AnonSec Shell
Server IP : 54.36.91.62  /  Your IP : 216.73.217.112
Web Server : Apache
System : Linux webm013.cluster127.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64
User : coopiak ( 151928)
PHP Version : 8.3.23
Disable Function : _dyuweyrj4,_dyuweyrj4r,dl
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/coopiak/amisdesseniors-fr/brest/components/com_djcatalog2/controllers/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /home/coopiak/amisdesseniors-fr/brest/components/com_djcatalog2/controllers/users.php
<?php
/**
 * @package DJ-Catalog2
 * @copyright Copyright (C) DJ-Extensions.com, All rights reserved.
 * @license http://www.gnu.org/licenses GNU/GPL
 * @author url: http://dj-extensions.com
 * @author email contact@dj-extensions.com
 */

defined('_JEXEC') or die;
use Joomla\CMS\Factory;
use Joomla\CMS\Language\Text;
class DJCatalog2ControllerUsers extends BaseController
{
	/**
	 * Method to search tags with AJAX
	 *
	 * @return  void
	 */
	public function searchAjax()
	{
		// Required objects
		$app = Factory::getApplication();
		
		$like = trim((string)$app->input->get('like', null, 'string'));
		$context = trim((string)$app->input->get('context', null, 'string'));
		
		if (!$this->isSearchAllowed($context)) {
			echo '[]';
			$app->close();
		}
		
		$db = Factory::getDbo();
		$query = $db->getQuery(true);
		$query->select('u.id AS value, CONCAT(u.name, " [", u.username ,"]") AS text');
		$query->from('#__users AS u');
		$query->join('left', '#__djc2_users as du ON du.user_id = u.id');
		
		if ($like != '**') {
			$query->where(
				'(' . $db->quoteName('u.name') . ' LIKE ' . $db->quote('%' . $db->escape($like) . '%')
				. ' OR ' . $db->quoteName('u.username') . ' LIKE ' . $db->quote('%' . $db->escape($like) . '%')
				. ' OR ' . $db->quoteName('du.company') . ' LIKE ' . $db->quote('%' . $db->escape($like) . '%')
				. ' OR ' . $db->quoteName('du.firstname') . ' LIKE ' . $db->quote('%' . $db->escape($like) . '%')
				. ' OR ' . $db->quoteName('du.lastname') . ' LIKE ' . $db->quote('%' . $db->escape($like) . '%')
				. ')'
				);
		}
		
		$query->order('name ASC');
		
		$db->setQuery($query);
		$results = $db->loadObjectList();
		
		echo json_encode($results);

		$app->close();
	}
	
	protected function isSearchAllowed($context) {
		$user = Factory::getUser();
		
		if ($user->guest) {
			return false;
		}
		
		if ($context == 'checkout') {
			return $user->authorise('djcatalog2.salesman', 'com_djcatalog2');
		}
		
		
		return false;
	}
	
	public function download_file() {
		$app = Factory::getApplication();
		
		$name = $app->input->get('fullname', '');
		$token = $app->input->get('token', '');
		$path = JPath::clean( JPATH_ROOT.'/media/djcatalog2/files/userfiles' );
		$file_path = $path .'/'.$name;
		
		if (empty($token) || empty($path) || !File::exists($file_path) || strpos($file_path, 'media') === false || strpos($file_path, 'djcatalog2') === false) {
			throw new Exception(Text::_('COM_DJCATALOG2_FILE_NOT_FOUND'), 404);
		}
		
		$fsize = filesize($file_path);
		$hash = md5($name.':'.$fsize);
		
		if (strcmp($hash, $token) !== 0) {
			throw new Exception(Text::_('COM_DJCATALOG2_FILE_NOT_FOUND'), 404);
		}
		
		if (!DJCatalog2FileHelper::getFileByPath($file_path, null)){
			throw new Exception(Text::_('COM_DJCATALOG2_FILE_NOT_FOUND'), 404);
		}
		
		$app->close();
		return true;
	}
}

Anon7 - 2022
AnonSec Team