Beispiel #1
0
    Surfer::set_cookie('screening', $_SESSION['surfer_token']);
    // don't do that again
    unset($_SESSION['surfer_token']);
}
// retrieve session data, but not if run from the command line, and not from robot nor spider
if (isset($_SERVER['REMOTE_ADDR']) && !Surfer::is_crawler() && !headers_sent()) {
    // permanent identification has been selected
    if (isset($context['users_with_permanent_authentication']) && $context['users_with_permanent_authentication'] != 'N') {
        // use cookie to identify user -- user id, time of login, gmt offset, salt
        if (!Surfer::is_logged() && isset($_COOKIE['screening']) && ($nouns = explode('|', $_COOKIE['screening'], 4)) && count($nouns) == 4) {
            // get user by id
            if (!($user = Users::get($nouns[0]))) {
            } elseif (!isset($user['id']) || $user['id'] != $nouns[0]) {
            } elseif (!isset($user['handle']) || strcmp($nouns[3], md5($nouns[1] . '|' . $user['handle']))) {
            } else {
                Surfer::set($user, TRUE);
            }
        }
        // allow no more than one hour of inactivity
    } elseif (isset($_SESSION['watchdog']) && time() > $_SESSION['watchdog'] + 3600) {
        Surfer::reset();
    }
    // refresh the watchdog
    $_SESSION['watchdog'] = time();
    // bare server-side flash detection
    if (isset($_SERVER['HTTP_ACCEPT']) && preg_match('/application\\/x-shockwave-flash/i', $_SERVER['HTTP_ACCEPT'])) {
        $_SESSION['browser_has_flash'] = TRUE;
    }
}
// filter HTML tags of submitted material
if (@count($_REQUEST) && (!isset($context['allow_html_input']) || $context['allow_html_input'] != 'Y')) {
Beispiel #2
0
/**
 * dynamically generate the page
 *
 * @see skins/index.php
 */
function send_body()
{
    global $context, $action;
    // check that the user is an admin, but only if there is at least one user record
    $query = "SELECT count(*) FROM " . SQL::table_name('users');
    if (!Surfer::is_associate() && SQL::query($query) !== FALSE) {
        Safe::header('Status: 401 Unauthorized', TRUE, 401);
        echo '<p>' . i18n::s('You are not allowed to perform this operation.') . "</p>\n";
        return;
    }
    // log the current surfer as an associate if not yet the case
    if (!Surfer::is_associate()) {
        $fields = array();
        $fields['id'] = 1;
        $fields['nick_name'] = 'admin';
        $fields['email'] = '';
        $fields['capability'] = 'A';
        Surfer::set($fields);
        echo '<p>' . i18n::s('You have associate privilege') . '</p>';
    }
    // check every table of the database
    if ($action == 'build') {
        // maybe we will have to switch the server off
        $temporary_off = FALSE;
        // ensure nobody else will access the database during the operation
        if (file_exists('../parameters/switch.on')) {
            if (Safe::rename($context['path_to_root'] . 'parameters/switch.on', $context['path_to_root'] . 'parameters/switch.off')) {
                echo BR . i18n::s('The server has been switched off.');
                $temporary_off = TRUE;
            }
            // let concurrent on-going transactions finish properly
            Safe::sleep(3);
            // first installation
        } elseif (!file_exists('../parameters/switch.off')) {
            echo '<p>' . i18n::s('Review provided information and go to the bottom of the page to move forward.') . "</a></p>\n";
        }
        // ensure utf8 character set for this database
        $query = "ALTER DATABASE `" . $context['database'] . "`  DEFAULT CHARACTER SET utf8";
        SQL::query($query);
        // create tables for users
        echo Users::setup();
        // create tables for activities
        echo Activities::setup();
        // create tables for notifications
        include_once '../users/notifications.php';
        echo Notifications::setup();
        // create tables for messages
        echo Mailer::setup();
        // create tables for visits
        include_once '../users/visits.php';
        echo Visits::setup();
        // create tables for sections
        echo Sections::setup();
        // create tables for articles
        echo Articles::setup();
        // create tables for images
        include_once '../images/images.php';
        echo Images::setup();
        // create tables for tables
        include_once '../tables/tables.php';
        echo Tables::setup();
        // create tables for files
        echo Files::setup();
        // create tables for links
        include_once '../links/links.php';
        echo Links::setup();
        // create tables for locations
        include_once '../locations/locations.php';
        echo Locations::setup();
        // create tables for comments
        include_once '../comments/comments.php';
        echo Comments::setup();
        // create tables for categories
        echo Categories::setup();
        // create tables for members
        include_once '../shared/members.php';
        echo Members::setup();
        // create tables for dates
        include_once '../dates/dates.php';
        echo Dates::setup();
        // create tables for servers
        include_once '../servers/servers.php';
        echo Servers::setup();
        // create tables for versions
        include_once '../versions/versions.php';
        echo Versions::setup();
        // create tables for enrolments
        include_once '../shared/enrolments.php';
        echo Enrolments::setup();
        // create tables for values
        include_once '../shared/values.php';
        echo Values::setup();
        // create tables for the cache
        echo Cache::setup();
        // create tables for the php documentation
        include_once '../scripts/phpdoc.php';
        echo PhpDoc::setup();
        // the setup hook
        if (is_callable(array('Hooks', 'include_scripts'))) {
            echo Hooks::include_scripts('control/setup.php');
        }
        // reopen the server for others
        if ($temporary_off && Safe::rename($context['path_to_root'] . 'parameters/switch.off', $context['path_to_root'] . 'parameters/switch.on')) {
            echo '<p>' . i18n::s('The server has been switched on.') . '</p>';
        }
        // in the middle of an update
        if (file_exists('../parameters/switch.off')) {
            echo Skin::build_block('<form method="get" action="../scripts/run_once.php">' . "\n" . '<p class="assistant_bar">' . Skin::build_submit_button(i18n::s('Run one-time scripts and go to the Control Panel')) . '</p>' . "\n" . '</form>', 'bottom');
            // this may take several minutes
            echo '<p>' . i18n::s('When you will click on the button the server will be immediately requested to proceed. However, because of the so many things to do on the back-end, you may have to wait for minutes before getting a response displayed. Thank you for your patience.') . '</p>';
            // populate the database on first installation
        } elseif (!file_exists('../parameters/switch.on')) {
            echo Skin::build_block('<form method="get" action="populate.php">' . "\n" . '<p class="assistant_bar">' . Skin::build_submit_button(i18n::s('Initialize the database')) . '</p>' . "\n" . '</form>', 'bottom');
            // or back to the control panel
        } else {
            $menu = array('control/' => i18n::s('Control Panel'));
            echo Skin::build_list($menu, 'menu_bar');
        }
        // clear the cache
        Cache::clear();
        // remember the change
        $label = i18n::c('The database has been optimised');
        Logger::remember('control/setup.php: ' . $label);
        // ask for confirmation
    } else {
        // the splash message
        echo '<p>' . i18n::s('This script will check the structure of the database and optimize data storage:') . '</p>' . "\n" . '<ul>' . "\n" . '<li>' . i18n::s('Missing tables will be created, if necessary.') . '</li>' . "\n" . '<li>' . i18n::s('Some columns may be created or converted if their type has evolved.') . '</li>' . "\n" . '<li>' . i18n::s('All indexes will be (re)built.') . '</li>' . "\n" . '<li>' . i18n::s('Data files will be optimized as well.') . '</li>' . "\n" . '</ul>' . "\n";
        // the submit button
        echo '<form method="post" action="' . $context['script_url'] . '" id="main_form"><p>' . Skin::build_submit_button(i18n::s('Ensure the database structure is accurate'), NULL, NULL, 'confirmed') . '<input type="hidden" name="action" value="build" />' . '</p></form>';
        // the script used for form handling at the browser
        Page::insert_script('$("#confirmed").focus();');
        // this may take several minutes
        echo '<p>' . i18n::s('When you will click on the button the server will be immediately requested to proceed. However, because of the so many things to do on the back-end, you may have to wait for minutes before getting a response displayed. Thank you for your patience.') . '</p>';
    }
}
Beispiel #3
0
$context['page_title'] = i18n::s('Validate your e-mail address');
// stop crawlers
if (Surfer::is_crawler()) {
    Safe::header('Status: 401 Unauthorized', TRUE, 401);
    Logger::error(i18n::s('You are not allowed to perform this operation.'));
    // not found
} elseif (!isset($item['id'])) {
    include '../error.php';
    // bad handle
} elseif ($id != $item['handle']) {
    include '../error.php';
} elseif (Users::validate($item['id'])) {
    // congratulations
    $context['text'] .= sprintf(i18n::s('<p>%s,</p><p>Your e-mail address has been validated, and you are now an active member of this community.</p>'), ucfirst($item['nick_name']));
    // set permanent name shown from top level
    Safe::setcookie('surfer_name', $item['nick_name'], time() + 60 * 60 * 24 * 500, '/');
    // save surfer profile in session context
    Surfer::set($item);
    // follow-up commands
    $follow_up = i18n::s('Where do you want to go now?');
    $menu = array();
    $menu = array_merge($menu, array(Users::get_permalink($item) => i18n::s('My profile')));
    $menu = array_merge($menu, array($context['url_to_root'] => i18n::s('Front page')));
    $follow_up .= Skin::build_list($menu, 'menu_bar');
    $context['text'] .= Skin::build_block($follow_up, 'bottom');
    // failed operation
} else {
    $context['text'] .= '<p>' . i18n::s('Your e-mail address has not been validated.') . "</p>\n";
}
// render the skin
render_skin();
Beispiel #4
0
if (!defined('BR')) {
    define('BR', '<br>');
}
if (!defined('EOT')) {
    define('EOT', '>');
}
// if no configuration file or if no database
if (!file_exists('../parameters/control.include.php') || !isset($context['connection']) || !$context['connection']) {
    // consider the current surfer as an associate, but only on first installation
    if (!Surfer::is_associate() && !file_exists('../parameters/switch.on') && !file_exists('../parameters/switch.off')) {
        $fields = array();
        $fields['id'] = 1;
        $fields['nick_name'] = 'admin';
        $fields['email'] = '';
        $fields['capability'] = 'A';
        Surfer::set($fields);
        Logger::error(i18n::s('You are considered temporarily as an associate, with specific rights on this server. Please do not close your browser until the end of the configuration.'));
    }
}
// the path to this page
$context['path_bar'] = array('control/' => i18n::s('Control Panel'));
// the title of the page
$context['page_title'] = sprintf(i18n::s('%s: %s'), i18n::s('Configure'), i18n::s('System parameters'));
// ensure we have an associate
if (!Surfer::is_associate()) {
    Safe::header('Status: 401 Unauthorized', TRUE, 401);
    Logger::error(i18n::s('You are not allowed to perform this operation.'));
    // forward to the control panel
    $menu = array('control/' => i18n::s('Control Panel'));
    $context['text'] .= Skin::build_list($menu, 'menu_bar');
    // nothing more in demo mode
Beispiel #5
0
 * @author Christophe Battarel [email]christophe.battarel@altairis.fr[/email]
 * @tester Ghjmora
 * @tester GnapZ
 * @tester Cyandrea
 * @tester Lucrecius
 * @reference
 * @license http://www.gnu.org/copyleft/lesser.txt GNU Lesser General Public License
 */
// common definitions and initial processing
include_once '../shared/global.php';
include_once 'links.php';
// allow for direct login
if (isset($_REQUEST['account']) && isset($_REQUEST['password'])) {
    // authenticate the surfer and start a session
    if ($user = Users::login($_REQUEST['account'], $_REQUEST['password'])) {
        Surfer::set($user);
    }
}
// look for the id
$id = NULL;
if (isset($_REQUEST['id'])) {
    $id = $_REQUEST['id'];
} elseif (isset($context['arguments'][0]) && !isset($context['arguments'][1])) {
    $id = $context['arguments'][0];
}
$id = strip_tags($id);
// get the item from the database
$item = Links::get($id);
// get the related anchor, if any
$anchor = NULL;
if (isset($_REQUEST['anchor'])) {
Beispiel #6
0
 /**
  * put an updated user profile in the database
  *
  * If present, only the password is changed. Or other fields except the password are modified.
  *
  * To change a password, set fields 'id', 'password' and 'confirm'
  *
  * @param array an array of fields
  * @return TRUE on success, FALSE otherwise
  *
  * @see users/edit.php
  * @see users/password.php
  * @see users/select_avatar.php
  **/
 public static function put(&$fields)
 {
     global $context;
     // load the record
     $item = Users::get($fields['id']);
     if (!isset($item['id']) || !$item['id']) {
         Logger::error(i18n::s('No item has the provided id.'));
         return FALSE;
     }
     // remember who is changing this record
     Surfer::check_default_editor($fields);
     // if a password change
     if (isset($fields['password'])) {
         // ensure that the password has been provided twice
         if (!isset($fields['confirm']) || $fields['confirm'] != $fields['password']) {
             Logger::error(i18n::s('New password has to be confirmed.'));
             return FALSE;
         }
         // hash password, we are coming from an interactive form
         $fields['password'] = md5($fields['password']);
         // else if a regular profile update
     } else {
         // nick_name is required
         if (!isset($fields['nick_name']) || !trim($fields['nick_name'])) {
             Logger::error(i18n::s('Please indicate a nick name.'));
             return FALSE;
         }
         // some weird users put spaces around
         $fields['nick_name'] = trim($fields['nick_name']);
         // nick_name may be already used
         if (($used = Users::get($fields['nick_name'])) && $used['id'] != $fields['id']) {
             Logger::error(i18n::s('Another member already has this nick name. Please select a different one.'));
             return FALSE;
         }
         // ensure we have a full name
         if (!isset($fields['full_name']) || !trim($fields['full_name'])) {
             $fields['full_name'] = $fields['nick_name'];
         }
         // protect from hackers
         if (isset($fields['avatar_url'])) {
             $fields['avatar_url'] = encode_link($fields['avatar_url']);
         }
         // set default values
         if (!isset($fields['active']) || !$fields['active']) {
             $fields['active'] = 'Y';
         }
         if (isset($fields['selected_editor'])) {
             $fields['editor'] = $fields['selected_editor'];
         } elseif (isset($context['users_default_editor'])) {
             $fields['editor'] = $context['users_default_editor'];
         } else {
             $fields['editor'] = 'yacs';
         }
         if (!isset($fields['interface']) || $fields['interface'] != 'C') {
             $fields['interface'] = 'I';
         }
         if (!isset($fields['with_newsletters']) || $fields['with_newsletters'] != 'Y') {
             $fields['with_newsletters'] = 'N';
         }
         if (!isset($fields['without_alerts']) || $fields['without_alerts'] != 'N') {
             $fields['without_alerts'] = 'Y';
         }
         if (!isset($fields['without_confirmations']) || $fields['without_confirmations'] != 'N') {
             $fields['without_confirmations'] = 'Y';
         }
         if (!isset($fields['without_messages']) || $fields['without_messages'] != 'N') {
             $fields['without_messages'] = 'Y';
         }
         if (!isset($fields['birth_date']) || !$fields['birth_date']) {
             $fields['birth_date'] = NULL_DATE;
         }
         // clean provided tags
         if (isset($fields['tags'])) {
             $fields['tags'] = trim($fields['tags'], " \t.:,!?");
         }
         // save new settings in session and in cookie
         if (Surfer::is($fields['id'])) {
             // change preferred editor
             $_SESSION['surfer_editor'] = $fields['editor'];
             Safe::setcookie('surfer_editor', $fields['editor'], NULL, '/');
             // change preferred language
             if (isset($fields['language']) && $_SESSION['surfer_language'] != $fields['language']) {
                 $_SESSION['surfer_language'] = $fields['language'];
                 $_SESSION['l10n_modules'] = array();
             }
         }
     }
     // update an existing record
     $query = "UPDATE " . SQL::table_name('users') . " SET ";
     // change only the password
     if (isset($fields['password'])) {
         $query .= "password='******'password']) . "'";
     } else {
         $query .= "email='" . SQL::escape(isset($fields['email']) ? $fields['email'] : '') . "', " . "aim_address='" . SQL::escape(isset($fields['aim_address']) ? $fields['aim_address'] : '') . "', " . "alternate_number='" . SQL::escape(isset($fields['alternate_number']) ? $fields['alternate_number'] : '') . "', " . "avatar_url='" . SQL::escape(isset($fields['avatar_url']) ? $fields['avatar_url'] : '') . "', " . "birth_date='" . SQL::escape($fields['birth_date']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "editor='" . SQL::escape($fields['editor']) . "', " . "from_where='" . SQL::escape(isset($fields['from_where']) ? $fields['from_where'] : '') . "', " . "full_name='" . SQL::escape(isset($fields['full_name']) ? $fields['full_name'] : '') . "', " . "icq_address='" . SQL::escape(isset($fields['icq_address']) ? $fields['icq_address'] : '') . "', " . "interface='" . SQL::escape($fields['interface']) . "', " . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "', " . "irc_address='" . SQL::escape(isset($fields['irc_address']) ? $fields['irc_address'] : '') . "', " . "jabber_address='" . SQL::escape(isset($fields['jabber_address']) ? $fields['jabber_address'] : '') . "', " . "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : 'none') . "', " . "msn_address='" . SQL::escape(isset($fields['msn_address']) ? $fields['msn_address'] : '') . "', " . "nick_name='" . SQL::escape($fields['nick_name']) . "', " . "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "', " . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "pgp_key='" . SQL::escape(isset($fields['pgp_key']) ? $fields['pgp_key'] : '') . "', " . "phone_number='" . SQL::escape(isset($fields['phone_number']) ? $fields['phone_number'] : '') . "', " . "signature='" . SQL::escape(isset($fields['signature']) ? $fields['signature'] : '') . "', " . "skype_address='" . SQL::escape(isset($fields['skype_address']) ? $fields['skype_address'] : '') . "', " . "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "', " . "twitter_address='" . SQL::escape(isset($fields['twitter_address']) ? $fields['twitter_address'] : '') . "', " . "vcard_agent='" . SQL::escape(isset($fields['vcard_agent']) ? $fields['vcard_agent'] : '') . "', " . "vcard_label='" . SQL::escape(isset($fields['vcard_label']) ? $fields['vcard_label'] : '') . "', " . "vcard_organization='" . SQL::escape(isset($fields['vcard_organization']) ? $fields['vcard_organization'] : '') . "', " . "vcard_title='" . SQL::escape(isset($fields['vcard_title']) ? $fields['vcard_title'] : '') . "', " . "web_address='" . SQL::escape(isset($fields['web_address']) ? $fields['web_address'] : '') . "', " . "with_newsletters='" . $fields['with_newsletters'] . "', " . "without_alerts='" . $fields['without_alerts'] . "', " . "without_confirmations='" . $fields['without_confirmations'] . "', " . "without_messages='" . $fields['without_messages'] . "', " . "yahoo_address='" . SQL::escape(isset($fields['yahoo_address']) ? $fields['yahoo_address'] : '') . "'";
         // fields set only by associates -- see users/edit.php
         if (Surfer::is_associate()) {
             $query .= ", " . "capability='" . SQL::escape($fields['capability']) . "', " . "active='" . SQL::escape($fields['active']) . "'";
         }
     }
     // maybe a silent update
     if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
         $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='user:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
     }
     // actual update query
     $query .= " WHERE id = " . SQL::escape($item['id']);
     SQL::query($query, FALSE, $context['users_connection']);
     // list the user in categories
     if (isset($fields['tags']) && $fields['tags']) {
         Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']);
     }
     // clear all the cache on profile update, because of avatars, etc.
     $fields['id'] = $item['id'];
     Users::clear($fields);
     // send a confirmation message on password change
     if (isset($context['with_email']) && $context['with_email'] == 'Y' && isset($fields['confirm']) && $item['email'] && $item['without_confirmations'] != 'Y') {
         // message title
         $subject = sprintf(i18n::s('Your account at %s'), strip_tags($context['site_name']));
         // message body
         $message = '<p>' . sprintf(i18n::s('This message has been automatically sent to you to confirm a change of your profile at %s.'), '<a href="' . $context['url_to_master'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Your nick name is %s'), $item['nick_name']) . BR . sprintf(i18n::s('Authenticate with password %s'), $fields['confirm']) . '</p>' . '<p>' . sprintf(i18n::s('On-line help is available at %s'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '">' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Thank you for your interest into %s.'), '<a href="' . $context['url_to_master'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>';
         // enable threading
         $headers = Mailer::set_thread('user:'******'id']);
         // post the confirmation message
         Mailer::notify(NULL, $item['email'], $subject, $message, $headers);
     }
     // update user session
     if (isset($fields['nick_name']) && Surfer::get_id() && $fields['id'] == Surfer::get_id() && is_callable(array('Surfer', 'set'))) {
         Surfer::set($fields);
     }
     // end of job
     return TRUE;
 }