/**
* menu
*
* @author Dac Chartrand <*****@*****.**>
* @license http://www.fsf.org/licensing/licenses/gpl-3.0.html
*/
function bookmarks_menu()
{
if (!isset($_SESSION['users_id'])) {
return null;
}
// Check access
$user = new suxUser();
if (!$user->isRoot()) {
$access = $user->getAccess('bookmarks');
if ($access < $GLOBALS['CONFIG']['ACCESS']['bookmarks']['admin']) {
return null;
}
}
$query = 'SELECT COUNT(*) FROM bookmarks WHERE draft = true ';
$db = suxDB::get();
$st = $db->query($query);
$menu = array();
$count = $st->fetchColumn();
$text = suxFunct::gtext('bookmarks');
$menu[$text['admin']] = suxFunct::makeUrl('/bookmarks/admin/');
$tmp = "{$text['approve_2']} ({$count})";
$menu[$tmp] = suxFunct::makeUrl('/bookmarks/approve/');
$menu[$text['new']] = suxFunct::makeUrl('/bookmarks/edit/');
return $menu;
}
/**
* Process the form
*
* @param array $clean reference to validated $_POST
*/
function formProcess(&$clean)
{
// Captcha
unset($_SESSION['captcha']);
unset($clean['captcha']);
$user = $this->user->getByEmail($clean['user']);
if (!$user) {
throw new Exception('Invalid user?!');
} elseif (@$user['banned']) {
// Banned user, abort
suxUser::killSession();
suxFunct::redirect(suxFunct::makeUrl('/banned'));
}
// Array
$reset_user = array();
$reset_user['nickname'] = $user['nickname'];
$reset_user['password'] = $this->user->generatePw();
$reset_user_id = $user['users_id'];
// Email
$subject = "{$GLOBALS['CONFIG']['TITLE']}: {$this->r->gtext['reset_mail_1']} {$reset_user['nickname']}";
$message = "{$this->r->gtext['reset_mail_2']}:\n\n{$reset_user['password']}\n\n";
$message .= "{$this->r->gtext['reset_mail_3']}: {$_SERVER['REMOTE_ADDR']}\n\n";
$message .= "---\n" . suxFunct::makeUrl('/', null, true) . "\n\n";
// Do the dirty
$this->user->save($reset_user_id, $reset_user);
mb_send_mail($user['email'], $subject, $message);
}
/**
* menu
*
* @author Dac Chartrand <*****@*****.**>
* @license http://www.fsf.org/licensing/licenses/gpl-3.0.html
*/
function blog_menu()
{
if (!isset($_SESSION['users_id'])) {
return null;
}
// Check that the user is allowed to admin
$user = new suxUser();
$text = suxFunct::gtext('blog');
$menu = array();
$is_root = $user->isRoot();
$access = $user->getAccess('blog');
if (!$is_root) {
if ($access < $GLOBALS['CONFIG']['ACCESS']['blog']['publisher']) {
return null;
}
}
if ($is_root || $access >= $GLOBALS['CONFIG']['ACCESS']['blog']['admin']) {
$menu[$text['admin']] = suxFunct::makeUrl('/blog/admin');
}
$menu[$text['new']] = suxFunct::makeUrl('/blog/edit');
return $menu;
}
/**
* Logout
*/
function logout()
{
// Don't kill session (with password failures, perhaps?) if the
// user isn't actually logged in.
if ($this->user->loginCheck()) {
$this->log->write($_SESSION['users_id'], 'sux0r::userAuthenticate() logout', 1);
// Log, private
suxUser::killSession();
}
// Ask browser to clear authentication
header('HTTP/1.0 401 Unauthorized');
header('WWW-Authenticate: Invalid');
$this->r->title .= " | {$this->r->gtext['logout']}";
// Template
$this->tpl->display('logout.tpl');
}
/**
* @return string html table
*/
function getShareTable()
{
static $html = null;
if ($html) {
return $html;
}
// Cache
$html .= "<table class='shared'><thead><tr>\n <th>{$this->gtext['vector']}</th>\n <th>{$this->gtext['user']}</th>\n <th>{$this->gtext['trainer']}</th>\n <th>{$this->gtext['owner']}</th>\n <th>{$this->gtext['unshare']}</th>\n </tr></thead><tbody>\n";
$user = new suxUser();
// Owned, and the users shared with
$vectors = $this->getVectorsByOwnerArray();
foreach ($vectors as $key => $val) {
$html .= "<tr class='mine'>\n <td>{$val['vector']}</td>\n <td>{$_SESSION['nickname']}</td>\n <td>x</td>\n <td>x</td>\n <td><em>n/a</em></td>\n </tr>\n";
$shared = $this->nb->getVectorAuthorization($key);
foreach ($shared as $val2) {
if ($val2['users_id'] == $_SESSION['users_id']) {
continue;
}
$u = $user->getByID($val2['users_id']);
$trainer = $val2['trainer'] ? 'x' : null;
$owner = null;
if ($val2['owner']) {
$trainer = 'x';
// Training is implied
$owner = 'x';
}
$html .= "<tr>\n <td>{$val['vector']}</td>\n <td>{$u['nickname']}</td>\n <td>{$trainer}</td>\n <td>{$owner}</td>\n <td><input type='checkbox' name='unshare[][{$key}]' value='{$val2['users_id']}' /></td>\n </tr>\n";
}
}
// Shared, but not owned
$vectors = $this->getSharedVectorsArray();
foreach ($vectors as $key => $val) {
if ($val['owner']) {
continue;
}
$trainer = $val['trainer'] ? 'x' : null;
// TODO:
// Ajax tooltip on vector -> getOwners.php
$html .= "<tr class='mineToo'>\n <td>{$val['vector']}</td>\n <td>{$_SESSION['nickname']}</td>\n <td>{$trainer}</td>\n <td></td>\n <td><input type='checkbox' name='unshare[][{$key}]' value='{$_SESSION['users_id']}' /></td>\n </tr>\n";
}
$html .= "</tbody></table>\n";
return $html;
}
<?php
// Ajax
// Echo the owners of a vector
if (isset($_POST['id']) && filter_var($_POST['id'], FILTER_VALIDATE_INT)) {
require_once dirname(__FILE__) . '/../../config.php';
require_once dirname(__FILE__) . '/../../initialize.php';
$user = new suxUser();
$nb = new suxUserNaiveBayesian();
$vectors = $nb->getVectorShares($_POST['id']);
$users = null;
foreach ($vectors as $val) {
$u = $user->getByID($val['users_id']);
$users .= $u['nickname'] . ', ';
}
$users = rtrim($users, ', ');
echo $users;
}
<?php
require_once dirname(__FILE__) . '/../config.php';
// Configuration
require_once dirname(__FILE__) . '/../initialize.php';
// Init
// ---------------------------------------------------------------------------
// Do the dirty
// ---------------------------------------------------------------------------
$u = new suxUser();
$errors = array();
$rooted = false;
if (isset($_POST) && count($_POST)) {
// Nickname
if (empty($_POST['nickname'])) {
$errors[] = 'nickname cannot be empty';
} else {
if (!preg_match('/^(\\w|\\-)+$/', $_POST['nickname'])) {
$errors[] = 'nickname has invalid characters';
}
if (mb_strtolower($_POST['nickname']) == 'nobody') {
$errors[] = 'nickname cannot be reserved word nobody';
}
$tmp = $u->getByNickname($_POST['nickname']);
if ($tmp !== false) {
$errors[] = 'duplicate nickname found';
}
}
// Email
if (empty($_POST['email'])) {
$errors[] = 'email cannot be empty';
/**
* Render edit links
*
* @param array $params smarty {insert} parameters
* @return string html
*/
function insert_editLinks($params)
{
if (!isset($_SESSION['users_id'])) {
return null;
}
if (empty($params['album_id'])) {
return null;
}
if (!filter_var($params['album_id'], FILTER_VALIDATE_INT) || $params['album_id'] < 1) {
return null;
}
$br = null;
if (isset($params['br'])) {
$br = '<br />';
}
// Check that the user is allowed to edit this album
$u = new suxUser();
if (!$u->isRoot()) {
$photo = new suxPhoto();
$access = $u->getAccess('photos');
if ($access < $GLOBALS['CONFIG']['ACCESS']['photos']['admin']) {
if ($access < $GLOBALS['CONFIG']['ACCESS']['photos']['publisher']) {
return null;
} elseif (!$photo->isAlbumOwner($params['album_id'], $_SESSION['users_id'])) {
return null;
}
}
}
$edit = suxFunct::makeUrl('/photos/album/edit/' . $params['album_id']);
$annotate = suxFunct::makeUrl('/photos/album/annotate/' . $params['album_id']);
$upload = suxFunct::makeUrl('/photos/upload/' . $params['album_id']);
$text = suxFunct::gtext('photos');
$html = '';
$html .= "<a href='{$edit}'>{$text['edit_2']}</a>{$br}";
$html .= "<a href='{$upload}'>{$text['upload']}</a>{$br}";
$html .= "<a href='{$annotate}'>{$text['annotate_2']}</a>{$br}";
if (isset($params['div'])) {
return '<div class="editLinks">' . $html . '</div>';
} else {
return $html;
}
}
// Set utf-8
header('Content-Type: text/html;charset=utf-8');
mb_internal_encoding('UTF-8');
mb_regex_encoding('UTF-8');
mb_language('uni');
// Avoid problems with arg_separator.output
ini_set('arg_separator.output', '&');
// Set the default timezone
date_default_timezone_set($GLOBALS['CONFIG']['TIMEZONE']);
// Get rid of magic quotes
if (get_magic_quotes_gpc() && !ini_get('magic_quotes_sybase')) {
$in = array(&$_GET, &$_POST, &$_REQUEST, &$_COOKIE, &$_FILES);
while (list($k, $v) = each($in)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$in[$k][$key] = stripslashes($val);
continue;
}
$in[] =& $in[$k][$key];
}
}
unset($in);
}
// Include suxUser
require_once $GLOBALS['CONFIG']['PATH'] . '/includes/suxUser.php';
// Validate user $_SESSION
if (isset($_SESSION['users_id']) || isset($_SESSION['nickname'])) {
$u = new suxUser();
$u->loginCheck(suxFunct::makeUrl('/home'));
}
unset($u);
/**
* Render edit div
*
*/
function insert_edit($params)
{
if (!isset($_SESSION['users_id'])) {
return null;
}
if (!isset($params['id'])) {
return null;
}
// Cache
static $allowed = null;
// Admin permissions
$allowed2 = true;
// Publisher permissions
if ($allowed == null) {
// Check if a user is an administrator
$u = new suxUser();
$allowed = true;
if (!$u->isRoot()) {
$access = $u->getAccess('blog');
if ($access < $GLOBALS['CONFIG']['ACCESS']['blog']['admin']) {
$allowed = false;
}
}
}
if (!$allowed) {
// Check if a user is the publisher of the message
$m = new suxThreadedMessages();
$m->setPublished(null);
if ($access < $GLOBALS['CONFIG']['ACCESS']['blog']['publisher']) {
$allowed = false;
$allowed2 = false;
} else {
$tmp = $m->getByID($params['id']);
if ($tmp['users_id'] != $_SESSION['users_id']) {
$allowed2 = false;
}
}
if (!$allowed2) {
return null;
}
}
$url = suxFunct::makeUrl('/blog/edit/' . $params['id']);
$text = suxFunct::gtext('blog');
$html = "<div class='edit'>[ <a href='{$url}'>{$text['edit']}</a> ]</div>";
return $html;
}
die;
}
// ---------------------------------------------------------------------------
// Error checking
// ---------------------------------------------------------------------------
if (!isset($_SESSION['users_id'])) {
failure('Invalid user id');
}
if (!isset($_POST['id']) || !filter_var($_POST['id'], FILTER_VALIDATE_INT) || $_POST['id'] < 1) {
failure('Invalid id');
}
$id = $_POST['id'];
// ---------------------------------------------------------------------------
// Secondary error checking
// ---------------------------------------------------------------------------
$user = new suxUser();
$log = new suxLog();
if (!$user->isRoot()) {
failure('Not admin');
}
// ---------------------------------------------------------------------------
// Go
// ---------------------------------------------------------------------------
try {
$image = 'lock2.gif';
$flag = $log->toggleLogPrivateFlag($id);
if ($flag) {
$image = 'lock1.gif';
}
// Log, private
$log->write($_SESSION['users_id'], "sux0r::admin::toggle() users_log_id: {$id}", 1);
/**
* Render userInfo
*
* @global string $CONFIG['URL']
* @global string $CONFIG['PARTITION']
* @param array $params smarty {insert} parameters
* @return string html
*/
function insert_userInfo($params)
{
unset($params);
// Not used
$tpl = new suxTemplate('globals');
$r = new suxRenderer('globals');
// Renderer
$tpl->assignByRef('r', $r);
// Renderer referenced in template
if (!empty($_SESSION['nickname'])) {
$u = new suxUser();
if ($u->isRoot()) {
$r->bool['root'] = true;
}
$r->text['nickname'] = $_SESSION['nickname'];
return $tpl->fetch('userinfo.tpl');
} else {
return $tpl->fetch('userlogin.tpl');
}
}
/**
* Render edit div
*
*/
function insert_bookmarksEdit($params)
{
if (!isset($_SESSION['users_id'])) {
return null;
}
if (!isset($params['id'])) {
return null;
}
// Cache
static $allowed = null;
if ($allowed === null) {
$u = new suxUser();
$allowed = true;
if (!$u->isRoot()) {
$access = $u->getAccess('bookmarks');
if ($access < $GLOBALS['CONFIG']['ACCESS']['bookmarks']['admin']) {
$allowed = false;
}
}
}
if (!$allowed) {
return null;
}
$url = suxFunct::makeUrl('/bookmarks/edit/' . $params['id']);
$text = suxFunct::gtext('bookmarks');
$html = "<div class='edit'>[ <a href='{$url}'>{$text['edit']}</a> ]</div>";
return $html;
}