function setUserReported($contentOriginTable, $contentID, $isAdmin) { // get the ID of the user who was reported $reportedUserID = Database::selectFirst("SELECT user_id FROM " . $contentOriginTable . " WHERE id = " . intval($contentID)); $reportedUserID = $reportedUserID['user_id']; // get the ID of the message thread that the user was reported in if ($contentOriginTable == 'messages') { $messageID = $contentID; } elseif ($contentOriginTable == 'comments') { $messageID = Database::selectFirst("SELECT message_id FROM comments WHERE id = " . $contentID); $messageID = $messageID['message_id']; } else { // we can't handle this request respond(array('status' => 'bad_request')); // prevent IDE warnings exit; } // mark the user as reported and possibly ban them temporarily $possibleWriteLockEnd = time() + 3600 * 24 * 5; $timesReported = $isAdmin ? 2 : 1; Database::update("UPDATE users SET reported_count = reported_count+" . $timesReported . ", write_lock_until = IF(reported_count >= 3, " . intval($possibleWriteLockEnd) . ", write_lock_until), reported_count = IF(reported_count >= 3, 1, reported_count) WHERE id = " . $reportedUserID); // send a notice to the violating user Database::insert("INSERT INTO subscriptions (message_id, user_id, degree, reasonForBan, counter) VALUES (" . intval($messageID) . ", " . $reportedUserID . ", 3, 1, 1) ON DUPLICATE KEY UPDATE reasonForBan = 1, counter = 1"); }
*/ require_once __DIR__ . '/../base.php'; if ($_SERVER['REQUEST_METHOD'] === 'POST') { // initialization $user = init($_POST); // force authentication $userID = auth($user['username'], $user['password'], false); // check if required parameters are set if (isset($_POST['contentType']) && isset($_POST['contentID'])) { $contentID = intval(base64_decode(trim($_POST['contentID']))); if ($_POST['contentType'] == 'message') { $authorID = Database::selectFirst("SELECT user_id FROM messages WHERE id = " . intval($contentID)); if (isset($authorID['user_id']) && $authorID['user_id'] != $userID) { Database::insert("INSERT INTO connections (from_user, type, to_user, time_inserted) VALUES (" . intval($userID) . ", 'block', " . intval($authorID['user_id']) . ", " . time() . ") ON DUPLICATE KEY UPDATE type = VALUES(type)"); } respond(array('status' => 'ok')); } elseif ($_POST['contentType'] == 'comment') { $authorID = Database::selectFirst("SELECT user_id FROM comments WHERE id = " . intval($contentID)); if (isset($authorID['user_id']) && $authorID['user_id'] != $userID) { Database::insert("INSERT INTO connections (from_user, type, to_user, time_inserted) VALUES (" . intval($userID) . ", 'block', " . intval($authorID['user_id']) . ", " . time() . ") ON DUPLICATE KEY UPDATE type = VALUES(type)"); } respond(array('status' => 'ok')); } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); }
function getDegree($userID, $messageID) { $degree = Database::selectFirst("SELECT degree FROM feeds WHERE user_id = " . intval($userID) . " AND message_id = " . intval($messageID)); // if there is already an existing connection (degree available) if (isset($degree['degree'])) { // return this degree return $degree['degree']; } else { // otherwise default to degree 3 (no direct connection anymore but worldwide) return 3; } }
public static function getRepositoryRole($userID, $repositoryID) { $role = Database::selectFirst("SELECT role FROM roles WHERE userID = " . intval($userID) . " AND repositoryID = " . intval($repositoryID)); if (empty($role)) { return Repository::ROLE_NONE; } else { return $role['role']; } }
* This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see {http://www.gnu.org/licenses/}. */ require_once __DIR__ . '/../base.php'; if ($_SERVER['REQUEST_METHOD'] === 'GET') { // initialization $user = init($_GET); // force authentication $userID = auth($user['username'], $user['password'], false); // check if required parameters are set if (isset($_GET['messageID'])) { $messageID = intval(base64_decode(trim($_GET['messageID']))); $isFavorited = Database::selectFirst("SELECT COUNT(*) FROM favorites WHERE user_id = " . intval($userID) . " AND message_id = " . intval($messageID)); $isSubscribed = Database::selectFirst("SELECT COUNT(*) FROM subscriptions WHERE message_id = " . intval($messageID) . " AND user_id = " . intval($userID)); respond(array('status' => 'ok', 'isFavorited' => isset($isFavorited['COUNT(*)']) && $isFavorited['COUNT(*)'] > 0, 'isSubscribed' => isset($isSubscribed['COUNT(*)']) && $isSubscribed['COUNT(*)'] > 0)); } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); }
* You should have received a copy of the GNU General Public License * along with this program. If not, see {http://www.gnu.org/licenses/}. */ require_once __DIR__ . '/../base.php'; if ($_SERVER['REQUEST_METHOD'] === 'POST') { // initialization $user = init($_GET); // prepare username and password for internal usage with the database $usernameEscaped = Database::escape(makeHash($user['username'])); $passwordEscaped = Database::escape(makeHash($user['password'])); // get the user whose phone number we want to prepare for verification $verifyUser = Database::selectFirst("SELECT id FROM users WHERE username = "******" AND password IS NOT NULL AND password != " . $passwordEscaped); // if an existing user with the given username could be found (whose password is set but not the given one) if (isset($verifyUser['id'])) { // search for other verification requests which may still be open for this user $openRequests = Database::selectFirst("SELECT COUNT(*) FROM verifications WHERE user_id = " . intval($verifyUser['id']) . " AND time_until > " . time()); // if the user has fewer than 50 open verification requests (we allow some for failed attempts) if (isset($openRequests['COUNT(*)']) && $openRequests['COUNT(*)'] < 50) { $verificationCode = md5(openssl_random_pseudo_bytes(128)); $validUntilTime = time() + 3600 * 12; $success = Database::insert("INSERT INTO verifications (user_id, new_password, verification_code, time_created, time_until) VALUES (" . intval($verifyUser['id']) . ", " . $passwordEscaped . ", " . Database::escape($verificationCode) . ", " . time() . ", " . $validUntilTime . ")"); if ($success) { respond(array('status' => 'ok', 'apiPhoneNumber' => CONFIG_API_PHONE_NUMBER, 'verificationCode' => $verificationCode, 'validUntil' => $validUntilTime)); } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request'));
*/ require_once __DIR__ . '/../base.php'; require_once __DIR__ . '/../base_crypto.php'; require_once __DIR__ . '/classes/UserIDsInThread.php'; if ($_SERVER['REQUEST_METHOD'] === 'GET') { // initialization $user = init($_GET); // force authentication $userID = auth($user['username'], $user['password'], false); // check if required parameters are set if (isset($_GET['messageID'])) { $messageID = intval(base64_decode(trim($_GET['messageID']))); // prepare temporary array for comments $comments = array(); // get the parent message's data $parentMessageData = Database::selectFirst("SELECT user_id FROM messages WHERE id = " . intval($messageID)); if (empty($parentMessageData)) { $parentMessageData = array('user_id' => NULL); } // get the public IDs for all users in this comments thread $publicUserIDs = UserIDsInThread::get($messageID); // mark this comments thread as read Database::update("UPDATE subscriptions SET counter = 0 WHERE message_id = " . intval($messageID) . " AND user_id = " . intval($userID)); // check if the authenticating user is an admin user $isAdmin = in_array($userID, unserialize(CONFIG_ADMIN_USER_IDS)); // get the comments for the given message $commentsQuery = "SELECT id, user_id, text_encrypted, comment_secret, private_to_user, time_inserted FROM comments WHERE message_id = " . intval($messageID); // the content must either not have been deleted (flagged through reports) or the authenticating user must be the author of the content themself $commentsQuery .= " AND (deleted = 0 OR user_id = " . intval($userID) . ")"; // unless the authenticating user has administrator privileges and those permissions allow the inspection of private conversations if (!$isAdmin || !CONFIG_ADMINS_READ_PRIVATE) {
$msg = array('id' => base64_encode($item['message_id']), 'degree' => $item['degree'], 'colorHex' => $item['color_hex'], 'patternID' => $item['pattern_id'], 'text' => $textDecrypted, 'topic' => $item['topic'], 'favoritesCount' => $item['favorites_count'], 'commentsCount' => $item['comments_count'], 'countryISO3' => $item['country_iso3'], 'time' => $item['time_published']); // if location data is available if (isset($item['geo_lat']) && isset($item['geo_long'])) { $msg['location'] = array('lat' => $item['geo_lat'], 'long' => $item['geo_long']); } // if in subscriptions mode return whether the author was banned for this message thread if ($_GET['mode'] == 'subscriptions') { $msg['reasonForBan'] = isset($item['reasonForBan']) && $item['reasonForBan'] == 1; } // add the message to the list $messages[] = $msg; } } } } // only if this is the first page if ($startIndex == 0) { // get the number of new subscription updates $subscriptionUpdates = Database::selectFirst("SELECT COUNT(*) FROM subscriptions WHERE user_id = " . intval($userID) . " AND counter > 0"); $subscriptionUpdates = isset($subscriptionUpdates['COUNT(*)']) ? $subscriptionUpdates['COUNT(*)'] : 0; } else { // don't return any number for the subscription updates $subscriptionUpdates = -1; } respond(array('status' => 'ok', 'messages' => $messages, 'subscriptionUpdates' => $subscriptionUpdates)); } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); }
// if a hexadecimal hash (32+ chars) is found if (preg_match('/[abcdef0-9]{32,}/is', $text, $subpattern)) { // return the extracted hash return $subpattern[0]; } else { // return an empty string because we didn't find the hash return ''; } } $incomingSignature = isset($_SERVER['HTTP_X_TWILIO_SIGNATURE']) ? $_SERVER['HTTP_X_TWILIO_SIGNATURE'] : ''; $requiredSignature = getTwilioSignature(getTwilioEndpoint(), CONFIG_TWILIO_AUTH_CODE, $_POST); if (hash_equals($incomingSignature, $requiredSignature)) { if (isset($_POST['From']) && isset($_POST['Body'])) { $incomingCode = extractHexHash($_POST['Body']); // try to find an open request with the given verification code $openRequest = Database::selectFirst("SELECT user_id, new_password FROM verifications WHERE verification_code = " . Database::escape($incomingCode) . " AND time_until > " . time()); // if an open request with the given code has been found if (isset($openRequest['user_id']) && isset($openRequest['new_password'])) { $usernameByPhoneNumber = makeHash(clientHash(trim($_POST['From']))); // set the new password for the user if the actual phone number matches the pretended phone number (contained in the username) Database::update("UPDATE users SET password = "******" WHERE id = " . intval($openRequest['user_id']) . " AND username = "******"UPDATE verifications SET time_until = 0 WHERE user_id = " . intval($openRequest['user_id'])); } } } // overwrite the response type header header('Content-type: application/xml; charset=utf-8'); // send an empty response for the Twilio API (do nothing) and exit echo '<?xml version="1.0" encoding="utf-8"?>'; echo '<Response></Response>';