function api_auth_has_valid_crumb(&$method, $ttl = 0)
{
$crumb = request_str("crumb");
if (!$crumb) {
return 0;
}
$name = $method['name'];
$ttl = isset($method['crumb_ttl']) ? $method['crumb_ttl'] : 0;
if (!crumb_check("api", $ttl, $name)) {
return 0;
}
return 1;
}
loadlib("import_flickr");
loadlib("flickr");
loadlib("google");
#################################################################
login_ensure_loggedin("{$GLOBALS['cfg']['abs_root_url']}upload");
# temporary bits until everything gets merged in to one
# magic upload box...
$GLOBALS['smarty']->assign("include_url_upload", 1);
if (!$GLOBALS['cfg']['enable_feature_import']) {
$GLOBALS['error']['uploads_disabled'] = 1;
$smarty->display("page_upload_disabled.txt");
exit;
}
#################################################################
$crumb_key = 'upload';
$crumb_ok = crumb_check($crumb_key);
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
#
$label = filter_strict(post_str('label'));
$private = post_str('private') ? 1 : 0;
$dots_index_on = filter_strict(post_str('dots_index_on'));
$mime_type = filter_strict(post_str('mime_type'));
$GLOBALS['smarty']->assign("label", $label);
$GLOBALS['smarty']->assign("private", $private);
$GLOBALS['smarty']->assign("dots_index_on", $dots_index_on);
$GLOBALS['smarty']->assign("mime_type", $mime_type);
# This is here mostly in case we throw and error and need/want
# to tell users about valid import formats.
$import_map = formats_pretty_import_names_map();
$GLOBALS['smarty']->assign_by_ref("import_map", $import_map);
#
<?php
include "include/init.php";
login_ensure_loggedin("/account/foursquare/sync/");
$crumb_key = "foursquare_sync";
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
# put this in a library? which one...
$sync_states = array(0 => 'do not sync 4sq checkins', 1 => 'only sync recent 4sq checkins', 2 => 'sync all 4sq checkins past and future');
if (post_isset("done") && crumb_check($crumb_key)) {
$ok = 1;
if (!post_isset("sync")) {
$update_error = "missing sync";
$ok = 0;
}
if ($ok) {
$sync = post_int32("sync");
if (!isset($sync_states[$sync])) {
$update_error = "invalid sync";
$ok = 0;
}
}
if ($ok) {
if ($sync != $GLOBALS['cfg']['user']['sync_foursquare']) {
$update = array('sync_foursquare' => $sync);
$ok = users_update_user($GLOBALS['cfg']['user'], $update);
if ($ok) {
$GLOBALS['cfg']['user'] = users_get_by_id($GLOBALS['cfg']['user']['id']);
} else {
$update_error = "db error";
}
}
include "../include/init.php";
loadlib("god");
features_ensure_enabled("flickr_push");
loadlib("flickr_push");
loadlib("flickr_backups");
loadlib("flickr_push_photos");
loadlib("flickr_push_subscriptions");
$id = get_int32("id");
$sub = flickr_push_subscriptions_get_by_id($id);
if (!$sub) {
error_404();
}
$crumb_key = "delete_feed";
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
if (post_str("delete") && crumb_check($crumb_key)) {
$feed_rsp = flickr_push_unsubscribe($sub);
$GLOBALS['smarty']->assign("delete_feed", $feed_rsp);
if ($feed_rsp['ok']) {
$sub_rsp = flickr_push_subscriptions_delete($sub);
$GLOBALS['smarty']->assign("delete_sub", $sub_rsp);
if ($sub_rsp['ok']) {
$redir = "{$GLOBALS['cfg']['abs_root_url']}god/push/subscriptions/{$sub['user_id']}/";
header("location: {$redir}");
exit;
}
}
}
$topic_map = flickr_push_topic_map();
$sub['str_topic'] = $topic_map[$sub['topic_id']];
if ($sub['last_update_details']) {
login_ensure_loggedin();
#
# crumb key
#
$crumb_key = 'logout';
$smarty->assign("crumb_key", $crumb_key);
#
# sign out?
#
if (crumb_check($crumb_key)){
login_do_logout();
header("location: /");
exit;
}
#
# output
#
$smarty->display("page_signout.txt");
?>
<?php
#
# $Id$
#
include "include/init.php";
login_ensure_loggedin();
#
# crumb key
#
$crumb_key = 'account_password';
$smarty->assign("crumb_key", $crumb_key);
#
# update?
#
if (post_str('change') && crumb_check($crumb_key)) {
$old_pass = trim(post_str('old_password'));
$new_pass1 = trim(post_str('new_password1'));
$new_pass2 = trim(post_str('new_password2'));
$ok = 1;
if (login_encrypt_password($old_pass) !== $GLOBALS['cfg']['user']['password']) {
$smarty->assign('error_oldpass_mismatch', 1);
$ok = 0;
}
if ($ok && $new_pass1 !== $new_pass2) {
$smarty->assign('error_newpass_mismatch', 1);
$ok = 0;
}
if ($ok && !strlen($new_pass2)) {
$smarty->assign('error_newpass_empty', 1);
$ok = 0;
<?php
include "include/init.php";
loadlib("api_keys");
loadlib("api_keys_utils");
features_ensure_enabled("api");
features_ensure_enabled("api_register_keys");
login_ensure_loggedin();
$crumb_key = 'api_key';
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
$step = 1;
if (post_isset('done') && crumb_check($crumb_key)) {
$ok = 1;
$title = filter_strict(post_str("title"));
$description = filter_strict(post_str("description"));
$callback = filter_strict(post_str("callback"));
$conf = post_str("confirm");
if ($ok && !$title) {
$GLOBALS['smarty']->assign("error", "no_title");
$ok = 0;
} else {
$GLOBALS['smarty']->assign("title", $title);
}
if ($ok && !$description) {
$GLOBALS['smarty']->assign("error", "no_description");
$ok = 0;
} else {
$GLOBALS['smarty']->assign("description", $description);
}
if ($ok && $callback) {
if (!api_keys_utils_is_valid_callback($callback)) {
<?php
#
# $Id$
#
include "include/init.php";
login_ensure_loggedin();
#
# generate a crumb
#
$crumb_key = 'account_delete';
$smarty->assign('crumb_key', $crumb_key);
#
# delete account?
#
if (post_str('delete') && crumb_check($crumb_key)) {
if (post_str('confirm')) {
$ok = users_delete_user($GLOBALS['cfg']['user']);
if ($ok) {
login_do_logout();
$smarty->display('page_account_delete_done.txt');
exit;
}
$smarty->assign('error_deleting', 1);
$smarty->display('page_account_delete.txt');
exit;
}
$smarty->display('page_account_delete_confirm.txt');
exit;
}
#
$ok = 1;
if ($url) {
$parsed_url = utils_parse_url($url);
if (!preg_match("/(www\\.)?flickr\\.com/", $parsed_url['host'])) {
$GLOBALS['error']['not_flickr'] = 1;
$ok = 0;
}
$GLOBALS['smarty']->assign("url", $url);
$GLOBALS['smarty']->assign("parsed_url", $parsed_url);
}
if ($url && $ok) {
$feed_url = flickr_get_georss_feed($url);
if (!$feed_url) {
$GLOBALS['error']['no_feed_url'] = 1;
$ok = 0;
}
}
#
if ($url && $ok && post_str('confirm') && crumb_check($crumb_key)) {
$label = filter_strict(post_str('label'));
$private = post_str('private') ? 1 : 0;
$more = array('label' => $label, 'mark_all_private' => $private, 'return_dots' => 0, 'assume_mime_type' => 'application/rss+xml');
if ($GLOBALS['cfg']['enable_feature_dots_indexing']) {
$more['dots_index_on'] = post_str('dots_index_on');
}
$import_rsp = import_import_uri($GLOBALS['cfg']['user'], $feed_url, $more);
$GLOBALS['smarty']->assign_by_ref("import_rsp", $import_rsp);
}
#
$GLOBALS['smarty']->display("page_upload_by_flickr.txt");
exit;
$GLOBALS['smarty']->display("page_account_flickr_auth.txt");
exit;
} else {
}
if ($flickr_user['auth_token']) {
# Perms are the same; just carry on...
if ($flickr_user['token_perms'] == $perms_map_str[$perms]) {
$redir = get_str("redir");
if (!$redir) {
$redir = $GLOBALS['cfg']['abs_root_url'];
}
header("location: {$redir}");
exit;
}
# confirm token perms change
if (!crumb_check($crumb_key) || !post_str("confirm")) {
$old_perms = $perms_map[$flickr_user['token_perms']];
$GLOBALS['smarty']->assign("old_perms", $old_perms);
$GLOBALS['smarty']->assign("new_perms", $perms);
$more_permissive = $perms_map_str[$perms] > $flickr_user['token_perms'] ? 1 : 0;
$GLOBALS['smarty']->assign("more_permissive", $more_permissive);
$GLOBALS['smarty']->display("page_account_flickr_auth.txt");
exit;
}
}
#
$now = time();
$crumb = implode(":", array($GLOBALS['cfg']['user']['id'], $now));
$enc_crumb = crypto_encrypt($crumb, $GLOBALS['cfg']['flickr_api_secret']);
$extra = array('crumb' => $enc_crumb);
if ($redir = get_str('redir')) {
$key_row = api_keys_utils_get_from_url($key_more);
$crumb_key = 'this_api_key';
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
$token_count = api_oauth2_access_tokens_count_for_key($key_row);
$GLOBALS['smarty']->assign("token_count", $token_count);
if (post_isset('delete') && crumb_check($crumb_key) && !$key_row['disabled']) {
$conf = post_str("confirm");
if ($conf) {
$rsp = api_keys_delete($key_row);
$GLOBALS['smarty']->assign_by_ref("delete_rsp", $rsp);
}
$GLOBALS['smarty']->assign_by_ref("key", $key_row);
$GLOBALS['smarty']->display("page_api_key_delete.txt");
exit;
} else {
if (post_isset('done') && crumb_check($crumb_key) && !$key_row['disabled']) {
$ok = 1;
$update = array();
$title = filter_strict(post_str("title"));
$description = filter_strict(post_str("description"));
$callback = filter_strict(post_str("callback"));
if ($ok && !$title) {
$GLOBALS['smarty']->assign("error", "no_title");
$ok = 0;
}
if ($ok && !$description) {
$GLOBALS['smarty']->assign("error", "no_description");
$ok = 0;
}
if ($ok && $callback) {
if (!api_keys_utils_is_valid_callback($callback)) {
}
}
#
# Okay, you buy?
#
if (!$ok) {
$GLOBALS['error']['invalid_url'] = 1;
$GLOBALS['error']['details'] = $error_details;
$GLOBALS['smarty']->display('page_upload_by_url_form.txt');
exit;
}
#
# Confirmation and/or remote fetching
#
$smarty->assign_by_ref('parsed_url', $parsed);
$smarty->assign('url', $url);
if (post_isset('confirm') && crumb_check($crumb_key)) {
$label = filter_strict(post_str('label'));
$private = post_str('private') ? 1 : 0;
$dots_index_on = filter_strict(post_str('dots_index_on'));
$more = array('label' => $label, 'mark_all_private' => $private, 'return_dots' => 0, 'dots_index_on' => $dots_index_on);
if ($mime_type = post_str('mime_type')) {
$more['assume_mime_type'] = $mime_type;
}
$rsp = import_import_uri($GLOBALS['cfg']['user'], $url, $more);
$smarty->assign_by_ref('import', $rsp);
}
$import_formats = formats_valid_import_map('key by extension');
$GLOBALS['smarty']->assign_by_ref("import_formats", $import_formats);
$smarty->display("page_upload_by_url.txt");
exit;
loadlib("flickr_push_subscriptions");
$topic_map = flickr_push_subscriptions_topic_map();
$GLOBALS['smarty']->assign_by_ref("topic_map", $topic_map);
if ($user_id = get_int32("user_id")) {
$owner = users_get_by_id($user_id);
if (!$owner) {
error_404();
}
$GLOBALS['smarty']->assign_by_ref("owner", $owner);
}
$is_backup_user = $owner && flickr_backups_is_registered_user($owner) ? 1 : 0;
$GLOBALS['smarty']->assign("is_backup_user", $is_backup_user);
if ($is_backup_user) {
$crumb_key = "create_feed";
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
if (post_str("create") && crumb_check($crumb_key)) {
$topic_id = post_int32("topic_id");
if (flickr_push_subscriptions_is_valid_topic_id($topic_id)) {
# HEY LOOK! THIS STILL DOESN'T DEAL WITH FEEDS THAT
# NEED OR HAVE TOPIC ARGS (20120605/straup)
# As a practical matter that just means that the
# API call to register a subscription with
# Flickr will fail. Since we're already
# disabling these topics at the template layer I
# am less inclined to also check here. If
# someone is passing args that means they're
# just doofing around and well, you know,
# whatever... (20120612/straup)
$sub = array('user_id' => $owner['id'], 'topic_id' => $topic_id);
$rsp = flickr_push_subscriptions_register_subscription($sub);
$GLOBALS['smarty']->assign_by_ref("create_sub", $rsp);
#
# $Id$
#
include "include/init.php";
loadlib("import");
#################################################################
login_ensure_loggedin("{$GLOBALS['cfg']['abs_root_url']}upload");
if (!$GLOBALS['cfg']['enable_feature_import']) {
$GLOBALS['error']['uploads_disabled'] = 1;
$smarty->display("page_upload.txt");
exit;
}
#################################################################
$crumb_key = 'upload';
$smarty->assign("crumb_key", $crumb_key);
if ($_FILES['upload'] && crumb_check($crumb_key)) {
if (!$_FILES['upload']['error']) {
$label = filter_strict(post_str('label'));
$dots_index_on = filter_strict(post_str('dots_index_on'));
$private = post_str('private') ? 1 : 0;
$more = array('return_dots' => 0, 'label' => $label, 'mime_type' => $_FILES['upload']['type'], 'mark_all_private' => $private, 'dots_index_on' => $dots_index_on);
if ($mime_type = post_str('mime_type')) {
$more['assume_mime_type'] = $mime_type;
}
$_FILES['upload']['path'] = $_FILES['upload']['tmp_name'];
$rsp = import_import_file($GLOBALS['cfg']['user'], $_FILES['upload'], $more);
$smarty->assign("upload_complete", 1);
$smarty->assign_by_ref("rsp", $rsp);
} else {
# ...
}
