function _log_handler_html($level, $msg, $more = array()) { # only show in-browser messages to staff if (!auth_has_role('staff')) { return; } # if this isn't a webpage, the `plain` handler will display the error if (!$GLOBALS['this_is_webpage']) { return; } # only shows notices if we asked to see them if ($level == 'notice' && !$GLOBALS['cfg']['admin_flags_show_notices']) { return; } $type = $more['type'] ? $more['type'] : ''; $colors = $GLOBALS['log_html_colors']['_' . $level]; if (!$colors) { $colors = $GLOBALS['log_html_colors'][$type]; } if (!$colors) { $colors = '#eee,#000'; } list($bgcolor, $color) = explode(',', $colors); echo "<div style=\"background-color: {$bgcolor}; color: {$color}; margin: 1px 1px 0 1px; border: 1px solid #000; padding: 4px; text-align: left; font-family: sans-serif;\">"; if ($type) { echo "[{$type}] "; } echo HtmlSpecialChars($msg); if ($more['time'] > -1) { echo " ({$more['time']} ms)"; } echo "</div>\n"; }
function auth_has_role_all($roles, $who = 0) { if (!is_array($roles)) { return 0; } foreach ($roles as $role) { if (!auth_has_role($role, $who)) { return 0; } } return 1; }
function api_methods_can_view_method(&$method, $viewer_id = 0) { $see_all = auth_has_role("admin", $viewer_id) ? 1 : 0; $see_undocumented = auth_has_role_any(array("admin", "api"), $viewer_id) ? 1 : 0; if (!$method['enabled'] && !$see_all) { return 0; } if (is_array($method['documented_if'])) { $required = $method['documented_if']; if (!in_array("admin", $required)) { $required[] = "admin"; } if (!auth_has_role_any($required, $viewer_id)) { return 0; } } else { if (!$method['documented'] && !$see_all) { return 0; } else { } } return 1; }
} $export_props = export_collect_user_properties($format); $export_more = array_merge($export_props, $export_more); # caching? $ok_cache = 1; if ($GLOBALS['cfg']['enable_feature_export_cache']) { $ok_cache = 1; if (in_array($format, $GLOBALS['cfg']['export_cache_exclude_formats'])) { $ok_cache = 0; } if (!is_dir($GLOBALS['cfg']['export_cache_root'])) { $ok_cache = 0; } } # cache-busting if (get_str('force') && auth_has_role('staff')) { $ok_cache = 0; } # ok, can has file? if (!$ok_cache) { $export = export_dots($sheet['dots'], $format, $export_more); } else { $tmp = $export_more; unset($tmp['viewer_id']); $fingerprint = md5(serialize($tmp)); $filename = "{$sheet['id']}_{$is_own}_{$fingerprint}.{$format}"; $cache_more = array('filename' => $filename); $cache_path = export_cache_path_for_sheet($sheet, $cache_more); # $cache_ok = 1; if (!file_exists($cache_path)) {
<?php # Hey look. Running code. if (preg_match("!/god/\$!", $GLOBALS['cfg']['abs_root_url'])) { $GLOBALS['cfg']['abs_root_url'] = dirname($GLOBALS['cfg']['abs_root_url']) . "/"; } login_ensure_loggedin($_SERVER['REQUEST_URI']); if (!auth_has_role('admin')) { error_403(); }
<?php include "include/init.php"; if (!auth_has_role('invites')) { error_404(); } loadlib("invite_codes"); loadlib("rfc822"); $crumb_key = 'god_generate_invite'; $GLOBALS['smarty']->assign("crumb_key", $crumb_key); $crumb_ok = crumb_check($crumb_key); if ($crumb_ok) { $email = post_str("email"); $code = post_str("code"); if ($code) { $ensure_sent = 0; if ($invite = invite_codes_get_by_code($code, $ensure_sent)) { $template = 'email_invite_user.txt'; invite_codes_send_invite($invite, $template); $invite = invite_codes_get_by_code($code, $ensure_sent); $GLOBALS['smarty']->assign_by_ref("invite", $invite); $GLOBALS['smarty']->assign("invite_sent", 1); } else { $GLOBALS['error'] = "Invalid invite code"; } } else { if (!$email) { $GLOBALS['error'] = "Missing email"; } else { if (!rfc822_is_valid_email_address($email)) { $GLOBALS['error'] = "Invalid email ({$email})";
function _log_handler_html($level, $msg, $more = array()){ if (! auth_has_role('staff')){ return; } # only shows notices if we asked to see them if ($level == 'notice' && !$GLOBALS['cfg']['admin_flags_show_notices']) return; $type = $more['type'] ? $more['type'] : ''; $colors = $GLOBALS['log_html_colors']['_'.$level]; if (!$colors) $colors = $GLOBALS['log_html_colors'][$type]; if (!$colors) $colors = '#eee,#000'; list($bgcolor, $color) = explode(',', $colors); echo "<div style=\"background-color: $bgcolor; color: $color; margin: 1px 1px 0 1px; border: 1px solid #000; padding: 4px; text-align: left; font-family: sans-serif;\">"; if ($type) echo "[$type] "; echo HtmlSpecialChars($msg); if ($more['time'] > -1) echo " ($more[time] ms)"; echo "</div>\n"; }
function _db_connect($cluster, $k=null){ $cluster_key = $k ? "{$cluster}-{$k}" : $cluster; $host = $GLOBALS['cfg']["db_{$cluster}"]["host"]; $user = $GLOBALS['cfg']["db_{$cluster}"]["user"]; $pass = $GLOBALS['cfg']["db_{$cluster}"]["pass"]; $name = $GLOBALS['cfg']["db_{$cluster}"]["name"]; if ($k){ $host = $host[$k]; $name = $name[$k]; } if (is_array($host)){ shuffle($host); $host = $host[0]; } if (!$host){ log_fatal("no such cluster: ".$cluster); } # # try to connect # $start = microtime_ms(); $GLOBALS['db_conns'][$cluster_key] = @mysql_connect($host, $user, $pass, 1); if ($GLOBALS['db_conns'][$cluster_key]){ @mysql_select_db($name, $GLOBALS['db_conns'][$cluster_key]); @mysql_query("SET character_set_results='utf8', character_set_client='utf8', character_set_connection='utf8', character_set_database='utf8', character_set_server='utf8'", $GLOBALS['db_conns'][$cluster_key]); } $end = microtime_ms(); # # log # log_notice('db', "DB-$cluster_key: Connect", $end-$start); if (!$GLOBALS['db_conns'][$cluster_key] || (auth_has_role('staff') && $GLOBALS['cfg']['admin_flags_no_db'])){ log_fatal("Connection to database cluster '$cluster_key' failed"); } $GLOBALS['timings']['db_conns_count']++; $GLOBALS['timings']['db_conns_time'] += $end-$start; # # profiling? # if ($GLOBALS['cfg']['db_profiling']){ @mysql_query("SET profiling = 1;", $GLOBALS['db_conns'][$cluster_key]); } }