function die_message($msg)
{
$title = $page = 'Runtime error';
$body = <<<EOD
<h3>Runtime error</h3>
<strong>Error message : {$msg}</strong>
EOD;
pkwk_common_headers();
if (defined('SKIN_FILE') && file_exists(SKIN_FILE) && is_readable(SKIN_FILE)) {
catbody($title, $page, $body);
} else {
header('Content-Type: text/html; charset=euc-jp');
print <<<EOD
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>{$title}</title>
<meta http-equiv="content-type" content="text/html; charset=euc-jp">
</head>
<body>
{$body}
</body>
</html>
EOD;
}
exit;
}
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
global $auth_method_type, $auth_users, $_msg_auth;
// Checked by:
$target_str = '';
if ($auth_method_type == 'pagename') {
$target_str = $page;
// Page name
} elseif ($auth_method_type == 'contents') {
$target_str = join('', get_source($page));
// Its contents
}
$user_list = array();
foreach ($auth_pages as $key => $val) {
if (preg_match($key, $target_str)) {
$user_list = array_merge($user_list, explode(',', $val));
}
}
if (empty($user_list)) {
return true;
}
// No limit
$matches = array();
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
// Basic-auth with $_SERVER['HTTP_AUTHORIZATION']
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
}
if (PKWK_READONLY || !isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']]) !== $auth_users[$_SERVER['PHP_AUTH_USER']]) {
// Auth failed
pkwk_common_headers();
if ($auth_flag) {
header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
header('HTTP/1.0 401 Unauthorized');
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlsc(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return false;
} else {
return true;
}
}
$base =& $defaultpage;
}
}
$title = htmlsc(strip_bracket($base));
$page = make_search($base);
if (isset($retvars['msg']) && $retvars['msg'] != '') {
$title = str_replace('$1', $title, $retvars['msg']);
$page = str_replace('$1', $page, $retvars['msg']);
}
if (isset($retvars['body']) && $retvars['body'] != '') {
$body =& $retvars['body'];
} else {
if ($base == '' || !is_page($base)) {
$base =& $defaultpage;
$title = htmlsc(strip_bracket($base));
$page = make_search($base);
}
$vars['cmd'] = 'read';
$vars['page'] =& $base;
$body = convert_html(get_source($base));
if ($trackback) {
$body .= tb_get_rdf($base);
}
// Add TrackBack-Ping URI
if ($referer) {
ref_save($base);
}
}
// Output
catbody($title, $page, $body);
exit;
function digest_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
global $auth_users, $auth_method_type, $auth_type;
global $realm;
if (auth::is_page_auth($page, $auth_flag, $auth_pages, '', '')) {
return true;
}
// No limit
//$user_list = get_auth_page_users($page, $auth_pages);
//if (empty($user_list)) return true; // No limit
if (!auth::check_role('role_adm_contents')) {
return true;
}
// 既にコンテンツ管理者
if (auth::auth_digest($auth_users)) {
return true;
}
// Auth failed
if ($auth_flag || $exit_flag) {
pkwk_common_headers();
}
if ($auth_flag) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"');
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return false;
}
function force_output_message($title, $page, $body)
{
pkwk_common_headers();
if (defined('SKIN_FILE') && file_exists(SKIN_FILE) && is_readable(SKIN_FILE)) {
catbody($title, $page, $body);
} else {
header('Content-Type: text/html; charset=utf-8');
print <<<EOD
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>{$title}</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body>
{$body}
</body>
</html>
EOD;
}
exit;
}
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
global $auth_users, $auth_method_type, $auth_type;
global $realm;
// Checked by:
$target_str = '';
if ($auth_method_type == 'pagename') {
$target_str = $page;
// Page name
} else {
if ($auth_method_type == 'contents') {
$target_str = get_source($page, TRUE, TRUE);
// Its contents
}
}
$user_list = array();
foreach ($auth_pages as $key => $val) {
if (preg_match($key, $target_str)) {
$user_list = array_merge($user_list, explode(',', $val));
}
}
if (empty($user_list)) {
return TRUE;
}
// No limit
if (!auth::check_role('role_adm_contents')) {
return TRUE;
}
// 既にコンテンツ管理者
// Digest
if ($auth_type == 2) {
if (auth::auth_digest($realm, $auth_users)) {
return TRUE;
}
// Auth failed
if ($auth_flag || $exit_flag) {
pkwk_common_headers();
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return FALSE;
}
$matches = array();
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
// Basic-auth with $_SERVER['HTTP_AUTHORIZATION']
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
}
// if (PKWK_READONLY ||
// if (auth::check_role('readonly') ||
// ! isset($_SERVER['PHP_AUTH_USER']) ||
if (!isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']][0]) !== $auth_users[$_SERVER['PHP_AUTH_USER']][0]) {
// Auth failed
if ($auth_flag || $exit_flag) {
pkwk_common_headers();
}
if ($auth_flag) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.0 401 Unauthorized');
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body);
exit;
}
return FALSE;
} else {
return TRUE;
}
}
function spamfilter($comment = null)
{
global $vars, $defaultpage;
// Through if GET (Check only POST)
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
return;
}
// Through if POST is from akismet plugin (submitHam)
if (isset($vars['cmd']) && $vars['cmd'] == 'akismet') {
return;
}
// Through if in IGNORE list
$cmd = isset($vars['cmd']) ? $vars['cmd'] : (isset($vars['plugin']) ? $vars['plugin'] : 'read');
if (defined('PLUGIN_AKISMET_IGNORE_PLUGINS')) {
if (in_array($cmd, explode(',', PLUGIN_AKISMET_IGNORE_PLUGINS))) {
return;
}
}
// Through if already known he is a human
$use_authlevel = PLUGIN_AKISMET_THROUGH_IF_ENROLLEE ? ROLE_AUTH : (PLUGIN_AKISMET_THROUGH_IF_ADMIN ? ROLE_ADM_CONTENTS : 0);
if (is_human(NULL, PLUGIN_AKISMET_USE_SESSION, $use_authlevel)) {
return;
}
// Initialize $comment
if (!isset($comment)) {
// special case (now only supports edit plugin)
if ($vars['cmd'] === 'edit' || $vars['plugin'] === 'edit') {
$body = $vars['msg'];
} else {
$body = implode("\n", $vars);
}
$comment = array('author' => '', 'email' => '', 'website' => '', 'body' => $body, 'permalink' => '', 'user_ip' => $_SERVER['REMOTE_ADDR'], 'user_agent' => $_SERVER['HTTP_USER_AGENT']);
}
$is_spam = TRUE;
if (PLUGIN_AKISMET_USE_AKISMET) {
// Through if no body (Akismet recognizes as a spam if no body)
if ($comment['body'] == '') {
return;
}
// instantiate an instance of the class
$akismet = new Akismet(get_script_uri(), PLUGIN_AKISMET_API_KEY, $comment);
// test for errors
if ($akismet->errorsExist()) {
// returns TRUE if any errors exist
if ($akismet->isError('AKISMET_INVALID_KEY')) {
die_message('akismet : APIキーが不正です.');
} elseif ($akismet->isError('AKISMET_RESPONSE_FAILED')) {
//die_message('akismet : レスポンスの取得に失敗しました');
} elseif ($akismet->isError('AKISMET_SERVER_NOT_FOUND')) {
//die_message('akismet : サーバへの接続に失敗しました.');
}
$is_spam = FALSE;
// through if akismet.com is not available.
} else {
$is_spam = $akismet->isSpam();
}
if ($is_spam) {
$detail = PLUGIN_AKISMET_SPAMLOG_DETAIL ? $comment : array();
PluginAkismet::spamlog_write($vars, $detail, PLUGIN_AKISMET_SPAMLOG_FILENAME);
}
}
if ($is_spam) {
if (PLUGIN_AKISMET_RECAPTCHA_LOG) {
PluginAkismet::spamlog_write($vars, array('body' => 'hit'), LOG_DIR . 'captchalog.txt');
}
$form = PluginAkismet::get_captcha_form($vars, $comment);
// die_message('</strong>' . $form . '<strong>');
$title = $page = 'キャプチャ認証';
pkwk_common_headers();
catbody($title, $page, $form);
exit;
}
}
function check_editable($page, $auth_flag = TRUE, $exit_flag = TRUE)
{
global $script, $_title_cannotedit, $_msg_unfreeze;
if (edit_auth($page, $auth_flag, $exit_flag) && is_editable($page)) {
// Editable
return TRUE;
} else {
// Not editable
if ($exit_flag === FALSE) {
return FALSE;
// Without exit
} else {
// With exit
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $_title_cannotedit);
if (is_freeze($page)) {
$body .= '(<a href="' . $script . '?cmd=unfreeze&page=' . rawurlencode($page) . '">' . $_msg_unfreeze . '</a>)';
}
$page = str_replace('$1', make_search($page), $_title_cannotedit);
catbody($title, $page, $body);
exit;
}
}
}
