function flickr_faves_add_fave(&$viewer, &$photo, $date_faved = 0) { if (!$date_faved) { $date_faved = time(); } $cluster_id = $viewer['cluster_id']; $fave = array('user_id' => $viewer['id'], 'photo_id' => $photo['id'], 'owner_id' => $photo['user_id'], 'date_faved' => $date_faved); $insert = array(); foreach ($fave as $k => $v) { $insert[$k] = AddSlashes($v); } $rsp = db_insert_users($cluster_id, 'FlickrFaves', $insert); if (!$rsp['ok'] && $rsp['error_code'] != 1062) { return $rsp; } # now update the photo owner side of things $owner = users_get_by_id($photo['user_id']); $cluster_id = $owner['cluster_id']; $fave = array('user_id' => $owner['id'], 'photo_id' => $photo['id'], 'viewer_id' => $viewer['id']); $insert = array(); foreach ($fave as $k => $v) { $insert[$k] = AddSlashes($v); } $rsp = db_insert_users($cluster_id, 'FlickrFavesUsers', $insert); if (!$rsp['ok'] && $rsp['error_code'] != 1062) { return $rsp; } # TO DO: index/update the photo in solr and insert $viewer['id'] # into the faved_by column (20111123/straup) return okay(); }
function api_dots_dotsForUser() { // these keys not important $skipKeys = array("details", "details_json", "index_on", "details_listview", "type_of_co"); $u = request_str('user'); $owner = users_get_by_id($u); $output = array(); if ($owner) { $dots = dots_get_dots_for_user($owner); // please say there is a better way if ($dots) { foreach ($dots as &$row) { $a = array(); foreach ($row as $k => $v) { if (!in_array($k, $skipKeys)) { $a[$k] = $v; } } $output[] = $a; } } } if (count($output)) { api_output_ok($output); } else { api_output_error(); } }
function login_check_login() { if (!$GLOBALS['cfg']['enable_feature_signin']) { return 0; } if ($GLOBALS['cfg']['user']['id']) { return 1; } $auth_cookie = login_get_cookie($GLOBALS['cfg']['auth_cookie_name']); if (!$auth_cookie) { return 0; } $auth_cookie = crypto_decrypt($auth_cookie, $GLOBALS['cfg']['crypto_cookie_secret']); list($user_id, $password) = explode(':', $auth_cookie, 2); if (!$user_id) { return 0; } $user = users_get_by_id($user_id); if (!$user) { return 0; } if ($user['deleted']) { return 0; } if ($user['password'] !== $password) { return 0; } $GLOBALS['cfg']['user'] = $user; return 1; }
function _get_nsid($flickr_user, $more = array()) { # TO DO: put this all in a function somewhere and # call/queue it when a user signs up... # As db_main:Users $user = users_get_by_id($flickr_user['user_id']); if (!$user) { return; } $method = 'flickr.people.getInfo'; $args = array('user_id' => $flickr_user['nsid']); $ret = flickr_api_call($method, $args); if (!$ret['ok']) { dumper($args); dumper($ret); return; } $rsp = $ret['rsp']['person']; $path_alias = $rsp['path_alias']; $username = $rsp['username']['_content']; echo "[{$user['id']}] path alias: {$path_alias} screen name: {$username}\n"; if ($path_alias != $flickr_user['path_alias']) { $update = array('path_alias' => $path_alias); $rsp = flickr_users_update_user($flickr_user, $update); echo "[{$user['id']}] update path alias: {$rsp['ok']}\n"; # just let this fail silently if there's a duplicate flickr_users_path_aliases_create($user, $path_alias); } if ($username != $user['username']) { $update = array('username' => $username); $rsp = users_update_user($user, $update); echo "[{$user['id']}] update username: {$rsp['ok']}\n"; } }
function export_cache_root_for_sheet(&$sheet) { $user = users_get_by_id($sheet['user_id']); $user_root = export_cache_root_for_user($user); $sheet_root = _export_cache_explode_id($sheet['id']); $parts = array($user_root, $sheet_root); return implode(DIRECTORY_SEPARATOR, $parts); }
function set_path_alias($flickr_user, $more = array()) { if ($flickr_user['path_alias'] == '') { return; } $user = users_get_by_id($flickr_user['user_id']); flickr_users_path_aliases_create($user, $flickr_user['path_alias']); }
function flickr_backups_users() { $sql = "SELECT DISTINCT(user_id) FROM FlickrBackups"; $rsp = db_fetch($sql); $users = array(); foreach ($rsp['rows'] as $row) { $users[] = users_get_by_id($row['user_id']); } return $users; }
function flickr_contacts_get_contact($user_id, $contact_id) { $user = users_get_by_id($user_id); $cluster_id = $user['cluster_id']; $enc_user = AddSlashes($user_id); $enc_contact = AddSlashes($contact_id); $sql = "SELECT * FROM FlickrContacts WHERE user_id='{$enc_user}' AND contact_id='{$enc_contact}'"; $rsp = db_fetch_users($cluster_id, $sql); return db_single($rsp); }
function api_auth_oauth2_has_auth(&$method, $key_row = null) { $access_token = api_auth_oauth2_get_access_token($method); if (!$access_token) { return array('ok' => 0, 'error' => 'Required access token missing', 'error_code' => 400); } $token_row = api_oauth2_access_tokens_get_by_token($access_token); if (!$token_row) { return array('ok' => 0, 'error' => 'Invalid access token', 'error_code' => 400); } if ($token_row['disabled']) { return array('ok' => 0, 'error' => 'Access token is disabled', 'error_code' => 502); } if ($token_row['expires'] && $token_row['expires'] < time()) { return array('ok' => 0, 'error' => 'Access token has expired', 'error_code' => 400); } # I find it singularly annoying that we have to do this here # but OAuth gets what [redacted] wants. See also: notes in # lib_api.php around ln 65 (20121026/straup) $key_row = api_keys_get_by_id($token_row['api_key_id']); $rsp = api_keys_utils_is_valid_key($key_row); if (!$rsp['ok']) { return $rsp; } if (isset($method['requires_perms'])) { if ($token_row['perms'] < $method['requires_perms']) { $perms_map = api_oauth2_access_tokens_permissions_map(); $required = $perms_map[$method['requires_perms']]; return array('ok' => 0, 'error' => "Insufficient permissions, method requires a token with '{$required}' permissions", 'error_code' => 403); } } # Ensure user-iness - this may seem like a no-brainer until you think # about how the site itself uses the API in the absence of a logged-in # user (20130508/straup) $ensure_user = 1; $user = null; if (!$token_row['user_id'] && $key_row && features_is_enabled("api_oauth2_tokens_null_users")) { $key_role_id = $key_row['role_id']; $roles_map = api_keys_roles_map('string keys'); $valid_roles = $GLOBALS['cfg']['api_oauth2_tokens_null_users_allowed_roles']; $valid_roles_ids = array(); foreach ($valid_roles as $role) { $valid_roles_ids[] = $roles_map[$role]; } $ensure_user = $key_role_id && in_array($key_role_id, $valid_roles_ids) ? 0 : 1; } if ($ensure_user) { $user = users_get_by_id($token_row['user_id']); if (!$user || $user['deleted']) { return array('ok' => 0, 'error' => 'Not a valid user', 'error_code' => 400); } } # return array('ok' => 1, 'access_token' => $token_row, 'api_key' => $key_row, 'user' => $user); }
function foursquare_urls_checkin(&$checkin) { # see the way I named foursquare checkin IDs 'checkin_id' # yeah, that was awesome... (20120219/straup) if (!$checkin['checkin_id']) { return; } $user = users_get_by_id($checkin['user_id']); $fsq_user = foursquare_users_get_by_user_id($user['id']); # Note the lack of a trailing slash, which is apparently # important in foursquare land... return "http://www.foursquare.com/user/{$fsq_user['foursquare_id']}/checkin/{$checkin['checkin_id']}"; }
function flickr_geobookmarks_import_for_nsid($nsid, $more = array()) { $flickr_user = flickr_users_get_by_nsid($nsid); $user = users_get_by_id($flickr_user['user_id']); if (!$user) { return not_okay("Not a valid user"); } $flickr_user = flickr_users_get_by_user_id($user['id']); $method = 'flickr.people.geoBookmarks.getList'; $args = array('auth_token' => $flickr_user['auth_token']); $rsp = flickr_api_call($method, $args); if (!$rsp['ok']) { return $rsp; } if (!$rsp['rsp']['bookmarks']['count']) { return okay(); } $bookmarks = array(); # mark everything as private for now since none of that stuff # got turned on before I left, sad face... (20120217/straup) $geo_perms = flickr_geo_permissions_map("string keys"); $geo_private = $geo_perms['private']; foreach ($rsp['rsp']['bookmarks']['bookmark'] as $bm) { $bm['user_id'] = $user['id']; $bm['name'] = $bm['label']; $bm['geocontext'] = $bm['context']; $bm['geoperms'] = $geo_private; $bm['woeid'] = 0; unset($bm['label']); unset($bm['pretty_name']); unset($bm['context']); $geo_method = 'flickr.places.findByLatLon'; $geo_args = array('lat' => $bm['latitude'], 'lon' => $bm['longitude'], 'accuracy' => $bm['accuracy']); $geo_rsp = flickr_api_call($geo_method, $geo_args); if ($geo_rsp['ok']) { # I still miss xpath... $bm['woeid'] = $geo_rsp['rsp']['places']['place'][0]['woeid']; } $bookmarks[] = $bm; } $rsp = flickr_geobookmarks_purge_for_user($user); if (!$rsp['ok']) { return $rsp; } $count = 0; foreach ($bookmarks as $bm) { $rsp = flickr_geobookmarks_add($bm); $count += $rsp['ok']; } return okay(array('count_imported' => $count)); }
function flickr_geobookmarks_add($bookmark) { $user = users_get_by_id($bookmark['user_id']); $cluster_id = $user['cluster_id']; $insert = array(); foreach ($bookmark as $k => $v) { $insert[$k] = AddSlashes($v); } $rsp = db_insert_users($cluster_id, 'FlickrGeoBookmarks', $insert); if ($rsp['ok']) { $rsp['bookmark'] = $bookmark; } return $rsp; }
function dots_search_extras_create($data) { # unique ID/key is (dot_id, name, value) $user = users_get_by_id($data['user_id']); $hash = array(); foreach ($data as $_key => $_value) { $hash[$key] = AddSlashes($value); } $rsp = db_insert('DotsSearchExtras', $hash); if ($rsp['ok']) { $rsp['data'] = $data; dots_search_facets_add($data['name'], $data['value']); } return $rsp; }
function flickr_contacts_import_for_nsid($nsid, $more = array()) { $flickr_user = flickr_users_get_by_nsid($nsid); $user = users_get_by_id($flickr_user['user_id']); if (!$user) { return array('ok' => 0, 'error' => 'not a valid user'); } $method = 'flickr.contacts.getList'; $count_contacts = 0; $args = array('auth_token' => $flickr_user['auth_token'], 'per_page' => 100, 'page' => 1); $pages = null; while (!isset($pages) || $pages >= $args['page']) { $rsp = flickr_api_call($method, $args); if (!$rsp) { return array('ok' => 0, 'error' => 'The Flickr API is wigging out...'); } if (!isset($pages)) { $pages = $rsp['rsp']['contacts']['pages']; } $contacts = $rsp['rsp']['contacts']['contact']; if (!is_array($contacts)) { return array('ok' => 0, 'error' => 'The Flickr API did not return any contacts'); } foreach ($contacts as $contact) { $contact_nsid = $contact['nsid']; $contact_username = $contact['username']; $flickr_contact = flickr_users_get_by_nsid($contact_nsid); if (!$flickr_contact) { $password = random_string(32); $user_contact = users_create_user(array("username" => $contact_username, "email" => "{$contact_username}@donotsend-flickr.com", "password" => $password)); # $method = 'flickr.people.getInfo'; $args = array('user_id' => $contact_nsid); $rsp = flickr_api_call($method, $args); $path_alias = $rsp['ok'] ? $rsp['rsp']['person']['path_alias'] : ''; # $flickr_contact = flickr_users_create_user(array('user_id' => $user_contact['id'], 'nsid' => $contact_nsid, 'path_alias' => $path_alias)); } $rel = flickr_contacts_calculate_relationship($contact); # echo "{$contact_username} : {$rel} ({$contact['friend']} {$contact['family']})\n"; $insert = array('user_id' => $user['id'], 'contact_id' => $flickr_contact['user_id'], 'rel' => $rel); $contact = flickr_contacts_add_contact($insert); $count_contacts++; } $args['page'] += 1; } return array('ok' => 1, 'count_imported' => $count_contacts); }
function passwords_validate_password_for_user($password, &$user, $more = array()) { $defaults = array('ensure_bcrypt' => 1); $more = array_merge($defaults, $more); $enc_password = $user['password']; $is_bcrypt = substr($enc_password, 0, 4) == '$2a$' ? 1 : 0; $validate_more = array('use_bcrypt' => $is_bcrypt); $is_ok = passwords_validate_password($password, $enc_password, $validate_more); if ($is_ok && !$is_bcrypt && $more['ensure_bcrypt'] && $GLOBALS['passwords_canhas_bcrypt']) { # note the pass-by-ref above if (users_update_password($user, $password)) { $user = users_get_by_id($user['id']); } } return $is_ok; }
function flickr_photos_geo_corrections_create($correction) { $user = users_get_by_id($correction['user_id']); if (!$user['id']) { return not_okay("Invalid user ID"); } $cluster_id = $user['cluster_id']; $correction['created'] = time(); $insert = array(); foreach ($correction as $k => $v) { $insert[$k] = AddSlashes($v); } $rsp = db_insert_users($cluster_id, 'FlickrPhotosGeoCorrections', $insert); if ($rsp['ok']) { $rsp['correction'] = $correction; } return $rsp; }
function privatesquare_checkins_create($checkin) { $user = users_get_by_id($checkin['user_id']); $cluster_id = $user['cluster_id']; $checkin['id'] = dbtickets_create(64); if (!isset($checkin['created'])) { $checkin['created'] = time(); } $insert = array(); foreach ($checkin as $k => $v) { $insert[$k] = AddSlashes($v); } $rsp = db_insert_users($cluster_id, 'PrivatesquareCheckins', $insert); if ($rsp['ok']) { $rsp['checkin'] = $checkin; } return $rsp; }
function api_auth_oauth2_has_auth(&$method, $key_row = null) { $access_token = api_auth_oauth2_get_access_token($method); if (!$access_token) { return array('ok' => 0, 'error' => 'Required access token missing', 'error_code' => 400); } $token_row = api_oauth2_access_tokens_get_by_token($access_token); if (!$token_row) { return array('ok' => 0, 'error' => 'Invalid access token', 'error_code' => 400); } if ($token_row['expires'] && $token_row['expires'] < time()) { return array('ok' => 0, 'error' => 'Access token has expired', 'error_code' => 400); } # I find it singularly annoying that we have to do this here # but OAuth gets what [redacted] wants. See also: notes in # lib_api.php around ln 65 (20121026/straup) $key_row = api_keys_get_by_id($token_row['api_key_id']); $rsp = api_keys_utils_is_valid_key($key_row); if (!$rsp['ok']) { return $rsp; } if (isset($method['requires_perms'])) { if ($token_row['perms'] < $method['requires_perms']) { return array('ok' => 0, 'error' => 'Insufficient permissions', 'error_code' => 403); } } # Ensure user-iness - this may seem like a no-brainer until you think # about how the site itself uses the API in the absence of a logged-in # user (20130508/straup) $ensure_user = 1; $user = null; if (features_is_enabled("api_site_keys", "api_site_tokens")) { # check that API key is a site key $ensure_user = $token_row['user_id'] ? 1 : 0; } if ($ensure_user) { $user = users_get_by_id($token_row['user_id']); if (!$user || $user['deleted']) { return array('ok' => 0, 'error' => 'Not a valid user', 'error_code' => 400); } } # return array('ok' => 1, 'access_token' => $token_row, 'api_key' => $key_row, 'user' => $user); }
function _set_latlon($row, $more = array()) { $user = users_get_by_id($row['user_id']); $venue_id = $row['venue_id']; $venue = foursquare_venues_get_by_venue_id($venue_id); if (!$venue) { $venue = foursquare_venues_archive_venue($venue_id); } if (!$venue) { echo "can not sort out venue data for '{$venue_id}'\n"; return; } $lat = $venue['latitude']; $lon = $venue['longitude']; $update = array('latitude' => AddSlashes($lat), 'longitude' => AddSlashes($lon)); $enc_id = $row['id']; $where = "id='{$enc_id}'"; $cluster_id = $user['cluster_id']; $rsp = db_update_users($cluster_id, 'PrivatesquareCheckins', $update, $where); echo "{$venue_id} : {$lat}, {$lon} {$where}: {$rsp['ok']}\n"; }
function flickr_faves_import_for_nsid($nsid, $more = array()) { $flickr_user = flickr_users_get_by_nsid($nsid); $user = users_get_by_id($flickr_user['user_id']); if (!$user) { return array('ok' => 0, 'error' => 'not a valid user'); } $method = 'flickr.favorites.getList'; $args = array('user_id' => $flickr_user['nsid'], 'auth_token' => $flickr_user['auth_token'], 'extras' => 'original_format,tags,media,date_upload,date_taken,geo,owner_name', 'per_page' => 100, 'page' => 1); if (isset($more['min_fave_date'])) { $args['min_fave_date'] = $more['min_fave_date']; } $pages = null; $count = 0; while (!isset($pages) || $pages >= $args['page']) { $rsp = flickr_api_call($method, $args); if (!$rsp['ok']) { return $rsp; } if (!isset($pages)) { $pages = $rsp['rsp']['photos']['pages']; } $photos = $rsp['rsp']['photos']['photo']; if (!is_array($photos)) { return array('ok' => 0, 'error' => 'no photos'); } foreach ($photos as $photo) { $ph_rsp = flickr_photos_import_photo($photo); if (!$ph_rsp['ok']) { return $ph_rsp; } $fave_rsp = flickr_faves_add_fave($user, $ph_rsp['photo'], $photo['date_faved']); if ($fave_rsp['ok']) { $count++; } } $args['page'] += 1; } return array('ok' => 1, 'count_imported' => $count); }
function flickr_photos_permissions_can_view_photo(&$photo, $viewer_id = 0, $more = array()) { if ($viewer_id && $photo['user_id'] == $viewer_id) { return 1; } $perms_map = flickr_photos_permissions_map(); $perms = $perms_map[$photo['perms']]; if (!$viewer_id && $perms == 'public') { return 1; } if ($perms == 'public') { return 1; } if ($contact = flickr_contacts_get_contact($photo['user_id'], $viewer_id)) { $rel_map = flickr_contacts_relationship_map(); $str_rel = $rel_map[$contact['rel']]; if ($perms == 'friends' || $perms == 'family') { return $str_rel == $perms ? 1 : 0; } if ($perms == 'friends and family') { return in_array($str_rel, array('friends', 'family')) ? 1 : 0; } } # Note: this is predicated on the assumption that the user # actually has permissions to view the photo otherwise the # backup/import code would not have downloaded the photo; the # problem is not a flickr permissions issue but due to the # fact that the photo owner is not a registered parallel-flickr # user and hence their contact list is not present. # (20120607/straup) if ($viewer_id && isset($more['allow_if_is_faved'])) { loadlib("flickr_faves"); $viewer = users_get_by_id($viewer_id); if (flickr_faves_is_faved_by_user($viewer, $photo['id'])) { return 1; } } return 0; }
function passwords_validate_password_for_user($password, &$user) { # # is this is *not* a bcrypt hash, but we allow promotion, # then verify & promote it. # $is_bcrypt = substr($user['password'], 0, 4) == '$2a$'; if ($GLOBALS['cfg']['passwords_use_bcrypt'] && $GLOBALS['cfg']['passwords_allow_promotion'] && !$is_bcrypt) { $test = hash_hmac("sha256", $password, $GLOBALS['cfg']['crypto_password_secret']); $is_ok = $test == $user['password']; if ($is_ok) { if (users_update_password($user, $password)) { $user = users_get_by_id($user['id']); } } return $is_ok; } # # simple case # return passwords_validate_password($password, $user['password']); }
function flickr_push_photos_for_subscription(&$sub, $older_than = null) { $user = users_get_by_id($sub['user_id']); $cluster = $user['cluster_id']; $enc_sub = AddSlashes($sub['id']); # TO DO: indexes $sql = "SELECT * FROM FlickrPushPhotos WHERE subscription_id='{$enc_sub}'"; if ($older_than) { $enc_older = AddSlashes($older_than); $sql .= " AND created > '{$enc_older}'"; } $sql .= " ORDER BY created DESC"; $rsp = db_fetch_users($cluster, $sql); $photos = array(); foreach ($rsp['rows'] as $row) { $photo = json_decode($row['photo_data'], 'as hash'); $photo['created'] = $row['created']; $photo['display_url'] = str_replace("_s.jpg", ".jpg", $photo['thumb_url']); $photos[] = $photo; } $rsp['rows'] = $photos; return $rsp; }
exit; } $code = get_str("code"); if (!$code) { error_404(); } $rsp = foursquare_api_get_auth_token($code); if (!$rsp['ok']) { $GLOBALS['error']['oauth_access_token'] = 1; $GLOBALS['smarty']->display("page_auth_callback_foursquare_oauth.txt"); exit; } $oauth_token = $rsp['oauth_token']; $foursquare_user = foursquare_users_get_by_oauth_token($oauth_token); if ($foursquare_user && ($user_id = $foursquare_user['user_id'])) { $user = users_get_by_id($user_id); } else { if (!$GLOBALS['cfg']['enable_feature_signup']) { $GLOBALS['smarty']->display("page_signup_disabled.txt"); exit; } else { $args = array('oauth_token' => $oauth_token); $rsp = foursquare_api_call('users/self', $args); if (!$rsp['ok']) { $GLOBALS['error']['foursquare_userinfo'] = 1; $GLOBALS['smarty']->display("page_auth_callback_foursquare_oauth.txt"); exit; } $foursquare_id = $rsp['rsp']['user']['id']; $username = $rsp['rsp']['user']['firstName']; $email = $rsp['rsp']['user']['contact']['email'];
include "include/init.php"; loadlib("privatesquare_checkins"); loadlib("privatesquare_checkins_utils"); loadlib("privatesquare_export"); loadlib("foursquare_users"); $fsq_id = get_int32("foursquare_id"); if (!$fsq_id) { error_404(); } $history_url = "user/{$fsq_id}/history/"; login_ensure_loggedin($history_url); $fsq_user = foursquare_users_get_by_foursquare_id($fsq_id); if (!$fsq_user) { error_404(); } $owner = users_get_by_id($fsq_user['user_id']); $is_own = $owner['id'] == $GLOBALS['cfg']['user']['id'] ? 1 : 0; # for now... if (!$is_own) { error_403(); } $more = array(); if ($page = get_int32("page")) { $more['page'] = $page; } if ($when = get_str("when")) { $more['when'] = $when; $history_url .= urlencode($when) . "/"; # TO DO: find some better heuristic for this number # besides "pull it out of my ass" (20120206/straup) $more['per_page'] = 100;
<?php include "include/init.php"; loadlib("flickr_places"); loadlib("flickr_photos_places"); loadlib("flickr_photos_geo"); if (!$GLOBALS['cfg']['enable_feature_solr'] || !$GLOBALS['cfg']['enable_feature_places']) { error_disabled(); } $flickr_user = flickr_users_get_by_url(); $owner = users_get_by_id($flickr_user['user_id']); $is_own = $owner['id'] == $GLOBALS['cfg']['user']['id'] ? 1 : 0; $GLOBALS['smarty']->assign_by_ref("owner", $owner); $GLOBALS['smarty']->assign("is_own", $is_own); # $woeid = get_int32("woeid"); if (!$woeid) { error_404(); } $place = flickr_places_get_by_woeid($woeid); if (!$place) { error_404(); } $placetypes = flickr_places_valid_placetypes(); $hier = array(); # put this in _get_by_woeid? probably... foreach ($placetypes as $type) { if (isset($place[$type])) { $woeid = $place[$type]['woeid']; $parts = explode(",", $place[$type]['_content']); $name = trim($parts[0]);
function api_keys_create($user_id, $title, $description, $callback = '') { $user = users_get_by_id($user_id); $id = dbtickets_create(64); $role_map = api_keys_roles_map('string keys'); $role_id = $role_map['general']; $key = api_keys_generate_key(); $secret = random_string(64); $now = time(); $key_row = array('id' => $id, 'user_id' => $user['id'], 'api_key' => $key, 'app_secret' => $secret, 'created' => $now, 'last_modified' => $now, 'app_title' => $title, 'app_description' => $description, 'app_callback' => $callback); # TO DO: callbacks and other stuff (what?) $insert = array(); foreach ($key_row as $k => $v) { $insert[$k] = AddSlashes($v); } $rsp = db_insert('ApiKeys', $insert); if ($rsp['ok']) { $rsp['key'] = $key_row; } return $rsp; }
function _search_generate_where_parts(&$args) { $search_params = array('b' => 'bbox', 'dt' => 'created', 'e' => 'extras', 'gh' => 'geohash', 'll' => 'latitude,latitude', 't' => 'type', 'u' => 'user_id'); $b = sanitize($args['b'], 'str'); # bounding box $dt = sanitize($args['dt'], 'str'); # datetime $gh = sanitize($args['gh'], 'str'); # geohash $ll = sanitize($args['ll'], 'str'); # latitude, longitude $u = sanitize($args['u'], 'int32'); # userid $e = sanitize($args['e'], 'str'); # extras $sortby = ''; # sanitize($args['_s'], 'str'); # sort by $sortorder = ''; # sanitize($args['_o'], 'str'); # sort order $where_parts = array(); # # Geo # if ($b) { list($swlat, $swlon, $nelat, $nelon) = explode(",", $b, 4); $where = implode(" AND ", array("d.latitude >= " . AddSlashes(floatval($swlat)), "d.longitude >= " . AddSlashes(floatval($swlon)), "d.latitude <= " . AddSlashes(floatval($nelat)), "d.longitude <= " . AddSlashes(floatval($nelon)))); $where_parts['geo'] = array("({$where})"); $where_parts['geo_query'] = 'bbox'; } else { if ($ll) { list($lat, $lon) = explode(",", $ll, 2); list($swlat, $swlon, $nelat, $nelon) = geo_utils_nearby_bbox($lat, $lon, 0.25); $where = implode(" AND ", array("d.latitude >= " . AddSlashes(floatval($swlat)), "d.longitude >= " . AddSlashes(floatval($swlon)), "d.latitude <= " . AddSlashes(floatval($nelat)), "d.longitude <= " . AddSlashes(floatval($nelon)))); $where_parts['geo'] = array("({$where})"); $where_parts['geo_query'] = 'nearby'; } else { if ($gh) { list($lat, $lon) = geo_geohash_decode($gh); list($swlat, $swlon, $nelat, $nelon) = geo_utils_nearby_bbox($lat, $lon, 0.25); $where = implode(" AND ", array("d.latitude >= " . AddSlashes(floatval($swlat)), "d.longitude >= " . AddSlashes(floatval($swlon)), "d.latitude <= " . AddSlashes(floatval($nelat)), "d.longitude <= " . AddSlashes(floatval($nelon)))); $where_parts['geo'] = array("({$where})"); $where_parts['geo_query'] = 'geohash'; } else { } } } # # Time # if ($dt) { $date_start = null; $date_end = null; # "Around" a given date. For example: # http://dotspotting.example.com/search/?dt=(2010-10) # This doesn't always work, specifically when passed # something like '2010-11-19 12'. Punting for now... if (preg_match("/^\\(((\\d{4})(?:-(\\d{2})(?:-(\\d{2})(?:(?:T|\\s)(\\d{2})(?:\\:(\\d{2})(?:\\:(\\d{2}))?)?)?)?)?)\\)\$/", $dt, $m)) { list($ignore, $dt, $year, $month, $day, $hour) = $m; $offset = 0; if ($hour) { $offset = 60 * 60; } elseif ($day) { $offset = 60 * 60 * 24; } elseif ($month) { $offset = 60 * 60 * 24 * 28; } elseif ($year) { $offset = 60 * 60 * 24 * 365; } if ($ts = strtotime($dt)) { $date_start = $ts - $offset; $date_end = $ts + $offset; } } else { $parts = explode("/", $dt, 2); $date_start = strtotime($parts[0]); if (count($parts) == 2) { $date_end = strtotime($parts[1]); } } # ensure ($parts[0] && $date_start) and ($parts[1] && $end_date) here ? $time_parts = array(); if ($date_start) { $time_parts[] = "UNIX_TIMESTAMP(d.created) >= " . AddSlashes($date_start); } if ($date_end) { $time_parts[] = "UNIX_TIMESTAMP(d.created) <= " . AddSlashes($date_end); } if (count($time_parts)) { $where_parts['time'] = $time_parts; } } # # User stuff # if ($u) { $user = users_get_by_id($u); if ($user && !$user['deleted']) { $where_parts['user'] = array("d.user_id=" . AddSlashes($user['id'])); $where_parts['user_row'] = $user; } } # # Extras # if ($e && $GLOBALS['cfg']['enable_feature_dots_indexing']) { $extras = array(); # This (the part with the ";" and the ":") is not the final syntax. # I'm just working through the other bits first. (20101213/straup) foreach (explode(";", $e) as $parts) { list($name, $value) = explode(":", $parts); $tmp = array(); if ($name) { $enc_name = AddSlashes($name); $tmp[] = "e.name='{$enc_name}'"; } if ($value) { if (preg_match("/^CONTAINS\\((.+)\\)\$/", $value, $m)) { $enc_value = AddSlashes($m[1]); $tmp[] = "e.value LIKE '%{$enc_value}%'"; } else { $enc_value = AddSlashes($value); $tmp[] = "e.value='{$enc_value}'"; } # Something to consider if it's ever possible to feel # safe and comfortible evulating regular expressions # from user input... (20101216/straup) # http://dev.mysql.com/doc/refman/5.1/en/regexp.html } if (count($parts)) { $extras[] = "(" . implode(" AND ", $tmp) . ")"; } } if (count($extras)) { $where_parts['extras'] = $extras; } } # # Sorting # if ($sortby) { if (in_array($sortby, array_values($search_params))) { # pass } else { if (in_array($sortby, array_keys($search_params))) { $sortby = $search_params[$sortby]; } else { $sortby = null; } } if ($sortby) { $sortorder = strtolower($sortorder) == 'desc' ? 'DESC' : 'ASC'; $where_parts['order'] = array('by' => $sortby, 'sort' => $sortorder); } } return $where_parts; }
if (post_isset("done") && crumb_check($crumb_key)) { $ok = 1; if (!post_isset("sync")) { $update_error = "missing sync"; $ok = 0; } if ($ok) { $sync = post_int32("sync"); if (!isset($sync_states[$sync])) { $update_error = "invalid sync"; $ok = 0; } } if ($ok) { if ($sync != $GLOBALS['cfg']['user']['sync_foursquare']) { $update = array('sync_foursquare' => $sync); $ok = users_update_user($GLOBALS['cfg']['user'], $update); if ($ok) { $GLOBALS['cfg']['user'] = users_get_by_id($GLOBALS['cfg']['user']['id']); } else { $update_error = "db error"; } } } $GLOBALS['smarty']->assign("update", 1); $GLOBALS['smarty']->assign("update_ok", $ok); $GLOBALS['smarty']->assign("update_error", $update_error); } $GLOBALS['smarty']->assign_by_ref("sync_states", $sync_states); $GLOBALS['smarty']->display("page_account_foursquare_sync.txt"); exit;
error_404(); } $crumb_key = "delete_feed"; $GLOBALS['smarty']->assign("crumb_key", $crumb_key); if (post_str("delete") && crumb_check($crumb_key)) { $feed_rsp = flickr_push_unsubscribe($sub); $GLOBALS['smarty']->assign("delete_feed", $feed_rsp); if ($feed_rsp['ok']) { $sub_rsp = flickr_push_subscriptions_delete($sub); $GLOBALS['smarty']->assign("delete_sub", $sub_rsp); if ($sub_rsp['ok']) { $redir = "{$GLOBALS['cfg']['abs_root_url']}god/push/subscriptions/{$sub['user_id']}/"; header("location: {$redir}"); exit; } } } $topic_map = flickr_push_topic_map(); $sub['str_topic'] = $topic_map[$sub['topic_id']]; if ($sub['last_update_details']) { $sub['last_update_details'] = json_decode($sub['last_update_details'], "as hash"); } $owner = users_get_by_id($sub['user_id']); $sub['owner'] = $owner; $photos = flickr_push_photos_for_subscription($sub); $is_push_backup = flickr_push_subscriptions_is_push_backup($sub); $GLOBALS['smarty']->assign("is_push_backup", $is_push_backup); $GLOBALS['smarty']->assign_by_ref("subscription", $sub); $GLOBALS['smarty']->assign_by_ref("photos", $photos['rows']); $GLOBALS['smarty']->display("page_god_push_subscription.txt"); exit;