/**
* 检查是否登录
*/
function check_auth()
{
// 如果配置中管理员用户名密码为空则说明不用验证
if (Statistics\Config\Config::$adminName == '' && Statistics\Config\Config::$adminPassword == '') {
return true;
}
// 进入验证流程
_session_start();
if (!isset($_SESSION['admin'])) {
if (!isset($_POST['admin_name']) || !isset($_POST['admin_password'])) {
include ST_ROOT . '/Views/login.tpl.php';
_exit();
} else {
$admin_name = $_POST['admin_name'];
$admin_password = $_POST['admin_password'];
if ($admin_name != Statistics\Config\Config::$adminName || $admin_password != Statistics\Config\Config::$adminPassword) {
$msg = "用户名或者密码不正确";
include ST_ROOT . '/Views/login.tpl.php';
_exit();
}
$_SESSION['admin'] = $admin_name;
}
}
return true;
}
public function image()
{
$style = $this->segment(4);
$cun_type = $this->segment(5);
if ($cun_type == 'cookie' || $cun_type == 'session') {
$cun_type = $this->segment(5);
} else {
$cun_type = 'cookie';
}
$style = explode("_", $style);
$width = isset($style[0]) ? intval($style[0]) : '';
$height = isset($style[1]) ? intval($style[1]) : '';
$color = isset($style[2]) ? $style[2] : '';
$bgcolor = isset($style[3]) ? $style[3] : '';
$lenght = isset($style[4]) ? intval($style[4]) : '';
$type = isset($style[5]) ? intval($style[5]) : '';
$checkcode = System::load_app_class("checkcodeimg");
$checkcode->config($width, $height, $color, $bgcolor, $lenght, $type);
if (isset($_GET['dian'])) {
$checkcode->dian(50, $color);
}
if ($cun_type == 'cookie') {
_setcookie("checkcode", md5($checkcode->code));
}
if ($cun_type == 'session') {
_session_start();
$_SESSION['checkcode'] = md5($checkcode->code);
}
$checkcode->image();
}
<?php
/**
* Allen Disk 1.5
* Copyright (C) 2012~2015 Allen Chou
* Author: Allen Chou ( http://allenchou.cc )
* License: MIT License
*/
require_once dirname(dirname(__FILE__) . '/require.php');
_session_start();
$res = $db->select("file", ['id' => $_GET['id']]);
if ($_SESSION["login"] && $_SESSION["username"] == $res[0]["owner"]) {
$result = $db->update('file', ['name' => $_GET["name"]], ['id' => $_GET['id']]);
echo json_encode(["success" => $result, "message" => $result ? "成功重新命名檔案。" : "重新命名檔案失敗。"]);
$token = fopen(dirname(dirname(__FILE__)) . '/updatetoken/' . md5($_SESSION['username']) . '.token', "w");
fclose($token);
} else {
echo json_encode(["success" => false, "message" => "你不是檔案的擁有者。"]);
}
session_set_cookie_params($expire, $path, $domain);
session_start();
}
}
}
if (empty($Config['nosession']) and is_writable(ini_get('session.save_path'))) {
$session_name = session_name();
if (!empty($_COOKIE[$session_name])) {
$session_id = $_COOKIE[$session_name];
} else {
$session_id = session_id();
}
if (!empty($session_id)) {
_session_start($session_id, $options['id']);
} elseif (!empty($options['id']) !== 'Anonymous') {
_session_start('dummy', $options['id']);
}
}
// set the s-maxage for proxy
$proxy_maxage = !empty($Config['proxy_maxage']) ? ', s-maxage=' . $Config['proxy_maxage'] : '';
// set maxage
$user_maxage = !empty($Config['user_maxage']) ? ', max-age=' . $Config['user_maxage'] : ', max-age=0';
if ($_SERVER['REQUEST_METHOD'] != 'GET' and $_SERVER['REQUEST_METHOD'] != 'HEAD') {
// always set private for POST
// basic cache-control
header('Cache-Control: private, max-age=0, s-maxage=0, must-revalidate, post-check=0, pre-check=0');
if (!empty($_SERVER['HTTP_ORIGIN'])) {
if (!empty($DBInfo->access_control_allowed_re)) {
if (preg_match($DBInfo->access_control_allowed_re, $_SERVER['HTTP_ORIGIN'])) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
}
static function _init_web()
{
global $_G;
_session_start(86400);
if (function_exists('date_default_timezone_set')) {
date_default_timezone_set('Asia/Shanghai');
}
if (function_exists('ini_set')) {
ini_set('memory_limit', '128m');
ini_set('date.timezone', 'Asia/Shanghai');
ini_set("max_execution_time", 60);
}
header('Content-Type: text/html; charset=' . CHARSET);
include_once libfile('function/web');
define('MAGIC_QUOTES_GPC', function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc());
if (MAGIC_QUOTES_GPC) {
$_GET = dstripslashes($_GET);
$_POST = dstripslashes($_POST);
$_COOKIE = dstripslashes($_COOKIE);
}
$prelength = strlen('ttae_');
if (count($_COOKIE) > 0) {
foreach ($_COOKIE as $key => $val) {
if (substr($key, 0, $prelength) == 'ttae_') {
//$val = trim_html($val,1);
$_G['cookie'][substr($key, $prelength)] = $val;
}
}
}
if (isset($_GET['u']) && $_GET['u']) {
$u = intval($_GET['u']);
if ($u > 0) {
dsetcookie('t', $u, 3600 * 24 * 30);
}
}
}
function do_userform($formatter, $options)
{
global $DBInfo;
$user =& $DBInfo->user;
# get cookie
$id = !empty($options['login_id']) ? $options['login_id'] : '';
$use_any = 0;
if (!empty($DBInfo->use_textbrowsers)) {
if (is_string($DBInfo->use_textbrowsers)) {
$use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
} else {
$use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
}
}
$options['msg'] = '';
# e-mail conformation
if (!empty($options['ticket']) and $id and $id != 'Anonymous') {
$userdb =& $DBInfo->udb;
$suspended = false;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
} else {
if ($userdb->_exists($id, 1)) {
// suspended user
$suspended = true;
$user = $userdb->getUser($id, 1);
}
}
if ($user->id == $id) {
if ($user->info['eticket'] == $options['ticket']) {
list($dummy, $email) = explode('.', $options['ticket'], 2);
$user->info['email'] = $email;
$user->info['eticket'] = '';
if ($suspended) {
if (empty($DBInfo->register_confirm_admin)) {
$userdb->activateUser($id);
$userdb->saveUser($user);
} else {
$userdb->saveUser($user, array('suspended' => 1));
}
} else {
$userdb->saveUser($user);
}
$title = _("Successfully confirmed");
$options['msg'] = _("Your e-mail address is confirmed successfully");
if (!empty($DBInfo->register_confirm_admin)) {
$options['msg'] .= "<br />" . _("Your need to wait until your ID activated by admin");
}
} else {
if ($user->info['nticket'] == $options['ticket']) {
$title = _("Successfully confirmed");
$user->info['nticket'] = '';
$user->info['password'] = $user->info['npassword'];
$user->info['npassword'] = '';
$userdb->saveUser($user);
$options['msg'] = _("Your new password is confirmed successfully");
} else {
$title = _("Confirmation missmatched !");
$options['msg'] = _("Please try again to register your e-mail address");
}
}
} else {
if ($suspended) {
$title = _("Please wait until your ID is confirmed by admin!");
} else {
$title = _("ID does not exist !");
}
$options['msg'] = _("Please try again to register your e-mail address");
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
$formatter->send_footer("", $options);
return '';
}
$title = '';
if ($user->id == "Anonymous" and !empty($options['emailreset'])) {
setcookie('MONI_VERIFIED_EMAIL', '', time() - 3600, get_scriptname());
$options['msg'] .= '<br />' . _("Verification E-mail removed.");
$options['verifyemail'] = '';
$user->verified_email = '';
} else {
if ($user->id == "Anonymous" and !empty($options['login']) and !empty($options['verify_email'])) {
$email = base64_decode($options['login']);
$ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $email, 10));
if ($ticket == $options['verify_email']) {
$options['msg'] .= '<br />' . _("Your email address is successfully verified.");
$user->verified_email = $email;
setcookie('MONI_VERIFIED_EMAIL', $email, time() + 60 * 60 * 24 * 30, get_scriptname());
} else {
$options['msg'] .= '<br />' . _("Verification missmatched.");
}
} else {
if ($user->id == "Anonymous" and $options['verify'] == _("Verify E-mail address") and !empty($DBInfo->anonymous_friendly) and !empty($options['verifyemail'])) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['verifyemail'])) {
if (($ret = verify_email($options['verifyemail'])) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
} else {
if (!empty($DBInfo->verify_email)) {
if ($DBInfo->verify_email == 1) {
$options['msg'] .= '<br/>' . _("Your email address is successfully verified.");
setcookie('MONI_VERIFIED_EMAIL', $options['verifyemail'], time() + 60 * 60 * 24 * 30, get_scriptname());
} else {
$opts = array();
$opts['subject'] = "[{$DBInfo->sitename}] " . _("Verify Email address");
$opts['email'] = $options['verifyemail'];
$opts['id'] = 'nobody';
$ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $opts['email'], 10));
$enc = base64_encode($opts['email']);
$body = qualifiedUrl($formatter->link_url('UserPreferences', "?action=userform&login={$enc}&verify_email={$ticket}"));
$body = _("Please confirm your e-mail address") . "\n" . $body . "\n";
$ret = wiki_sendmail($body, $opts);
$options['msg'] .= '<br/>' . _("E-mail verification mail sent");
}
}
}
} else {
$options['msg'] .= '<br/>' . _("Your email address is not valid");
}
} else {
if ($user->id == "Anonymous" and !empty($options['login_id']) and isset($options['password']) and !isset($options['passwordagain'])) {
if (method_exists($user, 'login')) {
$user->login($formatter, $options);
$params = array();
$params['value'] = $options['page'];
do_goto($formatter, $params);
return;
}
# login
$userdb = $DBInfo->udb;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
$login_ok = 0;
if (!empty($DBInfo->use_safelogin)) {
if (isset($options['challenge']) and $options['_chall'] == $options['challenge']) {
#print '<pre>';
#print $options['password'].'<br />';
#print hmac($options['challenge'],$user->info['password']);
#print '</pre>';
if (hmac($options['challenge'], $user->info['password']) == $options['password']) {
$login_ok = 1;
}
} else {
# with no javascript browsers
$md5pw = md5($options['password']);
if ($md5pw == $user->info['password']) {
$login_ok = 1;
}
}
}
if ($login_ok or $user->checkPasswd($options['password']) === true) {
$options['msg'] = sprintf(_("Successfully login as '%s'"), $id);
$options['id'] = $user->id;
if ($user->id == 'Anonymous') {
// special case. login success but ID is not acceptable
$options['msg'] = _("Invalid user ID. Please register again");
} else {
$formatter->header($user->setCookie());
if (!isset($user->info['login_success'])) {
$user->info['login_success'] = 0;
}
if (!isset($user->info['login_fail'])) {
$user->info['login_fail'] = 0;
}
$user->info['login_success']++;
$user->info['last_login'] = gmdate("Y/m/d H:i:s", time());
$user->info['login_fail'] = 0;
// reset login
$user->info['remote'] = $_SERVER['REMOTE_ADDR'];
$userdb->saveUser($user);
$use_refresh = 1;
if (function_exists('_session_start')) {
_session_start(null, $user->id);
}
}
$DBInfo->user = $user;
} else {
$title = sprintf(_("Invalid password !"));
if (!isset($user->info['login_fail'])) {
$user->info['login_fail'] = 0;
}
$user->info['login_fail']++;
$user->info['remote'] = $_SERVER['REMOTE_ADDR'];
$userdb->saveUser($user);
$user->setID('Anonymous');
}
} else {
if (isset($options['login_id'][0])) {
if ($userdb->_exists($id, 1)) {
// suspended user
$title = sprintf(_("\"%s\" is waiting for activated by admin !"), $options['login_id']);
} else {
$title = sprintf(_("\"%s\" does not exist on this wiki !"), $options['login_id']);
}
$options['login_id'] = '';
} else {
$title = _("Make new ID on this wiki");
}
$form = macro_UserPreferences($formatter, '', $options);
}
} else {
if (!empty($options['logout'])) {
# logout
header($user->unsetCookie(), false);
if (session_name() != '') {
// for some user plugins
$params = session_get_cookie_params();
header('Set-Cookie: ' . session_name() . '=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $params['path'] . '; Domain=' . $params['domain'], false);
}
// call logout method
if (method_exists($user, 'logout')) {
$user->logout($formatter, $options);
} else {
$options['msg'] = _("Cookie deleted !");
}
$user->id = 'Anonymous';
$DBInfo->user = $user;
$use_refresh = 1;
} else {
if (!empty($DBInfo->use_sendmail) and $options['login'] == _("E-mail new password") and $user->id == "Anonymous" and !empty($options['email']) and !empty($options['login_id'])) {
# email new password
$title = '';
if (!$use_any and $DBInfo->use_ticket) {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$title = _("Invalid ticket !");
}
} else {
$title = _("You need a ticket !");
}
} else {
$ok_ticket = 1;
}
$userdb =& $DBInfo->udb;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
}
if ($ok_ticket and $user->id != "Anonymous") {
if ($options['email'] == $user->info['email'] and $user->info['eticket'] == '') {
#make new password
$mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
$mypass = substr($mypass, 0, 8);
$options['password'] = $mypass;
$old_passwd = $user->info['password'];
if ($DBInfo->use_safelogin) {
$ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
} else {
$ret = $user->setPasswd($mypass, $mypass);
}
$new_passwd = $user->info['password'];
$user->info['password'] = $old_passwd;
$user->info['npassword'] = $new_passwd;
#make ticket
$ticket = md5(time() . $user->id . $options['email']);
$user->info['nticket'] = $ticket . "." . $options['email'];
// save join agreement
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$user->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$user->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
$userdb->saveUser($user);
# XXX
$opts['subject'] = "[{$DBInfo->sitename}] " . _("New password confirmation");
$opts['email'] = $options['email'];
$opts['id'] = 'nobody';
$body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body = _("Please confirm your new password") . "\n" . $body . "\n";
$body .= sprintf(_("Your new password is %s"), $mypass) . "\n\n";
$body .= _("Please change your password later") . "\n";
$ret = wiki_sendmail($body, $opts);
if (is_array($ret)) {
$title = _("Fail to e-mail notification !");
$options['msg'] = $ret['msg'];
} else {
$title = _("New password is sent to your e-mail !");
$options['msg'] = _("Please check your e-mail");
}
} else {
if ($options['email'] != $user->info['email']) {
$title = _("Fail to e-mail notification !");
$options['msg'] = _("E-mail mismatch !");
} else {
$title = _("Invalid request");
$options['msg'] = _("Please confirm your e-mail address first !");
}
}
} else {
if (!$ok_ticket) {
$title = _("Invalid ticket !");
} else {
$title = _("ID and e-mail mismatch !");
}
$options['msg'] = _("Please try again or make a new profile");
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
$formatter->send_footer("", $options);
return;
} else {
if ($user->id == "Anonymous" and !empty($options['login_id']) and ($options['password'] and $options['passwordagain'] or $DBInfo->use_safelogin and $options['email'])) {
# create profile
$title = '';
if (!$use_any and !empty($DBInfo->use_ticket)) {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$title = _("Invalid ticket !");
}
} else {
$title = _("You need a ticket !");
}
} else {
$ok_ticket = 1;
}
$id = $user->getID($options['login_id']);
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $id)) {
if (($ret = verify_email($id)) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
} else {
$options['email'] = $id;
$user->setID($id);
}
} else {
if (!preg_match("/\\//", $id)) {
$user->setID($id);
}
}
// protect http:// style id
if (!empty($DBInfo->use_agreement) and empty($options['joinagreement'])) {
$title = _("Please check join agreement.");
} else {
if ($ok_ticket and $user->id != "Anonymous") {
if (!empty($DBInfo->use_safelogin)) {
$mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
$mypass = substr($mypass, 0, 8);
$options['password'] = $mypass;
$ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
} else {
$ret = $user->setPasswd($options['password'], $options['passwordagain']);
}
if (!empty($DBInfo->password_length) and strlen($options['password']) < $DBInfo->password_length) {
$ret = 0;
}
if ($ret <= 0) {
if ($ret == 0) {
$title = _("too short password!");
} else {
if ($ret == -1) {
$title = _("mismatch password!");
} else {
if ($ret == -2) {
$title = _("not acceptable character found in the password!");
}
}
}
} else {
if ($ret < 8 and empty($DBInfo->use_safelogin)) {
$options['msg'] = _("Your password is too simple to use as a password !");
}
$udb = $DBInfo->udb;
if ($options['email']) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
if (($ret = verify_email($options['email'])) < 0) {
$options['email'] = '';
// reset email address
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Can't verify E-mail address! Please check your email address.");
}
} else {
$options['msg'] .= '<br/>' . _("Your email address is not valid");
}
}
if ($udb->isNotUser($user)) {
if (!empty($DBInfo->no_register)) {
$options['msg'] = _("Fail to register");
$options['err'] = _("You are not allowed to register on this wiki");
$options['err'] .= "\n" . _("Please contact WikiMasters");
do_invalid($formatter, $options);
return;
}
$title = sprintf(_("Successfully added as '%s'"), _html_escape($user->id));
$options['id'] = $user->id;
$ticket = md5(time() . $user->id . $options['email']);
$user->info['eticket'] = $ticket . "." . $options['email'];
if (!empty($DBInfo->use_safelogin)) {
$options['msg'] = sprintf(_("Successfully added as '%s'"), $user->id);
$options['msg'] .= '<br />' . _("Please check your mailbox");
}
$args = array();
if ($options['email'] == $id or !empty($DBInfo->register_confirm_email)) {
$args = array('suspended' => 1);
}
if (!empty($DBInfo->register_confirm_admin)) {
$args = array('suspended' => 1);
}
if (!empty($DBInfo->register_confirm_admin)) {
if (!empty($options['msg'])) {
$options['msg'] .= '<br />';
}
$options['msg'] .= _("Your need to wait until your ID activated by admin");
}
// save join agreement
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$user->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$user->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
if (empty($DBInfo->use_safelogin) && empty($args['suspended'])) {
$formatter->header($user->setCookie());
}
$ret = $udb->addUser($user, $args);
# XXX
if (!empty($options['email']) and preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
$options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
$body = '';
if (!empty($DBInfo->email_register_header) and file_exists($DBInfo->email_register_header)) {
$body = file_get_contents($DBInfo->email_register_header);
$body = str_replace(array('@sitename@'), array($DBInfo->sitename), $body);
}
$body .= _("Please confirm your email address") . "\n\n";
$body .= qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body .= "\n";
if (!empty($DBInfo->use_safelogin)) {
$body .= "\n" . sprintf(_("Your initial password is %s"), $mypass) . "\n\n";
$body .= _("Please change your password later") . "\n";
}
$ret = wiki_sendmail($body, $options);
if (is_array($ret)) {
$options['msg'] .= $ret['msg'];
} else {
$options['msg'] .= '<br/>' . _("Confirmation E-mail sent");
}
}
} else {
# already exist user
$user = $udb->getUser($user->id);
if ($user->checkPasswd($options['password']) === true) {
$options['msg'] .= sprintf(_("Successfully login as '%s'"), $id);
$options['id'] = $user->id;
$formatter->header($user->setCookie());
$udb->saveUser($user);
# XXX
if (function_exists('_session_start')) {
_session_start(null, $user->id);
}
} else {
$title = _("Invalid password !");
}
}
}
} else {
if (empty($title)) {
$title = _("Invalid username !");
}
}
}
} else {
if ($user->id != "Anonymous") {
# save profile
$udb =& $DBInfo->udb;
$userinfo = $udb->getUser($user->id);
if (!empty($options['password']) and !empty($options['passwordagain'])) {
$chall = 0;
if (!empty($DBInfo->use_safelogin)) {
if (isset($options['_chall'])) {
$chall = $options['challenge'];
} else {
$chall = rand(100000);
$options['password'] = hmac($chall, $options['password']);
}
}
//echo 'chall=',$chall,' ',$options['password'];
if ($userinfo->checkPasswd($options['password'], $chall) === true) {
if ($DBInfo->use_safelogin) {
$mypass = md5($options['passwordagain']);
// XXX
$ret = $userinfo->setPasswd($mypass, $mypass, 1);
} else {
$ret = $userinfo->setPasswd($options['passwordagain']);
}
if ($ret <= 0) {
if ($ret == 0) {
$title = _("too short password!");
} else {
if ($ret == -1) {
$title = _("mismatch password !");
} else {
if ($ret == -2) {
$title = _("not acceptable character found in the password!");
}
}
}
$options['msg'] = _("Password is not changed !");
} else {
$title = _("Password is changed !");
if ($ret < 8) {
$options['msg'] = _("Password is too simple to use as a password !");
}
}
} else {
$title = _("Invalid password !");
$options['msg'] = _("Password is not changed !");
}
}
if (isset($options['user_css'])) {
$userinfo->info['css_url'] = $options['user_css'];
}
if (isset($options['timezone'])) {
list($hour, $min) = explode(':', $options['timezone']);
$min = $min * 60;
$min = $hour < 0 ? -1 * $min : $min;
$tz_offset = $hour * 3600 + $min;
$userinfo->info['tz_offset'] = $tz_offset;
}
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$userinfo->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$userinfo->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
$button_check_email_again = !empty($options['button_check_email_again']) ? 1 : 0;
if ($button_check_email_again and !empty($userinfo->info['eticket'])) {
list($dummy, $email) = explode('.', $userinfo->info['eticket'], 2);
if (!empty($email)) {
$options['email'] = $email;
}
}
if (!empty($options['email']) and $options['email'] != $userinfo->info['email']) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
if (($ret = verify_email($options['email'])) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br />' . _("Invalid email address or can't verify it.");
} else {
$ticket = md5(time() . $userinfo->info['id'] . $options['email']);
$userinfo->info['eticket'] = $ticket . "." . $options['email'];
$options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
$body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body = _("Please confirm your email address") . "\n" . $body;
$ret = wiki_sendmail($body, $options);
if (is_array($ret)) {
$options['msg'] = $ret['msg'];
} else {
$options['msg'] = _("E-mail confirmation mail sent");
}
}
} else {
$options['msg'] = _("Your email address is not valid");
}
}
if (!empty($userinfo->info['idtype']) and $userinfo->info['idtype'] == 'openid' and isset($options['nick']) and $options['nick'] != $userinfo->info['nick']) {
$nick = $userinfo->getID($options['nick']);
// nickname check XXX
if (!$udb->_exists($nick)) {
$userinfo->info['nick'] = $nick;
} else {
$options['msg'] = _("Your Nickname already used as ID in this wiki");
}
}
$udb->saveUser($userinfo);
#$options['css_url']=$options['user_css'];
if (!isset($options['msg'])) {
$options['msg'] = _("Profiles are saved successfully !");
}
} else {
if ($user->id == "Anonymous" and isset($options['openid_url'])) {
# login with openid
include_once 'lib/openid.php';
$process_url = qualifiedUrl($formatter->link_url("UserPreferences", "?action=userform"));
$trust_root = qualifiedUrl($formatter->link_url(""));
$openid = new SimpleOpenID();
$openid->SetIdentity($options['openid_url']);
$openid->SetTrustRoot($trust_root);
$openid->SetRequiredFields(array('nickname', 'email', 'fullname'));
$openid->SetOptionalFields(array('language', 'timezone'));
if ($openid->GetOpenIDServer()) {
$openid->SetApprovedURL($process_url);
// Send Response from OpenID server to this script
$openid->Redirect();
// This will redirect user to OpenID Server
return;
} else {
$error = $openid->GetError();
#echo "ERROR CODE: " . $error['code'] . "<br>";
#echo "ERROR DESCRIPTION: " . $error['description'] . "<br>";
$options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
}
} else {
if (!empty($options['openid_mode']) and $options['openid_mode'] == 'id_res') {
// OpenID result
include_once 'lib/openid.php';
if (!preg_match('/utf-?8/i', $DBInfo->charset)) {
$options['openid_sreg_nickname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_nickname']);
$options['openid_sreg_fullname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_fullname']);
}
$openid = new SimpleOpenID();
$openid->SetIdentity($options['openid_identity']);
$openid_validation_result = $openid->ValidateWithServer();
if ($openid_validation_result == true) {
// OK HERE KEY IS VALID
$userdb =& $DBInfo->udb;
// XXX
$user->setID($options['openid_identity']);
// XXX
if (!empty($options['openid_language'])) {
$user->info['language'] = strtolower($options['openid_sreg_language']);
}
//$user->info['tz_offset']=$options['openid_timezone'];
if ($userdb->_exists($options['openid_identity'])) {
$user = $userdb->getUser($options['openid_identity']);
$user->info['idtype'] = 'openid';
$options['msg'] .= sprintf(_("Successfully login as '%s' via OpenID."), $options['openid_identity']);
$formatter->header($user->setCookie());
$userdb->saveUser($user);
// always save
if (function_exists('_session_start')) {
_session_start(null, $user->id);
}
} else {
if (!empty($DBInfo->no_register) and $DBInfo->no_register == 1) {
$options['msg'] = _("Fail to register");
$options['err'] = _("You are not allowed to register on this wiki");
$options['err'] .= "\n" . _("Please contact WikiMasters");
do_invalid($formatter, $options);
return;
}
if ($options['openid_sreg_nickname']) {
$nick = $user->getID($options['openid_sreg_nickname']);
if (!$userdb->_exists($nick)) {
$user->info['nick'] = $nick;
} else {
$options['msg'] = sprintf(_("Your Nickname %s already used as ID in this Wiki."), $nick);
}
}
$user->info['email'] = $options['openid_sreg_email'];
$user->info['idtype'] = 'openid';
$userdb->addUser($user);
$formatter->header($user->setCookie());
$userdb->saveUser($user);
$options["msg"] .= sprintf(_("OpenID Authentication successful and saved as %s."), $options['openid_identity']);
}
$options['id'] = $user->id;
} else {
if ($openid->IsError() == true) {
// ON THE WAY, WE GOT SOME ERROR
$error = $openid->GetError();
$options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
} else {
// Signature Verification Failed
$options["msg"] = _("Invalid OpenID Authentication request");
echo "INVALID AUTHORIZATION";
}
}
} else {
if (!empty($DBInfo->use_agreement) and $options['login'] == _("Make profile")) {
$options['agreement'] = 1;
$form = macro_UserPreferences($formatter, '', $options);
} else {
$options["msg"] = _("Invalid request");
}
}
}
}
}
}
}
}
}
}
}
$myrefresh = '';
if (!empty($DBInfo->use_refresh) and !empty($use_refresh)) {
$sec = $DBInfo->use_refresh - 1;
if (!empty($options['return_url'])) {
$lnk = $options['return_url'];
} else {
$lnk = $formatter->link_url($formatter->page->urlname, '?action=show');
}
$myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
}
$formatter->send_header($myrefresh, $options);
$formatter->send_title($title, "", $options);
if (!$title && (empty($DBInfo->control_read) or $DBInfo->security->is_allowed('read', $options))) {
$lnk = $formatter->link_to('?action=show');
if (empty($form)) {
echo sprintf(_("return to %s"), $lnk);
} else {
echo $form;
}
} else {
if (!empty($form)) {
print $form;
}
# else $formatter->send_page("Goto UserPreferences");
}
$formatter->send_footer("", $options);
}