function render() { $result = new Dto_FormResult('notsubmitted'); # Check the users' permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_report_spam, ''); # Create the default report a spot structure $report = array('body' => 'This message has been reported as spam', 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => ''); # set the page title $this->_pageTitle = "report: report spot"; /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_reportForm['action']; if ($formAction == 'post') { # Initialize the notification system $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $this->_currentSession); # Make sure we always have a fully valid form $report = array_merge($report, $this->_reportForm); # can we report this spot as spam? $svcPostReport = new Services_Posting_Report($this->_daoFactory, $this->_settings); $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); $result = $svcPostReport->postSpamReport($svcUserRecord, $this->_currentSession['user'], $report); if ($result->isSuccess()) { # send a notification $spotsNotifications->sendReportPosted($report['inreplyto']); } # if } # if #- display stuff -# $this->template('jsonresult', array('postreportform' => $report, 'result' => $result)); }
function render() { SpotTiming::start(__FUNCTION__); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_spots_index, ''); # als een zoekopdracht is meegegevne, moeten er ook rechten zijn om te mogen zoeken if (!empty($this->_params['search'])) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_search, ''); } # if $spotsOverview = new SpotsOverview($this->_db, $this->_settings); # Zet the query parameters om naar een lijst met filters, velden, # en sorteringen etc $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); $parsedSearch = $spotsOverview->filterToQuery($this->_params['search'], array('field' => $this->_params['sortby'], 'direction' => $this->_params['sortdir']), $this->_currentSession, $spotUserSystem->getIndexFilter($this->_currentSession['user']['userid'])); # Haal de offset uit de URL en zet deze als startid voor de volgende zoektocht # Als de offset niet in de url staat, zet de waarde als 0, het is de eerste keer # dat de index pagina wordt aangeroepen $pageNr = $this->_params['pagenr']; $nextPage = $pageNr + 1; if ($nextPage == 1) { $prevPage = -1; } else { $prevPage = max($pageNr - 1, 0); } # else # afhankelijk van wat er gekozen is, voer het uit if (isset($parsedSearch['filterValueList'][0]['fieldname']) && $parsedSearch['filterValueList'][0]['fieldname'] == "Watch") { # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_watchlist, ''); switch ($this->_action) { case 'remove': $this->_db->removeFromSpotStateList(SpotDb::spotstate_Watch, $this->_params['messageid'], $this->_currentSession['user']['userid']); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $spotsNotifications->sendWatchlistHandled($this->_action, $this->_params['messageid']); break; case 'add': $this->_db->addToSpotStateList(SpotDb::spotstate_Watch, $this->_params['messageid'], $this->_currentSession['user']['userid'], ''); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $spotsNotifications->sendWatchlistHandled($this->_action, $this->_params['messageid']); break; default: } # switch } # if # laad de spots $spotsTmp = $spotsOverview->loadSpots($this->_currentSession['user']['userid'], $pageNr, $this->_currentSession['user']['prefs']['perpage'], $parsedSearch); # als er geen volgende pagina is, ook niet tonen if (!$spotsTmp['hasmore']) { $nextPage = -1; } # if # zet de page title $this->_pageTitle = "overzicht"; #- display stuff -# $this->template('spots', array('spots' => $spotsTmp['list'], 'quicklinks' => $this->_settings->get('quicklinks'), 'filters' => $this->_db->getFilterList($this->_currentSession['user']['userid'], 'filter'), 'nextPage' => $nextPage, 'prevPage' => $prevPage, 'parsedsearch' => $parsedSearch, 'data' => $this->_params['data'])); SpotTiming::stop(__FUNCTION__); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_report_spam, ''); # Sportparser is nodig voor het escapen van de random string $spotParser = new SpotParser(); # spot signing is nodig voor het RSA signen van de spot en dergelijke $spotSigning = Services_Signing_Base::newServiceSigning(); # creeer een default report $report = array('body' => 'This is SPAM!', 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => ''); # reportpost verzoek was standaard niet geprobeerd $postResult = array(); # zet de page title $this->_pageTitle = "report: report spot"; /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_reportForm['action']; # Make sure the anonymous user and reserved usernames cannot post content $spotUser = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUser->allowedToPost($this->_currentSession['user'])) { $postResult = array('result' => 'notloggedin'); $formAction = ''; } # if if ($formAction == 'post') { # Notificatiesysteem initialiseren $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); # zorg er voor dat alle variables ingevuld zijn $report = array_merge($report, $this->_reportForm); # vraag de users' privatekey op $this->_currentSession['user']['privatekey'] = $this->_db->getUserPrivateRsaKey($this->_currentSession['user']['userid']); # het messageid krijgen we met <>'s, maar we werken # in spotweb altijd zonder, dus die strippen we $report['newmessageid'] = substr($report['newmessageid'], 1, -1); # valideer of we dit report kunnen posten, en zo ja, doe dat dan $spotPosting = new SpotPosting($this->_db, $this->_settings); $formMessages['errors'] = $spotPosting->reportSpotAsSpam($this->_currentSession['user'], $report); if (empty($formMessages['errors'])) { $postResult = array('result' => 'success'); # en verstuur een notificatie $spotsNotifications->sendReportPosted($report['inreplyto']); } else { $postResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('spamreport', array('postreportform' => $report, 'formmessages' => $formMessages, 'postresult' => $postResult)); }
function handleNzbAction($messageIds, array $currentSession, $action, Services_Providers_FullSpot $svcProvSpot, Services_Providers_Nzb $svcProvNzb) { if (!is_array($messageIds)) { $messageIds = array($messageIds); } # if # Make sure the user has the appropriate permissions $currentSession['security']->fatalPermCheck(SpotSecurity::spotsec_retrieve_nzb, ''); if ($action != 'display') { $currentSession['security']->fatalPermCheck(SpotSecurity::spotsec_download_integration, $action); } # if /* * Get all the full spots for all of the specified NZB files */ $nzbList = array(); $fullSpot = array(); foreach ($messageIds as $thisMsgId) { $fullSpot = $svcProvSpot->fetchFullSpot($thisMsgId, $currentSession['user']['userid']); if (!empty($fullSpot['nzb'])) { $nzbList[] = array('spot' => $fullSpot, 'nzb' => $svcProvNzb->fetchNzb($fullSpot)); } # if } # foreach /* * send nzblist to NzbHandler plugin */ $nzbHandlerFactory = new Services_NzbHandler_Factory(); $nzbHandler = $nzbHandlerFactory->build($this->_settings, $action, $currentSession['user']['prefs']['nzbhandling']); $nzbHandler->processNzb($fullSpot, $nzbList); /* * and mark the spot as downloaded */ if ($currentSession['user']['prefs']['keep_downloadlist']) { if ($currentSession['security']->allowed(SpotSecurity::spotsec_keep_own_downloadlist, '')) { $spotStateListDao = $this->_daoFactory->getSpotStateListDao(); foreach ($messageIds as $thisMsgId) { $spotStateListDao->addToDownloadList($thisMsgId, $currentSession['user']['userid']); } # foreach } # if } # if # and send notifications $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $currentSession); $spotsNotifications->sendNzbHandled($action, $fullSpot); }
function handleNzbAction($messageids, $userSession, $action, $hdr_spotnntp, $nzb_spotnntp) { if (!is_array($messageids)) { $messageids = array($messageids); } # if # Controleer de security $userSession['security']->fatalPermCheck(SpotSecurity::spotsec_retrieve_nzb, ''); if ($action != 'display') { $userSession['security']->fatalPermCheck(SpotSecurity::spotsec_download_integration, $action); } # if # Haal de volledige spot op en gebruik de informatie daarin om de NZB file op te halen $spotsOverview = new SpotsOverview($this->_db, $this->_settings); $nzbList = array(); foreach($messageids as $thisMsgId) { $fullSpot = $spotsOverview->getFullSpot($thisMsgId, $userSession['user']['userid'], $hdr_spotnntp); if (!empty($fullSpot['nzb'])) { $nzbList[] = array('spot' => $fullSpot, 'nzb' => $spotsOverview->getNzb($fullSpot['nzb'], $nzb_spotnntp)); } # if } # foreach # send nzblist to NzbHandler plugin $nzbHandlerFactory = new NzbHandler_Factory(); $nzbHandler = $nzbHandlerFactory->build($this->_settings, $action, $userSession['user']['prefs']['nzbhandling']); $nzbHandler->processNzb($fullSpot, $nzbList); # en voeg hem toe aan de lijst met downloads if ($userSession['user']['prefs']['keep_downloadlist']) { if ($userSession['security']->allowed(SpotSecurity::spotsec_keep_own_downloadlist, '')) { foreach($messageids as $thisMsgId) { $this->_db->addToSpotStateList(SpotDb::spotstate_Down, $thisMsgId, $userSession['user']['userid']); } # foreach } # if } # if # en verstuur een notificatie $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $userSession); $spotsNotifications->sendNzbHandled($action, $fullSpot); } # handleNzbAction
public function createNewUser(array $spotUser, array $spotSession) { $result = $this->_svcUserRecord->createUserRecord($spotUser); if ($result->isSuccess()) { $spotUser = $result->getData('userrecord'); /** * We do not want the complete user record to be passed as JSON, so * we remove it again */ $result->removeData('userrecord'); # Initialize notification system $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $spotSession); # Send a mail to the new user if the user asked for this $sendMail = isset($spotUser['sendmail']); if ($sendMail || $this->_settings->get('sendwelcomemail')) { $spotsNotifications->sendNewUserMail($spotUser); } # if # send a notification that a new user was added to the system $spotsNotifications->sendUserAdded($result->getData('username'), $result->getData('password')); } # if return $result; }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_create_new_user, ''); # creeer een default spotuser zodat het form altijd # de waardes van het form kan renderen $spotUser = array('username' => '', 'firstname' => '', 'lastname' => '', 'mail' => ''); # createuser resultaat is standaard niet geprobeerd $createResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: create user"; # Is dit een submit van een form, of nog maar de aanroep? if (isset($this->_createUserForm['submit'])) { # submit unsetten we altijd unset($this->_createUserForm['submit']); # userid zetten we altijd op false voor het maken van een # nieuwe user, omdat validateUserRecord() anders denkt # dat we een bestaande user aan het bewerken zijn en we bv. # het mailaddress niet controleren op dubbelen behalve 'zichzelf' $this->_createUserForm['userid'] = false; # creeer een random password voor deze user $spotUser['newpassword1'] = substr($spotUserSystem->generateUniqueId(), 1, 9); $spotUser['newpassword2'] = $spotUser['newpassword1']; # valideer de user $spotUser = array_merge($spotUser, $this->_createUserForm); $formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, false); # Is er geen andere user met dezelfde username? if ($this->_db->usernameExists($spotUser['username'])) { $formMessages['errors'][] = array('validateuser_usernameexists', array($spotUser['username'])); } # if if (empty($formMessages['errors'])) { # Creer een private en public key paar voor deze user $spotSigning = new SpotSigning(); $userKey = $spotSigning->createPrivateKey($this->_settings->get('openssl_cnf_path')); $spotUser['publickey'] = $userKey['public']; $spotUser['privatekey'] = $userKey['private']; # Notificatiesysteem initialiseren $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); # voeg de user toe $spotUserSystem->addUser($spotUser); # als het toevoegen van de user gelukt is, laat het weten $createResult = array('result' => 'success', 'user' => $spotUser['username'], 'password' => $spotUser['newpassword1']); # verstuur een e-mail naar de nieuwe gebruiker als daar om is gevraagd if ($this->_createUserForm['sendmail'] == "true" || $this->_createUserForm['sendmail'] == "on" || $this->_settings->get('sendwelcomemail')) { $spotsNotifications->sendNewUserMail($spotUser); } # if # en verstuur een notificatie $spotsNotifications->sendUserAdded($spotUser['username'], $spotUser['newpassword1']); } else { $createResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('createuser', array('createuserform' => $spotUser, 'formmessages' => $formMessages, 'createresult' => $createResult)); }
function getNzb() { if ($this->_params['del'] == "1" && $this->_spotSec->allowed(SpotSecurity::spotsec_keep_own_watchlist, '')) { $spot = $this->_db->getFullSpot($this->_params['messageid'], $this->_currentSession['user']['userid']); if ($spot['watchstamp'] !== NULL) { $this->_db->removeFromWatchList($this->_params['messageid'], $this->_currentSession['user']['userid']); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $spotsNotifications->sendWatchlistHandled('remove', $this->_params['messageid']); } # if } # if header('Location: ' . $this->_tplHelper->makeBaseUrl("full") . '?page=getnzb&action=display&messageid=' . $this->_params['messageid'] . html_entity_decode($this->_tplHelper->makeApiRequestString())); }
set_time_limit(60); foreach ($settings->get('system_languages') as $language => $name) { foreach ($spotImage->getValidStatisticsGraphs() as $graphValue => $graphName) { $spotsOverview->getStatisticsImage($graphValue, $limitValue, $settings_nntp_hdr, $language); } # foreach graph } # foreach language echo "Finished creating statistics " . $limitName . PHP_EOL; } # foreach limit echo PHP_EOL; } # if # Verstuur notificaties $spotsNotifications = new SpotNotifications($db, $settings, $userSession); if (!empty($notifyNewArray)) { foreach ($notifyNewArray as $userId => $newSpotInfo) { foreach ($newSpotInfo as $filterInfo) { if ($filterInfo['newcount'] > 0 && $filterInfo['enablenotify']) { $spotsNotifications->sendNewSpotsForFilter($userId, $filterInfo['title'], $filterInfo['newcount']); } # if } # foreach } # foreach } # if $spotsNotifications->sendRetrieverFinished($newSpotCount, $newCommentCount, $newReportCount); if ($req->getDef('output', '') == 'xml') {
echo "Fatal error occured while cleaning up lists:" . PHP_EOL; echo " " . $x->getMessage() . PHP_EOL; echo PHP_EOL . PHP_EOL; echo $x->getTraceAsString(); echo PHP_EOL . PHP_EOL; die; } # catch ## Retention cleanup try { if ($settings->get('retention') > 0) { $db->deleteSpotsRetention($settings->get('retention')); } # if } catch (Exception $x) { echo PHP_EOL . PHP_EOL; echo "Fatal error occured while cleaning up messages due to retention:" . PHP_EOL; echo " " . $x->getMessage() . PHP_EOL; echo PHP_EOL . PHP_EOL; echo $x->getTraceAsString(); echo PHP_EOL . PHP_EOL; die; } # catch # Verstuur notificaties $spotsNotifications = new SpotNotifications($db, $settings, $userSession); $spotsNotifications->sendRetrieverFinished($newSpotCount, $newCommentCount, $newReportCount); if ($req->getDef('output', '') == 'xml') { echo "</xml>"; } # if
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Validate proper permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Make sure the editresult is set to 'not comitted' per default $editResult = array(); # Instantiat the user system as necessary for the management of user preferences $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user preferences"; # retrieve the to-edit user $spotUser = $this->_db->getUser($this->_userIdToEdit); if ($spotUser === false) { $formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit); $editResult = array('result' => 'failure'); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserPrefsForm['action']; /* * We want the annymous' users account so we can use this users' preferences as a * template. This makes sure all properties are atleast set. */ $anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID); # Are we trying to submit this form, or only rendering it? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'edit': /* * We have a few dummy preferenes -- these are submitted like a checkbox for example * but in reality do something completely different. * * Because we use cleanseUserPreferences() those dummies will not end up in the database */ if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) { $spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'enablenotify' => false, 'icon' => 'spotweb.png', 'tree' => '~cat0_z3')); } else { $spotUserSystem->removeIndexFilter($spotUser['userid']); } # if # Save the current' user preferences because we need them before cleansing $savePrefs = $spotUser['prefs']; $spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs'], $this->_tplHelper->getTemplatePreferences()); # Validate all preferences list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $savePrefs); # Make sure user has permission to select this template if ($spotUser['prefs']['normal_template'] != $savePrefs['normal_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['normal_template']); } # if if ($spotUser['prefs']['mobile_template'] != $savePrefs['mobile_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['mobile_template']); } # if if ($spotUser['prefs']['tablet_template'] != $savePrefs['tablet_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['tablet_template']); } # if if (empty($formMessages['errors'])) { # Make sure an NZB file was provided if (isset($_FILES['edituserprefsform'])) { $uploadError = $_FILES['edituserprefsform']['error']['avatar']; /** * Give a proper error if the file is too large, because changeAvatar() wont see * these errors so they cannot provide the error */ if ($uploadError == UPLOAD_ERR_FORM_SIZE || $uploadError == UPLOAD_ERR_INI_SIZE) { $formMessages['errors'][] = _("Uploaded file is too large"); } # if if ($uploadError == UPLOAD_ERR_OK) { $formMessages['errors'] = $spotUserSystem->changeAvatar($spotUser['userid'], file_get_contents($_FILES['edituserprefsform']['tmp_name']['avatar'])); } # if } # if } # if if (empty($formMessages['errors'])) { # and actually update the user in the database $spotUserSystem->setUser($spotUser); # if we didnt get an exception, it automatically succeeded $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else /* * We have the register Spotweb with the notification providers (growl, prowl, etc) atleast once. * The safes option is to just do this wih each preferences submit. But first we create a fake * session for this user. */ $fakeSession = $spotUserSystem->createNewSession($spotUser['userid']); $fakeSession['security'] = new SpotSecurity($this->_db, $this->_settings, $fakeSession['user'], ''); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $fakeSession); $spotsNotifications->register(); break; # case 'edit' # case 'edit' case 'cancel': $editResult = array('result' => 'success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult)); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, ''); # Sportparser is nodig voor het escapen van de random string $spotParser = new SpotParser(); # spot signing is nodig voor het RSA signen van de spot en dergelijke $spotSigning = new SpotSigning(); # creeer een default spot zodat het form altijd # de waardes van het form kan renderen $spot = array('title' => '', 'body' => '', 'category' => 0, 'subcatz' => '', 'subcatlist' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => ''); # postspot verzoek was standaard niet geprobeerd $postResult = array(); # zet de page title $this->_pageTitle = "spot: post"; # Als de user niet ingelogged is, dan heeft dit geen zin if ($this->_currentSession['user']['userid'] == SPOTWEB_ANONYMOUS_USERID) { $postResult = array('result' => 'notloggedin'); unset($this->_spotForm['submit']); } # if # Zorg er voor dat reserved usernames geen spots kunnen posten $spotUser = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUser->validUsername($this->_currentSession['user']['username'])) { $postResult = array('result' => 'notloggedin'); unset($this->_spotForm['submit']); } # if # If user tried to submit, validate the file uploads if (isset($this->_spotForm['submit'])) { # Make sure an NZB file was provided if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['nzbfile'] != UPLOAD_ERR_OK) { $formMessages['errors'][] = array('postspot_invalidnzb', '(none given)'); $postResult = array('result' => 'failure'); // $xml = file_get_contents($_FILES['filterimport']['tmp_name']); unset($this->_spotForm['submit']); } # if # Make sure an imgae file was provided if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['imagefile'] != UPLOAD_ERR_OK) { $formMessages['errors'][] = array('postspot_imageinvalid', '(none given)'); $postResult = array('result' => 'failure'); // $xml = file_get_contents($_FILES['filterimport']['tmp_name']); unset($this->_spotForm['submit']); } # if } # if if (isset($this->_spotForm['submit'])) { # Notificatiesysteem initialiseren $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); # submit unsetten we altijd unset($this->_spotForm['submit']); # De subcatz wordt per hoofdcategory doorgegeven, merge die naar 1 # subcatz $spot['subcatz'] = isset($this->_spotForm['subcatz' . $this->_spotForm['category']]) ? $this->_spotForm['subcatz' . $this->_spotForm['category']] : ''; # zorg er voor dat alle variables ingevuld zijn $spot = array_merge($spot, $this->_spotForm); # vraag de users' privatekey op $this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']); # het messageid krijgen we met <>'s, maar we werken # in spotweb altijd zonder, dus die strippen we $spot['newmessageid'] = substr($spot['newmessageid'], 1, -1); # valideer of we deze spot kunnen posten, en zo ja, doe dat dan $spotPosting = new SpotPosting($this->_db, $this->_settings); $formMessages['errors'] = $spotPosting->postSpot($this->_currentSession['user'], $spot, $_FILES['newspotform']['tmp_name']['imagefile'], $_FILES['newspotform']['tmp_name']['nzbfile']); if (empty($formMessages['errors'])) { $postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'userid' => $spotSigning->calculateUserid($this->_currentSession['user']['publickey']), 'body' => $spot['body']); # en verstuur een notificatie $spotsNotifications->sendSpotPosted($spot); } else { $postResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('newspot', array('postspotform' => $spot, 'formmessages' => $formMessages, 'postresult' => $postResult)); }
function editUserPref(array $editUserPrefsForm, array $userPrefTemplate, array $spotUser, $avatarFileName) { /* * We want the anonymous' users account so we can use this users' preferences as a * template. This makes sure all properties are at least set. */ $anonUser = $this->_svcUserRecord->getUser(SPOTWEB_ANONYMOUS_USERID); /* * We have a few dummy preferenes -- these are submitted like a checkbox for example * but in reality do something completely different. * * Because we use cleanseUserPreferences() those dummies will not end up in the database */ if (isset($editUserPrefsForm['_dummy_prevent_porn'])) { $this->_svcUserFilter->setEroticIndexFilter($spotUser['userid']); } else { $this->_svcUserFilter->removeIndexFilter($spotUser['userid']); } # if # Save the current' user preferences because we need them before cleansing $savePrefs = $spotUser['prefs']; $spotUser['prefs'] = $this->_svcUserRecord->cleanseUserPreferences($editUserPrefsForm, $anonUser['prefs'], $userPrefTemplate); # Validate all preferences $result = $this->_svcUserRecord->validateUserPreferences($spotUser['prefs'], $savePrefs); $spotUser['prefs'] = $result->getData('prefs'); # Make sure user has permission to select this template if ($spotUser['prefs']['normal_template'] != $savePrefs['normal_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['normal_template']); } # if if ($spotUser['prefs']['mobile_template'] != $savePrefs['mobile_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['mobile_template']); } # if if ($spotUser['prefs']['tablet_template'] != $savePrefs['tablet_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['tablet_template']); } # if if ($result->isSuccess()) { # Test to see if a new avatar was provided if (!empty($avatarFileName)) { $avatarResult = $this->_svcUserRecord->changeAvatar($spotUser['userid'], file_get_contents($avatarFileName)); /* * Merge the result of the avatar update to our * total result */ $result->mergeResult($avatarResult); } # if } # if if ($result->isSuccess()) { # and actually update the user in the database $this->_svcUserRecord->setUser($spotUser); } # if /* * We have the register Spotweb with the notification providers (growl, prowl, etc) atleast once. * The safes option is to just do this wih each preferences submit. But first we create a fake * session for this user. */ $fakeSession = $this->_svcUserAuth->createNewSession($spotUser['userid']); $fakeSession['security'] = new SpotSecurity($this->_daoFactory->getUserDao(), $this->_daoFactory->getAuditDao(), $this->_settings, $fakeSession['user'], ''); $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $fakeSession); $spotsNotifications->register(); return $result; }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Validate proper permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, ''); # Sportparser is nodig voor het escapen van de random string $spotParser = new SpotParser(); # spot signing is nodig voor het RSA signen van de spot en dergelijke $spotSigning = Services_Signing_Base::newServiceSigning(); # creeer een default spot zodat het form altijd # de waardes van het form kan renderen $spot = array('title' => '', 'body' => '', 'category' => 0, 'subcata' => '', 'subcatb' => array(), 'subcatc' => array(), 'subcatd' => array(), 'subcatz' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => ''); # postspot verzoek was standaard niet geprobeerd $postResult = array(); /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_spotForm['action']; # zet de page title $this->_pageTitle = "spot: post"; # Make sure the anonymous user and reserved usernames cannot post content $spotUser = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUser->allowedToPost($this->_currentSession['user'])) { $postResult = array('result' => 'notloggedin'); $formAction = ''; } # if # zorg er voor dat alle variables ingevuld zijn $spot = array_merge($spot, $this->_spotForm); # If user tried to submit, validate the file uploads if ($formAction == 'post') { # Make sure an NZB file was provided if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['nzbfile'] != UPLOAD_ERR_OK) { $formMessages['errors'][] = _('Please select NZB file'); $postResult = array('result' => 'failure'); $formAction = ''; } # if # Make sure an imgae file was provided if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['imagefile'] != UPLOAD_ERR_OK) { $formMessages['errors'][] = _('Please select a picture'); $postResult = array('result' => 'failure'); $formAction = ''; } # if # Make sure the subcategorie are in the proper format if (is_array($spot['subcata']) || is_array($spot['subcatz']) || !is_array($spot['subcatb']) || !is_array($spot['subcatc']) || !is_array($spot['subcatd'])) { $formMessages['errors'][] = _('Invalid subcategories given '); $postResult = array('result' => 'failure'); $formAction = ''; } # if } # if if ($formAction == 'post') { # Notificatiesysteem initialiseren $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); # en creer een grote lijst met spots $spot['subcatlist'] = array_merge(array($spot['subcata']), $spot['subcatb'], $spot['subcatc'], $spot['subcatd']); # vraag de users' privatekey op $this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']); # het messageid krijgen we met <>'s, maar we werken # in spotweb altijd zonder, dus die strippen we $spot['newmessageid'] = substr($spot['newmessageid'], 1, -1); # valideer of we deze spot kunnen posten, en zo ja, doe dat dan $spotPosting = new SpotPosting($this->_db, $this->_settings); $formMessages['errors'] = $spotPosting->postSpot($this->_currentSession['user'], $spot, $_FILES['newspotform']['tmp_name']['imagefile'], $_FILES['newspotform']['tmp_name']['nzbfile']); if (empty($formMessages['errors'])) { $postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'spotterid' => $spotSigning->calculateSpotterId($this->_currentSession['user']['publickey']), 'body' => $spot['body']); $formMessages['info'][] = _('Spot has been successfully uploaded. It can take some time before it is shown'); # en verstuur een notificatie $spotsNotifications->sendSpotPosted($spot); } else { $postResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('newspot', array('postspotform' => $spot, 'formmessages' => $formMessages, 'postresult' => $postResult)); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); # edituserprefs resultaat is standaard niet geprobeerd $editResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user preferences"; # haal de te editten user op $spotUser = $this->_db->getUser($this->_currentSession['user']['userid']); if ($spotUser === false) { $formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username'])); $editResult = array('result' => 'failure'); } # if # Bepaal welke actie er gekozen was (welke knop ingedrukt was) $formAction = ''; if (isset($this->_editUserPrefsForm['submitedit'])) { $formAction = 'edit'; unset($this->_editUserPrefsForm['submitedit']); } elseif (isset($this->_editUserPrefsForm['submitcancel'])) { $formAction = 'cancel'; unset($this->_editUserPrefsForm['submitcancel']); } # if # We vragen de anonymous user account op, omdat die z'n preferences gebruikt worden # als basis. $anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID); # Is dit een submit van een form, of nog maar de aanroep? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'edit': # We hebben een aantal dummy preferences welke een speciale actie heeft voor ons, we nemen er hier # actie over. In de functie cleanseUserPreferences() worden ze automatisch gestripped. if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) { $spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'icon' => 'spotweb.png', 'tree' => '~cat0_z3')); } else { $spotUserSystem->removeIndexFilter($spotUser['userid']); } # if # Er mogen geen user preferences doorgegeven worden, welke niet in de anonuser preferences staan, # een merge met de anonuser preferences kan niet, omdat dat niet opgegeven checkboxes (die komen gewoon # niet door), op true of false zou zetten naar gelang de default parameter en dus het formulier zou # negeren. $spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs']); # controleer en repareer alle preferences list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $this->_currentSession['user']['prefs']); if (empty($formMessages['errors'])) { # bewerkt de user $spotUserSystem->setUser($spotUser); # als het toevoegen van de user gelukt is, laat het weten $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else # Spotweb registreren bij de notificatie-providers. Dit moet mininmaal 1 keer, dus de veiligste optie is om dit # elke keer te doen als de voorkeuren worden opgeslagen $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $spotsNotifications->register(); break; # case 'edit' # case 'edit' case 'cancel': $editResult = array('result' => 'success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult)); }
function render() { SpotTiming::start(__CLASS__ . '::' . __FUNCTION__); # Give an page title $this->_pageTitle = _("overview"); /* * Make sure the user has the appropriate permissions */ $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_spots_index, ''); /* * When the user wants to perform a search, it needs specific search rights * as well */ if (!empty($this->_params['search'])) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_search, ''); } # if /* * We get a bunch of query parameters, so now change this to the actual * search query the user requested including the required sorting */ $svcUserFilter = new Services_User_Filters($this->_daoFactory, $this->_settings); $svcSearchQp = new Services_Search_QueryParser($this->_daoFactory->getConnection()); $parsedSearch = $svcSearchQp->filterToQuery($this->_params['search'], array('field' => $this->_params['sortby'], 'direction' => $this->_params['sortdir']), $this->_currentSession, $svcUserFilter->getIndexFilter($this->_currentSession['user']['userid'])); /* * If any specific action was chosen, we perform that as well */ if (isset($parsedSearch['filterValueList'][0]['fieldname']) && $parsedSearch['filterValueList'][0]['fieldname'] == "Watch") { # Make sure the appropriate permissions are set $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_watchlist, ''); $svcSpotStateListDao = new Services_Actions_SpotStateList($this->_daoFactory->getSpotStateListDao()); switch ($this->_action) { case 'remove': $svcSpotStateListDao->removeFromWatchList($this->_params['messageid'], $this->_currentSession['user']['userid']); $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $this->_currentSession); $spotsNotifications->sendWatchlistHandled($this->_action, $this->_params['messageid']); break; case 'add': $svcSpotStateListDao->addToWatchList($this->_params['messageid'], $this->_currentSession['user']['userid']); $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $this->_currentSession); $spotsNotifications->sendWatchlistHandled($this->_action, $this->_params['messageid']); break; default: } # switch } # if /* * Get the offset from the URL, if none given, we default to zero */ $pageNr = $this->_params['pagenr']; /* * Actually fetch the spots, we always perform * this action even when the watchlist is editted */ $svcProvSpotList = new Services_Providers_SpotList($this->_daoFactory->getSpotDao()); $spotsTmp = $svcProvSpotList->fetchSpotList($this->_currentSession['user']['userid'], $pageNr, $this->_currentSession['user']['prefs']['perpage'], $parsedSearch); /* * If we are on the first page, we want to pass '-1' as the previous page, * so the templates can deduce we are on the first page. * * If there are no more spots, make sure we don't show * the nextpage link */ if ($spotsTmp['hasmore']) { $nextPage = $pageNr + 1; } else { $nextPage = -1; } # else $prevPage = max($pageNr - 1, -1); #- display stuff -# $this->template('spots', array('spots' => $spotsTmp['list'], 'quicklinks' => $this->_settings->get('quicklinks'), 'filters' => $svcUserFilter->getFilterList($this->_currentSession['user']['userid'], 'filter'), 'nextPage' => $nextPage, 'prevPage' => $prevPage, 'parsedsearch' => $parsedSearch, 'data' => $this->_params['data'])); SpotTiming::stop(__CLASS__ . '::' . __FUNCTION__); }
function render() { # Make sure the result is set to 'not comited' per default $result = new Dto_FormResult('notsubmitted'); # Validate proper permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, ''); # Sportparser is nodig voor het escapen van de random string $spotParseUtil = new Services_Format_Util(); # we need the spotuser system $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); /* * Create a default form so we can be sure to always be able * to render the form without notices or whatever */ $spot = array('title' => '', 'body' => '', 'category' => 0, 'subcata' => '', 'subcatb' => array(), 'subcatc' => array(), 'subcatd' => array(), 'subcatz' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => ''); /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_spotForm['action']; # set the page title $this->_pageTitle = "spot: post"; # Make sure all variables are merged with the default form $spot = array_merge($spot, $this->_spotForm); # If user tried to submit, validate the file uploads $nzbFilename = ''; $imgFilename = ''; if ($formAction == 'post') { $result->setResult('success'); # Make sure an NZB file was provided $uploadHandler = new Services_Providers_FileUpload('newspotform', 'nzbfile'); if (!$uploadHandler->isUploaded()) { $result->addError(_('Please select NZB file')); } elseif (!$uploadHandler->success()) { $result->addError(_('Invalid NZB file') . ' (' . $uploadHandler->errorText() . ')'); } else { $nzbFilename = $uploadHandler->getTempName(); } # if # Make sure an picture was provided $uploadHandler = new Services_Providers_FileUpload('newspotform', 'imagefile'); if (!$uploadHandler->isUploaded()) { $result->addError(_('Please select a picture')); } elseif (!$uploadHandler->success()) { $result->addError(_('Invalid picture') . ' (' . $uploadHandler->errorText() . ')'); } else { $imgFilename = $uploadHandler->getTempName(); } # if } # if if ($formAction == 'post' && $result->isSuccess()) { # Initialize notificatiesystem $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $this->_currentSession); # Make sure we can post this spot, if so, make it happen $svcPostSpot = new Services_Posting_Spot($this->_daoFactory, $this->_settings); $result = $svcPostSpot->postSpot($svcUserRecord, $this->_currentSession['user'], $spot, $imgFilename, $nzbFilename); if ($result->isSuccess()) { $result->addData('user', $this->_currentSession['user']['username']); $result->addData('spotterid', $spotParseUtil->calculateSpotterId($this->_currentSession['user']['publickey']['modulo'])); # en send a notification $spotsNotifications->sendSpotPosted($spot); } # if } # if #- display stuff -# $this->template('newspot', array('postspotform' => $spot, 'result' => $result)); }