Beispiel #1
0
/**
 * Encrypt some data using asymmetric encryption and the site's public key. This will return the original data if encryption is disabled. It will add a magic marker to the start of the returned string to show it's been encrypted.
 * A fatal error will occur if the public key cannot be found, or if encryption fails for whatever reason.
 * Note that this will blindly re-encrypt data which has already been encrypted. You should check data with is_data_encrypted() first.
 *
 * @param  string		Data to be encrypted
 * @return string		Encrypted data, with magic marker
 */
function encrypt_data($data)
{
    if (!is_encryption_enabled()) {
        return $data;
    }
    if ($data == '') {
        return $data;
    }
    if (is_data_encrypted($data)) {
        return $data;
    }
    if (!function_exists('openssl_pkey_get_public')) {
        return $data;
    }
    if (!function_exists('openssl_public_encrypt')) {
        return $data;
    }
    /* See http://uk.php.net/manual/en/function.openssl-pkey-get-public.php */
    $key = openssl_pkey_get_public('file://' . get_option('encryption_key'));
    if ($key === false) {
        attach_message(do_lang_tempcode('ENCRYPTION_KEY_ERROR'), 'warn');
        return '';
    }
    $maxlength = 117;
    $output = '';
    while (strlen($data) > 0) {
        $input = substr($data, 0, $maxlength);
        $data = substr($data, $maxlength);
        $encrypted = '';
        if (!openssl_public_encrypt($input, $encrypted, $key)) {
            attach_message(do_lang_tempcode('ENCRYPTION_ERROR'), 'warn');
            return '';
        }
        $output .= $encrypted;
    }
    return '(Encrypted!)' . base64_encode($output);
}
 /**
  * Standard aed_module edit form filler.
  *
  * @param  ID_TEXT		The entry being edited
  * @return tempcode		The edit form
  */
 function fill_in_edit_form($id)
 {
     $rows = $GLOBALS['FORUM_DB']->query_select('f_custom_fields', array('*'), array('id' => intval($id)));
     if (!array_key_exists(0, $rows)) {
         warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
     }
     $myrow = $rows[0];
     $name = get_translated_text($myrow['cf_name'], $GLOBALS['FORUM_DB']);
     $description = get_translated_text($myrow['cf_description'], $GLOBALS['FORUM_DB']);
     $default = $myrow['cf_default'];
     require_code('encryption');
     $encrypted = $myrow['cf_encrypted'] == 1 && is_encryption_enabled();
     $public_view = $myrow['cf_public_view'] == 1 && !$encrypted ? 1 : 0;
     $owner_view = $myrow['cf_owner_view'];
     $owner_set = $myrow['cf_owner_set'];
     $type = $myrow['cf_type'];
     $required = $myrow['cf_required'];
     $show_in_posts = $myrow['cf_show_in_posts'];
     $show_in_post_previews = $myrow['cf_show_in_post_previews'];
     $order = $myrow['cf_order'];
     $only_group = $myrow['cf_only_group'];
     if (!array_key_exists('cf_show_on_join_form', $myrow)) {
         $GLOBALS['FORUM_DB']->add_table_field('f_custom_fields', 'cf_show_on_join_form', 'BINARY', 0);
         $GLOBALS['FORUM_DB']->query('UPDATE ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_custom_fields SET cf_show_on_join_form=cf_required');
         $rows = $GLOBALS['FORUM_DB']->query_select('f_custom_fields', array('*'), array('id' => intval($id)));
         $myrow = $rows[0];
     }
     $show_on_join_form = $myrow['cf_show_on_join_form'];
     $fields = $this->get_form_fields($name, $description, $default, $public_view, $owner_view, $owner_set, $encrypted, $type, $required, $show_on_join_form, $show_in_posts, $show_in_post_previews, $order, $only_group, $myrow['cf_locked']);
     return $fields;
 }
Beispiel #3
0
/**
 * Gets all a member's custom fields that match certain parameters.
 *
 * @param  MEMBER		The member.
 * @param  ?BINARY	That are publicly viewable (NULL: don't care).
 * @param  ?BINARY	That are owner viewable (NULL: don't care).
 * @param  ?BINARY	That are owner settable (NULL: don't care).
 * @param  ?BINARY	That are encrypted (NULL: don't care).
 * @param  ?BINARY	That are required (NULL: don't care).
 * @param  ?BINARY	That are to be shown in posts (NULL: don't care).
 * @param  ?BINARY	That are to be shown in post previews (NULL: don't care).
 * @param  BINARY		That start 'ocp_'
 * @param  ?boolean	That are to go on the join form (NULL: don't care).
 * @return array		A mapping of field title to a map of details: 'RAW' as the raw field value, 'RENDERED' as the rendered field value.
 */
function ocf_get_all_custom_fields_match_member($member_id, $public_view = NULL, $owner_view = NULL, $owner_set = NULL, $encrypted = NULL, $required = NULL, $show_in_posts = NULL, $show_in_post_previews = NULL, $special_start = 0, $show_on_join_form = NULL)
{
    $fields_to_show = ocf_get_all_custom_fields_match($GLOBALS['FORUM_DRIVER']->get_members_groups($member_id), $public_view, $owner_view, $owner_set, $required, $show_in_posts, $show_in_post_previews, $special_start, $show_on_join_form);
    $custom_fields = array();
    $member_mappings = ocf_get_custom_field_mappings($member_id);
    $member_value = mixed();
    // Initialise type to mixed
    $all_cpf_permissions = get_member() == $member_id || $GLOBALS['FORUM_DRIVER']->is_super_admin(get_member()) ? array() : list_to_map('field_id', $GLOBALS['FORUM_DB']->query_select('f_member_cpf_perms', array('*'), array('member_id' => $member_id)));
    require_code('fields');
    foreach ($fields_to_show as $i => $field_to_show) {
        $member_value = $member_mappings['field_' . strval($field_to_show['id'])];
        // Decrypt the value if appropriate
        if (array_key_exists('cf_encrypted', $field_to_show) && $field_to_show['cf_encrypted'] == 1) {
            require_code('encryption');
            if (is_encryption_enabled() && !is_null(post_param('decrypt', NULL))) {
                $member_value = decrypt_data($member_value, post_param('decrypt'));
            }
        }
        $ob = get_fields_hook($field_to_show['cf_type']);
        list(, , $storage_type) = $ob->get_field_value_row_bits($field_to_show);
        if (strpos($storage_type, '_trans') !== false) {
            if (is_null($member_value) || $member_value == 0) {
                $member_value = '';
            } else {
                $member_value = get_translated_tempcode($member_value, $GLOBALS['FORUM_DB']);
            }
            // This is meant to be '' for blank, not new ocp_tempcode()
            if (is_object($member_value) && $member_value->is_empty()) {
                $member_value = '';
            }
        }
        // get custom permissions for the current CPF
        $cpf_permissions = array_key_exists($field_to_show['id'], $all_cpf_permissions) ? $all_cpf_permissions[$field_to_show['id']] : array();
        $display_cpf = true;
        // if there are custom permissions set and we are not showing to all
        if (array_key_exists(0, $cpf_permissions) && !is_null($public_view)) {
            $display_cpf = false;
            // Negative ones
            if ($cpf_permissions[0]['guest_view'] == 1) {
                $display_cpf = true;
            }
            if (!is_guest()) {
                if ($cpf_permissions[0]['member_view'] == 1) {
                    $display_cpf = true;
                }
            }
            if (!$display_cpf) {
                if ($cpf_permissions[0]['friend_view'] == 1) {
                    if (!is_null($GLOBALS['SITE_DB']->query_value_null_ok('chat_buddies', 'member_liked', array('member_likes' => $member_id, 'member_liked' => get_member())))) {
                        $display_cpf = true;
                    }
                }
                if (!is_guest()) {
                    if ($cpf_permissions[0]['group_view'] == 'all') {
                        $display_cpf = true;
                    } else {
                        if (strlen($cpf_permissions[0]['group_view']) > 0) {
                            require_code('ocfiltering');
                            $groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(false, false, false, NULL, $member_id);
                            $groups_to_search = array();
                            foreach (array_keys($groups) as $group_id) {
                                $groups_to_search[$group_id] = NULL;
                            }
                            $matched_groups = ocfilter_to_idlist_using_memory($cpf_permissions[0]['group_view'], $groups_to_search);
                            if (count($matched_groups) > 0) {
                                $display_cpf = true;
                            }
                        }
                    }
                }
            }
        }
        if ($display_cpf) {
            $rendered_value = $ob->render_field_value($field_to_show, $member_value, $i, NULL);
            $custom_fields[$field_to_show['trans_name']] = array('RAW' => $member_value, 'RENDERED' => $rendered_value);
        }
    }
    return $custom_fields;
}
/**
 * Get form fields for adding/editing/finishing a member profile.
 *
 * @param  boolean			Whether we are only handling the essential details of a profile.
 * @param  ?MEMBER			The ID of the member we are handling (NULL: new member).
 * @param  ?array				A list of usergroups (NULL: default/current usergroups).
 * @param  ?array				A map of custom fields values (field-id=>value) (NULL: not known).
 * @return array				A pair: The form fields, Hidden fields (both Tempcode).
 */
function ocf_get_member_fields_profile($mini_mode = true, $member_id = NULL, $groups = NULL, $custom_fields = NULL)
{
    $fields = new ocp_tempcode();
    $hidden = new ocp_tempcode();
    if (is_null($groups)) {
        $groups = is_null($member_id) ? ocf_get_all_default_groups(true) : $GLOBALS['OCF_DRIVER']->get_members_groups($member_id);
    }
    $_custom_fields = ocf_get_all_custom_fields_match($groups, $mini_mode || is_null($member_id) || $member_id == get_member() || has_specific_permission(get_member(), 'view_any_profile_field') ? NULL : 1, $mini_mode || is_null($member_id) || $member_id != get_member() ? NULL : 1, $mini_mode || is_null($member_id) || $member_id != get_member() ? NULL : 1, NULL, NULL, NULL, 0, $mini_mode ? true : NULL);
    $GLOBALS['NO_DEBUG_MODE_FULLSTOP_CHECK'] = true;
    $field_groups = array();
    require_code('fields');
    foreach ($_custom_fields as $custom_field) {
        //		if (($custom_field['cf_locked']==0) || (!is_null($member_id)))
        //		{
        $ob = get_fields_hook($custom_field['cf_type']);
        list(, , $storage_type) = $ob->get_field_value_row_bits($custom_field);
        $existing_field = !is_null($custom_fields) && array_key_exists($custom_field['id'], $custom_fields);
        if ($existing_field) {
            $value = mixed();
            $value = $custom_fields[$custom_field['id']];
            if (is_float($value)) {
                $value = float_to_raw_string($value, 10, true);
            } elseif (is_integer($value)) {
                $value = strval($value);
            }
            if (strpos($storage_type, '_trans') !== false) {
                $value = is_null($value) || $value == 0 ? '' : get_translated_text($value, $GLOBALS['FORUM_DB']);
            }
            if ($custom_field['cf_encrypted'] == 1 && is_encryption_enabled()) {
                $value = remove_magic_encryption_marker($value);
            }
        } else {
            $value = $custom_field['cf_default'];
        }
        $result = new ocp_tempcode();
        $_description = escape_html(get_translated_text($custom_field['cf_description'], $GLOBALS['FORUM_DB']));
        $field_cat = '';
        $matches = array();
        if (strpos($custom_field['trans_name'], ': ') !== false) {
            $field_cat = substr($custom_field['trans_name'], 0, strpos($custom_field['trans_name'], ': '));
            if ($field_cat . ': ' == $custom_field['trans_name']) {
                $custom_field['trans_name'] = $field_cat;
                // Just been pulled out as heading, nothing after ": "
            } else {
                $custom_field['trans_name'] = substr($custom_field['trans_name'], strpos($custom_field['trans_name'], ': ') + 2);
            }
        } elseif (preg_match('#(^\\([A-Z][^\\)]*\\) )|( \\([A-Z][^\\)]*\\)$)#', $custom_field['trans_name'], $matches) != 0) {
            $field_cat = trim($matches[0], '() ');
            $custom_field['trans_name'] = str_replace($matches[0], '', $custom_field['trans_name']);
        }
        $result = $ob->get_field_inputter($custom_field['trans_name'], $_description, $custom_field, $value, !$existing_field);
        if (!array_key_exists($field_cat, $field_groups)) {
            $field_groups[$field_cat] = new ocp_tempcode();
        }
        if (is_array($result)) {
            $field_groups[$field_cat]->attach($result[0]);
            $hidden->attach($result[1]);
        } else {
            $field_groups[$field_cat]->attach($result);
        }
        $hidden->attach(form_input_hidden('label_for__custom_' . strval($custom_field['id']) . '_value', $custom_field['trans_name']));
        //		}
    }
    if (array_key_exists('', $field_groups)) {
        $field_groups_blank = $field_groups[''];
        unset($field_groups['']);
        $field_groups = array_merge(array($field_groups_blank), $field_groups);
    }
    foreach ($field_groups as $field_group_title => $extra_fields) {
        if (is_integer($field_group_title)) {
            $field_group_title = $field_group_title == 0 ? '' : strval($field_group_title);
        }
        if ($field_group_title != '') {
            $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => $field_group_title)));
        }
        $fields->attach($extra_fields);
    }
    $GLOBALS['NO_DEBUG_MODE_FULLSTOP_CHECK'] = false;
    return array($fields, $hidden);
}