public static function logOut($logout)
{
if ($logout) {
unset($_SESSION[self::$session_name]);
unset($_SESSION['user_info']);
unset($_SESSION['token_verified']);
self::$logged_in = false;
self::$info = false;
}
}
public function action_do()
{
if (count($_POST) && isset($_POST['username']) && isset($_POST['password'])) {
Session::instance();
$post = new Validation($_POST);
$post->filter('trim');
$post->filter('strtolower', 'username');
// Usename should always be lower case
$post_values = $post->as_array();
$user = new User(FALSE, $post_values['username'], $post_values['password']);
if ($user->logged_in() && $user->get_user_data('role') && array_intersect($user->get_role(), User::get_roles())) {
// The user logged in correctly, and got the role "admin". All good
$this->redirect('/admin');
} elseif (!$user->logged_in()) {
$_SESSION['modules']['pajas']['error'] = 'Wrong username or password';
} elseif (!$user->get_user_data('role') || !in_array('admin', $user->get_user_data('role'))) {
$_SESSION['modules']['pajas']['error'] = 'You are not authorized';
} else {
$_SESSION['modules']['pajas']['error'] = 'Unknown error';
}
}
$this->redirect();
}
<?php
require_once 'Plans.php';
require 'functions-main.php';
require 'syntax-classes.php';
$dbh = db_connect();
$idcookie = User::id();
$thispage = new PlansPage('Preferences', 'blocks', PLANSVNAME . ' - Blocking', 'blocks.php');
if (!User::logged_in()) {
populate_guest_page($thispage);
$denied = new AlertText('You are not allowed to edit as a guest.', 'Access Denied');
$thispage->append($denied);
} else {
populate_page($thispage, $dbh, $idcookie);
if (isset($_REQUEST["unblock_user"])) {
Block::removeBlock($idcookie, $_REQUEST["unblock_user"]);
$success = new InfoText('User unblocked.');
$thispage->append($success);
}
$header = new WidgetGroup('blocking_header', true);
$heading = new HeadingText('Blocking', 1);
$header->append($heading);
$thispage->append($header);
$user = User::get();
if ($user->webview == 1) {
$warning = new AlertText("Warning! Your plan is set to be viewable by guests. This will allow blocked users to read your plan\n simply by logging out. If you would like to change this setting, please visit\n <a href=\"/webview.php\">the guest settings page</a>.");
$header->append($warning);
}
$about = new InfoText('Users that you have blocked will not be able to read your plan, and you will not see each other listed in quicklove or search results.
<a href="/blocking-about.php">See the FAQ for more information</a>.
<br /><br />
<?php
require_once 'Plans.php';
require "functions-main.php";
require 'syntax-classes.php';
$dbh = db_connect();
$idcookie = User::id();
$thispage = new PlansPage('Main', 'home', PLANSVNAME, 'home.php');
if (User::logged_in()) {
populate_page($thispage, $dbh, $idcookie);
} else {
populate_guest_page($thispage);
}
$my_result = mysql_query("Select system.motd from system");
$my_row = mysql_fetch_array($my_result);
//get information from mysql query
// echo stripslashes(stripslashes($my_row[1])); //if logged in, show the private message
$motd = new PlanText(stripslashes(stripslashes($my_row[0])), false);
//display the main Plans message
$thispage->append($motd);
interface_disp_page($thispage);
db_disconnect($dbh);
<?php
require_once 'Plans.php';
if (isset($_GET['myprivl'])) {
$level = (int) $_GET['myprivl'];
} else {
$level = 1;
}
$_SESSION['glbs_lvl'] = $level;
if (isset($_GET["mark_as_read"]) && $_GET["mark_as_read"] == 1 && User::logged_in()) {
mark_as_read($dbh, User::id(), $_SESSION['glbs_lvl']);
}
Redirect($_SERVER['HTTP_REFERER']);
static function logOut($logout)
{
if ($logout && $_REQUEST['uniq'] == $_SESSION["logout_uniq"]) {
API::add('User', 'logOut', array($_SESSION['session_id']));
API::send();
$lang = $_SESSION['language'];
unset($_SESSION);
session_destroy();
session_start();
$_SESSION['language'] = $lang;
self::$logged_in = false;
self::$info = false;
}
}
public function action_user()
{
$formdata = array();
if (isset($_GET['id'])) {
$user = new User($_GET['id'], FALSE, FALSE, 'default', FALSE);
if (!$user->logged_in()) {
$this->redirect();
}
}
$this->list_available_data_fields();
if (!empty($_POST) && isset($_POST['username']) && isset($_POST['password'])) {
$post = new Validation($_POST);
$post->filter('trim');
$post->filter('strtolower', 'username');
$post->rule('Valid::not_empty', 'username');
if (isset($user)) {
if ($_POST['username'] != $user->get_username()) {
$post->rule('User::username_available', 'username');
}
} else {
$post->rule('User::username_available', 'username');
}
if (!isset($user)) {
$post->rule('Valid::not_empty', 'password');
}
if (isset($_POST['do_add_field'])) {
// Add another user data field and save no data, but repopulate the form fields
if (!isset($_SESSION['detail_fields'])) {
$_SESSION['detail_fields'] = array();
}
$_SESSION['detail_fields'][] = $_POST['add_field'];
// Reconstruct the form data to repopulate the form
$formdata = array();
$counter = 0;
$post_values = $post->as_array();
foreach ($post_values as $field => $data) {
if (substr($field, 0, 8) == 'fieldid_') {
foreach ($data as $data_piece) {
$counter++;
$formdata['field_' . substr($field, 8) . '_' . $counter] = trim($data_piece);
}
} elseif ($field == 'username') {
$formdata[$field] = $post_values[$field];
}
}
} else {
// Check for form errors
if ($post->validate()) {
// No form errors, add the user!
$post_values = $post->as_array();
// Erase the empty data fields
foreach ($post_values as $key => $value) {
if (substr($key, 0, 8) == 'fieldid_' && is_array($value)) {
foreach ($value as $nr => $value_piece) {
if ($value_piece == '') {
unset($post_values[$key][$nr]);
}
}
}
}
// Organize the field data and set the session fields
$fields = $_SESSION['detail_fields'] = array();
foreach ($post_values as $key => $value) {
if (substr($key, 0, 6) == 'field_') {
list($foobar, $field_id, $field_nr) = explode('_', $key);
$fields[User::get_data_field_name($field_id)][] = $value;
}
}
if (!isset($_GET['id'])) {
// Actually add the user
User::new_user($post_values['username'], $post_values['password'], $fields);
$this->add_message('User ' . $post_values['username'] . ' added');
} elseif (isset($user)) {
$user->set_user_data(array_merge($fields, array('username' => $post_values['username'], 'password' => $post_values['password'])), TRUE);
$this->add_message('User data saved');
}
} else {
// Form errors detected!
$this->add_error('Fix errors and try again');
$this->add_form_errors($post->errors());
$formdata = array();
$counter = 0;
$post_values = $post->as_array();
foreach ($post_values as $field => $data) {
if (substr($field, 0, 8) == 'fieldid_') {
foreach ($data as $data_piece) {
$counter++;
$formdata['field_' . substr($field, 8) . '_' . $counter] = trim($data_piece);
}
} elseif ($field == 'username') {
$formdata[$field] = $post_values[$field];
}
}
}
}
}
if (isset($user)) {
$formdata = array('username' => $user->get_username());
$counter = 0;
foreach ($user->get_user_data() as $field => $data) {
foreach ($data as $data_piece) {
$counter++;
$formdata['field_' . User::get_data_field_id($field) . '_' . $counter] = $data_piece;
}
}
}
if (!empty($_SESSION['detail_fields'])) {
foreach ($_SESSION['detail_fields'] as $field_id) {
$counter = 1;
while (isset($formdata['field_' . $field_id . '_' . $counter])) {
$counter++;
}
$formdata['field_' . $field_id . '_' . $counter] = '';
}
}
$this->set_formdata($formdata);
}
public static function is_guest()
{
return !User::logged_in();
}
echo BASE_URL;
?>
"><i class="fa fa-home fa-fw"></i> Home</a></li>
<li><a href=#>Music</a></li>
<li><a href=#>Dance</a></li>
<li><a href=#>Comedy</a></li>
<li><a href=#>About</a></li>
<li><a href=#>Contact</a></li>
</ul>
</li>
</ul>
</div>
<div class="nav-right">
<ul class="nav-list cf">
<?php
if ($user->logged_in() && !stripos($_SERVER['REQUEST_URI'], 'logout.php')) {
// IF logged in user is a site admin: Display appropriate links for access level
if ($user->data()->access_level > 0) {
?>
<li class="dropdown-toggler"><a href="<?php
echo BASE_URL . 'admin_panel.php';
?>
"><i class="fa fa-wrench fa-lg"></i> Site Admin</a>
<ul class="nav-list-dropdown">
<li><a href=#>Users</a></li>
<li><a href=#>Comments</a></li>
<?php
if ($user->data()->access_level > 1) {
echo '<li><a href="' . BASE_URL . 'test.php">Test Page</a></li>';
}
?>
function view_build_tab($cur, $new, $url, $title, $req_login)
{
global $base_url;
$active = ($cur == $new and !($req_login and !User::logged_in()));
$classes = array();
if ($active) {
array_push($classes, 'active');
}
if ($req_login and !User::logged_in()) {
array_push($classes, 'disabled');
}
if ($req_login and User::logged_in() or !$req_login) {
$contents = '<a href="' . $base_url . $url . '" title="' . $title . '"';
$contents .= '>' . $new . '</a>';
} else {
$contents = $new;
}
$tab = '<li';
if (count($classes) > 0) {
$classes = implode($classes, ' ');
$tab .= ' class="' . $classes . '">';
} else {
$tab .= '>';
}
$tab .= $contents . '</li>';
return $tab;
}
// For production, be a bit loose.
ini_set('register_globals', TRUE);
ini_set('register_long_arrays', TRUE);
ini_set('register_argc_argv', TRUE);
ini_set('track_errors', FALSE);
$GLOBALS['ENVIRONMENT'] = 'production';
}
// Turn off magic quotes if they're on
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
ini_set('short_open_tag', FALSE);
// Has no effect after PHP 4.0.0
// Simple functions
require_once 'functions-main.php';
new ResourceCounter();
new SessionBroker();
header('Content-Type: text/html; charset=UTF-8');
// If we're on a testing environment, warn them
if (User::logged_in() && $GLOBALS['ENVIRONMENT'] == 'testing' && !$_SESSION['accept_beta'] && basename($_SERVER['PHP_SELF']) != 'beta_warning.php') {
Redirect('beta_warning.php');
return;
}
public function actionLogin()
{
if (User::logged_in()) {
$this->redirect('/');
die;
}
$this->setLayout('outside');
$this->setLayoutVar('pageHead', 'Login to Your Account');
$this->setLayoutVar('pageTitle', 'Login');
$referrer = isset($_SESSION['flash']) && isset($_SESSION['flash']['referrer']) ? $_SESSION['flash']['referrer'] : $_SERVER['HTTP_REFERER'];
$this->setVar('username', '');
$this->setVar('referrer', $referrer);
if (!empty($this->post['submit'])) {
$result = User::login($this->post['username'], $this->post['password']);
if ($result['status']) {
if (!empty($this->post['referrer'])) {
$this->redirect($this->post['referrer']);
} else {
$this->redirect('/');
}
die;
} else {
Flash::set('failure', $result['message']);
$this->setVar('username', $this->post['user']);
}
}
}
/**
* Return a users's plan, either complete, partial, or only the remaining text
*/
function doReadTask()
{
global $log;
$response = array("message" => "", "success" => false);
$searchname = $_POST['username'];
$read_link = $_POST['readlinkreplacement'];
$limit_size = $_POST['limitsize'];
$partial = $_POST['partial'];
/*
* These two are used to define how much of a plan to return if the client
* requested a limited plan. The wiggle length is how much over the max length
* a plan can be before it gets returned. This way, if the user is prompted to
* download more or shown how much data is remaining it will be signifigant,
* instead of say, 2kb.
*/
$MAX_PLAN_LEN = 10240;
$WIGGLE_PLAN_LEN = 2048;
if (!User::logged_in()) {
$response['message'] = 'login required';
} else {
$idcookie = User::id();
$mydbh = db_connect();
$dbh = $mydbh;
$searchnum = get_item($mydbh, "userid", "accounts", "username", $searchname);
if (!isvaliduser($dbh, $searchname)) {
$response['message'] = 'invalid user name';
} else {
if (Block::isBlocking($searchnum, $idcookie)) {
$response['message'] = 'blocked';
} else {
$my_result = mysql_query("Select priority From autofinger where\n \t\t\towner = '{$idcookie}' and interest = '{$searchnum}'");
$onlist = mysql_fetch_array($my_result);
if ($onlist) {
update_read($dbh, $idcookie, $searchnum);
//mark as having been read
}
$response_info = array();
$q = Doctrine_Query::create()->from('Accounts a')->leftJoin('a.Plan p')->where('a.userid = ?', $searchnum);
$user = $q->fetchOne();
$response_info['username'] = $user->username;
if ($user->login == '0000-00-00 00:00:00') {
$response_info['last_login'] = "";
} else {
$response_info['last_login'] = date('n/j/y, g:i A', strtotime($user->login));
}
if ($user->changed == '0000-00-00 00:00:00') {
$response_info['last_updated'] = "";
} else {
$response_info['last_updated'] = date('n/j/y, g:i A', strtotime($user->changed));
}
$response_info['pseudo'] = $user->pseudo == null ? "" : $user->pseudo;
if ($read_link) {
//NOTE: If the planlove link ever changes, you may want to look at this pattern....
$search = '/read\\.php\\?searchname=([\\w]*)[^"|\']*/i';
//We expect the read_link to have {username} in it somewhere, which we'll swap in for the username
$replace = str_replace('{username}', '\\1', $read_link);
$user->Plan->plan = preg_replace($search, $replace, $user->Plan->plan);
}
if ($limit_size) {
//they requested a partial plan
$width = strlen($user->Plan->plan);
//we're preparing for multi byte characters
if ($width > $MAX_PLAN_LEN) {
$width_remaining = $width - $MAX_PLAN_LEN;
if ($width_remaining > $WIGGLE_PLAN_LEN) {
$response_info['partial'] = true;
$response_info['plan'] = mb_strimwidth($user->Plan->plan, 0, $MAX_PLAN_LEN);
$response_info['remaining'] = $width_remaining;
} else {
$response_info['plan'] = $user->Plan->plan;
}
} else {
$response_info['partial'] = false;
$response_info['plan'] = $user->Plan->plan;
}
$log->addToLog("PLAN WIDTH: " . strlen($user->Plan->plan));
} else {
if ($partial) {
//they requested only the last part of the plan
$response_info['remainingplan'] = mb_substr($user->Plan->plan, $MAX_PLAN_LEN);
} else {
$response_info['partial'] = false;
$response_info['plan'] = $user->Plan->plan;
}
}
$response['plandata'] = $response_info;
$response['success'] = true;
}
}
}
return $response;
}
