From 2948fe8d6055f6dfe6289e64bce426b5e0bb552f Mon Sep 17 00:00:00 2001 From: cassiopc Date: Fri, 31 Aug 2012 11:02:27 +0200 Subject: inclusion of dir 1.5.1 for boca --- boca-1.5.1/src/filewindow.php | 120 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 boca-1.5.1/src/filewindow.php (limited to 'boca-1.5.1/src/filewindow.php') diff --git a/boca-1.5.1/src/filewindow.php b/boca-1.5.1/src/filewindow.php new file mode 100644 index 0000000..594e483 --- /dev/null +++ b/boca-1.5.1/src/filewindow.php @@ -0,0 +1,120 @@ +. +//////////////////////////////////////////////////////////////////////////////// +// modified 21/july/2011 by cassio@ime.usp.br +ob_start(); +session_start(); +require_once("globals.php"); + +if(!ValidSession()) { + echo "View Page"; + InvalidSession("filewindow.php"); + echo ""; + exit; +} + +if(!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"]) || + !isset($_GET["check"]) || $_GET["check"]=="") { + echo "View Page"; + IntrusionNotify("Bad parameters in filewindow.php"); + echo ""; + exit; +} + +$cf = globalconf(); +$fname = decryptData(rawurldecode($_GET["filename"]), session_id() . $cf["key"]); +$msg = ''; +if(isset($_GET["msg"])) + $msg = rawurldecode($_GET["msg"]); + +$p = myhash($_GET["oid"] . $fname . $msg . session_id() . $cf["key"]); + +if($p != $_GET["check"]) { + echo "View Page"; + IntrusionNotify("Parameters modified in filewindow.php"); + echo ""; + exit; +} + +require_once("db.php"); + +if ($_GET["oid"]>=0) { + $c = DBConnect(); + DBExec($c, "begin work"); + + if (($lo = DB_lo_open ($c, $_GET["oid"], "r")) === false) { + echo "View Page"; + DBExec($c, "rollback work"); + LOGError ("Unable to download file (" . basename($fname) . ")"); + MSGError ("Unable to download file (" . basename($fname) . ")"); + echo ""; + exit; + } + + header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); + header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); + header ("Cache-Control: no-cache, must-revalidate"); + header ("Pragma: no-cache"); + header ("Content-type: text/plain"); + +// echo "\n"; + if($msg != '') { +// echo "

".$_GET["msg"]."

"; + echo $msg ."\n"; + echo $msg ."\n"; + echo $msg ."\n\n\n"; + } +// echo "

\n";
+  if (DB_lo_read_tobrowser ($_SESSION["usertable"]["contestnumber"],$lo) === false) {
+        header ("Content-type: text/html");
+	echo "View Page";
+	DBExec($c, "rollback work");
+	LOGError ("Unable to open file (" . basename($fname) . ")");
+	MSGError ("Unable to open file (" . basename($fname) . ")");
+	echo "";
+	exit;
+  }
+  ob_end_flush();
+//  echo "

\n"; + DB_lo_close($lo); + if($msg != '') { +// echo "

".$_GET["msg"]."

"; + echo "\n\n\n".$msg ."\n"; + echo $msg ."\n"; + echo $msg ."\n"; + } + + DBExec($c, "commit work"); + DBClose($c); +} else { + header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); + header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); + header ("Cache-Control: no-cache, must-revalidate"); + header ("Pragma: no-cache"); + if (($str = file_get_contents($fname))===false) { + header ("Content-type: text/html"); + echo "View Page"; + MSGError ("Unable to open file (" . basename($fname) . ")"); + LOGError ("Unable to open file (" . basename($fname) . ")"); + echo ""; + exit; + } + header ("Content-type: text/plain"); + echo decryptData($str, $cf["key"]); + ob_end_flush(); +} +?> -- cgit v1.2.3