function event_hook($event, &$bag, &$eventData, $addData = null)
{
global $serendipity;
$hooks =& $bag->get('event_hooks');
$logout_url = $this->get_config('logout_url');
if (isset($hooks[$event])) {
switch ($event) {
case 'frontend_configure':
if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) {
serendipity_login();
} elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) {
serendipity_logout();
header('Status: 302 Found');
if ($logout_url != "") {
header("Location: {$logout_url}");
} else {
header("Location: {$serendipity['baseURL']}{$serendipity['indexFile']}");
}
exit;
}
return true;
break;
default:
return false;
}
} else {
return false;
}
}
header("HTTP/1.0 401 Unauthorized");
header("Status: 401 Unauthorized");
exit;
} else {
if (!isset($serendipity['POST']['user'])) {
$serendipity['POST']['user'] = $_SERVER['PHP_AUTH_USER'];
}
if (!isset($serendipity['POST']['pass'])) {
$serendipity['POST']['pass'] = $_SERVER['PHP_AUTH_PW'];
}
}
} elseif (isset($_REQUEST['http_auth_user']) && isset($_REQUEST['http_auth_pw'])) {
$serendipity['POST']['user'] = $_REQUEST['http_auth_user'];
$serendipity['POST']['pass'] = $_REQUEST['http_auth_pw'];
}
serendipity_login(false);
}
if (isset($_SESSION['serendipityAuthorid'])) {
serendipity_load_configuration($_SESSION['serendipityAuthorid']);
$serendipity['lang'] = serendipity_getPostAuthSessionLanguage();
}
// Try to fix some path settings. It seems common users have this setting wrong
// when s9y is installed into the root directory, especially 0.7.1 upgrade users.
if (empty($serendipity['serendipityHTTPPath'])) {
$serendipity['serendipityHTTPPath'] = '/';
}
/* Changing this is NOT recommended, rewrite rules does not take them into account - yet */
serendipity_initPermalinks();
// Apply constants/definitions from custom permalinks
serendipity_permalinkPatterns();
/*
serendipity_plugin_api::hook_event('backend_configure', $serendipity);
}
}
if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') {
serendipity_logout();
header("Location: " . $serendipity['baseURL']);
} else {
if (IS_installed === true) {
/* Check author token to insure session not hijacked */
if (!isset($_SESSION['author_token']) || !isset($serendipity['COOKIE']['author_token']) || $_SESSION['author_token'] !== $serendipity['COOKIE']['author_token']) {
$_SESSION['serendipityAuthedUser'] = false;
serendipity_session_destroy();
}
if (!serendipity_userLoggedIn()) {
// Try again to log in, this time with enabled external authentication event hook
serendipity_login(true);
}
}
}
// If we are inside an iframe, halt the script
if (serendipity_is_iframe() !== false) {
include_once S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php';
// An iframe may NOT contain <html> and </html> tags, that's why we emit different headers here than on serendipity_admin.php
// We need to restore GET/POST variables to that depending plugins inside the iframe
// can still fetch all that variables; and we also tighten security by not allowing
// to pass any different GET/POST variables to our iframe.
$iframe_mode = $serendipity['GET']['iframe_mode'];
$serendipity['POST'] =& $_SESSION['save_entry_POST'];
$serendipity['GET'] =& $_SESSION['save_entry_POST'];
// GET-Vars are the same as POST to ensure compatibility.
$serendipity['hidefooter'] = true;
function event_hook($event, &$bag, &$eventData, $addData = null)
{
global $serendipity;
static $login_url = null;
if ($login_url === null) {
$login_url = $serendipity['baseURL'] . $serendipity['indexFile'] . '?/plugin/loginbox';
}
$hooks =& $bag->get('event_hooks');
if (isset($hooks[$event])) {
switch ($event) {
case 'frontend_saveComment':
if (!isset($serendipity['csuccess'])) {
$serendipity['csuccess'] = 'true';
}
if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn() && $addData['source2'] != 'adduser') {
$eventData = array('allow_comments' => false);
$serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
return false;
}
if (serendipity_db_bool($this->get_config('registered_only')) && !$this->inGroup() && $addData['source2'] != 'adduser') {
$eventData = array('allow_comments' => false);
$serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
return false;
}
if (serendipity_db_bool($this->get_config('true_identities')) && !serendipity_userLoggedIn()) {
$user = str_replace(" b", '', $addData['name']);
$user = serendipity_db_escape_string(preg_replace('@\\s+@', ' ', trim($user)));
$user = trim($user);
$authors = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}authors WHERE realname = '" . $user . "'");
if (is_array($authors) && isset($authors[0]['authorid'])) {
$eventData = array('allow_comments' => false);
$serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_CHECK_REASON, $login_url, 'onclick="javascript:loginbox = window.open(this.href, \'loginbox\', \'width=300,height=300,locationbar=no,menubar=no,personalbar=no,statusbar=yes,status=yes,toolbar=no\'); return false;"');
}
}
break;
case 'external_plugin':
if ($eventData != 'loginbox') {
return true;
}
$out = array();
serendipity_plugin_api::hook_event('backend_login_page', $out);
serendipity_smarty_init();
$serendipity['smarty']->assign(array('loginform_add' => $out, 'loginform_url' => $login_url, 'loginform_user' => $_SESSION['serendipityUser'], 'loginform_mail' => $_SESSION['serendipityEmail'], 'close_window' => defined('LOGIN_ACTION'), 'is_logged_in' => serendipity_userLoggedIn(), 'is_error' => defined('LOGIN_ERROR')));
$filename = 'loginbox.tpl';
$tfile = serendipity_getTemplateFile($filename, 'serendipityPath');
if (!$tfile || $tfile == $filename) {
$tfile = dirname(__FILE__) . '/' . $filename;
}
$inclusion = $serendipity['smarty']->security_settings[INCLUDE_ANY];
$serendipity['smarty']->security_settings[INCLUDE_ANY] = true;
$serendipity['smarty']->display($tfile);
break;
case 'frontend_display':
if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn()) {
$serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_ONLY_REASON, $serendipity['baseURL'] . $serendipity['indexFile'] . '?serendipity[subpage]=adduser', $serendipity['baseURL'] . 'serendipity_admin.php');
$eventData['allow_comments'] = false;
}
break;
case 'frontend_configure':
if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) {
serendipity_login();
if (serendipity_userLoggedIn()) {
define('LOGIN_ACTION', 'login');
header('X-s9y-auth: Login');
} else {
define('LOGIN_ERROR', true);
}
} elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) {
serendipity_logout();
if (!serendipity_userLoggedIn()) {
header('X-s9y-auth: Logout');
define('LOGIN_ACTION', 'logout');
}
}
if ((serendipity_db_bool($this->get_config('registered_only')) || serendipity_db_bool($this->get_config('true_identities'))) && $_SESSION['serendipityAuthedUser']) {
if (defined('IN_serendipity_admin') && $serendipity['GET']['adminAction'] == 'doEdit') {
// void
} else {
$serendipity['COOKIE']['name'] = isset($_SESSION['serendipityRealname']) ? $_SESSION['serendipityRealname'] : $_SESSION['serendipityUser'];
$serendipity['COOKIE']['email'] = $_SESSION['serendipityEmail'];
if ($serendipity['POST']['comment']) {
$serendipity['POST']['name'] = $serendipity['COOKIE']['name'];
$serendipity['POST']['email'] = $serendipity['COOKIE']['email'];
}
}
}
return true;
break;
case 'entry_display':
if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation']) || !empty($this->clean_page)) {
if (is_array($eventData)) {
$eventData['clean_page'] = true;
}
}
break;
case 'entries_header':
if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation'])) {
$this->clean_page = true;
$url = $serendipity['baseURL'] . $serendipity['indexFile'];
$hidden['subpage'] = 'adduser';
$username = substr($serendipity['POST']['adduser_user'], 0, 40);
$password = substr($serendipity['POST']['adduser_pass'], 0, 32);
$email = $serendipity['POST']['adduser_email'];
echo '<div id="adduser_form" style="padding-left: 4px; padding-right: 10px"><a id="adduser"></a>';
// Get the config from the sidebar plugin
$pair_config = array('userlevel' => USERLEVEL_EDITOR, 'no_create' => false, 'right_publish' => false, 'instructions' => $this->get_config('instructions', ''), 'usergroups' => array(), 'straight_insert' => false, 'approve' => false, 'use_captcha' => false);
$config = serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}config WHERE name LIKE 'serendipity_plugin_adduser:%'");
if (is_array($config)) {
foreach ($config as $conf) {
$names = explode('/', $conf['name']);
if ($names[1] == 'instructions' && !empty($pair_config['instructions'])) {
continue;
}
if ($names[1] == 'usergroups') {
$ug = (array) explode(',', $conf['value']);
foreach ($ug as $cid) {
if ($cid === false || empty($cid)) {
continue;
}
$pair_config[$names[1]][$cid] = $cid;
}
} else {
$pair_config[$names[1]] = serendipity_get_bool($conf['value']);
}
}
}
if (!serendipity_common_adduser::adduser($username, $password, $email, $pair_config['userlevel'], $pair_config['usergroups'], $pair_config['no_create'], $pair_config['right_publish'], $pair_config['straight_insert'], $pair_config['approve'], $pair_config['use_captcha'])) {
serendipity_common_adduser::loginform($url, $hidden, $pair_config['instructions'], $username, $password, $email, $pair_config['use_captcha']);
}
echo '</div>';
}
return true;
break;
default:
return false;
}
} else {
return false;
}
}
// No multipart-message, so this is the body:
$body =& $structure->body;
}
if ($params['auth'] == 'mailbody') {
preg_match('@^\\(([^:]*):(.*)\\)@', $body, $matches);
$body = trim(preg_replace('@^\\(' . preg_quote($matches[1]) . ':' . preg_quote($matches[2]) . '\\)@', '', $body));
$serendipity['POST']['user'] = $matches[1];
$serendipity['POST']['pass'] = $matches[2];
} elseif ($params['auth'] == 'mailsubject') {
preg_match('@^\\(([^:]*):(.*)\\)@', $subject, $matches);
$subject = trim(preg_replace('@^\\(' . preg_quote($matches[1]) . ':' . preg_quote($matches[2]) . '\\)@', '', $subject));
$serendipity['POST']['user'] = $matches[1];
$serendipity['POST']['pass'] = $matches[2];
}
$serendipity['POST']['auto'] = 'true';
if (serendipity_userLoggedIn() || function_exists('serendipity_login') && serendipity_login()) {
logger(sprintf(MAIL2S9Y_AUTHENTICATION_GRANTED, $params['auth']));
} else {
logger(sprintf(MAIL2S9Y_AUTHENTICATION_FAILED, $params['auth']));
die(sprintf(MAIL2S9Y_AUTHENTICATION_FAILED, $params['auth']));
mail($from, MAIL2S9Y_POSTING_FAILED, sprintf(MAIL2S9Y_AUTHENTICATION_FAILED, $params['auth']));
}
if (count($writefiles) > 0) {
foreach ($writefiles as $idx => $filearray) {
$fd = fopen($filearray['image'], 'w');
fwrite($fd, $filearray['data']);
fclose($fd);
}
}
logger(sprintf(MAIL2S9Y_MAILINFO, $from, $subject, strlen($body), $images));
if ($post > 0) {
function picasa_pre_upload()
{
global $serendipity;
if (!serendipity_userLoggedIn()) {
if (!serendipity_login()) {
// save off the rss data because it won't be posted again
if ($_POST['rss']) {
$_SESSION['picasa_rss'] = $_POST['rss'];
}
echo "<html>\n";
echo "<head>\n";
echo "<script language=javascript> function sf() { document.getElementById('serendipity[user]').focus(); }</script>\n";
echo "</head>\n";
echo "<body onload='javscript:sf()'>\n";
echo "<form name='f' method='post' action='index.php?/plugin/picasa_pre_upload'>\n";
echo "<h2>" . PLUGIN_EVENT_PICASA_UPLOAD_HEADER . $serendipity['baseURL'] . "</h2>\n";
echo PLUGIN_EVENT_PICASA_UPLOAD_USERNAME . "<br />\n";
echo "<input type='text' name='serendipity[user]' /><br />\n";
echo PLUGIN_EVENT_PICASA_UPLOAD_PASSWORD . "<br />\n";
echo "<input type='password' name='serendipity[pass]' /><br />\n";
echo "<input id='autologin' type='checkbox' name='serendipity[auto]' /><label for='autologin'>" . PLUGIN_EVENT_PICASA_UPLOAD_REMEMBER_LOGIN . "</label><br />\n";
echo "<input type='submit' name='submit' value='" . PLUGIN_EVENT_PICASA_UPLOAD_LOGIN . "' />";
echo "<input type='button' value='" . PLUGIN_EVENT_PICASA_UPLOAD_DISCARD . "' onclick=\"location.href='minibrowser:close'\">\n";
echo "</form>\n";
echo "</body>\n";
echo "</html>\n";
return;
}
}
if (!$_POST['rss']) {
if (!$_SESSION['picasa_rss']) {
echo PLUGIN_EVENT_PICASA_ERR_MISSING_RSS;
return;
} else {
$rss = $_SESSION['picasa_rss'];
}
} else {
$rss = $_POST['rss'];
}
$imgSize = $this->get_config('upload_image_size');
$thumbSize = $serendipity['thumbSize'];
$xh = new xmlHandler();
$nodeNames = array("PHOTO:THUMBNAIL", "PHOTO:IMGSRC", "TITLE", "DESCRIPTION");
$xh->setElementNames($nodeNames);
$xh->setStartTag("ITEM");
$xh->setXmlData($rss);
$pData = $xh->xmlParse();
// save this since we need to access the descriptions during upload
$_SESSION['picasa_rss_parsed'] = $pData;
echo "<html>\n";
echo "<head>\n";
echo "<script language=javascript> function sf() { document.getElementById('albumName').focus(); }</script>\n";
echo "</head>\n";
echo "<body onload='javscript:sf()'>\n";
echo "<form name='f' method='post' action='index.php?/plugin/picasa_upload'>\n";
echo "<h2>" . PLUGIN_EVENT_PICASA_UPLOAD_HEADER . $serendipity['baseURL'] . "</h2>\n";
echo "<div>" . PLUGIN_EVENT_PICASA_UPLOAD_ALBUMNAME . "</div>\n";
echo "<div><input type='text' name='albumName' tabindex='1'></div>\n";
echo "<div>" . PLUGIN_EVENT_PICASA_UPLOAD_DESCRIPTION . "</div>\n";
echo "<div><textarea name='albumDescription' rows='5' cols='50'></textarea></div>\n";
echo "<div>" . PLUGIN_EVENT_PICASA_UPLOAD_PARENTDIR . "</div>\n";
echo "<select name='parentDir' id='parentDir'>\n";
echo "<option value=''>" . PLUGIN_EVENT_PICASA_UPLOAD_PARENTDIR_BASEDIR . "</option>\n";
$picasapath = $this->get_config('picasapath');
$paths = serendipity_traversePath($picasapath);
$prunedPaths = array();
foreach ($paths as $path) {
$name = $path['name'];
$relpath = $path['relpath'];
// check if this is a subdirectory of an already pruned directory
$subdirOfPruned = false;
foreach ($prunedPaths as $prunedPath) {
if (0 == strncmp($prunedPath, $relpath, strlen($prunedPath))) {
$subdirOfPruned = true;
break;
}
}
// don't allow nesting of albums; if the album has any subdirectories, collisions could happen
if (!file_exists($picasapath . '/' . $relpath . '/index.xml')) {
if (!$subdirOfPruned) {
$splitPath = explode('/', $relpath);
$encodedRelpath = htmlentities($relpath, ENT_QUOTES, LANG_CHARSET);
$prefix = str_repeat(' ', count($splitPath));
echo "<option value='{$encodedRelpath}'>{$prefix} {$name}</option>\n";
}
} else {
$prunedPaths[] = $relpath;
}
}
echo "</select>\n";
// Image request queue: add image requests for base image & clickthrough
foreach ($pData as $e) {
// use a thumbnail if you don't want exif (saves space)
// thumbnail requests are clamped at 144 pixels
// (negative values give square-cropped images)
$small = $e['photo:thumbnail'] . "?size={$thumbSize}";
$large = $e['photo:imgsrc'] . "?size={$imgSize}";
echo "<input type='hidden' name='{$large}'>\n";
echo "<input type='hidden' name='{$small}'>\n";
}
echo "<br />\n";
echo "<input type=submit value='" . PLUGIN_EVENT_PICASA_UPLOAD_UPLOAD . "'>\n";
echo "<input type=button value='" . PLUGIN_EVENT_PICASA_UPLOAD_DISCARD . "' onclick=\"location.href='minibrowser:close'\">\n";
echo "</form><br />\n";
// Preview "tray": draw thumbnails of each image that will be uploaded
foreach ($pData as $e) {
$thumb = $e['photo:thumbnail'];
echo "<img src='{$thumb}?size={$thumbSize}'>\n";
}
echo "</body>\n";
echo "</html>\n";
}
