function get_user_netid()
{
if (!isset($this->user_netid)) {
$this->user_netid = reason_check_authentication();
}
return $this->user_netid;
}
function checkPermissions()
{
// first, make sure user is logged in
$username = reason_check_authentication();
if (!$username) {
$this->error("this page requires authentication");
} else {
// next, figure out the form id
$matches = array();
$res = preg_match("/form_(\\d*)/", $this->table, $matches);
if (count($matches) != 2) {
$this->error("invalid table name");
} else {
$formId = $matches[1];
// now that we've got the form id, find out what site it belongs to
$form = new entity($formId);
$site = $form->get_owner();
// and finally, make sure the logged in user has access to the site, and is an admin
$hasSiteAccess = reason_username_has_access_to_site($username, $site->id());
// $isAdmin = user_is_a(get_user_id($username), id_of("admin_role"));
// return $hasSiteAccess && $isAdmin;
return $hasSiteAccess;
}
}
return false;
}
function get_username()
{
if ($this->_username === NULL) {
$this->_username = reason_check_authentication();
}
return $this->_username;
}
function has_content()
{
if (!empty($this->blurbs) && reason_check_authentication()) {
return true;
} else {
return false;
}
}
function reason_iframe_get_media_work()
{
static $media_work;
if (isset($media_work)) {
return $media_work;
}
if (!empty($_REQUEST['media_work_id'])) {
$id = (int) $_REQUEST['media_work_id'];
if ($id) {
$media_work = new entity($id);
if ($media_work->get_value('type') == id_of('av') && ($media_work->get_value('state') == 'Live' || user_can_edit_site(get_user_id(reason_check_authentication()), get_owner_site_id($id)))) {
return $media_work;
}
}
}
$media_work = false;
return $media_work;
}
/**
* Is the user a valid administrator for registration slots for a given event?
* @param object $event event entity
* @return boolean
*/
function user_is_slot_admin($event)
{
if ($event->get_value('contact_username') && $event->get_value('contact_username') == reason_check_authentication()) {
return true;
}
return $this->user_can_inline_edit_event($event->id());
}
/**
* Checks to see if the user's id matches the auther of the current item.
*/
function user_is_author()
{
if (isset($this->current_item_id) && ($netid = reason_check_authentication()))
{
$item = new entity($this->current_item_id);
if (reason_is_entity($item, 'news'))
{
if ($item->get_value('created_by') == get_user_id($netid))
{
return true;
}
}
}
return false;
}
protected function _email_confirmation($disco, $image_id)
{
$netid = reason_check_authentication();
$tos = $netid;
if (empty($tos)) {
$tos = $disco->get_value('email');
}
$froms = '*****@*****.**';
$replytos = '';
$subject = 'Media Submission Confirmation';
$txtbody = 'Your media, "' . $disco->get_value('media_title') . '", was successfully submitted.';
$htmlbody = '<p>Your media, <strong>' . htmlspecialchars($disco->get_value('media_title')) . '</strong>, was submitted for processing.';
if ($netid) {
$additional = ' An email notification will be sent to you when the media is finished processing.';
$txtbody .= $additional;
$htmlbody .= $additional;
} else {
$additional = ' You won\'t receive an email notification when processing of your media is complete because you were not logged in when your media was uploaded.';
$txtbody .= $additional;
$htmlbody .= $additional;
}
$txtbody .= "\n";
$htmlbody .= '</p>';
$footer = "Please do not reply to this automatically generated notification message.";
$footer_divider = "--------------------------------------------------------------------------------------";
$txtbody .= "\n\n" . $footer_divider . "\n" . $footer . "\n" . $footer_divider;
$htmlbody .= "<hr/>" . $footer . "<hr/>";
$mailer = new Email($tos, $froms, $replytos, $subject, $txtbody, $htmlbody);
$mailer->send();
}
/**
* Generate a view of the events on a particular day
*
*
* @package reason
* @subpackage scripts
*/
/**
* include dependencies
*/
include_once 'reason_header.php';
reason_include_once('classes/entity_selector.php');
reason_include_once('classes/calendar.php');
reason_include_once('classes/admin/admin_page.php');
if (!reason_check_authentication()) {
header('HTTP/1.1 400 Bad Request');
echo '<html><head><title>Calendar did not work</title><meta name="robots" content="none" /></head><body><h1>Calendar did not work</h1><p>You must be logged in to use this script.</p></body></html>';
} else {
if (!empty($_REQUEST['date'])) {
// normalize the date format
$stamp = strtotime($_REQUEST['date']);
$date = date('Y-m-d', $stamp);
// Get and sort the events
$calendar = new reasonCalendar(array('start_date' => $date, 'end_date' => $date, 'view' => 'daily', 'show_statuses' => array('show', 'tentative', 'cancelled')));
$calendar->run();
$events = $calendar->get_all_events();
usort($events, 'compare_times');
// Figure out the URL for the borrow action
parse_str(trim($_REQUEST['params'], '?'), $params);
$editing_id = $params['id'];
<?php
/**
* This script reports on any sites which have more than one root page.
*
* @package reason
* @subpackage scripts
* @author Nathan White
*/
include_once 'reason_header.php';
reason_include_once('classes/entity_selector.php');
reason_include_once('function_libraries/user_functions.php');
force_secure_if_available();
$current_user = reason_check_authentication();
if (!reason_user_has_privs(get_user_id($current_user), 'db_maintenance')) {
die('<html><head><title>Reason: Find Extra Root Pages</title></head><body><h1>Sorry.</h1><p>You do not have permission to find extra root pages.</p><p>Only Reason users who have database maintenance privileges may do that.</p></body></html>');
}
?>
<html>
<head>
<title>Reason: Find Extra Root Pages</title>
</head>
<body>
<h1>Find Extra Root Pages</h1>
<?php
if (empty($_POST['do_it'])) {
?>
<form method="post">
<p>When this script is run, it will check your sites and report on those that have more than one root page.</p>
<p>You should edit those sites and delete the extra root page(s) to ensure that your site works properly.</p>
<input type="submit" name="do_it" value="Run the script" />
/**
* Merge and send a set of pdfs
*
* @access private
*/
function _merge_and_send_pdfs($pdfs)
{
if (!empty($pdfs)) {
$username = reason_check_authentication();
if (!$this->_has_access($pdfs, $username)) {
if (!empty($username)) {
$this->_display_403_page();
die;
} else {
header('Location: ' . REASON_LOGIN_URL . '?dest_page=' . urlencode(get_current_url()));
die;
}
}
$pdf_files = array();
$titles = array();
foreach ($pdfs as $pdf) {
$file_location = reason_get_asset_filesystem_location($pdf);
$pdf_files[] = $file_location;
$titles[$file_location] = strip_tags($pdf->get_value('name'));
}
include_once CARL_UTIL_INC . 'pdf/pdf_utils.php';
$merged = carl_merge_pdfs($pdf_files, $titles);
if (empty($merged)) {
trigger_error('PDF merge failed');
} else {
if (carl_send_pdf($merged, $this->cur_page->get_value('url_fragment') . '.pdf')) {
die;
} else {
trigger_error('Unable to send PDF');
}
}
}
}
function process_editor_submission()
{
if (!$this->course->get_value('sourced_id')) {
$this->course->set_value('org_id', $this->form->get_value('subject'));
$this->course->set_value('course_number', $this->form->get_value('course_number'));
}
$this->course->set_value('list_of_prerequisites', $this->form->get_value('prerequisites'));
$this->course->set_value('credits', $this->form->get_value('credits'));
$this->course->set_value('title', $this->form->get_value('title'));
$this->course->set_value('long_description', $this->form->get_value('description'));
reason_update_entity($this->course->id(), get_user_id(reason_check_authentication()), $this->course->get_values(), true);
// Apply title and description changes to selected sections
if ($sections = $this->course->get_sections()) {
var_dump($sections);
foreach ($this->form->get_value('sections') as $id) {
if (isset($sections[$id])) {
$sections[$id]->set_value('title', $this->form->get_value('title'));
$sections[$id]->set_value('long_description', $this->form->get_value('description'));
reason_update_entity($id, get_user_id(reason_check_authentication()), $sections[$id]->get_values(), true);
}
}
}
if ($this->form->get_value('display_in_catalog') && !$this->course->owned_or_borrowed_by($this->site_id)) {
create_relationship($this->site_id, $this->course->id(), get_borrows_relationship_id(id_of('course_template_type')));
} else {
if (!$this->form->get_value('display_in_catalog') && $this->course->owned_or_borrowed_by($this->site_id)) {
delete_borrowed_relationship($this->site_id, $this->course->id(), get_borrows_relationship_id(id_of('course_template_type')));
}
}
}
/**
* Helper function to has_authorization()
*
* If username given, will return true or false.
*
* If no username given, this will be interpreted as meaning "an anonymous user" and will
* return true, false, or NULL. In this case, true indicates the group includes anybody;
* false indicates that it includes nobody; and NULL indicates that the group includes some
* people and not others -- identification will be necessary to establish group membership.
*
* @access private
* @param string $user_netID -- username. Use an empty string to determine if anonymous access is permitted
* @return boolean | NULL true if user is a member of the authorized group, false if they are not, NULL if no username passed and access cannot be determined as a result
*/
function is_username_member_of_group($user_netID, $assume_netid_is_in_directory = false)
{
if ($this->group_has_members()) {
if (!$this->requires_login()) {
return true;
} elseif (empty($user_netID)) {
return NULL;
} elseif (array_key_exists($user_netID, $this->permissions)) {
return $this->permissions[$user_netID];
} elseif ($this->group->get_value('limit_authorization') == 'true') {
// build up an LDAP-style query
$rep = $this->get_group_representation();
$check_info = $this->add_netid_check_to_representation($user_netID, $rep);
foreach ($check_info as $dir_array) {
if (!empty($dir_array['directory_services'])) {
$dir = new directory_service($dir_array['directory_services']);
} else {
$dir = new directory_service();
}
$dir->merge_results_off();
if (!empty($dir_array['filter']) && $dir->search_by_filter($dir_array['filter'])) {
$members = $dir->get_records();
if (!empty($members)) {
$this->permissions[$user_netID] = true;
return true;
}
}
if (!empty($dir_array['group_filter']) && $dir->group_search_by_filter($dir_array['group_filter'])) {
$groups = $dir->get_records();
if (!empty($groups)) {
$this->permissions[$user_netID] = true;
return true;
}
}
}
$this->permissions[$user_netID] = false;
return false;
} else {
if ($assume_netid_is_in_directory || reason_check_authentication() == $user_netID) {
$this->permissions[$user_netID] = true;
return true;
} else {
if (!empty($dir_array['directory_services'])) {
$dir = new directory_service($dir_array['directory_services']);
} else {
$dir = new directory_service();
}
$dir->search_by_filter('(ds_username='******')');
$member = $dir->get_records();
if (!empty($member)) {
$this->permissions[$user_netID] = true;
return true;
} else {
$this->permissions[$user_netID] = false;
return false;
}
}
}
} else {
return false;
}
}
protected function _email_confirmation($disco, $image_id)
{
$tos = reason_check_authentication();
if (empty($tos)) {
$tos = $disco->get_value('email');
}
$froms = '*****@*****.**';
$replytos = '';
$subject = 'Media Submission Confirmation';
$txtbody = 'Your media, "' . $disco->get_value('media_title') . '", was successfully submitted.' . "\n";
$htmlbody = '<p>Your media, <strong>' . htmlspecialchars($disco->get_value('media_title')) . '</strong>, was successfully submitted.</p>';
$footer = "Please do not reply to this automatically generated notification message.";
$footer_divider = "--------------------------------------------------------------------------------------";
$txtbody .= "\n\n" . $footer_divider . "\n" . $footer . "\n" . $footer_divider;
$htmlbody .= "<hr/>" . $footer . "<hr/>";
$mailer = new Email($tos, $froms, $replytos, $subject, $txtbody, $htmlbody);
$mailer->send();
}
/**
* Get the user entity for the current user
* (if they are logged in, if they have a Reason user for them).
* @return mixed user entity object if there is a logged-in user and if they have a reason user entity; otherwise boolean false
*/
protected function _get_current_user()
{
if (!isset($this->_current_user)) {
if ($username = reason_check_authentication()) {
if ($user_id = get_user_id($username)) {
$this->_current_user = new entity($user_id);
} else {
$this->_current_user = false;
}
} else {
$this->_current_user = false;
}
}
return $this->_current_user;
}
/**
* @return int reason user entity that corresponds to logged in user or 0 if it does not exist
*/
function get_html_editor_user_id()
{
if ($net_id = reason_check_authentication()) {
$reason_id = get_user_id($net_id);
if (!empty($reason_id)) {
return $reason_id;
}
}
return 0;
}
function run_error_checks()
{
foreach($this->forbidden as $field)
{
if($this->get_value($field))
{
$this->set_error($field,'This field must be left empty for your comment to work');
}
}
$content = $this->get_value('comment_content');
$content = str_replace(' ', ' ', $content);
if (carl_empty_html(trim(tidy($content))))
{
$this->set_error('comment_content', 'You must write a comment in order to post a comment!');
}
$fields_to_tidy = array('comment_content');
foreach($fields_to_tidy as $field)
{
if($this->get_value($field))
{
$tidied = trim(tidy($this->get_value($field)));
if(empty($tidied) && in_array($field,$this->required))
{
if(!empty($this->elements[$field]['display_name']))
{
$display_name = $this->elements[$field]['display_name'];
}
else
{
$display_name = prettify_string($field);
}
$this->set_error($field,'Please fill in the '.$display_name.' field');
}
else
{
$tidy_errors = tidy_err($this->get_value($field));
if(!empty($tidy_errors))
{
$msg = 'The html in the '.$field.' field is misformed. Here is what the html checker has to say:<ul>';
foreach($tidy_errors as $tidy_error)
{
$msg .= '<li>'.$tidy_error.'</li>';
}
$msg .= '</ul>';
$this->set_error($field,$msg);
}
}
}
}
if (!reason_check_authentication())
{
if ($this->is_comment_spam())
{
$this->set_error('comment_content', 'Your comment was rejected because it appears to be spam.');
}
}
}
/**
* Apply plugins to thor forms depending on the specifications of the form.
* @param object $disco_obj: the disco form to which plugins will be applied.
* @param object $form_obj: thor form entity
* @return void
*/
function apply_disco_plugins($disco_obj, $form_obj)
{
// Only apply akismet spam filter if user is not logged in.
if (!reason_check_authentication()) {
$filter = !$form_obj->get_value('apply_akismet_filter') ? REASON_FORMS_THOR_DEFAULT_AKISMET_FILTER : $form_obj->get_value('apply_akismet_filter');
if ($filter == 'true') {
include_once INCLUDE_PATH . '/disco/plugins/akismet/akismet.php';
$akismet_filter = new AkismetFilter($disco_obj);
}
}
}
function set_user_prefs()
{
$myname = reason_check_authentication();
if (!empty($myname))
{
$popup_alert = 'no';
$es = new entity_selector();
$es->add_type(id_of('user'));
$es->add_relation('entity.name = "'.$myname.'"');
$es->set_num(1);
$users = $es->run_one();
if(!empty($users))
{
$user = current($es->run_one());
$popup_alert = $user->get_value('user_popup_alert_pref');
}
$this->set('_user_popup_alert_pref' , $popup_alert);
}
}
/**
* Require authentication via http basic auth
*
* Note 1: If the user already has a session-based login, or the script is otherwise behind an
* apache-rule-based http auth, this function will return the username without forcing a second
* login.
*
* Note 2: This function currently only works properly when php is running as an Apache module. If
* Apache is running under CGI/Fast CGI, it currently simply denies access.
*
* @todo Add CGI/FastCGI support
*
* @param string $realm
* @param string $cancel_message
* @return string username
*
*/
function reason_require_http_authentication($realm = FULL_ORGANIZATION_NAME, $cancel_message = '')
{
if($username = reason_check_authentication())
return $username;
force_secure_if_available();
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW']))
{
require_once(CARL_UTIL_INC.'dir_service/directory.php');
$dir = new directory_service();
if($dir->authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
return $_SERVER['PHP_AUTH_USER'];
}
$cgi_mode = (substr(php_sapi_name(), 0, 3) == 'cgi');
if(!$cgi_mode)
{
header('WWW-Authenticate: Basic realm="'.str_replace('"',"'",$realm).'"');
}
http_response_code(401);
if(empty($cancel_message))
{
$msg_str = 'This resource requires login.';
$cancel_message = '<!doctype HTML><html><title>'.$msg_str.'</title></head><body><h3>'.$msg_str.'</h3>';
if($cgi_mode && function_exists('is_developer') && is_developer())
$cancel_message .= '<p>HTTP authentication is not currently supported when PHP is running under CGI/Fast CGI.</p>';
$cancel_message .= '</body></html>';
}
echo $cancel_message;
exit;
}
/**
* This callback generates the thumbnail image for the video. It also updates some metadata
* such as duration for the entity.
*/
public function _process_callback()
{
$username = reason_check_authentication();
reason_update_entity($this->manager->get_value('id'), get_user_id($username), array('media_publication_datetime' => date('Y-m-d H:i:s')), false);
if ($this->manager->get_value('vimeo_url') && $this->manager->get_value('entry_id') != $this->original_entry_id) {
// create image file in the vimeo temp directory
$tmp_path = VimeoShim::get_temp_dir() . 'tmp_thumbnail_' . $this->manager->get_value('id');
$f = fopen($tmp_path, 'w');
$image_url = $this->shim->get_thumbnail($this->manager->get_value('entry_id'));
$contents = get_reason_url_contents($image_url);
fwrite($f, $contents);
fclose($f);
// Create a reason entity out of the temp image file
if (!empty($tmp_path) and file_exists($tmp_path) && $username) {
if ($id = $this->create_image_entity($username)) {
$im = new ImageManager();
$im->thumbnail_width = REASON_STANDARD_MAX_THUMBNAIL_WIDTH;
$im->thumbnail_height = REASON_STANDARD_MAX_THUMBNAIL_HEIGHT;
$im->max_width = REASON_STANDARD_MAX_IMAGE_WIDTH;
$im->max_height = REASON_STANDARD_MAX_IMAGE_HEIGHT;
$im->load_by_type(id_of('image'), $id, get_user_id($username));
$im->handle_standard_image($id, $tmp_path);
$im->create_default_thumbnail($id);
$values = array();
foreach ($im->get_element_names() as $element_name) {
$values[$element_name] = $im->get_value($element_name);
}
reason_update_entity($id, get_user_id($username), $values, false);
// Remove any existing association with an image and replace it with this new one
delete_relationships(array('entity_a' => $this->manager->get_value('id'), 'type' => relationship_id_of('av_to_primary_image')));
create_relationship($this->manager->get_value('id'), $id, relationship_id_of('av_to_primary_image'));
}
}
// update the duration field of the media work.
$data_obj = $this->shim->get_video_data($this->manager->get_value('entry_id'));
if ($data_obj) {
reason_update_entity($this->manager->get_value('id'), get_user_id($username), array('media_duration' => format_seconds_as_human_readable(intval($data_obj->duration))), false);
}
}
}
/**
* After we save the title change we also need to destroy the navigation cache for the site.
*/
function process_editable(&$disco)
{
$page = new entity($this->page_id);
$values['name'] = trim(strip_tags($disco->get_value('page_title')));
if ($page->get_value('name') != $values['name']) {
$user_id = get_user_id(reason_check_authentication());
reason_update_entity($this->page_id, $user_id, $values, true);
// clear nav cache
reason_include_once('classes/object_cache.php');
$cache = new ReasonObjectCache($this->site_id . '_navigation_cache');
$cache->clear();
}
}
function process_new()
{
$tc = $this->get_thor_core();
$values = $tc->get_thor_values_from_form($this);
$values['submitted_by'] = reason_check_authentication();
$values['submitter_ip'] = $_SERVER['REMOTE_ADDR'];
$values['date_created'] = get_mysql_datetime();
$tc->insert_values($values);
}
/**
* Get access information about whether the current user can access a given image at its original size
* @return string 'no_group', 'authentication_required', 'ok', or 'not_authorized'
*/
function current_user_original_size_access($item)
{
if (empty($this->params['original_size_access_group'])) {
return 'no_group';
}
if (!($group_id = id_of($this->params['original_size_access_group']))) {
trigger_error('Access group unique name parameter given in page type not a Reason entity.');
return 'no_group';
}
$group = new entity($group_id);
if ($group->get_value('type') != id_of('group_type')) {
trigger_error('Access group unique name does not belong to a valid Reason group.');
return 'no_group';
}
$helper = new group_helper();
$helper->set_group_by_entity($group);
$result = $helper->is_username_member_of_group(reason_check_authentication());
if (null === $result) {
return 'authentication_required';
} elseif (true === $result) {
return 'ok';
} else {
return 'not_authorized';
}
}
function _handle_access_auth_check()
{
$auth_username = reason_check_authentication();
$rpa = new reasonPageAccess();
$rpa->set_page_tree($this->pages);
$has_access = $rpa->has_access($auth_username, $this->page_id);
if(!$has_access)
{
if(!empty($auth_username))
{
$this->_display_403_page();
die();
}
else
{
header('Location: '.REASON_LOGIN_URL.'?dest_page='.urlencode(get_current_url()));
die();
}
}
else
{
$this->page_is_public = (empty($auth_username)) ? true : $rpa->has_access(false, $this->page_id);
}
}
/**
* Determines whether or not the current user has access to the specified media work. If no username is provided, this function defaults to the currently-loggin-in username.
*
* @param string $username
* @return boolean user has access
*/
public function user_has_access_to_media($username = '')
{
// First, get the restricted group--if one exists
$es = new entity_selector();
$es->add_type(id_of('group_type'));
$es->add_right_relationship($this->media_work->id(), relationship_id_of('av_restricted_to_group'));
$group = current($es->run_one());
if (!empty($group)) {
$gh = new group_helper();
$gh->set_group_by_id($group->id());
if ($gh->requires_login()) {
if (!$username) {
$username = reason_check_authentication();
}
if ($username) {
if (!$gh->is_username_member_of_group($username)) {
return false;
}
} else {
return false;
}
}
}
return true;
// Return true if the user has access to view media work
}
/**
*
*/
function get_bottom_links_html()
{
$netid = reason_check_authentication();
$ret = '<div class="loginlogout">';
$qs_array = ($netid) ? array('logout' => 'true', 'dest_page' => get_current_url()) : array('dest_page' => get_current_url());
$qs = carl_make_link($qs_array, '', 'qs_only', true, false);
if ($netid) $ret .= 'Logged in: '.$netid.' <a href="'.REASON_LOGIN_URL.$qs.'">Log Out</a>';
else $ret .= '<a href="'.REASON_LOGIN_URL.$qs.'">Log In</a>';
$ret .= '</div>';
return $ret;
}
/**
* @return int reason user entity or id of site_user entity that corresponds to logged in user
*/
function get_update_entity_user_id()
{
if ($net_id = reason_check_authentication())
{
$reason_id = get_user_id($net_id);
if (!empty($reason_id)) return $reason_id;
elseif ($site_user = $this->get_site_user()) return $site_user->id();
}
return false;
}
function authorized()
{
return reason_check_authentication();
}
function delete_classified($id)
{
$user_netid = reason_check_authentication();
$user = get_user_id($user_netid ? $user_netid : 'classified_user');
$q = 'UPDATE entity SET state = "Deleted", last_edited_by = "' . $user . '" where id = ' . $id;
db_query($q, 'Error deleting classified');
}