Exemple #1
0
 /**
  * Return tag cloud
  *
  * @param array $tags key = tag, val = (quantity, id, size)
  * @return string html
  */
 function tagcloud($tags)
 {
     $html = '';
     if ($tags) {
         foreach ($tags as $key => $val) {
             $url = suxFunct::makeURL('/blog/tag/' . $val['id']);
             $html .= "<a href='{$url}' style='font-size: {$val['size']}%;' class='tag' >{$key}</a> <span class='quantity' >({$val['quantity']})</span> ";
         }
     }
     return $html;
 }
Exemple #2
0
 /**
  * Build the form and show the template
  *
  * @param array $dirty reference to unverified $_POST
  */
 function formBuild(&$dirty)
 {
     $photoalbum = array();
     // Editing a photoalbum
     $tmp = $this->photo->getAlbumByID($this->id);
     if (!$tmp) {
         suxFunct::redirect(suxFunct::makeURL('/photos'));
     }
     // Invalid id
     $photoalbum['id'] = $tmp['id'];
     $photoalbum['cover'] = $tmp['thumbnail'];
     // Don't allow spoofing
     unset($dirty['id']);
     $this->tpl->assign($photoalbum);
     // --------------------------------------------------------------------
     // Form logic
     // --------------------------------------------------------------------
     if (!empty($dirty)) {
         $this->tpl->assign($dirty);
     } else {
         suxValidate::disconnect();
     }
     if (!suxValidate::is_registered_form()) {
         suxValidate::connect($this->tpl, true);
         // Reset connection
         // Register our validators
         suxValidate::register_validator('integrity', 'integrity:id', 'hasIntegrity');
     }
     // --------------------------------------------------------------------
     // Templating
     // --------------------------------------------------------------------
     // Start pager
     $this->pager->limit = $this->per_page;
     $this->pager->setStart();
     $this->pager->setPages($this->photo->countPhotos($this->id));
     $this->r->text['pager'] = $this->pager->pageList(suxFunct::makeUrl("/photos/album/annotate/{$this->id}"));
     $this->r->arr['photos'] = $this->photo->getPhotos($this->pager->limit, $this->pager->start, $this->id);
     $this->r->text['form_url'] = suxFunct::makeUrl('/photos/album/annotate/' . $this->id, array('page' => $_GET['page']));
     $this->r->text['back_url'] = suxFunct::getPreviousURL();
     $this->r->title .= " | {$this->r->gtext['annotate_2']}";
     $this->tpl->display('annotate.tpl');
 }
Exemple #3
0
 /**
  * Constructor
  *
  * @param int $id message id
  */
 function __construct($id = null)
 {
     // Declare objects
     $this->nb = new suxUserNaiveBayesian();
     $this->msg = new suxThreadedMessages();
     $this->r = new blogRenderer($this->module);
     // Renderer
     suxValidate::register_object('this', $this);
     // Register self to validator
     parent::__construct();
     // Let the parent do the rest
     // Declare properties
     $this->msg->setPublished(null);
     if ($id) {
         if (!filter_var($id, FILTER_VALIDATE_INT) || $id < 1) {
             suxFunct::redirect(suxFunct::makeURL('/blog'));
         }
         // Invalid id
     }
     // Redirect if not logged in
     if (empty($_SESSION['users_id'])) {
         suxFunct::redirect(suxFunct::makeUrl('/user/register'));
     }
     // Security check
     if (!$this->user->isRoot()) {
         $access = $this->user->getAccess($this->module);
         if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['admin']) {
             if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['publisher']) {
                 suxFunct::redirect(suxFunct::makeUrl('/blog'));
             }
             // Verfiy that we are allowed to edit this
             if (filter_var($id, FILTER_VALIDATE_INT)) {
                 $tmp = $this->msg->getByID($id);
                 if ($tmp['users_id'] != $_SESSION['users_id']) {
                     suxFunct::redirect(suxFunct::makeUrl('/blog'));
                 }
             }
         }
     }
     // Assign id:
     $this->id = $id;
 }
Exemple #4
0
 /**
  * Constructor
  *
  * @param int $id message id
  */
 function __construct($id = null)
 {
     // Declare objects
     $this->bm = new suxBookmarks();
     $this->r = new bookmarksRenderer($this->module);
     // Renderer
     suxValidate::register_object('this', $this);
     // Register self to validator
     parent::__construct();
     // Let the parent do the rest
     // Declare properties
     $this->bm->setPublished(null);
     if ($id) {
         if (!filter_var($id, FILTER_VALIDATE_INT) || $id < 1) {
             suxFunct::redirect(suxFunct::makeURL('/bookmarks'));
         }
         // Invalid id
     }
     // Redirect if not logged in
     if (empty($_SESSION['users_id'])) {
         suxFunct::redirect(suxFunct::makeUrl('/user/register'));
     }
     // Check that the user is allowed to be here
     if (!$this->user->isRoot()) {
         $access = $this->user->getAccess($this->module);
         if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['admin']) {
             suxFunct::redirect(suxFunct::makeUrl('/bookmarks'));
         }
     }
     // This module can fallback on approve module
     foreach ($GLOBALS['CONFIG']['PREV_SKIP'] as $val) {
         if (mb_strpos($val, 'bookmarks/approve') === false) {
             $this->prev_skip[] = $val;
         }
     }
     // Assign id:
     $this->id = $id;
 }
Exemple #5
0
 /**
  * Constructor
  *
  * @param int $id album id
  */
 function __construct($id = null)
 {
     if ($id) {
         if (!filter_var($id, FILTER_VALIDATE_INT) || $id < 1) {
             suxFunct::redirect(suxFunct::makeURL('/photos'));
         }
         // Invalid id
     }
     // Declare objects
     $this->photo = new suxPhoto();
     // Photos
     $this->r = new photosRenderer($this->module);
     // Renderer
     suxValidate::register_object('this', $this);
     // Register self to validator
     parent::__construct();
     // Let the parent do the rest
     // Declare properties
     $this->photo->setPublished(null);
     $this->id = $id;
     // Redirect if not logged in
     if (empty($_SESSION['users_id'])) {
         suxFunct::redirect(suxFunct::makeUrl('/user/register'));
     }
     // Security check
     if (!$this->user->isRoot()) {
         $access = $this->user->getAccess($this->module);
         if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['admin']) {
             if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['publisher']) {
                 suxFunct::redirect(suxFunct::makeURL('/photos'));
             } elseif ($id) {
                 if (!$this->photo->isAlbumOwner($id, $_SESSION['users_id'])) {
                     suxFunct::redirect(suxFunct::makeURL('/photos'));
                 }
             }
         }
     }
 }
Exemple #6
0
 /**
  * Handle a consumer's request to see if the end user is logged in
  * @param bool $wait
  */
 private function checkid($wait)
 {
     $this->debug("checkid: wait? {$wait}");
     /* Get the OpenID Request Parameters */
     $identity = $_GET['openid_identity'];
     if (empty($identity)) {
         $this->errorGet('Missing identity');
     }
     $assoc_handle = null;
     if (!empty($_GET['openid_assoc_handle'])) {
         $assoc_handle = $_GET['openid_assoc_handle'];
     }
     $return_to = $_GET['openid_return_to'];
     if (empty($return_to)) {
         $this->error400('Missing return_to');
     }
     $trust_root = $return_to;
     if (!empty($_GET['openid_trust_root'])) {
         $trust_root = $_GET['openid_trust_root'];
     }
     $sreg_required = '';
     if (!empty($_GET['openid_sreg_required'])) {
         $sreg_required = $_GET['openid_sreg_required'];
     }
     $sreg_optional = '';
     if (!empty($_GET['openid_sreg_optional'])) {
         $sreg_optional = $_GET['openid_sreg_optional'];
     }
     // concatenate required and optional, if they want it we give it
     $sreg_requested = $sreg_required . ',' . $sreg_optional;
     // do the trust_root analysis
     if ($trust_root != $return_to) {
         // the urls are not the same, be sure return decends from trust
         if (!$this->urlDescends($return_to, $trust_root)) {
             $this->error500('Invalid trust_root: "' . $trust_root . '"');
         }
     }
     // Make sure i am this identifier
     if (!mb_strpos($identity, 'user/profile') || !$this->urlDescends(suxFunct::canonicalizeUrl($identity), suxFunct::canonicalizeUrl(suxFunct::makeURL('/', null, true)))) {
         $this->debug("Invalid identity: {$identity}");
         $this->debug("IdP URL: " . $this->profile['my_url']);
         $this->errorGet($return_to, "Invalid identity: '{$identity}'");
     }
     // Establish trust
     if ($this->user->loginCheck() && $this->checkTrusted($_SESSION['users_id'], $trust_root)) {
         // The user trusts this URL
         $_SESSION['openid_accepted_url'] = $trust_root;
     } else {
         if ($wait && (!session_is_registered('openid_accepted_url') || $_SESSION['openid_accepted_url'] != $trust_root)) {
             // checkid_setup_mode()
             $_SESSION['openid_cancel_accept_url'] = $return_to;
             $_SESSION['openid_post_accept_url'] = $this->profile['req_url'];
             $_SESSION['openid_unaccepted_url'] = $trust_root;
             $this->debug('Transferring to acceptance mode.');
             $this->debug('Cancel URL: ' . $_SESSION['openid_cancel_accept_url']);
             $this->debug('Post URL: ' . $_SESSION['openid_post_accept_url']);
             $q = mb_strpos($this->profile['my_url'], '?') ? '&' : '?';
             $this->wrapRefresh($this->profile['my_url'] . $q . 'openid.mode=accept');
         }
     }
     // begin setting up return keys
     $keys = array('mode' => 'id_res');
     // if the user is not logged in, transfer to the authorization mode
     if ($this->user->loginCheck() === false) {
         if ($wait) {
             unset($_SESSION['openid_uniqid']);
             $_SESSION['openid_cancel_auth_url'] = $return_to;
             $_SESSION['openid_post_auth_url'] = $this->profile['req_url'];
             $this->debug('Transferring to authorization mode.');
             $this->debug('Cancel URL: ' . $_SESSION['openid_cancel_auth_url']);
             $this->debug('Post URL: ' . $_SESSION['openid_post_auth_url']);
             $q = mb_strpos($this->profile['my_url'], '?') ? '&' : '?';
             $this->wrapRefresh($this->profile['my_url'] . $q . 'openid.mode=authorize');
         } else {
             $keys['user_setup_url'] = $this->profile['my_url'];
         }
     } else {
         // Trust URL
         if (isset($_SESSION['openid_always_trust']) && $_SESSION['openid_always_trust'] == 'yes') {
             $this->trustUrl($_SESSION['users_id'], $_SESSION['openid_accepted_url']);
         }
         // the user is logged in
         // remove the refresh URLs if set
         unset($_SESSION['openid_cancel_auth_url']);
         unset($_SESSION['openid_post_auth_url']);
         // check the assoc handle
         list($shared_secret, $expires) = $this->secret($assoc_handle);
         // if I can't verify the assoc_handle, or if it's expired
         if (!$shared_secret || is_numeric($expires) && $expires < time()) {
             $this->debug("Session expired or missing key: {$expires} < " . time());
             if ($assoc_handle != null) {
                 $keys['invalidate_handle'] = $assoc_handle;
                 $this->destroyAssocHandle($assoc_handle);
             }
             $lifetime = time() + $this->profile['lifetime'];
             list($assoc_handle, $shared_secret) = $this->newAssoc($lifetime);
         }
         // $keys['identity'] = $this->profile['my_url'];
         $keys['identity'] = suxFunct::makeUrl('/user/profile/' . $_SESSION['nickname'], null, true);
         $keys['assoc_handle'] = $assoc_handle;
         $keys['return_to'] = $return_to;
         $fields = array_keys($keys);
         $tokens = '';
         foreach ($fields as $key) {
             $tokens .= sprintf("%s:%s\n", $key, $keys[$key]);
         }
         // add sreg keys
         if ($this->user->loginCheck()) {
             $u = $this->user->getByID($_SESSION['users_id'], true);
             $sreg = @array('nickname' => $u['nickname'], 'email' => $u['email'], 'fullname' => "{$u['given_name']} {$u['family_name']}", 'dob' => $u['dob'], 'gender' => $u['gender'], 'postcode' => $u['postcode'], 'country' => $u['country'], 'language' => $u['language'], 'timezone' => $u['timezone']);
             // Unset empties
             foreach ($sreg as $key => $val) {
                 $val = trim($val);
                 if (empty($val)) {
                     unset($sreg[$key]);
                 }
             }
             // Sign keys
             foreach (explode(',', $sreg_requested) as $key) {
                 $skey = 'sreg.' . $key;
                 if (!empty($sreg[$key])) {
                     $tokens .= sprintf("%s:%s\n", $skey, $sreg[$key]);
                     $keys[$skey] = $sreg[$key];
                     $fields[] = $skey;
                 }
             }
         }
         $keys['signed'] = implode(',', $fields);
         $keys['sig'] = base64_encode(hash_hmac('sha1', $tokens, $shared_secret, true));
     }
     $this->wrapLocation($return_to, $keys);
 }
Exemple #7
0
 /**
  * Process the form
  *
  * @param array $clean reference to validated $_POST
  */
 function formProcess(&$clean)
 {
     if (!isset($_FILES['image']) || !is_uploaded_file($_FILES['image']['tmp_name'])) {
         throw new Exception('No file uploaded?');
     }
     // Check that the user is allowed to upload photos / Security check #2
     if (!$this->user->isRoot()) {
         $access = $this->user->getAccess($this->module);
         if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['admin']) {
             if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['publisher']) {
                 suxFunct::redirect(suxFunct::makeURL('/photos'));
             } elseif (!$this->photo->isAlbumOwner($clean['album'], $_SESSION['users_id'])) {
                 suxFunct::redirect(suxFunct::makeURL('/photos'));
             }
         }
     }
     // Commence collecting $photo array
     $photo['photoalbums_id'] = $clean['album'];
     // Get extension
     $format = explode('.', $_FILES['image']['name']);
     $format = strtolower(end($format));
     // Set the data dir
     $data_dir = suxFunct::dataDir($this->module);
     if ($format != 'zip') {
         // ----------------------------------------------------------------
         // Image file
         // ----------------------------------------------------------------
         list($resize, $fullsize) = suxPhoto::renameImage($_FILES['image']['name']);
         $photo['image'] = $resize;
         // Add image to $photo array
         $resize = $data_dir . "/{$resize}";
         $fullsize = $data_dir . "/{$fullsize}";
         $md5 = md5_file($_FILES['image']['tmp_name']);
         if (!$this->photo->isDupe($md5, $_SESSION['users_id'], $photo['photoalbums_id'])) {
             suxPhoto::resizeImage($format, $_FILES['image']['tmp_name'], $resize, $this->tpl->getConfigVars('thumbnailWidth'), $this->tpl->getConfigVars('thumbnailHeight'));
             move_uploaded_file($_FILES['image']['tmp_name'], $fullsize);
             // Insert $photo into database
             $photo['md5'] = $md5;
             $this->photo->savePhoto($_SESSION['users_id'], $photo);
         }
     } else {
         // ----------------------------------------------------------------
         // Zip file
         // ----------------------------------------------------------------
         $tmp_dir = $GLOBALS['CONFIG']['PATH'] . '/temporary/' . md5(uniqid(mt_rand(), true));
         if (!is_dir($tmp_dir) && !mkdir($tmp_dir, 0777, true)) {
             throw new Exception('Can\'t create temp dir ' . $tmp_dir);
         }
         if (suxFunct::unzip($_FILES['image']['tmp_name'], $tmp_dir)) {
             $valid_formats = array('jpg', 'jpeg', 'png', 'gif');
             $files = array();
             foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($tmp_dir)) as $file) {
                 if (!$file->isFile()) {
                     continue;
                 }
                 if (mb_strpos($file->getPathname(), '__MACOSX') !== false) {
                     continue;
                 }
                 $files[$file->getPathname()] = $file->getFilename();
             }
             foreach ($files as $filepath => $file) {
                 $format = explode('.', $file);
                 $format = strtolower(end($format));
                 if (!in_array($format, $valid_formats)) {
                     continue;
                 }
                 // Skip
                 list($resize, $fullsize) = suxPhoto::renameImage($file);
                 $photo['image'] = $resize;
                 // Add image to $photo array
                 $resize = $data_dir . "/{$resize}";
                 $fullsize = $data_dir . "/{$fullsize}";
                 $md5 = md5_file($filepath);
                 if (!$this->photo->isDupe($md5, $_SESSION['users_id'], $photo['photoalbums_id'])) {
                     suxPhoto::resizeImage($format, $filepath, $resize, $this->tpl->getConfigVars('thumbnailWidth'), $this->tpl->getConfigVars('thumbnailHeight'));
                     copy($filepath, $fullsize);
                     // Insert $photo into database
                     $photo['md5'] = $md5;
                     $this->photo->savePhoto($_SESSION['users_id'], $photo);
                 }
             }
         }
         suxFunct::obliterateDir($tmp_dir);
     }
     $this->log->write($_SESSION['users_id'], "sux0r::photosUpload() photoalbums_id: {$photo['photoalbums_id']}", 1);
     // Private
     $this->photo->setPublished(true);
     $tmp = $this->photo->getAlbumByID($photo['photoalbums_id']);
     // Is actually published?
     $this->photo->setPublished(null);
     // Revert
     if ($tmp) {
         // Clear all caches, cheap and easy
         $this->tpl->clearAllCache();
         // Log message
         $log = '';
         $url = suxFunct::makeUrl("/user/profile/{$_SESSION['nickname']}", null, true);
         $log .= "<a href='{$url}'>{$_SESSION['nickname']}</a> ";
         $log .= mb_strtolower($this->r->gtext['uploaded_images']);
         $url = suxFunct::makeUrl("/photos/album/{$tmp['id']}", null, true);
         $log .= " <a href='{$url}'>{$tmp['title']}</a>";
         // Log
         $this->log->write($_SESSION['users_id'], $log);
         // Clear caches, cheap and easy
         $tpl = new suxTemplate('user');
         $tpl->clearCache(null, $_SESSION['nickname']);
     }
 }