Ejemplo n.º 1
0
 /**
  * Executes all cron jobs in the DB if there are any to run.
  *
  * @param boolean $async If true, allows execution to continue by making an asynchronous request to a cron URL
  */
 static function run_cron($async = false)
 {
     // check if it's time to run crons, and if crons are already running.
     $next_cron = HabariDateTime::date_create(Options::get('next_cron', 1));
     $time = HabariDateTime::date_create();
     if ($next_cron->int > $time->int || Options::get('cron_running') && Options::get('cron_running') > microtime(true)) {
         return;
     }
     // cron_running will timeout in 10 minutes
     // round cron_running to 4 decimals
     $run_time = microtime(true) + 600;
     $run_time = sprintf("%.4f", $run_time);
     Options::set('cron_running', $run_time);
     if ($async) {
         // Timeout is really low so that it doesn't wait for the request to finish
         $cronurl = URL::get('cron', array('time' => $run_time, 'asyncronous' => Utils::crypt(Options::get('GUID'))));
         $request = new RemoteRequest($cronurl, 'GET', 1);
         try {
             $request->execute();
         } catch (RemoteRequest_Timeout $e) {
             // the request timed out - we knew that would happen
         } catch (Exception $e) {
             // some other error occurred. log it.
             EventLog::log($e->getMessage(), 'err', 'crontab', 'habari', $e);
         }
     } else {
         // @todo why do we usleep() and why don't we just call act_poll_cron()?
         usleep(5000);
         if (Options::get('cron_running') != $run_time) {
             return;
         }
         $time = HabariDateTime::date_create();
         $crons = DB::get_results('SELECT * FROM {crontab} WHERE start_time <= ? AND next_run <= ? AND active != ?', array($time->sql, $time->sql, 0), 'CronJob');
         if ($crons) {
             foreach ($crons as $cron) {
                 $cron->execute();
             }
         }
         EventLog::log(_t('CronTab run completed.'), 'debug', 'crontab', 'habari', $crons);
         // set the next run time to the lowest next_run OR a max of one day.
         $next_cron = DB::get_value('SELECT next_run FROM {crontab} ORDER BY next_run ASC LIMIT 1', array());
         Options::set('next_cron', min(intval($next_cron), $time->modify('+1 day')->int));
         Options::set('cron_running', false);
     }
 }
Ejemplo n.º 2
0
 /**
  * Executes all cron jobs in the DB if there are any to run.
  *
  * @param boolean $async If true, allows execution to continue by making an asynchronous request to a cron URL
  */
 static function run_cron($async = false)
 {
     // check if it's time to run crons, and if crons are already running.
     $next_cron = HabariDateTime::date_create(Options::get('next_cron'));
     $time = HabariDateTime::date_create();
     if ($next_cron->int > $time->int || Options::get('cron_running') && Options::get('cron_running') > microtime(true)) {
         return;
     }
     // cron_running will timeout in 10 minutes
     // round cron_running to 4 decimals
     $run_time = microtime(true) + 600;
     $run_time = sprintf("%.4f", $run_time);
     Options::set('cron_running', $run_time);
     if ($async) {
         // Timeout is really low so that it doesn't wait for the request to finish
         $cronurl = URL::get('cron', array('time' => $run_time, 'asyncronous' => Utils::crypt(Options::get('guid'))));
         $request = new RemoteRequest($cronurl, 'GET', 1);
         $request->execute();
     } else {
         usleep(5000);
         if (Options::get('cron_running') != $run_time) {
             return;
         }
         $time = HabariDateTime::date_create();
         $crons = DB::get_results('SELECT * FROM {crontab} WHERE start_time <= ? AND next_run <= ?', array($time->sql, $time->sql), 'CronJob');
         if ($crons) {
             foreach ($crons as $cron) {
                 $cron->execute();
             }
         }
         // set the next run time to the lowest next_run OR a max of one day.
         $next_cron = DB::get_value('SELECT next_run FROM {crontab} ORDER BY next_run ASC LIMIT 1', array());
         Options::set('next_cron', min(intval($next_cron), $time->modify('+1 day')->int));
         Options::set('cron_running', false);
     }
 }
Ejemplo n.º 3
0
 /**
  * Handle password reset confirmations
  */
 public function act_password_reset()
 {
     Utils::check_request_method(array('GET', 'HEAD', 'POST'));
     $id = $this->handler_vars['id'];
     $hash = $this->handler_vars['hash'];
     $name = '';
     if ($user = User::get($id)) {
         if ($user->info->password_reset == md5($hash)) {
             // Send a new random password
             $password = Utils::random_password();
             $user->password = Utils::crypt($password);
             if ($user->update()) {
                 $message = _t("Your password for %1\$s has been reset.  Your credentials are as follows---\nUsername: %2\$s\nPassword: %3\$s", array(Site::get_url('habari'), $user->username, $password));
                 Utils::mail($user->email, _t('[%1$s] Password has been reset for %2$s', array(Options::get('title'), $user->displayname)), $message);
                 Session::notice(_t('A new password has been sent to the user.'));
             } else {
                 Session::notice(_t('There was a problem resetting the password.  It was not reset.'));
             }
             // Clear the request - it should only work once
             unset($user->info->password_reset);
             $user->info->commit();
             $name = $user->username;
         } else {
             Session::notice(_t('The supplied password reset token has expired or is invalid.'));
         }
     }
     // Display the login form.
     $this->login_form($name);
 }
Ejemplo n.º 4
0
    HabariLocale::set('en-us');
}
if (Options::get('system_locale')) {
    HabariLocale::set_system_locale(Options::get('system_locale'));
}
// Verify if the database has to be upgraded.
if (Version::requires_upgrade()) {
    $installer = new InstallHandler();
    $installer->upgrade_db();
}
// If we're doing unit testing, stop here
if (defined('UNIT_TEST')) {
    return;
}
// if this is an asyncronous call, ignore abort.
if (isset($_GET['asyncronous']) && Utils::crypt(Options::get('guid'), $_GET['asyncronous'])) {
    ignore_user_abort(true);
}
// Send the Content-Type HTTP header.
// @todo Find a better place to put this.
header('Content-Type: text/html;charset=utf-8');
/**
 * Include all the active plugins.
 * By loading them here they'll have global scope.
 *
 * We loop through them twice so we can cache all plugin classes on the first load() call.
 * This gives about 60% improvement.
 */
foreach (Plugins::list_active() as $file) {
    include_once $file;
}
Ejemplo n.º 5
0
 /**
  * Returns an array of tokens used for WSSE authentication
  *    http://www.xml.com/pub/a/2003/12/17/dive.html
  *    http://www.sixapart.com/developers/atom/protocol/atom_authentication.html
  * @param string|array $nonce a string nonce or an existing array to add nonce parameters to
  * @param string $timestamp a timestamp
  * @return array an array of WSSE authentication elements
  */
 public static function WSSE($nonce = '', $timestamp = '')
 {
     $wsse = array();
     if (is_array($nonce)) {
         $wsse = $nonce;
         $nonce = '';
     }
     if ('' === $nonce) {
         $nonce = Utils::crypt(Options::get('public-GUID') . Utils::nonce());
     }
     if ('' === $timestamp) {
         $timestamp = date('c');
     }
     $user = User::identify();
     $wsse = array_merge($wsse, array('nonce' => $nonce, 'timestamp' => $timestamp, 'digest' => base64_encode(pack('H*', sha1($nonce . $timestamp . $user->password)))));
     return $wsse;
 }
Ejemplo n.º 6
0
 /**
  * Check a user's credentials to see if they are legit
  * -- calls all auth plugins BEFORE checking local database.
  *
  * @todo Actually call plugins
  *
  * @param string $who A username or email address
  * @param string $pw A password
  * @return object a User object, or false
  */
 public static function authenticate($who, $pw)
 {
     if ('' === $who || '' === $pw) {
         return false;
     }
     $user = new StdClass();
     $require = false;
     $user = Plugins::filter('user_authenticate', $user, $who, $pw);
     if ($user instanceof User) {
         self::$identity = $user;
         Plugins::act('user_authenticate_successful', self::$identity);
         EventLog::log(sprintf(_t('Successful login for %s'), $user->username), 'info', 'authentication', 'habari');
         // set the cookie
         $user->remember();
         return self::$identity;
     } elseif (!is_object($user)) {
         Plugins::act('user_authenticate_failure', 'plugin');
         EventLog::log(sprintf(_t('Login attempt (via authentication plugin) for non-existent user %s'), $who), 'warning', 'authentication', 'habari');
         Session::error('Invalid username/password');
         self::$identity = null;
         return false;
     }
     if (strpos($who, '@') !== FALSE) {
         // we were given an email address
         $user = self::get_by_email($who);
     } else {
         $user = self::get_by_name($who);
     }
     if (!$user) {
         // No such user.
         Plugins::act('user_authenticate_failure', 'non-existent');
         EventLog::log(sprintf(_t('Login attempt for non-existent user %s'), $who), 'warning', 'authentication', 'habari');
         Session::error('Invalid username/password');
         self::$identity = null;
         return false;
     }
     if (Utils::crypt($pw, $user->password)) {
         // valid credentials were supplied
         self::$identity = $user;
         Plugins::act('user_authenticate_successful', self::$identity);
         EventLog::log(sprintf(_t('Successful login for %s'), $user->username), 'info', 'authentication', 'habari');
         // set the cookie
         $user->remember();
         return self::$identity;
     } else {
         // Wrong password.
         Plugins::act('user_authenticate_failure', 'bad_pass');
         EventLog::log(sprintf(_t('Wrong password for user %s'), $user->username), 'warning', 'authentication', 'habari');
         Session::error('Invalid username/password');
         self::$identity = null;
         return false;
     }
 }
Ejemplo n.º 7
0
 /**
  * Handles POST requests from the Users listing (ie: creating a new user)
  */
 public function post_users()
 {
     $this->fetch_users();
     $extract = $this->handler_vars->filter_keys('newuser', 'delete', 'new_pass1', 'new_pass2', 'new_email', 'new_username');
     foreach ($extract as $key => $value) {
         ${$key} = $value;
     }
     if (isset($newuser)) {
         $action = 'newuser';
     } elseif (isset($delete)) {
         $action = 'delete';
     }
     $error = '';
     if (isset($action) && 'newuser' == $action) {
         if (!isset($new_pass1) || !isset($new_pass2) || empty($new_pass1) || empty($new_pass2)) {
             Session::error(_t('Password is required.'), 'adduser');
         } else {
             if ($new_pass1 !== $new_pass2) {
                 Session::error(_t('Password mis-match.'), 'adduser');
             }
         }
         if (!isset($new_email) || empty($new_email) || !strstr($new_email, '@')) {
             Session::error(_t('Please supply a valid email address.'), 'adduser');
         }
         if (!isset($new_username) || empty($new_username)) {
             Session::error(_t('Please supply a user name.'), 'adduser');
         }
         // safety check to make sure no such username exists
         $user = User::get_by_name($new_username);
         if (isset($user->id)) {
             Session::error(_t('That username is already assigned.'), 'adduser');
         }
         if (!Session::has_errors('adduser')) {
             $user = new User(array('username' => $new_username, 'email' => $new_email, 'password' => Utils::crypt($new_pass1)));
             if ($user->insert()) {
                 Session::notice(sprintf(_t("Added user '%s'"), $new_username));
             } else {
                 $dberror = DB::get_last_error();
                 Session::error($dberror[2], 'adduser');
             }
         } else {
             $settings = array();
             if (isset($username)) {
                 $settings['new_username'] = $new_username;
             }
             if (isset($new_email)) {
                 $settings['new_email'] = $new_email;
             }
             $this->theme->assign('settings', $settings);
         }
     } else {
         if (isset($action) && 'delete' == $action) {
             $this->update_users($this->handler_vars);
         }
     }
     $this->theme->display('users');
 }
Ejemplo n.º 8
0
 public function action_publish_post(Post $post, FormUI $form)
 {
     if ($post->content_type == Post::type('entry')) {
         $post->info->password = Utils::crypt($form->postpass->value);
     }
 }
Ejemplo n.º 9
0
 public function action_auth_ajax_wp_import_users()
 {
     // get the values post'd in
     $inputs = $_POST->filter_keys(array('db_name', 'db_host', 'db_user', 'db_pass', 'db_prefix', 'category_import', 'import_index'));
     $inputs = $inputs->getArrayCopy();
     // make sure we have all our default values
     $inputs = array_merge($this->default_values, $inputs);
     // get the wpdb
     $wpdb = $this->wp_connect($inputs['db_host'], $inputs['db_name'], $inputs['db_user'], $inputs['db_pass']);
     // if we couldn't connect, error out
     if (!$wpdb) {
         EventLog::log(_t('Failed to import from "%s"', array($inputs['db_name'])));
         Session::error(_t('Failed to import from "%s"', array($inputs['db_name'])));
         echo '<p>' . _t('Failed to connect using the given database connection details.') . '</p>';
     }
     // we connected just fine, let's get moving!
     // begin a transaction. if we error out at any point, we want to roll back to before import began
     DB::begin_transaction();
     // fetch all the users from the wordpress database
     $wp_users = $wpdb->get_results('select id, user_login, user_pass, user_email, user_url, display_name from ' . $inputs['db_prefix'] . 'users');
     echo '<p>' . _t('Importing Users&hellip;') . '</p>';
     foreach ($wp_users as $wp_user) {
         // see if a user with this username already exists
         $user = User::get_by_name($wp_user->user_login);
         if ($user !== false) {
             // if the user exists, save their old ID into an info attribute
             $user->info->wp_id = intval($wp_user->id);
             // and update
             $user->update();
             echo '<p>' . _t('Associated imported user %1$s with existing user %2$s', array($wp_user->user_login, $user->username)) . '</p>';
             EventLog::log(_t('Associated imported user %1$s with existing user %2$s', array($wp_user->user_login, $user->username)));
         } else {
             // no user exists, we need to create one
             try {
                 $u = new User();
                 $u->username = $wp_user->user_login;
                 $u->email = $wp_user->user_email;
                 // set their password so the user will be able to login. they're auto-added to the 'authenticated' ACL group
                 $u->password = Utils::crypt($wp_user->user_pass);
                 $u->info->wp_id = intval($wp_user->id);
                 $u->info->displayname = $wp_user->display_name;
                 if ($wp_user->user_url != '') {
                     $u->info->url = $wp_user->user_url;
                 }
                 // and save it
                 $u->insert();
                 echo '<p>' . _t('Created new user %1$s. Their old ID was %2$d.', array($u->username, $wp_user->id)) . '</p>';
                 EventLog::log(_t('Created new user %1$s. Their old ID was %2$d.', array($u->username, $wp_user->id)));
             } catch (Exception $e) {
                 // no idea why we might error out, but catch it if we do
                 EventLog::log($e->getMessage, 'err');
                 echo '<p class="error">' . _t('There was an error importing user %s. See the EventLog for the error message. ', array($wp_user->user_login)) . '</p>';
                 echo '<p>' . _t('Rolling back changes&hellip;') . '</p>';
                 // rollback all changes before we return so the import hasn't changed anything yet
                 DB::rollback();
                 // and return so they don't get AJAX to send them on to the next step
                 return false;
             }
         }
     }
     // if we've finished without an error, commit the import
     DB::commit();
     // get the next ajax url
     $ajax_url = URL::get('auth_ajax', array('context' => 'wp_import_posts'));
     // and spit out ajax to send them to the next step - posts!
     echo $this->get_ajax($ajax_url, $inputs);
 }
Ejemplo n.º 10
0
 /**
  * Creates the administrator user from form information
  *
  * @return  mixed. the user on success, false on failure
  */
 private function create_admin_user()
 {
     $admin_username = $this->handler_vars['admin_username'];
     $admin_email = $this->handler_vars['admin_email'];
     $admin_pass = $this->handler_vars['admin_pass1'];
     if ($admin_pass[0] == '{') {
         // looks like we might have a crypted password
         $password = $admin_pass;
         // but let's double-check
         $algo = strtolower(substr($admin_pass, 1, 3));
         if ('ssh' != $algo && 'sha' != $algo) {
             // we do not have a crypted password
             // so let's encrypt it
             $password = Utils::crypt($admin_pass);
         }
     } else {
         $password = Utils::crypt($admin_pass);
     }
     // Insert the admin user
     $user = User::create(array('username' => $admin_username, 'email' => $admin_email, 'password' => $password));
     return $user;
 }
 /**
  * function action_plugins_loaded
  * checks for the presence of our cookie, and uses that to establish the session for the user
  **/
 public function action_init()
 {
     // first, let's see if an active session is in effect
     $user = User::identify();
     if (0 < $user->id) {
         // no sense processing any further if we already know
         // about this user.
         return;
     }
     // make sure we don't try to accidentially re-use the anonymous
     // user object later. probably unnecessary.
     unset($user);
     // does our cookie exist on the user's PC?
     $cookiename = 'P_' . md5(Options::get('GUID') . '_Persistence');
     if (!isset($_COOKIE[$cookiename])) {
         // no?  bail out
         return;
     }
     $cookie = $_COOKIE[$cookiename];
     $result = DB::get_row('SELECT user_id,value FROM {userinfo} WHERE name=?', array('persistence_' . $cookie));
     if (!$result) {
         return;
     }
     if (time() > $result->value) {
         // the cookie has expired
         return;
     }
     $user = User::get_by_id($result->user_id);
     // make sure the hash value stored in the cookie is correct for this user
     if (!Utils::crypt($user->username . $user->id . $result->value, $cookie)) {
         // hash doesn't match, so bail out
         unset($user);
         return;
     }
     // we got here, so let's remember this user
     $user->remember();
     // and store a log entry
     EventLog::log('Successful login by cookie for ' . $user->username, 'info', 'authentication', 'persistence');
 }
Ejemplo n.º 12
0
 public function testCrypt()
 {
     $crypt = Utils::crypt($this->plaintext);
     $this->assertRegExp('/^{SSHA512}/', $crypt);
     $this->assertEquals(101, strlen($crypt));
     // Test the hash-compare works
     $hash = "{SSHA512}p9F5CeA1xrB2ypnI6tl9B2ol/+Et7qObtZfUawRRNck5MxFQtnRkdfAgPwbUlGMf3GcTwvPcv1/fNAEtHxrcozekoMU=";
     $this->assertTrue(Utils::crypt($this->plaintext, $hash));
 }
Ejemplo n.º 13
0
 function test_crypt()
 {
     $crypt = Utils::crypt($this->plaintext);
     $this->assert_true(strpos($crypt, '{SSHA512}') === 0);
     $this->assert_equal(101, strlen($crypt));
     // Test the hash-compare works
     $hash = "{SSHA512}p9F5CeA1xrB2ypnI6tl9B2ol/+Et7qObtZfUawRRNck5MxFQtnRkdfAgPwbUlGMf3GcTwvPcv1/fNAEtHxrcozekoMU=";
     $this->assert_true(Utils::crypt($this->plaintext, $hash));
 }
Ejemplo n.º 14
0
 public function register_user($form)
 {
     $group = UserGroup::get($form->get_option('group_name'));
     $user = new User(array('username' => $form->username, 'email' => $form->email, 'password' => Utils::crypt($form->password)));
     if ($user->insert()) {
         $group->add($user);
         if ($form->get_option('standalone')) {
             $user->remember();
             $redirect = URL::get('register_success');
         } else {
             Session::notice(sprintf(_t("Added user '%s'", __CLASS__), $form->username));
             $redirect = "";
         }
         // Let plugins alter the redirect location. Yes, the string is loooong, but it's propably unique, too.
         $redirect = Plugins::filter('register_user_success_redirect_location', $redirect, $form);
         Utils::redirect($redirect);
     } else {
         $dberror = DB::get_last_error();
         Session::error($dberror[2], 'adduser');
     }
 }
Ejemplo n.º 15
0
 /**
  * Success method for the add_user form
  * @param FormUI $form The add_user form
  */
 public function do_add_user(FormUI $form)
 {
     $user = new User(array('username' => $form->username->value, 'email' => $form->email->value, 'password' => Utils::crypt($form->password->value)));
     if ($user->insert()) {
         Session::notice(_t("Added user '%s'", array($form->username->value)));
         $form->clear();
     } else {
         $dberror = DB::get_last_error();
         Session::error($dberror[2], 'adduser');
     }
 }
 private function get_mail_data($comment, $reply)
 {
     $ret = array();
     $eol_tag = '--EOL--';
     $fp = $this->find_file(self::MAIL_FILENAME);
     $post = Post::get(array('id' => $comment->post_id));
     /* prepare for vars used in template file */
     $site_name = Options::get('title');
     $site_link = Site::get_url('habari');
     $post_title = $post->title;
     $post_link = $post->permalink;
     $comment_id = $comment->id;
     $comment_author = $comment->name;
     $comment_content = str_replace("\r\n", "\n", $comment->content);
     $comment_content = str_replace("\n", $eol_tag, $comment_content);
     $reply_id = $reply->id;
     $reply_author = $reply->name;
     $reply_content = str_replace("\r\n", "\n", $reply->content);
     $reply_content = str_replace("\n", $eol_tag, $reply_content);
     $unsubscribe_link = $site_link . '/tc_unsubscribe?id=' . base64_encode($comment->email . ',' . $comment_id . ',' . Utils::crypt($comment->email . $comment_id));
     ob_start();
     include $fp;
     $cont = ob_get_clean();
     $pieces = explode(self::END_DEL, $cont);
     $ret['subject'] = substr($pieces[0], strpos($pieces[0], self::SUBJECT_DEL) + strlen(self::SUBJECT_DEL . PHP_EOL));
     $ret['text'] = substr($pieces[1], strpos($pieces[1], self::TEXT_DEL) + strlen(self::TEXT_DEL . PHP_EOL));
     $ret['text'] = str_replace($eol_tag, PHP_EOL, $ret['text']);
     $ret['html'] = substr($pieces[2], strpos($pieces[2], self::HTML_DEL) + strlen(self::HTML_DEL . PHP_EOL));
     $ret['html'] = str_replace($eol_tag, '<br />' . PHP_EOL, $ret['html']);
     return $ret;
 }