KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.4.62
System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64
User : www ( 80)
PHP Version : 8.3.8
Disable Function : NONE
Directory :  /domains/simes/unused/fCMSBackend/includes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /domains/simes/unused/fCMSBackend/includes/Request.php
<?php

define ("DEBUG_FILE", './debug.txt');
define ("USE_DEBUG", True);

$has_fcms = file_exists ("./includes/fcmsdb");

require_once "./includes/configdb/config.php";
require_once "./includes/userdb/userdb.php";

if ($has_fcms) require_once "./includes/fcmsdb/fcms.php";

# --------------------------------------------------------------------- */
# Licence validation

class LValidation {

	var $hasLicense;
	var $verror;

	function LValidation () {
		$this->hasLicense = False;
		$this->verror = "";

		if (function_exists ('ioncube_license_matches_server')) {
			$this->hasLicense = True;
		}
	}

	function Validate () {
		$this->verror = "";
		if (! $this->hasLicense) return True;
		
		$ok = ioncube_license_matches_server ();
		if (! $ok) {
			$this->verror = "Server validation failed.";
			return False;
		}

		$ok = ioncube_license_has_expired ();
		if ($ok) {
			$this->verror = "License expired.";
			return False;
		}

		return True;
	}

	function getProperty ($pname) {
		if (! $this->hasLicense) return "";
		
		$parr = ioncube_license_properties ();
		if (! $parr) return "";

		$p = $parr [$pname];
		if (! $p) return "";

		return $p ['value'];
	}
}

# --------------------------------------------------------------------- */
# Request class.

class FCMSRequest {

	var $oLicense;
	var $hasLicense;
	var $licFCMS;

	var $action;
	var $parameters;

	var $authenticated;
	var $username;
	var $usergroup;
	
	var $SID;
	
	var $fCMS;
	var $userdb;
	var $configdb;

	var $hasDebug;

	function FCMSRequest () {
		$this->initDebug ();

		$this->oLicense = new LValidation ();
		$this->hasLicense = $this->oLicense->hasLicense;

		$this->debugVar ($this->hasLicense, 'License');
	}

	function doInit () {
		global $has_fcms;
		
		$this->userdb = factory_userdb ();
		$this->configdb = factory_configdb ();

		if ($this->hasLicense) {
			$ok = $this->oLicense->Validate ();
			if (! $ok) {
				$this->debugVar ($this->oLicense->verror, 'License error');
				$this->error ('NoLicense');
			}
		}

		$this->fCMS = NULL;
		$fcmsType = "none";

		$fcmsUsage = $this->oLicense->getProperty ('usageFCMS');
		if (! $has_fcms) $fcmsUsage = "none";

		if ($fcmsUsage != 'none') {
			$this->fCMS = factory_fCMS ();
			$fcmsType = "xml";

			if (! $this->fCMS->initOK) $this->error ('AccessDenied');
		}

		$this->debugVar ($fcmsType, 'FCMS Type');
		
		$a = $this->initActionDict ();
		$this->parameters = $a;
		
		$this->action = $a ['ACTION'];
		$this->SID = $a ['SID'];
		if ($this->SID == 'dummy_sid') $this->SID = "";

		$this->setupSession ();

		$this->debugvar ($this->action, 'Action');
		$this->debugVar ($this->username, 'Username');
	}

# ---------- Parsing request ----------

	function initActionDict () {
		// ----- upload
		if ( isset ( $_GET['path']) ) {
			$a = array (
				'ACTION' => 'upload', 
				'PATH' => $_GET ['path'], 
				'SID' => $_GET ['SID']
			);
			return $a;
		}

		// ----- Call for full screen
		if (isset( $_GET['movie'] ) ) {
			$a = array (
				'ACTION' => 'fullscreen_movie', 
				'MOVIE' => $_GET ['movie'], 
				'SID' => $_GET ['SID']
			);
			return $a;
		}

		// ----- XML

		$reqRaw = "";
		$ph = fopen("php://input", "rb");

		// Read the request.
		while (!feof($ph))
		{
			// Check if we need to stripslashes ()	
			if (get_magic_quotes_gpc ()) {
				$reqRaw .= stripslashes (fread ($ph, 4096));
			}
			else {
				$reqRaw .= fread ($ph, 4096);
			}
		}
		fclose($ph);

		$this->rawRequest = $reqRaw;
		
		// Parameters are stored as attributes of the top-level XML.
		$p = xml_parser_create ();
		xml_parse_into_struct ($p, $reqRaw, $vals);
		xml_parser_free ($p);

		$ret = $vals [0]['attributes'];
		$this->debugvar ($ret, 'XML Request parameters');
		
		return $ret;
	}

# ---------- Session ----------

	function setupSession () {
		$this->authenticated = false;
		$this->username = NULL;
		$this->usergroup = NULL;

		if (! $this->configdb->loginRequired) {
			$this->setupAdminUser ();
			$this->debug ('setupSession: Login not required: using admin');
			
			return;
		}
		
		if ($this->SID) {
			session_id  ($this->SID);
			session_start ();

			$this->setupSessionUser ();

		}
	}

	function setupSessionUser () {
		if (empty ($_SESSION ["ok"])) return;
		if ($_SESSION ["ok"] != true) return;

		if (empty ($_SESSION ["username"])) return;
			
		$this->debug ('setupSessionUser: Using existing session user');

		$user = $_SESSION ["username"];
		$group = $this->userdb->getUserGroup ($user);

		$this->username = $user;
		$this->usergroup = $group;
		$this->authenticated = true;
	}

	function setupAdminUser () {
		$this->username = "admin";
		$this->usergroup = "admin";
		$this->authenticated = true;
	}

	function login () {
		if (! $this->configdb->loginRequired) {
			// Return admin priv.
			$group = "admin";
			
			$resp = $this->getAllGroupPropertiesForFlash ($group);
			
			$resp ["SID"] = "dummy_sid";
			$resp ['status'] = "ok";

			$this->response ($resp);
			return;
		}

		$this->logout ();
		
		$p = $this->parameters;
		$user = $p ['USERNAME'];
		$pass = $p ['PASSWORD'];

		$userdb = $this->userdb;
		$userok = $userdb->checkUser ($user, $pass);

		if ($userok) {
			session_start ();
			
			$_SESSION ["ok"] = true;
			$_SESSION ["username"] = $user;
			
			$this->SID = session_id ();
			$this->setupSessionUser ();

			$group = $this->userdb->getUserGroup ($user);
			
			$resp = $this->getAllGroupPropertiesForFlash ($group);
			$resp ["SID"] = $this->SID;
			$resp ['status'] = "ok";

			$this->response ($resp);
		}
		else {
			$this->error ("NotAuthorized");
		}
	}

	function logout () {
		$this->authenticated = false;

		if (isset ($_COOKIE [session_name()])) {
		   setcookie(session_name(), '', time()-42000, '/');
		}
		
		$_SESSION = array ();
		if ($this->SID) session_destroy ();
		
		unset ($this->SID);
	}

	function getAllGroupProperties ($group) {
		$p = $this->configdb->getGroupProperties ($group);
		$ret = array ();

		foreach ($p as $key => $valdict) {
			foreach ($valdict as $k => $v) {
				$ret [$k] = $v;
			}
		}

		return $ret;
	}

	function getAllGroupPropertiesForFlash ($group) {
		$d = $this->getAllGroupProperties ($group);
		$ret = array ();
		
		foreach ($d as $k => $v) {
			$kk = $k;
			if ($k == 'upload') $kk = 'allowUpload';
			if ($k == 'preview') $kk = 'allowPreview';
			if ($k == 'delete') $kk = 'allowDelete';

			$ret [$kk] = $v;
		}

		return $ret;
	}

	function authorize ($v1, $v2) {
		$v = $this->getAuthGroupProperty ($v1, $v2);

		if ($v != 'true') $this->error ('NotAuthorized');
		return True;
	}

# ---------- Misc ------

	function getAuthGroupProperty ($v1, $v2) {
		$group = $this->usergroup;
		if (! $group) return NULL;

		$v = $this->configdb->getGroupProperty ($group, $v1, $v2);
		return $v;
	}

	function getAuthFBProperty ($prop) {
		$v = $this->getAuthGroupProperty ('filebrowser', $prop);
		return $v;
	}

	function getGlobalConfigProperty ($prop) {
		return $this->configdb->getGlobalProperty ($prop);
	}	

# ---------- Response ----------

	function responseXML ($xml) {
		header ("Content-type: text/xml");
		exit ($xml);
	}

	function response ($rArr, $xml="", $skip_head=False) {
		
		if (! $skip_head) {
			$out = '<?xml version="1.0" encoding="utf-8"?>';
			$out .= "\n<fb";
		}
		else {
			$out .= "<fb";
		}

		if ($rArr) {
			foreach ($rArr as $k => $v) {
				$out .= ' ' . $k . '="' . $v . '"';
			}
		}

		if ($xml) {
			$out .= ">\n";
			$out .= $xml;
			$out .= "\n</fb>";
			
		}
		else {
			$out .= ' />';
		}

		$this->responseXML ($out);
	}

	function error ($key) {
		$cfgdb = $this->configdb;
	
		$this->response (array (
			'status' => 'error',
			'errorMsg' => $cfgdb->getError ($key)
		));
	}

# ---------- Utilities for param, fixing paths / dir names. ----------

	function getParam($pname) {
		$ret = $this->parameters [$pname];

		return $ret;
	}

	function getPathParam ($pname) {
		$ret = $this->parameters [$pname];
		if ($ret) $ret = str_replace ('..', '', $ret);

		return $ret;
		
	}

	function getFilenameParam ($pname) {
		$ret = $this->parameters [$pname];
		if ($ret) $ret = basename ($ret);

		return $ret;
	}

	function joinPathParam ($rootdir, $pname, $pfile=False) {
		$p1 = $rootdir;
		
		if ($pfile)
			$p2 = $this->getFilenameParam ($pname);
		else
			$p2 = $this->getPathParam ($pname);
		
		$ret = $p1 . $p2;
		$ret = str_replace ('//', '/', $ret);

		return $ret;
	}

# ---------- Debug ----------

	function initDebug () {
		if (! USE_DEBUG) {
			$this->hasDebug = False;
			return;
		}
		
		$this->hasDebug = file_exists (DEBUG_FILE);
		if ($this->hasDebug) {
			$f = fopen (DEBUG_FILE, "w");
			fclose ($f);
		}
	}

	function debug ($text) {
		if (! $this->hasDebug) return;
		
		$f = fopen (DEBUG_FILE, "a+");
		fwrite ($f, "\n");
		fwrite ($f, $text);
		fwrite ($f, "\n");
		fclose ($f);
	}
	
	function debugvar ($var, $label) {
		if (! $this->hasDebug) return;

		$txt = var_export ($var, True);
		if ($label) $txt = $label . ': ' . $txt;
		
		$this->debug ($txt);
	}
}

	
?>

Anon7 - 2021