/** @var $signedIn bool */
if (!POST_REQUEST) {
CoreUtils::notFound();
}
if (preg_match(new RegExp('^reload-(request|reservation)/(\\d+)$'), $data, $_match)) {
$thing = $_match[1];
$Post = $Database->where('id', $_match[2])->getOne("{$thing}s");
if (empty($Post)) {
Response::fail("The specified {$thing} does not exist");
}
Response::done(array('li' => Posts::getLi($Post, isset($_POST['FROM_PROFILE']), true)));
}
if (!$signedIn) {
Response::fail();
}
CSRFProtection::protect();
$_match = array();
if (preg_match(new RegExp('^([gs]et)-(request|reservation)/(\\d+)$'), $data, $_match)) {
$thing = $_match[2];
/** @var $Post Request|Reservation */
$Post = $Database->where('id', $_match[3])->getOne("{$thing}s");
if (empty($Post)) {
Response::fail("The specified {$thing} does not exist");
}
if (!(Permission::sufficient('staff') || $thing === 'request' && empty($Post->reserved_by) && $Post->requested_by === $currentUser->id)) {
Response::fail();
}
if ($_match[1] === 'get') {
$response = array('label' => $Post->label);
if ($thing === 'request') {
$response['type'] = $Post->type;
/**
* Page loading function
* ---------------------
* $options = array(
* 'title' => string, - Page title
* 'no-robots', - Disable crawlers (that respect meta tags)
* 'no-default-css', - Disable loading of default CSS files
* 'no-default-js' - Disable loading of default JS files
* 'css' => string|array, - Specify a single/multiple CSS files to load
* 'js' => string|array, - Specify a single/multiple JS files to load
* 'view' => string, - Which view file to open (defaults to $do)
* 'do-css', - Load the CSS file whose name matches $do
* 'do-js', - Load the JS file whose name matches $do
* 'url' => string, - A URL which will replace the one sent to the browser
* );
*
* @param array $options
*/
static function loadPage($options)
{
// Page <title>
if (isset($options['title'])) {
$GLOBALS['title'] = $options['title'];
}
// Page heading
if (isset($options['heading'])) {
$GLOBALS['heading'] = $options['heading'];
}
// SE crawling disable
if (in_array('no-robots', $options)) {
$norobots = true;
}
// Set new URL option
if (!empty($options['url'])) {
$redirectto = $options['url'];
}
# CSS
$DEFAULT_CSS = array('theme');
$customCSS = array();
// Only add defaults when needed
if (array_search('no-default-css', $options) === false) {
$customCSS = array_merge($customCSS, $DEFAULT_CSS);
}
# JavaScript
$DEFAULT_JS = array('moment', 'global', 'dialog');
$customJS = array();
// Only add defaults when needed
if (array_search('no-default-js', $options) === false) {
$customJS = array_merge($customJS, $DEFAULT_JS);
}
# Check assests
self::_checkAssets($options, $customCSS, 'scss/min', 'css');
self::_checkAssets($options, $customJS, 'js/min', 'js');
# Import global variables
foreach ($GLOBALS as $k => $v) {
if (!isset(${$k})) {
${$k} = $v;
}
}
# Putting it together
$view = empty($options['view']) ? $GLOBALS['do'] : $options['view'];
$viewPath = INCPATH . "views/{$view}.php";
header('Content-Type: text/html; charset=utf-8;');
if (empty($_GET['via-js'])) {
ob_start();
require INCPATH . 'views/header.php';
require $viewPath;
require INCPATH . 'views/footer.php';
$content = ob_get_clean();
echo self::_clearIndentation($content);
die;
} else {
$_SERVER['REQUEST_URI'] = rtrim(str_replace('via-js=true', '', CSRFProtection::removeParamFromURL($_SERVER['REQUEST_URI'])), '?&');
ob_start();
require INCPATH . 'views/sidebar.php';
$sidebar = ob_get_clean();
ob_start();
require $viewPath;
$content = ob_get_clean();
Response::done(array('css' => $customCSS, 'js' => $customJS, 'title' => (isset($GLOBALS['title']) ? $GLOBALS['title'] . ' - ' : '') . SITE_TITLE, 'content' => self::_clearIndentation($content), 'sidebar' => self::_clearIndentation($sidebar), 'footer' => CoreUtils::getFooter(WITH_GIT_INFO), 'avatar' => $GLOBALS['signedIn'] ? $GLOBALS['currentUser']->avatar_url : GUEST_AVATAR, 'responseURL' => $_SERVER['REQUEST_URI'], 'signedIn' => $GLOBALS['signedIn']));
}
}
/**
* Check authentication cookie and set global
*/
static function authenticate()
{
global $Database, $signedIn, $currentUser, $Color, $color;
CSRFProtection::detect();
if (!POST_REQUEST && isset($_GET['CSRF_TOKEN'])) {
HTTP::redirect(CSRFProtection::removeParamFromURL($_SERVER['REQUEST_URI']));
}
if (!Cookie::exists('access')) {
return;
}
$authKey = Cookie::get('access');
if (!empty($authKey)) {
if (!preg_match(new RegExp('^[a-f\\d]+$', 'iu'), $authKey)) {
$oldAuthKey = $authKey;
$authKey = bin2hex($authKey);
$Database->where('token', sha1($oldAuthKey))->update('sessions', array('token' => sha1($authKey)));
Cookie::set('access', $authKey, time() + Time::$IN_SECONDS['year'], Cookie::HTTPONLY);
}
$currentUser = Users::get(sha1($authKey), 'token');
}
if (!empty($currentUser)) {
if ($currentUser->role === 'ban') {
$Database->where('id', $currentUser->id)->delete('sessions');
} else {
if (strtotime($currentUser->Session['expires']) < time()) {
$tokenvalid = false;
try {
DeviantArt::getToken($currentUser->Session['refresh'], 'refresh_token');
$tokenvalid = true;
} catch (CURLRequestException $e) {
$Database->where('id', $currentUser->Session['id'])->delete('sessions');
trigger_error("Session refresh failed for {$currentUser->name} ({$currentUser->id}) | {$e->getMessage()} (HTTP {$e->getCode()})", E_USER_WARNING);
}
} else {
$tokenvalid = true;
}
if ($tokenvalid) {
$signedIn = true;
if (time() - strtotime($currentUser->Session['lastvisit']) > Time::$IN_SECONDS['minute']) {
$lastVisitTS = date('c');
if ($Database->where('id', $currentUser->Session['id'])->update('sessions', array('lastvisit' => $lastVisitTS))) {
$currentUser->Session['lastvisit'] = $lastVisitTS;
}
}
$_PrefersColour = array('Pirill-Poveniy' => true, 'itv-canterlot' => true);
if (isset($_PrefersColour[$currentUser->name])) {
$Color = 'Colour';
$color = 'colour';
}
}
}
} else {
Cookie::delete('access', Cookie::HTTPONLY);
}
}
