PHP runtime_csfr::Protect方法代码示例

 static function doUpdateConfig()
 {
     global $zdbh;
     global $controller;
     runtime_csfr::Protect();
     $sql = "SELECT * FROM x_settings WHERE so_module_vc=:name AND so_usereditable_en = 'true'";
     //$numrows = $zdbh->query($sql);
     $name = ui_module::GetModuleName();
     $numrows = $zdbh->prepare($sql);
     $numrows->bindParam(':name', $name);
     $numrows->execute();
     if ($numrows->fetchColumn() != 0) {
         $sql = $zdbh->prepare($sql);
         $sql->bindParam(':name', $name);
         $sql->execute();
         while ($row = $sql->fetch()) {
             if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', $row['so_name_vc']))) {
                 $updatesql = $zdbh->prepare("UPDATE x_settings SET so_value_tx = :name2 WHERE so_name_vc = :so_name_vc");
                 $name2 = $controller->GetControllerRequest('FORM', $row['so_name_vc']);
                 $updatesql->bindParam(':name2', $name2);
                 $updatesql->bindParam(':so_name_vc', $row['so_name_vc']);
                 $updatesql->execute();
             }
         }
     }
     self::$ok = true;
 }

 static function doUpdateMessage()
 {
     global $controller;
     runtime_csfr::Protect();
     $currentuser = ctrl_users::GetUserDetail();
     $formvars = $controller->GetAllControllerRequests('FORM');
     self::ExectuteUpdateNotice($currentuser['userid'], $formvars['inNotice']);
     header("location: ./?module=" . $controller->GetCurrentModule() . "&saved=true");
     exit;
 }

 static function doShowStats()
 {
     global $controller;
     runtime_csfr::Protect();
     $formvars = $controller->GetAllControllerRequests('FORM');
     if (isset($formvars['inDomain'])) {
         header("location: ./?module=" . $controller->GetCurrentModule() . "&show=true&domain=" . $formvars['inDomain'] . "");
         exit;
     } else {
         return false;
     }
 }

 static function doUpdatePassword()
 {
     global $zdbh;
     global $controller;
     runtime_csfr::Protect();
     $currentuser = ctrl_users::GetUserDetail();
     $current_pass = $controller->GetControllerRequest('FORM', 'inCurPass');
     $newpass = $controller->GetControllerRequest('FORM', 'inNewPass');
     $conpass = $controller->GetControllerRequest('FORM', 'inConPass');
     $crypto = new runtime_hash();
     $crypto->SetPassword($newpass);
     $randomsalt = $crypto->RandomSalt();
     $crypto->SetSalt($randomsalt);
     $new_secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
     $sql = $zdbh->prepare("SELECT ac_pass_vc, ac_passsalt_vc FROM x_accounts WHERE ac_id_pk= :uid");
     $sql->bindParam(':uid', $currentuser['userid']);
     $sql->execute();
     $result = $sql->fetch();
     $userpasshash = new runtime_hash();
     $userpasshash->SetPassword($current_pass);
     $userpasshash->SetSalt($result['ac_passsalt_vc']);
     $current_secure_password = $userpasshash->CryptParts($userpasshash->Crypt())->Hash;
     if (fs_director::CheckForEmptyValue($newpass)) {
         // Current password is blank!
         self::$error = "error";
     } elseif ($current_secure_password != $result['ac_pass_vc']) {
         // Current password does not match!
         self::$error = "nomatch";
     } else {
         if ($newpass == $conpass) {
             // Check for password length...
             if (strlen($newpass) < ctrl_options::GetSystemOption('password_minlength')) {
                 self::$badpassword = true;
                 return false;
             }
             // Check that the new password matches the confirmation box.
             $sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc=:new_secure_password, ac_passsalt_vc= :randomsalt WHERE ac_id_pk=:userid");
             $sql->bindParam(':randomsalt', $randomsalt);
             $sql->bindParam(':new_secure_password', $new_secure_password);
             $sql->bindParam(':userid', $currentuser['userid']);
             $sql->execute();
             self::$error = "ok";
         } else {
             self::$error = "error";
         }
     }
 }

 static function doUpdateAccountSettings()
 {
     global $zdbh;
     global $controller;
     runtime_csfr::Protect();
     $currentuser = ctrl_users::GetUserDetail();
     $userid = $currentuser['userid'];
     $email = $controller->GetControllerRequest('FORM', 'inEmail');
     $fullname = $controller->GetControllerRequest('FORM', 'inFullname');
     $language = $controller->GetControllerRequest('FORM', 'inLanguage');
     $phone = $controller->GetControllerRequest('FORM', 'inPhone');
     $address = $controller->GetControllerRequest('FORM', 'inAddress');
     $postalCode = $controller->GetControllerRequest('FORM', 'inPostalCode');
     if (!fs_director::CheckForEmptyValue(self::ExecuteUpdateAccountSettings($userid, $email, $fullname, $language, $phone, $address, $postalCode))) {
         runtime_hook::Execute('OnAfterUpdateMyAccount');
         self::$ok = true;
     }
 }

 static function doShadowUser()
 {
     global $zdbh;
     global $controller;
     runtime_csfr::Protect();
     $currentuser = ctrl_users::GetUserDetail();
     if ($currentuser['username'] == 'zadmin') {
         $sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc";
         $numrows = $zdbh->prepare($sql);
     } else {
         $sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL";
         $numrows = $zdbh->prepare($sql);
         $numrows->bindParam(':userid', $currentuser['userid']);
     }
     if ($numrows->execute()) {
         if ($numrows->fetchColumn() != 0) {
             $sql = $zdbh->prepare($sql);
             if ($currentuser['username'] == 'zadmin') {
                 //no bind needed
             } else {
                 //bind the username
                 $sql->bindParam(':userid', $currentuser['userid']);
             }
             $sql->execute();
             while ($rowclients = $sql->fetch()) {
                 if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) {
                     ctrl_auth::KillCookies();
                     ctrl_auth::SetSession('ruid', $currentuser['userid']);
                     ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled());
                     header("location: /");
                     exit;
                 }
             }
         }
     }
 }

 static function doConfirmDeleteAlias()
 {
     global $controller;
     runtime_csfr::Protect();
     $formvars = $controller->GetAllControllerRequests('FORM');
     if (self::ExecuteDeleteAlias($formvars['inDelete'])) {
         return true;
     }
     return false;
 }

 static function doSaveVhost()
 {
     global $zdbh;
     global $controller;
     runtime_csfr::Protect();
     $port = $controller->GetControllerRequest('FORM', 'vh_custom_port_in');
     if (empty($port)) {
         $port = NULL;
     } else {
         $port = $controller->GetControllerRequest('FORM', 'vh_custom_port_in');
     }
     $ip = $controller->GetControllerRequest('FORM', 'vh_custom_ip_vc');
     if (empty($ip)) {
         $ip = NULL;
     } else {
         $ip = $controller->GetControllerRequest('FORM', 'vh_custom_ip_vc');
     }
     $sql = $zdbh->prepare("UPDATE x_vhosts SET\n\t\t\tvh_enabled_in  = ?,\n\t\t\tvh_suhosin_in  = ?,\n\t\t\tvh_obasedir_in = ?,\n\t\t\tvh_custom_port_in   = ?,\n                        vh_portforward_in   = ?,\n                        vh_custom_ip_vc   = ?,\n\t\t\tvh_custom_tx   = ?\n\t\t\tWHERE\n\t\t\tvh_id_pk = ?\n\t\t\tAND vh_deleted_ts IS NULL");
     $sql->execute(array(fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_enabled_in')), fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_suhosin_in')), fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_obasedir_in')), $port, fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_portforward_in')), $ip, $controller->GetControllerRequest('FORM', 'vh_custom_tx'), $controller->GetControllerRequest('FORM', 'vh_id_pk')));
     self::SetWriteApacheConfigTrue();
     self::$ok = true;
     return true;
 }

 static function doUpdateClient()
 {
     global $controller;
     runtime_csfr::Protect();
     $currentuser = ctrl_users::GetUserDetail();
     $formvars = $controller->GetAllControllerRequests('FORM');
     if (self::ExecuteUpdateClient($formvars['inClientID'], $formvars['inPackage'], $formvars['inEnabled'], $formvars['inGroup'], $formvars['inFullName'], $formvars['inEmailAddress'], $formvars['inAddress'], $formvars['inPostCode'], $formvars['inPhone'], $formvars['inNewPassword'])) {
         return true;
     }
     return false;
 }

 static function doDeleteCron()
 {
     global $zdbh;
     global $controller;
     runtime_csfr::Protect();
     $currentuser = ctrl_users::GetUserDetail();
     $sql = "SELECT COUNT(*) FROM x_cronjobs WHERE ct_acc_fk=:userid AND ct_deleted_ts IS NULL";
     $numrows = $zdbh->prepare($sql);
     $numrows->bindParam(':userid', $currentuser['userid']);
     if ($numrows->execute()) {
         if ($numrows->fetchColumn() != 0) {
             $sql = $zdbh->prepare("SELECT * FROM x_cronjobs WHERE ct_acc_fk=:userid AND ct_deleted_ts IS NULL");
             $sql->bindParam(':userid', $currentuser['userid']);
             $sql->execute();
             while ($rowcrons = $sql->fetch()) {
                 if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $rowcrons['ct_id_pk'] . ''))) {
                     $sql2 = $zdbh->prepare("UPDATE x_cronjobs SET ct_deleted_ts=:time WHERE ct_id_pk=:cronid");
                     $sql2->bindParam(':cronid', $rowcrons['ct_id_pk']);
                     $sql2->bindParam(':time', time());
                     $sql2->execute();
                     (new Cronfile())->writeToFile();
                     self::$ok = TRUE;
                     return;
                 }
             }
         }
     }
     self::$error = TRUE;
     return;
 }

 /**
  * Accepts Admin settings form
  * @return null
  */
 static function doUpdateSettings()
 {
     global $controller;
     runtime_csfr::Protect();
     $form = $controller->GetAllControllerRequests('FORM');
     if (!isset($form['inAdminSettings'])) {
         return false;
     }
     ctrl_options::SetSystemOption('whmcs_sendemail_bo', $form['SendEmail']);
     ctrl_options::SetSystemOption('whmcs_link', $form['Link']);
     self::$Results[] = ui_sysmessage::shout('Settings updated!', 'alert-success');
 }

 static function doUpdateGroup()
 {
     global $controller;
     runtime_csfr::Protect();
     $formvars = $controller->GetAllControllerRequests('FORM');
     if (self::ExectuteUpdateGroup($formvars['inGroupID'], $formvars['inGroupName'], $formvars['inDesc'])) {
         return true;
     }
     return false;
 }

 static function doAddFaq()
 {
     global $controller;
     runtime_csfr::Protect();
     $currentuser = ctrl_users::GetUserDetail();
     if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inAdd'))) {
         $question = $controller->GetControllerRequest('FORM', 'question');
         $answer = $controller->GetControllerRequest('FORM', 'answer');
         $userid = $currentuser['userid'];
         if ($currentuser['usergroup'] == "Administrators") {
             $global = 1;
         } else {
             $global = 0;
         }
         self::ExecuteAddFaq($question, $answer, $userid, $global);
     }
 }

 static function doDeletePackage()
 {
     global $controller;
     runtime_csfr::Protect();
     $formvars = $controller->GetAllControllerRequests('FORM');
     if (self::ExecuteDeletePackage($formvars['inPackageID'], $formvars['inMovePackage'])) {
         return true;
     }
     return false;
 }

 static function doDelete()
 {
     global $controller;
     runtime_csfr::Protect();
     $formvars = $controller->GetAllControllerRequests('FORM');
     if (self::ExecuteDelete($formvars['inDelete'], $formvars['inTable'], $formvars['inColumn'], $formvars['inNullCol'])) {
         return true;
     }
     return false;
 }