Exemplo n.º 1
0
function auth_sign_in($next_page = "/")
{
    global $AUTH_EXP;
    global $AUTH_KEY;
    $username = http_post_string("username", array("len" => 50, "valid" => "[a-z][0-9]"));
    $password = http_post_string("password", array("len" => 50));
    if (!string_uses(substr($username, 0, 1), "[a-z]")) {
        die("invalid username [{$username}]");
    }
    $row = run_sql("select user_id, password, salt from auth.user_list where username = ?", array($username));
    if (count($row) == 0) {
        die("no such user [{$username}]");
    }
    if (crypt_sha256($password . $row[0]["salt"]) != $row[0]["password"]) {
        die("wrong password");
    }
    $expire = time() + $AUTH_EXP;
    $cookie = "exp=" . date("YmdHis", $expire) . "&user="******"user_id"];
    $cookie .= "&hash=" . crypt_sha256($AUTH_KEY . $cookie);
    setcookie("auth", $cookie, $expire);
    header("Location: {$next_page}");
    die;
}
Exemplo n.º 2
0
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Pipecode.  If not, see <http://www.gnu.org/licenses/>.
//
include "feed.php";
if ($zid != $auth_zid) {
    die("not your page");
}
$col = http_get_int("col");
if ($col < 0 || $col > 2) {
    die("invalid col [{$col}]");
}
if (http_post()) {
    $fid = http_post_int("fid", array("required" => false));
    $uri = http_post_string("uri", array("required" => false, "len" => 100, "valid" => "[a-z][A-Z][0-9]~@#\$%&()-_=+[];:,./?"));
    if ($fid == 0) {
        if ($uri == "") {
            die("no feed uri given");
        }
        $fid = add_feed($uri);
    }
    if (!db_has_rec("feed", $fid)) {
        die("fid not found [{$fid}]");
    }
    if (db_has_rec("feed_user", array("zid" => $auth_zid, "fid" => $fid))) {
        die("feed [{$fid}] is already on your page");
    }
    $row = run_sql("select max(pos) as max_pos from feed_user where zid = ? and col = ?", array($auth_zid, $col));
    $pos = $row[0]["max_pos"] + 1;
    $feed_user = array();
Exemplo n.º 3
0
// (at your option) any later version.
//
// Pipecode is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Pipecode.  If not, see <http://www.gnu.org/licenses/>.
//
include "mail.php";
if (http_post()) {
    $to = http_post_string("to", array("len" => 250, "valid" => "[a-z][A-Z][0-9]-_.<>@+ "));
    $subject = http_post_string("subject", array("len" => 250, "valid" => "[ALL]"));
    $body = http_post_string("body", array("len" => 64000, "valid" => "[ALL]"));
    $in_reply_to = http_post_string("in_reply_to", array("required" => false, "len" => 250, "valid" => "[a-z][A-Z][0-9]-_.@+-"));
    send_web_mail($to, $subject, $body, $in_reply_to);
    header("Location: /mail/");
    die;
}
$to = http_get_string("to", array("required" => false, "len" => 250, "valid" => "[a-z][A-Z][0-9]-_.<>@+ "));
$mid = http_get_int("mid", array("required" => false));
if ($mid > 0) {
    $message = db_get_rec("mail", $mid);
    $in_reply_to = $message["message_id"];
    $to = $message["mail_from"];
    $subject = $message["subject"];
    if (substr($subject, 0, 4) != "Re: ") {
        $subject = "Re: {$subject}";
    }
} else {
Exemplo n.º 4
0
// You should have received a copy of the GNU General Public License
// along with Pipecode.  If not, see <http://www.gnu.org/licenses/>.
//
include "clean.php";
include "story.php";
$sid = (int) $s2;
if (!@$auth_user["editor"]) {
    die("you are not an editor");
}
$story = db_get_rec("story", $sid);
$pipe = db_get_rec("pipe", $story["pid"]);
$zid = $pipe["zid"];
if (http_post()) {
    $title = http_post_string("title", array("len" => 100, "valid" => "[a-z][A-Z][0-9]`~!@#\$%^&*()_+-={}|[]\\:\";',./? "));
    $body = http_post_string("story", array("len" => 64000, "valid" => "[ALL]"));
    $icon = http_post_string("icon", array("len" => 50, "valid" => "[a-z][0-9]-_"));
    $tid = http_post_int("tid");
    $title = clean_entities($title);
    $new_body = str_replace("\n", "<br>", $body);
    $new_body = clean_html($new_body);
    if (http_post("publish")) {
        $story["tid"] = $tid;
        $story["title"] = $title;
        $story["ctitle"] = clean_url($title);
        $story["icon"] = $icon;
        $story["story"] = $new_body;
        db_set_rec("story", $story);
        header("Location: /story/{$sid}");
        die;
    }
} else {
Exemplo n.º 5
0
    writeln('		<td><table><tr><td>' . $question . '</td><td><input name="answer" type="text" style="margin-left: 8px; width: 100px"/></td></tr></table></td>');
    writeln('		<td class="right"><input type="submit" value="Submit"/> <input name="preview" type="submit" value="Preview"/></td>');
    writeln('	</tr>');
    writeln('</table>');
    writeln('</div>');
    writeln('</form>');
    writeln('</td>');
    writeln('</tr>');
    writeln('</table>');
    print_footer();
}
if (http_post()) {
    $title = http_post_string("title", array("len" => 100, "valid" => "[a-z][A-Z][0-9]`~!@#\$%^&*()_+-={}|[]\\:\";',./? "));
    $body = http_post_string("story", array("len" => 64000, "valid" => "[ALL]"));
    $tid = http_post_int("tid");
    $answer = http_post_string("answer", array("required" => false));
    $time = time();
    if (!captcha_verify($answer)) {
        die("captcha failed");
    }
    $topic = db_get_rec("topic", $tid);
    $title = clean_entities($title);
    $new_body = str_replace("\n", "<br>", $body);
    $new_body = clean_html($new_body);
    if (http_post("preview")) {
        print_submit_box($title, $body, $new_body, $tid, true);
        die;
    }
    $pipe = array();
    $pipe["pid"] = 0;
    $pipe["tid"] = $tid;
Exemplo n.º 6
0
if (http_post()) {
    $server_name = http_post_string("server_name", array("len" => 50, "valid" => "[a-z][0-9]-."));
    $server_title = http_post_string("server_title", array("len" => 50, "valid" => "[a-z][A-Z][0-9]- "));
    $server_slogan = http_post_string("server_slogan", array("len" => 50));
    $smtp_server = http_post_string("smtp_server", array("len" => 50, "valid" => "[a-z][0-9]-."));
    $smtp_port = http_post_string("smtp_port", array("len" => 50, "valid" => "[0-9]"));
    $smtp_address = http_post_string("smtp_address", array("len" => 50, "valid" => "[a-z][0-9]-.@"));
    $smtp_username = http_post_string("smtp_username", array("len" => 50, "valid" => "[a-z][0-9]-.@"));
    $smtp_password = http_post_string("smtp_password", array("len" => 100));
    $sql_server = http_post_string("sql_server", array("len" => 50, "valid" => "[a-z][0-9]-."));
    $sql_user = http_post_string("sql_user", array("len" => 50, "valid" => "[a-z][0-9]"));
    $sql_pass = http_post_string("sql_pass", array("len" => 100));
    $sql_database = http_post_string("sql_database", array("len" => 50, "valid" => "[a-z][0-9]"));
    $captcha_key = http_post_string("captcha_key", array("len" => 32, "required" => false, "valid" => "[a-z][0-9]"));
    $admin_username = http_post_string("admin_username", array("len" => 50, "valid" => "[a-z][0-9]"));
    $admin_password = http_post_string("admin_password", array("len" => 100));
    $s = "<?\n";
    $s .= "\n";
    $s .= "\$server_name = \"{$server_name}\";\n";
    $s .= "\$server_title = \"{$server_title}\";\n";
    $s .= "\$server_slogan = \"{$server_slogan}\";\n";
    $s .= "\n";
    $s .= "\$smtp_server = \"{$smtp_server}\";\n";
    $s .= "\$smtp_port = \"{$smtp_port}\";\n";
    $s .= "\$smtp_address = \"{$smtp_address}\";\n";
    $s .= "\$smtp_username = \"{$smtp_username}\";\n";
    $s .= "\$smtp_password = \"{$smtp_password}\";\n";
    $s .= "\n";
    $s .= "\$sql_server = \"mysql:host={$sql_server};dbname={$sql_database}\";\n";
    $s .= "\$sql_user = \"{$sql_user}\";\n";
    $s .= "\$sql_pass = \"{$sql_pass}\";\n";
Exemplo n.º 7
0
     if ($password_1 != $password_2) {
         die("passwords do not match");
     }
     $salt = crypt_sha256(rand());
     $password = crypt_sha256("{$password_1}{$salt}");
     $user_conf["password"] = $password;
     $user_conf["salt"] = $salt;
     db_set_conf("user_conf", $user_conf, $zid);
     db_del_rec("email_challenge", $verify);
     print_header("Password Reset");
     writeln('<h1>Password Reset</h1>');
     writeln('<p>Don\'t forget it this time!</p>');
     print_footer();
     die;
 }
 $username = http_post_string("username", array("len" => 20, "valid" => "[a-z][A-Z][0-9]"));
 $zid = strtolower($username) . "@{$site_name}";
 if (!is_local_user($zid)) {
     die("no such user [{$zid}]");
 }
 $user_conf = db_get_conf("user_conf", $zid);
 $hash = crypt_sha256(rand());
 if (db_has_rec("email_challenge", array("username" => $username))) {
     db_del_rec("email_challenge", array("username" => $username));
 }
 $email_challenge = array();
 $email_challenge["challenge"] = $hash;
 $email_challenge["username"] = $username;
 $email_challenge["email"] = $user["email"];
 $email_challenge["expires"] = time() + 86400 * 3;
 db_set_rec("email_challenge", $email_challenge);
Exemplo n.º 8
0
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Pipecode.  If not, see <http://www.gnu.org/licenses/>.
//
if ($zid != $auth_zid) {
    die("not your page");
}
$zones = DateTimeZone::listIdentifiers(DateTimeZone::ALL);
if (http_post()) {
    $javascript_enabled = http_post_bool("javascript_enabled", array("numeric" => true));
    $time_zone = http_post_string("time_zone", array("len" => 50, "valid" => "[a-z][A-Z]-_/"));
    $hide_threshold = http_post_string("hide_threshold", array("valid" => "[0-9]-"));
    $expand_threshold = http_post_string("expand_threshold", array("valid" => "[0-9]-"));
    $list_enabled = http_post_bool("list_enabled", array("numeric" => true));
    $real_name = http_post_string("real_name", array("len" => 50, "required" => false, "valid" => "[a-z][A-Z]- "));
    if (!in_array($time_zone, $zones)) {
        die("invalid time zone [{$time_zone}]");
    }
    $user_conf["javascript_enabled"] = $javascript_enabled;
    $user_conf["time_zone"] = $time_zone;
    $user_conf["hide_threshold"] = $hide_threshold;
    $user_conf["expand_threshold"] = $expand_threshold;
    $user_conf["list_enabled"] = $list_enabled;
    $user_conf["real_name"] = $real_name;
    db_set_conf("user_conf", $user_conf, $auth_zid);
    //var_dump($user_conf);
    //die();
    header("Location: /menu/");
    die;
}
Exemplo n.º 9
0
// Pipecode is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Pipecode is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Pipecode.  If not, see <http://www.gnu.org/licenses/>.
//
if (http_post()) {
    $username = http_post_string("username", array("len" => 20, "valid" => "[a-z][A-Z][0-9]"));
    $password = http_post_string("password", array("len" => 64, "valid" => "[KEYBOARD]"));
    $referer = http_get_string("referer", array("required" => false, "len" => 200, "valid" => "[a-z][A-Z][0-9].+-_/?&#=;~"));
    $zid = strtolower($username) . "@{$server_name}";
    $user_conf = db_get_conf("user_conf", $zid);
    if ($user_conf["password"] != crypt_sha256($password . $user_conf["salt"])) {
        die("wrong password");
    }
    $expire = time() + $auth_expire;
    $cookie = "expire={$expire}&zid={$zid}";
    $cookie .= "&hash=" . crypt_sha256($auth_key . $cookie);
    setcookie("auth", $cookie, time() + $auth_expire, "/", ".{$server_name}");
    if ($referer != "") {
        header("Location: {$referer}");
    } else {
        header("Location: ./");
    }
Exemplo n.º 10
0
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Pipecode.  If not, see <http://www.gnu.org/licenses/>.
//
$pid = $s2;
if (!string_uses($pid, "[0-9]")) {
    die("invalid pid [{$pid}]");
}
if (!$auth_user["editor"]) {
    die("you are not an editor");
}
if (http_post()) {
    $reason = http_post_string("reason", array("len" => 50, "valid" => "[a-z][A-Z][0-9]~!@#\$%^*()_+-=[]\\{}|;',./? "));
    $pipe = db_get_rec("pipe", $pid);
    if ($pipe["closed"]) {
        die("article already closed [{$pid}]");
    }
    $pipe["closed"] = 1;
    $pipe["editor"] = $auth_zid;
    $pipe["reason"] = $reason;
    db_set_rec("pipe", $pipe);
    header("Location: /pipe/{$pid}");
    die;
}
print_header("Close Submission");
writeln("<h1>Close Submission</h1>");
writeln('<form method="post">');
writeln('<p>Are you sure you want to close this submission? The article will no longer show in the pipe, voting will be disabled, and comments will be locked.</p>');