function api_keys_utils_get_from_url($more = array())
{
$defaults = array('allow_disabled' => 0, 'ensure_isown' => 1);
$more = array_merge($defaults, $more);
$api_key = request_str("api_key");
# OAuth2 section 2.2 ...
if (!$api_key) {
$api_key = request_str("client_id");
}
if (!$api_key) {
error_404();
}
$key_row = api_keys_get_by_key($api_key);
if (!$key_row) {
error_404();
}
if ($key_row['deleted']) {
error_410();
}
if ($more['ensure_isown']) {
if ($key_row['user_id'] != $GLOBALS['cfg']['user']['id']) {
error_403();
}
}
if (!$more['allow_disabled']) {
if ($key_row['disabled']) {
error_403();
}
}
return $key_row;
}
function api_output_get_format()
{
$format = null;
$possible = null;
if (request_isset('format')) {
$possible = request_str('format');
} elseif (function_exists('getallheaders')) {
$headers = getallheaders();
if (isset($headers['Accept'])) {
foreach (explode(",", $headers['Accept']) as $what) {
list($type, $q) = explode(";", $what, 2);
if (preg_match("!^application/(\\w+)\$!", $type, $m)) {
$possible = $m[1];
break;
}
}
}
} else {
}
if ($possible) {
if (in_array($possible, $GLOBALS['cfg']['api']['formats'])) {
$format = $possible;
}
}
return $format;
}
function api_dots_dotsForUser()
{
// these keys not important
$skipKeys = array("details", "details_json", "index_on", "details_listview", "type_of_co");
$u = request_str('user');
$owner = users_get_by_id($u);
$output = array();
if ($owner) {
$dots = dots_get_dots_for_user($owner);
// please say there is a better way
if ($dots) {
foreach ($dots as &$row) {
$a = array();
foreach ($row as $k => $v) {
if (!in_array($k, $skipKeys)) {
$a[$k] = $v;
}
}
$output[] = $a;
}
}
}
if (count($output)) {
api_output_ok($output);
} else {
api_output_error();
}
}
function api_auth_oauth2_get_access_token(&$method)
{
# https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-20#section-2.1
$require_header = $GLOBALS['cfg']['api_oauth2_require_authentication_header'];
$check_header = $GLOBALS['cfg']['api_oauth2_check_authentication_header'];
if ($require_header || $check_header) {
$headers = apache_request_headers();
$token = null;
if (!isset($headers['authorization'])) {
if ($require_header) {
return null;
}
} else {
if (preg_match("/Bearer\\s+([a-zA-Z0-9\\+\\/\\=]+)\$/", $headers['authorization'], $m)) {
$token = $m[1];
$token = base64_decode($token);
}
}
if ($token || $require_header) {
return $token;
}
}
if ($GLOBALS['cfg']['api_oauth2_allow_get_parameters']) {
return request_str('access_token');
}
return post_str('access_token');
}
function actions()
{
$action = request_str('action');
if (method_exists($this, $action . 'Action')) {
return call_user_func(array($this, $action . 'Action'));
} else {
return $this->defaultAction();
}
}
function api_dispatch()
{
#
# Output formats
#
$format = request_str('format');
if ($format = request_str('format')) {
if (in_array($format, $GLOBALS['cfg']['api']['formats']['valid'])) {
$GLOBALS['cfg']['api']['formats']['current'] = $format;
} else {
$format = null;
}
}
if (!$format) {
$GLOBALS['cfg']['api']['formats']['current'] = $GLOBALS['cfg']['api']['formats']['default'];
}
#
# Can I get a witness?
#
if (!$GLOBALS['cfg']['enable_feature_api']) {
api_output_error(999, 'The API is currently disabled');
}
#
# Is this a valid method?
#
$method = request_str('method');
if (!$method) {
api_output_error(404, 'Method not found');
}
if (!isset($GLOBALS['cfg']['api']['methods'][$method])) {
api_output_error(404, 'Method not found');
}
$method_row = $GLOBALS['cfg']['api']['methods'][$method];
if (!$method_row['enabled']) {
api_output_error(404, 'Method not found');
}
$lib = $method_row['library'];
loadlib($lib);
$method = explode(".", $method);
$function = $lib . "_" . array_pop($method);
if (!function_exists($function)) {
api_output_error(404, 'Method not found');
}
#
# Auth-y bits
#
if ($method_row['required_login']) {
# Please, to write me...
}
#
# Go!
#
call_user_func($function);
exit;
}
function defaultAction()
{
$subjects = array(1 => array('id' => 1, 'title' => s('General question')), 2 => array('id' => 2, 'title' => s('Bug report')), 3 => array('id' => 3, 'title' => s('Collaboration or partership')), 4 => array('id' => 4, 'title' => s('Idea')), 5 => array('id' => 5, 'title' => s('Other')));
$html = '';
$errors = array();
$is_posted = request_int('is_posted');
$jump_to = 'feedback_name';
if ($is_posted) {
if (!count($errors) && !request_str('email')) {
$errors[] = s('Please, enter your email');
$jump_to = 'feedback_email';
}
if (!count($errors) && request_str('email') && !filter_var(request_str('email'), FILTER_VALIDATE_EMAIL)) {
$errors[] = s('Please, provide correct email address. For example: john@gmail.com');
$jump_to = 'feedback_email';
}
if (!count($errors) && !request_str('message')) {
$errors[] = s('Enter the message.');
$jump_to = 'feedback_password';
}
if (!count($errors)) {
$data = array('{name}' => request_str('name'), '{email}' => request_str('email'), '{subject}' => $subjects[request_int('subject_id')]['title'], '{message}' => request_str('message'));
$message = str_replace(array_keys($data), array_values($data), 'Name: {name}
Email: {email}
Subject: {subject}
{message}
' . $_SERVER['REMOTE_ADDR'] . ' ' . date('r'));
core::$sql->insert(array('message' => core::$sql->s($message), 'insert_stamp' => core::$sql->i(time())), DB . 'feedback');
require_once '../mod/lib.mail.php';
foreach (array('*****@*****.**') as $email) {
mail_send(request_str('name'), request_str('email'), $email, 'Metro4all.org - ' . $subjects[request_int('subject_id')]['title'], $message, false);
}
go(Core::$config['http_home'] . 'feedback/?action=ok');
}
}
$page = new PageCommon(s('Feedback'));
$html .= $page->start();
$html .= '<div class="row"><div class="col-md-offset-2 col-md-8"><h2>' . s('Feedback') . '</h2>';
if (count($errors)) {
$html .= '<div class="alert alert-danger"><p>' . escape($errors[0]) . '</p></div>';
}
$form = new Form('feedback', false, 'post');
$html .= '<div class="well">' . $form->start() . $form->addVariable('is_posted', 1) . $form->addString('name', s('Name'), $is_posted ? request_str('name') : '') . $form->addString('email', s('E-mail'), $is_posted ? request_str('email') : '', array('is_required' => true)) . $form->addSelect('subject_id', s('Subject'), $is_posted ? request_int('subject_id') : 1, array('data' => $subjects)) . $form->addText('message', s('Message'), $is_posted ? request_str('message') : '', array('is_required' => true, 'style' => 'height:200px')) . $form->submit(s('Send')) . '</div>';
$html .= '<script> $(document).ready(function() { $("#' . $jump_to . '").focus(); }); </script>';
$html .= '</div></div>';
$html .= $page->stop();
return $html;
}
function api_auth_has_valid_crumb(&$method, $ttl = 0)
{
$crumb = request_str("crumb");
if (!$crumb) {
return 0;
}
$name = $method['name'];
$ttl = isset($method['crumb_ttl']) ? $method['crumb_ttl'] : 0;
if (!crumb_check("api", $ttl, $name)) {
return 0;
}
return 1;
}
function defaultAction()
{
$html = '';
$errors = array();
$is_posted = request_int('is_posted');
$jump_to = 'subscription_email';
if ($is_posted) {
// $captcha_code = request_str('captcha_code');
if (!count($errors) && !request_str('email')) {
$errors[] = s('Please, enter your email');
$jump_to = 'register_email';
}
if (!count($errors) && request_str('email') && !filter_var(request_str('email'), FILTER_VALIDATE_EMAIL)) {
$errors[] = s('Please, provide correct email address. For example: john@gmail.com');
$jump_to = 'register_email';
}
// if(captcha_compare(request_str('captcha_code'))) {
// captcha_close();
if (!count($errors)) {
// file_put_contents('data/subscription.txt', "\r\n" . request_str('email'), FILE_APPEND | LOCK_EX);
core::$sql->insert(array('email' => core::$sql->s(request_str('email')), 'insert_stamp' => core::$sql->i(time())), DB . 'subscription');
/*
switch (request_int('language_id')) {
case 1: mail('*****@*****.**', 'subscribe gisconf '.request_str('email'), '*password: Oov4eeph', 'From: news@gisconf.ru'); break;
case 2: mail('*****@*****.**', 'subscribe gisconf-en '.request_str('email'), '*password: Oov4eeph', 'From: news-en@gisconf.ru'); break;
}
*/
go(core::$config['http_home'] . 'subscription/?action=ok');
}
// }
// else
// $errors []= 'Неверный код подтверждения';
}
$page = new PageCommon(s('Newsletter'));
$html .= $page->start();
$html .= '<div class="row"><div class="col-md-offset-1 col-md-6"><h1>' . s('Newsletter') . '</h1>';
if (count($errors)) {
$html .= '<div class="alert alert-danger"><p>' . escape($errors[0]) . '</p></div>';
}
$form = new Form('subscription', false, 'post');
$html .= '<div class="well">' . $form->start() . $form->addVariable('is_posted', 1) . $form->addString('email', s('E-mail'), $is_posted ? request_str('email') : '', array('is_required' => true)) . $form->submit(s('Subscribe')) . '</div>';
$html .= '<script> $(document).ready(function() { $("#' . $jump_to . '").focus(); }); </script>';
$html .= '</div></div>';
$html .= $page->stop();
return $html;
}
# Ensure that this is something we can export
#
$format = get_str('format');
if (!$format) {
$format = 'csv';
}
$map = formats_valid_export_map('key by extension');
if (!isset($map[$format])) {
error_404();
}
# Hey look! At least to start we are deliberately not doing
# any pagination on the 'dots-for-a-sheet' page. We'll see
# how long its actually sustainable but for now it keeps a
# variety of (display) avenues open.
# (20101025/straup)
$more = array('per_page' => $GLOBALS['cfg']['import_max_records'], 'sort' => request_str('_sort'), 'order' => request_str('_order'));
$sheet['dots'] = dots_get_dots_for_sheet($sheet, $GLOBALS['cfg']['user']['id'], $more);
$bbox = implode(", ", array_values($sheet['extent']));
# valid extras are things like
$export_more = array('viewer_id' => $GLOBALS['cfg']['user']['id']);
if ($format == "json" && ($cb = get_str("callback"))) {
$export_more['callback'] = $cb;
}
// added by seanc(6/21/2011)
if ($format == "json" && isset($sheet['label'])) {
$export_more['sheet_label'] = $sheet['label'];
$export_more['sheet_extent'] = $bbox;
}
$export_props = export_collect_user_properties($format);
$export_more = array_merge($export_props, $export_more);
# caching?
function _api_output_rest_send_jsonp(&$rsp)
{
$callback = request_str('callback');
$callback = filter_strict($callback);
if (!$callback) {
$callback = "makeItSo";
}
$callback = htmlspecialchars($callback);
_api_output_rest_send_json_headers();
echo $callback . "(" . json_encode($rsp) . ")";
}
<?php
# Note the order here – it's important
# (20121024/straup)
$GLOBALS['this_is_api'] = 1;
include "include/init.php";
loadlib("api");
$method = request_str("method");
api_dispatch($method);
exit;
echo json_encode($json);
exit;
}
#
$key_more = array('ensure_isown' => 0);
$key_row = api_keys_utils_get_from_url($key_more);
$GLOBALS['smarty']->assign_by_ref("key", $key_row);
$ok = 1;
$error = null;
# Basics (redirect URLs)
if ($ok && !$key_row['app_callback']) {
error_403();
}
# Basics (everything else)
$grant = request_str("grant_type");
$code = request_str("code");
if (!$code || !$grant) {
$error = "invalid_request";
$ok = 0;
}
if ($ok && $grant != "authorization_code") {
$error = "invalid_grant";
$ok = 0;
}
if (!$ok) {
$rsp = array('error' => $error);
local_send_json($rsp);
exit;
}
# Sort out the grant tokens
$grant_token = api_oauth2_grant_tokens_get_by_code($code);
function api_dispatch($method)
{
if (!$GLOBALS['cfg']['enable_feature_api']) {
api_output_error(999, 'API disabled');
}
$method = filter_strict($method);
$api_key = request_str("api_key");
$access_token = request_str("access_token");
# Log the basics
api_log(array('api_key' => $api_key, 'method' => $method, 'access_token' => $access_token, 'remote_addr' => $_SERVER['REMOTE_ADDR']));
$methods = $GLOBALS['cfg']['api']['methods'];
if (!$method || !isset($methods[$method])) {
$enc_method = htmlspecialchars($method);
api_output_error(404, "Method '{$enc_method}' not found");
}
apache_setenv("API_METHOD", $method);
$method_row = $methods[$method];
$key_row = null;
$token_row = null;
if (!$method_row['enabled']) {
$enc_method = htmlspecialchars($method);
api_output_error(404, "Method '{$enc_method}' not found");
}
$method_row['name'] = $method;
if ($GLOBALS['cfg']['api_auth_type'] == 'oauth2') {
if ($_SERVER['REQUEST_METHOD'] != 'POST' && !$GLOBALS['cfg']['api_oauth2_allow_get_parameters']) {
api_output_error(405, 'Method not allowed');
}
}
if (isset($method_row['request_method'])) {
if ($_SERVER['REQUEST_METHOD'] != $method_row['request_method']) {
api_output_error(405, 'Method not allowed');
}
}
# Okay – now we get in to validation and authorization. Which means a
# whole world of pedantic stupid if we're using Oauth2. Note that you
# could use OAuth2 and require API keys be passed explictly but since
# that's not part of the spec if you enable the two features simultaneously
# don't be surprised when hilarity ensues. Good times. (20121026/straup)
# First API keys
if (features_is_enabled("api_require_keys")) {
if (!$api_key) {
api_output_error(999, "Required API key is missing");
}
$key_row = api_keys_get_by_key($api_key);
api_keys_utils_ensure_valid_key($key_row);
}
# Second auth-y bits
$auth_rsp = api_auth_ensure_auth($method_row, $key_row);
if (isset($auth_rsp['api_key'])) {
$key_row = $auth_rsp['api_key'];
}
if (isset($auth_rsp['access_token'])) {
$token_row = $auth_rsp['access_token'];
}
if ($auth_rsp['user']) {
$GLOBALS['cfg']['user'] = $auth_rsp['user'];
}
apache_setenv("API_KEY", $key_row['api_key']);
# Check for require-iness of users here ?
# Roles - for API keys (things like only the site keys)
api_config_ensure_role($method_row, $key_row, $token_row);
# Blessings and other method specific access controls
api_config_ensure_blessing($method_row, $key_row, $token_row);
# Finally, crumbs - because they are tastey
if ($method_row['requires_crumb']) {
api_auth_ensure_crumb($method_row);
}
# GO!
loadlib($method_row['library']);
$parts = explode(".", $method);
$method = array_pop($parts);
$func = "{$method_row['library']}_{$method}";
if (!function_exists($func)) {
api_output_error(404, "Method not found");
}
call_user_func($func);
exit;
}
function api_foursquare_venues_search()
{
$lat = request_float('latitude');
$lon = request_float('longitude');
$alt = request_float('altitude');
$query = request_str('query');
# See this? It's a quick and dirty shim until I can figure
# out how to pass 'sort' flags via the UI (20120201/straup)
# $sort = request_float('sort');
$sort = $GLOBALS['cfg']['foursquare_venues_sort'];
$sort_func = "_api_foursquare_venues_sort_by_name";
if ($sort == 'distance') {
$sort_func = "_api_foursquare_venues_sort_by_distance";
}
if (!$lat || !geo_utils_is_valid_latitude($lat)) {
api_output_error(999, "Missing or invalid latitude");
}
if (!$lat || !geo_utils_is_valid_longitude($lon)) {
api_output_error(999, "Missing or invalid longitude");
}
$checkin_crumb = crumb_generate("api", "privatesquare.venues.checkin");
$fsq_user = foursquare_users_get_by_user_id($GLOBALS['cfg']['user']['id']);
$method = 'venues/search';
if ($query) {
$args = array('oauth_token' => $fsq_user['oauth_token'], 'll' => "{$lat},{$lon}", 'radius' => 1200, 'limit' => 30, 'intent' => 'match', 'query' => $query);
$rsp = foursquare_api_call($method, $args);
if (!$rsp['ok']) {
_api_foursquare_error($rsp);
}
$venues = $rsp['rsp']['venues'];
usort($venues, $sort_func);
$out = array('venues' => $venues, 'query' => $query, 'latitude' => $lat, 'longitude' => $lon, 'crumb' => $checkin_crumb);
api_output_ok($out);
}
$random_user = foursquare_users_random_user();
if (!$random_user) {
$random_user = $fsq_user;
}
# https://developer.foursquare.com/docs/venues/search
# TO DO: api_call_multi
# first get stuff scoped to the current user
$args = array('oauth_token' => $fsq_user['oauth_token'], 'll' => "{$lat},{$lon}", 'limit' => 30, 'intent' => 'checkin');
$rsp = foursquare_api_call($method, $args);
if (!$rsp['ok']) {
_api_foursquare_error($rsp);
}
$venues = array();
$seen = array();
foreach ($rsp['rsp']['venues'] as $v) {
$venues[] = $v;
$seen[] = $v['id'];
}
# now just get whatever
$args = array('oauth_token' => $random_user['oauth_token'], 'll' => "{$lat},{$lon}", 'limit' => 30, 'radius' => 800, 'intent' => 'browse');
$rsp = foursquare_api_call($method, $args);
if (!$rsp['ok']) {
_api_foursquare_error($rsp);
}
foreach ($rsp['rsp']['venues'] as $v) {
if (!in_array($v['id'], $seen)) {
$venues[] = $v;
}
}
usort($venues, $sort_func);
# go!
$out = array('venues' => $venues, 'latitude' => $lat, 'longitude' => $lon, 'crumb' => $checkin_crumb);
api_output_ok($out);
}
function get_home_info()
{
$title_url = request_str('user_title_url', true);
if ($title_url == '') {
out();
}
$id = $this->get_id_by_title_url($title_url);
if ($id == U_GUEST) {
out();
}
$info = array();
$is_my = $id == $this->info['id'];
if (!$is_my) {
$info = $this->sql->row('*', DB . 'users', 'id=' . $this->sql->i($id));
if ($info === false) {
out();
}
} else {
$info = $this->info;
}
$info['is_my'] = $is_my;
$info['home_url'] = '/club/' . $info['title_url'] . '/';
return $info;
}
<?php
include "../include/init.php";
loadlib("god");
loadlib("flickr_photos");
loadlib("flickr_backups");
loadlib("flickr_faves");
loadlib("flickr_users");
loadlib("flickr_api");
$id = request_str("user_id");
if ($id) {
$user = users_get_by_id($id);
if (!$user['id']) {
error_404();
}
$flickr_user = flickr_users_get_by_user_id($user['id']);
$count_photos = flickr_photos_count_for_user($user, array('viewer_id' => $user['id']));
$user['count_photos'] = $count_photos;
if ($flickr_user['auth_token']) {
$backups = flickr_backups_for_user($user);
$user['backups'] = $backups;
$count_faves = flickr_faves_count_for_user($user, array('viewer_id' => $user['id']));
$user['count_faves'] = $count_faves;
$perms_map = flickr_api_authtoken_perms_map();
$GLOBALS['smarty']->assign_by_ref("perms_map", $perms_map);
}
$GLOBALS['smarty']->assign_by_ref("user", $user);
$GLOBALS['smarty']->assign_by_ref("flickr_user", $flickr_user);
}
$GLOBALS['smarty']->display("page_god_user.txt");
exit;
function request_checked($name, $is_required = false)
{
$value = request_str($name, $is_required);
return $value == 'on' ? 1 : 0;
}
}
if (!$GLOBALS['cfg']['enable_feature_import_by_url']) {
$GLOBALS['error']['uploads_by_url_disabled'] = 1;
$smarty->display("page_upload_disabled.txt");
exit;
}
login_ensure_loggedin("{$GLOBALS['cfg']['abs_root_url']}upload/url/?url=" . urlencode($url));
#
# Start setting things up...
#
$crumb_key = 'upload';
$smarty->assign("crumb_key", $crumb_key);
#
# Ensure there's a URL and that the user is logged in
#
$url = request_str('url');
if (!$url) {
$GLOBALS['smarty']->display('page_upload_by_url_form.txt');
exit;
}
#
# Validate $url here
#
$parsed = utils_parse_url($url);
$ok = $parsed['ok'];
$error_details = '';
if ($ok && !in_array($parsed['scheme'], array('http', 'https'))) {
$error_details = 'Invalid scheme. Only http and https are currently supported.';
$ok = 0;
}
if ($ok && !$parsed['host']) {
include "include/init.php";
loadlib("import");
loadlib("flickr");
loadlib("utils");
if (!$GLOBALS['cfg']['enable_feature_import']) {
$GLOBALS['error']['uploads_disabled'] = 1;
$smarty->display("page_upload_disabled.txt");
exit;
}
if (!$GLOBALS['cfg']['enable_feature_import_by_url']) {
$GLOBALS['error']['uploads_by_url_disabled'] = 1;
$smarty->display("page_upload_disabled.txt");
exit;
}
#
$url = request_str("url");
$loggedin_url = "{$GLOBALS['cfg']['abs_root_url']}upload/flickr/";
if ($url) {
$loggedin_url .= "?url=" . urlencode($url);
}
login_ensure_loggedin($loggedin_url);
#
$crumb_key = 'upload';
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
#
$ok = 1;
if ($url) {
$parsed_url = utils_parse_url($url);
if (!preg_match("/(www\\.)?flickr\\.com/", $parsed_url['host'])) {
$GLOBALS['error']['not_flickr'] = 1;
$ok = 0;
function crumb_check($key, $ttl = 0)
{
$test = request_str('crumb');
return crumb_validate($test, $key, $ttl);
}
function lostPasswordChangeAction()
{
if (($user = core::$sql->row('id, password', DB . 'user', 'id=' . core::$sql->i(request_int('id', true)) . ' and id<>' . core::$sql->i(User::ANONIMOUS) . ' and is_disabled=0')) === false) {
out();
}
if (($hash = core::$user->getHash(core::$config['user']['lost_password_salt'], $user['password'])) != request_str('code', true)) {
out();
}
$html = '';
$errors = array();
$is_posted = request_int('is_posted');
$jump_to = 'lost_password_change_password';
if ($is_posted) {
// $captcha_code = request_str('captcha_code');
if (!count($errors) && !request_str('password')) {
$errors[] = s('Пожалуйста, укажите пароль.');
}
if (!count($errors) && request_str('password') != request_str('password2')) {
$errors[] = s('Введенные пароли не совпадают. Пожалуйста, попробуйте еще раз.');
}
// if(captcha_compare(request_str('captcha_code'))) {
// captcha_close();
if (!count($errors)) {
$password_hash = core::$user->getHash(core::$config['user']['password_salt'], request_str('password'));
core::$sql->update(array('password' => core::$sql->s($password_hash)), DB . 'user', 'id=' . core::$sql->i($user['id']));
core::$user->logout();
go(core::$config['http_home'] . 'lost_password/changed/');
}
// }
// else
// $errors []= 'Неверный код подтверждения';
}
$page = new PageCommon(s('Смена пароля'));
$html .= $page->start();
$html .= '<div class="row"><div class="span4 offset4"><h2>' . s('Смена пароля') . '</h2>';
if (count($errors)) {
$html .= '<div class="alert alert-danger"><p>' . escape($errors[0]) . '</p></div>';
}
$form = new Form('lost_password_change', false, 'post');
$html .= '<div class="well">' . $form->start() . $form->addVariable('is_posted', 1) . $form->addVariable('id', request_int('id')) . $form->addVariable('code', request_str('code')) . $form->addPassword('password', s('Пароль'), '', array('is_required' => true)) . $form->addPassword('password2', s('Подтверждение пароля'), '', array('is_required' => true)) . $form->submit(s('Сохранить')) . '</div>';
/*
$html .= '<ul>
<li><a href="' .core::$config['http_home'] . 'login/">' . s('Вход для зарегистрированных') . '</a></li>
</ul>';
*/
$html .= '<script> $(document).ready(function() { $("#' . $jump_to . '").focus(); }); </script>';
$html .= '</div></div>';
$html .= $page->stop();
return $html;
}
}
$GLOBALS['smarty']->display("page_api_oauth2_authenticate_self.txt");
exit;
}
# Okay, let's do this
$ok = 1;
$scope = request_str("scope");
if ($ok && !api_oauth2_access_tokens_is_valid_permission($scope, "string perms")) {
$GLOBALS['smarty']->assign("error", "invalid_scope");
$ok = 0;
}
if ($ok && request_str("redirect_uri") != $key_row['app_callback']) {
$GLOBALS['smarty']->assign("error", "invalid_callback");
$ok = 0;
}
if ($ok && request_str("response_type") != "code") {
$GLOBALS['smarty']->assign("error", "invalid_type");
$ok = 0;
}
# Do we already have a grant token for this user?
# And yes this is a repeat of the code below that should maybe be
# moved in to a function or something. But for now it's fine...
# (20121024/straup)
if ($ok && ($token = api_oauth2_grant_tokens_get_for_user_and_key($GLOBALS['cfg']['user'], $key_row))) {
if (api_oauth2_grant_tokens_is_timely($token)) {
$rsp_params = array('code' => $token['code']);
if ($state = get_str("state")) {
$rsp_params['state'] = $state;
}
$rsp_params = http_build_query($rsp_params);
$url = $key_row['app_callback'] . "?" . $rsp_params;
function updateAction()
{
if (!$this->is_admin) {
go(core::$config['http_home'] . 'faq/');
}
if (($item = $this->getQa(request_int('id'))) === false) {
go(core::$config['http_home']);
}
$html = '';
$errors = array();
$is_posted = request_int('is_posted');
$jump_to = 'update_qa_title';
if ($is_posted) {
if (!count($errors) && !request_str('title')) {
$errors[] = s('Пожалуйста, укажите вопрос.');
$jump_to = 'update_qa_title';
}
if (!count($errors) && !request_str('group_title')) {
$errors[] = s('Пожалуйста, укажите группу.');
$jump_to = 'insert_qa_group_title';
}
if (!count($errors)) {
$fields = array();
foreach (Core::$config['languages'] as $url => $languages) {
$fields['title_' . $url] = core::$sql->s(request_str('title_' . $url));
$fields['group_title_' . $url] = core::$sql->s(request_str('group_title_' . $url));
$fields['description_' . $url] = core::$sql->s(request_str('description_' . $url));
}
core::$sql->update($fields, DB . 'qa', 'id=' . core::$sql->i($item['id']));
go(core::$config['http_home'] . 'faq/');
}
}
$page = new PageCommon(s('Изменить вопрос'));
$html .= $page->start();
$html .= '<p><a href="./">' . s('Q&A') . '</a> →</p>
<h2>' . s('Изменить вопрос') . '</h2>';
if (count($errors)) {
$html .= '<div class="alert alert-error"><p>' . escape($errors[0]) . '</p></div>';
}
$form = new Form('update_qa', false, 'post');
$html .= '<div class="well">' . $form->start() . $form->addVariable('is_posted', 1) . $form->addVariable('action', 'update');
foreach (Core::$config['languages'] as $url => $language) {
$html .= $form->addString('title_' . $url, s('Вопрос') . ' ' . $language['title'], $is_posted ? request_str('title_' . $url) : $item['title_' . $url], array('class' => 'span7'));
}
foreach (Core::$config['languages'] as $url => $language) {
$html .= $form->addString('group_title_' . $url, s('Группа') . ' ' . $language['title'], $is_posted ? request_str('group_title_' . $url) : $item['group_title_' . $url], array('class' => 'span7'));
}
foreach (Core::$config['languages'] as $url => $language) {
$html .= $form->addString('description_' . $url, s('Ответ') . ' ' . $language['title'], $is_posted ? request_str('description_' . $url) : $item['description_' . $url], array('class' => 'span7', 'style' => 'height:250px;'));
}
$html .= $form->submit(s('Update')) . '</div>';
$html .= '<script> $(document).ready(function() { $("#' . $jump_to . '").focus(); }); </script>';
$html .= $page->stop();
return $html;
}
<?php
#
# $Id$
#
include "include/init.php";
if (!$GLOBALS['cfg']['enable_feature_signin']) {
$smarty->display('page_signin_disabled.txt');
exit;
}
login_ensure_loggedout();
#
# pass through
#
$redir = request_str('redir');
$smarty->assign('redir', $redir);
#
# try and sign in?
#
if (post_str('signin')) {
$email = post_str('email');
$password = post_str('password');
$smarty->assign('email', $email);
$ok = 1;
#
# required fields?
#
if (!strlen($email) || !strlen($password)) {
$smarty->assign('error_missing', 1);
$ok = 0;
}
<?php
include "include/init.php";
features_ensure_enabled("signup");
login_ensure_loggedout();
#
# carry this argument through
#
$smarty->assign('redir', request_str('redir'));
#
# are we signing up?
#
if (post_str('signup')) {
$ok = 1;
$email = post_str('email');
$password = post_str('password');
$username = post_str('username');
$redir = post_str('redir');
$smarty->assign('email', $email);
$smarty->assign('password', $password);
$smarty->assign('username', $username);
$smarty->assign('redir', $redir);
#
# all fields are in order?
#
if (!strlen($email) || !strlen($password) || !strlen($username)) {
$smarty->assign('error_missing', 1);
$ok = 0;
}
#
# email available?
<?php
include "include/init.php";
loadlib("flickr_api");
loadlib("flickr_users");
login_ensure_loggedin($_SERVER['REQUEST_URI']);
$flickr_user = flickr_users_get_by_user_id($GLOBALS['cfg']['user']['id']);
$crumb_key = 'flickr_auth_token';
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
$perms = request_str("perms");
$perms_map = flickr_api_authtoken_perms_map();
$perms_map_str = flickr_api_authtoken_perms_map('string keys');
$GLOBALS['smarty']->assign_by_ref("perms_map", $perms_map);
if (!$perms) {
$perms = 'read';
} elseif (!isset($perms_map_str[$perms])) {
$GLOBALS['error'] = 'invalid_perm';
$GLOBALS['smarty']->display("page_account_flickr_auth.txt");
exit;
} else {
}
if ($flickr_user['auth_token']) {
# Perms are the same; just carry on...
if ($flickr_user['token_perms'] == $perms_map_str[$perms]) {
$redir = get_str("redir");
if (!$redir) {
$redir = $GLOBALS['cfg']['abs_root_url'];
}
header("location: {$redir}");
exit;
}
function crumb_check($key, $ttl = 0, $target = '')
{
$test = request_str('crumb');
return crumb_validate($test, $key, $ttl, $target);
}