/**
* Processes the current request.
*/
function openid_process()
{
if (defined('OPENID_URL')) {
// Initial authentication attempt (they just entered their identifier)
$reqs = checkRequests();
$disc = tryDiscovery(OPENID_URL);
$_SESSION['openid'] = array('identity' => $disc->getIdentity(), 'delegate' => $disc->getDelegate(), 'validated' => false, 'server' => $disc->getServer(), 'nonce' => uniqid(microtime(true), true), 'requests' => $reqs);
$handle = getHandle($disc->getServer());
$url = URLBuilder::buildRequest(defined('OPENID_IMMEDIATE') ? 'immediate' : 'setup', $disc->getServer(), $disc->getDelegate(), $disc->getIdentity(), URLBuilder::getCurrentURL(), $handle);
URLBuilder::doRedirect($url);
} else {
if (isset($_REQUEST['openid_mode'])) {
checkNonce();
$func = 'process' . str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($_REQUEST['openid_mode']))));
if (function_exists($func)) {
call_user_func($func, checkHandleRevocation());
}
}
}
}
/**
* Processes the current request.
*/
function process()
{
if (defined('OPENID_URL')) {
// Initial authentication attempt (they just entered their identifier)
Logger::log('Processing authentication attempt for %s', OPENID_URL);
$reqs = checkRequests();
$disc = tryDiscovery(OPENID_URL);
$_SESSION['openid'] = array('identity' => $disc->getClaimedId(), 'claimedId' => $disc->getClaimedId(), 'endpointUrl' => $disc->getEndpointUrl(), 'opLocalId' => $disc->getOpLocalId(), 'userSuppliedId' => $disc->getUserSuppliedId(), 'version' => $disc->getVersion(), 'validated' => false, 'nonce' => uniqid(microtime(true), true), 'requests' => $reqs);
$handle = getHandle($disc->getEndpointUrl());
if (!defined('OPENID_RETURN_URL')) {
define('OPENID_RETURN_URL', URLBuilder::getCurrentURL());
}
$url = URLBuilder::buildRequest(defined('OPENID_IMMEDIATE') ? 'immediate' : 'setup', $disc->getEndpointUrl(), $disc->getOpLocalId(), $disc->getClaimedId(), OPENID_RETURN_URL, $handle, $disc->getVersion());
URLBuilder::doRedirect($url);
} else {
if (isset($_REQUEST['openid_mode'])) {
checkNonce();
$func = 'process' . str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($_REQUEST['openid_mode']))));
if (function_exists($func)) {
call_user_func($func, checkHandleRevocation());
}
}
}
}
of the course.
course.org_id = -1 - (this is a global course)
org.course_id <> 0
user.course_id <> 0 , user.org_id = null (org_id is null because user is not global)
*/
$orgid = $_REQUEST[org_id];
$orgsigned = false;
if ($orgid) {
$org = new ORM("org", false, "lti_org");
$org->read(array("org_id" => $orgid, "course_id" => -1));
if ($org->id()) {
$orgdata = $org->data();
$orgsecret = $orgdata[secret];
DPRT("org secret from database {$orgsecret}");
if (checkNonce($_REQUEST[sec_nonce], $_REQUEST[sec_created], $_REQUEST[sec_org_digest], $orgsecret, 10000000)) {
DPRT("Organization secret matches");
$orgsigned = true;
} else {
DPRT("Organiztion secret failed");
$org->clear();
// Get rid of the data because we cannot trust it
}
}
}
// The course is signed from the first nonce computation - it may also
// be part of an organization
// Make the course belong to an organization
if ($coursecreate && $Settings["auto_create_courses"]) {
$crs->setall($_REQUEST, '/^course_/');
if ($orgsigned) {
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$web = clean_url($web);
$email = clean_url($email);
if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
setCookies($name, $email, $web);
} else {
destroyCookies();
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(strip_tags(deEntBrackets($web)));
$email = doSlash(strip_tags(deEntBrackets($email)));
$message = substr(trim($message), 0, 65535);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$parentid = assert_int($parentid);
$rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
update_lastmod();
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$backpage = permlinkurl_id($parentid);
}
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
log_hit('302');
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
extract($in);
if (!checkCommentsAllowed($parentid)) {
exit(graf(gTxt('comments_closed')));
}
if ($prefs['comments_require_name']) {
if (!trim($name)) {
exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if ($prefs['comments_require_email']) {
if (!trim($email)) {
exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if (!trim($message)) {
exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
$ip = serverset('REMOTE_ADDR');
$message = trim($message);
$blacklisted = is_blacklisted($ip);
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if (checkBan($ip)) {
if ($blacklisted == false) {
if (!$isdup) {
if (checkNonce($nonce)) {
$visible = $comments_moderate ? 0 : 1;
$rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid);
}
$updated = update_comments_count($parentid);
ob_start();
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
}
}
// end check nonce
}
// end check dup
} else {
exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted));
}
// end check blacklist
} else {
exit(gTxt('you_have_been_banned'));
}
// end check site ban
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message = trim($message);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
if ($prefs['logging'] == 'refer') {
logit('refer');
} elseif ($prefs['logging'] == 'all') {
logit();
}
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
/**
* Processes the form submission and redirects if NONCE requirement not met.
* If not a post, returns successfully. If POSTed NONCE value exists but
* doesn't match SESSSION NONCE, redirects to default NONCE mismatch page.
* If POSTed NONCE doesn't exist, either returns "FALSE", or redirects to
* NONCE mismatch page, depending on options. If POSTed NONCE exists and matches
* SESSION NONCE, returns TRUE.
*/
function formProcessNonce($nonceFailPage = 'nonce_fail', $ignoreMissing = true) {
if (!submitted(true)) {
return true;
}
$noncePass = checkNonce();
$baseUrl = getBaseUrl();
if (!$noncePass) {
die("<h2>NONCE failed; see log</h2>");
header("Location: $baseUrl/$nonceFailPage");
}
return true;
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $txpac;
include_once $txpcfg['txpath'] . '/lib/classTextile.php';
$im = !empty($comments_disallow_images) ? 1 : '';
$textile = new Textile();
$ref = serverset('HTTP_REFERRER');
extract(psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember')));
if ($txpac['comments_require_name']) {
if (!trim($name)) {
exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if ($txpac['comments_require_email']) {
if (!trim($email)) {
exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if (!trim($message)) {
exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
$ip = @getHostByAddr(serverset('REMOTE_ADDR'));
$message = strip_tags(trim($message));
$message2db = addslashes(nl2br($textile->textileThis($message, 1, '', $im)));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if (checkBan($ip)) {
if (!$isdup) {
if (checkNonce($nonce)) {
$visible = $comments_moderate ? 0 : 1;
$rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t name = '{$name}',\n\t\t\t\t\t\t email = '{$email}',\n\t\t\t\t\t\t web = '{$web}',\n\t\t\t\t\t\t ip = '{$ip}',\n\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t posted = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
if ($txpac['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid);
}
ob_start();
header('location: ' . $backpage);
}
}
// end check nonce
}
// end check dup
} else {
exit(gTxt('you_have_been_banned'));
}
}