/**
* Show the login page
*/
function showlogin()
{
global $smarty;
// Check whether there are any errors.
$errorbartext = "";
if (isset($_GET['error'])) {
if ($_GET['error'] == 'authfail') {
$errorbartext = BootstrapSkin::displayAlertBox("Username and/or password incorrect. Please try again.", "alert-error", "Auth failure", true, false, true);
} elseif ($_GET['error'] == 'noid') {
$errorbartext = BootstrapSkin::displayAlertBox("User account is not identified. Please email accounts-enwiki-l@lists.wikimedia.org if you believe this is in error.", "alert-error", "Auth failure", true, false, true);
} elseif ($_GET['error'] == 'newacct') {
$errorbartext = BootstrapSkin::displayAlertBox("I'm sorry, but, your account has not been approved by a site administrator yet. Please stand by.", "alert-info", "Account pending", true, false, true);
}
}
$smarty->assign("errorbar", $errorbartext);
global $strictTransportSecurityExpiry;
if ($strictTransportSecurityExpiry !== false) {
if (isHttps()) {
// Client can clearly use HTTPS, so let's enforce it for all connections.
header("Strict-Transport-Security: max-age=15768000");
} else {
// This is the login form, not the request form. We need protection here.
$path = 'https://' . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
header("Location: " . $path);
}
}
$smarty->display("login.tpl");
}
private function getUserDetail($userId)
{
$database = gGetDb();
$user = User::getById($userId, $database);
if ($user == false) {
return BootstrapSkin::displayAlertBox("User not found", "alert-error", "Error", true, false, true);
}
global $smarty;
$activitySummary = $database->prepare(<<<SQL
SELECT COALESCE(c.mail_desc, l.log_action) AS action, COUNT(*) AS count
FROM acc_log l
LEFT JOIN closes c ON l.log_action = c.closes
WHERE l.log_user = :username
GROUP BY action;
SQL
);
$activitySummary->execute(array(":username" => $user->getUsername()));
$activitySummaryData = $activitySummary->fetchAll(PDO::FETCH_ASSOC);
$smarty->assign("user", $user);
$smarty->assign("activity", $activitySummaryData);
$usersCreatedQuery = $database->prepare(<<<SQL
SELECT l.log_time time, r.name name, r.id id
FROM acc_log l
JOIN request r ON r.id = l.log_pend
LEFT JOIN emailtemplate e ON concat('Closed ', e.id) = l.log_action
WHERE l.log_user = :username
AND l.log_action LIKE 'Closed %'
AND (e.oncreated = '1' OR l.log_action = 'Closed custom-y')
ORDER BY l.log_time;
SQL
);
$usersCreatedQuery->execute(array(":username" => $user->getUsername()));
$usersCreated = $usersCreatedQuery->fetchAll(PDO::FETCH_ASSOC);
$smarty->assign("created", $usersCreated);
$usersNotCreatedQuery = $database->prepare(<<<SQL
SELECT l.log_time time, r.name name, r.id id
FROM acc_log l
JOIN request r ON r.id = l.log_pend
LEFT JOIN emailtemplate e ON concat('Closed ', e.id) = l.log_action
WHERE l.log_user = :username
AND l.log_action LIKE 'Closed %'
AND (e.oncreated = '0' OR l.log_action = 'Closed custom-n' OR l.log_action='Closed 0')
ORDER BY l.log_time;
SQL
);
$usersNotCreatedQuery->execute(array(":username" => $user->getUsername()));
$usersNotCreated = $usersNotCreatedQuery->fetchAll(PDO::FETCH_ASSOC);
$smarty->assign("notcreated", $usersNotCreated);
$accountLogQuery = $database->prepare(<<<SQL
SELECT *
FROM acc_log l
WHERE l.log_pend = :userid
\t AND log_action IN ('Approved','Suspended','Declined','Promoted','Demoted','Renamed','Prefchange');
SQL
);
$accountLogQuery->execute(array(":userid" => $user->getId()));
$accountLog = $accountLogQuery->fetchAll(PDO::FETCH_ASSOC);
$smarty->assign("accountlog", $accountLog);
return $smarty->fetch("statistics/userdetail.tpl");
}
/**
* Check the user's security level on page load, and bounce accordingly
*
* @deprecated
*/
public function checksecurity()
{
global $secure, $smarty;
if (User::getCurrent()->getStoredOnWikiName() == "##OAUTH##" && User::getCurrent()->getOAuthAccessToken() == null) {
reattachOAuthAccount(User::getCurrent());
}
if (User::getCurrent()->isOAuthLinked()) {
try {
// test retrieval of the identity
User::getCurrent()->getOAuthIdentity();
} catch (TransactionException $ex) {
User::getCurrent()->setOAuthAccessToken(null);
User::getCurrent()->setOAuthAccessSecret(null);
User::getCurrent()->save();
reattachOAuthAccount(User::getCurrent());
}
} else {
global $enforceOAuth;
if ($enforceOAuth) {
reattachOAuthAccount(User::getCurrent());
}
}
if (User::getCurrent()->isNew()) {
BootstrapSkin::displayAlertBox("I'm sorry, but, your account has not been approved by a site administrator yet. Please stand by.", "alert-error", "New account", true, false);
BootstrapSkin::displayInternalFooter();
die;
} elseif (User::getCurrent()->isSuspended()) {
$database = gGetDb();
$suspendstatement = $database->prepare("SELECT log_cmt FROM acc_log WHERE log_action = 'Suspended' AND log_pend = :userid ORDER BY log_time DESC LIMIT 1;");
$suspendstatement->bindValue(":userid", User::getCurrent()->getId());
$suspendstatement->execute();
$suspendreason = $suspendstatement->fetchColumn();
$suspendstatement->closeCursor();
$smarty->assign("suspendreason", $suspendreason);
$smarty->display("login/suspended.tpl");
BootstrapSkin::displayInternalFooter();
die;
} elseif (User::getCurrent()->isDeclined()) {
$database = gGetDb();
$suspendstatement = $database->prepare("SELECT log_cmt FROM acc_log WHERE log_action = 'Declined' AND log_pend = :userid ORDER BY log_time DESC LIMIT 1;");
$suspendstatement->bindValue(":userid", User::getCurrent()->getId());
$suspendstatement->execute();
$suspendreason = $suspendstatement->fetchColumn();
$suspendstatement->closeCursor();
$smarty->assign("suspendreason", $suspendreason);
$smarty->display("login/declined.tpl");
BootstrapSkin::displayInternalFooter();
die;
} elseif (!User::getCurrent()->isCommunityUser() && (User::getCurrent()->isUser() || User::getCurrent()->isAdmin())) {
$secure = 1;
} else {
//die("Not logged in!");
}
}
protected function execute()
{
$qb = new QueryBrowser();
$query = "SELECT COUNT(DISTINCT log_id) AS 'Requests Closed', YEAR(log_time) AS 'Year', MONTHNAME(log_time) AS 'Month' FROM acc_log WHERE log_action LIKE 'Closed%' GROUP BY EXTRACT(YEAR_MONTH FROM log_time) ORDER BY YEAR(log_time), MONTH(log_time) ASC;";
$out = $qb->executeQueryToTable($query);
global $showGraphs;
if ($showGraphs == 1) {
global $filepath;
require_once $filepath . 'graph/pChart/pChart.class';
require_once $filepath . 'graph/pChart/pData.class';
$queries = array();
$queries[] = array('query' => "SELECT COUNT(DISTINCT log_id) AS 'y', CONCAT( YEAR(log_time), '/' , MONTHNAME(log_time)) AS 'x' FROM acc_log WHERE log_action LIKE 'Closed%' AND YEAR(log_time) != 0 GROUP BY EXTRACT(YEAR_MONTH FROM log_time) ORDER BY YEAR(log_time), MONTH(log_time) ASC;", 'series' => "All closed requests by month");
$queries[] = array('query' => "SELECT COUNT(DISTINCT log_id) AS 'y', CONCAT( YEAR(log_time), '/' , MONTHNAME(log_time)) AS 'x' FROM acc_log WHERE log_action LIKE 'Closed 0' AND YEAR(log_time) != 0 GROUP BY EXTRACT(YEAR_MONTH FROM log_time) ORDER BY YEAR(log_time), MONTH(log_time) ASC;", 'series' => "Dropped requests by month");
$query = gGetDb()->query("SELECT id, name FROM emailtemplate WHERE active = '1';");
if (!$query) {
die("Query error.");
}
foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
$id = $row['id'];
$name = $row['name'];
$queries[] = array('query' => "SELECT COUNT(DISTINCT log_id) AS 'y', CONCAT( YEAR(log_time), '/' , MONTHNAME(log_time)) AS 'x' FROM acc_log WHERE log_action LIKE 'Closed {$id}' AND YEAR(log_time) != 0 GROUP BY EXTRACT(YEAR_MONTH FROM log_time) ORDER BY YEAR(log_time), MONTH(log_time) ASC;", 'series' => "{$name} requests by month");
}
$queries[] = array('query' => "SELECT COUNT(DISTINCT log_id) AS 'y', CONCAT( YEAR(log_time), '/' , MONTHNAME(log_time)) AS 'x' FROM acc_log WHERE log_action LIKE 'Closed custom-y' AND YEAR(log_time) != 0 GROUP BY EXTRACT(YEAR_MONTH FROM log_time) ORDER BY YEAR(log_time), MONTH(log_time) ASC;", 'series' => "Custom created requests by month");
$queries[] = array('query' => "SELECT COUNT(DISTINCT log_id) AS 'y', CONCAT( YEAR(log_time), '/' , MONTHNAME(log_time)) AS 'x' FROM acc_log WHERE log_action LIKE 'Closed custom-n' AND YEAR(log_time) != 0 GROUP BY EXTRACT(YEAR_MONTH FROM log_time) ORDER BY YEAR(log_time), MONTH(log_time) ASC;", 'series' => "Custom not created requests by month");
global $availableRequestStates;
foreach ($availableRequestStates as $state) {
$queries[] = array('query' => "SELECT COUNT(DISTINCT log_id) AS 'y', CONCAT( YEAR(log_time), '/' , MONTHNAME(log_time)) AS 'x' FROM acc_log WHERE log_action LIKE 'Deferred to " . $state['defertolog'] . "' AND YEAR(log_time) != 0 GROUP BY EXTRACT(YEAR_MONTH FROM log_time) ORDER BY YEAR(log_time), MONTH(log_time) ASC;", 'series' => "Requests deferred to " . $state['deferto'] . " by month");
}
global $baseurl;
foreach ($this->createClosuresGraph($queries) as $i) {
$out .= '<img src="' . $baseurl . '/render/' . $i[0] . '" alt="' . $i[1] . '"/>';
}
} else {
$out .= BootstrapSkin::displayAlertBox("Graph drawing is currently disabled.", "alert-info", "", false, false, true);
}
return $out;
}
$request->setIp($_SERVER['REMOTE_ADDR']);
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$request->setForwardedIp($_SERVER['HTTP_X_FORWARDED_FOR']);
}
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$request->setUserAgent($_SERVER['HTTP_USER_AGENT']);
}
$validationHelper = new RequestValidationHelper(new BanHelper(), $request, $_POST['emailconfirm']);
// These are arrays of ValidationError.
$nameValidation = $validationHelper->validateName();
$emailValidation = $validationHelper->validateEmail();
$otherValidation = $validationHelper->validateOther();
$validationErrors = array_merge($nameValidation, $emailValidation, $otherValidation);
if (count($validationErrors) > 0) {
foreach ($validationErrors as $validationError) {
BootstrapSkin::displayAlertBox($smarty->fetch("validation/" . $validationError->getErrorCode() . ".tpl"), "alert-error");
}
$smarty->display("request/request-form.tpl");
} else {
if ($enableEmailConfirm == 1) {
$request->generateEmailConfirmationHash();
$database->transactionally(function () use($request) {
$request->save();
// checksum depends on the ID, so we have to save again!
$request->updateChecksum();
$request->save();
});
$request->sendConfirmationEmail();
$smarty->display("request/email-confirmation.tpl");
} else {
$request->setEmailConfirm(0);
/**
* Shows the statistics page.
*/
public function Show()
{
// Get the needed objects.
// fetch and show page header
global $dontUseWikiDb;
BootstrapSkin::displayInternalHeader();
if ($this->requiresWikiDatabase() && $dontUseWikiDb == 1) {
// wiki database unavailable, don't show stats page
BootstrapSkin::displayAlertBox("This statistics page is currently unavailable.", "alert-error", "Database unavailable", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
// wiki database available OR stats page doesn't need wiki database
// check protection level
if ($this->isProtected()) {
if (User::getCurrent()->isCommunityUser()) {
showlogin();
BootstrapSkin::displayInternalFooter();
die;
}
$session = new session();
$session->checksecurity();
}
// not protected or access allowed
echo '<div class="page-header"><h1>' . $this->getPageTitle() . '</h1></div>';
if ($this->requiresSimpleHtmlEnvironment()) {
echo '<div class="row-fluid"><div class="span12">';
BootstrapSkin::pushTagStack("</div>");
BootstrapSkin::pushTagStack("</div>");
}
echo $this->execute();
// Display the footer of the interface.
BootstrapSkin::displayInternalFooter();
}
/**
* Shows the statistics page.
*/
public function Show()
{
// Get the needed objects.
// fetch and show page header
global $dontUseWikiDb, $session;
BootstrapSkin::displayInternalHeader();
if ($this->requiresWikiDatabase() && $dontUseWikiDb == 1) {
// wiki database unavailable, don't show stats page
BootstrapSkin::displayAlertBox("This statistics page is currently unavailable.", "alert-error", "Database unavailable", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
// wiki database available OR stats page doesn't need wiki database
// check protection level
if ($this->isProtected()) {
// protected, check accesslevel.
$sessionuser = isset($_SESSION['user']) ? $_SESSION['user'] : "";
if (!($session->hasright($sessionuser, "Admin") || $session->hasright($sessionuser, "User"))) {
// not authed
showlogin();
BootstrapSkin::displayInternalFooter();
die;
}
}
// not protected or access allowed
echo '<div class="page-header"><h1>' . $this->getPageTitle() . '</h1></div>';
if ($this->requiresSimpleHtmlEnvironment()) {
echo '<div class="row-fluid"><div class="span12">';
BootstrapSkin::pushTagStack("</div>");
BootstrapSkin::pushTagStack("</div>");
}
echo $this->execute();
// Display the footer of the interface.
BootstrapSkin::displayInternalFooter();
}
/**
* Summary of transactionally
* @param Closure $method
*/
public function transactionally($method)
{
if (!$this->beginTransaction()) {
BootstrapSkin::displayAlertBox("Error starting database transaction.", "alert-error", "Database transaction error", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
try {
$method();
$this->commit();
} catch (TransactionException $ex) {
$this->rollBack();
BootstrapSkin::displayAlertBox($ex->getMessage(), $ex->getAlertType(), $ex->getTitle(), true, false);
// TODO: yuk.
if (defined("PUBLICMODE")) {
BootstrapSkin::displayPublicFooter();
} else {
BootstrapSkin::displayInternalFooter();
}
die;
}
}
private function getUserDetail($userId)
{
$database = gGetDb();
$user = User::getById($userId, $database);
if ($user == false) {
return BootstrapSkin::displayAlertBox("User not found", "alert-error", "Error", true, false, true);
}
global $smarty;
$activitySummary = $database->prepare(<<<SQL
SELECT COALESCE(closes.mail_desc, log.action) AS action, COUNT(*) AS count
FROM log
INNER JOIN user ON log.user = user.id
LEFT JOIN closes ON log.action = closes.closes
WHERE user.username = :username
GROUP BY action;
SQL
);
$activitySummary->execute(array(":username" => $user->getUsername()));
$activitySummaryData = $activitySummary->fetchAll(PDO::FETCH_ASSOC);
$smarty->assign("user", $user);
$smarty->assign("activity", $activitySummaryData);
$usersCreatedQuery = $database->prepare(<<<SQL
SELECT log.timestamp time, request.name name, request.id id
FROM log
INNER JOIN request ON (request.id = log.objectid and log.objecttype = 'Request')
INNER JOIN user ON log.user = user.id
LEFT JOIN emailtemplate ON concat('Closed ', emailtemplate.id) = log.action
WHERE user.username = :username
AND log.action LIKE 'Closed %'
AND (emailtemplate.oncreated = '1' OR log.action = 'Closed custom-y')
ORDER BY log.timestamp;
SQL
);
$usersCreatedQuery->execute(array(":username" => $user->getUsername()));
$usersCreated = $usersCreatedQuery->fetchAll(PDO::FETCH_ASSOC);
$smarty->assign("created", $usersCreated);
$usersNotCreatedQuery = $database->prepare(<<<SQL
SELECT log.timestamp time, request.name name, request.id id
FROM log
JOIN request ON request.id = log.objectid and log.objecttype = 'Request'
JOIN user ON log.user = user.id
LEFT JOIN emailtemplate ON concat('Closed ', emailtemplate.id) = log.action
WHERE user.username = :username
AND log.action LIKE 'Closed %'
AND (emailtemplate.oncreated = '0' OR log.action = 'Closed custom-n' OR log.action = 'Closed 0')
ORDER BY log.timestamp;
SQL
);
$usersNotCreatedQuery->execute(array(":username" => $user->getUsername()));
$usersNotCreated = $usersNotCreatedQuery->fetchAll(PDO::FETCH_ASSOC);
$smarty->assign("notcreated", $usersNotCreated);
$accountLogQuery = $database->prepare(<<<SQL
SELECT
\tuser.username as log_user,
log.action as log_action,
log.timestamp as log_time,
log.comment as log_cmt
FROM log
INNER JOIN user ON user.id = log.user
WHERE log.objectid = :userid
AND log.objecttype = 'User'
AND log.action IN ('Approved','Suspended','Declined','Promoted','Demoted','Renamed','Prefchange');
SQL
);
$accountLogQuery->execute(array(":userid" => $user->getId()));
$accountLog = $accountLogQuery->fetchAll(PDO::FETCH_ASSOC);
$smarty->assign("accountlog", $accountLog);
return $smarty->fetch("statistics/userdetail.tpl");
}
function zoomPage($id, $urlhash)
{
global $session, $availableRequestStates, $createdid;
global $smarty, $locationProvider, $rdnsProvider, $antispoofProvider;
global $xffTrustProvider, $enableEmailConfirm;
$database = gGetDb();
$request = Request::getById($id, $database);
if ($request == false) {
// Notifies the user and stops the script.
BootstrapSkin::displayAlertBox("Could not load the requested request!", "alert-error", "Error", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
$smarty->assign('ecenable', $enableEmailConfirm);
if (isset($_GET['ecoverride']) && User::getCurrent()->isAdmin()) {
$smarty->assign('ecoverride', true);
} else {
$smarty->assign('ecoverride', false);
}
$smarty->assign('request', $request);
$smarty->assign("usernamerawunicode", html_entity_decode($request->getName()));
$smarty->assign("iplocation", $locationProvider->getIpLocation($request->getTrustedIp()));
$createdreason = EmailTemplate::getById($createdid, gGetDb());
$smarty->assign("createdEmailTemplate", $createdreason);
#region setup whether data is viewable or not
$viewableDataStatement = $database->prepare(<<<SQL
SELECT COUNT(*)
FROM request
WHERE
(
email = :email
OR ip = :trustedIp
OR forwardedip LIKE :trustedProxy
)
AND reserved = :reserved
AND emailconfirm = 'Confirmed'
AND status != 'Closed';
SQL
);
$viewableDataStatement->bindValue(":email", $request->getEmail());
$viewableDataStatement->bindValue(":reserved", User::getCurrent()->getId());
$viewableDataStatement->bindValue(":trustedIp", $request->getTrustedIp());
$viewableDataStatement->bindValue(":trustedProxy", '%' . $request->getTrustedIp() . '%');
$viewableDataStatement->execute();
$viewableData = $viewableDataStatement->fetchColumn();
$viewableDataStatement->closeCursor();
$hideinfo = $viewableData == 0;
#endregion
if ($request->getStatus() == "Closed") {
$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp() . microtime());
//If the request is closed, change the hash based on microseconds similar to the checksums.
$smarty->assign("isclosed", true);
} else {
$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp());
$smarty->assign("isclosed", false);
}
$smarty->assign("hash", $hash);
if ($hash == $urlhash) {
$correcthash = true;
} else {
$correcthash = false;
}
$smarty->assign("showinfo", false);
if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
$smarty->assign("showinfo", true);
}
// force to not show, overriden later
$smarty->assign("proxyip", "");
if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
$smarty->assign("proxyip", $request->getForwardedIp());
if ($request->getForwardedIp()) {
$smartyproxies = array();
// Initialize array to store data to be output in Smarty template.
$smartyproxiesindex = 0;
$proxies = explode(",", $request->getForwardedIp());
$proxies[] = $request->getIp();
$origin = $proxies[0];
$smarty->assign("origin", $origin);
$proxies = array_reverse($proxies);
$trust = true;
global $rfc1918ips;
foreach ($proxies as $proxynum => $p) {
$p2 = trim($p);
$smartyproxies[$smartyproxiesindex]['ip'] = $p2;
// get data on this IP.
$trusted = $xffTrustProvider->isTrusted($p2);
$ipisprivate = ipInRange($rfc1918ips, $p2);
if (!$ipisprivate) {
$iprdns = $rdnsProvider->getRdns($p2);
$iplocation = $locationProvider->getIpLocation($p2);
} else {
// this is going to fail, so why bother trying?
$iprdns = false;
$iplocation = false;
}
// current trust chain status BEFORE this link
$pretrust = $trust;
// is *this* link trusted?
$smartyproxies[$smartyproxiesindex]['trustedlink'] = $trusted;
// current trust chain status AFTER this link
$trust = $trust & $trusted;
if ($pretrust && $p2 == $origin) {
$trust = true;
}
$smartyproxies[$smartyproxiesindex]['trust'] = $trust;
$smartyproxies[$smartyproxiesindex]['rdnsfailed'] = $iprdns === false;
$smartyproxies[$smartyproxiesindex]['rdns'] = $iprdns;
$smartyproxies[$smartyproxiesindex]['routable'] = !$ipisprivate;
$smartyproxies[$smartyproxiesindex]['location'] = $iplocation;
if ($iprdns == $p2 && $ipisprivate == false) {
$smartyproxies[$smartyproxiesindex]['rdns'] = null;
}
$smartyproxies[$smartyproxiesindex]['showlinks'] = (!$trust || $p2 == $origin) && !$ipisprivate;
$smartyproxiesindex++;
}
$smarty->assign("proxies", $smartyproxies);
}
}
global $defaultRequestStateKey;
// TODO: remove me and replace with call in the template directly
$smarty->assign("isprotected", $request->isProtected());
$smarty->assign("defaultstate", $defaultRequestStateKey);
$smarty->assign("requeststates", $availableRequestStates);
try {
$spoofs = $antispoofProvider->getSpoofs($request->getName());
} catch (Exception $ex) {
$spoofs = $ex->getMessage();
}
$smarty->assign("spoofs", $spoofs);
// START LOG DISPLAY
$logs = Logger::getRequestLogsWithComments($request->getId(), $request->getDatabase());
$requestLogs = array();
if (trim($request->getComment()) !== "") {
$requestLogs[] = array('type' => 'comment', 'security' => 'user', 'userid' => null, 'user' => $request->getName(), 'entry' => null, 'time' => $request->getDate(), 'canedit' => false, 'id' => $request->getId(), 'comment' => $request->getComment());
}
$namecache = array();
$editableComments = false;
if (User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
$editableComments = true;
}
foreach ($logs as $entry) {
// both log and comment have a 'user' field
if (!array_key_exists($entry->getUser(), $namecache)) {
$namecache[$entry->getUser()] = $entry->getUserObject();
}
if ($entry instanceof Comment) {
$requestLogs[] = array('type' => 'comment', 'security' => $entry->getVisibility(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'entry' => null, 'time' => $entry->getTime(), 'canedit' => $editableComments || $entry->getUser() == User::getCurrent()->getId(), 'id' => $entry->getId(), 'comment' => $entry->getComment());
}
if ($entry instanceof Log) {
$requestLogs[] = array('type' => 'log', 'security' => 'user', 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'entry' => Logger::getLogDescription($entry), 'time' => $entry->getTimestamp(), 'canedit' => false, 'id' => $entry->getId(), 'comment' => $entry->getComment());
}
}
$smarty->assign("requestLogs", $requestLogs);
// START OTHER REQUESTS BY IP AND EMAIL STUFF
// Displays other requests from this ip.
// assign to user
$userListQuery = "SELECT username FROM user WHERE status = 'User' or status = 'Admin';";
$userListResult = gGetDb()->query($userListQuery);
$userListData = $userListResult->fetchAll(PDO::FETCH_COLUMN);
$userListProcessedData = array();
foreach ($userListData as $userListItem) {
$userListProcessedData[] = "\"" . htmlentities($userListItem) . "\"";
}
$userList = '[' . implode(",", $userListProcessedData) . ']';
$smarty->assign("jsuserlist", $userList);
// end: assign to user
// TODO: refactor this!
$createreasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED);
$smarty->assign("createreasons", $createreasons);
$declinereasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED);
$smarty->assign("declinereasons", $declinereasons);
$allcreatereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED);
$smarty->assign("allcreatereasons", $allcreatereasons);
$alldeclinereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED);
$smarty->assign("alldeclinereasons", $alldeclinereasons);
$allotherreasons = EmailTemplate::getAllActiveTemplates(false);
$smarty->assign("allotherreasons", $allotherreasons);
return $smarty->fetch("request-zoom.tpl");
}
$r->setDatabase(gGetDb());
}
$smarty->assign("term", $term);
$smarty->assign("requests", $requests);
$target = "IP address";
$smarty->assign("target", $target);
$smarty->display("search/searchresult.tpl");
} elseif ($_GET['type'] == 'Request') {
$qterm = '%' . $term . '%';
$statement = gGetDb()->prepare("SELECT * FROM request WHERE name LIKE :term;");
$statement->bindValue(":term", $qterm);
$statement->execute();
$requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request");
foreach ($requests as $r) {
$r->setDatabase(gGetDb());
}
$smarty->assign("term", $term);
$smarty->assign("requests", $requests);
$target = "requested name";
$smarty->assign("target", $target);
$smarty->display("search/searchresult.tpl");
} else {
BootstrapSkin::displayAlertBox("Unknown search type", "alert-error", "Error");
$smarty->display("search/searchform.tpl");
BootstrapSkin::displayInternalFooter();
die;
}
} else {
$smarty->display("search/searchform.tpl");
}
BootstrapSkin::displayInternalFooter();
$emailTemplate->setText($_POST['text']);
$emailTemplate->setJsquestion($_POST['jsquestion']);
if ($_GET['edit'] == $createdid) {
// Both checkboxes on the main created message should always be enabled.
$emailTemplate->setDefaultAction(EmailTemplate::CREATED);
$emailTemplate->setActive(1);
$emailTemplate->setPreloadOnly(0);
} else {
$emailTemplate->setDefaultAction($_POST['defaultaction']);
$emailTemplate->setActive(isset($_POST['active']));
$emailTemplate->setPreloadOnly(isset($_POST['preloadonly']));
}
// Check if the entered name already exists (since these names are going to be used as the labels for buttons on the zoom page).
$nameCheck = EmailTemplate::getByName($_POST['name'], gGetDb());
if ($nameCheck != false && $nameCheck->getId() != $_GET['edit']) {
BootstrapSkin::displayAlertBox("That Email template name is already being used. Please choose another.");
BootstrapSkin::displayInternalFooter();
die;
}
$database->transactionally(function () use($database, $emailTemplate) {
$emailTemplate->save();
Logger::editedEmail($database, $emailTemplate);
global $baseurl;
Notification::emailEdited($emailTemplate);
SessionAlert::success("Email template has been saved successfully.");
header("Location: {$baseurl}/acc.php?action=emailmgmt");
});
die;
}
$emailTemplate = EmailTemplate::getById($_GET['edit'], gGetDb());
$smarty->assign('id', $emailTemplate->getId());
require_once 'functions.php';
require_once 'includes/PdoDatabase.php';
require_once 'includes/SmartyInit.php';
// this needs to be high up, but below config, functions, and database
$user = User::getByRequestToken($_GET['oauth_token'], gGetDb());
if ($user == false) {
BootstrapSkin::displayInternalHeader();
BootstrapSkin::displayAlertBox("Could not find request token in local store.", "alert-error", "Error", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
global $oauthConsumerToken, $oauthSecretToken, $oauthBaseUrl, $oauthBaseUrlInternal;
$util = new OAuthUtility($oauthConsumerToken, $oauthSecretToken, $oauthBaseUrl, $oauthBaseUrlInternal);
try {
$result = $util->callbackCompleted($user->getOAuthRequestToken(), $user->getOAuthRequestSecret(), $_GET['oauth_verifier']);
} catch (Exception $exception) {
BootstrapSkin::displayInternalHeader();
BootstrapSkin::displayAlertBox("OAuth Error: {$exception->getMessage()}", "alert-error", "OAuth Error", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
$user->setOAuthAccessToken($result->key);
$user->setOAuthAccessSecret($result->secret);
$user->setOnWikiName("##OAUTH##");
$user->save();
if ($user->getStatus() == "New") {
header("Location: ../acc.php?action=registercomplete");
die;
}
header("Location: ../acc.php?action=prefs");
die;
public function getAlertBox()
{
return BootstrapSkin::displayAlertBox($this->message, $this->type, $this->title, $this->block, $this->closable, true);
}
BootstrapSkin::displayInternalFooter();
die;
}
$database->commit();
}
BootstrapSkin::displayInternalFooter();
die;
}
#endregion
// --------------------- USER MANAGEMENT MAIN PAGE -----------------------------------------
echo <<<HTML
<div class="page-header">
<h1>User Management<small> Approve, suspend, promote, demote, etc. <a class="btn btn-primary" href="?showall"><i class="icon-white icon-eye-open"></i> Show all</a></small></h1>
</div>
HTML;
BootstrapSkin::displayAlertBox("If it says you can do it, you can do it. Please use this responsibly.", "alert-warning", "This interface is NOT a toy.", true, false);
// assign to user
$userListData = User::getAllUsernames(gGetDb());
$smarty->assign("jsuserlist", $userListData);
$smartydatalist = $smarty->fetch("usermanagement/jsuserlist.tpl");
echo <<<HTML
<div class="row-fluid">
<form class="form-search">
<input type="text" class="input-large" placeholder="Jump to user" {$smartydatalist} name="usersearch">
<button type="submit" class="btn">Search</button>
</form>
</div>
HTML;
/**
* CURRENTLY UNUSED!!
*
