function plan_test_privacy($reader, $planwriter, $remotesnitch = FALSE)
{
    $valid = FALSE;
    // if the reader is blocked, give up now
    if (!user_is_blocked($planwriter, $reader)) {
        $whitelist = file_get_contents("{$_SERVER['FILE_ROOT']}/resources/whitelist.txt");
        if (!strstr($reader, '@planworld.net') || user_is_authorized($planwriter, $reader) || strstr($whitelist, $reader)) {
            $_SERVER['whitelist_passed'] = TRUE;
        } else {
            $_SERVER['whitelist_passed'] = FALSE;
        }
        // if the writer is registered only, there are a few considerations:
        // 1. the reader is registered here
        // 2. OR the reader is registered elsewhere in planworld
        // 3. if the reader is offsite, they must have snitch on
        // 4. if the reader is from planworld.net, they must be on the whitelist
        // 5. if the reader is registered here, they must have confirmed their email address
        // 6. EXCEPT the writer can personally allow any reader, regardless of snitch status
        if (plan_is_registered_only($planwriter) && $reader != 'guest' && $reader != 'rss reader' && trim($reader) && !plan_is_private($planwriter) && !file_exists("{$_SERVER['PWUSERS_DIR']}/{$reader}/unconfirmed") && ($_SERVER['USERINFO_ARRAY']['snitchlevel'] >= 1 || user_is_authorized($planwriter, $reader) || $reader == 'cacheuser') && $_SERVER['whitelist_passed'] && !(strstr(strtolower($reader), 'anonymous') && $_SERVER['PLANOWNER_INFO_ARRAY']['snitchlevel'] > 2)) {
            $valid = 1;
        }
        // if the plan is public or advertised, we're clear
        if (!plan_is_registered_only($planwriter) && !plan_is_private($planwriter)) {
            $valid = 1;
        }
        // if plan is private, only personally allowed users may read
        if (plan_is_private($planwriter) && user_is_authorized($planwriter, $reader)) {
            $valid = 1;
        }
    }
    // provides limited secret feeds for private plans. user must enable.
    if ($_SERVER['OUTPUT_MODE'] == "ATOM_PRIVATE") {
        $valid = 1;
    }
    // if the writer isn't local, we let the other end handle privacy
    if (!file_exists("{$_SERVER['PWUSERS_DIR']}/{$planwriter}")) {
        $valid = TRUE;
    }
    return $valid;
}
Example #2
0
function output_html($title, $content)
{
    require_once "formatting_html.php";
    // SKIN AND FONTS
    //------------------------------------------------------------------------------
    if ($hatespictures) {
        $extracss = 'img { display: none; } #header img { display: inline; }';
    }
    // WATCHED LIST
    //------------------------------------------------------------------------------
    if (!browser_is_modern()) {
        $testwatchlist = $planwatchlist = format_watched_list_html();
    } else {
        $planwatchlist = " ";
        if ($_SERVER['USER_ROOT'] && file_exists("{$_SERVER['USER_ROOT']}/watchedlist.txt")) {
            $testwatchlist = file_get_contents("{$_SERVER['USER_ROOT']}/watchedlist.txt");
        }
    }
    // HTML <HEAD> TAGS
    // AND TOP LINKS & MENUS
    //------------------------------------------------------------------------------
    $_SERVER['STOPWATCH']['meta_begin'] = array_sum(explode(' ', microtime()));
    $title = strip_tags($title);
    $extracss = "<style type='text/css'>{$_SERVER['PLANOWNER_INFO']['css']}</style>";
    $thisurl = "http://{$_SERVER['HTTP_HOST']}{$web_root}{$_SERVER['REQUEST_URI']}";
    // if we're writing or reading our own plan, load the editing javascript
    if (strstr($_SERVER[REQUEST_URI], 'write') || $_SERVER['USER'] == $_SERVER['PLANOWNER']) {
        $extrajs .= "\n<script type='text/javascript' src='/resources/javascript/setplan.js'></script>\n";
    }
    // if we're writing, set up draft autosaves
    if (strstr($_SERVER[REQUEST_URI], 'write')) {
        $extrajs .= "<script type='text/javascript'>setTimeout(\"saveDraft({$_SERVER['PLAN_DRAFT_TIME']});\",61131);</script>";
    }
    // if we're reading something besides an rss feed, set charset
    // to UTF-8. in the html5 template, everything's always set to UTF-8
    // and it doesn't seem to break anything. we can probably safely
    // remove this once we switch.
    if ($_SERVER['URL_ARRAY'][1] == 'read' && strstr($urlarray[2], 'http')) {
        $encoding = "<meta http-equiv='Content-type' content='text/html; charset=UTF-8' />";
    }
    // not that anyone will pay attention, but go ahead and put a copyright
    // notice in.
    if ($_SERVER['PLANOWNER']) {
        $copyright = "<meta http-equiv='copyright' content='This plan is copyright " . date("Y") . " {$_SERVER['PLANOWNER_DISPLAY_NAME']}, all rights reserved.' />";
    }
    // if we're looking at a nonprivate local plan, provide an rss feed
    if ($_SERVER['PLANOWNER'] && !plan_is_private($_SERVER['PLANOWNER']) && !plan_is_registered_only($_SERVER['PLANOWNER']) && plan_is_local($_SERVER['PLANOWNER'])) {
        $alternate .= "<link rel='alternate' type='application/rss+xml' title=\"{$_SERVER['PLANOWNER_DISPLAY_NAME']}'s RSS Feed\" href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}/rss' />\n";
        $alternate .= "<link rel='alternate' type='application/atom+xml' title=\"{$_SERVER['PLANOWNER_DISPLAY_NAME']}'s Atom Feed\" href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}/atom' />\n";
    }
    // provide a link to the watched list feed
    if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
        $alternate .= "\n<link rel='alternate' type='application/rss+xml' title='Watched Plans' href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['WEB_ROOT']}/watched/watched.rss' />\n";
    }
    // use a different icon for plan pages
    if ($_SERVER['PLANOWNER']) {
        $subimage = "_plan";
    }
    profile('meta');
    profile('menus');
    // ____ LOGO AND SITE NAME  _______
    if (strlen($GLOBALS['pwlogo']) > 1) {
        if (!strpos($GLOBALS['pwlogo'], 'ttp://')) {
            $logosize = @getimagesize("{$_SERVER['FILE_ROOT']}/{$GLOBALS['pwlogo']}");
            $logoroot = $_SERVER['WEB_ROOT'];
        } else {
            $logosize = getimagesize("{$GLOBALS['pwlogo']}");
            $logoroot = '';
        }
        $logostring = "<img src='{$logoroot}{$GLOBALS['pwlogo']}' border='0' {$logosize['3']} align='absmiddle' />";
    }
    $sitename = "<a href='{$_SERVER['WEB_ROOT']}/' id='sitename'>{$logostring} {$GLOBALS['sitename']}</a>";
    $titlesitename = trim(strip_tags($GLOBALS['sitename']));
    if (!$titlesitename) {
        $titlesitename = 'planwatch';
    }
    // populates the nav buttons along the top of the page, along
    // with their menus.
    // TODO: maybe give offsite users a 'write' button tuned to their plan home?
    if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
        $toplinks = buttons_populate($content);
    }
    profile('menus');
    // load GA if the user allows it
    if ($_SERVER['USERINFO_ARRAY']['allow_analytics']) {
        $analytics = "<script type=\"text/javascript\">\nvar gaJsHost = ((\"https:\" == document.location.protocol) ? \"https://ssl.\" : \"http://www.\");\ndocument.write(unescape(\"%3Cscript src='\" + gaJsHost + \"google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E\"));\n</script>\n<script type=\"text/javascript\">\ntry {\nvar pageTracker = _gat._getTracker(\"UA-12269975-1\");\npageTracker._trackPageview();\n} catch(err) {}</script>";
    }
    // LOGIN FORM
    //------------------------------------------------------------------------------
    // If the reader isn't logged in, present a login form.
    if (!user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
        $toplinks = "\n\n\t<form action='{$_SERVER['WEB_ROOT']}/scripts/form_shim.php' method='post' name='loginForm'>\n\t\tuser <input id='login_username' type='text' name='user' size='10'/>\n\t\tpass <input id='login_userpass' type='password'  name='pass' size='6'/>\n\t\t<input type='checkbox' name='remember' id='remember' value='1'/>\n\t\t<label for='remember'>remember me</label>\n\t\t<input type='hidden' name='action' value='login'/>\n\t\t<input type='submit' name='action' value='login' onclick='document.forms.loginForm.submit();' />\n\t\t<input type='hidden' name='prevpage' value='" . str_replace('/', '!!', $thisurl) . "'/>\n\t</form>\n";
    }
    // READER TOOLBAR
    //------------------------------------------------------------------------------
    // If the reader is logged in, and reading a plan, build the reader toolbar.
    if ($_SERVER['URL_ARRAY'][1] == 'send') {
        $_SERVER['PLANOWNER'] = $_SERVER['URL_ARRAY'][2];
        plan_get_owner_info($_SERVER['PLANOWNER']);
    }
    if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass']) && $_SERVER['PLANOWNER'] && !strstr($content, '<h1>Plan Read Failed</h1>')) {
        profile('reader_toolbar', 'begin');
        $readertoolbar = output_build_reader_toolbar($content);
        profile('reader_toolbar', 'end');
    }
    // MESSAGEBAR
    //------------------------------------------------------------------------------
    if ($_SERVER['USERINFO_ARRAY']['username']) {
        if (!strpos($_SERVER['USERINFO_ARRAY']['real_name'], ' ')) {
            $message .= "<img src='{$GLOBALS['toolsicon']}'> <a href='{$_SERVER['WEB_ROOT']}/prefs/userinfo'>Click here to enter a valid (full) real name and make this annoying box go away.</a><br/>\n";
        }
        if (file_exists("{$_SERVER['FILE_ROOT']}/temp/system_message.txt")) {
            $message .= file_get_contents("{$_SERVER['FILE_ROOT']}/temp/system_message.txt") . "<br/>\n";
        }
    }
    // SLOGAN
    //------------------------------------------------------------------------------
    // If the user allows slogans to be presented, go ahead and pick one.
    // (randomly, weighted by the popularity of the slogan)
    profile('slogans', 'begin');
    if (!$_SERVER['USERINFO_ARRAY']['no_slogans']) {
        include_once 'slogan_functions.php';
        $slogan_a = slogans_get_one();
        $slogan = "<span class='slogan' title='slogan #{$slogan_a['1']}, submitted by {$slogan_a['2']}, rated {$slogan_a['3']}' id='slogan_text'>{$slogan_a['0']}</span>";
        // only logged-in users can vote on slogans
        if ($_SERVER['USERINFO_ARRAY']['username']) {
            $slogan .= "<span class='slogan' id='slogan_rating'>\n\t\t\t<a href=\"javascript:slogans_modify_one_rating('{$slogan_a['1']}','1');\" class='edit_links' title='mod this slogan up to " . ($slogan_a[3] + 1) . "'>+</a>\n\t\t\t<a href=\"javascript:slogans_modify_one_rating('{$slogan_a['1']}','-1');\" class='edit_links' title='mod this slogan down to " . ($slogan_a[3] - 1) . "'>-</a>\n\n\t\t\t</span>";
        }
        // only admins and slogan owners can edit slogans
        if ($_SERVER['USER'] == $slogan_a[2] || user_is_administrator()) {
            $slogan_js_edit = str_replace(array('"', "'"), array('~', '`'), $slogan_a[0]);
            $slogan .= " [ <a class='edit_links' href=\"javascript:slogans_edit_one('{$slogan_a['1']}');\" title=\"edit this slogan. it is yours, after all.\">edit</a> ]";
        }
    }
    $_SERVER['STOPWATCH']['slogans_end'] = array_sum(explode(' ', microtime()));
    // TEMPLATES AND HEADERS
    //------------------------------------------------------------------------------
    // header to make sure the pages aren't cached very long.
    // we send this right before the page load so it doesn't get in the way of other stuff.
    @Header("Expires: 240");
    // READ IN AND POPULATE THE TEMPLATE
    // everyone but modern browser users gets the lynx template starting with this version.
    if (browser_is_modern()) {
        //		load the HTML5 template if the user prefers
        //		everyone will eventually get this automatically
        //		once it's better tested
        if ($_SERVER['USERINFO_ARRAY']['html5_template'] == 1) {
            $page = str_replace('"', '\\"', file_get_contents("{$_SERVER['FILE_ROOT']}/resources/templates/template.default.html"));
            $doctype = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
        } else {
            $page = str_replace('"', '\\"', file_get_contents("{$_SERVER['FILE_ROOT']}/resources/templates/template.html5.html"));
            $doctype = "<!doctype html>\n";
        }
        //TODO: find a better solution than eval() for page output
        eval("\$page=\"{$page}\";");
        $page = $doctype . $page;
    } else {
        $page = str_replace('"', '\\"', file_get_contents("{$_SERVER['FILE_ROOT']}/resources/templates/template.textmode.html"));
        eval("\$page=\"{$page}\";");
        $page = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">" . $page;
    }
    // planwatch_fixlinks adds session id to links that need it
    $page = planwatch_fixlinks($page);
    // close out the stopwatch
    profile('output', 'end');
    profile('pageload', 'end');
    if (strstr($page, 'TIME-->')) {
        $timestring = profile_display();
        $page = str_replace('<!--LOADTIME-->', $timestring, $page);
        $page = str_replace('<!--TIME-->', round_sigdig($_SERVER['STOPWATCH']['pageload_end'] - $_SERVER['STOPWATCH']['pageload_begin'], 2), $page);
    }
    // display the "errors" panel
    if ($_SERVER['ERRORS'] && $_SERVER['USER']) {
        $errortime = time();
        $page = str_replace('<!--ERRORS-->', "<a id='error_link' href=\"javascript:document.getElementById('error_report').style.display='block';void(null);\">Errors (click me to report)</a> <div id='error_report'>Errors <a href='/report/{$errortime}'>report to josh</a> <a href=\"javascript:document.getElementById('error_report').style.display='none';void(null);\">hide</a><br/>{$_SERVER['ERRORS']}</div>", $page);
        file_put_contents("{$_SERVER['DOCUMENT_ROOT']}/temp/{$errortime}.error", "<h2>Error Messages:</h2>{$_SERVER['ERRORS']}<hr/><h2>Error Details:</h2>{$_SERVER['ERROR_DETAILS']}<hr/><h2>Debug Info</h2>{$_SERVER['DEBUG_INFO']}");
    }
    // display the "debug" panel for administrators
    if ($_SERVER['DEBUG_INFO'] && user_is_administrator()) {
        $page = str_replace('<!--DEBUG-->', "<a  id='debug_link' href=\"javascript:document.getElementById('debug_report').style.display='block';void(null);\">debug</a> <div id='debug_report'>Debug Info <a href=\"javascript:document.getElementById('debug_report').style.display='none';void(null);\">hide</a><br/>{$_SERVER['DEBUG_INFO']}</div>", $page);
    }
    return $page;
}
Example #3
0
function plan_filter_linked_users($matches)
{
    //	if($_SERVER['USER']=='jwdavidson')	print_r($matches);
    list($planwriter, $remoteaddition) = explode("@", $_SERVER['PLANOWNER']);
    if ($remoteaddition) {
        $remoteaddition = "@{$remoteaddition}";
    }
    if (!$_SERVER['REMOTENODE']) {
        $planprefix = '/read/';
        if (strstr($matches[1], '@')) {
            $remoteaddition = '';
        }
        // if it's a link to a third node, don't add the node specifier from the plan owner
        $matches[1] = str_replace('@planwatch.org', '', $matches[1]);
    } else {
        $planprefix = '?id=';
        if (strstr($matches[1], '@')) {
            $remoteaddition = '';
        } else {
            $remoteaddition = '@planwatch.org';
        }
    }
    if (!plan_is_registered_only($matches[1]) && !plan_is_private($matches[1]) || ($_SERVER['OUTPUT_MODE'] == 'HTML' || $_SERVER['OUTPUT_MODE'] == 'IPHONE') && $_SERVER['USER'] && $_SERVER['USER'] != 'guest') {
        if ($matches[2]) {
            return "<a target='_self' href='{$_SERVER['WEB_ROOT']}{$planprefix}{$matches['1']}{$remoteaddition}' title='{$matches['1']}'>{$matches['2']}</a>";
        } else {
            return "<a target='_self' href='{$_SERVER['WEB_ROOT']}{$planprefix}{$matches['1']}{$remoteaddition}' title='{$matches['1']}'>{$matches['1']}</a>";
        }
    } else {
        if ($matches[2]) {
            return "{$matches['2']}";
        } else {
            return "{$matches['1']}";
        }
    }
}