coupon_activation.php

/bitrix/coupon_activation.php

https://bitbucket.org/StasPiv/pharmalad.com · PHP · 530 lines · 300 code · 37 blank · 193 comment · 29 complexity · 56c1249c6ec1919669f7535cc31e007e MD5 · raw file

<?

define("UPDATE_SYSTEM_VERSION", "9.0.2");

error_reporting(E_ALL & ~E_NOTICE);



require_once($_SERVER['DOCUMENT_ROOT']."/bitrix/php_interface/dbconn.php");

require_once($_SERVER['DOCUMENT_ROOT']."/bitrix/modules/main/classes/".$DBType."/database.php");

require_once($_SERVER['DOCUMENT_ROOT']."/bitrix/modules/main/tools.php");



if ($_REQUEST['lang'] == 'ru')

	define("LANGUAGE_ID", 'ru');

else

	define("LANGUAGE_ID", 'en');



$MESS = array();

if (LANGUAGE_ID == 'ru')

{

	$MESS['TITLE'] = 'Восстановление';

	$MESS['LOGIN_PROMT'] = 'Логин администратора';

	$MESS['PASSWORD_PROMT'] = 'Пароль администратора';

	$MESS['COUPON_PROMT'] = 'Лицензионный ключ или купон';

	$MESS['BUTTON_SUBMIT'] = 'Восстановить';

	$MESS['BUTTON_RESET'] = 'Отменить';

	$MESS['ERROR_EMPTY_CONTENT'] = 'Сервер не отвечает';

	$MESS['ERROR_INVALID_CONTENT'] = 'Ответ сервера не распознан';

	$MESS['ERROR_NOT_ADMIN'] = 'Вы не являетесь администратором';

	$MESS['ERROR_INVALID_COUPON'] = 'Лицензионный ключ / купон не корректен';

	$MESS['ERROR_EMPTY_COUPON'] = 'Лицензионный ключ / купон не указан';

	$MESS['SUCCESS_RECOVER'] = "Работоспособность сайта восстановлена";

	$MESS['ERROR_NOT_WRITABLE'] = "Ядро продукта не доступно на запись";

	$MESS['ERROR_NOT_FOPEN'] = "Не удалось открыть файл на запись";

}

else

{

	$MESS['TITLE'] = 'Restore';

	$MESS['LOGIN_PROMT'] = 'Administrator\'s Login';

	$MESS['PASSWORD_PROMT'] = 'Administrator\'s Password';

	$MESS['COUPON_PROMT'] = 'License Key or Coupon';

	$MESS['BUTTON_SUBMIT'] = 'Restore';

	$MESS['BUTTON_RESET'] = 'Cancel';

	$MESS['ERROR_EMPTY_CONTENT'] = 'Server does not respond.';

	$MESS['ERROR_INVALID_CONTENT'] = 'Server response is not recognized';

	$MESS['ERROR_NOT_ADMIN'] = 'You are not an administrator';

	$MESS['ERROR_INVALID_COUPON'] = 'License Key / Coupon is incorrect';

	$MESS['ERROR_EMPTY_COUPON'] = 'License Key / Coupon is not specified';

	$MESS['SUCCESS_RECOVER'] = "Site restore completed";

	$MESS['ERROR_NOT_WRITABLE'] = "Folder is not writable";

	$MESS['ERROR_NOT_FOPEN'] = "File open fails";

}



$DB = new CDatabase;

$DB->debug = $DBDebug;

$DB->Connect($DBHost, $DBName, $DBLogin, $DBPassword);



$errorMessage = "";

$successMessage = "";



/**************************************************************************************************************************/

/*************************   FUNCTIONS   **********************************************************************************/

/**************************************************************************************************************************/

if (!function_exists("file_get_contents"))

{

	function file_get_contents($filename)

	{

		$fd = fopen("$filename", "rb");

		$content = fread($fd, filesize($filename));

		fclose($fd);

		return $content;

	}

}



function UpdateGetOption($name, $default = "")

{

	global $DB;



	$value = "";

	$dbOption = $DB->Query("SELECT VALUE FROM b_option WHERE MODULE_ID='main' AND NAME='".$DB->ForSql($name)."'", true);

	if ($arOption = $dbOption->Fetch())

		$value = $arOption['VALUE'];

	if (strlen($value) <= 0)

		$value = $default;



	return $value;

}



function UpdateSetOption($name, $value)

{

	global $DB, $DBType;



	$fn = $_SERVER['DOCUMENT_ROOT']."/bitrix/managed_cache/".strtoupper($DBType)."/e5/".md5("b_option").".php";

	@chmod($fn, BX_FILE_PERMISSIONS);

	@unlink($fn);



	$dbResult = $DB->Query("SELECT 'x' FROM b_option WHERE MODULE_ID='main' AND NAME='".$DB->ForSql($name)."'");

	if ($dbResult->Fetch())

	{

		$DB->Query("UPDATE b_option SET VALUE='".$DB->ForSql($value, 2000)."' WHERE MODULE_ID='main' AND NAME='".$DB->ForSql($name)."'");

	}

	else

	{

		$DB->Query(

			"INSERT INTO b_option(SITE_ID, MODULE_ID, NAME, VALUE) ".

			"VALUES(NULL, 'main', '".$DB->ForSql($name, 50)."', '".$DB->ForSql($value, 2000)."') "

		);

	}

}



function UpdateGetHTTPPage($requestDataAdd, &$errorMessage)

{

	global $DB;



	$serverIP = UpdateGetOption("update_site", "www.bitrixsoft.com");

	$serverPort = 80;



	$proxyAddr = UpdateGetOption("update_site_proxy_addr", "");

	$proxyPort = 0;

	$proxyUserName = "";

	$proxyPassword = "";

	if (strlen($proxyAddr) > 0)

	{

		$proxyPort = intval(UpdateGetOption("update_site_proxy_port", ""));

		$proxyUserName = UpdateGetOption("update_site_proxy_user", "");

		$proxyPassword = UpdateGetOption("update_site_proxy_pass", "");

	}



	$bUseProxy = (strlen($proxyAddr) > 0 && $proxyPort > 0);



	if ($bUseProxy)

	{

		$requestIP = $proxyAddr;

		$requestPort = $proxyPort;

	}

	else

	{

		$requestIP = $serverIP;

		$requestPort = $serverPort;

	}



	$FP = fsockopen($requestIP, $requestPort, $errno, $errstr, 120);



	if ($FP)

	{

		$LICENSE_KEY = "demo";

		if (file_exists($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php"))

			include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php");



		$dbv = $DB->GetVersion();

		

		$usrCnt = 0;

		$q = "SELECT COUNT(U.ID) as C FROM b_user U WHERE U.ACTIVE = 'Y' AND U.LAST_LOGIN IS NOT NULL AND EXISTS(SELECT 'x' FROM b_utm_user UF, b_user_field F WHERE F.ENTITY_ID = 'USER' AND F.FIELD_NAME = 'UF_DEPARTMENT' AND UF.FIELD_ID = F.ID AND UF.VALUE_ID = U.ID AND UF.VALUE_INT IS NOT NULL AND UF.VALUE_INT <> 0)";

		$dbRes = $DB->Query($q, true);

		if ($dbRes && ($arRes = $dbRes->Fetch()))

			$usrCnt = $arRes["C"];



		$requestData = 

			"&LICENSE_KEY=".urlencode(md5($LICENSE_KEY)).

			"&lang=".urlencode(LANGUAGE_ID).

			"&utf=".urlencode(defined('BX_UTF') ? "Y" : "N").

			"&stable=".urlencode(UpdateGetOption("stable_versions_only", "Y")).

			"&CANGZIP=".urlencode(function_exists("gzcompress") ? "Y" : "N").

			"&SUPD_STS=".urlencode("RA").

			"&SUPD_DBS=".urlencode($DB->type).

			"&XE=".urlencode(($DB->XE) ? "Y" : "N").

			"&SUPD_URS=".urlencode($usrCnt).

			"&CLIENT_SITE=".urlencode($_SERVER["SERVER_NAME"]).

			"&spd=".urlencode(UpdateGetOption("crc_code", "")).

			"&dbv=".urlencode($dbv != false ? $dbv : "").

			"&SUPD_VER=".urlencode(UPDATE_SYSTEM_VERSION);



		if (strlen($requestDataAdd) > 0)

			$requestData .= "&".$requestDataAdd;



		$requestString = "";



		if ($bUseProxy)

		{

			$requestString .= "POST http://".$serverIP."/bitrix/updates/us_updater_actions.php HTTP/1.0\r\n";

			if (strlen($proxyUserName) > 0)

				$requestString .= "Proxy-Authorization: Basic ".base64_encode($proxyUserName.":".$proxyPassword)."\r\n";

		}

		else

			$requestString .= "POST /bitrix/updates/us_updater_actions.php HTTP/1.0\r\n";





		$requestString .= "User-Agent: BitrixSMUpdater\r\n";

		$requestString .= "Accept: */*\r\n";

		$requestString .= "Host: ".$serverIP."\r\n";

		$requestString .= "Accept-Language: en\r\n";

		$requestString .= "Content-type: application/x-www-form-urlencoded\r\n";

		$requestString .= "Content-length: ".strlen($requestData)."\r\n\r\n";

		$requestString .= "$requestData";

		$requestString .= "\r\n";



		fputs($FP, $requestString);



		while (!feof($FP))

		{

			$line = fgets($FP, 4096);

			if ($line == "\r\n")

				break;

		}



		$content = "";

		while ($line = fread($FP, 4096))

			$content .= $line;



		fclose($FP);

	}

	else

	{

		$content = "";

		$errorMessage .= "[".$errno."] ".$errstr.". ";

	}



	return $content;

}



function UpdateHtmlSpecialCharsBack($str)

{

	if (strlen($str) > 0)

	{

		$str = str_replace("&lt;", "<", $str);

		$str = str_replace("&gt;", ">", $str);

		$str = str_replace("&quot;", "\"", $str);

		$str = str_replace("&amp;", "&", $str);

	}

	return $str;

}



function UpdateParseServerData($content, &$errorMessage)

{

	global $MESS;



	$arContent = array();



	if (substr($content, 0, strlen("<DATA>")) != "<DATA>" && function_exists("gzcompress"))

		$content = @gzuncompress($content);



	if (substr($content, 0, strlen("<DATA>")) != "<DATA>")

		return false;



	if (preg_match_all('#<ERROR[^>]*>(.+?)</ERROR>#is', $content, $arMatches))

	{

		for ($i = 0, $cnt = count($arMatches[1]); $i < $cnt; $i++)

			$errorMessage .= UpdateHtmlSpecialCharsBack($arMatches[1][$i]).". ";



		return false;

	}



	if (preg_match('#<RENT\s+([^>]*)/>#i', $content, $arMatches))

	{

		if (preg_match_all("/(\\S+?)\\s*=\\s*[\"](.*?)[\"]/s", $arMatches[1], $arMatches1))

		{

			for ($i = 0, $cnt = count($arMatches1[1]); $i < $cnt; $i++)

				$arContent[$arMatches1[1][$i]] .= $arMatches1[2][$i];

		}

	}



	if (isset($arContent["V1"]) && isset($arContent["V2"]))

		return $arContent;



	return false;

}



function UpdateActivateCoupon($coupon, &$errorMessage)

{

	global $MESS;



	$postDataString = "coupon=".urlencode($coupon)."&query_type=".urlencode("reincarnate");

	$content = UpdateGetHTTPPage($postDataString, $errorMessage);

	if (strlen($content) <= 0)

	{

		$errorMessage .= $MESS['ERROR_EMPTY_CONTENT'].". ";

		return false;

	}



	$arContent = UpdateParseServerData($content, $errorMessage);

	if (!is_array($arContent) || count($arContent) <= 0)

	{

		if (strlen($errorMessage) <= 0)

			$errorMessage .= $MESS['ERROR_INVALID_CONTENT'].". ";

		return false;

	}



	UpdateSetOption('~SAAS_MODE', "Y");



	UpdateSetOption('admin_passwordh', $arContent["V1"]);



	if (is_writable($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/admin/define.php"))

	{

		if ($fp = fopen($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/admin/define.php", 'w'))

		{

			fwrite($fp, "<"."?Define(\"TEMPORARY_CACHE\", \"".$arContent["V2"]."\");?".">");

			fclose($fp);

		}

		else

		{

			$errorMessage .= $MESS['ERROR_NOT_FOPEN'].". ";

		}

	}

	else

	{

		$errorMessage .= $MESS['ERROR_NOT_WRITABLE'].". ";

	}



	if (isset($arContent["DATE_TO_SOURCE"]))

		UpdateSetOption("~support_finish_date", $arContent["DATE_TO_SOURCE"]);

	if (isset($arContent["MAX_SITES"]))

		UpdateSetOption("PARAM_MAX_SITES", intval($arContent["MAX_SITES"]));

	if (isset($arContent["MAX_USERS"]))

		UpdateSetOption("PARAM_MAX_USERS", intval($arContent["MAX_USERS"]));

	if (isset($arContent["ISLC"]))

	{

		if (is_writable($_SERVER['DOCUMENT_ROOT']."/bitrix/license_key.php"))

		{

			if ($fp = fopen($_SERVER['DOCUMENT_ROOT']."/bitrix/license_key.php", "wb"))

			{

				fputs($fp, '<'.'?$LICENSE_KEY = "'.EscapePHPString($coupon).'";?'.'>');

				fclose($fp);

			}

			else

			{

				$errorMessage .= $MESS['ERROR_NOT_FOPEN'].". ";

			}

		}

		else

		{

			$errorMessage .= $MESS['ERROR_NOT_WRITABLE'].". ";

		}

	}



	return true;

}



function UpdateIsAdmin($login, $password)

{

	global $DB;



	if (strlen($login) <= 0 || strlen($password) <= 0)

		return false;



	$dbUser = $DB->Query(

		"SELECT U.ID, U.PASSWORD ".

		"FROM b_user U ".

		"	INNER JOIN b_user_group UG ON (UG.USER_ID = U.ID) ".

		"WHERE U.LOGIN = '".$DB->ForSql($login)."' ".

		"	AND (U.EXTERNAL_AUTH_ID IS NULL OR U.EXTERNAL_AUTH_ID = '') ".

		"	AND U.ACTIVE = 'Y' ".

		"	AND UG.GROUP_ID = 1 ".

		"	AND ((UG.DATE_ACTIVE_FROM IS NULL) OR (UG.DATE_ACTIVE_FROM <= ".$DB->CurrentTimeFunction().")) ".

		"	AND ((UG.DATE_ACTIVE_TO IS NULL) OR (UG.DATE_ACTIVE_TO >= ".$DB->CurrentTimeFunction().")) "

	);

	if ($arUser = $dbUser->Fetch())

	{

		if (strlen($arUser["PASSWORD"]) > 32)

		{

			$salt = substr($arUser["PASSWORD"], 0, strlen($arUser["PASSWORD"]) - 32);

			$db_password = substr($arUser["PASSWORD"], -32);

		}

		else

		{

			$salt = "";

			$db_password = $arUser["PASSWORD"];

		}



		$user_password =  md5($salt.$password);



		return ($db_password === $user_password);

	}



	return false;

}



/**************************************************************************************************************************/

/**************************************************************************************************************************/

/**************************************************************************************************************************/



header("Content-Type: text/html; charset=windows-1251");



if ($_SERVER["REQUEST_METHOD"] == "POST")

{

	if (strlen($_POST["autoActivateCoupon"]) > 0)

	{

		$autoActivateCoupon = $_POST["autoActivateCoupon"];

		if (preg_match("#^[A-Z0-9]{3}-[A-Z0-9]{10}-[A-Z0-9]{10}$#i", $autoActivateCoupon))

		{

			if (UpdateActivateCoupon($autoActivateCoupon, $errorMessage))

				echo "success";

			else

				echo $errorMessage;

		}

		else

		{

			echo "error";

		}

		die();

	}



	if (strlen($_POST["reincarnate"]) > 0)

	{

		if (strlen($_POST["coupon"]) <= 0)

		{

			$errorMessage .= $MESS['ERROR_EMPTY_COUPON'].". ";

		}

		elseif (!preg_match("#^[A-Z0-9]{3}-[A-Z]{2}-?[A-Z0-9]{12,18}$#i", $_POST["coupon"]) && !preg_match("#^[A-Z0-9]{3}-[A-Z0-9]{10}-[A-Z0-9]{10}$#i", $_POST["coupon"]))

		{

			$errorMessage .= $MESS['ERROR_INVALID_COUPON'].". ";

		}

		elseif (!UpdateIsAdmin($_POST["login"], $_POST["password"]))

		{

			$errorMessage .= $MESS['ERROR_NOT_ADMIN'].". ";

		}

		else

		{

			if (UpdateActivateCoupon($_POST["coupon"], $errorMessage))

				$successMessage .= $MESS['SUCCESS_RECOVER'].". ";

		}

	}

}



?>

<html>

	<head>

		<title><?= $MESS['TITLE'] ?></title>

		<link rel="stylesheet" type="text/css" href="/bitrix/themes/.default/sysupdate.css">

		<link rel="stylesheet" type="text/css" href="/bitrix/themes/.default/adminstyles.css">

	</head>

	<body>

	<?

	if (strlen($errorMessage) > 0)

	{

		?><br>

		<table width="600" align="center" cellspacing="1" cellpadding="10" bgcolor="red"><tr><td bgcolor="white">

		<font style="color:red"><b><?= $errorMessage ?></b></font>

		</td></tr></table>

		<br>

		<?

	}



	if (strlen($successMessage) > 0)

	{

		?><br>

		<table width="600" align="center" cellspacing="1" cellpadding="10" bgcolor="green"><tr><td bgcolor="white">

		<font style="color:green"><b><?= $successMessage ?></b></font>

		</td></tr></table>

		<br>

		<?

	}



	?>

	<form method="POST" action="/bitrix/coupon_activation.php">

	<input type="hidden" name="lang" value="<?= htmlspecialchars(LANGUAGE_ID) ?>" />



	<table width="100%" cellspacing="0" cellpadding="0" border="0">

		<tr>

			<td width="20%">

			</td>

			<td width="60%">

				<br />

				<div class="edit-form">

				<table cellpadding="0" cellspacing="0" border="0" width="100%" class="edit-form">

					<tr class="top">

						<td class="left"><div class="empty"></div></td>

						<td><div class="empty"></div></td>

						<td class="right"><div class="empty"></div></td>

					</tr>

					<tr>

						<td class="left"><div class="empty"></div></td>

						<td class="content">

							<table cellspacing="0" class="edit-tabs" width="100%">

								<tr>

									<td class="tab-indent"><div class="empty"></div></td>

									<td class="tab-container-selected">

										<table cellspacing="0">

											<tr>

												<td class="tab-left-selected" id="tab_left_edit1"><div class="empty"></div></td>

												<td class="tab-selected" id="tab_edit1"><?= $MESS['TITLE'] ?></td>

												<td class="tab-right-selected" id="tab_right_edit1"><div class="empty"></div></td>

											</tr>

										</table>

									</td>

									<td width="100%" class="tab-indent"><div class="empty"></div></td>

								</tr>

							</table>

							<table cellspacing="0" class="edit-tab">

								<tr>

									<td>

										<div id="edit1" class="edit-tab-inner"><div style="height: 100%;">

										<table cellpadding="0" cellspacing="0" border="0" class="edit-table">

											<tr>

												<td width="40%" align="right"><?= $MESS['LOGIN_PROMT'] ?>:</td>

												<td><input type="text" name="login" value="<?= htmlspecialchars($_POST["login"]) ?>" size="40"></td>

											</tr>

											<tr>

												<td width="40%" align="right"><?= $MESS['PASSWORD_PROMT'] ?>:</td>

												<td><input type="password" name="password" value="" size="40"></td>

											</tr>

											<tr>

												<td width="40%" align="right"><?= $MESS['COUPON_PROMT'] ?>:</td>

												<td><input type="text" name="coupon" value="<?= htmlspecialchars($_POST["coupon"]) ?>" size="40"></td>

											</tr>

										</table>

										</div></div>

									</td>

								</tr>

							</table>



							<div class="buttons">

								<input type="submit" class="button" name="reincarnate" value="<?= $MESS['BUTTON_SUBMIT'] ?>">

								<input type="reset" class="button" name="reset" value="<?= $MESS['BUTTON_RESET'] ?>">

							</div>

						</td>

						<td class="left"><div class="empty"></div></td>

					</tr>

					<tr class="bottom">

						<td class="left"><div class="empty"></div></td>

						<td><div class="empty"></div></td>

						<td class="right"><div class="empty"></div></td>

					</tr>

				</table>

				</div>

			</td>

			<td width="20%">

			</td>

		</tr>

	</table>



	</form>



	</body>

</html>
Alerts (8)

'$_REQUEST[' Unbounded request input detected; limit size (e.g., check Content-Length or use max input vars) to prevent memory exhaustion
9
'global $' Use of global variables; prefer dependency injection or function parameters
73 87 109
'md5(' Weak hashing detected; use password_hash() with PASSWORD_DEFAULT for secure password storage
89 155
'include(' Dynamic include detected; use static paths (e.g., include '/path/file.php') to prevent code injection
144
'die(' Abrupt termination detected; use try-catch or custom error handlers for better control
395