当前位置: 首页>>代码示例>>PHP>>正文


PHP log_hack_attack_and_exit函数代码示例

本文整理汇总了PHP中log_hack_attack_and_exit函数的典型用法代码示例。如果您正苦于以下问题:PHP log_hack_attack_and_exit函数的具体用法?PHP log_hack_attack_and_exit怎么用?PHP log_hack_attack_and_exit使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了log_hack_attack_and_exit函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: do_netlink

/**
 * Get a netlink block / direct to a netlink site.
 *
 * @param  URLPATH		The URL we grab our netlink from. If this is not blank, instead of getting a netlink block, we direct to a netlink site.
 * @return tempcode		The netlink block
 */
function do_netlink($redir_url = '')
{
    header('Content-type: text/plain; charset=' . get_charset());
    // If we are redirecting
    if ($redir_url != '') {
        if (strpos($redir_url, chr(10)) !== false || strpos($redir_url, chr(13)) !== false) {
            log_hack_attack_and_exit('HEADER_SPLIT_HACK');
        }
        header('Location: ' . $redir_url);
        exit;
    }
    // Ok we're displaying a netlink, which will be dumped right into the body of the reading site
    //  - this isn't actually a weburl that is actually displayed, its loaded by ocPortal and embedded-inline
    // For all the names in our network
    require_code('textfiles');
    $lines = explode(chr(10), read_text_file('netlink', NULL, true));
    if (count($lines) == 0) {
        return new ocp_tempcode();
    }
    $content = new ocp_tempcode();
    foreach ($lines as $line) {
        $parts = explode('=', $line, 2);
        if (count($parts) != 2) {
            continue;
        }
        $name = rtrim($parts[0]);
        $url = trim($parts[1]);
        // Are we looking at the source site in the network?
        $selected = strtolower($url) == strtolower(get_param('source', ''));
        $content->attach(form_input_list_entry(base64_encode($url), $selected, $name));
    }
    return do_template('NETLINK', array('_GUID' => '180321222dc5dc99a231597c803f0726', 'CONTENT' => $content));
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:39,代码来源:multi_site_networks.php

示例2: check_naughty_javascript_url

/**
 * Check the specified URL for potentially malicious JavaScript/etc. If any is found, the hack attack is logged if in an active post request by the submitting member otherwise filtered out.
 *
 * @param  MEMBER			The member who submitted the URL
 * @param  URLPATH		The URL to check
 * @param  boolean		Whether to check as arbitrary admin
 * @return URLPATH		Filtered input URL.
 */
function check_naughty_javascript_url($source_member, $url, $as_admin)
{
    global $POTENTIAL_JS_NAUGHTY_ARRAY;
    if (!$as_admin && !has_specific_permission($source_member, 'use_very_dangerous_comcode')) {
        $url2 = strtolower($url);
        $matches = array();
        $bad = preg_match_all('#&\\#(\\d+)#', preg_replace('#\\s#', '', $url), $matches) != 0;
        if ($bad) {
            for ($i = 0; $i < count($matches[0]); $i++) {
                $matched_entity = intval($matches[1][$i]);
                if ($matched_entity < 127 && array_key_exists(chr($matched_entity), $POTENTIAL_JS_NAUGHTY_ARRAY)) {
                    if (count($_POST) != 0 && get_member() == $source_member) {
                        log_hack_attack_and_exit('ASCII_ENTITY_URL_HACK', $url);
                    }
                    return '';
                }
            }
        }
        $bad = preg_match_all('#&\\#x([\\dA-Za-z][\\dA-Za-z]+)#', preg_replace('#\\s#', '', $url), $matches) != 0;
        if ($bad) {
            for ($i = 0; $i < count($matches[0]); $i++) {
                $matched_entity = intval(base_convert($matches[1][$i], 16, 10));
                if ($matched_entity < 127 && array_key_exists(chr($matched_entity), $POTENTIAL_JS_NAUGHTY_ARRAY)) {
                    if (count($_POST) != 0 && get_member() == $source_member) {
                        log_hack_attack_and_exit('ASCII_ENTITY_URL_HACK', $url);
                    }
                    return '';
                }
            }
        }
        $bad = strpos($url2, 'script:') !== false || strpos($url2, 'data:') !== false;
        if ($bad) {
            if (count($_POST) != 0 && get_member() == $source_member) {
                log_hack_attack_and_exit('SCRIPT_URL_HACK', $url2);
            }
            return '';
        }
    }
    return $url;
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:48,代码来源:comcode_renderer.php

示例3: moderate_chat_room

 /**
  * The main user interface for moderating a chat room.
  *
  * @return tempcode	The UI.
  */
 function moderate_chat_room()
 {
     $title = get_page_title('CHAT_MOD_PANEL');
     breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('CHOOSE'))));
     $room_id = get_param_integer('id');
     check_chatroom_access($room_id);
     $room_details = $GLOBALS['SITE_DB']->query_select('chat_rooms', array('*'), array('id' => $room_id), '', 1);
     if (!array_key_exists(0, $room_details)) {
         warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
     }
     $row = $room_details[0];
     $has_mod_access = has_specific_permission(get_member(), 'edit_lowrange_content', 'cms_chat', array('chat', $room_id)) || $row['room_owner'] == get_member() && has_specific_permission(get_member(), 'moderate_my_private_rooms');
     if (!$has_mod_access) {
         access_denied('SPECIFIC_PERMISSION', 'edit_lowrange_content');
     }
     $start = get_param_integer('start', 0);
     $max = get_param_integer('max', 50);
     $sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'user_id' => do_lang_tempcode('MEMBER'));
     $test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
     if (count($test) == 1) {
         $test[1] = 'DESC';
     }
     list($sortable, $sort_order) = $test;
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sort';
     $max_rows = $GLOBALS['SITE_DB']->query_value('chat_messages', 'COUNT(*)', array('room_id' => $room_id));
     $rows = $GLOBALS['SITE_DB']->query_select('chat_messages', array('*'), array('room_id' => $room_id), 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
     $fields = new ocp_tempcode();
     require_code('templates_results_table');
     $array = array(do_lang_tempcode('MEMBER'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('MESSAGE'));
     if (has_js()) {
         $array[] = do_lang_tempcode('DELETE');
     }
     $fields_title = results_field_title($array, $sortables, 'sort', $sortable . ' ' . $sort_order);
     foreach ($rows as $myrow) {
         $url = build_url(array('page' => '_SELF', 'type' => 'ed', 'room_id' => $room_id, 'id' => $myrow['id']), '_SELF');
         $username = $GLOBALS['FORUM_DRIVER']->get_username($myrow['user_id']);
         if (is_null($username)) {
             $username = '';
         }
         //do_lang('UNKNOWN');
         $message = get_translated_tempcode($myrow['the_message']);
         $link_time = hyperlink($url, escape_html(get_timezoned_date($myrow['date_and_time'])));
         $_row = array($GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($GLOBALS['FORUM_DRIVER']->get_member_from_username($username), false, $username), escape_html($link_time), $message);
         if (has_js()) {
             $deletion_tick = do_template('RESULTS_TABLE_TICK', array('ID' => strval($myrow['id'])));
             $_row[] = $deletion_tick;
         }
         $fields->attach(results_entry($_row));
     }
     if ($fields->is_empty()) {
         if ($start != 0) {
             $_GET['start'] = strval(max(0, $start - $max));
             return $this->moderate_chat_room();
         }
         inform_exit(do_lang_tempcode('NO_ENTRIES'));
     }
     $content = results_table(do_lang_tempcode('MESSAGES'), $start, 'start', $max, 'max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort');
     $mod_link = hyperlink(build_url(array('page' => '_SELF', 'type' => 'delete', 'stage' => 0, 'id' => $room_id), '_SELF'), do_lang_tempcode('DELETE_ALL_MESSAGES'));
     $view_link = hyperlink(build_url(array('page' => 'chat', 'type' => 'room', 'id' => $room_id), get_module_zone('chat')), do_lang_tempcode('VIEW'));
     $logs_link = hyperlink(build_url(array('page' => 'chat', 'type' => 'download_logs', 'id' => $room_id), get_module_zone('chat')), do_lang_tempcode('CHAT_DOWNLOAD_LOGS'));
     $links = array($mod_link, $view_link, $logs_link);
     $delete_url = build_url(array('page' => '_SELF', 'type' => 'mass_delete', 'room_id' => $room_id, 'start' => $start, 'max' => $max), '_SELF');
     return do_template('CHAT_MODERATE_SCREEN', array('_GUID' => '940de7e8c9a0ac3c575892887c7ef3c0', 'URL' => $delete_url, 'TITLE' => $title, 'INTRODUCTION' => '', 'CONTENT' => $content, 'LINKS' => $links));
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:73,代码来源:cms_chat.php

示例4: nice_get_choose_table

 /**
  * Standard aed_module table function.
  *
  * @param  array			Details to go to build_url for link to the next screen.
  * @return ?array			A quartet: The choose table, Whether re-ordering is supported from this screen, Search URL, Archive URL (NULL: nothing to select).
  */
 function nice_get_choose_table($url_map)
 {
     require_code('templates_results_table');
     $current_ordering = get_param('sort', 'date_and_time DESC');
     if (strpos($current_ordering, ' ') === false) {
         warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
     }
     list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
     $sortables = array('title' => do_lang_tempcode('TITLE'), 'date_and_time' => do_lang_tempcode('_ADDED'), 'news_views' => do_lang_tempcode('_VIEWS'));
     if (addon_installed('unvalidated')) {
         $sortables['validated'] = do_lang_tempcode('VALIDATED');
     }
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sort';
     $fh = array();
     $fh[] = do_lang_tempcode('TITLE');
     $fh[] = do_lang_tempcode('_ADDED');
     $fh[] = do_lang_tempcode('_VIEWS');
     if (addon_installed('unvalidated')) {
         $fh[] = do_lang_tempcode('VALIDATED');
     }
     $fh[] = do_lang_tempcode('ACTIONS');
     $header_row = results_field_title($fh, $sortables, 'sort', $sortable . ' ' . $sort_order);
     $fields = new ocp_tempcode();
     require_code('form_templates');
     $only_owned = has_specific_permission(get_member(), 'edit_midrange_content', 'cms_news') ? NULL : get_member();
     list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering, is_null($only_owned) ? NULL : array('submitter' => $only_owned), false, ' JOIN ' . get_table_prefix() . 'news_categories c ON c.id=r.news_category AND nc_owner IS NOT NULL');
     if (count($rows) == 0) {
         return NULL;
     }
     foreach ($rows as $row) {
         $edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
         $fr = array();
         $fr[] = protect_from_escaping(hyperlink(build_url(array('page' => 'news', 'type' => 'view', 'id' => $row['id']), get_module_zone('news')), get_translated_text($row['title']), false, true));
         $fr[] = get_timezoned_date($row['date_and_time']);
         $fr[] = integer_format($row['news_views']);
         if (addon_installed('unvalidated')) {
             $fr[] = $row['validated'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO');
         }
         $fr[] = protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])));
         $fields->attach(results_entry($fr, true));
     }
     $search_url = build_url(array('page' => 'search', 'id' => 'news'), get_module_zone('search'));
     $archive_url = build_url(array('page' => 'news'), get_module_zone('news'));
     return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false, $search_url, $archive_url);
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:55,代码来源:cms_blogs.php

示例5: run

 /**
  * Standard modular run function.
  *
  * @param  array		A map of parameters.
  * @return tempcode	The result of execution.
  */
 function run($map)
 {
     unset($map);
     require_all_lang();
     require_css('adminzone');
     require_code('actionlog');
     $start = get_param_integer('sa_start', 0);
     $max = get_param_integer('sa_max', 10);
     $sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'the_type' => do_lang_tempcode('ACTION'));
     $test = explode(' ', get_param('sa_sort', 'date_and_time DESC'), 2);
     if (count($test) == 1) {
         $test[1] = 'DESC';
     }
     list($sortable, $sort_order) = $test;
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sa_sort';
     require_code('templates_results_table');
     $fields_title = results_field_title(array(do_lang_tempcode('USERNAME'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('ACTION'), do_lang_tempcode('PARAMETER_A'), do_lang_tempcode('PARAMETER_B')), $sortables, 'sa_sort', $sortable . ' ' . $sort_order);
     $max_rows = $max;
     //Don't want to encourage pagination (there's a better module they can go to) $GLOBALS['SITE_DB']->query_value('adminlogs','COUNT(*)');
     $rows = $GLOBALS['SITE_DB']->query_select('adminlogs', array('the_type', 'param_a', 'param_b', 'the_user', 'ip', 'date_and_time'), NULL, 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
     $fields = new ocp_tempcode();
     foreach ($rows as $myrow) {
         $username = $GLOBALS['FORUM_DRIVER']->get_username($myrow['the_user']);
         if (is_null($username)) {
             $username = do_lang('UNKNOWN');
         }
         $date = get_timezoned_date($myrow['date_and_time']);
         if (!is_null($myrow['param_a'])) {
             $a = $myrow['param_a'];
         } else {
             $a = '';
         }
         if (!is_null($myrow['param_b'])) {
             $b = $myrow['param_b'];
         } else {
             $b = '';
         }
         require_code('templates_interfaces');
         $_a = tpl_crop_text_mouse_over($a, 8);
         $_b = tpl_crop_text_mouse_over($b, 15);
         $type_str = do_lang($myrow['the_type'], $_a, $_b, NULL, NULL, false);
         if (is_null($type_str)) {
             $type_str = $myrow['the_type'];
         }
         $test = actionlog_linkage($myrow['the_type'], $a, $b, $_a, $_b);
         if (!is_null($test)) {
             list($_a, $_b) = $test;
         }
         $ip = tpl_crop_text_mouse_over($myrow['ip'], 12);
         $fields->attach(results_entry(array(escape_html($username), escape_html($date), $type_str, $_a, $_b)));
     }
     return results_table(do_lang_tempcode('ACTIONS'), $start, 'sa_start', $max, 'sa_max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sa_sort', new ocp_tempcode(), NULL, NULL, 5);
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:63,代码来源:main_staff_actions.php

示例6: nice_get_choose_table

 /**
  * Standard aed_module table function.
  *
  * @param  array			Details to go to build_url for link to the next screen.
  * @return array			A pair: The choose table, Whether re-ordering is supported from this screen.
  */
 function nice_get_choose_table($url_map)
 {
     require_code('templates_results_table');
     $current_ordering = get_param('sort', 'w_name ASC');
     if (strpos($current_ordering, ' ') === false) {
         warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
     }
     list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
     $sortables = array('w_name' => do_lang_tempcode('NAME'), 'w_subject' => do_lang_tempcode('SUBJECT'), 'w_send_time' => do_lang_tempcode('SEND_TIME'));
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sort';
     $header_row = results_field_title(array(do_lang_tempcode('NAME'), do_lang_tempcode('SUBJECT'), do_lang_tempcode('SEND_TIME'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
     $fields = new ocp_tempcode();
     require_code('form_templates');
     list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
     foreach ($rows as $row) {
         $edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
         $fields->attach(results_entry(array($row['w_name'], get_translated_text($row['w_subject']), do_lang_tempcode('HOURS', escape_html(strval($row['w_send_time']))), protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])))), true));
     }
     return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:30,代码来源:admin_ocf_welcome_emails.php

示例7: check_posted_field

/**
 * Check a posted field isn't 'evil'.
 *
 * @param  string			The name of the parameter
 * @param  string			The value retrieved
 * @return string			The filtered value
 */
function check_posted_field($name, &$val)
{
    if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') {
        $true_referer = substr(ocp_srv('HTTP_REFERER'), 0, 7) == 'http://' || substr(ocp_srv('HTTP_REFERER'), 0, 8) == 'https://';
        $canonical_referer = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', ocp_srv('HTTP_REFERER')))));
        $canonical_baseurl = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', get_base_url()))));
        if ($true_referer && substr(strtolower($canonical_referer), 0, strlen($canonical_baseurl)) != strtolower($canonical_baseurl) && !is_guest()) {
            if (!in_array($name, array('login_username', 'password', 'remember', 'login_invisible'))) {
                $allowed_partners = explode(chr(10), get_option('allowed_post_submitters'));
                $allowed_partners[] = 'paypal.com';
                $allowed_partners[] = 'www.paypal.com';
                $found = false;
                foreach ($allowed_partners as $partner) {
                    if (trim($partner) == '') {
                        continue;
                    }
                    if (strpos(ocp_srv('HTTP_REFERER'), trim($partner)) !== false) {
                        $found = true;
                        break;
                    }
                }
                if (!$found) {
                    $_POST = array();
                    // To stop loops
                    log_hack_attack_and_exit('EVIL_POSTED_FORM_HACK', ocp_srv('HTTP_REFERER'));
                }
            }
        }
    }
    // Custom fields.xml filter system
    $val = filter_form_field_default($name, $val);
}
开发者ID:erico-deh,项目名称:ocPortal,代码行数:39,代码来源:input_filter.php

示例8: get_sort_order

 /**
  * Read in the sort order currently active, and a suffix to the select statement to allow it to work. Apply security.
  *
  * @return array			A quarter: The sort order, The sort order (for backwards sorting), SQL suffix for select statement for images, SQL suffix for select statement for videos
  */
 function get_sort_order()
 {
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sort';
     $NON_CANONICAL_PARAMS[] = 'select';
     $NON_CANONICAL_PARAMS[] = 'video_select';
     $sort = get_param('sort', 'add_date DESC');
     if ($sort == 'random ASC') {
         $sort = 'add_date ASC';
     }
     if ($sort != 'fixed_random ASC' && $sort != 'compound_rating DESC' && $sort != 'compound_rating ASC' && $sort != 'add_date DESC' && $sort != 'add_date ASC' && $sort != 'url DESC' && $sort != 'url ASC' && $sort != 'title DESC' && $sort != 'title ASC') {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     list($_sort, $_dir) = explode(' ', $sort, 2);
     $sort_backwards = $_sort . ' ' . ($_dir == 'ASC' ? 'DESC' : 'ASC');
     if ($sort == 'compound_rating ASC' || $sort == 'compound_rating DESC') {
         $suffix_images = ',(SELECT AVG(rating) FROM ' . get_table_prefix() . 'rating WHERE ' . db_string_equal_to('rating_for_type', 'images') . ' AND rating_for_id=e.id) AS compound_rating';
         $suffix_videos = ',(SELECT AVG(rating) FROM ' . get_table_prefix() . 'rating WHERE ' . db_string_equal_to('rating_for_type', 'videos') . ' AND rating_for_id=e.id) AS compound_rating';
     } elseif ($sort == 'fixed_random ASC') {
         $suffix_images = ',(MOD(id,3.142)) AS fixed_random';
         $suffix_videos = ',(MOD(id,3.142)) AS fixed_random';
     } else {
         $suffix_images = '';
         $suffix_videos = '';
     }
     return array($sort, $sort_backwards, $suffix_images, $suffix_videos);
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:32,代码来源:galleries.php

示例9: _survey_results

 /**
  * View survey results.
  *
  * @return tempcode	The result of execution.
  */
 function _survey_results()
 {
     $title = get_page_title('SURVEY_RESULTS');
     breadcrumb_set_parents(array(array('_SELF:_SELF', do_lang_tempcode('MANAGE_QUIZZES'))));
     $GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/survey_results';
     $id = get_param_integer('id');
     // quiz ID
     $fields = new ocp_tempcode();
     require_code('templates_results_table');
     require_code('templates_view_space');
     // Show summary
     $question_rows = $GLOBALS['SITE_DB']->query_select('quiz_questions', array('*'), array('q_quiz' => $id), 'ORDER BY id');
     foreach ($question_rows as $q) {
         $question = get_translated_text($q['q_question_text']);
         $answers = new ocp_tempcode();
         $answer_rows = $GLOBALS['SITE_DB']->query_select('quiz_question_answers', array('*'), array('q_question' => $q['id']), 'ORDER BY id');
         $all_answers = array();
         foreach ($answer_rows as $i => $a) {
             $answer = get_translated_text($a['q_answer_text']);
             $count = $GLOBALS['SITE_DB']->query_value('quiz_entry_answer', 'COUNT(*)', array('q_answer' => strval($a['id'])));
             $all_answers[serialize(array($answer, $i))] = $count;
         }
         arsort($all_answers);
         foreach ($all_answers as $bits => $count) {
             list($answer, $i) = unserialize($bits);
             $answers->attach(paragraph(do_lang_tempcode('SURVEY_ANSWER_RESULT', escape_html($answer), integer_format($count), integer_format($i + 1))));
         }
         if ($answers->is_empty()) {
             $answers = do_lang_tempcode('FREE_ENTRY_ANSWER');
         }
         $fields->attach(view_space_field($question, $answers, true));
     }
     $summary = do_template('VIEW_SPACE', array('_GUID' => '2b0c2ba0070ba810c5e4b5b4aedcb15f', 'WIDTH' => '300', 'FIELDS' => $fields));
     // Show results table
     $start = get_param_integer('start', 0);
     $max = get_param_integer('max', 50);
     $sortables = array('q_time' => do_lang_tempcode('DATE'));
     $test = explode(' ', get_param('sort', 'q_time DESC'), 2);
     if (count($test) == 1) {
         $test[1] = 'DESC';
     }
     list($sortable, $sort_order) = $test;
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sort';
     $max_rows = $GLOBALS['SITE_DB']->query_value('quiz_entries', 'COUNT(*)', array('q_quiz' => $id));
     $rows = $GLOBALS['SITE_DB']->query_select('quiz_entries', array('id', 'q_time', 'q_member'), array('q_quiz' => $id), 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
     if (count($rows) == 0) {
         return inform_screen($title, do_lang_tempcode('NO_ENTRIES'));
     }
     $fields = new ocp_tempcode();
     $fields_title = results_field_title(array(do_lang_tempcode('DATE'), do_lang_tempcode('USERNAME')), $sortables, 'sort', $sortable . ' ' . $sort_order);
     foreach ($rows as $myrow) {
         $date_link = hyperlink(build_url(array('page' => '_SELF', 'type' => '__survey_results', 'id' => $myrow['id']), '_SELF'), escape_html(get_timezoned_date($myrow['q_time'])));
         $member_link = $GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($myrow['q_member']);
         $fields->attach(results_entry(array($date_link, $member_link), false));
     }
     if ($fields->is_empty()) {
         warn_exit(do_lang_tempcode('NO_ENTRIES'));
     }
     $results = results_table(do_lang_tempcode('SURVEY_RESULTS'), $start, 'start', $max, 'max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort');
     return do_template('SURVEY_RESULTS_SCREEN', array('_GUID' => '3f38ac1b94fb4de8219b8f7108c7b0a3', 'TITLE' => $title, 'SUMMARY' => $summary, 'RESULTS' => $results));
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:70,代码来源:admin_quiz.php

示例10: nice_get_choose_table

 /**
  * Standard aed_module table function.
  *
  * @param  array			Details to go to build_url for link to the next screen.
  * @return array			A pair: The choose table, Whether re-ordering is supported from this screen.
  */
 function nice_get_choose_table($url_map)
 {
     require_code('templates_results_table');
     $current_ordering = get_param('sort', 'id ASC', true);
     list($sortable, $sort_order) = array(substr($current_ordering, 0, strrpos($current_ordering, ' ')), substr($current_ordering, strrpos($current_ordering, ' ') + 1));
     $sortables = array('id' => do_lang_tempcode('CODENAME'), 't_is_textual' => do_lang_tempcode('BANNER_IS_TEXTUAL'), 't_image_width' => do_lang_tempcode('WIDTH'), 't_image_height' => do_lang_tempcode('HEIGHT'), 't_max_file_size' => do_lang_tempcode('_FILE_SIZE'), 't_comcode_inline' => do_lang_tempcode('COMCODE_INLINE'));
     if (db_has_subqueries($GLOBALS['SITE_DB']->connection_read)) {
         $sortables['(SELECT COUNT(*) FROM ' . get_table_prefix() . 'banners WHERE b_type=r.id)'] = do_lang_tempcode('COUNT_TOTAL');
     }
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sort';
     $header_row = results_field_title(array(do_lang_tempcode('CODENAME'), do_lang_tempcode('BANNER_IS_TEXTUAL'), do_lang_tempcode('WIDTH'), do_lang_tempcode('HEIGHT'), do_lang_tempcode('_FILE_SIZE'), do_lang_tempcode('COMCODE_INLINE'), do_lang_tempcode('COUNT_TOTAL'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
     $fields = new ocp_tempcode();
     require_code('form_templates');
     list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
     foreach ($rows as $row) {
         $edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
         $total = integer_format($GLOBALS['SITE_DB']->query_value('banners', 'COUNT(*)', array('b_type' => $row['id'])));
         $fields->attach(results_entry(array($row['id'] == '' ? do_lang('GENERAL') : $row['id'], $row['t_is_textual'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), integer_format($row['t_image_width']), integer_format($row['t_image_height']), clean_file_size($row['t_max_file_size'] * 1024), $row['t_comcode_inline'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), $total, protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . $row['id']))), true));
     }
     return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', get_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:31,代码来源:cms_banners.php

示例11: security_interface

 /**
  * The UI to view security logs.
  *
  * @return tempcode		The UI
  */
 function security_interface()
 {
     $title = get_page_title('SECURITY_LOGGING');
     // Failed logins
     $start = get_param_integer('failed_start', 0);
     $max = get_param_integer('failed_max', 50);
     $sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'ip' => do_lang_tempcode('IP_ADDRESS'));
     $test = explode(' ', get_param('failed_sort', 'date_and_time DESC'));
     if (count($test) == 1) {
         $test[1] = 'DESC';
     }
     list($_sortable, $sort_order) = $test;
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($_sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'failed_sort';
     require_code('templates_results_table');
     $fields_title = results_field_title(array(do_lang_tempcode('USERNAME'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('IP_ADDRESS')), $sortables, 'failed_sort', $_sortable . ' ' . $sort_order);
     $member_id = post_param_integer('member_id', NULL);
     $map = !is_null($member_id) ? array('failed_account' => $GLOBALS['FORUM_DRIVER']->get_username($member_id)) : NULL;
     $max_rows = $GLOBALS['SITE_DB']->query_value('failedlogins', 'COUNT(*)', $map);
     $rows = $GLOBALS['SITE_DB']->query_select('failedlogins', array('*'), $map, 'ORDER BY ' . $_sortable . ' ' . $sort_order, $max, $start);
     $fields = new ocp_tempcode();
     foreach ($rows as $row) {
         $time = get_timezoned_date($row['date_and_time']);
         $lookup_url = build_url(array('page' => 'admin_lookup', 'param' => $row['ip']), '_SELF');
         $fields->attach(results_entry(array(escape_html($row['failed_account']), escape_html($time), hyperlink($lookup_url, escape_html($row['ip'])))));
     }
     $failed_logins = results_table(do_lang_tempcode('FAILED_LOGINS'), $start, 'failed_start', $max, 'failed_max', $max_rows, $fields_title, $fields, $sortables, $_sortable, $sort_order, 'failed_sort', new ocp_tempcode());
     $member_id = post_param_integer('member_id', NULL);
     $map = !is_null($member_id) ? array('the_user' => $member_id) : NULL;
     $alerts = find_security_alerts($map);
     $post_url = build_url(array('page' => '_SELF', 'type' => 'clean', 'start' => $start, 'max' => $max), '_SELF');
     return do_template('SECURITY_SCREEN', array('_GUID' => 'e0b5e6557686b2320a8ce8166df07328', 'TITLE' => $title, 'FAILED_LOGINS' => $failed_logins, 'ALERTS' => $alerts, 'URL' => $post_url));
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:41,代码来源:admin_security.php

示例12: run

 /**
  * Standard modular run function.
  *
  * @return tempcode	The result of execution.
  */
 function run()
 {
     $GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/errorlog';
     $GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_disaster';
     require_lang('errorlog');
     $title = get_page_title('ERROR_LOG');
     require_code('templates_internalise_screen');
     $test_tpl = internalise_own_screen($title);
     if (is_object($test_tpl)) {
         return $test_tpl;
     }
     // Read in errors
     if (is_readable(get_custom_file_base() . '/data_custom/errorlog.php')) {
         if (filesize(get_custom_file_base() . '/data_custom/errorlog.php') > 1024 * 1024) {
             $myfile = fopen(get_custom_file_base() . '/data_custom/errorlog.php', 'rt');
             fseek($myfile, -1024 * 500, SEEK_END);
             $lines = explode(chr(10), fread($myfile, 1024 * 500));
             fclose($myfile);
             unset($lines[0]);
             $lines[] = '...';
         } else {
             $lines = file(get_custom_file_base() . '/data_custom/errorlog.php');
         }
     } else {
         $lines = array();
     }
     $stuff = array();
     foreach ($lines as $line) {
         $_line = trim($line);
         if ($_line != '' && strpos($_line, '<?php') === false) {
             $matches = array();
             if (preg_match('#\\[(.+?) (.+?)\\] (.+?):  ?(.*)#', $_line, $matches) != 0) {
                 $stuff[] = $matches;
             }
         }
     }
     // Put errors into table
     $start = get_param_integer('start', 0);
     $max = get_param_integer('max', 50);
     $sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'));
     $test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
     if (count($test) == 1) {
         $test[1] = 'DESC';
     }
     list($sortable, $sort_order) = $test;
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sort';
     if ($sort_order == 'DESC') {
         $stuff = array_reverse($stuff);
     }
     require_code('templates_results_table');
     $fields_title = results_field_title(array(do_lang_tempcode('DATE_TIME'), do_lang_tempcode('TYPE'), do_lang_tempcode('MESSAGE')), $sortables, 'sort', $sortable . ' ' . $sort_order);
     $fields = new ocp_tempcode();
     for ($i = $start; $i < $start + $max; $i++) {
         if (!array_key_exists($i, $stuff)) {
             break;
         }
         $message = str_replace(get_file_base(), '', $stuff[$i][4]);
         $fields->attach(results_entry(array(escape_html($stuff[$i][1] . ' ' . $stuff[$i][2]), escape_html($stuff[$i][3]), escape_html($message))));
     }
     $error = results_table(do_lang_tempcode('ERROR_LOG'), $start, 'start', $max, 'max', $i, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort', new ocp_tempcode());
     // Read in end of permissions file
     require_all_lang();
     if (is_readable(get_custom_file_base() . '/data_custom/permissioncheckslog.php')) {
         $myfile = @fopen(get_custom_file_base() . '/data_custom/permissioncheckslog.php', 'rt');
         if ($myfile !== false) {
             fseek($myfile, -40000, SEEK_END);
             $data = '';
             while (!feof($myfile)) {
                 $data .= fread($myfile, 8192);
             }
             fclose($myfile);
             $lines = explode(chr(10), $data);
             if (count($lines) != 0) {
                 if (strpos($lines[0], '<' . '?php') !== false) {
                     array_shift($lines);
                 } else {
                     if (strlen($data) == 40000) {
                         $lines[0] = '...';
                     }
                 }
             }
             foreach ($lines as $i => $line) {
                 $matches = array();
                 if (preg_match('#^\\s+has\\_specific\\_permission: (\\w+)#', $line, $matches) != 0) {
                     $looked_up = do_lang('PT_' . $matches[1], NULL, NULL, NULL, NULL, false);
                     if (!is_null($looked_up)) {
                         $line = str_replace($matches[1], $looked_up, $line);
                         $lines[$i] = $line;
                     }
                 }
             }
//.........这里部分代码省略.........
开发者ID:erico-deh,项目名称:ocPortal,代码行数:101,代码来源:admin_errorlog.php

示例13: nice_get_choose_table

 /**
  * Standard aed_module table function.
  *
  * @param  array			Details to go to build_url for link to the next screen.
  * @return array			A pair: The choose table, Whether re-ordering is supported from this screen.
  */
 function nice_get_choose_table($url_map)
 {
     require_code('templates_results_table');
     $current_ordering = get_param('sort', 'the_message ASC');
     if (strpos($current_ordering, ' ') === false) {
         warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
     }
     list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
     $sortables = array('the_message' => do_lang_tempcode('MESSAGE'), 'days' => do_lang_tempcode('NUMBER_DAYS'), 'order_time' => do_lang_tempcode('ORDER_DATE'), 'user_id' => do_lang_tempcode('OWNER'));
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sort';
     $header_row = results_field_title(array(do_lang_tempcode('MESSAGE'), do_lang_tempcode('NUMBER_DAYS'), do_lang_tempcode('ORDER_DATE'), do_lang_tempcode('_UP_FOR'), do_lang_tempcode('OWNER'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
     $fields = new ocp_tempcode();
     require_code('form_templates');
     list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
     foreach ($rows as $row) {
         $edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
         $username = protect_from_escaping($GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($row['user_id']));
         $activation_time = $row['activation_time'];
         $days = is_null($activation_time) ? '' : float_format(round((time() - $activation_time) / 60 / 60 / 24, 3));
         $fields->attach(results_entry(array(protect_from_escaping(get_translated_tempcode($row['the_message'])), integer_format($row['days']), get_timezoned_date($row['order_time']), $row['active_now'] == 1 ? $days : do_lang_tempcode('NA_EM'), $username, protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])))), true));
     }
     return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:33,代码来源:admin_flagrant.php

示例14: choose_action

 /**
  * The UI to show a results table of moderation actions for a moderator.
  *
  * @return tempcode		The UI
  */
 function choose_action()
 {
     breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('VIEW_ACTION_LOGS'))));
     breadcrumb_set_self(do_lang_tempcode('RESULTS'));
     $title = get_page_title('VIEW_ACTION_LOGS');
     require_code('templates_internalise_screen');
     $test_tpl = internalise_own_screen($title);
     if (is_object($test_tpl)) {
         return $test_tpl;
     }
     $id = get_param_integer('id', -1);
     $start = get_param_integer('start', 0);
     $max = get_param_integer('max', 50);
     $sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'the_type' => do_lang_tempcode('ACTION'));
     $test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
     if (count($test) == 1) {
         $test[1] = 'DESC';
     }
     list($sortable, $sort_order) = $test;
     if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
         log_hack_attack_and_exit('ORDERBY_HACK');
     }
     global $NON_CANONICAL_PARAMS;
     $NON_CANONICAL_PARAMS[] = 'sort';
     require_code('templates_results_table');
     $field_titles = array(do_lang_tempcode('USERNAME'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('ACTION'), do_lang_tempcode('PARAMETER_A'), do_lang_tempcode('PARAMETER_B'));
     if (addon_installed('securitylogging')) {
         $field_titles[] = do_lang_tempcode('_BANNED');
     }
     $fields_title = results_field_title($field_titles, $sortables, 'sort', $sortable . ' ' . $sort_order);
     $filter_to_type = get_param('to_type', '');
     $filter_param_a = get_param('param_a', '');
     $filter_param_b = get_param('param_b', '');
     $max_rows = 0;
     // Pull up our rows: forum
     if (get_forum_type() == 'ocf') {
         // Possible filter (called up by URL)
         $where = '1=1';
         if ($filter_to_type != '') {
             $where .= ' AND ' . db_string_equal_to('l_the_type', $filter_to_type);
         }
         if ($filter_param_a != '') {
             $where .= ' AND l_param_a LIKE \'' . db_encode_like('%' . $filter_param_a . '%') . '\'';
         }
         if ($filter_param_b != '') {
             $where .= ' AND l_param_b LIKE \'' . db_encode_like('%' . $filter_param_b . '%') . '\'';
         }
         if ($id != -1) {
             $where .= ' AND l_by=' . strval($id);
         }
         // Fetch
         $rows1 = $GLOBALS['FORUM_DB']->query('SELECT l_reason,id,l_by AS the_user,l_date_and_time AS date_and_time,l_the_type AS the_type,l_param_a AS param_a,l_param_b AS param_b FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_moderator_logs WHERE ' . $where . ' ORDER BY ' . $sortable . ' ' . $sort_order, $max + $start);
         $max_rows += $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_moderator_logs WHERE ' . $where);
     } else {
         $rows1 = array();
     }
     // Possible filter (called up by URL)
     $where = '1=1';
     if ($filter_to_type != '') {
         $where .= ' AND ' . db_string_equal_to('the_type', $filter_to_type);
     }
     if ($filter_param_a != '') {
         $where .= ' AND param_a LIKE \'' . db_encode_like('%' . $filter_param_a . '%') . '\'';
     }
     if ($filter_param_b != '') {
         $where .= ' AND param_b LIKE \'' . db_encode_like('%' . $filter_param_b . '%') . '\'';
     }
     if ($id != -1) {
         $where .= ' AND the_user=' . strval($id);
     }
     // Fetch
     $rows2 = $GLOBALS['SITE_DB']->query('SELECT id,the_user,date_and_time,the_type,param_a,param_b,ip FROM ' . get_table_prefix() . 'adminlogs WHERE ' . $where . ' ORDER BY ' . $sortable . ' ' . $sort_order, $max + $start);
     $max_rows += $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'adminlogs WHERE ' . $where);
     $rows = array_merge($rows1, $rows2);
     require_code('actionlog');
     $fields = new ocp_tempcode();
     $pos = 0;
     while (count($rows) != 0 && $pos - $start < $max) {
         $best = 0;
         // Initialise type to integer
         $_best = 0;
         // Initialise type to integer
         $best = NULL;
         $_best = NULL;
         foreach ($rows as $x => $row) {
             if (is_null($best) || $row['date_and_time'] < $_best && $sortable == 'date_and_time' && $sort_order == 'ASC' || $row['date_and_time'] > $_best && $sortable == 'date_and_time' && $sort_order == 'DESC' || intval($row['the_type']) < $_best && $sortable == 'the_type' && $sort_order == 'ASC' || intval($row['the_type']) > $_best && $sortable == 'the_type' && $sort_order == 'DESC') {
                 $best = $x;
                 if ($sortable == 'date_and_time') {
                     $_best = $row['date_and_time'];
                 }
                 if ($sortable == 'the_type') {
                     $_best = $row['the_type'];
                 }
             }
         }
//.........这里部分代码省略.........
开发者ID:erico-deh,项目名称:ocPortal,代码行数:101,代码来源:admin_actionlog.php

示例15: check_id

 /**
  * Checks the ticket ID is valid, and there is access for the current member to view it. Bombs out if there's a problem.
  *
  * @param  string			The ticket ID to check
  */
 function check_id($id)
 {
     // Check we are allowed
     $_temp = explode('_', $id);
     if (array_key_exists(2, $_temp)) {
         log_hack_attack_and_exit('TICKET_SYSTEM_WEIRD');
     }
     if (!has_specific_permission(get_member(), 'view_others_tickets') && intval($_temp[0]) != get_member()) {
         if (is_guest()) {
             access_denied('NOT_AS_GUEST');
         }
         if (is_guest(intval($_temp[0]))) {
             access_denied(do_lang('TICKET_OTHERS_HACK'));
         }
         log_hack_attack_and_exit('TICKET_OTHERS_HACK');
     }
 }
开发者ID:erico-deh,项目名称:ocPortal,代码行数:22,代码来源:tickets.php


注:本文中的log_hack_attack_and_exit函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。