function macro_bookmark($formatter, $value = '', &$options)
{
global $DBInfo;
global $_COOKIE;
$user =& $DBInfo->user;
# get cookie
if (!isset($options['time'][0])) {
$bookmark = time();
} else {
$bookmark = $options['time'];
}
$ret = array();
if ($user->id == "Anonymous") {
if (is_numeric($bookmark) and $bookmark > 0) {
setcookie("MONI_BOOKMARK", $bookmark, time() + 60 * 60 * 24 * 30, get_scriptname());
$ret['title'] = _('Bookmark Changed');
} else {
setcookie("MONI_BOOKMARK", 0, 0, get_scriptname());
$ret['title'] = _("Bookmark Deleted !");
}
# set the fake cookie
$_COOKIE['MONI_BOOKMARK'] = $bookmark;
$user->bookmark = $bookmark;
} else {
if (is_numeric($bookmark) and $bookmark > 0) {
$ret['title'] = _('Bookmark Changed');
$user->info['bookmark'] = $bookmark;
$user->bookmark = $bookmark;
} else {
$ret['title'] = _("Bookmark Deleted !");
$user->info['bookmark'] = null;
}
$DBInfo->udb->saveUser($user);
if (empty($user->info['bookmark'])) {
unset($user->bookmark);
}
}
if (isset($options['ret'])) {
$options['ret'] = $ret;
}
return '';
}
function unsetCookie()
{
global $Config;
# set the fake cookie
$_COOKIE['MONI_ID'] = "Anonymous";
$domain = '';
if (!empty($Config['cookie_domain'])) {
$domain = '; Domain=' . $Config['cookie_domain'];
}
if (!empty($Config['cookie_path'])) {
$path = '; Path=' . $Config['cookie_path'];
} else {
$path = '; Path=' . dirname(get_scriptname());
}
return "Set-Cookie: MONI_ID=" . $this->id . "; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=" . $path . $domain;
}
function macro_Scrap($formatter, $value = '', $options = array())
{
global $DBInfo;
$user =& $DBInfo->user;
# get cookie
if ($user->id == 'Anonymous') {
return '';
}
$userinfo = $DBInfo->udb->getUser($user->id);
$pages = array();
if (!empty($userinfo->info['scrapped_pages'])) {
$pages = explode("\t", $userinfo->info['scrapped_pages']);
}
$scrapped = 0;
$pgname = '';
if (!empty($formatter->page->name)) {
$pgname = $formatter->page->name;
if (!in_array($formatter->page->name, $pages)) {
$pages[] = $options['page'];
} else {
$scrapped = 1;
}
}
$out = '';
if ($value == 'js') {
// get the scrapped pages dynamically
$script = get_scriptname() . $DBInfo->query_prefix;
$pgname = _rawurlencode($pgname);
$js = <<<JS
<script type="text/javascript">
/*<![CDATA[*/
(function() {
var script_name = "{$script}";
var page_name = "{$pgname}";
function get_scrap()
{
var scrap = document.getElementById('scrap');
if (scrap == null) {
// silently ignore
return;
}
var pgname = decodeURIComponent(page_name);
var scrapped = false;
// get the scrapped pages
var qp = '?'; // query_prefix
var loc = '//' + location.host;
if (location.port) loc+= ':' + location.port;
loc+= location.pathname + qp + 'action=scrap/ajax';
var ret = HTTPGet(loc);
if (ret) {
var list = JSON.parse(ret);
var html = '';
for (i = 0; i < list.length; i++) {
if (list[i] == pgname) scrapped = true;
html+= '<li><a href="' + script_name + list[i] + '">' + list[i] + "</a></li>\\n";
}
if (html != '')
scrap.innerHTML = "<ul>" + html + "</ul>";
if (scrapped) {
// change scrap icon
var iconmenu = document.getElementById("wikiIcon");
var icons = iconmenu.getElementsByTagName("A");
for (i = 0; i < icons.length; i++) {
if (icons[i].href.match(/action=scrap/)) {
icons[i].href = icons[i].href.replace(/=scrap/, '=scrap&unscrap=1');
icons[i].firstChild.firstChild.src =
icons[i].firstChild.firstChild.src.replace('scrap', 'unscrap');
break;
}
}
}
}
}
// onload
var oldOnload = window.onload;
window.onload = function(ev) {
try { oldOnload(); } catch(e) {};
get_scrap();
}
})();
/*]]>*/
</script>
JS;
#$formatter->register_javascripts('local/scrap.js');
$formatter->register_javascripts($js);
return '<i></i>';
// dummy
}
foreach ($pages as $p) {
if ($DBInfo->hasPage($p)) {
$out .= '<li>' . $formatter->link_tag(_urlencode($p), '', $p) . '</li>';
} else {
if (!empty($p)) {
$list = $formatter->macro_repl('PageList', $p, array('rawre' => 1));
if (empty($list)) {
$out .= substr($list, 4, -6);
}
}
}
}
if (!empty($out)) {
return '<ul>' . $out . '</ul>';
}
return '';
}
function macro_Scrap($formatter, $value = '', $options = array())
{
global $DBInfo;
$user =& $DBInfo->user;
# get cookie
if ($user->id == 'Anonymous') {
return '';
}
$userinfo = $DBInfo->udb->getUser($user->id);
$pages = array();
if (!empty($userinfo->info['scrapped_pages'])) {
$pages = explode("\t", $userinfo->info['scrapped_pages']);
}
if (!empty($options['page']) and !in_array($options['page'], $pages)) {
$pages[] = $options['page'];
}
$out = '';
if ($value == 'js') {
// get the scrapped pages dynamically
$script = get_scriptname() . $DBInfo->query_prefix;
$js = <<<JS
<script type="text/javascript">
/*<![CDATA[*/
(function() {
var script_name = "{$script}";
function get_scrap()
{
var scrap = document.getElementById('scrap');
if (scrap == null) {
// silently ignore
return;
}
// get the scrapped pages
var qp = '?'; // query_prefix
var loc = location.protocol + '//' + location.host;
if (location.port) loc+= ':' + location.port;
loc+= location.pathname + qp + 'action=scrap/ajax';
var ret = HTTPGet(loc);
if (ret) {
var list = JSON.parse(ret);
var html = '';
for (i = 0; i < list.length; i++) {
html+= '<li><a href="' + script_name + list[i] + '">' + list[i] + "</a></li>\\n";
}
scrap.innerHTML = "<ul>" + html + "</ul>";
}
}
// onload
var oldOnload = window.onload;
window.onload = function(ev) {
try { oldOnload(); } catch(e) {};
get_scrap();
}
})();
/*]]>*/
</script>
JS;
#$formatter->register_javascripts('local/scrap.js');
$formatter->register_javascripts($js);
return '<i></i>';
// dummy
}
foreach ($pages as $p) {
if ($DBInfo->hasPage($p)) {
$out .= '<li>' . $formatter->link_tag(_urlencode($p), '', $p) . '</li>';
} else {
if (!empty($p)) {
$list = $formatter->macro_repl('PageList', $p, array('rawre' => 1));
if (empty($list)) {
$out .= substr($list, 4, -6);
}
}
}
}
if (!empty($out)) {
return '<ul>' . $out . '</ul>';
}
return '';
}
function do_userform($formatter, $options)
{
global $DBInfo;
$user =& $DBInfo->user;
# get cookie
$id = !empty($options['login_id']) ? $options['login_id'] : '';
$use_any = 0;
if (!empty($DBInfo->use_textbrowsers)) {
if (is_string($DBInfo->use_textbrowsers)) {
$use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
} else {
$use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
}
}
$options['msg'] = '';
# e-mail conformation
if (!empty($options['ticket']) and $id and $id != 'Anonymous') {
$userdb =& $DBInfo->udb;
$suspended = false;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
} else {
if ($userdb->_exists($id, 1)) {
// suspended user
$suspended = true;
$user = $userdb->getUser($id, 1);
}
}
if ($user->id == $id) {
if ($user->info['eticket'] == $options['ticket']) {
list($dummy, $email) = explode('.', $options['ticket'], 2);
$user->info['email'] = $email;
$user->info['eticket'] = '';
if ($suspended) {
if (empty($DBInfo->register_confirm_admin)) {
$userdb->activateUser($id);
$userdb->saveUser($user);
} else {
$userdb->saveUser($user, array('suspended' => 1));
}
} else {
$userdb->saveUser($user);
}
$title = _("Successfully confirmed");
$options['msg'] = _("Your e-mail address is confirmed successfully");
if (!empty($DBInfo->register_confirm_admin)) {
$options['msg'] .= "<br />" . _("Your need to wait until your ID activated by admin");
}
} else {
if ($user->info['nticket'] == $options['ticket']) {
$title = _("Successfully confirmed");
$user->info['nticket'] = '';
$user->info['password'] = $user->info['npassword'];
$user->info['npassword'] = '';
$userdb->saveUser($user);
$options['msg'] = _("Your new password is confirmed successfully");
} else {
$title = _("Confirmation missmatched !");
$options['msg'] = _("Please try again to register your e-mail address");
}
}
} else {
if ($suspended) {
$title = _("Please wait until your ID is confirmed by admin!");
} else {
$title = _("ID does not exist !");
}
$options['msg'] = _("Please try again to register your e-mail address");
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
$formatter->send_footer("", $options);
return '';
}
$title = '';
if ($user->id == "Anonymous" and !empty($options['emailreset'])) {
setcookie('MONI_VERIFIED_EMAIL', '', time() - 3600, get_scriptname());
$options['msg'] .= '<br />' . _("Verification E-mail removed.");
$options['verifyemail'] = '';
$user->verified_email = '';
} else {
if ($user->id == "Anonymous" and !empty($options['login']) and !empty($options['verify_email'])) {
$email = base64_decode($options['login']);
$ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $email, 10));
if ($ticket == $options['verify_email']) {
$options['msg'] .= '<br />' . _("Your email address is successfully verified.");
$user->verified_email = $email;
setcookie('MONI_VERIFIED_EMAIL', $email, time() + 60 * 60 * 24 * 30, get_scriptname());
} else {
$options['msg'] .= '<br />' . _("Verification missmatched.");
}
} else {
if ($user->id == "Anonymous" and $options['verify'] == _("Verify E-mail address") and !empty($DBInfo->anonymous_friendly) and !empty($options['verifyemail'])) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['verifyemail'])) {
if (($ret = verify_email($options['verifyemail'])) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
} else {
if (!empty($DBInfo->verify_email)) {
if ($DBInfo->verify_email == 1) {
$options['msg'] .= '<br/>' . _("Your email address is successfully verified.");
setcookie('MONI_VERIFIED_EMAIL', $options['verifyemail'], time() + 60 * 60 * 24 * 30, get_scriptname());
} else {
$opts = array();
$opts['subject'] = "[{$DBInfo->sitename}] " . _("Verify Email address");
$opts['email'] = $options['verifyemail'];
$opts['id'] = 'nobody';
$ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $opts['email'], 10));
$enc = base64_encode($opts['email']);
$body = qualifiedUrl($formatter->link_url('UserPreferences', "?action=userform&login={$enc}&verify_email={$ticket}"));
$body = _("Please confirm your e-mail address") . "\n" . $body . "\n";
$ret = wiki_sendmail($body, $opts);
$options['msg'] .= '<br/>' . _("E-mail verification mail sent");
}
}
}
} else {
$options['msg'] .= '<br/>' . _("Your email address is not valid");
}
} else {
if ($user->id == "Anonymous" and !empty($options['login_id']) and isset($options['password']) and !isset($options['passwordagain'])) {
if (method_exists($user, 'login')) {
$user->login($formatter, $options);
$params = array();
$params['value'] = $options['page'];
do_goto($formatter, $params);
return;
}
# login
$userdb = $DBInfo->udb;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
$login_ok = 0;
if (!empty($DBInfo->use_safelogin)) {
if (isset($options['challenge']) and $options['_chall'] == $options['challenge']) {
#print '<pre>';
#print $options['password'].'<br />';
#print hmac($options['challenge'],$user->info['password']);
#print '</pre>';
if (hmac($options['challenge'], $user->info['password']) == $options['password']) {
$login_ok = 1;
}
} else {
# with no javascript browsers
$md5pw = md5($options['password']);
if ($md5pw == $user->info['password']) {
$login_ok = 1;
}
}
}
if ($login_ok or $user->checkPasswd($options['password']) === true) {
$options['msg'] = sprintf(_("Successfully login as '%s'"), $id);
$options['id'] = $user->id;
if ($user->id == 'Anonymous') {
// special case. login success but ID is not acceptable
$options['msg'] = _("Invalid user ID. Please register again");
} else {
$formatter->header($user->setCookie());
if (!isset($user->info['login_success'])) {
$user->info['login_success'] = 0;
}
if (!isset($user->info['login_fail'])) {
$user->info['login_fail'] = 0;
}
$user->info['login_success']++;
$user->info['last_login'] = gmdate("Y/m/d H:i:s", time());
$user->info['login_fail'] = 0;
// reset login
$user->info['remote'] = $_SERVER['REMOTE_ADDR'];
$userdb->saveUser($user);
$use_refresh = 1;
}
$DBInfo->user = $user;
} else {
$title = sprintf(_("Invalid password !"));
if (!isset($user->info['login_fail'])) {
$user->info['login_fail'] = 0;
}
$user->info['login_fail']++;
$user->info['remote'] = $_SERVER['REMOTE_ADDR'];
$userdb->saveUser($user);
$user->setID('Anonymous');
}
} else {
if (isset($options['login_id'][0])) {
if ($userdb->_exists($id, 1)) {
// suspended user
$title = sprintf(_("\"%s\" is waiting for activated by admin !"), $options['login_id']);
} else {
$title = sprintf(_("\"%s\" does not exist on this wiki !"), $options['login_id']);
}
$options['login_id'] = '';
} else {
$title = _("Make new ID on this wiki");
}
$form = macro_UserPreferences($formatter, '', $options);
}
} else {
if (!empty($options['logout'])) {
# logout
header($user->unsetCookie(), false);
if (session_name() != '') {
$path = get_scriptname();
// for moniwiki internal
header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $path, false);
// for some user plugins
$params = session_get_cookie_params();
header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $params['path'], false);
}
// call logout method
if (method_exists($user, 'logout')) {
$user->logout($formatter, $options);
} else {
$options['msg'] = _("Cookie deleted !");
}
$user->id = 'Anonymous';
$DBInfo->user = $user;
$use_refresh = 1;
} else {
if (!empty($DBInfo->use_sendmail) and $options['login'] == _("E-mail new password") and $user->id == "Anonymous" and !empty($options['email']) and !empty($options['login_id'])) {
# email new password
$title = '';
if (!$use_any and $DBInfo->use_ticket) {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$title = _("Invalid ticket !");
}
} else {
$title = _("You need a ticket !");
}
} else {
$ok_ticket = 1;
}
$userdb =& $DBInfo->udb;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
}
if ($ok_ticket and $user->id != "Anonymous") {
if ($options['email'] == $user->info['email'] and $user->info['eticket'] == '') {
#make new password
$mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
$mypass = substr($mypass, 0, 8);
$options['password'] = $mypass;
$old_passwd = $user->info['password'];
if ($DBInfo->use_safelogin) {
$ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
} else {
$ret = $user->setPasswd($mypass, $mypass);
}
$new_passwd = $user->info['password'];
$user->info['password'] = $old_passwd;
$user->info['npassword'] = $new_passwd;
#make ticket
$ticket = md5(time() . $user->id . $options['email']);
$user->info['nticket'] = $ticket . "." . $options['email'];
// save join agreement
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$user->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$user->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
$userdb->saveUser($user);
# XXX
$opts['subject'] = "[{$DBInfo->sitename}] " . _("New password confirmation");
$opts['email'] = $options['email'];
$opts['id'] = 'nobody';
$body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body = _("Please confirm your new password") . "\n" . $body . "\n";
$body .= sprintf(_("Your new password is %s"), $mypass) . "\n\n";
$body .= _("Please change your password later") . "\n";
$ret = wiki_sendmail($body, $opts);
if (is_array($ret)) {
$title = _("Fail to e-mail notification !");
$options['msg'] = $ret['msg'];
} else {
$title = _("New password is sent to your e-mail !");
$options['msg'] = _("Please check your e-mail");
}
} else {
if ($options['email'] != $user->info['email']) {
$title = _("Fail to e-mail notification !");
$options['msg'] = _("E-mail mismatch !");
} else {
$title = _("Invalid request");
$options['msg'] = _("Please confirm your e-mail address first !");
}
}
} else {
if (!$ok_ticket) {
$title = _("Invalid ticket !");
} else {
$title = _("ID and e-mail mismatch !");
}
$options['msg'] = _("Please try again or make a new profile");
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
$formatter->send_footer("", $options);
return;
} else {
if ($user->id == "Anonymous" and !empty($options['login_id']) and ($options['password'] and $options['passwordagain'] or $DBInfo->use_safelogin and $options['email'])) {
# create profile
$title = '';
if (!$use_any and !empty($DBInfo->use_ticket)) {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$title = _("Invalid ticket !");
}
} else {
$title = _("You need a ticket !");
}
} else {
$ok_ticket = 1;
}
$id = $user->getID($options['login_id']);
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $id)) {
if (($ret = verify_email($id)) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
} else {
$options['email'] = $id;
$user->setID($id);
}
} else {
if (!preg_match("/\\//", $id)) {
$user->setID($id);
}
}
// protect http:// style id
if (!empty($DBInfo->use_agreement) and empty($options['joinagreement'])) {
$title = _("Please check join agreement.");
} else {
if ($ok_ticket and $user->id != "Anonymous") {
if (!empty($DBInfo->use_safelogin)) {
$mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
$mypass = substr($mypass, 0, 8);
$options['password'] = $mypass;
$ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
} else {
$ret = $user->setPasswd($options['password'], $options['passwordagain']);
}
if (!empty($DBInfo->password_length) and strlen($options['password']) < $DBInfo->password_length) {
$ret = 0;
}
if ($ret <= 0) {
if ($ret == 0) {
$title = _("too short password!");
} else {
if ($ret == -1) {
$title = _("mismatch password!");
} else {
if ($ret == -2) {
$title = _("not acceptable character found in the password!");
}
}
}
} else {
if ($ret < 8 and empty($DBInfo->use_safelogin)) {
$options['msg'] = _("Your password is too simple to use as a password !");
}
$udb = $DBInfo->udb;
if ($options['email']) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
if (($ret = verify_email($options['email'])) < 0) {
$options['email'] = '';
// reset email address
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Can't verify E-mail address! Please check your email address.");
}
} else {
$options['msg'] .= '<br/>' . _("Your email address is not valid");
}
}
if ($udb->isNotUser($user)) {
if (!empty($DBInfo->no_register)) {
$options['msg'] = _("Fail to register");
$options['err'] = _("You are not allowed to register on this wiki");
$options['err'] .= "\n" . _("Please contact WikiMasters");
do_invalid($formatter, $options);
return;
}
$title = sprintf(_("Successfully added as '%s'"), _html_escape($user->id));
$options['id'] = $user->id;
$ticket = md5(time() . $user->id . $options['email']);
$user->info['eticket'] = $ticket . "." . $options['email'];
if (!empty($DBInfo->use_safelogin)) {
$options['msg'] = sprintf(_("Successfully added as '%s'"), $user->id);
$options['msg'] .= '<br />' . _("Please check your mailbox");
}
$args = array();
if ($options['email'] == $id or !empty($DBInfo->register_confirm_email)) {
$args = array('suspended' => 1);
}
if (!empty($DBInfo->register_confirm_admin)) {
$args = array('suspended' => 1);
}
if (!empty($DBInfo->register_confirm_admin)) {
if (!empty($options['msg'])) {
$options['msg'] .= '<br />';
}
$options['msg'] .= _("Your need to wait until your ID activated by admin");
}
// save join agreement
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$user->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$user->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
if (empty($DBInfo->use_safelogin) && empty($args['suspended'])) {
$formatter->header($user->setCookie());
}
$ret = $udb->addUser($user, $args);
# XXX
if (!empty($options['email']) and preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
$options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
$body = '';
if (!empty($DBInfo->email_register_header) and file_exists($DBInfo->email_register_header)) {
$body = file_get_contents($DBInfo->email_register_header);
$body = str_replace(array('@sitename@'), array($DBInfo->sitename), $body);
}
$body .= _("Please confirm your email address") . "\n\n";
$body .= qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body .= "\n";
if (!empty($DBInfo->use_safelogin)) {
$body .= "\n" . sprintf(_("Your initial password is %s"), $mypass) . "\n\n";
$body .= _("Please change your password later") . "\n";
}
$ret = wiki_sendmail($body, $options);
if (is_array($ret)) {
$options['msg'] .= $ret['msg'];
} else {
$options['msg'] .= '<br/>' . _("Confirmation E-mail sent");
}
}
} else {
# already exist user
$user = $udb->getUser($user->id);
if ($user->checkPasswd($options['password']) === true) {
$options['msg'] .= sprintf(_("Successfully login as '%s'"), $id);
$options['id'] = $user->id;
$formatter->header($user->setCookie());
$udb->saveUser($user);
# XXX
} else {
$title = _("Invalid password !");
}
}
}
} else {
if (empty($title)) {
$title = _("Invalid username !");
}
}
}
} else {
if ($user->id != "Anonymous") {
# save profile
$udb =& $DBInfo->udb;
$userinfo = $udb->getUser($user->id);
if (!empty($options['password']) and !empty($options['passwordagain'])) {
$chall = 0;
if (!empty($DBInfo->use_safelogin)) {
if (isset($options['_chall'])) {
$chall = $options['challenge'];
} else {
$chall = rand(100000);
$options['password'] = hmac($chall, $options['password']);
}
}
//echo 'chall=',$chall,' ',$options['password'];
if ($userinfo->checkPasswd($options['password'], $chall) === true) {
if ($DBInfo->use_safelogin) {
$mypass = md5($options['passwordagain']);
// XXX
$ret = $userinfo->setPasswd($mypass, $mypass, 1);
} else {
$ret = $userinfo->setPasswd($options['passwordagain']);
}
if ($ret <= 0) {
if ($ret == 0) {
$title = _("too short password!");
} else {
if ($ret == -1) {
$title = _("mismatch password !");
} else {
if ($ret == -2) {
$title = _("not acceptable character found in the password!");
}
}
}
$options['msg'] = _("Password is not changed !");
} else {
$title = _("Password is changed !");
if ($ret < 8) {
$options['msg'] = _("Password is too simple to use as a password !");
}
}
} else {
$title = _("Invalid password !");
$options['msg'] = _("Password is not changed !");
}
}
if (isset($options['user_css'])) {
$userinfo->info['css_url'] = $options['user_css'];
}
if (isset($options['timezone'])) {
list($hour, $min) = explode(':', $options['timezone']);
$min = $min * 60;
$min = $hour < 0 ? -1 * $min : $min;
$tz_offset = $hour * 3600 + $min;
$userinfo->info['tz_offset'] = $tz_offset;
}
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$userinfo->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$userinfo->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
$button_check_email_again = !empty($options['button_check_email_again']) ? 1 : 0;
if ($button_check_email_again and !empty($userinfo->info['eticket'])) {
list($dummy, $email) = explode('.', $userinfo->info['eticket'], 2);
if (!empty($email)) {
$options['email'] = $email;
}
}
if (!empty($options['email']) and $options['email'] != $userinfo->info['email']) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
if (($ret = verify_email($options['email'])) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br />' . _("Invalid email address or can't verify it.");
} else {
$ticket = md5(time() . $userinfo->info['id'] . $options['email']);
$userinfo->info['eticket'] = $ticket . "." . $options['email'];
$options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
$body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body = _("Please confirm your email address") . "\n" . $body;
$ret = wiki_sendmail($body, $options);
if (is_array($ret)) {
$options['msg'] = $ret['msg'];
} else {
$options['msg'] = _("E-mail confirmation mail sent");
}
}
} else {
$options['msg'] = _("Your email address is not valid");
}
}
if (!empty($userinfo->info['idtype']) and $userinfo->info['idtype'] == 'openid' and isset($options['nick']) and $options['nick'] != $userinfo->info['nick']) {
$nick = $userinfo->getID($options['nick']);
// nickname check XXX
if (!$udb->_exists($nick)) {
$userinfo->info['nick'] = $nick;
} else {
$options['msg'] = _("Your Nickname already used as ID in this wiki");
}
}
$udb->saveUser($userinfo);
#$options['css_url']=$options['user_css'];
if (!isset($options['msg'])) {
$options['msg'] = _("Profiles are saved successfully !");
}
} else {
if ($user->id == "Anonymous" and isset($options['openid_url'])) {
# login with openid
include_once 'lib/openid.php';
session_start();
$process_url = qualifiedUrl($formatter->link_url("UserPreferences", "?action=userform"));
$trust_root = qualifiedUrl($formatter->link_url(""));
$openid = new SimpleOpenID();
$openid->SetIdentity($options['openid_url']);
$openid->SetTrustRoot($trust_root);
$openid->SetRequiredFields(array('nickname', 'email', 'fullname'));
$openid->SetOptionalFields(array('language', 'timezone'));
if ($openid->GetOpenIDServer()) {
$openid->SetApprovedURL($process_url);
// Send Response from OpenID server to this script
$openid->Redirect();
// This will redirect user to OpenID Server
return;
} else {
$error = $openid->GetError();
#echo "ERROR CODE: " . $error['code'] . "<br>";
#echo "ERROR DESCRIPTION: " . $error['description'] . "<br>";
$options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
}
} else {
if (!empty($options['openid_mode']) and $options['openid_mode'] == 'id_res') {
// OpenID result
include_once 'lib/openid.php';
if (!preg_match('/utf-?8/i', $DBInfo->charset)) {
$options['openid_sreg_nickname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_nickname']);
$options['openid_sreg_fullname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_fullname']);
}
$openid = new SimpleOpenID();
$openid->SetIdentity($options['openid_identity']);
$openid_validation_result = $openid->ValidateWithServer();
if ($openid_validation_result == true) {
// OK HERE KEY IS VALID
$userdb =& $DBInfo->udb;
// XXX
$user->setID($options['openid_identity']);
// XXX
if (!empty($options['openid_language'])) {
$user->info['language'] = strtolower($options['openid_sreg_language']);
}
//$user->info['tz_offset']=$options['openid_timezone'];
if ($userdb->_exists($options['openid_identity'])) {
$user = $userdb->getUser($options['openid_identity']);
$user->info['idtype'] = 'openid';
$options['msg'] .= sprintf(_("Successfully login as '%s' via OpenID."), $options['openid_identity']);
$formatter->header($user->setCookie());
$userdb->saveUser($user);
// always save
} else {
if (!empty($DBInfo->no_register) and $DBInfo->no_register == 1) {
$options['msg'] = _("Fail to register");
$options['err'] = _("You are not allowed to register on this wiki");
$options['err'] .= "\n" . _("Please contact WikiMasters");
do_invalid($formatter, $options);
return;
}
if ($options['openid_sreg_nickname']) {
$nick = $user->getID($options['openid_sreg_nickname']);
if (!$userdb->_exists($nick)) {
$user->info['nick'] = $nick;
} else {
$options['msg'] = sprintf(_("Your Nickname %s already used as ID in this Wiki."), $nick);
}
}
$user->info['email'] = $options['openid_sreg_email'];
$user->info['idtype'] = 'openid';
$userdb->addUser($user);
$formatter->header($user->setCookie());
$userdb->saveUser($user);
$options["msg"] .= sprintf(_("OpenID Authentication successful and saved as %s."), $options['openid_identity']);
}
$options['id'] = $user->id;
} else {
if ($openid->IsError() == true) {
// ON THE WAY, WE GOT SOME ERROR
$error = $openid->GetError();
$options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
} else {
// Signature Verification Failed
$options["msg"] = _("Invalid OpenID Authentication request");
echo "INVALID AUTHORIZATION";
}
}
} else {
if (!empty($DBInfo->use_agreement) and $options['login'] == _("Make profile")) {
$options['agreement'] = 1;
$form = macro_UserPreferences($formatter, '', $options);
} else {
$options["msg"] = _("Invalid request");
}
}
}
}
}
}
}
}
}
}
}
$myrefresh = '';
if (!empty($DBInfo->use_refresh) and !empty($use_refresh)) {
$sec = $DBInfo->use_refresh - 1;
if (!empty($options['return_url'])) {
$lnk = $options['return_url'];
} else {
$lnk = $formatter->link_url($formatter->page->urlname, '?action=show');
}
$myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
}
$formatter->send_header($myrefresh, $options);
$formatter->send_title($title, "", $options);
if (!$title && (empty($DBInfo->control_read) or $DBInfo->security->is_allowed('read', $options))) {
$lnk = $formatter->link_to('?action=show');
if (empty($form)) {
echo sprintf(_("return to %s"), $lnk);
} else {
echo $form;
}
} else {
if (!empty($form)) {
print $form;
}
# else $formatter->send_page("Goto UserPreferences");
}
$formatter->send_footer("", $options);
}
function set_trailer($trailer = "", $pagename, $size = 5)
{
global $DBInfo;
if (empty($trailer)) {
$trail = $DBInfo->frontpage;
} else {
$trail = $trailer;
}
if (is_numeric($DBInfo->trail) and $DBInfo->trail > 5) {
$size = $DBInfo->trail;
}
if (empty($DBInfo->jstrail)) {
$trails = array_diff(explode("\t", trim($trail)), array($pagename));
$sister_save = $this->sister_on;
$this->sister_on = 0;
$this->trail = "";
$this->forcelink = 1;
foreach ($trails as $page) {
$this->trail .= $this->word_repl('"' . $page . '"', '', '', 1, 0) . '<span class="separator">' . $DBInfo->arrow . '</span>';
}
$this->forcelink = 0;
$this->trail .= ' ' . _html_escape($pagename);
$this->pagelinks = array();
# reset pagelinks
$this->sister_on = $sister_save;
if (!in_array($pagename, $trails)) {
$trails[] = $pagename;
}
$idx = count($trails) - $size;
if ($idx > 0) {
$trails = array_slice($trails, $idx);
}
$trail = implode("\t", $trails);
setcookie('MONI_TRAIL', $trail, time() + 60 * 60 * 24 * 30, get_scriptname());
} else {
$pagename = _html_escape($pagename);
$url = get_scriptname();
$this->trail = <<<EOF
<script type='text/javascript'>
(function() {
var url_prefix = "{$url}";
var query_prefix = "{$DBInfo->query_prefix}";
var trail_size = {$size};
// get trails from cookie
var cookieName = "MONI_TRAIL=";
var pos = document.cookie.indexOf(cookieName);
var trails = [];
if (pos != -1) {
var end = document.cookie.indexOf(";", pos + cookieName.length);
if (end == -1) end = document.cookie.length;
trails = unescape(document.cookie.substring(pos + cookieName.length, end)).split("\\t");
} else {
trails[0] = encodeURIComponent("{$DBInfo->frontpage}");
}
var span = document.createElement("span");
// render trails
var str = [];
var ntrails = [];
var trail = document.createElement("span");
var idx = trails.length - trail_size;
if (idx > 0) trails = trails.splice(idx, trail_size);
for (var i = 0, j = 0; i < trails.length; i++) {
var url = escape(trails[i]).replace(/\\+/g, "%20");
var txt = decodeURIComponent(escape(trails[i])).replace(/\\+/g, " ");
if (txt == "{$pagename}") continue;
str[j] = "<a href='" + url_prefix + query_prefix + url + "'>" + txt + "</a>";
ntrails[j] = escape(trails[i]);
j++;
}
str[j] = "{$pagename}";
ntrails[j] = encodeURIComponent("{$pagename}");
document.write(str.join("<span class='separator'>{$DBInfo->arrow}</span>"));
// set the trailer again
var exp = new Date(); // 30-days expires
exp.setTime(exp.getTime() + 30*24*60*60*1000);
var cookie = cookieName + ntrails.join("\\t") +
"; expires=" + exp.toGMTString() +
"; path={$url}";
document.cookie = cookie;
})();
</script>
EOF;
}
$this->_vars['trail'] =& $this->trail;
}
function do_css($formatter, $options)
{
global $DBInfo;
global $HTTP_COOKIE_VARS;
$title = '';
if ($options['clear']) {
if ($options['id'] == 'Anonymous') {
header("Set-Cookie: MONI_CSS=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=" . get_scriptname());
$options['css_url'] = "";
} else {
# save profile
$udb =& $DBInfo->udb;
$userinfo = $udb->getUser($options['id']);
$userinfo->info['css_url'] = "";
$udb->saveUser($userinfo);
}
if (!empty($options['theme'])) {
$theme = $options['theme'];
$options['css_url'] = (!empty($DBInfo->themeurl) ? $DBInfo->themeurl : $DBInfo->url_prefix) . "/theme/{$theme}/css/default.css";
}
} else {
if ($options['save'] && $options['id'] == "Anonymous" && isset($options['user_css'])) {
setcookie("MONI_CSS", $options['user_css'], time() + 60 * 60 * 24 * 30, get_scriptname());
# set the fake cookie
#$HTTP_COOKIE_VARS['MONI_CSS']=$options['user_css'];
$title = "CSS Changed";
$options['css_url'] = $options['user_css'];
$msg = _("Back to UserPreferences");
} else {
if ($options['save'] && $options[id] != "Anonymous" && isset($options['user_css'])) {
# save profile
$udb =& $DBInfo->udb;
$userinfo = $udb->getUser($options['id']);
$userinfo->info['css_url'] = $options['user_css'];
$udb->saveUser($userinfo);
$options['css_url'] = $options['user_css'];
$msg = _("Back to UserPreferences");
} else {
$title = "";
$options['css_url'] = $options['user_css'];
$want = _("Do you want to apply selected CSS ?");
$btn = _("OK");
$css_url = _html_escape($options['css_url']);
$msg = <<<FORM
<form method='post'>
<input type='hidden' name='action' value='css' />
<input type='hidden' name='user_css' value="{$css_url}" />
{$want} <span class='button'><input type='submit' class='button' name='save' value='{$btn}' /></span>
</form>
FORM;
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
print $msg;
$formatter->send_footer("", $options);
return;
}
}
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
$formatter->send_page(_("Back to UserPreferences"));
$formatter->send_footer("", $options);
}
function do_theme($formatter, $options = array())
{
global $DBInfo;
if (!empty($DBInfo->theme_css)) {
$options['title'] = _("Theme disabled !");
$options['msg'] = _("Please contact WikiMasters");
do_invalid($formatter, $options);
return _("Theme disabled !");
}
$theme = '';
if (preg_match('/^[a-zA-Z0-9_-]+$/', $options['value'])) {
$theme = $options['value'];
} else {
if (preg_match('/^[a-zA-Z0-9_-]+$/', $options['theme'])) {
$theme = $options['theme'];
}
}
$themes = macro_Theme($formatter, '', array('call' => 1));
if (!in_array($theme, $themes)) {
$title = _("Invalid Theme");
$theme = null;
} else {
if ($options['id'] == 'Anonymous') {
if ($theme == $_COOKIE['MONI_THEME']) {
$theme = null;
}
} else {
if ($theme == $DBInfo->user->info['theme']) {
$theme = null;
} else {
if (empty($DBInfo->user->info['theme']) && $theme == $DBInfo->theme) {
$theme = null;
}
}
}
}
if ($options['clear']) {
if ($options['id'] == 'Anonymous') {
#header("Set-Cookie: MONI_THEME=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=".get_scriptname());
#header("Set-Cookie: MONI_CSS=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=".get_scriptname());
setcookie('MONI_THEME', 'dummy', time() - 60 * 60 * 24 * 30, get_scriptname());
setcookie('MONI_CSS', 'dummy', time() - 60 * 60 * 24 * 30, get_scriptname());
$cleared = 1;
//$options['css_url']='';
//$options['theme']='';
} else {
# save profile
$udb = $DBInfo->udb;
$userinfo = $udb->getUser($options['id']);
$userinfo->info['theme'] = "";
$userinfo->info['css_url'] = "";
$udb->saveUser($userinfo);
}
$msg = '<h2>' . _("Theme cleared.") . ' ' . sprintf(_("Goto %s"), $formatter->link_repl("UserPreferences")) . '</h2>';
} else {
if (!empty($theme)) {
$themedir = $formatter->themedir;
if (file_exists($themedir . "/header.php")) {
# check
$options['css_url'] = $formatter->themeurl . "/css/default.css";
if ($options['save'] and $options['id'] == 'Anonymous') {
setcookie("MONI_THEME", $theme, time() + 60 * 60 * 24 * 30, get_scriptname());
setcookie("MONI_CSS", $options['css_url'], time() + 60 * 60 * 24 * 30, get_scriptname());
$title = _("Theme is changed");
$msg = "Goto " . $formatter->link_repl("UserPreferences");
} else {
if ($options['save'] and $options['id'] != 'Anonymous') {
# save profile
$udb = $DBInfo->udb;
$userinfo = $udb->getUser($options['id']);
$userinfo->info['theme'] = $theme;
$userinfo->info['css_url'] = $options['css_url'];
$udb->saveUser($userinfo);
$msg = "Goto " . $formatter->link_repl("UserPreferences");
} else {
$title = "";
$want = _("Do you want to apply this theme ?");
$btn = _("OK");
$msg = <<<FORM
<form method='post'>
<input type='hidden' name='action' value='theme' />
<input type='hidden' name='theme' value="{$theme}" />
{$want} <input type='submit' name='save' value='{$btn}' />
</form>
FORM;
}
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
print $msg;
$formatter->send_footer("", $options);
return;
}
} else {
$title = _("Please select a theme");
}
}
$formatter->send_header("", $options);
$formatter->send_title($title, '', $options);
if (empty($msg)) {
echo macro_Theme($formatter);
} else {
echo $msg;
}
$formatter->send_footer("", $options);
return;
}
function do_theme($formatter, $options)
{
global $DBInfo;
if ($options['clear']) {
if ($options['id'] == 'Anonymous') {
#header("Set-Cookie: MONI_THEME=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=".get_scriptname());
#header("Set-Cookie: MONI_CSS=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=".get_scriptname());
setcookie('MONI_THEME', 'dummy', time() - 60 * 60 * 24 * 30, get_scriptname());
setcookie('MONI_CSS', 'dummy', time() - 60 * 60 * 24 * 30, get_scriptname());
$cleared = 1;
//$options['css_url']='';
//$options['theme']='';
} else {
# save profile
$udb = $DBInfo->udb;
$userinfo = $udb->getUser($options['id']);
$userinfo->info['theme'] = "";
$userinfo->info['css_url'] = "";
$udb->saveUser($userinfo);
}
$msg = "== " . _("Theme cleared. Goto UserPreferences.") . " ==";
} else {
if ($options['theme']) {
$themedir = $formatter->themedir;
if (file_exists($themedir . "/header.php")) {
# check
$options['css_url'] = $formatter->themeurl . "/css/default.css";
if ($options['save'] and $options['id'] == 'Anonymous') {
setcookie("MONI_THEME", $options['theme'], time() + 60 * 60 * 24 * 30, get_scriptname());
setcookie("MONI_CSS", $options['css_url'], time() + 60 * 60 * 24 * 30, get_scriptname());
$title = _("Theme is changed");
$msg = "Goto " . $formatter->link_repl("UserPreferences");
} else {
if ($options['save'] and $options['id'] != 'Anonymous') {
# save profile
$udb = $DBInfo->udb;
$userinfo = $udb->getUser($options['id']);
$userinfo->info['theme'] = $options['theme'];
$userinfo->info['css_url'] = $options['css_url'];
$udb->saveUser($userinfo);
$msg = "Goto " . $formatter->link_repl("UserPreferences");
} else {
$title = "";
$want = _("Do you want to apply this theme ?");
$btn = _("OK");
$msg = <<<FORM
<form method='post'>
<input type='hidden' name='action' value='theme' />
<input type='hidden' name='theme' value='{$options['theme']}' />
{$want} <input type='submit' name='save' value='{$btn}' />
</form>
FORM;
}
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
print $msg;
$formatter->send_footer("", $options);
return;
}
} else {
$msg = "== " . _("Please select a theme properly.") . " ==";
}
}
$formatter->send_header("", $options);
$formatter->send_title("", "", $options);
$formatter->send_page($msg);
$formatter->send_footer("", $options);
return;
}
