public static function write($id, $data) { if (is_null(self::$context)) { self::initialize(); } if (strlen($id) < 32) { return false; } $userid = Acl::getIdentity('textcube'); if (empty($userid)) { $userid = Acl::getIdentity('openid') ? SESSION_OPENID_USERID : ''; } if (empty($userid)) { $userid = 'null'; } $id = POD::escapeString($id); $data = POD::escapeString($data); $server = POD::escapeString($_SERVER['HTTP_HOST']); $request = POD::escapeString(substr($_SERVER['REQUEST_URI'], 0, 255)); $referer = isset($_SERVER['HTTP_REFERER']) ? POD::escapeString(substr($_SERVER['HTTP_REFERER'], 0, 255)) : ''; $timer = Timer::getMicroTime() - self::$sessionMicrotime; $current = Timestamp::getUNIXtime(); $result = self::query('count', "UPDATE " . self::$context->getProperty('database.prefix') . "Sessions\n\t\t\t\tSET userid = {$userid}, privilege = '{$data}', server = '{$server}', request = '{$request}', referer = '{$referer}', timer = {$timer}, updated = IF(updated,{$current},1)\n\t\t\t\tWHERE id = '{$id}' AND address = '{$_SERVER['REMOTE_ADDR']}'"); if ($result && $result == 1) { @POD::commit(); return true; } return false; }
function addOpenID() { global $openid_list; $context = Model_Context::getInstance(); if (empty($_GET['openid_identifier']) || strstr($_GET['openid_identifier'], ".") === false) { exitWithError(_t('오픈아이디를 입력하지 않았거나, 도메인 없는 오픈아이디를 입력하였습니다.')); } $currentOpenID = Acl::getIdentity('openid_temp'); $fc = new OpenIDConsumer(); $claimedOpenID = $fc->fetch($_GET['openid_identifier']); if (in_array($claimedOpenID, $openid_list)) { exitWithError(_t('이미 연결된 오픈아이디 입니다') . " : " . $claimedOpenID); } if ($_GET['authenticated'] === "0") { header("Location: " . $context->getProperty('uri.blog') . "/owner/setting/account"); exit(0); } if (empty($currentOpenID) || $claimedOpenID != $currentOpenID) { loginOpenIDforAdding($claimedOpenID); return; } if (!in_array($currentOpenID, $openid_list)) { for ($i = 0; $i < OPENID_REGISTERS; $i++) { $openid = Setting::getUserSetting("openid." . $i, null, true); if (empty($openid)) { Setting::setUserSetting("openid." . $i, $currentOpenID, true); break; } } } echo "<html><head><script type=\"text/javascript\">//<![CDATA[" . CRLF . "alert('" . _t('연결하였습니다.') . " : " . $currentOpenID . "'); document.location.href='" . $context->getProperty('uri.blog') . "/owner/setting/account'; //]]></script></head></html>"; }
function openid_hardcore_login($target) { $context = Model_Context::getInstance(); if (!isset($_COOKIE['openid_auto']) || $_COOKIE['openid_auto'] != 'y') { return $target; } if (Acl::getIdentity('openid')) { return $target; } if (empty($_COOKIE['openid'])) { return $target; } if (strstr($_SERVER["REQUEST_URI"], "/login/openid") !== false) { return $target; } if (headers_sent()) { return $target; } header("Location: " . $context->getProperty('uri.blog') . "/login/openid?action=hardcore&requestURI=" . urlencode($_SERVER["REQUEST_URI"])); exit; }
function DEFNENSIO_FILTER($type, $name, $title, $url, $content, $openid = false) { global $hostURL, $blogURL, $database, $configVal, $defensio_conf; //if ( doesHaveOwnership() ) return true; // owner DEFENSIO_Init(); $defensio_meta = array(); $comment = array(); $comment['referrer'] = $_SERVER['HTTP_REFERER']; $comment['user-ip'] = preg_replace('/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR']); $comment['user-ip'] = '168.126.63.1'; $comment['owner-url'] = $defensio_conf['blog']; $comment['comment_type'] = $type == 2 ? 'trackback' : 'comment'; $comment['comment-author'] = $name; $comment['article-date'] = strftime("%Y/%m/%d", time()); // $comment['permalink'] = $comment_perma_link; // Make sure it we don't send an SQL escaped string to the server $comment['comment-content'] = defensio_unescape_string($content); $comment['comment-author-url'] = $url; //$comment['comment-author-email'] = $email; // optional field $next_id = $type == 2 ? getTrackBacksNextId() : getCommentsNextId(); $comment_TYPE = $type == 2 ? 'T' : 'C'; // to using openid if ($openid) { $comment['openid'] = Acl::getIdentity('openid'); $comment['user-logged-in'] = 'true'; } // to testing // $comment['test-force'] = 'spam,x.xxxx'; // | 'ham,x.xxxx' ( 0 ~ 1) if ($r = defensio_post('audit-comment', $comment)) { $ar = Spyc::YAMLLoad($r); if (isset($ar['defensio-result'])) { if ($ar['defensio-result']['status'] == DF_SUCCESS) { // Set metadata about the comment $defensio_meta['spaminess'] = $ar['defensio-result']['spaminess']; $defensio_meta['signature'] = $ar['defensio-result']['signature']; error_log(print_r($ar, true)); if ($ar['defensio-result']['spam']) { $defensio_meta['spam'] = true; defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta); return false; } else { // not spam $defensio_meta['spaminess'] = 0; // if do you want check with Thief-cat algorithm, comment out the following two lines. if (!$defensio_conf['force_with_tca']) { defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta); return true; } } } } /* else { // Succesful http request, but Defensio failed. } */ } /* else { // Unsuccesful POST to the server. Defensio might be down. } */ //defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta); // there is problem in defensio. /////////////////////// // call fail // Do Local spam check with "Thief-cat algorithm" $count = 0; $tableName = $database['prefix'] . 'Trackbacks'; if ($type == 2) { $sql = 'SELECT COUNT(id) as cc FROM ' . $database['prefix'] . 'Trackbacks WHERE'; $sql .= ' url = \'' . POD::escapeString($url) . '\''; $sql .= ' AND isFiltered > 0'; if ($row = POD::queryRow($sql)) { $count += @$row[0]; } } else { // Comment Case $tableName = $database['prefix'] . 'Comments'; $sql = 'SELECT COUNT(id) as cc FROM ' . $database['prefix'] . 'Comments WHERE'; $sql .= ' comment = \'' . POD::escapeString($content) . '\''; $sql .= ' AND homepage = \'' . POD::escapeString($url) . '\''; $sql .= ' AND name = \'' . POD::escapeString($name) . '\''; $sql .= ' AND isFiltered > 0'; if ($row = POD::queryRow($sql)) { $count += @$row[0]; } } // Check IP $sql = 'SELECT COUNT(id) as cc FROM ' . $tableName . ' WHERE'; $sql .= ' ip = \'' . POD::escapeString($_SERVER['REMOTE_ADDR']) . '\''; $sql .= ' AND isFiltered > 0'; if ($row = POD::queryRow($sql)) { $count += @$row[0]; } $is_spam = $count >= 10 ? 1 : 0; if (isset($defensio_meta['spaminess']) and isset($defensio_meta['signature']) && $is_spam) { defensio_submit_spam($defensio_meta['signature']); } $defensio_meta['spam'] = $defensio_meta['spaminess'] = $is_spam; defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta); return !$is_spam; }
function addOpenIDPannel($comment, $prefix) { $context = Model_Context::getInstance(); if (!isActivePlugin('CL_OpenID')) { return $comment; } $openid_identity = Acl::getIdentity('openid'); $whatisopenid = '<a target="_blank" href="' . _text('http://www.google.co.kr/search?q=OpenID&lr=lang_ko') . '"><span style="color:#ff6200">' . _text('오픈아이디란?') . '</span></a>'; //$lastcomment = ' | <a href="#" onClick="recallLastComment([##_article_rep_id_##]); return false"><span style="color:#ff6200">'._text('마지막 댓글로 채우기').'</span></a>'; $lastcomment = ''; $openidOnlySettingNotice = ''; if ($context->getProperty('blog.AddCommentMode', '') == 'openid') { $openidOnlySettingNotice = "<b>" . _text('오픈아이디로만 댓글을 남길 수 있습니다') . "</b>"; } $tag_login = '******' . $context->getProperty('uri.blog') . '/login/openid/guest?requestURI=' . urlencode($_SERVER["REQUEST_URI"]) . '"><span style="color:#ff6200">' . _text('로그인') . '</span></a>'; $tag_logoff = '<a href="' . $context->getProperty('uri.blog') . '/login/openid?action=logout&requestURI=' . urlencode($_SERVER["REQUEST_URI"]) . '"><span style="">' . _text('로그아웃') . '</span></a>'; $pannel = '<div class="commentOuterPannel">' . CRLF; $openid_input = 'OPENID_TAG_NEEDED'; $cookie_openid = ''; if (!empty($_COOKIE['openid'])) { $cookie_openid = $_COOKIE['openid']; } if ($openidOnlySettingNotice || $openid_identity) { $checked1 = 'checked="checked"'; $checked2 = ''; $disabled1 = ''; $disabled2 = 'disabled="disabled"'; } else { $checked1 = ''; $checked2 = 'checked="checked"'; $disabled1 = 'disabled="disabled"'; $disabled2 = ''; } $pannel_style = "style=\"width:100%; text-align:left\""; $radio_style = "style=\"width:15px;vertical-align:text-bottom;height:15px;border:0px;margin:0px;padding:0px;\""; $label_style = "style=\"display:inline;margin-top:0px;padding-left:0px;cursor:pointer\""; $openid_input_style = 'style="padding-left:21px;width:165px;background-image:url(' . $context->getProperty('service.path') . '/resources/image/icon_openid.gif' . ');' . 'background-repeat:no-repeat;background-position:0px center"'; if ($openid_identity) { $openid_input = '<span><a href="' . $openid_identity . '">' . OpenID::getDisplayName($openid_identity) . '</a></span>' . CRLF; $openid_input .= '<input type="hidden" name="openid_identifier" id="openid_identifier_[##_article_rep_id_##]" value="' . htmlentities($openid_identity) . '" />'; $openid_input = _text('현재 로그인한 오픈아이디') . ' ' . $openid_input; $_COOKIE['guestHomepage'] = $_SESSION['openid']['homepage']; $_COOKIE['guestName'] = $_SESSION['openid']['nickname']; } else { if (preg_match('/.*?(<input[^>]+_(?:guest|rp)_input_homepage_[^>]+>).*/sm', $comment, $match)) { $openid_input = $match[1]; $openid_input = str_replace('homepage_[##', 'openid_identifier_[##', $openid_input); $openid_input = str_replace('[##_' . $prefix . '_input_homepage_##]', 'openid_identifier', $openid_input); $openid_input = preg_replace('/value=(?:"|\')?(?:[^"\']+)(?:"|\')?/', 'value="' . $cookie_openid . '"', $openid_input); $openid_input = preg_replace('/style=("|\')?([^"\']+)("|\')?/', '', $openid_input); $openid_input = preg_replace('/(value=(?:"|\'))/', $openid_input_style . ' $1', $openid_input); } } if ($disabled1) { $openid_input = preg_replace('/(name=(?:"|\'))/', $disabled1 . ' $1', $openid_input); } if ($disabled2) { $comment = preg_replace("/(.*)(<input)((?:[^>]+)name_\\[##_article_rep_id_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment); $comment = preg_replace("/(.*)(<input)((?:[^>]+)password_\\[##_article_rep_id_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment); $comment = preg_replace("/(.*)(<input)((?:[^>]+)\\[##_{$prefix}_input_name_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment); $comment = preg_replace("/(.*)(<input)((?:[^>]+)\\[##_{$prefix}_input_password_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment); } $pannel .= '<div class="commentTypeOpenid" ' . $pannel_style . '>' . '<input class="commentTypeCheckbox" ' . $checked1 . ' type="radio" ' . CRLF . $radio_style . CRLF . 'id="comment_type_[##_article_rep_id_##]_openid" ' . CRLF . 'name="comment_type" value="openid" ' . CRLF . 'onclick="this.form.[##_' . $prefix . '_input_name_##].disabled=this.form.[##_' . $prefix . '_input_password_##].disabled=true;this.form.openid_identifier.disabled=false;this.form.openid_identifier.disabled=false;"' . CRLF . '/> ' . CRLF . '<label for="comment_type_[##_article_rep_id_##]_openid" ' . $label_style . '>' . _text('오픈아이디로 글쓰기') . '</label> <span>[' . ($openid_identity ? $tag_logoff : $tag_login) . '][' . $whatisopenid . $lastcomment . ']</span></div>' . CRLF; /* Opera browser does not work with single 'this.form.openid_identifier.disabled=false;', is it a bug? */ $pannel .= '<div style="padding:5px 0 5px 0px;width:100%;">' . $openid_input . '</div>' . CRLF; $pannel .= '<div class="commentTypeNamepassword" ' . $pannel_style . ' >' . CRLF . '<input class="commentTypeCheckbox" ' . $checked2 . ' type="radio" ' . CRLF . $radio_style . CRLF . 'id="comment_type_[##_article_rep_id_##]_idpwd" ' . CRLF . 'name="comment_type" value="idpwd" ' . CRLF . 'onclick="this.form.[##_' . $prefix . '_input_name_##].disabled=this.form.[##_' . $prefix . '_input_password_##].disabled=false;this.form.openid_identifier.disabled=true;this.form.openid_identifier.disabled=true;"' . CRLF . '/> ' . CRLF . '<label for="comment_type_[##_article_rep_id_##]_idpwd" ' . $label_style . '>' . _text('이름/비밀번호로 글쓰기') . '</label> ' . $openidOnlySettingNotice . '</div>' . CRLF; $comment = $pannel . $comment . "</div>"; return $comment; }
} requireStrictRoute(); header('Content-Type: text/html; charset=utf-8'); if (!Validator::validate($IV)) { OpenIDConsumer::printErrorReturn('Illegal parameters', $_POST["requestURI"]); } if ($_POST["comment_type_{$entryId}"] != 'openid') { OpenIDConsumer::printErrorReturn('Invalid comment type', $_POST["requestURI"]); } if (!isset($_GET['__T__']) || !isset($_POST['key']) || $_POST['key'] != md5(filemtime(ROOT . '/config.php'))) { OpenIDConsumer::printErrorReturn('Illegal parameters', $_POST["requestURI"]); } if ($_POST["comment_{$entryId}"] == '') { OpenIDConsumer::printErrorReturn(_text('본문을 입력해 주십시오.'), $_POST["requestURI"]); } $openid_identity = Acl::getIdentity('openid'); if ($openid_identity) { /* OpenID success return path.. */ $_POST["name_{$entryId}"] = $_SESSION['openid']['nickname']; if (empty($_POST["name_{$entryId}"])) { $_POST["name_{$entryId}"] = $openid_identity; } if (empty($_POST["homepage_{$entryId}"]) || $_POST["homepage_{$entryId}"] == "http://") { $_POST["homepage_{$entryId}"] = empty($_SESSION['openid']['homepage']) ? $openid_identity : $_SESSION['openid']['homepage']; } } else { if (empty($tr['openid_errormsg'])) { /* OpenID request path.. */ $tid = Transaction::pickle(array('_POST' => $_POST, 'HTTP_REFERER' => $_SERVER['HTTP_REFERER'])); $requestURI = urlencode($context->getProperty('uri.blog') . "/comment/addopenid/{$entryId}?tid={$tid}&__T__=" . $_GET['__T__']); /* eas_mode will redirect your browser to the IdP authentication page in EAS4.js addComment-onError handler */
function updateUserInfo($nickname, $homepage) { $openid = Acl::getIdentity('openid'); if (empty($openid)) { return false; } $context = Model_Context::getInstance(); $pool = DBModel::getInstance(); $pool->reset('OpenIDUsers'); $pool->setQualifier('openid', 'equals', $openid, true); $result = $pool->getCell('openidinfo'); $data = unserialize($result); if (!empty($nickname)) { $data['nickname'] = $nickname; } if (!empty($homepage)) { $data['homepage'] = $homepage; } OpenIDConsumer::setUserInfo($data['nickname'], $data['homepage']); $data = serialize($data); $pool->reset('OpenIDUsers'); $pool->setAttribute('openidinfo', $data, true); $pool->setQualifier('openid', 'equals', $openid, true); $pool->update(); }
exit; } else { if ($userComment == '') { Respond::PrintResult(array('error' => 2, 'description' => _text('본문을 입력해 주십시오.'))); exit; } else { if (!empty($userName)) { setcookie('guestName', $userName, time() + 2592000, $context->getProperty('uri.blog') . "/"); } if (!empty($userHomepage) && $userHomepage != 'http://') { if (strpos($userHomepage, 'http://') !== 0) { $userHomepage = "http://{$userHomepage}"; } setcookie('guestHomepage', $userHomepage, time() + 2592000, $context->getProperty('uri.blog') . "/"); } if (Acl::getIdentity('openid')) { OpenIDConsumer::updateUserInfo($userName, $userHomepage); } $comment = array(); $comment['entry'] = $entryId; $comment['parent'] = null; $comment['name'] = $userName; $comment['password'] = $userPassword; $comment['homepage'] = $userHomepage == '' || $userHomepage == 'http://' ? '' : $userHomepage; $comment['secret'] = $userSecret; $comment['comment'] = $userComment; $comment['ip'] = $_SERVER['REMOTE_ADDR']; $result = addComment($blogid, $comment); if (in_array($result, array("ip", "name", "homepage", "comment", "openidonly", "etc"))) { switch ($result) { case "name":
function deleteComment($blogid, $id, $entry, $password) { global $database; if (!is_numeric($id)) { return false; } if (!is_numeric($entry)) { return false; } $guestcomment = false; if (POD::queryExistence("SELECT * FROM {$database['prefix']}Comments WHERE blogid = {$blogid} AND id = {$id} AND replier IS NULL")) { $guestcomment = true; } $wherePassword = ''; $sql = "DELETE FROM {$database['prefix']}Comments\n\t\tWHERE blogid = {$blogid}\n\t\t\tAND id = {$id}\n\t\t\tAND entry = {$entry}"; if (!doesHaveOwnership()) { if (Acl::getIdentity('openid') && empty($password)) { $wherePassword = '******'' . Acl::getIdentity('openid') . '\''; } else { if ($guestcomment == false) { if (!doesHaveMembership()) { return false; } $wherePassword = '******' . getUserId(); } else { $wherePassword = '******'' . md5($password) . '\''; } } } if (POD::queryCount($sql . $wherePassword)) { CacheControl::flushCommentRSS($entry); CacheControl::flushDBCache('comment'); updateCommentsOfEntry($blogid, $entry); return true; } return false; }
function deleteComment($blogid, $id, $entry, $password) { if (!is_numeric($id)) { return false; } if (!is_numeric($entry)) { return false; } $pool = DBModel::getInstance(); $guestcomment = false; $pool->reset('Comments'); $pool->setQualifier('blogid', 'eq', $blogid); $pool->setQualifier('id', 'eq', $id); $pool->setQualifier('replier', 'eq', NULL); if ($pool->doesExist()) { $guestcomment = true; } $wherePassword = ''; $pool->reset('Comments'); $pool->setQualifier('blogid', 'eq', $blogid); $pool->setQualifier('id', 'eq', $id); $pool->setQualifier('entry', 'eq', $entry); if (!doesHaveOwnership()) { if (Acl::getIdentity('openid') && empty($password)) { $pool->setQualifier('openid', Acl::getIdentity('openid'), true); } else { if ($guestcomment == false) { if (!doesHaveMembership()) { return false; } $pool->setQualifier('replier', 'eq', getUserId()); } else { $pool->setQualifier('password', 'eq', md5($password), true); } } } if ($pool->getCount()) { CacheControl::flushCommentRSS($entry); CacheControl::flushDBCache('comment'); updateCommentsOfEntry($blogid, $entry); return true; } return false; }
function getUserId() { return intval(Acl::getIdentity('textcube')); }
<table class="data-inbox"> <thead> <tr> <th class="site"><span class="text"><?php echo _t('오픈아이디'); ?> </span></th> <th class="site"><span class="text"><?php echo _t('삭제'); ?> </span></th> </tr> </thead> <tbody> <?php $currentOpenID = Acl::getIdentity('openid'); $openid_list = array(); for ($i = 0; $i < OPENID_REGISTERS; $i++) { $openid_identity = Setting::getUserSettingGlobal("openid." . $i); if (!empty($openid_identity)) { array_push($openid_list, $openid_identity); } } for ($i = 0; $i < count($openid_list); $i++) { $className = $i % 2 == 1 ? 'even-line' : 'odd-line'; $className .= $i == count($openid_list) - 1 ? ' last-line' : ''; ?> <tr class="<?php echo $className; ?> inactive-class" onmouseover="rolloverClass(this, 'over')" onmouseout="rolloverClass(this, 'out')">