/** * Verifies user credentials before creating the theme and displaying the request. */ public function __construct() { $user = User::identify(); if ( !$user->loggedin ) { Session::add_to_set( 'login', $_SERVER['REQUEST_URI'], 'original' ); if ( URL::get_matched_rule()->action == 'admin_ajax' && isset( $_SERVER['HTTP_REFERER'] ) ) { $ar = new AjaxResponse(408, _t('Your session has ended, please log in and try again.') ); $ar->out(); } else { $post_raw = $_POST->get_array_copy_raw(); if ( !empty( $post_raw ) ) { Session::add_to_set( 'last_form_data', $post_raw, 'post' ); Session::error( _t( 'We saved the last form you posted. Log back in to continue its submission.' ), 'expired_form_submission' ); } $get_raw = $_GET->get_array_copy_raw(); if ( !empty( $get_raw ) ) { Session::add_to_set( 'last_form_data', $get_raw, 'get' ); Session::error( _t( 'We saved the last form you posted. Log back in to continue its submission.' ), 'expired_form_submission' ); } Utils::redirect( URL::get( 'auth', array( 'page' => 'login' ) ) ); } exit; } $last_form_data = Session::get_set( 'last_form_data' ); // This was saved in the "if ( !$user )" above, UserHandler transferred it properly. /* At this point, Controller has not created handler_vars, so we have to modify $_POST/$_GET. */ if ( isset( $last_form_data['post'] ) ) { $_POST = $_POST->merge( $last_form_data['post'] ); $_SERVER['REQUEST_METHOD'] = 'POST'; // This will trigger the proper act_admin switches. Session::remove_error( 'expired_form_submission' ); } if ( isset( $last_form_data['get'] ) ) { $_GET = $_GET->merge( $last_form_data['get'] ); Session::remove_error( 'expired_form_submission' ); // No need to change REQUEST_METHOD since GET is the default. } $user->remember(); // Create an instance of the active public theme so that its plugin functions are implemented $this->active_theme = Themes::create(); // setup the stacks for javascript in the admin - it's a method so a plugin can call it externally self::setup_stacks(); // on every page load check the plugins currently loaded against the list we last checked for updates and trigger a cron if we need to Update::check_plugins(); }
public function loginform_do_login($form) { $name = $form->habari_username->value; $pass = $form->habari_password->value; if (null != $name || null != $pass) { $user = User::authenticate($name, $pass); if ($user instanceof User && $user != false) { $userinfo = $user->info; // if there's an unused password reset token, unset it to make sure there's no possibility of a compromise that way if (isset($userinfo->password_reset)) { unset($userinfo->password_reset); } /* Successfully authenticated. */ // Timestamp last login date and time. $user->info->authenticate_time = DateTime::create()->format('Y-m-d H:i:s'); $user->update(); // Remove left over expired session error message. if (Session::has_errors('expired_session')) { Session::remove_error('expired_session'); } $login_session = Session::get_set('login'); if (!empty($login_session)) { /* Now that we know we're dealing with the same user, transfer the form data so he does not lose his request */ if (!empty($login_session['post_data'])) { Session::add_to_set('last_form_data', $last_form_data['post'], 'post'); } if (!empty($login_session['get_data'])) { Session::add_to_set('last_form_data', $last_form_data['get'], 'get'); } // don't bother parsing out the URL, we store the URI that was requested, so just append that to the hostname and we're done $login_dest = Site::get_url('host') . $login_session['original']; } else { $login_session = null; $login_dest = Site::get_url('admin'); } // filter the destination $login_dest = Plugins::filter('login_redirect_dest', $login_dest, $user, $login_session); // finally, redirect to the destination Utils::redirect($login_dest); return true; } /* Authentication failed. */ // Remove submitted password, see, we're secure! $form->habari_password->value = ''; $this->handler_vars['error'] = _t('Bad credentials'); } }
/** * Verifies user credentials before creating the theme and displaying the request. */ public function __construct() { $user = User::identify(); if (!$user->loggedin) { Session::add_to_set('login', $_SERVER['REQUEST_URI'], 'original'); if (URL::get_matched_rule()->name == 'admin_ajax' && isset($_SERVER['HTTP_REFERER'])) { header('Content-Type: text/javascript;charset=utf-8'); echo '{callback: function(){location.href="' . $_SERVER['HTTP_REFERER'] . '"} }'; } else { $post_raw = $_POST->get_array_copy_raw(); if (!empty($post_raw)) { Session::add_to_set('last_form_data', $post_raw, 'post'); Session::error(_t('We saved the last form you posted. Log back in to continue its submission.'), 'expired_form_submission'); } $get_raw = $_GET->get_array_copy_raw(); if (!empty($get_raw)) { Session::add_to_set('last_form_data', $get_raw, 'get'); Session::error(_t('We saved the last form you posted. Log back in to continue its submission.'), 'expired_form_submission'); } Utils::redirect(URL::get('auth', array('page' => 'login'))); } exit; } $last_form_data = Session::get_set('last_form_data'); // This was saved in the "if ( !$user )" above, UserHandler transferred it properly. /* At this point, Controller has not created handler_vars, so we have to modify $_POST/$_GET. */ if (isset($last_form_data['post'])) { $_POST = $_POST->merge($last_form_data['post']); $_SERVER['REQUEST_METHOD'] = 'POST'; // This will trigger the proper act_admin switches. Session::remove_error('expired_form_submission'); } if (isset($last_form_data['get'])) { $_GET = $_GET->merge($last_form_data['get']); Session::remove_error('expired_form_submission'); // No need to change REQUEST_METHOD since GET is the default. } $user->remember(); // Create an instance of the active public theme so that its plugin functions are implemented $this->active_theme = Themes::create(); // setup the stacks for javascript in the admin - it's a method so a plugin can call it externally self::setup_stacks(); }
/** * Log the entry page view, when appropriate. * */ public function action_add_template_vars($theme, $handler_vars) { // If there is only one post if ($theme->post instanceof Post && count($theme->posts) == 1) { // Only track users that aren't logged in, unless specifically overridden if (!User::identify()->loggedin || Options::get('popular_posts__loggedintoo')) { $set = Session::get_set('popular_posts', false); $post = $theme->post; if (!in_array($post->id, $set)) { $views = $post->info->views; if ($views == null) { $views = 0; } $views += 1; $post->info->views = $views; $post->info->commit(); Session::add_to_set('popular_posts', $post->id); } } } }
public function action_ajax_ajaxpoll() { $pollid = $_GET['pollid']; $vote = $_GET['result']; $post = Post::get(array('content_type' => Post::type('poll'), 'id' => $pollid)); if ($vote != 'null') { $array = $post->info->r; $temp = $post->info->r; $temp[$vote]++; $post->info->r = $temp; Session::add_to_set('votes', $post->id); } $post->update(); ?> <ul id="poll_results"> <?php $length = 200; $post->info->r; $max = max($post->info->r); for ($n = 1; $n < sizeof($post->info->r); $n++) { ?> <label > <?php echo $post->info->entry[$n] . "(" . $post->info->r[$n] . ")"; ?> <li style='width: <?php echo $length * ($post->info->r[$n] / $max); ?> px'> </li> </label> <?php } ?> </ul> <?php }
/** * Either just display the login form; or check a user's credentials, and * create a session for them; or handle a password reset request. */ public function act_login() { // If we're a reset password request, do that. if (isset($_POST['submit_button']) && $_POST['submit_button'] === _t('Reset password')) { Utils::check_request_method(array('POST')); $name = $this->handler_vars['habari_username']; if ($name !== NULL) { if (!is_numeric($name) && ($user = User::get($name))) { $hash = Utils::random_password(); $user->info->password_reset = md5($hash); $user->info->commit(); $message = _t('Please visit %1$s to reset your password.', array(URL::get('user', array('page' => 'password_reset', 'id' => $user->id, 'hash' => $hash)))); Utils::mail($user->email, _t('[%1$s] Password reset request for %2$s', array(Options::get('title'), $user->displayname)), $message); } // Moving this inside the check for user existence would allow attackers to test usernames, so don't Session::notice(_t('A password reset request has been sent to the user.')); } } else { Utils::check_request_method(array('GET', 'HEAD', 'POST')); $name = $_POST['habari_username']; $pass = $_POST['habari_password']; if (NULL != $name || NULL != $pass) { $user = User::authenticate($name, $pass); if ($user instanceof User && FALSE != $user) { /* Successfully authenticated. */ // Timestamp last login date and time. $user->info->authenticate_time = date('Y-m-d H:i:s'); $user->update(); // Remove left over expired session error message. if (Session::has_errors('expired_session')) { Session::remove_error('expired_session'); } $login_session = Session::get_set('login'); if (!empty($login_session)) { /* Now that we know we're dealing with the same user, transfer the form data so he does not lose his request */ if (!empty($login_session['post_data'])) { Session::add_to_set('last_form_data', $last_form_data['post'], 'post'); } if (!empty($login_session['get_data'])) { Session::add_to_set('last_form_data', $last_form_data['get'], 'get'); } /* Redirect to the correct admin page */ $dest = explode('/', MultiByte::substr($login_session['original'], MultiByte::strpos($login_session['original'], 'admin/'))); if ('' == $dest[0]) { $login_dest = Site::get_url('admin'); } else { // Replace '?' with '&' in $dest[1] before call URL::get() // Therefore calling URL::get() with a query string $dest[1] = str_replace('?', '&', $dest[1]); $login_dest = URL::get('admin', 'page=' . $dest[1]); } } else { $login_session = null; $login_dest = Site::get_url('admin'); } // filter the destination $login_dest = Plugins::filter('login_redirect_dest', $login_dest, $user, $login_session); // finally, redirect to the destination Utils::redirect($login_dest); return TRUE; } /* Authentication failed. */ // Remove submitted password, see, we're secure! $_POST['habari_password'] = ''; $this->handler_vars['error'] = _t('Bad credentials'); } } // Display the login form. $this->login_form($name); }
/** * Add a comment to the site * * @param mixed $post A Post object instance or Post object id * @param string $name The commenter's name * @param string $email The commenter's email address * @param string $url The commenter's website URL * @param string $content The comment content * @param array $extra An associative array of extra values that should be considered */ function add_comment($post, $name = null, $email = null, $url = null, $content = null, $extra = null) { if (is_numeric($post)) { $post = Post::get(array('id' => $post)); } if (!$post instanceof Post) { // Not sure what you're trying to pull here, but that's no good header('HTTP/1.1 403 Forbidden', true, 403); die; } // let's do some basic sanity checking on the submission if (1 == Options::get('comments_require_id') && (empty($name) || empty($email))) { Session::error(_t('Both name and e-mail address must be provided.')); } if (empty($content)) { Session::error(_t('You did not provide any content for your comment!')); } if (Session::has_errors()) { // save whatever was provided in session data Session::add_to_set('comment', $name, 'name'); Session::add_to_set('comment', $email, 'email'); Session::add_to_set('comment', $url, 'url'); Session::add_to_set('comment', $content, 'content'); // now send them back to the form Utils::redirect($post->permalink . '#respond'); } if ($post->info->comments_disabled) { // comments are disabled, so let's just send // them back to the post's permalink Session::error(_t('Comments on this post are disabled!')); Utils::redirect($post->permalink); } /* Sanitize data */ foreach (array('name', 'url', 'email', 'content') as $k) { ${$k} = InputFilter::filter(${$k}); } /* Sanitize the URL */ if (!empty($url)) { $parsed = InputFilter::parse_url($url); if ($parsed['is_relative']) { // guess if they meant to use an absolute link $parsed = InputFilter::parse_url('http://' . $url); if (!$parsed['is_error']) { $url = InputFilter::glue_url($parsed); } else { // disallow relative URLs $url = ''; } } if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') { // allow only http(s) URLs $url = ''; } else { // reconstruct the URL from the error-tolerant parsing // http:moeffju.net/blog/ -> http://moeffju.net/blog/ $url = InputFilter::glue_url($parsed); } } if (preg_match('/^\\p{Z}*$/u', $content)) { Session::error(_t('Comment contains only whitespace/empty comment')); Utils::redirect($post->permalink); } /* Create comment object*/ $comment = new Comment(array('post_id' => $post->id, 'name' => $name, 'email' => $email, 'url' => $url, 'ip' => sprintf("%u", ip2long($_SERVER['REMOTE_ADDR'])), 'content' => $content, 'status' => Comment::STATUS_UNAPPROVED, 'date' => HabariDateTime::date_create(), 'type' => Comment::COMMENT)); // Should this really be here or in a default filter? // In any case, we should let plugins modify the status after we set it here. $user = User::identify(); if ($user->loggedin && $comment->email == $user->email) { $comment->status = Comment::STATUS_APPROVED; } // Users need to have permission to add comments if (!$user->can('comment')) { Session::error(_t('You do not have permission to create comments.')); Utils::redirect($post->permalink); } // Allow themes to work with comment hooks Themes::create(); // Allow plugins to change comment data and add commentinfo based on plugin-added form fields Plugins::act('comment_accepted', $comment, $this->handler_vars, $extra); $spam_rating = 0; $spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars, $extra); $comment->insert(); $anchor = ''; // If the comment was saved if ($comment->id && $comment->status != Comment::STATUS_SPAM) { $anchor = '#comment-' . $comment->id; // store in the user's session that this comment is pending moderation if ($comment->status == Comment::STATUS_UNAPPROVED) { Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id); } // if no cookie exists, we should set one // but only if the user provided some details $cookie = 'comment_' . Options::get('GUID'); if (!User::identify()->loggedin && !isset($_COOKIE[$cookie]) && (!empty($name) || !empty($email) || !empty($url))) { $cookie_content = $comment->name . '#' . $comment->email . '#' . $comment->url; $site_url = Site::get_path('base', true); setcookie($cookie, $cookie_content, time() + 31536000, $site_url); } } // Return the commenter to the original page. Utils::redirect($post->permalink . $anchor); }
/** * Remove an addon-version-combination from the session and therefore from the cart * After removing, redirect to the overview page for that type of addon */ public function theme_route_remove_from_cart($theme, $params) { $oldlist = Session::get_set("addon_cart"); for ($i = 0; $i < count($oldlist); $i++) { if ($i == $params["index"]) { Session::notice(_t("You removed %s v%s for Habari %s from your cart.", array("<a href='" . $oldlist[$i]["permalink"] . "'>" . $oldlist[$i]["name"] . "</a>", $oldlist[$i]["version"], $oldlist[$i]["habari_version"]), "addon_catalog")); $type = $oldlist[$i]["type"]; continue; } Session::add_to_set("addon_cart", $oldlist[$i]); } Utils::redirect(URL::get("display_addons", array('addon' => $type))); }
/** * Store this control's value under the control's specified key. * * @param string $storage (optional) A storage location to store the control data */ public function save( $storage = null ) { if ( $storage == null ) { $storage = $this->storage; } if ( is_string( $storage ) ) { $storage = explode( ':', $storage, 2 ); switch ( count( $storage ) ) { case 2: list( $type, $location ) = $storage; break; case 1: list( $location ) = $storage; $type = 'option'; break; default: return; } } elseif ( $storage instanceof FormStorage ) { $type = 'formstorage'; } elseif ( is_array( $storage ) ) { $type = 'actionarray'; $location = array_shift( $storage ); } switch ( $type ) { case 'user': User::identify()->info->{$location} = $this->value; break; case 'option': Options::set( $location, $this->value ); break; case 'filter': Plugins::filter( $location, $this->value, $this->name, true, $this ); break; case 'action': Plugins::act( $location, $this->value, $this->name, true, $this ); break; case 'actionarray': Plugins::act( $location, $this->value, $this->name, $storage ); break; case 'session'; Session::add_to_set( $location, $this->value, $this->name ); break; case 'formstorage': $storage->field_save( $this->name, $this->value ); break; case 'null': break; } }
/** * Produce a basic FormStorage implementation from a classic storage string * @param string $value A classic storage string, such as "option:someoption" or "user:age" * @return ControlStorage An instance of an object that will save and load to the indicated location */ public static function from_storage_string($value) { $storage = explode(':', $value, 2); switch (count($storage)) { case 2: list($type, $location) = $storage; break; case 1: list($location) = $storage; $type = 'option'; break; default: // @todo Figure this case out $location = '__'; $type = '__'; break; } switch ($type) { case 'user': $loader = function ($name) { return User::identify()->info->{$name}; }; $saver = function ($name, $value) { User::identify()->info->{$name} = $value; Session::queue(User::identify()); }; break; case 'option': $loader = function ($name) use($location) { return Options::get($location); }; $saver = function ($name, $value) use($location) { Options::set($location, $value); }; break; case 'action': $loader = function ($name) use($location) { return Plugins::filter($location, '', $name, false); }; $saver = function ($name, $value) use($location) { Plugins::act($location, $value, $name, true); }; break; case 'session': $loader = function ($name) use($location) { $session_set = Session::get_set($location, false); if (isset($session_set[$name])) { return $session_set[$name]; } return null; }; $saver = function ($name, $value) use($location) { Session::add_to_set($location, $value, $name); }; break; default: $loader = function () { }; $saver = function () { }; break; } return new ControlStorage($loader, $saver); }
/** * function add_comment * adds a comment to a post, if the comment content is not NULL * @param array An associative array of content found in the $_POST array */ public function act_add_comment() { Utils::check_request_method(array('POST')); $defaults = array('name' => '', 'email' => '', 'url' => '', 'content' => ''); // We need to get the post anyway to redirect back to the post page. $post = Post::get(array('id' => $this->handler_vars['id'])); if (!$post) { // trying to comment on a non-existent post? Weirdo. header('HTTP/1.1 403 Forbidden', true, 403); die; } // make sure all our default values are set so we don't throw undefined index errors foreach ($defaults as $k => $v) { if (!isset($this->handler_vars[$k])) { $this->handler_vars[$k] = $v; } } // let's do some basic sanity checking on the submission if (1 == Options::get('comments_require_id') && (empty($this->handler_vars['name']) || empty($this->handler_vars['email']))) { Session::error(_t('Both name and e-mail address must be provided.')); } if (empty($this->handler_vars['content'])) { Session::error(_t('You did not provide any content for your comment!')); } if (Session::has_errors()) { // save whatever was provided in session data Session::add_to_set('comment', $this->handler_vars['name'], 'name'); Session::add_to_set('comment', $this->handler_vars['email'], 'email'); Session::add_to_set('comment', $this->handler_vars['url'], 'url'); Session::add_to_set('comment', $this->handler_vars['content'], 'content'); // now send them back to the form Utils::redirect($post->permalink . '#respond'); } if ($post->info->comments_disabled) { // comments are disabled, so let's just send // them back to the post's permalink Session::error(_t('Comments on this post are disabled!')); Utils::redirect($post->permalink); } /* Sanitize data */ foreach ($defaults as $k => $v) { $this->handler_vars[$k] = InputFilter::filter($this->handler_vars[$k]); } /* Sanitize the URL */ if (!empty($this->handler_vars['url'])) { $url = $this->handler_vars['url']; $parsed = InputFilter::parse_url($url); if ($parsed['is_relative']) { // guess if they meant to use an absolute link $parsed = InputFilter::parse_url('http://' . $url); if (!$parsed['is_error']) { $url = InputFilter::glue_url($parsed); } else { // disallow relative URLs $url = ''; } } if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') { // allow only http(s) URLs $url = ''; } else { // reconstruct the URL from the error-tolerant parsing // http:moeffju.net/blog/ -> http://moeffju.net/blog/ $url = InputFilter::glue_url($parsed); } $this->handler_vars['url'] = $url; } if (preg_match('/^\\p{Z}*$/u', $this->handler_vars['content'])) { Session::error(_t('Comment contains only whitespace/empty comment')); Utils::redirect($post->permalink); } /* Create comment object*/ $comment = new Comment(array('post_id' => $this->handler_vars['id'], 'name' => $this->handler_vars['name'], 'email' => $this->handler_vars['email'], 'url' => $this->handler_vars['url'], 'ip' => sprintf("%u", ip2long($_SERVER['REMOTE_ADDR'])), 'content' => $this->handler_vars['content'], 'status' => Comment::STATUS_UNAPPROVED, 'date' => HabariDateTime::date_create(), 'type' => Comment::COMMENT)); // Should this really be here or in a default filter? // In any case, we should let plugins modify the status after we set it here. $user = User::identify(); if ($user->loggedin && $comment->email == $user->email) { $comment->status = Comment::STATUS_APPROVED; } // Allow themes to work with comment hooks Themes::create(); $spam_rating = 0; $spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars); $comment->insert(); $anchor = ''; // If the comment was saved if ($comment->id) { $anchor = '#comment-' . $comment->id; // store in the user's session that this comment is pending moderation if ($comment->status == Comment::STATUS_UNAPPROVED) { Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id); } // if no cookie exists, we should set one // but only if the user provided some details $cookie = 'comment_' . Options::get('GUID'); if (!isset($_COOKIE[$cookie]) && (!empty($this->handler_vars['name']) || !empty($this->handler_vars['email']) || !empty($this->handler_vars['url']))) { $cookie_content = $comment->name . '#' . $comment->email . '#' . $comment->url; $site_url = Site::get_path('base', true); setcookie($cookie, $cookie_content, time() + 31536000, $site_url); } } // Return the commenter to the original page. Utils::redirect($post->permalink . $anchor); }
/** * @todo use formui */ private function send_captcha($comment = null) { Session::add_to_set('mollom', $comment, 'comment'); $theme = Themes::create(); $theme->comment = $comment; try { $theme->captcha = Mollom::getImageCaptcha($comment->info->mollom_session_id); $theme->audio_captcha = Mollom::getAudioCaptcha($comment->info->mollom_session_id); } catch (Exception $e) { } $theme->display('mollom_fallback_captcha'); }
/** * Log the entry page view, when appropriate. * */ public function action_add_template_vars($theme, $handler_vars) { // If there is only one post if ($theme->post instanceof Post && count($theme->posts) == 1) { // Only track users that aren't logged in, unless specifically overridden if (!User::identify()->loggedin || Options::get('relativelypopular__loggedintoo')) { $set = Session::get_set('relativelypopular', false); $post = $theme->post; // this code is actually executed about 9 times per page request on my system, // so this check here is essential otherwise we bias the results by a factor of 9 if (!in_array($post->id, $set)) { // load fields $visits = $post->info->visits; $visits_activity = $post->info->visits_activity; // check if fields currently exist and contain the requsite valid data, otherwise reinitalise if ($visits_activity == null || count(explode('#', $visits_activity)) != 2 * $this->n_periods) { $visits_activity = implode('#', array_fill(0, 2 * $this->n_periods, 0)); } $activity = explode('#', $visits_activity); if (!array_key_exists($this->now, $activity)) { $activity += array($this->now => 0); } // increment the quantity for the period we're currently in and blank the $n_periods fields following it $activity[$this->now] += 1; for ($i = 1; $i <= $this->n_periods; $i++) { $next = ($this->day + $i) % (2 * $this->n_periods); if (!array_key_exists($next, $activity)) { $activity += array($next => 0); } $activity[$next] = 0; } // evaluate the total hits for this time period and store it along with the activity trace $post->info->visits = array_sum($activity); $post->info->visits_activity = implode('#', $activity); $post->info->commit(); Session::add_to_set('relativelypopular', $post->id); } } } if (!isset($theme->RelativelyPopular)) { $theme->RelativelyPopular = $this; } }
/** * Store this control's value under the control's specified key. * * @param string $storage (optional) A storage location to store the control data */ public function save($storage = null) { if ($storage == null) { $storage = $this->storage; } $storage = explode(':', $storage, 2); switch (count($storage)) { case 2: list($type, $location) = $storage; break; case 1: list($location) = $storage; $type = 'option'; break; default: return; } switch ($type) { case 'user': User::identify()->info->{$location} = $this->value; break; case 'option': Options::set($location, $this->value); break; case 'action': Plugins::filter($location, $this->value, $this->name, true); break; case 'session': Session::add_to_set($location, $this->value, $this->name); break; case 'null': break; } }
/** * Store this control's value under the control's specified key. * * @param string $storage (optional) A storage location to store the control data */ public function save($storage = null) { if ($storage == null) { $storage = $this->storage; } if (is_string($storage)) { $storage = explode(':', $storage, 2); switch (count($storage)) { case 2: list($type, $location) = $storage; break; case 1: list($location) = $storage; $type = 'option'; break; default: return; } } elseif ($storage instanceof FormStorage) { $type = 'formstorage'; } elseif (is_array($storage)) { $type = 'actionarray'; $location = array_shift($storage); } else { // Dunno what was intended here, but it wasn't a valid/known storage option, so store nothing $type = 'null'; } switch ($type) { case 'user': $user = User::identify(); $user->info->{$location} = $this->value; $user->info->commit(); break; case 'option': Options::set($location, $this->value); break; case 'filter': Plugins::filter($location, $this->value, $this->name, true, $this); break; case 'action': Plugins::act($location, $this->value, $this->name, true, $this); break; case 'actionarray': Plugins::act($location, $this->value, $this->name, $storage); break; case 'session': Session::add_to_set($location, $this->value, $this->name); break; case 'formstorage': $storage->field_save($this->name, $this->value); break; case 'null': break; } }
public function filter_post_content($content, Post $post) { if ($post->info->password) { // if user logged in, show post // make sure it's not just the anonymous user! $user = User::identify(); if ($user instanceof User && $user != User::anonymous()) { return $content; } $session = Session::get_set('post_passwords', false); $token = Utils::crypt('42' . $post->info->password . $post->id . Options::get('GUID')); // if password was submitted verify it if (Controller::get_var('post_password') && Controller::get_var('post_password_id') == $post->id) { $pass = InputFilter::filter(Controller::get_var('post_password')); if (Utils::crypt($pass, $post->info->password)) { Session::add_to_set('post_passwords', $token, $post->id); $session[$post->id] = $token; } else { Session::error(_t('That password was incorrect.', 'postpass')); } } // if password is stored in session verify it if (isset($session[$post->id]) && $session[$post->id] == $token) { return $content; } else { $theme = Themes::create(); $theme->post = $post; return $theme->fetch('post_password_form'); } } else { return $content; } }