/** * Check the user's security level on page load, and bounce accordingly * * @deprecated */ public function checksecurity() { global $secure, $smarty; // CommunityUser has no database row, and we really don't want CommunityUser to have oauth credentials... if (!User::getCurrent()->isCommunityUser()) { if (User::getCurrent()->getStoredOnWikiName() == "##OAUTH##" && User::getCurrent()->getOAuthAccessToken() == null) { reattachOAuthAccount(User::getCurrent()); } if (User::getCurrent()->isOAuthLinked()) { try { // test retrieval of the identity User::getCurrent()->getOAuthIdentity(); } catch (TransactionException $ex) { User::getCurrent()->setOAuthAccessToken(null); User::getCurrent()->setOAuthAccessSecret(null); User::getCurrent()->save(); reattachOAuthAccount(User::getCurrent()); } } else { global $enforceOAuth; if ($enforceOAuth) { reattachOAuthAccount(User::getCurrent()); } } } if (User::getCurrent()->isNew()) { BootstrapSkin::displayAlertBox("I'm sorry, but, your account has not been approved by a site administrator yet. Please stand by.", "alert-error", "New account", true, false); BootstrapSkin::displayInternalFooter(); die; } elseif (User::getCurrent()->isSuspended()) { $database = gGetDb(); $suspendstatement = $database->prepare(<<<SQL SELECT comment FROM log WHERE action = 'Suspended' AND objectid = :userid and objecttype = 'User' ORDER BY timestamp DESC LIMIT 1; SQL ); $suspendstatement->bindValue(":userid", User::getCurrent()->getId()); $suspendstatement->execute(); $suspendreason = $suspendstatement->fetchColumn(); $suspendstatement->closeCursor(); $smarty->assign("suspendreason", $suspendreason); $smarty->display("login/suspended.tpl"); BootstrapSkin::displayInternalFooter(); die; } elseif (User::getCurrent()->isDeclined()) { $database = gGetDb(); $suspendstatement = $database->prepare(<<<SQL SELECT comment FROM log WHERE action = 'Declined' AND objectid = :userid and objecttype = 'User' ORDER BY timestamp DESC LIMIT 1; SQL ); $suspendstatement->bindValue(":userid", User::getCurrent()->getId()); $suspendstatement->execute(); $suspendreason = $suspendstatement->fetchColumn(); $suspendstatement->closeCursor(); $smarty->assign("suspendreason", $suspendreason); $smarty->display("login/declined.tpl"); BootstrapSkin::displayInternalFooter(); die; } elseif (!User::getCurrent()->isCommunityUser() && (User::getCurrent()->isUser() || User::getCurrent()->isAdmin())) { $secure = 1; } else { //die("Not logged in!"); } }
/** * Shows the statistics page. */ public function Show() { // Get the needed objects. // fetch and show page header global $dontUseWikiDb; BootstrapSkin::displayInternalHeader(); if ($this->requiresWikiDatabase() && $dontUseWikiDb == 1) { // wiki database unavailable, don't show stats page BootstrapSkin::displayAlertBox("This statistics page is currently unavailable.", "alert-error", "Database unavailable", true, false); BootstrapSkin::displayInternalFooter(); die; } // wiki database available OR stats page doesn't need wiki database // check protection level if ($this->isProtected()) { if (User::getCurrent()->isCommunityUser()) { showlogin(); BootstrapSkin::displayInternalFooter(); die; } $session = new session(); $session->checksecurity(); } // not protected or access allowed echo '<div class="page-header"><h1>' . $this->getPageTitle() . '</h1></div>'; if ($this->requiresSimpleHtmlEnvironment()) { echo '<div class="row-fluid"><div class="span12">'; BootstrapSkin::pushTagStack("</div>"); BootstrapSkin::pushTagStack("</div>"); } echo $this->execute(); // Display the footer of the interface. BootstrapSkin::displayInternalFooter(); }
/** * Shows the statistics page. */ public function Show() { // Get the needed objects. // fetch and show page header global $dontUseWikiDb, $session; BootstrapSkin::displayInternalHeader(); if ($this->requiresWikiDatabase() && $dontUseWikiDb == 1) { // wiki database unavailable, don't show stats page BootstrapSkin::displayAlertBox("This statistics page is currently unavailable.", "alert-error", "Database unavailable", true, false); BootstrapSkin::displayInternalFooter(); die; } // wiki database available OR stats page doesn't need wiki database // check protection level if ($this->isProtected()) { // protected, check accesslevel. $sessionuser = isset($_SESSION['user']) ? $_SESSION['user'] : ""; if (!($session->hasright($sessionuser, "Admin") || $session->hasright($sessionuser, "User"))) { // not authed showlogin(); BootstrapSkin::displayInternalFooter(); die; } } // not protected or access allowed echo '<div class="page-header"><h1>' . $this->getPageTitle() . '</h1></div>'; if ($this->requiresSimpleHtmlEnvironment()) { echo '<div class="row-fluid"><div class="span12">'; BootstrapSkin::pushTagStack("</div>"); BootstrapSkin::pushTagStack("</div>"); } echo $this->execute(); // Display the footer of the interface. BootstrapSkin::displayInternalFooter(); }
/** * Summary of transactionally * @param Closure $method */ public function transactionally($method) { if (!$this->beginTransaction()) { BootstrapSkin::displayAlertBox("Error starting database transaction.", "alert-error", "Database transaction error", true, false); BootstrapSkin::displayInternalFooter(); die; } try { $method(); $this->commit(); } catch (TransactionException $ex) { $this->rollBack(); BootstrapSkin::displayAlertBox($ex->getMessage(), $ex->getAlertType(), $ex->getTitle(), true, false); // TODO: yuk. if (defined("PUBLICMODE")) { BootstrapSkin::displayPublicFooter(); } else { BootstrapSkin::displayInternalFooter(); } die; } }
function zoomPage($id, $urlhash) { global $session, $availableRequestStates, $createdid; global $smarty, $locationProvider, $rdnsProvider, $antispoofProvider; global $xffTrustProvider, $enableEmailConfirm; $database = gGetDb(); $request = Request::getById($id, $database); if ($request == false) { // Notifies the user and stops the script. BootstrapSkin::displayAlertBox("Could not load the requested request!", "alert-error", "Error", true, false); BootstrapSkin::displayInternalFooter(); die; } $smarty->assign('ecenable', $enableEmailConfirm); if (isset($_GET['ecoverride']) && User::getCurrent()->isAdmin()) { $smarty->assign('ecoverride', true); } else { $smarty->assign('ecoverride', false); } $smarty->assign('request', $request); $smarty->assign("usernamerawunicode", html_entity_decode($request->getName())); $smarty->assign("iplocation", $locationProvider->getIpLocation($request->getTrustedIp())); $createdreason = EmailTemplate::getById($createdid, gGetDb()); $smarty->assign("createdEmailTemplate", $createdreason); #region setup whether data is viewable or not $viewableDataStatement = $database->prepare(<<<SQL SELECT COUNT(*) FROM request WHERE ( email = :email OR ip = :trustedIp OR forwardedip LIKE :trustedProxy ) AND reserved = :reserved AND emailconfirm = 'Confirmed' AND status != 'Closed'; SQL ); $viewableDataStatement->bindValue(":email", $request->getEmail()); $viewableDataStatement->bindValue(":reserved", User::getCurrent()->getId()); $viewableDataStatement->bindValue(":trustedIp", $request->getTrustedIp()); $viewableDataStatement->bindValue(":trustedProxy", '%' . $request->getTrustedIp() . '%'); $viewableDataStatement->execute(); $viewableData = $viewableDataStatement->fetchColumn(); $viewableDataStatement->closeCursor(); $hideinfo = $viewableData == 0; #endregion if ($request->getStatus() == "Closed") { $hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp() . microtime()); //If the request is closed, change the hash based on microseconds similar to the checksums. $smarty->assign("isclosed", true); } else { $hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp()); $smarty->assign("isclosed", false); } $smarty->assign("hash", $hash); if ($hash == $urlhash) { $correcthash = true; } else { $correcthash = false; } $smarty->assign("showinfo", false); if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) { $smarty->assign("showinfo", true); } // force to not show, overriden later $smarty->assign("proxyip", ""); if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) { $smarty->assign("proxyip", $request->getForwardedIp()); if ($request->getForwardedIp()) { $smartyproxies = array(); // Initialize array to store data to be output in Smarty template. $smartyproxiesindex = 0; $proxies = explode(",", $request->getForwardedIp()); $proxies[] = $request->getIp(); $origin = $proxies[0]; $smarty->assign("origin", $origin); $proxies = array_reverse($proxies); $trust = true; global $rfc1918ips; foreach ($proxies as $proxynum => $p) { $p2 = trim($p); $smartyproxies[$smartyproxiesindex]['ip'] = $p2; // get data on this IP. $trusted = $xffTrustProvider->isTrusted($p2); $ipisprivate = ipInRange($rfc1918ips, $p2); if (!$ipisprivate) { $iprdns = $rdnsProvider->getRdns($p2); $iplocation = $locationProvider->getIpLocation($p2); } else { // this is going to fail, so why bother trying? $iprdns = false; $iplocation = false; } // current trust chain status BEFORE this link $pretrust = $trust; // is *this* link trusted? $smartyproxies[$smartyproxiesindex]['trustedlink'] = $trusted; // current trust chain status AFTER this link $trust = $trust & $trusted; if ($pretrust && $p2 == $origin) { $trust = true; } $smartyproxies[$smartyproxiesindex]['trust'] = $trust; $smartyproxies[$smartyproxiesindex]['rdnsfailed'] = $iprdns === false; $smartyproxies[$smartyproxiesindex]['rdns'] = $iprdns; $smartyproxies[$smartyproxiesindex]['routable'] = !$ipisprivate; $smartyproxies[$smartyproxiesindex]['location'] = $iplocation; if ($iprdns == $p2 && $ipisprivate == false) { $smartyproxies[$smartyproxiesindex]['rdns'] = null; } $smartyproxies[$smartyproxiesindex]['showlinks'] = (!$trust || $p2 == $origin) && !$ipisprivate; $smartyproxiesindex++; } $smarty->assign("proxies", $smartyproxies); } } global $defaultRequestStateKey; // TODO: remove me and replace with call in the template directly $smarty->assign("isprotected", $request->isProtected()); $smarty->assign("defaultstate", $defaultRequestStateKey); $smarty->assign("requeststates", $availableRequestStates); try { $spoofs = $antispoofProvider->getSpoofs($request->getName()); } catch (Exception $ex) { $spoofs = $ex->getMessage(); } $smarty->assign("spoofs", $spoofs); // START LOG DISPLAY $logs = Logger::getRequestLogsWithComments($request->getId(), $request->getDatabase()); $requestLogs = array(); if (trim($request->getComment()) !== "") { $requestLogs[] = array('type' => 'comment', 'security' => 'user', 'userid' => null, 'user' => $request->getName(), 'entry' => null, 'time' => $request->getDate(), 'canedit' => false, 'id' => $request->getId(), 'comment' => $request->getComment()); } $namecache = array(); $editableComments = false; if (User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) { $editableComments = true; } foreach ($logs as $entry) { // both log and comment have a 'user' field if (!array_key_exists($entry->getUser(), $namecache)) { $namecache[$entry->getUser()] = $entry->getUserObject(); } if ($entry instanceof Comment) { $requestLogs[] = array('type' => 'comment', 'security' => $entry->getVisibility(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'entry' => null, 'time' => $entry->getTime(), 'canedit' => $editableComments || $entry->getUser() == User::getCurrent()->getId(), 'id' => $entry->getId(), 'comment' => $entry->getComment()); } if ($entry instanceof Log) { $requestLogs[] = array('type' => 'log', 'security' => 'user', 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'entry' => Logger::getLogDescription($entry), 'time' => $entry->getTimestamp(), 'canedit' => false, 'id' => $entry->getId(), 'comment' => $entry->getComment()); } } $smarty->assign("requestLogs", $requestLogs); // START OTHER REQUESTS BY IP AND EMAIL STUFF // Displays other requests from this ip. // assign to user $userListQuery = "SELECT username FROM user WHERE status = 'User' or status = 'Admin';"; $userListResult = gGetDb()->query($userListQuery); $userListData = $userListResult->fetchAll(PDO::FETCH_COLUMN); $userListProcessedData = array(); foreach ($userListData as $userListItem) { $userListProcessedData[] = "\"" . htmlentities($userListItem) . "\""; } $userList = '[' . implode(",", $userListProcessedData) . ']'; $smarty->assign("jsuserlist", $userList); // end: assign to user // TODO: refactor this! $createreasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED); $smarty->assign("createreasons", $createreasons); $declinereasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED); $smarty->assign("declinereasons", $declinereasons); $allcreatereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED); $smarty->assign("allcreatereasons", $allcreatereasons); $alldeclinereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED); $smarty->assign("alldeclinereasons", $alldeclinereasons); $allotherreasons = EmailTemplate::getAllActiveTemplates(false); $smarty->assign("allotherreasons", $allotherreasons); return $smarty->fetch("request-zoom.tpl"); }
} $smarty->assign("term", $term); $smarty->assign("requests", $requests); $target = "IP address"; $smarty->assign("target", $target); $smarty->display("search/searchresult.tpl"); } elseif ($_GET['type'] == 'Request') { $qterm = '%' . $term . '%'; $statement = gGetDb()->prepare("SELECT * FROM request WHERE name LIKE :term;"); $statement->bindValue(":term", $qterm); $statement->execute(); $requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request"); foreach ($requests as $r) { $r->setDatabase(gGetDb()); } $smarty->assign("term", $term); $smarty->assign("requests", $requests); $target = "requested name"; $smarty->assign("target", $target); $smarty->display("search/searchresult.tpl"); } else { BootstrapSkin::displayAlertBox("Unknown search type", "alert-error", "Error"); $smarty->display("search/searchform.tpl"); BootstrapSkin::displayInternalFooter(); die; } } else { $smarty->display("search/searchform.tpl"); } BootstrapSkin::displayInternalFooter();
$smarty->assign("userlist", $result); $smarty->display("usermanagement/userlist.tpl"); echo '</div></div></div>'; if (isset($_GET['showall'])) { echo <<<HTML <div class="accordion-group"> <div class="accordion-heading"> <a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion2" href="#collapseFive">Suspended accounts</a> </div> <div id="collapseFive" class="accordion-body collapse"><div class="accordion-inner"> HTML; $result = User::getAllWithStatus("Suspended", $database); $smarty->assign("userlist", $result); $smarty->display("usermanagement/userlist.tpl"); echo <<<HTML </div> </div></div> <div class="accordion-group"> <div class="accordion-heading"> <a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion2" href="#collapseSix">Declined accounts</a> </div> <div id="collapseSix" class="accordion-body collapse"><div class="accordion-inner"> HTML; $result = User::getAllWithStatus("Declined", $database); $smarty->assign("userlist", $result); $smarty->display("usermanagement/userlist.tpl"); echo "</div></div></div>"; } BootstrapSkin::displayInternalFooter($tailscript); die;