SELECT g.*, f.id AS forumid FROM {interaction_forum_topic} t INNER JOIN {interaction_instance} f ON t.forum = f.id INNER JOIN {group} g ON f.group = g.id WHERE t.id = ? AND t.deleted = 0 AND g.deleted = 0', array($id)); if (!$group) { generate_feed(error_feed(), error_post(get_string('cantfindtopic', 'interaction.forum', $id))); exit; } $forumid = $group->forumid; $sql = "\n SELECT u.firstname, u.lastname, p.id, p.parent, p.topic, p.subject, p.body, p.ctime\n FROM {interaction_forum_post} p\n INNER JOIN {usr} u ON p.poster = u.id\n WHERE p.deleted = 0\n AND p.topic = ?"; $link = get_config('wwwroot') . 'interaction/forum/topic.php?id=' . $id; $title = implode(' - ', array(get_field('group', 'name', 'id', $group->id), get_field('interaction_instance', 'title', 'id', $forumid), get_field_sql("\n SELECT p.subject\n FROM {interaction_forum_post} p\n WHERE p.topic = ?\n AND p.parent IS NULL", array($id)), get_string('allposts', 'interaction.forum'))); } if (!$group->public) { generate_feed(error_feed(), error_post(get_string('notpublic', 'group'))); exit; } $sql .= "\n ORDER BY p.ctime DESC\n LIMIT ?;"; $selflink = get_config('wwwroot') . 'interaction/forum/atom.php?type=' . $feedtype . '&id=' . $id; $postcount = 20; $postrecords = get_records_sql_array($sql, array($id, $postcount)); $image = get_config('wwwroot') . 'theme/raw/static/images/site-logo.png'; $updated = $postrecords ? atom_date($postrecords[0]->ctime) : ''; $generator = array('uri' => 'https://mahara.org', 'version' => get_config('series'), 'text' => 'Mahara'); $feed = array('title' => $title, 'link' => $link, 'selflink' => $selflink, 'id' => implode(',', array(get_config('wwwroot'), $feedtype, $id)), 'updated' => $updated, 'logo' => $image, 'icon' => get_config('wwwroot') . 'favicon.ico', 'generator' => $generator); $posts = array(); if ($postrecords) { foreach ($postrecords as &$post) { $parent = $post->parent; while (!$post->subject) {
function error_post($message) { return array(0 => array('title' => get_string('accessdenied', 'error'), 'link' => '', 'id' => '', 'description' => $message, 'mtime' => '')); } $artefactid = param_integer('artefact'); $viewid = param_integer('view'); require_once get_config('docroot') . 'artefact/lib.php'; $artefact = artefact_instance_from_id($artefactid); if (!can_view_view($viewid)) { generate_feed(error_feed(), error_post('')); } elseif (!artefact_in_view($artefactid, $viewid)) { generate_feed(error_feed(), error_post(get_string('artefactnotinview', 'error', $artefactid, $viewid))); } elseif (!$artefact->in_view_list()) { generate_feed(error_feed(), error_post(get_string('artefactonlyviewableinview', 'error'))); } elseif ($artefact->get('artefacttype') != 'blog') { generate_feed(error_feed(), error_post(get_string('feedsnotavailable', 'artefact.blog'))); } else { $owner = get_records_sql_array("\n SELECT a.mtime, u.id, u.firstname, u.lastname, u.profileicon\n FROM {usr} u, {artefact} a\n WHERE a.id = ?\n AND a.owner = u.id\n LIMIT 1;", array($artefactid)); if ($owner[0]->profileicon) { $image = get_config('wwwroot') . 'thumb.php?type=profileiconbyid&maxsize=100&id=' . $owner[0]->profileicon; } else { // use the Mahara logo $image = $THEME->get_image_url('site-logo'); } // if the owner has a personal website set, use it as the author URI $personal_site = get_field('artefact', 'title', 'artefacttype', 'personalwebsite', 'owner', $owner[0]->id); $author = array('name' => implode(' ', array($owner[0]->firstname, $owner[0]->lastname)), 'uri' => sanitize_url($personal_site)); $link = get_config('wwwroot') . 'artefact/artefact.php?artefact=' . $artefactid . '&view=' . $viewid; $selflink = get_config('wwwroot') . 'artefact/blog/atom.php?artefact=' . $artefactid . '&view=' . $viewid; $postids = get_records_sql_array("\n SELECT a.id, a.title, a.description, a.mtime\n FROM {artefact} a, {artefact_blog_blogpost} bp\n WHERE a.id = bp.blogpost\n AND a.parent = ?\n AND bp.published = 1\n ORDER BY a.ctime DESC\n LIMIT ?;", array($artefactid, POSTCOUNT)); if ($postids) {
/** * Handle a consumer's request to see if the user is authenticated */ function check_authentication_mode() { // Validate the request if (!isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'check_authentication') { error_400(); } $assoc_handle = @strlen($_REQUEST['openid_assoc_handle']) ? $_REQUEST['openid_assoc_handle'] : error_post('Missing assoc_handle'); $sig = @strlen($_REQUEST['openid_sig']) ? $_REQUEST['openid_sig'] : error_post('Missing sig'); $signed = @strlen($_REQUEST['openid_signed']) ? $_REQUEST['openid_signed'] : error_post('Missing signed'); // Prepare the return keys $keys = array('openid.mode' => 'id_res'); // Invalidate the assoc handle if we need to if (@strlen($_REQUEST['openid_invalidate_handle'])) { destroy_assoc_handle($_REQUEST['openid_invalidate_handle']); $keys['invalidate_handle'] = $_REQUEST['openid_invalidate_handle']; } // Validate the sig by recreating the kv pair and signing $_REQUEST['openid_mode'] = 'id_res'; $tokens = ''; foreach (explode(',', $signed) as $param) { $post = preg_replace('/\\./', '_', $param); $tokens .= sprintf("%s:%s\n", $param, $_REQUEST['openid_' . $post]); } // Add the sreg stuff, if we've got it if (isset($sreg_required)) { foreach (explode(',', $sreg_required) as $key) { if (!isset($sreg[$key])) { continue; } $skey = 'sreg.' . $key; $tokens .= sprintf("%s:%s\n", $skey, $sreg[$key]); $keys[$skey] = $sreg[$key]; $fields[] = $skey; } } // Look up the consumer's shared_secret and timeout list($shared_secret, $expires) = secret($assoc_handle); // if I can't verify the assoc_handle, or if it's expired if ($shared_secret == false || is_numeric($expires) && $expires < time()) { $keys['is_valid'] = 'false'; } else { $ok = base64_encode(hmac($shared_secret, $tokens)); $keys['is_valid'] = $sig == $ok ? 'true' : 'false'; } // Return the keys wrap_kv($keys); }