/**
* Verification request + calcul signature
*/
function is_valid($request)
{
$payload = $request->getContent();
if (empty($payload)) {
returnResponse('empty payload', 400);
return false;
}
//Bignou calcul signature Gihub
if (!isGithubSignatureValid($request)) {
returnResponse('invalid github signature', 400);
return false;
}
//verif valid payload
if (null === json_decode($payload)) {
returnResponse('invalid json body', 400);
return false;
}
return true;
}
$renew = TRUE;
}
try {
/* Load simpleSAMLphp, configuration and metadata */
$casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache'));
$ticketcontent = retrieveTicket($ticket, $path);
$usernamefield = $casconfig->getValue('attrname', 'eduPersonPrincipalName');
$dosendattributes = $casconfig->getValue('attributes', FALSE);
if (array_key_exists($usernamefield, $ticketcontent)) {
returnResponse('YES', $ticketcontent[$usernamefield][0], $dosendattributes ? $ticketcontent : array());
} else {
returnResponse('NO');
}
} catch (Exception $e) {
returnResponse('NO', $e->getMessage());
}
function returnResponse($value, $content = '', $attributes = array())
{
if ($value === 'YES') {
$attributesxml = "";
foreach ($attributes as $attributename => $attributelist) {
$attr = htmlentities($attributename);
foreach ($attributelist as $attributevalue) {
$attributesxml .= "<cas:{$attr}>" . htmlentities($attributevalue) . "</cas:{$attr}>\n";
}
}
if (sizeof($attributes)) {
$attributesxml = '<cas:attributes>' . $attributesxml . '</cas:attributes>';
}
echo '<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
$pgt = str_replace('_', 'PGT-', SimpleSAML_Utilities::generateID());
$content = array('attributes' => $attributes, 'forceAuthn' => false, 'proxies' => array_merge(array($service), $ticketcontent['proxies']), 'validbefore' => time() + 60);
SimpleSAML_Utilities::fetch($pgtUrl . '?pgtIou=' . $pgtiou . '&pgtId=' . $pgt);
storeTicket($pgt, $path, $content);
$pgtiouxml = "\n<cas:proxyGrantingTicket>{$pgtiou}</cas:proxyGrantingTicket>\n";
}
$proxiesxml = join("\n", array_map(create_function('$a', 'return "<cas:proxy>$a</cas:proxy>";'), $ticketcontent['proxies']));
if ($proxiesxml) {
$proxiesxml = "<cas:proxies>\n{$proxiesxml}\n</cas:proxies>\n";
}
returnResponse('YES', $function, $attributes[$usernamefield][0], $dosendattributes ? $attributes : array(), $pgtiouxml . $proxiesxml);
} else {
returnResponse('NO', $function);
}
} catch (Exception $e) {
returnResponse('NO', $function, $e->getMessage());
}
function returnResponse($value, $function, $usrname = '', $attributes = array(), $xtraxml = "")
{
if ($value === 'YES') {
if ($function != 'validate') {
$attributesxml = "";
foreach ($attributes as $attributename => $attributelist) {
$attr = htmlspecialchars($attributename);
foreach ($attributelist as $attributevalue) {
$attributesxml .= "<cas:{$attr}>" . htmlspecialchars($attributevalue) . "</cas:{$attr}>\n";
}
}
if (sizeof($attributes)) {
$attributesxml = "<cas:attributes>\n" . $attributesxml . "</cas:attributes>\n";
}
function reportComment($commentID, $postID, $reporterID, $reason)
{
$comment = getCommentForID($commentID);
if (!$comment) {
return returnResponse(0, "Failed to report, comment not found.", $result);
}
$userID = $comment['user_id'];
$reportedComment = $comment['comment'];
$result = dbResultFromQuery("INSERT INTO reported_comments (comment_id, post_id, user_id, comment, reporter_id, reportReason) VALUES ('{$commentID}', '{$postID}', '{$userID}', '{$reportedComment}', '{$reporterID}', '{$reason}');");
if ($result) {
return returnResponse(1, "Comment reported, thank you for keeping the community clean.");
} else {
return returnResponse(0, "Failed to report, please try again.");
}
}
/**
* @package WordPress
* @subpackage Constructor
*/
function constructor_admin_save()
{
global $current_user, $template_uri;
// setup permissions for save
$permission = 0777;
$directory = get_template_directory();
// get theme options
$constructor = get_option('constructor');
$admin = get_option('constructor_admin');
// get theme name
$theme = isset($_REQUEST['theme']) ? $_REQUEST['theme'] : $admin['theme'];
$theme_old = $constructor['theme'];
$theme_new = strtolower($theme);
$theme_new = preg_replace('/\\W/', '-', $theme_new);
$theme_new = preg_replace('/[-]+/', '-', $theme_new);
$theme_uri = isset($_REQUEST['theme-uri']) ? $_REQUEST['theme-uri'] : '';
$description = stripslashes(isset($_REQUEST['description']) ? $_REQUEST['description'] : '');
$version = isset($_REQUEST['version']) ? $_REQUEST['version'] : '0.0.1';
$author = isset($_REQUEST['author']) ? $_REQUEST['author'] : '';
$author_uri = isset($_REQUEST['author-uri']) ? $_REQUEST['author-uri'] : $current_user->user_nicename;
if (is_dir($directory . '/themes/' . $theme_new) && !is_writable($directory . '/themes/' . $theme_new)) {
returnResponse(RESPONSE_KO, sprintf(__('Directory "%s" is not writable.', 'constructor'), $directory . '/themes/' . $theme_new));
} else {
if (!is_writable($directory . '/themes/')) {
returnResponse(RESPONSE_KO, sprintf(__('Directory "%s" is not writable.', 'constructor'), $directory . '/themes/'));
} else {
@mkdir($directory . '/themes/' . $theme_new);
@chmod($directory . '/themes/' . $theme_new, $permission);
}
}
// copy all theme images to new? directory
foreach ($constructor['images'] as $img => $data) {
if (!empty($data['src'])) {
$file = pathinfo($data['src']);
$old_image = $directory . '/' . $data['src'];
$new_image = $directory . '/themes/' . $theme_new . '/' . $file['basename'];
if ($old_image != $new_image) {
// we are already check directory permissions
if (!@copy($old_image, $new_image)) {
returnResponse(RESPONSE_KO, sprintf(__('Can\'t copy file "%s".', 'constructor'), $old_image));
}
// read and write for owner and everybody else
@chmod($new_image, $permission);
$constructor['images'][$img]['src'] = 'themes/' . $theme_new . '/' . $file['basename'];
}
}
}
// copy default screenshot (if not exist)
if (!file_exists($directory . '/themes/' . $theme_new . '/screenshot.png') && file_exists($directory . '/themes/' . $theme_old . '/screenshot.png')) {
if (!@copy($directory . '/themes/' . $theme_old . '/screenshot.png', $directory . '/themes/' . $theme_new . '/screenshot.png')) {
returnResponse(RESPONSE_KO, sprintf(__('Can\'t copy file "%s".', 'constructor'), '/themes/' . $theme_old . '/screenshot.png'));
}
} elseif (!file_exists($directory . '/themes/' . $theme_new . '/screenshot.png')) {
if (!@copy($directory . '/admin/images/screenshot.png', $directory . '/themes/' . $theme_new . '/screenshot.png')) {
returnResponse(RESPONSE_KO, sprintf(__('Can\'t copy file "%s".', 'constructor'), '/admin/images/screenshot.png'));
}
}
// read and write for owner and everybody else
@chmod($directory . '/themes/' . $theme_new . '/screenshot.png', $permission);
// update style file
if (file_exists($directory . '/themes/' . $theme_old . '/style.css')) {
$style = file_get_contents($directory . '/themes/' . $theme_old . '/style.css');
// match first comment /* ... */
$style = preg_replace('|\\/\\*(.*)\\*\\/|Umis', '', $style, 1);
} else {
$style = '';
}
$style = "/*\nTheme Name: {$theme}\nTheme URI: {$theme_uri}\nDescription: {$description}\nVersion: {$version}\nAuthor: {$author}\nAuthor URI: {$author_uri}\n*/" . $style;
unset($constructor['theme']);
$config = "<?php \n" . "/* Save on " . date('Y-m-d H:i') . " */ \n" . "return " . var_export($constructor, true) . "\n ?>";
// update files content
if (!@file_put_contents($directory . '/themes/' . $theme_new . '/style.css', $style)) {
returnResponse(RESPONSE_KO, sprintf(__('Can\'t save file "%s".', 'constructor'), '/themes/' . $theme_new . '/style.css'));
}
if (!@file_put_contents($directory . '/themes/' . $theme_new . '/config.php', $config)) {
returnResponse(RESPONSE_KO, sprintf(__('Can\'t save file "%s".', 'constructor'), '/themes/' . $theme_new . '/config.php'));
}
returnResponse(RESPONSE_OK, __('Theme was saved, please reload page for view changes', 'constructor'));
die;
}
/**
* doError
*
* Construct an error response, and send it to the user.
*/
function doError($data, $code = 400)
{
if (is_array($data)) {
$errorText = json_encode($data);
} else {
$errorText = $data;
}
$error = array("error" => $errorText);
returnResponse($error, $code);
}
if ($_POST['action'] === "uninstallation") {
// -- Uninstall Nimbusec (execute installation file) --
$res = (require_once "/usr/local/nimbusec/nimbusec/uninstall.php");
if ($res['status']) {
array_push($res['content'], "The uninstallation of the nimbusec cPanel / WHM plugin has been finished successfully.");
} else {
array_push($res['content'], "The uninstallation of the nimbusec cPanel / WHM plugin has been aborted suddenly. It is advised to review the nimbusec logs files to find the possible cause.");
}
returnResponse($res);
} else {
if ($_POST['action'] === "retrieveUsers") {
$packages = retrieveUsers();
if (gettype($packages) == "array") {
returnResponse($packages, 1);
} else {
returnResponse($packages);
}
} else {
returnResponse("Unknown module called");
}
}
}
}
}
}
}
} catch (Exception $exp) {
$res = "[UNEXPECTED SPECIFIC ERROR] in {$exp->getFile()}: {$exp->getMessage()} at line {$exp->getLine()}";
returnResponse($res);
}
}
returnResponse(40001, "system is busy 05");
} else {
$Query = $_SGLOBAL['db']->query("SELECT uid,wallname,`check` FROM " . tname('wall') . " WHERE id = '{$WallId}' ");
if ($Value = $_SGLOBAL['db']->fetch_array($Query)) {
$apply = $Value['uid'];
$check = $Value['check'];
$WallTitle = $Value['wallname'];
}
$isfounder = ckfounder($uid);
if ($check || $isfounder || $uid == 144 || $uid == $apply) {
$pass = 1;
}
$setarr = array('uid' => $uid, 'pass' => 1, 'username' => $username, 'message' => $message, 'wallid' => $wallid, 'ip' => 'weixin', 'timeline' => $_SGLOBAL['timestamp'], 'fromdevice' => 'wechat');
//入库
$newwallid = inserttable('wallfield', $setarr, 1);
if ($check > 0 && $pass > 0) {
$message = "<a href=\"plugin.php?pluginid=wall&wallid=" . $WallId . "&ac=track\">#" . $WallTitle . "#</a> " . $message;
$feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $uid, 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newwallid, 'idtype' => 'wallid');
$feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
$feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
$FeedId = inserttable('feed', $feedarr, 1);
if ($FeedId) {
updatetable('wallfield', array('feedid' => $FeedId), array('id' => $id));
}
}
returnResponse(0, "ok");
}
} catch (Exception $e) {
returnResponse(40001, "system is busy 28");
}
}
$gid = trim($_POST["gid"]);
if (inject_check($uid) || inject_check($gid)) {
returnResponse(40002, "格式不正确");
} else {
//
// 做一些加入群组的动作
//
$q = $_SGLOBAL['db']->query("SELECT name FROM " . tname('space') . " WHERE uid='{$uid}'");
$name = $_SGLOBAL['db']->fetch_array($q);
$name = $name['name'];
$q = $_SGLOBAL['db']->query("SELECT tagid FROM " . tname('mtag') . " WHERE tagid='{$gid}'");
$tid = $_SGLOBAL['db']->fetch_array($q);
$tid = $tid['tagid'];
$q = $_SGLOBAL['db']->query("SELECT 1 AS result FROM " . tname('tagspace') . " WHERE tagid='{$gid}' AND uid='{$uid}'");
$is_in_group = $_SGLOBAL['db']->fetch_array($q);
$is_in_group = $is_in_group['result'];
if (!$name || !$tid) {
returnResponse(40002, "格式不正确");
} else {
if ($is_in_group) {
returnResponse(40004, "已经在群组中");
} else {
jointag($uid, $gid, $_SGLOBAL['db']);
returnResponse(0, $gid);
}
}
}
} catch (Exception $e) {
returnResponse(40002, "格式不正确");
}
}
if (array_key_exists('renew', $_GET)) {
$renew = TRUE;
}
try {
/* Load simpleSAMLphp, configuration and metadata */
$casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache'));
$ticketcontent = retrieveTicket($ticket, $path);
$usernamefield = $casconfig->getValue('attrname', 'eduPersonPrincipalName');
if (array_key_exists($usernamefield, $ticketcontent)) {
returnResponse('YES', $ticketcontent[$usernamefield][0]);
} else {
returnResponse('NO');
}
} catch (Exception $e) {
returnResponse('NO');
}
function returnResponse($value, $username = '')
{
if ($value === 'YES') {
echo 'YES' . "\n" . $username;
} else {
echo 'NO' . "\n";
}
}
function storeTicket($ticket, $path, &$value)
{
if (!is_dir($path)) {
throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
}
if (!is_writable($path)) {
