function event_hook($event, &$bag, &$eventData, $addData = null) { global $serendipity; $hooks =& $bag->get('event_hooks'); $logout_url = $this->get_config('logout_url'); if (isset($hooks[$event])) { switch ($event) { case 'frontend_configure': if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) { serendipity_login(); } elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) { serendipity_logout(); header('Status: 302 Found'); if ($logout_url != "") { header("Location: {$logout_url}"); } else { header("Location: {$serendipity['baseURL']}{$serendipity['indexFile']}"); } exit; } return true; break; default: return false; } } else { return false; } }
# All rights reserved. See LICENSE file for licensing details define('IN_installer', true); define('IN_upgrader', true); define('IN_serendipity', true); define('IN_serendipity_admin', true); include 'serendipity_config.inc.php'; header('Content-Type: text/html; charset=' . LANG_CHARSET); if (IS_installed === false) { require_once S9Y_INCLUDE_PATH . 'include/functions.inc.php'; } else { if (defined('IS_up2date') && IS_up2date === true) { serendipity_plugin_api::hook_event('backend_configure', $serendipity); } } if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') { serendipity_logout(); header("Location: " . $serendipity['baseURL']); } else { if (IS_installed === true) { /* Check author token to insure session not hijacked */ if (!isset($_SESSION['author_token']) || !isset($serendipity['COOKIE']['author_token']) || $_SESSION['author_token'] !== $serendipity['COOKIE']['author_token']) { $_SESSION['serendipityAuthedUser'] = false; serendipity_session_destroy(); } if (!serendipity_userLoggedIn()) { // Try again to log in, this time with enabled external authentication event hook serendipity_login(true); } } } // If we are inside an iframe, halt the script
function event_hook($event, &$bag, &$eventData, $addData = null) { global $serendipity; static $login_url = null; if ($login_url === null) { $login_url = $serendipity['baseURL'] . $serendipity['indexFile'] . '?/plugin/loginbox'; } $hooks =& $bag->get('event_hooks'); if (isset($hooks[$event])) { switch ($event) { case 'frontend_saveComment': if (!isset($serendipity['csuccess'])) { $serendipity['csuccess'] = 'true'; } if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn() && $addData['source2'] != 'adduser') { $eventData = array('allow_comments' => false); $serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON; return false; } if (serendipity_db_bool($this->get_config('registered_only')) && !$this->inGroup() && $addData['source2'] != 'adduser') { $eventData = array('allow_comments' => false); $serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON; return false; } if (serendipity_db_bool($this->get_config('true_identities')) && !serendipity_userLoggedIn()) { $user = str_replace(" b", '', $addData['name']); $user = serendipity_db_escape_string(preg_replace('@\\s+@', ' ', trim($user))); $user = trim($user); $authors = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}authors WHERE realname = '" . $user . "'"); if (is_array($authors) && isset($authors[0]['authorid'])) { $eventData = array('allow_comments' => false); $serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_CHECK_REASON, $login_url, 'onclick="javascript:loginbox = window.open(this.href, \'loginbox\', \'width=300,height=300,locationbar=no,menubar=no,personalbar=no,statusbar=yes,status=yes,toolbar=no\'); return false;"'); } } break; case 'external_plugin': if ($eventData != 'loginbox') { return true; } $out = array(); serendipity_plugin_api::hook_event('backend_login_page', $out); serendipity_smarty_init(); $serendipity['smarty']->assign(array('loginform_add' => $out, 'loginform_url' => $login_url, 'loginform_user' => $_SESSION['serendipityUser'], 'loginform_mail' => $_SESSION['serendipityEmail'], 'close_window' => defined('LOGIN_ACTION'), 'is_logged_in' => serendipity_userLoggedIn(), 'is_error' => defined('LOGIN_ERROR'))); $filename = 'loginbox.tpl'; $tfile = serendipity_getTemplateFile($filename, 'serendipityPath'); if (!$tfile || $tfile == $filename) { $tfile = dirname(__FILE__) . '/' . $filename; } $inclusion = $serendipity['smarty']->security_settings[INCLUDE_ANY]; $serendipity['smarty']->security_settings[INCLUDE_ANY] = true; $serendipity['smarty']->display($tfile); break; case 'frontend_display': if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn()) { $serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_ONLY_REASON, $serendipity['baseURL'] . $serendipity['indexFile'] . '?serendipity[subpage]=adduser', $serendipity['baseURL'] . 'serendipity_admin.php'); $eventData['allow_comments'] = false; } break; case 'frontend_configure': if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) { serendipity_login(); if (serendipity_userLoggedIn()) { define('LOGIN_ACTION', 'login'); header('X-s9y-auth: Login'); } else { define('LOGIN_ERROR', true); } } elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) { serendipity_logout(); if (!serendipity_userLoggedIn()) { header('X-s9y-auth: Logout'); define('LOGIN_ACTION', 'logout'); } } if ((serendipity_db_bool($this->get_config('registered_only')) || serendipity_db_bool($this->get_config('true_identities'))) && $_SESSION['serendipityAuthedUser']) { if (defined('IN_serendipity_admin') && $serendipity['GET']['adminAction'] == 'doEdit') { // void } else { $serendipity['COOKIE']['name'] = isset($_SESSION['serendipityRealname']) ? $_SESSION['serendipityRealname'] : $_SESSION['serendipityUser']; $serendipity['COOKIE']['email'] = $_SESSION['serendipityEmail']; if ($serendipity['POST']['comment']) { $serendipity['POST']['name'] = $serendipity['COOKIE']['name']; $serendipity['POST']['email'] = $serendipity['COOKIE']['email']; } } } return true; break; case 'entry_display': if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation']) || !empty($this->clean_page)) { if (is_array($eventData)) { $eventData['clean_page'] = true; } } break; case 'entries_header': if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation'])) { $this->clean_page = true; $url = $serendipity['baseURL'] . $serendipity['indexFile']; $hidden['subpage'] = 'adduser'; $username = substr($serendipity['POST']['adduser_user'], 0, 40); $password = substr($serendipity['POST']['adduser_pass'], 0, 32); $email = $serendipity['POST']['adduser_email']; echo '<div id="adduser_form" style="padding-left: 4px; padding-right: 10px"><a id="adduser"></a>'; // Get the config from the sidebar plugin $pair_config = array('userlevel' => USERLEVEL_EDITOR, 'no_create' => false, 'right_publish' => false, 'instructions' => $this->get_config('instructions', ''), 'usergroups' => array(), 'straight_insert' => false, 'approve' => false, 'use_captcha' => false); $config = serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}config WHERE name LIKE 'serendipity_plugin_adduser:%'"); if (is_array($config)) { foreach ($config as $conf) { $names = explode('/', $conf['name']); if ($names[1] == 'instructions' && !empty($pair_config['instructions'])) { continue; } if ($names[1] == 'usergroups') { $ug = (array) explode(',', $conf['value']); foreach ($ug as $cid) { if ($cid === false || empty($cid)) { continue; } $pair_config[$names[1]][$cid] = $cid; } } else { $pair_config[$names[1]] = serendipity_get_bool($conf['value']); } } } if (!serendipity_common_adduser::adduser($username, $password, $email, $pair_config['userlevel'], $pair_config['usergroups'], $pair_config['no_create'], $pair_config['right_publish'], $pair_config['straight_insert'], $pair_config['approve'], $pair_config['use_captcha'])) { serendipity_common_adduser::loginform($url, $hidden, $pair_config['instructions'], $username, $password, $email, $pair_config['use_captcha']); } echo '</div>'; } return true; break; default: return false; } } else { return false; } }
/** * Administration issues and switch to validation function **/ function cal_admin_backend() { global $serendipity; /* calendar administration functions write content, but set approved = 0 if not re-edited by validated user */ if (isset($_POST['calendar']['type'])) { // validate entries and do INSERT or REPLACE db issues $this->cal_write_entries(); // authenticated, but REPLACE or INSERT error if (isset($serendipity['eventcal']['isadminid']) === true) { $isadminid = true; unset($serendipity['eventcal']['isadminid']); } } /* calendar administration functions - login, logout */ if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') { serendipity_logout(); $this->smarty_assign_error('msg', CAL_EVENT_USER_LOGGEDOFF); } // placeholder superusers old freetable validation /* calendar administration functions - approve and delete entries in app or single entry view */ if (isset($_POST['calendar']['entries']) && is_array($_POST['calendar']['entries']) || isset($isadminid) === true) { if (!serendipity_userLoggedIn()) { $adminpost[ap] = 1; // set event appform open $this->smarty_assign_error('err', CAL_EVENT_USER_LOGINFIRST); } else { /* authenticated user is logged-in - here we just do reject or approve an event, validate Change Submits or give back values */ /* approve events */ if (isset($_POST['Approve_Selected']) || isset($_POST['Approve_Selected_x']) || isset($_POST['Approve_Selected_y'])) { if (is_array($_POST['calendar']['entries'])) { $apid = array(); foreach ($_POST['calendar']['entries'] as $entry => $val) { $result = $this->mysql_db_result_sets('UPDATE', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "approved=1 WHERE id={$val}"); $apid[] = $val; $n_id .= $val . ' '; } if ($result) { // need help here - vsprintf does not take this array, even if used as string // so I used a workaround string $n_id .= $val to assign at end $this->smarty_assign_error('msg', vsprintf(PLUGIN_EVENTCAL_APPROVE_DONE_BLAHBLAH, $apid) . (count($apid) > 1 ? ' (Updated Multi-IDs: ' . $n_id . ')' : '')); } // else return db error } } /* reject events */ if (isset($_POST['Reject_Selected']) || isset($_POST['Reject_Selected_x']) || isset($_POST['Reject_Selected_y'])) { if (is_array($_POST['calendar']['entries'])) { $idel = array(); foreach ($_POST['calendar']['entries'] as $entry => $val) { $result = $this->mysql_db_result_sets('DELETE', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "id={$val}"); $idel[] = $val; $n_id .= $val . ' '; } if ($result) { // need help here - vsprintf does not take this array, even if used as string - see above $this->smarty_assign_error('msg', vsprintf(PLUGIN_EVENTCAL_REJECT_DONE_BLAHBLAH, $idel) . (count($idel) > 1 ? ' (Erased Multi-IDs: ' . $n_id . ')' : '')); } // else return db error } } /* an authenticated logged-in user tries to change and submit an unapproved event */ if (isset($isadminid) === true && isset($id)) { /* there was an error changing unapproved entries - get back the original entry */ $event = $this->mysql_db_result_sets('SELECT-KEY', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "id={$id}"); // else return db error } elseif (isset($_POST['Change_Selected']) || isset($_POST['Change_Selected_x']) || isset($_POST['Change_Selected_y'])) { // select a specific unapproved event - check if it is a single entry or has checked multiple checkboxes if (is_array($_POST['calendar']['entries'])) { $countentries = count($_POST['calendar']['entries']); if ($countentries == 1) { foreach ($_POST['calendar']['entries'] as $entry => $val) { $event = $this->mysql_db_result_sets('SELECT-KEY', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "id={$val}"); // else return db error } if (!is_array($event)) { $adminpost[a] = 0; } // if db error close new event date form } else { $this->smarty_assign_error('err', CAL_EVENT_CHGSELECTED_ARRAY . ' ' . CAL_EVENT_PLEASECORRECT); $adminpost[a] = 0; // close new event date form $adminpost[ap] = 1; // open administrate unapproved event form } } } // assign edit single event entry to smarty add form - do not parse text_pattern_bbc function if (is_array($event)) { $adminpost['a'] = 1; // open form to change single event $adminpost['ap'] = 0; // close unapproved event table $adminpost['id'] = $event['id']; list($adminpost['syear'], $adminpost['smonth'], $adminpost['sday']) = explode('-', $event['sdato']); @(list($adminpost['eyear'], $adminpost['emonth'], $adminpost['eday']) = explode('-', $event['edato'])); @(list($adminpost['which'], $adminpost['day']) = explode(':', $event['recur'])); $adminpost['sdesc'] = $event['sdesc']; $adminpost['ldesc'] = $event['ldesc']; $adminpost['url'] = $event['url']; $adminpost['tipo'] = $event['tipo']; $adminpost['approved'] = $event['approved']; $adminpost['app_by'] = $event['app_by']; $adminpost['tstamp'] = $event['tstamp']; unset($event); } } // serendipity_userLoggedIn() = true end // isset calendar entries or isadminid end } elseif (isset($_POST) && !isset($_POST['calendar']['entries'])) { if ((int) isset($_POST['Approve_Selected_x']) && (int) isset($_POST['Approve_Selected_y']) || (int) isset($_POST['Reject_Selected_x']) && (int) isset($_POST['Reject_Selected_y']) || (int) isset($_POST['Change_Selected_x']) && (int) isset($_POST['Change_Selected_y'])) { $adminpost[ap] = 1; if (serendipity_userLoggedIn()) { $this->smarty_assign_error('msg', CAL_EVENT_CHECKBOXALERT); } else { $this->smarty_assign_error('err', CAL_EVENT_CHECKBOXALERT); } } } // elseif & isset $_POST edit, validate and delete entries end // do something to get back to the form data if (isset($adminpost) && is_array($adminpost)) { $serendipity['eventcal']['adminpost'] = $adminpost; unset($adminpost); } }