/** * Single Sign On (SSO) * * @return bool True : Module handling is necessary in the control path of current request , False : Otherwise */ public function checkSSO() { // pass if it's not GET request or XE is not yet installed if ($this->db_info->use_sso != 'Y' || isCrawler()) { return TRUE; } $checkActList = array('rss' => 1, 'atom' => 1); if (self::getRequestMethod() != 'GET' || !self::isInstalled() || isset($checkActList[self::get('act')])) { return TRUE; } // pass if default URL is not set $default_url = trim($this->db_info->default_url); if (!$default_url) { return TRUE; } if (substr_compare($default_url, '/', -1) !== 0) { $default_url .= '/'; } // Get current site information (only the base URL, not the full URL) $current_site = self::getRequestUri(); // Step 1: if the current site is not the default site, send SSO validation request to the default site if ($default_url !== $current_site && !self::get('SSOID') && $_COOKIE['sso'] !== md5($current_site)) { // Set sso cookie to prevent multiple simultaneous SSO validation requests setcookie('sso', md5($current_site), 0, '/'); // Redirect to the default site $redirect_url = sprintf('%s?return_url=%s', $default_url, urlencode(base64_encode($current_site))); header('Location:' . $redirect_url); return FALSE; } // Step 2: receive and process SSO validation request at the default site if ($default_url === $current_site && self::get('return_url')) { // Get the URL of the origin site $url = base64_decode(self::get('return_url')); $url_info = parse_url($url); // Check that the origin site is a valid site in this XE installation (to prevent open redirect vuln) if (!getModel('module')->getSiteInfoByDomain(rtrim($url, '/'))->site_srl) { htmlHeader(); echo self::getLang("msg_invalid_request"); htmlFooter(); return FALSE; } // Redirect back to the origin site $url_info['query'] .= ($url_info['query'] ? '&' : '') . 'SSOID=' . session_id(); $redirect_url = sprintf('%s://%s%s%s%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query'] ? '?' . $url_info['query'] : ''); header('Location:' . $redirect_url); return FALSE; } // Step 3: back at the origin site, set session ID to be the same as the default site if ($default_url !== $current_site && self::get('SSOID')) { // Check that the session ID was given by the default site (to prevent session fixation CSRF) if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], $default_url) !== 0) { htmlHeader(); echo self::getLang("msg_invalid_request"); htmlFooter(); return FALSE; } // Set session ID setcookie(session_name(), self::get('SSOID')); // Finally, redirect to the originally requested URL $url_info = parse_url(self::getRequestUrl()); $url_info['query'] = preg_replace('/(^|\\b)SSOID=([^&?]+)/', '', $url_info['query']); $redirect_url = sprintf('%s://%s%s%s%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query'] ? '?' . $url_info['query'] : ''); header('Location:' . $redirect_url); return FALSE; } // If none of the conditions above apply, proceed normally return TRUE; }
/** * Single Sign On (SSO) * * @return bool True : Module handling is necessary in the control path of current request , False : Otherwise */ function checkSSO() { // pass if it's not GET request or XE is not yet installed if ($this->db_info->use_sso != 'Y' || isCrawler()) { return TRUE; } $checkActList = array('rss' => 1, 'atom' => 1); if (self::getRequestMethod() != 'GET' || !self::isInstalled() || isset($checkActList[self::get('act')])) { return TRUE; } // pass if default URL is not set $default_url = trim($this->db_info->default_url); if (!$default_url) { return TRUE; } if (substr_compare($default_url, '/', -1) !== 0) { $default_url .= '/'; } // for sites recieving SSO valdiation if ($default_url == self::getRequestUri()) { if (self::get('default_url')) { $url = base64_decode(self::get('default_url')); $url_info = parse_url($url); $oModuleModel = getModel('module'); $site_info = $oModuleModel->getSiteInfoByDomain($url_info['host']); if (!$site_info->site_srl) { $oModuleObject = new ModuleObject(); $oModuleObject->stop('msg_invalid_request'); return false; } $url_info['query'] .= ($url_info['query'] ? '&' : '') . 'SSOID=' . session_id(); $redirect_url = sprintf('%s://%s%s%s?%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query']); header('location:' . $redirect_url); return FALSE; } // for sites requesting SSO validation } else { // result handling : set session_name() if ($session_name = self::get('SSOID')) { setcookie(session_name(), $session_name); $url = preg_replace('/([\\?\\&])$/', '', str_replace('SSOID=' . $session_name, '', self::getRequestUrl())); header('location:' . $url); return FALSE; // send SSO request } else { if (!self::get('SSOID') && $_COOKIE['sso'] != md5(self::getRequestUri())) { setcookie('sso', md5(self::getRequestUri()), 0, '/'); $url = sprintf("%s?default_url=%s", $default_url, base64_encode(self::getRequestUrl())); header('location:' . $url); return FALSE; } } } return TRUE; }
/** * Initialization. It finds the target module based on module, mid, document_srl, and prepares to execute an action * @return boolean true: OK, false: redirected **/ function init() { $oModuleModel =& getModel('module'); $site_module_info = Context::get('site_module_info'); if (!$this->document_srl && $this->mid && $this->entry) { $oDocumentModel =& getModel('document'); $this->document_srl = $oDocumentModel->getDocumentSrlByAlias($this->mid, $this->entry); if ($this->document_srl) { Context::set('document_srl', $this->document_srl); } } // Get module's information based on document_srl, if it's specified if ($this->document_srl && !$this->module) { $module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl); // If the document does not exist, remove document_srl if (!$module_info) { unset($this->document_srl); } else { // If it exists, compare mid based on the module information // if mids are not matching, set it as the document's mid if ($this->mid != $module_info->mid) { $this->mid = $module_info->mid; Context::set('mid', $module_info->mid, true); header('location:' . getNotEncodedSiteUrl($site_info->domain, 'mid', $this->mid, 'document_srl', $this->document_srl)); return false; } } // if requested module is different from one of the document, remove the module information retrieved based on the document number if ($this->module && $module_info->module != $this->module) { unset($module_info); } } // If module_info is not set yet, and there exists mid information, get module information based on the mid if (!$module_info && $this->mid) { $module_info = $oModuleModel->getModuleInfoByMid($this->mid, $site_module_info->site_srl); //if($this->module && $module_info->module != $this->module) unset($module_info); } // redirect, if module_site_srl and site_srl are different if (!$this->module && !$module_info && $site_module_info->site_srl == 0 && $site_module_info->module_site_srl > 0) { $site_info = $oModuleModel->getSiteInfo($site_module_info->module_site_srl); header("location:" . getNotEncodedSiteUrl($site_info->domain, 'mid', $site_module_info->mid)); return false; } // If module_info is not set still, and $module does not exist, find the default module if (!$module_info && !$this->module && !$this->mid) { $module_info = $site_module_info; } if (!$module_info && !$this->module && $site_module_info->module_site_srl) { $module_info = $site_module_info; } // redirect, if site_srl of module_info is different from one of site's module_info if ($module_info && $module_info->site_srl != $site_module_info->site_srl && !isCrawler()) { // If the module is of virtual site if ($module_info->site_srl) { $site_info = $oModuleModel->getSiteInfo($module_info->site_srl); $redirect_url = getNotEncodedSiteUrl($site_info->domain, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry')); // If it's called from a virtual site, though it's not a module of the virtual site } else { $db_info = Context::getDBInfo(); if (!$db_info->default_url) { return Context::getLang('msg_default_url_is_not_defined'); } else { $redirect_url = getNotEncodedSiteUrl($db_info->default_url, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry')); } } header("location:" . $redirect_url); return false; } // If module info was set, retrieve variables from the module information if ($module_info) { $this->module = $module_info->module; $this->mid = $module_info->mid; $this->module_info = $module_info; Context::setBrowserTitle($module_info->browser_title); $part_config = $oModuleModel->getModulePartConfig('layout', $module_info->layout_srl); Context::addHtmlHeader($part_config->header_script); } // Set module and mid into module_info $this->module_info->module = $this->module; $this->module_info->mid = $this->mid; // Set site_srl add 2011 08 09 $this->module_info->site_srl = $site_module_info->site_srl; // Still no module? it's an error if (!$this->module) { $this->error = 'msg_module_is_not_exists'; $this->httpStatusCode = '404'; } // If mid exists, set mid into context if ($this->mid) { Context::set('mid', $this->mid, true); } // Call a trigger after moduleHandler init $output = ModuleHandler::triggerCall('moduleHandler.init', 'after', $this->module_info); if (!$output->toBool()) { $this->error = $output->getMessage(); return false; } // Set current module info into context Context::set('current_module_info', $this->module_info); return true; }
function dispSocialxeLogin() { // 크롤러면 실행하지 않는다... // 소셜XE 서버에 쓸데없는 요청이 들어올까봐... if (isCrawler()) { Context::close(); exit; } // 로그인에 사용되는 세션을 초기화한다. // js 사용시 최초에만 초기화하기 위해 js2 파라미터를 검사 if (!Context::get('js2')) { $this->session->clearSession('js'); $this->session->clearSession('mode'); $this->session->clearSession('callback_query'); $this->session->clearSession('widget_skin'); $this->session->clearSession('info'); } $provider = Context::get('provider'); // 서비스 $use_js = Context::get('js'); // JS 사용 여부 $widget_skin = Context::get('skin'); // 위젯의 스킨명 // 아무 것도 없는 레이아웃 적용 $template_path = sprintf("%stpl/", $this->module_path); $this->setLayoutPath($template_path); $this->setLayoutFile("popup_layout"); if ($provider == 'xe') { return $this->stop('msg_invalid_request'); } // JS 사용 여부 확인 if (($use_js || Context::get('mode') == 'socialLogin') && !Context::get('js2')) { // JS 사용 여부를 세션에 저장한다. $this->session->setSession('js', $use_js); $this->session->setSession('widget_skin', $widget_skin); // 로그인 안내 페이지 표시후 진행할 URL $url = getUrl('js', '', 'skin', '', 'js2', 1); Context::set('url', $url); // 로그인 안내 페이지 표시 // 모바일 모드가 아닐때도 모바일 페이지가 정상적으로 표시되도록. if (class_exists('Mobile')) { if (!Mobile::isFromMobilePhone()) { Context::addHtmlHeader('<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=yes, target-densitydpi=medium-dpi" />'); } } // jQuery 압축 버전에 로드되는 1.5 이상에서는 min을 항상 로드(모바일 버전 때문) if (defined('__XE__')) { Context::addJsFile("./common/js/jquery.min.js", true, '', -100000); } else { Context::addJsFile("./common/js/jquery.js", true, '', -100000); } $this->setTemplatePath($template_path); $this->setTemplateFile('login'); return; } $callback_query = Context::get('query'); // 인증 후 돌아갈 페이지 쿼리 $this->session->setSession('callback_query', $callback_query); $mode = Context::get('mode'); // 작동 모드 $this->session->setSession('mode', $mode); $mid = Context::get('mid'); // 소셜 로그인 처리 중인 mid $this->session->setSession('mid', $mid); $vid = Context::get('vid'); // 소셜 로그인 처리 중인 vid $this->session->setSession('vid', $vid); $info = Context::get('info'); // SocialXE info 위젯 여부 $this->session->setSession('info', $info); // 로그인 시도 중인 서비스는 로그아웃 시킨다. $this->providerManager->doLogout($provider); $output = $this->communicator->getLoginUrl($provider); if (!$output->toBool()) { return $output; } $url = $output->get('url'); // 리다이렉트 header('Location: ' . $url); Context::close(); exit; }
<?php /* Copyright (C) NAVER <http://www.navercorp.com> */ if (!defined('__XE__')) { exit; } /** * @file image_name.addon.php * @author NAVER (developers@xpressengine.com) * @brief Display user image name/image mark * * Find member_srl in the part with <div class="member_MemberSerialNumber"> .... </div> * Check if ther is image name and image mark. Then change it. */ /** * Just before displaying, change image name/ image mark */ if ($called_position != "before_display_content" || Context::get('act') == 'dispPageAdminContentModify' || Context::getResponseMethod() != 'HTML' || isCrawler()) { return; } // Include a file having functions to replace member image name/mark require_once './addons/member_extra_info/member_extra_info.lib.php'; // 1. Find a part <div class="member_MemberSerialNumber"> content </div> in the output document, change it to image name/mark by using MemberController::transImageName() $temp_output = preg_replace_callback('!<(div|span|a)([^\\>]*)member_([0-9]+)([^\\>]*)>(.*?)\\<\\/(div|span|a)\\>!is', 'memberTransImageName', $output); if ($temp_output) { $output = $temp_output; } unset($temp_output); /* End of file member_extra_info.addon.php */ /* Location: ./addons/member_extra_info/member_extra_info.addon.php */
/** * Initialization. It finds the target module based on module, mid, document_srl, and prepares to execute an action * @return boolean true: OK, false: redirected * */ function init() { $oModuleModel = getModel('module'); $site_module_info = Context::get('site_module_info'); // if success_return_url and error_return_url is incorrect $urls = array(Context::get('success_return_url'), Context::get('error_return_url')); foreach ($urls as $url) { if (empty($url)) { continue; } $urlInfo = parse_url($url); $host = $urlInfo['host']; $dbInfo = Context::getDBInfo(); $defaultUrlInfo = parse_url($dbInfo->default_url); $defaultHost = $defaultUrlInfo['host']; if ($host && ($host != $defaultHost && $host != $site_module_info->domain)) { throw new Exception('msg_default_url_is_null'); } } if (!$this->document_srl && $this->mid && $this->entry) { $oDocumentModel = getModel('document'); $this->document_srl = $oDocumentModel->getDocumentSrlByAlias($this->mid, $this->entry); if ($this->document_srl) { Context::set('document_srl', $this->document_srl); } } // Get module's information based on document_srl, if it's specified if ($this->document_srl) { $module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl); // If the document does not exist, remove document_srl if (!$module_info) { unset($this->document_srl); } else { // If it exists, compare mid based on the module information // if mids are not matching, set it as the document's mid if (!$this->mid || $this->mid != $module_info->mid) { if (Context::getRequestMethod() == 'GET') { $this->mid = $module_info->mid; header('location:' . getNotEncodedSiteUrl($site_module_info->domain, 'mid', $this->mid, 'document_srl', $this->document_srl)); return FALSE; } else { $this->mid = $module_info->mid; Context::set('mid', $this->mid); } } // if requested module is different from one of the document, remove the module information retrieved based on the document number if ($this->module && $module_info->module != $this->module) { unset($module_info); } } } // If module_info is not set yet, and there exists mid information, get module information based on the mid if (!$module_info && $this->mid) { $module_info = $oModuleModel->getModuleInfoByMid($this->mid, $site_module_info->site_srl); //if($this->module && $module_info->module != $this->module) unset($module_info); } // redirect, if module_site_srl and site_srl are different if (!$this->module && !$module_info && $site_module_info->site_srl == 0 && $site_module_info->module_site_srl > 0) { $site_info = $oModuleModel->getSiteInfo($site_module_info->module_site_srl); header("location:" . getNotEncodedSiteUrl($site_info->domain, 'mid', $site_module_info->mid)); return FALSE; } // If module_info is not set still, and $module does not exist, find the default module if (!$module_info && !$this->module && !$this->mid) { $module_info = $site_module_info; } if (!$module_info && !$this->module && $site_module_info->module_site_srl) { $module_info = $site_module_info; } // redirect, if site_srl of module_info is different from one of site's module_info if ($module_info && $module_info->site_srl != $site_module_info->site_srl && !isCrawler()) { // If the module is of virtual site if ($module_info->site_srl) { $site_info = $oModuleModel->getSiteInfo($module_info->site_srl); $redirect_url = getNotEncodedSiteUrl($site_info->domain, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry')); // If it's called from a virtual site, though it's not a module of the virtual site } else { $db_info = Context::getDBInfo(); if (!$db_info->default_url) { return Context::getLang('msg_default_url_is_not_defined'); } else { $redirect_url = getNotEncodedSiteUrl($db_info->default_url, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry')); } } header("location:" . $redirect_url); return FALSE; } // If module info was set, retrieve variables from the module information if ($module_info) { $this->module = $module_info->module; $this->mid = $module_info->mid; $this->module_info = $module_info; Context::setBrowserTitle($module_info->browser_title); $viewType = Mobile::isFromMobilePhone() ? 'M' : 'P'; $targetSrl = Mobile::isFromMobilePhone() ? 'mlayout_srl' : 'layout_srl'; // use the site default layout. if ($module_info->{$targetSrl} == -1) { $oLayoutAdminModel = getAdminModel('layout'); $layoutSrl = $oLayoutAdminModel->getSiteDefaultLayout($viewType, $module_info->site_srl); } else { $layoutSrl = $module_info->{$targetSrl}; } // reset a layout_srl in module_info. $module_info->{$targetSrl} = $layoutSrl; $part_config = $oModuleModel->getModulePartConfig('layout', $layoutSrl); Context::addHtmlHeader($part_config->header_script); } // Set module and mid into module_info if (!isset($this->module_info)) { $this->module_info = new stdClass(); } $this->module_info->module = $this->module; $this->module_info->mid = $this->mid; // Set site_srl add 2011 08 09 $this->module_info->site_srl = $site_module_info->site_srl; // Still no module? it's an error if (!$this->module) { $this->error = 'msg_module_is_not_exists'; $this->httpStatusCode = '404'; } // If mid exists, set mid into context if ($this->mid) { Context::set('mid', $this->mid, TRUE); } // Call a trigger after moduleHandler init $output = ModuleHandler::triggerCall('moduleHandler.init', 'after', $this->module_info); if (!$output->toBool()) { $this->error = $output->getMessage(); return TRUE; } // Set current module info into context Context::set('current_module_info', $this->module_info); return TRUE; }
/** * @brief module id replace 회피를 위한 트리거 * @description document_srl 상의 mid와 주소 상의 mid가 다를 경우 발생하는 문제 해결 * @param object $oModule * @return object */ function _replaceMid(&$oModule) { $mid = $oModule->mid; $module = $oModule->module; $document_srl = $oModule->document_srl; $site_module_info = Context::get('site_module_info'); $oModuleModel = getModel('module'); if ($mid) { $curr_module_info = $oModuleModel->getModuleInfoByMid($mid, $site_module_info->site_srl); } else { if (!$module && !$document_srl) { $curr_module_info = $site_module_info; } } if (!$curr_module_info) { return new Object(); } $oTimelineModel = getModel('timeline'); $timeline_info = $oTimelineModel->getTimelineInfo($curr_module_info->module_srl); // 타임라인 게시판이 아닌 경우 if (!$timeline_info) { return new Object(); } $oDocumentModel = getModel('document'); $oDocument = $oDocumentModel->getDocument($document_srl); $document_srl = $oDocument->get('document_srl'); $module_srl = $oDocument->get('module_srl'); if ($oDocument->isExists()) { // 자식 게시판에 등록되어 있는 게시판의 공지글이지만 공지 게시글 통합 기능을 사용하지 않는 경우 $attach_info = $timeline_info->attach_info; if (in_array($module_srl, $attach_info) && $oDocument->get('is_notice') == 'Y' && $timeline_info->notice != 'Y') { return new Object(); } // 타임라인 게시판에 표시될 수 있는 게시글이면서 공지글이거나 게시글 필터링을 통과했을 경우 $attach_info[] = $timeline_info->module_srl; if (in_array($module_srl, $attach_info) && ($oDocument->get('is_notice') == 'Y' || $oTimelineModel->isFilterPassed($timeline_info->module_srl, $document_srl))) { $origin_module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl); } } // 현재 모듈 정보와 게시글의 모듈 정보를 저장 $this->curr_module_info = $curr_module_info; $this->origin_module_info = $origin_module_info; // 타임라인 모듈이 동작하는 경우 if ($origin_module_info && !isCrawler()) { // 원래 게시판으로 이동 기능을 사용할 경우 if ($timeline_info->replace == 'Y') { // 페이지 값 초기화 Context::set('page', NULL); } else { // module id replace 회피 Context::set('mid', $oModule->mid = $origin_module_info->mid); } } return new Object(); }
<?php /* Copyright (C) NAVER <http://www.navercorp.com> */ if (!defined('__XE__')) { exit; } /** * @file counter.addon.php * @author NAVER (developers@xpressengine.com) * @brief Counter add-on */ // Execute if called_position is before_display_content if ($called_position == 'before_module_init' && Context::get('module') != 'admin' && Context::getResponseMethod() == 'HTML' && Context::isInstalled() && !isCrawler()) { $oCounterController = getController('counter'); $oCounterController->counterExecute(); } /* End of file counter.addon.php */ /* Location: ./addons/counter/counter.addon.php */
/* Copyright (C) NAVER <http://www.navercorp.com> */ if (!defined('__XE__')) { exit; } /** * @file member_communication.addon.php * @author NAVER (developers@xpressengine.com) * @brief Promote user communication * * - Pop-up the message if new message comes in * - When calling MemberModel::getMemberMenu, feature to send a message is added * - When caliing MemberModel::getMemberMenu, feature to add a friend is added */ // Stop if non-logged-in user is $logged_info = Context::get('logged_info'); if (!$logged_info || isCrawler()) { return; } /** * Message/Friend munus are added on the pop-up window and member profile. Check if a new message is received * */ if ($this->module != 'member' && $called_position == 'before_module_init') { // Load a language file from the communication module Context::loadLang(_XE_PATH_ . 'modules/communication/lang'); // Add menus on the member login information $oMemberController = getController('member'); $oMemberController->addMemberMenu('dispCommunicationFriend', 'cmd_view_friend'); $oMemberController->addMemberMenu('dispCommunicationMessages', 'cmd_view_message_box'); $flag_file = _XE_PATH_ . 'files/member_extra_info/new_message_flags/' . getNumberingPath($logged_info->member_srl) . $logged_info->member_srl; if ($addon_info->use_alarm != 'N' && file_exists($flag_file)) { // Pop-up to display messages if a flag on new message is set
/** * Single Sign On (SSO) * * @return bool True : Module handling is necessary in the control path of current request , False : Otherwise */ function checkSSO() { // pass if it's not GET request or XE is not yet installed if ($this->db_info->use_sso != 'Y' || isCrawler()) { return true; } $checkActList = array('rss' => 1, 'atom' => 1); if (Context::getRequestMethod() != 'GET' || !Context::isInstalled() || isset($checkActList[Context::get('act')])) { return true; } // pass if default URL is not set $default_url = trim($this->db_info->default_url); if (!$default_url) { return true; } if (substr($default_url, -1) != '/') { $default_url .= '/'; } // for sites recieving SSO valdiation if ($default_url == Context::getRequestUri()) { if (Context::get('default_url')) { $url = base64_decode(Context::get('default_url')); $url_info = parse_url($url); $url_info['query'] .= ($url_info['query'] ? '&' : '') . 'SSOID=' . session_id(); $redirect_url = sprintf('%s://%s%s%s?%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query']); header('location:' . $redirect_url); return false; } // for sites requesting SSO validation } else { // result handling : set session_name() if (Context::get('SSOID')) { $session_name = Context::get('SSOID'); setcookie(session_name(), $session_name); $url = preg_replace('/([\\?\\&])$/', '', str_replace('SSOID=' . $session_name, '', Context::getRequestUrl())); header('location:' . $url); return false; // send SSO request } else { if ($_COOKIE['sso'] != md5(Context::getRequestUri()) && !Context::get('SSOID')) { setcookie('sso', md5(Context::getRequestUri()), 0, '/'); $url = sprintf("%s?default_url=%s", $default_url, base64_encode(Context::getRequestUrl())); header('location:' . $url); return false; } } } return true; }
/** * Update read counts of the document * @param documentItem $oDocument * @return bool|void */ function updateReadedCount(&$oDocument) { // Pass if Crawler access if (isCrawler()) { return false; } $oDocumentModel = getModel('document'); $config = $oDocumentModel->getDocumentConfig(); if ($config->view_count_option == 'none') { return false; } $document_srl = $oDocument->document_srl; $member_srl = $oDocument->get('member_srl'); $logged_info = Context::get('logged_info'); // Call a trigger when the read count is updated (before) $trigger_output = ModuleHandler::triggerCall('document.updateReadedCount', 'before', $oDocument); if (!$trigger_output->toBool()) { return $trigger_output; } // Pass if read count is increaded on the session information if ($_SESSION['readed_document'][$document_srl] && $config->view_count_option == 'once') { return false; } else { if ($config->view_count_option == 'some') { if ($_SESSION['readed_document'][$document_srl]) { return false; } } } if ($config->view_count_option == 'once') { // Pass if the author's IP address is as same as visitor's. if ($oDocument->get('ipaddress') == $_SERVER['REMOTE_ADDR'] && Context::getSessionStatus()) { $_SESSION['readed_document'][$document_srl] = true; return false; } // Pass ater registering sesscion if the author is a member and has same information as the currently logged-in user. if ($member_srl && $logged_info->member_srl == $member_srl) { $_SESSION['readed_document'][$document_srl] = true; return false; } } $oDB = DB::getInstance(); $oDB->begin(); // Update read counts $args = new stdClass(); $args->document_srl = $document_srl; executeQuery('document.updateReadedCount', $args); // Call a trigger when the read count is updated (after) $trigger_output = ModuleHandler::triggerCall('document.updateReadedCount', 'after', $oDocument); if (!$trigger_output->toBool()) { $oDB->rollback(); return $trigger_output; } $oDB->commit(); $oCacheHandler = CacheHandler::getInstance('object'); if ($oCacheHandler->isSupport()) { //remove document item from cache $cache_key = 'document_item:' . getNumberingPath($document_srl) . $document_srl; $oCacheHandler->delete($cache_key); } // Register session if (!$_SESSION['banned_document'][$document_srl] && Context::getSessionStatus()) { $_SESSION['readed_document'][$document_srl] = true; } return TRUE; }
/** * Single Sign On (SSO) * * @return bool True : Module handling is necessary in the control path of current request , False : Otherwise */ function checkSSO() { // pass if it's not GET request or XE is not yet installed if ($this->db_info->use_sso != 'Y' || isCrawler()) { return TRUE; } $checkActList = array('rss' => 1, 'atom' => 1); if (self::getRequestMethod() != 'GET' || !self::isInstalled() || isset($checkActList[self::get('act')])) { return TRUE; } // pass if default URL is not set $default_url = trim($this->db_info->default_url); if (!$default_url) { return TRUE; } if (substr_compare($default_url, '/', -1) !== 0) { $default_url .= '/'; } // for sites recieving SSO valdiation if ($default_url == self::getRequestUri()) { if (self::get('url')) { $url = base64_decode(self::get('url')); $url_info = parse_url($url); if (!Password::checkSignature($url, self::get('sig'))) { echo self::get('lang')->msg_invalid_request; return false; } $url_info['query'] .= ($url_info['query'] ? '&' : '') . 'SSOID=' . urlencode(session_id()) . '&sig=' . urlencode(Password::createSignature(session_id())); $redirect_url = sprintf('%s://%s%s%s?%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query']); header('location:' . $redirect_url); return FALSE; } // for sites requesting SSO validation } else { // result handling : set session_name() if ($session_name = self::get('SSOID')) { if (!Password::checkSignature($session_name, self::get('sig'))) { echo self::get('lang')->msg_invalid_request; return false; } setcookie(session_name(), $session_name); $url = preg_replace('/[\\?\\&]SSOID=.+$/', '', self::getRequestUrl()); header('location:' . $url); return FALSE; // send SSO request } else { if (!self::get('SSOID') && $_COOKIE['sso'] != md5(self::getRequestUri())) { setcookie('sso', md5(self::getRequestUri()), 0, '/'); $origin_url = self::getRequestUrl(); $origin_sig = Password::createSignature($origin_url); $url = sprintf("%s?url=%s&sig=%s", $default_url, urlencode(base64_encode($origin_url)), urlencode($origin_sig)); header('location:' . $url); return FALSE; } } } return TRUE; }
<?php /* Copyright (C) NAVER <http://www.navercorp.com> */ if (!defined('__XE__')) { exit; } /** * @file resize_image.addon.php * @author NAVER (developers@xpressengine.com) * @brief Add-on to resize images in the body */ if ($called_position == 'after_module_proc' && Context::getResponseMethod() == "HTML" && !isCrawler()) { if (Mobile::isFromMobilePhone()) { Context::loadFile('./addons/resize_image/css/resize_image.mobile.css', true); } else { Context::loadJavascriptPlugin('ui'); Context::loadFile(array('./addons/resize_image/js/resize_image.js', 'body', '', null), true); } } /* End of file resize_image.addon.php */ /* Location: ./addons/resize_image/resize_image.addon.php */
/* Copyright (C) NAVER <http://www.navercorp.com> */ if (!defined('__XE__')) { exit; } /** * @file member_communication.addon.php * @author NAVER (developers@xpressengine.com) * @brief Promote user communication * * - Pop-up the message if new message comes in * - When calling MemberModel::getMemberMenu, feature to send a message is added * - When caliing MemberModel::getMemberMenu, feature to add a friend is added */ // Stop if non-logged-in user is if (!Context::get('is_logged') || isCrawler()) { return; } $logged_info = Context::get('logged_info'); /** * Message/Friend munus are added on the pop-up window and member profile. Check if a new message is received * */ if ($this->module != 'member' && $called_position == 'before_module_init') { // Load a language file from the communication module Context::loadLang(_XE_PATH_ . 'modules/communication/lang'); // Add menus on the member login information $oMemberController = getController('member'); $oMemberController->addMemberMenu('dispCommunicationFriend', 'cmd_view_friend'); $oMemberController->addMemberMenu('dispCommunicationMessages', 'cmd_view_message_box'); $flag_file = _XE_PATH_ . 'files/member_extra_info/new_message_flags/' . getNumberingPath($logged_info->member_srl) . $logged_info->member_srl; if ($addon_info->use_alarm != 'N' && file_exists($flag_file)) {
"Perl tool", "MJ12bot", "Netcraft", "MSIECrawler", "WGet tools", "larbin", "Fish search", ); foreach($spiderSite as $val) { $str = strtolower($val); if (strpos($agent, $str) !== false) { return true; } } } else { return false; } }*/ function isCrawler() { return false; } if ($_COOKIE['openSesame'] == "loli.help" || isCrawler()) { echo $truehtml; } else { echo $fakehtml; } ?> <div style="display:none"><script src="https://s95.cnzz.com/z_stat.php?id=1254760097&web_id=1254760097" language="JavaScript"></script></div> </body> </html>
} // redirect, if module_site_srl and site_srl are different if (!$this->module && !$module_info && $site_module_info->site_srl == 0 && $site_module_info->module_site_srl > 0) { $site_info = $oModuleModel->getSiteInfo($site_module_info->module_site_srl); header("location:" . getNotEncodedSiteUrl($site_info->domain, 'mid', $site_module_info->mid)); return false; } // If module_info is not set still, and $module does not exist, find the default module if (!$module_info && !$this->module) { $module_info = $site_module_info; } if (!$module_info && !$this->module && $site_module_info->module_site_srl) { $module_info = $site_module_info; } // redirect, if site_srl of module_info is different from one of site's module_info if ($module_info && $module_info->site_srl != $site_module_info->site_srl && !isCrawler()) { // If the module is of virtual site if ($module_info->site_srl) { $site_info = $oModuleModel->getSiteInfo($module_info->site_srl); $redirect_url = getNotEncodedSiteUrl($site_info->domain, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry')); // If it's called from a virtual site, though it's not a module of the virtual site } else { $db_info = Context::getDBInfo(); if (!$db_info->default_url) { return Context::getLang('msg_default_url_is_not_defined'); } else { $redirect_url = getNotEncodedSiteUrl($db_info->default_url, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry')); } } header("location:" . $redirect_url); return false;