function LookupToken($email) { $sql = <<<EOT SELECT token,created,data FROM token WHERE scope='login' AND encode( data, 'escape' ) ilike ? ORDER BY created DESC EOT; $q = db_query($sql, '%' . $email . '%'); $cnt = db_num_rows($q); if ($cnt == 0) { print "<p>No tokens found for <code>{$email}</code> (maybe they used a different email address?)</p>\n"; } else { print "<p>Found {$cnt} tokens for <code>{$email}</code> (most recent first)</p>\n"; print "<table border=1>\n"; print "<tr><th>when issued</th><th>email</th><th>confirmation link</th><th>stashed url</th></tr>\n"; while ($r = db_fetch_array($q)) { $t = strtotime($r['created']); $issued = strftime('%R %a %e %B %Y', $t); $token = $r['token']; $confirmation_url = OPTION_BASE_URL . "/login?t={$token}"; $stashed_url = '????'; $email = '????'; $pos = 0; $res = rabx_wire_rd(&$r['data'], &$pos); if (!rabx_is_error($res)) { $email = $res['email']; $stashed_url = db_getOne("SELECT url FROM requeststash WHERE key=?", $res['stash']); if (!$stashed_url) { $stashed_url = '-none- (which probably means they clicked the link)'; } } ?> <tr> <td><?php echo $issued; ?> </td> <td><code><?php echo $email; ?> </code></td> <td><code><?php echo $confirmation_url; ?> </code></td> <td><code><?php echo $stashed_url; ?> </code></td> </tr> <?php } print "</table>\n"; } }
function auth_token_retrieve($scope, $token) { $data = db_getOne(' select data from token where scope = ? and token = ?', array($scope, $token)); /* Madness. We have to unescape this, because the PEAR DB library isn't * smart enough to spot BYTEA columns and do it for us. */ $data = pg_unescape_bytea($data); $pos = 0; $res = rabx_wire_rd(&$data, &$pos); if (rabx_is_error($res)) { $res = unserialize($data); if (is_null($res)) { err("Data for scope '{$scope}', token '{$token}' are not valid"); } } return $res; }
function stash_check_for_post_redirect() { /* Are we doing a POST redirect? */ $key = get_http_var('stashpost'); if (!$key) { return; } global $stash_in_stashpost; $stash_in_stashpost = true; /* Extract the post data */ list($method, $url, $post_data) = db_getRow_list('select method, url, post_data from requeststash where key = ?', $key); if (is_null($method)) { err(_("If you got the email more than a year ago, then your request has probably expired. Please try doing what you were doing from the beginning."), E_USER_NOTICE); } /* Postgres/PEAR DB BYTEA madness -- see comment in auth.php. */ $post_data = pg_unescape_bytea($post_data); $pos = 0; $stashed_POST = rabx_wire_rd(&$post_data, &$pos); if (rabx_is_error($stashed_POST)) { err("Bad serialised POST data in stash_check_for_post_redirect('{$key}')"); } /* Fix $_POST to make this look like one */ $_POST = $stashed_POST; # print_r($stashed_POST); }
function rabx_unserialise(&$x) { $offset = 0; $r = rabx_wire_rd($x, $offset); /* XXX hack! serialize/unserialize probably aren't safe, so we shouldn't * use them; but for compatibility during transition, try calling * unserialize on any data which don't parse properly here. But we should * remove this as soon as there are no old serialize-format data sitting * in tables. */ if (rabx_is_error($r) && ($r2 = unserialize($x))) { return $r2; } else { return $r; } }