Exemplo n.º 1
0
/**
 * Generate an email activation code.
 *
 * @param int    $user_guid     The guid of the user
 * @param string $email_address Email address
 * @return string
 * @deprecated 2.3
 */
function uservalidationbyemail_generate_code($user_guid, $email_address)
{
    elgg_deprecated_notice(__FUNCTION__ . ' has been deprecated. Validation now relies on signed URL API', '2.3');
    // Note: binding to site URL for multisite.
    $site_url = elgg_get_site_url();
    return elgg_build_hmac([(int) $user_guid, $email_address, $site_url])->getToken();
}
Exemplo n.º 2
0
 /**
  * Handle a request for a file
  *
  * @param array $path URL path
  * @return void
  */
 public function handleRequest($path)
 {
     if (!preg_match('~e(\\d+)/l(\\d+)/d([ia])/c([01])/([a-zA-Z0-9\\-_]+)/(.*)$~', $path, $m)) {
         header("HTTP/1.1 400 Bad Request");
         exit;
     }
     list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m;
     if ($expires && $expires < time()) {
         $this->send403('URL has expired');
     }
     $etag = '"' . $last_updated . '"';
     $this->handle304($etag);
     $hmac_data = array('expires' => (int) $expires, 'last_updated' => (int) $last_updated, 'disposition' => $disposition, 'path' => $path_from_dataroot, 'use_cookie' => (int) $use_cookie);
     if ((bool) $use_cookie) {
         $hmac_data['cookie'] = _elgg_services()->session->getId();
     }
     ksort($hmac_data);
     $hmac = elgg_build_hmac($hmac_data);
     if (!$hmac->matchesToken($mac)) {
         $this->send403();
     }
     $dataroot = _elgg_services()->config->get('dataroot');
     if (empty($dataroot)) {
         $this->send404();
     }
     $filenameonfilestore = "{$dataroot}{$path_from_dataroot}";
     if (!is_readable($filenameonfilestore)) {
         $this->send404();
     }
     $actual_last_updated = filemtime($filenameonfilestore);
     if ($actual_last_updated != $last_updated) {
         $this->send403('URL has expired');
     }
     $mime = $this->getContentType($filenameonfilestore);
     header("Content-type: {$mime}", true);
     $filesize = filesize($filenameonfilestore);
     header("Content-Length: {$filesize}", true);
     if ($disposition == 'i') {
         header("Content-disposition: inline");
     } else {
         $basename = basename($filenameonfilestore);
         header("Content-disposition: attachment; filename='{$basename}'");
     }
     if ($expires) {
         $expires_str = gmdate('D, d M Y H:i:s \\G\\M\\T', $expires);
     } else {
         $expires_str = gmdate('D, d M Y H:i:s \\G\\M\\T', strtotime("+3 years"));
     }
     header('Expires: ' . $expires_str, true);
     $cache_control = $use_cookie ? 'no-cache' : 'public';
     header("Pragma: {$cache_control}", true);
     header("Cache-Control: {$cache_control}", true);
     header("ETag: {$etag}");
     readfile($filenameonfilestore);
     exit;
 }
Exemplo n.º 3
0
/**
 * Validate a user
 *
 * @param int    $user_guid
 * @param string $code
 * @return bool
 */
function uservalidationbyemail_validate_email($user_guid, $code)
{
    $user = get_entity($user_guid);
    $site_url = elgg_get_site_url();
    $matches = elgg_build_hmac([(int) $user_guid, $user->email, $site_url])->matchesToken($code);
    if (!$matches) {
        return false;
    }
    return elgg_set_user_validation_status($user_guid, true, 'email');
}
Exemplo n.º 4
0
/**
 * Get the hmac token generator for account removal
 *
 * @param string $type what kind of token
 * @param int    $user_guid the user_guid to generate for
 *
 * @access private
 *
 * @return false|\Elgg\Security\Hmac
 */
function account_removal_get_hmac($type, $user_guid)
{
    $user = get_user($user_guid);
    if (empty($user)) {
        return false;
    }
    if (!in_array($type, ['remove', 'disable'])) {
        return false;
    }
    return elgg_build_hmac([$user->getGUID(), $type, $user->salt]);
}
Exemplo n.º 5
0
 /**
  * Handle a request for a file
  *
  * @param Request $request HTTP request
  * @return Response
  */
 public function getResponse($request)
 {
     $response = new Response();
     $response->prepare($request);
     $path = implode('/', $request->getUrlSegments());
     if (!preg_match('~serve-file/e(\\d+)/l(\\d+)/d([ia])/c([01])/([a-zA-Z0-9\\-_]+)/(.*)$~', $path, $m)) {
         return $response->setStatusCode(400)->setContent('Malformatted request URL');
     }
     list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m;
     if ($expires && $expires < time()) {
         return $response->setStatusCode(403)->setContent('URL has expired');
     }
     $etag = '"' . $last_updated . '"';
     $response->setPublic()->setEtag($etag);
     if ($response->isNotModified($request)) {
         return $response;
     }
     // @todo: change to minimal boot without plugins
     $this->application->bootCore();
     $hmac_data = array('expires' => (int) $expires, 'last_updated' => (int) $last_updated, 'disposition' => $disposition, 'path' => $path_from_dataroot, 'use_cookie' => (int) $use_cookie);
     if ((bool) $use_cookie) {
         $hmac_data['cookie'] = _elgg_services()->session->getId();
     }
     ksort($hmac_data);
     $hmac = elgg_build_hmac($hmac_data);
     if (!$hmac->matchesToken($mac)) {
         return $response->setStatusCode(403)->setContent('HMAC mistmatch');
     }
     $dataroot = _elgg_services()->config->getDataPath();
     $filenameonfilestore = "{$dataroot}{$path_from_dataroot}";
     if (!is_readable($filenameonfilestore)) {
         return $response->setStatusCode(404)->setContent('File not found');
     }
     $actual_last_updated = filemtime($filenameonfilestore);
     if ($actual_last_updated != $last_updated) {
         return $response->setStatusCode(403)->setContent('URL has expired');
     }
     $public = $use_cookie ? false : true;
     $content_disposition = $disposition == 'i' ? 'inline' : 'attachment';
     $response = new BinaryFileResponse($filenameonfilestore, 200, array(), $public, $content_disposition);
     $response->prepare($request);
     if (empty($expires)) {
         $expires = strtotime('+1 year');
     }
     $expires_dt = (new DateTime())->setTimestamp($expires);
     $response->setExpires($expires_dt);
     $response->setEtag($etag);
     return $response;
 }
Exemplo n.º 6
0
 /**
  * Handles scraper pages
  *
  * @param array $segments URL segments
  * @return bool
  */
 public static function serveScraperPages($segments)
 {
     $url = get_input('url');
     if (!elgg_is_logged_in()) {
         $m = get_input('m');
         if (!$m || !elgg_build_hmac($url)->matchesToken($m)) {
             return false;
         }
     }
     $viewtype = array_shift($segments);
     if (!$viewtype || !elgg_is_registered_viewtype($viewtype)) {
         $viewtype = 'default';
     }
     elgg_set_viewtype($viewtype);
     echo elgg_view_resource('scraper/card', ['href' => $url, 'iframe' => get_input('iframe', false)]);
     return true;
 }
Exemplo n.º 7
0
 /**
  * Validates HMAC signature
  *
  * @param string $url URL to vlaidate
  * @return bool
  */
 public function isValid($url)
 {
     $parts = parse_url($url);
     if (isset($parts['query'])) {
         $query = elgg_parse_str($parts['query']);
     } else {
         $query = [];
     }
     if (!isset($query[self::KEY_MAC])) {
         // No signature found
         return false;
     }
     $token = $query[self::KEY_MAC];
     unset($query[self::KEY_MAC]);
     if (isset($query[self::KEY_EXPIRES]) && $query[self::KEY_EXPIRES] < time()) {
         // Signature has expired
         return false;
     }
     ksort($query);
     $parts['query'] = http_build_query($query);
     $url = elgg_http_build_url($parts, false);
     return elgg_build_hmac($url)->matchesToken($token);
 }
Exemplo n.º 8
0
$module = elgg_extract('module', $vars, 'scraper-card');
$classes = array(elgg_extract('class', $vars));
$classes[] = 'scraper-card-block';
$classes[] = 'clearfix';
if ($meta->provider_name) {
    $classes[] = 'scraper-card-' . preg_replace('/[^a-z0-9\\-]/i', '-', strtolower($meta->provider_name));
}
if (($meta->type == 'image' || $meta->type == 'photo') && $icon_url) {
    $vars['src'] = $icon_url;
    $vars['class'] = 'sraper-card-photo';
    $img = elgg_view('output/img', $vars);
    $body = elgg_view('output/url', array('href' => $href, 'text' => $img));
} else {
    $body .= '<h3>' . $meta->title . '</h3>';
    $body .= elgg_view('output/url', array('text' => parse_url($meta->url, PHP_URL_HOST), 'href' => $meta->url, 'class' => 'scraper-card-link'));
    $body .= elgg_view('output/longtext', array('value' => elgg_get_excerpt($meta->description), 'class' => 'scraper-card-description'));
    if ($icon_url) {
        $classes[] = 'scraper-card-has-icon';
        $icon = elgg_view('output/url', array('class' => 'scraper-card-icon-bg', 'text' => '<span></span>', 'style' => 'background-image:url(' . $icon_url . ')', 'href' => $meta->url));
    }
    if ($meta->html && ($meta->type == 'rich' || $meta->type == 'video')) {
        $icon .= elgg_format_element('div', ['class' => 'scraper-play-button', 'data-href' => elgg_http_add_url_query_elements(elgg_normalize_url('scraper/json'), array('url' => $href, 'm' => elgg_build_hmac($href)->getToken()))], elgg_view_icon('youtube-play'));
    }
}
$body = elgg_view_image_block($icon, $body, array('class' => implode(' ', array_filter($classes))));
if ($module) {
    $class = $meta->type ? " scraper-card-{$meta->type}" : '';
    echo elgg_view_module($module, false, $body, array('class' => $class));
} else {
    echo $body;
}
Exemplo n.º 9
0
 /**
  * Notifies an user of the RSVP
  *
  * @param string $type type of the RSVP
  * @param string $to   guid of the user
  *
  * @return void
  */
 protected function notifyOnRsvp($type, $to = null)
 {
     if ($type == EVENT_MANAGER_RELATION_ATTENDING_PENDING) {
         return;
     }
     $ia = elgg_set_ignore_access(true);
     if ($to === null) {
         $to = elgg_get_logged_in_user_guid();
     }
     $to_entity = get_entity($to);
     if (empty($to_entity)) {
         elgg_set_ignore_access($ia);
         return;
     }
     // can we make nice links in the emails
     $html_email_handler_enabled = elgg_is_active_plugin("html_email_handler");
     // do we have a registration link
     $registrationLink = "";
     $unsubscribeLink = "";
     if ($type == EVENT_MANAGER_RELATION_ATTENDING) {
         if ($this->registration_needed) {
             $link = elgg_get_site_url() . 'events/registration/view/' . $this->getGUID() . '?u_g=' . $to . '&k=' . elgg_build_hmac([$this->time_created, $to])->getToken();
             $registrationLink = PHP_EOL . PHP_EOL;
             $registrationLink .= elgg_echo('event_manager:event:registration:notification:program:linktext');
             $registrationLink .= PHP_EOL . PHP_EOL;
             if ($html_email_handler_enabled) {
                 $registrationLink .= elgg_view("output/url", array("text" => $link, "href" => $link));
             } else {
                 $registrationLink .= $link;
             }
         }
         if ($this->register_nologin) {
             $link = elgg_get_site_url() . "events/unsubscribe/" . $this->getGUID() . "/" . elgg_get_friendly_title($this->title) . "?e=" . $to_entity->email;
             $unsubscribeLink = PHP_EOL . PHP_EOL;
             $unsubscribeLink .= elgg_echo('event_manager:event:registration:notification:unsubscribe:linktext');
             $unsubscribeLink .= PHP_EOL . PHP_EOL;
             if ($html_email_handler_enabled) {
                 $unsubscribeLink .= elgg_view("output/url", array("text" => $link, "href" => $link));
             } else {
                 $unsubscribeLink .= $link;
             }
         }
         if ($html_email_handler_enabled) {
             // add addthisevent banners in footer
             $registrationLink .= elgg_view('event_manager/email/addevent', ['entity' => $this]);
         }
     }
     // make the event title for in the e-mail
     if ($html_email_handler_enabled) {
         $event_title_link = elgg_view("output/url", array("text" => $this->title, "href" => $this->getURL()));
     } else {
         $event_title_link = $this->title;
     }
     // notify the owner of the event
     $this->notifyOwnerOnRSVP($type, $to_entity, $event_title_link, $registrationLink);
     // notify the attending user
     $user_subject = elgg_echo('event_manager:event:registration:notification:user:subject');
     $user_message = elgg_echo('event_manager:event:registration:notification:user:text:' . $type, [$to_entity->name, $event_title_link]);
     $completed_text = elgg_strip_tags($this->registration_completed, '<a>');
     if (!empty($completed_text)) {
         $completed_text = str_ireplace('[NAME]', $to_entity->name, $completed_text);
         $completed_text = str_ireplace('[EVENT]', $this->title, $completed_text);
         $user_message .= PHP_EOL . $completed_text;
     }
     $user_message .= $registrationLink . $unsubscribeLink;
     if ($to_entity instanceof ElggUser) {
         // use notification system for real users
         $summary = elgg_echo('event_manager:event:registration:notification:user:summary:' . $type, [$this->title]);
         // set params for site notifications
         $params = ['summary' => $summary, 'object' => $this, 'action' => 'rsvp'];
         notify_user($to, $this->getOwnerGUID(), $user_subject, $user_message, $params);
     } else {
         // send e-mail for non users
         $to_email = $to_entity->name . "<" . $to_entity->email . ">";
         $site = elgg_get_site_entity($this->site_guid);
         $site_from = $this->getSiteEmailAddress($site);
         elgg_send_email($site_from, $to_email, $user_subject, $user_message);
     }
     elgg_set_ignore_access($ia);
 }
Exemplo n.º 10
0
<?php

$menus_present = (array) elgg_get_config("lazy_hover:menus");
$user = elgg_extract("entity", $vars);
if (!elgg_instanceof($user, "user")) {
    return;
}
$guid = (int) $user->getGUID();
$page_owner_guid = (int) elgg_get_page_owner_guid();
$contexts = elgg_get_context_stack();
$input = (array) elgg_get_config("input");
// generate MAC so we don't have to trust the client's choice of contexts
$data = serialize([$guid, $page_owner_guid, $contexts, $input]);
$mac = elgg_build_hmac($data)->getToken();
$attrs = ["rel" => $mac, "class" => "elgg-menu elgg-menu-hover elgg-ajax-loader"];
if (empty($menus_present[$mac])) {
    $attrs["data-elgg-menu-data"] = json_encode(["g" => $guid, "pog" => $page_owner_guid, "c" => $contexts, "m" => $mac, "i" => $input]);
    $menus_present[$mac] = true;
    elgg_set_config("lazy_hover:menus", $menus_present);
}
echo elgg_format_element('ul', $attrs);
Exemplo n.º 11
0
 /**
  * Returns publically accessible URL
  * @return string|false
  */
 public function getURL()
 {
     if (!$this->file instanceof \ElggFile || !$this->file->exists()) {
         elgg_log("Unable to resolve resource URL for a file that does not exist on filestore");
         return false;
     }
     $relative_path = '';
     $root_prefix = _elgg_services()->config->get('dataroot');
     $path = $this->file->getFilenameOnFilestore();
     if (substr($path, 0, strlen($root_prefix)) == $root_prefix) {
         $relative_path = substr($path, strlen($root_prefix));
     }
     if (!$relative_path) {
         elgg_log("Unable to resolve relative path of the file on the filestore");
         return false;
     }
     $data = array('expires' => isset($this->expires) ? $this->expires : 0, 'last_updated' => filemtime($this->file->getFilenameOnFilestore()), 'disposition' => $this->disposition == self::DISPOSITION_INLINE ? 'i' : 'a', 'path' => $relative_path);
     if ($this->use_cookie) {
         $data['cookie'] = _elgg_services()->session->getId();
         if (empty($data['cookie'])) {
             return false;
         }
         $data['use_cookie'] = 1;
     } else {
         $data['use_cookie'] = 0;
     }
     ksort($data);
     $mac = elgg_build_hmac($data)->getToken();
     return elgg_normalize_url("mod/proxy/e{$data['expires']}/l{$data['last_updated']}/d{$data['disposition']}/c{$data['use_cookie']}/{$mac}/{$relative_path}");
 }
Exemplo n.º 12
0
/**
 * Generate a unsubscribe code to be used in validation
 *
 * @param ElggEntity $container Which newsletter container (ElggSite or ElggGroup)
 * @param string|int $recipient The user_guid or email address of the recipient
 *
 * @return bool|string The unsubscribe code or false on failure
 */
function newsletter_generate_unsubscribe_code(ElggEntity $container, $recipient)
{
    if (!elgg_instanceof($container, 'site') && !elgg_instanceof($container, 'group')) {
        return false;
    }
    if (empty($recipient)) {
        return false;
    }
    // make sure we have a user_guid or email address
    if (!is_numeric($recipient) && !newsletter_is_email_address($recipient)) {
        return false;
    }
    if (is_numeric($recipient)) {
        $recipient = (int) $recipient;
    }
    $plugin = elgg_get_plugin_from_id('newsletter');
    $hmac = elgg_build_hmac([$container->getGUID(), $recipient, $plugin->time_created]);
    return $hmac->getToken();
}
Exemplo n.º 13
0
 <?php 
// capture global state necessary for menus
$state = ['contexts' => elgg_get_context_stack(), 'input' => elgg_get_config("input"), 'page_owner_guid' => elgg_get_page_owner_guid()];
// g = guid, pog = page_owner_guid, c = contexts, m = mac
$guid = (int) get_input("g", 0, false);
$page_owner_guid = (int) get_input("pog", 0, false);
$contexts = (array) get_input("c", [], false);
$mac = get_input("m", "", false);
$input = (array) get_input("i", [], false);
// verify MAC
$data = serialize([$guid, $page_owner_guid, $contexts, $input]);
if (!elgg_build_hmac($data)->matchesToken($mac)) {
    return;
}
$user = get_user($guid);
if (!$user) {
    return;
}
// render view using state as it was in the placeholder view
elgg_set_context_stack($contexts);
elgg_set_config("input", $input);
elgg_set_page_owner_guid($page_owner_guid);
$params = ["entity" => $user, "username" => $user->username, "name" => $user->name];
echo elgg_view_menu("user_hover", $params);
// revert global state
elgg_set_context_stack($state['contexts']);
elgg_set_config("input", $state['input']);
elgg_set_page_owner_guid($state['page_owner_guid']);
Exemplo n.º 14
0
 /**
  * Returns publicly accessible URL
  * @return string|false
  */
 public function getURL()
 {
     if (!$this->file instanceof \ElggFile || !$this->file->exists()) {
         elgg_log("Unable to resolve resource URL for a file that does not exist on filestore");
         return false;
     }
     $relative_path = '';
     $root_prefix = _elgg_services()->config->get('dataroot');
     $path = $this->file->getFilenameOnFilestore();
     if (substr($path, 0, strlen($root_prefix)) == $root_prefix) {
         $relative_path = substr($path, strlen($root_prefix));
     }
     if (!$relative_path) {
         // File object has a custom filestore
         if ($this->file->guid) {
             $url_segments = array('download-file', "g{$this->file->guid}");
             return elgg_normalize_url(implode('/', $url_segments));
         }
         elgg_log("Unable to resolve relative path of the file on the filestore");
         return false;
     }
     $data = array('expires' => isset($this->expires) ? $this->expires : 0, 'last_updated' => filemtime($this->file->getFilenameOnFilestore()), 'disposition' => $this->disposition == self::INLINE ? 'i' : 'a', 'path' => $relative_path);
     if ($this->use_cookie) {
         $data['cookie'] = _elgg_services()->session->getId();
         if (empty($data['cookie'])) {
             return false;
         }
         $data['use_cookie'] = 1;
     } else {
         $data['use_cookie'] = 0;
     }
     ksort($data);
     $mac = elgg_build_hmac($data)->getToken();
     $url_segments = array('serve-file', "e{$data['expires']}", "l{$data['last_updated']}", "d{$data['disposition']}", "c{$data['use_cookie']}", $mac, $relative_path);
     return elgg_normalize_url(implode('/', $url_segments));
 }
Exemplo n.º 15
0
    $entity = get_entity($user_guid);
    if (empty($entity)) {
        forward('events');
    }
    if (!elgg_build_hmac([$event->time_created, $user_guid])->matchesToken($key)) {
        forward('events');
    }
    $old_ia = elgg_set_ignore_access(true);
    $output .= elgg_view('event_manager/event/pdf', ['entity' => $event]);
    $output .= elgg_view('event_manager/registration/user_data', ['event' => $event, 'entity' => $entity]);
    if ($event->with_program) {
        $output .= $event->getProgramData($user_guid);
    }
    elgg_set_ignore_access($old_ia);
} else {
    gatekeeper();
    if (!$event->canEdit() && $user_guid !== elgg_get_logged_in_user_guid()) {
        forward($event->getURL());
    }
    $output .= elgg_view('event_manager/event/pdf', ['entity' => $event]);
    $output .= elgg_view('event_manager/registration/user_data', ['event' => $event, 'entity' => elgg_get_logged_in_user_entity()]);
    if ($event->with_program) {
        $output .= $event->getProgramData($user_guid);
    }
    if ($user_guid == elgg_get_logged_in_user_guid()) {
        elgg_register_menu_item('title', \ElggMenuItem::factory(['name' => 'edityourregistration', 'text' => elgg_echo('event_manager:registration:edityourregistration'), 'link_class' => 'elgg-button elgg-button-action', 'href' => 'events/event/register/' . $event->getGUID() . '/event_attending']));
    }
}
elgg_register_menu_item('title', \ElggMenuItem::factory(['name' => 'save_to_pdf', 'text' => elgg_echo('event_manager:registration:view:savetopdf'), 'link_class' => 'elgg-button elgg-button-action', 'href' => 'action/event_manager/registration/pdf?k=' . elgg_build_hmac([$event->time_created, $user_guid])->getToken() . '&guid=' . $guid . '&u_g=' . $user_guid, 'is_action' => true]));
$body = elgg_view_layout('content', ['filter' => '', 'content' => $output, 'title' => $title_text]);
echo elgg_view_page($title_text, $body);
Exemplo n.º 16
0
<?php

elgg_load_library('dompdf');
$key = get_input('k');
$guid = (int) get_input('guid');
$user_guid = (int) get_input('u_g', elgg_get_logged_in_user_guid());
$event = null;
if ($guid && ($entity = get_entity($guid))) {
    if ($entity instanceof Event) {
        $event = $entity;
    }
}
if (!$event || empty($key)) {
    forward('events');
}
$tempKey = elgg_build_hmac([$event->time_created, $user_guid])->getToken();
$entity = get_entity($user_guid);
if (empty($entity) || $tempKey !== $key) {
    forward('events');
}
$html = elgg_view_title(elgg_echo('event_manager:registration:yourregistration'));
$html .= elgg_view('event_manager/event/pdf', ['entity' => $event]);
$old_ia = elgg_set_ignore_access(true);
$html .= elgg_view('event_manager/registration/user_data', ['event' => $event, 'entity' => $entity, 'show_title' => true]);
if ($event->with_program) {
    elgg_push_context('programmailview');
    $html .= elgg_view_module('main', '', elgg_view('event_manager/program/pdf', ['entity' => $event, 'user_guid' => $user_guid]));
    elgg_pop_context();
}
elgg_set_ignore_access($old_ia);
$dompdf = new DOMPDF();
Exemplo n.º 17
0
<?php

$a = get_input('a');
$u = (int) get_input('u');
$f = (int) get_input('f');
$hmac = elgg_build_hmac(array('a' => $a, 'u' => $u, 'f' => $f));
if (!$hmac->matchesToken(get_input('m'))) {
    register_error(elgg_echo('user:friends:confirm_error'));
    forward('', '403');
}
$ia = elgg_set_ignore_access(true);
$page_owner = elgg_extract('entity', $vars, elgg_get_page_owner_entity());
$friend = get_entity($u);
// user who requested friendship
$user = get_entity($f);
// user who was requested
if (!$user || !$friend) {
    register_error(elgg_echo('user:friends:confirm_error'));
    forward('', '403');
}
switch ($a) {
    case 'decline':
        if (user_friends_decline_friend_request($user, $friend)) {
            system_message(elgg_echo('friend_request:decline:success'));
        } else {
            register_error(elgg_echo('friend_request:decline:fail'));
        }
        break;
    case 'approve':
        if (user_friends_approve_friend_request($user, $friend)) {
            system_message(elgg_echo('friend_request:approve:successful', [$friend->getDisplayName()]));
Exemplo n.º 18
0
/**
 * Routes group invitation confirmation page
 *
 * @param string $hook   "route"
 * @param string $type   "groups"
 * @param array  $return Identifier and segments
 * @param array  $params Hook params
 * @return array
 */
function groups_invite_router($hook, $type, $return, $params)
{
    $identifier = $return['identifier'];
    $segments = $return['segments'];
    if ($identifier == 'groups' && $segments[0] == 'invitations' && $segments[1] == 'confirm') {
        $i = (int) get_input('i');
        $g = (int) get_input('g');
        $hmac = elgg_build_hmac(array('i' => $i, 'g' => $g));
        if (!$hmac->matchesToken(get_input('m'))) {
            register_error(elgg_echo('groups:invite:confirm:error'));
            forward('', '403');
        }
        $ia = elgg_set_ignore_access(true);
        $user = get_entity($i);
        $group = get_entity($g);
        if (groups_join_group($group, $user)) {
            system_message(elgg_echo('groups:joined'));
        } else {
            register_error(elgg_echo('groups:invite:confirm:error'));
        }
        forward('');
    }
}
Exemplo n.º 19
0
/**
 * Returns registration validation code
 *
 * @param string $event_guid guid of event
 * @param string $user_guid  guid of user
 *
 * @return false|string
 */
function event_manager_generate_registration_validation_code($event_guid, $user_guid)
{
    if (empty($event_guid) || empty($user_guid)) {
        return false;
    }
    $event = get_entity($event_guid);
    $user = get_entity($user_guid);
    $result = false;
    if (!empty($event) && elgg_instanceof($event, 'object', Event::SUBTYPE) && !empty($user) && (elgg_instanceof($user, 'user') || elgg_instanceof($user, 'object', EventRegistration::SUBTYPE))) {
        $result = elgg_build_hmac([$event_guid, $user_guid, $event->time_created])->getToken();
    }
    return $result;
}
Exemplo n.º 20
0
/**
 * Friend request notification
 *
 * @param string           $event        "create"
 * @param stirng           $type         "relationship
 * @param ElggRelationship $relationship Relationship object
 * @return void
 */
function user_friends_friend_request_notification($event, $type, $relationship)
{
    if (!$relationship instanceof ElggRelationship) {
        return;
    }
    if ($relationship->relationship !== 'friendrequest') {
        return;
    }
    $user = get_entity($relationship->guid_one);
    $friend = get_entity($relationship->guid_two);
    if (!$user || !$friend) {
        return;
    }
    $hmac = elgg_build_hmac(array('a' => 'approve', 'u' => $user->guid, 'f' => $friend->guid));
    $approve_url = elgg_http_add_url_query_elements(elgg_normalize_url("friends/{$friend->username}/confirm"), array('a' => 'approve', 'u' => $user->guid, 'f' => $friend->guid, 'm' => $hmac->getToken()));
    $hmac = elgg_build_hmac(array('a' => 'decline', 'u' => $user->guid, 'f' => $friend->guid));
    $decline_url = elgg_http_add_url_query_elements(elgg_normalize_url("friends/{$friend->username}/confirm"), array('a' => 'decline', 'u' => $user->guid, 'f' => $friend->guid, 'm' => $hmac->getToken()));
    $list_url = elgg_normalize_url("friends/{$friend->username}/requests");
    // Notify target user
    $subject = elgg_echo('friend_request:newfriend:subject', [$user->name]);
    $message = elgg_echo('friend_request:newfriend:body', [$user->name, $list_url]);
    notify_user($friend->guid, $user->guid, $subject, $message, ['template' => 'friend_request_new', 'action' => 'friend_request', 'object' => $friend, 'approve_url' => $approve_url, 'decline_url' => $decline_url, 'list_url' => $list_url]);
}
Exemplo n.º 21
0
    if ($add) {
        if ($group->canEdit() && groups_join_group($group, $invitee)) {
            $added++;
        } else {
            $error++;
        }
        continue;
    }
    if (check_entity_relationship($group->guid, 'invited', $invitee->guid)) {
        if (!$resend) {
            $skipped++;
            continue;
        }
    }
    add_entity_relationship($group->guid, 'invited', $invitee->guid);
    $hmac = elgg_build_hmac(array('i' => (int) $invitee->guid, 'g' => (int) $group->guid));
    $url = elgg_http_add_url_query_elements(elgg_normalize_url("groups/invitations/confirm"), array('i' => $invitee->guid, 'g' => $group->guid, 'm' => $hmac->getToken()));
    $invitee_link = elgg_view('output/url', array('text' => $inviter->getDisplayName(), 'href' => $inviter->getURL()));
    $group_link = elgg_view('output/url', array('text' => $group->getDisplayName(), 'href' => $group->getURL()));
    $summary = elgg_echo('groups:invite:user:subject', array($invitee_link, $group_link), $invitee->language);
    $subject = strip_tags($summary);
    $body = elgg_echo('groups:invite:user:body', array($invitee->name, $inviter->name, $group->name, $url), $invitee->language);
    $params = ['action' => 'invite', 'object' => $group, 'summary' => $summary, 'template' => 'groups_invite_user', 'confirm_link' => $url];
    $result = notify_user($invitee->getGUID(), $inviter->guid, $subject, $body, $params);
    if ($result) {
        $invited++;
    } else {
        $error++;
    }
}
$total = $error + $invited + $skipped + $added;