Example #1
0
    /**
     * @param integer $id
     * @param null|PdoDatabase $database
     * @return Comment[]
     * @throws Exception
     */
    public static function getForRequest($id, PdoDatabase $database = null)
    {
        if ($database == null) {
            $database = gGetDb();
        }
        if (User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
            // current user is an admin or checkuser, so retrieve everything.
            $statement = $database->prepare("SELECT * FROM comment WHERE request = :target;");
        } else {
            // current user isn't an admin, so limit to only those which are visible to users, and private comments
            // the user has posted themselves.
            $statement = $database->prepare(<<<SQL
SELECT * FROM comment
WHERE request = :target AND (visibility = 'user' OR user = :userid);
SQL
);
            $statement->bindValue(":userid", User::getCurrent()->getId());
        }
        $statement->bindValue(":target", $id);
        $statement->execute();
        $result = array();
        /** @var Comment $v */
        foreach ($statement->fetchAll(PDO::FETCH_CLASS, get_called_class()) as $v) {
            $v->isNew = false;
            $v->setDatabase($database);
            $result[] = $v;
        }
        return $result;
    }
Example #2
0
/**
 * Send a "close pend ticket" email to the end user. (created, taken, etc...)
 */
function sendemail($messageno, $target, $id)
{
    $template = EmailTemplate::getById($messageno, gGetDb());
    $headers = 'From: accounts-enwiki-l@lists.wikimedia.org';
    // Get the closing user's Email signature and append it to the Email.
    if (User::getCurrent()->getEmailSig() != "") {
        $emailsig = html_entity_decode(User::getCurrent()->getEmailSig(), ENT_QUOTES, "UTF-8");
        mail($target, "RE: [ACC #{$id}] English Wikipedia Account Request", $template->getText() . "\n\n" . $emailsig, $headers);
    } else {
        mail($target, "RE: [ACC #{$id}] English Wikipedia Account Request", $template->getText(), $headers);
    }
}
Example #3
0
 /**
  * @param User $user
  */
 private static function createLogEntry(PdoDatabase $database, DataObject $object, $logaction, $comment = null, $user = null)
 {
     if ($user == null) {
         $user = User::getCurrent();
     }
     $log = new Log();
     $log->setDatabase($database);
     $log->setAction($logaction);
     $log->setObjectId($object->getId());
     $log->setObjectType(get_class($object));
     $log->setUser($user);
     $log->setComment($comment);
     $log->save();
 }
Example #4
0
 /**
  * Summary of displayInternalHeader
  */
 public static function displayInternalHeader()
 {
     // userid
     // username
     // sitenotice
     global $smarty, $session;
     $userid = isset($_SESSION['userID']) ? $_SESSION['userID'] : 0;
     $user = isset($_SESSION['user']) ? $_SESSION['user'] : "";
     $sitenotice = InterfaceMessage::get(InterfaceMessage::SITENOTICE);
     $smarty->assign("userid", $userid);
     $smarty->assign("username", $user);
     $smarty->assign("sitenotice", $sitenotice);
     $smarty->assign("alerts", SessionAlert::retrieve());
     $smarty->display("header-internal.tpl");
     if ($userid != 0) {
         User::getCurrent()->touchLastLogin();
         $session->forceLogout($_SESSION['userID']);
     }
 }
Example #5
0
	<div class="option" id="ln-media"><a class="section" href="media.php">General Media</a></div>
	<?php 
}
if ($section == 'links') {
    ?>
	<div class="option-active" id="ln-links-active"><a class="section" href="links.php">Links</a></div>	
	<?php 
} else {
    ?>
	<div class="option" id="ln-links"><a class="section" href="links.php">Links</a></div>	
	<?php 
}
?>
	
	<?php 
$u = User::getCurrent();
if ($u->isAdmin()) {
    if ($section == 'admin_users' || $section == 'admin_streaming_audio') {
        ?>
		<div class="option-active" id="ln-admin-active"><a class="section" href="admin.php">Admin Options</a></div>
		<ul>
			<li<?php 
        if ($section == 'admin_users') {
            ?>
 class="active"<?php 
        }
        ?>
><a href="admin_users.php">Users</a></li>
			<li<?php 
        if ($section == 'admin_streaming_audio') {
            ?>
Example #6
0
 function update($postArray)
 {
     $db = new db();
     $title = $db->sanitize_to_db($postArray['title']);
     $uo = User::getCurrent();
     include_class('band_members');
     if (User::isAdmin()) {
         $uo = User::get($postArray['user_id']);
         if (db::isError($uo)) {
             $e->add($uo);
         } else {
             if (!$uo->isAdmin() && $uo->isBandMember()) {
                 $e->add("Invalid user. User must be a band member or an administrator.");
             }
         }
     } else {
         $uo = User::getCurrent();
     }
     $user_id = $uo->getID();
     $_dt = strtotime($postArray['date']);
     $dt = date('Y-m-d', $_dt) . ' ' . $postArray['time'];
     $dateTime = date("Y-m-d H:i:s", strtotime($dt));
     $description = $db->sanitize_to_db($postArray['description']);
     $body = $db->sanitize_to_db($postArray['body']);
     if (!$title) {
         $title = '(untitled)';
     }
     if (!$this->canEdit()) {
         return Error::create("You may not edit this news posting.");
     }
     $r = @mysql_query("update Band_News set title='{$title}', user_id = {$user_id}, date_time='{$dateTime}', description='{$description}', body='{$body}' where ID = " . $this->ID);
     if ($r) {
         return BandNews::get($this->ID);
     } else {
         return Error::MySQL();
     }
 }
Example #7
0
function zoomPage($id, $urlhash)
{
    global $session, $availableRequestStates, $createdid;
    global $smarty, $locationProvider, $rdnsProvider, $antispoofProvider;
    global $xffTrustProvider, $enableEmailConfirm;
    $database = gGetDb();
    $request = Request::getById($id, $database);
    if ($request == false) {
        // Notifies the user and stops the script.
        BootstrapSkin::displayAlertBox("Could not load the requested request!", "alert-error", "Error", true, false);
        BootstrapSkin::displayInternalFooter();
        die;
    }
    $smarty->assign('ecenable', $enableEmailConfirm);
    if (isset($_GET['ecoverride']) && User::getCurrent()->isAdmin()) {
        $smarty->assign('ecoverride', true);
    } else {
        $smarty->assign('ecoverride', false);
    }
    $smarty->assign('request', $request);
    $smarty->assign("usernamerawunicode", html_entity_decode($request->getName()));
    $smarty->assign("iplocation", $locationProvider->getIpLocation($request->getTrustedIp()));
    $createdreason = EmailTemplate::getById($createdid, gGetDb());
    $smarty->assign("createdEmailTemplate", $createdreason);
    #region setup whether data is viewable or not
    $viewableDataStatement = $database->prepare(<<<SQL
        SELECT COUNT(*) 
        FROM request 
        WHERE 
            (
                email = :email 
                OR ip = :trustedIp 
                OR forwardedip LIKE :trustedProxy
            ) 
            AND reserved = :reserved 
            AND emailconfirm = 'Confirmed' 
            AND status != 'Closed';
SQL
);
    $viewableDataStatement->bindValue(":email", $request->getEmail());
    $viewableDataStatement->bindValue(":reserved", User::getCurrent()->getId());
    $viewableDataStatement->bindValue(":trustedIp", $request->getTrustedIp());
    $viewableDataStatement->bindValue(":trustedProxy", '%' . $request->getTrustedIp() . '%');
    $viewableDataStatement->execute();
    $viewableData = $viewableDataStatement->fetchColumn();
    $viewableDataStatement->closeCursor();
    $hideinfo = $viewableData == 0;
    #endregion
    if ($request->getStatus() == "Closed") {
        $hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp() . microtime());
        //If the request is closed, change the hash based on microseconds similar to the checksums.
        $smarty->assign("isclosed", true);
    } else {
        $hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp());
        $smarty->assign("isclosed", false);
    }
    $smarty->assign("hash", $hash);
    if ($hash == $urlhash) {
        $correcthash = true;
    } else {
        $correcthash = false;
    }
    $smarty->assign("showinfo", false);
    if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
        $smarty->assign("showinfo", true);
    }
    // force to not show, overriden later
    $smarty->assign("proxyip", "");
    if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
        $smarty->assign("proxyip", $request->getForwardedIp());
        if ($request->getForwardedIp()) {
            $smartyproxies = array();
            // Initialize array to store data to be output in Smarty template.
            $smartyproxiesindex = 0;
            $proxies = explode(",", $request->getForwardedIp());
            $proxies[] = $request->getIp();
            $origin = $proxies[0];
            $smarty->assign("origin", $origin);
            $proxies = array_reverse($proxies);
            $trust = true;
            global $rfc1918ips;
            foreach ($proxies as $proxynum => $p) {
                $p2 = trim($p);
                $smartyproxies[$smartyproxiesindex]['ip'] = $p2;
                // get data on this IP.
                $trusted = $xffTrustProvider->isTrusted($p2);
                $ipisprivate = ipInRange($rfc1918ips, $p2);
                if (!$ipisprivate) {
                    $iprdns = $rdnsProvider->getRdns($p2);
                    $iplocation = $locationProvider->getIpLocation($p2);
                } else {
                    // this is going to fail, so why bother trying?
                    $iprdns = false;
                    $iplocation = false;
                }
                // current trust chain status BEFORE this link
                $pretrust = $trust;
                // is *this* link trusted?
                $smartyproxies[$smartyproxiesindex]['trustedlink'] = $trusted;
                // current trust chain status AFTER this link
                $trust = $trust & $trusted;
                if ($pretrust && $p2 == $origin) {
                    $trust = true;
                }
                $smartyproxies[$smartyproxiesindex]['trust'] = $trust;
                $smartyproxies[$smartyproxiesindex]['rdnsfailed'] = $iprdns === false;
                $smartyproxies[$smartyproxiesindex]['rdns'] = $iprdns;
                $smartyproxies[$smartyproxiesindex]['routable'] = !$ipisprivate;
                $smartyproxies[$smartyproxiesindex]['location'] = $iplocation;
                if ($iprdns == $p2 && $ipisprivate == false) {
                    $smartyproxies[$smartyproxiesindex]['rdns'] = null;
                }
                $smartyproxies[$smartyproxiesindex]['showlinks'] = (!$trust || $p2 == $origin) && !$ipisprivate;
                $smartyproxiesindex++;
            }
            $smarty->assign("proxies", $smartyproxies);
        }
    }
    global $defaultRequestStateKey;
    // TODO: remove me and replace with call in the template directly
    $smarty->assign("isprotected", $request->isProtected());
    $smarty->assign("defaultstate", $defaultRequestStateKey);
    $smarty->assign("requeststates", $availableRequestStates);
    try {
        $spoofs = $antispoofProvider->getSpoofs($request->getName());
    } catch (Exception $ex) {
        $spoofs = $ex->getMessage();
    }
    $smarty->assign("spoofs", $spoofs);
    // START LOG DISPLAY
    $logs = Logger::getRequestLogsWithComments($request->getId(), $request->getDatabase());
    $requestLogs = array();
    if (trim($request->getComment()) !== "") {
        $requestLogs[] = array('type' => 'comment', 'security' => 'user', 'userid' => null, 'user' => $request->getName(), 'entry' => null, 'time' => $request->getDate(), 'canedit' => false, 'id' => $request->getId(), 'comment' => $request->getComment());
    }
    $namecache = array();
    $editableComments = false;
    if (User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
        $editableComments = true;
    }
    foreach ($logs as $entry) {
        // both log and comment have a 'user' field
        if (!array_key_exists($entry->getUser(), $namecache)) {
            $namecache[$entry->getUser()] = $entry->getUserObject();
        }
        if ($entry instanceof Comment) {
            $requestLogs[] = array('type' => 'comment', 'security' => $entry->getVisibility(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'entry' => null, 'time' => $entry->getTime(), 'canedit' => $editableComments || $entry->getUser() == User::getCurrent()->getId(), 'id' => $entry->getId(), 'comment' => $entry->getComment());
        }
        if ($entry instanceof Log) {
            $requestLogs[] = array('type' => 'log', 'security' => 'user', 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'entry' => Logger::getLogDescription($entry), 'time' => $entry->getTimestamp(), 'canedit' => false, 'id' => $entry->getId(), 'comment' => $entry->getComment());
        }
    }
    $smarty->assign("requestLogs", $requestLogs);
    // START OTHER REQUESTS BY IP AND EMAIL STUFF
    // Displays other requests from this ip.
    // assign to user
    $userListQuery = "SELECT username FROM user WHERE status = 'User' or status = 'Admin';";
    $userListResult = gGetDb()->query($userListQuery);
    $userListData = $userListResult->fetchAll(PDO::FETCH_COLUMN);
    $userListProcessedData = array();
    foreach ($userListData as $userListItem) {
        $userListProcessedData[] = "\"" . htmlentities($userListItem) . "\"";
    }
    $userList = '[' . implode(",", $userListProcessedData) . ']';
    $smarty->assign("jsuserlist", $userList);
    // end: assign to user
    // TODO: refactor this!
    $createreasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED);
    $smarty->assign("createreasons", $createreasons);
    $declinereasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED);
    $smarty->assign("declinereasons", $declinereasons);
    $allcreatereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED);
    $smarty->assign("allcreatereasons", $allcreatereasons);
    $alldeclinereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED);
    $smarty->assign("alldeclinereasons", $alldeclinereasons);
    $allotherreasons = EmailTemplate::getAllActiveTemplates(false);
    $smarty->assign("allotherreasons", $allotherreasons);
    return $smarty->fetch("request-zoom.tpl");
}
Example #8
0
 function add($postArray)
 {
     $db = new db();
     $uo = User::getCurrent();
     if (User::isAdmin()) {
         $uo = User::get($postArray['user_id']);
         if (db::isError($uo)) {
             $e->add($uo);
         } else {
             if (!$uo->isAdmin() && $uo->isBandMember()) {
                 $e->add("Invalid user. User must be a band member or an administrator.");
             }
         }
     } else {
         $uo = User::getCurrent();
     }
     $user_id = $uo->getID();
     $name = $db->sanitize_to_db($postArray['name']);
     $address1 = $db->sanitize_to_db($postArray['address1']);
     $address2 = $db->sanitize_to_db($postArray['address2']);
     $city = $db->sanitize_to_db($postArray['city']);
     $stateProvince = $db->sanitize_to_db($postArray['stateProvince']);
     if ($stateProvince == "??") {
         $stateProvince = $db->sanitize_to_db($postArray['stateProvinceOther']);
     }
     $postalCode = $db->sanitize_to_db($postArray['postalCode']);
     $directions = $db->sanitize_to_db($postArray['directions']);
     $country = $db->sanitize_to_db($postArray['country']);
     $country = $country == null ? VENUE_DEFAULT_COUNTRY : $country;
     if (!$name) {
         $name = '(untitled venue)';
     }
     $r = mysql_query("insert into Venues (user_id, country, name, address1, address2, city, stateProvince, postalCode, directions, is_active) values ('{$user_id}', '{$country}', '{$name}', '{$address1}', '{$address2}', '{$city}', '{$stateProvince}', '{$postalCode}', '{$directions}'," . DEFAULT_ACTIVE . ")");
     if ($r) {
         return Venue::get(mysql_insert_id());
     } else {
         return Error::MySQL();
     }
 }
Example #9
0
 /**
  * Shows the statistics page.
  */
 public function Show()
 {
     // Get the needed objects.
     // fetch and show page header
     global $dontUseWikiDb;
     BootstrapSkin::displayInternalHeader();
     if ($this->requiresWikiDatabase() && $dontUseWikiDb == 1) {
         // wiki database unavailable, don't show stats page
         BootstrapSkin::displayAlertBox("This statistics page is currently unavailable.", "alert-error", "Database unavailable", true, false);
         BootstrapSkin::displayInternalFooter();
         die;
     }
     // wiki database available OR stats page doesn't need wiki database
     // check protection level
     if ($this->isProtected()) {
         if (User::getCurrent()->isCommunityUser()) {
             showlogin();
             BootstrapSkin::displayInternalFooter();
             die;
         }
         $session = new session();
         $session->checksecurity();
     }
     // not protected or access allowed
     echo '<div class="page-header"><h1>' . $this->getPageTitle() . '</h1></div>';
     if ($this->requiresSimpleHtmlEnvironment()) {
         echo '<div class="row-fluid"><div class="span12">';
         BootstrapSkin::pushTagStack("</div>");
         BootstrapSkin::pushTagStack("</div>");
     }
     echo $this->execute();
     // Display the footer of the interface.
     BootstrapSkin::displayInternalFooter();
 }
Example #10
0
 function add($postArray)
 {
     $db = new db();
     include_class('venues');
     $e = new Error();
     $name = $db->sanitize_to_db($postArray['name']);
     $dt = $db->sanitize_to_db($postArray['date']);
     $date = date("Y-m-d", strtotime($dt));
     if ($postArray['time']) {
         $time = $db->sanitize_to_db($postArray['time']);
         $time = "'" . date("H:i:s", strtotime($time)) . "'";
     } else {
         $time = "null";
     }
     if ($postArray['cost'] != "") {
         $cost = $db->sanitize_to_db($postArray['cost']);
         $cost = "'{$cost}'";
     } else {
         $cost = "null";
     }
     $is_all_ages = $postArray['is_all_ages'] == '1' ? 1 : 0;
     $other_bands = $db->sanitize_to_db($postArray['other_bands']);
     $notes = $db->sanitize_to_db($postArray['notes']);
     if (User::isAdmin()) {
         $uo = User::get($postArray['user_id']);
         if (db::isError($uo)) {
             $e->add($uo);
         } else {
             if (!$uo->isAdmin() && $uo->isBandMember()) {
                 $e->add("Invalid user. User must be a band member or an administrator.");
             }
         }
     } else {
         $uo = User::getCurrent();
     }
     if ($postArray['venue_id'] != '0') {
         $ve = Venue::get($postArray['venue_id']);
     }
     if (db::isError($ve)) {
         $e->add($ve);
     }
     if ($e->hasErrors()) {
         return $e;
     }
     $user_id = $uo->getID();
     $venue_id = $db->sanitize_to_db($postArray['venue_id']);
     if (!$name) {
         $name = is_object($ve) && !db::isError($ve) ? $db->sanitize_to_db($ve->getName()) : "(untitled show)";
     }
     $r = mysql_query("insert into Shows (name, venue_id, date, time, user_id, cost, is_all_ages, other_bands, notes, is_active) values ('{$name}', '{$venue_id}', '{$date}', {$time}, {$user_id}, {$cost}, {$is_all_ages}, '{$other_bands}', '{$notes}'," . DEFAULT_ACTIVE . ")");
     if ($r) {
         return Show::get(mysql_insert_id());
     } else {
         return Error::MySQL();
     }
 }
 function canEdit()
 {
     $uo = User::getCurrent();
     if (is_object($uo)) {
         $bm = $this->getMemberObject();
         return $uo->getID() == $bm->getUserID() || $uo->isAdmin();
     }
 }
Example #12
0
function statsTopCreatorsRowCallback($row, $rowno)
{
    $out = "<tr";
    if ($row['log_user'] == User::getCurrent()->getUsername()) {
        $out .= ' class="info"';
    }
    $out .= '>';
    $out .= '<td>' . $rowno . '</td>';
    $out .= '<td>' . $row['COUNT(*)'] . '</td>';
    global $baseurl;
    $out .= '<td><a ';
    if ($row['user_level'] == "Suspended") {
        $out .= 'class="muted" ';
    }
    if ($row['user_level'] == "Admin") {
        $out .= 'class="text-success" ';
    }
    $out .= 'href="' . $baseurl . '/statistics.php?page=Users&amp;user=' . $row['user_id'] . '">' . $row['log_user'] . '</a></td>';
    $out .= '</tr>';
    return $out;
}
Example #13
0
 /**
  * Summary of emailEdited
  * @param EmailTemplate $template
  */
 public static function emailEdited(EmailTemplate $template)
 {
     self::send("Email {$template->getId()} ({$template->getName()}) edited by " . User::getCurrent()->getUsername());
 }
<?php

include 'base.php';
User::protect();
$page_title = 'Band Member Diaries';
include_class('band_diaries');
include_class('band_members');
if ($_GET['memberID']) {
    $bm = BandMember::get($_GET['memberID']);
    $bdlist = $bm->getDiaries($_GET['entries_per_page'], $_GET['start']);
    $news_total = $bm->getTotalDiaryEntries();
    if (!db::isError($bm)) {
        $uo = $bm->getUserObject();
        $uoc = User::getCurrent();
    }
}
$section = 'band_diaries';
include 'layout/header.php';
if (is_object($bm) && !db::isError($bm)) {
    ?>

<div id="breadcrumb">
	<a href="index.php">Audition&nbsp;&#62;</a>&nbsp;<a href="band.php">Manage&nbsp;Band&nbsp;&#62;</a>&nbsp;<a href="band_diaries.php">Diaries&nbsp;&#62;</a>&nbsp;<?php 
    echo $uo->getFirstName();
    ?>
's Diary
</div>

	<h1><?php 
    echo strtolower($uo->getFirstName());
    ?>
Example #15
0
                ?>
 SELECTED<?php 
            }
            ?>
><?php 
            echo $uo->getFirstName();
            ?>
</option>
				<?php 
        }
        ?>
			</select>

		<?php 
    } else {
        $uo = User::getCurrent();
        echo $uo->getFirstName();
    }
    ?>
		
		</td>
		<td><strong>Is All Ages?</strong><br/><input type="radio" name="is_all_ages" value="1"<?php 
    if ($_POST['is_all_ages']) {
        ?>
 checked<?php 
    }
    ?>
> Yes
			<input type="radio" name="is_all_ages" value="0"<?php 
    if (!$_POST['is_all_ages']) {
        ?>
Example #16
0
 function update($postArray, $filterObj = null)
 {
     if ($filterObj) {
         $proceed = $filterObj->validateMediaOperation("UPDATE");
         if (db::isError($proceed)) {
             return $proceed;
         }
     }
     $db = new db();
     $title = $db->sanitize_to_db($postArray['title']);
     $description = $db->sanitize_to_db($postArray['description']);
     $u = User::getCurrent();
     if ($u->isAdmin()) {
         $access = $db->sanitize_to_db($postArray['access']);
         if ($access == 'STREAMING') {
             $result = $this->setupStreaming();
             if ($db->isError($result)) {
                 return $result;
             }
         }
         $q = "update DarkRoom_Media_to_Areas set title = '{$title}', description = '{$description}', access = '{$access}' where ID = " . $this->ID;
     } else {
         $q = "update DarkRoom_Media_to_Areas set title = '{$title}', description = '{$description}' where ID = " . $this->ID;
     }
     $r = mysql_query($q);
     if ($r) {
         return $r;
     } else {
         $e = new Error();
         $e->add(mysql_error());
         return $e;
     }
 }
Example #17
0
} elseif ($action == "oauthdetach") {
    if ($enforceOAuth) {
        BootstrapSkin::displayAccessDenied();
        BootstrapSkin::displayInternalFooter();
        die;
    }
    global $baseurl;
    $currentUser = User::getCurrent();
    $currentUser->detachAccount();
    header("Location: {$baseurl}/acc.php?action=logout");
} elseif ($action == "oauthattach") {
    $database = gGetDb();
    $database->transactionally(function () use($database) {
        try {
            global $oauthConsumerToken, $oauthSecretToken, $oauthBaseUrl, $oauthBaseUrlInternal;
            $user = User::getCurrent();
            // Get a request token for OAuth
            $util = new OAuthUtility($oauthConsumerToken, $oauthSecretToken, $oauthBaseUrl, $oauthBaseUrlInternal);
            $requestToken = $util->getRequestToken();
            // save the request token for later
            $user->setOAuthRequestToken($requestToken->key);
            $user->setOAuthRequestSecret($requestToken->secret);
            $user->save();
            $redirectUrl = $util->getAuthoriseUrl($requestToken);
            header("Location: {$redirectUrl}");
        } catch (Exception $ex) {
            throw new TransactionException($ex->getMessage(), "Connection to Wikipedia failed.", "alert-error", 0, $ex);
        }
    });
} else {
    echo defaultpage();
Example #18
0
 function isAdmin()
 {
     $uo = User::getCurrent();
     return $uo->getLevel() == 'ADMIN';
 }
Example #19
0
<?php

if (!defined("ACC")) {
    die;
}
// Invalid entry point
require_once 'lib/smarty/Smarty.class.php';
global $smarty, $smartydebug;
$smarty = new Smarty();
$toolVersion = Environment::getToolVersion();
$currentUser = User::getCurrent();
$smarty->assign("baseurl", $baseurl);
$smarty->assign("wikiurl", $wikiurl);
$smarty->assign("mediawikiScriptPath", $mediawikiScriptPath);
$smarty->assign("toolversion", $toolVersion);
$smarty->assign("currentUser", $currentUser);
$smarty->debugging = $smartydebug;
Example #20
0
    /**
     * Check the user's security level on page load, and bounce accordingly
     * 
     * @deprecated
     */
    public function checksecurity()
    {
        global $secure, $smarty;
        // CommunityUser has no database row, and we really don't want CommunityUser to have oauth credentials...
        if (!User::getCurrent()->isCommunityUser()) {
            if (User::getCurrent()->getStoredOnWikiName() == "##OAUTH##" && User::getCurrent()->getOAuthAccessToken() == null) {
                reattachOAuthAccount(User::getCurrent());
            }
            if (User::getCurrent()->isOAuthLinked()) {
                try {
                    // test retrieval of the identity
                    User::getCurrent()->getOAuthIdentity();
                } catch (TransactionException $ex) {
                    User::getCurrent()->setOAuthAccessToken(null);
                    User::getCurrent()->setOAuthAccessSecret(null);
                    User::getCurrent()->save();
                    reattachOAuthAccount(User::getCurrent());
                }
            } else {
                global $enforceOAuth;
                if ($enforceOAuth) {
                    reattachOAuthAccount(User::getCurrent());
                }
            }
        }
        if (User::getCurrent()->isNew()) {
            BootstrapSkin::displayAlertBox("I'm sorry, but, your account has not been approved by a site administrator yet. Please stand by.", "alert-error", "New account", true, false);
            BootstrapSkin::displayInternalFooter();
            die;
        } elseif (User::getCurrent()->isSuspended()) {
            $database = gGetDb();
            $suspendstatement = $database->prepare(<<<SQL
SELECT comment 
FROM log 
WHERE action = 'Suspended' AND objectid = :userid and objecttype = 'User' 
ORDER BY timestamp DESC
LIMIT 1;
SQL
);
            $suspendstatement->bindValue(":userid", User::getCurrent()->getId());
            $suspendstatement->execute();
            $suspendreason = $suspendstatement->fetchColumn();
            $suspendstatement->closeCursor();
            $smarty->assign("suspendreason", $suspendreason);
            $smarty->display("login/suspended.tpl");
            BootstrapSkin::displayInternalFooter();
            die;
        } elseif (User::getCurrent()->isDeclined()) {
            $database = gGetDb();
            $suspendstatement = $database->prepare(<<<SQL
SELECT comment
FROM log
WHERE action = 'Declined' AND objectid = :userid and objecttype = 'User'
ORDER BY timestamp DESC
LIMIT 1;
SQL
);
            $suspendstatement->bindValue(":userid", User::getCurrent()->getId());
            $suspendstatement->execute();
            $suspendreason = $suspendstatement->fetchColumn();
            $suspendstatement->closeCursor();
            $smarty->assign("suspendreason", $suspendreason);
            $smarty->display("login/declined.tpl");
            BootstrapSkin::displayInternalFooter();
            die;
        } elseif (!User::getCurrent()->isCommunityUser() && (User::getCurrent()->isUser() || User::getCurrent()->isAdmin())) {
            $secure = 1;
        } else {
            //die("Not logged in!");
        }
    }
Example #21
0
     $qterm = '%' . $term . '%';
     $statement = gGetDb()->prepare("SELECT * FROM request WHERE email LIKE :term;");
     $statement->bindValue(":term", $qterm);
     $statement->execute();
     $requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request");
     foreach ($requests as $r) {
         $r->setDatabase(gGetDb());
     }
     $smarty->assign("term", $term);
     $smarty->assign("requests", $requests);
     $target = "email address";
     $smarty->assign("target", $target);
     $smarty->display("search/searchresult.tpl");
 } elseif ($_GET['type'] == 'IP') {
     // move this to here, so non-admins can perform searches, but not on IP addresses or emails
     if (!User::getCurrent()->isAdmin() && !User::getCurrent()->isCheckuser()) {
         // Displays both the error message and the footer of the interface.
         BootstrapSkin::displayAlertBox("IP address search is only available to tool admins and checkusers.", "alert-error", "Access Denied");
         $smarty->display("search/searchform.tpl");
         BootstrapSkin::displayInternalFooter();
         die;
     }
     $qterm = '%' . $term . '%';
     $statement = gGetDb()->prepare("SELECT * FROM request WHERE email <> 'acc@toolserver.org' and ip <> '127.0.0.1' and ip LIKE :term or forwardedip LIKE :term2;");
     $statement->bindValue(":term", $qterm);
     $statement->bindValue(":term2", $qterm);
     $statement->execute();
     $requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request");
     foreach ($requests as $r) {
         $r->setDatabase(gGetDb());
     }
Example #22
0
 public function isProtected()
 {
     if ($this->reserved != 0) {
         if ($this->reserved == User::getCurrent()->getId()) {
             return false;
         } else {
             return true;
         }
     } else {
         return false;
     }
 }
Example #23
0
    }
    if (!isset($_POST['reason'])) {
        global $smarty;
        $smarty->assign("user", $user);
        $smarty->assign("status", "Declined");
        $smarty->assign("action", "decline");
        $smarty->display("usermanagement/changelevel-reason.tpl");
        BootstrapSkin::displayInternalFooter();
        die;
    } else {
        $user->decline($_POST['reason']);
        Notification::userDeclined($user, $_POST['reason']);
        BootstrapSkin::displayAlertBox("Declined user " . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'), "alert-info", "", false);
        $headers = 'From: accounts-enwiki-l@lists.wikimedia.org';
        // TODO: move to template?
        mail($user->getEmail(), "ACC Account Declined", "Dear " . $user->getOnWikiName() . ",\nYour account " . $user->getUsername() . " has been declined access to the account creation tool by " . User::getCurrent()->getUsername() . " because " . $_POST['reason'] . ". For more infomation please email accounts-enwiki-l@lists.wikimedia.org.\n- The English Wikipedia Account Creation Team", $headers);
        BootstrapSkin::displayInternalFooter();
        die;
    }
}
#endregion
#region renaming
if (isset($_GET['rename'])) {
    $user = User::getById($_GET['rename'], gGetDb());
    if ($user == false) {
        BootstrapSkin::displayAlertBox("Sorry, the user you are trying to rename could not be found.", "alert-error", "Error", true, false);
        BootstrapSkin::displayInternalFooter();
        die;
    }
    if (!isset($_POST['newname'])) {
        global $smarty;