Ejemplo n.º 1
0
	/**
	 * Verifies user credentials before creating the theme and displaying the request.
	 */
	public function __construct()
	{
		$user = User::identify();
		if ( !$user->loggedin ) {
			Session::add_to_set( 'login', $_SERVER['REQUEST_URI'], 'original' );
			if ( URL::get_matched_rule()->action == 'admin_ajax' && isset( $_SERVER['HTTP_REFERER'] ) ) {
				 $ar = new AjaxResponse(408, _t('Your session has ended, please log in and try again.') );
				 $ar->out();
			}
			else {
				$post_raw = $_POST->get_array_copy_raw();
				if ( !empty( $post_raw ) ) {
					Session::add_to_set( 'last_form_data', $post_raw, 'post' );
					Session::error( _t( 'We saved the last form you posted. Log back in to continue its submission.' ), 'expired_form_submission' );
				}
				$get_raw = $_GET->get_array_copy_raw();
				if ( !empty( $get_raw ) ) {
					Session::add_to_set( 'last_form_data', $get_raw, 'get' );
					Session::error( _t( 'We saved the last form you posted. Log back in to continue its submission.' ), 'expired_form_submission' );
				}
				Utils::redirect( URL::get( 'auth', array( 'page' => 'login' ) ) );
			}
			exit;
		}

		$last_form_data = Session::get_set( 'last_form_data' ); // This was saved in the "if ( !$user )" above, UserHandler transferred it properly.
		/* At this point, Controller has not created handler_vars, so we have to modify $_POST/$_GET. */
		if ( isset( $last_form_data['post'] ) ) {
			$_POST = $_POST->merge( $last_form_data['post'] );
			$_SERVER['REQUEST_METHOD'] = 'POST'; // This will trigger the proper act_admin switches.
			Session::remove_error( 'expired_form_submission' );
		}
		if ( isset( $last_form_data['get'] ) ) {
			$_GET = $_GET->merge( $last_form_data['get'] );
			Session::remove_error( 'expired_form_submission' );
			// No need to change REQUEST_METHOD since GET is the default.
		}
		$user->remember();

		// Create an instance of the active public theme so that its plugin functions are implemented
		$this->active_theme = Themes::create();

		// setup the stacks for javascript in the admin - it's a method so a plugin can call it externally
		self::setup_stacks();
		
		// on every page load check the plugins currently loaded against the list we last checked for updates and trigger a cron if we need to
		Update::check_plugins();
	}
Ejemplo n.º 2
0
 public function loginform_do_login($form)
 {
     $name = $form->habari_username->value;
     $pass = $form->habari_password->value;
     if (null != $name || null != $pass) {
         $user = User::authenticate($name, $pass);
         if ($user instanceof User && $user != false) {
             $userinfo = $user->info;
             // if there's an unused password reset token, unset it to make sure there's no possibility of a compromise that way
             if (isset($userinfo->password_reset)) {
                 unset($userinfo->password_reset);
             }
             /* Successfully authenticated. */
             // Timestamp last login date and time.
             $user->info->authenticate_time = DateTime::create()->format('Y-m-d H:i:s');
             $user->update();
             // Remove left over expired session error message.
             if (Session::has_errors('expired_session')) {
                 Session::remove_error('expired_session');
             }
             $login_session = Session::get_set('login');
             if (!empty($login_session)) {
                 /* Now that we know we're dealing with the same user, transfer the form data so he does not lose his request */
                 if (!empty($login_session['post_data'])) {
                     Session::add_to_set('last_form_data', $last_form_data['post'], 'post');
                 }
                 if (!empty($login_session['get_data'])) {
                     Session::add_to_set('last_form_data', $last_form_data['get'], 'get');
                 }
                 // don't bother parsing out the URL, we store the URI that was requested, so just append that to the hostname and we're done
                 $login_dest = Site::get_url('host') . $login_session['original'];
             } else {
                 $login_session = null;
                 $login_dest = Site::get_url('admin');
             }
             // filter the destination
             $login_dest = Plugins::filter('login_redirect_dest', $login_dest, $user, $login_session);
             // finally, redirect to the destination
             Utils::redirect($login_dest);
             return true;
         }
         /* Authentication failed. */
         // Remove submitted password, see, we're secure!
         $form->habari_password->value = '';
         $this->handler_vars['error'] = _t('Bad credentials');
     }
 }
Ejemplo n.º 3
0
 /**
  * Verifies user credentials before creating the theme and displaying the request.
  */
 public function __construct()
 {
     $user = User::identify();
     if (!$user->loggedin) {
         Session::add_to_set('login', $_SERVER['REQUEST_URI'], 'original');
         if (URL::get_matched_rule()->name == 'admin_ajax' && isset($_SERVER['HTTP_REFERER'])) {
             header('Content-Type: text/javascript;charset=utf-8');
             echo '{callback: function(){location.href="' . $_SERVER['HTTP_REFERER'] . '"} }';
         } else {
             $post_raw = $_POST->get_array_copy_raw();
             if (!empty($post_raw)) {
                 Session::add_to_set('last_form_data', $post_raw, 'post');
                 Session::error(_t('We saved the last form you posted. Log back in to continue its submission.'), 'expired_form_submission');
             }
             $get_raw = $_GET->get_array_copy_raw();
             if (!empty($get_raw)) {
                 Session::add_to_set('last_form_data', $get_raw, 'get');
                 Session::error(_t('We saved the last form you posted. Log back in to continue its submission.'), 'expired_form_submission');
             }
             Utils::redirect(URL::get('auth', array('page' => 'login')));
         }
         exit;
     }
     $last_form_data = Session::get_set('last_form_data');
     // This was saved in the "if ( !$user )" above, UserHandler transferred it properly.
     /* At this point, Controller has not created handler_vars, so we have to modify $_POST/$_GET. */
     if (isset($last_form_data['post'])) {
         $_POST = $_POST->merge($last_form_data['post']);
         $_SERVER['REQUEST_METHOD'] = 'POST';
         // This will trigger the proper act_admin switches.
         Session::remove_error('expired_form_submission');
     }
     if (isset($last_form_data['get'])) {
         $_GET = $_GET->merge($last_form_data['get']);
         Session::remove_error('expired_form_submission');
         // No need to change REQUEST_METHOD since GET is the default.
     }
     $user->remember();
     // Create an instance of the active public theme so that its plugin functions are implemented
     $this->active_theme = Themes::create();
     // setup the stacks for javascript in the admin - it's a method so a plugin can call it externally
     self::setup_stacks();
 }
 /**
  * Log the entry page view, when appropriate.
  *
  */
 public function action_add_template_vars($theme, $handler_vars)
 {
     // If there is only one post
     if ($theme->post instanceof Post && count($theme->posts) == 1) {
         // Only track users that aren't logged in, unless specifically overridden
         if (!User::identify()->loggedin || Options::get('popular_posts__loggedintoo')) {
             $set = Session::get_set('popular_posts', false);
             $post = $theme->post;
             if (!in_array($post->id, $set)) {
                 $views = $post->info->views;
                 if ($views == null) {
                     $views = 0;
                 }
                 $views += 1;
                 $post->info->views = $views;
                 $post->info->commit();
                 Session::add_to_set('popular_posts', $post->id);
             }
         }
     }
 }
Ejemplo n.º 5
0
    public function action_ajax_ajaxpoll()
    {
        $pollid = $_GET['pollid'];
        $vote = $_GET['result'];
        $post = Post::get(array('content_type' => Post::type('poll'), 'id' => $pollid));
        if ($vote != 'null') {
            $array = $post->info->r;
            $temp = $post->info->r;
            $temp[$vote]++;
            $post->info->r = $temp;
            Session::add_to_set('votes', $post->id);
        }
        $post->update();
        ?>
	<ul id="poll_results">
		<?php 
        $length = 200;
        $post->info->r;
        $max = max($post->info->r);
        for ($n = 1; $n < sizeof($post->info->r); $n++) {
            ?>
			<label > <?php 
            echo $post->info->entry[$n] . "(" . $post->info->r[$n] . ")";
            ?>
 <li style='width: <?php 
            echo $length * ($post->info->r[$n] / $max);
            ?>
px'>  </li> </label>
		
		<?php 
        }
        ?>

	</ul>
		<?php 
    }
Ejemplo n.º 6
0
 /**
  * Either just display the login form; or check a user's credentials, and
  * create a session for them; or handle a password reset request.
  */
 public function act_login()
 {
     // If we're a reset password request, do that.
     if (isset($_POST['submit_button']) && $_POST['submit_button'] === _t('Reset password')) {
         Utils::check_request_method(array('POST'));
         $name = $this->handler_vars['habari_username'];
         if ($name !== NULL) {
             if (!is_numeric($name) && ($user = User::get($name))) {
                 $hash = Utils::random_password();
                 $user->info->password_reset = md5($hash);
                 $user->info->commit();
                 $message = _t('Please visit %1$s to reset your password.', array(URL::get('user', array('page' => 'password_reset', 'id' => $user->id, 'hash' => $hash))));
                 Utils::mail($user->email, _t('[%1$s] Password reset request for %2$s', array(Options::get('title'), $user->displayname)), $message);
             }
             // Moving this inside the check for user existence would allow attackers to test usernames, so don't
             Session::notice(_t('A password reset request has been sent to the user.'));
         }
     } else {
         Utils::check_request_method(array('GET', 'HEAD', 'POST'));
         $name = $_POST['habari_username'];
         $pass = $_POST['habari_password'];
         if (NULL != $name || NULL != $pass) {
             $user = User::authenticate($name, $pass);
             if ($user instanceof User && FALSE != $user) {
                 /* Successfully authenticated. */
                 // Timestamp last login date and time.
                 $user->info->authenticate_time = date('Y-m-d H:i:s');
                 $user->update();
                 // Remove left over expired session error message.
                 if (Session::has_errors('expired_session')) {
                     Session::remove_error('expired_session');
                 }
                 $login_session = Session::get_set('login');
                 if (!empty($login_session)) {
                     /* Now that we know we're dealing with the same user, transfer the form data so he does not lose his request */
                     if (!empty($login_session['post_data'])) {
                         Session::add_to_set('last_form_data', $last_form_data['post'], 'post');
                     }
                     if (!empty($login_session['get_data'])) {
                         Session::add_to_set('last_form_data', $last_form_data['get'], 'get');
                     }
                     /* Redirect to the correct admin page */
                     $dest = explode('/', MultiByte::substr($login_session['original'], MultiByte::strpos($login_session['original'], 'admin/')));
                     if ('' == $dest[0]) {
                         $login_dest = Site::get_url('admin');
                     } else {
                         // Replace '?' with '&' in $dest[1] before call URL::get()
                         // Therefore calling URL::get() with a query string
                         $dest[1] = str_replace('?', '&', $dest[1]);
                         $login_dest = URL::get('admin', 'page=' . $dest[1]);
                     }
                 } else {
                     $login_session = null;
                     $login_dest = Site::get_url('admin');
                 }
                 // filter the destination
                 $login_dest = Plugins::filter('login_redirect_dest', $login_dest, $user, $login_session);
                 // finally, redirect to the destination
                 Utils::redirect($login_dest);
                 return TRUE;
             }
             /* Authentication failed. */
             // Remove submitted password, see, we're secure!
             $_POST['habari_password'] = '';
             $this->handler_vars['error'] = _t('Bad credentials');
         }
     }
     // Display the login form.
     $this->login_form($name);
 }
Ejemplo n.º 7
0
 /**
  * Add a comment to the site
  *
  * @param mixed $post A Post object instance or Post object id
  * @param string $name The commenter's name
  * @param string $email The commenter's email address
  * @param string $url The commenter's website URL
  * @param string $content The comment content
  * @param array $extra An associative array of extra values that should be considered
  */
 function add_comment($post, $name = null, $email = null, $url = null, $content = null, $extra = null)
 {
     if (is_numeric($post)) {
         $post = Post::get(array('id' => $post));
     }
     if (!$post instanceof Post) {
         // Not sure what you're trying to pull here, but that's no good
         header('HTTP/1.1 403 Forbidden', true, 403);
         die;
     }
     // let's do some basic sanity checking on the submission
     if (1 == Options::get('comments_require_id') && (empty($name) || empty($email))) {
         Session::error(_t('Both name and e-mail address must be provided.'));
     }
     if (empty($content)) {
         Session::error(_t('You did not provide any content for your comment!'));
     }
     if (Session::has_errors()) {
         // save whatever was provided in session data
         Session::add_to_set('comment', $name, 'name');
         Session::add_to_set('comment', $email, 'email');
         Session::add_to_set('comment', $url, 'url');
         Session::add_to_set('comment', $content, 'content');
         // now send them back to the form
         Utils::redirect($post->permalink . '#respond');
     }
     if ($post->info->comments_disabled) {
         // comments are disabled, so let's just send
         // them back to the post's permalink
         Session::error(_t('Comments on this post are disabled!'));
         Utils::redirect($post->permalink);
     }
     /* Sanitize data */
     foreach (array('name', 'url', 'email', 'content') as $k) {
         ${$k} = InputFilter::filter(${$k});
     }
     /* Sanitize the URL */
     if (!empty($url)) {
         $parsed = InputFilter::parse_url($url);
         if ($parsed['is_relative']) {
             // guess if they meant to use an absolute link
             $parsed = InputFilter::parse_url('http://' . $url);
             if (!$parsed['is_error']) {
                 $url = InputFilter::glue_url($parsed);
             } else {
                 // disallow relative URLs
                 $url = '';
             }
         }
         if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') {
             // allow only http(s) URLs
             $url = '';
         } else {
             // reconstruct the URL from the error-tolerant parsing
             // http:moeffju.net/blog/ -> http://moeffju.net/blog/
             $url = InputFilter::glue_url($parsed);
         }
     }
     if (preg_match('/^\\p{Z}*$/u', $content)) {
         Session::error(_t('Comment contains only whitespace/empty comment'));
         Utils::redirect($post->permalink);
     }
     /* Create comment object*/
     $comment = new Comment(array('post_id' => $post->id, 'name' => $name, 'email' => $email, 'url' => $url, 'ip' => sprintf("%u", ip2long($_SERVER['REMOTE_ADDR'])), 'content' => $content, 'status' => Comment::STATUS_UNAPPROVED, 'date' => HabariDateTime::date_create(), 'type' => Comment::COMMENT));
     // Should this really be here or in a default filter?
     // In any case, we should let plugins modify the status after we set it here.
     $user = User::identify();
     if ($user->loggedin && $comment->email == $user->email) {
         $comment->status = Comment::STATUS_APPROVED;
     }
     // Users need to have permission to add comments
     if (!$user->can('comment')) {
         Session::error(_t('You do not have permission to create comments.'));
         Utils::redirect($post->permalink);
     }
     // Allow themes to work with comment hooks
     Themes::create();
     // Allow plugins to change comment data and add commentinfo based on plugin-added form fields
     Plugins::act('comment_accepted', $comment, $this->handler_vars, $extra);
     $spam_rating = 0;
     $spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars, $extra);
     $comment->insert();
     $anchor = '';
     // If the comment was saved
     if ($comment->id && $comment->status != Comment::STATUS_SPAM) {
         $anchor = '#comment-' . $comment->id;
         // store in the user's session that this comment is pending moderation
         if ($comment->status == Comment::STATUS_UNAPPROVED) {
             Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id);
         }
         // if no cookie exists, we should set one
         // but only if the user provided some details
         $cookie = 'comment_' . Options::get('GUID');
         if (!User::identify()->loggedin && !isset($_COOKIE[$cookie]) && (!empty($name) || !empty($email) || !empty($url))) {
             $cookie_content = $comment->name . '#' . $comment->email . '#' . $comment->url;
             $site_url = Site::get_path('base', true);
             setcookie($cookie, $cookie_content, time() + 31536000, $site_url);
         }
     }
     // Return the commenter to the original page.
     Utils::redirect($post->permalink . $anchor);
 }
 /**
  * Remove an addon-version-combination from the session and therefore from the cart
  * After removing, redirect to the overview page for that type of addon
  */
 public function theme_route_remove_from_cart($theme, $params)
 {
     $oldlist = Session::get_set("addon_cart");
     for ($i = 0; $i < count($oldlist); $i++) {
         if ($i == $params["index"]) {
             Session::notice(_t("You removed %s v%s for Habari %s from your cart.", array("<a href='" . $oldlist[$i]["permalink"] . "'>" . $oldlist[$i]["name"] . "</a>", $oldlist[$i]["version"], $oldlist[$i]["habari_version"]), "addon_catalog"));
             $type = $oldlist[$i]["type"];
             continue;
         }
         Session::add_to_set("addon_cart", $oldlist[$i]);
     }
     Utils::redirect(URL::get("display_addons", array('addon' => $type)));
 }
Ejemplo n.º 9
0
	/**
	 * Store this control's value under the control's specified key.
	 *
	 * @param string $storage (optional) A storage location to store the control data
	 */
	public function save( $storage = null )
	{
		if ( $storage == null ) {
			$storage = $this->storage;
		}

		if ( is_string( $storage ) ) {
			$storage = explode( ':', $storage, 2 );
			switch ( count( $storage ) ) {
				case 2:
					list( $type, $location ) = $storage;
					break;
				case 1:
					list( $location ) = $storage;
					$type = 'option';
					break;
				default:
					return;
			}
		}
		elseif ( $storage instanceof FormStorage ) {
			$type = 'formstorage';
		}
		elseif ( is_array( $storage ) ) {
			$type = 'actionarray';
			$location = array_shift( $storage );
		}

		switch ( $type ) {
			case 'user':
				User::identify()->info->{$location} = $this->value;
				break;
			case 'option':
				Options::set( $location, $this->value );
				break;
			case 'filter':
				Plugins::filter( $location, $this->value, $this->name, true, $this );
				break;
			case 'action':
				Plugins::act( $location, $this->value, $this->name, true, $this );
				break;
			case 'actionarray':
				Plugins::act( $location, $this->value, $this->name, $storage );
				break;
			case 'session';
				Session::add_to_set( $location, $this->value, $this->name );
				break;
			case 'formstorage':
				$storage->field_save( $this->name, $this->value );
				break;
			case 'null':
				break;
		}
	}
Ejemplo n.º 10
0
 /**
  * Produce a basic FormStorage implementation from a classic storage string
  * @param string $value A classic storage string, such as "option:someoption" or "user:age"
  * @return ControlStorage An instance of an object that will save and load to the indicated location
  */
 public static function from_storage_string($value)
 {
     $storage = explode(':', $value, 2);
     switch (count($storage)) {
         case 2:
             list($type, $location) = $storage;
             break;
         case 1:
             list($location) = $storage;
             $type = 'option';
             break;
         default:
             // @todo Figure this case out
             $location = '__';
             $type = '__';
             break;
     }
     switch ($type) {
         case 'user':
             $loader = function ($name) {
                 return User::identify()->info->{$name};
             };
             $saver = function ($name, $value) {
                 User::identify()->info->{$name} = $value;
                 Session::queue(User::identify());
             };
             break;
         case 'option':
             $loader = function ($name) use($location) {
                 return Options::get($location);
             };
             $saver = function ($name, $value) use($location) {
                 Options::set($location, $value);
             };
             break;
         case 'action':
             $loader = function ($name) use($location) {
                 return Plugins::filter($location, '', $name, false);
             };
             $saver = function ($name, $value) use($location) {
                 Plugins::act($location, $value, $name, true);
             };
             break;
         case 'session':
             $loader = function ($name) use($location) {
                 $session_set = Session::get_set($location, false);
                 if (isset($session_set[$name])) {
                     return $session_set[$name];
                 }
                 return null;
             };
             $saver = function ($name, $value) use($location) {
                 Session::add_to_set($location, $value, $name);
             };
             break;
         default:
             $loader = function () {
             };
             $saver = function () {
             };
             break;
     }
     return new ControlStorage($loader, $saver);
 }
Ejemplo n.º 11
0
 /**
  * function add_comment
  * adds a comment to a post, if the comment content is not NULL
  * @param array An associative array of content found in the $_POST array
  */
 public function act_add_comment()
 {
     Utils::check_request_method(array('POST'));
     $defaults = array('name' => '', 'email' => '', 'url' => '', 'content' => '');
     // We need to get the post anyway to redirect back to the post page.
     $post = Post::get(array('id' => $this->handler_vars['id']));
     if (!$post) {
         // trying to comment on a non-existent post?  Weirdo.
         header('HTTP/1.1 403 Forbidden', true, 403);
         die;
     }
     // make sure all our default values are set so we don't throw undefined index errors
     foreach ($defaults as $k => $v) {
         if (!isset($this->handler_vars[$k])) {
             $this->handler_vars[$k] = $v;
         }
     }
     // let's do some basic sanity checking on the submission
     if (1 == Options::get('comments_require_id') && (empty($this->handler_vars['name']) || empty($this->handler_vars['email']))) {
         Session::error(_t('Both name and e-mail address must be provided.'));
     }
     if (empty($this->handler_vars['content'])) {
         Session::error(_t('You did not provide any content for your comment!'));
     }
     if (Session::has_errors()) {
         // save whatever was provided in session data
         Session::add_to_set('comment', $this->handler_vars['name'], 'name');
         Session::add_to_set('comment', $this->handler_vars['email'], 'email');
         Session::add_to_set('comment', $this->handler_vars['url'], 'url');
         Session::add_to_set('comment', $this->handler_vars['content'], 'content');
         // now send them back to the form
         Utils::redirect($post->permalink . '#respond');
     }
     if ($post->info->comments_disabled) {
         // comments are disabled, so let's just send
         // them back to the post's permalink
         Session::error(_t('Comments on this post are disabled!'));
         Utils::redirect($post->permalink);
     }
     /* Sanitize data */
     foreach ($defaults as $k => $v) {
         $this->handler_vars[$k] = InputFilter::filter($this->handler_vars[$k]);
     }
     /* Sanitize the URL */
     if (!empty($this->handler_vars['url'])) {
         $url = $this->handler_vars['url'];
         $parsed = InputFilter::parse_url($url);
         if ($parsed['is_relative']) {
             // guess if they meant to use an absolute link
             $parsed = InputFilter::parse_url('http://' . $url);
             if (!$parsed['is_error']) {
                 $url = InputFilter::glue_url($parsed);
             } else {
                 // disallow relative URLs
                 $url = '';
             }
         }
         if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') {
             // allow only http(s) URLs
             $url = '';
         } else {
             // reconstruct the URL from the error-tolerant parsing
             // http:moeffju.net/blog/ -> http://moeffju.net/blog/
             $url = InputFilter::glue_url($parsed);
         }
         $this->handler_vars['url'] = $url;
     }
     if (preg_match('/^\\p{Z}*$/u', $this->handler_vars['content'])) {
         Session::error(_t('Comment contains only whitespace/empty comment'));
         Utils::redirect($post->permalink);
     }
     /* Create comment object*/
     $comment = new Comment(array('post_id' => $this->handler_vars['id'], 'name' => $this->handler_vars['name'], 'email' => $this->handler_vars['email'], 'url' => $this->handler_vars['url'], 'ip' => sprintf("%u", ip2long($_SERVER['REMOTE_ADDR'])), 'content' => $this->handler_vars['content'], 'status' => Comment::STATUS_UNAPPROVED, 'date' => HabariDateTime::date_create(), 'type' => Comment::COMMENT));
     // Should this really be here or in a default filter?
     // In any case, we should let plugins modify the status after we set it here.
     $user = User::identify();
     if ($user->loggedin && $comment->email == $user->email) {
         $comment->status = Comment::STATUS_APPROVED;
     }
     // Allow themes to work with comment hooks
     Themes::create();
     $spam_rating = 0;
     $spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars);
     $comment->insert();
     $anchor = '';
     // If the comment was saved
     if ($comment->id) {
         $anchor = '#comment-' . $comment->id;
         // store in the user's session that this comment is pending moderation
         if ($comment->status == Comment::STATUS_UNAPPROVED) {
             Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id);
         }
         // if no cookie exists, we should set one
         // but only if the user provided some details
         $cookie = 'comment_' . Options::get('GUID');
         if (!isset($_COOKIE[$cookie]) && (!empty($this->handler_vars['name']) || !empty($this->handler_vars['email']) || !empty($this->handler_vars['url']))) {
             $cookie_content = $comment->name . '#' . $comment->email . '#' . $comment->url;
             $site_url = Site::get_path('base', true);
             setcookie($cookie, $cookie_content, time() + 31536000, $site_url);
         }
     }
     // Return the commenter to the original page.
     Utils::redirect($post->permalink . $anchor);
 }
Ejemplo n.º 12
0
 /**
  * @todo use formui
  */
 private function send_captcha($comment = null)
 {
     Session::add_to_set('mollom', $comment, 'comment');
     $theme = Themes::create();
     $theme->comment = $comment;
     try {
         $theme->captcha = Mollom::getImageCaptcha($comment->info->mollom_session_id);
         $theme->audio_captcha = Mollom::getAudioCaptcha($comment->info->mollom_session_id);
     } catch (Exception $e) {
     }
     $theme->display('mollom_fallback_captcha');
 }
 /**
  * Log the entry page view, when appropriate.
  *
  */
 public function action_add_template_vars($theme, $handler_vars)
 {
     // If there is only one post
     if ($theme->post instanceof Post && count($theme->posts) == 1) {
         // Only track users that aren't logged in, unless specifically overridden
         if (!User::identify()->loggedin || Options::get('relativelypopular__loggedintoo')) {
             $set = Session::get_set('relativelypopular', false);
             $post = $theme->post;
             // this code is actually executed about 9 times per page request on my system,
             // so this check here is essential otherwise we bias the results by a factor of 9
             if (!in_array($post->id, $set)) {
                 // load fields
                 $visits = $post->info->visits;
                 $visits_activity = $post->info->visits_activity;
                 // check if fields currently exist and contain the requsite valid data, otherwise reinitalise
                 if ($visits_activity == null || count(explode('#', $visits_activity)) != 2 * $this->n_periods) {
                     $visits_activity = implode('#', array_fill(0, 2 * $this->n_periods, 0));
                 }
                 $activity = explode('#', $visits_activity);
                 if (!array_key_exists($this->now, $activity)) {
                     $activity += array($this->now => 0);
                 }
                 // increment the quantity for the period we're currently in and blank the $n_periods fields following it
                 $activity[$this->now] += 1;
                 for ($i = 1; $i <= $this->n_periods; $i++) {
                     $next = ($this->day + $i) % (2 * $this->n_periods);
                     if (!array_key_exists($next, $activity)) {
                         $activity += array($next => 0);
                     }
                     $activity[$next] = 0;
                 }
                 // evaluate the total hits for this time period and store it along with the activity trace
                 $post->info->visits = array_sum($activity);
                 $post->info->visits_activity = implode('#', $activity);
                 $post->info->commit();
                 Session::add_to_set('relativelypopular', $post->id);
             }
         }
     }
     if (!isset($theme->RelativelyPopular)) {
         $theme->RelativelyPopular = $this;
     }
 }
Ejemplo n.º 14
0
 /**
  * Store this control's value under the control's specified key.
  *
  * @param string $storage (optional) A storage location to store the control data
  */
 public function save($storage = null)
 {
     if ($storage == null) {
         $storage = $this->storage;
     }
     $storage = explode(':', $storage, 2);
     switch (count($storage)) {
         case 2:
             list($type, $location) = $storage;
             break;
         case 1:
             list($location) = $storage;
             $type = 'option';
             break;
         default:
             return;
     }
     switch ($type) {
         case 'user':
             User::identify()->info->{$location} = $this->value;
             break;
         case 'option':
             Options::set($location, $this->value);
             break;
         case 'action':
             Plugins::filter($location, $this->value, $this->name, true);
             break;
         case 'session':
             Session::add_to_set($location, $this->value, $this->name);
             break;
         case 'null':
             break;
     }
 }
Ejemplo n.º 15
0
 /**
  * Store this control's value under the control's specified key.
  *
  * @param string $storage (optional) A storage location to store the control data
  */
 public function save($storage = null)
 {
     if ($storage == null) {
         $storage = $this->storage;
     }
     if (is_string($storage)) {
         $storage = explode(':', $storage, 2);
         switch (count($storage)) {
             case 2:
                 list($type, $location) = $storage;
                 break;
             case 1:
                 list($location) = $storage;
                 $type = 'option';
                 break;
             default:
                 return;
         }
     } elseif ($storage instanceof FormStorage) {
         $type = 'formstorage';
     } elseif (is_array($storage)) {
         $type = 'actionarray';
         $location = array_shift($storage);
     } else {
         // Dunno what was intended here, but it wasn't a valid/known storage option, so store nothing
         $type = 'null';
     }
     switch ($type) {
         case 'user':
             $user = User::identify();
             $user->info->{$location} = $this->value;
             $user->info->commit();
             break;
         case 'option':
             Options::set($location, $this->value);
             break;
         case 'filter':
             Plugins::filter($location, $this->value, $this->name, true, $this);
             break;
         case 'action':
             Plugins::act($location, $this->value, $this->name, true, $this);
             break;
         case 'actionarray':
             Plugins::act($location, $this->value, $this->name, $storage);
             break;
         case 'session':
             Session::add_to_set($location, $this->value, $this->name);
             break;
         case 'formstorage':
             $storage->field_save($this->name, $this->value);
             break;
         case 'null':
             break;
     }
 }
Ejemplo n.º 16
-1
 public function filter_post_content($content, Post $post)
 {
     if ($post->info->password) {
         // if user logged in, show post
         // make sure it's not just the anonymous user!
         $user = User::identify();
         if ($user instanceof User && $user != User::anonymous()) {
             return $content;
         }
         $session = Session::get_set('post_passwords', false);
         $token = Utils::crypt('42' . $post->info->password . $post->id . Options::get('GUID'));
         // if password was submitted verify it
         if (Controller::get_var('post_password') && Controller::get_var('post_password_id') == $post->id) {
             $pass = InputFilter::filter(Controller::get_var('post_password'));
             if (Utils::crypt($pass, $post->info->password)) {
                 Session::add_to_set('post_passwords', $token, $post->id);
                 $session[$post->id] = $token;
             } else {
                 Session::error(_t('That password was incorrect.', 'postpass'));
             }
         }
         // if password is stored in session verify it
         if (isset($session[$post->id]) && $session[$post->id] == $token) {
             return $content;
         } else {
             $theme = Themes::create();
             $theme->post = $post;
             return $theme->fetch('post_password_form');
         }
     } else {
         return $content;
     }
 }