function macro_bookmark($formatter, $value = '', &$options) { global $DBInfo; global $_COOKIE; $user =& $DBInfo->user; # get cookie if (!isset($options['time'][0])) { $bookmark = time(); } else { $bookmark = $options['time']; } $ret = array(); if ($user->id == "Anonymous") { if (is_numeric($bookmark) and $bookmark > 0) { setcookie("MONI_BOOKMARK", $bookmark, time() + 60 * 60 * 24 * 30, get_scriptname()); $ret['title'] = _('Bookmark Changed'); } else { setcookie("MONI_BOOKMARK", 0, 0, get_scriptname()); $ret['title'] = _("Bookmark Deleted !"); } # set the fake cookie $_COOKIE['MONI_BOOKMARK'] = $bookmark; $user->bookmark = $bookmark; } else { if (is_numeric($bookmark) and $bookmark > 0) { $ret['title'] = _('Bookmark Changed'); $user->info['bookmark'] = $bookmark; $user->bookmark = $bookmark; } else { $ret['title'] = _("Bookmark Deleted !"); $user->info['bookmark'] = null; } $DBInfo->udb->saveUser($user); if (empty($user->info['bookmark'])) { unset($user->bookmark); } } if (isset($options['ret'])) { $options['ret'] = $ret; } return ''; }
function unsetCookie() { global $Config; # set the fake cookie $_COOKIE['MONI_ID'] = "Anonymous"; $domain = ''; if (!empty($Config['cookie_domain'])) { $domain = '; Domain=' . $Config['cookie_domain']; } if (!empty($Config['cookie_path'])) { $path = '; Path=' . $Config['cookie_path']; } else { $path = '; Path=' . dirname(get_scriptname()); } return "Set-Cookie: MONI_ID=" . $this->id . "; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=" . $path . $domain; }
function macro_Scrap($formatter, $value = '', $options = array()) { global $DBInfo; $user =& $DBInfo->user; # get cookie if ($user->id == 'Anonymous') { return ''; } $userinfo = $DBInfo->udb->getUser($user->id); $pages = array(); if (!empty($userinfo->info['scrapped_pages'])) { $pages = explode("\t", $userinfo->info['scrapped_pages']); } $scrapped = 0; $pgname = ''; if (!empty($formatter->page->name)) { $pgname = $formatter->page->name; if (!in_array($formatter->page->name, $pages)) { $pages[] = $options['page']; } else { $scrapped = 1; } } $out = ''; if ($value == 'js') { // get the scrapped pages dynamically $script = get_scriptname() . $DBInfo->query_prefix; $pgname = _rawurlencode($pgname); $js = <<<JS <script type="text/javascript"> /*<![CDATA[*/ (function() { var script_name = "{$script}"; var page_name = "{$pgname}"; function get_scrap() { var scrap = document.getElementById('scrap'); if (scrap == null) { // silently ignore return; } var pgname = decodeURIComponent(page_name); var scrapped = false; // get the scrapped pages var qp = '?'; // query_prefix var loc = '//' + location.host; if (location.port) loc+= ':' + location.port; loc+= location.pathname + qp + 'action=scrap/ajax'; var ret = HTTPGet(loc); if (ret) { var list = JSON.parse(ret); var html = ''; for (i = 0; i < list.length; i++) { if (list[i] == pgname) scrapped = true; html+= '<li><a href="' + script_name + list[i] + '">' + list[i] + "</a></li>\\n"; } if (html != '') scrap.innerHTML = "<ul>" + html + "</ul>"; if (scrapped) { // change scrap icon var iconmenu = document.getElementById("wikiIcon"); var icons = iconmenu.getElementsByTagName("A"); for (i = 0; i < icons.length; i++) { if (icons[i].href.match(/action=scrap/)) { icons[i].href = icons[i].href.replace(/=scrap/, '=scrap&unscrap=1'); icons[i].firstChild.firstChild.src = icons[i].firstChild.firstChild.src.replace('scrap', 'unscrap'); break; } } } } } // onload var oldOnload = window.onload; window.onload = function(ev) { try { oldOnload(); } catch(e) {}; get_scrap(); } })(); /*]]>*/ </script> JS; #$formatter->register_javascripts('local/scrap.js'); $formatter->register_javascripts($js); return '<i></i>'; // dummy } foreach ($pages as $p) { if ($DBInfo->hasPage($p)) { $out .= '<li>' . $formatter->link_tag(_urlencode($p), '', $p) . '</li>'; } else { if (!empty($p)) { $list = $formatter->macro_repl('PageList', $p, array('rawre' => 1)); if (empty($list)) { $out .= substr($list, 4, -6); } } } } if (!empty($out)) { return '<ul>' . $out . '</ul>'; } return ''; }
function macro_Scrap($formatter, $value = '', $options = array()) { global $DBInfo; $user =& $DBInfo->user; # get cookie if ($user->id == 'Anonymous') { return ''; } $userinfo = $DBInfo->udb->getUser($user->id); $pages = array(); if (!empty($userinfo->info['scrapped_pages'])) { $pages = explode("\t", $userinfo->info['scrapped_pages']); } if (!empty($options['page']) and !in_array($options['page'], $pages)) { $pages[] = $options['page']; } $out = ''; if ($value == 'js') { // get the scrapped pages dynamically $script = get_scriptname() . $DBInfo->query_prefix; $js = <<<JS <script type="text/javascript"> /*<![CDATA[*/ (function() { var script_name = "{$script}"; function get_scrap() { var scrap = document.getElementById('scrap'); if (scrap == null) { // silently ignore return; } // get the scrapped pages var qp = '?'; // query_prefix var loc = location.protocol + '//' + location.host; if (location.port) loc+= ':' + location.port; loc+= location.pathname + qp + 'action=scrap/ajax'; var ret = HTTPGet(loc); if (ret) { var list = JSON.parse(ret); var html = ''; for (i = 0; i < list.length; i++) { html+= '<li><a href="' + script_name + list[i] + '">' + list[i] + "</a></li>\\n"; } scrap.innerHTML = "<ul>" + html + "</ul>"; } } // onload var oldOnload = window.onload; window.onload = function(ev) { try { oldOnload(); } catch(e) {}; get_scrap(); } })(); /*]]>*/ </script> JS; #$formatter->register_javascripts('local/scrap.js'); $formatter->register_javascripts($js); return '<i></i>'; // dummy } foreach ($pages as $p) { if ($DBInfo->hasPage($p)) { $out .= '<li>' . $formatter->link_tag(_urlencode($p), '', $p) . '</li>'; } else { if (!empty($p)) { $list = $formatter->macro_repl('PageList', $p, array('rawre' => 1)); if (empty($list)) { $out .= substr($list, 4, -6); } } } } if (!empty($out)) { return '<ul>' . $out . '</ul>'; } return ''; }
function do_userform($formatter, $options) { global $DBInfo; $user =& $DBInfo->user; # get cookie $id = !empty($options['login_id']) ? $options['login_id'] : ''; $use_any = 0; if (!empty($DBInfo->use_textbrowsers)) { if (is_string($DBInfo->use_textbrowsers)) { $use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0; } else { $use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0; } } $options['msg'] = ''; # e-mail conformation if (!empty($options['ticket']) and $id and $id != 'Anonymous') { $userdb =& $DBInfo->udb; $suspended = false; if ($userdb->_exists($id)) { $user = $userdb->getUser($id); } else { if ($userdb->_exists($id, 1)) { // suspended user $suspended = true; $user = $userdb->getUser($id, 1); } } if ($user->id == $id) { if ($user->info['eticket'] == $options['ticket']) { list($dummy, $email) = explode('.', $options['ticket'], 2); $user->info['email'] = $email; $user->info['eticket'] = ''; if ($suspended) { if (empty($DBInfo->register_confirm_admin)) { $userdb->activateUser($id); $userdb->saveUser($user); } else { $userdb->saveUser($user, array('suspended' => 1)); } } else { $userdb->saveUser($user); } $title = _("Successfully confirmed"); $options['msg'] = _("Your e-mail address is confirmed successfully"); if (!empty($DBInfo->register_confirm_admin)) { $options['msg'] .= "<br />" . _("Your need to wait until your ID activated by admin"); } } else { if ($user->info['nticket'] == $options['ticket']) { $title = _("Successfully confirmed"); $user->info['nticket'] = ''; $user->info['password'] = $user->info['npassword']; $user->info['npassword'] = ''; $userdb->saveUser($user); $options['msg'] = _("Your new password is confirmed successfully"); } else { $title = _("Confirmation missmatched !"); $options['msg'] = _("Please try again to register your e-mail address"); } } } else { if ($suspended) { $title = _("Please wait until your ID is confirmed by admin!"); } else { $title = _("ID does not exist !"); } $options['msg'] = _("Please try again to register your e-mail address"); } $formatter->send_header("", $options); $formatter->send_title($title, "", $options); $formatter->send_footer("", $options); return ''; } $title = ''; if ($user->id == "Anonymous" and !empty($options['emailreset'])) { setcookie('MONI_VERIFIED_EMAIL', '', time() - 3600, get_scriptname()); $options['msg'] .= '<br />' . _("Verification E-mail removed."); $options['verifyemail'] = ''; $user->verified_email = ''; } else { if ($user->id == "Anonymous" and !empty($options['login']) and !empty($options['verify_email'])) { $email = base64_decode($options['login']); $ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $email, 10)); if ($ticket == $options['verify_email']) { $options['msg'] .= '<br />' . _("Your email address is successfully verified."); $user->verified_email = $email; setcookie('MONI_VERIFIED_EMAIL', $email, time() + 60 * 60 * 24 * 30, get_scriptname()); } else { $options['msg'] .= '<br />' . _("Verification missmatched."); } } else { if ($user->id == "Anonymous" and $options['verify'] == _("Verify E-mail address") and !empty($DBInfo->anonymous_friendly) and !empty($options['verifyemail'])) { if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['verifyemail'])) { if (($ret = verify_email($options['verifyemail'])) < 0) { $ret = -$ret; $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret; $options['msg'] .= '<br/>' . _("Invalid email address or can't verify it."); } else { if (!empty($DBInfo->verify_email)) { if ($DBInfo->verify_email == 1) { $options['msg'] .= '<br/>' . _("Your email address is successfully verified."); setcookie('MONI_VERIFIED_EMAIL', $options['verifyemail'], time() + 60 * 60 * 24 * 30, get_scriptname()); } else { $opts = array(); $opts['subject'] = "[{$DBInfo->sitename}] " . _("Verify Email address"); $opts['email'] = $options['verifyemail']; $opts['id'] = 'nobody'; $ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $opts['email'], 10)); $enc = base64_encode($opts['email']); $body = qualifiedUrl($formatter->link_url('UserPreferences', "?action=userform&login={$enc}&verify_email={$ticket}")); $body = _("Please confirm your e-mail address") . "\n" . $body . "\n"; $ret = wiki_sendmail($body, $opts); $options['msg'] .= '<br/>' . _("E-mail verification mail sent"); } } } } else { $options['msg'] .= '<br/>' . _("Your email address is not valid"); } } else { if ($user->id == "Anonymous" and !empty($options['login_id']) and isset($options['password']) and !isset($options['passwordagain'])) { if (method_exists($user, 'login')) { $user->login($formatter, $options); $params = array(); $params['value'] = $options['page']; do_goto($formatter, $params); return; } # login $userdb = $DBInfo->udb; if ($userdb->_exists($id)) { $user = $userdb->getUser($id); $login_ok = 0; if (!empty($DBInfo->use_safelogin)) { if (isset($options['challenge']) and $options['_chall'] == $options['challenge']) { #print '<pre>'; #print $options['password'].'<br />'; #print hmac($options['challenge'],$user->info['password']); #print '</pre>'; if (hmac($options['challenge'], $user->info['password']) == $options['password']) { $login_ok = 1; } } else { # with no javascript browsers $md5pw = md5($options['password']); if ($md5pw == $user->info['password']) { $login_ok = 1; } } } if ($login_ok or $user->checkPasswd($options['password']) === true) { $options['msg'] = sprintf(_("Successfully login as '%s'"), $id); $options['id'] = $user->id; if ($user->id == 'Anonymous') { // special case. login success but ID is not acceptable $options['msg'] = _("Invalid user ID. Please register again"); } else { $formatter->header($user->setCookie()); if (!isset($user->info['login_success'])) { $user->info['login_success'] = 0; } if (!isset($user->info['login_fail'])) { $user->info['login_fail'] = 0; } $user->info['login_success']++; $user->info['last_login'] = gmdate("Y/m/d H:i:s", time()); $user->info['login_fail'] = 0; // reset login $user->info['remote'] = $_SERVER['REMOTE_ADDR']; $userdb->saveUser($user); $use_refresh = 1; } $DBInfo->user = $user; } else { $title = sprintf(_("Invalid password !")); if (!isset($user->info['login_fail'])) { $user->info['login_fail'] = 0; } $user->info['login_fail']++; $user->info['remote'] = $_SERVER['REMOTE_ADDR']; $userdb->saveUser($user); $user->setID('Anonymous'); } } else { if (isset($options['login_id'][0])) { if ($userdb->_exists($id, 1)) { // suspended user $title = sprintf(_("\"%s\" is waiting for activated by admin !"), $options['login_id']); } else { $title = sprintf(_("\"%s\" does not exist on this wiki !"), $options['login_id']); } $options['login_id'] = ''; } else { $title = _("Make new ID on this wiki"); } $form = macro_UserPreferences($formatter, '', $options); } } else { if (!empty($options['logout'])) { # logout header($user->unsetCookie(), false); if (session_name() != '') { $path = get_scriptname(); // for moniwiki internal header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $path, false); // for some user plugins $params = session_get_cookie_params(); header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $params['path'], false); } // call logout method if (method_exists($user, 'logout')) { $user->logout($formatter, $options); } else { $options['msg'] = _("Cookie deleted !"); } $user->id = 'Anonymous'; $DBInfo->user = $user; $use_refresh = 1; } else { if (!empty($DBInfo->use_sendmail) and $options['login'] == _("E-mail new password") and $user->id == "Anonymous" and !empty($options['email']) and !empty($options['login_id'])) { # email new password $title = ''; if (!$use_any and $DBInfo->use_ticket) { if ($options['__seed'] and $options['check']) { $mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4); if ($mycheck == $options['check']) { $ok_ticket = 1; } else { $title = _("Invalid ticket !"); } } else { $title = _("You need a ticket !"); } } else { $ok_ticket = 1; } $userdb =& $DBInfo->udb; if ($userdb->_exists($id)) { $user = $userdb->getUser($id); } if ($ok_ticket and $user->id != "Anonymous") { if ($options['email'] == $user->info['email'] and $user->info['eticket'] == '') { #make new password $mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10)); $mypass = substr($mypass, 0, 8); $options['password'] = $mypass; $old_passwd = $user->info['password']; if ($DBInfo->use_safelogin) { $ret = $user->setPasswd(md5($mypass), md5($mypass), 1); } else { $ret = $user->setPasswd($mypass, $mypass); } $new_passwd = $user->info['password']; $user->info['password'] = $old_passwd; $user->info['npassword'] = $new_passwd; #make ticket $ticket = md5(time() . $user->id . $options['email']); $user->info['nticket'] = $ticket . "." . $options['email']; // save join agreement if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) { $user->info['join_agreement'] = 'agree'; if (!empty($DBInfo->agreement_version)) { $user->info['join_agreement_version'] = $DBInfo->agreement_version; } } $userdb->saveUser($user); # XXX $opts['subject'] = "[{$DBInfo->sitename}] " . _("New password confirmation"); $opts['email'] = $options['email']; $opts['id'] = 'nobody'; $body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}")); $body = _("Please confirm your new password") . "\n" . $body . "\n"; $body .= sprintf(_("Your new password is %s"), $mypass) . "\n\n"; $body .= _("Please change your password later") . "\n"; $ret = wiki_sendmail($body, $opts); if (is_array($ret)) { $title = _("Fail to e-mail notification !"); $options['msg'] = $ret['msg']; } else { $title = _("New password is sent to your e-mail !"); $options['msg'] = _("Please check your e-mail"); } } else { if ($options['email'] != $user->info['email']) { $title = _("Fail to e-mail notification !"); $options['msg'] = _("E-mail mismatch !"); } else { $title = _("Invalid request"); $options['msg'] = _("Please confirm your e-mail address first !"); } } } else { if (!$ok_ticket) { $title = _("Invalid ticket !"); } else { $title = _("ID and e-mail mismatch !"); } $options['msg'] = _("Please try again or make a new profile"); } $formatter->send_header("", $options); $formatter->send_title($title, "", $options); $formatter->send_footer("", $options); return; } else { if ($user->id == "Anonymous" and !empty($options['login_id']) and ($options['password'] and $options['passwordagain'] or $DBInfo->use_safelogin and $options['email'])) { # create profile $title = ''; if (!$use_any and !empty($DBInfo->use_ticket)) { if ($options['__seed'] and $options['check']) { $mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4); if ($mycheck == $options['check']) { $ok_ticket = 1; } else { $title = _("Invalid ticket !"); } } else { $title = _("You need a ticket !"); } } else { $ok_ticket = 1; } $id = $user->getID($options['login_id']); if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $id)) { if (($ret = verify_email($id)) < 0) { $ret = -$ret; $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret; $options['msg'] .= '<br/>' . _("Invalid email address or can't verify it."); } else { $options['email'] = $id; $user->setID($id); } } else { if (!preg_match("/\\//", $id)) { $user->setID($id); } } // protect http:// style id if (!empty($DBInfo->use_agreement) and empty($options['joinagreement'])) { $title = _("Please check join agreement."); } else { if ($ok_ticket and $user->id != "Anonymous") { if (!empty($DBInfo->use_safelogin)) { $mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10)); $mypass = substr($mypass, 0, 8); $options['password'] = $mypass; $ret = $user->setPasswd(md5($mypass), md5($mypass), 1); } else { $ret = $user->setPasswd($options['password'], $options['passwordagain']); } if (!empty($DBInfo->password_length) and strlen($options['password']) < $DBInfo->password_length) { $ret = 0; } if ($ret <= 0) { if ($ret == 0) { $title = _("too short password!"); } else { if ($ret == -1) { $title = _("mismatch password!"); } else { if ($ret == -2) { $title = _("not acceptable character found in the password!"); } } } } else { if ($ret < 8 and empty($DBInfo->use_safelogin)) { $options['msg'] = _("Your password is too simple to use as a password !"); } $udb = $DBInfo->udb; if ($options['email']) { if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) { if (($ret = verify_email($options['email'])) < 0) { $options['email'] = ''; // reset email address $ret = -$ret; $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret; $options['msg'] .= '<br/>' . _("Can't verify E-mail address! Please check your email address."); } } else { $options['msg'] .= '<br/>' . _("Your email address is not valid"); } } if ($udb->isNotUser($user)) { if (!empty($DBInfo->no_register)) { $options['msg'] = _("Fail to register"); $options['err'] = _("You are not allowed to register on this wiki"); $options['err'] .= "\n" . _("Please contact WikiMasters"); do_invalid($formatter, $options); return; } $title = sprintf(_("Successfully added as '%s'"), _html_escape($user->id)); $options['id'] = $user->id; $ticket = md5(time() . $user->id . $options['email']); $user->info['eticket'] = $ticket . "." . $options['email']; if (!empty($DBInfo->use_safelogin)) { $options['msg'] = sprintf(_("Successfully added as '%s'"), $user->id); $options['msg'] .= '<br />' . _("Please check your mailbox"); } $args = array(); if ($options['email'] == $id or !empty($DBInfo->register_confirm_email)) { $args = array('suspended' => 1); } if (!empty($DBInfo->register_confirm_admin)) { $args = array('suspended' => 1); } if (!empty($DBInfo->register_confirm_admin)) { if (!empty($options['msg'])) { $options['msg'] .= '<br />'; } $options['msg'] .= _("Your need to wait until your ID activated by admin"); } // save join agreement if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) { $user->info['join_agreement'] = 'agree'; if (!empty($DBInfo->agreement_version)) { $user->info['join_agreement_version'] = $DBInfo->agreement_version; } } if (empty($DBInfo->use_safelogin) && empty($args['suspended'])) { $formatter->header($user->setCookie()); } $ret = $udb->addUser($user, $args); # XXX if (!empty($options['email']) and preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) { $options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation"); $body = ''; if (!empty($DBInfo->email_register_header) and file_exists($DBInfo->email_register_header)) { $body = file_get_contents($DBInfo->email_register_header); $body = str_replace(array('@sitename@'), array($DBInfo->sitename), $body); } $body .= _("Please confirm your email address") . "\n\n"; $body .= qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}")); $body .= "\n"; if (!empty($DBInfo->use_safelogin)) { $body .= "\n" . sprintf(_("Your initial password is %s"), $mypass) . "\n\n"; $body .= _("Please change your password later") . "\n"; } $ret = wiki_sendmail($body, $options); if (is_array($ret)) { $options['msg'] .= $ret['msg']; } else { $options['msg'] .= '<br/>' . _("Confirmation E-mail sent"); } } } else { # already exist user $user = $udb->getUser($user->id); if ($user->checkPasswd($options['password']) === true) { $options['msg'] .= sprintf(_("Successfully login as '%s'"), $id); $options['id'] = $user->id; $formatter->header($user->setCookie()); $udb->saveUser($user); # XXX } else { $title = _("Invalid password !"); } } } } else { if (empty($title)) { $title = _("Invalid username !"); } } } } else { if ($user->id != "Anonymous") { # save profile $udb =& $DBInfo->udb; $userinfo = $udb->getUser($user->id); if (!empty($options['password']) and !empty($options['passwordagain'])) { $chall = 0; if (!empty($DBInfo->use_safelogin)) { if (isset($options['_chall'])) { $chall = $options['challenge']; } else { $chall = rand(100000); $options['password'] = hmac($chall, $options['password']); } } //echo 'chall=',$chall,' ',$options['password']; if ($userinfo->checkPasswd($options['password'], $chall) === true) { if ($DBInfo->use_safelogin) { $mypass = md5($options['passwordagain']); // XXX $ret = $userinfo->setPasswd($mypass, $mypass, 1); } else { $ret = $userinfo->setPasswd($options['passwordagain']); } if ($ret <= 0) { if ($ret == 0) { $title = _("too short password!"); } else { if ($ret == -1) { $title = _("mismatch password !"); } else { if ($ret == -2) { $title = _("not acceptable character found in the password!"); } } } $options['msg'] = _("Password is not changed !"); } else { $title = _("Password is changed !"); if ($ret < 8) { $options['msg'] = _("Password is too simple to use as a password !"); } } } else { $title = _("Invalid password !"); $options['msg'] = _("Password is not changed !"); } } if (isset($options['user_css'])) { $userinfo->info['css_url'] = $options['user_css']; } if (isset($options['timezone'])) { list($hour, $min) = explode(':', $options['timezone']); $min = $min * 60; $min = $hour < 0 ? -1 * $min : $min; $tz_offset = $hour * 3600 + $min; $userinfo->info['tz_offset'] = $tz_offset; } if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) { $userinfo->info['join_agreement'] = 'agree'; if (!empty($DBInfo->agreement_version)) { $userinfo->info['join_agreement_version'] = $DBInfo->agreement_version; } } $button_check_email_again = !empty($options['button_check_email_again']) ? 1 : 0; if ($button_check_email_again and !empty($userinfo->info['eticket'])) { list($dummy, $email) = explode('.', $userinfo->info['eticket'], 2); if (!empty($email)) { $options['email'] = $email; } } if (!empty($options['email']) and $options['email'] != $userinfo->info['email']) { if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) { if (($ret = verify_email($options['email'])) < 0) { $ret = -$ret; $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret; $options['msg'] .= '<br />' . _("Invalid email address or can't verify it."); } else { $ticket = md5(time() . $userinfo->info['id'] . $options['email']); $userinfo->info['eticket'] = $ticket . "." . $options['email']; $options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation"); $body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}")); $body = _("Please confirm your email address") . "\n" . $body; $ret = wiki_sendmail($body, $options); if (is_array($ret)) { $options['msg'] = $ret['msg']; } else { $options['msg'] = _("E-mail confirmation mail sent"); } } } else { $options['msg'] = _("Your email address is not valid"); } } if (!empty($userinfo->info['idtype']) and $userinfo->info['idtype'] == 'openid' and isset($options['nick']) and $options['nick'] != $userinfo->info['nick']) { $nick = $userinfo->getID($options['nick']); // nickname check XXX if (!$udb->_exists($nick)) { $userinfo->info['nick'] = $nick; } else { $options['msg'] = _("Your Nickname already used as ID in this wiki"); } } $udb->saveUser($userinfo); #$options['css_url']=$options['user_css']; if (!isset($options['msg'])) { $options['msg'] = _("Profiles are saved successfully !"); } } else { if ($user->id == "Anonymous" and isset($options['openid_url'])) { # login with openid include_once 'lib/openid.php'; session_start(); $process_url = qualifiedUrl($formatter->link_url("UserPreferences", "?action=userform")); $trust_root = qualifiedUrl($formatter->link_url("")); $openid = new SimpleOpenID(); $openid->SetIdentity($options['openid_url']); $openid->SetTrustRoot($trust_root); $openid->SetRequiredFields(array('nickname', 'email', 'fullname')); $openid->SetOptionalFields(array('language', 'timezone')); if ($openid->GetOpenIDServer()) { $openid->SetApprovedURL($process_url); // Send Response from OpenID server to this script $openid->Redirect(); // This will redirect user to OpenID Server return; } else { $error = $openid->GetError(); #echo "ERROR CODE: " . $error['code'] . "<br>"; #echo "ERROR DESCRIPTION: " . $error['description'] . "<br>"; $options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']); } } else { if (!empty($options['openid_mode']) and $options['openid_mode'] == 'id_res') { // OpenID result include_once 'lib/openid.php'; if (!preg_match('/utf-?8/i', $DBInfo->charset)) { $options['openid_sreg_nickname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_nickname']); $options['openid_sreg_fullname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_fullname']); } $openid = new SimpleOpenID(); $openid->SetIdentity($options['openid_identity']); $openid_validation_result = $openid->ValidateWithServer(); if ($openid_validation_result == true) { // OK HERE KEY IS VALID $userdb =& $DBInfo->udb; // XXX $user->setID($options['openid_identity']); // XXX if (!empty($options['openid_language'])) { $user->info['language'] = strtolower($options['openid_sreg_language']); } //$user->info['tz_offset']=$options['openid_timezone']; if ($userdb->_exists($options['openid_identity'])) { $user = $userdb->getUser($options['openid_identity']); $user->info['idtype'] = 'openid'; $options['msg'] .= sprintf(_("Successfully login as '%s' via OpenID."), $options['openid_identity']); $formatter->header($user->setCookie()); $userdb->saveUser($user); // always save } else { if (!empty($DBInfo->no_register) and $DBInfo->no_register == 1) { $options['msg'] = _("Fail to register"); $options['err'] = _("You are not allowed to register on this wiki"); $options['err'] .= "\n" . _("Please contact WikiMasters"); do_invalid($formatter, $options); return; } if ($options['openid_sreg_nickname']) { $nick = $user->getID($options['openid_sreg_nickname']); if (!$userdb->_exists($nick)) { $user->info['nick'] = $nick; } else { $options['msg'] = sprintf(_("Your Nickname %s already used as ID in this Wiki."), $nick); } } $user->info['email'] = $options['openid_sreg_email']; $user->info['idtype'] = 'openid'; $userdb->addUser($user); $formatter->header($user->setCookie()); $userdb->saveUser($user); $options["msg"] .= sprintf(_("OpenID Authentication successful and saved as %s."), $options['openid_identity']); } $options['id'] = $user->id; } else { if ($openid->IsError() == true) { // ON THE WAY, WE GOT SOME ERROR $error = $openid->GetError(); $options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']); } else { // Signature Verification Failed $options["msg"] = _("Invalid OpenID Authentication request"); echo "INVALID AUTHORIZATION"; } } } else { if (!empty($DBInfo->use_agreement) and $options['login'] == _("Make profile")) { $options['agreement'] = 1; $form = macro_UserPreferences($formatter, '', $options); } else { $options["msg"] = _("Invalid request"); } } } } } } } } } } } $myrefresh = ''; if (!empty($DBInfo->use_refresh) and !empty($use_refresh)) { $sec = $DBInfo->use_refresh - 1; if (!empty($options['return_url'])) { $lnk = $options['return_url']; } else { $lnk = $formatter->link_url($formatter->page->urlname, '?action=show'); } $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk); } $formatter->send_header($myrefresh, $options); $formatter->send_title($title, "", $options); if (!$title && (empty($DBInfo->control_read) or $DBInfo->security->is_allowed('read', $options))) { $lnk = $formatter->link_to('?action=show'); if (empty($form)) { echo sprintf(_("return to %s"), $lnk); } else { echo $form; } } else { if (!empty($form)) { print $form; } # else $formatter->send_page("Goto UserPreferences"); } $formatter->send_footer("", $options); }
function set_trailer($trailer = "", $pagename, $size = 5) { global $DBInfo; if (empty($trailer)) { $trail = $DBInfo->frontpage; } else { $trail = $trailer; } if (is_numeric($DBInfo->trail) and $DBInfo->trail > 5) { $size = $DBInfo->trail; } if (empty($DBInfo->jstrail)) { $trails = array_diff(explode("\t", trim($trail)), array($pagename)); $sister_save = $this->sister_on; $this->sister_on = 0; $this->trail = ""; $this->forcelink = 1; foreach ($trails as $page) { $this->trail .= $this->word_repl('"' . $page . '"', '', '', 1, 0) . '<span class="separator">' . $DBInfo->arrow . '</span>'; } $this->forcelink = 0; $this->trail .= ' ' . _html_escape($pagename); $this->pagelinks = array(); # reset pagelinks $this->sister_on = $sister_save; if (!in_array($pagename, $trails)) { $trails[] = $pagename; } $idx = count($trails) - $size; if ($idx > 0) { $trails = array_slice($trails, $idx); } $trail = implode("\t", $trails); setcookie('MONI_TRAIL', $trail, time() + 60 * 60 * 24 * 30, get_scriptname()); } else { $pagename = _html_escape($pagename); $url = get_scriptname(); $this->trail = <<<EOF <script type='text/javascript'> (function() { var url_prefix = "{$url}"; var query_prefix = "{$DBInfo->query_prefix}"; var trail_size = {$size}; // get trails from cookie var cookieName = "MONI_TRAIL="; var pos = document.cookie.indexOf(cookieName); var trails = []; if (pos != -1) { var end = document.cookie.indexOf(";", pos + cookieName.length); if (end == -1) end = document.cookie.length; trails = unescape(document.cookie.substring(pos + cookieName.length, end)).split("\\t"); } else { trails[0] = encodeURIComponent("{$DBInfo->frontpage}"); } var span = document.createElement("span"); // render trails var str = []; var ntrails = []; var trail = document.createElement("span"); var idx = trails.length - trail_size; if (idx > 0) trails = trails.splice(idx, trail_size); for (var i = 0, j = 0; i < trails.length; i++) { var url = escape(trails[i]).replace(/\\+/g, "%20"); var txt = decodeURIComponent(escape(trails[i])).replace(/\\+/g, " "); if (txt == "{$pagename}") continue; str[j] = "<a href='" + url_prefix + query_prefix + url + "'>" + txt + "</a>"; ntrails[j] = escape(trails[i]); j++; } str[j] = "{$pagename}"; ntrails[j] = encodeURIComponent("{$pagename}"); document.write(str.join("<span class='separator'>{$DBInfo->arrow}</span>")); // set the trailer again var exp = new Date(); // 30-days expires exp.setTime(exp.getTime() + 30*24*60*60*1000); var cookie = cookieName + ntrails.join("\\t") + "; expires=" + exp.toGMTString() + "; path={$url}"; document.cookie = cookie; })(); </script> EOF; } $this->_vars['trail'] =& $this->trail; }
function do_css($formatter, $options) { global $DBInfo; global $HTTP_COOKIE_VARS; $title = ''; if ($options['clear']) { if ($options['id'] == 'Anonymous') { header("Set-Cookie: MONI_CSS=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=" . get_scriptname()); $options['css_url'] = ""; } else { # save profile $udb =& $DBInfo->udb; $userinfo = $udb->getUser($options['id']); $userinfo->info['css_url'] = ""; $udb->saveUser($userinfo); } if (!empty($options['theme'])) { $theme = $options['theme']; $options['css_url'] = (!empty($DBInfo->themeurl) ? $DBInfo->themeurl : $DBInfo->url_prefix) . "/theme/{$theme}/css/default.css"; } } else { if ($options['save'] && $options['id'] == "Anonymous" && isset($options['user_css'])) { setcookie("MONI_CSS", $options['user_css'], time() + 60 * 60 * 24 * 30, get_scriptname()); # set the fake cookie #$HTTP_COOKIE_VARS['MONI_CSS']=$options['user_css']; $title = "CSS Changed"; $options['css_url'] = $options['user_css']; $msg = _("Back to UserPreferences"); } else { if ($options['save'] && $options[id] != "Anonymous" && isset($options['user_css'])) { # save profile $udb =& $DBInfo->udb; $userinfo = $udb->getUser($options['id']); $userinfo->info['css_url'] = $options['user_css']; $udb->saveUser($userinfo); $options['css_url'] = $options['user_css']; $msg = _("Back to UserPreferences"); } else { $title = ""; $options['css_url'] = $options['user_css']; $want = _("Do you want to apply selected CSS ?"); $btn = _("OK"); $css_url = _html_escape($options['css_url']); $msg = <<<FORM <form method='post'> <input type='hidden' name='action' value='css' /> <input type='hidden' name='user_css' value="{$css_url}" /> {$want} <span class='button'><input type='submit' class='button' name='save' value='{$btn}' /></span> </form> FORM; $formatter->send_header("", $options); $formatter->send_title($title, "", $options); print $msg; $formatter->send_footer("", $options); return; } } } $formatter->send_header("", $options); $formatter->send_title($title, "", $options); $formatter->send_page(_("Back to UserPreferences")); $formatter->send_footer("", $options); }
function do_theme($formatter, $options = array()) { global $DBInfo; if (!empty($DBInfo->theme_css)) { $options['title'] = _("Theme disabled !"); $options['msg'] = _("Please contact WikiMasters"); do_invalid($formatter, $options); return _("Theme disabled !"); } $theme = ''; if (preg_match('/^[a-zA-Z0-9_-]+$/', $options['value'])) { $theme = $options['value']; } else { if (preg_match('/^[a-zA-Z0-9_-]+$/', $options['theme'])) { $theme = $options['theme']; } } $themes = macro_Theme($formatter, '', array('call' => 1)); if (!in_array($theme, $themes)) { $title = _("Invalid Theme"); $theme = null; } else { if ($options['id'] == 'Anonymous') { if ($theme == $_COOKIE['MONI_THEME']) { $theme = null; } } else { if ($theme == $DBInfo->user->info['theme']) { $theme = null; } else { if (empty($DBInfo->user->info['theme']) && $theme == $DBInfo->theme) { $theme = null; } } } } if ($options['clear']) { if ($options['id'] == 'Anonymous') { #header("Set-Cookie: MONI_THEME=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=".get_scriptname()); #header("Set-Cookie: MONI_CSS=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=".get_scriptname()); setcookie('MONI_THEME', 'dummy', time() - 60 * 60 * 24 * 30, get_scriptname()); setcookie('MONI_CSS', 'dummy', time() - 60 * 60 * 24 * 30, get_scriptname()); $cleared = 1; //$options['css_url']=''; //$options['theme']=''; } else { # save profile $udb = $DBInfo->udb; $userinfo = $udb->getUser($options['id']); $userinfo->info['theme'] = ""; $userinfo->info['css_url'] = ""; $udb->saveUser($userinfo); } $msg = '<h2>' . _("Theme cleared.") . ' ' . sprintf(_("Goto %s"), $formatter->link_repl("UserPreferences")) . '</h2>'; } else { if (!empty($theme)) { $themedir = $formatter->themedir; if (file_exists($themedir . "/header.php")) { # check $options['css_url'] = $formatter->themeurl . "/css/default.css"; if ($options['save'] and $options['id'] == 'Anonymous') { setcookie("MONI_THEME", $theme, time() + 60 * 60 * 24 * 30, get_scriptname()); setcookie("MONI_CSS", $options['css_url'], time() + 60 * 60 * 24 * 30, get_scriptname()); $title = _("Theme is changed"); $msg = "Goto " . $formatter->link_repl("UserPreferences"); } else { if ($options['save'] and $options['id'] != 'Anonymous') { # save profile $udb = $DBInfo->udb; $userinfo = $udb->getUser($options['id']); $userinfo->info['theme'] = $theme; $userinfo->info['css_url'] = $options['css_url']; $udb->saveUser($userinfo); $msg = "Goto " . $formatter->link_repl("UserPreferences"); } else { $title = ""; $want = _("Do you want to apply this theme ?"); $btn = _("OK"); $msg = <<<FORM <form method='post'> <input type='hidden' name='action' value='theme' /> <input type='hidden' name='theme' value="{$theme}" /> {$want} <input type='submit' name='save' value='{$btn}' /> </form> FORM; } } $formatter->send_header("", $options); $formatter->send_title($title, "", $options); print $msg; $formatter->send_footer("", $options); return; } } else { $title = _("Please select a theme"); } } $formatter->send_header("", $options); $formatter->send_title($title, '', $options); if (empty($msg)) { echo macro_Theme($formatter); } else { echo $msg; } $formatter->send_footer("", $options); return; }
function do_theme($formatter, $options) { global $DBInfo; if ($options['clear']) { if ($options['id'] == 'Anonymous') { #header("Set-Cookie: MONI_THEME=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=".get_scriptname()); #header("Set-Cookie: MONI_CSS=dummy; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=".get_scriptname()); setcookie('MONI_THEME', 'dummy', time() - 60 * 60 * 24 * 30, get_scriptname()); setcookie('MONI_CSS', 'dummy', time() - 60 * 60 * 24 * 30, get_scriptname()); $cleared = 1; //$options['css_url']=''; //$options['theme']=''; } else { # save profile $udb = $DBInfo->udb; $userinfo = $udb->getUser($options['id']); $userinfo->info['theme'] = ""; $userinfo->info['css_url'] = ""; $udb->saveUser($userinfo); } $msg = "== " . _("Theme cleared. Goto UserPreferences.") . " =="; } else { if ($options['theme']) { $themedir = $formatter->themedir; if (file_exists($themedir . "/header.php")) { # check $options['css_url'] = $formatter->themeurl . "/css/default.css"; if ($options['save'] and $options['id'] == 'Anonymous') { setcookie("MONI_THEME", $options['theme'], time() + 60 * 60 * 24 * 30, get_scriptname()); setcookie("MONI_CSS", $options['css_url'], time() + 60 * 60 * 24 * 30, get_scriptname()); $title = _("Theme is changed"); $msg = "Goto " . $formatter->link_repl("UserPreferences"); } else { if ($options['save'] and $options['id'] != 'Anonymous') { # save profile $udb = $DBInfo->udb; $userinfo = $udb->getUser($options['id']); $userinfo->info['theme'] = $options['theme']; $userinfo->info['css_url'] = $options['css_url']; $udb->saveUser($userinfo); $msg = "Goto " . $formatter->link_repl("UserPreferences"); } else { $title = ""; $want = _("Do you want to apply this theme ?"); $btn = _("OK"); $msg = <<<FORM <form method='post'> <input type='hidden' name='action' value='theme' /> <input type='hidden' name='theme' value='{$options['theme']}' /> {$want} <input type='submit' name='save' value='{$btn}' /> </form> FORM; } } $formatter->send_header("", $options); $formatter->send_title($title, "", $options); print $msg; $formatter->send_footer("", $options); return; } } else { $msg = "== " . _("Please select a theme properly.") . " =="; } } $formatter->send_header("", $options); $formatter->send_title("", "", $options); $formatter->send_page($msg); $formatter->send_footer("", $options); return; }