function plan_test_privacy($reader, $planwriter, $remotesnitch = FALSE)
{
$valid = FALSE;
// if the reader is blocked, give up now
if (!user_is_blocked($planwriter, $reader)) {
$whitelist = file_get_contents("{$_SERVER['FILE_ROOT']}/resources/whitelist.txt");
if (!strstr($reader, '@planworld.net') || user_is_authorized($planwriter, $reader) || strstr($whitelist, $reader)) {
$_SERVER['whitelist_passed'] = TRUE;
} else {
$_SERVER['whitelist_passed'] = FALSE;
}
// if the writer is registered only, there are a few considerations:
// 1. the reader is registered here
// 2. OR the reader is registered elsewhere in planworld
// 3. if the reader is offsite, they must have snitch on
// 4. if the reader is from planworld.net, they must be on the whitelist
// 5. if the reader is registered here, they must have confirmed their email address
// 6. EXCEPT the writer can personally allow any reader, regardless of snitch status
if (plan_is_registered_only($planwriter) && $reader != 'guest' && $reader != 'rss reader' && trim($reader) && !plan_is_private($planwriter) && !file_exists("{$_SERVER['PWUSERS_DIR']}/{$reader}/unconfirmed") && ($_SERVER['USERINFO_ARRAY']['snitchlevel'] >= 1 || user_is_authorized($planwriter, $reader) || $reader == 'cacheuser') && $_SERVER['whitelist_passed'] && !(strstr(strtolower($reader), 'anonymous') && $_SERVER['PLANOWNER_INFO_ARRAY']['snitchlevel'] > 2)) {
$valid = 1;
}
// if the plan is public or advertised, we're clear
if (!plan_is_registered_only($planwriter) && !plan_is_private($planwriter)) {
$valid = 1;
}
// if plan is private, only personally allowed users may read
if (plan_is_private($planwriter) && user_is_authorized($planwriter, $reader)) {
$valid = 1;
}
}
// provides limited secret feeds for private plans. user must enable.
if ($_SERVER['OUTPUT_MODE'] == "ATOM_PRIVATE") {
$valid = 1;
}
// if the writer isn't local, we let the other end handle privacy
if (!file_exists("{$_SERVER['PWUSERS_DIR']}/{$planwriter}")) {
$valid = TRUE;
}
return $valid;
}
function output_html($title, $content)
{
require_once "formatting_html.php";
// SKIN AND FONTS
//------------------------------------------------------------------------------
if ($hatespictures) {
$extracss = 'img { display: none; } #header img { display: inline; }';
}
// WATCHED LIST
//------------------------------------------------------------------------------
if (!browser_is_modern()) {
$testwatchlist = $planwatchlist = format_watched_list_html();
} else {
$planwatchlist = " ";
if ($_SERVER['USER_ROOT'] && file_exists("{$_SERVER['USER_ROOT']}/watchedlist.txt")) {
$testwatchlist = file_get_contents("{$_SERVER['USER_ROOT']}/watchedlist.txt");
}
}
// HTML <HEAD> TAGS
// AND TOP LINKS & MENUS
//------------------------------------------------------------------------------
$_SERVER['STOPWATCH']['meta_begin'] = array_sum(explode(' ', microtime()));
$title = strip_tags($title);
$extracss = "<style type='text/css'>{$_SERVER['PLANOWNER_INFO']['css']}</style>";
$thisurl = "http://{$_SERVER['HTTP_HOST']}{$web_root}{$_SERVER['REQUEST_URI']}";
// if we're writing or reading our own plan, load the editing javascript
if (strstr($_SERVER[REQUEST_URI], 'write') || $_SERVER['USER'] == $_SERVER['PLANOWNER']) {
$extrajs .= "\n<script type='text/javascript' src='/resources/javascript/setplan.js'></script>\n";
}
// if we're writing, set up draft autosaves
if (strstr($_SERVER[REQUEST_URI], 'write')) {
$extrajs .= "<script type='text/javascript'>setTimeout(\"saveDraft({$_SERVER['PLAN_DRAFT_TIME']});\",61131);</script>";
}
// if we're reading something besides an rss feed, set charset
// to UTF-8. in the html5 template, everything's always set to UTF-8
// and it doesn't seem to break anything. we can probably safely
// remove this once we switch.
if ($_SERVER['URL_ARRAY'][1] == 'read' && strstr($urlarray[2], 'http')) {
$encoding = "<meta http-equiv='Content-type' content='text/html; charset=UTF-8' />";
}
// not that anyone will pay attention, but go ahead and put a copyright
// notice in.
if ($_SERVER['PLANOWNER']) {
$copyright = "<meta http-equiv='copyright' content='This plan is copyright " . date("Y") . " {$_SERVER['PLANOWNER_DISPLAY_NAME']}, all rights reserved.' />";
}
// if we're looking at a nonprivate local plan, provide an rss feed
if ($_SERVER['PLANOWNER'] && !plan_is_private($_SERVER['PLANOWNER']) && !plan_is_registered_only($_SERVER['PLANOWNER']) && plan_is_local($_SERVER['PLANOWNER'])) {
$alternate .= "<link rel='alternate' type='application/rss+xml' title=\"{$_SERVER['PLANOWNER_DISPLAY_NAME']}'s RSS Feed\" href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}/rss' />\n";
$alternate .= "<link rel='alternate' type='application/atom+xml' title=\"{$_SERVER['PLANOWNER_DISPLAY_NAME']}'s Atom Feed\" href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}/atom' />\n";
}
// provide a link to the watched list feed
if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
$alternate .= "\n<link rel='alternate' type='application/rss+xml' title='Watched Plans' href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/watched/watched.rss' />\n";
}
// use a different icon for plan pages
if ($_SERVER['PLANOWNER']) {
$subimage = "_plan";
}
profile('meta');
profile('menus');
// ____ LOGO AND SITE NAME _______
if (strlen($GLOBALS['pwlogo']) > 1) {
if (!strpos($GLOBALS['pwlogo'], 'ttp://')) {
$logosize = @getimagesize("{$_SERVER['FILE_ROOT']}/{$GLOBALS['pwlogo']}");
$logoroot = $_SERVER['WEB_ROOT'];
} else {
$logosize = getimagesize("{$GLOBALS['pwlogo']}");
$logoroot = '';
}
$logostring = "<img src='{$logoroot}{$GLOBALS['pwlogo']}' border='0' {$logosize['3']} align='absmiddle' />";
}
$sitename = "<a href='{$_SERVER['WEB_ROOT']}/' id='sitename'>{$logostring} {$GLOBALS['sitename']}</a>";
$titlesitename = trim(strip_tags($GLOBALS['sitename']));
if (!$titlesitename) {
$titlesitename = 'planwatch';
}
// populates the nav buttons along the top of the page, along
// with their menus.
// TODO: maybe give offsite users a 'write' button tuned to their plan home?
if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
$toplinks = buttons_populate($content);
}
profile('menus');
// load GA if the user allows it
if ($_SERVER['USERINFO_ARRAY']['allow_analytics']) {
$analytics = "<script type=\"text/javascript\">\nvar gaJsHost = ((\"https:\" == document.location.protocol) ? \"https://ssl.\" : \"http://www.\");\ndocument.write(unescape(\"%3Cscript src='\" + gaJsHost + \"google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E\"));\n</script>\n<script type=\"text/javascript\">\ntry {\nvar pageTracker = _gat._getTracker(\"UA-12269975-1\");\npageTracker._trackPageview();\n} catch(err) {}</script>";
}
// LOGIN FORM
//------------------------------------------------------------------------------
// If the reader isn't logged in, present a login form.
if (!user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
$toplinks = "\n\n\t<form action='{$_SERVER['WEB_ROOT']}/scripts/form_shim.php' method='post' name='loginForm'>\n\t\tuser <input id='login_username' type='text' name='user' size='10'/>\n\t\tpass <input id='login_userpass' type='password' name='pass' size='6'/>\n\t\t<input type='checkbox' name='remember' id='remember' value='1'/>\n\t\t<label for='remember'>remember me</label>\n\t\t<input type='hidden' name='action' value='login'/>\n\t\t<input type='submit' name='action' value='login' onclick='document.forms.loginForm.submit();' />\n\t\t<input type='hidden' name='prevpage' value='" . str_replace('/', '!!', $thisurl) . "'/>\n\t</form>\n";
}
// READER TOOLBAR
//------------------------------------------------------------------------------
// If the reader is logged in, and reading a plan, build the reader toolbar.
if ($_SERVER['URL_ARRAY'][1] == 'send') {
$_SERVER['PLANOWNER'] = $_SERVER['URL_ARRAY'][2];
plan_get_owner_info($_SERVER['PLANOWNER']);
}
if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass']) && $_SERVER['PLANOWNER'] && !strstr($content, '<h1>Plan Read Failed</h1>')) {
profile('reader_toolbar', 'begin');
$readertoolbar = output_build_reader_toolbar($content);
profile('reader_toolbar', 'end');
}
// MESSAGEBAR
//------------------------------------------------------------------------------
if ($_SERVER['USERINFO_ARRAY']['username']) {
if (!strpos($_SERVER['USERINFO_ARRAY']['real_name'], ' ')) {
$message .= "<img src='{$GLOBALS['toolsicon']}'> <a href='{$_SERVER['WEB_ROOT']}/prefs/userinfo'>Click here to enter a valid (full) real name and make this annoying box go away.</a><br/>\n";
}
if (file_exists("{$_SERVER['FILE_ROOT']}/temp/system_message.txt")) {
$message .= file_get_contents("{$_SERVER['FILE_ROOT']}/temp/system_message.txt") . "<br/>\n";
}
}
// SLOGAN
//------------------------------------------------------------------------------
// If the user allows slogans to be presented, go ahead and pick one.
// (randomly, weighted by the popularity of the slogan)
profile('slogans', 'begin');
if (!$_SERVER['USERINFO_ARRAY']['no_slogans']) {
include_once 'slogan_functions.php';
$slogan_a = slogans_get_one();
$slogan = "<span class='slogan' title='slogan #{$slogan_a['1']}, submitted by {$slogan_a['2']}, rated {$slogan_a['3']}' id='slogan_text'>{$slogan_a['0']}</span>";
// only logged-in users can vote on slogans
if ($_SERVER['USERINFO_ARRAY']['username']) {
$slogan .= "<span class='slogan' id='slogan_rating'>\n\t\t\t<a href=\"javascript:slogans_modify_one_rating('{$slogan_a['1']}','1');\" class='edit_links' title='mod this slogan up to " . ($slogan_a[3] + 1) . "'>+</a>\n\t\t\t<a href=\"javascript:slogans_modify_one_rating('{$slogan_a['1']}','-1');\" class='edit_links' title='mod this slogan down to " . ($slogan_a[3] - 1) . "'>-</a>\n\n\t\t\t</span>";
}
// only admins and slogan owners can edit slogans
if ($_SERVER['USER'] == $slogan_a[2] || user_is_administrator()) {
$slogan_js_edit = str_replace(array('"', "'"), array('~', '`'), $slogan_a[0]);
$slogan .= " [ <a class='edit_links' href=\"javascript:slogans_edit_one('{$slogan_a['1']}');\" title=\"edit this slogan. it is yours, after all.\">edit</a> ]";
}
}
$_SERVER['STOPWATCH']['slogans_end'] = array_sum(explode(' ', microtime()));
// TEMPLATES AND HEADERS
//------------------------------------------------------------------------------
// header to make sure the pages aren't cached very long.
// we send this right before the page load so it doesn't get in the way of other stuff.
@Header("Expires: 240");
// READ IN AND POPULATE THE TEMPLATE
// everyone but modern browser users gets the lynx template starting with this version.
if (browser_is_modern()) {
// load the HTML5 template if the user prefers
// everyone will eventually get this automatically
// once it's better tested
if ($_SERVER['USERINFO_ARRAY']['html5_template'] == 1) {
$page = str_replace('"', '\\"', file_get_contents("{$_SERVER['FILE_ROOT']}/resources/templates/template.default.html"));
$doctype = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
} else {
$page = str_replace('"', '\\"', file_get_contents("{$_SERVER['FILE_ROOT']}/resources/templates/template.html5.html"));
$doctype = "<!doctype html>\n";
}
//TODO: find a better solution than eval() for page output
eval("\$page=\"{$page}\";");
$page = $doctype . $page;
} else {
$page = str_replace('"', '\\"', file_get_contents("{$_SERVER['FILE_ROOT']}/resources/templates/template.textmode.html"));
eval("\$page=\"{$page}\";");
$page = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">" . $page;
}
// planwatch_fixlinks adds session id to links that need it
$page = planwatch_fixlinks($page);
// close out the stopwatch
profile('output', 'end');
profile('pageload', 'end');
if (strstr($page, 'TIME-->')) {
$timestring = profile_display();
$page = str_replace('<!--LOADTIME-->', $timestring, $page);
$page = str_replace('<!--TIME-->', round_sigdig($_SERVER['STOPWATCH']['pageload_end'] - $_SERVER['STOPWATCH']['pageload_begin'], 2), $page);
}
// display the "errors" panel
if ($_SERVER['ERRORS'] && $_SERVER['USER']) {
$errortime = time();
$page = str_replace('<!--ERRORS-->', "<a id='error_link' href=\"javascript:document.getElementById('error_report').style.display='block';void(null);\">Errors (click me to report)</a> <div id='error_report'>Errors <a href='/report/{$errortime}'>report to josh</a> <a href=\"javascript:document.getElementById('error_report').style.display='none';void(null);\">hide</a><br/>{$_SERVER['ERRORS']}</div>", $page);
file_put_contents("{$_SERVER['DOCUMENT_ROOT']}/temp/{$errortime}.error", "<h2>Error Messages:</h2>{$_SERVER['ERRORS']}<hr/><h2>Error Details:</h2>{$_SERVER['ERROR_DETAILS']}<hr/><h2>Debug Info</h2>{$_SERVER['DEBUG_INFO']}");
}
// display the "debug" panel for administrators
if ($_SERVER['DEBUG_INFO'] && user_is_administrator()) {
$page = str_replace('<!--DEBUG-->', "<a id='debug_link' href=\"javascript:document.getElementById('debug_report').style.display='block';void(null);\">debug</a> <div id='debug_report'>Debug Info <a href=\"javascript:document.getElementById('debug_report').style.display='none';void(null);\">hide</a><br/>{$_SERVER['DEBUG_INFO']}</div>", $page);
}
return $page;
}
function plan_filter_linked_users($matches)
{
// if($_SERVER['USER']=='jwdavidson') print_r($matches);
list($planwriter, $remoteaddition) = explode("@", $_SERVER['PLANOWNER']);
if ($remoteaddition) {
$remoteaddition = "@{$remoteaddition}";
}
if (!$_SERVER['REMOTENODE']) {
$planprefix = '/read/';
if (strstr($matches[1], '@')) {
$remoteaddition = '';
}
// if it's a link to a third node, don't add the node specifier from the plan owner
$matches[1] = str_replace('@planwatch.org', '', $matches[1]);
} else {
$planprefix = '?id=';
if (strstr($matches[1], '@')) {
$remoteaddition = '';
} else {
$remoteaddition = '@planwatch.org';
}
}
if (!plan_is_registered_only($matches[1]) && !plan_is_private($matches[1]) || ($_SERVER['OUTPUT_MODE'] == 'HTML' || $_SERVER['OUTPUT_MODE'] == 'IPHONE') && $_SERVER['USER'] && $_SERVER['USER'] != 'guest') {
if ($matches[2]) {
return "<a target='_self' href='{$_SERVER['WEB_ROOT']}{$planprefix}{$matches['1']}{$remoteaddition}' title='{$matches['1']}'>{$matches['2']}</a>";
} else {
return "<a target='_self' href='{$_SERVER['WEB_ROOT']}{$planprefix}{$matches['1']}{$remoteaddition}' title='{$matches['1']}'>{$matches['1']}</a>";
}
} else {
if ($matches[2]) {
return "{$matches['2']}";
} else {
return "{$matches['1']}";
}
}
}
