/** * Encrypt some data using asymmetric encryption and the site's public key. This will return the original data if encryption is disabled. It will add a magic marker to the start of the returned string to show it's been encrypted. * A fatal error will occur if the public key cannot be found, or if encryption fails for whatever reason. * Note that this will blindly re-encrypt data which has already been encrypted. You should check data with is_data_encrypted() first. * * @param string Data to be encrypted * @return string Encrypted data, with magic marker */ function encrypt_data($data) { if (!is_encryption_enabled()) { return $data; } if ($data == '') { return $data; } if (is_data_encrypted($data)) { return $data; } if (!function_exists('openssl_pkey_get_public')) { return $data; } if (!function_exists('openssl_public_encrypt')) { return $data; } /* See http://uk.php.net/manual/en/function.openssl-pkey-get-public.php */ $key = openssl_pkey_get_public('file://' . get_option('encryption_key')); if ($key === false) { attach_message(do_lang_tempcode('ENCRYPTION_KEY_ERROR'), 'warn'); return ''; } $maxlength = 117; $output = ''; while (strlen($data) > 0) { $input = substr($data, 0, $maxlength); $data = substr($data, $maxlength); $encrypted = ''; if (!openssl_public_encrypt($input, $encrypted, $key)) { attach_message(do_lang_tempcode('ENCRYPTION_ERROR'), 'warn'); return ''; } $output .= $encrypted; } return '(Encrypted!)' . base64_encode($output); }
/** * Standard aed_module edit form filler. * * @param ID_TEXT The entry being edited * @return tempcode The edit form */ function fill_in_edit_form($id) { $rows = $GLOBALS['FORUM_DB']->query_select('f_custom_fields', array('*'), array('id' => intval($id))); if (!array_key_exists(0, $rows)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $myrow = $rows[0]; $name = get_translated_text($myrow['cf_name'], $GLOBALS['FORUM_DB']); $description = get_translated_text($myrow['cf_description'], $GLOBALS['FORUM_DB']); $default = $myrow['cf_default']; require_code('encryption'); $encrypted = $myrow['cf_encrypted'] == 1 && is_encryption_enabled(); $public_view = $myrow['cf_public_view'] == 1 && !$encrypted ? 1 : 0; $owner_view = $myrow['cf_owner_view']; $owner_set = $myrow['cf_owner_set']; $type = $myrow['cf_type']; $required = $myrow['cf_required']; $show_in_posts = $myrow['cf_show_in_posts']; $show_in_post_previews = $myrow['cf_show_in_post_previews']; $order = $myrow['cf_order']; $only_group = $myrow['cf_only_group']; if (!array_key_exists('cf_show_on_join_form', $myrow)) { $GLOBALS['FORUM_DB']->add_table_field('f_custom_fields', 'cf_show_on_join_form', 'BINARY', 0); $GLOBALS['FORUM_DB']->query('UPDATE ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_custom_fields SET cf_show_on_join_form=cf_required'); $rows = $GLOBALS['FORUM_DB']->query_select('f_custom_fields', array('*'), array('id' => intval($id))); $myrow = $rows[0]; } $show_on_join_form = $myrow['cf_show_on_join_form']; $fields = $this->get_form_fields($name, $description, $default, $public_view, $owner_view, $owner_set, $encrypted, $type, $required, $show_on_join_form, $show_in_posts, $show_in_post_previews, $order, $only_group, $myrow['cf_locked']); return $fields; }
/** * Gets all a member's custom fields that match certain parameters. * * @param MEMBER The member. * @param ?BINARY That are publicly viewable (NULL: don't care). * @param ?BINARY That are owner viewable (NULL: don't care). * @param ?BINARY That are owner settable (NULL: don't care). * @param ?BINARY That are encrypted (NULL: don't care). * @param ?BINARY That are required (NULL: don't care). * @param ?BINARY That are to be shown in posts (NULL: don't care). * @param ?BINARY That are to be shown in post previews (NULL: don't care). * @param BINARY That start 'ocp_' * @param ?boolean That are to go on the join form (NULL: don't care). * @return array A mapping of field title to a map of details: 'RAW' as the raw field value, 'RENDERED' as the rendered field value. */ function ocf_get_all_custom_fields_match_member($member_id, $public_view = NULL, $owner_view = NULL, $owner_set = NULL, $encrypted = NULL, $required = NULL, $show_in_posts = NULL, $show_in_post_previews = NULL, $special_start = 0, $show_on_join_form = NULL) { $fields_to_show = ocf_get_all_custom_fields_match($GLOBALS['FORUM_DRIVER']->get_members_groups($member_id), $public_view, $owner_view, $owner_set, $required, $show_in_posts, $show_in_post_previews, $special_start, $show_on_join_form); $custom_fields = array(); $member_mappings = ocf_get_custom_field_mappings($member_id); $member_value = mixed(); // Initialise type to mixed $all_cpf_permissions = get_member() == $member_id || $GLOBALS['FORUM_DRIVER']->is_super_admin(get_member()) ? array() : list_to_map('field_id', $GLOBALS['FORUM_DB']->query_select('f_member_cpf_perms', array('*'), array('member_id' => $member_id))); require_code('fields'); foreach ($fields_to_show as $i => $field_to_show) { $member_value = $member_mappings['field_' . strval($field_to_show['id'])]; // Decrypt the value if appropriate if (array_key_exists('cf_encrypted', $field_to_show) && $field_to_show['cf_encrypted'] == 1) { require_code('encryption'); if (is_encryption_enabled() && !is_null(post_param('decrypt', NULL))) { $member_value = decrypt_data($member_value, post_param('decrypt')); } } $ob = get_fields_hook($field_to_show['cf_type']); list(, , $storage_type) = $ob->get_field_value_row_bits($field_to_show); if (strpos($storage_type, '_trans') !== false) { if (is_null($member_value) || $member_value == 0) { $member_value = ''; } else { $member_value = get_translated_tempcode($member_value, $GLOBALS['FORUM_DB']); } // This is meant to be '' for blank, not new ocp_tempcode() if (is_object($member_value) && $member_value->is_empty()) { $member_value = ''; } } // get custom permissions for the current CPF $cpf_permissions = array_key_exists($field_to_show['id'], $all_cpf_permissions) ? $all_cpf_permissions[$field_to_show['id']] : array(); $display_cpf = true; // if there are custom permissions set and we are not showing to all if (array_key_exists(0, $cpf_permissions) && !is_null($public_view)) { $display_cpf = false; // Negative ones if ($cpf_permissions[0]['guest_view'] == 1) { $display_cpf = true; } if (!is_guest()) { if ($cpf_permissions[0]['member_view'] == 1) { $display_cpf = true; } } if (!$display_cpf) { if ($cpf_permissions[0]['friend_view'] == 1) { if (!is_null($GLOBALS['SITE_DB']->query_value_null_ok('chat_buddies', 'member_liked', array('member_likes' => $member_id, 'member_liked' => get_member())))) { $display_cpf = true; } } if (!is_guest()) { if ($cpf_permissions[0]['group_view'] == 'all') { $display_cpf = true; } else { if (strlen($cpf_permissions[0]['group_view']) > 0) { require_code('ocfiltering'); $groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(false, false, false, NULL, $member_id); $groups_to_search = array(); foreach (array_keys($groups) as $group_id) { $groups_to_search[$group_id] = NULL; } $matched_groups = ocfilter_to_idlist_using_memory($cpf_permissions[0]['group_view'], $groups_to_search); if (count($matched_groups) > 0) { $display_cpf = true; } } } } } } if ($display_cpf) { $rendered_value = $ob->render_field_value($field_to_show, $member_value, $i, NULL); $custom_fields[$field_to_show['trans_name']] = array('RAW' => $member_value, 'RENDERED' => $rendered_value); } } return $custom_fields; }
/** * Get form fields for adding/editing/finishing a member profile. * * @param boolean Whether we are only handling the essential details of a profile. * @param ?MEMBER The ID of the member we are handling (NULL: new member). * @param ?array A list of usergroups (NULL: default/current usergroups). * @param ?array A map of custom fields values (field-id=>value) (NULL: not known). * @return array A pair: The form fields, Hidden fields (both Tempcode). */ function ocf_get_member_fields_profile($mini_mode = true, $member_id = NULL, $groups = NULL, $custom_fields = NULL) { $fields = new ocp_tempcode(); $hidden = new ocp_tempcode(); if (is_null($groups)) { $groups = is_null($member_id) ? ocf_get_all_default_groups(true) : $GLOBALS['OCF_DRIVER']->get_members_groups($member_id); } $_custom_fields = ocf_get_all_custom_fields_match($groups, $mini_mode || is_null($member_id) || $member_id == get_member() || has_specific_permission(get_member(), 'view_any_profile_field') ? NULL : 1, $mini_mode || is_null($member_id) || $member_id != get_member() ? NULL : 1, $mini_mode || is_null($member_id) || $member_id != get_member() ? NULL : 1, NULL, NULL, NULL, 0, $mini_mode ? true : NULL); $GLOBALS['NO_DEBUG_MODE_FULLSTOP_CHECK'] = true; $field_groups = array(); require_code('fields'); foreach ($_custom_fields as $custom_field) { // if (($custom_field['cf_locked']==0) || (!is_null($member_id))) // { $ob = get_fields_hook($custom_field['cf_type']); list(, , $storage_type) = $ob->get_field_value_row_bits($custom_field); $existing_field = !is_null($custom_fields) && array_key_exists($custom_field['id'], $custom_fields); if ($existing_field) { $value = mixed(); $value = $custom_fields[$custom_field['id']]; if (is_float($value)) { $value = float_to_raw_string($value, 10, true); } elseif (is_integer($value)) { $value = strval($value); } if (strpos($storage_type, '_trans') !== false) { $value = is_null($value) || $value == 0 ? '' : get_translated_text($value, $GLOBALS['FORUM_DB']); } if ($custom_field['cf_encrypted'] == 1 && is_encryption_enabled()) { $value = remove_magic_encryption_marker($value); } } else { $value = $custom_field['cf_default']; } $result = new ocp_tempcode(); $_description = escape_html(get_translated_text($custom_field['cf_description'], $GLOBALS['FORUM_DB'])); $field_cat = ''; $matches = array(); if (strpos($custom_field['trans_name'], ': ') !== false) { $field_cat = substr($custom_field['trans_name'], 0, strpos($custom_field['trans_name'], ': ')); if ($field_cat . ': ' == $custom_field['trans_name']) { $custom_field['trans_name'] = $field_cat; // Just been pulled out as heading, nothing after ": " } else { $custom_field['trans_name'] = substr($custom_field['trans_name'], strpos($custom_field['trans_name'], ': ') + 2); } } elseif (preg_match('#(^\\([A-Z][^\\)]*\\) )|( \\([A-Z][^\\)]*\\)$)#', $custom_field['trans_name'], $matches) != 0) { $field_cat = trim($matches[0], '() '); $custom_field['trans_name'] = str_replace($matches[0], '', $custom_field['trans_name']); } $result = $ob->get_field_inputter($custom_field['trans_name'], $_description, $custom_field, $value, !$existing_field); if (!array_key_exists($field_cat, $field_groups)) { $field_groups[$field_cat] = new ocp_tempcode(); } if (is_array($result)) { $field_groups[$field_cat]->attach($result[0]); $hidden->attach($result[1]); } else { $field_groups[$field_cat]->attach($result); } $hidden->attach(form_input_hidden('label_for__custom_' . strval($custom_field['id']) . '_value', $custom_field['trans_name'])); // } } if (array_key_exists('', $field_groups)) { $field_groups_blank = $field_groups['']; unset($field_groups['']); $field_groups = array_merge(array($field_groups_blank), $field_groups); } foreach ($field_groups as $field_group_title => $extra_fields) { if (is_integer($field_group_title)) { $field_group_title = $field_group_title == 0 ? '' : strval($field_group_title); } if ($field_group_title != '') { $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => $field_group_title))); } $fields->attach($extra_fields); } $GLOBALS['NO_DEBUG_MODE_FULLSTOP_CHECK'] = false; return array($fields, $hidden); }