function api_keys_utils_get_from_url($more = array())
{
    $defaults = array('allow_disabled' => 0, 'ensure_isown' => 1);
    $more = array_merge($defaults, $more);
    $api_key = request_str("api_key");
    # OAuth2 section 2.2 ...
    if (!$api_key) {
        $api_key = request_str("client_id");
    }
    if (!$api_key) {
        error_404();
    }
    $key_row = api_keys_get_by_key($api_key);
    if (!$key_row) {
        error_404();
    }
    if ($key_row['deleted']) {
        error_410();
    }
    if ($more['ensure_isown']) {
        if ($key_row['user_id'] != $GLOBALS['cfg']['user']['id']) {
            error_403();
        }
    }
    if (!$more['allow_disabled']) {
        if ($key_row['disabled']) {
            error_403();
        }
    }
    return $key_row;
}
function api_output_get_format()
{
    $format = null;
    $possible = null;
    if (request_isset('format')) {
        $possible = request_str('format');
    } elseif (function_exists('getallheaders')) {
        $headers = getallheaders();
        if (isset($headers['Accept'])) {
            foreach (explode(",", $headers['Accept']) as $what) {
                list($type, $q) = explode(";", $what, 2);
                if (preg_match("!^application/(\\w+)\$!", $type, $m)) {
                    $possible = $m[1];
                    break;
                }
            }
        }
    } else {
    }
    if ($possible) {
        if (in_array($possible, $GLOBALS['cfg']['api']['formats'])) {
            $format = $possible;
        }
    }
    return $format;
}
function api_dots_dotsForUser()
{
    // these keys not important
    $skipKeys = array("details", "details_json", "index_on", "details_listview", "type_of_co");
    $u = request_str('user');
    $owner = users_get_by_id($u);
    $output = array();
    if ($owner) {
        $dots = dots_get_dots_for_user($owner);
        // please say there is a better way
        if ($dots) {
            foreach ($dots as &$row) {
                $a = array();
                foreach ($row as $k => $v) {
                    if (!in_array($k, $skipKeys)) {
                        $a[$k] = $v;
                    }
                }
                $output[] = $a;
            }
        }
    }
    if (count($output)) {
        api_output_ok($output);
    } else {
        api_output_error();
    }
}
function api_auth_oauth2_get_access_token(&$method)
{
    # https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-20#section-2.1
    $require_header = $GLOBALS['cfg']['api_oauth2_require_authentication_header'];
    $check_header = $GLOBALS['cfg']['api_oauth2_check_authentication_header'];
    if ($require_header || $check_header) {
        $headers = apache_request_headers();
        $token = null;
        if (!isset($headers['authorization'])) {
            if ($require_header) {
                return null;
            }
        } else {
            if (preg_match("/Bearer\\s+([a-zA-Z0-9\\+\\/\\=]+)\$/", $headers['authorization'], $m)) {
                $token = $m[1];
                $token = base64_decode($token);
            }
        }
        if ($token || $require_header) {
            return $token;
        }
    }
    if ($GLOBALS['cfg']['api_oauth2_allow_get_parameters']) {
        return request_str('access_token');
    }
    return post_str('access_token');
}
Example #5
0
 function actions()
 {
     $action = request_str('action');
     if (method_exists($this, $action . 'Action')) {
         return call_user_func(array($this, $action . 'Action'));
     } else {
         return $this->defaultAction();
     }
 }
Example #6
0
function api_dispatch()
{
    #
    # Output formats
    #
    $format = request_str('format');
    if ($format = request_str('format')) {
        if (in_array($format, $GLOBALS['cfg']['api']['formats']['valid'])) {
            $GLOBALS['cfg']['api']['formats']['current'] = $format;
        } else {
            $format = null;
        }
    }
    if (!$format) {
        $GLOBALS['cfg']['api']['formats']['current'] = $GLOBALS['cfg']['api']['formats']['default'];
    }
    #
    # Can I get a witness?
    #
    if (!$GLOBALS['cfg']['enable_feature_api']) {
        api_output_error(999, 'The API is currently disabled');
    }
    #
    # Is this a valid method?
    #
    $method = request_str('method');
    if (!$method) {
        api_output_error(404, 'Method not found');
    }
    if (!isset($GLOBALS['cfg']['api']['methods'][$method])) {
        api_output_error(404, 'Method not found');
    }
    $method_row = $GLOBALS['cfg']['api']['methods'][$method];
    if (!$method_row['enabled']) {
        api_output_error(404, 'Method not found');
    }
    $lib = $method_row['library'];
    loadlib($lib);
    $method = explode(".", $method);
    $function = $lib . "_" . array_pop($method);
    if (!function_exists($function)) {
        api_output_error(404, 'Method not found');
    }
    #
    # Auth-y bits
    #
    if ($method_row['required_login']) {
        # Please, to write me...
    }
    #
    # Go!
    #
    call_user_func($function);
    exit;
}
Example #7
0
    function defaultAction()
    {
        $subjects = array(1 => array('id' => 1, 'title' => s('General question')), 2 => array('id' => 2, 'title' => s('Bug report')), 3 => array('id' => 3, 'title' => s('Collaboration or partership')), 4 => array('id' => 4, 'title' => s('Idea')), 5 => array('id' => 5, 'title' => s('Other')));
        $html = '';
        $errors = array();
        $is_posted = request_int('is_posted');
        $jump_to = 'feedback_name';
        if ($is_posted) {
            if (!count($errors) && !request_str('email')) {
                $errors[] = s('Please, enter your email');
                $jump_to = 'feedback_email';
            }
            if (!count($errors) && request_str('email') && !filter_var(request_str('email'), FILTER_VALIDATE_EMAIL)) {
                $errors[] = s('Please, provide correct email address. For example: john@gmail.com');
                $jump_to = 'feedback_email';
            }
            if (!count($errors) && !request_str('message')) {
                $errors[] = s('Enter the message.');
                $jump_to = 'feedback_password';
            }
            if (!count($errors)) {
                $data = array('{name}' => request_str('name'), '{email}' => request_str('email'), '{subject}' => $subjects[request_int('subject_id')]['title'], '{message}' => request_str('message'));
                $message = str_replace(array_keys($data), array_values($data), 'Name: {name}
Email: {email}

Subject: {subject}

{message}


' . $_SERVER['REMOTE_ADDR'] . ' ' . date('r'));
                core::$sql->insert(array('message' => core::$sql->s($message), 'insert_stamp' => core::$sql->i(time())), DB . 'feedback');
                require_once '../mod/lib.mail.php';
                foreach (array('*****@*****.**') as $email) {
                    mail_send(request_str('name'), request_str('email'), $email, 'Metro4all.org - ' . $subjects[request_int('subject_id')]['title'], $message, false);
                }
                go(Core::$config['http_home'] . 'feedback/?action=ok');
            }
        }
        $page = new PageCommon(s('Feedback'));
        $html .= $page->start();
        $html .= '<div class="row"><div class="col-md-offset-2 col-md-8"><h2>' . s('Feedback') . '</h2>';
        if (count($errors)) {
            $html .= '<div class="alert alert-danger"><p>' . escape($errors[0]) . '</p></div>';
        }
        $form = new Form('feedback', false, 'post');
        $html .= '<div class="well">' . $form->start() . $form->addVariable('is_posted', 1) . $form->addString('name', s('Name'), $is_posted ? request_str('name') : '') . $form->addString('email', s('E-mail'), $is_posted ? request_str('email') : '', array('is_required' => true)) . $form->addSelect('subject_id', s('Subject'), $is_posted ? request_int('subject_id') : 1, array('data' => $subjects)) . $form->addText('message', s('Message'), $is_posted ? request_str('message') : '', array('is_required' => true, 'style' => 'height:200px')) . $form->submit(s('Send')) . '</div>';
        $html .= '<script> $(document).ready(function() { $("#' . $jump_to . '").focus(); }); </script>';
        $html .= '</div></div>';
        $html .= $page->stop();
        return $html;
    }
function api_auth_has_valid_crumb(&$method, $ttl = 0)
{
    $crumb = request_str("crumb");
    if (!$crumb) {
        return 0;
    }
    $name = $method['name'];
    $ttl = isset($method['crumb_ttl']) ? $method['crumb_ttl'] : 0;
    if (!crumb_check("api", $ttl, $name)) {
        return 0;
    }
    return 1;
}
 function defaultAction()
 {
     $html = '';
     $errors = array();
     $is_posted = request_int('is_posted');
     $jump_to = 'subscription_email';
     if ($is_posted) {
         // $captcha_code = request_str('captcha_code');
         if (!count($errors) && !request_str('email')) {
             $errors[] = s('Please, enter your email');
             $jump_to = 'register_email';
         }
         if (!count($errors) && request_str('email') && !filter_var(request_str('email'), FILTER_VALIDATE_EMAIL)) {
             $errors[] = s('Please, provide correct email address. For example: john@gmail.com');
             $jump_to = 'register_email';
         }
         // if(captcha_compare(request_str('captcha_code'))) {
         //	captcha_close();
         if (!count($errors)) {
             // file_put_contents('data/subscription.txt', "\r\n" . request_str('email'), FILE_APPEND | LOCK_EX);
             core::$sql->insert(array('email' => core::$sql->s(request_str('email')), 'insert_stamp' => core::$sql->i(time())), DB . 'subscription');
             /*
             			        switch (request_int('language_id')) {
             			        	case 1: mail('*****@*****.**', 'subscribe gisconf '.request_str('email'), '*password: Oov4eeph', 'From: news@gisconf.ru'); break;
             			        	case 2: mail('*****@*****.**', 'subscribe gisconf-en '.request_str('email'), '*password: Oov4eeph', 'From: news-en@gisconf.ru'); break;
             			        }
             */
             go(core::$config['http_home'] . 'subscription/?action=ok');
         }
         // }
         // else
         //	$errors []= 'Неверный код подтверждения';
     }
     $page = new PageCommon(s('Newsletter'));
     $html .= $page->start();
     $html .= '<div class="row"><div class="col-md-offset-1 col-md-6"><h1>' . s('Newsletter') . '</h1>';
     if (count($errors)) {
         $html .= '<div class="alert alert-danger"><p>' . escape($errors[0]) . '</p></div>';
     }
     $form = new Form('subscription', false, 'post');
     $html .= '<div class="well">' . $form->start() . $form->addVariable('is_posted', 1) . $form->addString('email', s('E-mail'), $is_posted ? request_str('email') : '', array('is_required' => true)) . $form->submit(s('Subscribe')) . '</div>';
     $html .= '<script> $(document).ready(function() { $("#' . $jump_to . '").focus(); }); </script>';
     $html .= '</div></div>';
     $html .= $page->stop();
     return $html;
 }
# Ensure that this is something we can export
#
$format = get_str('format');
if (!$format) {
    $format = 'csv';
}
$map = formats_valid_export_map('key by extension');
if (!isset($map[$format])) {
    error_404();
}
# Hey look! At least to start we are deliberately not doing
# any pagination on the 'dots-for-a-sheet' page. We'll see
# how long its actually sustainable but for now it keeps a
# variety of (display) avenues open.
# (20101025/straup)
$more = array('per_page' => $GLOBALS['cfg']['import_max_records'], 'sort' => request_str('_sort'), 'order' => request_str('_order'));
$sheet['dots'] = dots_get_dots_for_sheet($sheet, $GLOBALS['cfg']['user']['id'], $more);
$bbox = implode(", ", array_values($sheet['extent']));
# valid extras are things like
$export_more = array('viewer_id' => $GLOBALS['cfg']['user']['id']);
if ($format == "json" && ($cb = get_str("callback"))) {
    $export_more['callback'] = $cb;
}
// added by seanc(6/21/2011)
if ($format == "json" && isset($sheet['label'])) {
    $export_more['sheet_label'] = $sheet['label'];
    $export_more['sheet_extent'] = $bbox;
}
$export_props = export_collect_user_properties($format);
$export_more = array_merge($export_props, $export_more);
# caching?
function _api_output_rest_send_jsonp(&$rsp)
{
    $callback = request_str('callback');
    $callback = filter_strict($callback);
    if (!$callback) {
        $callback = "makeItSo";
    }
    $callback = htmlspecialchars($callback);
    _api_output_rest_send_json_headers();
    echo $callback . "(" . json_encode($rsp) . ")";
}
Example #12
0
<?php

# Note the order here – it's important
# (20121024/straup)
$GLOBALS['this_is_api'] = 1;
include "include/init.php";
loadlib("api");
$method = request_str("method");
api_dispatch($method);
exit;
    echo json_encode($json);
    exit;
}
#
$key_more = array('ensure_isown' => 0);
$key_row = api_keys_utils_get_from_url($key_more);
$GLOBALS['smarty']->assign_by_ref("key", $key_row);
$ok = 1;
$error = null;
# Basics (redirect URLs)
if ($ok && !$key_row['app_callback']) {
    error_403();
}
# Basics (everything else)
$grant = request_str("grant_type");
$code = request_str("code");
if (!$code || !$grant) {
    $error = "invalid_request";
    $ok = 0;
}
if ($ok && $grant != "authorization_code") {
    $error = "invalid_grant";
    $ok = 0;
}
if (!$ok) {
    $rsp = array('error' => $error);
    local_send_json($rsp);
    exit;
}
# Sort out the grant tokens
$grant_token = api_oauth2_grant_tokens_get_by_code($code);
Example #14
0
function api_dispatch($method)
{
    if (!$GLOBALS['cfg']['enable_feature_api']) {
        api_output_error(999, 'API disabled');
    }
    $method = filter_strict($method);
    $api_key = request_str("api_key");
    $access_token = request_str("access_token");
    # Log the basics
    api_log(array('api_key' => $api_key, 'method' => $method, 'access_token' => $access_token, 'remote_addr' => $_SERVER['REMOTE_ADDR']));
    $methods = $GLOBALS['cfg']['api']['methods'];
    if (!$method || !isset($methods[$method])) {
        $enc_method = htmlspecialchars($method);
        api_output_error(404, "Method '{$enc_method}' not found");
    }
    apache_setenv("API_METHOD", $method);
    $method_row = $methods[$method];
    $key_row = null;
    $token_row = null;
    if (!$method_row['enabled']) {
        $enc_method = htmlspecialchars($method);
        api_output_error(404, "Method '{$enc_method}' not found");
    }
    $method_row['name'] = $method;
    if ($GLOBALS['cfg']['api_auth_type'] == 'oauth2') {
        if ($_SERVER['REQUEST_METHOD'] != 'POST' && !$GLOBALS['cfg']['api_oauth2_allow_get_parameters']) {
            api_output_error(405, 'Method not allowed');
        }
    }
    if (isset($method_row['request_method'])) {
        if ($_SERVER['REQUEST_METHOD'] != $method_row['request_method']) {
            api_output_error(405, 'Method not allowed');
        }
    }
    # Okay – now we get in to validation and authorization. Which means a
    # whole world of pedantic stupid if we're using Oauth2. Note that you
    # could use OAuth2 and require API keys be passed explictly but since
    # that's not part of the spec if you enable the two features simultaneously
    # don't be surprised when hilarity ensues. Good times. (20121026/straup)
    # First API keys
    if (features_is_enabled("api_require_keys")) {
        if (!$api_key) {
            api_output_error(999, "Required API key is missing");
        }
        $key_row = api_keys_get_by_key($api_key);
        api_keys_utils_ensure_valid_key($key_row);
    }
    # Second auth-y bits
    $auth_rsp = api_auth_ensure_auth($method_row, $key_row);
    if (isset($auth_rsp['api_key'])) {
        $key_row = $auth_rsp['api_key'];
    }
    if (isset($auth_rsp['access_token'])) {
        $token_row = $auth_rsp['access_token'];
    }
    if ($auth_rsp['user']) {
        $GLOBALS['cfg']['user'] = $auth_rsp['user'];
    }
    apache_setenv("API_KEY", $key_row['api_key']);
    # Check for require-iness of users here ?
    # Roles - for API keys (things like only the site keys)
    api_config_ensure_role($method_row, $key_row, $token_row);
    # Blessings and other method specific access controls
    api_config_ensure_blessing($method_row, $key_row, $token_row);
    # Finally, crumbs - because they are tastey
    if ($method_row['requires_crumb']) {
        api_auth_ensure_crumb($method_row);
    }
    # GO!
    loadlib($method_row['library']);
    $parts = explode(".", $method);
    $method = array_pop($parts);
    $func = "{$method_row['library']}_{$method}";
    if (!function_exists($func)) {
        api_output_error(404, "Method not found");
    }
    call_user_func($func);
    exit;
}
function api_foursquare_venues_search()
{
    $lat = request_float('latitude');
    $lon = request_float('longitude');
    $alt = request_float('altitude');
    $query = request_str('query');
    # See this? It's a quick and dirty shim until I can figure
    # out how to pass 'sort' flags via the UI (20120201/straup)
    # $sort = request_float('sort');
    $sort = $GLOBALS['cfg']['foursquare_venues_sort'];
    $sort_func = "_api_foursquare_venues_sort_by_name";
    if ($sort == 'distance') {
        $sort_func = "_api_foursquare_venues_sort_by_distance";
    }
    if (!$lat || !geo_utils_is_valid_latitude($lat)) {
        api_output_error(999, "Missing or invalid latitude");
    }
    if (!$lat || !geo_utils_is_valid_longitude($lon)) {
        api_output_error(999, "Missing or invalid longitude");
    }
    $checkin_crumb = crumb_generate("api", "privatesquare.venues.checkin");
    $fsq_user = foursquare_users_get_by_user_id($GLOBALS['cfg']['user']['id']);
    $method = 'venues/search';
    if ($query) {
        $args = array('oauth_token' => $fsq_user['oauth_token'], 'll' => "{$lat},{$lon}", 'radius' => 1200, 'limit' => 30, 'intent' => 'match', 'query' => $query);
        $rsp = foursquare_api_call($method, $args);
        if (!$rsp['ok']) {
            _api_foursquare_error($rsp);
        }
        $venues = $rsp['rsp']['venues'];
        usort($venues, $sort_func);
        $out = array('venues' => $venues, 'query' => $query, 'latitude' => $lat, 'longitude' => $lon, 'crumb' => $checkin_crumb);
        api_output_ok($out);
    }
    $random_user = foursquare_users_random_user();
    if (!$random_user) {
        $random_user = $fsq_user;
    }
    # https://developer.foursquare.com/docs/venues/search
    # TO DO: api_call_multi
    # first get stuff scoped to the current user
    $args = array('oauth_token' => $fsq_user['oauth_token'], 'll' => "{$lat},{$lon}", 'limit' => 30, 'intent' => 'checkin');
    $rsp = foursquare_api_call($method, $args);
    if (!$rsp['ok']) {
        _api_foursquare_error($rsp);
    }
    $venues = array();
    $seen = array();
    foreach ($rsp['rsp']['venues'] as $v) {
        $venues[] = $v;
        $seen[] = $v['id'];
    }
    # now just get whatever
    $args = array('oauth_token' => $random_user['oauth_token'], 'll' => "{$lat},{$lon}", 'limit' => 30, 'radius' => 800, 'intent' => 'browse');
    $rsp = foursquare_api_call($method, $args);
    if (!$rsp['ok']) {
        _api_foursquare_error($rsp);
    }
    foreach ($rsp['rsp']['venues'] as $v) {
        if (!in_array($v['id'], $seen)) {
            $venues[] = $v;
        }
    }
    usort($venues, $sort_func);
    # go!
    $out = array('venues' => $venues, 'latitude' => $lat, 'longitude' => $lon, 'crumb' => $checkin_crumb);
    api_output_ok($out);
}
Example #16
0
 function get_home_info()
 {
     $title_url = request_str('user_title_url', true);
     if ($title_url == '') {
         out();
     }
     $id = $this->get_id_by_title_url($title_url);
     if ($id == U_GUEST) {
         out();
     }
     $info = array();
     $is_my = $id == $this->info['id'];
     if (!$is_my) {
         $info = $this->sql->row('*', DB . 'users', 'id=' . $this->sql->i($id));
         if ($info === false) {
             out();
         }
     } else {
         $info = $this->info;
     }
     $info['is_my'] = $is_my;
     $info['home_url'] = '/club/' . $info['title_url'] . '/';
     return $info;
 }
Example #17
0
<?php

include "../include/init.php";
loadlib("god");
loadlib("flickr_photos");
loadlib("flickr_backups");
loadlib("flickr_faves");
loadlib("flickr_users");
loadlib("flickr_api");
$id = request_str("user_id");
if ($id) {
    $user = users_get_by_id($id);
    if (!$user['id']) {
        error_404();
    }
    $flickr_user = flickr_users_get_by_user_id($user['id']);
    $count_photos = flickr_photos_count_for_user($user, array('viewer_id' => $user['id']));
    $user['count_photos'] = $count_photos;
    if ($flickr_user['auth_token']) {
        $backups = flickr_backups_for_user($user);
        $user['backups'] = $backups;
        $count_faves = flickr_faves_count_for_user($user, array('viewer_id' => $user['id']));
        $user['count_faves'] = $count_faves;
        $perms_map = flickr_api_authtoken_perms_map();
        $GLOBALS['smarty']->assign_by_ref("perms_map", $perms_map);
    }
    $GLOBALS['smarty']->assign_by_ref("user", $user);
    $GLOBALS['smarty']->assign_by_ref("flickr_user", $flickr_user);
}
$GLOBALS['smarty']->display("page_god_user.txt");
exit;
Example #18
0
function request_checked($name, $is_required = false)
{
    $value = request_str($name, $is_required);
    return $value == 'on' ? 1 : 0;
}
}
if (!$GLOBALS['cfg']['enable_feature_import_by_url']) {
    $GLOBALS['error']['uploads_by_url_disabled'] = 1;
    $smarty->display("page_upload_disabled.txt");
    exit;
}
login_ensure_loggedin("{$GLOBALS['cfg']['abs_root_url']}upload/url/?url=" . urlencode($url));
#
# Start setting things up...
#
$crumb_key = 'upload';
$smarty->assign("crumb_key", $crumb_key);
#
# Ensure there's a URL and that the user is logged in
#
$url = request_str('url');
if (!$url) {
    $GLOBALS['smarty']->display('page_upload_by_url_form.txt');
    exit;
}
#
# Validate $url here
#
$parsed = utils_parse_url($url);
$ok = $parsed['ok'];
$error_details = '';
if ($ok && !in_array($parsed['scheme'], array('http', 'https'))) {
    $error_details = 'Invalid scheme. Only http and https are currently supported.';
    $ok = 0;
}
if ($ok && !$parsed['host']) {
include "include/init.php";
loadlib("import");
loadlib("flickr");
loadlib("utils");
if (!$GLOBALS['cfg']['enable_feature_import']) {
    $GLOBALS['error']['uploads_disabled'] = 1;
    $smarty->display("page_upload_disabled.txt");
    exit;
}
if (!$GLOBALS['cfg']['enable_feature_import_by_url']) {
    $GLOBALS['error']['uploads_by_url_disabled'] = 1;
    $smarty->display("page_upload_disabled.txt");
    exit;
}
#
$url = request_str("url");
$loggedin_url = "{$GLOBALS['cfg']['abs_root_url']}upload/flickr/";
if ($url) {
    $loggedin_url .= "?url=" . urlencode($url);
}
login_ensure_loggedin($loggedin_url);
#
$crumb_key = 'upload';
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
#
$ok = 1;
if ($url) {
    $parsed_url = utils_parse_url($url);
    if (!preg_match("/(www\\.)?flickr\\.com/", $parsed_url['host'])) {
        $GLOBALS['error']['not_flickr'] = 1;
        $ok = 0;
Example #21
0
function crumb_check($key, $ttl = 0)
{
    $test = request_str('crumb');
    return crumb_validate($test, $key, $ttl);
}
Example #22
0
 function lostPasswordChangeAction()
 {
     if (($user = core::$sql->row('id, password', DB . 'user', 'id=' . core::$sql->i(request_int('id', true)) . ' and id<>' . core::$sql->i(User::ANONIMOUS) . ' and is_disabled=0')) === false) {
         out();
     }
     if (($hash = core::$user->getHash(core::$config['user']['lost_password_salt'], $user['password'])) != request_str('code', true)) {
         out();
     }
     $html = '';
     $errors = array();
     $is_posted = request_int('is_posted');
     $jump_to = 'lost_password_change_password';
     if ($is_posted) {
         // $captcha_code = request_str('captcha_code');
         if (!count($errors) && !request_str('password')) {
             $errors[] = s('Пожалуйста, укажите пароль.');
         }
         if (!count($errors) && request_str('password') != request_str('password2')) {
             $errors[] = s('Введенные пароли не совпадают. Пожалуйста, попробуйте еще раз.');
         }
         // if(captcha_compare(request_str('captcha_code'))) {
         //	captcha_close();
         if (!count($errors)) {
             $password_hash = core::$user->getHash(core::$config['user']['password_salt'], request_str('password'));
             core::$sql->update(array('password' => core::$sql->s($password_hash)), DB . 'user', 'id=' . core::$sql->i($user['id']));
             core::$user->logout();
             go(core::$config['http_home'] . 'lost_password/changed/');
         }
         // }
         // else
         //	$errors []= 'Неверный код подтверждения';
     }
     $page = new PageCommon(s('Смена пароля'));
     $html .= $page->start();
     $html .= '<div class="row"><div class="span4 offset4"><h2>' . s('Смена пароля') . '</h2>';
     if (count($errors)) {
         $html .= '<div class="alert alert-danger"><p>' . escape($errors[0]) . '</p></div>';
     }
     $form = new Form('lost_password_change', false, 'post');
     $html .= '<div class="well">' . $form->start() . $form->addVariable('is_posted', 1) . $form->addVariable('id', request_int('id')) . $form->addVariable('code', request_str('code')) . $form->addPassword('password', s('Пароль'), '', array('is_required' => true)) . $form->addPassword('password2', s('Подтверждение пароля'), '', array('is_required' => true)) . $form->submit(s('Сохранить')) . '</div>';
     /*
     $html .= '<ul>
     		<li><a href="'  .core::$config['http_home'] . 'login/">' . s('Вход для зарегистрированных') . '</a></li>
     	</ul>';
     */
     $html .= '<script> $(document).ready(function() { $("#' . $jump_to . '").focus(); }); </script>';
     $html .= '</div></div>';
     $html .= $page->stop();
     return $html;
 }
    }
    $GLOBALS['smarty']->display("page_api_oauth2_authenticate_self.txt");
    exit;
}
# Okay, let's do this
$ok = 1;
$scope = request_str("scope");
if ($ok && !api_oauth2_access_tokens_is_valid_permission($scope, "string perms")) {
    $GLOBALS['smarty']->assign("error", "invalid_scope");
    $ok = 0;
}
if ($ok && request_str("redirect_uri") != $key_row['app_callback']) {
    $GLOBALS['smarty']->assign("error", "invalid_callback");
    $ok = 0;
}
if ($ok && request_str("response_type") != "code") {
    $GLOBALS['smarty']->assign("error", "invalid_type");
    $ok = 0;
}
# Do we already have a grant token for this user?
# And yes this is a repeat of the code below that should maybe be
# moved in to a function or something. But for now it's fine...
# (20121024/straup)
if ($ok && ($token = api_oauth2_grant_tokens_get_for_user_and_key($GLOBALS['cfg']['user'], $key_row))) {
    if (api_oauth2_grant_tokens_is_timely($token)) {
        $rsp_params = array('code' => $token['code']);
        if ($state = get_str("state")) {
            $rsp_params['state'] = $state;
        }
        $rsp_params = http_build_query($rsp_params);
        $url = $key_row['app_callback'] . "?" . $rsp_params;
Example #24
0
    function updateAction()
    {
        if (!$this->is_admin) {
            go(core::$config['http_home'] . 'faq/');
        }
        if (($item = $this->getQa(request_int('id'))) === false) {
            go(core::$config['http_home']);
        }
        $html = '';
        $errors = array();
        $is_posted = request_int('is_posted');
        $jump_to = 'update_qa_title';
        if ($is_posted) {
            if (!count($errors) && !request_str('title')) {
                $errors[] = s('Пожалуйста, укажите вопрос.');
                $jump_to = 'update_qa_title';
            }
            if (!count($errors) && !request_str('group_title')) {
                $errors[] = s('Пожалуйста, укажите группу.');
                $jump_to = 'insert_qa_group_title';
            }
            if (!count($errors)) {
                $fields = array();
                foreach (Core::$config['languages'] as $url => $languages) {
                    $fields['title_' . $url] = core::$sql->s(request_str('title_' . $url));
                    $fields['group_title_' . $url] = core::$sql->s(request_str('group_title_' . $url));
                    $fields['description_' . $url] = core::$sql->s(request_str('description_' . $url));
                }
                core::$sql->update($fields, DB . 'qa', 'id=' . core::$sql->i($item['id']));
                go(core::$config['http_home'] . 'faq/');
            }
        }
        $page = new PageCommon(s('Изменить вопрос'));
        $html .= $page->start();
        $html .= '<p><a href="./">' . s('Q&A') . '</a> &rarr;</p>
				<h2>' . s('Изменить вопрос') . '</h2>';
        if (count($errors)) {
            $html .= '<div class="alert alert-error"><p>' . escape($errors[0]) . '</p></div>';
        }
        $form = new Form('update_qa', false, 'post');
        $html .= '<div class="well">' . $form->start() . $form->addVariable('is_posted', 1) . $form->addVariable('action', 'update');
        foreach (Core::$config['languages'] as $url => $language) {
            $html .= $form->addString('title_' . $url, s('Вопрос') . ' ' . $language['title'], $is_posted ? request_str('title_' . $url) : $item['title_' . $url], array('class' => 'span7'));
        }
        foreach (Core::$config['languages'] as $url => $language) {
            $html .= $form->addString('group_title_' . $url, s('Группа') . ' ' . $language['title'], $is_posted ? request_str('group_title_' . $url) : $item['group_title_' . $url], array('class' => 'span7'));
        }
        foreach (Core::$config['languages'] as $url => $language) {
            $html .= $form->addString('description_' . $url, s('Ответ') . ' ' . $language['title'], $is_posted ? request_str('description_' . $url) : $item['description_' . $url], array('class' => 'span7', 'style' => 'height:250px;'));
        }
        $html .= $form->submit(s('Update')) . '</div>';
        $html .= '<script> $(document).ready(function() { $("#' . $jump_to . '").focus(); }); </script>';
        $html .= $page->stop();
        return $html;
    }
Example #25
0
<?php

#
# $Id$
#
include "include/init.php";
if (!$GLOBALS['cfg']['enable_feature_signin']) {
    $smarty->display('page_signin_disabled.txt');
    exit;
}
login_ensure_loggedout();
#
# pass through
#
$redir = request_str('redir');
$smarty->assign('redir', $redir);
#
# try and sign in?
#
if (post_str('signin')) {
    $email = post_str('email');
    $password = post_str('password');
    $smarty->assign('email', $email);
    $ok = 1;
    #
    # required fields?
    #
    if (!strlen($email) || !strlen($password)) {
        $smarty->assign('error_missing', 1);
        $ok = 0;
    }
Example #26
0
<?php

include "include/init.php";
features_ensure_enabled("signup");
login_ensure_loggedout();
#
# carry this argument through
#
$smarty->assign('redir', request_str('redir'));
#
# are we signing up?
#
if (post_str('signup')) {
    $ok = 1;
    $email = post_str('email');
    $password = post_str('password');
    $username = post_str('username');
    $redir = post_str('redir');
    $smarty->assign('email', $email);
    $smarty->assign('password', $password);
    $smarty->assign('username', $username);
    $smarty->assign('redir', $redir);
    #
    # all fields are in order?
    #
    if (!strlen($email) || !strlen($password) || !strlen($username)) {
        $smarty->assign('error_missing', 1);
        $ok = 0;
    }
    #
    # email available?
<?php

include "include/init.php";
loadlib("flickr_api");
loadlib("flickr_users");
login_ensure_loggedin($_SERVER['REQUEST_URI']);
$flickr_user = flickr_users_get_by_user_id($GLOBALS['cfg']['user']['id']);
$crumb_key = 'flickr_auth_token';
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
$perms = request_str("perms");
$perms_map = flickr_api_authtoken_perms_map();
$perms_map_str = flickr_api_authtoken_perms_map('string keys');
$GLOBALS['smarty']->assign_by_ref("perms_map", $perms_map);
if (!$perms) {
    $perms = 'read';
} elseif (!isset($perms_map_str[$perms])) {
    $GLOBALS['error'] = 'invalid_perm';
    $GLOBALS['smarty']->display("page_account_flickr_auth.txt");
    exit;
} else {
}
if ($flickr_user['auth_token']) {
    # Perms are the same; just carry on...
    if ($flickr_user['token_perms'] == $perms_map_str[$perms]) {
        $redir = get_str("redir");
        if (!$redir) {
            $redir = $GLOBALS['cfg']['abs_root_url'];
        }
        header("location: {$redir}");
        exit;
    }
Example #28
0
function crumb_check($key, $ttl = 0, $target = '')
{
    $test = request_str('crumb');
    return crumb_validate($test, $key, $ttl, $target);
}