function flatly_hook_themes_apply($content)
{
global $core_config, $user_config;
$tpl = array('name' => 'themes_layout', 'vars' => array('CONTENT' => $content, 'HTTP_PATH_BASE' => $core_config['http_path']['base'], 'HTTP_PATH_THEMES' => $core_config['http_path']['themes'], 'THEMES_MODULE' => core_themes_get(), 'THEMES_MENU_TREE' => themes_get_menu_tree(), 'THEMES_SUBMENU' => themes_submenu(), 'CREDIT_SHOW_URL' => _u('index.php?app=ws&op=credit'), 'NAME' => $user_config['name'], 'USERNAME' => $user_config['username'], 'GRAVATAR' => $user_config['opt']['gravatar'], 'LAYOUT_FOOTER' => $core_config['main']['layout_footer'], 'Logout' => _('Logout')), 'ifs' => array('valid' => auth_isvalid()));
$content = tpl_apply($tpl, array('core_config', 'user_config'));
return $content;
}
function common_hook_themes_apply($content)
{
global $core_config, $user_config;
$themes_lang = strtolower(substr($user_config['language_module'], 0, 2));
if ($themes_layout = trim($_REQUEST['_themes_layout_'])) {
$themes_layout = 'themes_layout_' . $themes_layout;
} else {
$themes_layout = 'themes_layout';
}
$tpl = array('name' => $themes_layout, 'vars' => array('CONTENT' => $content, 'HTTP_PATH_BASE' => $core_config['http_path']['base'], 'HTTP_PATH_THEMES' => $core_config['http_path']['themes'], 'THEMES_MODULE' => core_themes_get(), 'THEMES_MENU_TREE' => themes_get_menu_tree(), 'THEMES_SUBMENU' => themes_submenu(), 'THEMES_LANG' => $themes_lang ? $themes_lang : 'en', 'CREDIT_SHOW_URL' => _u('index.php?app=ws&op=credit'), 'NAME' => $user_config['name'], 'USERNAME' => $user_config['username'], 'GRAVATAR' => $user_config['opt']['gravatar'], 'LAYOUT_FOOTER' => $core_config['main']['layout_footer'], 'Logout' => _('Logout')), 'ifs' => array('valid' => auth_isvalid()));
$content = tpl_apply($tpl, array('core_config', 'user_config'));
return $content;
}
function phonebook_hook_webservices_output($operation, $requests)
{
global $user_config;
if (!auth_isvalid()) {
return FALSE;
}
$keyword = stripslashes($requests['keyword']);
if (!$keyword) {
$keyword = $requests['tag'];
}
if ($keyword && $user_config['uid']) {
if (substr($keyword, 0, 1) == '@') {
$keyword = substr($keyword, 1);
$list = phonebook_search_user($keyword);
foreach ($list as $data) {
$item[] = array('id' => '@' . $data['username'], 'text' => '@' . $data['name']);
}
} else {
if (substr($keyword, 0, 1) == '#') {
$keyword = substr($keyword, 1);
$list = phonebook_search_group($user_config['uid'], $keyword);
foreach ($list as $data) {
$item[] = array('id' => '#' . $data['code'], 'text' => _('Group') . ': ' . $data['group_name'] . ' (' . $data['code'] . ')');
}
} else {
$list = phonebook_search($user_config['uid'], $keyword);
foreach ($list as $data) {
$item[] = array('id' => $data['p_num'], 'text' => $data['p_desc'] . ' (' . $data['p_num'] . ')');
}
}
}
}
if (count($item) == 0) {
$item[] = array('id' => $keyword, 'text' => $keyword);
}
$content = json_encode($item);
ob_end_clean();
header('Content-Type: text/json; charset=utf-8');
$ret = $content;
return $ret;
}
*
* playSMS is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* playSMS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with playSMS. If not, see <http://www.gnu.org/licenses/>.
*/
defined('_SECURE_') or die('Forbidden');
if (!auth_isvalid()) {
auth_block();
}
switch (_OP_) {
case "sms_sync_list":
$list = registry_search($user_config['uid'], 'feature', 'sms_sync');
$sms_sync_secret = $list['feature']['sms_sync']['secret'];
if ($list['feature']['sms_sync']['enable']) {
$option_enable = 'checked';
}
$sync_url = $core_config['http_path']['base'] . '/plugin/feature/sms_sync/sync.php?uid=' . $user_config['uid'];
unset($tpl);
$tpl = array('name' => 'sms_sync', 'vars' => array('DIALOG_DISPLAY' => _dialog(), 'HINT_SECRET' => _hint(_('Secret key is used in SMSSync app')), 'HINT_ENABLE' => _hint(_('Check to enable receiving push messages from SMSSync app')), 'SECRET' => $sms_sync_secret, 'CHECKED' => $option_enable, 'SYNC_URL' => $sync_url, 'Manage sync' => _('Manage sync'), 'Secret key' => _('Secret key'), 'Enable SMS Sync' => _('Enable SMS Sync'), 'Sync URL' => _('Sync URL'), 'Notes' => _('Notes'), 'Download SMSSync app for Android from' => _('Download SMSSync app for Android from'), 'Save' => _('Save')));
_p(tpl_apply($tpl));
break;
case "sms_sync_save":
function credit_hook_webservices_output($operation, $requests)
{
global $user_config;
if (!auth_isvalid()) {
return 0;
}
if ($operation == 'credit') {
$balance = (double) credit_getbalance($user_config['uid']);
$balance = number_format($balance, 3, '.', '');
ob_end_clean();
header('Content-Type: text/plain');
return $balance;
}
}
/**
* This file is part of playSMS.
*
* playSMS is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* playSMS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with playSMS. If not, see <http://www.gnu.org/licenses/>.
*/
defined('_SECURE_') or die('Forbidden');
if (_OP_ == 'block') {
if (auth_isvalid()) {
$_SESSION['dialog']['danger'][] = _('You have no access to this page');
logger_print("WARNING: no access or blocked. sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'] . " uid:" . $user_config['uid'] . " app:" . _APP_ . " inc:" . _INC_ . " op:" . _OP_ . " route:" . _ROUTE_, 2, "auth_block");
header("Location: " . _u('index.php?app=main&inc=core_auth&route=block'));
} else {
header("Location: " . _u('index.php?app=main&inc=core_auth&route=login'));
}
exit;
} else {
unset($tpl);
$tpl = array('name' => 'auth_block', 'vars' => array('DIALOG_DISPLAY' => _dialog(), 'HTTP_PATH_BASE' => $core_config['http_path']['base'], 'Home' => _('Home')));
_p(tpl_apply($tpl));
}
function credit_hook_webservices_output($operation, $requests, $returns)
{
global $user_config;
if ($operation != 'credit') {
return FALSE;
}
$balance = (double) 0;
if (auth_isvalid()) {
$balance = (double) credit_getbalance($user_config['uid']);
}
$balance = number_format($balance, 3, '.', '');
$returns['modified'] = TRUE;
$returns['param']['content'] = $balance;
$returns['param']['content-type'] = 'text/plain';
return $returns;
}
/**
* Check if visitor has certain ACL
*
* @param string $acl
* Access Control List
* @return boolean TRUE if valid and visitor has certain ACL
*/
function auth_isacl($acl)
{
if (auth_isvalid()) {
if (auth_isadmin()) {
return TRUE;
} else {
$user_acl_id = user_getfieldbyuid($_SESSION['uid'], 'acl_id');
$user_acl_name = acl_getname($user_acl_id);
if ($acl && $user_acl_name && strtoupper($acl) == strtoupper($user_acl_name)) {
return TRUE;
}
}
}
return FALSE;
}
/**
* Add new user
*
* @param array $data
* User data
* @param boolean $forced
* Forced addition
* @param boolean $send_email
* Send email after successful user addition
* @return array $ret['error_string', 'status', 'uid', 'data']
*/
function user_add($data = array(), $forced = FALSE, $send_email = TRUE)
{
global $core_config, $user_config;
// default return values
$ret['error_string'] = _('Unknown error has occurred');
$ret['status'] = FALSE;
$ret['uid'] = 0;
$ret['data'] = array();
$data = trim($data['username']) ? $data : $_REQUEST;
if ($forced || auth_isadmin() || $user_config['status'] == 3 || !auth_isvalid() && $core_config['main']['enable_register']) {
foreach ($data as $key => $val) {
$data[$key] = trim($val);
}
// set valid status
$data['status'] = (int) $data['status'];
if (!($data['status'] == 2 || $data['status'] == 3)) {
$data['status'] = 4;
}
// ACL exception for admins
$data['acl_id'] = (int) $data['acl_id'] ? (int) $data['acl_id'] : $core_config['main']['default_acl'];
if ($data['status'] == 2) {
$data['acl_id'] = 0;
}
// default parent_id
$data['parent_uid'] = (int) $data['parent_uid'] ? (int) $data['parent_uid'] : $core_config['main']['default_parent'];
if ($parent_status = user_getfieldbyuid($data['parent_uid'], 'status')) {
// logic for parent_uid, parent uid by default is 0
if ($data['status'] == 4) {
if (!($parent_status == 2 || $parent_status == 3)) {
$data['parent_uid'] = $core_config['main']['default_parent'];
}
} else {
$data['parent_uid'] = $core_config['main']['default_parent'];
}
} else {
$data['parent_uid'] = $core_config['main']['default_parent'];
}
$data['username'] = core_sanitize_username($data['username']);
$data['password'] = trim($data['password']) ? trim($data['password']) : core_get_random_string(10);
$register_password = $data['password'];
$data['password'] = md5($register_password);
$data['token'] = md5(uniqid($data['username'] . $data['password'], true));
// default credit
$supplied_credit = (double) $data['credit'];
$data['credit'] = 0;
// sender set to empty by default
// $data['sender'] = ($data['sender'] ? core_sanitize_sender($data['sender']) : '');
$data['sender'] = '';
$dt = core_get_datetime();
$data['register_datetime'] = $dt;
$data['lastupdate_datetime'] = $dt;
// fixme anton - these should be configurable on main config
$data['footer'] = '@' . $data['username'];
$data['enable_webservices'] = 1;
// $data['webservices_ip'] = (trim($data['webservices_ip']) ? trim($data['webservices_ip']) : '127.0.0.1, 192.168.*.*');
$data['webservices_ip'] = '*.*.*.*';
$v = user_add_validate($data);
if ($v['status']) {
_log('attempt to register status:' . $data['status'] . ' u:' . $data['username'] . ' email:' . $data['email'], 3, 'user_add');
if ($data['username'] && $data['email'] && $data['name']) {
if ($new_uid = dba_add(_DB_PREF_ . '_tblUser', $data)) {
$ret['status'] = TRUE;
$ret['uid'] = $new_uid;
// set credit upon registration
$default_credit = $supplied_credit ? $supplied_credit : (double) $core_config['main']['default_credit'];
rate_addusercredit($ret['uid'], $default_credit);
} else {
$ret['error_string'] = _('Fail to register an account');
}
if ($ret['status']) {
$data['credit'] = user_getfieldbyuid($new_uid, 'credit');
$data['register_password'] = $register_password;
_log('registered status:' . $data['status'] . ' u:' . $data['username'] . ' uid:' . $ret['uid'] . ' email:' . $data['email'] . ' ip:' . $_SERVER['REMOTE_ADDR'] . ' mobile:' . $data['mobile'] . ' credit:' . $data['credit'], 2, 'user_add');
// save $data on returns
$ret['data'] = $data;
// default is TRUE, always send email from this function
if ($send_email) {
// injected variables must be global, need to work on this later
global $reg_data;
$reg_data = $ret['data'];
// send email
$tpl = array('name' => 'user_add_email', 'vars' => array('Name' => _('Name'), 'Username' => _('Username'), 'Password' => _('Password'), 'Mobile' => _('Mobile'), 'Credit' => _('Credit'), 'Email' => _('Email')), 'injects' => array('core_config', 'reg_data'));
$email_body = tpl_apply($tpl);
$email_subject = _('New account registration');
$mail_data = array('mail_from_name' => $core_config['main']['web_title'], 'mail_from' => $core_config['main']['email_service'], 'mail_to' => $data['email'], 'mail_subject' => $email_subject, 'mail_body' => $email_body);
if (sendmail($mail_data)) {
$ret['error_string'] = _('Account has been added and password has been emailed') . " (" . _('username') . ": " . $data['username'] . ")";
} else {
$ret['error_string'] = _('Account has been added but failed to send email') . " (" . _('username') . ": " . $data['username'] . ")";
}
}
}
} else {
$ret['error_string'] = _('You must fill all required fields');
}
} else {
$ret['error_string'] = $v['error_string'];
}
} else {
$ret['error_string'] = _('Account registration is not available');
}
return $ret;
}
/**
* Check if visitor has certain user status
*
* @param string $status
* Account status
* @return boolean TRUE if valid and visitor has certain user status
*/
function auth_isstatus($status)
{
if ($_SESSION['status'] == (int) $status) {
if (auth_isvalid()) {
return TRUE;
}
}
return FALSE;
}
/**
* Add new user
*
* @param array $data
* User data
* @param boolean $forced
* Forced addition
* @return array $ret('error_string', 'status', 'uid')
*/
function user_add($data = array(), $forced = FALSE)
{
global $core_config, $user_config;
$ret['error_string'] = _('Unknown error has occurred');
$ret['status'] = FALSE;
$ret['uid'] = 0;
$data = trim($data['username']) ? $data : $_REQUEST;
if ($forced || auth_isadmin() || $user_config['status'] == 3 || !auth_isvalid() && $core_config['main']['enable_register']) {
foreach ($data as $key => $val) {
$data[$key] = trim($val);
}
// set valid status
$data['status'] = (int) $data['status'];
if (!($data['status'] == 2 || $data['status'] == 3)) {
$data['status'] = 4;
}
// logic for parent_uid, parent uid by default is 0
if ($data['status'] == 4) {
$parent_status = user_getfieldbyuid($data['parent_uid'], 'status');
if (!($parent_status == 2 || $parent_status == 3)) {
$data['parent_uid'] = 0;
}
} else {
$data['parent_uid'] = 0;
}
$data['username'] = core_sanitize_username($data['username']);
$data['password'] = $data['password'] ? $data['password'] : core_get_random_string(10);
$new_password = $data['password'];
$data['password'] = md5($new_password);
$data['token'] = md5(uniqid($data['username'] . $data['password'], true));
// credit set to 0 by default
// $data['credit'] = ( $data['credit'] ? $data['credit'] : $core_config['main']['default_credit'] );
$data['credit'] = 0;
// sender set to empty by default
// $data['sender'] = ($data['sender'] ? core_sanitize_sender($data['sender']) : '');
$data['sender'] = '';
$dt = core_get_datetime();
$data['register_datetime'] = $dt;
$data['lastupdate_datetime'] = $dt;
$data['webservices_ip'] = trim($data['webservices_ip']) ? trim($data['webservices_ip']) : '127.0.0.1, 192.168.*.*';
$v = user_add_validate($data);
if ($v['status']) {
_log('attempt to register status:' . $data['status'] . ' u:' . $data['username'] . ' email:' . $data['email'], 3, 'user_add');
if ($data['username'] && $data['email'] && $data['name']) {
if ($new_uid = dba_add(_DB_PREF_ . '_tblUser', $data)) {
$ret['status'] = TRUE;
$ret['uid'] = $new_uid;
} else {
$ret['error_string'] = _('Fail to register an account');
}
if ($ret['status']) {
_log('registered status:' . $data['status'] . ' u:' . $data['username'] . ' uid:' . $ret['uid'] . ' email:' . $data['email'] . ' ip:' . $_SERVER['REMOTE_ADDR'] . ' mobile:' . $data['mobile'] . ' credit:' . $data['credit'], 2, 'user_add');
$subject = _('New account registration');
$body = $core_config['main']['web_title'] . "\n";
$body .= $core_config['http_path']['base'] . "\n\n";
$body .= _('Username') . ": " . $data['username'] . "\n";
$body .= _('Password') . ": " . $new_password . "\n";
$body .= _('Mobile') . ": " . $data['mobile'] . "\n";
$body .= _('Credit') . ": " . $data['credit'] . "\n\n";
$body .= $core_config['main']['email_footer'] . "\n\n";
$ret['error_string'] = _('Account has been added and password has been emailed') . " (" . _('username') . ": " . $data['username'] . ")";
$mail_data = array('mail_from_name' => $core_config['main']['web_title'], 'mail_from' => $core_config['main']['email_service'], 'mail_to' => $data['email'], 'mail_subject' => $subject, 'mail_body' => $body);
if (!sendmail($mail_data)) {
$ret['error_string'] = _('Account has been added but failed to send email') . " (" . _('username') . ": " . $data['username'] . ")";
}
}
} else {
$ret['error_string'] = _('You must fill all required fields');
}
} else {
$ret['error_string'] = $v['error_string'];
}
} else {
$ret['error_string'] = _('Account registration is not available');
}
return $ret;
}
function phonebook_hook_webservices_output($operation, $requests, $returns)
{
global $user_config;
$keyword = stripslashes($requests['keyword']);
if (!$keyword) {
$keyword = $requests['tag'];
}
if (!($operation == 'phonebook' && $keyword)) {
return FALSE;
}
if (!auth_isvalid()) {
return FALSE;
}
if ($returns['modified'] && $returns['param']['operation'] == 'phonebook') {
$item = json_decode($returns['param']['content'], TRUE);
} else {
$item = array();
}
if ($keyword && $user_config['uid']) {
if (substr($keyword, 0, 1) == '@') {
$keyword = substr($keyword, 1);
$list = phonebook_search_user($user_config['uid'], $keyword);
foreach ($list as $data) {
$item[] = array('id' => '@' . $data['username'], 'text' => '@' . $data['name']);
}
} else {
if (substr($keyword, 0, 1) == '#') {
$keyword = substr($keyword, 1);
$list = phonebook_search_group($user_config['uid'], $keyword);
foreach ($list as $data) {
$item[] = array('id' => '#' . $data['code'], 'text' => _('Group') . ': ' . $data['group_name'] . ' (' . $data['code'] . ')');
}
} else {
$list = phonebook_search($user_config['uid'], $keyword);
foreach ($list as $data) {
$item[] = array('id' => $data['p_num'], 'text' => $data['p_desc'] . ' (' . $data['p_num'] . ')');
}
}
}
}
// safety net
if (count($item) == 0) {
$item[] = array('id' => $keyword, 'text' => $keyword);
}
$returns['modified'] = TRUE;
$returns['param']['content'] = json_encode($item);
if ($requests['debug'] == '1') {
$returns['param']['content-type'] = "text/plain";
}
return $returns;
}