function clean_user($user)
{
if ($user->name != sanitize_tags($user->name)) {
$x = sanitize_tags($user->name);
echo "ID: {$user->id}\nname: {$user->name}\nstripped name: {$x}\nemail: {$user->email_addr}\n-----\n";
$x = boinc_real_escape_string($x);
$x = trim($x);
$query = "update user set name='{$x}' where id={$user->id}";
$retval = mysql_query($query);
echo $query;
}
}
function handle_add($job, $inst)
{
$f = null;
$f->x = get_int('pic_x');
$f->y = get_int('pic_y');
$f->type = sanitize_tags(get_str('type'));
$c = sanitize_tags(get_str('comment', true));
if (strstr($c, "(optional)")) {
$c = "";
}
$f->comment = $c;
$output = $inst->get_opaque_data();
$output->features[] = $f;
$inst->set_opaque_data($output);
header("location: bossa_example4.php?bji={$inst->id}");
}
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
include_once "../inc/db.inc";
include_once "../inc/util.inc";
include_once "../inc/prefs.inc";
$user = get_logged_in_user();
$action = sanitize_tags(get_str("action", true));
$subset = sanitize_tags(get_str("subset"));
$venue = sanitize_tags(get_str("venue", true));
$columns = get_str("cols", true);
$c = $columns ? "&cols={$columns}" : "";
check_subset($subset);
if ($action) {
check_tokens($user->authenticator);
if ($subset == "global") {
$main_prefs = prefs_parse_global($user->global_prefs);
if ($venue) {
$prefs = $main_prefs->{$venue};
} else {
$prefs = $main_prefs;
}
$error = prefs_global_parse_form($prefs);
if ($error != false) {
$title = tra("Edit %1 preferences", subset_name($subset));
exit;
}
page_head(tra("Profiles"));
echo "\n <p>" . tra("%1Profiles%2 let individuals share backgrounds and opinions with the %3 community.", "<b>", "</b>", PROJECT) . " " . tra("Explore the diversity of your fellow volunteers, and contribute your own views for others to enjoy.") . "\n <p>" . tra("If you haven't already, you can %1create your own user profile%2 for others to see!", "<a href=\"create_profile.php\">", "</a>");
start_table_noborder();
$today = getdate(time());
$UOTD_heading = tra("User of the Day") . " -- " . $today['month'] . " " . $today['mday'] . ", " . $today['year'];
row1($UOTD_heading);
echo "<tr><td>";
$profile = get_current_uotd();
if ($profile) {
$user = BoincUser::lookup_id($profile->userid);
echo uotd_thumbnail($profile, $user);
echo user_links($user) . "<br>";
$resp = output_transform($profile->response1);
$resp = sanitize_tags($resp);
echo sub_sentence($resp, ' ', 150, true);
}
echo "</td></tr>";
row1(tra("User Profile Explorer"));
echo "<tr><td>\n <ul>\n <li>" . tra("View the %1User Picture Gallery%2.", "<a href=\"" . URL_BASE . "user_profile/user_gallery_1.html\">", "</a>") . "</li>\n <li>" . tra("Browse profiles %1by country%2.", "<a href=\"" . URL_BASE . "user_profile/profile_country.html\">", "</a>") . "</li>\n <li>" . tra("Browse profiles %1at random%2, %3at random with pictures%2, or %4at random without pictures%2.", "<a href=\"?cmd=rand&pic=-1\">", "</a>", "<a href=\"?cmd=rand&pic=1\">", "<a href=\"?cmd=rand&pic=0\">") . "</li>\n";
if (file_exists(PROFILE_PATH . "profile_alpha.html")) {
echo "<li>" . tra("Alphabetical profile listings:") . "<br>";
include PROFILE_PATH . "profile_alpha.html";
}
echo "</ul></td></tr>";
row1(tra("Search profile text"));
rowify("\n <form action=\"profile_search_action.php\" method=\"GET\">\n <input type=\"text\" name=\"search_string\">\n <input type=\"submit\" value=\"" . tra("Search") . "\">\n </form>\n");
end_table();
page_tail();
function select_profile($cmd)
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once "../inc/util.inc";
require_once "../inc/prefs.inc";
require_once "../inc/prefs_project.inc";
$user = get_logged_in_user();
check_tokens($user->authenticator);
$action = sanitize_tags(get_str("action", true));
$subset = sanitize_tags(get_str("subset"));
$venue = sanitize_tags(get_str("venue"));
$columns = get_int("cols", true);
$c = $columns ? "&cols={$columns}" : "";
check_venue($venue);
check_subset($subset);
if ($action) {
if ($subset == "global") {
$prefs = prefs_parse_global($user->global_prefs);
$prefs->{$venue} = $prefs;
$error = prefs_global_parse_form($new_prefs);
if ($error != false) {
$title = tra("Edit %1 preferences", subset_name($subset));
if ($venue) {
$title = "{$title} for {$venue}";
}
page_head($title);
$delete_problem .= "Cannot delete user: User has " . $c->count . " forum posts.<br/>";
}
if ($delete_problem) {
return false;
}
$q = "DELETE FROM user WHERE id=" . $user->id;
$result = mysql_query($q);
$delete_problem .= "User " . $user->id . " deleted.";
unset($user);
}
$delete_problem = "";
// Process user search form
$matches = "";
if (isset($_POST['search_submit'])) {
$search_name = post_str('search_text');
$search_name = BoincDb::escape_string(sanitize_tags($search_name));
if (!empty($search_name)) {
$result = mysql_query("SELECT * FROM user WHERE name='{$search_name}'");
if (mysql_num_rows($result) == 1) {
$user = mysql_fetch_object($result);
mysql_free_result($result);
} else {
$q = "SELECT * FROM user WHERE name LIKE '%" . $search_name . "%'";
$result = mysql_query($q);
if (mysql_num_rows($result) == 1) {
$user = mysql_fetch_object($result);
mysql_free_result($result);
}
if (mysql_num_rows($result) > 1) {
while ($row = mysql_fetch_object($result)) {
if (!empty($matches)) {
xml_header();
$retval = db_init_xml();
if ($retval) {
xml_error($retval);
}
$auth = get_str("account_key");
$user = BoincUser::lookup_auth($auth);
if (!$user) {
xml_error(ERR_DB_NOT_FOUND);
}
$name = $_GET["name"];
if (strlen($name) == 0) {
xml_error(-1, "must set team name");
}
$url = sanitize_tags(get_str("url"));
$type_name = sanitize_tags(get_str("type"));
// textual
$type = team_type_num($type_name);
$name_html = get_str("name_html");
$description = get_str("description");
$country = get_str("country");
if ($country == "") {
$country = "International";
}
// the following DB-escapes its args
//
$new_team = make_team($user->id, $name, $url, $type, $name_html, $description, $country);
if ($new_team) {
user_join_team($new_team, $user);
echo "<create_team_reply>\n <success/>\n <team_id>{$new_team->id}</team_id>\n</create_team_reply>\n";
} else {
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once "../inc/boinc_db.inc";
require_once "../inc/util.inc";
if (DISABLE_PROFILES) {
error_page("Profiles are disabled");
}
check_get_args(array("search_string", "offset"));
function show_profile_link2($profile, $n)
{
$user = BoincUser::lookup_id($profile->userid);
echo "<tr><td>" . user_links($user) . "</td><td>" . date_str($user->create_time) . "</td><td>{$user->country}</td><td>" . (int) $user->total_credit . "</td><td>" . (int) $user->expavg_credit . "</td></tr>\n";
}
$search_string = get_str('search_string');
$search_string = sanitize_tags($search_string);
$search_string = BoincDb::escape_string($search_string);
$offset = get_int('offset', true);
if (!$offset) {
$offset = 0;
}
$count = 10;
page_head(tra("Profiles containing '%1'", $search_string));
$profiles = BoincProfile::enum("match(response1, response2) against ('{$search_string}') limit {$offset},{$count}");
start_table();
echo "\n <tr><th>" . tra("User name") . "</th>\n <th>" . tra("Joined project") . "</th>\n <th>" . tra("Country") . "</th>\n <th>" . tra("Total credit") . "</th>\n <th>" . tra("Recent credit") . "</th></tr>\n";
$n = 0;
foreach ($profiles as $profile) {
show_profile_link2($profile, $n + $offset + 1);
$n += 1;
}
function do_send($logged_in_user)
{
global $replyto, $userid;
check_banished($logged_in_user);
check_tokens($logged_in_user->authenticator);
$to = sanitize_tags(post_str("to", true));
$subject = post_str("subject", true);
$content = post_str("content", true);
if (post_str("preview", true) == tra("Preview")) {
pm_form($replyto, $userid);
}
if ($to == null || $subject == null || $content == null) {
pm_form($replyto, $userid, tra("You need to fill all fields to send a private message"));
} else {
if (!akismet_check($logged_in_user, $content)) {
pm_form($replyto, $userid, tra("Your message was flagged as spam\n by the Akismet anti-spam system.\n Please modify your text and try again."));
}
$to = str_replace(", ", ",", $to);
// Filter out spaces after separator
$users = explode(",", $to);
$userlist = array();
$userids = array();
// To prevent from spamming a single user by adding it multiple times
foreach ($users as $username) {
$user = explode(" ", $username);
if (is_numeric($user[0])) {
// user ID is gived
$userid = $user[0];
$user = BoincUser::lookup_id($userid);
if ($user == null) {
pm_form($replyto, $userid, tra("Could not find user with id %1", $userid));
}
} else {
$user = BoincUser::lookup_name($username);
if ($user == null) {
pm_form($replyto, $userid, tra("Could not find user with username %1", $username));
} elseif ($user == -1) {
// Non-unique username
pm_form($replyto, $userid, tra("%1 is not a unique username; you will have to use user ID", $username));
}
}
BoincForumPrefs::lookup($user);
if (is_ignoring($user, $logged_in_user)) {
pm_form($replyto, $userid, tra("User %1 (ID: %2) is not accepting private messages from you.", $user->name, $user->id));
}
if (!isset($userids[$user->id])) {
$userlist[] = $user;
$userids[$user->id] = true;
}
}
foreach ($userlist as $user) {
if (!is_moderator($logged_in_user, null)) {
check_pm_count($logged_in_user->id);
}
pm_send_msg($logged_in_user, $user, $subject, $content, true);
}
Header("Location: pm.php?action=inbox&sent=1");
}
}
require_once "../inc/sanitize_html.inc";
require_once "../inc/boinc_db.inc";
check_get_args(array());
$user = get_logged_in_user();
$teamid = post_int("teamid");
$team = BoincTeam::lookup_id($teamid);
if (!$team) {
error_page(tra("no such team"));
}
require_admin($user, $team);
$team_url = BoincDb::escape_string(sanitize_tags(post_str("url", true)));
$x = strstr($team_url, "http://");
if ($x) {
$team_url = substr($team_url, 7);
}
$team_name = BoincDb::escape_string(sanitize_tags(post_str("name")));
$team_name_lc = strtolower($team_name);
$tnh = post_str("name_html", true);
$team_name_html = sanitize_html($tnh);
$team_name_html = BoincDb::escape_string($team_name_html);
$team_description = BoincDb::escape_string(post_str("description", true));
$type = BoincDb::escape_string(post_str("type", true));
$country = BoincDb::escape_string(post_str("country", true));
if ($country == "") {
$country = "International";
}
if (!is_valid_country($country)) {
error_page(tra("bad country"));
}
$joinable = post_str('joinable', true) ? 1 : 0;
$t = BoincTeam::lookup("name='{$team_name}'");
require_once "../inc/util.inc";
require_once "../inc/email.inc";
$auth = post_str("auth");
$name = post_str("name");
if (strlen($name) == 0) {
error_page(tra("You must supply a name for your account"));
}
if ($name != sanitize_tags($name)) {
error_page(tra("HTML tags not allowed in name"));
}
$country = post_str("country");
if (!is_valid_country($country)) {
error_page("invalid country");
}
$country = BoincDb::escape_string($country);
$postal_code = BoincDb::escape_string(sanitize_tags(post_str("postal_code", true)));
$auth = BoincDb::escape_string($auth);
$name = BoincDb::escape_string($name);
$postal_code = BoincDb::escape_string($postal_code);
$user = BoincUser::lookup("authenticator='{$auth}'");
if (!$user) {
error_page("no such user");
}
$retval = $user->update("name='{$name}', country='{$country}', postal_code='{$postal_code}'");
if (!$retval) {
error_page("database error");
}
// team may have already been joined in create_account RPC.
// if so, skip team-finder
//
if ($user->teamid) {
function handle_accept($user)
{
$srcid = get_int('userid');
$srcuser = BoincUser::lookup_id($srcid);
if (!$srcuser) {
error_page("No such user");
}
$friend = BoincFriend::lookup($srcid, $user->id);
if (!$friend) {
error_page("No request");
}
$friend->update("reciprocated=1");
// "accept message" not implemented in interface yet
$msg = post_str('message', true);
if ($msg) {
$msg = sanitize_tags(BoincDb::escape_string($msg));
}
$now = time();
$ret = BoincFriend::replace("user_src={$user->id}, user_dest={$srcid}, message='{$msg}', create_time={$now}, reciprocated=1");
if (!$ret) {
error_page(tra("Database error"));
}
$type = NOTIFY_FRIEND_ACCEPT;
BoincNotify::replace("userid={$srcid}, create_time={$now}, type={$type}, opaque={$user->id}");
BoincForumPrefs::lookup($srcuser);
if ($srcuser->prefs->pm_notification == 1) {
send_friend_accept_email($user, $srcuser, $msg);
}
$notify = BoincNotify::lookup($user->id, NOTIFY_FRIEND_REQ, $srcid);
if ($notify) {
$notify->delete();
}
page_head(tra("Friendship confirmed"));
echo tra("Your friendship with %1 has been confirmed.", "<b>" . $srcuser->name . "</b>");
page_tail();
}
/**
* Sanatize Tags
*
* @param $data Data
*/
function sanitize_tags($data)
{
if (is_array($data)) {
foreach ($data as $k => $v) {
$data[$k] = sanitize_tags($v);
}
} else {
$data = str_replace('<', '<', $data);
$data = str_replace('>', '>', $data);
}
return $data;
}
select_profile($option);
exit;
}
page_head(tra("Profiles"));
echo "\n <p>" . tra("%1Profiles%2 let individuals share backgrounds and opinions with the %3 community.", "<b>", "</b>", PROJECT) . " " . tra("Explore the diversity of your fellow volunteers, and contribute your own views for others to enjoy.") . "\n <p>" . tra("If you haven't already, you can %1create your own user profile%2 for others to see!", "<a href=\"create_profile.php\">", "</a>");
start_table_noborder();
$today = getdate(time());
$UOTD_heading = tra("User of the Day") . " -- " . $today['month'] . " " . $today['mday'] . ", " . $today['year'];
row1($UOTD_heading);
echo "<tr><td>";
$profile = get_current_uotd();
if ($profile) {
$user = lookup_user_id($profile->userid);
echo uotd_thumbnail($profile, $user);
echo user_links($user) . "<br>";
echo sub_sentence(output_transform(sanitize_tags($profile->response1)), ' ', 150, true);
}
echo "</td></tr>";
row1(tra("User Profile Explorer"));
echo "<tr><td>\n <ul>\n <li>" . tra("View the %1User Picture Gallery%2.", "<a href=\"" . URL_BASE . "user_profile/user_gallery_1.html\">", "</a>") . "</li>\n <li>" . tra("Browse profiles %1by country%2.", "<a href=\"" . URL_BASE . "user_profile/profile_country.html\">", "</a>") . "</li>\n <li>" . tra("Browse profiles %1at random%2, %3at random with pictures%2, or %4at random without pictures%2.", "<a href=\"?cmd=rand&pic=-1\">", "</a>", "<a href=\"?cmd=rand&pic=1\">", "<a href=\"?cmd=rand&pic=0\">") . "</li>\n";
if (file_exists(PROFILE_PATH . "profile_alpha.html")) {
echo "<li>" . tra("Alphabetical profile listings:") . "<br>";
include PROFILE_PATH . "profile_alpha.html";
}
echo "</ul></td></tr>";
row1(tra("Search profile text"));
rowify("\n <form action=\"profile_search_action.php\" method=\"GET\">\n <input type=\"text\" name=\"search_string\">\n <input type=\"submit\" value=\"" . tra("Search") . "\">\n </form>\n");
end_table();
page_tail();
function select_profile($cmd)
{
$can_edit_title = $post->parent_post == 0 && $thread_owner->id == $logged_in_user->id && !is_banished($logged_in_user);
$content = post_str("content", true);
$title = post_str("title", true);
$preview = post_str("preview", true);
if (post_str('submit', true) && !$preview) {
check_tokens($logged_in_user->authenticator);
$add_signature = post_str('add_signature', true) == "1" ? 1 : 0;
$content = substr($content, 0, 64000);
$content = trim($content);
if (strlen($content)) {
$content = BoincDb::escape_string($content);
$now = time();
$post->update("signature={$add_signature}, content='{$content}', modified={$now}");
if ($can_edit_title) {
$title = trim($title);
$title = sanitize_tags($title);
$title = BoincDb::escape_string($title);
$thread->update("title='{$title}'");
}
header("Location: forum_thread.php?id={$thread->id}&postid={$postid}");
} else {
delete_post($post, $thread, $forum);
header("Location: forum_forum.php?id={$forum->id}");
}
}
page_head(tra("Forum"), '', '', '', $bbcode_js);
show_forum_header($logged_in_user);
switch ($forum->parent_type) {
case 0:
$category = BoincCategory::lookup_id($forum->category);
show_forum_title($category, $forum, $thread);
Header("Location: bolt.php");
break;
case 'review':
// user chose to do review then repeat an exercise set
//
$view = finalize_view($view_id, BOLT_ACTION_REVIEW);
debug_show_state(unserialize($view->state), "Initial");
$iter = new BoltIter($course_doc);
$iter->decode_state($view->state);
$iter->at();
if (!$iter->xset) {
echo "NO XSET";
exit;
}
$xset = $iter->xset;
$unit_name = sanitize_tags(get_str('unit_name'));
$found = $xset->start_review($iter, $unit_name);
if (!$found) {
echo "REVIEW UNIT MISSING";
exit;
}
$iter->at();
$mode = default_mode($iter->item);
$view_id = create_view($iter, $mode, $view->id);
show_item($iter, $view_id, $view->id, $mode);
break;
case 'repeat':
// user chose to repeat an exercise set
//
$view = finalize_view($view_id, BOLT_ACTION_REPEAT);
debug_show_state(unserialize($view->state), "Initial");
}
if (!is_ascii($passwd)) {
show_error(tra("Passwords may only include ASCII characters."));
}
if (strlen($passwd) < $min_passwd_length) {
show_error(tra("New password is too short: minimum password length is %1 characters.", $min_passwd_length));
}
$passwd_hash = md5($passwd . $new_email_addr);
$country = post_str("country");
if ($country == "") {
$country = "International";
}
if (!is_valid_country($country)) {
error_page("bad country");
}
$postal_code = sanitize_tags(post_str("postal_code", true));
$user = make_user($new_email_addr, $new_name, $passwd_hash, $country, $postal_code, $project_prefs, $teamid);
if (!$user) {
show_error(tra("Couldn't create account"));
}
if (defined('INVITE_CODES')) {
error_log("Account '{$new_email_addr}' created using invitation code '{$invite_code}'");
}
// In success case, redirect to a fixed page so that user can
// return to it without getting "Repost form data" stuff
$next_url = post_str('next_url', true);
$next_url = sanitize_local_url($next_url);
if ($next_url) {
Header("Location: " . url_base() . "{$next_url}");
} else {
Header("Location: " . url_base() . "home.php");
$next_url = urldecode($next_url);
$next_url = sanitize_local_url($next_url);
if (strlen($next_url) == 0) {
$next_url = "home.php";
}
$perm = false;
if (isset($_POST['stay_logged_in'])) {
$perm = $_POST['stay_logged_in'];
}
// check for account key case.
// see if key is in URL; if not then check for POST data
//
$authenticator = get_str("key", true);
if (!$authenticator) {
$authenticator = post_str("authenticator", true);
}
if ($authenticator) {
login_with_auth($authenticator, $next_url, $perm);
exit;
}
$email_addr = strtolower(sanitize_tags(post_str("email_addr", true)));
$passwd = post_str("passwd", true);
if ($email_addr && $passwd) {
if (LDAP_HOST && !is_valid_email_addr($email_addr)) {
login_with_ldap($email_addr, $passwd, $next_url, $perm);
} else {
login_with_email($email_addr, $passwd, $next_url, $perm);
}
exit;
}
error_page("You must supply an email address and password");
function edit_action($forum)
{
$title = sanitize_tags(post_str('title'));
$title = BoincDb::escape_string($title);
$description = sanitize_tags(post_str('description'));
$description = BoincDb::escape_string($description);
$post_min_interval = post_int('post_min_interval');
$post_min_total_credit = post_int('post_min_total_credit');
$post_min_expavg_credit = post_int('post_min_expavg_credit');
$ret = $forum->update("title='{$title}', description='{$description}', post_min_interval={$post_min_interval}, post_min_total_credit={$post_min_total_credit}, post_min_expavg_credit={$post_min_expavg_credit}");
if ($ret) {
page_head(tra("Team Message Board Updated"));
echo tra("Update successful");
page_tail();
} else {
error_page(tra("Update failed"));
}
}
if ($format == 'xml') {
echo "<teams>\n";
$total = 0;
foreach ($teams as $team) {
show_team_xml($team);
$total++;
if ($total == 100) {
break;
}
}
echo "</teams>\n";
exit;
}
page_head(tra("Search Results"));
if (count($teams)) {
echo "<h2>" . tra("Search results for '%1'", sanitize_tags($team_name)) . "</h2>";
echo "<p>";
echo tra("You may view these teams' members, statistics, and information.");
echo "<ul>";
foreach ($teams as $team) {
echo "<li>";
echo "<a href=team_display.php?teamid={$team->id}>";
echo "{$team->name}</a></li>";
}
echo "</ul>";
if (count($teams) == 100) {
echo tra("More than 100 teams match your search. The first 100 are shown.") . "<br>\n ";
}
}
echo tra("End of results. %1 If you cannot find the team you are looking for, you may %2create a team%3 yourself.", "<br>", "<a href=team_create_form.php>", "</a>");
page_tail();
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once "../inc/util.inc";
require_once "../inc/translation.inc";
check_get_args(array("set_lang"));
$languages = get_supported_languages();
if (!is_array($languages)) {
error_page("Language selection not enabled. Project admins must run the update_translations.php script.");
}
$prefs = "";
if (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) {
$prefs = $_SERVER["HTTP_ACCEPT_LANGUAGE"];
$prefs = sanitize_tags($prefs);
}
$set_lang = get_str("set_lang", true);
if ($set_lang) {
if (!in_array($set_lang, $languages) && $set_lang != "auto") {
error_page("Language not supported");
} else {
send_cookie('lang', $set_lang, true);
header("Location: index.php");
exit;
}
}
page_head(tra("Language selection"));
function language_name($code)
{
if ($code == 'en') {
