SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); PLG_loginUser($_USER['uid']); // Now that we handled session cookies, handle longterm cookie if (!isset($_COOKIE[$_CONF['cookie_name']]) || !isset($_COOKIE['cookie_password'])) { // Either their cookie expired or they are new $cooktime = COM_getUserCookieTimeout(); if ($VERBOSE) { COM_errorLog("Trying to set permanent cookie with time of {$cooktime}", 1); } if ($cooktime > 0) { // They want their cookie to persist for some amount of time so set it now if ($VERBOSE) { COM_errorLog('Trying to set permanent cookie', 1); } SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime); SEC_setCookie($_CONF['cookie_password'], $_USER['passwd'], time() + $cooktime); } } else { $userid = $_COOKIE[$_CONF['cookie_name']]; if (empty($userid) || $userid === 'deleted') { unset($userid); } else { $userid = COM_applyFilter($userid, true); if ($userid > 1) { if ($VERBOSE) { COM_errorLog('NOW trying to set permanent cookie', 1); COM_errorLog('Got ' . $userid . ' from perm cookie in users.php', 1); } // Create new session $userdata = SESS_getUserDataFromId($userid); $_USER = $userdata;
//profile //profile case 'p': require_once $_CONF['path_system'] . 'lib-user.php'; $display = COM_siteHeader('menu', $LANG_CLASSIFIEDS_1['profile']); $display .= CLASSIFIEDS_user_menu(); function_exists('USER_showProfile') ? $display .= USER_showProfile($_GET['u'], true) : ($display .= CLASSIFIEDS_showProfile($_GET['u'], true)); $display .= COM_siteFooter(1); break; //Offert //Offert case 'o': $_REQUEST['mode'] == 'o' ? SEC_setCookie('ads_type', 'o') : 0; //Demand //Demand case 'd': //Ads list $_REQUEST['mode'] == 'd' ? SEC_setCookie('ads_type', 'd') : 0; default: $display = COM_siteHeader('menu', $LANG_CLASSIFIEDS_1['plugin_name']); $display .= CLASSIFIEDS_user_menu(); if ($_CLASSIFIEDS_CONF['classifieds_main_header'] != '') { $display .= '<div>' . PLG_replaceTags($_CLASSIFIEDS_CONF['classifieds_main_header']) . '</div>'; } $display .= CLASSIFIEDS_displayAds(1); if ($_CLASSIFIEDS_CONF['clasifieds_main_footer'] != '') { $display .= '<div>' . PLG_replaceTags($_CLASSIFIEDS_CONF['classifieds_main_footer']) . '</div>'; } $display .= COM_siteFooter(1); } COM_output($display);
$status = ''; } $display = ''; if ($status == USER_ACCOUNT_ACTIVE) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid); $_USER = SESS_getUserDataFromId($uid); $sessid = SESS_newSession($_USER['uid'], $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); PLG_loginUser($_USER['uid']); // Now that we handled session cookies, handle longterm cookie if (!isset($_COOKIE[$_CONF['cookie_name']])) { // Either their cookie expired or they are new $cooktime = COM_getUserCookieTimeout(); if (!empty($cooktime)) { // They want their cookie to persist for some amount of time so set it now SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime); } } if (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,syndication.edit', 'OR')) { COM_redirect($_CONF['site_admin_url'] . '/index.php'); } else { COM_redirect($_CONF['site_url'] . '/index.php'); } } elseif (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') && count(PLG_getAdminOptions()) == 0 && !SEC_hasConfigAccess()) { COM_updateSpeedlimit('login'); $display .= COM_startBlock($LANG20[1]); if (!$_CONF['user_login_method']['standard']) { $display .= '<p>' . $LANG_LOGIN[2] . '</p>'; } else { if (isset($_POST['warn'])) { $display .= $LANG20[2] . '<br' . XHTML . '><br' . XHTML . '>' . COM_accessLog($LANG20[3] . ' ' . $_POST['loginname']);
/** * Saves user's preferences back to the database * * @A array User's data to save * */ function savepreferences($A) { global $_CONF, $_TABLES, $_USER; if (isset($A['noicons']) && $A['noicons'] == 'on') { $A['noicons'] = 1; } else { $A['noicons'] = 0; } if (isset($A['willing']) && $A['willing'] == 'on') { $A['willing'] = 1; } else { $A['willing'] = 0; } if (isset($A['noboxes']) && $A['noboxes'] == 'on') { $A['noboxes'] = 1; } else { $A['noboxes'] = 0; } if (isset($A['emailfromadmin']) && $A['emailfromadmin'] == 'on') { $A['emailfromadmin'] = 1; } else { $A['emailfromadmin'] = 0; } if (isset($A['emailfromuser']) && $A['emailfromuser'] == 'on') { $A['emailfromuser'] = 1; } else { $A['emailfromuser'] = 0; } if (isset($A['showonline']) && $A['showonline'] == 'on') { $A['showonline'] = 1; } else { $A['showonline'] = 0; } $A['maxstories'] = COM_applyFilter($A['maxstories'], true); if (empty($A['maxstories'])) { $A['maxstories'] = 0; } else { if ($A['maxstories'] > 0) { if ($A['maxstories'] < $_CONF['minnews']) { $A['maxstories'] = $_CONF['minnews']; } } } $TIDS = @array_values($A['topics']); $AIDS = @array_values($A['selauthors']); $BOXES = @array_values($A['blocks']); $ETIDS = @array_values($A['dgtopics']); $allowed_etids = USER_buildTopicList(); $AETIDS = explode(' ', $allowed_etids); $tids = ''; if (sizeof($TIDS) > 0) { $tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS))); } $aids = ''; if (sizeof($AIDS) > 0) { foreach ($AIDS as $key => $val) { $AIDS[$key] = intval($val); } $aids = DB_escapeString(implode(' ', $AIDS)); } $selectedblocks = ''; $selectedBoxes = array(); if (count($BOXES) > 0) { foreach ($BOXES as $key => $val) { $BOXES[$key] = intval($val); } $boxes = DB_escapeString(implode(',', $BOXES)); $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})"); $numRows = DB_numRows($blockresult); for ($x = 1; $x <= $numRows; $x++) { $row = DB_fetchArray($blockresult); if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') { $selectedblocks .= $row['bid']; if ($x != $numRows) { $selectedblocks .= ' '; } } } } $etids = ''; if (sizeof($ETIDS) > 0) { $etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS))); } if (isset($A['tzid'])) { $A['tzid'] = COM_applyFilter($A['tzid']); } else { $A['tzid'] = ''; } if (isset($A['theme'])) { $A['theme'] = COM_applyFilter($A['theme']); } if (empty($A['theme'])) { $A['theme'] = $_CONF['theme']; } if (isset($A['language'])) { $A['language'] = COM_applyFilter($A['language']); } if (empty($A['language'])) { $A['language'] = $_CONF['language']; } if (isset($A['search_result_format'])) { $A['search_result_format'] = COM_applyFilter($A['search_result_format']); } else { $A['search_result_format'] = 'google'; } // Save theme, when doing so, put in cookie so we can set the user's theme // even when they aren't logged in $theme = DB_escapeString($A['theme']); $language = DB_escapeString($A['language']); DB_query("UPDATE {$_TABLES['users']} SET theme='{$theme}',language='{$language}' WHERE uid = {$_USER['uid']}"); SEC_setCookie($_CONF['cookie_theme'], $A['theme'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); SEC_setCookie($_CONF['cookie_language'], $A['language'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); SEC_setCookie($_CONF['cookie_tzid'], $A['tzid'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $A['dfid'] = (int) COM_applyFilter($A['dfid'], true); DB_query("UPDATE {$_TABLES['userprefs']} SET search_result_format='" . DB_escapeString($A['search_result_format']) . "',noicons=" . (int) $A['noicons'] . ", willing=" . (int) $A['willing'] . ", dfid=" . (int) $A['dfid'] . ", tzid='" . DB_escapeString($A['tzid']) . "', emailfromadmin='" . DB_escapeString($A['emailfromadmin']) . "', emailfromuser="******", showonline=" . (int) $A['showonline'] . " WHERE uid=" . (int) $_USER['uid']); if (empty($etids)) { $etids = '-'; } DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$_USER['uid']},'{$tids}','{$aids}','{$selectedblocks}'," . (int) $A['noboxes'] . "," . (int) $A['maxstories'] . ",'{$etids}'"); $A['commentmode'] = COM_applyFilter($A['commentmode']); if (empty($A['commentmode'])) { $A['commentmode'] = $_CONF['comment_mode']; } $A['commentmode'] = DB_escapeString($A['commentmode']); $A['commentorder'] = COM_applyFilter($A['commentorder']); $A['commentorder'] = strtoupper($A['commentorder']) == 'DESC' ? 'DESC' : 'ASC'; $A['commentorder'] = DB_escapeString($A['commentorder']); $A['commentlimit'] = COM_applyFilter($A['commentlimit'], true); if ($A['commentlimit'] <= 0) { $A['commentlimit'] = $_CONF['comment_limit']; } DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$_USER['uid']},'{$A['commentmode']}','{$A['commentorder']}'," . (int) $A['commentlimit']); $subscription_deletes = @array_values($A['subdelete']); if (is_array($subscription_deletes)) { foreach ($subscription_deletes as $subid) { DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid); } } PLG_userInfoChanged($_USER['uid']); }
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}"); if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = addslashes($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG04[21]); $display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) { $passwd = SEC_encryptPassword($A['passwd']); DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = addslashes($A['homepage']); } $A['fullname'] = addslashes($A['fullname']); $A['email'] = addslashes($A['email']); $A['location'] = addslashes($A['location']); $A['sig'] = addslashes($A['sig']); $A['about'] = addslashes($A['about']); $A['pgpkey'] = addslashes($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5'); } } } }
<?php /* Reminder: always indent with 4 spaces (no tabs). */ //admin/plugins/databox/job/makecache.php //権限チェックはしていません //当プログラムを置くディレクトリは、BASIC認証を付加することを推奨します //デバック用 true にすると、ログを出力します $_CACHE_VERBOSE = false; //↓ディレクトリ位置が変わる場合は修正してください include '../../../../lib-common.php'; //静的ページキャッシュファイル作成 require_once $_CONF['path'] . 'plugins/databox/fnc_databoxcache.inc'; //強制的にログアウトする if (!empty($_USER['uid']) and $_USER['uid'] > 1) { SESS_endUserSession($_USER['uid']); PLG_logoutUser($_USER['uid']); } SEC_setCookie($_CONF['cookie_session'], '', time() - 10000); SEC_setCookie($_CONF['cookie_password'], '', time() - 10000); SEC_setCookie($_CONF['cookie_name'], '', time() - 10000); //★fnc_putcache("data" ,"データのcode" ,"テンプレートディレクトリ"); // データ(ヘッダフッタなし) //★fnc_putcache("category" ,"カテゴリのcode" ,"テンプレートディレクトリ"); // カテゴリ(ヘッダフッタなし) //★fnc_putcache("datapage" ,"データのcode" ,"テンプレートディレクトリ"); // データページ(ヘッダフッタは、設定による) //★fnc_putcache("categorypage" ,"カテゴリのcode" ,"テンプレートディレクトリ"); // カテゴリページ(ヘッダフッタは、設定による) fnc_databoxcache("category", "xxxx1"); //ホームに遷移 echo COM_refresh($_CONF['site_url'] . '/index.php');
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); PLG_loginUser($_USER['uid']); // Now that we handled session cookies, handle longterm cookie if (!isset($_COOKIE[$_CONF['cookie_name']]) || !isset($_COOKIE['password'])) { // Either their cookie expired or they are new $cooktime = COM_getUserCookieTimeout(); if ($VERBOSE) { COM_errorLog("Trying to set permanent cookie with time of {$cooktime}", 1); } if ($cooktime > 0) { // They want their cookie to persist for some amount of time so set it now if ($VERBOSE) { COM_errorLog('Trying to set permanent cookie', 1); } SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime); SEC_setCookie($_CONF['cookie_password'], SEC_encryptPassword($passwd), time() + $cooktime); } } else { $userid = $_COOKIE[$_CONF['cookie_name']]; if (empty($userid) || $userid == 'deleted') { unset($userid); } else { $userid = COM_applyFilter($userid, true); if ($userid > 1) { if ($VERBOSE) { COM_errorLog('NOW trying to set permanent cookie', 1); COM_errorLog('Got ' . $userid . ' from perm cookie in users.php', 1); } // Create new session $userdata = SESS_getUserDataFromId($userid); $_USER = $userdata;
public function sreq_userinfo_response($query) { $userinfo = array(); // COM_errorLog("BASE:sreq_userinfo_response()------------------"); try { $this->token = $_COOKIE['request_token']; $this->token_secret = $_COOKIE['request_token_secret']; $verifier = $query[$this->callback_query_string]; // clear cookies SEC_setCookie($_COOKIE['request_token'], '', time() - 10000); SEC_setCookie($_COOKIE['request_token_secret'], '', time() - 10000); $this->consumer = new HTTP_OAuth_Consumer($this->consumer_key, $this->consumer_secret, $this->token, $this->token_secret); $this->consumer->accept($this->request); $this->consumer->getAccessToken($this->url_accessToken, $verifier, array(), $this->method_accessToken); $this->token = $this->consumer->getToken(); $this->token_secret = $this->consumer->getTokenSecret(); $this->consumer->setToken($this->token); $this->consumer->setTokenSecret($this->token_secret); $response = $this->consumer->sendRequest($this->url_userinfo, array(), $this->method_userinfo); if ($response->getStatus() !== 200) { $this->errormsg = $response->getStatus() . ' : ' . $response->getBody(); } else { $userinfo = simplexml_load_string($response->getBody()); } } catch (HTTP_OAuth_Consumer_Exception_Invalid_Response $e) { $this->errormsg = get_class($e) . ': ' . $e->getBody(); } catch (Exception $e) { $this->errormsg = get_class($e) . ': ' . $e->getMessage(); } return $userinfo; }
$getdata = urldecode($_POST['token_getdata']); } $filedata = ''; if (isset($_POST['token_filedata'])) { $filedata = urldecode($_POST['token_filedata']); } $display = COM_siteHeader('menu'); $display .= SEC_reauthform($destination, $LANG20[9], $method, $postdata, $getdata, $filedata); $display .= COM_siteFooter(); echo $display; exit; } COM_resetSpeedlimit('login', $_SERVER['REMOTE_ADDR']); if ($_SYSTEM['admin_session'] != 0) { $token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']); SEC_setCookie('token', $token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } if ($currentUID != $_USER['uid']) { // remove tokens for previous user if ($currentUID > 1) { DB_delete($_TABLES['tokens'], 'owner_id', (int) $currentUID); } echo COM_refresh($destination); exit; } $method = ''; if (isset($_POST['token_requestmethod'])) { $method = COM_applyFilter($_POST['token_requestmethod']); } $postdata = ''; if (isset($_POST['token_postdata'])) {
/** * Shows story editor * * Displays the story entry form * * @param string $sid ID of story to edit * @param string $action 'preview', 'edit', 'moderate', 'draft' * @param string $errormsg a message to display on top of the page * @param string $currenttopic topic selection for drop-down menu * @return string HTML for story editor * */ function STORY_edit($sid = '', $action = '', $errormsg = '', $currenttopic = '') { global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG24, $LANG33, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_IMAGE_TYPE; USES_lib_admin(); $display = ''; switch ($action) { case 'clone': case 'edit': case 'preview': case 'error': $title = $LANG24[5]; $saveoption = $LANG_ADMIN['save']; $submission = false; break; case 'moderate': $title = $LANG24[90]; $saveoption = $LANG_ADMIN['moderate']; $submission = true; break; case 'draft': $title = $LANG24[91]; $saveoption = $LANG_ADMIN['save']; $submission = true; $action = 'edit'; break; default: $title = $LANG24[5]; $saveoption = $LANG_ADMIN['save']; $submission = false; $action = 'edit'; break; } // Load HTML templates $story_templates = new Template($_CONF['path_layout'] . 'admin/story'); $story_templates->set_file(array('editor' => 'storyeditor.thtml')); if (!isset($_CONF['hour_mode'])) { $_CONF['hour_mode'] = 12; } if (!empty($errormsg)) { $display .= COM_showMessageText($errormsg, $LANG24[25], true); } if (!empty($currenttopic)) { $allowed = DB_getItem($_TABLES['topics'], 'tid', "tid = '" . DB_escapeString($currenttopic) . "'" . COM_getTopicSql('AND')); if ($allowed != $currenttopic) { $currenttopic = ''; } } $story = new Story(); if ($action == 'preview' || $action == 'error') { while (list($key, $value) = each($_POST)) { if (!is_array($value)) { $_POST[$key] = $value; } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = $subvalue; } } } $result = $story->loadFromArgsArray($_POST); } else { $result = $story->loadFromDatabase($sid, $action); } if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) { $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true); COM_accessLog("User {$_USER['username']} tried to access story {$sid}. - STORY_PERMISSION_DENIED or STORY_NO_ACCESS_PARAMS - " . $result); return $display; } elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) { $display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied'], true); $display .= STORY_renderArticle($story, 'p'); COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}. - STORY_EDIT_DENIED or STORY_EXISTING_NO_EDIT_PERMISSION"); return $display; } elseif ($result == STORY_INVALID_SID) { if ($action == 'moderate') { // that submission doesn't seem to be there any more (may have been // handled by another Admin) - take us back to the moderation page echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { echo COM_refresh($_CONF['site_admin_url'] . '/story.php'); } } elseif ($result == STORY_DUPLICATE_SID) { $story_templates->set_var('error_message', $LANG24[24]); } elseif ($result == STORY_EMPTY_REQUIRED_FIELDS) { $story_templates->set_var('error_message', $LANG24[31]); } if (empty($currenttopic) && $story->EditElements('tid') == '') { $story->setTid(DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'))); } else { if ($story->EditElements('tid') == '') { $story->setTid($currenttopic); } } if (SEC_hasRights('story.edit')) { $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 0); $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 0); } else { $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 3); $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 3); } if ($allowedTopicList == '') { $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true); COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}. No allowed topics."); return $display; } $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php', 'text' => $LANG_ADMIN['story_list']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions'])); if (SEC_inGroup('Root')) { $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings'); } $menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']); require_once $_CONF['path_system'] . 'classes/navbar.class.php'; $story_templates->set_var('hour_mode', $_CONF['hour_mode']); if ($story->hasContent()) { $previewContent = STORY_renderArticle($story, 'p'); if ($previewContent != '') { $story_templates->set_var('preview_content', $previewContent); } } $navbar = new navbar(); if (!empty($previewContent)) { $navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true); $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true); } else { $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true); } if ($action == 'preview') { $story_templates->set_var('show_preview', ''); $story_templates->set_var('show_htmleditor', 'none'); $story_templates->set_var('show_texteditor', 'none'); $story_templates->set_var('show_submitoptions', 'none'); $navbar->set_selected($LANG24[79]); } else { $navbar->set_selected($LANG24[80]); $story_templates->set_var('show_preview', 'none'); } $story_templates->set_var('navbar', $navbar->generate()); $story_templates->set_var('start_block', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header'))); // start generating the story editor block $story_templates->set_var('block_start', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header'))); $oldsid = $story->EditElements('originalSid'); if (!empty($oldsid)) { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="deletestory"%s/>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); $story_templates->set_var('lang_delete_confirm', $MESSAGE[76]); } if ($submission || $story->type == 'submission') { $story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>'); } $story_templates->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[92], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE)); $story_templates->set_var('lang_author', $LANG24[7]); $storyauthor = COM_getDisplayName($story->EditElements('uid')); $storyauthor_select = COM_optionList($_TABLES['users'], 'uid,username', $story->EditElements('uid')); $story_templates->set_var('story_author', $storyauthor); $story_templates->set_var('story_author_select', $storyauthor_select); $story_templates->set_var('author', $storyauthor); $story_templates->set_var('story_uid', $story->EditElements('uid')); // user access info $story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $ownername = COM_getDisplayName($story->EditElements('owner_id')); $story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . (int) $story->EditElements('owner_id'))); $story_templates->set_var('owner_name', $ownername); $story_templates->set_var('owner', $ownername); $story_templates->set_var('owner_id', $story->EditElements('owner_id')); if (SEC_hasRights('story.edit')) { $story_templates->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $story->EditElements('owner_id'))); } else { $ownerInfo = '<input type="hidden" name="owner_id" value="' . $story->editElements('owner_id') . '" />' . $ownername; $story_templates->set_var('owner_dropdown', $ownerInfo); } $story_templates->set_var('lang_group', $LANG_ACCESS['group']); if (SEC_inGroup($story->EditElements('group_id'))) { $story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3)); } else { $gdrpdown = '<input type="hidden" name="group_id" value="' . $story->EditElements('group_id') . '"/>'; $grpddown .= DB_getItem($_TABLES['groups'], 'grp_name', 'grp_id=' . (int) $story->EditElements('group_id')); $story_templates->set_var('group_dropdown', $grpddown); } $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon'))); $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']); $curtime = COM_getUserDateTimeFormat($story->EditElements('date')); $story_templates->set_var('lang_date', $LANG24[15]); $story_templates->set_var('publish_second', $story->EditElements('publish_second')); $publish_ampm = ''; $publish_hour = $story->EditElements('publish_hour'); if ($publish_hour >= 12) { if ($publish_hour > 12) { $publish_hour = $publish_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm); $story_templates->set_var('publishampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('publish_month')); $story_templates->set_var('publish_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('publish_day')); $story_templates->set_var('publish_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('publish_year')); $story_templates->set_var('publish_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24); } else { $hour_options = COM_getHourFormOptions($publish_hour); } $story_templates->set_var('publish_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute')); $story_templates->set_var('publish_minute_options', $minute_options); $story_templates->set_var('publish_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('unixdate')); $story_templates->set_var('expire_second', $story->EditElements('expire_second')); $expire_ampm = ''; $expire_hour = $story->EditElements('expire_hour'); if ($expire_hour >= 12) { if ($expire_hour > 12) { $expire_hour = $expire_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="expire_ampm" value=""/>'; } $story_templates->set_var('expireampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('expire_month')); $story_templates->set_var('expire_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('expire_day')); $story_templates->set_var('expire_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('expire_year')); $story_templates->set_var('expire_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24); } else { $hour_options = COM_getHourFormOptions($expire_hour); } $story_templates->set_var('expire_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute')); $story_templates->set_var('expire_minute_options', $minute_options); $story_templates->set_var('expire_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp')); if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked3', 'checked="checked"'); $story_templates->set_var('showarchivedisabled', 'false'); } elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked4', 'checked="checked"'); $story_templates->set_var('showarchivedisabled', 'false'); } else { $story_templates->set_var('showarchivedisabled', 'true'); } $story_templates->set_var('lang_archivetitle', $LANG24[58]); $story_templates->set_var('lang_option', $LANG24[59]); $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); $story_templates->set_var('lang_story_stats', $LANG24[87]); $story_templates->set_var('lang_optionarchive', $LANG24[61]); $story_templates->set_var('lang_optiondelete', $LANG24[62]); $story_templates->set_var('lang_title', $LANG_ADMIN['title']); $story_templates->set_var('story_title', $story->EditElements('title')); $story_templates->set_var('story_subtitle', $story->EditElements('subtitle')); $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']); $story_templates->set_var('lang_alt_topic', $LANG_ADMIN['alt_topic']); $story_templates->set_var('topic_options', $allowedTopicList); $story_templates->set_var('alt_topic_options', $allowedAltTopicList); $story_templates->set_var('lang_show_topic_icon', $LANG24[56]); if ($story->EditElements('show_topic_icon') == 1) { $story_templates->set_var('show_topic_icon_checked', 'checked="checked"'); } else { $story_templates->set_var('show_topic_icon_checked', ''); } $story_templates->set_var('story_image_url', $story->EditElements('story_image')); $story_templates->set_var('lang_draft', $LANG24[34]); if ($story->EditElements('draft_flag')) { $story_templates->set_var('is_checked', 'checked="checked"'); $story_templates->set_var('unpublished_selected', 'selected="selected"'); } else { $story_templates->set_var('published_selected', 'selected="selected"'); } $story_templates->set_var('lang_mode', $LANG24[3]); $story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode'))); $story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode'))); $story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode'))); // comment expire $story_templates->set_var('lang_cmt_disable', $LANG24[63]); if ($story->EditElements('cmt_close')) { $story_templates->set_var('is_checked5', 'checked="checked"'); //check box if enabled $story_templates->set_var('showcmtclosedisabled', 'false'); } else { $story_templates->set_var('showcmtclosedisabled', 'true'); } $month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month')); $story_templates->set_var('cmt_close_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day')); $story_templates->set_var('cmt_close_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('cmt_close_year')); $story_templates->set_var('cmt_close_year_options', $year_options); $cmt_close_ampm = ''; $cmt_close_hour = $story->EditElements('cmt_close_hour'); //correct hour if ($cmt_close_hour >= 12) { if ($cmt_close_hour > 12) { $cmt_close_hour = $cmt_close_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="cmt_close_ampm" value="" />'; } $story_templates->set_var('cmt_close_ampm_selection', $ampm_select); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24); } else { $hour_options = COM_getHourFormOptions($cmt_close_hour); } $story_templates->set_var('cmt_close_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute')); $story_templates->set_var('cmt_close_minute_options', $minute_options); $story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second')); if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) { $featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB; $featured_options_data = COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')); $story_templates->set_var('featured_options_data', $featured_options_data); } else { $featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"/>"; $story_templates->unset_var('featured_options_data'); } $story_templates->set_var('featured_options', $featured_options); $story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage'))); $story_templates->set_var('story_introtext', $story->EditElements('introtext')); $story_templates->set_var('story_bodytext', $story->EditElements('bodytext')); $story_templates->set_var('lang_introtext', $LANG24[16]); $story_templates->set_var('lang_bodytext', $LANG24[17]); $story_templates->set_var('lang_postmode', $LANG24[4]); $story_templates->set_var('lang_publishoptions', $LANG24[76]); $story_templates->set_var('lang_publishdate', $LANG24[69]); $story_templates->set_var('lang_nojavascript', $LANG24[77]); $story_templates->set_var('postmode', $story->EditElements('postmode')); if ($story->EditElements('postmode') == 'plaintext' || $story->EditElements('postmode') == 'text') { $allowedHTML = ''; } else { $allowedHTML = COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>'; } $allowedHTML .= COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story'); $story_templates->set_var('lang_allowed_html', $allowedHTML); $fileinputs = ''; $saved_images = ''; if ($_CONF['maximagesperarticle'] > 0) { $story_templates->set_var('lang_images', $LANG24[47]); $icount = DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($story->getSid())); if ($icount > 0) { $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($story->getSid()) . "'"); for ($z = 1; $z <= $icount; $z++) { $I = DB_fetchArray($result_articles); $saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']" /><br />'; } } $newallowed = $_CONF['maximagesperarticle'] - $icount; for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) { $fileinputs .= $z . ') <input type="file" dir="ltr" name="file[]' . '" />'; if ($z < $_CONF['maximagesperarticle']) { $fileinputs .= '<br />'; } } $fileinputs .= '<br />' . $LANG24[51]; if ($_CONF['allow_user_scaling'] == 1) { $fileinputs .= $LANG24[27]; } $fileinputs .= $LANG24[28] . '<br />'; } $story_templates->set_var('saved_images', $saved_images); $story_templates->set_var('image_form_elements', $fileinputs); $story_templates->set_var('lang_hits', $LANG24[18]); $story_templates->set_var('story_hits', $story->EditElements('hits')); $story_templates->set_var('lang_comments', $LANG24[19]); $story_templates->set_var('story_comments', $story->EditElements('comments')); $story_templates->set_var('lang_trackbacks', $LANG24[29]); $story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks')); $story_templates->set_var('lang_emails', $LANG24[39]); $story_templates->set_var('story_emails', $story->EditElements('numemails')); if ($_CONF['rating_enabled']) { $rating = @number_format($story->EditElements('rating'), 2); $votes = $story->EditElements('votes'); $story_templates->set_var('rating', $rating); $story_templates->set_var('votes', $votes); } $story_templates->set_var('attribution_url', $story->EditElements('attribution_url')); $story_templates->set_var('attribution_name', $story->EditElements('attribution_name')); $story_templates->set_var('attribution_author', $story->EditElements('attribution_author')); $story_templates->set_var('lang_attribution_url', $LANG24[105]); $story_templates->set_var('lang_attribution_name', $LANG24[106]); $story_templates->set_var('lang_attribution_author', $LANG24[107]); $story_templates->set_var('lang_attribution', $LANG24[108]); $sec_token_name = CSRF_TOKEN; $sec_token = SEC_createToken(); $story_templates->set_var('story_id', $story->getSid()); $story_templates->set_var('old_story_id', $story->EditElements('originalSid')); $story_templates->set_var('lang_sid', $LANG24[12]); $story_templates->set_var('lang_save', $saveoption); $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']); $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']); $story_templates->set_var('lang_timeout', $LANG_ADMIN['timeout_msg']); $story_templates->set_var('gltoken_name', CSRF_TOKEN); $story_templates->set_var('gltoken', $sec_token); $story_templates->set_var('security_token', $sec_token); $story_templates->set_var('security_token_name', $sec_token_name); $story_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); PLG_templateSetVars('storyeditor', $story_templates); if ($story->EditElements('postmode') != 'html') { $story_templates->unset_var('wysiwyg'); } SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $story_templates->parse('output', 'editor'); $display .= $story_templates->finish($story_templates->get_var('output')); return $display; }
/** * Merge User Accounts * * This validates the entered password and then merges a remote * account with a local account. * * @return string HTML merge form if error, redirect on success * */ function USER_mergeAccounts() { global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04, $LANG12, $LANG20; $retval = ''; $remoteUID = COM_applyFilter($_POST['remoteuid'], true); $localUID = COM_applyFilter($_POST['localuid'], true); $localpwd = $_POST['localp']; $localResult = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . (int) $localUID); $localRow = DB_fetchArray($localResult); if (SEC_check_hash($localpwd, $localRow['passwd'])) { // password is valid $sql = "SELECT * FROM {$_TABLES['users']} WHERE remoteusername <> '' and email='" . DB_escapeString($localRow['email']) . "'"; $result = DB_query($sql); $numRows = DB_numRows($result); if ($numRows == 1) { $remoteRow = DB_fetchArray($result); if ($remoteUID == $remoteRow['uid']) { $remoteUID = (int) $remoteRow['uid']; $remoteService = substr($remoteRow['remoteservice'], 6); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } $sql = "UPDATE {$_TABLES['users']} SET remoteusername='******'remoteusername']) . "'," . "remoteservice='" . DB_escapeString($remoteRow['remoteservice']) . "', " . "account_type=3 " . " WHERE uid=" . (int) $localUID; DB_query($sql); $_USER['uid'] = $localRow['uid']; $local_login = true; SESS_completeLogin($localUID); $_GROUPS = SEC_getUserGroups($_USER['uid']); $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_SYSTEM['admin_session'] > 0 && $local_login) { if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) { $admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']); SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } } COM_resetSpeedlimit('login'); // log the user out SESS_endUserSession($remoteUID); // Let plugins know a user is being merged PLG_moveUser($remoteUID, $_USER['uid']); // Ok, now delete everything related to this user // let plugins update their data for this user PLG_deleteUser($remoteUID); if (function_exists('CUSTOM_userDeleteHook')) { CUSTOM_userDeleteHook($remoteUID); } // Call custom account profile delete function if enabled and exists if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDelete')) { CUSTOM_userDelete($remoteUID); } // remove from all security groups DB_delete($_TABLES['group_assignments'], 'ug_uid', $remoteUID); // remove user information and preferences DB_delete($_TABLES['userprefs'], 'uid', $remoteUID); DB_delete($_TABLES['userindex'], 'uid', $remoteUID); DB_delete($_TABLES['usercomment'], 'uid', $remoteUID); DB_delete($_TABLES['userinfo'], 'uid', $remoteUID); // delete user photo, if enabled & exists if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$remoteUID}"); USER_deletePhoto($photo, false); } // delete subscriptions DB_delete($_TABLES['subscriptions'], 'uid', $remoteUID); // in case the user owned any objects that require Admin access, assign // them to the Root user with the lowest uid $rootgroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); $result = DB_query("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = '{$rootgroup}' ORDER BY ug_uid LIMIT 1"); $A = DB_fetchArray($result); $rootuser = $A['ug_uid']; if ($rootuser == '' || $rootuser < 2) { $rootuser = 2; } DB_query("UPDATE {$_TABLES['blocks']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}"); DB_query("UPDATE {$_TABLES['topics']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}"); // now delete the user itself DB_delete($_TABLES['users'], 'uid', $remoteUID); } else { // invalid password - let's try one more time // need to set speed limit and give them 3 tries COM_clearSpeedlimit($_CONF['login_speedlimit'], 'merge'); $last = COM_checkSpeedlimit('merge', 4); if ($last > 0) { COM_setMsg($LANG04[190], 'error'); echo COM_refresh($_CONF['site_url'] . '/users.php'); } else { COM_updateSpeedlimit('merge'); USER_mergeAccountScreen($remoteUID, $localUID, $LANG20[3]); } return $retval; } // can't use COM_setMsg here since the session is being destroyed. echo COM_refresh($_CONF['site_url'] . '/index.php?msg=522'); }
/** * Saves a block * * @param string $bid Block ID * @param string $name Block name * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Topic block should appear in * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @param int $allow_autotags Flag, indicates if autotags are enabed or not * @return string HTML redirect or error message * */ function BLOCK_save($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE; $retval = ''; $B['bid'] = (int) $bid; $B['name'] = $name; $B['title'] = $title; $B['type'] = $type; $B['blockorder'] = $blockorder; $B['content'] = $content; $B['tid'] = $tid; $B['rdfurl'] = $rdfurl; $B['rdfupdated'] = $rdfupdated; $B['rdflimit'] = $rdflimit; $B['phpblockfn'] = $phpblockfn; $B['onleft'] = $onleft; $B['owner_id'] = $owner_id; $B['group_id'] = $group_id; $B['perm_owner'] = $perm_owner; $B['perm_group'] = $perm_group; $B['perm_members'] = $perm_members; $B['perm_anon'] = $perm_anon; $B['is_enabled'] = $is_enabled; $B['allow_autotags'] = $allow_autotags; $bid = (int) $bid; $MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small"; $filter = sanitizer::getInstance(); $allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML); $filter->setAllowedElements($allowedElements); $filter->setPostmode('html'); $title = $filter->filterHTML($title); $title = DB_escapeString($title); $phpblockfn = DB_escapeString(trim($phpblockfn)); if (empty($title) || !BLOCK_validateName($name)) { if (empty($title)) { $msg = $LANG21[64]; } else { $msg = $LANG21[70]; } SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($msg, $LANG21[63], true) . BLOCK_edit($bid, $B) . COM_siteFooter(); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !BLOCK_hasTopicAccess($tid) || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]); $retval .= COM_showMessageText($MESSAGE[33], $MESSAGE[30], true); $retval .= COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 1) { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } else { if (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { if ($name != 'older_stories') { $content = ''; } $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37], true) . BLOCK_edit($bid, $B) . COM_siteFooter(); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; $content = DB_escapeString($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = DB_escapeString($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '1000-01-01 00:00:00'; } $name = DB_escapeString($name); if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL"); } else { $sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})"; DB_query($sql); $bid = DB_insertId(); } if ($type == 'gldefault' && $name == 'older_stories') { COM_olderStuff(); } CTL_clearCache(); COM_setMessage(11); return COM_refresh($_CONF['site_admin_url'] . '/block.php'); } else { SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $retval .= COM_siteHeader('menu', $LANG21[32]); if ($type == 'portal') { // Portal block is missing fields $msg = $LANG21[33]; } else { if ($type == 'phpblock') { // PHP Block is missing field $msg = $LANG21[34]; } else { if ($type == 'normal') { // Normal block is missing field $msg = $LANG21[35]; } else { if ($type == 'gldefault') { // Default glFusion field missing $msg = $LANG21[42]; } else { // Layout block missing content $msg = $LANG21[36]; } } } } $retval .= COM_showMessageText($msg, $LANG21[32], true); $retval .= BLOCK_edit($bid, $B); $retval .= COM_siteFooter(); } return $retval; }
die; } if (!isset($_COOKIE['token'])) { die; } $sql = "SELECT * FROM {$_TABLES['tokens']} WHERE token='" . DB_escapeString($token) . "'"; $result = DB_query($sql); if (DB_numRows($result) != 1) { die; } $advtoken = COM_applyFilter($_COOKIE[$_CONF['cookie_name'] . 'adveditor']); $sql = "SELECT * FROM {$_TABLES['tokens']} WHERE token='" . DB_escapeString($advtoken) . "'"; $result = DB_query($sql); if (DB_numRows($result) != 1) { die; } $admtoken = COM_applyFilter($_COOKIE['token']); $sql = "SELECT * FROM {$_TABLES['tokens']} WHERE token='" . DB_escapeString($admtoken) . "'"; $result = DB_query($sql); if (DB_numRows($result) != 1) { die; } // refresh tokens $sql = "UPDATE {$_TABLES['tokens']} SET created=NOW() WHERE token='" . DB_escapeString($token) . "'"; DB_query($sql); $sql = "UPDATE {$_TABLES['tokens']} SET created=NOW() WHERE token='" . DB_escapeString($advtoken) . "'"; DB_query($sql); SEC_setCookie($_CONF['cookie_name'] . 'adveditor', $advtoken, time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $sql = "UPDATE {$_TABLES['tokens']} SET created=NOW() WHERE token='" . DB_escapeString($admtoken) . "'"; DB_query($sql); exit;
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}"); if ($service == '') { if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { // verify password if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } else { if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { // re athenticate remote user again for these changes to take place // Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = DB_escapeString($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21])); return $display; } DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>'; // this is a hack, for some reason remoteservice links made SPAMX SLV check barf if (empty($service)) { $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>'; } $profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { $passwd = ''; if ($service == '') { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) { SEC_updateUserPassword($A['passwd'], $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } } else { // Cookie if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = DB_escapeString($A['homepage']); } $A['fullname'] = DB_escapeString($A['fullname']); $A['email'] = DB_escapeString($A['email']); $A['location'] = DB_escapeString($A['location']); $A['sig'] = DB_escapeString($A['sig']); $A['about'] = DB_escapeString($A['about']); $A['pgpkey'] = DB_escapeString($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); // at this point, the user information has been saved, but now we're going to check to see if // the user has requested resynchronization with their remoteservice account $msg = 5; // default msg = Your account information has been successfully saved if (isset($A['resynch'])) { if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) { $modules = SEC_collectRemoteOAuthModules(); $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules); if (!$active_service) { $status = -1; $msg = 115; // Remote service has been disabled. } else { require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; $service = substr($_USER['remoteservice'], 6); $consumer = new OAuthConsumer($service); $callback_url = $_CONF['site_url']; $consumer->setRedirectURL($callback_url); $user = $consumer->authenticate_user(); $consumer->doSynch($user); } } if ($msg != 5) { $msg = 114; // Account saved but re-synch failed. COM_errorLog($MESSAGE[$msg]); } } if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg); } } } }
function FF_postEditor($postData, $forumData, $action, $viewMode) { global $_CONF, $_TABLES, $_FF_CONF, $FF_userprefs, $_USER, $LANG_GF01, $LANG_GF02, $LANG_GF10, $REMOTE_ADDR; $retval = ''; $editmoderator = false; $numAttachments = 0; $edit_val = ''; $sticky_val = ''; $locked_val = ''; if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; } // initialize defaults if ($_FF_CONF['bbcode_disabled']) { $disable_bbcode_val = ' checked="checked"'; } else { $disable_bbcode_val = ''; } if ($_FF_CONF['smilies_disabled']) { $disable_smilies_val = ' checked="checked"'; } else { $disable_smilies_val = ''; } if ($_FF_CONF['urlparse_disabled']) { $disable_urlparse_val = ' checked="checked"'; } else { $disable_urlparse_val = ''; } // check postmode if (isset($postData['postmode'])) { // this means we are editing or previewing (or both) if (isset($postData['postmode_switch'])) { // means they selected a switch $chkpostmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']); if ($chkpostmode != $postData['postmode']) { $postData['postmode'] = $chkpostmode; $postData['postmode_switch'] = 0; } } } else { if ($_FF_CONF['post_htmlmode'] && $_FF_CONF['allow_html']) { $postData['postmode'] = 'html'; } else { $postData['postmode'] = 'text'; } } // verify postmode is allowed if ($postData['postmode'] == 'html' || $postData['postmode'] == 'HTML') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postData['postmode'] = 'html'; } else { $postData['postmode'] = 'text'; } } $postData['postmode_switch'] = 0; // action specific setup if ($action == 'edittopic' || $viewMode) { // need to see what options were checked... $status = 0; // get our options... if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) { $disable_bbcode_val = ' checked="checked"'; $status += DISABLE_BBCODE; } else { $disable_bbcode_val = ''; } if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) { $disable_smilies_val = ' checked="checked"'; $status += DISABLE_SMILIES; } else { $disable_smilies_val = ''; } if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) { $disable_urlparse_val = ' checked="checked"'; $status += DISABLE_URLPARSE; } else { $disable_urlparse_val = ''; } } // create our template $peTemplate = new Template($_CONF['path'] . 'plugins/forum/templates/'); $peTemplate->set_file('posteditor', 'posteditor.thtml'); if ($postData['postmode'] == 'html') { $peTemplate->set_var('html_mode', true); } else { $peTemplate->unset_var('html_mode'); } if ($viewMode == PREVIEW_VIEW) { $peTemplate->set_var('preview_post', FF_previewPost($postData, $action)); } $uniqueid = isset($postData['uniqueid']) ? COM_applyFilter($postData['uniqueid'], true) : mt_rand(); $peTemplate->set_var('uniqueid', $uniqueid); if (SEC_inGroup($postData['use_attachment_grpid']) && $_FF_CONF['maxattachments'] > 0) { $peTemplate->set_var('use_attachments', true); } if ($action == 'newtopic') { $peTemplate->set_var('save_button', 'savetopic'); $postmessage = $LANG_GF02['PostTopic']; $peTemplate->set_var('hidden_action', 'newtopic'); } if ($action == 'edittopic') { $peTemplate->set_var('save_button', 'saveedit'); if (isset($postData['forum']) && forum_modPermission($postData['forum'], $_USER['uid'], 'mod_edit')) { $editmoderator = true; $peTemplate->set_var('hidden_modedit', '1'); } else { $peTemplate->set_var('hidden_modedit', '0'); $editmoderator = false; } $postmessage = $LANG_GF02['EditTopic']; $peTemplate->set_var('hidden_action', 'edittopic'); $peTemplate->set_var('hidden_editpost', 'yes'); if ($editmoderator) { $username = $postData['name']; } elseif ($postData['uid'] > 1) { $username = COM_getDisplayName($postData['uid']); } $postData['comment'] = str_ireplace('</textarea>', '</textarea>', $postData['comment']); if (isset($postData['pid'])) { $peTemplate->set_var('hidden_editpid', $postData['pid']); } $peTemplate->set_var('hidden_editid', $postData['id']); $edit_prompt = $LANG_GF02['msg190'] . '<br/><input type="checkbox" name="silentedit" '; if (isset($postData['silentedit']) && $postData['silentedit'] == 1 or !isset($postData['modedit']) and $_FF_CONF['silent_edit_default']) { $edit_prompt .= 'checked="checked" '; $edit_val = ' checked="checked" '; } else { $edit_val = ''; } $edit_prompt .= 'value="1"/>'; $peTemplate->set_var('attachments', '<div id="fileattachlist">' . _ff_showattachments($postData['id'], 'edit') . '</div>'); $numAttachments = DB_Count($_TABLES['ff_attachments'], 'topic_id', $postData['id']); $allowedAttachments = $_FF_CONF['maxattachments'] - $numAttachments; $peTemplate->set_var('fcounter', $allowedAttachments); } else { $numAttachments = (int) DB_Count($_TABLES['ff_attachments'], 'topic_id', $uniqueid); $allowedAttachments = $_FF_CONF['maxattachments'] - $numAttachments; $peTemplate->set_var('fcounter', $allowedAttachments); $peTemplate->set_var('attachments', ''); if ($uniqueid > 0) { $peTemplate->set_var('attachments', '<div id="fileattachlist">' . _ff_showattachments($uniqueid, 'edit') . '</div>'); } $edit_prompt = ' '; } if ($action == 'newreply') { $peTemplate->set_var('save_button', 'savereply'); $postmessage = $LANG_GF02['PostReply']; $peTemplate->set_var('hidden_action', 'newreply'); if (!$viewMode) { $postData['subject'] = $LANG_GF01['RE'] . $postData['subject']; } $quoteid = isset($_GET['quoteid']) ? COM_applyFilter($_GET['quoteid'], true) : 0; $postData['mood'] = ''; if ($quoteid > 0 && !$viewMode) { $quotesql = DB_query("SELECT * FROM {$_TABLES['ff_topic']} WHERE id=" . (int) $quoteid); $quotearray = DB_fetchArray($quotesql); $quotearray['name'] = urldecode($quotearray['name']); $quotearray['comment'] = $quotearray['comment']; $postData['comment'] = sprintf($_FF_CONF['quoteformat'], $quotearray['name'], $quotearray['comment']); } $postData['editpid'] = $postData['id']; } if ($_FF_CONF['use_sfs']) { $peTemplate->set_var('usesfs', 1); } if (COM_isAnonUser()) { if (!$_FF_CONF['use_sfs']) { $postData['email'] = ''; } $peTemplate->set_var('anonymous_user', true); $peTemplate->set_var('post_message', $postmessage); $peTemplate->set_var('LANG_NAME', $LANG_GF02['msg33']); $peTemplate->set_var('name', htmlentities(strip_tags(COM_checkWords(trim(USER_sanitizeName(isset($postData['name']) ? $postData['name'] : ''))))), ENT_COMPAT, COM_getEncodingt()); if (isset($postData['email'])) { $peTemplate->set_var('email', strip_tags($postData['email'])); } } else { $peTemplate->set_var('member_user', true); $peTemplate->set_var('post_message', $postmessage); $peTemplate->set_var('LANG_NAME', $LANG_GF02['msg33']); if (!isset($username) or $username == '') { if ($action == 'edittopic') { if ($editmoderator) { $username = $postData['name']; } else { $username = COM_getDisplayName($_USER['uid']); } } else { $username = COM_getDisplayName($_USER['uid']); } } $peTemplate->set_var('username', $username); $peTemplate->set_var('xusername', urlencode($username)); } $moodoptions = ''; if ($_FF_CONF['show_moods']) { if (isset($postData['mood']) && $postData['mood'] != '') { $postData['mood'] = COM_applyFilter($postData['mood']); } if (!isset($postData['mood']) || $postData['mood'] == '') { $moodoptions = '<option value="" selected="selected">' . $LANG_GF01['NOMOOD'] . '</option>'; } if ($dir = @opendir($_CONF['path_html'] . '/forum/images/moods')) { while (($file = readdir($dir)) !== false) { if (strlen($file) > 3 && substr(strtolower(trim($file)), -4, 4) == '.gif') { $file = str_replace(array('.gif', '.jpg'), array('', ''), $file); if (isset($postData['mood']) && $file == $postData['mood']) { $moodoptions .= "<option selected=\"selected\">" . $file . "</option>"; } else { $moodoptions .= "<option>" . $file . "</option>"; } } else { $moodoptions .= ''; } } closedir($dir); } $peTemplate->set_var('LANG_MOOD', $LANG_GF02['msg36']); $peTemplate->set_var('moodoptions', $moodoptions); } $sub_dot = '...'; $sub_none = ''; $postData['subject'] = str_replace($sub_dot, $sub_none, $postData['subject']); if ($_FF_CONF['allow_smilies']) { $peTemplate->set_var('smiley_enabled', true); } if ($_FF_CONF['allow_img_bbcode']) { $peTemplate->set_var('allow_img_bbcode', true); } // if this is the first time showing the new submission form - then check if notify option should be on if (!$viewMode) { if (isset($postData['editpid']) && $postData['editpid'] > 0) { $notifyTopicid = $postData['editpid']; } else { $notifyTopicid = $postData['id']; } if (!isset($postData['forum'])) { $postData['forum'] = ''; } if (DB_getItem($_TABLES['ff_userprefs'], 'alwaysnotify', "uid=" . (int) $uid) == 1 or FF_isSubscribed($postData['forum'], $notifyTopicid, $uid)) { $postData['notify'] = 'on'; // check and see if user has un-subscribed to this topic $nid = -$notifyTopicid; if ($notifyTopicid > 0 and DB_getItem($_TABLES['subscriptions'], 'id', "type='forum' AND category=" . (int) $postData['forum'] . " AND id={$nid} AND uid={$uid}") > 1) { $postData['notify'] = ''; } } else { $postData['notify'] = ''; } } if ($editmoderator) { if (isset($postData['notify']) && $postData['notify'] == 'on' or isset($postData['notify']) && $postData['notify'] == 'on') { $notify_val = 'checked="checked"'; } else { $notify_val = ''; } $notify_prompt = $LANG_GF02['msg38'] . '<br/><input type="checkbox" name="notify" value="on" ' . $notify_val . '/>'; // check that this is the parent topic - only able to make it skicky or locked if (!isset($postData['pid']) || $postData['pid'] == 0) { if (!isset($locked_val) and !isset($sticky_val) and $action == 'edittopic') { if (!isset($postData['locked_switch']) and isset($postData['locked']) && $postData['locked'] == 1 or isset($postData['locked_switch']) && $postData['locked_switch'] == 1) { $locked_val = 'checked="checked"'; } else { $locked_val = ''; } if (!isset($postData['sticky_switch']) and isset($postData['sticky']) && $postData['sticky'] == 1 or isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) { $sticky_val = 'checked="checked"'; } else { $sticky_val = ''; } } $locked_prompt = $LANG_GF02['msg109'] . '<br/><input type="checkbox" name="locked_switch" ' . $locked_val . ' value="1"/>'; $sticky_prompt = $LANG_GF02['msg61'] . '<br/><input type="checkbox" name="sticky_switch" ' . $sticky_val . ' value="1"/>'; } else { $locked_prompt = ''; $sticky_prompt = ''; } } else { if ($uid > 1) { if (isset($postData['notify']) && $postData['notify'] == 'on') { $notify_val = 'checked="checked"'; } else { $notify_val = ''; } $notify_prompt = $LANG_GF02['msg38'] . '<br/><input type="checkbox" name="notify" ' . $notify_val . '/>'; $locked_prompt = ''; } else { $notify_prompt = ''; $locked_prompt = ''; } } if ($postData['postmode'] == 'html' || $postData['postmode'] == 'HTML') { $postmode_msg = $LANG_GF01['TEXTMODE']; $postData['postmode'] = 'html'; } else { $peTemplate->unset_var('show_htmleditor'); $postmode_msg = $LANG_GF01['HTMLMODE']; } if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { if ($action == 'edittopic') { $mode_prompt = $postmode_msg . '<br/><input type="checkbox" name="postmode_switch" value="1"/><input type="hidden" name="postmode" value="' . $postData['postmode'] . '"/>'; } } if ($action == 'edittopic') { $peTemplate->set_var('bbcodeeditor', true); } $postData['subject'] = str_replace('"', '"', $postData['subject']); if (!$_FF_CONF['allow_smilies']) { $smilies = ''; } else { $smilies = forumPLG_showsmilies(0); } $disable_bbcode_prompt = $LANG_GF01['disable_bbcode'] . ' <input type="checkbox" name="disable_bbcode" value="1" ' . $disable_bbcode_val . '/>'; if ($_FF_CONF['allow_smilies']) { $disable_smilies_prompt = $LANG_GF01['disable_smilies'] . ' <input type="checkbox" name="disable_smilies" value="1"' . $disable_smilies_val . ' />'; } else { $disable_smilies_prompt = ''; } $disable_urlparse_prompt = $LANG_GF01['disable_urlparse'] . ' <input type="checkbox" name="disable_urlparse" value="1"' . $disable_urlparse_val . ' />'; $peTemplate->set_var('comment', @htmlspecialchars($postData['comment'], ENT_QUOTES, COM_getEncodingt())); $peTemplate->set_var(array('edit_val' => $edit_val, 'sticky_val' => $sticky_val, 'postmode_msg' => $postmode_msg, 'notify_val' => $notify_val, 'disable_bbcode_val' => $disable_bbcode_val, 'disable_smilies_val' => $disable_smilies_val, 'disable_urlparse_val' => $disable_urlparse_val, 'bbcode_prompt' => $disable_bbcode_prompt, 'smilies_prompt' => $disable_smilies_prompt, 'urlparse_prompt' => $disable_urlparse_prompt, 'LANG_SUBJECT' => $LANG_GF01['SUBJECT'], 'LANG_OPTIONS' => $LANG_GF01['OPTIONS'], 'mode_prompt' => isset($mode_prompt) ? $mode_prompt : '', 'notify_prompt' => $notify_prompt, 'locked_prompt' => $locked_prompt, 'sticky_prompt' => isset($sticky_prompt) ? $sticky_prompt : '', 'edit_prompt' => $edit_prompt, 'LANG_SUBMIT' => $LANG_GF01['SUBMIT'], 'LANG_PREVIEW' => $LANG_GF01['PREVIEW'], 'subject' => $postData['subject'], 'smilies' => $smilies, 'LANG_attachments' => $LANG_GF10['attachments'], 'LANG_maxattachments' => sprintf($LANG_GF10['maxattachments'], $_FF_CONF['maxattachments']), 'postmode' => $postData['postmode'])); // Check and see if the filemgmt plugin is installed and enabled if (function_exists('filemgmt_buildAccessSql') && $_FF_CONF['enable_fm_integration'] == 1) { $peTemplate->set_var('filemgmt_category_options', gf_makeFilemgmtCatSelect($uid)); $peTemplate->set_var('LANG_usefilemgmt', $LANG_GF10['usefilemgmt']); $peTemplate->set_var('LANG_description', $LANG_GF10['description']); $peTemplate->set_var('LANG_category', $LANG_GF10['category']); } else { $peTemplate->set_var('show_filemgmt_option', 'none'); } if (COM_isAnonUser()) { $peTemplate->set_var('hide_notify', 'none'); } if (function_exists('plugin_templatesetvars_captcha')) { plugin_templatesetvars_captcha('forum', $peTemplate); } else { $peTemplate->set_var('captcha', ''); } if ($postData['id'] > 0) { $peTemplate->set_var('topic_id', $postData['id']); } $peTemplate->set_var(array('navbreadcrumbsimg' => _ff_getImage('nav_breadcrumbs'), 'navtopicimg' => _ff_getImage('nav_topic'), 'form_action' => $_CONF['site_url'] . '/forum/createtopic.php', 'referer' => $forumData['referer'], 'forum_id' => $forumData['forum'], 'cat_name' => $postData['cat_name'], 'cat_id' => $forumData['forum_cat'], 'forum_name' => $postData['forum_name'], 'subject' => @htmlspecialchars($postData['subject'], ENT_QUOTES, COM_getEncodingt()), 'LANG_HOME' => $LANG_GF01['HOMEPAGE'], 'forum_home' => $LANG_GF01['INDEXPAGE'], 'hidden_id' => $postData['id'], 'page' => $forumData['page'], 'LANG_bhelp' => $LANG_GF01['b_help'], 'LANG_ihelp' => $LANG_GF01['i_help'], 'LANG_uhelp' => $LANG_GF01['u_help'], 'LANG_qhelp' => $LANG_GF01['q_help'], 'LANG_chelp' => $LANG_GF01['c_help'], 'LANG_lhelp' => $LANG_GF01['l_help'], 'LANG_ohelp' => $LANG_GF01['o_help'], 'LANG_phelp' => $LANG_GF01['p_help'], 'LANG_whelp' => $LANG_GF01['w_help'], 'LANG_ahelp' => $LANG_GF01['a_help'], 'LANG_shelp' => $LANG_GF01['s_help'], 'LANG_fhelp' => $LANG_GF01['f_help'], 'LANG_hhelp' => $LANG_GF01['h_help'], 'LANG_thelp' => $LANG_GF01['t_help'], 'LANG_ehelp' => $LANG_GF01['e_help'], 'LANG_code' => $LANG_GF01['CODE'], 'LANG_fontcolor' => $LANG_GF01['FONTCOLOR'], 'LANG_fontsize' => $LANG_GF01['FONTSIZE'], 'LANG_closetags' => $LANG_GF01['CLOSETAGS'], 'LANG_codetip' => $LANG_GF01['CODETIP'], 'LANG_tiny' => $LANG_GF01['TINY'], 'LANG_small' => $LANG_GF01['SMALL'], 'LANG_normal' => $LANG_GF01['NORMAL'], 'LANG_large' => $LANG_GF01['LARGE'], 'LANG_huge' => $LANG_GF01['HUGE'], 'LANG_default' => $LANG_GF01['DEFAULT'], 'LANG_dkred' => $LANG_GF01['DKRED'], 'LANG_red' => $LANG_GF01['RED'], 'LANG_orange' => $LANG_GF01['ORANGE'], 'LANG_brown' => $LANG_GF01['BROWN'], 'LANG_yellow' => $LANG_GF01['YELLOW'], 'LANG_green' => $LANG_GF01['GREEN'], 'LANG_olive' => $LANG_GF01['OLIVE'], 'LANG_cyan' => $LANG_GF01['CYAN'], 'LANG_blue' => $LANG_GF01['BLUE'], 'LANG_dkblue' => $LANG_GF01['DKBLUE'], 'LANG_indigo' => $LANG_GF01['INDIGO'], 'LANG_violet' => $LANG_GF01['VIOLET'], 'LANG_white' => $LANG_GF01['WHITE'], 'LANG_black' => $LANG_GF01['BLACK'])); $peTemplate->set_var('token_name', CSRF_TOKEN); $peTemplate->set_var('token', SEC_createToken()); $peTemplate->set_var('postmode', $postData['postmode']); $peTemplate->unset_var('show_htmleditor'); if ($_FF_CONF['use_wysiwyg_editor'] && $postData['postmode'] == 'html') { // hook into wysiwyg here switch (PLG_getEditorType()) { case 'ckeditor': $peTemplate->set_var('show_htmleditor', true); PLG_requestEditor('forum', 'forum_entry', 'ckeditor_forum.thtml'); PLG_templateSetVars('forum_entry', $peTemplate); break; case 'tinymce': $peTemplate->set_var('show_htmleditor', true); PLG_requestEditor('forum', 'forum_entry', 'tinymce_forum.thtml'); PLG_templateSetVars('forum_entry', $peTemplate); break; default: // don't support others right now break; } } $peTemplate->parse('output', 'posteditor'); $retval .= $peTemplate->finish($peTemplate->get_var('output')); $urlfor = 'advancededitor'; if ($uid == 1) { $urlfor = 'advancededitor' . md5($REMOTE_ADDR); } SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral($urlfor), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); if (!isset($_POST['editpost'])) { $_POST['editpost'] = ''; } if ($action != 'newtopic' && $_POST['editpost'] != 'yes' && ($action == 'newreply' || $viewMode)) { if ($FF_userprefs['showiframe']) { $retval .= "<iframe src=\"{$_CONF['site_url']}/forum/viewtopic.php?mode=preview&showtopic=" . $postData['id'] . "&onlytopic=1&lastpost=true\" height=\"300\" width=\"100%\"></iframe>"; } } return $retval; }
/** * Sets the session cookie * * This saves the session ID to the session cookie on client's machine for * later use * * @param string $sessid Session ID to save to cookie * @param int $cookietime Cookie timeout value (not used) * @param string $cookiename Name of cookie to save sessiond ID to * @param string $cookiepath Path in which cookie should be sent to server for * @param string $cookiedomain Domain in which cookie should be sent to server for * @param int $cookiesecure if =1, set cookie only on https connection * */ function SESS_setSessionCookie($sessid, $cookietime, $cookiename, $cookiepath, $cookiedomain, $cookiesecure) { global $_SESS_VERBOSE; // This sets a cookie that will persist until the user closes their browser // window. since session expiry is handled on the server-side, cookie expiry // time isn't a big deal. if ($_SESS_VERBOSE) { COM_errorLog("Setting session cookie: setcookie({$cookiename}, {$sessid}, 0, {$cookiepath}, {$cookiedomain}, {$cookiesecure});", 1); } if (SEC_setCookie($cookiename, $sessid, 0, $cookiepath, $cookiedomain, $cookiesecure) === false) { COM_errorLog('Failed to set session cookie.', 1); } }
/** * Complete the login process - setup new session * * Complete the login process - create new session for user * * @param int $uid User ID of logged in user * @return none * */ function SESS_completeLogin($uid) { global $_TABLES, $_CONF, $_SYSTEM, $_USER; $request_ip = !empty($_SERVER['REMOTE_ADDR']) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; // build the $_USER array $userdata = SESS_getUserDataFromId($uid); $_USER = $userdata; // save old session data $savedSessionData = json_encode($_SESSION); // create the session $sessid = SESS_newSession($_USER['uid'], $request_ip, $_CONF['session_cookie_timeout']); if (isset($_COOKIE[$_CONF['cookie_session']])) { $cookie_domain = $_CONF['cookiedomain']; $cookie_path = $_CONF['cookie_path']; setcookie($_COOKIE[$_CONF['cookie_session']], '', time() - 42000, $cookie_path, $cookie_domain, $_CONF['cookiesecure'], true); } session_id($sessid); session_start(); $_SESSION = json_decode($savedSessionData, true); // initialize session counter SESS_setVar('session.counter', 1); if (!isset($_USER['tzid']) || empty($_USER['tzid'])) { $_USER['tzid'] = $_CONF['timezone']; } // Let plugins act on login event PLG_loginUser($_USER['uid']); // check and see if they have remember me set $cooktime = (int) $_USER['cookietimeout']; if ($cooktime > 0) { $cookieTimeout = time() + $cooktime; $token_ttl = $cooktime; // set userid cookie SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); $ltToken = SEC_createTokenGeneral('ltc', $token_ttl); // set long term cookie SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } DB_query("UPDATE {$_TABLES['users']} set remote_ip='" . DB_escapeString($request_ip) . "' WHERE uid=" . (int) $_USER['uid'], 1); if ($_CONF['allow_user_themes']) { // set theme cookie (or update it ) SEC_setcookie($_CONF['cookie_theme'], $_USER['theme'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } }
if (isset($_POST['sp_status_yes'])) { $sp_status = 1; } if (isset($_POST['sp_status_no'])) { $sp_status = 0; } } else { $sp_status = isset($_POST['sp_status']) ? 1 : 0; } $display .= PAGE_submit($sp_id, $sp_status, $sp_uid, isset($_POST['sp_title']) ? $_POST['sp_title'] : '', isset($_POST['sp_content']) ? $_POST['sp_content'] : '', isset($_POST['sp_hits']) ? COM_applyFilter($_POST['sp_hits'], true) : 0, isset($_POST['sp_format']) ? COM_applyFilter($_POST['sp_format']) : '', isset($_POST['sp_onmenu']) ? $_POST['sp_onmenu'] : '', isset($_POST['sp_label']) ? $_POST['sp_label'] : '', isset($_POST['commentcode']) ? COM_applyFilter($_POST['commentcode'], true) : 0, isset($_POST['owner_id']) ? COM_applyFilter($_POST['owner_id'], true) : 2, isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id'], true) : 0, isset($_POST['perm_owner']) ? $_POST['perm_owner'] : '', isset($_POST['perm_group']) ? $_POST['perm_group'] : '', isset($_POST['perm_members']) ? $_POST['perm_members'] : '', isset($_POST['perm_anon']) ? $_POST['perm_anon'] : '', isset($_POST['sp_php']) ? $_POST['sp_php'] : '', isset($_POST['sp_nf']) ? $_POST['sp_nf'] : '', isset($_POST['sp_old_id']) ? COM_applyFilter($_POST['sp_old_id']) : '', isset($_POST['sp_nf']) ? $_POST['sp_centerblock'] : '', $sp_help, isset($_POST['sp_tid']) ? COM_applyFilter($_POST['sp_tid']) : '', isset($_POST['sp_where']) ? COM_applyFilter($_POST['sp_where'], true) : 0, isset($_POST['sp_inblock']) ? $_POST['sp_inblock'] : '', isset($_POST['postmode']) ? COM_applyFilter($_POST['postmode']) : '', isset($_POST['sp_search']) ? 1 : 0); } else { $display = COM_refresh($_CONF['site_admin_url'] . '/index.php'); } } else { //token expired? SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $display .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $display .= COM_showMessage(501); $editor = ''; if (isset($_GET['editor'])) { $editor = COM_applyFilter($_GET['editor']); } // $mode = 'edit'; $owner_id = $_POST['owner_id']; $group_id = $_POST['group_id']; $perm_owner = $_POST['perm_owner']; $perm_group = $_POST['perm_group']; $perm_members = $_POST['perm_members']; $perm_anon = $_POST['perm_anon']; list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $_POST['perm_owner'] = $perm_owner;
public function sreq_userinfo_response($query) { global $_CONF; // COM_errorLog("FB:sreq_userinfo_response()------------------"); $userinfo = array(); try { // COM_errorLog("upon entry, _COOKIE[request_token]={$_COOKIE['request_token']}"); // COM_errorLog("upon entry, _COOKIE[request_token_secret]={$_COOKIE['request_token_secret']}"); $verifier = $query[$this->callback_query_string]; $callback_url = $_CONF['site_url'] . '/users.php?oauth_login=facebook'; $params = array('client_id' => $this->consumer_key, 'redirect_uri' => $callback_url, 'client_secret' => $this->consumer_secret, 'code' => $verifier); // first request obtains access token $url_auth = $this->url_accessToken . '?' . http_build_query($params, null, '&'); // COM_errorLog("FB:sreq_userinfo_response() req1: " . $url_auth); $this->request->setUrl($url_auth); $response = $this->request->send(); $rdata = $response->getBody(); // COM_errorLog("FB:sreq_userinfo_response() rsp1: " . $rdata); parse_str($rdata, $data); if (isset($data['access_token'])) { $this->token = $data['access_token']; SEC_setCookie('request_token', $data['access_token']); } else { // COM_errorLog("error: access_token not retrieved"); $data = json_decode($rdata); if (!empty($data->error)) { $this->errormsg = $data->error->message; } return; // early exit } // second request obtains what basic user info that the graphs API // will give us without additional requests (everything but photo) $params = array('access_token' => $this->token); $url_me = $this->url_userinfo . '?' . http_build_query($params, null, '&'); // COM_errorLog("FB:sreq_userinfo_response() req2: " . $url_me); $this->request->setUrl($url_me); $response = $this->request->send(); $rdata = $response->getBody(); // COM_errorLog("FB:sreq_userinfo_response() rsp2: " . $rdata); $data = json_decode($rdata); if (!empty($data->error)) { $this->errormsg = $data->error->message; return; } $userinfo = $data; // third request retrieves the user's photo URL $url_photo = $this->url_userinfo_photo . '?' . http_build_query($params, null, '&'); $this->request->setUrl($url_photo); // COM_errorLog("FB:sreq_serinfo_response() req3: " . $url_photo); $response = $this->request->send(); if ($response->getStatus() == '302' and $response->getReasonPhrase() == 'Found') { $header = $response->getHeader(); $userinfo->photo_url = $header['location']; // COM_errorLog("photo_url=" . $userinfo->photo_url); } else { $userinfo->photo_url = ''; // COM_errorLog("photo_url=(null)"); } } catch (Exception $e) { $this->errormsg = get_class($e) . ': ' . $e->getMessage(); } // COM_errorLog("upon exit, request_token cookie={$this->token}"); // COM_errorLog("upon entry, request_token secret cookie={$this->token_secret}"); return $userinfo; }
/** * Log user out * * This logs the user out of the system and clears all session vars * * @return none Redirects user to index page * */ function userLogout() { global $_CONF, $_TABLES, $_USER, $_COOKIE; if (!empty($_USER['uid']) and $_USER['uid'] > 1) { DB_query("UPDATE {$_TABLES['users']} set remote_ip='' WHERE uid=" . $_USER['uid'], 1); SESS_endUserSession($_USER['uid']); PLG_logoutUser($_USER['uid']); } SEC_setCookie($_CONF['cookie_session'], '', time() - 10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); SEC_setCookie($_CONF['cookie_password'], '', time() - 10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); SEC_setCookie($_CONF['cookie_name'], '', time() - 10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); if (isset($_COOKIE['token'])) { $token = $_COOKIE['token']; DB_delete($_TABLES['tokens'], 'token', DB_escapeString($token)); SEC_setCookie('token', '', time() - 10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } DB_delete($_TABLES['tokens'], 'owner_id', (int) $_USER['uid']); echo COM_refresh($_CONF['site_url'] . '/index.php?msg=8'); }
/** * Shows the form the admin uses to send glFusion members a message. Now you * can email a user or an entire group depending upon whether uid or grp_id is * set. if both arguments are >0, the group send function takes precedence * * @return string HTML for the email form * */ function MAIL_displayForm($uid = 0, $grp_id = 0, $from = '', $replyto = '', $subject = '', $message = '') { global $_CONF, $_TABLES, $_USER, $LANG31, $LANG03, $LANG_ADMIN; USES_lib_admin(); $retval = ''; if (isset($_POST['postmode'])) { $postmode = COM_applyFilter($_POST['postmode']); if ($postmode != 'html' || $postmode != 'plaintext') { $postmode = $_CONF['postmode']; } } else { $postmode = $_CONF['postmode']; } $mail_templates = new Template($_CONF['path_layout'] . 'admin/mail'); $mail_templates->set_file('form', 'mailform.thtml'); if ($postmode == 'html') { $mail_templates->set_var('show_htmleditor', true); } else { $mail_templates->unset_var('show_htmleditor'); } $mail_templates->set_var('postmode', $postmode); $mail_templates->set_var('lang_postmode', $LANG03[2]); $mail_templates->set_var('postmode_options', COM_optionList($_TABLES['postmodes'], 'code,name', $postmode)); $mail_templates->set_var('startblock_email', COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_admin_block', 'header'))); $mail_templates->set_var('php_self', $_CONF['site_admin_url'] . '/mail.php'); $usermode = $uid > 0 && $grp_id == 0 ? true : false; $send_to_group = $usermode ? '' : '1'; $mail_templates->set_var('send_to_group', $send_to_group); $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/user.php', 'text' => $LANG_ADMIN['admin_users']), array('url' => $_CONF['site_admin_url'] . '/group.php', 'text' => $LANG_ADMIN['admin_groups']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $instructions = $usermode ? $LANG31[28] : $LANG31[19]; $icon = $_CONF['layout_url'] . '/images/icons/mail.png'; $admin_menu = ADMIN_createMenu($menu_arr, $instructions, $icon); $mail_templates->set_var('admin_menu', $admin_menu); if ($usermode) { // we're sending e-Mail to a specific user $mail_templates->set_var('lang_instructions', $LANG31[28]); $mail_templates->set_var('lang_to', $LANG31[18]); $to_user = ''; $lang_warning = $LANG31[29]; $warning = ''; // get the user data, and check the privacy settings $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = " . (int) $uid); $nrows = DB_numRows($result); if ($nrows > 0) { $A = DB_fetchArray($result); $username = $_CONF['show_fullname'] ? $A['fullname'] : $A['username']; $to_user = $username . ' (' . $A['email'] . ')'; $emailfromadmin = DB_getItem($_TABLES['userprefs'], 'emailfromadmin', "uid = " . (int) $uid); $warning = $emailfromadmin == 1 ? '' : $LANG31[30]; } $mail_templates->set_var('to_user', $to_user); $mail_templates->set_var('to_uid', $uid); $mail_templates->set_var('lang_warning', $lang_warning); $mail_templates->set_var('warning', $warning); } else { // we're sending e-Mail to a group of users $mail_templates->set_var('lang_instructions', $LANG31[19]); $mail_templates->set_var('lang_to', $LANG31[27]); $mail_templates->set_var('lang_selectgroup', $LANG31[25]); // build group options select, allow for possibility grp_id has been supplied $group_options = ''; $result = DB_query("SELECT grp_id, grp_name FROM {$_TABLES['groups']} WHERE grp_name <> 'All Users'"); $nrows = DB_numRows($result); $groups = array(); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $groups[$A['grp_id']] = ucwords($A['grp_name']); } asort($groups); foreach ($groups as $groupID => $groupName) { if (SEC_inGroup('Root') || SEC_inGroup($groupName) && $groupName != 'Logged-in Users' && $groupName != 'Mail Admin') { $group_options .= '<option value="' . $groupID . '"'; $group_options .= $groupID == $grp_id ? ' selected="selected"' : ''; $group_options .= '>' . $groupName . '</option>'; } } $mail_templates->set_var('group_options', $group_options); } $mail_templates->set_var('lang_from', $LANG31[2]); $frm = empty($from) ? $_CONF['site_name'] : $from; $mail_templates->set_var('site_name', $frm); $mail_templates->set_var('lang_replyto', $LANG31[3]); $rto = empty($replyto) ? $_CONF['site_mail'] : $replyto; $mail_templates->set_var('site_mail', $rto); $mail_templates->set_var('lang_subject', $LANG31[4]); $mail_templates->set_var('subject', $subject); $mail_templates->set_var('lang_body', $LANG31[5]); $mail_templates->set_var('message_text', $message); $mail_templates->set_var('message_html', $message); $mail_templates->set_var('lang_sendto', $LANG31[6]); $mail_templates->set_var('lang_allusers', $LANG31[7]); $mail_templates->set_var('lang_admin', $LANG31[8]); $mail_templates->set_var('lang_options', $LANG31[9]); $mail_templates->set_var('lang_HTML', $LANG31[10]); $mail_templates->set_var('lang_urgent', $LANG31[11]); $mail_templates->set_var('lang_ignoreusersettings', $LANG31[14]); $mail_templates->set_var('lang_send', $LANG31[12]); $mail_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); $mail_templates->set_var('gltoken_name', CSRF_TOKEN); $mail_templates->set_var('gltoken', SEC_createToken()); PLG_templateSetVars('contact', $mail_templates); $mail_templates->parse('output', 'form'); $retval = $mail_templates->finish($mail_templates->get_var('output')); SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); return $retval; }