Current File : //proc/self/root/var/softaculous/sitepad/editor/site-inc/sitepad_functions.php
<?php

/**
 * Part of sitemush DB changing
 * This is just below $wpdb connection
 * By Default we connect to sitemush DB to verify session
 */

// We need the ABSPATH
if (!defined('ABSPATH')){
	die('Hacking Attempt');
};

global $sitepad, $globals, $l, $SESS;

function sitepad_mirrors(){
	
	global $sitepad;
	
	$r = array(
			'https://s1.softaculous.com/a/sitepad/',
			'https://s2.softaculous.com/a/sitepad/',
			'https://s3.softaculous.com/a/sitepad/',
			'https://s4.softaculous.com/a/sitepad/',
			'https://s5.softaculous.com/a/sitepad/'
		);
	
	if(!empty($sitepad['dev'])){
		return 'http://127.0.0.1/website/api/sitepad/';
	}
	
	$mirror = $r[array_rand($r)];
	
	// If the license is newly issued, we need to fetch from API only
	if(!empty($sitepad['license']['last_edit']) && (time() - 1800) < $sitepad['license']['last_edit']){
		$mirror = 'https://api.sitepad.com/';
	}
	
	// If the license is newly issued, we need to fetch from API only
	if(!empty($sitepad['server_license']['last_edit']) && (time() - 1800) < $sitepad['server_license']['last_edit']){
		$mirror = 'https://api.sitepad.com/';
	}
	
	return $mirror;
}

// This is only for static content
function sitepad_themes_api_url($theme){
	
	global $sitepad;
	
	if(!empty($sitepad['dev'])){
		return 'http://127.0.0.1/sitepad/themes/'.$theme.'/';
	}
	
	return sitepad_mirrors().'/files/themes/'.$theme.'/';
}

function sitepad_assets_url(){
	global $sitepad;
	
	$url = $sitepad['url'];
	
	if(function_exists('home_url')){
		$url = home_url();
	}
		
	return $url.'/site-data/assets';
}

// Sitepad WP URL
function sitepad_admin_url($path){
	global $sitepad;
	if($path[0] == '/'){
		$path = ltrim($path, '/');
	}
	
	$url = $sitepad['url'];
	
	if(function_exists('home_url')){
		$url = home_url();
	}
	
	return $url.'/site-admin/'.$path;
}

function sitepad_stored_web_url($id){
	return get_user_meta(1, $id.'_sitepad_domain', 1).get_user_meta(1, $id.'_sitepad_path', 1);
}

// Gives the screenshot URL
function sitepad_screenshot_relative($id){
	global $sitepad;
	return 'screenshots/'.$id.'.jpg';
}

// Check Session
function check_session_key(){

global $globals, $l, $SESS;	
	
	//May be in the GET
	//'as' - Session Key
	if(isset($_GET['as'])){
	
		$id = inputsec(htmlizer(trim($_GET['as'])));
	
		if(preg_match('~^[A-Za-z0-9]{32}$~', $id) == 0){
			
			//Return False
			return 0;
			
		}else{
		
			//Return Session ID
			return $id;
		
		}
	
	// Check the cookie
	}elseif(isset($_COOKIE[$globals['cookie_name'].'_sid']) && 
		strlen(trim($_COOKIE[$globals['cookie_name'].'_sid'])) == 32){
	
		$id = inputsec(htmlizer(trim($_COOKIE[$globals['cookie_name'].'_sid'])));

		if(preg_match('~^[A-Za-z0-9]{32}$~', $id) == 0){
			
			//Return False
			return 0;
			
		}else{
		
			//Return Session ID
			return $id;
		
		}
		
	}else{
		
		//Return False
		return 0;
	
	}

}//End of function

// Save Session
function save_session(){

global $globals, $l, $SESS;

	// Only on CP
	if(!empty($globals['iam'])){
		return false;
	}
	
	if(empty($SESS['sid'])){
		return false;
	}
	
	// Are you an admin logged in as a USER
	if(!empty($SESS['temp_uid']) && !empty($SESS['is_admin'])){	
		$SESS['uid'] = $SESS['og_uid'];
	}
	
	$SESS['ip'] = $_SERVER['REMOTE_ADDR'];
	$SESS['user-agent'] = $_SERVER['HTTP_USER_AGENT'];
	
	////////////////////////////////
	// REPLACE in the Session Table
	////////////////////////////////
	
	$res = vquery("REPLACE INTO sitemush.sessions 
					SET sid = '".$SESS['sid']."',
					last_updated = '".time()."',
					data = '".addslashes(serialize($SESS))."'");
						
	if(vsql_affected_rows($res) < 1){
		return false;
	}

	return true;

}//End of function

// Execute a select query and return an array
function vquery($query, $array = 0){
	
	global $sitepad;
	
	$result = vsql_query($query, $sitepad['conn']);
	
	if( !$result ){
			
		//Didnt get anyresult - DIE
		die('Could not make the Query.<br /><br /><br />'.$query.'<br /><br />MySQL Error No : '.vsql_errno($sitepad['conn']).'<br /><br />MySQL Error : '.vsql_error($sitepad['conn']));
			
	}
	
	return $result;
}

// Connect to the database and return the conn
function vsql_connect($host, $db, $user, $pass){
	
	global $error;
	
	// Make the Connection
	$exh = explode(':', $host);
	if(!empty($exh[1])){
		$sconn = @mysqli_connect($exh[0], $user, $pass, '', $exh[1]);
	}else{
		$sconn = @mysqli_connect($host, $user, $pass);
	}
	
	//CHECK Errors and SELECT DATABASE
	if(!empty($sconn)){	
		if(!@mysqli_select_db($sconn, $db)){
			$error['db_select'] = 'Could not select the database !';
			return false;
		}
	}else{
		$error['db_conn'] = 'Could not make the database connection !';
		return false;
	}
	
	return $sconn;

}

/**
 * Executes the query mysqli if exists else mysql
 * @package      softaculous 
 * @author       Brijesh Kothari
 * @param        string $db database to be selected
 * @param        string $conn Resource Link
 * @returns 	 bool TRUE on success or FALSE on failure
 * @since     	 4.4.3
 */
function vsql_query($query, $conn){
	
	try{
		if(extension_loaded('mysqli')){
			$return = @mysqli_query($conn, $query);
		}else{
			$return = @mysql_query($query, $conn);
		}
	}catch(Exception $e){
		return false;
	}
	
	return $return;
}

/**
 * Fetches the result into associative array from a result link mysqli if exists else mysql
 * @package      softaculous 
 * @author       Brijesh Kothari
 * @param        string $result result to fetch the data from
 * @returns 	 mixed Returns an associative array of strings that corresponds to the fetched row, or FALSE if there are no more rows
 * @since     	 4.4.3
 */
function vsql_fetch_assoc($result){
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_fetch_assoc($result);
	}else{
		$return = @mysql_fetch_assoc($result);
	}
	
	return $return;
}

/**
 * Get a result row as an enumerated array mysqli if exists else mysql
 * @package      softaculous 
 * @author       Brijesh Kothari
 * @param        string $result result to fetch the data from
 * @returns 	 mixed returns an array of strings that corresponds to the fetched row or FALSE if there are no more rows
 * @since     	 4.4.3
 */
function vsql_fetch_row($result){
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_fetch_row($result);
	}else{
		$return = @mysql_fetch_row($result);
	}
	
	return $return;
}

function vsql_affected_rows($result){
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_affected_rows($conn);
	}else{
		$return = @mysql_affected_rows($conn);
	}
	
	return $return;
}

function vsql_num_rows($result){
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_num_rows($result);
	}else{
		$return = @mysql_num_rows($result);
	}
	
	return $return;
}

// Get the insert ID
function vsql_insert_id($conn){
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_insert_id($conn);
	}else{
		$return = @mysql_insert_id($conn);
	}
	
	return $return;
}

/**
 * Returns the text of the error message from previous MySQL/MySQLi operation
 * @package      softaculous 
 * @author       Brijesh Kothari
 * @param        string $conn MySQL/MySQLi connection
 * @returns 	 string Returns the error text from the last MySQL function
 * @since     	 4.4.3
 */
function vsql_error($conn){
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_error($conn);
		
		// In mysqli if connection  is not made then we will get connection error using the following function.
		if(empty($conn)){
			$return = @mysqli_connect_error();
		}
		
	}else{
		$return = @mysql_error($conn);
	}
	
	return $return;
}

/**
 * Returns the numerical value of the error message from previous MySQL operation
 * @package      softaculous 
 * @author       Brijesh Kothari
 * @param        string $conn MySQL/MySQLi connection
 * @returns 	 int Returns the error number from the last MySQL function
 * @since     	 4.4.3
 */
function vsql_errno($conn){
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_errno($conn);
	}else{
		$return = @mysql_errno($conn);
	}
	
	return $return;
}

// Matches for valid characters in a domain name and returns
function is_domain($domain){
	//Made a fix to add ~ and / for MOD DIR if enabled
	return !preg_match('/[^~A-Za-z0-9_\-\/\.]/is', $domain);
	
}

// Matches for valid characters in a path and returns
function is_domain_path($path){
	
	return !preg_match('/[^A-Za-z0-9_\-\.\\/]/is', $path);
	
}

// Makes an API Call to the URL given
function get_license_info($path, $post = array()){
	
global $globals;
	
	//echo $url.'<br/>';
	
	$url = $globals['sitemush_api'].'/'.$path;
	
	// Make curl call
	$resp = curl_call($url, $post);
	
	if(empty($resp)){
		return false;
	}
	
	// Decode it
	$resp = sm_decode($resp);
	if(empty($resp)){
		return false;
	}
	
	$r = @json_decode($resp, true);
	
	if(empty($r)){
		return false;
	}
	
	return $r;
}

// Does the login - maybe, you can combine with make_session() itself
function sm_login($siteid){	
	
	global $SESS;
	
	// Create the session
	make_session();
	
	// NOTE : uid is siteid and we have used uid to avoid variable name changes of the session functions borrowed from Pinguzo	
	// Set the SITE ID
	$SESS['uid'] = $siteid;
		
	// Generate 16 Bit random token key for to prevent CSRF from every form
	$SESS['token_key'] = 'sess'.generateRandStr(16);
		
	/*// Are you an admin ?
	if($SESS['uid'] == 166){
		
		// Set you are the ADMIN
		$SESS['is_admin'] = 1;
		$SESS['uid'] = $sitemush_site['siteid'];
		$SESS['og_uid'] = $sitemush_site['siteid'];
		
	}*/
	
}

function sm_api_return($arr){
	die(json_encode($arr));
}


// Execute shell commands
function myexec($command, &$array, &$ret){
	
	if(strtoupper(substr(PHP_OS, 0, 3)) != 'WIN'){
		exec($command, $array, $ret);
		return $ret;
	}
	
	$tmpnam = 't'.rand(1, 999).".bat";
	$fp = fopen ($tmpnam, "w");
	fwrite($fp, $command);
	fclose ($fp);
	exec($tmpnam, $array, $ret);
	unlink($tmpnam);
	return $ret;
}

/**
 * Connect to the ftp server
 *
 * @param        string $host The hostname of the ftp server
 * @param        string $username The username Login detail
 * @param        string $pass The Login password
 * @param        string $cd The path of the file or directory to be changed
 * @returns 	 bool
 */
function sftp_connect($host, $username, $pass, $protocol = 'ftp', $port = 21, $cd = false, $pub = '', $pri = '', $passphrase = '', $test_upload = ''){

	global $globals, $cli_data;
	
	$port = (int) $port; // Converting to INT as FTP class requires an integer
	
	if(!class_exists('ftp_base') && $protocol == 'ftp'){	
		include_once(ABSPATH . 'site-admin/includes/ftp.php');
	}
	
	if(!class_exists('sftp') && $protocol == 'sftp'){
		include_once(ABSPATH . 'site-admin/includes/sftp.php');
	}
	
	if(!class_exists('ftps') && $protocol == 'ftps'){
		include_once(ABSPATH . 'site-admin/includes/ftps.php');
	}
	
	if(!class_exists('CustomIO') && $protocol == 'customio'){
		include_once(ABSPATH . 'site-admin/includes/customio.php');
	}
	
	if(!class_exists($protocol) && file_exists($globals['mainfiles'].'/classes/'.$protocol.'.php')){
		include_once(ABSPATH . 'site-admin/includes/'.$protocol.'.php');
	}
	
	if($protocol == 'ftp'){
		$ftp = new ftp(FALSE, FALSE);
		
		if($_GET['debug'] == 'died' && $_GET['echo'] == '1') $ftp->LocalEcho = true; 
		if($_GET['debug'] == 'died' && $_GET['verbose'] == '1') $ftp->Verbose = true; 
		
		// We get this when executing publis-cli.php via exec() in background
		if(!empty($cli_data['debug']) && $cli_data['debug'] == 'publish'){
			$ftp->LocalEcho = true;
			$ftp->Verbose = true;
		}
		
		if(!$ftp->SetServer($host, $port)) {
			$ftp->quit();
			return 0;
		}
		
		if (!$ftp->connect()) {
			return -1;
		}
		
		if (!$ftp->login($username, $pass)) {
			$ftp->quit();
			return -2;
		}
		
		if(!empty($cd)){
			if(!$ftp->chdir($cd)){
				if(!$ftp->chdir(trim($cd, '/'))){
					return -3;
				}
				//return -3;
			}
		}
		
		if(!$ftp->SetType(FTP_AUTOASCII)){
			
		}
		
		if(!$ftp->Passive(TRUE)){
			
		}
	}
	
	// Class other than FTP
	if(empty($ftp)){
	
		// Initialize a Class
		if($protocol == 'customio' && file_exists(ABSPATH . 'site-admin/includes/customio.php')){
			$ftp = new CustomIO();
		}else{
			$ftp = new $protocol();
		}
		
		// Return if Class not found
		if(!is_object($ftp)){
			return -1;
		}
		
		// For SFTP authentication with keys or password
		if($protocol == 'sftp' && !empty($pub) && !empty($pri)){
			$ftp->auth_pass = 0;
		}else{
			$ftp->auth_pass = 1;
		}
		
		// Can connect ?
		$ret = $ftp->connect($host, $port, $username, $pass, $pub, $pri, $passphrase);
		
		if(!$ret){
			return -2;
		}
		
		// Is directory present
		if(!empty($cd)){
			if(!$ftp->is_dir($cd)){
				return -3;
			}
		}
	}
	
	// Try to upload a test file (if we have to test it) This is to make sure we will be able to upload file or not
	if(!empty($test_upload)){
		
		if(!empty($test_upload) && $test_upload != "/"){
			$ftp->mkdir($test_upload);
		}
		
		if(!$ftp->softput($test_upload.'/testsitepad.html', '<html></html>')){
			return -4;
		}
		
		// Delete the test file
		$ftp->delete($test_upload.'/testsitepad.html');
	}
	
	return $ftp;
	
}

// Merge error
function error_merge($orig, $new){
	
	$orig = (!is_array() ? array($orig) : $orig);
	$new = (!is_array() ? array($orig) : $new);
	
	// Merge errors
	return array_merge($orig, $new);
	
}

function current_script_name(){
	
	$a_wp_dir = cleanpath(ABSPATH).'/';
	
	$this_script_file = str_replace($a_wp_dir, '', cleanpath($_SERVER['SCRIPT_FILENAME']));
	//echo ($this_script_file.' - '.$_SERVER['SCRIPT_FILENAME']);
	return $this_script_file;
	
}

function sm_redirect($location, $header = true, $raw = false){

global $globals, $redirect;
	
	$redirect = true;

	$prefix = (empty($raw) ? $globals['index'] : '');
	
	if(isset($_SERVER['argv']) || isset($argv)){
		$header = false;
	}
	
	if($header){
	
		//Redirect
		header("Location: ".$prefix.$location);
		
	}else{
		
		echo '<meta http-equiv="Refresh" content="0;url='.$prefix.$location.'">';
	
	}

}

// Just reads a TPL file and handles branding
function get_tpl_file($path){	
	
	// Read the file
	$data = file_get_contents($path);
	
	// Handle the branding
	$data = str_ireplace('SitePad Editor', BRAND_SM_EDITOR, $data);
	$data = str_ireplace('http://sitepad.com', BRAND_SM_URL, $data);
	$data = str_ireplace('http://www.sitepad.com', BRAND_SM_URL, $data);
	$data = str_ireplace('https://sitepad.com', BRAND_SM_URL, $data);
	$data = str_ireplace('https://www.sitepad.com', BRAND_SM_URL, $data);
	$data = str_replace('SitePad', BRAND_SM, $data);
	$data = str_replace('Sitepad', BRAND_SM, $data);
	
	return $data;
}


// encrypts the text with salt
function pass_encrypt($txt){
	
	global $universal;
	
	return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($universal['salt']), $txt, MCRYPT_MODE_CBC, md5(md5($universal['salt']))));
}
	
// decrypts the text with salt
function pass_decrypt($crypttxt){
	
	global $universal;
	
	return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($universal['salt']), base64_decode($crypttxt), MCRYPT_MODE_CBC, md5(md5($universal['salt']))), "\0");
}

/**
 * Generate the Sitemap <url> tag
 *
 * @package      sitepad
 * @author       Brijesh Kothari
 * @param        string $loc Full URL for the <loc> tag
 * @param        string $lastmod Last 
 * @param        string $changefreq Full URL for the <loc> tag
 * @param        string $priority Full URL for the <loc> tag
 * @param        string $path (Optional) If given the FETCHED data is saved in the file instead of having it returned 
 * @return       string The FETCHED DATA
 * @since     	
 */
function sitemap_url_tag($loc, $lastmod = '', $changefreq = '', $priority = ''){
	
	// Default values
	if(empty($lastmod)){
		$lastmod = date('Y-m-d', time());
	}
	
	if(empty($changefreq)){
		$changefreq = 'monthly';
	}
	
	if(empty($priority)){
		$priority = '0.5';
	}
	
	$sitemap = '<url>
	<loc>'.$loc.'</loc>
	<lastmod>'.$lastmod.'</lastmod>
	<changefreq>'.$changefreq.'</changefreq>
	<priority>'.$priority.'</priority>
</url>
';

	return $sitemap;
}

function fetch_plan($plan = ''){
	
	global $SESS, $themes;
	
	$plans = json_decode(file_get_contents(ABSPATH.'/site-data/plans.json'), true);
	
	if(empty($plan)){
		return $plans;
	}
	
	if(!empty($plans[$plan])){
		return $plans[$plan];
	}
	
	return false;
}

/**
 * A Function to add file to a ZIP file
 *
 * @package      files 
 * @author       Pulkit Gupta
 * @param        string $file The existing ZIP file Path
 * @param        string $dir The file / directory to add
 * @param        string $addpath The path in the zip of the new file(s)
 * @param        string $pre
 * @return       boolean
 * @since     	 1.0
 */
function sme_add_to_zip($file, $dir, $addpath = '', $pre = ''){

global $globals;
	
	if(!defined('PCLZIP_TEMPORARY_DIR')){
		define('PCLZIP_TEMPORARY_DIR', ($globals['os'] == 'linux' ? '/tmp/' : ''));
	}
	
	if(!class_exists('softpclzip')){
		include_once(ABSPATH . 'site-admin/includes/softaculous.pclzip.php');
	}
	
	$archive = new softpclzip($file);
	
	$rempath = (is_dir($dir) ? $dir : dirname($dir));
	
	if(empty($pre)){
	
		$result = $archive->_add($dir, PCLZIP_OPT_REMOVE_PATH, $rempath,
								  PCLZIP_OPT_ADD_PATH, $addpath,
								  PCLZIP_OPT_TEMP_FILE_ON);
								  
	}else{
	
		$result = $archive->_add($dir, PCLZIP_OPT_REMOVE_PATH, $rempath,
								  PCLZIP_OPT_ADD_PATH, $addpath,
								  PCLZIP_CB_PRE_ADD, $pre,
								  PCLZIP_OPT_TEMP_FILE_ON);
	
	}
	
	if($result == 0){
		
		if(!empty($_GET['debug']) && @$_GET['debug'] == 'soft'){
			echo $archive->errorInfo();
		}
		
		return false;
	}
	
	return true;

}

/**
 * Checks if the user can download the site
 * @package      sitepad 
 * @author       Brijesh Kothari
 * @returns 	 bool false if the user is not allowed to download the site else true
 * @since     	 4.4.3
 */
function can_download_site(){
	
	global $SESS, $sitepad;
	
	if(!empty($SESS['enable_downloads'])){
		return true;
	}
	
	if(!empty($sitepad['features']['download_site'])){
		return true;
	}
	
	return false;
}

/**
 * Encode a TEXT string into a Softaculous Encode Format
 *
 * @package      softaculous
 * @subpackage   license
 * @author       Pulkit Gupta
 * @param        string $txt The string to be encoded.
 * @return       string The encoded string.
 * @since     	 1.0
 */
function sm_encode($txt){
	
	$from = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j');
	
	$to = array('!', '@', '#', '$', '%', '^', '&', '*', '(', ')');
	
	$txt = base64_encode($txt);
	$txt = str_replace($from, $to, $txt);
	$txt = gzcompress($txt);
	
	// Reverse the Bits	
	for($i = 0; $i < strlen($txt); $i++){
		$txt[$i] = sm_reverse_bits($txt[$i]);
		//echo $i.' - '.$txt[$i].' - '.sm_reverse_bits($txt[$i]).'<br>';
	}
	
	$txt = base64_encode($txt);
	
	//echo '<br>---------------<br>';
	
	return $txt;
}

/**
 * Decode a TEXT string from a Softaculous Encode Formatted string
 *
 * @package      softaculous
 * @subpackage   license
 * @author       Pulkit Gupta
 * @param        string $txt The string to be decoded.
 * @return       string The decoded string.
 * @since     	 1.0
 */
function sm_decode($txt){
	
	$from = array('!', '@', '#', '$', '%', '^', '&', '*', '(', ')');

	$to = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j');
	
	$txt = base64_decode($txt);
	
	// Reverse the Bits	
	for($i = 0; $i < strlen($txt); $i++){
		$txt[$i] = sm_reverse_bits($txt[$i]);
		//echo $i.' - '.$txt[$i].' - '.sm_reverse_bits($txt[$i]).'<br>';
	}
	
	$txt = gzuncompress($txt);
	$txt = str_replace($from, $to, $txt);
	$txt = base64_decode($txt);
	return $txt;
	
}

function sm_reverse_bits($orig){
	$v = decbin(ord($orig));
	$pad = str_pad($v, 8, '0', STR_PAD_LEFT);
	$rev = strrev($pad);
	$bin = bindec($rev);
	$chr = chr($bin);
	//echo $pad.' - '.$v.' - '.$txt[$i].' - '.$rev.' - '.$bin.' - '.$chr.'<br>';
	return $chr;
}