/** @var $signedIn bool */ if (!POST_REQUEST) { CoreUtils::notFound(); } if (preg_match(new RegExp('^reload-(request|reservation)/(\\d+)$'), $data, $_match)) { $thing = $_match[1]; $Post = $Database->where('id', $_match[2])->getOne("{$thing}s"); if (empty($Post)) { Response::fail("The specified {$thing} does not exist"); } Response::done(array('li' => Posts::getLi($Post, isset($_POST['FROM_PROFILE']), true))); } if (!$signedIn) { Response::fail(); } CSRFProtection::protect(); $_match = array(); if (preg_match(new RegExp('^([gs]et)-(request|reservation)/(\\d+)$'), $data, $_match)) { $thing = $_match[2]; /** @var $Post Request|Reservation */ $Post = $Database->where('id', $_match[3])->getOne("{$thing}s"); if (empty($Post)) { Response::fail("The specified {$thing} does not exist"); } if (!(Permission::sufficient('staff') || $thing === 'request' && empty($Post->reserved_by) && $Post->requested_by === $currentUser->id)) { Response::fail(); } if ($_match[1] === 'get') { $response = array('label' => $Post->label); if ($thing === 'request') { $response['type'] = $Post->type;
/** * Page loading function * --------------------- * $options = array( * 'title' => string, - Page title * 'no-robots', - Disable crawlers (that respect meta tags) * 'no-default-css', - Disable loading of default CSS files * 'no-default-js' - Disable loading of default JS files * 'css' => string|array, - Specify a single/multiple CSS files to load * 'js' => string|array, - Specify a single/multiple JS files to load * 'view' => string, - Which view file to open (defaults to $do) * 'do-css', - Load the CSS file whose name matches $do * 'do-js', - Load the JS file whose name matches $do * 'url' => string, - A URL which will replace the one sent to the browser * ); * * @param array $options */ static function loadPage($options) { // Page <title> if (isset($options['title'])) { $GLOBALS['title'] = $options['title']; } // Page heading if (isset($options['heading'])) { $GLOBALS['heading'] = $options['heading']; } // SE crawling disable if (in_array('no-robots', $options)) { $norobots = true; } // Set new URL option if (!empty($options['url'])) { $redirectto = $options['url']; } # CSS $DEFAULT_CSS = array('theme'); $customCSS = array(); // Only add defaults when needed if (array_search('no-default-css', $options) === false) { $customCSS = array_merge($customCSS, $DEFAULT_CSS); } # JavaScript $DEFAULT_JS = array('moment', 'global', 'dialog'); $customJS = array(); // Only add defaults when needed if (array_search('no-default-js', $options) === false) { $customJS = array_merge($customJS, $DEFAULT_JS); } # Check assests self::_checkAssets($options, $customCSS, 'scss/min', 'css'); self::_checkAssets($options, $customJS, 'js/min', 'js'); # Import global variables foreach ($GLOBALS as $k => $v) { if (!isset(${$k})) { ${$k} = $v; } } # Putting it together $view = empty($options['view']) ? $GLOBALS['do'] : $options['view']; $viewPath = INCPATH . "views/{$view}.php"; header('Content-Type: text/html; charset=utf-8;'); if (empty($_GET['via-js'])) { ob_start(); require INCPATH . 'views/header.php'; require $viewPath; require INCPATH . 'views/footer.php'; $content = ob_get_clean(); echo self::_clearIndentation($content); die; } else { $_SERVER['REQUEST_URI'] = rtrim(str_replace('via-js=true', '', CSRFProtection::removeParamFromURL($_SERVER['REQUEST_URI'])), '?&'); ob_start(); require INCPATH . 'views/sidebar.php'; $sidebar = ob_get_clean(); ob_start(); require $viewPath; $content = ob_get_clean(); Response::done(array('css' => $customCSS, 'js' => $customJS, 'title' => (isset($GLOBALS['title']) ? $GLOBALS['title'] . ' - ' : '') . SITE_TITLE, 'content' => self::_clearIndentation($content), 'sidebar' => self::_clearIndentation($sidebar), 'footer' => CoreUtils::getFooter(WITH_GIT_INFO), 'avatar' => $GLOBALS['signedIn'] ? $GLOBALS['currentUser']->avatar_url : GUEST_AVATAR, 'responseURL' => $_SERVER['REQUEST_URI'], 'signedIn' => $GLOBALS['signedIn'])); } }
/** * Check authentication cookie and set global */ static function authenticate() { global $Database, $signedIn, $currentUser, $Color, $color; CSRFProtection::detect(); if (!POST_REQUEST && isset($_GET['CSRF_TOKEN'])) { HTTP::redirect(CSRFProtection::removeParamFromURL($_SERVER['REQUEST_URI'])); } if (!Cookie::exists('access')) { return; } $authKey = Cookie::get('access'); if (!empty($authKey)) { if (!preg_match(new RegExp('^[a-f\\d]+$', 'iu'), $authKey)) { $oldAuthKey = $authKey; $authKey = bin2hex($authKey); $Database->where('token', sha1($oldAuthKey))->update('sessions', array('token' => sha1($authKey))); Cookie::set('access', $authKey, time() + Time::$IN_SECONDS['year'], Cookie::HTTPONLY); } $currentUser = Users::get(sha1($authKey), 'token'); } if (!empty($currentUser)) { if ($currentUser->role === 'ban') { $Database->where('id', $currentUser->id)->delete('sessions'); } else { if (strtotime($currentUser->Session['expires']) < time()) { $tokenvalid = false; try { DeviantArt::getToken($currentUser->Session['refresh'], 'refresh_token'); $tokenvalid = true; } catch (CURLRequestException $e) { $Database->where('id', $currentUser->Session['id'])->delete('sessions'); trigger_error("Session refresh failed for {$currentUser->name} ({$currentUser->id}) | {$e->getMessage()} (HTTP {$e->getCode()})", E_USER_WARNING); } } else { $tokenvalid = true; } if ($tokenvalid) { $signedIn = true; if (time() - strtotime($currentUser->Session['lastvisit']) > Time::$IN_SECONDS['minute']) { $lastVisitTS = date('c'); if ($Database->where('id', $currentUser->Session['id'])->update('sessions', array('lastvisit' => $lastVisitTS))) { $currentUser->Session['lastvisit'] = $lastVisitTS; } } $_PrefersColour = array('Pirill-Poveniy' => true, 'itv-canterlot' => true); if (isset($_PrefersColour[$currentUser->name])) { $Color = 'Colour'; $color = 'colour'; } } } } else { Cookie::delete('access', Cookie::HTTPONLY); } }