/**
* Constructor.
*
* @param mixed $message Response status/error message, may be string or array.
* @param mixed $payload Payload.
*/
public function __construct($message, $payload = null)
{
$this->messages = (array) $message;
$this->payload = $payload;
if ($this->newCsrfToken) {
$this->authid = SecurityUtil::generateAuthKey(ModUtil::getName());
$this->csrfToken = SecurityUtil::generateCsrfToken();
}
}
/**
* Zikula_View insert function to dynamically generated an authorisation key
*
* Available parameters:
* - module: The well-known name of a module to execute a function from (required)
* - assign: If set, the results are assigned to the corresponding variable instead of printed out
*
* Example
* <input type="hidden" name="authid" value="{insert name='generateauthkey' module='Users'}" />
*
* @param array $params All attributes passed to this function from the template.
* @param Zikula_View $view Reference to the Zikula_View object.
*
* @return string
*/
function smarty_insert_generateauthkey($params, $view)
{
LogUtil::log(__f('Warning! Template plugin {%1$s} is deprecated, please use {%2$s} instead.', array('insert name="secgenauthkey" ...', "insert name='csrftoken' ...")), E_USER_DEPRECATED);
$module = isset($params['module']) ? $params['module'] : null;
if (!$module) {
$module = ModUtil::getName();
}
$result = SecurityUtil::generateAuthKey($module);
// NOTE: assign parameter is handled by the smarty_core_run_insert_handler(...) function in lib/vendor/Smarty/internals/core.run_insert_handler.php
return $result;
}
/**
* Constructor.
*
* @param mixed $payload Application data.
* @param mixed $message Response status/error message, may be string or array.
* @param array $options Options.
*/
public function __construct($payload, $message = null, array $options = array())
{
$this->payload = $payload;
$this->messages = (array) $message;
$this->options = $options;
if ($this->newCsrfToken) {
if (System::isLegacyMode()) {
$this->authid = SecurityUtil::generateAuthKey(ModUtil::getName());
}
$this->csrfToken = SecurityUtil::generateCsrfToken();
}
}
/**
* Constructor.
*
* @param mixed $payload Application data.
* @param mixed $message Response status/error message, may be string or array.
* @param array $options Options.
*/
public function __construct($payload, $message = null, array $options = array())
{
$this->payload = $payload;
$this->messages = (array) $message;
$this->options = $options;
if ($this->newCsrfToken) {
$this->csrfToken = \SecurityUtil::generateCsrfToken();
}
if (\System::isLegacyMode()) {
$this->authid = \SecurityUtil::generateAuthKey(\ModUtil::getName());
}
parent::__construct('', $this->statusCode);
}
/**
* Smarty function to generate a unique key to secure forms content as unique.
*
* Note that you must not cache the outputs from this function, as its results
* change aech time it is called. The Zikula developers are looking for ways to
* automise this.
*
*
* Available parameters:
* - module: The well-known name of a module to execute a function from (required)
* - assign: If set, the results are assigned to the corresponding variable instead of printed out
*
* Example
* <input type="hidden" name="authid" value="{securityutil_generateauthkey module='MyModule'}">
*
* @todo prevent this function from being cached (Smarty 2.6.0)
* @param array $params All attributes passed to this function from the template
* @param object $smarty Reference to the Smarty object
* @return string the authentication key
* @deprecated
*/
function smarty_function_securityutil_generateauthkey($params, $smarty)
{
LogUtil::log(__f('Warning! Template plugin {%1$s} is deprecated, please use {%2$s} instead.', array('securityutil_generateauthkey', 'insert.generateauthkey')), E_USER_DEPRECATED);
if (!isset($params['module'])) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('securityutil_generateauthkey', 'module')));
return false;
}
$result = SecurityUtil::generateAuthKey($params['module']);
if (isset($params['assign'])) {
$smarty->assign($params['assign'], $result);
} else {
return $result;
}
}
/**
* Smarty function to generate a unique key to secure forms content as unique.
*
* Note that you must not cache the outputs from this function, as its results
* change aech time it is called. The Zikula developers are looking for ways to
* automise this.
*
*
* Available parameters:
* - module: The well-known name of a module to execute a function from (required)
* - assign: If set, the results are assigned to the corresponding variable instead of printed out
*
* Example
* <input type="hidden" name="authid" value="{secgenauthkey module="MyModule"}">
*
* @todo prevent this function from being cached (Smarty 2.6.0)
* @param array $params All attributes passed to this function from the template
* @param object $smarty Reference to the Smarty object
* @return string the authentication key
* @deprecated
*/
function smarty_function_secgenauthkey($params, $smarty)
{
LogUtil::log(__f('Warning! Template plugin {%1$s} is deprecated, please use {%2$s} instead.', array('secgenauthkey', 'insert name="csrftoken"')), E_USER_DEPRECATED);
$assign = isset($params['assign']) ? $params['assign'] : null;
$module = isset($params['module']) ? $params['module'] : null;
if (!$module) {
$module = ModUtil::getName();
}
$result = SecurityUtil::generateAuthKey($module);
if ($assign) {
$smarty->assign($assign, $result);
} else {
return $result;
}
}
$response = new Zikula_Response_Ajax_Forbidden($e->getMessage());
} catch (Zikula_Exception_Fatal $e) {
$response = new Zikula_Response_Ajax_Fatal($e->getMessage());
} catch (PDOException $e) {
$response = new Zikula_Response_Ajax_Fatal($e->getMessage());
} catch (Exception $e) {
$response = new Zikula_Response_Ajax_Fatal($e->getMessage());
}
// Handle database transactions
if (System::getVar('Z_CONFIG_USE_TRANSACTIONS')) {
if (isset($e) && $e instanceof Exception) {
$dbConn->rollback();
} else {
$dbConn->commit();
}
}
// Process final response.
// If response is not instanceof Zikula_Response_Ajax_AbstractBase provide compat solution
if (!$response instanceof Zikula_Response_Ajax_AbstractBase) {
$response = !is_array($response) ? array('data' => $response) : $response;
$response['statusmsg'] = LogUtil::getStatusMessages();
if (System::isLegacyMode()) {
$response['authid'] = SecurityUtil::generateAuthKey(ModUtil::getName());
}
$response = json_encode($response);
header("HTTP/1.1 200 OK");
header('Content-type: application/json');
}
// Issue response.
echo $response;
System::shutdown();
/**
* Encode data in JSON and return.
*
* This functions can add a new authid if requested to do so (default).
* If the supplied args is not an array, it will be converted to an
* array with 'data' as key.
* Authid field will always be named 'authid'. Any other field 'authid'
* will be overwritten!
* Script execution stops here
*
* @param mixed $args String or array of data.
* @param boolean $createauthid Create a new authid and send it back to the calling javascript.
* @param boolean $xjsonheader Send result in X-JSON: header for prototype.js.
* @param boolean $statusmsg Include statusmsg in output.
* @param string $code Optional error code, default '200 OK'.
*
* @deprecated since 1.3.0
*
* @return void
*/
public static function output($args, $createauthid = false, $xjsonheader = false, $statusmsg = true, $code = '200 OK')
{
if (!System::isLegacyMode()) {
$response = new Zikula_Response_Ajax($args);
echo $response;
System::shutDown();
}
// Below for reference - to be deleted.
// check if an error message is set
$msgs = LogUtil::getErrorMessagesText('<br />');
if ($msgs != false && !empty($msgs)) {
self::error($msgs);
}
$data = !is_array($args) ? array('data' => $args) : $args;
if ($statusmsg === true) {
// now check if a status message is set
$msgs = LogUtil::getStatusMessagesText('<br />');
$data['statusmsg'] = $msgs;
}
if ($createauthid === true) {
$data['authid'] = SecurityUtil::generateAuthKey(ModUtil::getName());
}
// convert the data to UTF-8 if not already encoded as such
// Note: this isn't strict test but relying on the site language pack encoding seems to be a good compromise
if (ZLanguage::getEncoding() != 'utf-8') {
$data = DataUtil::convertToUTF8($data);
}
$output = json_encode($data);
header("HTTP/1.0 $code");
header('Content-type: application/json');
if ($xjsonheader == true) {
header('X-JSON:(' . $output . ')');
}
echo $output;
System::shutdown();
}
}
$forward_page .= $forward_match[$i];
}
}
// Begin PNphpBB2 Module
// $forward_page = $forward_match[0] . '?' . $forward_page;
$forward_page = $forward_match[0] . '&' . $forward_page;
// End PNphpBB2 Module
} else {
$forward_page = $forward_match[0];
}
}
}
$username = $userdata['user_id'] != ANONYMOUS ? $userdata['username'] : '';
// Begin PNphpBB2 Module
// $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';
$s_hidden_fields = '<input type="hidden" name="url" value="' . append_sid($forward_page) . '">';
//$s_hidden_fields .= '<input type="hidden" name="module" value="NS-User">';
//$s_hidden_fields .= '<input type="hidden" name="module" value="Users">';
//$s_hidden_fields .= '<input type="hidden" name="func" value="login">';
// End PNphpBB2 Module
$s_hidden_fields .= isset($_GET['admin']) ? '<input type="hidden" name="admin" value="1" />' : '';
$modinfo = ModUtil::getInfoFromName("ZphpBB2");
make_jumpbox('viewforum.' . $phpEx);
$template->assign_vars(array('USERNAME' => DataUtil::formatForDisplay($username), 'L_ENTER_PASSWORD' => isset($_GET['admin']) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'], 'U_SEND_PASSWORD' => ModUtil::url('Users', 'user', 'lostpassword'), 'S_LOGIN_ACTION' => ModUtil::url('Users', 'user', 'login', array('returnpage' => urlencode(System::getCurrentUri()))), 'AUTHID' => SecurityUtil::generateAuthKey("Users"), 'URL' => append_sid($forward_page), 'S_HIDDEN_FIELDS' => $s_hidden_fields));
$template->pparse('body');
include $phpbb_root_path . 'includes/page_tail.' . $phpEx;
} else {
redirect(append_sid("index.{$phpEx}", true));
}
}
$sessions .= "<tr><td>board_config['path_ranks']</td><td>" . $board_config['path_ranks'] . "</td><td></tr>";
$sessions .= "<tr><td>board_config['path_cellpics']</td><td>" . $board_config['path_cellpics'] . "</td><td></tr>";
$sessions .= "<tr><td>board_config['style_name']</td><td>" . $board_config['style_name'] . "</td><td></tr>";
$sessions .= "</table>";
*/
// End PNphpBB2 Module
//
// The following assigns all _common_ variables that may be used at any point
// in a template.
//
// Begin PNphpBB2 Module
$fullpage = SessionUtil::getVar('fullpage');
$info[title] = $page_title;
// End PNphpBB2 Module
$template->assign_vars(array('SESSIONS' => $sessions, 'CSS_PNTHEME' => $board_config['theme_name'], 'CSS_PNPHPBB' => $board_config['style_name'], 'SITENAME' => $board_config['sitename'], 'SITE_DESCRIPTION' => $board_config['site_desc'], 'PAGE_TITLE' => $page_title, 'LAST_VISIT_DATE' => sprintf($lang['You_last_visit'], $s_last_visit), 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), 'TOTAL_USERS_ONLINE' => $l_online_users, 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], create_date($board_config['default_dateformat'], $board_config['record_online_date'], $board_config['board_timezone'])), 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, 'PRIVATE_MESSAGE_NEW_FLAG' => $s_privmsg_new, 'PRIVMSG_IMG' => $icon_pm, 'L_USERNAME' => $lang['Username'], 'L_PASSWORD' => $lang['Password'], 'L_LOGIN_LOGOUT' => $l_login_logout, 'L_LOGIN' => $lang['Login'], 'L_LOG_ME_IN' => $lang['Log_me_in'], 'L_AUTO_LOGIN' => $lang['Log_me_in'], 'L_INDEX' => sprintf($lang['Forum_Index'], $board_config['sitename']), 'L_REGISTER' => $lang['Register'], 'L_PROFILE' => $lang['Profile'], 'L_SEARCH' => $lang['Search'], 'L_PRIVATEMSGS' => $lang['Private_Messages'], 'L_WHO_IS_ONLINE' => $lang['Who_is_Online'], 'L_MEMBERLIST' => $lang['Memberlist'], 'L_FAQ' => $lang['FAQ'], 'L_USERGROUPS' => $lang['Usergroups'], 'L_SEARCH_NEW' => $lang['Search_new'], 'L_SEARCH_UNANSWERED' => $lang['Search_unanswered'], 'L_SEARCH_SELF' => $lang['Search_your_posts'], 'L_WHOSONLINE_ADMIN' => sprintf($lang['Admin_online_color'], '<span style="color:#' . $phpbb_theme['fontcolor3'] . '">', '</span>'), 'L_WHOSONLINE_MOD' => sprintf($lang['Mod_online_color'], '<span style="color:#' . $phpbb_theme['fontcolor2'] . '">', '</span>'), 'L_MIN_MAX_IMAGE' => $fullpage == 1 ? "icon_mini_min.gif" : "icon_mini_max.gif", 'L_MIN_MAX' => $fullpage == 1 ? $lang['ZphpBB2_Minimize'] : $lang['ZphpBB2_Maximize'], 'L_SUBFORUM_IMAGE' => $subforum == 1 ? "icon_subforum_off.gif" : "icon_subforum_on.gif", 'L_SUBFORUM' => $subforum == 1 ? $lang['ZphpBB2_SubForum_Off'] : $lang['ZphpBB2_SubForum_On'], 'L_ADMIN_INFO' => $lang['Admin_panel'], 'U_SEARCH_UNANSWERED' => append_sid('search.' . $phpEx . '?search_id=unanswered'), 'U_SEARCH_SELF' => append_sid('search.' . $phpEx . '?search_id=egosearch'), 'U_SEARCH_NEW' => append_sid('search.' . $phpEx . '?search_id=newposts'), 'U_INDEX' => append_sid('index.' . $phpEx), 'U_REGISTER' => ModUtil::url('Users', 'user', 'register'), 'ADMIN_LINK' => $admin_link, 'U_MIN_MAX' => $fullpage == 1 ? append_sid('index.' . $phpEx . '?minmax=0') : append_sid('index.' . $phpEx . '?minmax=1'), 'U_SUBFORUM' => $subforum == 1 ? append_sid('index.' . $phpEx . '?subforum=0') : append_sid('index.' . $phpEx . '?subforum=1'), 'U_ADMIN_LINK' => ModUtil::url('ZphpBB2', 'admin', 'main'), 'U_PROFILE' => append_sid('profile.' . $phpEx . '?mode=editprofile'), 'U_PRIVATEMSGS' => $board_config['pnphpbb2_pn_pm'] ? ModUtil::url('InterCom', 'user', 'main') : append_sid('privmsg.' . $phpEx . '?folder=inbox'), 'U_PRIVATEMSGS_POPUP' => append_sid('privmsg.' . $phpEx . '?mode=newpm', true), 'U_SEARCH' => append_sid('search.' . $phpEx), 'U_MEMBERLIST' => append_sid('memberlist.' . $phpEx), 'U_MODCP' => append_sid('modcp.' . $phpEx), 'U_FAQ' => append_sid('faq.' . $phpEx), 'U_VIEWONLINE' => append_sid('viewonline.' . $phpEx), 'U_LOGIN_LOGOUT' => $u_login_logout, 'U_GROUP_CP' => append_sid('groupcp.' . $phpEx), 'S_CONTENT_DIRECTION' => $lang['DIRECTION'], 'S_CONTENT_ENCODING' => $lang['ENCODING'], 'S_CONTENT_DIR_LEFT' => $lang['LEFT'], 'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'], 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone), 'S_LOGIN_ACTION' => append_sid('login.' . $phpEx), 'T_MODNAME' => 'ZphpBB2', 'T_THEME_NAME' => $phpbb_theme['template_name'], 'T_HEAD_STYLESHEET' => $phpbb_theme['head_stylesheet'], 'T_BODY_BACKGROUND' => $phpbb_theme['body_background'], 'T_BODY_BGCOLOR' => '#' . $phpbb_theme['body_bgcolor'], 'T_BODY_TEXT' => '#' . $phpbb_theme['body_text'], 'T_BODY_LINK' => '#' . $phpbb_theme['body_link'], 'T_BODY_VLINK' => '#' . $phpbb_theme['body_vlink'], 'T_BODY_ALINK' => '#' . $phpbb_theme['body_alink'], 'T_BODY_HLINK' => '#' . $phpbb_theme['body_hlink'], 'T_TR_COLOR1' => '#' . $phpbb_theme['tr_color1'], 'T_TR_COLOR2' => '#' . $phpbb_theme['tr_color2'], 'T_TR_COLOR3' => '#' . $phpbb_theme['tr_color3'], 'T_TR_CLASS1' => $phpbb_theme['tr_class1'], 'T_TR_CLASS2' => $phpbb_theme['tr_class2'], 'T_TR_CLASS3' => $phpbb_theme['tr_class3'], 'T_TH_COLOR1' => '#' . $phpbb_theme['th_color1'], 'T_TH_COLOR2' => '#' . $phpbb_theme['th_color2'], 'T_TH_COLOR3' => '#' . $phpbb_theme['th_color3'], 'T_TH_CLASS1' => $phpbb_theme['th_class1'], 'T_TH_CLASS2' => $phpbb_theme['th_class2'], 'T_TH_CLASS3' => $phpbb_theme['th_class3'], 'T_TD_COLOR1' => '#' . $phpbb_theme['td_color1'], 'T_TD_COLOR2' => '#' . $phpbb_theme['td_color2'], 'T_TD_COLOR3' => '#' . $phpbb_theme['td_color3'], 'T_TD_CLASS1' => $phpbb_theme['td_class1'], 'T_TD_CLASS2' => $phpbb_theme['td_class2'], 'T_TD_CLASS3' => $phpbb_theme['td_class3'], 'T_FONTFACE1' => $phpbb_theme['fontface1'], 'T_FONTFACE2' => $phpbb_theme['fontface2'], 'T_FONTFACE3' => $phpbb_theme['fontface3'], 'T_FONTSIZE1' => $phpbb_theme['fontsize1'], 'T_FONTSIZE2' => $phpbb_theme['fontsize2'], 'T_FONTSIZE3' => $phpbb_theme['fontsize3'], 'T_FONTCOLOR1' => '#' . $phpbb_theme['fontcolor1'], 'T_FONTCOLOR2' => '#' . $phpbb_theme['fontcolor2'], 'T_FONTCOLOR3' => '#' . $phpbb_theme['fontcolor3'], 'T_SPAN_CLASS1' => $phpbb_theme['span_class1'], 'T_SPAN_CLASS2' => $phpbb_theme['span_class2'], 'T_SPAN_CLASS3' => $phpbb_theme['span_class3'], 'USERS_MODULE_AUTHID' => SecurityUtil::generateAuthKey('Users'), 'THEME_IMAGES' => $board_config['image_sub_path'], 'L_FORUM' => $lang['Forum'], 'LOGOSIZE' => $logosize[3], 'MINISIZE' => $minisize[3], 'NAV_LINKS' => $nav_links_html));
// Begin PNphpBB2 Module
if ($board_config['pnphpbb2_logo_on'] == 1) {
$template->assign_block_vars('switch_logo_on', array());
}
if (@is_readable($board_config['template_path'] . '/forum_header.tpl')) {
$template->set_filenames(array('forum_header' => 'forum_header.tpl'));
$template->assign_var_from_handle('FORUM_HEADER', 'forum_header');
}
if ($board_config['pnphpbb2_allow_full_page'] == 1) {
$template->assign_block_vars('switch_allow_full_page', array());
}
if ($board_config['pnphpbb2_allow_sub_change'] == 1) {
$template->assign_block_vars('switch_allow_sub_change', array());
}
//if ( empty($board_config['privmsg_disable']) )
/**
* Force the caducity of a note
* @author: Albert Pérez Monfort (aperezm@xtec.cat)
* @param: args Array with the id of the note
* @return: Redirect to the user main page
*/
public function save($args) {
if (!SecurityUtil::checkPermission('IWnoteboard::', '::', ACCESS_READ)) {
AjaxUtil::error(DataUtil::formatForDisplayHTML($this->__('Sorry! No authorization to access this module.')));
}
$permissions = ModUtil::apiFunc('IWnoteboard', 'user', 'permisos',
array('uid' => UserUtil::getVar('uid')));
// Security check
if (!$permissions['potverificar']) {
AjaxUtil::error(DataUtil::formatForDisplayHTML($this->__('You are not allowed to do this action')));
}
$nid = FormUtil::getPassedValue('nid', -1, 'GET');
if ($nid == -1) {
LogUtil::registerError('no block id');
AjaxUtil::output();
}
// get a note information
$note = ModUtil::apiFunc('IWnoteboard', 'user', 'get',
array('nid' => $nid));
if ($note == false) {
LogUtil::registerError('unable to get note info for nid=' . DataUtil::formatForDisplay($nid));
AjaxUtil::output();
}
$security = SecurityUtil::generateAuthKey();
$save = ModUtil::func('IWnoteboard', 'user', 'nova',
array('nid' => $nid,
'm' => 'c',
'authid' => $security));
if (!$save) {
AjaxUtil::error(DataUtil::formatForDisplayHTML($this->__('The action has failed')));
}
//Delete users headlines var. This renoval the block information
if ($note['titular'] != '') {
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
ModUtil::apiFunc('IWmain', 'user', 'usersVarsDelModule', array('name' => 'nbheadlines',
'module' => 'IWnoteboard',
'sv' => $sv));
}
AjaxUtil::output(array('nid' => $nid));
}
