$templates->set_var('config_init_help', $LANG_ASSIST_ADMIN['config_init_help']);
$templates->set_var('config_restore_help', $LANG_ASSIST_ADMIN['config_restore_help']);
$templates->set_var('config_update_help', $LANG_ASSIST_ADMIN['config_update_help']);
$err_backup_file = "";
if (file_exists($_CONF["path_data"] . "assistconfig_bak.php")) {
$templates->set_var('restore_disable', "");
if (is_writable($_CONF["path_data"] . "assistconfig_bak.php")) {
} else {
$err_backup_file = $LANG_ASSIST_ADMIN['err_backup_file_non_writable'];
}
} else {
$templates->set_var('restore_disabled', "disabled");
$err_backup_file = $LANG_ASSIST_ADMIN['err_backup_file_not_exist'];
}
$templates->set_var('err_backup_file', $err_backup_file);
$templates->parse('output', 'list');
$content = $templates->finish($templates->get_var('output'));
$retval .= $content;
return $retval;
}
示例7: BB2_ban_list
function BB2_ban_list()
{
global $_CONF, $_USER, $_TABLES, $LANG_BAD_BEHAVIOR, $LANG_BB2_RESPONSE, $LANG_ADMIN;
$retval = '';
// writing the menu on top
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/bad_behavior2/ban.php?mode=add', 'text' => $LANG_BAD_BEHAVIOR['ban_ip']), array('url' => $_CONF['site_admin_url'] . '/plugins/bad_behavior2/index.php', 'text' => $LANG_BAD_BEHAVIOR['log_entries']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$retval .= COM_startBlock($LANG_BAD_BEHAVIOR['plugin_display_name'] . ' - ' . $LANG_BAD_BEHAVIOR['block_title_list'], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG_BAD_BEHAVIOR['ban_list_info'], $_CONF['site_url'] . '/bad_behavior2/images/bad_behavior2.png');
if (!empty($msg)) {
$retval .= COM_showMessage($msg, 'bad_behavior2');
}
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$header_arr = array(array('text' => $LANG_BAD_BEHAVIOR['ip_address'], 'field' => 'ip', 'sort' => false, 'align' => 'left'), array('text' => $LANG_BAD_BEHAVIOR['type'], 'field' => 'type', 'sort' => true, 'align' => 'left'), array('text' => $LANG_BAD_BEHAVIOR['date'], 'field' => 'timestamp', 'sort' => true, 'align' => 'left'), array('text' => $LANG_BAD_BEHAVIOR['reason'], 'field' => 'reason', 'sort' => false, 'align' => 'left'));
$defsort_arr = array('field' => 'ip', 'direction' => 'asc');
$text_arr = array('no_data' => '', 'title' => "", 'form_url' => $_CONF['site_admin_url'] . '/plugins/bad_behavior2/ban.php', 'has_search' => true, 'has_limit' => true, 'has_paging' => true);
$actions = '<input name="deletebutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.png' . '" style="vertical-align:text-bottom;" title="' . $LANG_BAD_BEHAVIOR['delete_info'] . '" onclick="return doubleconfirm(\'' . $LANG_BAD_BEHAVIOR['delete_confirm_1'] . '\',\'' . $LANG_BAD_BEHAVIOR['delete_confirm_2'] . '\');"' . '/> ' . $LANG_BAD_BEHAVIOR['delete'];
$option_arr = array('chkselect' => true, 'chkall' => true, 'chkfield' => 'id', 'chkname' => 'actionitem', 'chkactions' => $actions);
$query_arr = array('table' => 'bad_behavior2_ban', 'sql' => "SELECT id,INET_NTOA(ip) AS ip, type, reason, timestamp FROM {$_TABLES['bad_behavior2_ban']} WHERE 1=1", 'query_fields' => array('INET_NTOA(ip)'), 'default_filter' => '');
$token = SEC_createToken();
$form_arr = array('top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>', 'bottom' => '<input type="hidden" name="mode" value="delete"/>');
$retval .= ADMIN_list('bad_behavior2_ban', 'BB2_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token, $option_arr, $form_arr);
return $retval;
}
示例8: edittopic
/**
* Show topic administration form
*
* @param string tid ID of topic to edit
* @return string HTML for the topic editor
*/
function edittopic($tid = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG04, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS;
$retval = '';
if (empty($tid)) {
// new topic - set defaults
$A = array('tid' => '', 'topic' => '', 'sortnum' => 0, 'parent_id' => TOPIC_ROOT, 'inherit' => 1, 'hidden' => 0, 'limitnews' => '', 'is_default' => 0, 'archive_flag' => 0);
} else {
$result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 || $access == 2) {
$retval .= COM_showMessageText($LANG27[13], $LANG27[12]);
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
return $retval;
}
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG27[1], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
if (!is_array($A) || empty($A['owner_id'])) {
$A['owner_id'] = $_USER['uid'];
// this is the one instance where we default the group
// most topics should belong to the Topic Admin group
if (isset($_GROUPS['Topic Admin'])) {
$A['group_id'] = $_GROUPS['Topic Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('topic.edit');
}
SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']);
$access = 3;
}
$topic_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/topic');
$topic_templates->set_file('editor', 'topiceditor.thtml');
if (!empty($tid) && SEC_hasRights('topic.edit')) {
$delButton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsConfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$topic_templates->set_var('delete_option', sprintf($delButton, $jsConfirm));
$topic_templates->set_var('delete_option_no_confirmation', sprintf($delButton, ''));
$topic_templates->set_var('allow_delete', true);
$topic_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$topic_templates->set_var('confirm_message', $MESSAGE[76]);
$topic_templates->set_var('warning_msg', $LANG27[6]);
}
if ($_CONF['titletoid'] && empty($tid)) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$topic_templates->set_var('titletoid', true);
}
$topic_templates->set_var('lang_topicid', $LANG27[2]);
$topic_templates->set_var('topic_id', $A['tid']);
$topic_templates->set_var('lang_parent_id', $LANG27[32]);
$topic_templates->set_var('parent_id_options', TOPIC_getTopicListSelect($A['parent_id'], 1, false, $A['tid'], true));
$topic_templates->set_var('lang_inherit', $LANG27[33]);
$topic_templates->set_var('lang_inherit_info', $LANG27[34]);
if ($A['inherit'] == 1) {
$topic_templates->set_var('inherit_checked', 'checked="checked"');
} else {
$topic_templates->set_var('inherit_checked', '');
}
$topic_templates->set_var('lang_hidden', $LANG27[35]);
$topic_templates->set_var('lang_hidden_info', $LANG27[36]);
if ($A['hidden'] == 1) {
$topic_templates->set_var('hidden_checked', 'checked="checked"');
} else {
$topic_templates->set_var('hidden_checked', '');
}
$topic_templates->set_var('lang_donotusespaces', $LANG27[5]);
$topic_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$topic_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$topic_templates->set_var('owner_name', $ownername);
$topic_templates->set_var('owner', $ownername);
$topic_templates->set_var('owner_id', $A['owner_id']);
$topic_templates->set_var('lang_group', $LANG_ACCESS['group']);
$topic_templates->set_var('lang_save', $LANG_ADMIN['save']);
$topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$topic_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']);
$topic_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$topic_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$topic_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
// show sort order only if they specified sortnum as the sort method
if ($_CONF['sortmethod'] !== 'alpha') {
$topic_templates->set_var('lang_sortorder', $LANG27[10]);
if ($A['sortnum'] == 0) {
$A['sortnum'] = '';
}
$topic_templates->set_var('sort_order', '<input type="text" size="5" maxlength="5" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>');
} else {
$topic_templates->set_var('lang_sortorder', $LANG27[14]);
$topic_templates->set_var('sort_order', $LANG27[15] . '<input type="hidden" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>');
//.........这里部分代码省略.........
示例9: plugin_main
/**
* Show main plugin screen: installed and uninstalled plugins, upload form
*
* @param string $message (optional) message to display
* @param string $token an optional csrf token
* @return string HTML for the plugin screen
*
*/
function plugin_main($message = '', $token = '')
{
global $LANG32;
$retval = '';
$retval .= COM_siteHeader('menu', $LANG32[5]);
if (!empty($message)) {
$retval .= COM_showMessageText($message);
} else {
$retval .= COM_showMessageFromParameter();
}
if (empty($token)) {
$token = SEC_createToken();
}
$retval .= listplugins($token);
if (SEC_hasRights('plugin.install')) {
$retval .= show_newplugins($token);
}
// Show the upload form or an error message
$retval .= plugin_show_uploadform($token);
$retval .= COM_siteFooter();
return $retval;
}
示例10: deleteRoute
* @return string HTML redirect or error message
*/
function deleteRoute($rid)
{
global $_CONF, $_TABLES;
$rid = intval($rid, 10);
DB_delete($_TABLES['routes'], 'rid', $rid);
reorderRoutes();
return COM_refresh($_CONF['site_admin_url'] . '/router.php?msg=123');
}
// MAIN
$display = '';
$mode = \Geeklog\Input::fGet('mode', \Geeklog\Input::fPost('mode', ''));
$rid = \Geeklog\Input::fGet('rid', \Geeklog\Input::fPost('rid', 0));
$rid = intval($rid, 10);
$securityToken = SEC_createToken();
switch ($mode) {
case $LANG_ADMIN['delete']:
if ($rid === 0) {
COM_errorLog('Attempted to delete route, rid empty or null, value =' . $rid);
$display = COM_refresh($_CONF['site_admin_url'] . '/router.php');
} elseif (SEC_checkToken()) {
$display = deleteRoute($rid);
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete route {$rid} and failed CSRF checks.");
$display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
echo $display;
die;
break;
case $LANG_ADMIN['save']:
示例11: storyeditor
//.........这里部分代码省略.........
}
}
if ($_CONF['wikitext_editor']) {
$postmode_list .= ',wikitext';
if ($story->EditElements('postmode') == 'wikitext') {
$post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>';
} else {
$post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>';
}
}
$story_templates->set_var('post_options', $post_options);
$postmode_array = explode(',', $postmode_list);
$allowed_html = '';
foreach ($postmode_array as $pm) {
$allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm);
}
$allowed_tags = array('code', 'raw');
if ($_CONF['allow_page_breaks'] == 1) {
$allowed_tags = array_merge($allowed_tags, array('page_break'));
}
$allowed_html .= COM_allowedAutotags(false, $allowed_tags);
$story_templates->set_var('lang_allowed_html', $allowed_html);
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid());
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br' . XHTML . '>';
}
}
$fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
}
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js');
if ($_CONF['titletoid']) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$story_templates->set_var('titletoid', true);
}
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
// Loads jQuery UI datepicker and timepicker-addon
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
// $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button');
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
// $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess');
$_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
$langCode = COM_getLangIso639Code();
$toolTip = $MESSAGE[118];
$imgUrl = $_CONF['site_url'] . '/images/calendar.png';
$_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE);
// Setup Advanced Editor
COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js');
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
$story_templates->set_var('lang_comments', $LANG24[19]);
$story_templates->set_var('story_comments', $story->EditElements('comments'));
$story_templates->set_var('lang_trackbacks', $LANG24[29]);
$story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
$story_templates->set_var('lang_emails', $LANG24[39]);
$story_templates->set_var('story_emails', $story->EditElements('numemails'));
if ($mode == 'clone') {
$story_templates->set_var('story_id', COM_makesid());
} else {
$story_templates->set_var('story_id', $story->getSid());
$story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
}
$story_templates->set_var('lang_sid', $LANG24[12]);
$story_templates->set_var('lang_save', $LANG_ADMIN['save']);
$story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
$token = SEC_createToken();
$story_templates->set_var('gltoken', $token);
$story_templates->parse('output', 'editor');
$display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= SEC_getTokenExpiryNotice($token, $LANG24[91]);
$display .= $story_templates->finish($story_templates->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $display;
}
示例12: SEC_checkToken
/**
* Check a security token.
*
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return boolean true if the token is valid; does not return if not!
*
*/
function SEC_checkToken()
{
global $_CONF, $LANG20, $LANG_ADMIN;
if (_sec_checkToken()) {
SEC_createToken(-1);
return true;
}
// determine the destination of this request
$destination = COM_getCurrentURL();
// validate the destination is not blank and is part of our site...
if ($destination == '') {
$destination = $_CONF['site_url'] . '/index.php';
}
if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
$destination = $_CONF['site_url'] . '/index.php';
}
$method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST';
$postdata = serialize($_POST);
$getdata = serialize($_GET);
$filedata = '';
if (!empty($_FILES)) {
foreach ($_FILES as $key => $file) {
if (is_array($file['name'])) {
foreach ($file['name'] as $offset => $filename) {
if (!empty($file['name'][$offset])) {
$filename = basename($file['tmp_name'][$offset]);
move_uploaded_file($file['tmp_name'][$offset], $_CONF['path_data'] . 'temp/' . $filename);
$_FILES[$key]['tmp_name'][$offset] = $filename;
}
}
} else {
if (!empty($file['name']) && !empty($file['tmp_name'])) {
$filename = basename($file['tmp_name']);
move_uploaded_file($file['tmp_name'], $_CONF['path_data'] . 'temp/' . $filename);
$_FILES[$key]['tmp_name'] = $filename;
}
}
}
$filedata = serialize($_FILES);
}
SESS_setVar('glfusion.auth.method', $method);
SESS_setVar('glfusion.auth.dest', $destination);
SESS_setVar('glfusion.auth.post', $postdata);
SESS_setVar('glfusion.auth.get', $getdata);
if (!empty($filedata)) {
SESS_setVar('glfusion.auth.file', $filedata);
}
$display = COM_siteHeader();
$display .= SEC_tokenreauthForm('', $destination);
$display .= COM_siteFooter();
echo $display;
exit;
}
示例13: PAGE_list
function PAGE_list()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG_ACCESS, $LANG_STATIC;
USES_lib_admin();
$retval = '';
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?edit=x', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$retval .= COM_startBlock($LANG_STATIC['staticpagelist'], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG_STATIC['instructions'], plugin_geticon_staticpages());
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false, 'align' => 'center'), array('text' => $LANG_ADMIN['copy'], 'field' => 'copy', 'sort' => false, 'align' => 'center'), array('text' => $LANG_STATIC['id'], 'field' => 'sp_id', 'sort' => true), array('text' => $LANG_ADMIN['title'], 'field' => 'sp_title', 'sort' => true), array('text' => $LANG_STATIC['head_centerblock'], 'field' => 'sp_centerblock', 'sort' => true, 'align' => 'center'), array('text' => $LANG_STATIC['writtenby'], 'field' => 'sp_uid', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false, 'align' => 'center'), array('text' => $LANG_STATIC['date'], 'field' => 'unixdate', 'sort' => true, 'align' => 'center'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'sort' => false, 'align' => 'center'), array('text' => $LANG_ADMIN['enabled'], 'field' => 'sp_status', 'sort' => true, 'align' => 'center'));
$defsort_arr = array('field' => 'sp_title', 'direction' => 'asc');
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/plugins/staticpages/index.php');
// sql query which drives the list
$sql = "SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate " . "FROM {$_TABLES['staticpage']} WHERE 1=1 ";
$query_arr = array('table' => 'staticpage', 'sql' => $sql, 'query_fields' => array('sp_title', 'sp_id'), 'default_filter' => COM_getPermSQL('AND'));
// create the security token, and embed it in the list form
// also set the hidden var which signifies that this list allows for pages
// to be enabled/disabled via checkbox
$token = SEC_createToken();
$form_arr = array('top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>', 'bottom' => '<input type="hidden" name="staticpageenabler" value="true"/>');
$retval .= ADMIN_list('static_pages', 'PAGE_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token, '', $form_arr);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$outputHandle = outputHandler::getInstance();
$outputHandle->addLinkScript($_CONF['site_url'] . '/javascript/admin.js', HEADER_PRIO_NORMAL, 'text/javascript');
return $retval;
}
示例14: editServiceForm
/**
* Display weblog directory service editor
*
* @param int $pid ID of the service or 0 for new service
* @param string $msg an error message to display
* @param string $new_name name of the service
* @param string $new_site_url URL of the service's site
* @param string $new_ping_url URL to ping at the service
* @param string $new_method ping method to use
* @param int $new_enabled service is enabled (1) / disabled (0)
* @return string HTML for the editor
*
*/
function editServiceForm($pid, $msg = '', $new_name = '', $new_site_url = '', $new_ping_url = '', $new_method = '', $new_enabled = -1)
{
global $_CONF, $_TABLES, $LANG_TRB, $LANG_ADMIN, $MESSAGE;
$retval = '';
if ($pid > 0) {
$result = DB_query("SELECT * FROM {$_TABLES['pingservice']} WHERE pid = '{$pid}'");
$A = DB_fetchArray($result);
} else {
$A['is_enabled'] = 1;
$A['method'] = 'weblogUpdates.ping';
}
if (!empty($new_name)) {
$A['name'] = $new_name;
}
if (!empty($new_site_url)) {
$A['site_url'] = $new_site_url;
}
if (!empty($new_ping_url)) {
$A['ping_url'] = $new_ping_url;
}
if (!empty($new_method)) {
$A['method'] = $new_method;
}
if ($new_enabled >= 0) {
$A['is_enabled'] = $new_enabled;
}
if (!empty($msg)) {
$retval .= showTrackbackMessage('Error', $msg);
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG_TRB['edit_service'], getHelpUrl() . '#ping', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
$template = COM_newTemplate($_CONF['path_layout'] . 'admin/trackback');
$template->set_file(array('editor' => 'serviceeditor.thtml'));
$template->set_var('max_url_length', 255);
$template->set_var('method_ping', 'weblogUpdates.ping');
$template->set_var('method_ping_extended', 'weblogUpdates.extendedPing');
$template->set_var('lang_name', $LANG_TRB['service']);
$template->set_var('lang_site_url', $LANG_TRB['service_website']);
$template->set_var('lang_ping_url', $LANG_TRB['service_ping_url']);
$template->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$template->set_var('lang_method', $LANG_TRB['ping_method']);
$template->set_var('lang_method_standard', $LANG_TRB['ping_standard']);
$template->set_var('lang_method_extended', $LANG_TRB['ping_extended']);
$template->set_var('lang_save', $LANG_ADMIN['save']);
$template->set_var('lang_cancel', $LANG_ADMIN['cancel']);
if ($pid > 0) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="servicemode[2]"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$template->set_var('delete_option', '');
}
if (isset($A['pid'])) {
$template->set_var('service_id', $A['pid']);
} else {
$template->set_var('service_id', '');
}
if (isset($A['name'])) {
$template->set_var('service_name', $A['name']);
} else {
$template->set_var('service_name', '');
}
if (isset($A['site_url'])) {
$template->set_var('service_site_url', $A['site_url']);
} else {
$template->set_var('service_site_url', '');
}
if (isset($A['ping_url'])) {
$template->set_var('service_ping_url', $A['ping_url']);
} else {
$template->set_var('service_ping_url', '');
}
if ($A['is_enabled'] == 1) {
$template->set_var('is_enabled', 'checked="checked"');
} else {
$template->set_var('is_enabled', '');
}
if ($A['method'] == 'weblogUpdates.ping') {
$template->set_var('standard_is_checked', 'checked="checked"');
$template->set_var('extended_is_checked', '');
} else {
$template->set_var('standard_is_checked', '');
$template->set_var('extended_is_checked', 'checked="checked"');
}
$template->set_var('gltoken_name', CSRF_TOKEN);
//.........这里部分代码省略.........
示例15: staticpageeditor_form
//.........这里部分代码省略.........
$owner_username = DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}");
$sp_template->set_var('owner_id', $A['owner_id']);
$sp_template->set_var('owner', $owner_name);
$sp_template->set_var('owner_name', $owner_name);
$sp_template->set_var('owner_username', $owner_username);
if ($A['owner_id'] > 1) {
$profile_link = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['owner_id'];
$sp_template->set_var('start_owner_anchortag', '<a href="' . $profile_link . '">');
$sp_template->set_var('end_owner_anchortag', '</a>');
$sp_template->set_var('owner_link', COM_createLink($owner_name, $profile_link));
$photo = '';
if ($_CONF['allow_user_photo']) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$A['owner_id']}");
if (!empty($photo)) {
$camera_icon = '<img src="' . $_CONF['layout_url'] . '/images/smallcamera.' . $_IMAGE_TYPE . '" alt=""' . XHTML . '>';
$sp_template->set_var('camera_icon', COM_createLink($camera_icon, $profile_link));
}
}
if (empty($photo)) {
$sp_template->set_var('camera_icon', '');
}
} else {
$sp_template->set_var('start_owner_anchortag', '');
$sp_template->set_var('end_owner_anchortag', '');
$sp_template->set_var('owner_link', $owner_name);
}
$sp_template->set_var('lang_group', $LANG_ACCESS['group']);
$sp_template->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$sp_template->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$sp_template->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$sp_template->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$sp_template->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$sp_template->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$token = SEC_createToken();
$start_block = COM_startBlock($LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header'));
$start_block .= SEC_getTokenExpiryNotice($token);
$sp_template->set_var('start_block_editor', $start_block);
$sp_template->set_var('lang_save', $LANG_ADMIN['save']);
$sp_template->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$sp_template->set_var('lang_preview', $LANG_ADMIN['preview']);
if (SEC_hasRights('staticpages.delete') && $mode != 'clone' && !empty($A['sp_old_id'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$sp_template->set_var('delete_option', '');
}
$sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']);
$sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$authorname = COM_getDisplayName($A['owner_id']);
$sp_template->set_var('name', $authorname);
$sp_template->set_var('author', $authorname);
$sp_template->set_var('lang_url', $LANG_STATIC['url']);
$sp_template->set_var('lang_id', $LANG_STATIC['id']);
$sp_template->set_var('sp_uid', $A['owner_id']);
$sp_template->set_var('sp_id', $A['sp_id']);
$sp_template->set_var('sp_old_id', $A['sp_old_id']);
$sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $A['sp_id']));
$sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']);
$sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']);
$sp_template->set_var('lang_centerblock_include', $LANG21[51]);
$sp_template->set_var('lang_centerblock_desc', $LANG21[52]);
$sp_template->set_var('centerblock_help', $A['sp_help']);
$sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']);
if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) {