public static function write($id, $data)
 {
     if (is_null(self::$context)) {
         self::initialize();
     }
     if (strlen($id) < 32) {
         return false;
     }
     $userid = Acl::getIdentity('textcube');
     if (empty($userid)) {
         $userid = Acl::getIdentity('openid') ? SESSION_OPENID_USERID : '';
     }
     if (empty($userid)) {
         $userid = 'null';
     }
     $id = POD::escapeString($id);
     $data = POD::escapeString($data);
     $server = POD::escapeString($_SERVER['HTTP_HOST']);
     $request = POD::escapeString(substr($_SERVER['REQUEST_URI'], 0, 255));
     $referer = isset($_SERVER['HTTP_REFERER']) ? POD::escapeString(substr($_SERVER['HTTP_REFERER'], 0, 255)) : '';
     $timer = Timer::getMicroTime() - self::$sessionMicrotime;
     $current = Timestamp::getUNIXtime();
     $result = self::query('count', "UPDATE " . self::$context->getProperty('database.prefix') . "Sessions\n\t\t\t\tSET userid = {$userid}, privilege = '{$data}', server = '{$server}', request = '{$request}', referer = '{$referer}', timer = {$timer}, updated = IF(updated,{$current},1)\n\t\t\t\tWHERE id = '{$id}' AND address = '{$_SERVER['REMOTE_ADDR']}'");
     if ($result && $result == 1) {
         @POD::commit();
         return true;
     }
     return false;
 }
Пример #2
0
function addOpenID()
{
    global $openid_list;
    $context = Model_Context::getInstance();
    if (empty($_GET['openid_identifier']) || strstr($_GET['openid_identifier'], ".") === false) {
        exitWithError(_t('오픈아이디를 입력하지 않았거나, 도메인 없는 오픈아이디를 입력하였습니다.'));
    }
    $currentOpenID = Acl::getIdentity('openid_temp');
    $fc = new OpenIDConsumer();
    $claimedOpenID = $fc->fetch($_GET['openid_identifier']);
    if (in_array($claimedOpenID, $openid_list)) {
        exitWithError(_t('이미 연결된 오픈아이디 입니다') . " : " . $claimedOpenID);
    }
    if ($_GET['authenticated'] === "0") {
        header("Location: " . $context->getProperty('uri.blog') . "/owner/setting/account");
        exit(0);
    }
    if (empty($currentOpenID) || $claimedOpenID != $currentOpenID) {
        loginOpenIDforAdding($claimedOpenID);
        return;
    }
    if (!in_array($currentOpenID, $openid_list)) {
        for ($i = 0; $i < OPENID_REGISTERS; $i++) {
            $openid = Setting::getUserSetting("openid." . $i, null, true);
            if (empty($openid)) {
                Setting::setUserSetting("openid." . $i, $currentOpenID, true);
                break;
            }
        }
    }
    echo "<html><head><script type=\"text/javascript\">//<![CDATA[" . CRLF . "alert('" . _t('연결하였습니다.') . " : " . $currentOpenID . "'); document.location.href='" . $context->getProperty('uri.blog') . "/owner/setting/account'; //]]></script></head></html>";
}
Пример #3
0
function openid_hardcore_login($target)
{
    $context = Model_Context::getInstance();
    if (!isset($_COOKIE['openid_auto']) || $_COOKIE['openid_auto'] != 'y') {
        return $target;
    }
    if (Acl::getIdentity('openid')) {
        return $target;
    }
    if (empty($_COOKIE['openid'])) {
        return $target;
    }
    if (strstr($_SERVER["REQUEST_URI"], "/login/openid") !== false) {
        return $target;
    }
    if (headers_sent()) {
        return $target;
    }
    header("Location: " . $context->getProperty('uri.blog') . "/login/openid?action=hardcore&requestURI=" . urlencode($_SERVER["REQUEST_URI"]));
    exit;
}
Пример #4
0
function DEFNENSIO_FILTER($type, $name, $title, $url, $content, $openid = false)
{
    global $hostURL, $blogURL, $database, $configVal, $defensio_conf;
    //if ( doesHaveOwnership() ) return true; // owner
    DEFENSIO_Init();
    $defensio_meta = array();
    $comment = array();
    $comment['referrer'] = $_SERVER['HTTP_REFERER'];
    $comment['user-ip'] = preg_replace('/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR']);
    $comment['user-ip'] = '168.126.63.1';
    $comment['owner-url'] = $defensio_conf['blog'];
    $comment['comment_type'] = $type == 2 ? 'trackback' : 'comment';
    $comment['comment-author'] = $name;
    $comment['article-date'] = strftime("%Y/%m/%d", time());
    // $comment['permalink'] = $comment_perma_link;
    // Make sure it we don't send an SQL escaped string to the server
    $comment['comment-content'] = defensio_unescape_string($content);
    $comment['comment-author-url'] = $url;
    //$comment['comment-author-email'] = $email; // optional field
    $next_id = $type == 2 ? getTrackBacksNextId() : getCommentsNextId();
    $comment_TYPE = $type == 2 ? 'T' : 'C';
    // to using openid
    if ($openid) {
        $comment['openid'] = Acl::getIdentity('openid');
        $comment['user-logged-in'] = 'true';
    }
    // to testing
    // $comment['test-force'] = 'spam,x.xxxx'; // | 'ham,x.xxxx' ( 0 ~ 1)
    if ($r = defensio_post('audit-comment', $comment)) {
        $ar = Spyc::YAMLLoad($r);
        if (isset($ar['defensio-result'])) {
            if ($ar['defensio-result']['status'] == DF_SUCCESS) {
                // Set metadata about the comment
                $defensio_meta['spaminess'] = $ar['defensio-result']['spaminess'];
                $defensio_meta['signature'] = $ar['defensio-result']['signature'];
                error_log(print_r($ar, true));
                if ($ar['defensio-result']['spam']) {
                    $defensio_meta['spam'] = true;
                    defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta);
                    return false;
                } else {
                    // not spam
                    $defensio_meta['spaminess'] = 0;
                    // if do you want check with Thief-cat algorithm, comment out the following two lines.
                    if (!$defensio_conf['force_with_tca']) {
                        defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta);
                        return true;
                    }
                }
            }
        }
        /* else {
        			// Succesful http request, but Defensio failed.
        		} */
    }
    /* else {
    		// Unsuccesful POST to the server. Defensio might be down.
    	} */
    //defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta); // there is problem in defensio.
    ///////////////////////
    // call fail
    // Do Local spam check with "Thief-cat algorithm"
    $count = 0;
    $tableName = $database['prefix'] . 'Trackbacks';
    if ($type == 2) {
        $sql = 'SELECT COUNT(id) as cc FROM ' . $database['prefix'] . 'Trackbacks WHERE';
        $sql .= ' url = \'' . POD::escapeString($url) . '\'';
        $sql .= ' AND isFiltered > 0';
        if ($row = POD::queryRow($sql)) {
            $count += @$row[0];
        }
    } else {
        // Comment Case
        $tableName = $database['prefix'] . 'Comments';
        $sql = 'SELECT COUNT(id) as cc FROM ' . $database['prefix'] . 'Comments WHERE';
        $sql .= ' comment = \'' . POD::escapeString($content) . '\'';
        $sql .= ' AND homepage = \'' . POD::escapeString($url) . '\'';
        $sql .= ' AND name = \'' . POD::escapeString($name) . '\'';
        $sql .= ' AND isFiltered > 0';
        if ($row = POD::queryRow($sql)) {
            $count += @$row[0];
        }
    }
    // Check IP
    $sql = 'SELECT COUNT(id) as cc FROM ' . $tableName . ' WHERE';
    $sql .= ' ip = \'' . POD::escapeString($_SERVER['REMOTE_ADDR']) . '\'';
    $sql .= ' AND isFiltered > 0';
    if ($row = POD::queryRow($sql)) {
        $count += @$row[0];
    }
    $is_spam = $count >= 10 ? 1 : 0;
    if (isset($defensio_meta['spaminess']) and isset($defensio_meta['signature']) && $is_spam) {
        defensio_submit_spam($defensio_meta['signature']);
    }
    $defensio_meta['spam'] = $defensio_meta['spaminess'] = $is_spam;
    defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta);
    return !$is_spam;
}
Пример #5
0
function addOpenIDPannel($comment, $prefix)
{
    $context = Model_Context::getInstance();
    if (!isActivePlugin('CL_OpenID')) {
        return $comment;
    }
    $openid_identity = Acl::getIdentity('openid');
    $whatisopenid = '<a target="_blank" href="' . _text('http://www.google.co.kr/search?q=OpenID&amp;lr=lang_ko') . '"><span style="color:#ff6200">' . _text('오픈아이디란?') . '</span></a>';
    //$lastcomment = ' | <a href="#" onClick="recallLastComment([##_article_rep_id_##]); return false"><span style="color:#ff6200">'._text('마지막 댓글로 채우기').'</span></a>';
    $lastcomment = '';
    $openidOnlySettingNotice = '';
    if ($context->getProperty('blog.AddCommentMode', '') == 'openid') {
        $openidOnlySettingNotice = "<b>" . _text('오픈아이디로만 댓글을 남길 수 있습니다') . "</b>";
    }
    $tag_login = '******' . $context->getProperty('uri.blog') . '/login/openid/guest?requestURI=' . urlencode($_SERVER["REQUEST_URI"]) . '"><span style="color:#ff6200">' . _text('로그인') . '</span></a>';
    $tag_logoff = '<a href="' . $context->getProperty('uri.blog') . '/login/openid?action=logout&requestURI=' . urlencode($_SERVER["REQUEST_URI"]) . '"><span style="">' . _text('로그아웃') . '</span></a>';
    $pannel = '<div class="commentOuterPannel">' . CRLF;
    $openid_input = 'OPENID_TAG_NEEDED';
    $cookie_openid = '';
    if (!empty($_COOKIE['openid'])) {
        $cookie_openid = $_COOKIE['openid'];
    }
    if ($openidOnlySettingNotice || $openid_identity) {
        $checked1 = 'checked="checked"';
        $checked2 = '';
        $disabled1 = '';
        $disabled2 = 'disabled="disabled"';
    } else {
        $checked1 = '';
        $checked2 = 'checked="checked"';
        $disabled1 = 'disabled="disabled"';
        $disabled2 = '';
    }
    $pannel_style = "style=\"width:100%; text-align:left\"";
    $radio_style = "style=\"width:15px;vertical-align:text-bottom;height:15px;border:0px;margin:0px;padding:0px;\"";
    $label_style = "style=\"display:inline;margin-top:0px;padding-left:0px;cursor:pointer\"";
    $openid_input_style = 'style="padding-left:21px;width:165px;background-image:url(' . $context->getProperty('service.path') . '/resources/image/icon_openid.gif' . ');' . 'background-repeat:no-repeat;background-position:0px center"';
    if ($openid_identity) {
        $openid_input = '<span><a href="' . $openid_identity . '">' . OpenID::getDisplayName($openid_identity) . '</a></span>' . CRLF;
        $openid_input .= '<input type="hidden" name="openid_identifier" id="openid_identifier_[##_article_rep_id_##]" value="' . htmlentities($openid_identity) . '" />';
        $openid_input = _text('현재 로그인한 오픈아이디') . ' ' . $openid_input;
        $_COOKIE['guestHomepage'] = $_SESSION['openid']['homepage'];
        $_COOKIE['guestName'] = $_SESSION['openid']['nickname'];
    } else {
        if (preg_match('/.*?(<input[^>]+_(?:guest|rp)_input_homepage_[^>]+>).*/sm', $comment, $match)) {
            $openid_input = $match[1];
            $openid_input = str_replace('homepage_[##', 'openid_identifier_[##', $openid_input);
            $openid_input = str_replace('[##_' . $prefix . '_input_homepage_##]', 'openid_identifier', $openid_input);
            $openid_input = preg_replace('/value=(?:"|\')?(?:[^"\']+)(?:"|\')?/', 'value="' . $cookie_openid . '"', $openid_input);
            $openid_input = preg_replace('/style=("|\')?([^"\']+)("|\')?/', '', $openid_input);
            $openid_input = preg_replace('/(value=(?:"|\'))/', $openid_input_style . ' $1', $openid_input);
        }
    }
    if ($disabled1) {
        $openid_input = preg_replace('/(name=(?:"|\'))/', $disabled1 . ' $1', $openid_input);
    }
    if ($disabled2) {
        $comment = preg_replace("/(.*)(<input)((?:[^>]+)name_\\[##_article_rep_id_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
        $comment = preg_replace("/(.*)(<input)((?:[^>]+)password_\\[##_article_rep_id_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
        $comment = preg_replace("/(.*)(<input)((?:[^>]+)\\[##_{$prefix}_input_name_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
        $comment = preg_replace("/(.*)(<input)((?:[^>]+)\\[##_{$prefix}_input_password_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
    }
    $pannel .= '<div class="commentTypeOpenid" ' . $pannel_style . '>' . '<input class="commentTypeCheckbox" ' . $checked1 . ' type="radio" ' . CRLF . $radio_style . CRLF . 'id="comment_type_[##_article_rep_id_##]_openid" ' . CRLF . 'name="comment_type" value="openid" ' . CRLF . 'onclick="this.form.[##_' . $prefix . '_input_name_##].disabled=this.form.[##_' . $prefix . '_input_password_##].disabled=true;this.form.openid_identifier.disabled=false;this.form.openid_identifier.disabled=false;"' . CRLF . '/> ' . CRLF . '<label for="comment_type_[##_article_rep_id_##]_openid" ' . $label_style . '>' . _text('오픈아이디로 글쓰기') . '</label> <span>[' . ($openid_identity ? $tag_logoff : $tag_login) . '][' . $whatisopenid . $lastcomment . ']</span></div>' . CRLF;
    /* Opera browser does not work with single 'this.form.openid_identifier.disabled=false;', is it a bug? */
    $pannel .= '<div style="padding:5px 0 5px 0px;width:100%;">' . $openid_input . '</div>' . CRLF;
    $pannel .= '<div class="commentTypeNamepassword" ' . $pannel_style . ' >' . CRLF . '<input class="commentTypeCheckbox" ' . $checked2 . ' type="radio" ' . CRLF . $radio_style . CRLF . 'id="comment_type_[##_article_rep_id_##]_idpwd" ' . CRLF . 'name="comment_type" value="idpwd" ' . CRLF . 'onclick="this.form.[##_' . $prefix . '_input_name_##].disabled=this.form.[##_' . $prefix . '_input_password_##].disabled=false;this.form.openid_identifier.disabled=true;this.form.openid_identifier.disabled=true;"' . CRLF . '/> ' . CRLF . '<label for="comment_type_[##_article_rep_id_##]_idpwd" ' . $label_style . '>' . _text('이름/비밀번호로 글쓰기') . '</label> ' . $openidOnlySettingNotice . '</div>' . CRLF;
    $comment = $pannel . $comment . "</div>";
    return $comment;
}
Пример #6
0
}
requireStrictRoute();
header('Content-Type: text/html; charset=utf-8');
if (!Validator::validate($IV)) {
    OpenIDConsumer::printErrorReturn('Illegal parameters', $_POST["requestURI"]);
}
if ($_POST["comment_type_{$entryId}"] != 'openid') {
    OpenIDConsumer::printErrorReturn('Invalid comment type', $_POST["requestURI"]);
}
if (!isset($_GET['__T__']) || !isset($_POST['key']) || $_POST['key'] != md5(filemtime(ROOT . '/config.php'))) {
    OpenIDConsumer::printErrorReturn('Illegal parameters', $_POST["requestURI"]);
}
if ($_POST["comment_{$entryId}"] == '') {
    OpenIDConsumer::printErrorReturn(_text('본문을 입력해 주십시오.'), $_POST["requestURI"]);
}
$openid_identity = Acl::getIdentity('openid');
if ($openid_identity) {
    /* OpenID success return path.. */
    $_POST["name_{$entryId}"] = $_SESSION['openid']['nickname'];
    if (empty($_POST["name_{$entryId}"])) {
        $_POST["name_{$entryId}"] = $openid_identity;
    }
    if (empty($_POST["homepage_{$entryId}"]) || $_POST["homepage_{$entryId}"] == "http://") {
        $_POST["homepage_{$entryId}"] = empty($_SESSION['openid']['homepage']) ? $openid_identity : $_SESSION['openid']['homepage'];
    }
} else {
    if (empty($tr['openid_errormsg'])) {
        /* OpenID request path.. */
        $tid = Transaction::pickle(array('_POST' => $_POST, 'HTTP_REFERER' => $_SERVER['HTTP_REFERER']));
        $requestURI = urlencode($context->getProperty('uri.blog') . "/comment/addopenid/{$entryId}?tid={$tid}&__T__=" . $_GET['__T__']);
        /* eas_mode will redirect your browser to the IdP authentication page in EAS4.js addComment-onError handler */
 function updateUserInfo($nickname, $homepage)
 {
     $openid = Acl::getIdentity('openid');
     if (empty($openid)) {
         return false;
     }
     $context = Model_Context::getInstance();
     $pool = DBModel::getInstance();
     $pool->reset('OpenIDUsers');
     $pool->setQualifier('openid', 'equals', $openid, true);
     $result = $pool->getCell('openidinfo');
     $data = unserialize($result);
     if (!empty($nickname)) {
         $data['nickname'] = $nickname;
     }
     if (!empty($homepage)) {
         $data['homepage'] = $homepage;
     }
     OpenIDConsumer::setUserInfo($data['nickname'], $data['homepage']);
     $data = serialize($data);
     $pool->reset('OpenIDUsers');
     $pool->setAttribute('openidinfo', $data, true);
     $pool->setQualifier('openid', 'equals', $openid, true);
     $pool->update();
 }
Пример #8
0
    exit;
} else {
    if ($userComment == '') {
        Respond::PrintResult(array('error' => 2, 'description' => _text('본문을 입력해 주십시오.')));
        exit;
    } else {
        if (!empty($userName)) {
            setcookie('guestName', $userName, time() + 2592000, $context->getProperty('uri.blog') . "/");
        }
        if (!empty($userHomepage) && $userHomepage != 'http://') {
            if (strpos($userHomepage, 'http://') !== 0) {
                $userHomepage = "http://{$userHomepage}";
            }
            setcookie('guestHomepage', $userHomepage, time() + 2592000, $context->getProperty('uri.blog') . "/");
        }
        if (Acl::getIdentity('openid')) {
            OpenIDConsumer::updateUserInfo($userName, $userHomepage);
        }
        $comment = array();
        $comment['entry'] = $entryId;
        $comment['parent'] = null;
        $comment['name'] = $userName;
        $comment['password'] = $userPassword;
        $comment['homepage'] = $userHomepage == '' || $userHomepage == 'http://' ? '' : $userHomepage;
        $comment['secret'] = $userSecret;
        $comment['comment'] = $userComment;
        $comment['ip'] = $_SERVER['REMOTE_ADDR'];
        $result = addComment($blogid, $comment);
        if (in_array($result, array("ip", "name", "homepage", "comment", "openidonly", "etc"))) {
            switch ($result) {
                case "name":
Пример #9
0
function deleteComment($blogid, $id, $entry, $password)
{
    global $database;
    if (!is_numeric($id)) {
        return false;
    }
    if (!is_numeric($entry)) {
        return false;
    }
    $guestcomment = false;
    if (POD::queryExistence("SELECT * FROM {$database['prefix']}Comments WHERE blogid = {$blogid} AND id = {$id} AND replier IS NULL")) {
        $guestcomment = true;
    }
    $wherePassword = '';
    $sql = "DELETE FROM {$database['prefix']}Comments\n\t\tWHERE blogid = {$blogid}\n\t\t\tAND id = {$id}\n\t\t\tAND entry = {$entry}";
    if (!doesHaveOwnership()) {
        if (Acl::getIdentity('openid') && empty($password)) {
            $wherePassword = '******'' . Acl::getIdentity('openid') . '\'';
        } else {
            if ($guestcomment == false) {
                if (!doesHaveMembership()) {
                    return false;
                }
                $wherePassword = '******' . getUserId();
            } else {
                $wherePassword = '******'' . md5($password) . '\'';
            }
        }
    }
    if (POD::queryCount($sql . $wherePassword)) {
        CacheControl::flushCommentRSS($entry);
        CacheControl::flushDBCache('comment');
        updateCommentsOfEntry($blogid, $entry);
        return true;
    }
    return false;
}
Пример #10
0
function deleteComment($blogid, $id, $entry, $password)
{
    if (!is_numeric($id)) {
        return false;
    }
    if (!is_numeric($entry)) {
        return false;
    }
    $pool = DBModel::getInstance();
    $guestcomment = false;
    $pool->reset('Comments');
    $pool->setQualifier('blogid', 'eq', $blogid);
    $pool->setQualifier('id', 'eq', $id);
    $pool->setQualifier('replier', 'eq', NULL);
    if ($pool->doesExist()) {
        $guestcomment = true;
    }
    $wherePassword = '';
    $pool->reset('Comments');
    $pool->setQualifier('blogid', 'eq', $blogid);
    $pool->setQualifier('id', 'eq', $id);
    $pool->setQualifier('entry', 'eq', $entry);
    if (!doesHaveOwnership()) {
        if (Acl::getIdentity('openid') && empty($password)) {
            $pool->setQualifier('openid', Acl::getIdentity('openid'), true);
        } else {
            if ($guestcomment == false) {
                if (!doesHaveMembership()) {
                    return false;
                }
                $pool->setQualifier('replier', 'eq', getUserId());
            } else {
                $pool->setQualifier('password', 'eq', md5($password), true);
            }
        }
    }
    if ($pool->getCount()) {
        CacheControl::flushCommentRSS($entry);
        CacheControl::flushDBCache('comment');
        updateCommentsOfEntry($blogid, $entry);
        return true;
    }
    return false;
}
Пример #11
0
function getUserId()
{
    return intval(Acl::getIdentity('textcube'));
}
Пример #12
0
							<table class="data-inbox">
								<thead>
									<tr>
										<th class="site"><span class="text"><?php 
echo _t('오픈아이디');
?>
</span></th>
										<th class="site"><span class="text"><?php 
echo _t('삭제');
?>
</span></th>
									</tr>
								</thead>
								<tbody>
<?php 
$currentOpenID = Acl::getIdentity('openid');
$openid_list = array();
for ($i = 0; $i < OPENID_REGISTERS; $i++) {
    $openid_identity = Setting::getUserSettingGlobal("openid." . $i);
    if (!empty($openid_identity)) {
        array_push($openid_list, $openid_identity);
    }
}
for ($i = 0; $i < count($openid_list); $i++) {
    $className = $i % 2 == 1 ? 'even-line' : 'odd-line';
    $className .= $i == count($openid_list) - 1 ? ' last-line' : '';
    ?>
									<tr class="<?php 
    echo $className;
    ?>
 inactive-class" onmouseover="rolloverClass(this, 'over')" onmouseout="rolloverClass(this, 'out')">