function event_hook($event, &$bag, &$eventData, $addData = null)
 {
     global $serendipity;
     $hooks =& $bag->get('event_hooks');
     $logout_url = $this->get_config('logout_url');
     if (isset($hooks[$event])) {
         switch ($event) {
             case 'frontend_configure':
                 if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) {
                     serendipity_login();
                 } elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) {
                     serendipity_logout();
                     header('Status: 302 Found');
                     if ($logout_url != "") {
                         header("Location: {$logout_url}");
                     } else {
                         header("Location: {$serendipity['baseURL']}{$serendipity['indexFile']}");
                     }
                     exit;
                 }
                 return true;
                 break;
             default:
                 return false;
         }
     } else {
         return false;
     }
 }
Ejemplo n.º 2
0
# All rights reserved.  See LICENSE file for licensing details
define('IN_installer', true);
define('IN_upgrader', true);
define('IN_serendipity', true);
define('IN_serendipity_admin', true);
include 'serendipity_config.inc.php';
header('Content-Type: text/html; charset=' . LANG_CHARSET);
if (IS_installed === false) {
    require_once S9Y_INCLUDE_PATH . 'include/functions.inc.php';
} else {
    if (defined('IS_up2date') && IS_up2date === true) {
        serendipity_plugin_api::hook_event('backend_configure', $serendipity);
    }
}
if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') {
    serendipity_logout();
    header("Location: " . $serendipity['baseURL']);
} else {
    if (IS_installed === true) {
        /* Check author token to insure session not hijacked */
        if (!isset($_SESSION['author_token']) || !isset($serendipity['COOKIE']['author_token']) || $_SESSION['author_token'] !== $serendipity['COOKIE']['author_token']) {
            $_SESSION['serendipityAuthedUser'] = false;
            serendipity_session_destroy();
        }
        if (!serendipity_userLoggedIn()) {
            // Try again to log in, this time with enabled external authentication event hook
            serendipity_login(true);
        }
    }
}
// If we are inside an iframe, halt the script
 function event_hook($event, &$bag, &$eventData, $addData = null)
 {
     global $serendipity;
     static $login_url = null;
     if ($login_url === null) {
         $login_url = $serendipity['baseURL'] . $serendipity['indexFile'] . '?/plugin/loginbox';
     }
     $hooks =& $bag->get('event_hooks');
     if (isset($hooks[$event])) {
         switch ($event) {
             case 'frontend_saveComment':
                 if (!isset($serendipity['csuccess'])) {
                     $serendipity['csuccess'] = 'true';
                 }
                 if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn() && $addData['source2'] != 'adduser') {
                     $eventData = array('allow_comments' => false);
                     $serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
                     return false;
                 }
                 if (serendipity_db_bool($this->get_config('registered_only')) && !$this->inGroup() && $addData['source2'] != 'adduser') {
                     $eventData = array('allow_comments' => false);
                     $serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
                     return false;
                 }
                 if (serendipity_db_bool($this->get_config('true_identities')) && !serendipity_userLoggedIn()) {
                     $user = str_replace(" b", '', $addData['name']);
                     $user = serendipity_db_escape_string(preg_replace('@\\s+@', ' ', trim($user)));
                     $user = trim($user);
                     $authors = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}authors WHERE realname = '" . $user . "'");
                     if (is_array($authors) && isset($authors[0]['authorid'])) {
                         $eventData = array('allow_comments' => false);
                         $serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_CHECK_REASON, $login_url, 'onclick="javascript:loginbox = window.open(this.href, \'loginbox\', \'width=300,height=300,locationbar=no,menubar=no,personalbar=no,statusbar=yes,status=yes,toolbar=no\'); return false;"');
                     }
                 }
                 break;
             case 'external_plugin':
                 if ($eventData != 'loginbox') {
                     return true;
                 }
                 $out = array();
                 serendipity_plugin_api::hook_event('backend_login_page', $out);
                 serendipity_smarty_init();
                 $serendipity['smarty']->assign(array('loginform_add' => $out, 'loginform_url' => $login_url, 'loginform_user' => $_SESSION['serendipityUser'], 'loginform_mail' => $_SESSION['serendipityEmail'], 'close_window' => defined('LOGIN_ACTION'), 'is_logged_in' => serendipity_userLoggedIn(), 'is_error' => defined('LOGIN_ERROR')));
                 $filename = 'loginbox.tpl';
                 $tfile = serendipity_getTemplateFile($filename, 'serendipityPath');
                 if (!$tfile || $tfile == $filename) {
                     $tfile = dirname(__FILE__) . '/' . $filename;
                 }
                 $inclusion = $serendipity['smarty']->security_settings[INCLUDE_ANY];
                 $serendipity['smarty']->security_settings[INCLUDE_ANY] = true;
                 $serendipity['smarty']->display($tfile);
                 break;
             case 'frontend_display':
                 if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn()) {
                     $serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_ONLY_REASON, $serendipity['baseURL'] . $serendipity['indexFile'] . '?serendipity[subpage]=adduser', $serendipity['baseURL'] . 'serendipity_admin.php');
                     $eventData['allow_comments'] = false;
                 }
                 break;
             case 'frontend_configure':
                 if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) {
                     serendipity_login();
                     if (serendipity_userLoggedIn()) {
                         define('LOGIN_ACTION', 'login');
                         header('X-s9y-auth: Login');
                     } else {
                         define('LOGIN_ERROR', true);
                     }
                 } elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) {
                     serendipity_logout();
                     if (!serendipity_userLoggedIn()) {
                         header('X-s9y-auth: Logout');
                         define('LOGIN_ACTION', 'logout');
                     }
                 }
                 if ((serendipity_db_bool($this->get_config('registered_only')) || serendipity_db_bool($this->get_config('true_identities'))) && $_SESSION['serendipityAuthedUser']) {
                     if (defined('IN_serendipity_admin') && $serendipity['GET']['adminAction'] == 'doEdit') {
                         // void
                     } else {
                         $serendipity['COOKIE']['name'] = isset($_SESSION['serendipityRealname']) ? $_SESSION['serendipityRealname'] : $_SESSION['serendipityUser'];
                         $serendipity['COOKIE']['email'] = $_SESSION['serendipityEmail'];
                         if ($serendipity['POST']['comment']) {
                             $serendipity['POST']['name'] = $serendipity['COOKIE']['name'];
                             $serendipity['POST']['email'] = $serendipity['COOKIE']['email'];
                         }
                     }
                 }
                 return true;
                 break;
             case 'entry_display':
                 if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation']) || !empty($this->clean_page)) {
                     if (is_array($eventData)) {
                         $eventData['clean_page'] = true;
                     }
                 }
                 break;
             case 'entries_header':
                 if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation'])) {
                     $this->clean_page = true;
                     $url = $serendipity['baseURL'] . $serendipity['indexFile'];
                     $hidden['subpage'] = 'adduser';
                     $username = substr($serendipity['POST']['adduser_user'], 0, 40);
                     $password = substr($serendipity['POST']['adduser_pass'], 0, 32);
                     $email = $serendipity['POST']['adduser_email'];
                     echo '<div id="adduser_form" style="padding-left: 4px; padding-right: 10px"><a id="adduser"></a>';
                     // Get the config from the sidebar plugin
                     $pair_config = array('userlevel' => USERLEVEL_EDITOR, 'no_create' => false, 'right_publish' => false, 'instructions' => $this->get_config('instructions', ''), 'usergroups' => array(), 'straight_insert' => false, 'approve' => false, 'use_captcha' => false);
                     $config = serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}config WHERE name LIKE 'serendipity_plugin_adduser:%'");
                     if (is_array($config)) {
                         foreach ($config as $conf) {
                             $names = explode('/', $conf['name']);
                             if ($names[1] == 'instructions' && !empty($pair_config['instructions'])) {
                                 continue;
                             }
                             if ($names[1] == 'usergroups') {
                                 $ug = (array) explode(',', $conf['value']);
                                 foreach ($ug as $cid) {
                                     if ($cid === false || empty($cid)) {
                                         continue;
                                     }
                                     $pair_config[$names[1]][$cid] = $cid;
                                 }
                             } else {
                                 $pair_config[$names[1]] = serendipity_get_bool($conf['value']);
                             }
                         }
                     }
                     if (!serendipity_common_adduser::adduser($username, $password, $email, $pair_config['userlevel'], $pair_config['usergroups'], $pair_config['no_create'], $pair_config['right_publish'], $pair_config['straight_insert'], $pair_config['approve'], $pair_config['use_captcha'])) {
                         serendipity_common_adduser::loginform($url, $hidden, $pair_config['instructions'], $username, $password, $email, $pair_config['use_captcha']);
                     }
                     echo '</div>';
                 }
                 return true;
                 break;
             default:
                 return false;
         }
     } else {
         return false;
     }
 }
 /**
  * Administration issues and switch to validation function
  **/
 function cal_admin_backend()
 {
     global $serendipity;
     /* calendar administration functions write content, but set approved = 0 if not re-edited by validated user */
     if (isset($_POST['calendar']['type'])) {
         // validate entries and do INSERT or REPLACE db issues
         $this->cal_write_entries();
         // authenticated, but REPLACE or INSERT error
         if (isset($serendipity['eventcal']['isadminid']) === true) {
             $isadminid = true;
             unset($serendipity['eventcal']['isadminid']);
         }
     }
     /* calendar administration functions - login, logout */
     if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') {
         serendipity_logout();
         $this->smarty_assign_error('msg', CAL_EVENT_USER_LOGGEDOFF);
     }
     // placeholder superusers old freetable validation
     /* calendar administration functions - approve and delete entries in app or single entry view */
     if (isset($_POST['calendar']['entries']) && is_array($_POST['calendar']['entries']) || isset($isadminid) === true) {
         if (!serendipity_userLoggedIn()) {
             $adminpost[ap] = 1;
             // set event appform open
             $this->smarty_assign_error('err', CAL_EVENT_USER_LOGINFIRST);
         } else {
             /* authenticated user is logged-in - here we just do reject or approve an event, validate Change Submits or give back values */
             /* approve events */
             if (isset($_POST['Approve_Selected']) || isset($_POST['Approve_Selected_x']) || isset($_POST['Approve_Selected_y'])) {
                 if (is_array($_POST['calendar']['entries'])) {
                     $apid = array();
                     foreach ($_POST['calendar']['entries'] as $entry => $val) {
                         $result = $this->mysql_db_result_sets('UPDATE', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "approved=1 WHERE id={$val}");
                         $apid[] = $val;
                         $n_id .= $val . ' ';
                     }
                     if ($result) {
                         // need help here - vsprintf does not take this array, even if used as string
                         // so I used a workaround string $n_id .= $val to assign at end
                         $this->smarty_assign_error('msg', vsprintf(PLUGIN_EVENTCAL_APPROVE_DONE_BLAHBLAH, $apid) . (count($apid) > 1 ? ' (Updated Multi-IDs: ' . $n_id . ')' : ''));
                     }
                     // else return db error
                 }
             }
             /* reject events */
             if (isset($_POST['Reject_Selected']) || isset($_POST['Reject_Selected_x']) || isset($_POST['Reject_Selected_y'])) {
                 if (is_array($_POST['calendar']['entries'])) {
                     $idel = array();
                     foreach ($_POST['calendar']['entries'] as $entry => $val) {
                         $result = $this->mysql_db_result_sets('DELETE', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "id={$val}");
                         $idel[] = $val;
                         $n_id .= $val . ' ';
                     }
                     if ($result) {
                         // need help here - vsprintf does not take this array, even if used as string - see above
                         $this->smarty_assign_error('msg', vsprintf(PLUGIN_EVENTCAL_REJECT_DONE_BLAHBLAH, $idel) . (count($idel) > 1 ? ' (Erased Multi-IDs: ' . $n_id . ')' : ''));
                     }
                     // else return db error
                 }
             }
             /* an authenticated logged-in user tries to change and submit an unapproved event */
             if (isset($isadminid) === true && isset($id)) {
                 /* there was an error changing unapproved entries - get back the original entry */
                 $event = $this->mysql_db_result_sets('SELECT-KEY', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "id={$id}");
                 // else return db error
             } elseif (isset($_POST['Change_Selected']) || isset($_POST['Change_Selected_x']) || isset($_POST['Change_Selected_y'])) {
                 // select a specific unapproved event - check if it is a single entry or has checked multiple checkboxes
                 if (is_array($_POST['calendar']['entries'])) {
                     $countentries = count($_POST['calendar']['entries']);
                     if ($countentries == 1) {
                         foreach ($_POST['calendar']['entries'] as $entry => $val) {
                             $event = $this->mysql_db_result_sets('SELECT-KEY', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "id={$val}");
                             // else return db error
                         }
                         if (!is_array($event)) {
                             $adminpost[a] = 0;
                         }
                         // if db error close new event date form
                     } else {
                         $this->smarty_assign_error('err', CAL_EVENT_CHGSELECTED_ARRAY . ' ' . CAL_EVENT_PLEASECORRECT);
                         $adminpost[a] = 0;
                         // close new event date form
                         $adminpost[ap] = 1;
                         // open administrate unapproved event form
                     }
                 }
             }
             // assign edit single event entry to smarty add form - do not parse text_pattern_bbc function
             if (is_array($event)) {
                 $adminpost['a'] = 1;
                 // open form to change single event
                 $adminpost['ap'] = 0;
                 // close unapproved event table
                 $adminpost['id'] = $event['id'];
                 list($adminpost['syear'], $adminpost['smonth'], $adminpost['sday']) = explode('-', $event['sdato']);
                 @(list($adminpost['eyear'], $adminpost['emonth'], $adminpost['eday']) = explode('-', $event['edato']));
                 @(list($adminpost['which'], $adminpost['day']) = explode(':', $event['recur']));
                 $adminpost['sdesc'] = $event['sdesc'];
                 $adminpost['ldesc'] = $event['ldesc'];
                 $adminpost['url'] = $event['url'];
                 $adminpost['tipo'] = $event['tipo'];
                 $adminpost['approved'] = $event['approved'];
                 $adminpost['app_by'] = $event['app_by'];
                 $adminpost['tstamp'] = $event['tstamp'];
                 unset($event);
             }
         }
         // serendipity_userLoggedIn() = true end
         // isset calendar entries or isadminid end
     } elseif (isset($_POST) && !isset($_POST['calendar']['entries'])) {
         if ((int) isset($_POST['Approve_Selected_x']) && (int) isset($_POST['Approve_Selected_y']) || (int) isset($_POST['Reject_Selected_x']) && (int) isset($_POST['Reject_Selected_y']) || (int) isset($_POST['Change_Selected_x']) && (int) isset($_POST['Change_Selected_y'])) {
             $adminpost[ap] = 1;
             if (serendipity_userLoggedIn()) {
                 $this->smarty_assign_error('msg', CAL_EVENT_CHECKBOXALERT);
             } else {
                 $this->smarty_assign_error('err', CAL_EVENT_CHECKBOXALERT);
             }
         }
     }
     // elseif & isset $_POST edit, validate and delete entries end
     // do something to get back to the form data
     if (isset($adminpost) && is_array($adminpost)) {
         $serendipity['eventcal']['adminpost'] = $adminpost;
         unset($adminpost);
     }
 }