/**
* Check the user's security level on page load, and bounce accordingly
*
* @deprecated
*/
public function checksecurity()
{
global $secure, $smarty;
// CommunityUser has no database row, and we really don't want CommunityUser to have oauth credentials...
if (!User::getCurrent()->isCommunityUser()) {
if (User::getCurrent()->getStoredOnWikiName() == "##OAUTH##" && User::getCurrent()->getOAuthAccessToken() == null) {
reattachOAuthAccount(User::getCurrent());
}
if (User::getCurrent()->isOAuthLinked()) {
try {
// test retrieval of the identity
User::getCurrent()->getOAuthIdentity();
} catch (TransactionException $ex) {
User::getCurrent()->setOAuthAccessToken(null);
User::getCurrent()->setOAuthAccessSecret(null);
User::getCurrent()->save();
reattachOAuthAccount(User::getCurrent());
}
} else {
global $enforceOAuth;
if ($enforceOAuth) {
reattachOAuthAccount(User::getCurrent());
}
}
}
if (User::getCurrent()->isNew()) {
BootstrapSkin::displayAlertBox("I'm sorry, but, your account has not been approved by a site administrator yet. Please stand by.", "alert-error", "New account", true, false);
BootstrapSkin::displayInternalFooter();
die;
} elseif (User::getCurrent()->isSuspended()) {
$database = gGetDb();
$suspendstatement = $database->prepare(<<<SQL
SELECT comment
FROM log
WHERE action = 'Suspended' AND objectid = :userid and objecttype = 'User'
ORDER BY timestamp DESC
LIMIT 1;
SQL
);
$suspendstatement->bindValue(":userid", User::getCurrent()->getId());
$suspendstatement->execute();
$suspendreason = $suspendstatement->fetchColumn();
$suspendstatement->closeCursor();
$smarty->assign("suspendreason", $suspendreason);
$smarty->display("login/suspended.tpl");
BootstrapSkin::displayInternalFooter();
die;
} elseif (User::getCurrent()->isDeclined()) {
$database = gGetDb();
$suspendstatement = $database->prepare(<<<SQL
SELECT comment
FROM log
WHERE action = 'Declined' AND objectid = :userid and objecttype = 'User'
ORDER BY timestamp DESC
LIMIT 1;
SQL
);
$suspendstatement->bindValue(":userid", User::getCurrent()->getId());
$suspendstatement->execute();
$suspendreason = $suspendstatement->fetchColumn();
$suspendstatement->closeCursor();
$smarty->assign("suspendreason", $suspendreason);
$smarty->display("login/declined.tpl");
BootstrapSkin::displayInternalFooter();
die;
} elseif (!User::getCurrent()->isCommunityUser() && (User::getCurrent()->isUser() || User::getCurrent()->isAdmin())) {
$secure = 1;
} else {
//die("Not logged in!");
}
}
/**
* Shows the statistics page.
*/
public function Show()
{
// Get the needed objects.
// fetch and show page header
global $dontUseWikiDb;
BootstrapSkin::displayInternalHeader();
if ($this->requiresWikiDatabase() && $dontUseWikiDb == 1) {
// wiki database unavailable, don't show stats page
BootstrapSkin::displayAlertBox("This statistics page is currently unavailable.", "alert-error", "Database unavailable", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
// wiki database available OR stats page doesn't need wiki database
// check protection level
if ($this->isProtected()) {
if (User::getCurrent()->isCommunityUser()) {
showlogin();
BootstrapSkin::displayInternalFooter();
die;
}
$session = new session();
$session->checksecurity();
}
// not protected or access allowed
echo '<div class="page-header"><h1>' . $this->getPageTitle() . '</h1></div>';
if ($this->requiresSimpleHtmlEnvironment()) {
echo '<div class="row-fluid"><div class="span12">';
BootstrapSkin::pushTagStack("</div>");
BootstrapSkin::pushTagStack("</div>");
}
echo $this->execute();
// Display the footer of the interface.
BootstrapSkin::displayInternalFooter();
}
/**
* Shows the statistics page.
*/
public function Show()
{
// Get the needed objects.
// fetch and show page header
global $dontUseWikiDb, $session;
BootstrapSkin::displayInternalHeader();
if ($this->requiresWikiDatabase() && $dontUseWikiDb == 1) {
// wiki database unavailable, don't show stats page
BootstrapSkin::displayAlertBox("This statistics page is currently unavailable.", "alert-error", "Database unavailable", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
// wiki database available OR stats page doesn't need wiki database
// check protection level
if ($this->isProtected()) {
// protected, check accesslevel.
$sessionuser = isset($_SESSION['user']) ? $_SESSION['user'] : "";
if (!($session->hasright($sessionuser, "Admin") || $session->hasright($sessionuser, "User"))) {
// not authed
showlogin();
BootstrapSkin::displayInternalFooter();
die;
}
}
// not protected or access allowed
echo '<div class="page-header"><h1>' . $this->getPageTitle() . '</h1></div>';
if ($this->requiresSimpleHtmlEnvironment()) {
echo '<div class="row-fluid"><div class="span12">';
BootstrapSkin::pushTagStack("</div>");
BootstrapSkin::pushTagStack("</div>");
}
echo $this->execute();
// Display the footer of the interface.
BootstrapSkin::displayInternalFooter();
}
/**
* Summary of transactionally
* @param Closure $method
*/
public function transactionally($method)
{
if (!$this->beginTransaction()) {
BootstrapSkin::displayAlertBox("Error starting database transaction.", "alert-error", "Database transaction error", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
try {
$method();
$this->commit();
} catch (TransactionException $ex) {
$this->rollBack();
BootstrapSkin::displayAlertBox($ex->getMessage(), $ex->getAlertType(), $ex->getTitle(), true, false);
// TODO: yuk.
if (defined("PUBLICMODE")) {
BootstrapSkin::displayPublicFooter();
} else {
BootstrapSkin::displayInternalFooter();
}
die;
}
}
function zoomPage($id, $urlhash)
{
global $session, $availableRequestStates, $createdid;
global $smarty, $locationProvider, $rdnsProvider, $antispoofProvider;
global $xffTrustProvider, $enableEmailConfirm;
$database = gGetDb();
$request = Request::getById($id, $database);
if ($request == false) {
// Notifies the user and stops the script.
BootstrapSkin::displayAlertBox("Could not load the requested request!", "alert-error", "Error", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
$smarty->assign('ecenable', $enableEmailConfirm);
if (isset($_GET['ecoverride']) && User::getCurrent()->isAdmin()) {
$smarty->assign('ecoverride', true);
} else {
$smarty->assign('ecoverride', false);
}
$smarty->assign('request', $request);
$smarty->assign("usernamerawunicode", html_entity_decode($request->getName()));
$smarty->assign("iplocation", $locationProvider->getIpLocation($request->getTrustedIp()));
$createdreason = EmailTemplate::getById($createdid, gGetDb());
$smarty->assign("createdEmailTemplate", $createdreason);
#region setup whether data is viewable or not
$viewableDataStatement = $database->prepare(<<<SQL
SELECT COUNT(*)
FROM request
WHERE
(
email = :email
OR ip = :trustedIp
OR forwardedip LIKE :trustedProxy
)
AND reserved = :reserved
AND emailconfirm = 'Confirmed'
AND status != 'Closed';
SQL
);
$viewableDataStatement->bindValue(":email", $request->getEmail());
$viewableDataStatement->bindValue(":reserved", User::getCurrent()->getId());
$viewableDataStatement->bindValue(":trustedIp", $request->getTrustedIp());
$viewableDataStatement->bindValue(":trustedProxy", '%' . $request->getTrustedIp() . '%');
$viewableDataStatement->execute();
$viewableData = $viewableDataStatement->fetchColumn();
$viewableDataStatement->closeCursor();
$hideinfo = $viewableData == 0;
#endregion
if ($request->getStatus() == "Closed") {
$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp() . microtime());
//If the request is closed, change the hash based on microseconds similar to the checksums.
$smarty->assign("isclosed", true);
} else {
$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp());
$smarty->assign("isclosed", false);
}
$smarty->assign("hash", $hash);
if ($hash == $urlhash) {
$correcthash = true;
} else {
$correcthash = false;
}
$smarty->assign("showinfo", false);
if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
$smarty->assign("showinfo", true);
}
// force to not show, overriden later
$smarty->assign("proxyip", "");
if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
$smarty->assign("proxyip", $request->getForwardedIp());
if ($request->getForwardedIp()) {
$smartyproxies = array();
// Initialize array to store data to be output in Smarty template.
$smartyproxiesindex = 0;
$proxies = explode(",", $request->getForwardedIp());
$proxies[] = $request->getIp();
$origin = $proxies[0];
$smarty->assign("origin", $origin);
$proxies = array_reverse($proxies);
$trust = true;
global $rfc1918ips;
foreach ($proxies as $proxynum => $p) {
$p2 = trim($p);
$smartyproxies[$smartyproxiesindex]['ip'] = $p2;
// get data on this IP.
$trusted = $xffTrustProvider->isTrusted($p2);
$ipisprivate = ipInRange($rfc1918ips, $p2);
if (!$ipisprivate) {
$iprdns = $rdnsProvider->getRdns($p2);
$iplocation = $locationProvider->getIpLocation($p2);
} else {
// this is going to fail, so why bother trying?
$iprdns = false;
$iplocation = false;
}
// current trust chain status BEFORE this link
$pretrust = $trust;
// is *this* link trusted?
$smartyproxies[$smartyproxiesindex]['trustedlink'] = $trusted;
// current trust chain status AFTER this link
$trust = $trust & $trusted;
if ($pretrust && $p2 == $origin) {
$trust = true;
}
$smartyproxies[$smartyproxiesindex]['trust'] = $trust;
$smartyproxies[$smartyproxiesindex]['rdnsfailed'] = $iprdns === false;
$smartyproxies[$smartyproxiesindex]['rdns'] = $iprdns;
$smartyproxies[$smartyproxiesindex]['routable'] = !$ipisprivate;
$smartyproxies[$smartyproxiesindex]['location'] = $iplocation;
if ($iprdns == $p2 && $ipisprivate == false) {
$smartyproxies[$smartyproxiesindex]['rdns'] = null;
}
$smartyproxies[$smartyproxiesindex]['showlinks'] = (!$trust || $p2 == $origin) && !$ipisprivate;
$smartyproxiesindex++;
}
$smarty->assign("proxies", $smartyproxies);
}
}
global $defaultRequestStateKey;
// TODO: remove me and replace with call in the template directly
$smarty->assign("isprotected", $request->isProtected());
$smarty->assign("defaultstate", $defaultRequestStateKey);
$smarty->assign("requeststates", $availableRequestStates);
try {
$spoofs = $antispoofProvider->getSpoofs($request->getName());
} catch (Exception $ex) {
$spoofs = $ex->getMessage();
}
$smarty->assign("spoofs", $spoofs);
// START LOG DISPLAY
$logs = Logger::getRequestLogsWithComments($request->getId(), $request->getDatabase());
$requestLogs = array();
if (trim($request->getComment()) !== "") {
$requestLogs[] = array('type' => 'comment', 'security' => 'user', 'userid' => null, 'user' => $request->getName(), 'entry' => null, 'time' => $request->getDate(), 'canedit' => false, 'id' => $request->getId(), 'comment' => $request->getComment());
}
$namecache = array();
$editableComments = false;
if (User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
$editableComments = true;
}
foreach ($logs as $entry) {
// both log and comment have a 'user' field
if (!array_key_exists($entry->getUser(), $namecache)) {
$namecache[$entry->getUser()] = $entry->getUserObject();
}
if ($entry instanceof Comment) {
$requestLogs[] = array('type' => 'comment', 'security' => $entry->getVisibility(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'entry' => null, 'time' => $entry->getTime(), 'canedit' => $editableComments || $entry->getUser() == User::getCurrent()->getId(), 'id' => $entry->getId(), 'comment' => $entry->getComment());
}
if ($entry instanceof Log) {
$requestLogs[] = array('type' => 'log', 'security' => 'user', 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'entry' => Logger::getLogDescription($entry), 'time' => $entry->getTimestamp(), 'canedit' => false, 'id' => $entry->getId(), 'comment' => $entry->getComment());
}
}
$smarty->assign("requestLogs", $requestLogs);
// START OTHER REQUESTS BY IP AND EMAIL STUFF
// Displays other requests from this ip.
// assign to user
$userListQuery = "SELECT username FROM user WHERE status = 'User' or status = 'Admin';";
$userListResult = gGetDb()->query($userListQuery);
$userListData = $userListResult->fetchAll(PDO::FETCH_COLUMN);
$userListProcessedData = array();
foreach ($userListData as $userListItem) {
$userListProcessedData[] = "\"" . htmlentities($userListItem) . "\"";
}
$userList = '[' . implode(",", $userListProcessedData) . ']';
$smarty->assign("jsuserlist", $userList);
// end: assign to user
// TODO: refactor this!
$createreasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED);
$smarty->assign("createreasons", $createreasons);
$declinereasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED);
$smarty->assign("declinereasons", $declinereasons);
$allcreatereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED);
$smarty->assign("allcreatereasons", $allcreatereasons);
$alldeclinereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED);
$smarty->assign("alldeclinereasons", $alldeclinereasons);
$allotherreasons = EmailTemplate::getAllActiveTemplates(false);
$smarty->assign("allotherreasons", $allotherreasons);
return $smarty->fetch("request-zoom.tpl");
}
}
$smarty->assign("term", $term);
$smarty->assign("requests", $requests);
$target = "IP address";
$smarty->assign("target", $target);
$smarty->display("search/searchresult.tpl");
} elseif ($_GET['type'] == 'Request') {
$qterm = '%' . $term . '%';
$statement = gGetDb()->prepare("SELECT * FROM request WHERE name LIKE :term;");
$statement->bindValue(":term", $qterm);
$statement->execute();
$requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request");
foreach ($requests as $r) {
$r->setDatabase(gGetDb());
}
$smarty->assign("term", $term);
$smarty->assign("requests", $requests);
$target = "requested name";
$smarty->assign("target", $target);
$smarty->display("search/searchresult.tpl");
} else {
BootstrapSkin::displayAlertBox("Unknown search type", "alert-error", "Error");
$smarty->display("search/searchform.tpl");
BootstrapSkin::displayInternalFooter();
die;
}
} else {
$smarty->display("search/searchform.tpl");
}
BootstrapSkin::displayInternalFooter();
$smarty->assign("userlist", $result);
$smarty->display("usermanagement/userlist.tpl");
echo '</div></div></div>';
if (isset($_GET['showall'])) {
echo <<<HTML
<div class="accordion-group">
<div class="accordion-heading">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion2" href="#collapseFive">Suspended accounts</a>
</div>
<div id="collapseFive" class="accordion-body collapse"><div class="accordion-inner">
HTML;
$result = User::getAllWithStatus("Suspended", $database);
$smarty->assign("userlist", $result);
$smarty->display("usermanagement/userlist.tpl");
echo <<<HTML
</div>
</div></div>
<div class="accordion-group">
<div class="accordion-heading">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion2" href="#collapseSix">Declined accounts</a>
</div>
<div id="collapseSix" class="accordion-body collapse"><div class="accordion-inner">
HTML;
$result = User::getAllWithStatus("Declined", $database);
$smarty->assign("userlist", $result);
$smarty->display("usermanagement/userlist.tpl");
echo "</div></div></div>";
}
BootstrapSkin::displayInternalFooter($tailscript);
die;
