function setUserReported($contentOriginTable, $contentID, $isAdmin)
{
// get the ID of the user who was reported
$reportedUserID = Database::selectFirst("SELECT user_id FROM " . $contentOriginTable . " WHERE id = " . intval($contentID));
$reportedUserID = $reportedUserID['user_id'];
// get the ID of the message thread that the user was reported in
if ($contentOriginTable == 'messages') {
$messageID = $contentID;
} elseif ($contentOriginTable == 'comments') {
$messageID = Database::selectFirst("SELECT message_id FROM comments WHERE id = " . $contentID);
$messageID = $messageID['message_id'];
} else {
// we can't handle this request
respond(array('status' => 'bad_request'));
// prevent IDE warnings
exit;
}
// mark the user as reported and possibly ban them temporarily
$possibleWriteLockEnd = time() + 3600 * 24 * 5;
$timesReported = $isAdmin ? 2 : 1;
Database::update("UPDATE users SET reported_count = reported_count+" . $timesReported . ", write_lock_until = IF(reported_count >= 3, " . intval($possibleWriteLockEnd) . ", write_lock_until), reported_count = IF(reported_count >= 3, 1, reported_count) WHERE id = " . $reportedUserID);
// send a notice to the violating user
Database::insert("INSERT INTO subscriptions (message_id, user_id, degree, reasonForBan, counter) VALUES (" . intval($messageID) . ", " . $reportedUserID . ", 3, 1, 1) ON DUPLICATE KEY UPDATE reasonForBan = 1, counter = 1");
}
*/
require_once __DIR__ . '/../base.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// initialization
$user = init($_POST);
// force authentication
$userID = auth($user['username'], $user['password'], false);
// check if required parameters are set
if (isset($_POST['contentType']) && isset($_POST['contentID'])) {
$contentID = intval(base64_decode(trim($_POST['contentID'])));
if ($_POST['contentType'] == 'message') {
$authorID = Database::selectFirst("SELECT user_id FROM messages WHERE id = " . intval($contentID));
if (isset($authorID['user_id']) && $authorID['user_id'] != $userID) {
Database::insert("INSERT INTO connections (from_user, type, to_user, time_inserted) VALUES (" . intval($userID) . ", 'block', " . intval($authorID['user_id']) . ", " . time() . ") ON DUPLICATE KEY UPDATE type = VALUES(type)");
}
respond(array('status' => 'ok'));
} elseif ($_POST['contentType'] == 'comment') {
$authorID = Database::selectFirst("SELECT user_id FROM comments WHERE id = " . intval($contentID));
if (isset($authorID['user_id']) && $authorID['user_id'] != $userID) {
Database::insert("INSERT INTO connections (from_user, type, to_user, time_inserted) VALUES (" . intval($userID) . ", 'block', " . intval($authorID['user_id']) . ", " . time() . ") ON DUPLICATE KEY UPDATE type = VALUES(type)");
}
respond(array('status' => 'ok'));
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'bad_request'));
}
function getDegree($userID, $messageID)
{
$degree = Database::selectFirst("SELECT degree FROM feeds WHERE user_id = " . intval($userID) . " AND message_id = " . intval($messageID));
// if there is already an existing connection (degree available)
if (isset($degree['degree'])) {
// return this degree
return $degree['degree'];
} else {
// otherwise default to degree 3 (no direct connection anymore but worldwide)
return 3;
}
}
public static function getRepositoryRole($userID, $repositoryID)
{
$role = Database::selectFirst("SELECT role FROM roles WHERE userID = " . intval($userID) . " AND repositoryID = " . intval($repositoryID));
if (empty($role)) {
return Repository::ROLE_NONE;
} else {
return $role['role'];
}
}
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see {http://www.gnu.org/licenses/}.
*/
require_once __DIR__ . '/../base.php';
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// initialization
$user = init($_GET);
// force authentication
$userID = auth($user['username'], $user['password'], false);
// check if required parameters are set
if (isset($_GET['messageID'])) {
$messageID = intval(base64_decode(trim($_GET['messageID'])));
$isFavorited = Database::selectFirst("SELECT COUNT(*) FROM favorites WHERE user_id = " . intval($userID) . " AND message_id = " . intval($messageID));
$isSubscribed = Database::selectFirst("SELECT COUNT(*) FROM subscriptions WHERE message_id = " . intval($messageID) . " AND user_id = " . intval($userID));
respond(array('status' => 'ok', 'isFavorited' => isset($isFavorited['COUNT(*)']) && $isFavorited['COUNT(*)'] > 0, 'isSubscribed' => isset($isSubscribed['COUNT(*)']) && $isSubscribed['COUNT(*)'] > 0));
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'bad_request'));
}
* You should have received a copy of the GNU General Public License
* along with this program. If not, see {http://www.gnu.org/licenses/}.
*/
require_once __DIR__ . '/../base.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// initialization
$user = init($_GET);
// prepare username and password for internal usage with the database
$usernameEscaped = Database::escape(makeHash($user['username']));
$passwordEscaped = Database::escape(makeHash($user['password']));
// get the user whose phone number we want to prepare for verification
$verifyUser = Database::selectFirst("SELECT id FROM users WHERE username = "******" AND password IS NOT NULL AND password != " . $passwordEscaped);
// if an existing user with the given username could be found (whose password is set but not the given one)
if (isset($verifyUser['id'])) {
// search for other verification requests which may still be open for this user
$openRequests = Database::selectFirst("SELECT COUNT(*) FROM verifications WHERE user_id = " . intval($verifyUser['id']) . " AND time_until > " . time());
// if the user has fewer than 50 open verification requests (we allow some for failed attempts)
if (isset($openRequests['COUNT(*)']) && $openRequests['COUNT(*)'] < 50) {
$verificationCode = md5(openssl_random_pseudo_bytes(128));
$validUntilTime = time() + 3600 * 12;
$success = Database::insert("INSERT INTO verifications (user_id, new_password, verification_code, time_created, time_until) VALUES (" . intval($verifyUser['id']) . ", " . $passwordEscaped . ", " . Database::escape($verificationCode) . ", " . time() . ", " . $validUntilTime . ")");
if ($success) {
respond(array('status' => 'ok', 'apiPhoneNumber' => CONFIG_API_PHONE_NUMBER, 'verificationCode' => $verificationCode, 'validUntil' => $validUntilTime));
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'bad_request'));
*/
require_once __DIR__ . '/../base.php';
require_once __DIR__ . '/../base_crypto.php';
require_once __DIR__ . '/classes/UserIDsInThread.php';
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// initialization
$user = init($_GET);
// force authentication
$userID = auth($user['username'], $user['password'], false);
// check if required parameters are set
if (isset($_GET['messageID'])) {
$messageID = intval(base64_decode(trim($_GET['messageID'])));
// prepare temporary array for comments
$comments = array();
// get the parent message's data
$parentMessageData = Database::selectFirst("SELECT user_id FROM messages WHERE id = " . intval($messageID));
if (empty($parentMessageData)) {
$parentMessageData = array('user_id' => NULL);
}
// get the public IDs for all users in this comments thread
$publicUserIDs = UserIDsInThread::get($messageID);
// mark this comments thread as read
Database::update("UPDATE subscriptions SET counter = 0 WHERE message_id = " . intval($messageID) . " AND user_id = " . intval($userID));
// check if the authenticating user is an admin user
$isAdmin = in_array($userID, unserialize(CONFIG_ADMIN_USER_IDS));
// get the comments for the given message
$commentsQuery = "SELECT id, user_id, text_encrypted, comment_secret, private_to_user, time_inserted FROM comments WHERE message_id = " . intval($messageID);
// the content must either not have been deleted (flagged through reports) or the authenticating user must be the author of the content themself
$commentsQuery .= " AND (deleted = 0 OR user_id = " . intval($userID) . ")";
// unless the authenticating user has administrator privileges and those permissions allow the inspection of private conversations
if (!$isAdmin || !CONFIG_ADMINS_READ_PRIVATE) {
$msg = array('id' => base64_encode($item['message_id']), 'degree' => $item['degree'], 'colorHex' => $item['color_hex'], 'patternID' => $item['pattern_id'], 'text' => $textDecrypted, 'topic' => $item['topic'], 'favoritesCount' => $item['favorites_count'], 'commentsCount' => $item['comments_count'], 'countryISO3' => $item['country_iso3'], 'time' => $item['time_published']);
// if location data is available
if (isset($item['geo_lat']) && isset($item['geo_long'])) {
$msg['location'] = array('lat' => $item['geo_lat'], 'long' => $item['geo_long']);
}
// if in subscriptions mode return whether the author was banned for this message thread
if ($_GET['mode'] == 'subscriptions') {
$msg['reasonForBan'] = isset($item['reasonForBan']) && $item['reasonForBan'] == 1;
}
// add the message to the list
$messages[] = $msg;
}
}
}
}
// only if this is the first page
if ($startIndex == 0) {
// get the number of new subscription updates
$subscriptionUpdates = Database::selectFirst("SELECT COUNT(*) FROM subscriptions WHERE user_id = " . intval($userID) . " AND counter > 0");
$subscriptionUpdates = isset($subscriptionUpdates['COUNT(*)']) ? $subscriptionUpdates['COUNT(*)'] : 0;
} else {
// don't return any number for the subscription updates
$subscriptionUpdates = -1;
}
respond(array('status' => 'ok', 'messages' => $messages, 'subscriptionUpdates' => $subscriptionUpdates));
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'bad_request'));
}
// if a hexadecimal hash (32+ chars) is found
if (preg_match('/[abcdef0-9]{32,}/is', $text, $subpattern)) {
// return the extracted hash
return $subpattern[0];
} else {
// return an empty string because we didn't find the hash
return '';
}
}
$incomingSignature = isset($_SERVER['HTTP_X_TWILIO_SIGNATURE']) ? $_SERVER['HTTP_X_TWILIO_SIGNATURE'] : '';
$requiredSignature = getTwilioSignature(getTwilioEndpoint(), CONFIG_TWILIO_AUTH_CODE, $_POST);
if (hash_equals($incomingSignature, $requiredSignature)) {
if (isset($_POST['From']) && isset($_POST['Body'])) {
$incomingCode = extractHexHash($_POST['Body']);
// try to find an open request with the given verification code
$openRequest = Database::selectFirst("SELECT user_id, new_password FROM verifications WHERE verification_code = " . Database::escape($incomingCode) . " AND time_until > " . time());
// if an open request with the given code has been found
if (isset($openRequest['user_id']) && isset($openRequest['new_password'])) {
$usernameByPhoneNumber = makeHash(clientHash(trim($_POST['From'])));
// set the new password for the user if the actual phone number matches the pretended phone number (contained in the username)
Database::update("UPDATE users SET password = "******" WHERE id = " . intval($openRequest['user_id']) . " AND username = "******"UPDATE verifications SET time_until = 0 WHERE user_id = " . intval($openRequest['user_id']));
}
}
}
// overwrite the response type header
header('Content-type: application/xml; charset=utf-8');
// send an empty response for the Twilio API (do nothing) and exit
echo '<?xml version="1.0" encoding="utf-8"?>';
echo '<Response></Response>';
