/** * Forces an URL rewrite to the specified path * * @param string $fix_uri URL to forcibly redirect to * @param int $http HTPP status code for the redirect */ static function fixPath(string $fix_uri, int $http = self::FIXPATH_TEMP) { $_split = explode('?', $_SERVER['REQUEST_URI'], 2); $path = $_split[0]; $query = empty($_split[1]) ? '' : "?{$_split[1]}"; $_split = explode('?', $fix_uri, 2); $fix_path = $_split[0]; $fix_query = empty($_split[1]) ? '' : "?{$_split[1]}"; if (empty($fix_query)) { $fix_query = $query; } else { $query_assoc = self::queryStringAssoc($query); $fix_query_assoc = self::queryStringAssoc($fix_query); $merged = $query_assoc; foreach ($fix_query_assoc as $key => $item) { $merged[$key] = $item; } $fix_query_arr = array(); foreach ($merged as $key => $item) { if (!isset($item) || $item !== self::FIXPATH_EMPTY) { $fix_query_arr[] = $key . (!empty($item) ? '=' . urlencode($item) : ''); } } $fix_query = empty($fix_query_arr) ? '' : '?' . implode('&', $fix_query_arr); } if ($path !== $fix_path || $query !== $fix_query) { HTTP::redirect("{$fix_path}{$fix_query}", $http); } }
echo "pong"; break; default: CoreUtils::notFound(); } exit; } CoreUtils::notFound(); } // Static redirects switch ($do) { // PAGES case "logs": $do = 'admin'; $data = rtrim("logs/{$data}", '/'); HTTP::redirect(rtrim("/{$do}/{$data}", '/')); break; case "u": $do = 'user'; break; case "cg": case "colourguides": case "colourguide": case "colorguides": $do = 'colorguide'; break; } // Load controller $controller = INCPATH . "controllers/{$do}.php"; if (!($do === 'colorguide' && preg_match(new RegExp('\\.(svg|png)$'), $data))) { Users::authenticate();
/** * Requests or refreshes an Access Token * $type defaults to 'authorization_code' * * @param string $code * @param null|string $type * * @return User|void */ static function getToken(string $code, string $type = null) { global $Database, $http_response_header; if (empty($type) || !in_array($type, array('authorization_code', 'refresh_token'))) { $type = 'authorization_code'; } $URL_Start = 'https://www.deviantart.com/oauth2/token?client_id=' . DA_CLIENT . '&client_secret=' . DA_SECRET . "&grant_type={$type}"; switch ($type) { case "authorization_code": $json = DeviantArt::request("{$URL_Start}&code={$code}" . OAUTH_REDIRECT_URI, false); break; case "refresh_token": $json = DeviantArt::request("{$URL_Start}&refresh_token={$code}", false); break; } if (empty($json)) { if (Cookie::exists('access')) { $Database->where('access', Cookie::get('access'))->delete('sessions'); Cookie::delete('access', Cookie::HTTPONLY); } HTTP::redirect("/da-auth?error=server_error&error_description={$http_response_header[0]}"); } if (empty($json['status'])) { HTTP::redirect("/da-auth?error={$json['error']}&error_description={$json['error_description']}"); } $userdata = DeviantArt::request('user/whoami', $json['access_token']); /** @var $User Models\User */ $User = $Database->where('id', $userdata['userid'])->getOne('users'); if (isset($User->role) && $User->role === 'ban') { $_GET['error'] = 'user_banned'; $BanReason = $Database->where('target', $User->id)->orderBy('entryid', 'ASC')->getOne('log__banish'); if (!empty($BanReason)) { $_GET['error_description'] = $BanReason['reason']; } return; } $UserID = strtolower($userdata['userid']); $UserData = array('name' => $userdata['username'], 'avatar_url' => URL::makeHttps($userdata['usericon'])); $AuthData = array('access' => $json['access_token'], 'refresh' => $json['refresh_token'], 'expires' => date('c', time() + intval($json['expires_in'])), 'scope' => $json['scope']); $cookie = bin2hex(random_bytes(64)); $AuthData['token'] = sha1($cookie); $browser = CoreUtils::detectBrowser(); foreach ($browser as $k => $v) { if (!empty($v)) { $AuthData[$k] = $v; } } if (empty($User)) { $MoreInfo = array('id' => $UserID, 'role' => 'user'); $makeDev = !$Database->has('users'); if ($makeDev) { $MoreInfo['id'] = strtoupper($MoreInfo['id']); } $Insert = array_merge($UserData, $MoreInfo); $Database->insert('users', $Insert); $User = new User($Insert); if ($makeDev) { $User->updateRole('developer'); } } else { $Database->where('id', $UserID)->update('users', $UserData); } if (empty($makeDev) && !empty($User) && Permission::insufficient('member', $User->role) && $User->isClubMember()) { $User->updateRole('member'); } if ($type === 'refresh_token') { $Database->where('refresh', $code)->update('sessions', $AuthData); } else { $Database->where('user', $User->id)->where('scope', $AuthData['scope'], '!=')->delete('sessions'); $Database->insert('sessions', array_merge($AuthData, array('user' => $UserID))); } $Database->rawQuery("DELETE FROM sessions WHERE \"user\" = ? && lastvisit <= NOW() - INTERVAL '1 MONTH'", array($UserID)); Cookie::set('access', $cookie, time() + Time::$IN_SECONDS['year'], Cookie::HTTPONLY); return $User ?? null; }
/** * Loads the episode page * * @param null|int|Episode $force If null: Parses $data and loads approperiate epaisode * If array: Uses specified arra as Episode data * @param bool $serverSideRedirect Handle redirection to the correct page on the server/client side */ static function loadPage($force = null, $serverSideRedirect = true) { global $data, $CurrentEpisode, $Database, $PrevEpisode, $NextEpisode, $LinkedPost; if ($force instanceof Episode) { $CurrentEpisode = $force; } else { $EpData = self::parseID($data); if ($EpData['season'] === 0) { error_log("Attempted visit to {$data} from " . (!empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '[unknown referrer]') . ', redirecting to /movie page'); HTTP::redirect('/movie/' . $EpData['episode']); } $CurrentEpisode = empty($EpData) ? self::getLatest() : self::getActual($EpData['season'], $EpData['episode']); } if (empty($CurrentEpisode)) { CoreUtils::notFound(); } $url = $CurrentEpisode->formatURL(); if (!empty($LinkedPost)) { $url .= '#' . $LinkedPost->getID(); } if ($serverSideRedirect) { CoreUtils::fixPath($url); } $js = array('imagesloaded.pkgd', 'jquery.ba-throttle-debounce', 'jquery.fluidbox', 'Chart', 'episode'); if (Permission::sufficient('member')) { $js[] = 'episode-manage'; } if (Permission::sufficient('staff')) { $js[] = 'moment-timezone'; $js[] = 'episodes-manage'; } if (!$CurrentEpisode->isMovie) { $PrevEpisode = $Database->where('no', $CurrentEpisode->no, '<')->where('season', 0, '!=')->orderBy('no', 'DESC')->getOne('episodes', 'season,episode,title,twoparter'); $NextEpisode = $Database->where('no', $CurrentEpisode->no, '>')->where('season', 0, '!=')->orderBy('no', 'ASC')->getOne('episodes', 'season,episode,title,twoparter'); } else { $PrevEpisode = $Database->where('season', 0)->where('episode', $CurrentEpisode->episode, '<')->orderBy('episode', 'DESC')->getOne('episodes', 'season,episode,title'); $NextEpisode = $Database->where('season', 0)->where('episode', $CurrentEpisode->episode, '>')->orderBy('episode', 'ASC')->getOne('episodes', 'season,episode,title'); } $heading = $CurrentEpisode->formatTitle(); CoreUtils::loadPage(array('title' => "{$heading} - Vector Requests & Reservations", 'heading' => $heading, 'view' => 'episode', 'css' => 'episode', 'js' => $js, 'url' => $serverSideRedirect ? null : $url)); }
/** * Check authentication cookie and set global */ static function authenticate() { global $Database, $signedIn, $currentUser, $Color, $color; CSRFProtection::detect(); if (!POST_REQUEST && isset($_GET['CSRF_TOKEN'])) { HTTP::redirect(CSRFProtection::removeParamFromURL($_SERVER['REQUEST_URI'])); } if (!Cookie::exists('access')) { return; } $authKey = Cookie::get('access'); if (!empty($authKey)) { if (!preg_match(new RegExp('^[a-f\\d]+$', 'iu'), $authKey)) { $oldAuthKey = $authKey; $authKey = bin2hex($authKey); $Database->where('token', sha1($oldAuthKey))->update('sessions', array('token' => sha1($authKey))); Cookie::set('access', $authKey, time() + Time::$IN_SECONDS['year'], Cookie::HTTPONLY); } $currentUser = Users::get(sha1($authKey), 'token'); } if (!empty($currentUser)) { if ($currentUser->role === 'ban') { $Database->where('id', $currentUser->id)->delete('sessions'); } else { if (strtotime($currentUser->Session['expires']) < time()) { $tokenvalid = false; try { DeviantArt::getToken($currentUser->Session['refresh'], 'refresh_token'); $tokenvalid = true; } catch (CURLRequestException $e) { $Database->where('id', $currentUser->Session['id'])->delete('sessions'); trigger_error("Session refresh failed for {$currentUser->name} ({$currentUser->id}) | {$e->getMessage()} (HTTP {$e->getCode()})", E_USER_WARNING); } } else { $tokenvalid = true; } if ($tokenvalid) { $signedIn = true; if (time() - strtotime($currentUser->Session['lastvisit']) > Time::$IN_SECONDS['minute']) { $lastVisitTS = date('c'); if ($Database->where('id', $currentUser->Session['id'])->update('sessions', array('lastvisit' => $lastVisitTS))) { $currentUser->Session['lastvisit'] = $lastVisitTS; } } $_PrefersColour = array('Pirill-Poveniy' => true, 'itv-canterlot' => true); if (isset($_PrefersColour[$currentUser->name])) { $Color = 'Colour'; $color = 'colour'; } } } } else { Cookie::delete('access', Cookie::HTTPONLY); } }
<?php use App\HTTP; /** @var $data string */ if (is_numeric($data)) { HTTP::redirect("/movie/{$data}"); } else { HTTP::redirect("/movie/equestria-girls-{$data}"); }
$errdesc = $_GET['error_description']; } global $signedIn; if ($signedIn) { HTTP::redirect($_GET['state']); } Episodes::loadPage(); } $currentUser = DeviantArt::getToken($_GET['code']); $signedIn = !empty($currentUser); if (isset($_GET['error'])) { $err = $_GET['error']; if (isset($_GET['error_description'])) { $errdesc = $_GET['error_description']; } if ($err === 'user_banned') { $errdesc .= "\n\nIf you'd like to appeal your ban, please <a href='http://mlp-vectorclub.deviantart.com/notes/'>send the group a note</a>."; } Episodes::loadPage(); } if (preg_match(new RegExp('^[a-z\\d]+$', 'i'), $_GET['state'], $_match)) { $confirm = str_replace('{{CODE}}', $_match[0], file_get_contents(INCPATH . 'views/loginConfrim.html')); $confirm = str_replace('{{USERID}}', Permission::sufficient('developer') || UserPrefs::get('p_disable_ga') ? '' : $currentUser->id, $confirm); die($confirm); } else { if (preg_match($REWRITE_REGEX, $_GET['state'])) { HTTP::redirect($_GET['state']); } } HTTP::redirect('/');