function do_login()
{
global $current_user, $globals;
$form_ip_check = check_form_auth_ip();
$previous_login_failed = log_get_date('login_failed', $globals['form_user_ip_int'], 0, 300);
echo '<form action="' . get_auth_link() . 'login.php" id="xxxthisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
// Check the IP, otherwise redirect
if (!$form_ip_check) {
header("Location: http://" . get_server_name() . $globals['base_url'] . "login.php");
die;
}
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
if ($_POST['persistent']) {
$persistent = 3600000;
// 1000 hours
} else {
$persistent = 0;
}
// Check form
if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('el código de seguridad no es correcto'));
} elseif ($current_user->Authenticate($username, md5($password), $persistent) == false) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta'));
$previous_login_failed++;
} else {
UserAuth::check_clon_from_cookies();
if (!empty($_REQUEST['return'])) {
header('Location: ' . $_REQUEST['return']);
} else {
header('Location: ./');
}
die;
}
}
echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
// Print captcha
if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) {
ts_print_form();
}
get_form_auth_ip();
echo '<p><input type="submit" value="login" tabindex="4" />' . "\n";
echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</form>' . "\n";
echo '<div><strong><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></strong></div>' . "\n";
echo '<div style="margin-top: 30px">';
print_oauth_icons($_REQUEST['return']);
echo '</div>' . "\n";
}
function authorize()
{
global $globals, $db;
$oauth_token = clean_input_string($_GET['oauth_token']);
$request_token_secret = $_COOKIE['oauth_token_secret'];
if (!empty($oauth_token) && !empty($request_token_secret)) {
$this->oauth->setToken($oauth_token, $request_token_secret);
try {
$access_token_info = $this->oauth->getAccessToken($this->access_token_url);
} catch (Exception $e) {
do_error(_('error de conexión a') . " {$this->service} (authorize1)", false, false);
}
} else {
do_error(_('acceso denegado'), false, false);
}
$this->token = $access_token_info['oauth_token'];
$this->secret = $access_token_info['oauth_token_secret'];
$this->uid = $access_token_info['user_id'];
$this->username = User::get_valid_username($access_token_info['screen_name']);
if (!$this->user_exists()) {
$this->oauth->setToken($access_token_info['oauth_token'], $access_token_info['oauth_token_secret']);
try {
$data = $this->oauth->fetch($this->credentials_url);
} catch (Exception $e) {
do_error(_('error de conexión a') . " {$this->service} (authorize2)", false, false);
}
if ($data) {
$response_info = $this->oauth->getLastResponse();
$response = json_decode($response_info);
if ($access_token_info['screen_name'] != $response->screen_name) {
do_error(_('datos incorrectos') . " {$this->service}", false, false);
}
$this->url = $response->url;
$this->names = $response->name;
$this->avatar = $response->profile_image_url;
}
$db->transaction();
$this->store_user();
} else {
$db->transaction();
}
$this->store_auth();
$db->commit();
$this->user_login();
}
<?php
// The source code packaged with this file is Free Software, Copyright (C) 2005 by
// Ricardo Galli <gallir at uib dot es>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include 'config.php';
include mnminclude . 'html1.php';
$globals['ads'] = true;
// Clean return variable
if (!empty($_REQUEST['return'])) {
$_REQUEST['return'] = clean_input_string($_REQUEST['return']);
}
if ($_GET["op"] === 'logout') {
$current_user->Logout($_REQUEST['return']);
}
// We need it because we modify headers
ob_start();
do_header("login");
do_navbar("login");
echo '<div id="genericform-contents">' . "\n";
//echo '<div id="genericform">'."\n";
if ($_GET["op"] === 'recover' || !empty($_POST['recover'])) {
do_recover();
} else {
do_login();
}
echo '</div>' . "\n";
//echo '</div>'."\n";
// The order is not exactly the votes
// but a time-decreasing function applied to the number of votes
$sql = "select link_id, (link_votes-link_negatives*2)*(1-(unix_timestamp(now())-unix_timestamp(link_date))*0.8/129600) as value from links, sub_statuses where id = " . SitesMgr::my_id() . " AND link_id = link AND status='published' and date > '{$min_date}' order by value desc limit 25";
} elseif (isset($_REQUEST['top_visited'])) {
$min_date = date("Y-m-d H:i:00", $globals['now'] - 172800);
// 48 hours
// The order is not exactly the votes
// but a time-decreasing function applied to the number of votes
$sql = "select link_id, counter*(1-(unix_timestamp(now())-unix_timestamp(link_date))*0.5/172800) as value from links, link_clicks, sub_statuses where sub_statuses.id = " . SitesMgr::my_id() . " AND link_id = link AND status='published' and date > '{$min_date}' and link_clicks.id = link order by value desc limit 25";
} else {
/////
// All the others
/////
// The link_status to search
if (!empty($_REQUEST['status'])) {
$status = $db->escape(clean_input_string(trim($_REQUEST['status'])));
} else {
// By default it searches on all
if ($_REQUEST['q']) {
$status = 'all';
include mnminclude . 'search.php';
$search_ids = do_search(true);
if ($search_ids['ids']) {
$search = ' link_id in (' . implode(',', $search_ids['ids']) . ')';
}
} else {
$status = 'published';
}
}
switch ($status) {
case 'published':
<?php
// The source code packaged with this file is Free Software, Copyright (C) 2005 by
// Ricardo Galli <gallir at uib dot es>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include '../config.php';
header('Content-Type: text/plain; charset=UTF-8');
$type = clean_input_string($_REQUEST['type']);
$name = clean_input_string($_GET["name"]);
#echo "$type, $name...";
switch ($type) {
case 'username':
if (strlen($name) < 3) {
echo _('nombre demasiado corto');
return;
}
if (strlen($name) > 24) {
echo _('nombre demasiado largo');
return;
}
if (!check_username($name)) {
echo _('caracteres inválidos');
return;
}
if (!($current_user->user_id > 0 && $current_user->user_login == $name) && user_exists($name)) {
echo _('el usuario ya existe');
return;
}
}
} else {
if ($uid > 0) {
// Avoid anonymous and non admins users to use the id, it's a "duplicated" page
redirect(html_entity_decode(get_user_uri($login, $_REQUEST['view'])));
die;
}
$user->username = $login;
}
if (!$user->read()) {
do_error(_('usuario inexistente'), 404);
}
$login = $user->username;
// Just in case, we user the database username
$globals['search_options'] = array('u' => $user->username);
$view = clean_input_string($_REQUEST['view']);
if (empty($view)) {
$view = 'profile';
}
// The profile's use marked the current one as friend
if ($current_user->user_id) {
$user->friendship = User::friend_exists($user->id, $current_user->user_id);
} else {
$user->friendship = 0;
}
// For editing notes and sending privates
if ($current_user->user_id == $user->id || $current_user->admin || $user->friendship) {
$globals['extra_js'][] = 'ajaxupload.min.js';
}
// Enable user AdSense
// do_user_ad: 0 = noad, > 0: probability n/100
include mnminclude . 'html1.php';
include mnminclude . 'avatars.php';
$globals['ads'] = false;
$globals['secure_page'] = True;
check_auth_page();
// We need it because we modify headers
ob_start();
$user_levels = array('autodisabled', 'disabled', 'normal', 'special', 'blogger', 'admin', 'god');
$bio_max = 300;
// Max bio length
// User recovering her password
if (!empty($_GET['login']) && !empty($_GET['t']) && !empty($_GET['k'])) {
$time = intval($_GET['t']);
$key = $_GET['k'];
$user = new User();
$user->username = clean_input_string($_GET['login']);
if ($user->read()) {
$now = time();
$key2 = md5($user->id . $user->pass . $time . $site_key . get_server_name());
//echo "$now, $time; $key == $key2\n";
if ($time > $now - 900 && $time < $now && $key == $key2) {
$db->query("update users set user_validated_date = now() where user_id = {$user->id} and user_validated_date is null");
$current_user->Authenticate($user->username, false);
header('Location: ' . get_user_uri($user->username));
die;
}
}
}
//// End recovery
// Check user, admin and authenticated user
if ($current_user->user_id > 0 && (empty($_REQUEST['login']) || $_REQUEST['login'] == $current_user->user_login)) {
public static function store_extended_properties($id = false, &$prefs)
{
if ($id == false) {
$id = self::my_id();
}
$dict = array();
$defaults = self::$extended_properties;
foreach ($prefs as $k => $v) {
if ($v !== '' && isset($defaults[$k]) && $defaults[$k] != $v) {
switch ($k) {
case 'rules':
case 'message':
$dict[$k] = clean_text_with_tags($v, 0, false, 300);
break;
default:
$dict[$k] = mb_substr(clean_input_string($v), 0, 100);
}
}
}
$key = self::PREFERENCES_KEY . $id;
$a = new Annotation($key);
if (!empty($dict)) {
$json = json_encode($dict);
$a->text = $json;
return $a->store();
}
return $a->delete();
}
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include 'config.php';
include mnminclude . 'html1.php';
$globals['extra_js'][] = 'autocomplete/jquery.autocomplete.min.js';
$globals['extra_css'][] = 'jquery.autocomplete.css';
$globals['extra_js'][] = 'jquery.user_autocomplete.js';
$page_size = 20;
$offset = (get_current_page() - 1) * $page_size;
$globals['ads'] = true;
$u1 = User::get_valid_username(clean_input_string($_REQUEST['u1']));
$u2 = User::get_valid_username(clean_input_string($_REQUEST['u2']));
$id1 = User::get_user_id($u1);
$id2 = User::get_user_id($u2);
switch ($_REQUEST['type']) {
case 'comments':
$type = 'comments';
$prefix = 'comment';
break;
case 'posts':
default:
$type = 'posts';
$prefix = 'post';
}
do_header(sprintf(_('debate entre %s y %s'), $u1, $u2));
do_tabs('main', _('debate'), $globals['uri']);
/*** SIDEBAR ****/
<?php
include_once '../config.php';
$forbidden = array('ip', 'email', 'ip_int', 'user_level');
header('Content-Type: application/json; charset=utf-8');
if (empty($_GET['id']) || empty($_GET['fields'])) {
die;
}
$id = intval($_GET['id']);
$fields = clean_input_string($_GET['fields']);
// It has to remove parenthesis
if (empty($_GET['what'])) {
$what = 'link';
} else {
$what = $_GET['what'];
}
$object = false;
switch ($what) {
case 'link':
case 'links':
$object = Link::from_db($id, null, false);
break;
case 'comment':
case 'comments':
$object = Comment::from_db($id);
break;
case 'post':
case 'posts':
$object = Post::from_db($id);
break;
}
function pingback_ping($args)
{
global $db, $globals;
$pagelinkedfrom = clean_input_string($args[0]);
//$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
$pagelinkedto = clean_input_string($args[1]);
$title = '';
$urlfrom = parse_url($pagelinkedfrom);
$urltest = parse_url($pagelinkedto);
if (!$urlfrom || !$urltest) {
return new IXR_Error(0, 'Is there no link to us?');
}
if ($urltest['host'] != get_server_name()) {
return new IXR_Error(0, 'Is there no link to us?');
}
$base_uri = preg_quote($globals['base_url'] . $globals['base_story_url'], '/');
$uri = preg_replace("/^{$base_uri}/", '', $urltest[path]);
if (check_ban($globals['user_ip'], 'ip')) {
syslog(LOG_NOTICE, "Meneame: pingback, IP is banned ({$globals['user_ip']}): {$pagelinkedfrom} - {$pagelinkedto}");
return new IXR_Error(33, 'IP is banned.');
}
// Antispam of sites like xxx.yyy-zzz.info/archives/xxx.php
if (preg_match('/http:\\/\\/[a-z0-9]\\.[a-z0-9]+-[^\\/]+\\.info\\/archives\\/.+\\.php$/', $pagelinkedfrom)) {
return new IXR_Error(33, 'Host not allowed.');
}
if (check_ban($urlfrom[host], 'hostname', false)) {
syslog(LOG_NOTICE, "Meneame: pingback, site is banned: {$pagelinkedfrom} - {$pagelinkedto}");
return new IXR_Error(33, 'Site is banned.');
}
$link = new Link();
$link->uri = preg_replace('/#[\\w\\-\\_]+$/', '', $uri);
if (empty($uri) || !$link->read('uri')) {
syslog(LOG_NOTICE, "Meneame: pingback, story does not exist: {$pagelinkedto}");
return new IXR_Error(33, 'Story doesn\'t exist.');
}
if ($link->get_permalink() == $pagelinkedfrom) {
syslog(LOG_NOTICE, "Meneame: pingback, points to the same post: {$pagelinkedfrom} - {$pagelinkedto}");
return new IXR_Error(48, 'The pingback points to the same post.');
}
if ($link->date < time() - 86400 * 15) {
syslog(LOG_NOTICE, "Meneame: pingback, story is too old: {$pagelinkedto}");
return new IXR_Error(33, 'Story is too old for pingbacks.');
}
$trackres = new Trackback();
$trackres->link_id = $link->id;
$trackres->type = 'in';
$trackres->link = $pagelinkedfrom;
$trackres->url = $pagelinkedfrom;
if ($trackres->abuse()) {
return new IXR_Error(33, 'Don\'t send so many pings.');
}
$dupe = $trackres->read();
if ($dupe) {
syslog(LOG_NOTICE, "Meneame: pingback, we already have a ping from that URI for this post: {$pagelinkedfrom} - {$pagelinkedto}");
return new IXR_Error(48, 'The pingback has already been registered.');
}
// very stupid, but gives time to the 'from' server to publish !
sleep(1);
// Let's check the remote site
if (version_compare(phpversion(), '5.1.0') >= 0) {
$contents = @file_get_contents($pagelinkedfrom, FALSE, NULL, 0, 100000);
} else {
$contents = @file_get_contents($pagelinkedfrom);
}
if (!$contents) {
syslog(LOG_NOTICE, "Meneame: pingback, the provided URL does not seem to work: {$pagelinkedfrom} - {$pagelinkedto}");
return new IXR_Error(16, 'The source URL does not exist.');
}
if (preg_match('/charset=([a-zA-Z0-9-_]+)/i', $contents, $matches)) {
$this->encoding = trim($matches[1]);
if (strcasecmp($this->encoding, 'utf-8') != 0) {
$contents = iconv($this->encoding, 'UTF-8//IGNORE', $contents);
}
}
// Check is links back to us
$permalink = $link->get_permalink();
$permalink_q = preg_quote($permalink, '/');
$pattern = "/<\\s*a[^>]+href=[\"']" . $permalink_q . "[#\\/0-9a-z\\-]*[\"'][^>]*>/i";
if (!preg_match($pattern, $contents)) {
syslog(LOG_NOTICE, "Meneame: pingback, the provided URL does not have a link back to us: {$pagelinkedfrom} - {$pagelinkedto}");
return new IXR_Error(17, 'The source URL does not contain a link to the target URL, and so cannot be used as a source.');
}
// Search Title
if (preg_match('/<title[^<>]*>([^<>]*)<\\/title>/si', $contents, $matches)) {
$url_title = clean_text($matches[1]);
if (mb_strlen($url_title) > 3) {
$title = $url_title;
}
}
if (empty($title)) {
syslog(LOG_NOTICE, "Meneame: pingback, cannot find a title on that page: {$pagelinkedfrom} - {$pagelinkedto}");
return new IXR_Error(32, 'We cannot find a title on that page.');
}
$title = mb_strlen($title) > 120 ? mb_substr($title, 0, 120) . '...' : $title;
$trackres->title = $title;
$trackres->status = 'ok';
$trackres->store();
syslog(LOG_NOTICE, "Meneame: pingback ok: {$pagelinkedfrom} - {$pagelinkedto}");
return "Pingback from registered. Keep the web talking! :-)";
}
function do_register2()
{
global $db, $current_user, $globals;
if (!ts_is_human()) {
register_error(_('el código de seguridad no es correcto'));
return;
}
if (!check_user_fields()) {
return;
}
// Extra check
if (!check_security_key($_POST['base_key'])) {
register_error(_('código incorrecto o pasó demasiado tiempo'));
return;
}
$username = clean_input_string(trim($_POST['username']));
// sanity check
$dbusername = $db->escape($username);
// sanity check
$password = UserAuth::hash(trim($_POST['password']));
$email = clean_input_string(trim($_POST['email']));
// sanity check
$dbemail = $db->escape($email);
// sanity check
$user_ip = $globals['form_user_ip'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip) VALUES ('{$dbusername}', '{$dbusername}', '{$dbemail}', '{$dbemail}', '{$password}', now(), '{$user_ip}')")) {
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">' . _("registro de usuario") . '</span></legend>' . "\n";
$user = new User();
$user->username = $username;
if (!$user->read()) {
register_error(_('error insertando usuario en la base de datos'));
} else {
require_once mnminclude . 'mail.php';
$sent = send_recover_mail($user);
if ($sent) {
$globals['user_ip'] = $user_ip;
//we force to insert de log with the same IP as the form
Log::insert('user_new', $user->id, $user->id);
syslog(LOG_INFO, "new user {$user->id} {$user->username} {$email} {$user_ip}");
} else {
register_error(_("error enviando el correo electrónico, seguramente está bloqueado"));
}
}
echo '</fieldset>' . "\n";
} else {
register_error(_("error insertando usuario en la base de datos"));
}
} else {
register_error(_("el usuario ya existe"));
}
}
function do_login()
{
global $current_user, $globals;
// Start posavasos & ashacz code
$previous_login_failed = log_get_date('login_failed', $globals['original_user_ip_int'], 0, 90);
if ($previous_login_failed < 3 && empty($_POST["processlogin"])) {
echo '<div id="mini-faq" style="float:left; width:65%; margin-top: 10px;">' . "\n";
// gallir: Only prints if the user was redirected from submit.php
if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) {
echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n";
}
echo '<h3>¿Qué es menéame?</h3>' . "\n";
echo '<p>Es un web que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php" title="Cola de historias pendientes">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal.</p>' . "\n";
echo '<h3>¿Todavía no eres usuario de menéame?</h3>' . "\n";
echo '<p>Como usuario registrado podrás, entre otras cosas:</p>' . "\n";
echo '<ul>' . "\n";
echo '<li>' . "\n";
echo '<strong>Enviar historias</strong><br />' . "\n";
echo 'Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php" title="Acerca de meneame">preguntas frecuentes sobre menéame.</a>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>Escribir comentarios</strong><br />' . "\n";
echo 'Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos.' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>Perfil de usuario</strong><br />' . "\n";
echo 'Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil.' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>Chatear en tiempo real desde la fisgona</strong><br />' . "\n";
echo 'Gracias a la <a href="sneak.php" title="Fisgona">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame' . "\n";
echo '</li>' . "\n";
echo '</ul>' . "\n";
echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n";
echo '</div>' . "\n";
echo '<div id="genericform" style="float:right; width:30%;">' . "\n";
//End posavasos & ashacz code
} else {
echo '<div id="genericform" style="float:auto;">' . "\n";
}
echo '<form action="login.php" id="thisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
$persistent = $_POST['persistent'];
if ($previous_login_failed > 2 && !ts_is_human()) {
log_insert('login_failed', $globals['original_user_ip_int'], 0);
recover_error(_('El código de seguridad no es correcto!'));
} elseif ($current_user->Authenticate($username, $password, $persistent) == false) {
log_insert('login_failed', $globals['original_user_ip_int'], 0);
recover_error(_('usuario inexistente, sin validar, o clave incorrecta'));
$previous_login_failed++;
} else {
if (!empty($_REQUEST['return'])) {
header('Location: ' . $_REQUEST['return']);
} else {
header('Location: ./');
}
die;
}
}
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">login</span></legend>' . "\n";
echo '<p class="l-top"><label for="name">' . _('usuario') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p class="l-mid"><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p class="l-mid"><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
if ($previous_login_failed > 2) {
ts_print_form();
}
echo '<p class="l-bot"><input type="submit" value="login" class="genericsubmit" tabindex="4" />' . "\n";
echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</fieldset>' . "\n";
echo '</form>' . "\n";
echo '<div class="recoverpass" align="center"><h4><a href="login.php?op=recover">' . _('¿Has olvidado la contraseña?') . '</a></h4></div>' . "\n";
echo '</div>' . "\n";
echo '<br clear="all"/> ';
}
function meta_get_current()
{
global $globals, $db, $current_user;
$globals['meta_current'] = 0;
$globals['meta'] = clean_input_string($_REQUEST['meta']);
//Check for personalisation
// Authenticated users
if ($current_user->user_id > 0) {
$categories = $db->get_col("SELECT pref_value FROM prefs WHERE pref_user_id = {$current_user->user_id} and pref_key = 'category' order by pref_value");
if ($categories) {
$current_user->has_personal = true;
$globals['meta_skip'] = '?meta=_all';
if (!$globals['meta']) {
$globals['meta_categories'] = implode(',', $categories);
$globals['meta'] = '_personal';
}
} else {
$globals['meta_categories'] = false;
}
} elseif ($_COOKIE['mnm_user_meta']) {
// anonymous users
$meta = $db->escape(clean_input_string($_COOKIE['mnm_user_meta']));
$globals['meta_skip'] = '?meta=_all';
$globals['meta_user_default'] = $db->get_var("select category_id from categories where category_uri = '{$meta}' and category_parent = 0");
// Anonymous can select metas by cookie
// Select user default only if no category has been selected
if (!$_REQUEST['category'] && !$globals['meta']) {
$globals['meta_current'] = $globals['meta_user_default'];
}
}
if ($_REQUEST['category']) {
$_REQUEST['category'] = $cat = (int) $_REQUEST['category'];
if ($globals['meta'][0] == '_') {
$globals['meta_current'] = $globals['meta'];
} else {
$globals['meta_current'] = (int) $db->get_var("select category_parent from categories where category_id = {$cat} and category_parent > 0");
$globals['meta'] = '';
}
} elseif ($globals['meta']) {
// Special metas begin with _
if ($globals['meta'][0] == '_') {
return 0;
}
$meta = $db->escape($globals['meta']);
$globals['meta_current'] = $db->get_var("select category_id from categories where category_uri = '{$meta}' and category_parent = 0");
if ($globals['meta_current']) {
$globals['meta'] = '';
// Security measure
}
}
if ($globals['meta_current'] > 0) {
$globals['meta_categories'] = meta_get_categories_list($globals['meta_current']);
if (!$globals['meta_categories']) {
$globals['meta_current'] = 0;
}
}
//echo "meta_current: " . $globals['meta_current'] . "<br/>\n";
return $globals['meta_current'];
}
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include '../config.php';
header('Content-Type: text/html; charset=UTF-8');
header('Pragma: no-cache');
header('Cache-Control: max-age=10, must-revalidate');
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
$maxlen = 70;
$width = clean_input_string($_GET['width']);
$height = clean_input_string($_GET['height']);
$format = clean_input_string($_GET['format']);
$color_border = clean_input_string($_GET['color_border']);
$color_bg = clean_input_string($_GET['color_bg']);
$color_link = clean_input_string($_GET['color_link']);
$color_text = clean_input_string($_GET['color_text']);
$font_pt = clean_input_string($_GET['font_pt']);
echo '<html><head><title>banner</title></head><body>';
$from = time() - 1800;
$res = $db->get_row("select link_id, link_title, count(*) as votes from links, votes where vote_type='links' and vote_date > FROM_UNIXTIME({$from}) and vote_value > 0 and link_id = vote_link_id group by link_id order by votes desc limit 1");
if ($res) {
$votes_hour = $res->votes * 2;
$title['most'] = cut($res->link_title) . ' <span style="font-size: 90%;">[' . $votes_hour . " " . _('votos/hora') . "]</span>";
$url['most'] = "http://" . get_server_name() . "/story.php?id={$res->link_id}";
}
$res = $db->get_row("select link_id, link_title, link_votes from links where link_status = 'published' order by link_published_date desc limit 1");
if ($res) {
$title['published'] = cut($res->link_title) . ' <span style="font-size: 90%;">[' . $res->link_votes . " " . _('votos') . "]</span>";
$url['published'] = "http://" . get_server_name() . "/story.php?id={$res->link_id}";
}
$res = $db->get_row("select link_id, link_title, link_votes from links where link_status = 'queued' order by link_date desc limit 1");
if ($res) {
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include '../config.php';
include mnminclude . 'html1.php';
$globals['ads'] = false;
do_header(_('Administración de bans'));
$page_size = 40;
$offset = (get_current_page() - 1) * $page_size;
$ban_text_length = 64;
// Cambiar también en checkfield.php
$ban_comment_length = 120;
if ($current_user->admin) {
if (!$_REQUEST["admin"]) {
$_REQUEST["admin"] = 'hostname';
} else {
$_REQUEST["admin"] = clean_input_string($_REQUEST["admin"]);
}
// Delete expired bans
$db->query("delete from bans where ban_expire is not null and ban_expire < date_sub(now(), interval 60 day)");
admin_tabs($_REQUEST["admin"]);
echo '<div id="singlewrap">' . "\n";
admin_bans($_REQUEST["admin"]);
} else {
echo '<div id="singlewrap">' . "\n";
echo '<div class="topheading"><h2>' . _('Esta página es sólo para administradores') . '</h2>';
}
echo "</div>";
echo "</div>";
// singlewrap
do_footer();
function admin_tabs($tab_selected = false)
<?
// The source code packaged with this file is Free Software, Copyright (C) 2005 by
// Ricardo Galli <gallir at uib dot es>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include('../config.php');
header('Content-Type: text/plain; charset=UTF-8');
$type=clean_input_string($_REQUEST['type']);
$name=clean_input_string($_GET['name']);
function check_spammer_email($name) {
// f**k spammers
$re_test = Array();
preg_match("/.*(outlook.com)|(fr)|(co.uk)|(ru)|(ua)|(aol.com)|(.tk)|(hotmail.*)$/i", $name, $re_test);
if($re_test)
return true;
}
#echo "$type, $name...";
switch ($type) {
case 'username':
if (!check_username(trim($_GET['name']))) {
echo _('caracteres inválidos o no comienzan con una letra');
return;
}
if (strlen($name)<3) {
}
$post = new Post();
if (!empty($_GET['host']) && !empty($_GET['operadora']) && !empty($_GET['movil']) && !empty($_GET['texto'])) {
// The connection comes from nviasms.es
$host = clean_input_string($_GET['host']);
$phone = clean_input_string($_GET['movil']);
$telco = clean_input_string($_GET['operadora']);
// The gateway sends text coded in iso-8859
$text = clean_text(@iconv('ISO-8859-1', 'UTF-8//IGNORE', $_GET['texto']));
$text = preg_replace('/^NOTA /i', '', $text);
$date = time();
} else {
if (!empty($_REQUEST['phone']) && !empty($_REQUEST['date']) && !empty($_REQUEST['text'])) {
// Conenction from our own server
$phone = clean_input_string($_REQUEST['phone']);
$date = strtotime(clean_input_string($_REQUEST['date']));
$text = clean_text($_REQUEST['text']);
} else {
echo "ERROR: missing fields\n";
die;
}
}
syslog(LOG_NOTICE, "Meneame SMS: from {$remote}, Tel: {$phone}");
if (mb_strlen($text) < 5) {
echo 'OK ' . _('texto muy corto, nota no insertada');
die;
}
if (strlen($phone) < 10) {
$phone = '+34' . $phone;
} elseif (!preg_match('/^\\+/', $phone)) {
$phone = '+' . $phone;
// Ricardo Galli <gallir at uib dot es>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include '../config.php';
header('Content-Type: text/html; charset=UTF-8');
header('Pragma: no-cache');
header('Cache-Control: max-age=10, must-revalidate');
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
$width = intval($_GET['width']);
if ($globals['mobile']) {
$width = min(400, $width);
}
$height = intval($_GET['height']);
$format = clean_input_string($_GET['format']);
$color_border = get_hex_color($_GET['color_border']);
$color_bg = get_hex_color($_GET['color_bg']);
$color_link = get_hex_color($_GET['color_link']);
$color_text = get_hex_color($_GET['color_text']);
$font_pt = is_numeric($_GET['font_pt']) ? floatval($_GET['font_pt']) : 10;
echo '<html><head><title>banner</title></head><body>';
$res = $db->get_row("select link_id, link_title, count(*) as votes from links, votes where vote_type='links' and vote_date > date_sub(now(), interval 10 minute) and vote_value > 0 and link_id = vote_link_id group by link_id order by votes desc limit 1");
if ($res) {
$votes_hour = $res->votes * 6;
$title['most'] = text_to_summary($res->link_title, 70) . ' <span style="font-size: 90%;">[' . $votes_hour . " " . _('votos/hora') . "]</span>";
$url['most'] = "http://" . get_server_name() . "/story.php?id={$res->link_id}";
}
$res = $db->get_row("select link_id, link_title, link_votes, link_anonymous from links where link_status = 'published' order by link_date desc limit 1");
if ($res) {
$title['published'] = text_to_summary($res->link_title, 70) . ' <span style="font-size: 90%;">[' . ($res->link_votes + $res->link_anonymous) . " " . _('votos') . "]</span>";
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include 'config.php';
include mnminclude . 'html1-mobile.php';
$offset = (get_current_page() - 1) * $page_size;
if (!empty($globals['base_user_url']) && !empty($_SERVER['PATH_INFO'])) {
$url_args = preg_split('/\\/+/', $_SERVER['PATH_INFO']);
array_shift($url_args);
// The first element is always a "/"
$_REQUEST['login'] = clean_input_string($url_args[0]);
$_REQUEST['view'] = $url_args[1];
} else {
$_REQUEST['login'] = clean_input_string($_REQUEST['login']);
if (!empty($globals['base_user_url']) && !empty($_REQUEST['login'])) {
header('Location: ' . get_user_uri($_REQUEST['login'], clean_input_string($_REQUEST['view'])));
die;
}
}
$login = $_REQUEST['login'];
if (empty($login)) {
if ($current_user->user_id > 0) {
header('Location: ' . get_user_uri($current_user->user_login));
die;
} else {
header('Location: ' . $globals['base_url']);
die;
}
}
$user = new User();
$user->username = $db->escape($login);
<?php
// The source code packaged with this file is Free Software, Copyright (C) 2005 by
// Ricardo Galli <gallir at uib dot es>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include 'config.php';
include mnminclude . 'html1-mobile.php';
$offset = (get_current_page() - 1) * $page_size;
$url_args = $globals['path'];
$login = clean_input_string($url_args[1]);
if (empty($login)) {
if ($current_user->user_id > 0) {
header('Location: ' . get_user_uri($current_user->user_login));
die;
} else {
header('Location: ' . $globals['base_url']);
die;
}
}
$user = new User();
$user->username = $db->escape($login);
if (!$user->read()) {
not_found();
}
do_header($login);
echo '<div id="singlewrap">' . "\n";
$url_login = urlencode($login);
do_profile();
function do_register2() {
global $db, $current_user, $globals;
if ( !ts_is_human()) {
register_error(_('el código de seguridad no es correcto'));
return;
}
if (!check_user_fields()) return;
$username=clean_input_string(trim($_POST['username'])); // sanity check
$dbusername=$db->escape($username); // sanity check
$password=md5(trim($_POST['password']));
$email=clean_input_string(trim($_POST['email'])); // sanity check
$dbemail=$db->escape($email); // sanity check
$user_ip = $globals['form_user_ip'];
$standard = (int)$_POST['standard'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip, user_standard) VALUES ('$dbusername', '$dbusername', '$dbemail', '$dbemail', '$password', now(), '$user_ip', '$standard')")) {
echo '<fieldset>'."\n";
echo '<legend><span class="sign">'._("registro de usuario").'</span></legend>'."\n";
$user=new User();
$user->username=$username;
if(!$user->read()) {
register_error(_('error insertando usuario en la base de datos'));
} else {
require_once(mnminclude.'mail.php');
$sent = send_recover_mail($user);
$globals['user_ip'] = $user_ip; //we force to insert de log with the same IP as the form
log_insert('user_new', $user->id, $user->id);
}
echo '</fieldset>'."\n";
} else {
register_error(_("error insertando usuario en la base de datos"));
}
} else {
register_error(_("el usuario ya existe"));
}
}
if ($error) {
echo '<?xml version="1.0" encoding="utf-8"?' . ">\n";
echo "<response>\n";
echo "<error>1</error>\n";
echo "<message>{$error_message}</message>\n";
echo "</response>";
die;
} else {
echo '<?xml version="1.0" encoding="utf-8"?' . ">\n";
echo "<response>\n";
echo "<error>0</error>\n";
echo "</response>";
}
die;
}
$tb_url = clean_input_string($_POST['url']);
$title = $_POST['title'];
$excerpt = $_POST['excerpt'];
$blog_name = $_POST['blog_name'];
$charset = $_POST['charset'];
if (!empty($charset)) {
$title = @iconv($charset, 'UTF-8//IGNORE', $title);
$excerpt = @iconv($charset, 'UTF-8//IGNORE', $excerpt);
$blog_name = @iconv($charset, 'UTF-8//IGNORE', $blog_name);
}
$tb_id = intval($_GET['id']);
$link = new Link();
$link->id = $tb_id;
if (!$tb_id > 0 || !$link->read()) {
trackback_response(1, 'I really need an ID for this to work.');
}
// The source code packaged with this file is Free Software, Copyright (C) 2005-2009 by
// Benjamí Villoslada <benjami at bitassa dot cat>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
// Don't check the user is logged
$globals['no_auth'] = true;
include 'config.php';
include mnminclude . 'html1.php';
$errn = $_GET["e"];
// Check we must reconstruct an image in cache directory
$cache_dir = preg_quote($globals['base_url'] . $globals['cache_dir'], '/');
if (preg_match("/{$cache_dir}/", $_SERVER['REQUEST_URI'])) {
$filename = basename(clean_input_string($_SERVER['REQUEST_URI']));
$base_filename = preg_replace('/\\..+$/', '', $filename);
$parts = explode('-', $base_filename);
switch ($parts[0]) {
case "media_thumb":
case "media_thumb_2x":
// Comments' and posts' thumnails
if (!Upload::is_thumb_public($parts[1])) {
break;
}
$media = new Upload($parts[1], $parts[2], 0);
if (!$media->read()) {
break;
}
if ($media->create_thumbs($parts[0])) {
header("HTTP/1.0 200 OK");
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
$base = dirname(dirname($_SERVER["SCRIPT_FILENAME"]));
// Get parent dir that works with symbolic links
include "{$base}/config.php";
$service = clean_input_string($_GET['service']);
$op = clean_input_string($_GET['op']);
switch ($service) {
case 'twitter':
default:
require_once 'twitter.php';
$req = new TwitterOAuth();
if ($op == 'init') {
$req->authRequest();
} else {
$req->authorize();
}
}
function save_sub($id, &$errors)
{
global $current_user, $db;
// Double check
$owner = intval($_POST['owner']);
if (!SitesMgr::can_edit($id)) {
array_push($errors, _('usuario no autorizado a editar'));
return false;
}
$site = SitesMgr::get_info();
$extended = SitesMgr::get_extended_properties($id);
if ($_POST['created_from'] != $site->id) {
array_push($errors, _('sitio erróneo'));
}
if ($owner != $current_user->user_id && !$current_user->admin) {
array_push($errors, _('propietario erróneo'));
}
$name = mb_substr(clean_input_string($_POST['name']), 0, 12);
if (mb_strlen($name) < 3 || !preg_match('/^\\p{L}[\\p{L}\\d_]+$/u', $name)) {
array_push($errors, _('nombre erróneo') . ' ' . $_POST['name']);
}
$name_long = mb_substr(clean_text($_POST['name_long']), 0, 40);
if (mb_strlen($name_long) < 6) {
array_push($errors, _('título erróneo'));
}
$name = $db->escape($name);
$name_long = $db->escape($name_long);
if ($db->get_var("select count(*) from subs where name = '{$name}' and id != {$id}") > 0) {
array_push($errors, _('nombre duplicado'));
}
$page_mode = $db->escape($_POST['page_mode']);
if ($current_user->admin) {
$enabled = intval($_POST['enabled']);
$allow_main_link = intval($_POST['allow_main_link']);
} else {
// Keep the values
$enabled = $site->enabled;
$allow_main_link = $site->allow_main_link;
$_POST['post_html'] = $extended['post_html'];
}
$nsfw = intval($_POST['nsfw']);
$private = intval($_POST['private']);
// Check the extended info
foreach (array('no_link', 'no_anti_spam', 'allow_local_links', 'intro_max_len', 'intro_min_len') as $k) {
if (isset($_POST[$k]) && $_POST[$k] !== '') {
$_POST[$k] = intval($_POST[$k]);
}
}
if ($_POST['intro_max_len'] > 5000) {
$_POST['intro_max_len'] = 5000;
}
if (empty($errors)) {
$db->transaction();
if ($id > 0) {
$r = $db->query("update subs set owner = {$owner}, enabled = {$enabled}, allow_main_link = {$allow_main_link}, nsfw = {$nsfw}, name = '{$name}', name_long = '{$name_long}', private = {$private}, page_mode = '{$page_mode}' where id = {$id}");
} else {
$r = $db->query("insert into subs (created_from, owner, nsfw, name, name_long, sub, private) values ({$site->id}, {$owner}, {$nsfw}, '{$name}', '{$name_long}', 1, {$private})");
$id = $db->insert_id;
}
if ($r && $id > 0) {
// Copy values from first site
$r = $db->query("update subs as a join subs as b on a.id = {$id} and b.id={$site->id} set a.server_name = b.server_name, a.base_url = b.base_url");
// Update copy_from
if ($current_user->admin) {
sub_copy_from($id, $_POST['copy_from']);
}
// Update colors
$color_regex = '/^#[a-f0-9]{6}/i';
if (preg_match($color_regex, $_POST['color1'])) {
$color1 = $db->escape($_POST['color1']);
} else {
$color1 = '';
}
if (preg_match($color_regex, $_POST['color2'])) {
$color2 = $db->escape($_POST['color2']);
} else {
$color2 = '';
}
$db->query("update subs set color1 = '{$color1}', color2 = '{$color2}' where id = {$id}");
}
if ($r && $id > 0) {
SitesMgr::store_extended_properties($id, $_POST);
$db->commit();
store_image($id);
return $id;
} else {
array_push($errors, _('error actualizando la base de datos'));
$db->rollback();
}
}
return false;
}
case 0:
$subs = SitesMgr::get_subscriptions($current_user->user_id);
$template = 'subs_simple.html';
$all = false;
break;
case 1:
$all = false;
$template = 'subs.html';
$sql = "select subs.*, user_id, user_login, user_avatar, count(*) as c from subs LEFT JOIN users ON (user_id = owner), sub_statuses where date > date_sub(now(), interval 5 day) and subs.id = sub_statuses.id and sub_statuses.id = sub_statuses.origen and sub_statuses.status = 'published' and subs.sub = 1 group by subs.id order by c desc limit 50";
$subs = $db->get_results($sql);
break;
default:
$all = true;
$chars = $db->get_col("select distinct(left(ucase(name), 1)) from subs");
// Check if we must show just those beginning with a letter
if (!empty($_GET['c']) && ($char_selected = substr(clean_input_string($_GET['c']), 0, 1))) {
$extra = "subs.name like '{$char_selected}%' and";
$rows = $db->get_var("select count(*) from subs where {$extra} subs.sub = 1 and created_from = " . SitesMgr::my_id());
} else {
$extra = '';
$rows = -1;
}
$template = 'subs.html';
$page_size = 50;
$page = get_current_page();
$offset = ($page - 1) * $page_size;
$sql = "select subs.*, user_id, user_login, user_avatar from subs, users where {$extra} subs.sub = 1 and created_from = " . SitesMgr::my_id() . " and user_id = owner order by name asc limit {$offset}, {$page_size}";
$subs = $db->get_results($sql);
}
$all_subs = $db->get_results($sql);
$subs = array();
echo '<div id="sidebar">';
do_banner_right();
do_best_stories();
do_best_posts();
do_best_comments();
echo '</div>' . "\n";
/*** END SIDEBAR ***/
echo '<div id="singlewrap">' . "\n";
echo '<div style="margin: 20px 0"><h2>' . _('apuntes de blogs') . ' <a href="' . $globals['base_url_general'] . 'blogs_rss2.php" title="blogs"><img src="' . $globals['base_static'] . 'img/common/feed-icon-001.png" width="18" height="18" alt="rss2"/></a></h2>';
echo '</div>';
echo '<table class="decorated">';
$entries = $db->get_results("select rss.blog_id, rss.user_id, title, url, user_login, user_avatar, blogs.blog_url, blogs.blog_title from rss, users, blogs where rss.blog_id = blogs.blog_id and rss.user_id = users.user_id order by rss.date desc limit {$offset},{$page_size}");
if ($entries) {
foreach ($entries as $entry) {
$title = strip_tags($entry->title);
$url = clean_input_string($entry->url);
$blog_title = strip_tags($entry->blog_title);
echo '<tr>';
echo '<td style="width:35px"><a href="' . get_user_uri($entry->user_login) . '" class="tooltip u:' . $entry->user_id . '"><img class="avatar" src="' . get_avatar_url($entry->user_id, $entry->user_avatar, 25) . '" width="25" height="25" alt="avatar"/></a></td>';
echo '<td style="font-size:110%;width:30%"><a href="' . $entry->blog_url . '" rel="nofollow">' . $blog_title . '</a></td>';
echo '<td style="font-size:120%"><a href="' . $url . '" rel="nofollow">' . $title . '</a></td>';
echo '</tr>';
}
}
echo '</table>';
echo '<fieldset id="nota"><legend>' . _('nota') . '</legend>';
echo _('Los enlaces son de apuntes de blogs indicados en el perfil de usuarios activos de Menéame.');
echo ' ';
echo _('No tienen relación con meneame.net, ni han sido seleccionados por su comunidad de usuarios.');
echo '</fieldset>';
do_pages($rows, $page_size);
<?php
// The source code packaged with this file is Free Software, Copyright (C) 2005 by
// Ricardo Galli <gallir at uib dot es>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include '../config.php';
include 'common.php';
if (!isset($_REQUEST['id']) && !empty($_SERVER['PATH_INFO'])) {
$argv = preg_split('/\\/+/', $_SERVER['PATH_INFO'], 4, PREG_SPLIT_NO_EMPTY);
$argv[0] = clean_input_string($argv[0]);
} else {
$argv = preg_split('/\\/+/', $_REQUEST['id'], 4, PREG_SPLIT_NO_EMPTY);
$argv[0] = clean_input_string($argv[0]);
}
if ($argv[0] == _priv) {
// Load priv.php
include 'priv.php';
die;
}
include mnminclude . 'html1.php';
include mnminclude . 'favorites.php';
$globals['search_options'] = array('w' => 'posts');
if ($current_user->user_id > 0) {
array_push($globals['extra_js'], 'jquery.form.min.js');
}
$user = new User();
$min_date = date("Y-m-d H:00:00", time() - 192800);
// about 48 hours
function do_login()
{
global $current_user, $globals;
$form_ip_check = check_form_auth_ip();
$previous_login_failed = Log::get_date('login_failed', $globals['form_user_ip_int'], 0, 300);
// Show menéame intro only if first try and the there were not previous logins
if (!$globals['mobile'] && $previous_login_failed < 3 && empty($_POST["processlogin"]) && empty($_COOKIE['u'])) {
echo '<div class="faq wideonly" style="float:right; width:55%; margin-top: 10px;">' . "\n";
// Only prints if the user was redirected from submit.php
if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) {
echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n";
}
echo '<h3>' . _('¿Qué es menéame?') . '</h3>' . "\n";
echo '<p>' . _('Es un sitio que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal') . '.</p>' . "\n";
echo '<h3>' . _('¿Todavía no eres usuario de menéame?') . '</h3>' . "\n";
echo '<p>' . _('Como usuario registrado podrás, entre otras cosas') . ':</p>' . "\n";
echo '<ul style="margin-left: 1.5em">' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Enviar historias') . '</strong><br />' . "\n";
echo '<p>' . _('Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php">preguntas frecuentes sobre menéame</a>') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Escribir comentarios') . '</strong><br />' . "\n";
echo '<p>' . _('Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Perfil de usuario') . '</strong><br />' . "\n";
echo '<p>' . _('Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Chatear en tiempo real desde la fisgona') . '</strong><br />' . "\n";
echo '<p>' . _('Gracias a la <a href="sneak.php">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame') . '</p>' . "\n";
echo '</li>' . "\n";
echo '</ul>' . "\n";
echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n";
echo '</div>' . "\n";
echo '<div class="genericform" style="float:left; width:40%; margin: 0">' . "\n";
} else {
echo '<div class="genericform" style="float:auto;">' . "\n";
}
echo '<form action="' . get_auth_link() . 'login.php" id="thisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
// Check the IP, otherwise redirect
if (!$form_ip_check) {
header('HTTP/1.1 303 Load');
header("Location: http://" . $_COOKIE['return_site'] . $globals['base_url'] . "login.php");
die;
}
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
// Check form
if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) {
Log::insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('el código de seguridad no es correcto') . " ({$previous_login_failed})");
} elseif (strlen($password) > 0 && $current_user->Authenticate($username, $password, $_POST['persistent']) == false) {
Log::insert('login_failed', $globals['form_user_ip_int'], 0);
$previous_login_failed++;
recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta') . " ({$previous_login_failed})");
} else {
UserAuth::check_clon_from_cookies();
// If the user is authenticating from a mobile device, keep her in the standard version
if ($globals['mobile']) {
setcookie('nomobile', '1', 0, $globals['base_url'], UserAuth::domain());
}
header('HTTP/1.1 303 Load');
if (!empty($_REQUEST['return'])) {
header('Location: http://' . $_COOKIE['return_site'] . $_REQUEST['return']);
} else {
header('Location: http://' . $_COOKIE['return_site'] . $globals['base_url']);
}
die;
}
}
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">' . _('usuario y contraseña') . '</span></legend>' . "\n";
echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
// Print captcha
if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) {
ts_print_form();
}
get_form_auth_ip();
echo '<p><input type="submit" value="login" class="button" tabindex="4" /></p>' . "\n";
print_oauth_icons($_REQUEST['return']);
echo '<input type="hidden" name="processlogin" value="1"/>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</fieldset>' . "\n";
echo '</form>' . "\n";
echo '<div class="recoverpass" style="text-align:center"><h4><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></h4></div>' . "\n";
echo '</div>' . "\n";
echo '<br/> ';
}
