function __construct($cb, $page_id, $title, $page_template = "homepage_pa.tpl", $header_template = "header.tpl", $default_mode = PRI, $default_block_type = HOMEPAGE, $network_info_ = NULL, $onload = NULL, $setting_data = NULL) { global $app, $page; if (PA::$profiler) { PA::$profiler->startTimer('PageRenderer_init'); } // we may want to know the page_tpe elsewhere too PA::$config->page_type = $page_id; // NOTE: PA::$config->page_type var = $page_id and should be removed! $this->page_id = $page_id; $this->debugging = isset($_GET['debug']); $this->page_template = $page_template; $this->top_navigation_template = 'top_navigation_bar.tpl'; //TO DO: Remove this hardcoded text afterwards $this->header_template = $header_template; //settings for current network $this->network_info = $network_info_ ? $network_info_ : PA::$network_info; //FIXME: does this have to be a parameter? can't we just always use the global PA::$network_info? $this->module_arrays = array(); // the function hide_message_window is added here // so whenever html page is loaded the message window's ok button gets focus // here if previouly some function is defined as // onload = "ajax_call_method(ajax_titles, $uid, ajax_urls);" // now it will look like // onload = "ajax_call_method(ajax_titles, $uid, ajax_urls); hide_message_window();" $this->onload = "{$onload} hide_message_window('confirm_btn');"; $this->page_title = $title; $this->html_body_attributes = ""; // default settings for the tiers $this->main_tier = @$_GET['tier_one']; $this->second_tier = @$_GET['tier_two']; $this->third_tier = @$_GET['tier_three']; $navigation = new Navigation(); $this->navigation_links = $navigation->get_links(); $this->message_count = null; if (!isset(PA::$login_uid)) { PA::$login_uid = @$_SESSION['user']['id']; } if (PA::$login_uid) { $this->message_count = Message::get_new_msg_count(PA::$login_uid); } if (!isset($dynamic_page)) { $dynamic_page = new DynamicPage($this->page_id); if (!is_object($dynamic_page) or !$dynamic_page->docLoaded) { throw new Exception("Page XML config file for page ID: {$page_id} - not found!"); } $dynamic_page->initialize(); } if (false !== strpos($dynamic_page->page_type, 'group') && (!empty($_REQUEST['gid']) || !empty($_REQUEST['ccid']))) { // page is a group page - get group module settings $_gr_id = !empty($_REQUEST['gid']) ? $_REQUEST['gid'] : $_REQUEST['ccid']; $this->setting_data = ModuleSetting::load_setting($this->page_id, $_gr_id, 'group'); $this->page_template = $this->setting_data['page_template']; if (empty($this->setting_data['access_permission'])) { // no permissions required to access page $access_permission = true; } else { $access_permission = PermissionsHandler::can_group_user(PA::$login_uid, $_gr_id, array('permissions' => $this->setting_data['access_permission'])); } } else { if (false !== strpos($dynamic_page->page_type, 'user') && !empty(PA::$login_uid)) { // page is an user page - get user module settings // echo "POSTING TO USER PAGE"; die(); $this->setting_data = ModuleSetting::load_setting($this->page_id, PA::$login_uid, 'user'); $this->page_template = $this->setting_data['page_template']; if (empty($this->setting_data['access_permission'])) { // no permissions required to access page $access_permission = true; } else { $access_permission = PermissionsHandler::can_user(PA::$login_uid, array('permissions' => $this->setting_data['access_permission'])); } } else { // page is a network page - get network module settings $this->setting_data = ModuleSetting::load_setting($this->page_id, PA::$network_info->network_id, 'network'); $this->page_template = $this->setting_data['page_template']; if (empty($this->setting_data['access_permission'])) { // no permissions required to access page $access_permission = true; } else { $access_permission = PermissionsHandler::can_network_user(PA::$login_uid, PA::$network_info->network_id, array('permissions' => $this->setting_data['access_permission'])); } } } $this->page = new Template(CURRENT_THEME_FSPATH . "/" . $this->page_template); $this->page->set('current_theme_path', PA::$theme_url); $this->page->set('current_theme_rel_path', PA::$theme_rel); // Loading the templates variables for the Outer templates files $this->page->set('outer_class', get_class_name(PA::$config->page_type)); $this->top_navigation_bar = new Template(CURRENT_THEME_FSPATH . "/" . $this->top_navigation_template); $this->top_navigation_bar->set('current_theme_path', PA::$theme_url); $this->top_navigation_bar->set('current_theme_rel_path', PA::$theme_rel); $this->top_navigation_bar->set('navigation_links', $this->navigation_links); $this->setHeader($this->header_template); $this->footer = new Template(CURRENT_THEME_FSPATH . "/footer.tpl"); $this->footer->set('current_theme_path', PA::$theme_url); $this->footer->set('page_name', $title); $page = $this; $this->preInitialize($this->setting_data); $this->initNew($cb, $default_mode, $default_block_type, $this->setting_data); if (!$access_permission) { $configure = unserialize(ModuleData::get('configure')); if (PA::logged_in()) { $redir_url = PA::$url . PA_ROUTE_USER_PRIVATE; } else { if (!isset($configure['show_splash_page']) || $configure['show_splash_page'] == INACTIVE) { $redir_url = PA::$url . '/' . FILE_LOGIN; } else { $redir_url = PA::$url; } } $er_msg = urlencode("Sorry! you are not authorized to to access this page."); $this->showDialog($er_msg, $type = 'error', $redir_url, 10); } if (PA::$profiler) { PA::$profiler->stopTimer('PageRenderer_init'); } }
public function getCurrentUser() { global $page_uid, $page_user, $login_uid, $login_name, $login_user; require_once "api/User/User.php"; session_start(); PA::$login_uid = NULL; PA::$login_user = NULL; $login_uid = NULL; $login_name = NULL; $login_user = NULL; $this->CurrUser = isset($_SESSION['user']) ? $_SESSION['user'] : null; // Check if an authToken variable in GET and use it if available $authToken = isset($_GET['authToken']) ? $_GET['authToken'] : null; if ($authToken) { try { $user = new User(); $user = $this->getUserFromAuthToken($authToken); if ($user && $user->user_id) { // User is valid so log_in the user // Since we know that AuthToken was passed into the URL, we can assume this // user was redirected here from a partner web site. We need to log in the user // as if they logged in through the normal PeopleAggregator login form: // (ie. set all session variables just as if dologin.php was called). $referer = "external site"; if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; } $pal = new PA_Login(); $pal->log_in($user->user_id, false, $referer); // Set authToken as a session variable so that it can be accessed anywhere $_SESSION['authToken'] = $authToken; } } catch (Exception $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED, USER_TOKEN_INVALID, USER_TOKEN_EXPIRED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } } if ($this->CurrUser) { try { $user = new User(); $user->load((int) $this->CurrUser['id'], "user_id", TRUE); } catch (Exception $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } } if (isset($user) && $user) { // if the user variable is set if ($user->user_id) { $login_name = $this->CurrUser['name']; PA::$login_user = $login_user = $user; PA::$login_uid = $login_uid = $user->user_id; } if (PA::$login_uid) { PA::$login_user->update_user_time_spent(); User::track_status(PA::$login_uid); } } // If a user is specified on the query string as an ID (uid=123) or // login name (login=phil), validate the id/name and load the user // object. if (!empty($_GET['uid'])) { $page_uid = PA::$page_uid = (int) $_GET['uid']; $page_user = PA::$page_user = new User(); PA::$page_user->load(PA::$page_uid); } else { if (!empty($_GET['login'])) { $page_user = PA::$page_user = new User(); if (is_numeric($_GET['login'])) { PA::$page_user->load((int) $_GET['login']); } else { PA::$page_user->load($_GET['login']); } $page_uid = PA::$page_uid = PA::$page_user->user_id; } else { $page_uid = PA::$page_uid = $page_user = PA::$page_user = NULL; } } // Copy PA::$page_* into PA::$* if present, otherwise use PA::$login_*. if (PA::$page_uid) { $uid = PA::$uid = PA::$page_uid; $user = PA::$user = PA::$page_user; } else { $uid = PA::$uid = PA::$login_uid; $user = PA::$user = PA::$login_user; } session_commit(); }
function handle_request() { $json = new Services_JSON(); try { global $_PA, $HTTP_RAW_POST_DATA; if (!@$_PA->enable_widgetization_server) { $this->fail("Widget server is not enabled; you must set \$_PA->enable_widgetization_server = TRUE in local_config.php."); } if ($_SERVER['REQUEST_METHOD'] != 'POST') { $this->fail("This URL handles POST requests only"); } if ($_SERVER['CONTENT_TYPE'] != 'application/x-javascript') { $this->fail("Content-Type of application/x-javascript required"); } // Parse input $request = $json->decode($HTTP_RAW_POST_DATA); if ($request == NULL) { $this->fail("Null request"); } if (@$_PA->log_widget_requests) { Logger::log("WidgetServer::handle_request(): request={$HTTP_RAW_POST_DATA}", LOGGER_ACTION); } $this->global = $request->global; // This should probably be in config.inc. For the moment // we figure out the network based on the URL, as with the // rest of the system. PA::$network_info = get_network_info(); $lang = "english"; if (!empty($this->global->language)) { switch ($this->global->language) { case 'en': break; case 'fr': $lang = "french"; break; default: $this->fail("Unknown language: {$this->global}->language"); } } PA::load_language($lang); // Create items as required if (!empty($this->global->items)) { foreach ($this->global->items as $item) { $item_params = array(); foreach ($item as $k => $v) { $item_params[$k] = $v; } Item::sync($item_params); // create or update row in 'items' database table } } // Set up globals - network, user etc if (!empty($this->global->user)) { $user_info = array("user_id" => $this->global->user->id, "login_name" => $this->global->user->login, "email" => $this->global->user->email, "first_name" => $this->global->user->first_name, "last_name" => $this->global->user->last_name, "url" => $this->global->user->url, "thumbnail_url" => $this->global->user->thumbnail_url); // load (and sync!) or create a shadow user for the current remote user PA::$login_user = new ShadowUser($this->global->user->namespace); if (!PA::$login_user->load($user_info)) { // we haven't seen this remote user before - create account PA::$login_user = ShadowUser::create($this->global->user->namespace, $user_info, PA::$network_info); //FIXME: need to define what remote urls mean. in this case "url" should be used instead of /users/$login_name when generating internal urls, so it should go in a global profile block rather than something specific to the remote site. PA::$login_user->set_profile_field($this->global->user->namespace, "url", $this->global->user->url); } PA::$login_uid = PA::$login_user->user_id; } // Render modules $modules = array(); foreach ($request->modules as $req_module) { $module = array(); $module['id'] = $req_module->id; $module['name'] = $name = $req_module->name; $params = array(); foreach ($req_module->params as $k => $v) { $params[$k] = $v; } // clean up URLs that may have the port 80 specified // this would lead to cross server AJAX problems in safari etc // although we are actually on the same server // domain.tld:80/file/ and domain.tld/file/ foreach (array('get_url', 'ajax_url', 'post_url') as $i => $url) { $req_module->{$url} = preg_replace('|:80/*|', '/', $req_module->{$url}); } // dispatch module ob_start(); $module['html'] = $this->render_module($req_module->method, $req_module->name, $req_module->args, $params, $req_module->get_url, $req_module->ajax_url, $req_module->post_url, $req_module->param_prefix); // prefix for input parameters and textareas $errors = ob_get_contents(); ob_end_clean(); if (!empty($errors)) { $module['errors'] = $errors; } $modules[] = $module; } $response = array('modules' => $modules); header("Content-Type: application/x-javascript"); echo $json->encode($response); } catch (WidgetException $e) { echo $json->encode(array("error" => $e->getMessage())); } }
$login_uid = PA::$login_uid = @$_SESSION['user']['id']; $login_name = @$_SESSION['user']['name']; if (!$login_uid) { $login_user = PA::$login_user = NULL; } else { $login_user = PA::$login_user = new User(); try { PA::$login_user->load((int) $login_uid, 'user_id', TRUE); } catch (CNException $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } // update tracking stuff if (PA::$login_uid) { PA::$login_user->update_user_time_spent(); User::track_status(PA::$login_uid); } } // If a user is specified on the query string as an ID (uid=123) or // login name (login=phil), validate the id/name and load the user // object. if (!empty($_GET['uid'])) { $page_uid = PA::$page_uid = (int) $_GET['uid']; $page_user = PA::$page_user = new User(); PA::$page_user->load(PA::$page_uid); } elseif (!empty($_GET['login'])) {
$redirect_url = PA_ROUTE_GROUP . "/gid={$gid}&action=join&GInvID={$group_invitation_id}"; } else { //else redirect registered user to its page. $redirect_url = PA_ROUTE_USER_PRIVATE . '/' . "msg_id=7014"; } // end of if group invitation is valid } else { $redirect_url = PA_ROUTE_USER_PRIVATE . '/' . "msg_id=7014"; } } header("Location: " . PA::$url . $redirect_url); exit; } else { register_session($newuser->login_name, $newuser->user_id, $newuser->role, $newuser->first_name, $newuser->last_name, $newuser->email, $newuser->picture); PA::$login_user = $newuser; PA::$login_uid = $newuser->user_id; if (isset($_GET['gid'])) { //if gid is available, redirect to group home page header("Location: " . PA::$url . PA_ROUTE_GROUP . "/gid=" . $_GET['gid']); exit; } if (isset($_GET['aid'])) { //if gid is available, redirect to group home page header("Location: " . PA::$url . "/network_announcement.php?aid=" . $_GET['aid']); exit; } if (isset($user->user_id)) { //if uid is set, then look for action if (isset($_GET['action']) && $_GET['action'] == 'user') { //redirect user to user's private page header("Location: " . PA::$url . PA_ROUTE_USER_PUBLIC . '/' . $user->user_id);
function peopleaggregator_logout($args) { session_start(); $token = $args['authToken']; $user = User::from_auth_token($token); if ($user) { PA::$login_uid = $user->user_id; // destroy the login cookie PA_Login::log_out(); } // invalidate the cache for user profile $file = PA::$theme_url . "/user_profile.tpl?uid=" . PA::$login_uid; CachedTemplate::invalidate_cache($file); // kill the session $_SESSION = array(); session_destroy(); session_start(); return array('success' => TRUE); }
function handle_request() { $json = new Services_JSON(); try { global $HTTP_RAW_POST_DATA; if (!@PA::$config->enable_widgetization_server) { $this->fail("Widget server is not enabled; you must set \\PA::{$config->enable_widgetization_server} = TRUE in local_config.php."); } if ($_SERVER['REQUEST_METHOD'] != 'POST') { $this->fail("This URL handles POST requests only"); } if ($_SERVER['CONTENT_TYPE'] != 'application/x-javascript') { $this->fail("Content-Type of application/x-javascript required"); } // Parse input $request = $json->decode($HTTP_RAW_POST_DATA); if ($request == NULL) { $this->fail("Null request"); } $this->global = $request->global; // Set up globals - network, user etc if (!empty($this->global->user)) { PA::$login_user = new ShadowUser($this->global->namespace); // see if we can load it already if (!PA::$login_user->load($this->global->user->user_id)) { // wasn't here before, so we create a shadow account PA::$login_user = ShadowUser::create($this->global->namespace, $this->global->user, PA::$network_info); } PA::$login_uid = PA::$login_user->user_id; } // This should probably be in config.inc. For the moment // we figure out the network based on the URL, as with the // rest of the system. PA::$network_info = get_network_info(); // Render modules $modules = array(); foreach ($request->modules as $req_module) { $module = array(); $module['id'] = $req_module->id; $module['name'] = $name = $req_module->name; $params = array(); foreach ($req_module->params as $k => $v) { $params[$k] = $v; } // dispatch module ob_start(); $module['html'] = $this->render_module($req_module->method, $req_module->name, $req_module->args, $params, $req_module->post_url, $req_module->param_prefix); // prefix for input parameters and textareas $errors = ob_get_contents(); ob_end_clean(); if (!empty($errors)) { $module['errors'] = $errors; } $modules[] = $module; } $response = array('modules' => $modules); header("Content-Type: application/x-javascript"); echo $json->encode($response); } catch (WidgetException $e) { echo $json->encode(array("error" => $e->getMessage())); } }