function plan_test_privacy($reader, $planwriter, $remotesnitch = FALSE) { $valid = FALSE; // if the reader is blocked, give up now if (!user_is_blocked($planwriter, $reader)) { $whitelist = file_get_contents("{$_SERVER['FILE_ROOT']}/resources/whitelist.txt"); if (!strstr($reader, '@planworld.net') || user_is_authorized($planwriter, $reader) || strstr($whitelist, $reader)) { $_SERVER['whitelist_passed'] = TRUE; } else { $_SERVER['whitelist_passed'] = FALSE; } // if the writer is registered only, there are a few considerations: // 1. the reader is registered here // 2. OR the reader is registered elsewhere in planworld // 3. if the reader is offsite, they must have snitch on // 4. if the reader is from planworld.net, they must be on the whitelist // 5. if the reader is registered here, they must have confirmed their email address // 6. EXCEPT the writer can personally allow any reader, regardless of snitch status if (plan_is_registered_only($planwriter) && $reader != 'guest' && $reader != 'rss reader' && trim($reader) && !plan_is_private($planwriter) && !file_exists("{$_SERVER['PWUSERS_DIR']}/{$reader}/unconfirmed") && ($_SERVER['USERINFO_ARRAY']['snitchlevel'] >= 1 || user_is_authorized($planwriter, $reader) || $reader == 'cacheuser') && $_SERVER['whitelist_passed'] && !(strstr(strtolower($reader), 'anonymous') && $_SERVER['PLANOWNER_INFO_ARRAY']['snitchlevel'] > 2)) { $valid = 1; } // if the plan is public or advertised, we're clear if (!plan_is_registered_only($planwriter) && !plan_is_private($planwriter)) { $valid = 1; } // if plan is private, only personally allowed users may read if (plan_is_private($planwriter) && user_is_authorized($planwriter, $reader)) { $valid = 1; } } // provides limited secret feeds for private plans. user must enable. if ($_SERVER['OUTPUT_MODE'] == "ATOM_PRIVATE") { $valid = 1; } // if the writer isn't local, we let the other end handle privacy if (!file_exists("{$_SERVER['PWUSERS_DIR']}/{$planwriter}")) { $valid = TRUE; } return $valid; }
function output_html($title, $content) { require_once "formatting_html.php"; // SKIN AND FONTS //------------------------------------------------------------------------------ if ($hatespictures) { $extracss = 'img { display: none; } #header img { display: inline; }'; } // WATCHED LIST //------------------------------------------------------------------------------ if (!browser_is_modern()) { $testwatchlist = $planwatchlist = format_watched_list_html(); } else { $planwatchlist = " "; if ($_SERVER['USER_ROOT'] && file_exists("{$_SERVER['USER_ROOT']}/watchedlist.txt")) { $testwatchlist = file_get_contents("{$_SERVER['USER_ROOT']}/watchedlist.txt"); } } // HTML <HEAD> TAGS // AND TOP LINKS & MENUS //------------------------------------------------------------------------------ $_SERVER['STOPWATCH']['meta_begin'] = array_sum(explode(' ', microtime())); $title = strip_tags($title); $extracss = "<style type='text/css'>{$_SERVER['PLANOWNER_INFO']['css']}</style>"; $thisurl = "http://{$_SERVER['HTTP_HOST']}{$web_root}{$_SERVER['REQUEST_URI']}"; // if we're writing or reading our own plan, load the editing javascript if (strstr($_SERVER[REQUEST_URI], 'write') || $_SERVER['USER'] == $_SERVER['PLANOWNER']) { $extrajs .= "\n<script type='text/javascript' src='/resources/javascript/setplan.js'></script>\n"; } // if we're writing, set up draft autosaves if (strstr($_SERVER[REQUEST_URI], 'write')) { $extrajs .= "<script type='text/javascript'>setTimeout(\"saveDraft({$_SERVER['PLAN_DRAFT_TIME']});\",61131);</script>"; } // if we're reading something besides an rss feed, set charset // to UTF-8. in the html5 template, everything's always set to UTF-8 // and it doesn't seem to break anything. we can probably safely // remove this once we switch. if ($_SERVER['URL_ARRAY'][1] == 'read' && strstr($urlarray[2], 'http')) { $encoding = "<meta http-equiv='Content-type' content='text/html; charset=UTF-8' />"; } // not that anyone will pay attention, but go ahead and put a copyright // notice in. if ($_SERVER['PLANOWNER']) { $copyright = "<meta http-equiv='copyright' content='This plan is copyright " . date("Y") . " {$_SERVER['PLANOWNER_DISPLAY_NAME']}, all rights reserved.' />"; } // if we're looking at a nonprivate local plan, provide an rss feed if ($_SERVER['PLANOWNER'] && !plan_is_private($_SERVER['PLANOWNER']) && !plan_is_registered_only($_SERVER['PLANOWNER']) && plan_is_local($_SERVER['PLANOWNER'])) { $alternate .= "<link rel='alternate' type='application/rss+xml' title=\"{$_SERVER['PLANOWNER_DISPLAY_NAME']}'s RSS Feed\" href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}/rss' />\n"; $alternate .= "<link rel='alternate' type='application/atom+xml' title=\"{$_SERVER['PLANOWNER_DISPLAY_NAME']}'s Atom Feed\" href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}/atom' />\n"; } // provide a link to the watched list feed if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) { $alternate .= "\n<link rel='alternate' type='application/rss+xml' title='Watched Plans' href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/watched/watched.rss' />\n"; } // use a different icon for plan pages if ($_SERVER['PLANOWNER']) { $subimage = "_plan"; } profile('meta'); profile('menus'); // ____ LOGO AND SITE NAME _______ if (strlen($GLOBALS['pwlogo']) > 1) { if (!strpos($GLOBALS['pwlogo'], 'ttp://')) { $logosize = @getimagesize("{$_SERVER['FILE_ROOT']}/{$GLOBALS['pwlogo']}"); $logoroot = $_SERVER['WEB_ROOT']; } else { $logosize = getimagesize("{$GLOBALS['pwlogo']}"); $logoroot = ''; } $logostring = "<img src='{$logoroot}{$GLOBALS['pwlogo']}' border='0' {$logosize['3']} align='absmiddle' />"; } $sitename = "<a href='{$_SERVER['WEB_ROOT']}/' id='sitename'>{$logostring} {$GLOBALS['sitename']}</a>"; $titlesitename = trim(strip_tags($GLOBALS['sitename'])); if (!$titlesitename) { $titlesitename = 'planwatch'; } // populates the nav buttons along the top of the page, along // with their menus. // TODO: maybe give offsite users a 'write' button tuned to their plan home? if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) { $toplinks = buttons_populate($content); } profile('menus'); // load GA if the user allows it if ($_SERVER['USERINFO_ARRAY']['allow_analytics']) { $analytics = "<script type=\"text/javascript\">\nvar gaJsHost = ((\"https:\" == document.location.protocol) ? \"https://ssl.\" : \"http://www.\");\ndocument.write(unescape(\"%3Cscript src='\" + gaJsHost + \"google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E\"));\n</script>\n<script type=\"text/javascript\">\ntry {\nvar pageTracker = _gat._getTracker(\"UA-12269975-1\");\npageTracker._trackPageview();\n} catch(err) {}</script>"; } // LOGIN FORM //------------------------------------------------------------------------------ // If the reader isn't logged in, present a login form. if (!user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) { $toplinks = "\n\n\t<form action='{$_SERVER['WEB_ROOT']}/scripts/form_shim.php' method='post' name='loginForm'>\n\t\tuser <input id='login_username' type='text' name='user' size='10'/>\n\t\tpass <input id='login_userpass' type='password' name='pass' size='6'/>\n\t\t<input type='checkbox' name='remember' id='remember' value='1'/>\n\t\t<label for='remember'>remember me</label>\n\t\t<input type='hidden' name='action' value='login'/>\n\t\t<input type='submit' name='action' value='login' onclick='document.forms.loginForm.submit();' />\n\t\t<input type='hidden' name='prevpage' value='" . str_replace('/', '!!', $thisurl) . "'/>\n\t</form>\n"; } // READER TOOLBAR //------------------------------------------------------------------------------ // If the reader is logged in, and reading a plan, build the reader toolbar. if ($_SERVER['URL_ARRAY'][1] == 'send') { $_SERVER['PLANOWNER'] = $_SERVER['URL_ARRAY'][2]; plan_get_owner_info($_SERVER['PLANOWNER']); } if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass']) && $_SERVER['PLANOWNER'] && !strstr($content, '<h1>Plan Read Failed</h1>')) { profile('reader_toolbar', 'begin'); $readertoolbar = output_build_reader_toolbar($content); profile('reader_toolbar', 'end'); } // MESSAGEBAR //------------------------------------------------------------------------------ if ($_SERVER['USERINFO_ARRAY']['username']) { if (!strpos($_SERVER['USERINFO_ARRAY']['real_name'], ' ')) { $message .= "<img src='{$GLOBALS['toolsicon']}'> <a href='{$_SERVER['WEB_ROOT']}/prefs/userinfo'>Click here to enter a valid (full) real name and make this annoying box go away.</a><br/>\n"; } if (file_exists("{$_SERVER['FILE_ROOT']}/temp/system_message.txt")) { $message .= file_get_contents("{$_SERVER['FILE_ROOT']}/temp/system_message.txt") . "<br/>\n"; } } // SLOGAN //------------------------------------------------------------------------------ // If the user allows slogans to be presented, go ahead and pick one. // (randomly, weighted by the popularity of the slogan) profile('slogans', 'begin'); if (!$_SERVER['USERINFO_ARRAY']['no_slogans']) { include_once 'slogan_functions.php'; $slogan_a = slogans_get_one(); $slogan = "<span class='slogan' title='slogan #{$slogan_a['1']}, submitted by {$slogan_a['2']}, rated {$slogan_a['3']}' id='slogan_text'>{$slogan_a['0']}</span>"; // only logged-in users can vote on slogans if ($_SERVER['USERINFO_ARRAY']['username']) { $slogan .= "<span class='slogan' id='slogan_rating'>\n\t\t\t<a href=\"javascript:slogans_modify_one_rating('{$slogan_a['1']}','1');\" class='edit_links' title='mod this slogan up to " . ($slogan_a[3] + 1) . "'>+</a>\n\t\t\t<a href=\"javascript:slogans_modify_one_rating('{$slogan_a['1']}','-1');\" class='edit_links' title='mod this slogan down to " . ($slogan_a[3] - 1) . "'>-</a>\n\n\t\t\t</span>"; } // only admins and slogan owners can edit slogans if ($_SERVER['USER'] == $slogan_a[2] || user_is_administrator()) { $slogan_js_edit = str_replace(array('"', "'"), array('~', '`'), $slogan_a[0]); $slogan .= " [ <a class='edit_links' href=\"javascript:slogans_edit_one('{$slogan_a['1']}');\" title=\"edit this slogan. it is yours, after all.\">edit</a> ]"; } } $_SERVER['STOPWATCH']['slogans_end'] = array_sum(explode(' ', microtime())); // TEMPLATES AND HEADERS //------------------------------------------------------------------------------ // header to make sure the pages aren't cached very long. // we send this right before the page load so it doesn't get in the way of other stuff. @Header("Expires: 240"); // READ IN AND POPULATE THE TEMPLATE // everyone but modern browser users gets the lynx template starting with this version. if (browser_is_modern()) { // load the HTML5 template if the user prefers // everyone will eventually get this automatically // once it's better tested if ($_SERVER['USERINFO_ARRAY']['html5_template'] == 1) { $page = str_replace('"', '\\"', file_get_contents("{$_SERVER['FILE_ROOT']}/resources/templates/template.default.html")); $doctype = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"; } else { $page = str_replace('"', '\\"', file_get_contents("{$_SERVER['FILE_ROOT']}/resources/templates/template.html5.html")); $doctype = "<!doctype html>\n"; } //TODO: find a better solution than eval() for page output eval("\$page=\"{$page}\";"); $page = $doctype . $page; } else { $page = str_replace('"', '\\"', file_get_contents("{$_SERVER['FILE_ROOT']}/resources/templates/template.textmode.html")); eval("\$page=\"{$page}\";"); $page = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">" . $page; } // planwatch_fixlinks adds session id to links that need it $page = planwatch_fixlinks($page); // close out the stopwatch profile('output', 'end'); profile('pageload', 'end'); if (strstr($page, 'TIME-->')) { $timestring = profile_display(); $page = str_replace('<!--LOADTIME-->', $timestring, $page); $page = str_replace('<!--TIME-->', round_sigdig($_SERVER['STOPWATCH']['pageload_end'] - $_SERVER['STOPWATCH']['pageload_begin'], 2), $page); } // display the "errors" panel if ($_SERVER['ERRORS'] && $_SERVER['USER']) { $errortime = time(); $page = str_replace('<!--ERRORS-->', "<a id='error_link' href=\"javascript:document.getElementById('error_report').style.display='block';void(null);\">Errors (click me to report)</a> <div id='error_report'>Errors <a href='/report/{$errortime}'>report to josh</a> <a href=\"javascript:document.getElementById('error_report').style.display='none';void(null);\">hide</a><br/>{$_SERVER['ERRORS']}</div>", $page); file_put_contents("{$_SERVER['DOCUMENT_ROOT']}/temp/{$errortime}.error", "<h2>Error Messages:</h2>{$_SERVER['ERRORS']}<hr/><h2>Error Details:</h2>{$_SERVER['ERROR_DETAILS']}<hr/><h2>Debug Info</h2>{$_SERVER['DEBUG_INFO']}"); } // display the "debug" panel for administrators if ($_SERVER['DEBUG_INFO'] && user_is_administrator()) { $page = str_replace('<!--DEBUG-->', "<a id='debug_link' href=\"javascript:document.getElementById('debug_report').style.display='block';void(null);\">debug</a> <div id='debug_report'>Debug Info <a href=\"javascript:document.getElementById('debug_report').style.display='none';void(null);\">hide</a><br/>{$_SERVER['DEBUG_INFO']}</div>", $page); } return $page; }
function plan_filter_linked_users($matches) { // if($_SERVER['USER']=='jwdavidson') print_r($matches); list($planwriter, $remoteaddition) = explode("@", $_SERVER['PLANOWNER']); if ($remoteaddition) { $remoteaddition = "@{$remoteaddition}"; } if (!$_SERVER['REMOTENODE']) { $planprefix = '/read/'; if (strstr($matches[1], '@')) { $remoteaddition = ''; } // if it's a link to a third node, don't add the node specifier from the plan owner $matches[1] = str_replace('@planwatch.org', '', $matches[1]); } else { $planprefix = '?id='; if (strstr($matches[1], '@')) { $remoteaddition = ''; } else { $remoteaddition = '@planwatch.org'; } } if (!plan_is_registered_only($matches[1]) && !plan_is_private($matches[1]) || ($_SERVER['OUTPUT_MODE'] == 'HTML' || $_SERVER['OUTPUT_MODE'] == 'IPHONE') && $_SERVER['USER'] && $_SERVER['USER'] != 'guest') { if ($matches[2]) { return "<a target='_self' href='{$_SERVER['WEB_ROOT']}{$planprefix}{$matches['1']}{$remoteaddition}' title='{$matches['1']}'>{$matches['2']}</a>"; } else { return "<a target='_self' href='{$_SERVER['WEB_ROOT']}{$planprefix}{$matches['1']}{$remoteaddition}' title='{$matches['1']}'>{$matches['1']}</a>"; } } else { if ($matches[2]) { return "{$matches['2']}"; } else { return "{$matches['1']}"; } } }