function event_hook($event, &$bag, &$eventData, $addData = null)
{
global $serendipity;
$hooks =& $bag->get('event_hooks');
$logout_url = $this->get_config('logout_url');
if (isset($hooks[$event])) {
switch ($event) {
case 'frontend_configure':
if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) {
serendipity_login();
} elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) {
serendipity_logout();
header('Status: 302 Found');
if ($logout_url != "") {
header("Location: {$logout_url}");
} else {
header("Location: {$serendipity['baseURL']}{$serendipity['indexFile']}");
}
exit;
}
return true;
break;
default:
return false;
}
} else {
return false;
}
}
# All rights reserved. See LICENSE file for licensing details
define('IN_installer', true);
define('IN_upgrader', true);
define('IN_serendipity', true);
define('IN_serendipity_admin', true);
include 'serendipity_config.inc.php';
header('Content-Type: text/html; charset=' . LANG_CHARSET);
if (IS_installed === false) {
require_once S9Y_INCLUDE_PATH . 'include/functions.inc.php';
} else {
if (defined('IS_up2date') && IS_up2date === true) {
serendipity_plugin_api::hook_event('backend_configure', $serendipity);
}
}
if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') {
serendipity_logout();
header("Location: " . $serendipity['baseURL']);
} else {
if (IS_installed === true) {
/* Check author token to insure session not hijacked */
if (!isset($_SESSION['author_token']) || !isset($serendipity['COOKIE']['author_token']) || $_SESSION['author_token'] !== $serendipity['COOKIE']['author_token']) {
$_SESSION['serendipityAuthedUser'] = false;
serendipity_session_destroy();
}
if (!serendipity_userLoggedIn()) {
// Try again to log in, this time with enabled external authentication event hook
serendipity_login(true);
}
}
}
// If we are inside an iframe, halt the script
function event_hook($event, &$bag, &$eventData, $addData = null)
{
global $serendipity;
static $login_url = null;
if ($login_url === null) {
$login_url = $serendipity['baseURL'] . $serendipity['indexFile'] . '?/plugin/loginbox';
}
$hooks =& $bag->get('event_hooks');
if (isset($hooks[$event])) {
switch ($event) {
case 'frontend_saveComment':
if (!isset($serendipity['csuccess'])) {
$serendipity['csuccess'] = 'true';
}
if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn() && $addData['source2'] != 'adduser') {
$eventData = array('allow_comments' => false);
$serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
return false;
}
if (serendipity_db_bool($this->get_config('registered_only')) && !$this->inGroup() && $addData['source2'] != 'adduser') {
$eventData = array('allow_comments' => false);
$serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
return false;
}
if (serendipity_db_bool($this->get_config('true_identities')) && !serendipity_userLoggedIn()) {
$user = str_replace(" b", '', $addData['name']);
$user = serendipity_db_escape_string(preg_replace('@\\s+@', ' ', trim($user)));
$user = trim($user);
$authors = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}authors WHERE realname = '" . $user . "'");
if (is_array($authors) && isset($authors[0]['authorid'])) {
$eventData = array('allow_comments' => false);
$serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_CHECK_REASON, $login_url, 'onclick="javascript:loginbox = window.open(this.href, \'loginbox\', \'width=300,height=300,locationbar=no,menubar=no,personalbar=no,statusbar=yes,status=yes,toolbar=no\'); return false;"');
}
}
break;
case 'external_plugin':
if ($eventData != 'loginbox') {
return true;
}
$out = array();
serendipity_plugin_api::hook_event('backend_login_page', $out);
serendipity_smarty_init();
$serendipity['smarty']->assign(array('loginform_add' => $out, 'loginform_url' => $login_url, 'loginform_user' => $_SESSION['serendipityUser'], 'loginform_mail' => $_SESSION['serendipityEmail'], 'close_window' => defined('LOGIN_ACTION'), 'is_logged_in' => serendipity_userLoggedIn(), 'is_error' => defined('LOGIN_ERROR')));
$filename = 'loginbox.tpl';
$tfile = serendipity_getTemplateFile($filename, 'serendipityPath');
if (!$tfile || $tfile == $filename) {
$tfile = dirname(__FILE__) . '/' . $filename;
}
$inclusion = $serendipity['smarty']->security_settings[INCLUDE_ANY];
$serendipity['smarty']->security_settings[INCLUDE_ANY] = true;
$serendipity['smarty']->display($tfile);
break;
case 'frontend_display':
if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn()) {
$serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_ONLY_REASON, $serendipity['baseURL'] . $serendipity['indexFile'] . '?serendipity[subpage]=adduser', $serendipity['baseURL'] . 'serendipity_admin.php');
$eventData['allow_comments'] = false;
}
break;
case 'frontend_configure':
if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) {
serendipity_login();
if (serendipity_userLoggedIn()) {
define('LOGIN_ACTION', 'login');
header('X-s9y-auth: Login');
} else {
define('LOGIN_ERROR', true);
}
} elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) {
serendipity_logout();
if (!serendipity_userLoggedIn()) {
header('X-s9y-auth: Logout');
define('LOGIN_ACTION', 'logout');
}
}
if ((serendipity_db_bool($this->get_config('registered_only')) || serendipity_db_bool($this->get_config('true_identities'))) && $_SESSION['serendipityAuthedUser']) {
if (defined('IN_serendipity_admin') && $serendipity['GET']['adminAction'] == 'doEdit') {
// void
} else {
$serendipity['COOKIE']['name'] = isset($_SESSION['serendipityRealname']) ? $_SESSION['serendipityRealname'] : $_SESSION['serendipityUser'];
$serendipity['COOKIE']['email'] = $_SESSION['serendipityEmail'];
if ($serendipity['POST']['comment']) {
$serendipity['POST']['name'] = $serendipity['COOKIE']['name'];
$serendipity['POST']['email'] = $serendipity['COOKIE']['email'];
}
}
}
return true;
break;
case 'entry_display':
if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation']) || !empty($this->clean_page)) {
if (is_array($eventData)) {
$eventData['clean_page'] = true;
}
}
break;
case 'entries_header':
if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation'])) {
$this->clean_page = true;
$url = $serendipity['baseURL'] . $serendipity['indexFile'];
$hidden['subpage'] = 'adduser';
$username = substr($serendipity['POST']['adduser_user'], 0, 40);
$password = substr($serendipity['POST']['adduser_pass'], 0, 32);
$email = $serendipity['POST']['adduser_email'];
echo '<div id="adduser_form" style="padding-left: 4px; padding-right: 10px"><a id="adduser"></a>';
// Get the config from the sidebar plugin
$pair_config = array('userlevel' => USERLEVEL_EDITOR, 'no_create' => false, 'right_publish' => false, 'instructions' => $this->get_config('instructions', ''), 'usergroups' => array(), 'straight_insert' => false, 'approve' => false, 'use_captcha' => false);
$config = serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}config WHERE name LIKE 'serendipity_plugin_adduser:%'");
if (is_array($config)) {
foreach ($config as $conf) {
$names = explode('/', $conf['name']);
if ($names[1] == 'instructions' && !empty($pair_config['instructions'])) {
continue;
}
if ($names[1] == 'usergroups') {
$ug = (array) explode(',', $conf['value']);
foreach ($ug as $cid) {
if ($cid === false || empty($cid)) {
continue;
}
$pair_config[$names[1]][$cid] = $cid;
}
} else {
$pair_config[$names[1]] = serendipity_get_bool($conf['value']);
}
}
}
if (!serendipity_common_adduser::adduser($username, $password, $email, $pair_config['userlevel'], $pair_config['usergroups'], $pair_config['no_create'], $pair_config['right_publish'], $pair_config['straight_insert'], $pair_config['approve'], $pair_config['use_captcha'])) {
serendipity_common_adduser::loginform($url, $hidden, $pair_config['instructions'], $username, $password, $email, $pair_config['use_captcha']);
}
echo '</div>';
}
return true;
break;
default:
return false;
}
} else {
return false;
}
}
/**
* Administration issues and switch to validation function
**/
function cal_admin_backend()
{
global $serendipity;
/* calendar administration functions write content, but set approved = 0 if not re-edited by validated user */
if (isset($_POST['calendar']['type'])) {
// validate entries and do INSERT or REPLACE db issues
$this->cal_write_entries();
// authenticated, but REPLACE or INSERT error
if (isset($serendipity['eventcal']['isadminid']) === true) {
$isadminid = true;
unset($serendipity['eventcal']['isadminid']);
}
}
/* calendar administration functions - login, logout */
if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') {
serendipity_logout();
$this->smarty_assign_error('msg', CAL_EVENT_USER_LOGGEDOFF);
}
// placeholder superusers old freetable validation
/* calendar administration functions - approve and delete entries in app or single entry view */
if (isset($_POST['calendar']['entries']) && is_array($_POST['calendar']['entries']) || isset($isadminid) === true) {
if (!serendipity_userLoggedIn()) {
$adminpost[ap] = 1;
// set event appform open
$this->smarty_assign_error('err', CAL_EVENT_USER_LOGINFIRST);
} else {
/* authenticated user is logged-in - here we just do reject or approve an event, validate Change Submits or give back values */
/* approve events */
if (isset($_POST['Approve_Selected']) || isset($_POST['Approve_Selected_x']) || isset($_POST['Approve_Selected_y'])) {
if (is_array($_POST['calendar']['entries'])) {
$apid = array();
foreach ($_POST['calendar']['entries'] as $entry => $val) {
$result = $this->mysql_db_result_sets('UPDATE', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "approved=1 WHERE id={$val}");
$apid[] = $val;
$n_id .= $val . ' ';
}
if ($result) {
// need help here - vsprintf does not take this array, even if used as string
// so I used a workaround string $n_id .= $val to assign at end
$this->smarty_assign_error('msg', vsprintf(PLUGIN_EVENTCAL_APPROVE_DONE_BLAHBLAH, $apid) . (count($apid) > 1 ? ' (Updated Multi-IDs: ' . $n_id . ')' : ''));
}
// else return db error
}
}
/* reject events */
if (isset($_POST['Reject_Selected']) || isset($_POST['Reject_Selected_x']) || isset($_POST['Reject_Selected_y'])) {
if (is_array($_POST['calendar']['entries'])) {
$idel = array();
foreach ($_POST['calendar']['entries'] as $entry => $val) {
$result = $this->mysql_db_result_sets('DELETE', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "id={$val}");
$idel[] = $val;
$n_id .= $val . ' ';
}
if ($result) {
// need help here - vsprintf does not take this array, even if used as string - see above
$this->smarty_assign_error('msg', vsprintf(PLUGIN_EVENTCAL_REJECT_DONE_BLAHBLAH, $idel) . (count($idel) > 1 ? ' (Erased Multi-IDs: ' . $n_id . ')' : ''));
}
// else return db error
}
}
/* an authenticated logged-in user tries to change and submit an unapproved event */
if (isset($isadminid) === true && isset($id)) {
/* there was an error changing unapproved entries - get back the original entry */
$event = $this->mysql_db_result_sets('SELECT-KEY', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "id={$id}");
// else return db error
} elseif (isset($_POST['Change_Selected']) || isset($_POST['Change_Selected_x']) || isset($_POST['Change_Selected_y'])) {
// select a specific unapproved event - check if it is a single entry or has checked multiple checkboxes
if (is_array($_POST['calendar']['entries'])) {
$countentries = count($_POST['calendar']['entries']);
if ($countentries == 1) {
foreach ($_POST['calendar']['entries'] as $entry => $val) {
$event = $this->mysql_db_result_sets('SELECT-KEY', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "id={$val}");
// else return db error
}
if (!is_array($event)) {
$adminpost[a] = 0;
}
// if db error close new event date form
} else {
$this->smarty_assign_error('err', CAL_EVENT_CHGSELECTED_ARRAY . ' ' . CAL_EVENT_PLEASECORRECT);
$adminpost[a] = 0;
// close new event date form
$adminpost[ap] = 1;
// open administrate unapproved event form
}
}
}
// assign edit single event entry to smarty add form - do not parse text_pattern_bbc function
if (is_array($event)) {
$adminpost['a'] = 1;
// open form to change single event
$adminpost['ap'] = 0;
// close unapproved event table
$adminpost['id'] = $event['id'];
list($adminpost['syear'], $adminpost['smonth'], $adminpost['sday']) = explode('-', $event['sdato']);
@(list($adminpost['eyear'], $adminpost['emonth'], $adminpost['eday']) = explode('-', $event['edato']));
@(list($adminpost['which'], $adminpost['day']) = explode(':', $event['recur']));
$adminpost['sdesc'] = $event['sdesc'];
$adminpost['ldesc'] = $event['ldesc'];
$adminpost['url'] = $event['url'];
$adminpost['tipo'] = $event['tipo'];
$adminpost['approved'] = $event['approved'];
$adminpost['app_by'] = $event['app_by'];
$adminpost['tstamp'] = $event['tstamp'];
unset($event);
}
}
// serendipity_userLoggedIn() = true end
// isset calendar entries or isadminid end
} elseif (isset($_POST) && !isset($_POST['calendar']['entries'])) {
if ((int) isset($_POST['Approve_Selected_x']) && (int) isset($_POST['Approve_Selected_y']) || (int) isset($_POST['Reject_Selected_x']) && (int) isset($_POST['Reject_Selected_y']) || (int) isset($_POST['Change_Selected_x']) && (int) isset($_POST['Change_Selected_y'])) {
$adminpost[ap] = 1;
if (serendipity_userLoggedIn()) {
$this->smarty_assign_error('msg', CAL_EVENT_CHECKBOXALERT);
} else {
$this->smarty_assign_error('err', CAL_EVENT_CHECKBOXALERT);
}
}
}
// elseif & isset $_POST edit, validate and delete entries end
// do something to get back to the form data
if (isset($adminpost) && is_array($adminpost)) {
$serendipity['eventcal']['adminpost'] = $adminpost;
unset($adminpost);
}
}
