function LookupToken($email)
{
$sql = <<<EOT
SELECT token,created,data
FROM token
WHERE scope='login' AND encode( data, 'escape' ) ilike ?
ORDER BY created DESC
EOT;
$q = db_query($sql, '%' . $email . '%');
$cnt = db_num_rows($q);
if ($cnt == 0) {
print "<p>No tokens found for <code>{$email}</code> (maybe they used a different email address?)</p>\n";
} else {
print "<p>Found {$cnt} tokens for <code>{$email}</code> (most recent first)</p>\n";
print "<table border=1>\n";
print "<tr><th>when issued</th><th>email</th><th>confirmation link</th><th>stashed url</th></tr>\n";
while ($r = db_fetch_array($q)) {
$t = strtotime($r['created']);
$issued = strftime('%R %a %e %B %Y', $t);
$token = $r['token'];
$confirmation_url = OPTION_BASE_URL . "/login?t={$token}";
$stashed_url = '????';
$email = '????';
$pos = 0;
$res = rabx_wire_rd(&$r['data'], &$pos);
if (!rabx_is_error($res)) {
$email = $res['email'];
$stashed_url = db_getOne("SELECT url FROM requeststash WHERE key=?", $res['stash']);
if (!$stashed_url) {
$stashed_url = '-none- (which probably means they clicked the link)';
}
}
?>
<tr>
<td><?php
echo $issued;
?>
</td>
<td><code><?php
echo $email;
?>
</code></td>
<td><code><?php
echo $confirmation_url;
?>
</code></td>
<td><code><?php
echo $stashed_url;
?>
</code></td>
</tr>
<?php
}
print "</table>\n";
}
}
function auth_token_retrieve($scope, $token)
{
$data = db_getOne('
select data
from token
where scope = ? and token = ?', array($scope, $token));
/* Madness. We have to unescape this, because the PEAR DB library isn't
* smart enough to spot BYTEA columns and do it for us. */
$data = pg_unescape_bytea($data);
$pos = 0;
$res = rabx_wire_rd(&$data, &$pos);
if (rabx_is_error($res)) {
$res = unserialize($data);
if (is_null($res)) {
err("Data for scope '{$scope}', token '{$token}' are not valid");
}
}
return $res;
}
function stash_check_for_post_redirect()
{
/* Are we doing a POST redirect? */
$key = get_http_var('stashpost');
if (!$key) {
return;
}
global $stash_in_stashpost;
$stash_in_stashpost = true;
/* Extract the post data */
list($method, $url, $post_data) = db_getRow_list('select method, url, post_data from requeststash where key = ?', $key);
if (is_null($method)) {
err(_("If you got the email more than a year ago, then your request has probably expired. Please try doing what you were doing from the beginning."), E_USER_NOTICE);
}
/* Postgres/PEAR DB BYTEA madness -- see comment in auth.php. */
$post_data = pg_unescape_bytea($post_data);
$pos = 0;
$stashed_POST = rabx_wire_rd(&$post_data, &$pos);
if (rabx_is_error($stashed_POST)) {
err("Bad serialised POST data in stash_check_for_post_redirect('{$key}')");
}
/* Fix $_POST to make this look like one */
$_POST = $stashed_POST;
# print_r($stashed_POST);
}
function rabx_unserialise(&$x)
{
$offset = 0;
$r = rabx_wire_rd($x, $offset);
/* XXX hack! serialize/unserialize probably aren't safe, so we shouldn't
* use them; but for compatibility during transition, try calling
* unserialize on any data which don't parse properly here. But we should
* remove this as soon as there are no old serialize-format data sitting
* in tables. */
if (rabx_is_error($r) && ($r2 = unserialize($x))) {
return $r2;
} else {
return $r;
}
}
