function die_message($msg) { $title = $page = 'Runtime error'; $body = <<<EOD <h3>Runtime error</h3> <strong>Error message : {$msg}</strong> EOD; pkwk_common_headers(); if (defined('SKIN_FILE') && file_exists(SKIN_FILE) && is_readable(SKIN_FILE)) { catbody($title, $page, $body); } else { header('Content-Type: text/html; charset=euc-jp'); print <<<EOD <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>{$title}</title> <meta http-equiv="content-type" content="text/html; charset=euc-jp"> </head> <body> {$body} </body> </html> EOD; } exit; }
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot) { global $auth_method_type, $auth_users, $_msg_auth; // Checked by: $target_str = ''; if ($auth_method_type == 'pagename') { $target_str = $page; // Page name } elseif ($auth_method_type == 'contents') { $target_str = join('', get_source($page)); // Its contents } $user_list = array(); foreach ($auth_pages as $key => $val) { if (preg_match($key, $target_str)) { $user_list = array_merge($user_list, explode(',', $val)); } } if (empty($user_list)) { return true; } // No limit $matches = array(); if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { // Basic-auth with $_SERVER['HTTP_AUTHORIZATION'] list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1])); } if (PKWK_READONLY || !isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']]) !== $auth_users[$_SERVER['PHP_AUTH_USER']]) { // Auth failed pkwk_common_headers(); if ($auth_flag) { header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"'); header('HTTP/1.0 401 Unauthorized'); } if ($exit_flag) { $body = $title = str_replace('$1', htmlsc(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); catbody($title, $page, $body); exit; } return false; } else { return true; } }
$base =& $defaultpage; } } $title = htmlsc(strip_bracket($base)); $page = make_search($base); if (isset($retvars['msg']) && $retvars['msg'] != '') { $title = str_replace('$1', $title, $retvars['msg']); $page = str_replace('$1', $page, $retvars['msg']); } if (isset($retvars['body']) && $retvars['body'] != '') { $body =& $retvars['body']; } else { if ($base == '' || !is_page($base)) { $base =& $defaultpage; $title = htmlsc(strip_bracket($base)); $page = make_search($base); } $vars['cmd'] = 'read'; $vars['page'] =& $base; $body = convert_html(get_source($base)); if ($trackback) { $body .= tb_get_rdf($base); } // Add TrackBack-Ping URI if ($referer) { ref_save($base); } } // Output catbody($title, $page, $body); exit;
function digest_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot) { global $auth_users, $auth_method_type, $auth_type; global $realm; if (auth::is_page_auth($page, $auth_flag, $auth_pages, '', '')) { return true; } // No limit //$user_list = get_auth_page_users($page, $auth_pages); //if (empty($user_list)) return true; // No limit if (!auth::check_role('role_adm_contents')) { return true; } // 既にコンテンツ管理者 if (auth::auth_digest($auth_users)) { return true; } // Auth failed if ($auth_flag || $exit_flag) { pkwk_common_headers(); } if ($auth_flag) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"'); } if ($exit_flag) { $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); catbody($title, $page, $body); exit; } return false; }
function force_output_message($title, $page, $body) { pkwk_common_headers(); if (defined('SKIN_FILE') && file_exists(SKIN_FILE) && is_readable(SKIN_FILE)) { catbody($title, $page, $body); } else { header('Content-Type: text/html; charset=utf-8'); print <<<EOD <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>{$title}</title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> </head> <body> {$body} </body> </html> EOD; } exit; }
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot) { global $auth_users, $auth_method_type, $auth_type; global $realm; // Checked by: $target_str = ''; if ($auth_method_type == 'pagename') { $target_str = $page; // Page name } else { if ($auth_method_type == 'contents') { $target_str = get_source($page, TRUE, TRUE); // Its contents } } $user_list = array(); foreach ($auth_pages as $key => $val) { if (preg_match($key, $target_str)) { $user_list = array_merge($user_list, explode(',', $val)); } } if (empty($user_list)) { return TRUE; } // No limit if (!auth::check_role('role_adm_contents')) { return TRUE; } // 既にコンテンツ管理者 // Digest if ($auth_type == 2) { if (auth::auth_digest($realm, $auth_users)) { return TRUE; } // Auth failed if ($auth_flag || $exit_flag) { pkwk_common_headers(); } if ($exit_flag) { $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); catbody($title, $page, $body); exit; } return FALSE; } $matches = array(); if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { // Basic-auth with $_SERVER['HTTP_AUTHORIZATION'] list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1])); } // if (PKWK_READONLY || // if (auth::check_role('readonly') || // ! isset($_SERVER['PHP_AUTH_USER']) || if (!isset($_SERVER['PHP_AUTH_USER']) || !in_array($_SERVER['PHP_AUTH_USER'], $user_list) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']][0]) !== $auth_users[$_SERVER['PHP_AUTH_USER']][0]) { // Auth failed if ($auth_flag || $exit_flag) { pkwk_common_headers(); } if ($auth_flag) { header('WWW-Authenticate: Basic realm="' . $realm . '"'); header('HTTP/1.0 401 Unauthorized'); } if ($exit_flag) { $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot); $page = str_replace('$1', make_search($page), $title_cannot); catbody($title, $page, $body); exit; } return FALSE; } else { return TRUE; } }
function spamfilter($comment = null) { global $vars, $defaultpage; // Through if GET (Check only POST) if ($_SERVER['REQUEST_METHOD'] === 'GET') { return; } // Through if POST is from akismet plugin (submitHam) if (isset($vars['cmd']) && $vars['cmd'] == 'akismet') { return; } // Through if in IGNORE list $cmd = isset($vars['cmd']) ? $vars['cmd'] : (isset($vars['plugin']) ? $vars['plugin'] : 'read'); if (defined('PLUGIN_AKISMET_IGNORE_PLUGINS')) { if (in_array($cmd, explode(',', PLUGIN_AKISMET_IGNORE_PLUGINS))) { return; } } // Through if already known he is a human $use_authlevel = PLUGIN_AKISMET_THROUGH_IF_ENROLLEE ? ROLE_AUTH : (PLUGIN_AKISMET_THROUGH_IF_ADMIN ? ROLE_ADM_CONTENTS : 0); if (is_human(NULL, PLUGIN_AKISMET_USE_SESSION, $use_authlevel)) { return; } // Initialize $comment if (!isset($comment)) { // special case (now only supports edit plugin) if ($vars['cmd'] === 'edit' || $vars['plugin'] === 'edit') { $body = $vars['msg']; } else { $body = implode("\n", $vars); } $comment = array('author' => '', 'email' => '', 'website' => '', 'body' => $body, 'permalink' => '', 'user_ip' => $_SERVER['REMOTE_ADDR'], 'user_agent' => $_SERVER['HTTP_USER_AGENT']); } $is_spam = TRUE; if (PLUGIN_AKISMET_USE_AKISMET) { // Through if no body (Akismet recognizes as a spam if no body) if ($comment['body'] == '') { return; } // instantiate an instance of the class $akismet = new Akismet(get_script_uri(), PLUGIN_AKISMET_API_KEY, $comment); // test for errors if ($akismet->errorsExist()) { // returns TRUE if any errors exist if ($akismet->isError('AKISMET_INVALID_KEY')) { die_message('akismet : APIキーが不正です.'); } elseif ($akismet->isError('AKISMET_RESPONSE_FAILED')) { //die_message('akismet : レスポンスの取得に失敗しました'); } elseif ($akismet->isError('AKISMET_SERVER_NOT_FOUND')) { //die_message('akismet : サーバへの接続に失敗しました.'); } $is_spam = FALSE; // through if akismet.com is not available. } else { $is_spam = $akismet->isSpam(); } if ($is_spam) { $detail = PLUGIN_AKISMET_SPAMLOG_DETAIL ? $comment : array(); PluginAkismet::spamlog_write($vars, $detail, PLUGIN_AKISMET_SPAMLOG_FILENAME); } } if ($is_spam) { if (PLUGIN_AKISMET_RECAPTCHA_LOG) { PluginAkismet::spamlog_write($vars, array('body' => 'hit'), LOG_DIR . 'captchalog.txt'); } $form = PluginAkismet::get_captcha_form($vars, $comment); // die_message('</strong>' . $form . '<strong>'); $title = $page = 'キャプチャ認証'; pkwk_common_headers(); catbody($title, $page, $form); exit; } }
function check_editable($page, $auth_flag = TRUE, $exit_flag = TRUE) { global $script, $_title_cannotedit, $_msg_unfreeze; if (edit_auth($page, $auth_flag, $exit_flag) && is_editable($page)) { // Editable return TRUE; } else { // Not editable if ($exit_flag === FALSE) { return FALSE; // Without exit } else { // With exit $body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $_title_cannotedit); if (is_freeze($page)) { $body .= '(<a href="' . $script . '?cmd=unfreeze&page=' . rawurlencode($page) . '">' . $_msg_unfreeze . '</a>)'; } $page = str_replace('$1', make_search($page), $_title_cannotedit); catbody($title, $page, $body); exit; } } }