function get_output_file($instance_name, $file_num, $auth_str) { $result = BoincResult::lookup_name(BoincDb::escape_string($instance_name)); if (!$result) { die("no job instance {$instance_name}"); } $workunit = BoincWorkunit::lookup_id($result->workunitid); if (!$workunit) { die("no job {$result->workunitid}"); } $batch = BoincBatch::lookup_id($workunit->batch); if (!$batch) { die("no batch {$workunit->batch}"); } $user = BoincUser::lookup_id($batch->user_id); if (!$user) { die("no user {$batch->user_id}"); } $x = md5($user->authenticator . $result->name); if ($x != $auth_str) { die("bad auth str"); } $names = get_outfile_names($result); if ($file_num >= count($names)) { die("bad file num: {$file_num} > " . count($names)); } $name = $names[$file_num]; $fanout = parse_config(get_config(), "<uldl_dir_fanout>"); $upload_dir = parse_config(get_config(), "<upload_dir>"); $path = dir_hier_path($name, $upload_dir, $fanout); if (!is_file($path)) { die("no such file {$path}"); } do_download($path); }
function search_action() { $where = "true"; $search_string = get_str('search_string'); if (strlen($search_string)) { if (strlen($search_string) < 3) { error_page(tra("search string must be at least 3 characters")); } $s = BoincDb::escape_string($search_string); $s = escape_pattern($s); $where .= " and name like '{$s}%'"; } $country = get_str('country'); if ($country != 'any') { $s = BoincDb::escape_string($country); $where .= " and country='{$s}'"; } $t = get_str('team'); if ($t == 'yes') { $where .= " and teamid<>0"; } else { if ($t == 'no') { $where .= " and teamid=0"; } } $t = get_str('profile'); if ($t == 'yes') { $where .= " and has_profile<>0"; } else { if ($t == 'no') { $where .= " and has_profile=0"; } } $search_type = get_str('search_type', true); $order_clause = "id desc"; if ($search_type == 'rac') { $order_clause = "expavg_credit desc"; } else { if ($search_type == 'total') { $order_clause = "total_credit desc"; } } $fields = "id, create_time, name, country, total_credit, expavg_credit, teamid, url, has_profile, donated"; $users = BoincUser::enum_fields($fields, $where, "order by {$order_clause} limit 100"); page_head(tra("User search results")); $n = 0; foreach ($users as $user) { if ($n == 0) { start_table(); table_header(tra("Name"), tra("Team"), tra("Average credit"), tra("Total credit"), tra("Country"), tra("Joined")); } show_user($user); $n++; } end_table(); if (!$n) { echo tra("No users match your search criteria."); } page_tail(); }
function add_app() { $name = BoincDb::escape_string(post_str('add_name')); $user_friendly_name = BoincDb::escape_string(post_str('add_user_friendly_name')); if (empty($name) || empty($user_friendly_name)) { admin_error_page("To add a new application please supply both a brief name and a longer 'user-friendly' name.</font></p>"); } $now = time(); $id = BoincApp::insert("(name,user_friendly_name,create_time) VALUES ('{$name}', '{$user_friendly_name}', {$now})"); if (!$id) { admin_error_page("insert failed"); } echo "Application added.\n <p>\n You must restart the project for this to take effect.\n "; }
function search_post_content($keyword_list, $forum, $user, $time, $limit, $sort_style, $show_hidden) { $db = BoincDb::get(); $search_string = "%"; foreach ($keyword_list as $key => $word) { $search_string .= BoincDb::escape_string($word) . "%"; } $optional_join = ""; // if looking in a single forum, need to join w/ thread table // because that's where the link to forum is // if ($forum) { $optional_join = " LEFT JOIN " . $db->db_name . ".thread ON post.thread = thread.id"; } $query = "select post.* from " . $db->db_name . ".post" . $optional_join . " where content like '" . $search_string . "'"; if ($forum) { $query .= " and forum = {$forum->id}"; } if ($user) { $query .= " and post.user = {$user->id} "; } if ($time) { $query .= " and post.timestamp > {$time}"; } if (!$show_hidden) { $query .= " AND post.hidden = 0"; } switch ($sort_style) { case VIEWS_MOST: $query .= ' ORDER BY views DESC'; break; case CREATE_TIME_NEW: $query .= ' ORDER by post.timestamp desc'; break; case CREATE_TIME_OLD: $query .= ' ORDER by post.timestamp asc'; break; case POST_SCORE: $query .= ' ORDER by post.score desc'; break; default: $query .= ' ORDER BY post.timestamp DESC'; break; } $query .= " limit {$limit}"; return BoincPost::enum_general($query); }
function add_admin($team) { $email_addr = get_str('email_addr'); $email_addr = BoincDb::escape_string($email_addr); $user = BoincUser::lookup("email_addr='{$email_addr}'"); if (!$user) { error_page(tra("no such user")); } if ($user->teamid != $team->id) { error_page(tra("User is not member of team")); } if (is_team_admin($user, $team)) { error_page(tra("%1 is already an admin of %2", $email_addr, $team->name)); } $now = time(); $ret = BoincTeamAdmin::insert("(teamid, userid, create_time) values ({$team->id}, {$user->id}, {$now})"); if (!$ret) { error_page(tra("Couldn't add admin")); } }
error_page("no such team"); } require_admin($user, $team); $team_url = BoincDb::escape_string(strip_tags(post_str("url", true))); $x = strstr($team_url, "http://"); if ($x) { $team_url = substr($team_url, 7); } $team_name = BoincDb::escape_string(strip_tags(post_str("name"))); $team_name_lc = strtolower($team_name); $tnh = post_str("name_html", true); $team_name_html = sanitize_html($tnh); $team_name_html = BoincDb::escape_string($team_name_html); $team_description = BoincDb::escape_string(post_str("description", true)); $type = BoincDb::escape_string(post_str("type", true)); $country = BoincDb::escape_string(post_str("country", true)); if ($country == "") { $country = "International"; } if (!is_valid_country($country)) { error_page("bad country"); } $joinable = post_str('joinable', true) ? 1 : 0; $t = BoincTeam::lookup("name='{$team_name}'"); if ($t && $t->id != $teamid) { error_page("The name '{$team_name}' is being used by another team."); } if (strlen($team_name) == 0) { error_page("Must specify team name"); } // Should be caught up with the post_str("name"),
if ($existing) { echo tra("There's already an account with that email address"); } else { $passwd_hash = md5($passwd . $user->email_addr); // deal with the case where user hasn't set passwd // (i.e. passwd is account key) // if ($passwd_hash != $user->passwd_hash) { $passwd = $user->authenticator; $passwd_hash = md5($passwd . $user->email_addr); } if ($passwd_hash != $user->passwd_hash) { echo tra("Invalid password."); } else { $passwd_hash = md5($passwd . $email_addr); $email_addr = BoincDb::escape_string($email_addr); $result = $user->update("email_addr='{$email_addr}', passwd_hash='{$passwd_hash}', email_validated=0"); if ($result) { echo tra("The email address of your account is now %1.", $email_addr); if (defined("SHOW_NONVALIDATED_EMAIL_ADDR")) { echo "<p>" . tra("Please %1validate this email address%2.", "<a href=validate_email_addr.php>", "</a>") . "\n"; } } else { echo tra("We can't update your email address due to a database problem. Please try again later."); } } } } } } page_tail();
function update_badge() { $id = post_int("id"); $badge = BoincBadge::lookup_id($id); if (!$badge) { admin_error_page("no such badge"); } $name = BoincDb::escape_string(post_str("name")); $type = post_int("type"); $title = BoincDb::escape_string(post_str("title")); $description = BoincDb::escape_string(post_str("description")); $image_url = BoincDb::escape_string(post_str("image_url")); $level = BoincDb::escape_string(post_str("level")); $tags = BoincDb::escape_string(post_str("tags")); $sql_rule = BoincDb::escape_string(post_str("sql_rule")); $retval = $badge->update("name='{$name}', type={$type}, title='{$title}', description='{$description}', image_url='{$image_url}', level='{$level}', tags='{$tags}', sql_rule='{$sql_rule}'"); if (!$retval) { admin_error_page("update failed"); } }
function process_create_profile($user, $profile) { global $config; $response1 = post_str('response1', true); $response2 = post_str('response2', true); $language = post_str('language', true); $privatekey = parse_config($config, "<recaptcha_private_key>"); if ($privatekey) { $recaptcha = new ReCaptcha($privatekey); $resp = $recaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]); if (!$resp->success) { $profile->response1 = $response1; $profile->response2 = $response2; show_profile_form($profile, tra("Your ReCaptcha response was not correct. Please try again.")); return; } } if (!akismet_check($user, $response1)) { $profile->response1 = $response1; $profile->response2 = $response2; show_profile_form($profile, tra("Your first response was flagged as spam by the Akismet anti-spam system. Please modify your text and try again.")); return; } if (!akismet_check($user, $response2)) { $profile->response1 = $response1; $profile->response2 = $response2; show_profile_form($profile, tra("Your second response was flagged as spam by the Akismet anti-spam system. Please modify your text and try again.")); return; } if (isset($_POST['delete_pic'])) { $delete_pic = $_POST['delete_pic']; } else { $delete_pic = "off"; } if (strlen($response1) == 0 && strlen($response2) == 0 && $delete_pic != "on" && !is_uploaded_file($_FILES['picture']['tmp_name'])) { error_page(tra("Your profile submission was empty.")); exit; } if ($delete_pic == "on") { delete_user_pictures($profile->userid); $profile->has_picture = false; $profile->verification = 0; } $profile ? $has_picture = $profile->has_picture : ($has_picture = false); if (is_uploaded_file($_FILES['picture']['tmp_name'])) { $has_picture = true; if ($profile) { $profile->verification = 0; } // echo "<br>Name: " . $_FILES['picture']['name']; // echo "<br>Type: " . $_FILES['picture']['type']; // echo "<br>Size: " . $_FILES['picture']['size']; // echo "<br>Temp name: " . $_FILES['picture']['tmp_name']; $images = getImages($_FILES['picture']['tmp_name']); // Write the original image file to disk. // TODO: define a constant for image quality. ImageJPEG($images[0], IMAGE_PATH . $user->id . '.jpg'); ImageJPEG($images[1], IMAGE_PATH . $user->id . '_sm.jpg'); } $response1 = sanitize_html($response1); $response2 = sanitize_html($response2); $has_picture = $has_picture ? 1 : 0; if ($profile) { $query = " response1 = '" . BoincDb::escape_string($response1) . "'," . " response2 = '" . BoincDb::escape_string($response2) . "'," . " language = '" . BoincDb::escape_string($language) . "'," . " has_picture = {$has_picture}," . " verification = {$profile->verification}" . " WHERE userid = {$user->id}"; $result = BoincProfile::update_aux($query); if (!$result) { error_page(tra("Could not update the profile: database error")); } } else { $query = 'SET ' . " userid={$user->id}," . " language = '" . BoincDb::escape_string($language) . "'," . " response1 = '" . BoincDb::escape_string($response1) . "'," . " response2 = '" . BoincDb::escape_string($response2) . "'," . " has_picture = {$has_picture}," . " recommend=0, " . " reject=0, " . " posts=0, " . " uotd_time=0, " . " verification=0"; $result = BoincProfile::insert($query); if (!$result) { error_page(tra("Could not create the profile: database error")); } } $user->update("has_profile=1"); page_head(tra("Profile saved")); echo tra("Congratulations! Your profile was successfully entered into our database.") . "<br><br>" . "<a href=\"view_profile.php?userid=" . $user->id . "\">" . tra("View your profile") . "</a><br>"; page_tail(); }
require_once "../inc/countries.inc"; $user = get_logged_in_user(); check_tokens($user->authenticator); $name = boinc_htmlentities(post_str("user_name")); if ($name != strip_tags($name)) { error_page("HTML tags not allowed in name"); } if (strlen($name) == 0) { error_page("You must supply a name for your account."); } $url = post_str("url", true); $url = strip_tags($url); $country = post_str("country"); if ($country == "") { $country = "International"; } if (!is_valid_country($country)) { error_page("bad country"); } $country = BoincDb::escape_string($country); $postal_code = post_str("postal_code", true); $postal_code = strip_tags($postal_code); $name = BoincDb::escape_string($name); $url = BoincDb::escape_string($url); $postal_code = BoincDb::escape_string($postal_code); $result = $user->update("name='{$name}', url='{$url}', country='{$country}', postal_code='{$postal_code}'"); if ($result) { Header("Location: home.php"); } else { error_page("Couldn't update user info."); }
function update_team($t, $team, $user) { global $dry_run; if (trim($t->url) == $team->url && $t->type == $team->type && trim($t->name_html) == $team->name_html && trim($t->description) == $team->description && $t->country == $team->country && $t->id == $team->seti_id) { echo " no changes\n"; return; } echo " updating\n"; $url = BoincDb::escape_string($t->url); $name_html = BoincDb::escape_string($t->name_html); $description = BoincDb::escape_string($t->description); $country = BoincDb::escape_string($t->country); $query = "update team set url='{$url}', type={$t->type}, name_html='{$name_html}', description='{$description}', country='{$country}', seti_id={$t->id} where id={$team->id}"; if ($dry_run) { echo " {$query}\n"; return; } $retval = mysql_query($query); if (!$retval) { echo " update failed: {$query}\n"; exit; } }
xml_error(ERR_BAD_EMAIL_ADDR); } if (strlen($passwd_hash) != 32) { xml_error(-1, "password hash length not 32"); } $user = BoincUser::lookup_email_addr($email_addr); if ($user) { if ($user->passwd_hash != $passwd_hash) { xml_error(ERR_DB_NOT_UNIQUE); } else { $authenticator = $user->authenticator; } } else { $user = make_user($email_addr, $user_name, $passwd_hash, 'International'); if (!$user) { xml_error(ERR_DB_NOT_UNIQUE); } if (defined('INVITE_CODES')) { error_log("Account for '{$email_addr}' created using invitation code '{$invite_code}'"); } } if ($team_name) { $team_name = BoincDb::escape_string($team_name); $team = BoincTeam::lookup("name='{$team_name}'"); if ($team && $team->joinable) { user_join_team($team, $user); } } echo " <account_out>\n"; echo " <authenticator>{$user->authenticator}</authenticator>\n"; echo "</account_out>\n";
$project_prefs = str_ireplace("<project_preferences>", "<project_preferences>\n" . $orig_project_specific, $project_prefs); } $url = BoincDb::escape_string($url); $send_email = BoincDb::escape_string($send_email); $show_hosts = BoincDb::escape_string($show_hosts); $venue = BoincDb::escape_string($venue); if ($email_addr) { if (!is_valid_email_addr($email_addr)) { xml_error(-205, "Invalid email address"); } if (is_banned_email_addr($email_addr)) { xml_error(-205, "Invalid email address"); } $email_addr = strtolower(BoincDb::escape_string($email_addr)); } $password_hash = BoincDb::escape_string($password_hash); $query = ""; if ($name) { $query .= " name='{$name}', "; } if ($country) { $query .= " country='{$country}', "; } if ($postal_code) { $query .= " postal_code='{$postal_code}', "; } if ($global_prefs) { $global_prefs = str_replace("\\r\\n", "\n", $global_prefs); $x = bad_xml($global_prefs, "<global_preferences>", "</global_preferences>"); if ($x) { error("Invalid global preferences: {$x}");
function search($params) { $list = array(); $tried = false; if (strlen($params->keywords)) { $kw = BoincDb::escape_string($params->keywords); $name_lc = strtolower($kw); $name_lc = escape_pattern($name_lc); $list2 = get_teams("name='{$name_lc}'", $params->active); merge_lists($list2, $list, 20); $list2 = get_teams("name like '" . $name_lc . "%'", $params->active); merge_lists($list2, $list, 5); $list2 = get_teams("match(name) against ('{$kw}')", $params->active); merge_lists($list2, $list, 5); $list2 = get_teams("match(name, description) against ('{$kw}')", $params->active); //echo "<br>keyword matches: ",sizeof($list2); merge_lists($list2, $list, 3); $tried = true; } if (strlen($params->country) && $params->country != 'None') { $list2 = get_teams("country = '{$params->country}'", $params->active); //echo "<br>country matches: ",sizeof($list2); merge_lists($list2, $list, 1); $tried = true; } if ($params->type and $params->type > 1) { $list2 = get_teams("type={$params->type}", $params->active); //echo "<br>type matches: ",sizeof($list2); merge_lists($list2, $list, 2); $tried = true; } if (!$tried) { $list = get_teams("id>0", $params->active); } if (sizeof($list) == 0) { echo 'No teams were found matching your criteria. Try another search. <p>Or you can <a href="team_create_form.php">create a new team</a>.</p> <p>'; team_search_form($params); } else { echo "The following teams match one or more of your search criteria.\n\t\t\tTo join a team, click its name to go to the team page, then click <strong>Join this team</strong>.</p>\n\t\t\t<p>"; sort_list($list); show_list($list); echo "<h2>Change your search</h2>"; team_search_form($params); } }
// but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // See the GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with BOINC. If not, see <http://www.gnu.org/licenses/>. require_once "../inc/boinc_db.inc"; require_once "../inc/xml.inc"; check_get_args(array("hostid", "account_key", "venue")); xml_header(); $db = BoincDb::get(); if (!$db) { xml_error($retval); } $auth = BoincDb::escape_string(get_str("account_key")); $user = BoincUser::lookup("authenticator='{$auth}'"); if (!$user) { xml_error(ERR_DB_NOT_FOUND); } $hostid = get_int("hostid"); $host = BoincHost::lookup_id($hostid); if (!$host || $host->userid != $user->id) { xml_error(ERR_DB_NOT_FOUND); } $venue = BoincDb::escape_string(get_str("venue")); $result = $host->update("venue='{$venue}'"); if ($result) { echo "<am_set_host_info_reply>\n <success/>\n</am_set_host_info_reply>\n"; } else { xml_error(-1, "database error"); }
function update_user($user, $app_id) { if (VERBOSE) { echo "processing user {$user->id}\n"; } $p = get_new_prefs($user, $app_id); if ($p) { $p = BoincDb::escape_string($p); $user->update("project_prefs='{$p}'"); if (VERBOSE) { echo "updated user {$user->id}\n"; } } }
function handle_accept($user) { $srcid = get_int('userid'); $srcuser = BoincUser::lookup_id($srcid); if (!$srcuser) { error_page("No such user"); } $friend = BoincFriend::lookup($srcid, $user->id); if (!$friend) { error_page("No request"); } $friend->update("reciprocated=1"); // "accept message" not implemented in interface yet $msg = post_str('message', true); if ($msg) { $msg = sanitize_tags(BoincDb::escape_string($msg)); } $now = time(); $ret = BoincFriend::replace("user_src={$user->id}, user_dest={$srcid}, message='{$msg}', create_time={$now}, reciprocated=1"); if (!$ret) { error_page(tra("Database error")); } $type = NOTIFY_FRIEND_ACCEPT; BoincNotify::replace("userid={$srcid}, create_time={$now}, type={$type}, opaque={$user->id}"); BoincForumPrefs::lookup($srcuser); if ($srcuser->prefs->pm_notification == 1) { send_friend_accept_email($user, $srcuser, $msg); } $notify = BoincNotify::lookup($user->id, NOTIFY_FRIEND_REQ, $srcid); if ($notify) { $notify->delete(); } page_head(tra("Friendship confirmed")); echo tra("Your friendship with %1 has been confirmed.", "<b>" . $srcuser->name . "</b>"); page_tail(); }
$delete_problem .= "Cannot delete user: User has " . $c->count . " forum posts.<br/>"; } if ($delete_problem) { return false; } $q = "DELETE FROM user WHERE id=" . $user->id; $result = mysql_query($q); $delete_problem .= "User " . $user->id . " deleted."; unset($user); } $delete_problem = ""; // Process user search form $matches = ""; if (isset($_POST['search_submit'])) { $search_name = post_str('search_text'); $search_name = BoincDb::escape_string(sanitize_tags($search_name)); if (!empty($search_name)) { $result = mysql_query("SELECT * FROM user WHERE name='{$search_name}'"); if (mysql_num_rows($result) == 1) { $user = mysql_fetch_object($result); mysql_free_result($result); } else { $q = "SELECT * FROM user WHERE name LIKE '%" . $search_name . "%'"; $result = mysql_query($q); if (mysql_num_rows($result) == 1) { $user = mysql_fetch_object($result); mysql_free_result($result); } if (mysql_num_rows($result) > 1) { while ($row = mysql_fetch_object($result)) { if (!empty($matches)) {
$content = post_str("content", true); $title = post_str("title", true); $preview = post_str("preview", true); if (post_str('submit', true) && !$preview) { check_tokens($logged_in_user->authenticator); $add_signature = post_str('add_signature', true) == "1" ? 1 : 0; $content = substr($content, 0, 64000); $content = trim($content); if (strlen($content)) { $content = BoincDb::escape_string($content); $now = time(); $post->update("signature={$add_signature}, content='{$content}', modified={$now}"); if ($can_edit_title) { $title = trim($title); $title = sanitize_tags($title); $title = BoincDb::escape_string($title); $thread->update("title='{$title}'"); } header("Location: forum_thread.php?id={$thread->id}&postid={$postid}"); } else { delete_post($post, $thread, $forum); header("Location: forum_forum.php?id={$forum->id}"); } } page_head(tra("Forum"), '', '', '', $bbcode_js); show_forum_header($logged_in_user); switch ($forum->parent_type) { case 0: $category = BoincCategory::lookup_id($forum->category); show_forum_title($category, $forum, $thread); break;
function get_wu_output_file($wu_name, $file_num, $auth_str) { $wu_name = BoincDb::escape_string($wu_name); $wu = BoincWorkunit::lookup("name='{$wu_name}'"); if (!$wu) { die("no workunit {$wu_name}"); } $batch = BoincBatch::lookup_id($wu->batch); if (!$batch) { die("no batch {$wu->batch}"); } $user = BoincUser::lookup_id($batch->user_id); if (!$user) { die("no user {$batch->user_id}"); } if ($user->authenticator != $auth_str) { die("bad auth str: x={$x}, auth_str={$auth_str}"); } $fanout = parse_config(get_config(), "<uldl_dir_fanout>"); $upload_dir = parse_config(get_config(), "<upload_dir>"); if (!$wu->canonical_resultid) { die("no canonical result for wu {$wu->name}"); } $result = BoincResult::lookup_id($wu->canonical_resultid); $names = get_outfile_names($result); $path = dir_hier_path($names[$file_num], $upload_dir, $fanout); if (file_exists($path)) { do_download($path); } else { echo "no such file: {$path}"; } }
$hide_signatures = $_POST["forum_hide_signatures"] != "" ? 1 : 0; $highlight_special = $_POST["forum_highlight_special"] != "" ? 1 : 0; $jump_to_unread = $_POST["forum_jump_to_unread"] != "" ? 1 : 0; $ignore_sticky_posts = $_POST["forum_ignore_sticky_posts"] != "" ? 1 : 0; $no_signature_by_default = $_POST["signature_by_default"] != "" ? 0 : 1; $signature = post_str("signature", true); if (strlen($signature) > 250) { error_page(tra("Your signature was too long, please keep it less than 250 characters.")); } $forum_sort = post_int("forum_sort"); $thread_sort = post_int("thread_sort"); $display_wrap_postcount = post_int("forum_display_wrap_postcount"); if ($display_wrap_postcount < 1) { $display_wrap_postcount = 1; } $signature = BoincDb::escape_string($signature); $user->prefs->update("images_as_links={$images_as_links}, link_popup={$link_popup}, hide_avatars={$hide_avatars}, hide_signatures={$hide_signatures}, highlight_special={$highlight_special}, jump_to_unread={$jump_to_unread}, ignore_sticky_posts={$ignore_sticky_posts}, no_signature_by_default={$no_signature_by_default}, avatar='{$avatar_url}', signature='{$signature}', forum_sorting={$forum_sort}, thread_sorting={$thread_sort}, display_wrap_postcount={$display_wrap_postcount}"); } // DISABLE_FORUMS $add_user_to_filter = $_POST["add_user_to_filter"] != ""; if ($add_user_to_filter) { $user_to_add = trim($_POST["forum_filter_user"]); if ($user_to_add != "" and $user_to_add == strval(intval($user_to_add))) { $other_user = BoincUser::lookup_id($user_to_add); if (!$other_user) { echo tra("No such user:"******" " . $user_to_add; } else { add_ignored_user($user, $other_user); } } }
function edit_action($forum) { $title = strip_tags(post_str('title')); $title = BoincDb::escape_string($title); $description = strip_tags(post_str('description')); $description = BoincDb::escape_string($description); $post_min_interval = post_int('post_min_interval'); $post_min_total_credit = post_int('post_min_total_credit'); $post_min_expavg_credit = post_int('post_min_expavg_credit'); $ret = $forum->update("title='{$title}', description='{$description}', post_min_interval={$post_min_interval}, post_min_total_credit={$post_min_total_credit}, post_min_expavg_credit={$post_min_expavg_credit}"); if ($ret) { page_head("Team Message Board Updated"); echo "Update successful"; page_tail(); } else { error_page("update failed"); } }
function handle_abort_jobs($r) { xml_start_tag("abort_jobs"); list($user, $user_submit) = authenticate_user($r, null); $batch = null; foreach ($r->job_name as $job_name) { $job_name = BoincDb::escape_string($job_name); $wu = BoincWorkunit::lookup("name='{$job_name}'"); if (!$wu) { xml_error(-1, "No job {$job_name}"); } if (!$wu->batch) { xml_error(-1, "Job {$job_name} is not part of a batch"); } if (!$batch || $wu->batch != $batch->id) { $batch = BoincBatch::lookup_id($wu->batch); } if (!$batch || $batch->user_id != $user->id) { xml_error(-1, "not owner"); } echo "<aborted {$job_name}>\n"; abort_workunit($wu); } echo "<success>1</success>\n </abort_jobs>\n "; }
$project_prefs = BoincDb::escape_string(get_str("project_prefs", true)); // Do processing on project prefs so that we don't overwrite project-specific // settings if AMS has no idea about them if (stripos($project_prefs, "<project_specific>") === false) { // AMS request does not contain project specific prefs, preserve original $orig_project_specific = stristr($user->project_prefs, "<project_specific>"); $orig_project_specific = substr($orig_project_specific, 0, stripos($orig_project_specific, "</project_specific>") + 19) . "\n"; $project_prefs = str_ireplace("<project_preferences>", "<project_preferences>\n" . $orig_project_specific, $project_prefs); } $url = BoincDb::escape_string(get_str("url", true)); $send_email = BoincDb::escape_string(get_str("send_email", true)); $show_hosts = BoincDb::escape_string(get_str("show_hosts", true)); $teamid = get_int("teamid", true); $venue = BoincDb::escape_string(get_str("venue", true)); $email_addr = strtolower(BoincDb::escape_string(get_str("email_addr", true))); $password_hash = BoincDb::escape_string(get_str("password_hash", true)); $query = ""; if ($name) { $query .= " name='{$name}', "; } if ($country) { $query .= " country='{$country}', "; } if ($postal_code) { $query .= " postal_code='{$postal_code}', "; } if ($global_prefs) { $global_prefs = str_replace("\\r\\n", "\n", $global_prefs); $x = bad_xml($global_prefs, "<global_preferences>", "</global_preferences>"); if ($x) { error("Invalid global preferences: {$x}");
// You should have received a copy of the GNU Lesser General Public License // along with BOINC. If not, see <http://www.gnu.org/licenses/>. // Show results with pending credit for a user require_once "../inc/util.inc"; require_once "../inc/boinc_db.inc"; require_once "../inc/xml.inc"; check_get_args(array("format", "authenticator")); BoincDb::get(true); $config = get_config(); if (!parse_bool($config, "show_results")) { error_page("This feature is turned off temporarily"); } $format = get_str("format", true); if ($format == "xml") { xml_header(); $auth = BoincDb::escape_string(get_str('authenticator')); $user = BoincUser::lookup("authenticator='{$auth}'"); if (!$user) { echo "<error>" . xml_error(-136) . "</error>\n"; exit; } $sum = 0; echo "<pending_credit>\n"; $results = BoincResult::enum("userid={$user->id} AND (validate_state=0 OR validate_state=4) AND claimed_credit > 0"); foreach ($results as $result) { echo "<result>\n"; echo " <resultid>" . $result->id . "</resultid>\n"; echo " <workunitid>" . $result->workunitid . "</workunitid>\n"; echo " <hostid>" . $result->hostid . "</hostid>\n"; echo " <claimed_credit>" . $result->claimed_credit . "</claimed_credit>\n"; echo " <received_time>" . $result->received_time . "</received_time>\n";
function search($params) { $list = array(); $tried = false; if (strlen($params->keywords)) { $kw = BoincDb::escape_string($params->keywords); $name_lc = strtolower($kw); $list2 = get_teams("name='{$name_lc}'", $params->active); merge_lists($list2, $list, 20); $name_lc = escape_pattern($name_lc); $list2 = get_teams("name like '" . $name_lc . "%'", $params->active); merge_lists($list2, $list, 5); $list2 = get_teams("match(name) against ('{$kw}')", $params->active); merge_lists($list2, $list, 5); $list2 = get_teams("match(name, description) against ('{$kw}')", $params->active); //echo "<br>keyword matches: ",sizeof($list2); merge_lists($list2, $list, 3); $tried = true; } if (strlen($params->country) && $params->country != 'None') { $country = BoincDb::escape_string($params->country); $list2 = get_teams("country = '{$country}'", $params->active); //echo "<br>country matches: ",sizeof($list2); merge_lists($list2, $list, 1); $tried = true; } if ($params->type and $params->type > 1) { $list2 = get_teams("type={$params->type}", $params->active); //echo "<br>type matches: ",sizeof($list2); merge_lists($list2, $list, 2); $tried = true; } if (!$tried) { $list = get_teams("id>0", $params->active); } return $list; }
// You should have received a copy of the GNU Lesser General Public License // along with BOINC. If not, see <http://www.gnu.org/licenses/>. require_once "../inc/boinc_db.inc"; require_once "../inc/util.inc"; if (DISABLE_PROFILES) { error_page("Profiles are disabled"); } check_get_args(array("search_string", "offset")); function show_profile_link2($profile, $n) { $user = BoincUser::lookup_id($profile->userid); echo "<tr><td>" . user_links($user) . "</td><td>" . date_str($user->create_time) . "</td><td>{$user->country}</td><td>" . (int) $user->total_credit . "</td><td>" . (int) $user->expavg_credit . "</td></tr>\n"; } $search_string = get_str('search_string'); $search_string = sanitize_tags($search_string); $search_string = BoincDb::escape_string($search_string); $offset = get_int('offset', true); if (!$offset) { $offset = 0; } $count = 10; page_head(tra("Profiles containing '%1'", $search_string)); $profiles = BoincProfile::enum("match(response1, response2) against ('{$search_string}') limit {$offset},{$count}"); start_table(); echo "\n <tr><th>" . tra("User name") . "</th>\n <th>" . tra("Joined project") . "</th>\n <th>" . tra("Country") . "</th>\n <th>" . tra("Total credit") . "</th>\n <th>" . tra("Recent credit") . "</th></tr>\n"; $n = 0; foreach ($profiles as $profile) { show_profile_link2($profile, $n + $offset + 1); $n += 1; } end_table();
function handle_main($user) { global $submit_urls; $user_submit = BoincUserSubmit::lookup_userid($user->id); if (!$user_submit) { error_page("Ask the project admins for permission to submit jobs"); } page_head("Job submission and control"); if (isset($submit_urls)) { // show links to per-app job submission pages // echo "<h2>Submit jobs</h2>\n <ul>\n "; foreach ($submit_urls as $appname => $submit_url) { $appname = BoincDb::escape_string($appname); $app = BoincApp::lookup("name='{$appname}'"); if (!$app) { error_page("bad submit_url name: {$appname}"); } $usa = BoincUserSubmitApp::lookup("user_id={$user->id} and app_id={$app->id}"); if ($usa || $user_submit->submit_all) { echo "<li> <a href={$submit_url}> {$app->user_friendly_name} </a>"; } } echo "</ul>\n"; } // show links to admin pages if relevant // $usas = BoincUserSubmitApp::enum("user_id={$user->id}"); $app_admin = false; foreach ($usas as $usa) { if ($usa->manage) { $app_admin = true; break; } } if ($user_submit->manage_all || $app_admin) { echo "<h2>Administrative functions</h2><ul>\n"; if ($user_submit->manage_all) { echo "<li>All applications<br>\n <a href=submit.php?action=admin&app_id=0>Batches</a>\n ·\n <a href=manage_project.php>Users</a>\n "; $apps = BoincApp::enum("deprecated=0"); foreach ($apps as $app) { echo "<li>{$app->user_friendly_name}<br>\n <a href=submit.php?action=admin&app_id={$app->id}>Batches</a>\n ·\n <a href=manage_app.php?app_id={$app->id}&action=app_version_form>Versions</a>\n "; } } else { foreach ($usas as $usa) { $app = BoincApp::lookup_id($usa->app_id); echo "<li>{$app->user_friendly_name}<br>\n <a href=submit.php?action=admin&app_id={$app->id}>Batches</a>\n "; if ($usa->manage) { echo "·\n <a href=manage_app.php?app_id={$app->id}&action=app_version_form>Versions</a>\n "; } } } echo "</ul>\n"; } $batches = BoincBatch::enum("user_id = {$user->id} order by id desc"); show_batches($batches, PAGE_SIZE, $user, null); page_tail(); }
show_team_xml($team); $total++; if ($total == 100) { break; } } //do not error out } } echo "</teams>\n"; exit; } $team_name = get_str("team_name"); $name_lc = strtolower($team_name); $name_lc = escape_pattern($name_lc); $clause = "name like '%" . BoincDb::escape_string($name_lc) . "%' order by expavg_credit desc limit 100"; $teams = BoincTeam::enum($clause); if ($format == 'xml') { echo "<teams>\n"; $total = 0; foreach ($teams as $team) { show_team_xml($team); $total++; if ($total == 100) { break; } } echo "</teams>\n"; exit; } page_head(tra("Search Results"));
if ($delete_problem) { return false; } $q = "DELETE FROM user WHERE id=" . $user->id; $result = mysql_query($q); $delete_problem .= "User " . $user->id . " deleted."; unset($user); } $delete_problem = ""; /** * Process user search form */ $matches = ""; if (isset($_POST['search_submit'])) { $search_name = post_str('search_text'); $search_name = BoincDb::escape_string(strip_tags($search_name)); if (!empty($search_name)) { $result = mysql_query("SELECT * FROM user WHERE name='{$search_name}'"); if (mysql_num_rows($result) == 1) { $user = mysql_fetch_object($result); mysql_free_result($result); } else { $q = "SELECT * FROM user WHERE name LIKE '%" . $search_name . "%'"; $result = mysql_query($q); if (mysql_num_rows($result) == 1) { $user = mysql_fetch_object($result); mysql_free_result($result); } if (mysql_num_rows($result) > 1) { while ($row = mysql_fetch_object($result)) { if (!empty($matches)) {