function __construct($pagepath = null)
{
$this->P = person_if_signed_on();
// "pwb_" prefix means passwordbox
$this->action = get_http_var('pwb_action');
$this->pw1 = get_http_var('pw1', null);
$this->pw2 = get_http_var('pw2', null);
$this->err = null;
$this->info = null;
if (is_null($pagepath)) {
// no specific page - use the _current_ one.
$foo = crack_url($_SERVER['REQUEST_URI']);
$this->pagepath = $foo['path'];
} else {
// use the one supplied.
$this->pagepath = $pagepath;
}
if (is_null($this->P)) {
return;
}
if ($this->action == 'set_password') {
if (is_null($this->pw1) || is_null($this->pw2)) {
$this->err = "Please type your new password twice";
} elseif (strlen($this->pw1) < 5 || strlen($this->pw2) < 5) {
$this->err = "Your password must be at least 5 characters long";
} elseif ($this->pw1 != $this->pw2) {
$this->err = "Please type the same password twice";
} else {
// all looks good. do it.
$this->P->password($this->pw1);
db_commit();
$this->info = 'Password changed';
}
}
}
function page_header($title, $params = array())
{
header('Content-Type: text/html; charset=utf-8');
if (arr_get('pingbacks', $params, FALSE)) {
$pingback_url = OPTION_BASE_URL . "/pingback";
header("X-Pingback: {$pingback_url}");
}
if ($title) {
$title .= ' - ' . OPTION_WEB_DOMAIN;
} else {
$title = OPTION_WEB_DOMAIN;
}
$P = person_if_signed_on(true);
/* Don't renew any login cookie. */
$datestring = date('l d.m.Y');
$mnpage = array_key_exists('menupage', $params) ? $params['menupage'] : '';
$rss_feeds = array();
if (array_key_exists('rss', $params)) {
$rss_feeds = $params['rss'];
}
$canonical_url = null;
if (array_key_exists('canonical_url', $params)) {
$canonical_url = $params['canonical_url'];
}
$js_files = array("/jl.js");
if (array_key_exists('js_extra', $params)) {
$js_files = array_merge($js_files, $params['js_extra']);
}
$head_extra = '';
if (array_key_exists('head_extra', $params)) {
$head_extra .= $params['head_extra'];
}
if (array_key_exists('head_extra_fn', $params)) {
ob_start();
call_user_func($params['head_extra_fn']);
$head_extra .= ob_get_contents();
ob_end_clean();
}
$logged_in_user = null;
$can_edit_profile = FALSE;
if ($P) {
if ($P->name_or_blank()) {
$logged_in_user = $P->name;
} else {
$logged_in_user = $P->email;
}
if (db_getOne("SELECT * FROM person_permission WHERE person_id=? AND permission='edit'", $P->id())) {
$can_edit_profile = TRUE;
}
}
$search = array('q' => '', 'type' => 'journo');
if (array_key_exists('search_params', $params)) {
$search = $params['search_params'];
}
include "../templates/header.tpl.php";
}
function admCheckAccess()
{
$P = person_if_signed_on();
if (!is_null($P)) {
// check for admin permission
$perm = db_getOne("SELECT id FROM person_permission WHERE permission='admin' AND person_id=?", $P->id());
if (!is_null($perm)) {
return TRUE;
}
}
return FALSE;
}
function __construct()
{
$ref = get_http_var('ref');
$this->journo = db_getRow("SELECT * FROM journo WHERE ref=?", $ref);
$r = array('reason_web' => "Edit Journalisted profile for {$this->journo['prettyname']}", 'reason_email' => "Edit Journalisted profile for {$this->journo['prettyname']}", 'reason_email_subject' => "Edit {$this->journo['prettyname']} on Journalisted");
if (get_http_var('ajax')) {
$this->P = person_if_signed_on();
} else {
// if not ajax, it's ok to redirect to login screen
$this->P = person_signon($r);
}
}
function view()
{
$P = person_if_signed_on();
if (is_null($P)) {
// only for logged-in users
header("Location: /");
return;
}
/* they might have multiple profiles, thus option to specify one here */
$ref = strtolower(get_http_var('ref'));
$journo = NULL;
if ($ref) {
$journo = db_getRow("SELECT * FROM journo WHERE ref=?", $ref);
if (!$journo) {
header("HTTP/1.0 404 Not Found");
return;
}
}
if (is_null($journo)) {
// no journo given - if person is logged on, see if they are associated with a journo (or journos)
$editables = db_getAll("SELECT j.* FROM ( journo j INNER JOIN person_permission p ON p.journo_id=j.id) WHERE p.person_id=? AND p.permission='edit'", $P->id());
if (sizeof($editables) == 0) {
header("Location: /");
return;
} elseif (sizeof($editables) > 1) {
/* let user pick which one... */
tmpl_pickjourno($editables);
return;
} else {
// sizeof($editables) == 1
$journo = $editables[0];
// just one journo.
}
}
// is this person allowed to edit this journo?
if (!db_getOne("SELECT id FROM person_permission WHERE person_id=? AND journo_id=? AND permission='edit'", $P->id(), $journo['id'])) {
// nope
$journo = null;
}
if (!is_null($journo)) {
header("Location: /{$journo['ref']}");
} else {
header("Location: /f**k");
}
}
function EmitChangePasswordBox()
{
global $q_UpdateDetails, $q_pw1, $q_pw2;
$P = person_if_signed_on();
if (!$P) {
return;
}
importparams(array('pw1', '/[^\\s]+/', '', null), array('pw2', '/[^\\s]+/', '', null), array('UpdateDetails', '/^.+$/', '', false));
$has_password = $P->has_password();
?>
<div class="box">
<div class="head">
<h3><?php
echo $has_password ? _('Change your password') : _('Set a password');
?>
</h3>
</div>
<div class="body">
<?php
if (!$q_UpdateDetails && !$has_password) {
?>
<p>Setting up a password means you won't have to confirm your
email address every time you want to manage your journalist list.</p>
<?php
}
?>
<form name="setpassword" action="/alert" method="post">
<input type="hidden" name="UpdateDetails" value="1">
<?php
$error = null;
if ($q_UpdateDetails) {
if (is_null($q_pw1) || is_null($q_pw2)) {
$error = _("Please type your new password twice");
} elseif (strlen($q_pw1) < 5 || strlen($q_pw2) < 5) {
$error = _('Your password must be at least 5 characters long');
} elseif ($q_pw1 != $q_pw2) {
$error = _("Please type the same password twice");
} else {
$P->password($q_pw1);
db_commit();
print '<p class="infomessage">' . ($has_password ? _('Password successfully updated') : _('Password successfully set')) . '</p>';
$has_password = true;
}
}
if (!is_null($error)) {
print "<p class=\"errhint\">{$error}</p>";
}
?>
<div class="field">
<label for="pw1">New password</label>
<input type="password" name="pw1" id="pw1" size="15" />
</div>
<div class="field">
<label for="pw2">and again...</label>
<input type="password" name="pw2" id="pw2" size="15" />
</div>
<input name="submit" type="submit" value="<?php
echo _('Submit');
?>
">
</form>
</div>
<div class="foot"></div>
</div>
<?php
}
function RedirectToOriginalDest($stash)
{
if (!is_null($stash)) {
/* just pass them through to the page they actually wanted. */
stash_redirect($stash);
/* NOTREACHED */
} else {
$P = person_if_signed_on();
if ($P) {
$editables = db_getAll("SELECT j.* FROM ( journo j INNER JOIN person_permission p ON p.journo_id=j.id) WHERE p.person_id=? AND p.permission='edit'", $P->id());
if (sizeof($editables) >= 1) {
header("Location: /" . $editables[0]['ref']);
exit;
}
}
header("Location: /account");
exit;
}
}
function person_already_signed_on($email, $name, $person_if_signed_on_function = null)
{
if (!is_null($email) && !validate_email($email)) {
err("'{$email}' is not a valid email address");
}
if ($person_if_signed_on_function) {
$P = $person_if_signed_on_function();
} else {
$P = person_if_signed_on();
}
if (!is_null($P) && (is_null($email) || strtolower($P->email()) == strtolower($email))) {
if (!is_null($name) && !$P->matches_name($name)) {
$P->name($name);
}
return $P;
}
return null;
}
<?php
/*
* logout.php:
* Log user out.
*
* Copyright (c) 2005 UK Citizens Online Democracy. All rights reserved.
* Email: chris@mysociety.org; WWW: http://www.mysociety.org/
*
* $Id: logout.php,v 1.1 2005/07/15 23:20:52 matthew Exp $
*
*/
require_once '../phplib/page.php';
require_once '../../phplib/person.php';
if (person_if_signed_on(true)) {
person_signoff();
header("Location: /logout");
exit;
}
page_header(_('Logged out'));
?>
<div class="main">
<div class="head"></div>
<div class="body">
<p>You are now logged out.</p>
<p>Thanks for using the site!</p>
<a href="/">Home page</a>
</div>
<div class="foot"></div>
</div> <!-- end main -->
//phpinfo();
require_once '../conf/general';
require_once '../phplib/page.php';
require_once '../phplib/xap.php';
//require_once '../phplib/misc.php';
//require_once '../phplib/gatso.php';
//require_once '../phplib/cache.php';
require_once '../../phplib/db.php';
require_once '../../phplib/utility.php';
require_once '../../phplib/person.php';
/* get journo identifier (eg 'fred-bloggs') */
$paper_id = get_http_var('id', null);
#page_header( $title, $pageparams );
page_header("Custom Papers");
$P = person_if_signed_on(true);
/* Don't renew any login cookie. */
$paper = null;
if ($paper_id) {
$paper = db_getRow("SELECT * FROM custompaper WHERE id=?", $paper_id);
}
if ($paper) {
emit_paper(&$paper);
?>
<br />
<br />
<a href="/custompaper">back to custom newspaper index</a>
<?php
} else {
emit_public_paper_list();
?>
$journo = db_getRow("SELECT * FROM journo WHERE ref=?", $ref);
if (!$journo) {
spew_404($ref);
exit(1);
}
// is logged in, and with edit rights to this journo?
$can_edit_page = FALSE;
$P = null;
if (get_http_var('login')) {
/* force a login (so we can send edit links out to journos
without explaining that they have to log in before the 'edit'
buttons appear) */
$r = array('reason_web' => "Edit your journalisted profile", 'reason_email' => "Edit your journalisted profile", 'reason_email_subject' => "Edit your journalisted profile");
$P = person_signon($r);
} else {
$P = person_if_signed_on();
}
if (!is_null($P)) {
if (db_getOne("SELECT id FROM person_permission WHERE person_id=? AND ((journo_id=? AND permission='edit') OR permission='admin')", $P->id(), $journo['id'])) {
$can_edit_page = TRUE;
}
}
// if journo is not active, only allow viewing if logged-in user can edit page
if ($journo['status'] == 'i') {
// activate journo if they've met the requirements
if (journo_checkActivation($journo['id'])) {
$journo['status'] = 'a';
}
}
if ($journo['status'] != 'a' && !$can_edit_page) {
spew_404($ref);
function _register_error()
{
$reason = $this->state;
assert($reason == 'scrape_failed' || $reason == 'journo_mismatch');
$extra = '';
// could be extra context, in json fmt
$art_id = is_null($this->article) ? null : $this->article['id'];
$journo_id = is_null($this->journo) ? null : $this->journo['id'];
$person = person_if_signed_on();
$person_id = is_null($person) ? null : $person->id();
// uh-oh. queue it up for admin attention
db_do("DELETE FROM article_error WHERE url=?", $this->url);
db_do("INSERT INTO article_error (url,reason_code,submitted_by,article_id,expected_journo) VALUES (?,?,?,?,?)", $this->url, $reason, $person_id, $art_id, $journo_id);
db_commit();
}