amember/setup.php first', 0); } $q = mysql_query ('SELECT name,type,value,blob_value FROM ' . $this_config['prefix'] . 'config'); while (list ($n, $t, $v, $bv) = mysql_fetch_row ($q)) { switch ($t) { case 0: { break; } case 1: { $v = unserialize ($bv); break; } case 2: { $v = $bv; $bv = ''; break; } case 3: { $v = amember_decrypt ($v); break; } case 4: { $v = eval ($v); break; } default: { exit ('Unknown type'); break; } } $nn = preg_split ('/\\./', $n); if (1 < count ($nn)) { $p = &$config; foreach ($nn as $x) { $p = &$p[$x]; } $p = $v; continue; } else { $config[$n] = $v; continue; } } } function add_fields_from_config () { global $config; foreach ((array)$config['member_fields'] as $f) { add_member_field ($f['name'], $f['title'], $f['type'], $f['description'], $f['validate_func'], (array)$f['additional_fields'] + array ('from_config' => 1)); } foreach ((array)$config['product_fields'] as $f) { add_product_field ($f['name'], $f['title'], $f['type'], $f['description'], $f['validate_func'], (array)$f['additional_fields'] + array ('from_config' => 1)); } foreach ((array)$config['payment_fields'] as $f) { add_payment_field ($f['name'], $f['title'], $f['type'], $f['description'], $f['validate_func'], (array)$f['additional_fields'] + array ('from_config' => 1)); } } function amember_crypt ($string) { if ($err = _amember_get_iconf ()) { exit ('License Error: ' . $err); } $key = 'Xjk23cbnmk28;ajandb4b300zxchB&!@^#$DOFCNCccc334ff,masd'; $cc = __internal_crypt ($string, $key); return rawurlencode ($cc); } function amember_decrypt ($string) { $key = 'Xjk23cbnmk28;ajandb4b300zxchB&!@^#$DOFCNCccc334ff,masd'; return rawurldecode (rawurlencode (__internal_crypt (rawurldecode ($string), $key))); } function __internal_crypt ($data, $pwd) { $cb = ''; settype (&$cb, 'array'); settype (&$tt, 'string'); $kk = ''; settype (&$kk, 'array'); $i = 0; for ($pl = strlen ($pwd); $i < 256; ++$i) { $kk[$i] = ord (substr ($pwd, $i % $pl, 1)); $cb[$i] = $i; } $i = 0; for ($j = 0; $i < 256; ++$i) { $j = ($j + $cb[$i] + $kk[$i]) % 256; $tt = $cb[$i]; $cb[$i] = $cb[$j]; $cb[$j] = $tt; } $tttt = $k = $news = $newss = ''; $a = 0; $j = 0; for ($i = 0; $i < strlen ($data); ++$i) { $a += 1; $a %= 256; $j += $cb[$a]; $j %= 256; $tttt = $cb[$a]; $cb[$a] = $cb[$j]; $cb[$j] = $tttt; $k = $cb[($cb[$a] + $cb[$j]) % 256]; $newss .= chr (ord (substr ($data, $i, 1)) ^ $k); } return $newss; } function get_min_domain ($domain) { $domain = preg_replace ('/(\\:\\d+)$/', '', $domain); if ($domain == 'localhost') { return $domain; } $tlds = preg_split ('/\\s+/', '.com .net .org .co.uk .org.uk .ltd.uk .plc.uk .edu .mil .br.com .cn.com .eu.com .hu.com .no.com .qc.com .sa.com .se.com .se.net .us.com .uy.com .za.com .ac .co.ac .gv.ac .or.ac .ac.ac .af .am .as .at .ac.at .co.at .gv.at .or.at .asn.au .com.au .edu.au .org.au .net.au .be .ac.be .biz .br .adm.br .adv.br .am.br .arq.br .art.br .bio.br .cng.br .cnt.br .com.br .ecn.br .eng.br .esp.br .etc.br .eti.br .fm.br .fot.br .fst.br .g12.br .gov.br .ind.br .inf.br .jor.br .lel.br .med.br .mil.br .net.br .nom.br .ntr.br .odo.br .org.br .ppg.br .pro.br .psc.br .psi.br .rec.br .slg.br .tmp.br .tur.br .tv.br .vet.br .zlg.br .ca .ab.ca .bc.ca .mb.ca .nb.ca .nf.ca .ns.ca .nt.ca .on.ca .pe.ca .qc.ca .sk.ca .yk.ca .cc .ac.cn .com.cn .edu.cn .gov.cn .net.cn .org.cn .bj.cn .sh.cn .tj.cn .cq.cn .he.cn .nm.cn .ln.cn .jl.cn .hl.cn .js.cn .zj.cn .ah.cn .hb.cn .hn.cn .gd.cn .gx.cn .hi.cn .sc.cn .gz.cn .yn.cn .xz.cn .sn.cn .gs.cn .qh.cn .nx.cn .xj.cn .tw.cn .hk.cn .mo.cn .cx .cz .de .dk .fo .com.ec .org.ec .net.ec .mil.ec .fin.ec .med.ec .gov.ec .fr .tm.fr .com.fr .asso.fr .presse.fr .gf .gs .co.il .org.il .net.il .ac.il .k12.il .gov.il .muni.il .ac.in .co.in .ernet.in .gov.in .net.in .res.in .info .is .it .ac.jp .co.jp .go.jp .or.jp .ne.jp .ac.kr .co.kr .go.kr .ne.kr .nm.kr .or.kr .re.kr .li .lt .lu .asso.mc .tm.mc .com.mm .org.mm .net.mm .edu.mm .gov.mm .ms .mx .com.mx .org.mx .net.mx .edu.mx .gov.mx .name .nl .no .nu .pl .com.pl .net.pl .org.pl .pt .com.ro .org.ro .store.ro .tm.ro .firm.ro .www.ro .arts.ro .rec.ro .info.ro .nom.ro .nt.ro .ru .com.ru .net.ru .org.ru .se .si .com.sg .org.sg .net.sg .gov.sg .sk .st .tc .tf .ac.th .co.th .go.th .mi.th .net.th .or.th .tj .tm .to .bbs.tr .com.tr .edu.tr .gov.tr .k12.tr .mil.tr .net.tr .org.tr .com.tw .org.tw .net.tw .ac.uk .uk.co .uk.com .uk.net .gb.com .gb.net .vg .ac.za .alt.za .co.za .edu.za .gov.za .mil.za .net.za .ngo.za .nom.za .org.za .school.za .tm.za .web.za .sh .kz .ch .info .ua .biz .ws .nz .com.nz .co.nz .org.nz .com.pk .int'); $min = ''; foreach ($tlds as $d) { $dd = preg_quote ($d); if (preg_match ('/([^\\.]+?' . $dd . ')$/', $domain, $regs)) { if (strlen ($min) < strlen ($regs[1])) { $min = $regs[1]; continue; } continue; } } if (!(strlen ($min))) { if (preg_match ('/(\\w+\\.\\w+)$/', $domain, $regs)) { $min = $regs[1]; } else { exit ('Cannot create license: unknown TLD for domain: ' . $domain); } } $dc = $min; return strtolower ($dc); } function decode_ha ($myin) { $myout = ''; for ($i = 0; $i < strlen ($myin) / 2; ++$i) { $myout .= chr (base_convert (substr ($myin, $i * 2, 2), 16, 10)); } return $myout; } function decode_hb ($license, &$dmm, &$smm, &$exp) { $dmm = $smm = $exp = ''; if (!(strlen ($license))) { return 'License empty - please visit aMember Pro Control Panel -> Setup/Configuration -> License'; } if (!(preg_match ('|=====.+?=====\\s+(\\w+)\\s+(\\w+)\\s+(\\w+)\\s+(\\w+)\\s+=====|', $license, $line))) { return 'License invalid - please contact CGI-Central Support'; } array_shift (&$line); $exp = substr ($line[1], 35, -1); $exp = decode_ha ($exp); $dmm = substr ($line[2], 1, -35); $dmm = decode_ha ($dmm); $smm = substr ($line[3], 33, -1); $smm = decode_ha ($smm); $fs = (is_lite () ? 'OIuj3oPih29tbf' : 'UmCv0)9237**7231'); $ls = (is_lite () ? '!^aslj34cxq2|xO#sx' : '.,nm!#($*^jAdCMy*(&78z76234nkcsP\':?z'); $md5 = strtoupper (md5 ($fs . $dmm . $exp . '.,nm!#($*^jAdCMy*(&7813nc52asasa|||z')); $sd5 = strtoupper (md5 ('Umxv0)5786*I7x31' . $smm . $exp . $ls)); $md5o = substr ($line[1], 1, 32); $sd5o = substr ($line[2], strlen ($line[2]) - 33, 32); if ($sd5o != $sd5) { return 'License error - secure domain check incorrect'; } if ($md5o != $md5) { return 'License error - domain check incorrect'; } if ($sd5o != $sd5) { if ($md5o != $md5) { return 'License error - domain check failed'; } } if (!($exp)) { return 'License expiration date incorrect'; } } function _amember_get_iconf () { global $config; $domain = $_SERVER['HTTP_HOST']; if (!($domain)) { $domain = parse_url ($config['root_url']); $domain = $domain['host']; if (!($domain)) { $domain = $_SERVER['SERVER_NAME']; } } if ($domain == '') { exit ('Cannot get domain name'); } $domain = get_min_domain ($domain); $sdomain = ''; $sdomain = $_SERVER['HTTP_HOST']; if (!($sdomain)) { $sdomain = parse_url ($config['root_surl']); $sdomain = $sdomain['host']; if (!($sdomain)) { $sdomain = $_SERVER['SERVER_NAME']; } } if ($sdomain == '') { exit ('Cannot get secure domain name'); } $sdomain = get_min_domain ($sdomain); $date = date ('Y-m-d'); global $_amember_license; $_amember_license = array (); foreach (preg_split ('|===== ENF OF LICENSE =====[\\r\\n\\s]*|m', $config['license'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE) as $v) { $v .= '===== ENF OF LICENSE ====='; if ($error = decode_hb ($v, &$dmm, &$smm, &$exp)) { return $error; } if ($exp < date ('Y-m-d')) { mail_admin (' Your aMember Pro license expired. Please login into CGI-Central Members section and get new license file in order to continue aMember Pro usage. ', 'URGENT: License Expired (aMember Pro)'); return 'License expired'; } if (date ('Y-m-d') == $exp) { mail_admin (' Your aMember Pro license is about to expire. Expiration date: ' . $exp . ' Please login into CGI-Central Members section and get new license file. ', 'URGENT: License Expiration (aMember Pro)'); } $_amember_license['expire'] = $exp; $_amember_license['domain'][] = $dmm; $_amember_license['secure_domain'][] = $smm; } $up = parse_url ($config['root_url']); if ($up['host'] == '') { exit ('Root URL is empty'); } $root_domain = get_min_domain ($up['host']); $up = parse_url ($config['root_surl']); if ($up['host'] == '') { exit ('Secure Root URL is empty'); } $sroot_domain = get_min_domain ($up['host']); $matched_domain = 0; $matched_sdomain = 0; $matched_root_url = 0; $matched_sroot_url = 0; foreach (array_merge ($_amember_license['domain'], $_amember_license['secure_domain']) as $d) { if ($domain == $d) { ++$matched_domain; } if ($sdomain == $d) { ++$matched_sdomain; } $d = preg_quote ($d); if (preg_match ('/(^|\\.)' . $d . '$/', $root_domain)) { ++$matched_root_url; } if (preg_match ('/(^|\\.)' . $d . '$/', $sroot_domain)) { ++$matched_sroot_url; continue; } } $list_domains = join (',', array_unique (array_merge ($_amember_license['domain'], $_amember_license['secure_domain']))); $url = ($_SERVER['SERVER_PORT'] == 443 ? 'https://' : 'http://'); $url .= $domain . $_SERVER['REQUEST_URI']; $ref = $_SERVER['HTTP_REFERER']; if (!($matched_domain)) { return 'License error - license domain does not match your domain (' . $domain . '!=' . $list_domains . ')
at ' . $url . '
ref from ' . $ref; } if (!($matched_sdomain)) { return 'License error - license domain does not match your secure domain (' . $sdomain . '!=' . $list_domains . ')
at ' . $url . '
ref from ' . $ref; } if (!($matched_root_url)) { return 'Configured Root URL \'' . $config['root_url'] . '\' doesn\'t match license domain (' . $list_domains . ')
at ' . $url . '
ref from ' . $ref; } if (!($matched_sroot_url)) { return 'Configured Secure Root URL \'' . $config['root_surl'] . '\' doesn\'t match license domain (' . $list_domains . ')
at ' . $url . '
ref from ' . $ref; } return ''; } function _amember_error_handler ($errno, $errstr, $errfile, $errline) { global $db; if (error_reporting () == 0) { return null; } switch ($errno) { case E_ERROR: { } case E_PARSE: { } case E_CORE_ERROR: { } case E_COMPILE_ERROR: { fatal_error ('FATAL [' . $errno . '] ' . $errstr . ' in line ' . $errline . ' of file ' . $errfile); exit (1); } case E_USER_ERROR: { fatal_error ('ERROR [' . $errno . '] ' . $errstr . ' in line ' . $errline . ' of file ' . $errfile); return null; } case E_USER_WARNING: { } case E_WARNING: { $ef = basename ($errfile); if (!(defined ('SILENT_AMEMBER_ERROR_HANDLER'))) { echo 'WARNING: ' . $errstr . ' in line ' . $errline . ' of file ' . $ef . '
'; } if ($AMEMBER_DONT_LOG_NEXT_ERROR) { $AMEMBER_DONT_LOG_NEXT_ERROR = null; return null; } $db->log_error ('WARNING: ' . $errstr . ' in line ' . $errline . ' of file ' . $errfile); } } } if (!(defined ('INCLUDED_AMEMBER_CONFIG'))) { exit ('Direct access to this location is not allowed'); } require_once $config['root_dir'] . '/smarty/Smarty.class.php'; require_once $config['root_dir'] . '/common.inc.php'; if (!((!isset ($_REQUEST['GLOBALS']) AND !isset ($_FILES['GLOBALS'])))) { exit ('Request tainting attempted'); } $AMEMBER_DONT_LOG_NEXT_ERROR = null; global $config; require_once $config['root_dir'] . '/includes/phpmailer/class.phpmailer.php'; $config['plugins_dir']['payment'] = $config['root_dir'] . '/plugins/payment'; $config['plugins_dir']['protect'] = $config['root_dir'] . '/plugins/protect'; $config['plugins_dir']['db'] = $config['root_dir'] . '/plugins/db'; $config['data_dir'] = $config['root_dir'] . '/data'; $plugin_config = $config; read_db_config (&$config); start_amember_session (); $plugin_config = $config; $plugins = $config['plugins']; $plugins['db'][0] = 'mysql'; $msg = _amember_get_iconf (); if ($config['site_title'] == '') { $config['site_title'] = 'aMember'; } require_once $config['root_dir'] . '/db.inc.php'; require_once $config['root_dir'] . '/paysys.inc.php'; require_once $config['root_dir'] . '/member.inc.php'; require_once $config['root_dir'] . '/product.inc.php'; require_once $config['root_dir'] . '/payment.inc.php'; require_once $config['root_dir'] . '/plugins.inc.php'; require_once $config['root_dir'] . '/plugins/protect/php_include/bruteforce.inc.php'; load_countries_config (); start_amember_session (); add_fields_from_config (); require_once $config['root_dir'] . '/aff.inc.php'; if (file_exists ($config['root_dir'] . '/site.inc.php')) { require_once $config['root_dir'] . '/site.inc.php'; } if ($config['send_signup_mail']) { setup_plugin_hook ('finish_waiting_payment', 'check_for_signup_mail'); } if ($config['send_payment_admin']) { setup_plugin_hook ('finish_waiting_payment', 'mail_payment_admin'); } setup_plugin_hook ('daily', 'mail_expire_members'); setup_plugin_hook ('daily', 'check_expire_members'); setup_plugin_hook ('daily', 'clear_access_log'); setup_plugin_hook ('daily', 'delete_old_newsletters'); setup_plugin_hook ('finish_waiting_payment', 'remove_newsletter_guest'); if (!($config['use_cron'])) { check_cron (); } ?>