dezend please |
Posted: Tue Oct 12, 2010 9:17 pm
klih
Regular user |

Joined: Oct 12, 2010 |
Posts: 11 |
Posted: Wed Oct 13, 2010 3:49 am
tsabitah
Valuable expert |

Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
Code: | <?php
if (!class_exists('ubam_dpdemon_link_protect')) {
class ubam_dpdemon_link_protect
var $master;
function ubam_dpdemon_link_protect($masterclass)
$this->master = $masterclass;
function exec_protect_url()
$mlpBase = $this->master;
$saved_secure_dir = trim($mlpBase->options['ubam_dpdemon_download_directory'], '/');
define('BASE_DIR', ABSPATH . "wp-content/$saved_secure_dir/");
$allowed_ext = array('zip' => 'application/zip', 'pdf' => 'application/pdf', 'doc' => 'application/msword', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', 'exe' => 'application/octet-stream', 'gif' => 'image/gif', 'png' => 'image/png', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'mp3' => 'audio/mpeg', 'wav' => 'audio/x-wav', 'mpeg' => 'video/mpeg', 'mpg' => 'video/mpeg', 'mpe' => 'video/mpeg', 'mov' => 'video/quicktime', 'avi' => 'video/x-msvideo');
if (!ini_get('safe mode')) {
if (!isset($_GET['seclnk']) || empty($_GET['seclnk'])) {
die("Please specify file name for download.");
$seclnk_array = explode('_L-N-KP_', $_GET['seclnk']);
if (count($seclnk_array) < 4) {
die("Invalid URL. Missing security information.");
$sugin_secrypt = new ubam_dpdemon_Secrypt(false);
if (true) {
$valid_referrer = true;
if ($sugin_secrypt->Decrypt($this->pct_decode($seclnk_array[3]), $mlpBase->options['ubam_dpdemon_gen_key'], $mlpBase->options['ubam_dpdemon_gen_secret'])) {
$hotlink = (int)$sugin_secrypt->Data;
$hotlink = ($hotlink == 0 ? 0 : 1);
} else {
if (isset($_SERVER['HTTP_REFERER']) && strlen($_SERVER['HTTP_REFERER']) > 0 && substr($_SERVER['HTTP_REFERER'], 0, strlen(get_bloginfo('home'))) != get_bloginfo('home')) {
$valid_referrer = false;
if ($hotlink > 0 && $valid_referrer) {
if (!(isset($_SERVER['HTTP_REFERER']) && strlen($_SERVER['HTTP_REFERER']) > 0)) {
$valid_referrer = false;
if (!$valid_referrer) {
die("Internal server error. Please contact system administrator.");
if ($sugin_secrypt->Decrypt($this->pct_decode($seclnk_array[0]), $mlpBase->options['ubam_dpdemon_gen_key'], $mlpBase->options['ubam_dpdemon_gen_secret'])) {
$secure_resource = $sugin_secrypt->Data;
} else {
if ($seclnk_array[1] < time()) {
die("This link is no longer valid.");
$string_to_sign = $mlpBase->options['ubam_dpdemon_gen_key'] . "GET\n\n\n" . $seclnk_array[1] . "\n" . $mlpBase->options['ubam_dpdemon_gen_secret'];
$auth_signature = $this->pct_encode(md5($string_to_sign));
if ($auth_signature != $seclnk_array[2]) {
die("Invalid security information in URL.");
if (strpos($secure_resource, '://') !== false) {
$parsedUrl = parse_url($secure_resource);
$thepath = $parsedUrl['path'];
$thehost = $parsedUrl['host'];
if (strpos(preg_replace('/^http:\/\/www\./i', 'http://', get_option('siteurl')), 'http://' . preg_replace('/^www\./i', '', $thehost)) === false) {
header('Location: ' . $secure_resource);
} else {
$fname = substr($thepath, strrpos($thepath, '/') + 1);
$theWPdir = parse_url(get_option('siteurl'));
if (!empty($theWPdir['path'])) {
$file_path = substr(ABSPATH, 0, strrpos(strtolower(ABSPATH), strtolower($theWPdir['path']))) . $thepath;
} else {
$file_path = ABSPATH . $thepath;
} else {
$fname = basename($secure_resource);
$file_path = '';
if (strpos($secure_resource, '/') !== false) {
$subdir = substr($secure_resource, 0, strrpos(strtolower($secure_resource), $fname));
$subdir = substr($subdir, 0, 1) == '/' ? substr($subdir, 1) : $subdir;
} else {
$subdir = '';
$this->find_file(BASE_DIR . $subdir, $fname, $file_path);
if (!(file_exists($file_path) && is_file($file_path))) {
die("File does not exist. Make sure you specified correct file name.<br />File Path: $file_path");
$fsize = filesize($file_path);
$fext = strtolower(substr(strrchr($fname, "."), 1));
if (!array_key_exists($fext, $allowed_ext) || $allowed_ext[$fext] == '') {
$mtype = '';
if (function_exists('mime_content_type')) {
$mtype = mime_content_type($file_path);
} elseif (function_exists('finfo_file')) {
$finfo = finfo_open(FILEINFO_MIME);
$mtype = finfo_file($finfo, $file_path);
if ($mtype == '') {
$mtype = "application/force-download";
} else {
$mtype = $allowed_ext[$fext];
if (!isset($_GET['fc']) || empty($_GET['fc'])) {
$asfname = $fname;
} else {
$asfname = str_replace(array('"', "'", '\\', '/'), '', $_GET['fc']);
if ($asfname === '')
$asfname = 'NoName';
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);
$f = @fopen(LOG_FILE, 'a+');
if ($f) {
@fputs($f, date("m.d.Y g:ia") . " " . $_SERVER['REMOTE_ADDR'] . " " . $fname . "\n");
function find_file($dirname, $fname, &$file_path)
$dir = opendir($dirname);
while ($file = readdir($dir)) {
if (empty($file_path) && $file != '.' && $file != '..') {
if (is_dir($dirname . '/' . $file)) {
$this->sec_url_find_file($dirname . '/' . $file, $fname, $file_path);
} else {
$fullname = rtrim($dirname, '/') . '/' . $fname;
if (file_exists($fullname)) {
$file_path = $fullname;
function pct_decode($text_to_decode)
$out_text = preg_replace("/_BF_R_/", "%", $text_to_decode);
return base64_decode(rawurldecode($out_text));
function pct_encode($text_to_encode)
$out_text = rawurlencode(base64_encode($text_to_encode));
return preg_replace("/%/", "_BF_R_", $out_text);
require_once dirname(__FILE__) . '/Secrypt.class.inc.php';
?> |
Posted: Wed Oct 13, 2010 3:53 am
tsabitah
Valuable expert |

Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
Code: | <?php
if (!class_exists('ubam_dpdemon')) {
class ubam_dpdemon
var $optionsName = 'ubam_dpdemon_options';
var $localizationDomain = "ubam_dpdemon";
var $thispluginurl = '';
var $thispluginpath = '';
var $options = array();
function ubam_dpdemon()
$locale = get_locale();
$mo = dirname(__FILE__) . "/languages/" . $this->localizationDomain . "-" . $locale . ".mo";
load_textdomain($this->localizationDomain, $mo);
$this->thispluginurl = WP_PLUGIN_URL . '/' . dirname(plugin_basename(__FILE__)) . '/';
$this->thispluginpath = WP_PLUGIN_PATH . '/' . dirname(plugin_basename(__FILE__)) . '/';
if (empty($this->options['ubam_dpdemon_default_email']))
$this->options['ubam_dpdemon_default_email'] = "Dear {CUSTOMER NAME},\n\nThank you for purchasing {PRODUCT NAME}.\n\nBelow is the URL to your download page. You have\napproximately {X} hours to download your purchase, after\nwhich the download page will be expired.\n\nDownload for {PRODUCT NAME} ({PRODUCT CODE})\n{DOWNLOAD PAGE}\n\nIf the URL above is not clickable, just copy and paste the\nURL into your browser.\n\nShould you need any assistance, simply reply to this email.\n\n\nYour Name\nYour Company";
add_action("admin_menu", array(&$this, "admin_menu_link"));
add_action("init", array(&$this, "ubam_dpdemon_notify"));
add_filter('the_content', array(&$this, "ubam_dpdemon_button_html"));
function getOptions()
if (!$theOptions = get_option($this->optionsName)) {
$theOptions = array('default' => 'options');
update_option($this->optionsName, $theOptions);
$this->options = $theOptions;
function ubam_dpdemon_notify()
global $wpdb;
global $ubam_aff_mgr_var;
if ($_GET['dpd-pp-notify'] || strpos($_SERVER['REQUEST_URI'], '/dpd-pp-notify/') !== false) {
require_once dirname(__FILE__) . '/' . 'dp-demon-notify.php';
$notify = new ubam_dpdemon_notify(&$this);
if ($_GET['dpdid']) {
require_once dirname(__FILE__) . '/' . 'dp-demon-page.php';
$return = new ubam_dpdemon_page(&$this);
$return ->show_pitch_page();
if ($_GET['dpd-pp-thankyou'] || strpos($_SERVER['REQUEST_URI'], '/dpd-pp-thankyou/') !== false) {
require_once dirname(__FILE__) . '/' . 'dp-demon-page.php';
$return = new ubam_dpdemon_page(&$this);
$return ->pp_thankyou();
if ($_GET['dpd-cb-thankyou']) {
require_once dirname(__FILE__) . '/' . 'dp-demon-notify.php';
$return = new ubam_dpdemon_notify(&$this);
$return ->cb_thankyou();
if ($_GET['dpd-download']) {
require_once dirname(__FILE__) . '/' . 'dp-demon-page.php';
$download = new ubam_dpdemon_page(&$this);
if (eregi('/lnk-pr0t', $_SERVER['REQUEST_URI']) && !empty($_GET['seclnk'])) {
require_once dirname(__FILE__) . '/' . 'includes/CLASS.link-protect.php';
$url_handler = new ubam_dpdemon_link_protect(&$this);
function send_to_pitch_page($dpdid = '')
if ($_GET['dpdid'] || !empty($dpdid)) {
if (empty($dpdid))
$dpdid = $_GET['dpdid'];
require_once dirname(__FILE__) . '/' . 'dp-demon-page.php';
$return = new ubam_dpdemon_page(&$this);
$return ->show_pitch_page($dpdid);
function saveAdminOptions()
return update_option($this->optionsName, $this->options);
function admin_menu_link()
add_options_page(DPDEMON_OPTION_PAGE_TITLE, DPDEMON_MENU_TITLE, 'manage_options', 'dp-demon-inc.php', array(&$this, 'admin_options_page'));
add_filter('plugin_action_links_' . plugin_basename(__FILE__), array(&$this, 'filter_plugin_actions'), 10, 2);
function filter_plugin_actions($links, $file)
$settings_link = '<a href="options-general.php?page=' . basename(__FILE__) . '">' . __('Settings') . '</a>';
array_unshift($links, $settings_link);
return $links;
function create_sales_link_html($product_id, $pid = 0)
return $this->create_purchase_button_html($product_id, $pid = 0, $type = 'link');
function create_custom_purchase_button_html($product_id, $image_array)
return $this->create_purchase_button_html($product_id, $pid = 0, $type = 'button', $image_array);
function create_purchase_button_html($product_id, $pid = 0, $type = 'button', $image_array = '')
global $wpdb;
global $ubam_aff_mgr_var;
$filter_value = ($pid > 0 ? $pid : "'$product_id'");
$filter_column = ($pid > 0 ? 'id' : 'product_id');
$product = $wpdb->get_row("SELECT * from {$wpdb->prefix}ubam_mktg_launchpad_items WHERE $filter_column = $filter_value");
if ($product) {
if (is_array($image_array)) {
$img_width = (empty($image_array['width']) ? '' : ' width="' . $image_array['width'] . '"');
$img_height = (empty($image_array['height']) ? '' : ' height="' . $image_array['height'] . '"');
switch ($product->pmt_processor) {
case 'PAYPAL':
if (!$paypal_sandbox == 0) {
$paypal_url = "www.sandbox.paypal.com/cgi-bin/webscr";
$paypal_ipn_url = "www.sandbox.paypal.com";
} else {
$paypal_url = "www.paypal.com/cgi-bin/webscr";
$paypal_ipn_url = "www.paypal.com";
if ($get_shipping_address == 1) {
$no_shipping = 2;
if ($get_shipping_address == 0) {
$no_shipping = 1;
if ($get_shipping_address == 2) {
$no_shipping = 0;
$buy_now_image = '"https://www.paypal.com/en_US/i/btn/btn_paynowCC_LG.gif"';
if (is_array($image_array)) {
if (!empty($image_array['image']))
$buy_now_image = '"' . $image_array['image'] . '"' . $img_width . $img_height;
$return_url = rtrim(get_option('siteurl'), '/') . "/dpd-pp-thankyou/{$product->product_id}";
$notify_url = rtrim(get_option('siteurl'), '/') . "/dpd-pp-notify/{$product->product_id}";
$button_html = '<form name="form1" action="https://' . $paypal_url . '" method="post">';
$button_html .= '<input type="image" src=' . $buy_now_image . ' border="0" name="submit" alt="Make payments with PayPal - it\'s fast, free and secure!">';
$button_html .= '<input type="hidden" name="cmd" value="_xclick">';
$button_html .= '<input type="hidden" name="business" value="' . $this->options['ubam_dpdemon_pp_email'] . '">';
$button_html .= '<input type="hidden" name="item_name" value="' . $product->product_name . '">';
$button_html .= '<input type="hidden" name="item_number" value="' . $product->product_nbr . '">';
$button_html .= '<input type="hidden" name="amount" value="' . $product->price . '">';
$button_html .= '<input type="hidden" name="no_shipping" value="' . $no_shipping . '">';
$button_html .= '<input type="hidden" name="return" value="' . $return_url . '">';
$button_html .= '<input type="hidden" name="notify_url" value="' . $notify_url . '">';
$button_html .= '<input type="hidden" name="no_note" value="1">';
$button_html .= '<input type="hidden" name="currency_code" value="' . $product->currency . '">';
$button_html .= '<input type="hidden" name="rm" value="2">';
$button_html .= '</form>';
$processor = 'cb';
$buy_now_image = '"' . $this->thispluginurl . 'cb-buy-NOW.gif"';
if (is_array($image_array)) {
if (!empty($image_array['image']))
$buy_now_image = '"' . $image_array['image'] . '"' . $img_width . $img_height;
$button_html = '<form id="eppForm" action="http://' . $product->product_nbr . '.' . $this->options['ubam_dpdemon_cb_vendid'] . '.pay.clickbank.net" method="get" target="_top">';
$button_html .= '<input type="image" src=' . $buy_now_image . ' border="0" name="submit" alt="Make payments with ClickBank - it\'s fast, free and secure!">';
$button_html .= '</form>';
case 'E-JUNKIE':
$processor = 'ej';
$buy_now_image = '"http://www.e-junkie.com/ej/x-click-butcc.gif"';
if (is_array($image_array)) {
if (!empty($image_array['image']))
$buy_now_image = '"' . $image_array['image'] . '"' . $img_width . $img_height;
$link = 'https://www.e-junkie.com/ecom/gb.php?i=' . $product->product_nbr . '&c=single&cl=' . $this->options['ubam_dpdemon_ej_clientid'] . $ma_custom;
$button_html = '<a href="' . $link . '" target="ejejcsingle">';
$button_html .= '<img src=' . $buy_now_image . ' border="0" alt="Buy Now"/></a>';
$button_html = get_option('siteurl') . '/?dpdid=' . $product->product_id;
$copy_html = $button_html;
} else {
$button_html = false;
return array('html' => $button_html, 'copy_html' => $copy_html, 'pmt_processor' => $product->pmt_processor, 'product_id' => $product->product_id, 'pitch_page' => (empty($product->pitch_page_url) ? false : true));
function ubam_dpdemon_button_html($text)
$dpd_button_tag_pattern = '/(\[dpd-button(.*?)\](.*?)\[\/dpd-button\])/is';
$dpd_link_tag_pattern = '/\[dpd-button\](.*?)\[\/dpd-button\]/is';
preg_match_all($dpd_button_tag_pattern, $text, $dpd_button_matches);
if (is_array($dpd_button_matches)) {
foreach ($dpd_button_matches[1] as $bkey => $bvalue) {
$product_id = $dpd_button_matches[3][$bkey];
if (empty($dpd_button_matches[2][$bkey])) {
$image_array = '';
} else {
$image_array = $this->parse_attributes($dpd_button_matches[2][$bkey]);
if (count($image_array) == 0)
$image_array = '';
if (is_array($image_array)) {
$button_html = $this->create_custom_purchase_button_html($product_id, $image_array);
} else {
$button_html = $this->create_purchase_button_html($product_id);
if ($button_html === false)
$button_html = array('html' => '');
$text = str_replace($bvalue, $button_html['html'], $text);
preg_match_all($dpd_link_tag_pattern, $text, $dpd_link_matches);
if (is_array($dpd_link_matches)) {
foreach ($dpd_link_matches[1] as $key => $product_id) {
$link_html = $this->create_purchase_button_html($product_id);
if ($link_html === false)
$link_html = array('html' => '');
$text = str_replace($dpd_link_matches[0][$key], $link_html['html'], $text);
return $text;
function parse_attributes($attrib_string)
$regex = '@([^\s=]+)\s*=\s*(\'[^<\']*\'|"[^<"]*"|\S*)@';
preg_match_all($regex, $attrib_string, $matches);
$attr = array();
for ($i = 0; $i < count($matches[0]); $i++) {
if (!empty($matches[0][$i]) && !empty($matches[1][$i])) {
if (preg_match("/^'(.*)'$/", $matches[2][$i], $vmatch)) {
$value = $vmatch[1];
} elseif (preg_match('/^"(.*)"$/', $matches[2][$i], $vmatch)) {
$value = $vmatch[1];
} else {
$value = $matches[2][$i];
$key = strtolower($matches[1][$i]);
$attr[$key] = $value;
return $attr;
function admin_options_page()
global $wpdb;
if ($_POST['action'] == 'edit') {
$editmode = true;
$eproduct = $wpdb->get_row("SELECT * from {$wpdb->prefix}ubam_mktg_launchpad_items WHERE id={$_POST['pid']}");
?><div class="wrap">
?></h2> <?php
require_once(DPDEMON_TEMPLATE_DIR . "product-entry-form.htm");
} elseif ($_POST['action'] == 'Edit Default Email') {
$default_email = $this->options['ubam_dpdemon_default_email'];
require_once(DPDEMON_TEMPLATE_DIR . "edit-default-email.htm");
} elseif ($_POST['action'] == 'button') {
$button = $this->create_purchase_button_html('', $_POST['pid']);
if ($button['pitch_page']) {
$pitch_page = get_option('siteurl') . "/?dpdid={$button['product_id']}";
if ($button['pmt_processor'] == 'CLICKBANK') {
$cb_hoplink_target = get_option('siteurl') . "/";
$append_to_hoplink = "?dpdid={$button['product_id']}";
$append_to_tracking_hoplink = "&dpdid={$button['product_id']}";
$cb_thank_you = get_option('siteurl') . "/?dpd-cb-thankyou={$button['product_id']}";
if ($button['pmt_processor'] == 'E-JUNKIE') {
$ej_ipn_url = rtrim(get_option('siteurl'), '/') . "/dpd-ej-notify/{$button['product_id']}";
require_once(DPDEMON_TEMPLATE_DIR . "button-display.htm");
} else {
if ($_POST['action'] == 'delete') {
$wpdb->query("DELETE FROM {$wpdb->prefix}ubam_mktg_launchpad_items WHERE id={$_POST['pid']}");
echo '<div class="updated"><p>Success! Product has been deleted from the database.</p></div>';
if ($_POST['ubam_dpdemon_edit_default_email']) {
$this->options['ubam_dpdemon_default_email'] = $_POST['ubam_dpdemon_default_email'];
echo '<div class="updated"><p>Success! Your changes were sucessfully saved.</p></div>';
if ($_POST['ubam_dpdemon_acct_save']) {
if (!wp_verify_nonce($_POST['_wpnonce'], 'ubam_dpdemon-update-options'))
die('Whoops! There was a problem with the data you posted. Please go back and try again.');
$this->options['ubam_dpdemon_pp_email'] = $_POST['ubam_dpdemon_pp_email'];
$this->options['ubam_dpdemon_pp_authcd'] = $_POST['ubam_dpdemon_pp_authcd'];
$this->options['ubam_dpdemon_cb_vendid'] = $_POST['ubam_dpdemon_cb_vendid'];
$this->options['ubam_dpdemon_cb_authcd'] = $_POST['ubam_dpdemon_cb_authcd'];
$this->options['ubam_dpdemon_ej_clientid'] = $_POST['ubam_dpdemon_ej_clientid'];
$this->options['ubam_dpdemon_support_name'] = $_POST['ubam_dpdemon_support_name'];
$this->options['ubam_dpdemon_support_email'] = $_POST['ubam_dpdemon_support_email'];
$this->options['ubam_dpdemon_expire_hours'] = $_POST['ubam_dpdemon_expire_hours'];
$this->options['ubam_dpdemon_gen_key'] = $_POST['ubam_dpdemon_gen_key'];
$this->options['ubam_dpdemon_gen_secret'] = $_POST['ubam_dpdemon_gen_secret'];
$this->options['ubam_dpdemon_expire_seconds'] = $_POST['ubam_dpdemon_expire_seconds'];
$this->options['ubam_dpdemon_download_directory'] = $_POST['ubam_dpdemon_download_directory'];
echo '<div class="updated"><p>Success! Your changes were sucessfully saved.</p></div>';
if ($_POST['ubam_dpdemon_add_product']) {
$insert_query = "REPLACE INTO {$wpdb->prefix}ubam_mktg_launchpad_items " . " (product_id, pmt_processor, product_nbr, " . " ma_commission_scheme_id, " . " product_name, product_description, price, currency, " . " pitch_page_url, thank_you_page_url, download_page_url, download_link_url, " . " thankyou_email_subject, thankyou_email_body) " . "VALUES ('{$_POST['ubam_dpdemon_product_id']}', '{$_POST['ubam_dpdemon_pmt_processor']}', '{$_POST['ubam_dpdemon_product_nbr']}', " . " " . (empty($_POST['ubam_dpdemon_commission_scheme_id']) ? 'NULL' : $_POST['ubam_dpdemon_commission_scheme_id']) . ", " . " '{$_POST['ubam_dpdemon_product_name']}', '{$_POST['ubam_dpdemon_product_desc']}', " . (empty($_POST['ubam_dpdemon_price']) ? '0.00' : $_POST['ubam_dpdemon_price']) . ", '{$_POST['ubam_dpdemon_currency']}', " . " '{$_POST['ubam_dpdemon_pitch_page']}', '{$_POST['ubam_dpdemon_thanku_page']}', '{$_POST['ubam_dpdemon_dl_page']}', '{$_POST['ubam_dpdemon_dl_link']}', " . " '{$_POST['ubam_dpdemon_email_subject']}', '{$_POST['ubam_dpdemon_email_body']}') ";
echo '<div class="updated"><p>Success! Product has been added to the database.</p></div>';
if ($_POST['ubam_dpdemon_update_product']) {
if (!wp_verify_nonce($_POST['_wpnonce'], 'ubam_dpdemon-edit-product'))
die('Whoops! There was a problem with the data you posted. Please go back and try again.');
$update_query = "UPDATE {$wpdb->prefix}ubam_mktg_launchpad_items " . " SET product_id = '{$_POST['ubam_dpdemon_product_id']}' " . " , pmt_processor = '{$_POST['ubam_dpdemon_pmt_processor']}' " . " , product_nbr = '{$_POST['ubam_dpdemon_product_nbr']}' " . " , product_name = '{$_POST['ubam_dpdemon_product_name']}' " . " , product_description = '{$_POST['ubam_dpdemon_product_desc']}' " . " , ma_commission_scheme_id = " . (empty($_POST['ubam_dpdemon_commission_scheme_id']) ? 'NULL' : $_POST['ubam_dpdemon_commission_scheme_id']) . " " . " , price = " . (empty($_POST['ubam_dpdemon_price']) ? '0.00' : $_POST['ubam_dpdemon_price']) . " " . " , currency = '{$_POST['ubam_dpdemon_currency']}' " . " , pitch_page_url = '{$_POST['ubam_dpdemon_pitch_page']}' " . " , thank_you_page_url = '{$_POST['ubam_dpdemon_thanku_page']}' " . " , download_page_url = '{$_POST['ubam_dpdemon_dl_page']}' " . " , download_link_url = '{$_POST['ubam_dpdemon_dl_link']}' " . " , thankyou_email_subject = '{$_POST['ubam_dpdemon_email_subject']}' " . " , thankyou_email_body = '{$_POST['ubam_dpdemon_email_body']}' " . " WHERE id = {$_POST['id']} ";
echo '<div class="updated"><p>Success! Product has been successfully changed.</p></div>';
$productlist = $wpdb->get_results("SELECT * from {$wpdb->prefix}ubam_mktg_launchpad_items ORDER BY product_id", ARRAY_A);
if (!is_array($productlist))
$productlist = array();
$admin_link_prefix = 'options-general.php?page=';
include_once(DPDEMON_TEMPLATE_DIR . "options-page.htm");
function stripslashes_deep($value)
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
?> |
Posted: Wed Oct 13, 2010 3:56 am
tsabitah
Valuable expert |

Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
Code: | <?php
if (!class_exists('ubam_dpdemon_url_protector')) {
class ubam_dpdemon_url_protector
var $master;
function ubam_dpdemon_url_protector($masterclass)
$this->master = $masterclass;
function secureUrl($text)
$mlpBase = $this->master;
$SEC_GEN_KEY = $mlpBase->options['ubam_dpdemon_gen_key'];
$SEC_GEN_SECRET = $mlpBase->options['ubam_dpdemon_gen_secret'];
$expires = time() + $mlpBase->options['ubam_dpdemon_expire_seconds'];
$text = $this->create_link($text, $SEC_GEN_KEY, $SEC_GEN_SECRET, $expires);
return $text;
function create_link($text, $SEC_GEN_KEY, $SEC_GEN_SECRET, $expires)
$mlpBase = $this->master;
$tag_pattern = '/(SECURE(.*?):(.*))/i';
if (preg_match($tag_pattern, $text, $matches)) {
require_once dirname(__FILE__) . '/includes/Secrypt.class.inc.php';
$attr_array = $this->parse_attributes($matches[2]);
$link_expires = $expires;
if ($attr_array['seconds'] && is_numeric($attr_array['seconds'])) {
if ($attr_array['seconds'] > 0) {
$link_expires = time() + $attr_array['seconds'];
} elseif ($attr_array['seconds'] == 0) {
$link_expires = time() + (3650 * 24 * 60 * 60);
if (($attr_array['hotlink']) && is_numeric($attr_array['hotlink'])) {
$hotlink = $attr_array['hotlink'] <= 0 ? 0 : 1;
$secure_resource = trim($matches[3]);
$sug_string_to_sign = "{$SEC_GEN_KEY}GET\n\n\n$link_expires\n$SEC_GEN_SECRET";
$sug_signature = urlencode($this->pct_encode(md5($sug_string_to_sign)));
$sugout_secrypt = new ubam_dpdemon_Secrypt(false);
$secure_link = urlencode($this->pct_encode($sugout_secrypt->Encrypt($secure_resource, $SEC_GEN_KEY, $SEC_GEN_SECRET)));
$secure_hotlink = urlencode($this->pct_encode($sugout_secrypt->Encrypt($hotlink == 0 ? "000" : "111", $SEC_GEN_KEY, $SEC_GEN_SECRET)));
$sug_authentication_params = "_L-N-KP_$link_expires";
$sug_authentication_params .= "_L-N-KP_$sug_signature";
$sug_authentication_params .= "_L-N-KP_$secure_hotlink";
$secure_destination = rtrim(get_option('siteurl'), '/') . '/lnk-pr0t?seclnk=' . $secure_link . "$sug_authentication_params";
$text = $secure_destination;
return $text;
function parse_attributes($attrib_string)
$regex = '@([^\s=]+)\s*=\s*(\'[^<\']*\'|"[^<"]*"|\S*)@';
preg_match_all($regex, $attrib_string, $matches);
$attr = array();
for ($i = 0; $i < count($matches[0]); $i++) {
if (!empty($matches[0][$i]) && !empty($matches[1][$i])) {
if (preg_match("/^'(.*)'$/", $matches[2][$i], $vmatch)) {
$value = $vmatch[1];
} elseif (preg_match('/^"(.*)"$/', $matches[2][$i], $vmatch)) {
$value = $vmatch[1];
} else {
$value = $matches[2][$i];
$key = strtolower($matches[1][$i]);
$attr[$key] = $value;
return $attr;
function pct_encode($text_to_encode)
$out_text = rawurlencode(base64_encode($text_to_encode));
return preg_replace("/%/", "_BF_R_", $out_text);
?> |
Posted: Wed Oct 13, 2010 11:14 pm
klih
Regular user |

Joined: Oct 12, 2010 |
Posts: 11 |
Amazing. Thanks a ton. Now I can see if there is anything fishy in my WP plugin. |
