function render() { SpotTiming::start(__FUNCTION__); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_spots_index, ''); # als een zoekopdracht is meegegevne, moeten er ook rechten zijn om te mogen zoeken if (!empty($this->_params['search'])) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_search, ''); } # if $spotsOverview = new SpotsOverview($this->_db, $this->_settings); # Zet the query parameters om naar een lijst met filters, velden, # en sorteringen etc $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); $parsedSearch = $spotsOverview->filterToQuery($this->_params['search'], array('field' => $this->_params['sortby'], 'direction' => $this->_params['sortdir']), $this->_currentSession, $spotUserSystem->getIndexFilter($this->_currentSession['user']['userid'])); # Haal de offset uit de URL en zet deze als startid voor de volgende zoektocht # Als de offset niet in de url staat, zet de waarde als 0, het is de eerste keer # dat de index pagina wordt aangeroepen $pageNr = $this->_params['pagenr']; $nextPage = $pageNr + 1; if ($nextPage == 1) { $prevPage = -1; } else { $prevPage = max($pageNr - 1, 0); } # else # afhankelijk van wat er gekozen is, voer het uit if (isset($parsedSearch['filterValueList'][0]['fieldname']) && $parsedSearch['filterValueList'][0]['fieldname'] == "Watch") { # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_watchlist, ''); switch ($this->_action) { case 'remove': $this->_db->removeFromSpotStateList(SpotDb::spotstate_Watch, $this->_params['messageid'], $this->_currentSession['user']['userid']); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $spotsNotifications->sendWatchlistHandled($this->_action, $this->_params['messageid']); break; case 'add': $this->_db->addToSpotStateList(SpotDb::spotstate_Watch, $this->_params['messageid'], $this->_currentSession['user']['userid'], ''); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $spotsNotifications->sendWatchlistHandled($this->_action, $this->_params['messageid']); break; default: } # switch } # if # laad de spots $spotsTmp = $spotsOverview->loadSpots($this->_currentSession['user']['userid'], $pageNr, $this->_currentSession['user']['prefs']['perpage'], $parsedSearch); # als er geen volgende pagina is, ook niet tonen if (!$spotsTmp['hasmore']) { $nextPage = -1; } # if # zet de page title $this->_pageTitle = "overzicht"; #- display stuff -# $this->template('spots', array('spots' => $spotsTmp['list'], 'quicklinks' => $this->_settings->get('quicklinks'), 'filters' => $this->_db->getFilterList($this->_currentSession['user']['userid'], 'filter'), 'nextPage' => $nextPage, 'prevPage' => $prevPage, 'parsedsearch' => $parsedSearch, 'data' => $this->_params['data'])); SpotTiming::stop(__FUNCTION__); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_comment, ''); # Sportparser is nodig voor het escapen van de random string $spotParser = new SpotParser(); # spot signing is nodig voor het RSA signen van de spot en dergelijke $spotSigning = new SpotSigning(); # creeer een default comment zodat het form altijd # de waardes van het form kan renderen $comment = array('body' => '', 'rating' => 0, 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => ''); # postcomment verzoek was standaard niet geprobeerd $postResult = array(); # zet de page title $this->_pageTitle = "spot: post comment"; # Als de user niet ingelogged is, dan heeft dit geen zin if ($this->_currentSession['user']['userid'] == SPOTWEB_ANONYMOUS_USERID) { $postResult = array('result' => 'notloggedin'); unset($this->_commentForm['submit']); } # if # Zorg er voor dat reserved usernames geen comments kunnen posten $spotUser = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUser->validUsername($this->_currentSession['user']['username'])) { $postResult = array('result' => 'notloggedin'); unset($this->_commentForm['submit']); } # if if (isset($this->_commentForm['submit'])) { # submit unsetten we altijd unset($this->_commentForm['submit']); # zorg er voor dat alle variables ingevuld zijn $comment = array_merge($comment, $this->_commentForm); # vraag de users' privatekey op $this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']); # het messageid krijgen we met <>'s, maar we werken # in spotweb altijd zonder, dus die strippen we $comment['newmessageid'] = substr($comment['newmessageid'], 1, -1); # valideer of we deze comment kunnen posten, en zo ja, doe dat dan $spotPosting = new SpotPosting($this->_db, $this->_settings); $formMessages['errors'] = $spotPosting->postComment($this->_currentSession['user'], $comment); if (empty($formMessages['errors'])) { $postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'userid' => $spotSigning->calculateUserid($this->_currentSession['user']['publickey']), 'rating' => $comment['rating'], 'body' => $comment['body']); } else { $postResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('postcomment', array('postcommentform' => $comment, 'formmessages' => $formMessages, 'postresult' => $postResult)); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_report_spam, ''); # Sportparser is nodig voor het escapen van de random string $spotParser = new SpotParser(); # spot signing is nodig voor het RSA signen van de spot en dergelijke $spotSigning = Services_Signing_Base::newServiceSigning(); # creeer een default report $report = array('body' => 'This is SPAM!', 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => ''); # reportpost verzoek was standaard niet geprobeerd $postResult = array(); # zet de page title $this->_pageTitle = "report: report spot"; /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_reportForm['action']; # Make sure the anonymous user and reserved usernames cannot post content $spotUser = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUser->allowedToPost($this->_currentSession['user'])) { $postResult = array('result' => 'notloggedin'); $formAction = ''; } # if if ($formAction == 'post') { # Notificatiesysteem initialiseren $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); # zorg er voor dat alle variables ingevuld zijn $report = array_merge($report, $this->_reportForm); # vraag de users' privatekey op $this->_currentSession['user']['privatekey'] = $this->_db->getUserPrivateRsaKey($this->_currentSession['user']['userid']); # het messageid krijgen we met <>'s, maar we werken # in spotweb altijd zonder, dus die strippen we $report['newmessageid'] = substr($report['newmessageid'], 1, -1); # valideer of we dit report kunnen posten, en zo ja, doe dat dan $spotPosting = new SpotPosting($this->_db, $this->_settings); $formMessages['errors'] = $spotPosting->reportSpotAsSpam($this->_currentSession['user'], $report); if (empty($formMessages['errors'])) { $postResult = array('result' => 'success'); # en verstuur een notificatie $spotsNotifications->sendReportPosted($report['inreplyto']); } else { $postResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('spamreport', array('postreportform' => $report, 'formmessages' => $formMessages, 'postresult' => $postResult)); }
function render() { # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_statistics, ''); # init $spotsOverview = new SpotsOverview($this->_db, $this->_settings); $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = _("Statistieken"); #- display stuff -# $parsedSearch = $spotsOverview->filterToQuery('', array('field' => '', 'direction' => ''), $this->_currentSession, $spotUserSystem->getIndexFilter($this->_currentSession['user']['userid'])); $this->template('statistics', array('quicklinks' => $this->_settings->get('quicklinks'), 'filters' => $spotUserSystem->getFilterList($this->_currentSession['user']['userid'], 'filter'), 'parsedsearch' => $parsedSearch, 'limit' => $this->_params['limit'])); }
function render() { # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_send_notifications_services, 'twitter'); # Instantieer het Spot user system & notificatiesysteem $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $requestArray = array_merge_recursive($this->_currentSession['user']['prefs']['notifications']['twitter'], array('consumer_key' => $this->_settings->get('twitter_consumer_key'), 'consumer_secret' => $this->_settings->get('twitter_consumer_secret'))); if ($this->_params['action'] == 'verify') { $this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray); # een foute PIN invoeren geeft een notice, terwijl we zonder notice al een prima foutafhandeling hebben list($http_code, $access_token) = @$this->_notificationService->verifyPIN($this->_params['pin']); if ($http_code == 200) { # request_token hebben we niet meer nodig $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = ''; $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = ''; # access_token is wat we wel willen opslaan $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = $access_token['screen_name']; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = $access_token['oauth_token']; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = $access_token['oauth_token_secret']; $spotUserSystem->setUser($this->_currentSession['user']); echo "Account " . $access_token['screen_name'] . " geverifiëerd."; } else { echo "Code " . $http_code . ": " . $this->getError($http_code); } # if } elseif ($this->_params['action'] == 'remove') { $screen_name = $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name']; $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = ''; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = ''; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = ''; $spotUserSystem->setUser($this->_currentSession['user']); echo "Account " . $screen_name . " verwijderd."; } else { $this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray); list($http_code, $request_token, $registerURL) = @$this->_notificationService->requestAuthorizeURL(); if ($http_code == 200) { # request_token slaan we op in de preferences, deze hebben we # weer nodig wanneer de PIN wordt ingevoerd $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = $request_token['oauth_token']; $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = $request_token['oauth_token_secret']; $spotUserSystem->setUser($this->_currentSession['user']); echo $registerURL; } else { echo "Code " . $http_code . ": " . $this->getError($http_code); } # if } # if }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_login, ''); # creeer een default credentials zodat het form altijd # de waardes van het form kan renderen $credentials = array('username' => '', 'password' => ''); # login verzoek was standaard niet geprobeerd $loginResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: login"; # Is dit een submit van een form, of nog maar de aanroep? if (isset($this->_loginForm['submit'])) { # submit unsetten we altijd unset($this->_loginForm['submit']); # valideer de user $credentials = array_merge($credentials, $this->_loginForm); $tryLogin = $spotUserSystem->login($credentials['username'], $credentials['password']); if (!$tryLogin) { $loginResult = array('result' => 'failure'); } else { $loginResult = array('result' => 'success'); $this->_currentSession = $tryLogin; } # else } else { # Als de user al een sessie heeft, voeg een waarschuwing toe if ($this->_currentSession['user']['userid'] != SPOTWEB_ANONYMOUS_USERID) { $loginResult = array('result' => 'alreadyloggedin'); } # if } # else #- display stuff -# $this->template('login', array('loginform' => $credentials, 'formmessages' => $formMessages, 'loginresult' => $loginResult, 'data' => $this->_params['data'])); } # render
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_login, ''); # creeer een default credentials zodat het form altijd # de waardes van het form kan renderen $credentials = array('username' => '', 'password' => ''); # login verzoek was standaard niet geprobeerd $loginResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: login"; # bring the form action into the local scope $formAction = $this->_loginForm['action']; # Is dit een submit van een form, of nog maar de aanroep? if (!empty($formAction)) { # valideer de user $credentials = array_merge($credentials, $this->_loginForm); $tryLogin = $spotUserSystem->login($credentials['username'], $credentials['password']); if (!$tryLogin) { /* Create an audit event */ if ($this->_settings->get('auditlevel') != SpotSecurity::spot_secaudit_none) { $spotAudit = new SpotAudit($this->_db, $this->_settings, $this->_currentSession['user'], $this->_currentSession['session']['ipaddr']); $spotAudit->audit(SpotSecurity::spotsec_perform_login, 'incorrect user or pass', false); } # if $loginResult = array('result' => 'failure'); $formMessages['errors'][] = _('Invalid username or password'); } else { $loginResult = array('result' => 'success'); $this->_currentSession = $tryLogin; } # else } else { # Als de user al een sessie heeft, voeg een waarschuwing toe if ($this->_currentSession['user']['userid'] != $this->_settings->get('nonauthenticated_userid')) { $loginResult = array('result' => 'alreadyloggedin'); } # if } # else #- display stuff -# $this->template('login', array('loginform' => $credentials, 'formmessages' => $formMessages, 'loginresult' => $loginResult, 'http_referer' => $this->_loginForm['http_referer'], 'data' => $this->_params['data'])); }
function render() { # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_mark_spots_asread, ''); # en update het user record $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # clear the spotstate list als dit toegestaan is if ($this->_spotSec->allowed(SpotSecurity::spotsec_keep_own_seenlist, '')) { $this->_db->markAllAsRead($this->_currentSession['user']['userid']); } # if # we willen niet dat dit gecached wordt $this->sendExpireHeaders(true); # reset the lastvisit en lastread timestamp $spotUserSystem->resetReadStamp($this->_currentSession['user']); echo "<xml><return>ok</return></xml>"; }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_blacklist_spotter, ''); # creeer een default blacklist $blackList = array('spotterid' => '', 'origin' => ''); # blacklist is standaard niet geprobeerd $postResult = array(); # zet de page title $this->_pageTitle = "report: blacklist spotter"; /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_blForm['action']; # Make sure the anonymous user and reserved usernames cannot post content $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUserSystem->allowedToPost($this->_currentSession['user'])) { $postResult = array('result' => 'notloggedin'); $formAction = ''; } # if if (!empty($formAction)) { # zorg er voor dat alle variables ingevuld zijn $blackList = array_merge($blackList, $this->_blForm); switch ($formAction) { case 'addspotterid': $spotUserSystem->addSpotterToList($this->_currentSession['user']['userid'], $blackList['spotterid'], $blackList['origin'], $blackList['idtype']); break; # case addspotterid # case addspotterid case 'removespotterid': $idtyPe = $blackList['idtype']; $spotUserSystem->removeSpotterFromList($this->_currentSession['user']['userid'], $blackList['spotterid']); break; # case removespotterid } # switch $postResult = array('result' => 'success'); } # if #- display stuff -# $this->template('blacklistspotter', array('blacklistspotter' => $blackList, 'formmessages' => $formMessages, 'postresult' => $postResult)); }
function render() { # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_logout, ''); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # logout mag niet gecached worden $this->sendExpireHeaders(true); # als het geen anonymous user is if ($this->_currentSession['user']['userid'] != 1) { $spotUserSystem->removeSession($this->_currentSession['session']['sessionid']); echo '<xml><result>OK</result></xml>'; } else { echo '<xml><result>ERROR</result></xml>'; } # else } # render
function render() { # Check users' permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_logout, ''); # Instanatiate the spotweb user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # make sure the logout isn't cached $this->sendExpireHeaders(true); # send the appropriate content-type header $this->sendContentTypeHeader('xml'); # and remove the users' session if the user isn't the anonymous one if ($this->_currentSession['user']['userid'] != $this->_settings->get('nonauthenticated_userid')) { $spotUserSystem->removeSession($this->_currentSession['session']['sessionid']); echo '<xml><result>OK</result></xml>'; } else { echo '<xml><result>ERROR</result></xml>'; } # else }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_securitygroups, ''); # editsecgroup resultaat is standaard niet geprobeerd $editResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit security groups"; # haal de te editten securitygroup op $secGroup = $spotUserSystem->getSecGroup($this->_groupId); /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editSecGroupForm['action']; # als de te wijzigen security group niet gevonden kan worden, # geef dan een error if (empty($secGroup) && $formAction != 'addgroup') { $editResult = array('result' => 'failure'); $formMessages['errors'][] = _('Group does\'nt exist'); } # if # Als er een van de ingebouwde groepen geprobeerd bewerkt te worden, # geef dan ook een error. if (!empty($formAction) && $formAction != 'addgroup' && $secGroup['id'] < 6) { $editResult = array('result' => 'failure'); $formMessages['errors'][] = _('Built-in groups can not be edited'); } # if # Is dit een submit van een form, of nog maar de aanroep? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'removegroup': $spotUserSystem->removeSecGroup($secGroup); $editResult = array('result' => 'success'); break; # case 'removegroup' # case 'removegroup' case 'addperm': $formMessages['errors'] = $spotUserSystem->addPermToSecGroup($this->_groupId, $this->_editSecGroupForm); if (!empty($formMessages['errors'])) { $editResult = array('result' => 'failure'); } else { $editResult = array('result' => 'success'); } # else break; # case 'addperm' # case 'addperm' case 'removeperm': $spotUserSystem->removePermFromSecGroup($this->_groupId, $this->_editSecGroupForm); $editResult = array('result' => 'success'); break; # case 'removeparm' # case 'removeparm' case 'setallow': case 'setdeny': $this->_editSecGroupForm['deny'] = (bool) ($formAction == 'setdeny'); $spotUserSystem->setDenyForPermFromSecGroup($this->_groupId, $this->_editSecGroupForm); $editResult = array('result' => 'success'); break; # case 'setallow' / 'setdeny' # case 'setallow' / 'setdeny' case 'addgroup': case 'changename': # update het security group record $secGroup['name'] = $this->_editSecGroupForm['name']; # controleer en repareer alle preferences list($formMessages['errors'], $secGroup) = $spotUserSystem->validateSecGroup($secGroup); if (empty($formMessages['errors'])) { # en update de database switch ($formAction) { case 'changename': $spotUserSystem->setSecGroup($secGroup); break; case 'addgroup': $spotUserSystem->addSecGroup($secGroup); break; } # switch $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # if break; # case 'changename' } # switch } # if #- display stuff -# $this->template('editsecgroup', array('securitygroup' => $secGroup, 'formmessages' => $formMessages, 'http_referer' => $this->_editSecGroupForm['http_referer'], 'editresult' => $editResult)); }
function render() { $groupMembership = array(); $formMessages = array('errors' => array(), 'info' => array()); # check the users' permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # per default the result is 'not tried' $editResult = array(); # Instantiate the spotuser object $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # and create a nic and shiny page title $this->_pageTitle = "spot: edit user"; # retrieve the to-edit user $spotUser = $this->_db->getUser($this->_userIdToEdit); if ($spotUser === false) { $formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit); $editResult = array('result' => 'failure'); } # if # request the users' groupmembership if ($spotUser != false) { $groupMembership = $this->_db->getGroupList($spotUser['userid']); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserForm['action']; # Only perform certain validations when the form is actually submitted if (!empty($formAction) && empty($formMessages['errors'])) { # sta niet toe, dat de admin user gewist wordt if ($spotUser['userid'] <= SPOTWEB_ADMIN_USERID && $formAction == 'delete') { $formMessages['errors'][] = _('Admin and Anonymous can not be deleted'); $editResult = array('result' => 'failure'); } # if } # if # Only perform certain validations when the form is actually submitted if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'delete': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, ''); $spotUser = array_merge($spotUser, $this->_editUserForm); $spotUserSystem->removeUser($spotUser['userid']); $editResult = array('result' => 'success'); break; # case delete # case delete case 'edit': # Remove any non-valid fields from the array $this->_editUserForm = $this->cleanseEditForm($this->_editUserForm); # validate the user fields $spotUser = array_merge($spotUser, $this->_editUserForm); $formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, true); if (empty($formMessages['errors'])) { # actually update the user record $spotUserSystem->setUser($spotUser); /* * Update the users' password, but only when * a new password is given */ if (!empty($spotUser['newpassword1'])) { $spotUserSystem->setUserPassword($spotUser); } # if /* * Did we get an groupmembership list? If so, * try to update it as well */ if (isset($this->_editUserForm['grouplist'])) { # retrieve the list of user groups $groupList = array(); foreach ($this->_editUserForm['grouplist'] as $val) { if ($val != 'dummy') { $groupList[] = array('groupid' => $val, 'prio' => count($groupList)); } # if } # for # make sure there is at least one group if (count($groupList) < 1) { $formMessages['errors'][] = _('A user must be member of at least one group'); $editResult = array('result' => 'failure'); } else { # Mangle the current group membership to a common format $currentGroupList = array(); foreach ($groupList as $value) { $currentGroupList[] = $value['groupid']; } # foreach # and mangle the new requested group membership $tobeGroupList = array(); foreach ($groupMembership as $value) { $tobeGroupList[] = $value['id']; } # foreach /* * Try to compare the grouplist with the current * grouplist. If the grouplist changes, the user * needs change group membership permissions */ sort($currentGroupList, SORT_NUMERIC); sort($tobeGroupList, SORT_NUMERIC); /* * If the groupmembership list changes, lets make sure * the user has the specific permission */ $groupDiff = count($currentGroupList) != count($tobeGroupList); for ($i = 0; $i < count($currentGroupList) && !$groupDiff; $i++) { $groupDiff = $currentGroupList[$i] != $tobeGroupList[$i]; } # for if ($groupDiff) { if ($this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, '')) { $spotUserSystem->setUserGroupList($spotUser, $groupList); } else { $formMessages['errors'][] = _('Changing group membership is not allowed'); $editResult = array('result' => 'failure'); } # else } # if } # if } # if # report success $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else break; # case 'edit' # case 'edit' case 'removeallsessions': $spotUserSystem->removeAllUserSessions($spotUser['userid']); $editResult = array('result' => 'success'); break; # case 'removeallsessions' # case 'removeallsessions' case 'resetuserapi': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, ''); $user = $spotUserSystem->resetUserApi($spotUser); $editResult = array('result' => 'success', 'newapikey' => $user['apikey']); break; # case resetuserapi } # switch } # if #- display stuff -# $this->template('edituser', array('edituserform' => $spotUser, 'formmessages' => $formMessages, 'editresult' => $editResult, 'groupMembership' => $groupMembership)); }
die("Database schema is gewijzigd, draai upgrade-db.php aub" . PHP_EOL); } # if # Creer het settings object $settings = SpotSettings::singleton($db, $settings); # Controleer eerst of de settings versie nog wel geldig zijn if (!$settings->settingsValid()) { die("Globale settings zijn gewijzigd, draai upgrade-db.php aub" . PHP_EOL); } # if $req = new SpotReq(); $req->initialize($settings); # We willen alleen uitgevoerd worden door een user die dat mag als # we via de browser aangeroepen worden. Via console halen we altijd # het admin-account op $spotUserSystem = new SpotUserSystem($db, $settings); if (isset($_SERVER['SERVER_PROTOCOL'])) { # Vraag de API key op die de gebruiker opgegeven heeft $apiKey = $req->getDef('apikey', ''); $userSession = $spotUserSystem->verifyApi($apiKey); if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) { die("Access denied"); } # if } else { $userSession['user'] = $db->getUser(SPOTWEB_ADMIN_USERID); $userSession['security'] = new SpotSecurity($db, $settings, $userSession['user']); } # if if ($req->getDef('output', '') == 'xml') { echo "<xml>";
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, ''); # Sportparser is nodig voor het escapen van de random string $spotParser = new SpotParser(); # spot signing is nodig voor het RSA signen van de spot en dergelijke $spotSigning = new SpotSigning(); # creeer een default spot zodat het form altijd # de waardes van het form kan renderen $spot = array('title' => '', 'body' => '', 'category' => 0, 'subcatz' => '', 'subcatlist' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => ''); # postspot verzoek was standaard niet geprobeerd $postResult = array(); # zet de page title $this->_pageTitle = "spot: post"; # Als de user niet ingelogged is, dan heeft dit geen zin if ($this->_currentSession['user']['userid'] == SPOTWEB_ANONYMOUS_USERID) { $postResult = array('result' => 'notloggedin'); unset($this->_spotForm['submit']); } # if # Zorg er voor dat reserved usernames geen spots kunnen posten $spotUser = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUser->validUsername($this->_currentSession['user']['username'])) { $postResult = array('result' => 'notloggedin'); unset($this->_spotForm['submit']); } # if # If user tried to submit, validate the file uploads if (isset($this->_spotForm['submit'])) { # Make sure an NZB file was provided if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['nzbfile'] != UPLOAD_ERR_OK) { $formMessages['errors'][] = array('postspot_invalidnzb', '(none given)'); $postResult = array('result' => 'failure'); // $xml = file_get_contents($_FILES['filterimport']['tmp_name']); unset($this->_spotForm['submit']); } # if # Make sure an imgae file was provided if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['imagefile'] != UPLOAD_ERR_OK) { $formMessages['errors'][] = array('postspot_imageinvalid', '(none given)'); $postResult = array('result' => 'failure'); // $xml = file_get_contents($_FILES['filterimport']['tmp_name']); unset($this->_spotForm['submit']); } # if } # if if (isset($this->_spotForm['submit'])) { # Notificatiesysteem initialiseren $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); # submit unsetten we altijd unset($this->_spotForm['submit']); # De subcatz wordt per hoofdcategory doorgegeven, merge die naar 1 # subcatz $spot['subcatz'] = isset($this->_spotForm['subcatz' . $this->_spotForm['category']]) ? $this->_spotForm['subcatz' . $this->_spotForm['category']] : ''; # zorg er voor dat alle variables ingevuld zijn $spot = array_merge($spot, $this->_spotForm); # vraag de users' privatekey op $this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']); # het messageid krijgen we met <>'s, maar we werken # in spotweb altijd zonder, dus die strippen we $spot['newmessageid'] = substr($spot['newmessageid'], 1, -1); # valideer of we deze spot kunnen posten, en zo ja, doe dat dan $spotPosting = new SpotPosting($this->_db, $this->_settings); $formMessages['errors'] = $spotPosting->postSpot($this->_currentSession['user'], $spot, $_FILES['newspotform']['tmp_name']['imagefile'], $_FILES['newspotform']['tmp_name']['nzbfile']); if (empty($formMessages['errors'])) { $postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'userid' => $spotSigning->calculateUserid($this->_currentSession['user']['publickey']), 'body' => $spot['body']); # en verstuur een notificatie $spotsNotifications->sendSpotPosted($spot); } else { $postResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('newspot', array('postspotform' => $spot, 'formmessages' => $formMessages, 'postresult' => $postResult)); }
function search($outputtype) { # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_search, ''); $spotsOverview = new SpotsOverview($this->_db, $this->_settings); $search = array(); if (($this->_params['t'] == "t" || $this->_params['t'] == "tvsearch") && $this->_params['rid'] != "") { # validate input if (!preg_match('/^[0-9]{1,6}$/', $this->_params['rid'])) { $this->showApiError(201); } # if # fetch remote content $dom = new DomDocument(); $dom->prevservWhiteSpace = false; if (!@$dom->load('http://services.tvrage.com/feeds/showinfo.php?sid=' . $this->_params['rid'] . '/')) { $this->showApiError(300); } # if $showTitle = $dom->getElementsByTagName('showname'); $tvSearch = $showTitle->item(0)->nodeValue; $epSearch = ''; if (preg_match('/^[sS][0-9]{1,2}$/', $this->_params['season']) || preg_match('/^[0-9]{1,2}$/', $this->_params['season'])) { $epSearch = is_numeric($this->_params['season']) ? 'S' . str_pad($this->_params['season'], 2, "0", STR_PAD_LEFT) : $this->_params['season']; } elseif ($this->_params['season'] != "") { $this->showApiError(201); } # if if (preg_match('/^[eE][0-9]{1,2}$/', $this->_params['ep']) || preg_match('/^[0-9]{1,2}$/', $this->_params['ep'])) { $epSearch .= is_numeric($this->_params['ep']) ? 'E' . str_pad($this->_params['ep'], 2, "0", STR_PAD_LEFT) : $this->_params['ep']; } elseif ($this->_params['ep'] != "") { $this->showApiError(201); } # if $search['value'][] = "Titel:=:" . trim($tvSearch) . " " . $epSearch; } elseif ($this->_params['t'] == "music") { if (empty($this->_params['artist']) && empty($this->_params['cat'])) { $this->_params['cat'] = 3000; } else { $search['value'][] = "Titel:=:\"" . $this->_params['artist'] . "\""; } # if } elseif ($this->_params['t'] == "m" || $this->_params['t'] == "movie") { # validate input if ($this->_params['imdbid'] == "") { $this->showApiError(200); } elseif (!preg_match('/^[0-9]{1,8}$/', $this->_params['imdbid'])) { $this->showApiError(201); } # if # fetch remote content if (!@($imdb_content = file_get_contents('http://uk.imdb.com/title/tt' . $this->_params['imdbid'] . '/'))) { $this->showApiError(300); } # if preg_match('/<h1 class="header" itemprop="name">([^\\<]*)<span>/ms', $imdb_content, $movieTitle); $search['value'][] = "Titel:=:\"" . trim($movieTitle[1]) . "\""; } elseif (!empty($this->_params['q'])) { $searchTerm = str_replace(" ", " +", $this->_params['q']); $search['value'][] = "Titel:=:+" . $searchTerm; } # elseif if ($this->_params['maxage'] != "" && is_numeric($this->_params['maxage'])) { $search['value'][] = "date:>:-" . $this->_params['maxage'] . "days"; } $tmpCat = array(); foreach (explode(",", $this->_params['cat']) as $category) { $tmpCat[] = $this->nabcat2spotcat($category); } # foreach $search['tree'] = implode(",", $tmpCat); # Spots met een filesize 0 niet opvragen $search['value'][] = "filesize:>:0"; $limit = $this->_currentSession['user']['prefs']['perpage']; if ($this->_params['limit'] != "" && is_numeric($this->_params['limit']) && $this->_params['limit'] < 500) { $limit = $this->_params['limit']; } $pageNr = $this->_params['offset'] != "" && is_numeric($this->_params['offset']) ? $this->_params['offset'] : 0; $offset = $pageNr * $limit; $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); $parsedSearch = $spotsOverview->filterToQuery($search, array('field' => 'stamp', 'direction' => 'DESC'), $this->_currentSession, $spotUserSystem->getIndexFilter($this->_currentSession['user']['userid'])); $spots = $spotsOverview->loadSpots($this->_currentSession['user']['userid'], $pageNr, $limit, $parsedSearch); $this->showResults($spots, $offset, $outputtype); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); # edituserprefs resultaat is standaard niet geprobeerd $editResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user preferences"; # haal de te editten user op $spotUser = $this->_db->getUser($this->_currentSession['user']['userid']); if ($spotUser === false) { $formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username'])); $editResult = array('result' => 'failure'); } # if # Bepaal welke actie er gekozen was (welke knop ingedrukt was) $formAction = ''; if (isset($this->_editUserPrefsForm['submitedit'])) { $formAction = 'edit'; unset($this->_editUserPrefsForm['submitedit']); } elseif (isset($this->_editUserPrefsForm['submitcancel'])) { $formAction = 'cancel'; unset($this->_editUserPrefsForm['submitcancel']); } # if # We vragen de anonymous user account op, omdat die z'n preferences gebruikt worden # als basis. $anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID); # Is dit een submit van een form, of nog maar de aanroep? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'edit': # We hebben een aantal dummy preferences welke een speciale actie heeft voor ons, we nemen er hier # actie over. In de functie cleanseUserPreferences() worden ze automatisch gestripped. if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) { $spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'icon' => 'spotweb.png', 'tree' => '~cat0_z3')); } else { $spotUserSystem->removeIndexFilter($spotUser['userid']); } # if # Er mogen geen user preferences doorgegeven worden, welke niet in de anonuser preferences staan, # een merge met de anonuser preferences kan niet, omdat dat niet opgegeven checkboxes (die komen gewoon # niet door), op true of false zou zetten naar gelang de default parameter en dus het formulier zou # negeren. $spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs']); # controleer en repareer alle preferences list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $this->_currentSession['user']['prefs']); if (empty($formMessages['errors'])) { # bewerkt de user $spotUserSystem->setUser($spotUser); # als het toevoegen van de user gelukt is, laat het weten $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else # Spotweb registreren bij de notificatie-providers. Dit moet mininmaal 1 keer, dus de veiligste optie is om dit # elke keer te doen als de voorkeuren worden opgeslagen $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $spotsNotifications->register(); break; # case 'edit' # case 'edit' case 'cancel': $editResult = array('result' => 'success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult)); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_securitygroups, ''); # editsecgroup resultaat is standaard niet geprobeerd $editResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit security groups"; # haal de te editten securitygroup op $secGroup = $spotUserSystem->getSecGroup($this->_groupId); # als de te wijzigen security group niet gevonden kan worden, # geef dan een error if ((empty($secGroup)) && (!isset($this->_editSecGroupForm['submitaddgroup']))) { $editResult = array('result' => 'failure'); $formMessages['errors'][] = array('validatesecgroup_groupdoesnotexist', array($this->_groupId)); } # if # Bepaal welke actie er gekozen was (welke knop ingedrukt was) $formAction = ''; if (isset($this->_editSecGroupForm['submitaddperm'])) { $formAction = 'addperm'; unset($this->_editSecGroupForm['submitaddperm']); } elseif (isset($this->_editSecGroupForm['submitremoveperm'])) { $formAction = 'removeperm'; unset($this->_editSecGroupForm['submitremoveperm']); } elseif (isset($this->_editSecGroupForm['submitchangename'])) { $formAction = 'changename'; unset($this->_editSecGroupForm['submitchangename']); } elseif (isset($this->_editSecGroupForm['submitaddgroup'])) { $formAction = 'addgroup'; unset($this->_editSecGroupForm['submitaddgroup']); } elseif (isset($this->_editSecGroupForm['submitremovegroup'])) { $formAction = 'removegroup'; unset($this->_editSecGroupForm['submitremovegroup']); } # if # Als er een van de ingebouwde groepen geprobeerd bewerkt te worden, # geef dan ook een error. if ((!empty($formAction)) && ($formAction != 'addgroup') && ($secGroup['id'] < 4)) { $editResult = array('result' => 'failure'); $formMessages['errors'][] = array('validatesecgroup_cannoteditbuiltin', array($this->_groupId)); } # if # Is dit een submit van een form, of nog maar de aanroep? if ((!empty($formAction)) && (empty($formMessages['errors']))) { switch($formAction) { case 'removegroup' : { $spotUserSystem->removeSecGroup($secGroup); $editResult = array('result' => 'success'); break; } # case 'removegroup' case 'addperm' : { $formMessages['errors'] = $spotUserSystem->addPermToSecGroup($this->_groupId, $this->_editSecGroupForm); if (!empty($formMessages['errors'])) { $editResult = array('result' => 'failure'); } else { $editResult = array('result' => 'success'); } # else break; } # case 'addperm' case 'removeperm' : { $spotUserSystem->removePermFromSecGroup($this->_groupId, $this->_editSecGroupForm); $editResult = array('result' => 'success'); break; } # case 'removeparm' case 'addgroup' : case 'changename' : { # update het security group record $secGroup['name'] = $this->_editSecGroupForm['name']; # controleer en repareer alle preferences list ($formMessages['errors'], $secGroup) = $spotUserSystem->validateSecGroup($secGroup); if (empty($formMessages['errors'])) { # en update de database switch($formAction) { case 'changename' : $spotUserSystem->setSecGroup($secGroup); break; case 'addgroup' : $spotUserSystem->addSecGroup($secGroup); break; } # switch $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # if break; } # case 'changename' } # switch } # if #- display stuff -# $this->template('editsecgroup', array('securitygroup' => $secGroup, 'formmessages' => $formMessages, 'http_referer' => $this->_editSecGroupForm['http_referer'], 'editresult' => $editResult)); } # render
function render() { $groupMembership = array(); $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # edituser resultaat is standaard niet geprobeerd $editResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user"; # haal de te editten user op $spotUser = $this->_db->getUser($this->_userIdToEdit); if ($spotUser === false) { $formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username'])); $editResult = array('result' => 'failure'); } # if # Vraag group membership van deze user op if ($spotUser != false) { $groupMembership = $this->_db->getGroupList($spotUser['userid']); } # if # Bepaal welke actie er gekozen was (welke knop ingedrukt was) $formAction = ''; if (isset($this->_editUserForm['submitedit'])) { $formAction = 'edit'; unset($this->_editUserForm['submitedit']); } elseif (isset($this->_editUserForm['submitdelete'])) { $formAction = 'delete'; unset($this->_editUserForm['submitdelete']); $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, ''); } elseif (isset($this->_editUserForm['submitresetuserapi'])) { $formAction = 'resetapi'; unset($this->_editUserForm['submitresetuserapi']); $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, ''); } elseif (isset($this->_editUserForm['removeallsessions'])) { $formAction = 'removeallsessions'; unset($this->_editUserForm['removeallsessions']); } # else # Is dit een submit van een form, of nog maar de aanroep? if ((!empty($formAction)) && (empty($formMessages['errors']))) { # sta niet toe, dat de anonymous user gewijzigd wordt if ($spotUser['userid'] == SPOTWEB_ANONYMOUS_USERID) { $formMessages['errors'][] = array('edituser_cannoteditanonymous', array()); $editResult = array('result' => 'failure'); } # if # sta niet toe, dat de admin user gewist wordt if (($spotUser['userid'] <= SPOTWEB_ADMIN_USERID) && ($formAction == 'delete')) { $formMessages['errors'][] = array('edituser_cannotremovesystemuser', array()); $editResult = array('result' => 'failure'); } # if } # if # Is dit een submit van een form, of nog maar de aanroep? if ((!empty($formAction)) && (empty($formMessages['errors']))) { switch($formAction) { case 'delete' : { $spotUser = array_merge($spotUser, $this->_editUserForm); $spotUserSystem->removeUser($spotUser['userid']); $editResult = array('result' => 'success'); break; } # case delete case 'edit' : { # Verwijder eventueel niet geldige velden uit het formulier $this->_editUserForm = $this->cleanseEditForm($this->_editUserForm); # valideer de user $spotUser = array_merge($spotUser, $this->_editUserForm); $formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, true); if (empty($formMessages['errors'])) { # bewerkt de user $spotUserSystem->setUser($spotUser); # als de gebruker een nieuw wachtwoord opgegeven heeft, update dan # het wachtwoord ook if (!empty($spotUser['newpassword1'])) { $spotUserSystem->setUserPassword($spotUser); } # if # Zijn er ook groupmembership lijsten meegestuurd? Zo ja, # en als de user het recht heeft, update die dan ook if (isset($this->_editUserForm['grouplist'])) { # vraag de lijst met usergroepen op $groupList = array(); foreach($this->_editUserForm['grouplist'] as $val) { if ($val != 'dummy') { $groupList[] = array('groupid' => $val, 'prio' => count($groupList)); } # if } # for # zorg er voor dat er meer dan 1 groep overblijft if (count($groupList) < 1) { $formMessages['errors'][] = array('edituser_usermusthaveonegroup', array()); $editResult = array('result' => 'failure'); } else { $spotUserSystem->setUserGroupList($spotUser, $groupList); } # if } # if # als het toevoegen van de user gelukt is, laat het weten $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else break; } # case 'edit' case 'removeallsessions' : { $spotUserSystem->removeAllUserSessions($spotUser['userid']); $editResult = array('result' => 'success'); break; } # case 'removeallsessions' case 'resetapi' : { $user = $spotUserSystem->resetUserApi($spotUser); $editResult = array('result' => 'success', 'newapikey' => $user['apikey']); break; } # case resetapi } # switch } # if #- display stuff -# $this->template('edituser', array('edituserform' => $spotUser, 'formmessages' => $formMessages, 'editresult' => $editResult, 'groupMembership' => $groupMembership)); } # render
} # if # Controleer eerst of de settings versie nog wel geldig zijn if (!$settings->settingsValid()) { die("Globale settings zijn gewijzigd, draai upgrade-db.php aub" . PHP_EOL); } # if # helper functions for passed variables $req = new SpotReq(); $req->initialize($settings); $page = $req->getDef('page', 'index'); # Haal het userobject op dat 'ingelogged' is SpotTiming::start('auth'); $spotUserSystem = new SpotUserSystem($db, $settings); if ($req->doesExist('apikey')) { $currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', '')); } else { $currentSession = $spotUserSystem->useOrStartSession(); } # if /* Zonder userobject ook geen security systeem, dus dit is altijd fatal */ if ($currentSession === false) { if ($req->doesExist('apikey')) { throw new Exception("API Key Incorrect"); } else { throw new Exception("Unable to create session"); } # else } # if SpotTiming::stop('auth');
require_once "lib/exceptions/CustomException.php"; require_once "lib/exceptions/NntpException.php"; require_once "lib/SpotSecurity.php"; require_once "lib/SpotTiming.php"; require_once "settings.php"; require_once "lib/SpotDb.php"; define('USERID', 30); /* -------------------------------------------------------------------- */ echo "Included PHP classes... " . PHP_EOL; $db = new SpotDb($settings['db']); $db->connect(); echo "Connected to the database.." . PHP_EOL; $spotSettings = SpotSettings::singleton($db, $settings); $spotSigning = new SpotSigning(); $spotPosting = new SpotPosting($db, $spotSettings); $spotUserSystem = new SpotUserSystem($db, $spotSettings); echo "Initialized classes.." . PHP_EOL; $spot['category'] = 0; $spot['website'] = 'http://www.moviemeter.nl/film/69912'; $spot['body'] = 'Hierbij een cover van de film Colombiana. Met dank aan de originele poster van deze cover'; $spot['poster'] = 'Spotweb Test User'; $spot['tag'] = ''; $spot['key'] = 7; $spot['title'] = 'Colombiana cover (SWtest2)'; echo "Spot Title will be: " . $spot['title'] . PHP_EOL; $spot['category'] = 0; $spot["subcata"] = "a5|"; $spot['subcatb'] = ''; $spot['subcatc'] = '';
function getIndexFilter() { $spotUser = new SpotUserSystem($this->_db, $this->_settings); return $spotUser->getIndexFilter($this->_currentSession['user']['userid']); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_create_new_user, ''); # creeer een default spotuser zodat het form altijd # de waardes van het form kan renderen $spotUser = array('username' => '', 'firstname' => '', 'lastname' => '', 'mail' => ''); # createuser resultaat is standaard niet geprobeerd $createResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: create user"; # Is dit een submit van een form, of nog maar de aanroep? if (isset($this->_createUserForm['submit'])) { # submit unsetten we altijd unset($this->_createUserForm['submit']); # userid zetten we altijd op false voor het maken van een # nieuwe user, omdat validateUserRecord() anders denkt # dat we een bestaande user aan het bewerken zijn en we bv. # het mailaddress niet controleren op dubbelen behalve 'zichzelf' $this->_createUserForm['userid'] = false; # creeer een random password voor deze user $spotUser['newpassword1'] = substr($spotUserSystem->generateUniqueId(), 1, 9); $spotUser['newpassword2'] = $spotUser['newpassword1']; # valideer de user $spotUser = array_merge($spotUser, $this->_createUserForm); $formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, false); # Is er geen andere user met dezelfde username? if ($this->_db->usernameExists($spotUser['username'])) { $formMessages['errors'][] = array('validateuser_usernameexists', array($spotUser['username'])); } # if if (empty($formMessages['errors'])) { # Creer een private en public key paar voor deze user $spotSigning = new SpotSigning(); $userKey = $spotSigning->createPrivateKey($this->_settings->get('openssl_cnf_path')); $spotUser['publickey'] = $userKey['public']; $spotUser['privatekey'] = $userKey['private']; # Notificatiesysteem initialiseren $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); # voeg de user toe $spotUserSystem->addUser($spotUser); # als het toevoegen van de user gelukt is, laat het weten $createResult = array('result' => 'success', 'user' => $spotUser['username'], 'password' => $spotUser['newpassword1']); # verstuur een e-mail naar de nieuwe gebruiker als daar om is gevraagd if ($this->_createUserForm['sendmail'] == "true" || $this->_createUserForm['sendmail'] == "on" || $this->_settings->get('sendwelcomemail')) { $spotsNotifications->sendNewUserMail($spotUser); } # if # en verstuur een notificatie $spotsNotifications->sendUserAdded($spotUser['username'], $spotUser['newpassword1']); } else { $createResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('createuser', array('createuserform' => $spotUser, 'formmessages' => $formMessages, 'createresult' => $createResult)); }
* and more. * * We try to check if any output has been submitted, and if so, we refuse * to continue to prevent all sorts of confusing bug reports */ if (headers_sent() || (int) ob_get_length() > 0) { throw new OwnsettingsCreatedOutputException(); } # if # helper functions for passed variables $req = new SpotReq(); $req->initialize($settings); $page = $req->getDef('page', 'index'); # Retrieve the users object of the user which is logged on SpotTiming::start('auth'); $spotUserSystem = new SpotUserSystem($db, $settings); if ($req->doesExist('apikey')) { $currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', '')); } else { $currentSession = $spotUserSystem->useOrStartSession(false); } # if /* * If three is no user object, we don't have a security system * either. Without a security system we cannot boot, so fatal */ if ($currentSession === false) { if ($req->doesExist('apikey')) { $currentSession = $spotUserSystem->useOrStartSession(true); throw new PermissionDeniedException(SpotSecurity::spotsec_consume_api, 'invalid API key'); } else {
function createSystem() { global $settings; global $_testInstall_Ok; try { /* * The settings system is used to create a lot of output, * we swallow it all */ ob_start(); /* * Now create the database ... */ $settings['db'] = $_SESSION['spotsettings']['db']; $spotUpgrader = new SpotUpgrader($settings['db'], $settings); $spotUpgrader->database(); /* * and create all the different settings (only the default) ones */ $spotUpgrader->settings(); /* * Create the users */ $spotUpgrader->users(); /* * print all the output as HTML comment for debugging */ $dbCreateOutput = ob_get_contents(); ob_end_clean(); /* * Now it is time to do something with * the information the user has given to us */ $db = new SpotDb($_SESSION['spotsettings']['db']); $db->connect(); /* * add the database settings to the main settings array for now */ $settings['db'] = $_SESSION['spotsettings']['db']; /* and create the database settings */ $spotSettings = SpotSettings::singleton($db, $settings); /* * Update the NNTP settings in the databas */ $spotSettings->set('nntp_nzb', $_SESSION['spotsettings']['nntp']['nzb']); $spotSettings->set('nntp_hdr', $_SESSION['spotsettings']['nntp']['hdr']); $spotSettings->set('nntp_post', $_SESSION['spotsettings']['nntp']['post']); /* * Create the given user */ $spotUserSystem = new SpotUserSystem($db, $spotSettings); $spotUser = $_SESSION['spotsettings']['adminuser']; /* * Create a private/public key pair for this user */ $spotSigning = Services_Signing_Base::newServiceSigning(); $userKey = $spotSigning->createPrivateKey($spotSettings->get('openssl_cnf_path')); $spotUser['publickey'] = $userKey['public']; $spotUser['privatekey'] = $userKey['private']; /* * and actually add the user */ $userId = $spotUserSystem->addUser($spotUser); # Change the administrators' account password to that of this created user $adminUser = $spotUserSystem->getUser(SPOTWEB_ADMIN_USERID); $adminUser['newpassword1'] = $spotUser['newpassword1']; $spotUserSystem->setUserPassword($adminUser); # update the settings with our system type and our admin id $spotSettings->set('custom_admin_userid', $userId); $spotSettings->set('systemtype', $spotUser['systemtype']); # Set the system type $spotUpgrader->resetSystemType($spotUser['systemtype']); /* * Create the necessary database connection information */ $dbConnectionString = ''; switch ($_SESSION['spotsettings']['db']['engine']) { case 'mysql': $dbConnectionString .= "\$dbsettings['engine'] = 'mysql';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL; break; # mysql # mysql case 'postgresql': $dbConnectionString .= "\$dbsettings['engine'] = 'pdo_pgsql';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL; break; # postgresql } # switch # Try to create the dbsettings.inc.php file for the user @file_put_contents("dbsettings.inc.php", "<?php" . PHP_EOL . $dbConnectionString); $createdDbSettings = file_exists("dbsettings.inc.php"); ?> <table summary="PHP settings"> <tr> <th colspan='2'> Installation succesful </th> </tr> <tr> <td colspan='2'> Spotweb has been installed succesfuly! </td> </tr> <tr> <td colspan='2'> </td> </tr> <?php if (!$createdDbSettings) { ?> <tr> <td> → </td> <td> You need to create a textfile with the database settings in it. Please copy & paste the below exactly in a file called <i>dbsettings.inc.php</i>. <pre><?php echo "<?php " . PHP_EOL . $dbConnectionString; ?> </pre> </td> </tr> <?php } ?> <tr> <td> → </td> <td> Spotweb retrieves its information from the newsservers, this is called "retrieving" or retrieval of Spots. You need to schedule a retrieval job to run <i>retrieve.php</i> on a regular basis. The first time retrieval is run this can take up to several hours before completion. </td> </tr> </table> <?php echo '<!-- ' . $dbCreateOutput . ' -->'; } catch (Exception $x) { ?> <div id='error'><?php echo $x->getMessage(); ?> <?php echo $x->getTraceAsString(); ?> <br /><br /> </div> <?php } # exception }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Validate proper permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Make sure the editresult is set to 'not comitted' per default $editResult = array(); # Instantiat the user system as necessary for the management of user preferences $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user preferences"; # retrieve the to-edit user $spotUser = $this->_db->getUser($this->_userIdToEdit); if ($spotUser === false) { $formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit); $editResult = array('result' => 'failure'); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserPrefsForm['action']; /* * We want the annymous' users account so we can use this users' preferences as a * template. This makes sure all properties are atleast set. */ $anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID); # Are we trying to submit this form, or only rendering it? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'edit': /* * We have a few dummy preferenes -- these are submitted like a checkbox for example * but in reality do something completely different. * * Because we use cleanseUserPreferences() those dummies will not end up in the database */ if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) { $spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'enablenotify' => false, 'icon' => 'spotweb.png', 'tree' => '~cat0_z3')); } else { $spotUserSystem->removeIndexFilter($spotUser['userid']); } # if # Save the current' user preferences because we need them before cleansing $savePrefs = $spotUser['prefs']; $spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs'], $this->_tplHelper->getTemplatePreferences()); # Validate all preferences list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $savePrefs); # Make sure user has permission to select this template if ($spotUser['prefs']['normal_template'] != $savePrefs['normal_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['normal_template']); } # if if ($spotUser['prefs']['mobile_template'] != $savePrefs['mobile_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['mobile_template']); } # if if ($spotUser['prefs']['tablet_template'] != $savePrefs['tablet_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['tablet_template']); } # if if (empty($formMessages['errors'])) { # Make sure an NZB file was provided if (isset($_FILES['edituserprefsform'])) { $uploadError = $_FILES['edituserprefsform']['error']['avatar']; /** * Give a proper error if the file is too large, because changeAvatar() wont see * these errors so they cannot provide the error */ if ($uploadError == UPLOAD_ERR_FORM_SIZE || $uploadError == UPLOAD_ERR_INI_SIZE) { $formMessages['errors'][] = _("Uploaded file is too large"); } # if if ($uploadError == UPLOAD_ERR_OK) { $formMessages['errors'] = $spotUserSystem->changeAvatar($spotUser['userid'], file_get_contents($_FILES['edituserprefsform']['tmp_name']['avatar'])); } # if } # if } # if if (empty($formMessages['errors'])) { # and actually update the user in the database $spotUserSystem->setUser($spotUser); # if we didnt get an exception, it automatically succeeded $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else /* * We have the register Spotweb with the notification providers (growl, prowl, etc) atleast once. * The safes option is to just do this wih each preferences submit. But first we create a fake * session for this user. */ $fakeSession = $spotUserSystem->createNewSession($spotUser['userid']); $fakeSession['security'] = new SpotSecurity($this->_db, $this->_settings, $fakeSession['user'], ''); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $fakeSession); $spotsNotifications->register(); break; # case 'edit' # case 'edit' case 'cancel': $editResult = array('result' => 'success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult)); }
function categoriesToJson() { /* First parse the search string so we know which items to select and which not */ $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); $spotsOverview = new SpotsOverview($this->_db, $this->_settings); $parsedSearch = $spotsOverview->filterToQuery($this->_params['search'], array(), $this->_currentSession, $spotUserSystem->getIndexFilter($this->_currentSession['user']['userid'])); if ($this->_params['disallowstrongnot']) { $parsedSearch['strongNotList'] = ''; } # if $compressedCatList = ',' . $spotsOverview->compressCategorySelection($parsedSearch['categoryList'], $parsedSearch['strongNotList']); //error_log($this->_params['search']['tree']); //var_dump($parsedSearch); //var_dump($compressedCatList); //die(); echo "["; $hcatList = array(); foreach (SpotCategories::$_head_categories as $hcat_key => $hcat_val) { # The uer can opt to only show a specific category, if so, skip all others if ($hcat_key != $this->_params['category'] && $this->_params['category'] != '*') { continue; } # if # If the user choose to show only one category, we dont want the category item itself if ($this->_params['category'] == '*') { $hcatTmp = '{"title": "' . $hcat_val . '", "isFolder": true, "key": "cat' . $hcat_key . '", "children": ['; } # if $typeCatDesc = array(); if (isset(SpotCategories::$_categories[$hcat_key]['z'])) { foreach (SpotCategories::$_categories[$hcat_key]['z'] as $type_key => $type_value) { if ($type_key !== 'z' && ($this->_params['subcatz'] == $type_key || $this->_params['subcatz'] == '*')) { # Now determine wether we need to enable the checkbox $isSelected = strpos($compressedCatList, ',cat' . $hcat_key . '_z' . $type_key . ',') !== false ? "true" : "false"; # Is this strongnot? $isStrongNot = strpos($compressedCatList, ',~cat' . $hcat_key . '_z' . $type_key . ',') !== false ? true : false; if ($isStrongNot) { $isStrongNot = '"strongnot": true, "addClass": "strongnotnode", '; $isSelected = 'true'; } else { $isStrongNot = ''; } # if # If the user choose to show only one categortype, we dont want the categorytype item itself if ($this->_params['subcatz'] == '*') { $typeCatTmp = '{"title": "' . $type_value . '", "isFolder": true, ' . $isStrongNot . ' "select": ' . $isSelected . ', "hideCheckbox": false, "key": "cat' . $hcat_key . '_z' . $type_key . '", "unselectable": false, "children": ['; } # if } # if $subcatDesc = array(); foreach (SpotCategories::$_subcat_descriptions[$hcat_key] as $sclist_key => $sclist_desc) { if ($sclist_key !== 'z' && ($this->_params['subcatz'] == $type_key || $this->_params['subcatz'] == '*')) { # We inherit the strongnode from our parent $isStrongNot = strpos($compressedCatList, ',~cat' . $hcat_key . '_z' . $type_key . ',') !== false ? true : false; if ($isStrongNot) { $isStrongNot = '"strongnot": true, "addClass": "strongnotnode", '; $isSelected = 'true'; } else { $isStrongNot = ''; } # if $subcatTmp = '{"title": "' . $sclist_desc . '", "isFolder": true, ' . $isStrongNot . ' "hideCheckbox": true, "key": "cat' . $hcat_key . '_z' . $type_key . '_' . $sclist_key . '", "unselectable": false, "children": ['; # echo ".." . $sclist_desc . " <br>"; $catList = array(); foreach (SpotCategories::$_categories[$hcat_key][$sclist_key] as $key => $valTmp) { if (in_array('z' . $type_key, $valTmp[1])) { $val = $valTmp[0]; if (strlen($val) != 0 && strlen($key) != 0) { # Now determine wether we need to enable the checkbox $isSelected = strpos($compressedCatList, ',cat' . $hcat_key . '_z' . $type_key . '_' . $sclist_key . $key . ',') !== false ? true : false; $parentSelected = strpos($compressedCatList, ',cat' . $hcat_key . '_z' . $type_key . ',') !== false ? true : false; $isSelected = $isSelected || $parentSelected ? 'true' : 'false'; /* * Is this strongnot? */ $isStrongNot = strpos($compressedCatList, ',~cat' . $hcat_key . '_z' . $type_key . ',') !== false ? true : false; if (!$isStrongNot) { $isStrongNot = strpos($compressedCatList, ',~cat' . $hcat_key . '_z' . $type_key . '_' . $sclist_key . $key . ',') !== false ? true : false; } # if if ($isStrongNot) { $isStrongNot = '"strongnot": true, "addClass": "strongnotnode", '; $isSelected = 'true'; } else { $isStrongNot = ''; } # if $catList[] = '{"title": "' . $val . '", "icon": false, "select": ' . $isSelected . ', ' . $isStrongNot . '"key":"' . 'cat' . $hcat_key . '_z' . $type_key . '_' . $sclist_key . $key . '"}'; } # if } # if } # foreach $subcatTmp .= join(",", $catList); $subcatDesc[] = $subcatTmp . "]}"; } # if } # foreach if ($type_key !== 'z') { # If the user choose to show only one categortype, we dont want the categorytype item itself if ($this->_params['subcatz'] == '*') { $typeCatDesc[] = $typeCatTmp . join(",", $subcatDesc) . "]}"; } else { if (!empty($subcatDesc)) { $typeCatDesc[] = join(",", array_filter($subcatDesc)); } # if } # else } else { $typeCatDesc[] = join(",", $subcatDesc); } # else } # foreach } # foreach # If the user choose to show only one category, we dont want the category item itself if ($this->_params['category'] == '*') { $hcatList[] = $hcatTmp . join(",", $typeCatDesc) . "]}"; } else { $hcatList[] = join(",", $typeCatDesc); } # if } # foreach echo join(",", $hcatList); echo "]"; }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_filters, ''); # editfilter resultaat is standaard niet geprobeerd $editResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: filters"; # haal de te editten filter op $spotFilter = $spotUserSystem->getFilter($this->_currentSession['user']['userid'], $this->_filterId); # als de te wijzigen security group niet gevonden kan worden, # geef dan een error if (empty($spotFilter) && isset($this->_editFilterForm['submitchangefilter'])) { $editResult = array('result' => 'failure'); $formMessages['errors'][] = array('validatefilter_filterdoesnotexist', array($this->_filterId)); } # if # Bepaal welke actie er gekozen was (welke knop ingedrukt was) $formAction = ''; if (isset($this->_editFilterForm['submitaddfilter'])) { $formAction = 'addfilter'; unset($this->_editFilterForm['submitaddfilter']); } elseif (isset($this->_editFilterForm['submitremovefilter'])) { $formAction = 'removefilter'; unset($this->_editFilterForm['submitremovefilter']); } elseif (isset($this->_editFilterForm['submitchangefilter'])) { $formAction = 'changefilter'; unset($this->_editFilterForm['submitchangefilter']); } elseif (isset($this->_editFilterForm['submitdiscardfilters'])) { $formAction = 'discardfilters'; unset($this->_editFilterForm['submitdiscardfilters']); } elseif (isset($this->_editFilterForm['submitsetfiltersasdefault'])) { $formAction = 'setfiltersasdefault'; unset($this->_editFilterForm['submitsetfiltersasdefault']); $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_set_filters_as_default, ''); } elseif (isset($this->_editFilterForm['submitexportfilters'])) { $formAction = 'exportfilters'; unset($this->_editFilterForm['submitexportfilters']); } elseif (isset($this->_editFilterForm['submitimportfilters'])) { $formAction = 'importfilters'; unset($this->_editFilterForm['submitimportfilters']); } elseif (isset($this->_editFilterForm['submitreorder'])) { $formAction = 'reorder'; unset($this->_editFilterForm['submitreorder']); } # if # Is dit een submit van een form, of nog maar de aanroep? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'removefilter': $spotUserSystem->removeFilter($this->_currentSession['user']['userid'], $this->_filterId); $editResult = array('result' => 'success'); break; # case 'removefilter' # case 'removefilter' case 'discardfilters': $spotUserSystem->resetFilterList($this->_currentSession['user']['userid']); $editResult = array('result' => 'success'); break; # case 'discardfilters' # case 'discardfilters' case 'setfiltersasdefault': $spotUserSystem->setFiltersAsDefault($this->_currentSession['user']['userid']); $editResult = array('result' => 'success'); break; # case 'setfiltersasdefault' # case 'setfiltersasdefault' case 'exportfilters': $editResult = $spotUserSystem->filtersToXml($spotUserSystem->getPlainFilterList($this->_currentSession['user']['userid'], 'filter')); break; # case 'exportfilters' # case 'exportfilters' case 'importfilters': if (isset($_FILES['filterimport'])) { if ($_FILES['filterimport']['error'] == UPLOAD_ERR_OK) { $xml = file_get_contents($_FILES['filterimport']['tmp_name']); try { $filterList = $spotUserSystem->xmlToFilters($xml); $spotUserSystem->setFilterList($this->_currentSession['user']['userid'], $filterList); } catch (Exception $x) { $editResult = array('result' => 'failure'); $formMessages['errors'][] = array('validatefilter_invaliduploadxml', array()); } # catch } else { $editResult = array('result' => 'failure'); $formMessages['errors'][] = array('validatefilter_fileuploaderr', array($_FILES['filterimport']['error'])); } # if } else { $editResult = array('result' => 'failure'); $formMessages['errors'][] = array('validatefilter_nofileupload', array()); } # else break; # case 'importfilters' # case 'importfilters' case 'addfilter': # Creeer een nieuw filter record - we voegen een filter altijd aan de root toe $filter = $this->_editFilterForm; $filter['valuelist'] = explode('&', $filter['valuelist']); $filter['torder'] = 999; $filter['tparent'] = 0; $filter['children'] = array(); $filter['filtertype'] = 'filter'; $filter['sorton'] = $filter['sorton']; $filter['sortorder'] = $filter['sortorder']; # en probeer de filter toe te voegen $formMessages['errors'] = $spotUserSystem->addFilter($this->_currentSession['user']['userid'], $filter); if (!empty($formMessages['errors'])) { $editResult = array('result' => 'failure'); } else { $editResult = array('result' => 'success'); } # else break; # case 'addfilter' # case 'addfilter' case 'reorder': $orderCounter = 0; # Omdat de nestedSortable jquery widget niet een expliciete sortering meegeeft, voegen # we die zelf toe aan de hand van hoe de elementen binnen komen foreach ($this->_orderList as $id => $parent) { $spotFilter = $spotUserSystem->getFilter($this->_currentSession['user']['userid'], $id); # Als de volgorde of hierarchie dan moet de filter geupdate worden if ($spotFilter['torder'] != $orderCounter || $spotFilter['tparent'] != $parent) { $spotFilter['torder'] = (int) $orderCounter; $spotFilter['tparent'] = (int) $parent; $spotUserSystem->changeFilter($this->_currentSession['user']['userid'], $spotFilter); } # if $orderCounter++; } # foreach # case 'reorder' # case 'reorder' case 'changefilter': $spotFilter = array_merge($spotFilter, $this->_editFilterForm); $spotUserSystem->changeFilter($this->_currentSession['user']['userid'], $spotFilter); $editResult = array('result' => 'success'); break; # case 'changefilter' } # switch } # if #- display stuff -# $this->template('editfilter', array('filter' => $spotFilter, 'sorton' => $this->_sorton, 'sortorder' => $this->_sortorder, 'sortby' => $this->_sorton, 'sortdir' => $this->_sortorder, 'lastformaction' => $formAction, 'formmessages' => $formMessages, 'http_referer' => $this->_editFilterForm['http_referer'], 'editresult' => $editResult)); }
function createPasswordSalt() { $userSystem = new SpotUserSystem($this->_db, $this->_settings); $salt = $userSystem->generateUniqueId() . $userSystem->generateUniqueId(); $this->setIfNot('pass_salt', $salt); } # createPasswordSalt
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Validate proper permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_comment, ''); # Sportparser is nodig voor het escapen van de random string $spotParser = new SpotParser(); # spot signing is nodig voor het RSA signen van de spot en dergelijke $spotSigning = Services_Signing_Base::newServiceSigning(); # creeer een default comment zodat het form altijd # de waardes van het form kan renderen $comment = array('body' => '', 'rating' => 0, 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => ''); # postcomment verzoek was standaard niet geprobeerd $postResult = array(); # zet de page title $this->_pageTitle = "spot: post comment"; /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_commentForm['action']; # Make sure the anonymous user and reserved usernames cannot post content $spotUser = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUser->allowedToPost($this->_currentSession['user'])) { $postResult = array('result' => 'notloggedin'); $formAction = ''; } # if if ($formAction == 'post') { # zorg er voor dat alle variables ingevuld zijn $comment = array_merge($comment, $this->_commentForm); # vraag de users' privatekey op $this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']); # het messageid krijgen we met <>'s, maar we werken # in spotweb altijd zonder, dus die strippen we $comment['newmessageid'] = substr($comment['newmessageid'], 1, -1); # valideer of we deze comment kunnen posten, en zo ja, doe dat dan $spotPosting = new SpotPosting($this->_db, $this->_settings); $formMessages['errors'] = $spotPosting->postComment($this->_currentSession['user'], $comment); if (empty($formMessages['errors'])) { /* Format the body so we can have smilies and stuff be shown in the template */ $tmpBody = $this->_tplHelper->formatContent($comment['body']); /* Try to create the avatar */ if (!empty($this->_currentSession['user']['avatar'])) { $comment['user-avatar'] = $this->_currentSession['user']['avatar']; } else { $spotSigning = Services_Signing_Base::newServiceSigning(); $tmpKey = $spotSigning->getPublicKey($this->_currentSession['user']['privatekey']); $comment['user-key'] = $tmpKey['publickey']; } # else $commentImage = $this->_tplHelper->makeCommenterImageUrl($comment); /* and return the result to the system */ $postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'spotterid' => $spotSigning->calculateSpotterId($this->_currentSession['user']['publickey']), 'rating' => $comment['rating'], 'body' => $tmpBody, 'commentimage' => $commentImage); } else { $postResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('postcomment', array('postcommentform' => $comment, 'formmessages' => $formMessages, 'postresult' => $postResult)); }