function render()
{
SpotTiming::start(__FUNCTION__);
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_spots_index, '');
# als een zoekopdracht is meegegevne, moeten er ook rechten zijn om te mogen zoeken
if (!empty($this->_params['search'])) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_search, '');
}
# if
$spotsOverview = new SpotsOverview($this->_db, $this->_settings);
# Zet the query parameters om naar een lijst met filters, velden,
# en sorteringen etc
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
$parsedSearch = $spotsOverview->filterToQuery($this->_params['search'], array('field' => $this->_params['sortby'], 'direction' => $this->_params['sortdir']), $this->_currentSession, $spotUserSystem->getIndexFilter($this->_currentSession['user']['userid']));
# Haal de offset uit de URL en zet deze als startid voor de volgende zoektocht
# Als de offset niet in de url staat, zet de waarde als 0, het is de eerste keer
# dat de index pagina wordt aangeroepen
$pageNr = $this->_params['pagenr'];
$nextPage = $pageNr + 1;
if ($nextPage == 1) {
$prevPage = -1;
} else {
$prevPage = max($pageNr - 1, 0);
}
# else
# afhankelijk van wat er gekozen is, voer het uit
if (isset($parsedSearch['filterValueList'][0]['fieldname']) && $parsedSearch['filterValueList'][0]['fieldname'] == "Watch") {
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_watchlist, '');
switch ($this->_action) {
case 'remove':
$this->_db->removeFromSpotStateList(SpotDb::spotstate_Watch, $this->_params['messageid'], $this->_currentSession['user']['userid']);
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
$spotsNotifications->sendWatchlistHandled($this->_action, $this->_params['messageid']);
break;
case 'add':
$this->_db->addToSpotStateList(SpotDb::spotstate_Watch, $this->_params['messageid'], $this->_currentSession['user']['userid'], '');
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
$spotsNotifications->sendWatchlistHandled($this->_action, $this->_params['messageid']);
break;
default:
}
# switch
}
# if
# laad de spots
$spotsTmp = $spotsOverview->loadSpots($this->_currentSession['user']['userid'], $pageNr, $this->_currentSession['user']['prefs']['perpage'], $parsedSearch);
# als er geen volgende pagina is, ook niet tonen
if (!$spotsTmp['hasmore']) {
$nextPage = -1;
}
# if
# zet de page title
$this->_pageTitle = "overzicht";
#- display stuff -#
$this->template('spots', array('spots' => $spotsTmp['list'], 'quicklinks' => $this->_settings->get('quicklinks'), 'filters' => $this->_db->getFilterList($this->_currentSession['user']['userid'], 'filter'), 'nextPage' => $nextPage, 'prevPage' => $prevPage, 'parsedsearch' => $parsedSearch, 'data' => $this->_params['data']));
SpotTiming::stop(__FUNCTION__);
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_comment, '');
# Sportparser is nodig voor het escapen van de random string
$spotParser = new SpotParser();
# spot signing is nodig voor het RSA signen van de spot en dergelijke
$spotSigning = new SpotSigning();
# creeer een default comment zodat het form altijd
# de waardes van het form kan renderen
$comment = array('body' => '', 'rating' => 0, 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => '');
# postcomment verzoek was standaard niet geprobeerd
$postResult = array();
# zet de page title
$this->_pageTitle = "spot: post comment";
# Als de user niet ingelogged is, dan heeft dit geen zin
if ($this->_currentSession['user']['userid'] == SPOTWEB_ANONYMOUS_USERID) {
$postResult = array('result' => 'notloggedin');
unset($this->_commentForm['submit']);
}
# if
# Zorg er voor dat reserved usernames geen comments kunnen posten
$spotUser = new SpotUserSystem($this->_db, $this->_settings);
if (!$spotUser->validUsername($this->_currentSession['user']['username'])) {
$postResult = array('result' => 'notloggedin');
unset($this->_commentForm['submit']);
}
# if
if (isset($this->_commentForm['submit'])) {
# submit unsetten we altijd
unset($this->_commentForm['submit']);
# zorg er voor dat alle variables ingevuld zijn
$comment = array_merge($comment, $this->_commentForm);
# vraag de users' privatekey op
$this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']);
# het messageid krijgen we met <>'s, maar we werken
# in spotweb altijd zonder, dus die strippen we
$comment['newmessageid'] = substr($comment['newmessageid'], 1, -1);
# valideer of we deze comment kunnen posten, en zo ja, doe dat dan
$spotPosting = new SpotPosting($this->_db, $this->_settings);
$formMessages['errors'] = $spotPosting->postComment($this->_currentSession['user'], $comment);
if (empty($formMessages['errors'])) {
$postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'userid' => $spotSigning->calculateUserid($this->_currentSession['user']['publickey']), 'rating' => $comment['rating'], 'body' => $comment['body']);
} else {
$postResult = array('result' => 'failure');
}
# else
}
# if
#- display stuff -#
$this->template('postcomment', array('postcommentform' => $comment, 'formmessages' => $formMessages, 'postresult' => $postResult));
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_report_spam, '');
# Sportparser is nodig voor het escapen van de random string
$spotParser = new SpotParser();
# spot signing is nodig voor het RSA signen van de spot en dergelijke
$spotSigning = Services_Signing_Base::newServiceSigning();
# creeer een default report
$report = array('body' => 'This is SPAM!', 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => '');
# reportpost verzoek was standaard niet geprobeerd
$postResult = array();
# zet de page title
$this->_pageTitle = "report: report spot";
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_reportForm['action'];
# Make sure the anonymous user and reserved usernames cannot post content
$spotUser = new SpotUserSystem($this->_db, $this->_settings);
if (!$spotUser->allowedToPost($this->_currentSession['user'])) {
$postResult = array('result' => 'notloggedin');
$formAction = '';
}
# if
if ($formAction == 'post') {
# Notificatiesysteem initialiseren
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
# zorg er voor dat alle variables ingevuld zijn
$report = array_merge($report, $this->_reportForm);
# vraag de users' privatekey op
$this->_currentSession['user']['privatekey'] = $this->_db->getUserPrivateRsaKey($this->_currentSession['user']['userid']);
# het messageid krijgen we met <>'s, maar we werken
# in spotweb altijd zonder, dus die strippen we
$report['newmessageid'] = substr($report['newmessageid'], 1, -1);
# valideer of we dit report kunnen posten, en zo ja, doe dat dan
$spotPosting = new SpotPosting($this->_db, $this->_settings);
$formMessages['errors'] = $spotPosting->reportSpotAsSpam($this->_currentSession['user'], $report);
if (empty($formMessages['errors'])) {
$postResult = array('result' => 'success');
# en verstuur een notificatie
$spotsNotifications->sendReportPosted($report['inreplyto']);
} else {
$postResult = array('result' => 'failure');
}
# else
}
# if
#- display stuff -#
$this->template('spamreport', array('postreportform' => $report, 'formmessages' => $formMessages, 'postresult' => $postResult));
}
function render()
{
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_statistics, '');
# init
$spotsOverview = new SpotsOverview($this->_db, $this->_settings);
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = _("Statistieken");
#- display stuff -#
$parsedSearch = $spotsOverview->filterToQuery('', array('field' => '', 'direction' => ''), $this->_currentSession, $spotUserSystem->getIndexFilter($this->_currentSession['user']['userid']));
$this->template('statistics', array('quicklinks' => $this->_settings->get('quicklinks'), 'filters' => $spotUserSystem->getFilterList($this->_currentSession['user']['userid'], 'filter'), 'parsedsearch' => $parsedSearch, 'limit' => $this->_params['limit']));
}
function render()
{
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_send_notifications_services, 'twitter');
# Instantieer het Spot user system & notificatiesysteem
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
$requestArray = array_merge_recursive($this->_currentSession['user']['prefs']['notifications']['twitter'], array('consumer_key' => $this->_settings->get('twitter_consumer_key'), 'consumer_secret' => $this->_settings->get('twitter_consumer_secret')));
if ($this->_params['action'] == 'verify') {
$this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray);
# een foute PIN invoeren geeft een notice, terwijl we zonder notice al een prima foutafhandeling hebben
list($http_code, $access_token) = @$this->_notificationService->verifyPIN($this->_params['pin']);
if ($http_code == 200) {
# request_token hebben we niet meer nodig
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = '';
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = '';
# access_token is wat we wel willen opslaan
$this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = $access_token['screen_name'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = $access_token['oauth_token'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = $access_token['oauth_token_secret'];
$spotUserSystem->setUser($this->_currentSession['user']);
echo "Account " . $access_token['screen_name'] . " geverifiëerd.";
} else {
echo "Code " . $http_code . ": " . $this->getError($http_code);
}
# if
} elseif ($this->_params['action'] == 'remove') {
$screen_name = $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = '';
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = '';
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = '';
$spotUserSystem->setUser($this->_currentSession['user']);
echo "Account " . $screen_name . " verwijderd.";
} else {
$this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray);
list($http_code, $request_token, $registerURL) = @$this->_notificationService->requestAuthorizeURL();
if ($http_code == 200) {
# request_token slaan we op in de preferences, deze hebben we
# weer nodig wanneer de PIN wordt ingevoerd
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = $request_token['oauth_token'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = $request_token['oauth_token_secret'];
$spotUserSystem->setUser($this->_currentSession['user']);
echo $registerURL;
} else {
echo "Code " . $http_code . ": " . $this->getError($http_code);
}
# if
}
# if
}
function render() {
$formMessages = array('errors' => array(),
'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_login, '');
# creeer een default credentials zodat het form altijd
# de waardes van het form kan renderen
$credentials = array('username' => '',
'password' => '');
# login verzoek was standaard niet geprobeerd
$loginResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: login";
# Is dit een submit van een form, of nog maar de aanroep?
if (isset($this->_loginForm['submit'])) {
# submit unsetten we altijd
unset($this->_loginForm['submit']);
# valideer de user
$credentials = array_merge($credentials, $this->_loginForm);
$tryLogin = $spotUserSystem->login($credentials['username'], $credentials['password']);
if (!$tryLogin) {
$loginResult = array('result' => 'failure');
} else {
$loginResult = array('result' => 'success');
$this->_currentSession = $tryLogin;
} # else
} else {
# Als de user al een sessie heeft, voeg een waarschuwing toe
if ($this->_currentSession['user']['userid'] != SPOTWEB_ANONYMOUS_USERID) {
$loginResult = array('result' => 'alreadyloggedin');
} # if
} # else
#- display stuff -#
$this->template('login', array('loginform' => $credentials,
'formmessages' => $formMessages,
'loginresult' => $loginResult,
'data' => $this->_params['data']));
} # render
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_login, '');
# creeer een default credentials zodat het form altijd
# de waardes van het form kan renderen
$credentials = array('username' => '', 'password' => '');
# login verzoek was standaard niet geprobeerd
$loginResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: login";
# bring the form action into the local scope
$formAction = $this->_loginForm['action'];
# Is dit een submit van een form, of nog maar de aanroep?
if (!empty($formAction)) {
# valideer de user
$credentials = array_merge($credentials, $this->_loginForm);
$tryLogin = $spotUserSystem->login($credentials['username'], $credentials['password']);
if (!$tryLogin) {
/* Create an audit event */
if ($this->_settings->get('auditlevel') != SpotSecurity::spot_secaudit_none) {
$spotAudit = new SpotAudit($this->_db, $this->_settings, $this->_currentSession['user'], $this->_currentSession['session']['ipaddr']);
$spotAudit->audit(SpotSecurity::spotsec_perform_login, 'incorrect user or pass', false);
}
# if
$loginResult = array('result' => 'failure');
$formMessages['errors'][] = _('Invalid username or password');
} else {
$loginResult = array('result' => 'success');
$this->_currentSession = $tryLogin;
}
# else
} else {
# Als de user al een sessie heeft, voeg een waarschuwing toe
if ($this->_currentSession['user']['userid'] != $this->_settings->get('nonauthenticated_userid')) {
$loginResult = array('result' => 'alreadyloggedin');
}
# if
}
# else
#- display stuff -#
$this->template('login', array('loginform' => $credentials, 'formmessages' => $formMessages, 'loginresult' => $loginResult, 'http_referer' => $this->_loginForm['http_referer'], 'data' => $this->_params['data']));
}
function render()
{
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_mark_spots_asread, '');
# en update het user record
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# clear the spotstate list als dit toegestaan is
if ($this->_spotSec->allowed(SpotSecurity::spotsec_keep_own_seenlist, '')) {
$this->_db->markAllAsRead($this->_currentSession['user']['userid']);
}
# if
# we willen niet dat dit gecached wordt
$this->sendExpireHeaders(true);
# reset the lastvisit en lastread timestamp
$spotUserSystem->resetReadStamp($this->_currentSession['user']);
echo "<xml><return>ok</return></xml>";
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_blacklist_spotter, '');
# creeer een default blacklist
$blackList = array('spotterid' => '', 'origin' => '');
# blacklist is standaard niet geprobeerd
$postResult = array();
# zet de page title
$this->_pageTitle = "report: blacklist spotter";
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_blForm['action'];
# Make sure the anonymous user and reserved usernames cannot post content
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
if (!$spotUserSystem->allowedToPost($this->_currentSession['user'])) {
$postResult = array('result' => 'notloggedin');
$formAction = '';
}
# if
if (!empty($formAction)) {
# zorg er voor dat alle variables ingevuld zijn
$blackList = array_merge($blackList, $this->_blForm);
switch ($formAction) {
case 'addspotterid':
$spotUserSystem->addSpotterToList($this->_currentSession['user']['userid'], $blackList['spotterid'], $blackList['origin'], $blackList['idtype']);
break;
# case addspotterid
# case addspotterid
case 'removespotterid':
$idtyPe = $blackList['idtype'];
$spotUserSystem->removeSpotterFromList($this->_currentSession['user']['userid'], $blackList['spotterid']);
break;
# case removespotterid
}
# switch
$postResult = array('result' => 'success');
}
# if
#- display stuff -#
$this->template('blacklistspotter', array('blacklistspotter' => $blackList, 'formmessages' => $formMessages, 'postresult' => $postResult));
}
function render() {
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_logout, '');
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# logout mag niet gecached worden
$this->sendExpireHeaders(true);
# als het geen anonymous user is
if ($this->_currentSession['user']['userid'] != 1) {
$spotUserSystem->removeSession($this->_currentSession['session']['sessionid']);
echo '<xml><result>OK</result></xml>';
} else {
echo '<xml><result>ERROR</result></xml>';
} # else
} # render
function render()
{
# Check users' permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_logout, '');
# Instanatiate the spotweb user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# make sure the logout isn't cached
$this->sendExpireHeaders(true);
# send the appropriate content-type header
$this->sendContentTypeHeader('xml');
# and remove the users' session if the user isn't the anonymous one
if ($this->_currentSession['user']['userid'] != $this->_settings->get('nonauthenticated_userid')) {
$spotUserSystem->removeSession($this->_currentSession['session']['sessionid']);
echo '<xml><result>OK</result></xml>';
} else {
echo '<xml><result>ERROR</result></xml>';
}
# else
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_securitygroups, '');
# editsecgroup resultaat is standaard niet geprobeerd
$editResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: edit security groups";
# haal de te editten securitygroup op
$secGroup = $spotUserSystem->getSecGroup($this->_groupId);
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editSecGroupForm['action'];
# als de te wijzigen security group niet gevonden kan worden,
# geef dan een error
if (empty($secGroup) && $formAction != 'addgroup') {
$editResult = array('result' => 'failure');
$formMessages['errors'][] = _('Group does\'nt exist');
}
# if
# Als er een van de ingebouwde groepen geprobeerd bewerkt te worden,
# geef dan ook een error.
if (!empty($formAction) && $formAction != 'addgroup' && $secGroup['id'] < 6) {
$editResult = array('result' => 'failure');
$formMessages['errors'][] = _('Built-in groups can not be edited');
}
# if
# Is dit een submit van een form, of nog maar de aanroep?
if (!empty($formAction) && empty($formMessages['errors'])) {
switch ($formAction) {
case 'removegroup':
$spotUserSystem->removeSecGroup($secGroup);
$editResult = array('result' => 'success');
break;
# case 'removegroup'
# case 'removegroup'
case 'addperm':
$formMessages['errors'] = $spotUserSystem->addPermToSecGroup($this->_groupId, $this->_editSecGroupForm);
if (!empty($formMessages['errors'])) {
$editResult = array('result' => 'failure');
} else {
$editResult = array('result' => 'success');
}
# else
break;
# case 'addperm'
# case 'addperm'
case 'removeperm':
$spotUserSystem->removePermFromSecGroup($this->_groupId, $this->_editSecGroupForm);
$editResult = array('result' => 'success');
break;
# case 'removeparm'
# case 'removeparm'
case 'setallow':
case 'setdeny':
$this->_editSecGroupForm['deny'] = (bool) ($formAction == 'setdeny');
$spotUserSystem->setDenyForPermFromSecGroup($this->_groupId, $this->_editSecGroupForm);
$editResult = array('result' => 'success');
break;
# case 'setallow' / 'setdeny'
# case 'setallow' / 'setdeny'
case 'addgroup':
case 'changename':
# update het security group record
$secGroup['name'] = $this->_editSecGroupForm['name'];
# controleer en repareer alle preferences
list($formMessages['errors'], $secGroup) = $spotUserSystem->validateSecGroup($secGroup);
if (empty($formMessages['errors'])) {
# en update de database
switch ($formAction) {
case 'changename':
$spotUserSystem->setSecGroup($secGroup);
break;
case 'addgroup':
$spotUserSystem->addSecGroup($secGroup);
break;
}
# switch
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
}
# if
break;
# case 'changename'
}
# switch
}
# if
#- display stuff -#
$this->template('editsecgroup', array('securitygroup' => $secGroup, 'formmessages' => $formMessages, 'http_referer' => $this->_editSecGroupForm['http_referer'], 'editresult' => $editResult));
}
function render()
{
$groupMembership = array();
$formMessages = array('errors' => array(), 'info' => array());
# check the users' permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# per default the result is 'not tried'
$editResult = array();
# Instantiate the spotuser object
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# and create a nic and shiny page title
$this->_pageTitle = "spot: edit user";
# retrieve the to-edit user
$spotUser = $this->_db->getUser($this->_userIdToEdit);
if ($spotUser === false) {
$formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit);
$editResult = array('result' => 'failure');
}
# if
# request the users' groupmembership
if ($spotUser != false) {
$groupMembership = $this->_db->getGroupList($spotUser['userid']);
}
# if
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserForm['action'];
# Only perform certain validations when the form is actually submitted
if (!empty($formAction) && empty($formMessages['errors'])) {
# sta niet toe, dat de admin user gewist wordt
if ($spotUser['userid'] <= SPOTWEB_ADMIN_USERID && $formAction == 'delete') {
$formMessages['errors'][] = _('Admin and Anonymous can not be deleted');
$editResult = array('result' => 'failure');
}
# if
}
# if
# Only perform certain validations when the form is actually submitted
if (!empty($formAction) && empty($formMessages['errors'])) {
switch ($formAction) {
case 'delete':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, '');
$spotUser = array_merge($spotUser, $this->_editUserForm);
$spotUserSystem->removeUser($spotUser['userid']);
$editResult = array('result' => 'success');
break;
# case delete
# case delete
case 'edit':
# Remove any non-valid fields from the array
$this->_editUserForm = $this->cleanseEditForm($this->_editUserForm);
# validate the user fields
$spotUser = array_merge($spotUser, $this->_editUserForm);
$formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, true);
if (empty($formMessages['errors'])) {
# actually update the user record
$spotUserSystem->setUser($spotUser);
/*
* Update the users' password, but only when
* a new password is given
*/
if (!empty($spotUser['newpassword1'])) {
$spotUserSystem->setUserPassword($spotUser);
}
# if
/*
* Did we get an groupmembership list? If so,
* try to update it as well
*/
if (isset($this->_editUserForm['grouplist'])) {
# retrieve the list of user groups
$groupList = array();
foreach ($this->_editUserForm['grouplist'] as $val) {
if ($val != 'dummy') {
$groupList[] = array('groupid' => $val, 'prio' => count($groupList));
}
# if
}
# for
# make sure there is at least one group
if (count($groupList) < 1) {
$formMessages['errors'][] = _('A user must be member of at least one group');
$editResult = array('result' => 'failure');
} else {
# Mangle the current group membership to a common format
$currentGroupList = array();
foreach ($groupList as $value) {
$currentGroupList[] = $value['groupid'];
}
# foreach
# and mangle the new requested group membership
$tobeGroupList = array();
foreach ($groupMembership as $value) {
$tobeGroupList[] = $value['id'];
}
# foreach
/*
* Try to compare the grouplist with the current
* grouplist. If the grouplist changes, the user
* needs change group membership permissions
*/
sort($currentGroupList, SORT_NUMERIC);
sort($tobeGroupList, SORT_NUMERIC);
/*
* If the groupmembership list changes, lets make sure
* the user has the specific permission
*/
$groupDiff = count($currentGroupList) != count($tobeGroupList);
for ($i = 0; $i < count($currentGroupList) && !$groupDiff; $i++) {
$groupDiff = $currentGroupList[$i] != $tobeGroupList[$i];
}
# for
if ($groupDiff) {
if ($this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, '')) {
$spotUserSystem->setUserGroupList($spotUser, $groupList);
} else {
$formMessages['errors'][] = _('Changing group membership is not allowed');
$editResult = array('result' => 'failure');
}
# else
}
# if
}
# if
}
# if
# report success
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
}
# else
break;
# case 'edit'
# case 'edit'
case 'removeallsessions':
$spotUserSystem->removeAllUserSessions($spotUser['userid']);
$editResult = array('result' => 'success');
break;
# case 'removeallsessions'
# case 'removeallsessions'
case 'resetuserapi':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, '');
$user = $spotUserSystem->resetUserApi($spotUser);
$editResult = array('result' => 'success', 'newapikey' => $user['apikey']);
break;
# case resetuserapi
}
# switch
}
# if
#- display stuff -#
$this->template('edituser', array('edituserform' => $spotUser, 'formmessages' => $formMessages, 'editresult' => $editResult, 'groupMembership' => $groupMembership));
}
die("Database schema is gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
}
# if
# Creer het settings object
$settings = SpotSettings::singleton($db, $settings);
# Controleer eerst of de settings versie nog wel geldig zijn
if (!$settings->settingsValid()) {
die("Globale settings zijn gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
}
# if
$req = new SpotReq();
$req->initialize($settings);
# We willen alleen uitgevoerd worden door een user die dat mag als
# we via de browser aangeroepen worden. Via console halen we altijd
# het admin-account op
$spotUserSystem = new SpotUserSystem($db, $settings);
if (isset($_SERVER['SERVER_PROTOCOL'])) {
# Vraag de API key op die de gebruiker opgegeven heeft
$apiKey = $req->getDef('apikey', '');
$userSession = $spotUserSystem->verifyApi($apiKey);
if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) {
die("Access denied");
}
# if
} else {
$userSession['user'] = $db->getUser(SPOTWEB_ADMIN_USERID);
$userSession['security'] = new SpotSecurity($db, $settings, $userSession['user']);
}
# if
if ($req->getDef('output', '') == 'xml') {
echo "<xml>";
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, '');
# Sportparser is nodig voor het escapen van de random string
$spotParser = new SpotParser();
# spot signing is nodig voor het RSA signen van de spot en dergelijke
$spotSigning = new SpotSigning();
# creeer een default spot zodat het form altijd
# de waardes van het form kan renderen
$spot = array('title' => '', 'body' => '', 'category' => 0, 'subcatz' => '', 'subcatlist' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => '');
# postspot verzoek was standaard niet geprobeerd
$postResult = array();
# zet de page title
$this->_pageTitle = "spot: post";
# Als de user niet ingelogged is, dan heeft dit geen zin
if ($this->_currentSession['user']['userid'] == SPOTWEB_ANONYMOUS_USERID) {
$postResult = array('result' => 'notloggedin');
unset($this->_spotForm['submit']);
}
# if
# Zorg er voor dat reserved usernames geen spots kunnen posten
$spotUser = new SpotUserSystem($this->_db, $this->_settings);
if (!$spotUser->validUsername($this->_currentSession['user']['username'])) {
$postResult = array('result' => 'notloggedin');
unset($this->_spotForm['submit']);
}
# if
# If user tried to submit, validate the file uploads
if (isset($this->_spotForm['submit'])) {
# Make sure an NZB file was provided
if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['nzbfile'] != UPLOAD_ERR_OK) {
$formMessages['errors'][] = array('postspot_invalidnzb', '(none given)');
$postResult = array('result' => 'failure');
// $xml = file_get_contents($_FILES['filterimport']['tmp_name']);
unset($this->_spotForm['submit']);
}
# if
# Make sure an imgae file was provided
if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['imagefile'] != UPLOAD_ERR_OK) {
$formMessages['errors'][] = array('postspot_imageinvalid', '(none given)');
$postResult = array('result' => 'failure');
// $xml = file_get_contents($_FILES['filterimport']['tmp_name']);
unset($this->_spotForm['submit']);
}
# if
}
# if
if (isset($this->_spotForm['submit'])) {
# Notificatiesysteem initialiseren
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
# submit unsetten we altijd
unset($this->_spotForm['submit']);
# De subcatz wordt per hoofdcategory doorgegeven, merge die naar 1
# subcatz
$spot['subcatz'] = isset($this->_spotForm['subcatz' . $this->_spotForm['category']]) ? $this->_spotForm['subcatz' . $this->_spotForm['category']] : '';
# zorg er voor dat alle variables ingevuld zijn
$spot = array_merge($spot, $this->_spotForm);
# vraag de users' privatekey op
$this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']);
# het messageid krijgen we met <>'s, maar we werken
# in spotweb altijd zonder, dus die strippen we
$spot['newmessageid'] = substr($spot['newmessageid'], 1, -1);
# valideer of we deze spot kunnen posten, en zo ja, doe dat dan
$spotPosting = new SpotPosting($this->_db, $this->_settings);
$formMessages['errors'] = $spotPosting->postSpot($this->_currentSession['user'], $spot, $_FILES['newspotform']['tmp_name']['imagefile'], $_FILES['newspotform']['tmp_name']['nzbfile']);
if (empty($formMessages['errors'])) {
$postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'userid' => $spotSigning->calculateUserid($this->_currentSession['user']['publickey']), 'body' => $spot['body']);
# en verstuur een notificatie
$spotsNotifications->sendSpotPosted($spot);
} else {
$postResult = array('result' => 'failure');
}
# else
}
# if
#- display stuff -#
$this->template('newspot', array('postspotform' => $spot, 'formmessages' => $formMessages, 'postresult' => $postResult));
}
function search($outputtype)
{
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_search, '');
$spotsOverview = new SpotsOverview($this->_db, $this->_settings);
$search = array();
if (($this->_params['t'] == "t" || $this->_params['t'] == "tvsearch") && $this->_params['rid'] != "") {
# validate input
if (!preg_match('/^[0-9]{1,6}$/', $this->_params['rid'])) {
$this->showApiError(201);
}
# if
# fetch remote content
$dom = new DomDocument();
$dom->prevservWhiteSpace = false;
if (!@$dom->load('http://services.tvrage.com/feeds/showinfo.php?sid=' . $this->_params['rid'] . '/')) {
$this->showApiError(300);
}
# if
$showTitle = $dom->getElementsByTagName('showname');
$tvSearch = $showTitle->item(0)->nodeValue;
$epSearch = '';
if (preg_match('/^[sS][0-9]{1,2}$/', $this->_params['season']) || preg_match('/^[0-9]{1,2}$/', $this->_params['season'])) {
$epSearch = is_numeric($this->_params['season']) ? 'S' . str_pad($this->_params['season'], 2, "0", STR_PAD_LEFT) : $this->_params['season'];
} elseif ($this->_params['season'] != "") {
$this->showApiError(201);
}
# if
if (preg_match('/^[eE][0-9]{1,2}$/', $this->_params['ep']) || preg_match('/^[0-9]{1,2}$/', $this->_params['ep'])) {
$epSearch .= is_numeric($this->_params['ep']) ? 'E' . str_pad($this->_params['ep'], 2, "0", STR_PAD_LEFT) : $this->_params['ep'];
} elseif ($this->_params['ep'] != "") {
$this->showApiError(201);
}
# if
$search['value'][] = "Titel:=:" . trim($tvSearch) . " " . $epSearch;
} elseif ($this->_params['t'] == "music") {
if (empty($this->_params['artist']) && empty($this->_params['cat'])) {
$this->_params['cat'] = 3000;
} else {
$search['value'][] = "Titel:=:\"" . $this->_params['artist'] . "\"";
}
# if
} elseif ($this->_params['t'] == "m" || $this->_params['t'] == "movie") {
# validate input
if ($this->_params['imdbid'] == "") {
$this->showApiError(200);
} elseif (!preg_match('/^[0-9]{1,8}$/', $this->_params['imdbid'])) {
$this->showApiError(201);
}
# if
# fetch remote content
if (!@($imdb_content = file_get_contents('http://uk.imdb.com/title/tt' . $this->_params['imdbid'] . '/'))) {
$this->showApiError(300);
}
# if
preg_match('/<h1 class="header" itemprop="name">([^\\<]*)<span>/ms', $imdb_content, $movieTitle);
$search['value'][] = "Titel:=:\"" . trim($movieTitle[1]) . "\"";
} elseif (!empty($this->_params['q'])) {
$searchTerm = str_replace(" ", " +", $this->_params['q']);
$search['value'][] = "Titel:=:+" . $searchTerm;
}
# elseif
if ($this->_params['maxage'] != "" && is_numeric($this->_params['maxage'])) {
$search['value'][] = "date:>:-" . $this->_params['maxage'] . "days";
}
$tmpCat = array();
foreach (explode(",", $this->_params['cat']) as $category) {
$tmpCat[] = $this->nabcat2spotcat($category);
}
# foreach
$search['tree'] = implode(",", $tmpCat);
# Spots met een filesize 0 niet opvragen
$search['value'][] = "filesize:>:0";
$limit = $this->_currentSession['user']['prefs']['perpage'];
if ($this->_params['limit'] != "" && is_numeric($this->_params['limit']) && $this->_params['limit'] < 500) {
$limit = $this->_params['limit'];
}
$pageNr = $this->_params['offset'] != "" && is_numeric($this->_params['offset']) ? $this->_params['offset'] : 0;
$offset = $pageNr * $limit;
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
$parsedSearch = $spotsOverview->filterToQuery($search, array('field' => 'stamp', 'direction' => 'DESC'), $this->_currentSession, $spotUserSystem->getIndexFilter($this->_currentSession['user']['userid']));
$spots = $spotsOverview->loadSpots($this->_currentSession['user']['userid'], $pageNr, $limit, $parsedSearch);
$this->showResults($spots, $offset, $outputtype);
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, '');
# edituserprefs resultaat is standaard niet geprobeerd
$editResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: edit user preferences";
# haal de te editten user op
$spotUser = $this->_db->getUser($this->_currentSession['user']['userid']);
if ($spotUser === false) {
$formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username']));
$editResult = array('result' => 'failure');
}
# if
# Bepaal welke actie er gekozen was (welke knop ingedrukt was)
$formAction = '';
if (isset($this->_editUserPrefsForm['submitedit'])) {
$formAction = 'edit';
unset($this->_editUserPrefsForm['submitedit']);
} elseif (isset($this->_editUserPrefsForm['submitcancel'])) {
$formAction = 'cancel';
unset($this->_editUserPrefsForm['submitcancel']);
}
# if
# We vragen de anonymous user account op, omdat die z'n preferences gebruikt worden
# als basis.
$anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID);
# Is dit een submit van een form, of nog maar de aanroep?
if (!empty($formAction) && empty($formMessages['errors'])) {
switch ($formAction) {
case 'edit':
# We hebben een aantal dummy preferences welke een speciale actie heeft voor ons, we nemen er hier
# actie over. In de functie cleanseUserPreferences() worden ze automatisch gestripped.
if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) {
$spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'icon' => 'spotweb.png', 'tree' => '~cat0_z3'));
} else {
$spotUserSystem->removeIndexFilter($spotUser['userid']);
}
# if
# Er mogen geen user preferences doorgegeven worden, welke niet in de anonuser preferences staan,
# een merge met de anonuser preferences kan niet, omdat dat niet opgegeven checkboxes (die komen gewoon
# niet door), op true of false zou zetten naar gelang de default parameter en dus het formulier zou
# negeren.
$spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs']);
# controleer en repareer alle preferences
list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $this->_currentSession['user']['prefs']);
if (empty($formMessages['errors'])) {
# bewerkt de user
$spotUserSystem->setUser($spotUser);
# als het toevoegen van de user gelukt is, laat het weten
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
}
# else
# Spotweb registreren bij de notificatie-providers. Dit moet mininmaal 1 keer, dus de veiligste optie is om dit
# elke keer te doen als de voorkeuren worden opgeslagen
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
$spotsNotifications->register();
break;
# case 'edit'
# case 'edit'
case 'cancel':
$editResult = array('result' => 'success');
# case 'cancel'
}
# switch
}
# if
#- display stuff -#
$this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult));
}
function render() {
$formMessages = array('errors' => array(),
'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_securitygroups, '');
# editsecgroup resultaat is standaard niet geprobeerd
$editResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: edit security groups";
# haal de te editten securitygroup op
$secGroup = $spotUserSystem->getSecGroup($this->_groupId);
# als de te wijzigen security group niet gevonden kan worden,
# geef dan een error
if ((empty($secGroup)) && (!isset($this->_editSecGroupForm['submitaddgroup']))) {
$editResult = array('result' => 'failure');
$formMessages['errors'][] = array('validatesecgroup_groupdoesnotexist', array($this->_groupId));
} # if
# Bepaal welke actie er gekozen was (welke knop ingedrukt was)
$formAction = '';
if (isset($this->_editSecGroupForm['submitaddperm'])) {
$formAction = 'addperm';
unset($this->_editSecGroupForm['submitaddperm']);
} elseif (isset($this->_editSecGroupForm['submitremoveperm'])) {
$formAction = 'removeperm';
unset($this->_editSecGroupForm['submitremoveperm']);
} elseif (isset($this->_editSecGroupForm['submitchangename'])) {
$formAction = 'changename';
unset($this->_editSecGroupForm['submitchangename']);
} elseif (isset($this->_editSecGroupForm['submitaddgroup'])) {
$formAction = 'addgroup';
unset($this->_editSecGroupForm['submitaddgroup']);
} elseif (isset($this->_editSecGroupForm['submitremovegroup'])) {
$formAction = 'removegroup';
unset($this->_editSecGroupForm['submitremovegroup']);
} # if
# Als er een van de ingebouwde groepen geprobeerd bewerkt te worden,
# geef dan ook een error.
if ((!empty($formAction)) && ($formAction != 'addgroup') && ($secGroup['id'] < 4)) {
$editResult = array('result' => 'failure');
$formMessages['errors'][] = array('validatesecgroup_cannoteditbuiltin', array($this->_groupId));
} # if
# Is dit een submit van een form, of nog maar de aanroep?
if ((!empty($formAction)) && (empty($formMessages['errors']))) {
switch($formAction) {
case 'removegroup' : {
$spotUserSystem->removeSecGroup($secGroup);
$editResult = array('result' => 'success');
break;
} # case 'removegroup'
case 'addperm' : {
$formMessages['errors'] = $spotUserSystem->addPermToSecGroup($this->_groupId, $this->_editSecGroupForm);
if (!empty($formMessages['errors'])) {
$editResult = array('result' => 'failure');
} else {
$editResult = array('result' => 'success');
} # else
break;
} # case 'addperm'
case 'removeperm' : {
$spotUserSystem->removePermFromSecGroup($this->_groupId,
$this->_editSecGroupForm);
$editResult = array('result' => 'success');
break;
} # case 'removeparm'
case 'addgroup' :
case 'changename' : {
# update het security group record
$secGroup['name'] = $this->_editSecGroupForm['name'];
# controleer en repareer alle preferences
list ($formMessages['errors'], $secGroup) = $spotUserSystem->validateSecGroup($secGroup);
if (empty($formMessages['errors'])) {
# en update de database
switch($formAction) {
case 'changename' : $spotUserSystem->setSecGroup($secGroup); break;
case 'addgroup' : $spotUserSystem->addSecGroup($secGroup); break;
} # switch
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
} # if
break;
} # case 'changename'
} # switch
} # if
#- display stuff -#
$this->template('editsecgroup', array('securitygroup' => $secGroup,
'formmessages' => $formMessages,
'http_referer' => $this->_editSecGroupForm['http_referer'],
'editresult' => $editResult));
} # render
function render() {
$groupMembership = array();
$formMessages = array('errors' => array(),
'info' => array());
# Controleer de users' rechten
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
} # if
# edituser resultaat is standaard niet geprobeerd
$editResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: edit user";
# haal de te editten user op
$spotUser = $this->_db->getUser($this->_userIdToEdit);
if ($spotUser === false) {
$formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username']));
$editResult = array('result' => 'failure');
} # if
# Vraag group membership van deze user op
if ($spotUser != false) {
$groupMembership = $this->_db->getGroupList($spotUser['userid']);
} # if
# Bepaal welke actie er gekozen was (welke knop ingedrukt was)
$formAction = '';
if (isset($this->_editUserForm['submitedit'])) {
$formAction = 'edit';
unset($this->_editUserForm['submitedit']);
} elseif (isset($this->_editUserForm['submitdelete'])) {
$formAction = 'delete';
unset($this->_editUserForm['submitdelete']);
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, '');
} elseif (isset($this->_editUserForm['submitresetuserapi'])) {
$formAction = 'resetapi';
unset($this->_editUserForm['submitresetuserapi']);
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, '');
} elseif (isset($this->_editUserForm['removeallsessions'])) {
$formAction = 'removeallsessions';
unset($this->_editUserForm['removeallsessions']);
} # else
# Is dit een submit van een form, of nog maar de aanroep?
if ((!empty($formAction)) && (empty($formMessages['errors']))) {
# sta niet toe, dat de anonymous user gewijzigd wordt
if ($spotUser['userid'] == SPOTWEB_ANONYMOUS_USERID) {
$formMessages['errors'][] = array('edituser_cannoteditanonymous', array());
$editResult = array('result' => 'failure');
} # if
# sta niet toe, dat de admin user gewist wordt
if (($spotUser['userid'] <= SPOTWEB_ADMIN_USERID) && ($formAction == 'delete')) {
$formMessages['errors'][] = array('edituser_cannotremovesystemuser', array());
$editResult = array('result' => 'failure');
} # if
} # if
# Is dit een submit van een form, of nog maar de aanroep?
if ((!empty($formAction)) && (empty($formMessages['errors']))) {
switch($formAction) {
case 'delete' : {
$spotUser = array_merge($spotUser, $this->_editUserForm);
$spotUserSystem->removeUser($spotUser['userid']);
$editResult = array('result' => 'success');
break;
} # case delete
case 'edit' : {
# Verwijder eventueel niet geldige velden uit het formulier
$this->_editUserForm = $this->cleanseEditForm($this->_editUserForm);
# valideer de user
$spotUser = array_merge($spotUser, $this->_editUserForm);
$formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, true);
if (empty($formMessages['errors'])) {
# bewerkt de user
$spotUserSystem->setUser($spotUser);
# als de gebruker een nieuw wachtwoord opgegeven heeft, update dan
# het wachtwoord ook
if (!empty($spotUser['newpassword1'])) {
$spotUserSystem->setUserPassword($spotUser);
} # if
# Zijn er ook groupmembership lijsten meegestuurd? Zo ja,
# en als de user het recht heeft, update die dan ook
if (isset($this->_editUserForm['grouplist'])) {
# vraag de lijst met usergroepen op
$groupList = array();
foreach($this->_editUserForm['grouplist'] as $val) {
if ($val != 'dummy') {
$groupList[] = array('groupid' => $val,
'prio' => count($groupList));
} # if
} # for
# zorg er voor dat er meer dan 1 groep overblijft
if (count($groupList) < 1) {
$formMessages['errors'][] = array('edituser_usermusthaveonegroup', array());
$editResult = array('result' => 'failure');
} else {
$spotUserSystem->setUserGroupList($spotUser, $groupList);
} # if
} # if
# als het toevoegen van de user gelukt is, laat het weten
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
} # else
break;
} # case 'edit'
case 'removeallsessions' : {
$spotUserSystem->removeAllUserSessions($spotUser['userid']);
$editResult = array('result' => 'success');
break;
} # case 'removeallsessions'
case 'resetapi' : {
$user = $spotUserSystem->resetUserApi($spotUser);
$editResult = array('result' => 'success', 'newapikey' => $user['apikey']);
break;
} # case resetapi
} # switch
} # if
#- display stuff -#
$this->template('edituser', array('edituserform' => $spotUser,
'formmessages' => $formMessages,
'editresult' => $editResult,
'groupMembership' => $groupMembership));
} # render
} # if
# Controleer eerst of de settings versie nog wel geldig zijn
if (!$settings->settingsValid()) {
die("Globale settings zijn gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
} # if
# helper functions for passed variables
$req = new SpotReq();
$req->initialize($settings);
$page = $req->getDef('page', 'index');
# Haal het userobject op dat 'ingelogged' is
SpotTiming::start('auth');
$spotUserSystem = new SpotUserSystem($db, $settings);
if ($req->doesExist('apikey')) {
$currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', ''));
} else {
$currentSession = $spotUserSystem->useOrStartSession();
} # if
/* Zonder userobject ook geen security systeem, dus dit is altijd fatal */
if ($currentSession === false) {
if ($req->doesExist('apikey')) {
throw new Exception("API Key Incorrect");
} else {
throw new Exception("Unable to create session");
} # else
} # if
SpotTiming::stop('auth');
require_once "lib/exceptions/CustomException.php";
require_once "lib/exceptions/NntpException.php";
require_once "lib/SpotSecurity.php";
require_once "lib/SpotTiming.php";
require_once "settings.php";
require_once "lib/SpotDb.php";
define('USERID', 30);
/* -------------------------------------------------------------------- */
echo "Included PHP classes... " . PHP_EOL;
$db = new SpotDb($settings['db']);
$db->connect();
echo "Connected to the database.." . PHP_EOL;
$spotSettings = SpotSettings::singleton($db, $settings);
$spotSigning = new SpotSigning();
$spotPosting = new SpotPosting($db, $spotSettings);
$spotUserSystem = new SpotUserSystem($db, $spotSettings);
echo "Initialized classes.." . PHP_EOL;
$spot['category'] = 0;
$spot['website'] = 'http://www.moviemeter.nl/film/69912';
$spot['body'] = 'Hierbij een cover van de film Colombiana.
Met dank aan de originele poster van deze cover';
$spot['poster'] = 'Spotweb Test User';
$spot['tag'] = '';
$spot['key'] = 7;
$spot['title'] = 'Colombiana cover (SWtest2)';
echo "Spot Title will be: " . $spot['title'] . PHP_EOL;
$spot['category'] = 0;
$spot["subcata"] = "a5|";
$spot['subcatb'] = '';
$spot['subcatc'] = '';
function getIndexFilter()
{
$spotUser = new SpotUserSystem($this->_db, $this->_settings);
return $spotUser->getIndexFilter($this->_currentSession['user']['userid']);
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_create_new_user, '');
# creeer een default spotuser zodat het form altijd
# de waardes van het form kan renderen
$spotUser = array('username' => '', 'firstname' => '', 'lastname' => '', 'mail' => '');
# createuser resultaat is standaard niet geprobeerd
$createResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: create user";
# Is dit een submit van een form, of nog maar de aanroep?
if (isset($this->_createUserForm['submit'])) {
# submit unsetten we altijd
unset($this->_createUserForm['submit']);
# userid zetten we altijd op false voor het maken van een
# nieuwe user, omdat validateUserRecord() anders denkt
# dat we een bestaande user aan het bewerken zijn en we bv.
# het mailaddress niet controleren op dubbelen behalve 'zichzelf'
$this->_createUserForm['userid'] = false;
# creeer een random password voor deze user
$spotUser['newpassword1'] = substr($spotUserSystem->generateUniqueId(), 1, 9);
$spotUser['newpassword2'] = $spotUser['newpassword1'];
# valideer de user
$spotUser = array_merge($spotUser, $this->_createUserForm);
$formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, false);
# Is er geen andere user met dezelfde username?
if ($this->_db->usernameExists($spotUser['username'])) {
$formMessages['errors'][] = array('validateuser_usernameexists', array($spotUser['username']));
}
# if
if (empty($formMessages['errors'])) {
# Creer een private en public key paar voor deze user
$spotSigning = new SpotSigning();
$userKey = $spotSigning->createPrivateKey($this->_settings->get('openssl_cnf_path'));
$spotUser['publickey'] = $userKey['public'];
$spotUser['privatekey'] = $userKey['private'];
# Notificatiesysteem initialiseren
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
# voeg de user toe
$spotUserSystem->addUser($spotUser);
# als het toevoegen van de user gelukt is, laat het weten
$createResult = array('result' => 'success', 'user' => $spotUser['username'], 'password' => $spotUser['newpassword1']);
# verstuur een e-mail naar de nieuwe gebruiker als daar om is gevraagd
if ($this->_createUserForm['sendmail'] == "true" || $this->_createUserForm['sendmail'] == "on" || $this->_settings->get('sendwelcomemail')) {
$spotsNotifications->sendNewUserMail($spotUser);
}
# if
# en verstuur een notificatie
$spotsNotifications->sendUserAdded($spotUser['username'], $spotUser['newpassword1']);
} else {
$createResult = array('result' => 'failure');
}
# else
}
# if
#- display stuff -#
$this->template('createuser', array('createuserform' => $spotUser, 'formmessages' => $formMessages, 'createresult' => $createResult));
}
* and more.
*
* We try to check if any output has been submitted, and if so, we refuse
* to continue to prevent all sorts of confusing bug reports
*/
if (headers_sent() || (int) ob_get_length() > 0) {
throw new OwnsettingsCreatedOutputException();
}
# if
# helper functions for passed variables
$req = new SpotReq();
$req->initialize($settings);
$page = $req->getDef('page', 'index');
# Retrieve the users object of the user which is logged on
SpotTiming::start('auth');
$spotUserSystem = new SpotUserSystem($db, $settings);
if ($req->doesExist('apikey')) {
$currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', ''));
} else {
$currentSession = $spotUserSystem->useOrStartSession(false);
}
# if
/*
* If three is no user object, we don't have a security system
* either. Without a security system we cannot boot, so fatal
*/
if ($currentSession === false) {
if ($req->doesExist('apikey')) {
$currentSession = $spotUserSystem->useOrStartSession(true);
throw new PermissionDeniedException(SpotSecurity::spotsec_consume_api, 'invalid API key');
} else {
function createSystem()
{
global $settings;
global $_testInstall_Ok;
try {
/*
* The settings system is used to create a lot of output,
* we swallow it all
*/
ob_start();
/*
* Now create the database ...
*/
$settings['db'] = $_SESSION['spotsettings']['db'];
$spotUpgrader = new SpotUpgrader($settings['db'], $settings);
$spotUpgrader->database();
/*
* and create all the different settings (only the default) ones
*/
$spotUpgrader->settings();
/*
* Create the users
*/
$spotUpgrader->users();
/*
* print all the output as HTML comment for debugging
*/
$dbCreateOutput = ob_get_contents();
ob_end_clean();
/*
* Now it is time to do something with
* the information the user has given to us
*/
$db = new SpotDb($_SESSION['spotsettings']['db']);
$db->connect();
/*
* add the database settings to the main settings array for now
*/
$settings['db'] = $_SESSION['spotsettings']['db'];
/* and create the database settings */
$spotSettings = SpotSettings::singleton($db, $settings);
/*
* Update the NNTP settings in the databas
*/
$spotSettings->set('nntp_nzb', $_SESSION['spotsettings']['nntp']['nzb']);
$spotSettings->set('nntp_hdr', $_SESSION['spotsettings']['nntp']['hdr']);
$spotSettings->set('nntp_post', $_SESSION['spotsettings']['nntp']['post']);
/*
* Create the given user
*/
$spotUserSystem = new SpotUserSystem($db, $spotSettings);
$spotUser = $_SESSION['spotsettings']['adminuser'];
/*
* Create a private/public key pair for this user
*/
$spotSigning = Services_Signing_Base::newServiceSigning();
$userKey = $spotSigning->createPrivateKey($spotSettings->get('openssl_cnf_path'));
$spotUser['publickey'] = $userKey['public'];
$spotUser['privatekey'] = $userKey['private'];
/*
* and actually add the user
*/
$userId = $spotUserSystem->addUser($spotUser);
# Change the administrators' account password to that of this created user
$adminUser = $spotUserSystem->getUser(SPOTWEB_ADMIN_USERID);
$adminUser['newpassword1'] = $spotUser['newpassword1'];
$spotUserSystem->setUserPassword($adminUser);
# update the settings with our system type and our admin id
$spotSettings->set('custom_admin_userid', $userId);
$spotSettings->set('systemtype', $spotUser['systemtype']);
# Set the system type
$spotUpgrader->resetSystemType($spotUser['systemtype']);
/*
* Create the necessary database connection information
*/
$dbConnectionString = '';
switch ($_SESSION['spotsettings']['db']['engine']) {
case 'mysql':
$dbConnectionString .= "\$dbsettings['engine'] = 'mysql';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL;
break;
# mysql
# mysql
case 'postgresql':
$dbConnectionString .= "\$dbsettings['engine'] = 'pdo_pgsql';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL;
break;
# postgresql
}
# switch
# Try to create the dbsettings.inc.php file for the user
@file_put_contents("dbsettings.inc.php", "<?php" . PHP_EOL . $dbConnectionString);
$createdDbSettings = file_exists("dbsettings.inc.php");
?>
<table summary="PHP settings">
<tr> <th colspan='2'> Installation succesful </th> </tr>
<tr> <td colspan='2'> Spotweb has been installed succesfuly! </td> </tr>
<tr> <td colspan='2'> </td> </tr>
<?php
if (!$createdDbSettings) {
?>
<tr>
<td> → </td>
<td>
You need to create a textfile with the database settings in it. Please copy & paste the below
exactly in a file called <i>dbsettings.inc.php</i>.
<pre><?php
echo "<?php " . PHP_EOL . $dbConnectionString;
?>
</pre>
</td>
</tr>
<?php
}
?>
<tr>
<td> → </td>
<td>
Spotweb retrieves its information from the newsservers, this is called "retrieving" or retrieval of Spots.
You need to schedule a retrieval job to run <i>retrieve.php</i> on a regular basis. The first time retrieval
is run this can take up to several hours before completion.
</td>
</tr>
</table>
<?php
echo '<!-- ' . $dbCreateOutput . ' -->';
} catch (Exception $x) {
?>
<div id='error'><?php
echo $x->getMessage();
?>
<?php
echo $x->getTraceAsString();
?>
<br /><br />
</div>
<?php
}
# exception
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Validate proper permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# Make sure the editresult is set to 'not comitted' per default
$editResult = array();
# Instantiat the user system as necessary for the management of user preferences
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: edit user preferences";
# retrieve the to-edit user
$spotUser = $this->_db->getUser($this->_userIdToEdit);
if ($spotUser === false) {
$formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit);
$editResult = array('result' => 'failure');
}
# if
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserPrefsForm['action'];
/*
* We want the annymous' users account so we can use this users' preferences as a
* template. This makes sure all properties are atleast set.
*/
$anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID);
# Are we trying to submit this form, or only rendering it?
if (!empty($formAction) && empty($formMessages['errors'])) {
switch ($formAction) {
case 'edit':
/*
* We have a few dummy preferenes -- these are submitted like a checkbox for example
* but in reality do something completely different.
*
* Because we use cleanseUserPreferences() those dummies will not end up in the database
*/
if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) {
$spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'enablenotify' => false, 'icon' => 'spotweb.png', 'tree' => '~cat0_z3'));
} else {
$spotUserSystem->removeIndexFilter($spotUser['userid']);
}
# if
# Save the current' user preferences because we need them before cleansing
$savePrefs = $spotUser['prefs'];
$spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs'], $this->_tplHelper->getTemplatePreferences());
# Validate all preferences
list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $savePrefs);
# Make sure user has permission to select this template
if ($spotUser['prefs']['normal_template'] != $savePrefs['normal_template']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['normal_template']);
}
# if
if ($spotUser['prefs']['mobile_template'] != $savePrefs['mobile_template']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['mobile_template']);
}
# if
if ($spotUser['prefs']['tablet_template'] != $savePrefs['tablet_template']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['tablet_template']);
}
# if
if (empty($formMessages['errors'])) {
# Make sure an NZB file was provided
if (isset($_FILES['edituserprefsform'])) {
$uploadError = $_FILES['edituserprefsform']['error']['avatar'];
/**
* Give a proper error if the file is too large, because changeAvatar() wont see
* these errors so they cannot provide the error
*/
if ($uploadError == UPLOAD_ERR_FORM_SIZE || $uploadError == UPLOAD_ERR_INI_SIZE) {
$formMessages['errors'][] = _("Uploaded file is too large");
}
# if
if ($uploadError == UPLOAD_ERR_OK) {
$formMessages['errors'] = $spotUserSystem->changeAvatar($spotUser['userid'], file_get_contents($_FILES['edituserprefsform']['tmp_name']['avatar']));
}
# if
}
# if
}
# if
if (empty($formMessages['errors'])) {
# and actually update the user in the database
$spotUserSystem->setUser($spotUser);
# if we didnt get an exception, it automatically succeeded
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
}
# else
/*
* We have the register Spotweb with the notification providers (growl, prowl, etc) atleast once.
* The safes option is to just do this wih each preferences submit. But first we create a fake
* session for this user.
*/
$fakeSession = $spotUserSystem->createNewSession($spotUser['userid']);
$fakeSession['security'] = new SpotSecurity($this->_db, $this->_settings, $fakeSession['user'], '');
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $fakeSession);
$spotsNotifications->register();
break;
# case 'edit'
# case 'edit'
case 'cancel':
$editResult = array('result' => 'success');
# case 'cancel'
}
# switch
}
# if
#- display stuff -#
$this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult));
}
function categoriesToJson()
{
/* First parse the search string so we know which items to select and which not */
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
$spotsOverview = new SpotsOverview($this->_db, $this->_settings);
$parsedSearch = $spotsOverview->filterToQuery($this->_params['search'], array(), $this->_currentSession, $spotUserSystem->getIndexFilter($this->_currentSession['user']['userid']));
if ($this->_params['disallowstrongnot']) {
$parsedSearch['strongNotList'] = '';
}
# if
$compressedCatList = ',' . $spotsOverview->compressCategorySelection($parsedSearch['categoryList'], $parsedSearch['strongNotList']);
//error_log($this->_params['search']['tree']);
//var_dump($parsedSearch);
//var_dump($compressedCatList);
//die();
echo "[";
$hcatList = array();
foreach (SpotCategories::$_head_categories as $hcat_key => $hcat_val) {
# The uer can opt to only show a specific category, if so, skip all others
if ($hcat_key != $this->_params['category'] && $this->_params['category'] != '*') {
continue;
}
# if
# If the user choose to show only one category, we dont want the category item itself
if ($this->_params['category'] == '*') {
$hcatTmp = '{"title": "' . $hcat_val . '", "isFolder": true, "key": "cat' . $hcat_key . '", "children": [';
}
# if
$typeCatDesc = array();
if (isset(SpotCategories::$_categories[$hcat_key]['z'])) {
foreach (SpotCategories::$_categories[$hcat_key]['z'] as $type_key => $type_value) {
if ($type_key !== 'z' && ($this->_params['subcatz'] == $type_key || $this->_params['subcatz'] == '*')) {
# Now determine wether we need to enable the checkbox
$isSelected = strpos($compressedCatList, ',cat' . $hcat_key . '_z' . $type_key . ',') !== false ? "true" : "false";
# Is this strongnot?
$isStrongNot = strpos($compressedCatList, ',~cat' . $hcat_key . '_z' . $type_key . ',') !== false ? true : false;
if ($isStrongNot) {
$isStrongNot = '"strongnot": true, "addClass": "strongnotnode", ';
$isSelected = 'true';
} else {
$isStrongNot = '';
}
# if
# If the user choose to show only one categortype, we dont want the categorytype item itself
if ($this->_params['subcatz'] == '*') {
$typeCatTmp = '{"title": "' . $type_value . '", "isFolder": true, ' . $isStrongNot . ' "select": ' . $isSelected . ', "hideCheckbox": false, "key": "cat' . $hcat_key . '_z' . $type_key . '", "unselectable": false, "children": [';
}
# if
}
# if
$subcatDesc = array();
foreach (SpotCategories::$_subcat_descriptions[$hcat_key] as $sclist_key => $sclist_desc) {
if ($sclist_key !== 'z' && ($this->_params['subcatz'] == $type_key || $this->_params['subcatz'] == '*')) {
# We inherit the strongnode from our parent
$isStrongNot = strpos($compressedCatList, ',~cat' . $hcat_key . '_z' . $type_key . ',') !== false ? true : false;
if ($isStrongNot) {
$isStrongNot = '"strongnot": true, "addClass": "strongnotnode", ';
$isSelected = 'true';
} else {
$isStrongNot = '';
}
# if
$subcatTmp = '{"title": "' . $sclist_desc . '", "isFolder": true, ' . $isStrongNot . ' "hideCheckbox": true, "key": "cat' . $hcat_key . '_z' . $type_key . '_' . $sclist_key . '", "unselectable": false, "children": [';
# echo ".." . $sclist_desc . " <br>";
$catList = array();
foreach (SpotCategories::$_categories[$hcat_key][$sclist_key] as $key => $valTmp) {
if (in_array('z' . $type_key, $valTmp[1])) {
$val = $valTmp[0];
if (strlen($val) != 0 && strlen($key) != 0) {
# Now determine wether we need to enable the checkbox
$isSelected = strpos($compressedCatList, ',cat' . $hcat_key . '_z' . $type_key . '_' . $sclist_key . $key . ',') !== false ? true : false;
$parentSelected = strpos($compressedCatList, ',cat' . $hcat_key . '_z' . $type_key . ',') !== false ? true : false;
$isSelected = $isSelected || $parentSelected ? 'true' : 'false';
/*
* Is this strongnot?
*/
$isStrongNot = strpos($compressedCatList, ',~cat' . $hcat_key . '_z' . $type_key . ',') !== false ? true : false;
if (!$isStrongNot) {
$isStrongNot = strpos($compressedCatList, ',~cat' . $hcat_key . '_z' . $type_key . '_' . $sclist_key . $key . ',') !== false ? true : false;
}
# if
if ($isStrongNot) {
$isStrongNot = '"strongnot": true, "addClass": "strongnotnode", ';
$isSelected = 'true';
} else {
$isStrongNot = '';
}
# if
$catList[] = '{"title": "' . $val . '", "icon": false, "select": ' . $isSelected . ', ' . $isStrongNot . '"key":"' . 'cat' . $hcat_key . '_z' . $type_key . '_' . $sclist_key . $key . '"}';
}
# if
}
# if
}
# foreach
$subcatTmp .= join(",", $catList);
$subcatDesc[] = $subcatTmp . "]}";
}
# if
}
# foreach
if ($type_key !== 'z') {
# If the user choose to show only one categortype, we dont want the categorytype item itself
if ($this->_params['subcatz'] == '*') {
$typeCatDesc[] = $typeCatTmp . join(",", $subcatDesc) . "]}";
} else {
if (!empty($subcatDesc)) {
$typeCatDesc[] = join(",", array_filter($subcatDesc));
}
# if
}
# else
} else {
$typeCatDesc[] = join(",", $subcatDesc);
}
# else
}
# foreach
}
# foreach
# If the user choose to show only one category, we dont want the category item itself
if ($this->_params['category'] == '*') {
$hcatList[] = $hcatTmp . join(",", $typeCatDesc) . "]}";
} else {
$hcatList[] = join(",", $typeCatDesc);
}
# if
}
# foreach
echo join(",", $hcatList);
echo "]";
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_filters, '');
# editfilter resultaat is standaard niet geprobeerd
$editResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: filters";
# haal de te editten filter op
$spotFilter = $spotUserSystem->getFilter($this->_currentSession['user']['userid'], $this->_filterId);
# als de te wijzigen security group niet gevonden kan worden,
# geef dan een error
if (empty($spotFilter) && isset($this->_editFilterForm['submitchangefilter'])) {
$editResult = array('result' => 'failure');
$formMessages['errors'][] = array('validatefilter_filterdoesnotexist', array($this->_filterId));
}
# if
# Bepaal welke actie er gekozen was (welke knop ingedrukt was)
$formAction = '';
if (isset($this->_editFilterForm['submitaddfilter'])) {
$formAction = 'addfilter';
unset($this->_editFilterForm['submitaddfilter']);
} elseif (isset($this->_editFilterForm['submitremovefilter'])) {
$formAction = 'removefilter';
unset($this->_editFilterForm['submitremovefilter']);
} elseif (isset($this->_editFilterForm['submitchangefilter'])) {
$formAction = 'changefilter';
unset($this->_editFilterForm['submitchangefilter']);
} elseif (isset($this->_editFilterForm['submitdiscardfilters'])) {
$formAction = 'discardfilters';
unset($this->_editFilterForm['submitdiscardfilters']);
} elseif (isset($this->_editFilterForm['submitsetfiltersasdefault'])) {
$formAction = 'setfiltersasdefault';
unset($this->_editFilterForm['submitsetfiltersasdefault']);
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_set_filters_as_default, '');
} elseif (isset($this->_editFilterForm['submitexportfilters'])) {
$formAction = 'exportfilters';
unset($this->_editFilterForm['submitexportfilters']);
} elseif (isset($this->_editFilterForm['submitimportfilters'])) {
$formAction = 'importfilters';
unset($this->_editFilterForm['submitimportfilters']);
} elseif (isset($this->_editFilterForm['submitreorder'])) {
$formAction = 'reorder';
unset($this->_editFilterForm['submitreorder']);
}
# if
# Is dit een submit van een form, of nog maar de aanroep?
if (!empty($formAction) && empty($formMessages['errors'])) {
switch ($formAction) {
case 'removefilter':
$spotUserSystem->removeFilter($this->_currentSession['user']['userid'], $this->_filterId);
$editResult = array('result' => 'success');
break;
# case 'removefilter'
# case 'removefilter'
case 'discardfilters':
$spotUserSystem->resetFilterList($this->_currentSession['user']['userid']);
$editResult = array('result' => 'success');
break;
# case 'discardfilters'
# case 'discardfilters'
case 'setfiltersasdefault':
$spotUserSystem->setFiltersAsDefault($this->_currentSession['user']['userid']);
$editResult = array('result' => 'success');
break;
# case 'setfiltersasdefault'
# case 'setfiltersasdefault'
case 'exportfilters':
$editResult = $spotUserSystem->filtersToXml($spotUserSystem->getPlainFilterList($this->_currentSession['user']['userid'], 'filter'));
break;
# case 'exportfilters'
# case 'exportfilters'
case 'importfilters':
if (isset($_FILES['filterimport'])) {
if ($_FILES['filterimport']['error'] == UPLOAD_ERR_OK) {
$xml = file_get_contents($_FILES['filterimport']['tmp_name']);
try {
$filterList = $spotUserSystem->xmlToFilters($xml);
$spotUserSystem->setFilterList($this->_currentSession['user']['userid'], $filterList);
} catch (Exception $x) {
$editResult = array('result' => 'failure');
$formMessages['errors'][] = array('validatefilter_invaliduploadxml', array());
}
# catch
} else {
$editResult = array('result' => 'failure');
$formMessages['errors'][] = array('validatefilter_fileuploaderr', array($_FILES['filterimport']['error']));
}
# if
} else {
$editResult = array('result' => 'failure');
$formMessages['errors'][] = array('validatefilter_nofileupload', array());
}
# else
break;
# case 'importfilters'
# case 'importfilters'
case 'addfilter':
# Creeer een nieuw filter record - we voegen een filter altijd aan de root toe
$filter = $this->_editFilterForm;
$filter['valuelist'] = explode('&', $filter['valuelist']);
$filter['torder'] = 999;
$filter['tparent'] = 0;
$filter['children'] = array();
$filter['filtertype'] = 'filter';
$filter['sorton'] = $filter['sorton'];
$filter['sortorder'] = $filter['sortorder'];
# en probeer de filter toe te voegen
$formMessages['errors'] = $spotUserSystem->addFilter($this->_currentSession['user']['userid'], $filter);
if (!empty($formMessages['errors'])) {
$editResult = array('result' => 'failure');
} else {
$editResult = array('result' => 'success');
}
# else
break;
# case 'addfilter'
# case 'addfilter'
case 'reorder':
$orderCounter = 0;
# Omdat de nestedSortable jquery widget niet een expliciete sortering meegeeft, voegen
# we die zelf toe aan de hand van hoe de elementen binnen komen
foreach ($this->_orderList as $id => $parent) {
$spotFilter = $spotUserSystem->getFilter($this->_currentSession['user']['userid'], $id);
# Als de volgorde of hierarchie dan moet de filter geupdate worden
if ($spotFilter['torder'] != $orderCounter || $spotFilter['tparent'] != $parent) {
$spotFilter['torder'] = (int) $orderCounter;
$spotFilter['tparent'] = (int) $parent;
$spotUserSystem->changeFilter($this->_currentSession['user']['userid'], $spotFilter);
}
# if
$orderCounter++;
}
# foreach
# case 'reorder'
# case 'reorder'
case 'changefilter':
$spotFilter = array_merge($spotFilter, $this->_editFilterForm);
$spotUserSystem->changeFilter($this->_currentSession['user']['userid'], $spotFilter);
$editResult = array('result' => 'success');
break;
# case 'changefilter'
}
# switch
}
# if
#- display stuff -#
$this->template('editfilter', array('filter' => $spotFilter, 'sorton' => $this->_sorton, 'sortorder' => $this->_sortorder, 'sortby' => $this->_sorton, 'sortdir' => $this->_sortorder, 'lastformaction' => $formAction, 'formmessages' => $formMessages, 'http_referer' => $this->_editFilterForm['http_referer'], 'editresult' => $editResult));
}
function createPasswordSalt() {
$userSystem = new SpotUserSystem($this->_db, $this->_settings);
$salt = $userSystem->generateUniqueId() . $userSystem->generateUniqueId();
$this->setIfNot('pass_salt', $salt);
} # createPasswordSalt
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Validate proper permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_comment, '');
# Sportparser is nodig voor het escapen van de random string
$spotParser = new SpotParser();
# spot signing is nodig voor het RSA signen van de spot en dergelijke
$spotSigning = Services_Signing_Base::newServiceSigning();
# creeer een default comment zodat het form altijd
# de waardes van het form kan renderen
$comment = array('body' => '', 'rating' => 0, 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => '');
# postcomment verzoek was standaard niet geprobeerd
$postResult = array();
# zet de page title
$this->_pageTitle = "spot: post comment";
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_commentForm['action'];
# Make sure the anonymous user and reserved usernames cannot post content
$spotUser = new SpotUserSystem($this->_db, $this->_settings);
if (!$spotUser->allowedToPost($this->_currentSession['user'])) {
$postResult = array('result' => 'notloggedin');
$formAction = '';
}
# if
if ($formAction == 'post') {
# zorg er voor dat alle variables ingevuld zijn
$comment = array_merge($comment, $this->_commentForm);
# vraag de users' privatekey op
$this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']);
# het messageid krijgen we met <>'s, maar we werken
# in spotweb altijd zonder, dus die strippen we
$comment['newmessageid'] = substr($comment['newmessageid'], 1, -1);
# valideer of we deze comment kunnen posten, en zo ja, doe dat dan
$spotPosting = new SpotPosting($this->_db, $this->_settings);
$formMessages['errors'] = $spotPosting->postComment($this->_currentSession['user'], $comment);
if (empty($formMessages['errors'])) {
/* Format the body so we can have smilies and stuff be shown in the template */
$tmpBody = $this->_tplHelper->formatContent($comment['body']);
/* Try to create the avatar */
if (!empty($this->_currentSession['user']['avatar'])) {
$comment['user-avatar'] = $this->_currentSession['user']['avatar'];
} else {
$spotSigning = Services_Signing_Base::newServiceSigning();
$tmpKey = $spotSigning->getPublicKey($this->_currentSession['user']['privatekey']);
$comment['user-key'] = $tmpKey['publickey'];
}
# else
$commentImage = $this->_tplHelper->makeCommenterImageUrl($comment);
/* and return the result to the system */
$postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'spotterid' => $spotSigning->calculateSpotterId($this->_currentSession['user']['publickey']), 'rating' => $comment['rating'], 'body' => $tmpBody, 'commentimage' => $commentImage);
} else {
$postResult = array('result' => 'failure');
}
# else
}
# if
#- display stuff -#
$this->template('postcomment', array('postcommentform' => $comment, 'formmessages' => $formMessages, 'postresult' => $postResult));
}
