관리-도구
편집 파일: _edit.php
<?php ////////////////////////////////////////////////////////////// //=========================================================== // edit.php(For individual softwares) //=========================================================== // SOFTACULOUS // Version : 1.0 // Inspired by the DESIRE to be the BEST OF ALL // ---------------------------------------------------------- // Started by: Alons // Date: 10th Jan 2009 // Time: 21:00 hrs // Site: http://www.softaculous.com/ (SOFTACULOUS) // ---------------------------------------------------------- // Please Read the Terms of use at http://www.softaculous.com // ---------------------------------------------------------- //=========================================================== // (c)Softaculous Inc. //=========================================================== ////////////////////////////////////////////////////////////// if(!defined('SOFTACULOUS')){ die('Hacking Attempt'); } ///////////////////////////////////////// // All functions in this PAGE must begin // with TWO UNDERSCORE '__' to avoid // clashes with SOFTACULOUS Functions // e.g. __funcname() ///////////////////////////////////////// ////////////////////////////////////////// // Note : The path of the upgrade package // is $software['path'].'/' . So to // access other files use // $software['path'].'/other_file.ext' ////////////////////////////////////////// //The Edit process function __edit($installation){ global $__settings, $globals, $setupcontinue, $software, $error; $__settings = $installation; $__settings['admin_username'] = optPOST('admin_username'); $__settings['admin_pass'] = optPOST('admin_pass'); // Do we need to reset the password ? if(!empty($__settings['admin_pass'])){ // We need the username if(empty($__settings['admin_username'])){ $error[] = '{{err_no_username}}'; return false; } // This is to get dbprefix from import.php sp_include_once($software['path'].'/import.php'); $r = call_user_func('__import_'.$software['softname'], $__settings['softpath']); $__settings['dbprefix'] = $r['dbprefix']; $__settings['softdbhost'] = $r['softdbhost']; $__settings['softdbuser'] = $r['softdbuser']; $__settings['softdbpass'] = $r['softdbpass']; $__settings['softdb'] = $r['softdb']; if(!empty($error)){ return false; } //This is to retrieve hashed value of admin username from the database $query = "SELECT `value` FROM `".$__settings['dbprefix']."_lychee_settings` WHERE `key` = 'username';"; $result = sdb_query($query, $__settings['softdbhost'], $__settings['softdbuser'], $__settings['softdbpass'], $__settings['softdb']); $__settings['admin_username_db'] = $result[0]['value']; //Creating crypted admin username hash $__settings['admin_username_crypt'] = crypt($__settings['admin_username'], $__settings['admin_username_db']); //Verifying admin username db hash with the crypted hash if(!($__settings['admin_username_db'] === $__settings['admin_username_crypt'])){ $error[] = '{{err_no_such_user}}'; return false; }else{ // This is to obtain password method from install.php sp_include_once($software['path'].'/install.php'); //We have commented the $user variable as it reassigns hash value for $__settings['admin_username'] if(sversion_compare(phpversion(), '5.3', '<')){ sconfigure('update_pass.php'); $data = swget($__settings['softurl'].'/update_pass.php'); $data = explode('__softaculous__', $data); //$user = $data['0']; $pass = $data['1']; sunlink($__settings['softpath'].'/update_pass.php'); }else{ //$user = __getHashedString($__settings['admin_username']); $pass = __getHashedString($__settings['admin_pass']); } $__settings['admin_pass'] = $pass; //$__settings['admin_username'] = $user; if(!empty($error)){ return false; } // Update the password now $update_query = "UPDATE `".$__settings['dbprefix']."_lychee_settings` SET `value` = '".$__settings['admin_pass']."' WHERE `key` = 'password';"; $result = sdb_query($update_query, $__settings['softdbhost'], $__settings['softdbuser'], $__settings['softdbpass'], $__settings['softdb']); } } } ?>