Ejemplo n.º 1
0
function login($user, $pass, $remember = 0, $prevpage = '/', $newuser = FALSE)
{
    // only go further if the user exists and has given us a valid password
    if (file_exists("{$_SERVER['PWUSERS_DIR']}/{$user}/userinfo.dat") && user_is_valid($user, $pass)) {
        parse_str(user_read_info($user));
        // sets the expiry of the cookie to 3 hours from now, or 5 years
        if ($remember) {
            $time = time() + 86400 * 365 * 5;
        } else {
            $time = 0;
        }
        $cookie_name = $_SERVER['AUTH_COOKIE'];
        $cookie_data = user_get_fingerprint($user, $pass);
        $cookie_host = $_SERVER['HTTP_HOST'];
        if (substr_count($cookie_host, '.') < 2) {
            $cookie_host = ".{$cookie_host}";
        }
        $cookie_host = str_replace('www', '', $cookie_host);
        setcookie($cookie_name, $cookie_data, $time, $_SERVER['WEB_ROOT'] . "/", $cookie_host);
        setcookie('remember', "remember={$remember}", time() + 86400 * 365 * 5, $_SERVER['WEB_ROOT'] . "/", $cookie_host);
        if ($prevpage === FALSE) {
            $prevpage = '/';
        }
        Header("Location: http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/scripts/cookie-test.php?fingerprint_v4={$cookie_data}&newuser={$newuser}&redirect_page={$prevpage}");
    } else {
        redirect("/failed");
        /*		echo "<div class='alert'><h1>Login failed for $user.</h1> Double check the username and password you provided, and try again. If you keep getting this message and you shouldn't, email <a href='mailto:help@planwatch.org'>help@planwatch.org</a></div>
        		<form action='/scripts/form_shim.php' method='post' name='loginForm'>
        		user <input id='login_username' type='text' name='user' size='10' />
        		pass <input id='login_userpass' type='password'  name='pass' size='6' />
        		<input type='checkbox' name='remember' id='remember' value='1' />
        		<label for='remember'>remember me</label>
        		<input type='hidden' name='action' value='login'/>
        		<input type='submit' name='action' value='login' onclick='document.forms.loginForm.submit();' />
        		<input type='hidden' name='prevpage' value=''/>
        	</form>"*/
    }
}
Ejemplo n.º 2
0
    $nolinebreaks = TRUE;
}
if (stristr($message_parsed['Subject'], 'nofeed') === TRUE) {
    $nofeed = "<!--no feed-->";
}
if (stristr($message_parsed['Subject'], 'markdown') === TRUE) {
    $markdown = "<!--markdown-->";
}
$_SERVER['EMAIL_POST'] = TRUE;
$_SERVER['EMAIL_FROM'] = $message_parsed['From'][0]['address'];
set_include_path('/home/planwatc/public_html/v4:/home/planwatc/public_html/v4/scripts:..:.:/home/planwatc/public_html/v4/backend:/home/planwatc/public_html/v4/resources/skins:/home/planwatc/public_html/v4/scripts/standard_library');
include_once "siteconfig.php";
include_once "essential.php";
include_once 'user_info_functions.php';
// find out about the writer
user_read_info($writer, TRUE);
// if the secret word matches, authenticate the user
if ($secretword && $secretword == $_SERVER['USERINFO_ARRAY']['secretword']) {
    $message_parsed['Subject'] = str_replace($_SERVER['USERINFO_ARRAY']['removefromtitles'], '', $message_parsed['Subject']);
    $post_params['action'] = 'Update Journaling Plan';
    $post_params['writer'] = $writer;
    $post_params['private'] = $private;
    $post_params['nolinebreaks'] = $nolinebreaks;
    $post_params['nofeed'] = $nofeed;
    $post_params['markdown'] = $markdown;
    $post_params['newplan'] = $message_parsed['Data'] . "<!--TITLE {$message_parsed['Subject']}--><!--nolinebreaks-->";
    //."<!--email post\n".serialize($message_parsed)."-->";
    $post_params['sid'] = user_get_fingerprint($_SERVER['USER'], $_SERVER['USERINFO_ARRAY']['userpass']);
    $post_params['mailpost'] = 1;
    $request_url = "http://planwatch.org/scripts/plan_update.php";
    $ch = curl_init();
Ejemplo n.º 3
0
function blogger_getUserInfo($m)
{
    $appkey = $m->getParam(0);
    // discarded
    $username = $m->getParam(1);
    $password = $m->getParam(2);
    unset($appkey);
    // this is just to drive the point home that we aren't using appkey.
    // i suppose we could log the appkeys just for the heck of it.
    $username = $username->scalarval();
    $password = $password->scalarval();
    if (user_is_valid($username, $password)) {
        parse_str(user_read_info($username), $userinfo);
    }
    list($firstname, $lastname) = explode(' ', $userinfo['real_name']);
    $returnlist['nickname'] = new xmlrpcval($username, 'string');
    $returnlist['userid'] = new xmlrpcval($username, 'string');
    $returnlist['firstname'] = new xmlrpcval($firstname, 'string');
    $returnlist['lastname'] = new xmlrpcval($lastname, 'string');
    $returnlist['nickname'] = new xmlrpcval($userinfo['email'], 'string');
    $returnlist['url'] = new xmlrpcval("http://planwatch.org/read/{$username}", 'string');
    $xmlarray = new xmlrpcval(array(xmlrpc_encode($returnlist)), 'array');
    $returnval = new xmlrpcresp($xmlarray);
    // if we generated an error, create an error return response
    if ($err) {
        return new xmlrpcresp(0, $xmlrpcerruser, $err);
    } else {
        // otherwise, we create the right response
        return $returnval;
    }
}
function user_is_valid($user = '', $pass = '')
{
    $valid = FALSE;
    if ($user && $user != 'guest') {
        if (file_exists("{$_SERVER['PWUSERS_DIR']}/{$user}/userinfo.dat")) {
            extract(unserialize(file_get_contents("{$_SERVER['PWUSERS_DIR']}/{$user}/userinfo.dat")));
        } else {
            parse_str(user_read_info($user));
        }
        if (strtolower($user) == strtolower($username) && strtolower($pass) == strtolower($userpass)) {
            $valid = TRUE;
        } else {
            $valid = FALSE;
        }
    }
    return $valid;
}
function plan_is_local($planowner)
{
    $valid = 0;
    $planowner = trim($planowner);
    parse_str(user_read_info(plan_repair_local_name($planowner)));
    if (strpos($plantype, 'local') !== FALSE) {
        $valid = 1;
    }
    if (strpos($plantype, 'planwatch') !== FALSE) {
        $valid = 1;
    }
    if ($plantype == '' && file_exists("{$_SERVER['PWUSERS_DIR']}/{$planowner}/userinfo.dat")) {
        $valid = 1;
    }
    return $valid;
}