/** display the content of the mailpage linked to node $node_id
*
* @param object &$theme collects the (html) output
* @param int $area_id identifies the area where $node_id lives
* @param int $node_id the node to which this module is connected
* @param array $module the module record straight from the database
* @return bool TRUE on success + output via $theme, FALSE otherwise
*/
function mailpage_view(&$theme, $area_id, $node_id, $module)
{
//
// 0 -- basic sanity checks
//
if (($config = mailpage_view_get_config($node_id)) === FALSE) {
$theme->add_message(t('error_retrieving_config', 'm_mailpage'));
return FALSE;
} elseif (sizeof($config['addresses']) <= 0) {
logger(sprintf('%s(): no addresses at node %d: is mailpage unconfigured?', __FUNCTION__, $node_id));
$msg = t('error_retrieving_addresses', 'm_mailpage', array('{NODE}' => strval($node_id)));
$theme->add_message($msg);
$theme->add_content($msg);
return FALSE;
}
//
// 1 -- do we have a token already?
//
$t0 = $t1 = 0;
$ip_addr = '';
$data = FALSE;
$token_id = FALSE;
if (isset($_POST['token'])) {
// lookup valid UTF8 key (or fail with substitute U+FFFD instead)
$token_key = utf8_validate($_POST['token']) ? magic_unquote($_POST['token']) : "�";
$token_id = token_lookup(MAILPAGE_REFERENCE, $token_key, $t0, $t1, $ip_addr, $data);
}
//
// 2 -- handle cases of expired tokens and Cancel first
//
$now = time();
if ($token_id !== FALSE && isset($_POST['button_cancel'])) {
// visitor pressed [Cancel]
$theme->add_message(t('cancelled', 'admin'));
token_destroy($token_id);
$token_id = FALSE;
}
if ($token_id !== FALSE && $t1 < $now) {
// token expired
$theme->add_message(t('error_token_expired', 'm_mailpage'));
token_destroy($token_id);
$token_id = FALSE;
}
//
// 3 -- handle the three remaining buttons from the two dialogs
//
if ($token_id !== FALSE) {
if (isset($_POST['button_preview'])) {
//
// 3A -- Preview button
//
$dialogdef = mailpage_view_get_dialogdef($config, $token_key);
if (!mailpage_view_dialog_validate($dialogdef)) {
foreach ($dialogdef as $k => $item) {
if (isset($item['errors']) && $item['errors'] > 0) {
$theme->add_message($item['error_messages']);
}
}
mailpage_show_form($theme, $config, $dialogdef);
} else {
if (!token_store($token_id, $dialogdef)) {
$theme->add_message(t('error_storing_data', 'm_mailpage'));
logger(sprintf('%s(): token store error in page %d: %s', __FUNCTION__, $node_id, db_errormessage()));
return FALSE;
}
mailpage_show_preview($theme, $config, $dialogdef, $ip_addr);
}
} elseif (isset($_POST['button_edit'])) {
//
// 3B -- Edit button
//
if ($data === FALSE) {
$theme->add_message(t('error_retrieving_data', 'm_mailpage'));
logger(sprintf('%s(): no data after token_lookup()? (page=%d)', __FUNCTION__, $node_id));
$data = mailpage_view_get_dialogdef($config, $token_key);
}
mailpage_show_form($theme, $config, $data);
} elseif (isset($_POST['button_send'])) {
//
// 3C -- Send button
//
if ($data === FALSE) {
$theme->add_message(t('error_retrieving_data', 'm_mailpage'));
logger(sprintf('%s(): no data after token_lookup()? (page=%d)', __FUNCTION__, $node_id));
$data = mailpage_view_get_dialogdef($config, $token_key);
}
if ($now < $t0) {
// the window of opportunity is still closed; go back to form a la Edit
$msg = t('error_too_fast', 'm_mailpage');
$theme->add_message($msg);
$theme->add_popup_top($msg);
mailpage_show_form($theme, $config, $data);
logger(sprintf('%s(): reply too fast (%ds) from %s', __FUNCTION__, $t0 - $now, $ip_addr));
} elseif (!mailpage_send_message($config, $data, $ip_addr, $now - $t0)) {
$theme->add_message(t('error_sending_message'));
mailpage_show_form($theme, $config, $data);
} else {
token_destroy($token_id);
mailpage_show_thankyou($theme, $config, $data, $ip_addr);
}
} else {
//
// 3D -- catch all: initiate a new round (shouldn't happen)
//
token_destroy($token_id);
$token_id = FALSE;
}
}
//
// 4 -- Start with a clean slate
//
if ($token_id === FALSE) {
$token_key = '';
if (($token_id = token_create(MAILPAGE_REFERENCE, $token_key, 20)) === FALSE) {
// 20s delay
$msg = t('error_creating_token', 'm_mailpage', array('{NODE}' => strval($node_id)));
$theme->add_message($msg);
$theme->add_content($msg);
return FALSE;
}
$dialogdef = mailpage_view_get_dialogdef($config, $token_key);
mailpage_show_form($theme, $config, $dialogdef);
}
return TRUE;
}
/**
* Create or update a token's value and expiration
* @param integer Token type
* @param string Token value
* @param integer Token expiration in seconds
* @param integer User ID
* @return integer Token ID
*/
function token_set($p_type, $p_value, $p_expiry = TOKEN_EXPIRY, $p_user_id = null)
{
$t_token = token_get($p_type, $p_user_id);
if ($t_token === null) {
return token_create($p_type, $p_value, $p_expiry, $p_user_id);
}
token_update($t_token['id'], $p_value, $p_expiry);
return $t_token['id'];
}
function admin_delete_directory()
{
//パラメータ検証
if (!isset($_GET['path']) or !preg_match('/' . PATH_CHARACTER . '/', $_GET['path']) or preg_match('/\\.\\.\\//', $_GET['path'])) {
$_GET['path'] = null;
}
if (!isset($_GET['name']) or !preg_match('/' . PATH_CHARACTER . '/', $_GET['name']) or preg_match('/\\.\\.\\//', $_GET['name'])) {
$_GET['name'] = null;
}
if (isset($_POST['exec']) and $_POST['exec'] == 'delete_directory') {
//ワンタイムトークン比較
if (!token_check()) {
error('不正なアクセスです。');
}
//入力データ検証
if ($_POST['path'] != '' and !preg_match('/' . PATH_CHARACTER . '/', $_POST['path'])) {
error('パスは半角英数字で入力してください。');
} elseif (preg_match('/\\.\\.\\//', $_GET['path'])) {
error('パスの入力内容が不正です。');
}
if ($_POST['name'] == '') {
error('ディレクトリ名が入力されていません。');
} elseif (!preg_match('/' . PATH_CHARACTER . '/', $_POST['name'])) {
error('ディレクトリ名は半角英数字で入力してください。');
} elseif (preg_match('/\\.\\.\\//', $_GET['name'])) {
error('ディレクトリ名の入力内容が不正です。');
} elseif (mb_strlen($_POST['name'], 'UTF-8') > 255) {
error('ディレクトリ名は255文字以内で入力してください。');
}
//ディレクトリ削除
if (!remove_dir(TARGET_DIR . $_POST['path'] . $_POST['name'])) {
error('ディレクトリ ' . TARGET_DIR . $_POST['path'] . $_POST['name'] . ' を削除できません。');
}
//リダイレクト
header('Location: ' . HTTP_URL . MAIN_FILE . '?exec=' . $_POST['exec'] . '&path=' . str_replace('%2F', '/', urlencode($_POST['path'])));
exit;
}
//ワンタイムトークン作成
$token = token_create();
//データ表示
print_header(CSS_FILE);
echo "<div id=\"menu\">\n";
echo "<h2>MCMN Server メニュー</h2>\n";
echo "<ul>\n";
echo "<li><a href=\"" . HTTP_URL . MAIN_FILE . "\">戻る</a></li>\n";
echo "</ul>\n";
echo "</div>\n";
echo "<h2>ディレクトリ削除</h2>\n";
echo "<ul>\n";
echo "<li>ディレクトリ <code>" . TARGET_DIR . $_GET['path'] . $_GET['name'] . "</code> を削除します。</li>\n";
echo "</ul>\n";
echo "<form action=\"" . HTTP_URL . MAIN_FILE . "?mode=delete_directory&path=" . urlencode($_GET['path']) . "&name=" . urlencode($_GET['name']) . "\" method=\"post\">\n";
echo "<fieldset>\n";
echo "<legend>ディレクトリ削除フォーム</legend>\n";
echo "<input type=\"hidden\" name=\"token\" value=\"" . $token . "\" />\n";
echo "<input type=\"hidden\" name=\"exec\" value=\"delete_directory\" />\n";
echo "<input type=\"hidden\" name=\"path\" value=\"" . $_GET['path'] . "\" />\n";
echo "<input type=\"hidden\" name=\"name\" value=\"" . $_GET['name'] . "\" />\n";
echo "<p><input type=\"submit\" value=\"削除する\" /></p>\n";
echo "</fieldset>\n";
echo "</form>\n";
print_footer();
return;
}
