/** display the content of the mailpage linked to node $node_id * * @param object &$theme collects the (html) output * @param int $area_id identifies the area where $node_id lives * @param int $node_id the node to which this module is connected * @param array $module the module record straight from the database * @return bool TRUE on success + output via $theme, FALSE otherwise */ function mailpage_view(&$theme, $area_id, $node_id, $module) { // // 0 -- basic sanity checks // if (($config = mailpage_view_get_config($node_id)) === FALSE) { $theme->add_message(t('error_retrieving_config', 'm_mailpage')); return FALSE; } elseif (sizeof($config['addresses']) <= 0) { logger(sprintf('%s(): no addresses at node %d: is mailpage unconfigured?', __FUNCTION__, $node_id)); $msg = t('error_retrieving_addresses', 'm_mailpage', array('{NODE}' => strval($node_id))); $theme->add_message($msg); $theme->add_content($msg); return FALSE; } // // 1 -- do we have a token already? // $t0 = $t1 = 0; $ip_addr = ''; $data = FALSE; $token_id = FALSE; if (isset($_POST['token'])) { // lookup valid UTF8 key (or fail with substitute U+FFFD instead) $token_key = utf8_validate($_POST['token']) ? magic_unquote($_POST['token']) : "�"; $token_id = token_lookup(MAILPAGE_REFERENCE, $token_key, $t0, $t1, $ip_addr, $data); } // // 2 -- handle cases of expired tokens and Cancel first // $now = time(); if ($token_id !== FALSE && isset($_POST['button_cancel'])) { // visitor pressed [Cancel] $theme->add_message(t('cancelled', 'admin')); token_destroy($token_id); $token_id = FALSE; } if ($token_id !== FALSE && $t1 < $now) { // token expired $theme->add_message(t('error_token_expired', 'm_mailpage')); token_destroy($token_id); $token_id = FALSE; } // // 3 -- handle the three remaining buttons from the two dialogs // if ($token_id !== FALSE) { if (isset($_POST['button_preview'])) { // // 3A -- Preview button // $dialogdef = mailpage_view_get_dialogdef($config, $token_key); if (!mailpage_view_dialog_validate($dialogdef)) { foreach ($dialogdef as $k => $item) { if (isset($item['errors']) && $item['errors'] > 0) { $theme->add_message($item['error_messages']); } } mailpage_show_form($theme, $config, $dialogdef); } else { if (!token_store($token_id, $dialogdef)) { $theme->add_message(t('error_storing_data', 'm_mailpage')); logger(sprintf('%s(): token store error in page %d: %s', __FUNCTION__, $node_id, db_errormessage())); return FALSE; } mailpage_show_preview($theme, $config, $dialogdef, $ip_addr); } } elseif (isset($_POST['button_edit'])) { // // 3B -- Edit button // if ($data === FALSE) { $theme->add_message(t('error_retrieving_data', 'm_mailpage')); logger(sprintf('%s(): no data after token_lookup()? (page=%d)', __FUNCTION__, $node_id)); $data = mailpage_view_get_dialogdef($config, $token_key); } mailpage_show_form($theme, $config, $data); } elseif (isset($_POST['button_send'])) { // // 3C -- Send button // if ($data === FALSE) { $theme->add_message(t('error_retrieving_data', 'm_mailpage')); logger(sprintf('%s(): no data after token_lookup()? (page=%d)', __FUNCTION__, $node_id)); $data = mailpage_view_get_dialogdef($config, $token_key); } if ($now < $t0) { // the window of opportunity is still closed; go back to form a la Edit $msg = t('error_too_fast', 'm_mailpage'); $theme->add_message($msg); $theme->add_popup_top($msg); mailpage_show_form($theme, $config, $data); logger(sprintf('%s(): reply too fast (%ds) from %s', __FUNCTION__, $t0 - $now, $ip_addr)); } elseif (!mailpage_send_message($config, $data, $ip_addr, $now - $t0)) { $theme->add_message(t('error_sending_message')); mailpage_show_form($theme, $config, $data); } else { token_destroy($token_id); mailpage_show_thankyou($theme, $config, $data, $ip_addr); } } else { // // 3D -- catch all: initiate a new round (shouldn't happen) // token_destroy($token_id); $token_id = FALSE; } } // // 4 -- Start with a clean slate // if ($token_id === FALSE) { $token_key = ''; if (($token_id = token_create(MAILPAGE_REFERENCE, $token_key, 20)) === FALSE) { // 20s delay $msg = t('error_creating_token', 'm_mailpage', array('{NODE}' => strval($node_id))); $theme->add_message($msg); $theme->add_content($msg); return FALSE; } $dialogdef = mailpage_view_get_dialogdef($config, $token_key); mailpage_show_form($theme, $config, $dialogdef); } return TRUE; }
/** * Create or update a token's value and expiration * @param integer Token type * @param string Token value * @param integer Token expiration in seconds * @param integer User ID * @return integer Token ID */ function token_set($p_type, $p_value, $p_expiry = TOKEN_EXPIRY, $p_user_id = null) { $t_token = token_get($p_type, $p_user_id); if ($t_token === null) { return token_create($p_type, $p_value, $p_expiry, $p_user_id); } token_update($t_token['id'], $p_value, $p_expiry); return $t_token['id']; }
function admin_delete_directory() { //パラメータ検証 if (!isset($_GET['path']) or !preg_match('/' . PATH_CHARACTER . '/', $_GET['path']) or preg_match('/\\.\\.\\//', $_GET['path'])) { $_GET['path'] = null; } if (!isset($_GET['name']) or !preg_match('/' . PATH_CHARACTER . '/', $_GET['name']) or preg_match('/\\.\\.\\//', $_GET['name'])) { $_GET['name'] = null; } if (isset($_POST['exec']) and $_POST['exec'] == 'delete_directory') { //ワンタイムトークン比較 if (!token_check()) { error('不正なアクセスです。'); } //入力データ検証 if ($_POST['path'] != '' and !preg_match('/' . PATH_CHARACTER . '/', $_POST['path'])) { error('パスは半角英数字で入力してください。'); } elseif (preg_match('/\\.\\.\\//', $_GET['path'])) { error('パスの入力内容が不正です。'); } if ($_POST['name'] == '') { error('ディレクトリ名が入力されていません。'); } elseif (!preg_match('/' . PATH_CHARACTER . '/', $_POST['name'])) { error('ディレクトリ名は半角英数字で入力してください。'); } elseif (preg_match('/\\.\\.\\//', $_GET['name'])) { error('ディレクトリ名の入力内容が不正です。'); } elseif (mb_strlen($_POST['name'], 'UTF-8') > 255) { error('ディレクトリ名は255文字以内で入力してください。'); } //ディレクトリ削除 if (!remove_dir(TARGET_DIR . $_POST['path'] . $_POST['name'])) { error('ディレクトリ ' . TARGET_DIR . $_POST['path'] . $_POST['name'] . ' を削除できません。'); } //リダイレクト header('Location: ' . HTTP_URL . MAIN_FILE . '?exec=' . $_POST['exec'] . '&path=' . str_replace('%2F', '/', urlencode($_POST['path']))); exit; } //ワンタイムトークン作成 $token = token_create(); //データ表示 print_header(CSS_FILE); echo "<div id=\"menu\">\n"; echo "<h2>MCMN Server メニュー</h2>\n"; echo "<ul>\n"; echo "<li><a href=\"" . HTTP_URL . MAIN_FILE . "\">戻る</a></li>\n"; echo "</ul>\n"; echo "</div>\n"; echo "<h2>ディレクトリ削除</h2>\n"; echo "<ul>\n"; echo "<li>ディレクトリ <code>" . TARGET_DIR . $_GET['path'] . $_GET['name'] . "</code> を削除します。</li>\n"; echo "</ul>\n"; echo "<form action=\"" . HTTP_URL . MAIN_FILE . "?mode=delete_directory&path=" . urlencode($_GET['path']) . "&name=" . urlencode($_GET['name']) . "\" method=\"post\">\n"; echo "<fieldset>\n"; echo "<legend>ディレクトリ削除フォーム</legend>\n"; echo "<input type=\"hidden\" name=\"token\" value=\"" . $token . "\" />\n"; echo "<input type=\"hidden\" name=\"exec\" value=\"delete_directory\" />\n"; echo "<input type=\"hidden\" name=\"path\" value=\"" . $_GET['path'] . "\" />\n"; echo "<input type=\"hidden\" name=\"name\" value=\"" . $_GET['name'] . "\" />\n"; echo "<p><input type=\"submit\" value=\"削除する\" /></p>\n"; echo "</fieldset>\n"; echo "</form>\n"; print_footer(); return; }