function render() { $result = new Dto_FormResult('notsubmitted'); # check the users' permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_spotdetail, ''); $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_spotdetail, ''); # and actually retrieve the spot $fullSpot = ''; try { $svcActn_GetSpot = new Services_Actions_GetSpot($this->_settings, $this->_daoFactory, $this->_spotSec); $fullSpot = $svcActn_GetSpot->getFullSpot($this->_currentSession, $this->_messageId, true); $fullSpot = str_replace("[br]", "\n", $fullSpot); } catch (Exception $ex) { $result->addError($ex->getMessage()); } # catch # and create a nice and shiny page title $this->_pageTitle = "spot: edit spot"; /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_spotForm['action']; # Only perform certain validations when the form is actually submitted if (!empty($formAction)) { switch ($formAction) { case 'delete': # check permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_spot, ''); # assume success $result->setResult('success'); # remove the spot from the database $svcSpotEditor = new Services_Posting_Editor($this->_daoFactory, $this->_currentSession); $svcSpotEditor->deleteSpot($this->_messageId); break; # case 'delete' # case 'delete' case 'edit': # create a fullspot xml from the data entered by the user and the original fullspot $svcSpotEditor = new Services_Posting_Editor($this->_daoFactory, $this->_currentSession); $result = $svcSpotEditor->updateSpotXml($fullSpot, $this->_spotForm); if ($result->isSuccess()) { # update the spot in the database $svcSpotEditor->updateSpot($this->_messageId, $result->getData('spotxml')); } # if break; # case 'edit' } # switch } # if #- display stuff -# $this->template('editspot', array('editspotform' => $fullSpot, 'result' => $result)); }
function renderResultMessagesHtml(Dto_FormResult $result) { echo PHP_EOL . '<ul class="formerrors">' . PHP_EOL; foreach ($result->getErrors() as $formError) { echo " <li>" . $formError . "</li>" . PHP_EOL; } # foreach echo '</ul>' . PHP_EOL; echo PHP_EOL . '<ul class="forminformation">' . PHP_EOL; foreach ($result->getInfo() as $formInfo) { echo " <li>" . $formInfo . "</li>" . PHP_EOL; } # foreach echo '</ul>' . PHP_EOL; }
public function updateSpotXml($fullSpot, $updatesToApply) { $result = new Dto_FormResult(); /* * before we merge we first want to clean the form from the stuff * we don't want to merge with the original spot */ $spot = $this->cleanseUpdates($updatesToApply); /* * subcat must be an array so let's make it an array if it is not, * otherwise we get in trouble in the verifyCategories() method */ if (!is_array($spot['subcatb'])) { $spot['subcatb'] = array(); } if (!is_array($spot['subcatc'])) { $spot['subcatc'] = array(); } if (!is_array($spot['subcatd'])) { $spot['subcatd'] = array(); } # Verify several properties from the caller $result->addData('spot', $spot); $result = $this->_spotValidator->verifyTitle($result); $result = $this->_spotValidator->verifyBody($result); $result = $this->_spotValidator->verifyCategories($result); $result = $this->_spotValidator->verifyWebsite($result); $result = $this->_spotValidator->verifyTag($result); /* * Retrieve the spot information from the result, * and remove it again. We do not want to send the * whole spot back to the caller */ $spot = $result->getData('spot'); $result->removeData('spot'); if ($result->isSuccess()) { # We now merge the cleaned edit form into the original spot $spot = array_merge($fullSpot, $spot); $imageInfo = array('height' => $spot['image']['height'], 'width' => $spot['image']['width'], 'segments' => $spot['image']['segment']); $nzbSegmentList = $spot['nzb']; # Parse the updated spot to an XML structure $spotCreator = new Services_Format_Creation(); $spotXml = $spotCreator->convertSpotToXml($spot, $imageInfo, $nzbSegmentList); $result->addData('spotxml', $spotXml); } # if return $result; }
function render() { $result = new Dto_FormResult('notsubmitted'); # Check permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_login, ''); /* * Create a default SpotUser so the form is always able to render * the values of the form */ $credentials = array('username' => '', 'password' => ''); # Instantiate the Spot user system $svcUserAuth = new ServiceS_User_Authentication($this->_daoFactory, $this->_settings); # set the page title $this->_pageTitle = "spot: login"; # bring the form action into the local scope $formAction = $this->_loginForm['action']; # Are we already submitting the form login? if (!empty($formAction)) { # make sure we can simply assume all fields are there $credentials = array_merge($credentials, $this->_loginForm); $tryLogin = $svcUserAuth->authenticate($credentials['username'], $credentials['password']); if (!$tryLogin) { /* Create an audit event */ if ($this->_settings->get('auditlevel') != SpotSecurity::spot_secaudit_none) { $spotAudit = new SpotAudit($this->_daoFactory, $this->_settings, $this->_currentSession['user'], $this->_currentSession['session']['ipaddr']); $spotAudit->audit(SpotSecurity::spotsec_perform_login, 'incorrect user or pass', false); } # if $result->addError(_('Invalid username or password')); } else { $result->setResult("success"); $this->_currentSession = $tryLogin; } # else } else { # When the user is already logged in, show this as a warning if ($this->_currentSession['user']['userid'] != $this->_settings->get('nonauthenticated_userid')) { $result->addError(_('You are already logged in')); } # if } # else #- display stuff -# $this->template('login', array('loginform' => $credentials, 'result' => $result, 'http_referer' => $this->_loginForm['http_referer'], 'data' => $this->_params['data'])); }
function render() { # Check users' permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_blacklist_spotter, ''); # Make sure the editresult is set to 'not comitted' per default $result = new Dto_FormResult('notsubmitted'); # Create the default blacklist information $blackList = array('spotterid' => '', 'origin' => ''); # set the page title $this->_pageTitle = "report: blacklist spotter"; /* * bring the forms' action into the local scope for * easier access */ if (isset($this->_blForm['action'])) { $formAction = $this->_blForm['action']; } else { $formAction = ''; } # else # Instantiate the user system which does the actually heavy lifting $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); if (!empty($formAction) && !$result->isError()) { $result->setResult('success'); # Make sure we have a complete blacklist information $blackList = array_merge($blackList, $this->_blForm); switch ($formAction) { case 'addspotterid': $result->mergeResult($svcUserRecord->addSpotterToList($this->_currentSession['user'], $blackList['spotterid'], $blackList['origin'], $blackList['idtype'])); break; # case addspotterid # case addspotterid case 'removespotterid': $result->mergeResult($svcUserRecord->removeSpotterFromList($this->_currentSession['user'], $blackList['spotterid'])); break; # case removespotterid } # switch } # if #- display stuff -# $this->template('jsonresult', array('result' => $result)); }
function render() { # Check the users' basic rights $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_retrieve_nzb, ''); /* * If the user has configured download integration, make sure the user has * permission for this specific download integration */ if ($this->_action != 'display') { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_download_integration, $this->_action); } # if /* * Create the different NNTP components */ $svcBinSpotReading = new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($this->_settings, 'bin')); $svcTextSpotReading = new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($this->_settings, 'hdr')); $svcProvNzb = new Services_Providers_Nzb($this->_daoFactory->getCacheDao(), $svcBinSpotReading); $svcProvSpot = new Services_Providers_FullSpot($this->_daoFactory, $svcTextSpotReading); # We do not want NZB files to be cached on the client $this->sendExpireHeaders(true); try { if ($this->_action == 'display') { $this->sendContentTypeHeader("nzb"); } # if $svcActnNzb = new Services_Actions_DownloadNzb($this->_settings, $this->_daoFactory); $svcActnNzb->handleNzbAction($this->_messageid, $this->_currentSession, $this->_action, $svcProvSpot, $svcProvNzb); if ($this->_action != 'display') { $this->sendContentTypeHeader("json"); $result = new Dto_FormResult('success'); $this->template('jsonresult', array('result' => $result)); } # if } catch (Exception $x) { $this->sendContentTypeHeader("json"); $result = new Dto_FormResult('notsubmitted'); $result->addError($x->getMessage()); $this->template('jsonresult', array('result' => $result)); } # catch }
function render() { $result = new Dto_FormResult('notsubmitted'); # Check users' permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_logout, ''); # Instanatiate the spotweb user system $svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings); # make sure the logout isn't cached $this->sendExpireHeaders(true); # send the appropriate content-type header $this->sendContentTypeHeader('json'); # and remove the users' session if the user isn't the anonymous one if ($svcUserAuth->removeSession($this->_currentSession)) { $result->setResult('success'); } else { $result->addError(_('Unable to remove session')); } # else $this->template('jsonresult', array('result' => $result)); }
public function postSpamReport(Services_User_Record $svcUserRecord, array $user, array $report) { $result = new Dto_FormResult(); $spotReportDao = $this->_daoFactory->getSpotReportDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to report spam")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); # Make sure no spam report has already been posted by this user to prevent flooding if ($spotReportDao->isReportPlaced($report['inreplyto'], $user['userid'])) { $result->addError(_('This spot has already been reported')); } # if /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $report['newmessageid'] = substr($report['newmessageid'], 1, -1); # retrieve the spot this is a report of $svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory, $this->_nntp_hdr); $fullSpot = $svcProvFullSpot->fetchFullSpot($report['inreplyto'], $user['userid']); # we won't bother when the hashcash is not properly calculcated if (substr(sha1('<' . $report['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Body cannot be empty or very short $report['body'] = trim($report['body']); if (strlen($report['body']) < 2) { $result->addError(_('Please provide a reason why this Spot should be reported')); } # if # controleer dat de messageid waarop we replyen overeenkomt # met het newMessageid om replay-attacks te voorkomen. $replyToPart = substr($report['inreplyto'], 0, strpos($report['inreplyto'], '@')); if (substr($report['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) { $result->addError(_('Replay attack!?')); } # if /* * Make sure the random message we require in the system has not been * used recently to prevent one calculated hashcash to be reused again * and again */ if (!$spotReportDao->isReportMessageIdUnique($report['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid consists of a certain length if (strlen($report['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if /* * Body is UTF-8 (we instruct the browser to do everything in UTF-*), but * usenet wants its body in UTF-8. * * The database requires UTF8 again, so we keep seperate bodies for * the database and for the system */ $dbReport = $report; $report['body'] = utf8_decode($report['body']); $report['title'] = 'REPORT <' . $report['inreplyto'] . '> ' . $fullSpot['title']; # en post daadwerkelijk de report if ($result->isSuccess()) { $this->_nntp_post->reportSpotAsSpam($user, $this->_settings->get('privatekey'), $this->_settings->get('report_group'), $report); $spotReportDao->addPostedReport($user['userid'], $dbReport); } # if return $result; }
<?php include "includes/form-messages.inc.php"; /* * If this page is rendered without an result variable * available, just create one ourselves. */ if (!isset($result)) { $result = new Dto_FormResult('notsubmitted'); } # if if (isset($lastformaction) && $lastformaction == 'exportfilters') { $this->sendContentTypeHeader('xml'); Header('Content-Disposition: attachment; filename="spotwebfilters.xml"'); echo $result->getData('filters'); return; } # if if (isset($lastformaction) && $lastformaction == 'importfilters') { if ($result->isSuccess()) { $tplHelper->redirect($http_referer); } # if } # if /* * Render the JSON or the form */ if (showResults($result)) { return; }
function validateUserEmailExists($user) { $result = new Dto_FormResult(); if ($user['mail'] == '*****@*****.**' || $user['mail'] == '*****@*****.**') { $result->addError(_('Mailaddress is already in use')); } # if return $result; }
public function postComment(Services_User_Record $svcUserRecord, array $user, array $comment) { $result = new Dto_FormResult(); $commentDao = $this->_daoFactory->getCommentDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to post comments")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $comment['newmessageid'] = substr($comment['newmessageid'], 1, -1); # we won't bother when the hashcash is not properly calculcated if (substr(sha1('<' . $comment['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Body cannot be either empty or very short $comment['body'] = trim($comment['body']); if (strlen($comment['body']) < 2) { $result->addError(_('Please enter a comment')); } # if if (strlen($comment['body']) > 1024 * 10) { $result->addError(_('Comment is too long')); } # if # Rating must be within range if ($comment['rating'] > 10 || $comment['rating'] < 0) { $result->addError(_('Invalid rating')); } # if /* * The "newmessageid" is based upon the messageid we are replying to, * this is to make sure a user cannot reuse an calculated hashcash * for an spam attack on different posts */ $replyToPart = substr($comment['inreplyto'], 0, strpos($comment['inreplyto'], '@')); if (substr($comment['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) { $result->addError(_('Replay attack!?')); } # if /* * Make sure the random message we require in the system has not been * used recently to prevent one calculated hashcash to be reused again * and again */ if (!$commentDao->isCommentMessageIdUnique($comment['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid contains a certain length if (strlen($comment['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if # Retrieve the spot to which we are commenting $svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $this->_nntp_hdr); $fullSpot = $svcProvFullSpot->fetchFullSpot($comment['inreplyto'], $user['userid']); # Add the title as a comment property $comment['title'] = 'Re: ' . $fullSpot['title']; /* * Body is UTF-8 (we instruct the browser to do everything in UTF-8), but * usenet wants its body in iso-8859-1. * * The database requires UTF8 again, so we keep seperate bodies for * the database and for the system */ $dbComment = $comment; $comment['body'] = utf8_decode($comment['body']); # and actually post the comment if ($result->isSuccess()) { try { $this->_nntp_post->postComment($user, $this->_settings->get('privatekey'), $this->_settings->get('comment_group'), $comment); $commentDao->addPostedComment($user['userid'], $dbComment); } catch (Exception $x) { $result->addError($x->getMessage()); } # catch } # if return $result; }
public function postSpot(Services_User_Record $svcUserRecord, array $user, array $spot, $imageFilename, $nzbFilename) { $result = new Dto_FormResult(); $spotDao = $this->_daoFactory->getSpotDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to post spots")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); $hdr_newsgroup = $this->_settings->get('hdr_group'); $bin_newsgroup = $this->_settings->get('nzb_group'); /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $spot['newmessageid'] = substr($spot['newmessageid'], 1, -1); /* $hdr_newsgroup = 'alt.test'; $bin_newsgroup = 'alt.test'; */ # If the hashcash doesn't match, we will never post it if (substr(sha1('<' . $spot['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Verify several properties from the caller $result->addData('spot', $spot); $result = $this->_spotValidator->verifyTitle($result); $result = $this->_spotValidator->verifyBody($result); $result = $this->_spotValidator->verifyCategories($result); $result = $this->_spotValidator->verifyWebsite($result); $result = $this->_spotValidator->verifyTag($result); /* * Retrieve the spot information from the result, * and remove it again. We do not want to send the * whole spot back to the caller */ $spot = $result->getData('spot'); $result->removeData('spot'); # Read the contents of image so we can check it $imageContents = file_get_contents($imageFilename); # the image should be below 1MB if (strlen($imageContents) > 1024 * 1024) { $result->addError(_('Uploaded image is too large (maximum 1MB)')); } # if /* * Get some image information, if it fails, this is an * error as well */ $tmpGdImageSize = getimagesize($imageFilename); if ($tmpGdImageSize === false) { $result->addError(_('Uploaded image was not recognized as an image')); } else { $imageInfo = array('width' => $tmpGdImageSize[0], 'height' => $tmpGdImageSize[1]); } # if /* * Load the NZB file as an XML file so we can make sure * it's a valid XML and NZB file and we can determine the * filesize */ $nzbFileContents = file_get_contents($nzbFilename); $nzbXml = simplexml_load_string($nzbFileContents); # Do some basic sanity checking for some required NZB elements if (empty($nzbXml->file)) { $result->addError(_('Incorrect NZB file')); } # if # and determine the total filesize $spot['filesize'] = 0; foreach ($nzbXml->file as $file) { foreach ($file->segments->segment as $seg) { $spot['filesize'] += (int) $seg['bytes']; } # foreach } # foreach /* * Make sure we didn't use this messageid recently or at all, this * prevents people from not recalculating the hashcash in order to spam * the system */ if (!$spotDao->isNewSpotMessageIdUnique($spot['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid contains a certain length if (strlen($spot['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if # We require the keyid 7 because it is selfsigned $spot['key'] = 7; # Poster's username $spot['poster'] = $user['username']; # actually post the spot if ($result->isSuccess()) { /* * Retrieve the image information and post the image to * the appropriate newsgroup so we have the messageid list of * images */ $imgSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, $imageContents, ''); $imageInfo['segments'] = $imgSegmentList; # Post the NZB file to the appropriate newsgroups $nzbSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, gzdeflate($nzbFileContents), ''); # Convert the current Spotnet info, to an XML structure $spotCreator = new Services_Format_Creation(); $spotXml = $spotCreator->convertSpotToXml($spot, $imageInfo, $nzbSegmentList); $spot['spotxml'] = $spotXml; # And actually post to the newsgroups $this->_nntp_post->postFullSpot($user, $this->_settings->get('privatekey'), $hdr_newsgroup, $spot); $spotDao->addPostedSpot($user['userid'], $spot, $spotXml); } # if return $result; }
function render() { $result = new Dto_FormResult('notsubmitted'); # check the users' permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Instantiate the service userrecord object $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); # and create a nice and shiny page title $this->_pageTitle = "spot: edit user"; # get the users' group membership $spotUser = $svcUserRecord->getUser($this->_userIdToEdit); $groupMembership = $svcUserRecord->getUserGroupMemberShip($this->_userIdToEdit); /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserForm['action']; # Only perform certain validations when the form is actually submitted if (!empty($formAction)) { switch ($formAction) { case 'delete': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, ''); if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $result->addError('Cannot delete your own user'); } else { $result = $svcUserRecord->removeUser($this->_userIdToEdit); } // removeUser break; # case delete # case delete case 'edit': # Mangle the grouplisting we get from the form to an usable format for the system $groupList = array(); if (isset($this->_editUserForm['grouplist'])) { foreach ($this->_editUserForm['grouplist'] as $val) { if ($val != 'dummy') { $groupList[] = array('groupid' => $val, 'prio' => count($groupList)); } # if } # foreach } # if $this->_editUserForm['userid'] = $this->_userIdToEdit; $result = $svcUserRecord->updateUserRecord($this->_editUserForm, $groupList, $this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, '')); break; # case 'edit' # case 'edit' case 'removeallsessions': $svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings); $result = $svcUserAuth->removeAllUserSessions($spotUser['userid']); break; # case 'removeallsessions' # case 'removeallsessions' case 'resetuserapi': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, ''); $result = $svcUserRecord->resetUserApi($spotUser); break; # case resetuserapi } # switch } # if #- display stuff -# $this->template('edituser', array('edituserform' => $spotUser, 'result' => $result, 'groupMembership' => $groupMembership)); }
function validateSettings($settings) { $result = new Dto_FormResult(); # Define arrays with valid settings $validNntpEnc = array(false, 'ssl', 'tls'); $validModerationAction = array('disable', 'act', 'markspot'); $validRetentionTypes = array('fullonly', 'everything'); # Get the given value for NNTP encryption $settings['nntp_nzb']['enc'] = isset($settings['nntp_nzb']['enc']['switch']) ? $settings['nntp_nzb']['enc']['select'] : false; $settings['nntp_hdr']['enc'] = isset($settings['nntp_hdr']['enc']['switch']) ? $settings['nntp_hdr']['enc']['select'] : false; $settings['nntp_post']['enc'] = isset($settings['nntp_post']['enc']['switch']) ? $settings['nntp_post']['enc']['select'] : false; # Trim human-entered text fields $settings['nntp_nzb']['host'] = trim($settings['nntp_nzb']['host']); $settings['nntp_hdr']['host'] = trim($settings['nntp_hdr']['host']); $settings['nntp_post']['host'] = trim($settings['nntp_post']['host']); # Verify settings with the previous declared arrays if (in_array($settings['nntp_nzb']['enc'], $validNntpEnc) === false || in_array($settings['nntp_hdr']['enc'], $validNntpEnc) === false || in_array($settings['nntp_post']['enc'], $validNntpEnc) === false) { $result->addError(_('Invalid encryption setting')); } # if if (in_array($settings['spot_moderation'], $validModerationAction) === false) { $result->addError(_('Invalid spot moderation setting')); } # if if (in_array($settings['retentiontype'], $validRetentionTypes) === false) { $result->addError(_('Invalid spot retentiontype setting')); } # if # Verify settings $settings['cookie_expires'] = (int) $settings['cookie_expires']; if ($settings['cookie_expires'] < 0) { $result->addError(_('Invalid cookie_expires setting')); } # if $settings['retention'] = (int) $settings['retention']; if ($settings['retention'] < 0) { $result->addError(_('Invalid retention setting')); } # if $settings['retrieve_newer_than'] = strtotime($settings['retrieve_newer_than']); if ($settings['retrieve_newer_than'] === false || $settings['retrieve_newer_than'] > time()) { $result->addError(_('Invalid retrieve_newer_than setting')); } elseif ($settings['retrieve_newer_than'] < 1230789600) { /* We don't allow settings earlier than january 1st 2009 */ $settings['retrieve_newer_than'] = 1230789600; } # elseif $settings['retrieve_increment'] = (int) $settings['retrieve_increment']; if ($settings['retrieve_increment'] < 1) { $result->addError(_('Invalid retrieve_increment setting')); } # if # check the mailaddress if (!filter_var($settings['systemfrommail'], FILTER_VALIDATE_EMAIL)) { $result->addError(_('Not a valid email address')); } # if # We don't want to save megabyts of CSS, so put a limit to the size if (strlen($settings['customcss'] > 1024 * 10)) { $result->addError(_('Custom CSS is too large')); } # if # Convert other settings (usually checkboxes) to be simply boolean settings $settings['deny_robots'] = isset($settings['deny_robots']) ? true : false; $settings['sendwelcomemail'] = isset($settings['sendwelcomemail']) ? true : false; $settings['nntp_nzb']['buggy'] = isset($settings['nntp_nzb']['buggy']) ? true : false; $settings['nntp_hdr']['buggy'] = isset($settings['nntp_hdr']['buggy']) ? true : false; $settings['nntp_post']['buggy'] = isset($settings['nntp_post']['buggy']) ? true : false; $settings['retrieve_full'] = isset($settings['retrieve_full']) ? true : false; $settings['prefetch_image'] = isset($settings['prefetch_image']) ? true : false; $settings['prefetch_nzb'] = isset($settings['prefetch_nzb']) ? true : false; $settings['retrieve_comments'] = isset($settings['retrieve_comments']) ? true : false; $settings['retrieve_full_comments'] = isset($settings['retrieve_full_comments']) ? true : false; $settings['retrieve_reports'] = isset($settings['retrieve_reports']) ? true : false; $settings['enable_timing'] = isset($settings['enable_timing']) ? true : false; $settings['enable_stacktrace'] = isset($settings['enable_stacktrace']) ? true : false; $settings['prepare_statistics'] = isset($settings['prepare_statistics']) ? true : false; $settings['external_blacklist'] = isset($settings['external_blacklist']) ? true : false; $settings['external_whitelist'] = isset($settings['external_whitelist']) ? true : false; $settings['imageover_subcats'] = isset($settings['imageover_subcats']) ? true : false; # Default server settings if they won't be used if (!isset($settings['nntp_hdr']['use'])) { $settings['nntp_hdr'] = array('host' => '', 'user' => '', 'pass' => '', 'enc' => false, 'port' => 119, 'buggy' => false); } # if if (!isset($settings['nntp_post']['use'])) { $settings['nntp_post'] = array('host' => '', 'user' => '', 'pass' => '', 'enc' => false, 'port' => 119, 'buggy' => false); } # if /* * Remove dummy preferences */ unset($settings['nntp_hdr']['use'], $settings['nntp_post']['use']); /* * We want to pass the updated settings back to the caller because * we fixed several stuff. */ $result->addData('settings', $settings); return $result; }
function render() { # Make sure the result is set to 'not submitted' per default $result = new Dto_FormResult('notsubmitted'); # Validate proper permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Instantiate the user system as necessary for the management of user preferences $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); # set the page title $this->_pageTitle = "spot: edit user preferences"; # retrieve the to-edit user $spotUser = $svcUserRecord->getUser($this->_userIdToEdit); if ($spotUser === false) { $result->addError(sprintf(_('User %d can not be found'), $this->_userIdToEdit)); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserPrefsForm['action']; /* * Check to see if a file was uploaded, if so, handle any associated errors */ $avatarFileName = ''; if ($formAction == 'edit') { $uploadHandler = new Services_Providers_FileUpload('edituserprefsform', 'avatar'); if ($uploadHandler->isUploaded()) { if (!$uploadHandler->success()) { $result->addError(_('Unable to update avatar') . '(' . $uploadHandler->errorText() . ')'); } else { $avatarFileName = $uploadHandler->getTempName(); } # else } # if } # if # Are we trying to submit this form, or only rendering it? if (!empty($formAction) && !$result->isError()) { switch ($formAction) { case 'edit': $svcActn_EditUserPrefs = new Services_Actions_EditUserPrefs($this->_daoFactory, $this->_settings, $this->_spotSec); $result = $svcActn_EditUserPrefs->editUserPref($this->_editUserPrefsForm, $this->_tplHelper->getTemplatePreferences(), $spotUser, $avatarFileName); break; # case 'edit' # case 'edit' case 'cancel': $result->setResult('success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'result' => $result)); }
public function xmlToFilters($xmlStr) { $filterList = array(); /* * Parse the XML file */ $xml = @new SimpleXMLElement($xmlStr); # We can only parse version 1.0 of the filters if ((string) $xml->version != '1.0') { return $filterList; } # if # and try to process all of the filters foreach ($xml->xpath('/spotwebfilter/filters/filter') as $filterItem) { $filter['id'] = (string) $filterItem->id; $filter['title'] = (string) $filterItem->title; $filter['icon'] = (string) $filterItem->icon; $filter['tparent'] = (string) $filterItem->parent; $filter['torder'] = (string) $filterItem->order; $filter['filtertype'] = 'filter'; $filter['sorton'] = ''; $filter['sortorder'] = ''; $filter['tree'] = ''; $filter['enablenotify'] = (string) $filterItem->enablenotify; $filter['children'] = array(); /* * start with the tree items */ $treeStr = ""; foreach ($filterItem->xpath('tree/item') as $treeItem) { $treeType = (string) $treeItem->attributes()->type; if ($treeType == 'exclude') { $treeStr .= ',!' . $treeItem[0]; } elseif ($treeType == 'strongnot') { $treeStr .= ',~' . $treeItem[0]; } elseif ($treeType == 'include') { $treeStr .= ',' . $treeItem[0]; } # if } # foreach if (strlen($treeStr) > 1) { $treeStr = substr($treeStr, 1); } # if $filter['tree'] = $treeStr; /* * now parse the values (textsearches etc) */ $filterValues = array(); foreach ($filterItem->xpath('values/item') as $valueItem) { $filterValues[] = urlencode((string) $valueItem->fieldname . ':' . (string) $valueItem->operator . ':' . (string) $valueItem->booloper . ':' . (string) $valueItem->value); } # foreach $filter['valuelist'] = $filterValues; /* * Sorting elements are optional */ if ($filterItem->sort) { $filter['sorton'] = (string) $filterItem->sort->item->fieldname; $filter['sortorder'] = (string) $filterItem->sort->item->direction; } # if $filterList[$filter['id']] = $filter; } # foreach /* * Now create a tree out of it. We cannot do this the same way * as in SpotDb because we cannot create references to the XPATH * function */ foreach ($filterList as $idx => &$filter) { if ($filter['tparent'] != 0 && isset($filterList[$filter['tparent']])) { $filterList[$filter['tparent']]['children'][] =& $filter; } # if } # foreach /* * we have to run it in two passes because unsetting it * will result in an incorrect result on an nested-nested * list */ foreach ($filterList as $idx => &$filter) { if ($filter['tparent'] != 0 && isset($filterList[$filter['tparent']])) { unset($filterList[$filter['id']]); } # if } # foreach /* * Create a new result object */ $result = new Dto_FormResult('success'); $result->addData('filters', $filterList); return $result; }
/** * Make sure the correct categories are chosen * * @param Dto_FormResult $result * @return Dto_FormResult */ public function verifyCategories(Dto_FormResult $result) { $spot = $result->getData('spot'); /* Make sure the category is valid * We use array_key_exists() to allow for gaps in the category numbering. This is an intentional * deviation from similar code used in Services_Posting_Spot.php */ if (!array_key_exists($spot['category'], SpotCategories::$_head_categories)) { $result->addError(sprintf(_('Incorrect headcategory (%s)'), $spot['category'])); } # if # Make sure the subcategories are in the proper format if (is_array($spot['subcata']) || is_array($spot['subcatz']) || !is_array($spot['subcatb']) || !is_array($spot['subcatc']) || !is_array($spot['subcatd'])) { $result->addError(_('Invalid subcategories given')); } # if # create a list of the chosen subcategories $spot['subcatlist'] = array_merge(array($spot['subcata']), $spot['subcatb'], $spot['subcatc'], $spot['subcatd']); /* * Loop through all subcategories and check if they are valid in * our list of subcategories */ $subCatSplitted = array('a' => array(), 'b' => array(), 'c' => array(), 'd' => array(), 'z' => array()); foreach ($spot['subcatlist'] as $subCat) { $subcats = explode('_', $subCat); # If not in our format if (count($subcats) != 3) { $result->addError(sprintf(_('Incorrect subcategories (%s)'), $subCat)); } else { $subCatLetter = substr($subcats[2], 0, 1); $subCatSplitted[$subCatLetter][] = $subCat; if (!isset(SpotCategories::$_categories[$spot['category']][$subCatLetter][substr($subcats[2], 1)])) { $result->addError(sprintf(_('Incorrect subcategories (%s)'), $subCat . ' !! ' . $subCatLetter . ' !! ' . substr($subcats[2], 1))); } # if } # else } # foreach /* * Make sure all subcategories are in the format we expect, for * example we strip the 'cat' part and strip the z-subcat */ $subcatCount = count($spot['subcatlist']); for ($i = 0; $i < $subcatCount; $i++) { $subcats = explode('_', $spot['subcatlist'][$i]); # If not in our format if (count($subcats) != 3) { $result->addError(sprintf(_('Incorrect subcategories (%s)'), $spot['subcatlist'][$i])); } else { $spot['subcatlist'][$i] = substr($subcats[2], 0, 1) . str_pad(substr($subcats[2], 1), 2, '0', STR_PAD_LEFT); # Explicitly add the 'z'-category - we derive it from the full categorynames we already have $zcatStr = substr($subcats[1], 0, 1) . str_pad(substr($subcats[1], 1), 2, '0', STR_PAD_LEFT); if (is_numeric(substr($subcats[1], 1)) && array_search($zcatStr, $spot['subcatlist']) === false) { $spot['subcatlist'][] = $zcatStr; } # if } # else } # for # Make sure the spot isn't being posted in many categories if (count($subCatSplitted['a']) > 1) { $result->addError(_('You can only specify one format for a spot')); } # if # Make sure the spot has at least a format if (count($subCatSplitted['a']) < 1) { $result->addError(_('You need to specify a format for a spot')); } # if # Make sure the spot isn't being posted for too many categories if (count($spot['subcatlist']) > 10) { $result->addError(_('Too many categories')); } # if # Make sure the spot isn't being posted for too many categories # The "A"-subcategory, and the "Z" subcategory are always selected by # the form, so we need to check for 3 if (count($spot['subcatlist']) < 3) { $result->addError(_('At least one category need to be selected')); } # if $result->addData('spot', $spot); return $result; }
function render() { # Make sure the result is set to 'not comited' per default $result = new Dto_FormResult('notsubmitted'); # Validate proper permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, ''); # Sportparser is nodig voor het escapen van de random string $spotParseUtil = new Services_Format_Util(); # we need the spotuser system $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); /* * Create a default form so we can be sure to always be able * to render the form without notices or whatever */ $spot = array('title' => '', 'body' => '', 'category' => 0, 'subcata' => '', 'subcatb' => array(), 'subcatc' => array(), 'subcatd' => array(), 'subcatz' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => ''); /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_spotForm['action']; # set the page title $this->_pageTitle = "spot: post"; # Make sure all variables are merged with the default form $spot = array_merge($spot, $this->_spotForm); # If user tried to submit, validate the file uploads $nzbFilename = ''; $imgFilename = ''; if ($formAction == 'post') { $result->setResult('success'); # Make sure an NZB file was provided $uploadHandler = new Services_Providers_FileUpload('newspotform', 'nzbfile'); if (!$uploadHandler->isUploaded()) { $result->addError(_('Please select NZB file')); } elseif (!$uploadHandler->success()) { $result->addError(_('Invalid NZB file') . ' (' . $uploadHandler->errorText() . ')'); } else { $nzbFilename = $uploadHandler->getTempName(); } # if # Make sure an picture was provided $uploadHandler = new Services_Providers_FileUpload('newspotform', 'imagefile'); if (!$uploadHandler->isUploaded()) { $result->addError(_('Please select a picture')); } elseif (!$uploadHandler->success()) { $result->addError(_('Invalid picture') . ' (' . $uploadHandler->errorText() . ')'); } else { $imgFilename = $uploadHandler->getTempName(); } # if } # if if ($formAction == 'post' && $result->isSuccess()) { # Initialize notificatiesystem $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $this->_currentSession); # Make sure we can post this spot, if so, make it happen $svcPostSpot = new Services_Posting_Spot($this->_daoFactory, $this->_settings); $result = $svcPostSpot->postSpot($svcUserRecord, $this->_currentSession['user'], $spot, $imgFilename, $nzbFilename); if ($result->isSuccess()) { $result->addData('user', $this->_currentSession['user']['username']); $result->addData('spotterid', $spotParseUtil->calculateSpotterId($this->_currentSession['user']['publickey']['modulo'])); # en send a notification $spotsNotifications->sendSpotPosted($spot); } # if } # if #- display stuff -# $this->template('newspot', array('postspotform' => $spot, 'result' => $result)); }
function removeSpotterFromList($currentUser, $spotterId) { $result = new Dto_FormResult(); if (!$this->allowedToPost($currentUser)) { $result->addError(_('User is not allowed to maintain spotstatelist')); } else { $this->_daoFactory->getBlackWhiteListDao()->removeSpotterFromList($spotterId, $currentUser['userid']); } # else return $result; }