function api_auth_has_valid_crumb(&$method, $ttl = 0) { $crumb = request_str("crumb"); if (!$crumb) { return 0; } $name = $method['name']; $ttl = isset($method['crumb_ttl']) ? $method['crumb_ttl'] : 0; if (!crumb_check("api", $ttl, $name)) { return 0; } return 1; }
loadlib("import_flickr"); loadlib("flickr"); loadlib("google"); ################################################################# login_ensure_loggedin("{$GLOBALS['cfg']['abs_root_url']}upload"); # temporary bits until everything gets merged in to one # magic upload box... $GLOBALS['smarty']->assign("include_url_upload", 1); if (!$GLOBALS['cfg']['enable_feature_import']) { $GLOBALS['error']['uploads_disabled'] = 1; $smarty->display("page_upload_disabled.txt"); exit; } ################################################################# $crumb_key = 'upload'; $crumb_ok = crumb_check($crumb_key); $GLOBALS['smarty']->assign("crumb_key", $crumb_key); # $label = filter_strict(post_str('label')); $private = post_str('private') ? 1 : 0; $dots_index_on = filter_strict(post_str('dots_index_on')); $mime_type = filter_strict(post_str('mime_type')); $GLOBALS['smarty']->assign("label", $label); $GLOBALS['smarty']->assign("private", $private); $GLOBALS['smarty']->assign("dots_index_on", $dots_index_on); $GLOBALS['smarty']->assign("mime_type", $mime_type); # This is here mostly in case we throw and error and need/want # to tell users about valid import formats. $import_map = formats_pretty_import_names_map(); $GLOBALS['smarty']->assign_by_ref("import_map", $import_map); #
<?php include "include/init.php"; login_ensure_loggedin("/account/foursquare/sync/"); $crumb_key = "foursquare_sync"; $GLOBALS['smarty']->assign("crumb_key", $crumb_key); # put this in a library? which one... $sync_states = array(0 => 'do not sync 4sq checkins', 1 => 'only sync recent 4sq checkins', 2 => 'sync all 4sq checkins past and future'); if (post_isset("done") && crumb_check($crumb_key)) { $ok = 1; if (!post_isset("sync")) { $update_error = "missing sync"; $ok = 0; } if ($ok) { $sync = post_int32("sync"); if (!isset($sync_states[$sync])) { $update_error = "invalid sync"; $ok = 0; } } if ($ok) { if ($sync != $GLOBALS['cfg']['user']['sync_foursquare']) { $update = array('sync_foursquare' => $sync); $ok = users_update_user($GLOBALS['cfg']['user'], $update); if ($ok) { $GLOBALS['cfg']['user'] = users_get_by_id($GLOBALS['cfg']['user']['id']); } else { $update_error = "db error"; } }
include "../include/init.php"; loadlib("god"); features_ensure_enabled("flickr_push"); loadlib("flickr_push"); loadlib("flickr_backups"); loadlib("flickr_push_photos"); loadlib("flickr_push_subscriptions"); $id = get_int32("id"); $sub = flickr_push_subscriptions_get_by_id($id); if (!$sub) { error_404(); } $crumb_key = "delete_feed"; $GLOBALS['smarty']->assign("crumb_key", $crumb_key); if (post_str("delete") && crumb_check($crumb_key)) { $feed_rsp = flickr_push_unsubscribe($sub); $GLOBALS['smarty']->assign("delete_feed", $feed_rsp); if ($feed_rsp['ok']) { $sub_rsp = flickr_push_subscriptions_delete($sub); $GLOBALS['smarty']->assign("delete_sub", $sub_rsp); if ($sub_rsp['ok']) { $redir = "{$GLOBALS['cfg']['abs_root_url']}god/push/subscriptions/{$sub['user_id']}/"; header("location: {$redir}"); exit; } } } $topic_map = flickr_push_topic_map(); $sub['str_topic'] = $topic_map[$sub['topic_id']]; if ($sub['last_update_details']) {
login_ensure_loggedin(); # # crumb key # $crumb_key = 'logout'; $smarty->assign("crumb_key", $crumb_key); # # sign out? # if (crumb_check($crumb_key)){ login_do_logout(); header("location: /"); exit; } # # output # $smarty->display("page_signout.txt"); ?>
<?php # # $Id$ # include "include/init.php"; login_ensure_loggedin(); # # crumb key # $crumb_key = 'account_password'; $smarty->assign("crumb_key", $crumb_key); # # update? # if (post_str('change') && crumb_check($crumb_key)) { $old_pass = trim(post_str('old_password')); $new_pass1 = trim(post_str('new_password1')); $new_pass2 = trim(post_str('new_password2')); $ok = 1; if (login_encrypt_password($old_pass) !== $GLOBALS['cfg']['user']['password']) { $smarty->assign('error_oldpass_mismatch', 1); $ok = 0; } if ($ok && $new_pass1 !== $new_pass2) { $smarty->assign('error_newpass_mismatch', 1); $ok = 0; } if ($ok && !strlen($new_pass2)) { $smarty->assign('error_newpass_empty', 1); $ok = 0;
<?php include "include/init.php"; loadlib("api_keys"); loadlib("api_keys_utils"); features_ensure_enabled("api"); features_ensure_enabled("api_register_keys"); login_ensure_loggedin(); $crumb_key = 'api_key'; $GLOBALS['smarty']->assign("crumb_key", $crumb_key); $step = 1; if (post_isset('done') && crumb_check($crumb_key)) { $ok = 1; $title = filter_strict(post_str("title")); $description = filter_strict(post_str("description")); $callback = filter_strict(post_str("callback")); $conf = post_str("confirm"); if ($ok && !$title) { $GLOBALS['smarty']->assign("error", "no_title"); $ok = 0; } else { $GLOBALS['smarty']->assign("title", $title); } if ($ok && !$description) { $GLOBALS['smarty']->assign("error", "no_description"); $ok = 0; } else { $GLOBALS['smarty']->assign("description", $description); } if ($ok && $callback) { if (!api_keys_utils_is_valid_callback($callback)) {
<?php # # $Id$ # include "include/init.php"; login_ensure_loggedin(); # # generate a crumb # $crumb_key = 'account_delete'; $smarty->assign('crumb_key', $crumb_key); # # delete account? # if (post_str('delete') && crumb_check($crumb_key)) { if (post_str('confirm')) { $ok = users_delete_user($GLOBALS['cfg']['user']); if ($ok) { login_do_logout(); $smarty->display('page_account_delete_done.txt'); exit; } $smarty->assign('error_deleting', 1); $smarty->display('page_account_delete.txt'); exit; } $smarty->display('page_account_delete_confirm.txt'); exit; } #
$ok = 1; if ($url) { $parsed_url = utils_parse_url($url); if (!preg_match("/(www\\.)?flickr\\.com/", $parsed_url['host'])) { $GLOBALS['error']['not_flickr'] = 1; $ok = 0; } $GLOBALS['smarty']->assign("url", $url); $GLOBALS['smarty']->assign("parsed_url", $parsed_url); } if ($url && $ok) { $feed_url = flickr_get_georss_feed($url); if (!$feed_url) { $GLOBALS['error']['no_feed_url'] = 1; $ok = 0; } } # if ($url && $ok && post_str('confirm') && crumb_check($crumb_key)) { $label = filter_strict(post_str('label')); $private = post_str('private') ? 1 : 0; $more = array('label' => $label, 'mark_all_private' => $private, 'return_dots' => 0, 'assume_mime_type' => 'application/rss+xml'); if ($GLOBALS['cfg']['enable_feature_dots_indexing']) { $more['dots_index_on'] = post_str('dots_index_on'); } $import_rsp = import_import_uri($GLOBALS['cfg']['user'], $feed_url, $more); $GLOBALS['smarty']->assign_by_ref("import_rsp", $import_rsp); } # $GLOBALS['smarty']->display("page_upload_by_flickr.txt"); exit;
$GLOBALS['smarty']->display("page_account_flickr_auth.txt"); exit; } else { } if ($flickr_user['auth_token']) { # Perms are the same; just carry on... if ($flickr_user['token_perms'] == $perms_map_str[$perms]) { $redir = get_str("redir"); if (!$redir) { $redir = $GLOBALS['cfg']['abs_root_url']; } header("location: {$redir}"); exit; } # confirm token perms change if (!crumb_check($crumb_key) || !post_str("confirm")) { $old_perms = $perms_map[$flickr_user['token_perms']]; $GLOBALS['smarty']->assign("old_perms", $old_perms); $GLOBALS['smarty']->assign("new_perms", $perms); $more_permissive = $perms_map_str[$perms] > $flickr_user['token_perms'] ? 1 : 0; $GLOBALS['smarty']->assign("more_permissive", $more_permissive); $GLOBALS['smarty']->display("page_account_flickr_auth.txt"); exit; } } # $now = time(); $crumb = implode(":", array($GLOBALS['cfg']['user']['id'], $now)); $enc_crumb = crypto_encrypt($crumb, $GLOBALS['cfg']['flickr_api_secret']); $extra = array('crumb' => $enc_crumb); if ($redir = get_str('redir')) {
$key_row = api_keys_utils_get_from_url($key_more); $crumb_key = 'this_api_key'; $GLOBALS['smarty']->assign("crumb_key", $crumb_key); $token_count = api_oauth2_access_tokens_count_for_key($key_row); $GLOBALS['smarty']->assign("token_count", $token_count); if (post_isset('delete') && crumb_check($crumb_key) && !$key_row['disabled']) { $conf = post_str("confirm"); if ($conf) { $rsp = api_keys_delete($key_row); $GLOBALS['smarty']->assign_by_ref("delete_rsp", $rsp); } $GLOBALS['smarty']->assign_by_ref("key", $key_row); $GLOBALS['smarty']->display("page_api_key_delete.txt"); exit; } else { if (post_isset('done') && crumb_check($crumb_key) && !$key_row['disabled']) { $ok = 1; $update = array(); $title = filter_strict(post_str("title")); $description = filter_strict(post_str("description")); $callback = filter_strict(post_str("callback")); if ($ok && !$title) { $GLOBALS['smarty']->assign("error", "no_title"); $ok = 0; } if ($ok && !$description) { $GLOBALS['smarty']->assign("error", "no_description"); $ok = 0; } if ($ok && $callback) { if (!api_keys_utils_is_valid_callback($callback)) {
} } # # Okay, you buy? # if (!$ok) { $GLOBALS['error']['invalid_url'] = 1; $GLOBALS['error']['details'] = $error_details; $GLOBALS['smarty']->display('page_upload_by_url_form.txt'); exit; } # # Confirmation and/or remote fetching # $smarty->assign_by_ref('parsed_url', $parsed); $smarty->assign('url', $url); if (post_isset('confirm') && crumb_check($crumb_key)) { $label = filter_strict(post_str('label')); $private = post_str('private') ? 1 : 0; $dots_index_on = filter_strict(post_str('dots_index_on')); $more = array('label' => $label, 'mark_all_private' => $private, 'return_dots' => 0, 'dots_index_on' => $dots_index_on); if ($mime_type = post_str('mime_type')) { $more['assume_mime_type'] = $mime_type; } $rsp = import_import_uri($GLOBALS['cfg']['user'], $url, $more); $smarty->assign_by_ref('import', $rsp); } $import_formats = formats_valid_import_map('key by extension'); $GLOBALS['smarty']->assign_by_ref("import_formats", $import_formats); $smarty->display("page_upload_by_url.txt"); exit;
loadlib("flickr_push_subscriptions"); $topic_map = flickr_push_subscriptions_topic_map(); $GLOBALS['smarty']->assign_by_ref("topic_map", $topic_map); if ($user_id = get_int32("user_id")) { $owner = users_get_by_id($user_id); if (!$owner) { error_404(); } $GLOBALS['smarty']->assign_by_ref("owner", $owner); } $is_backup_user = $owner && flickr_backups_is_registered_user($owner) ? 1 : 0; $GLOBALS['smarty']->assign("is_backup_user", $is_backup_user); if ($is_backup_user) { $crumb_key = "create_feed"; $GLOBALS['smarty']->assign("crumb_key", $crumb_key); if (post_str("create") && crumb_check($crumb_key)) { $topic_id = post_int32("topic_id"); if (flickr_push_subscriptions_is_valid_topic_id($topic_id)) { # HEY LOOK! THIS STILL DOESN'T DEAL WITH FEEDS THAT # NEED OR HAVE TOPIC ARGS (20120605/straup) # As a practical matter that just means that the # API call to register a subscription with # Flickr will fail. Since we're already # disabling these topics at the template layer I # am less inclined to also check here. If # someone is passing args that means they're # just doofing around and well, you know, # whatever... (20120612/straup) $sub = array('user_id' => $owner['id'], 'topic_id' => $topic_id); $rsp = flickr_push_subscriptions_register_subscription($sub); $GLOBALS['smarty']->assign_by_ref("create_sub", $rsp);
# # $Id$ # include "include/init.php"; loadlib("import"); ################################################################# login_ensure_loggedin("{$GLOBALS['cfg']['abs_root_url']}upload"); if (!$GLOBALS['cfg']['enable_feature_import']) { $GLOBALS['error']['uploads_disabled'] = 1; $smarty->display("page_upload.txt"); exit; } ################################################################# $crumb_key = 'upload'; $smarty->assign("crumb_key", $crumb_key); if ($_FILES['upload'] && crumb_check($crumb_key)) { if (!$_FILES['upload']['error']) { $label = filter_strict(post_str('label')); $dots_index_on = filter_strict(post_str('dots_index_on')); $private = post_str('private') ? 1 : 0; $more = array('return_dots' => 0, 'label' => $label, 'mime_type' => $_FILES['upload']['type'], 'mark_all_private' => $private, 'dots_index_on' => $dots_index_on); if ($mime_type = post_str('mime_type')) { $more['assume_mime_type'] = $mime_type; } $_FILES['upload']['path'] = $_FILES['upload']['tmp_name']; $rsp = import_import_file($GLOBALS['cfg']['user'], $_FILES['upload'], $more); $smarty->assign("upload_complete", 1); $smarty->assign_by_ref("rsp", $rsp); } else { # ... }