Esempio n. 1
0
function initialize()
{
    require_once "settings.php";
    $settings = $GLOBALS['settings'];
    # we define some preferences, later these could be
    # user specific or stored in a cookie or something
    $prefs = array('perpage' => 1000);
    if (isset($settings['prefs'])) {
        $prefs = array_merge($prefs, $settings['prefs']);
    }
    # if
    # helper functions for passed variables
    $req = new SpotReq();
    $req->initialize();
    # gather the current page
    $GLOBALS['site']['page'] = $req->getDef('page', 'index');
    if (array_search($GLOBALS['site']['page'], array('index', 'catsjson', 'getnzb', 'getspot')) === false) {
        $GLOBALS['site']['page'] = 'index';
    }
    # if
    # and put them in an encompassing site object
    $GLOBALS['site']['req'] = $req;
    $GLOBALS['site']['settings'] = $settings;
    $GLOBALS['site']['prefs'] = $prefs;
    $GLOBALS['site']['pagetitle'] = 'SpotWeb - ';
}
Esempio n. 2
0
 function escape($var, $escapeType)
 {
     if (is_array($var)) {
         foreach ($var as $key => $value) {
             $var[$key] = SpotReq::escape($value, $escapeType);
         }
         return $var;
     } else {
         // and start escaping
         switch ($escapeType) {
             case 'html':
                 return htmlspecialchars($var);
                 break;
             default:
                 die('Unknown escape type: ' . $escapeType);
         }
         # switch
     }
     #else
 }
Esempio n. 3
0
			} # foreach

			$db->addSpot($mappedSpot, $mappedSpot);
		} # while
		$db->commitTransaction();
		
		fclose($fp);
	} 
	catch(Exception $x) {
		die("Error importing data: " . $x->getMessage() . PHP_EOL);
	} # catch
	
	exit;
} # import

$req = new SpotReq();
$req->initialize();

if ($req->getDef('output', '') == 'xml') {
	echo "<xml>";
} # if

try {
	$db = new SpotDb($settings['db']);
	$db->connect();
} 
catch(Exception $x) {
	die("Unable to connect to database: " . $x->getMessage() . PHP_EOL);
} # catch

## Als we forceren om de "already running" check te bypassen, doe dat dan
Esempio n. 4
0
 /**
  * Instantiate an Request object
  *
  * @param Services_Settings_Container $settings
  * @return SpotReq
  */
 private function getSpotReq(Services_Settings_Container $settings)
 {
     $req = new SpotReq();
     $req->initialize($settings);
     return $req;
 }
Esempio n. 5
0
    die("Unable to connect to database: " . $x->getMessage() . PHP_EOL);
}
# catch
# Controleer dat we niet een schema upgrade verwachten
if (!$db->schemaValid()) {
    die("Database schema is gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
}
# if
# Creer het settings object
$settings = SpotSettings::singleton($db, $settings);
# Controleer eerst of de settings versie nog wel geldig zijn
if (!$settings->settingsValid()) {
    die("Globale settings zijn gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
}
# if
$req = new SpotReq();
$req->initialize($settings);
# We willen alleen uitgevoerd worden door een user die dat mag als
# we via de browser aangeroepen worden. Via console halen we altijd
# het admin-account op
$spotUserSystem = new SpotUserSystem($db, $settings);
if (isset($_SERVER['SERVER_PROTOCOL'])) {
    # Vraag de API key op die de gebruiker opgegeven heeft
    $apiKey = $req->getDef('apikey', '');
    $userSession = $spotUserSystem->verifyApi($apiKey);
    if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) {
        die("Access denied");
    }
    # if
} else {
    $userSession['user'] = $db->getUser(SPOTWEB_ADMIN_USERID);
Esempio n. 6
0
    die("Unable to connect to database: " . $x->getMessage() . PHP_EOL);
}
# catch
# Creer het settings object
$settings = SpotSettings::singleton($db, $settings);
# Controleer dat we niet een schema upgrade verwachten
if (!$settings->schemaValid()) {
    die("Database schema has been changed, please run upgrade-db.php" . PHP_EOL);
}
# if
# Controleer eerst of de settings versie nog wel geldig zijn
if (!$settings->settingsValid()) {
    die("Global settings have been changed, please run upgrade-db.php" . PHP_EOL);
}
# if
$req = new SpotReq();
$req->initialize($settings);
# We willen alleen uitgevoerd worden door een user die dat mag als
# we via de browser aangeroepen worden. Via console halen we altijd
# het admin-account op
$spotUserSystem = new SpotUserSystem($db, $settings);
if (!SpotCommandline::isCommandline()) {
    # Vraag de API key op die de gebruiker opgegeven heeft
    $apiKey = $req->getDef('apikey', '');
    $userSession = $spotUserSystem->verifyApi($apiKey);
    if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) {
        die("Access denied");
    }
    # if
    # Add the user's ip addres, we need it for sending notifications
    $userSession['session'] = array('ipaddr' => '');
Esempio n. 7
0
require_once "lib/page/SpotPage_getnzbmobile.php";
require_once "lib/page/SpotPage_getspot.php";
require_once "lib/page/SpotPage_catsjson.php";
require_once "lib/page/SpotPage_erasedls.php";
require_once "lib/page/SpotPage_getimage.php";
require_once "lib/page/SpotPage_getspotmobile.php";
require_once "lib/page/SpotPage_markallasread.php";
require_once "lib/page/SpotPage_getimage.php";
require_once "lib/page/SpotPage_selecttemplate.php";
#- main() -#
try {
    # database object
    $db = new SpotDb($settings['db']);
    $db->connect();
    # helper functions for passed variables
    $req = new SpotReq();
    $req->initialize();
    $page = $req->getDef('page', 'index');
    if (array_search($page, array('index', 'catsjson', 'getnzb', 'getnzbmobile', 'getspotmobile', 'getspot', 'erasedls', 'markallasread', 'getimage', 'selecttemplate')) === false) {
        $page = 'index';
    }
    # if
    switch ($page) {
        case 'getspot':
            $page = new SpotPage_getspot($db, $settings, $settings['prefs'], $req->getDef('messageid', ''));
            $page->render();
            break;
            # getspot
        # getspot
        case 'getnzb':
            $page = new SpotPage_getnzb($db, $settings, $settings['prefs'], array('messageid' => $req->getDef('messageid', ''), 'action' => $req->getDef('action', 'display')));
Esempio n. 8
0
require_once "lib/SpotDb.php";
require_once "lib/SpotReq.php";
require_once "SpotParser.php";
require_once "SpotNntp.php";
require_once "lib/retriever/SpotRetriever_Spots.php";
require_once "lib/retriever/SpotRetriever_Comments.php";
# in safe mode, max execution time cannot be set, warn the user
if (ini_get('safe_mode')) {
    echo "WARNING: PHP safemode is enabled, maximum execution cannot be reset! Turn off safemode if this causes problems\r\n\r\n";
}
# if
if (!isset($settings['retrieve_increment'])) {
    echo "WARNING: Parameter retrieve_increment is missing in settings.php, please add and run again.";
    die;
}
$req = new SpotReq();
$req->initialize();
if ($req->getDef('output', '') == 'xml') {
    echo "<xml>";
}
# if
try {
    $db = new SpotDb($settings['db']);
    $db->connect();
} catch (Exception $x) {
    die("Unable to connect to database: " . $x->getMessage() . "\r\n");
}
# catch
## Als we forceren om de "already running" check te bypassen, doe dat dan
if ($argc > 1 && $argv[1] == '--force') {
    $db->setRetrieverRunning($settings['nntp_hdr']['host'], false);
Esempio n. 9
0
 function setUserId($i)
 {
     self::$_userid = $i;
 }
Esempio n. 10
0
 /*
  * Because users are asked to modify ownsettings.php themselves, it is 
  * possible they create a mistake and accidentally create output from it.
  *
  * This output breaks a lot of stuff like download integration, image generation
  * and more.
  *
  * We try to check if any output has been submitted, and if so, we refuse
  * to continue to prevent all sorts of confusing bug reports
  */
 if (headers_sent() || (int) ob_get_length() > 0) {
     throw new OwnsettingsCreatedOutputException();
 }
 # if
 # helper functions for passed variables
 $req = new SpotReq();
 $req->initialize($settings);
 $page = $req->getDef('page', 'index');
 # Retrieve the users object of the user which is logged on
 SpotTiming::start('auth');
 $spotUserSystem = new SpotUserSystem($db, $settings);
 if ($req->doesExist('apikey')) {
     $currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', ''));
 } else {
     $currentSession = $spotUserSystem->useOrStartSession(false);
 }
 # if
 /*
  * If three is no user object, we don't have a security system
  * either. Without a security system we cannot boot, so fatal
  */
Esempio n. 11
0
	if (!$settings->get('enable_timing')) {
		SpotTiming::disable();
	} # if

	# Controleer eerst of het schema nog wel geldig is
	if (!$db->schemaValid()) {
		die("Database schema is gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
	} # if

	# Controleer eerst of de settings versie nog wel geldig zijn
	if (!$settings->settingsValid()) {
		die("Globale settings zijn gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
	} # if

	# helper functions for passed variables
	$req = new SpotReq();
	$req->initialize($settings);

	$page = $req->getDef('page', 'index');

	# Haal het userobject op dat 'ingelogged' is
	SpotTiming::start('auth');
	$spotUserSystem = new SpotUserSystem($db, $settings);
	if ($req->doesExist('apikey')) {
		$currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', ''));
	} else {
		$currentSession = $spotUserSystem->useOrStartSession();
	} # if

	/* Zonder userobject ook geen security systeem, dus dit is altijd fatal */
	if ($currentSession === false) {
Esempio n. 12
0
} # catch

# Controleer dat we niet een schema upgrade verwachten
if (!$db->schemaValid()) {
	die("Database schema is gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
} # if

# Creer het settings object
$settings = SpotSettings::singleton($db, $settings);

# Controleer eerst of de settings versie nog wel geldig zijn
if (!$settings->settingsValid()) {
	die("Globale settings zijn gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
} # if

$req = new SpotReq();
$req->initialize($settings);

# We willen alleen uitgevoerd worden door een user die dat mag als
# we via de browser aangeroepen worden. Via console halen we altijd
# het admin-account op
$spotUserSystem = new SpotUserSystem($db, $settings);
if (isset($_SERVER['SERVER_PROTOCOL'])) {
	# Vraag de API key op die de gebruiker opgegeven heeft
	$apiKey = $req->getDef('apikey', '');
	
	$userSession = $spotUserSystem->verifyApi($apiKey);

	if (($userSession == false) || (!$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, ''))) { 
		die("Access denied");
	} # if
Esempio n. 13
0
 function generateXsrfCookie($action)
 {
     return SpotReq::generateXsrfCookie($action);
 }
Esempio n. 14
0
 # if
 # Controleer eerst of de settings versie nog wel geldig zijn
 if (!$settings->settingsValid()) {
     die("Globale settings zijn gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
 }
 # if
 # Controleer dat er nergens iets mis staat in de ownsettings.php oid dat output
 # genereerd. Als er output buffering toegepast wordt door PHP dan is deze check niet
 # voldoende. ob_get_length() geeft false terug als er geen outputbuffering actief is,
 # of anders 0 als er nog geen headers verstuurd zijn.
 if (headers_sent() || (int) ob_get_length() > 0) {
     die("ownsettings.php geeft al output, zorg dat je ownsettings.php niet afgesloten is met ?> en dat er niets staat voor de openingstag." . PHP_EOL);
 }
 # if
 # helper functions for passed variables
 $req = new SpotReq();
 $req->initialize($settings);
 $page = $req->getDef('page', 'index');
 # Haal het userobject op dat 'ingelogged' is
 SpotTiming::start('auth');
 $spotUserSystem = new SpotUserSystem($db, $settings);
 if ($req->doesExist('apikey')) {
     $currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', ''));
 } else {
     $currentSession = $spotUserSystem->useOrStartSession();
 }
 # if
 /* Zonder userobject ook geen security systeem, dus dit is altijd fatal */
 if ($currentSession === false) {
     if ($req->doesExist('apikey')) {
         throw new Exception("API Key Incorrect");
Esempio n. 15
0
    function initialize($settings) {
		self::$_merged = array_merge($_POST, $_GET);
		self::$_xsrfsecret = $settings->get('xsrfsecret');
		self::$_settings = $settings;
    }