Example #1
0
 /**
  * Sorts the Song List based on title
  * @method Sort
  * @return (SongLinkPlus_Pvm array)
  */
 public function Sort()
 {
     function scrub($val)
     {
         return trim(preg_replace('/\\s+/', ' ', preg_replace('/\\W/', ' ', strtolower($val))));
     }
     $tieBreaker = 0;
     $songsListRekeyed = array();
     $titlesList = array();
     $titleKey = '';
     foreach ($this->SongList as $song) {
         $titleKey = scrub($song->Title);
         if (!isset($temp[$titleKey])) {
             $titleKey .= ' _' . $tieBreaker . '_ugs87!';
             $tieBreaker++;
         }
         $titlesList[] = $titleKey;
         $songsListRekeyed[$titleKey] = $song;
     }
     sort($titlesList);
     $this->SongList = array();
     foreach ($titlesList as $key) {
         $this->SongList[] = $songsListRekeyed[$key];
     }
     return $this->SongList;
 }
Example #2
0
/**
 * Sanitizes data and optionally trims strings.
 *
 * All form data or any data coming from the client should be sanitized and escaped before storage or outputting to the client.
 * PHP's htmlspecialchars function prevents cross-side-scripting (XSS) by converting special characters, such as the opening and
 * closing carats in the <script> tag, to HTML entities.
 *
 * @param mixed [$data] What you want to sanitize
 * @param boolean [$trim_strings] Whether or not the function should trim strings found in $data
 * @return mixed sanitized $data
 */
function scrub($data, $trim_strings = false)
{
    // base case
    if (!isset($data)) {
        return $data;
    } else {
        if (is_string($data)) {
            if ($trim_strings) {
                $data = trim($data);
            }
            return htmlspecialchars($data);
        } else {
            if (is_array($data)) {
                $keys = array_keys($data);
                for ($i = 0, $l = count($keys); $i < $l; $i++) {
                    $data[$keys[$i]] = scrub($data[$keys[$i]], $trim_strings);
                }
                return $data;
            } else {
                if (is_object($data)) {
                    foreach ($data as $property => $value) {
                        $data->{$property} = scrub($value, $trim_strings);
                    }
                }
            }
        }
    }
    // other, e.g., boolean, number
    return $data;
}
function scrub($data)
{
    if (is_array($data) || is_object($data)) {
        $output = array();
        foreach ($data as $key => &$value) {
            $outkey = utf8_encode($key);
            if (is_array($value) || is_object($value)) {
                $outval = scrub($value);
            } else {
                $enc = mb_detect_encoding($value);
                if ($enc != "UTF-8") {
                    $outval = utf8_encode($value);
                }
            }
            $output[$outkey] = $outval;
        }
    } else {
        $output = $data;
    }
    return $output;
}
Copyright 2008 John-Paul Gignac

This file is part of Fossfactory-src.

Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$id = scrub($_REQUEST['id']);
$submissionid = intval($_REQUEST['submissionid']);
$accept = scrub($_REQUEST['accept']);
if ($accept == 'true') {
    list($rc, $err) = ff_acceptsubmission($username, $submissionid);
} elseif ($accept == 'false') {
    list($rc, $err) = ff_rejectsubmission($username, $submissionid, $_REQUEST["rejectreason"], 0);
} elseif ($accept == 'prejudice') {
    list($rc, $err) = ff_rejectsubmission($username, $submissionid, '', 1);
}
header("Location: " . projurl($id, "tab=submissions"));
?>

Example #5
0
            list($rc, $projinfo) = ff_getprojectinfo($id);
            if ($rc == 0 && $projinfo['lead'] !== '' && $projinfo['lead'] === $username) {
                $quiet = true;
            }
        }
        list($rc, $postid) = ff_createpost("{$topicid}", "{$_REQUEST['subject']}", $body, $parent, $_REQUEST["anonymous"] ? '' : $username, '', $attachments, $_REQUEST["watchthread"] ? 1 : 0, projurl($id), $quiet);
        if ($rc == 0 && $quiet) {
            // Automatically accept the change proposal
            header("Location: handlechange.php?" . "project={$id}&post={$postid}&accept=1");
            exit;
        }
        header("Location: " . projurl($id, "post={$postid}" . ($parent ? "#p{$parent}" : "")));
        exit;
    }
} elseif (substr($topicid, 0, 5) == 'spect') {
    $disputeid = scrub($_REQUEST['disputeid']);
    $id = substr($topicid, 5);
    if (isset($_REQUEST["subject"])) {
        list($rc, $postid) = ff_createpost("{$topicid}", "{$_REQUEST['subject']}", "{$_REQUEST['body']}", $parent, $_REQUEST["anonymous"] ? '' : $username, '', $attachments, $_REQUEST["watchthread"] ? 1 : 0, "dispute.php?id={$disputeid}");
        header("Location: dispute.php?id={$disputeid}&post={$postid}" . ($parent ? "#p{$parent}" : ""));
        exit;
    }
} elseif (substr($topicid, 0, 4) == 'proj') {
    $id = substr($topicid, 4);
    if ($username !== '' && $_REQUEST["watchproject"]) {
        al_createwatch('$id-news', $username);
    }
    if (isset($_REQUEST["subject"])) {
        list($rc, $postid) = ff_createpost("{$topicid}", "{$_REQUEST['subject']}", "{$_REQUEST['body']}", $parent, $_REQUEST["anonymous"] ? '' : $username, '', $attachments, $_REQUEST["watchthread"] ? 1 : 0, projurl($id));
        header("Location: " . projurl($id, "post={$postid}" . ($parent ? "#p{$parent}" : "")));
        exit;
Example #6
0
error_log(date("Y-m-d H:i:s ") . "Successful PDT: {$info['txn_id']} {$info['txn_type']} {$err}\n{$dump}\n", 3, "{$GLOBALS['DATADIR']}/ipn-errors.log");
$custom = explode("/", $info["custom"]);
if ($info["txn_type"] === 'subscr_payment') {
    if ($custom[4]) {
        header("Location: " . projurl(urlencode($custom[4])));
    } else {
        header("Location: account.php?tab=subscription");
    }
    exit;
}
list($rc, $currencies) = ff_currencies();
if ($rc) {
    print "Error fetching currencies: {$rc} {$currencies}";
    exit;
}
$code = $info["mc_currency"];
$mult = $currencies[$code]["multiplier"];
$gross = round($info["mc_gross"] * $mult);
$fee = round($info["mc_fee"] * $mult);
if ($err !== 'Success' && $err !== 'Repeated transaction') {
    // It was a project creation
    header("Location: createdproject.php?p=" . scrub($err) . "&amt={$gross}{$code}");
    exit;
}
if (sizeof($custom) == 1) {
    // The transaction was a direct reserve deposit
    header("Location: account.php?tab=reserve&err=deposit" . "&currency={$code}&gross={$gross}&fee={$fee}");
    exit;
}
header("Location: " . projurl($custom[1], "pp_err={$no_transfer}" . "&currency={$code}&gross={$gross}&fee={$fee}"));
exit;
Example #7
0
This file is part of Fossfactory-src.

Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$id = scrub($id);
$hostname = $_SERVER["HTTP_HOST"];
if ($hostname === "www.fossfactory.org") {
    $hostname = "git.fossfactory.org";
}
list($rc, $submissions) = ff_getsubmissions($id);
// Remove from the list any projects that have been rejected with prejudice
$s = array();
foreach ($submissions as $key => $submission) {
    if ($submission["status"] === 'prejudice' && intval($_REQUEST["s"]) != intval($submission["id"])) {
        continue;
    }
    $s[$key] = $submission;
}
$submissions = $s;
if ($rc || sizeof($submissions) == 0) {
Example #8
0
Copyright 2008 John-Paul Gignac

This file is part of Fossfactory-src.

Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$id = scrub($_REQUEST["id"]);
$tab = scrub($_REQUEST["tab"]);
if ($_GET['type'] == 'project') {
    $stop = intval($_REQUEST["stop"]);
    if ($GLOBALS["username"]) {
        ff_setvote($GLOBALS["username"], $id, !$stop);
    }
}
if ($_GET['type'] == 'funding' && ($_GET['vote'] == 'more' || $_GET['vote'] == 'less')) {
    if ($GLOBALS['username']) {
        ff_setfundingvote($GLOBALS['username'], $id, $_GET['vote'] == 'more');
    }
}
header("Location: " . projurl($id, $tab ? "tab={$tab}" : ""));
Example #9
0
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$searchkeyword = scrub($_REQUEST['q']);
$sort = scrub($_REQUEST['sort']);
if ($_REQUEST['limit'] != '') {
    $limit = intval($_REQUEST['limit']);
}
if (isset($_REQUEST['offset'])) {
    $offset = intval($_REQUEST['offset']);
}
$id = scrub("{$_REQUEST['id']}");
$amount = "{$_REQUEST['amount']}";
apply_template("Browse Projects", array(array("name" => "Projects", "href" => "browse.php")), '', array('style', 'header-style', 'footer-style', 'browse-style'));
include_once "formattext.php";
?>
<h1>Browse Projects</h1>
<script src="folder.js"></script>
<script>
function set_showpoor() {
    document.getElementById('browse_table').className =
        document.getElementById('showpoor').checked ? '' : 'hidepoor';
}
</script>
<style>
#browse_table.hidepoor .nobounty {
    display: none;
Example #10
0
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$parentid = scrub($_REQUEST["id"]);
//get subprojects of project
list($rc, $subprojects) = ff_getsubprojects($parentid);
if ($rc) {
    print "Internal error: {$rc} {$subprojects}";
    exit;
}
foreach ($subprojects as $subproject) {
    $allotment = round($_REQUEST["sub{$subproject['id']}"] * 10);
    if (isset($_REQUEST["sub{$subproject['id']}"]) && $allotment >= 0 && $allotment <= 1000 && (!$subproject["allotted"] || $allotment != $subproject["allotment"])) {
        ff_setallotment($username, $parentid, $subproject['id'], $allotment);
    }
    $priority = scrub($_REQUEST["pri{$subproject['id']}"]);
    if ($priority !== $subproject["priority"]) {
        ff_setpriority($username, $parentid, $subproject['id'], $priority);
    }
}
header("Location: " . projurl($parentid, "tab=subprojects"));
exit;
Example #11
0
$basedir = str_replace('packages/sys/display', '', dirname(__FILE__));
$path = $basedir . 'managed_code/cache/';
$name = 'js_register_' . $_GET['plugin_file'] . '.php';
if (file_exists($path . $name)) {
    $to_del = $path . $name;
    $incfiles = unserialize(file_get_contents($path . $name));
    foreach ($incfiles as $file_name => $params) {
        if ($file_name != 'onload') {
            $filter = '/[^A-Za-z_0-9.\\/]/';
            $plugin_path = scrub($params['plugin_path']);
            $clean_file_name = scrub($file_name);
            if (isset($params['args'])) {
                foreach ($params['args'] as $name => $value) {
                    $clean_name = scrub($name);
                    if (!isset(${$clean_name})) {
                        ${$clean_name} = scrub($value);
                    } else {
                        trigger_error('Ahh! namespace conflict with variable: ' . $clean_name);
                    }
                }
            }
            require_once $basedir . $plugin_path . $clean_file_name . '.js.php';
        } else {
            echo $params;
        }
    }
    unlink($to_del);
}
function scrub($data)
{
    /*        $filter = '/[^A-Za-z_0-9.\/]/';
Example #12
0
Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$p = scrub($_REQUEST["p"]);
$reqmts = "{$_REQUEST['reqmts']}";
$priority = scrub($_REQUEST["priority"]);
$allotment = floatval($_REQUEST["allotment"]);
if (!$p) {
    exit;
}
list($rc, $parent) = ff_getprojectinfo($p);
if ($rc) {
    print "System error: {$rc} {$parent}";
    softexit();
}
if (trim($reqmts)) {
    if ($_REQUEST["stopspam"] !== 'yes') {
        exit;
    }
    $tempdir = "{$GLOBALS['DATADIR']}/tempattachments/{$sid}";
    $attachments = array();
Example #13
0
?>
&quot;">
    <input type="hidden" name="currency_code" value="<?php 
echo $GLOBALS["pref_currency"];
?>
">
    <input type="hidden" name="no_note" value="1">
    <input type="hidden" name="no_shipping" value="1">
    <input type="hidden" name="tax" value="0">
    <input type="hidden" name="bn" value="PP-SponsorshipsBF">
    <input type="hidden" name="return" value="<?php 
echo htmlentities($GLOBALS["SITE_URL"]);
?>
paypal-return.php">
    <input type="hidden" name="cancel_return" value="<?php 
echo htmlentities($GLOBALS["SITE_URL"]) . projurl($id, "tab=" . scrub($_REQUEST["tab"]));
?>
">
    <input type="hidden" name="notify_url" value="<?php 
echo htmlentities($GLOBALS["SITE_URL"]);
?>
paypal-ipn.php">
    <input type="hidden" name="custom" value="<?php 
echo htmlentities($username);
?>
/<?php 
echo $id;
?>
">
    <div>
    Sponsorship Amount: <?php 
Example #14
0
                 $item = new FeedItem();
                 $item->title = $e['subject'];
                 $item->link = $GLOBALS['SITE_URL'] . $e['url'];
                 $item->date = (int) $e['time'];
                 $item->description = formatText($e['body']);
                 $rss->addItem($item);
             }
         }
     }
     $rss->title = '[FF] ' . $pname;
     $rss->description = 'Recent events affecting FOSS Factory project \'' . $pname . '\'';
     $rss->link = $GLOBALS['SITE_URL'] . projurl($pid);
 } else {
     if ($_GET['src'] == 'userevents') {
         include_once "formattext.php";
         $user = scrub($_GET['u']);
         list($rc, $watching) = al_getwatches($user);
         if ($rc == 0) {
             foreach ($watching as $w) {
                 list($rc, $events) = al_getrecentevents('watch:' . $w['eventid']);
                 if ($rc != 0) {
                     continue;
                 }
                 foreach ($events as $e) {
                     $item = new FeedItem();
                     $item->title = $e['subject'];
                     $item->link = $GLOBALS['SITE_URL'] . $e['url'];
                     $item->date = (int) $e['time'];
                     $item->description = formatText($e['body']);
                     $rss->addItem($item);
                 }
Example #15
0
This file is part of Fossfactory-src.

Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$id = scrub($_REQUEST['id']);
if ($GLOBALS['username'] == '') {
    print "sorry, must login first";
    softexit();
}
include_once 'formattext.php';
// Get the project info
list($rc, $projinfo) = ff_getprojectinfo($id);
if ($rc == 2) {
    print "No such project: {$id}";
    softexit();
}
$iserror = false;
$filenames = '';
if (isset($_REQUEST['submit'])) {
    foreach ($_FILES["thefile"]["error"] as $key => $error) {
Example #16
0
<?php

/*
Copyright 2008 John-Paul Gignac

This file is part of Fossfactory-src.

Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$memberid = scrub($_REQUEST['u']);
header("HTTP/1.1 301 Moved Permanently");
header("Location: rss.php?src=duties&u={$memberid}");
             print "Modifying a non-existent subscription.";
             exit;
         }
         $details = webscr_parse_file($subscr_file);
         $details["currency"] = $_REQUEST["currency_code"];
         $details["amount"] = $_REQUEST["a3"];
         $IPN = $PDT = array("txn_type" => "subscr_modify", "recurring" => "1", "mc_currency" => $_REQUEST["currency_code"], "custom" => $_REQUEST["custom"], "charset" => "windows-1252", "notify_version" => 2.4, "period3" => "1 M", "mc_amount3" => $_REQUEST["a3"]);
     } else {
         if (file_exists($subscr_file)) {
             print "Subscription already exists: {$subscr_file}";
             exit;
         }
         $now = time();
         $details = array("currency" => $_REQUEST["currency_code"], "amount" => $_REQUEST["a3"], "custom" => $_REQUEST["custom"], "business" => $_REQUEST["business"], "txn_id" => $txn_id, "payer_email" => "*****@*****.**", "period3" => "1 M", "first_name" => "Richard", "last_name" => "Mann", "item_name" => $_REQUEST["item_name"], "item_number" => $_REQUEST["item_number"], "subscr_date" => date("H:i:s M d, Y T", $now), "delay" => isset($_REQUEST["delay"]) ? 'yes' : 'no', "due" => $now);
         $PDT = array("txn_type" => "subscr_payment", "payment_date" => date("H:i:s M d, Y T", $now), "subscr_id" => "S-" . scrub(microtime()), "last_name" => "Mann", "residence_county" => "CA", "item_name" => $_REQUEST["item_name"], "payment_gross" => '', "mc_currency" => $_REQUEST["currency_code"], "business" => $_REQUEST["business"], "payer_email" => "*****@*****.**", "txn_id" => $txn_id, "receiver_email" => $_REQUEST["business"], "first_name" => "Richard", "payment_status" => "Cleared", "mc_gross" => $_REQUEST["a3"], "mc_fee" => format_for_entryfield(max(100, round($_REQUEST["a3"] * 0.05 * $currency["multiplier"])), $currency["code"]), "custom" => $_REQUEST["custom"], "charset" => "windows-1252", "notify_version" => 2.4);
         $IPN = array("txn_type" => "subscr_signup", "subscr_id" => "S-" . scrub(microtime()), "last_name" => "Mann", "residence_county" => "CA", "mc_currency" => $_REQUEST["currency_code"], "item_name" => $_REQUEST["item_name"], "business" => $_REQUEST["business"], "recurring" => "1", "payer_email" => "*****@*****.**", "first_name" => "Richard", "receiver_email" => $_REQUEST["business"], "item_number" => $_REQUEST["item_number"], "subscr_date" => date("H:i:s M d, Y T", $now), "custom" => $_REQUEST["custom"], "charset" => "windows-1252", "notify_version" => 2.4, "period3" => "1 M", "mc_amount3" => $_REQUEST["a3"]);
     }
     // Write the subscription details
     webscr_write_array($subscr_file, $details);
 } else {
     if ($_REQUEST["cmd"] === "_subscr-find") {
         $subscr_file = "{$GLOBALS['DATADIR']}/fake-paypal/subscriptions/" . urlencode($GLOBALS["username"]);
         if (!file_exists($subscr_file)) {
             print "Trying to cancel a non-existent subscription.";
             exit;
         }
         $details = webscr_parse_file($subscr_file);
         unlink($subscr_file);
         // This is for cancelling a subscription.
         $IPN = array("txn_type" => "subscr_cancel", "last_name" => $details["last_name"], "residence_county" => "CA", "mc_currency" => "CAD", "item_name" => $details["item_name"], "business" => $_REQUEST["alias"], "recurring" => "1", "payer_email" => $details["payer_email"], "first_name" => $details["first_name"], "receiver_email" => $_REQUEST["alias"], "item_number" => $details["item_number"], "custom" => $details["custom"], "charset" => "windows-1252", "notify_version" => "2.4", "period3" => $details["period3"], "mc_amount3" => $details["amount"]);
     } else {
Example #18
0
File: mail.php Project: slipak/CV-S
<?php

if (isset($_POST['LinkedInName']) && isset($_POST['LinkedInHeadline']) && isset($_POST['LinkedInProfile']) && isset($_POST['vacancyTitle'])) {
    $to = '*****@*****.**';
    $subject = 'Send Profile LinkedIn';
    $message = '
            <html>
                <head>
                    <title>' . $subject . '</title>
                </head>
                <body>
                    <p><strong>Vacancy: </strong>' . $_POST['vacancyTitle'] . '</p>
                    <p><strong>Name: </strong>' . $_POST['LinkedInName'] . '</p>
                    <p><strong>Position: </strong>' . $_POST['LinkedInHeadline'] . '</p>
                    <p><strong>Profile link: </strong><a href="' . $_POST['LinkedInProfile'] . '">' . $_POST['LinkedInProfile'] . '</a></p>
                </body>
            </html>';
    $headers = "Content-type: text/html; charset=utf-8 \r\n";
    mail($to, $subject, $message, $headers);
}
function scrub($text)
{
    return htmlspecialchars(trim($text));
}
if (isset($_POST['Message']) && isset($_POST['Name']) && isset($_POST['Email'])) {
    echo mail('*****@*****.**', 'CoreValue website contact form message', scrub($_POST['Message']), 'From: ' . scrub($_POST['Name']) . ' <' . scrub($_POST['Email']) . '>' . PHP_EOL);
}
Example #19
0
if ($auth !== 'admin' && $auth !== 'arbiter') {
    print "Not Authorized.";
    exit;
}
if ($_REQUEST["accept"]) {
    $dispute = scrub($_REQUEST["id"]);
    list($rc, $err) = ff_assigndispute($dispute, $username);
    if ($rc) {
        print "Error: {$rc} {$err}";
        exit;
    }
    header("Location: arbitration.php");
    exit;
}
if ($_REQUEST["relinquish"]) {
    $dispute = scrub($_REQUEST["id"]);
    list($rc, $err) = ff_unassigndispute($dispute);
    if ($rc) {
        print "Error: {$rc} {$err}";
        exit;
    }
    header("Location: arbitration.php");
    exit;
}
apply_template("Arbitration", array(array("name" => "Arbitration", "href" => "arbitration.php")));
list($rc, $disputes) = ff_getactivedisputes();
if ($rc) {
    print "Error: {$rc} {$disputes}";
    softexit();
}
if (sizeof($disputes) == 0) {
Example #20
0
    }
    return $ipaddress;
}
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$cwd = "/var/www/html/";
$ret = "";
$stdout = "";
$stderr = "";
if (isset($_POST['nslookup']) && $_POST['nslookup'] != "") {
    $f = fopen("logs", 'a');
    fwrite($f, getClientIp() . " -- " . $_POST['nslookup'] . "\n");
    if (!preg_match('/^(?!\\-)(?:[a-zA-Z\\d\\-]{0,62}[a-zA-Z\\d]\\.){1,126}(?!\\d+)[a-zA-Z\\d]{1,63}/', $_POST['nslookup'])) {
        $stdout = "That wasn't a real domain...";
    } else {
        $_POST['nslookup'] = str_replace(">", " ", $_POST['nslookup']);
        $_POST['nslookup'] = scrub($_POST['nslookup']);
        //$ret = exec('ping -c 1 \'' . $_POST['ping'] . "'", $pingResults);
        $ret = proc_open('nslookup \'' . $_POST['nslookup'] . "'", $descriptorspec, $pipes, $cwd);
        //parse stdout so formatting is preserved
        $stdout = stream_get_contents($pipes[1]);
        $stdout = htmlentities($stdout);
        //prevent xss
        fclose($pipes[1]);
        $stdout = str_replace("\n", "<br>", $stdout);
    }
}
?>

<form action="index.php" method="POST" onsubmit="return validate();">
	<div>
		<h1 style="margin-bottom: 5px;">Make DNS queries with nslookup!</h1>
function paypal_handle_info($info)
{
    list($rc, $currencies) = ff_currencies();
    if ($rc) {
        return array(1, $currencies);
    }
    // Make sure the currency is supported.
    if (!isset($currencies[$info["mc_currency"]])) {
        return array(4, "Unsupported currency: {$info['mc_currency']}");
    }
    $currency = $currencies[$info["mc_currency"]];
    $custom = explode("/", $info["custom"]);
    $username = scrub("{$custom['0']}");
    $subscr_distribution = "{$custom['3']}";
    if ($username !== '') {
        list($rc, $memberinfo) = ff_getmemberinfo($username);
        if ($rc) {
            return array($rc, $memberinfo);
        }
    }
    if ($info["txn_type"] === 'subscr_payment' || $info["txn_type"] === 'subscr_signup' || $info["txn_type"] === 'subscr_modify') {
        // The person is setting up a subscription.
        // Make sure that everything is as we expect.
        if ($info["txn_type"] !== 'subscr_payment' && ($info["recurring"] !== '1' || $info["period3"] !== '1 M' || $info["period1"] || $info["period2"])) {
            return array(4, "Invalid subscription settings.");
        }
        $gross = $info["txn_type"] === 'subscr_payment' ? $info["mc_gross"] : $info["mc_amount3"];
        $amount = round($gross * $currency["multiplier"]) . $currency["code"];
        if ($amount !== $memberinfo["subscription_fee"]) {
            // This is the first we've heard of this.
            // Note that we might get two messages at the same time.  So
            // we have to be careful to make sure that nothing bad happens
            // in that case.
            // It's very important that we only do this part on the
            // *very first* time that this payment amount arrives.
            // Otherwise, if the user ever rearranges his sponsorships,
            // the values will be overridden the next time a payment arrives.
            $sponsorships = false;
            if ($subscr_distribution !== '') {
                $subscr_distribution = explode("&", $subscr_distribution);
                $sponsorships = array();
                foreach ($subscr_distribution as $key_value) {
                    if (!ereg("^([^=]*)=([^=]*)\$", $key_value, $parts)) {
                        continue;
                    }
                    $key = $parts[1];
                    if ($key === '') {
                        // Some other process took care of it for us.
                        $sponsorships = false;
                        break;
                    }
                    $sponsorships[$key] = $parts[2] . $currency["code"];
                }
            }
            $rc = ff_setsubscription($username, $amount, "monthly", $sponsorships);
            if ($rc[0]) {
                return $rc;
            }
        }
        if ($info["txn_type"] !== 'subscr_payment') {
            return array(0, "Success");
        }
    }
    if ($info["txn_type"] === 'subscr_cancel') {
        if ($memberinfo["subscription_amount"]) {
            return ff_cancelsubscription($username);
        }
        return array(0, "Subscription already cancelled.");
    }
    if ($info["txn_type"] === 'subscr_failed' || $info["txn_type"] === 'subscr_eot') {
        // Ignore IPNs we don't know what to do with.
        return array(0, "Huh?");
    }
    // We must reject pending payments because they don't necessarily
    // include the transaction fee.
    if ($info["payment_status"] === 'Pending') {
        return array(4, "Payment not complete");
    }
    // The message is a verified transfer of funds.  Now let's make sure
    // it's a valid sponsorship.
    // Make sure the payment is directed to us
    if ($info["receiver_email"] !== conf("paypal_business")) {
        return array(4, "Wrong recipient: {$info['receiver_email']}");
    }
    // Make sure it's not old.  This is because old sponsorship records may be
    // moved out of the database and archived, so they can't be compared
    // against to see if the current transaction is a repeat.
    if (strtotime($info["payment_date"]) < time() - 3 * 3600 * 24 * 7) {
        return array(7, "IPN too old, probably a repeat: {$info['payment_date']}");
    }
    $multiplier = intval("1" . str_repeat("0", $currency["decimal_places"]));
    $amount = intval(round(floatval($info["mc_gross"]) * $multiplier));
    if ($amount >= 2000000000) {
        return array(4, "Amount too large to handle: {$info['mc_gross']}");
    }
    $fee = intval(round(floatval($info["mc_fee"]) * $multiplier));
    if ($fee >= $amount) {
        return array(4, "Fee too big: {$info['mc_fee']} >= {$info['mc_gross']}");
    }
    if ($amount < 0 || $fee < 0) {
        return array(4, "Negative money: {$info['mc_fee']} {$info['mc_gross']}");
    }
    // Compute the net amount after deducting the transaction fee.
    $netamount = $amount - $fee;
    $projectid = "{$custom['1']}";
    if ($username !== '') {
        list($rc, $err) = ff_receivefunds($username, "{$netamount}{$currency['code']}", "paypal-{$info['txn_id']}", "{$fee}{$currency['code']}", $info["txn_type"] === 'subscr_payment', "{$info['first_name']} {$info['last_name']}", $info["payer_email"], $info["residence_country"], $info["address_zip"]);
        if ($rc == 7) {
            return array(0, "Repeated transaction");
        }
        if ($rc) {
            return array(1, $err);
        }
    }
    $retval = "Success";
    if ($projectid !== '') {
        if (ereg("[1-9]", "{$netamount}")) {
            // Direct the sponsorship to the specified project.
            list($rc, $err) = ff_setsponsorship($projectid, $username, "{$netamount}{$currency['code']}", true);
            if ($rc) {
                return array(8, $err);
            }
        }
    }
    return array(0, $retval);
}
Example #22
0
<?php

/*
Copyright 2008 John-Paul Gignac

This file is part of Fossfactory-src.

Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$id = scrub($_REQUEST["id"]);
if ($username !== '') {
    ff_resignlead($id, $username);
}
header("Location: " . projurl($id));
Example #23
0
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
if ($username === '') {
    $msg = "To create a new project, you need to be logged in.";
    include "login.php";
    softexit();
}
$draftid = scrub($_REQUEST["draft"]);
if (isset($_REQUEST["name"])) {
    $name = "{$_REQUEST['name']}";
    $reqmts = "{$_REQUEST['reqmts']}";
    // Assume English numbers: 1,000,000.01 OR 1 000 000.01 -> 1000000.01
    $fundgoal = (double) str_replace(array(' ', ','), '', $_REQUEST['fundgoal']);
} else {
    if ($draftid) {
        list($rc, $drafts) = ff_getprojectdrafts($username);
        if ($rc) {
            exit;
        }
        $name = $drafts[$draftid]["name"];
        $reqmts = $drafts[$draftid]["reqmts"];
        $fundgoal = (double) $drafts[$draftid]["funding_goal"] / 100.0;
    }
Example #24
0
        echo date("M j, Y g:ia", $submission["date"]);
        ?>
 by <?php 
        echo htmlentities($submission["username"]);
        ?>
</a>
<?php 
    }
} else {
    if ($disputeinfo["type"] === 'badchange') {
        list($rc, $reqmtshistory) = ff_getreqmtshistory($projectinfo["id"]);
        if (!$rc) {
            include_once "diff.php";
            foreach ($reqmtshistory as $reqmtschange) {
                if ($reqmtschange["postid"] == intval($disputeinfo["object"])) {
                    $post = scrub(ereg_replace(":.\$", "", $disputeinfo["object"]));
                    $patch = ereg_replace("^[^:]*:", "", $disputeinfo["object"]);
                    ?>
    <br><a href="<?php 
                    echo projurl($projectinfo["id"], "post={$post}");
                    ?>
"><?php 
                    echo date("M j, Y g:ia", $reqmtschange["time"]);
                    ?>
 - <?php 
                    echo htmlentities($reqmtschange["subject"]);
                    ?>
</a>
    </td></tr>
    <tr><td valign=top width="0%"><b>Disputed Change:</b></td><td width="100%" colspan=2>
        <div style="border:1px solid #808080;padding:1em"><?php 
Example #25
0
        }
    }
    return $ipaddress;
}
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$cwd = "/var/www/html/";
$ret = "";
$stdout = "";
$stderr = "";
if (isset($_POST['ping']) && $_POST['ping'] != "") {
    //write entry to log file
    $f = fopen("logs", 'a');
    fwrite($f, getClientIp() . " -- " . $_POST['ping'] . "\n");
    //do some sanitization
    $_POST['ping'] = str_replace(">", " ", $_POST['ping']);
    $_POST['ping'] = scrub($_POST['ping']);
    //$ret = exec('ping -c 1 \'' . $_POST['ping'] . "'", $pingResults);
    $ret = proc_open('ping -c 1 \'' . $_POST['ping'] . "'", $descriptorspec, $pipes, $cwd);
    //parse stdout so formatting is preserve
    $stdout = stream_get_contents($pipes[1]);
    $stdout = htmlentities($stdout);
    //prevent xss
    fclose($pipes[1]);
    $stdout = str_replace("\n", "<br>", $stdout);
    //parse stderr the same
    $stderr = stream_get_contents($pipes[2]);
    $stderr = htmlentities($stderr);
    //prevent xss
    fclose($pipes[2]);
    $stderr = str_replace("\n", "<br>", $stderr);
}
Example #26
0
Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$project = scrub($_REQUEST["project"]);
$post = scrub($_REQUEST["post"]);
$accept = intval($_REQUEST["accept"]);
function error($rc, $err)
{
    header("Location: " . projurl($GLOBALS["project"], "err=" . urlencode("{$rc} {$err}")));
    exit;
}
// Get the post info
list($rc, $postinfo) = ff_getpostinfo($post);
if ($rc) {
    error($rc, $postinfo);
}
$subject = $postinfo["subject"];
// Get the project info
list($rc, $projinfo) = ff_getprojectinfo($project);
if ($rc) {
Example #27
0
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
?>
<html>
<body>
<script>
<?php 
include_once "forum.php";
$postid = scrub($_REQUEST["postid"]);
$topid = scrub($_REQUEST["topid"]);
$topicid = scrub($_REQUEST['topicid']);
if (!$topid) {
    $topid = $postid;
}
ob_start();
list($rc, $top) = ff_getpostinfo($topid);
list($rc, $post) = ff_getpostinfo($postid);
$ancestors = $post["ancestors"];
$ancestors[] = $postid;
// Make sure we have all of the children of each post in the ancestry.
// Also, populate $openids with the list of ancestors to be opened.
$openids = array();
$foundtop = 0;
$curpost = false;
foreach ($ancestors as $ancestor) {
    if ($ancestor == $topid) {
Example #28
0
function getduties($username)
{
    $username = scrub($username);
    list($rc, $duties) = ff_getduties($username);
    if ($rc) {
        return array($rc, $duties);
    }
    $result = array();
    foreach ($duties as $key => $duty) {
        list($rc, $projectinfo) = ff_getprojectinfo($duty["projectid"]);
        if ($rc) {
            return array($rc, $projectinfo);
        }
        $deadline = $duty["deadline"];
        $tag = $deadline ? "newduty2" : "newduty";
        if ($duty["type"] == 'dispute-plaintiff') {
            list($rc, $disputeinfo) = ff_getdisputeinfo($duty["id"]);
            if ($rc) {
                return array($rc, $disputeinfo);
            }
            $link = "dispute.php?id={$duty['id']}&requser={$username}";
            $macros = array("subject" => $disputeinfo["subject"], "projectname" => $projectinfo["name"]);
            $textid = "plaintiff";
        } else {
            if ($duty["type"] == 'dispute-defendant') {
                list($rc, $disputeinfo) = ff_getdisputeinfo($duty["id"]);
                if ($rc) {
                    return array($rc, $disputeinfo);
                }
                $link = "dispute.php?id={$duty['id']}&requser={$username}";
                $macros = array("subject" => $disputeinfo["subject"], "username" => $disputeinfo["plaintiff"], "projectname" => $projectinfo["name"], "deadline" => date("D F j, H:i:s T", $deadline));
                if (sizeof($disputeinfo["arguments"] == 1)) {
                    $textid = "{$tag}-newdispute";
                } else {
                    $textid = "{$tag}-dispute";
                }
            } else {
                if ($duty["type"] == 'new-subproject') {
                    list($rc, $pinfo) = ff_getprojectinfo($duty["id"]);
                    if ($rc) {
                        return array($rc, $pinfo);
                    }
                    $link = projurl($duty["projectid"], "tab=subprojects&requser={$username}");
                    $macros = array("projectname" => $pinfo["name"], "parentname" => $projectinfo["name"], "deadline" => date("D F j, H:i:s T", $deadline));
                    $textid = "{$tag}-newsubproject";
                } else {
                    if ($duty["type"] == 'code submission') {
                        // Hide code submission duties on accepted projects
                        if ($projectinfo["status"] == 'accept') {
                            continue;
                        }
                        list($rc, $sinfo) = ff_getsubmissioninfo($duty["id"]);
                        if ($rc) {
                            return array($rc, $sinfo);
                        }
                        $link = projurl($duty["projectid"], "tab=submissions&requser={$username}#submission{$duty['id']}");
                        $macros = array("projectname" => $projectinfo["name"], "submitter" => $sinfo["username"], "deadline" => date("D F j, H:i:s T", $deadline));
                        $textid = "{$tag}-submission";
                    } else {
                        if ($duty["type"] == 'change proposal') {
                            list($rc, $postinfo) = ff_getpostinfo($duty["id"]);
                            if ($rc) {
                                return array($rc, $postinfo);
                            }
                            $link = projurl($duty["projectid"], "requser={$username}&post={$duty['id']}");
                            $macros = array("projectname" => $projectinfo["name"], "submitter" => $postinfo["owner"], "deadline" => date("D F j, H:i:s T", $deadline));
                            $textid = "{$tag}-changeproposal";
                        }
                    }
                }
            }
        }
        list($rc, $subject) = ff_gettext("{$textid}-subject", $macros);
        if ($rc) {
            return array($rc, $subject);
        }
        list($rc, $body) = ff_gettext("{$textid}-body", $macros);
        if ($rc) {
            return array($rc, $body);
        }
        $duty["link"] = $link;
        $duty["subject"] = $subject;
        $duty["body"] = $body;
        $result[$key] = $duty;
    }
    return array(0, $result);
}
Example #29
0
This file is part of Fossfactory-src.

Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$p = scrub($_REQUEST["p"]);
$amt = "{$_REQUEST['amt']}";
apply_template("Project Created", array(array("name" => "Project Created", "href" => "createdproject.php?p={$p}&amt=" . urlencode($amt))));
?>
<div class=results>
Thank you for creating a new FOSS Factory project.  Your payment of
<?php 
echo format_money($amt);
?>
 has been received.  A receipt
has been emailed to you.  You may log into your account at
<a href="http://www.paypal.com/">www.paypal.com</a> to view details of
the transaction.

<p>
<a href="<?php 
Example #30
0
/*
Copyright 2008 John-Paul Gignac

This file is part of Fossfactory-src.

Fossfactory-src is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Fossfactory-src is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with Fossfactory-src.  If not, see <http://www.gnu.org/licenses/>.
*/
$memberid = scrub($_REQUEST['memberid']);
$projectid = scrub($_REQUEST['p']);
if ($projectid) {
    header("HTTP/1.1 301 Moved Permanently");
    header('Location: rss.php?src=projectevents&p=' . $projectid);
    exit;
}
if ($memberid) {
    header("HTTP/1.1 301 Moved Permanently");
    header('Location: rss.php?src=memberevents&p=' . $memberid);
    exit;
}