function do_login() { global $current_user, $globals; $form_ip_check = check_form_auth_ip(); $previous_login_failed = log_get_date('login_failed', $globals['form_user_ip_int'], 0, 300); echo '<form action="' . get_auth_link() . 'login.php" id="xxxthisform" method="post">' . "\n"; if ($_POST["processlogin"] == 1) { // Check the IP, otherwise redirect if (!$form_ip_check) { header("Location: http://" . get_server_name() . $globals['base_url'] . "login.php"); die; } $username = clean_input_string(trim($_POST['username'])); $password = trim($_POST['password']); if ($_POST['persistent']) { $persistent = 3600000; // 1000 hours } else { $persistent = 0; } // Check form if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) { log_insert('login_failed', $globals['form_user_ip_int'], 0); recover_error(_('el código de seguridad no es correcto')); } elseif ($current_user->Authenticate($username, md5($password), $persistent) == false) { log_insert('login_failed', $globals['form_user_ip_int'], 0); recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta')); $previous_login_failed++; } else { UserAuth::check_clon_from_cookies(); if (!empty($_REQUEST['return'])) { header('Location: ' . $_REQUEST['return']); } else { header('Location: ./'); } die; } } echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n"; echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n"; echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n"; echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n"; echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n"; // Print captcha if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) { ts_print_form(); } get_form_auth_ip(); echo '<p><input type="submit" value="login" tabindex="4" />' . "\n"; echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n"; echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n"; echo '</form>' . "\n"; echo '<div><strong><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></strong></div>' . "\n"; echo '<div style="margin-top: 30px">'; print_oauth_icons($_REQUEST['return']); echo '</div>' . "\n"; }
function authorize() { global $globals, $db; $oauth_token = clean_input_string($_GET['oauth_token']); $request_token_secret = $_COOKIE['oauth_token_secret']; if (!empty($oauth_token) && !empty($request_token_secret)) { $this->oauth->setToken($oauth_token, $request_token_secret); try { $access_token_info = $this->oauth->getAccessToken($this->access_token_url); } catch (Exception $e) { do_error(_('error de conexión a') . " {$this->service} (authorize1)", false, false); } } else { do_error(_('acceso denegado'), false, false); } $this->token = $access_token_info['oauth_token']; $this->secret = $access_token_info['oauth_token_secret']; $this->uid = $access_token_info['user_id']; $this->username = User::get_valid_username($access_token_info['screen_name']); if (!$this->user_exists()) { $this->oauth->setToken($access_token_info['oauth_token'], $access_token_info['oauth_token_secret']); try { $data = $this->oauth->fetch($this->credentials_url); } catch (Exception $e) { do_error(_('error de conexión a') . " {$this->service} (authorize2)", false, false); } if ($data) { $response_info = $this->oauth->getLastResponse(); $response = json_decode($response_info); if ($access_token_info['screen_name'] != $response->screen_name) { do_error(_('datos incorrectos') . " {$this->service}", false, false); } $this->url = $response->url; $this->names = $response->name; $this->avatar = $response->profile_image_url; } $db->transaction(); $this->store_user(); } else { $db->transaction(); } $this->store_auth(); $db->commit(); $this->user_login(); }
<?php // The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include 'config.php'; include mnminclude . 'html1.php'; $globals['ads'] = true; // Clean return variable if (!empty($_REQUEST['return'])) { $_REQUEST['return'] = clean_input_string($_REQUEST['return']); } if ($_GET["op"] === 'logout') { $current_user->Logout($_REQUEST['return']); } // We need it because we modify headers ob_start(); do_header("login"); do_navbar("login"); echo '<div id="genericform-contents">' . "\n"; //echo '<div id="genericform">'."\n"; if ($_GET["op"] === 'recover' || !empty($_POST['recover'])) { do_recover(); } else { do_login(); } echo '</div>' . "\n"; //echo '</div>'."\n";
// The order is not exactly the votes // but a time-decreasing function applied to the number of votes $sql = "select link_id, (link_votes-link_negatives*2)*(1-(unix_timestamp(now())-unix_timestamp(link_date))*0.8/129600) as value from links, sub_statuses where id = " . SitesMgr::my_id() . " AND link_id = link AND status='published' and date > '{$min_date}' order by value desc limit 25"; } elseif (isset($_REQUEST['top_visited'])) { $min_date = date("Y-m-d H:i:00", $globals['now'] - 172800); // 48 hours // The order is not exactly the votes // but a time-decreasing function applied to the number of votes $sql = "select link_id, counter*(1-(unix_timestamp(now())-unix_timestamp(link_date))*0.5/172800) as value from links, link_clicks, sub_statuses where sub_statuses.id = " . SitesMgr::my_id() . " AND link_id = link AND status='published' and date > '{$min_date}' and link_clicks.id = link order by value desc limit 25"; } else { ///// // All the others ///// // The link_status to search if (!empty($_REQUEST['status'])) { $status = $db->escape(clean_input_string(trim($_REQUEST['status']))); } else { // By default it searches on all if ($_REQUEST['q']) { $status = 'all'; include mnminclude . 'search.php'; $search_ids = do_search(true); if ($search_ids['ids']) { $search = ' link_id in (' . implode(',', $search_ids['ids']) . ')'; } } else { $status = 'published'; } } switch ($status) { case 'published':
<?php // The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include '../config.php'; header('Content-Type: text/plain; charset=UTF-8'); $type = clean_input_string($_REQUEST['type']); $name = clean_input_string($_GET["name"]); #echo "$type, $name..."; switch ($type) { case 'username': if (strlen($name) < 3) { echo _('nombre demasiado corto'); return; } if (strlen($name) > 24) { echo _('nombre demasiado largo'); return; } if (!check_username($name)) { echo _('caracteres inválidos'); return; } if (!($current_user->user_id > 0 && $current_user->user_login == $name) && user_exists($name)) { echo _('el usuario ya existe'); return; }
} } else { if ($uid > 0) { // Avoid anonymous and non admins users to use the id, it's a "duplicated" page redirect(html_entity_decode(get_user_uri($login, $_REQUEST['view']))); die; } $user->username = $login; } if (!$user->read()) { do_error(_('usuario inexistente'), 404); } $login = $user->username; // Just in case, we user the database username $globals['search_options'] = array('u' => $user->username); $view = clean_input_string($_REQUEST['view']); if (empty($view)) { $view = 'profile'; } // The profile's use marked the current one as friend if ($current_user->user_id) { $user->friendship = User::friend_exists($user->id, $current_user->user_id); } else { $user->friendship = 0; } // For editing notes and sending privates if ($current_user->user_id == $user->id || $current_user->admin || $user->friendship) { $globals['extra_js'][] = 'ajaxupload.min.js'; } // Enable user AdSense // do_user_ad: 0 = noad, > 0: probability n/100
include mnminclude . 'html1.php'; include mnminclude . 'avatars.php'; $globals['ads'] = false; $globals['secure_page'] = True; check_auth_page(); // We need it because we modify headers ob_start(); $user_levels = array('autodisabled', 'disabled', 'normal', 'special', 'blogger', 'admin', 'god'); $bio_max = 300; // Max bio length // User recovering her password if (!empty($_GET['login']) && !empty($_GET['t']) && !empty($_GET['k'])) { $time = intval($_GET['t']); $key = $_GET['k']; $user = new User(); $user->username = clean_input_string($_GET['login']); if ($user->read()) { $now = time(); $key2 = md5($user->id . $user->pass . $time . $site_key . get_server_name()); //echo "$now, $time; $key == $key2\n"; if ($time > $now - 900 && $time < $now && $key == $key2) { $db->query("update users set user_validated_date = now() where user_id = {$user->id} and user_validated_date is null"); $current_user->Authenticate($user->username, false); header('Location: ' . get_user_uri($user->username)); die; } } } //// End recovery // Check user, admin and authenticated user if ($current_user->user_id > 0 && (empty($_REQUEST['login']) || $_REQUEST['login'] == $current_user->user_login)) {
public static function store_extended_properties($id = false, &$prefs) { if ($id == false) { $id = self::my_id(); } $dict = array(); $defaults = self::$extended_properties; foreach ($prefs as $k => $v) { if ($v !== '' && isset($defaults[$k]) && $defaults[$k] != $v) { switch ($k) { case 'rules': case 'message': $dict[$k] = clean_text_with_tags($v, 0, false, 300); break; default: $dict[$k] = mb_substr(clean_input_string($v), 0, 100); } } } $key = self::PREFERENCES_KEY . $id; $a = new Annotation($key); if (!empty($dict)) { $json = json_encode($dict); $a->text = $json; return $a->store(); } return $a->delete(); }
// You should have received a copy of the GNU Affero General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include 'config.php'; include mnminclude . 'html1.php'; $globals['extra_js'][] = 'autocomplete/jquery.autocomplete.min.js'; $globals['extra_css'][] = 'jquery.autocomplete.css'; $globals['extra_js'][] = 'jquery.user_autocomplete.js'; $page_size = 20; $offset = (get_current_page() - 1) * $page_size; $globals['ads'] = true; $u1 = User::get_valid_username(clean_input_string($_REQUEST['u1'])); $u2 = User::get_valid_username(clean_input_string($_REQUEST['u2'])); $id1 = User::get_user_id($u1); $id2 = User::get_user_id($u2); switch ($_REQUEST['type']) { case 'comments': $type = 'comments'; $prefix = 'comment'; break; case 'posts': default: $type = 'posts'; $prefix = 'post'; } do_header(sprintf(_('debate entre %s y %s'), $u1, $u2)); do_tabs('main', _('debate'), $globals['uri']); /*** SIDEBAR ****/
<?php include_once '../config.php'; $forbidden = array('ip', 'email', 'ip_int', 'user_level'); header('Content-Type: application/json; charset=utf-8'); if (empty($_GET['id']) || empty($_GET['fields'])) { die; } $id = intval($_GET['id']); $fields = clean_input_string($_GET['fields']); // It has to remove parenthesis if (empty($_GET['what'])) { $what = 'link'; } else { $what = $_GET['what']; } $object = false; switch ($what) { case 'link': case 'links': $object = Link::from_db($id, null, false); break; case 'comment': case 'comments': $object = Comment::from_db($id); break; case 'post': case 'posts': $object = Post::from_db($id); break; }
function pingback_ping($args) { global $db, $globals; $pagelinkedfrom = clean_input_string($args[0]); //$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); $pagelinkedto = clean_input_string($args[1]); $title = ''; $urlfrom = parse_url($pagelinkedfrom); $urltest = parse_url($pagelinkedto); if (!$urlfrom || !$urltest) { return new IXR_Error(0, 'Is there no link to us?'); } if ($urltest['host'] != get_server_name()) { return new IXR_Error(0, 'Is there no link to us?'); } $base_uri = preg_quote($globals['base_url'] . $globals['base_story_url'], '/'); $uri = preg_replace("/^{$base_uri}/", '', $urltest[path]); if (check_ban($globals['user_ip'], 'ip')) { syslog(LOG_NOTICE, "Meneame: pingback, IP is banned ({$globals['user_ip']}): {$pagelinkedfrom} - {$pagelinkedto}"); return new IXR_Error(33, 'IP is banned.'); } // Antispam of sites like xxx.yyy-zzz.info/archives/xxx.php if (preg_match('/http:\\/\\/[a-z0-9]\\.[a-z0-9]+-[^\\/]+\\.info\\/archives\\/.+\\.php$/', $pagelinkedfrom)) { return new IXR_Error(33, 'Host not allowed.'); } if (check_ban($urlfrom[host], 'hostname', false)) { syslog(LOG_NOTICE, "Meneame: pingback, site is banned: {$pagelinkedfrom} - {$pagelinkedto}"); return new IXR_Error(33, 'Site is banned.'); } $link = new Link(); $link->uri = preg_replace('/#[\\w\\-\\_]+$/', '', $uri); if (empty($uri) || !$link->read('uri')) { syslog(LOG_NOTICE, "Meneame: pingback, story does not exist: {$pagelinkedto}"); return new IXR_Error(33, 'Story doesn\'t exist.'); } if ($link->get_permalink() == $pagelinkedfrom) { syslog(LOG_NOTICE, "Meneame: pingback, points to the same post: {$pagelinkedfrom} - {$pagelinkedto}"); return new IXR_Error(48, 'The pingback points to the same post.'); } if ($link->date < time() - 86400 * 15) { syslog(LOG_NOTICE, "Meneame: pingback, story is too old: {$pagelinkedto}"); return new IXR_Error(33, 'Story is too old for pingbacks.'); } $trackres = new Trackback(); $trackres->link_id = $link->id; $trackres->type = 'in'; $trackres->link = $pagelinkedfrom; $trackres->url = $pagelinkedfrom; if ($trackres->abuse()) { return new IXR_Error(33, 'Don\'t send so many pings.'); } $dupe = $trackres->read(); if ($dupe) { syslog(LOG_NOTICE, "Meneame: pingback, we already have a ping from that URI for this post: {$pagelinkedfrom} - {$pagelinkedto}"); return new IXR_Error(48, 'The pingback has already been registered.'); } // very stupid, but gives time to the 'from' server to publish ! sleep(1); // Let's check the remote site if (version_compare(phpversion(), '5.1.0') >= 0) { $contents = @file_get_contents($pagelinkedfrom, FALSE, NULL, 0, 100000); } else { $contents = @file_get_contents($pagelinkedfrom); } if (!$contents) { syslog(LOG_NOTICE, "Meneame: pingback, the provided URL does not seem to work: {$pagelinkedfrom} - {$pagelinkedto}"); return new IXR_Error(16, 'The source URL does not exist.'); } if (preg_match('/charset=([a-zA-Z0-9-_]+)/i', $contents, $matches)) { $this->encoding = trim($matches[1]); if (strcasecmp($this->encoding, 'utf-8') != 0) { $contents = iconv($this->encoding, 'UTF-8//IGNORE', $contents); } } // Check is links back to us $permalink = $link->get_permalink(); $permalink_q = preg_quote($permalink, '/'); $pattern = "/<\\s*a[^>]+href=[\"']" . $permalink_q . "[#\\/0-9a-z\\-]*[\"'][^>]*>/i"; if (!preg_match($pattern, $contents)) { syslog(LOG_NOTICE, "Meneame: pingback, the provided URL does not have a link back to us: {$pagelinkedfrom} - {$pagelinkedto}"); return new IXR_Error(17, 'The source URL does not contain a link to the target URL, and so cannot be used as a source.'); } // Search Title if (preg_match('/<title[^<>]*>([^<>]*)<\\/title>/si', $contents, $matches)) { $url_title = clean_text($matches[1]); if (mb_strlen($url_title) > 3) { $title = $url_title; } } if (empty($title)) { syslog(LOG_NOTICE, "Meneame: pingback, cannot find a title on that page: {$pagelinkedfrom} - {$pagelinkedto}"); return new IXR_Error(32, 'We cannot find a title on that page.'); } $title = mb_strlen($title) > 120 ? mb_substr($title, 0, 120) . '...' : $title; $trackres->title = $title; $trackres->status = 'ok'; $trackres->store(); syslog(LOG_NOTICE, "Meneame: pingback ok: {$pagelinkedfrom} - {$pagelinkedto}"); return "Pingback from registered. Keep the web talking! :-)"; }
function do_register2() { global $db, $current_user, $globals; if (!ts_is_human()) { register_error(_('el código de seguridad no es correcto')); return; } if (!check_user_fields()) { return; } // Extra check if (!check_security_key($_POST['base_key'])) { register_error(_('código incorrecto o pasó demasiado tiempo')); return; } $username = clean_input_string(trim($_POST['username'])); // sanity check $dbusername = $db->escape($username); // sanity check $password = UserAuth::hash(trim($_POST['password'])); $email = clean_input_string(trim($_POST['email'])); // sanity check $dbemail = $db->escape($email); // sanity check $user_ip = $globals['form_user_ip']; if (!user_exists($username)) { if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip) VALUES ('{$dbusername}', '{$dbusername}', '{$dbemail}', '{$dbemail}', '{$password}', now(), '{$user_ip}')")) { echo '<fieldset>' . "\n"; echo '<legend><span class="sign">' . _("registro de usuario") . '</span></legend>' . "\n"; $user = new User(); $user->username = $username; if (!$user->read()) { register_error(_('error insertando usuario en la base de datos')); } else { require_once mnminclude . 'mail.php'; $sent = send_recover_mail($user); if ($sent) { $globals['user_ip'] = $user_ip; //we force to insert de log with the same IP as the form Log::insert('user_new', $user->id, $user->id); syslog(LOG_INFO, "new user {$user->id} {$user->username} {$email} {$user_ip}"); } else { register_error(_("error enviando el correo electrónico, seguramente está bloqueado")); } } echo '</fieldset>' . "\n"; } else { register_error(_("error insertando usuario en la base de datos")); } } else { register_error(_("el usuario ya existe")); } }
function do_login() { global $current_user, $globals; // Start posavasos & ashacz code $previous_login_failed = log_get_date('login_failed', $globals['original_user_ip_int'], 0, 90); if ($previous_login_failed < 3 && empty($_POST["processlogin"])) { echo '<div id="mini-faq" style="float:left; width:65%; margin-top: 10px;">' . "\n"; // gallir: Only prints if the user was redirected from submit.php if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) { echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n"; } echo '<h3>¿Qué es menéame?</h3>' . "\n"; echo '<p>Es un web que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php" title="Cola de historias pendientes">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal.</p>' . "\n"; echo '<h3>¿Todavía no eres usuario de menéame?</h3>' . "\n"; echo '<p>Como usuario registrado podrás, entre otras cosas:</p>' . "\n"; echo '<ul>' . "\n"; echo '<li>' . "\n"; echo '<strong>Enviar historias</strong><br />' . "\n"; echo 'Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php" title="Acerca de meneame">preguntas frecuentes sobre menéame.</a>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>Escribir comentarios</strong><br />' . "\n"; echo 'Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos.' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>Perfil de usuario</strong><br />' . "\n"; echo 'Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil.' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>Chatear en tiempo real desde la fisgona</strong><br />' . "\n"; echo 'Gracias a la <a href="sneak.php" title="Fisgona">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame' . "\n"; echo '</li>' . "\n"; echo '</ul>' . "\n"; echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n"; echo '</div>' . "\n"; echo '<div id="genericform" style="float:right; width:30%;">' . "\n"; //End posavasos & ashacz code } else { echo '<div id="genericform" style="float:auto;">' . "\n"; } echo '<form action="login.php" id="thisform" method="post">' . "\n"; if ($_POST["processlogin"] == 1) { $username = clean_input_string(trim($_POST['username'])); $password = trim($_POST['password']); $persistent = $_POST['persistent']; if ($previous_login_failed > 2 && !ts_is_human()) { log_insert('login_failed', $globals['original_user_ip_int'], 0); recover_error(_('El código de seguridad no es correcto!')); } elseif ($current_user->Authenticate($username, $password, $persistent) == false) { log_insert('login_failed', $globals['original_user_ip_int'], 0); recover_error(_('usuario inexistente, sin validar, o clave incorrecta')); $previous_login_failed++; } else { if (!empty($_REQUEST['return'])) { header('Location: ' . $_REQUEST['return']); } else { header('Location: ./'); } die; } } echo '<fieldset>' . "\n"; echo '<legend><span class="sign">login</span></legend>' . "\n"; echo '<p class="l-top"><label for="name">' . _('usuario') . ':</label><br />' . "\n"; echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n"; echo '<p class="l-mid"><label for="password">' . _('clave') . ':</label><br />' . "\n"; echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n"; echo '<p class="l-mid"><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n"; if ($previous_login_failed > 2) { ts_print_form(); } echo '<p class="l-bot"><input type="submit" value="login" class="genericsubmit" tabindex="4" />' . "\n"; echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n"; echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n"; echo '</fieldset>' . "\n"; echo '</form>' . "\n"; echo '<div class="recoverpass" align="center"><h4><a href="login.php?op=recover">' . _('¿Has olvidado la contraseña?') . '</a></h4></div>' . "\n"; echo '</div>' . "\n"; echo '<br clear="all"/> '; }
function meta_get_current() { global $globals, $db, $current_user; $globals['meta_current'] = 0; $globals['meta'] = clean_input_string($_REQUEST['meta']); //Check for personalisation // Authenticated users if ($current_user->user_id > 0) { $categories = $db->get_col("SELECT pref_value FROM prefs WHERE pref_user_id = {$current_user->user_id} and pref_key = 'category' order by pref_value"); if ($categories) { $current_user->has_personal = true; $globals['meta_skip'] = '?meta=_all'; if (!$globals['meta']) { $globals['meta_categories'] = implode(',', $categories); $globals['meta'] = '_personal'; } } else { $globals['meta_categories'] = false; } } elseif ($_COOKIE['mnm_user_meta']) { // anonymous users $meta = $db->escape(clean_input_string($_COOKIE['mnm_user_meta'])); $globals['meta_skip'] = '?meta=_all'; $globals['meta_user_default'] = $db->get_var("select category_id from categories where category_uri = '{$meta}' and category_parent = 0"); // Anonymous can select metas by cookie // Select user default only if no category has been selected if (!$_REQUEST['category'] && !$globals['meta']) { $globals['meta_current'] = $globals['meta_user_default']; } } if ($_REQUEST['category']) { $_REQUEST['category'] = $cat = (int) $_REQUEST['category']; if ($globals['meta'][0] == '_') { $globals['meta_current'] = $globals['meta']; } else { $globals['meta_current'] = (int) $db->get_var("select category_parent from categories where category_id = {$cat} and category_parent > 0"); $globals['meta'] = ''; } } elseif ($globals['meta']) { // Special metas begin with _ if ($globals['meta'][0] == '_') { return 0; } $meta = $db->escape($globals['meta']); $globals['meta_current'] = $db->get_var("select category_id from categories where category_uri = '{$meta}' and category_parent = 0"); if ($globals['meta_current']) { $globals['meta'] = ''; // Security measure } } if ($globals['meta_current'] > 0) { $globals['meta_categories'] = meta_get_categories_list($globals['meta_current']); if (!$globals['meta_categories']) { $globals['meta_current'] = 0; } } //echo "meta_current: " . $globals['meta_current'] . "<br/>\n"; return $globals['meta_current']; }
// http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include '../config.php'; header('Content-Type: text/html; charset=UTF-8'); header('Pragma: no-cache'); header('Cache-Control: max-age=10, must-revalidate'); echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'; $maxlen = 70; $width = clean_input_string($_GET['width']); $height = clean_input_string($_GET['height']); $format = clean_input_string($_GET['format']); $color_border = clean_input_string($_GET['color_border']); $color_bg = clean_input_string($_GET['color_bg']); $color_link = clean_input_string($_GET['color_link']); $color_text = clean_input_string($_GET['color_text']); $font_pt = clean_input_string($_GET['font_pt']); echo '<html><head><title>banner</title></head><body>'; $from = time() - 1800; $res = $db->get_row("select link_id, link_title, count(*) as votes from links, votes where vote_type='links' and vote_date > FROM_UNIXTIME({$from}) and vote_value > 0 and link_id = vote_link_id group by link_id order by votes desc limit 1"); if ($res) { $votes_hour = $res->votes * 2; $title['most'] = cut($res->link_title) . ' <span style="font-size: 90%;">[' . $votes_hour . " " . _('votos/hora') . "]</span>"; $url['most'] = "http://" . get_server_name() . "/story.php?id={$res->link_id}"; } $res = $db->get_row("select link_id, link_title, link_votes from links where link_status = 'published' order by link_published_date desc limit 1"); if ($res) { $title['published'] = cut($res->link_title) . ' <span style="font-size: 90%;">[' . $res->link_votes . " " . _('votos') . "]</span>"; $url['published'] = "http://" . get_server_name() . "/story.php?id={$res->link_id}"; } $res = $db->get_row("select link_id, link_title, link_votes from links where link_status = 'queued' order by link_date desc limit 1"); if ($res) {
// http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include '../config.php'; include mnminclude . 'html1.php'; $globals['ads'] = false; do_header(_('Administración de bans')); $page_size = 40; $offset = (get_current_page() - 1) * $page_size; $ban_text_length = 64; // Cambiar también en checkfield.php $ban_comment_length = 120; if ($current_user->admin) { if (!$_REQUEST["admin"]) { $_REQUEST["admin"] = 'hostname'; } else { $_REQUEST["admin"] = clean_input_string($_REQUEST["admin"]); } // Delete expired bans $db->query("delete from bans where ban_expire is not null and ban_expire < date_sub(now(), interval 60 day)"); admin_tabs($_REQUEST["admin"]); echo '<div id="singlewrap">' . "\n"; admin_bans($_REQUEST["admin"]); } else { echo '<div id="singlewrap">' . "\n"; echo '<div class="topheading"><h2>' . _('Esta página es sólo para administradores') . '</h2>'; } echo "</div>"; echo "</div>"; // singlewrap do_footer(); function admin_tabs($tab_selected = false)
<? // The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include('../config.php'); header('Content-Type: text/plain; charset=UTF-8'); $type=clean_input_string($_REQUEST['type']); $name=clean_input_string($_GET['name']); function check_spammer_email($name) { // f**k spammers $re_test = Array(); preg_match("/.*(outlook.com)|(fr)|(co.uk)|(ru)|(ua)|(aol.com)|(.tk)|(hotmail.*)$/i", $name, $re_test); if($re_test) return true; } #echo "$type, $name..."; switch ($type) { case 'username': if (!check_username(trim($_GET['name']))) { echo _('caracteres inválidos o no comienzan con una letra'); return; } if (strlen($name)<3) {
} $post = new Post(); if (!empty($_GET['host']) && !empty($_GET['operadora']) && !empty($_GET['movil']) && !empty($_GET['texto'])) { // The connection comes from nviasms.es $host = clean_input_string($_GET['host']); $phone = clean_input_string($_GET['movil']); $telco = clean_input_string($_GET['operadora']); // The gateway sends text coded in iso-8859 $text = clean_text(@iconv('ISO-8859-1', 'UTF-8//IGNORE', $_GET['texto'])); $text = preg_replace('/^NOTA /i', '', $text); $date = time(); } else { if (!empty($_REQUEST['phone']) && !empty($_REQUEST['date']) && !empty($_REQUEST['text'])) { // Conenction from our own server $phone = clean_input_string($_REQUEST['phone']); $date = strtotime(clean_input_string($_REQUEST['date'])); $text = clean_text($_REQUEST['text']); } else { echo "ERROR: missing fields\n"; die; } } syslog(LOG_NOTICE, "Meneame SMS: from {$remote}, Tel: {$phone}"); if (mb_strlen($text) < 5) { echo 'OK ' . _('texto muy corto, nota no insertada'); die; } if (strlen($phone) < 10) { $phone = '+34' . $phone; } elseif (!preg_match('/^\\+/', $phone)) { $phone = '+' . $phone;
// Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include '../config.php'; header('Content-Type: text/html; charset=UTF-8'); header('Pragma: no-cache'); header('Cache-Control: max-age=10, must-revalidate'); echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'; $width = intval($_GET['width']); if ($globals['mobile']) { $width = min(400, $width); } $height = intval($_GET['height']); $format = clean_input_string($_GET['format']); $color_border = get_hex_color($_GET['color_border']); $color_bg = get_hex_color($_GET['color_bg']); $color_link = get_hex_color($_GET['color_link']); $color_text = get_hex_color($_GET['color_text']); $font_pt = is_numeric($_GET['font_pt']) ? floatval($_GET['font_pt']) : 10; echo '<html><head><title>banner</title></head><body>'; $res = $db->get_row("select link_id, link_title, count(*) as votes from links, votes where vote_type='links' and vote_date > date_sub(now(), interval 10 minute) and vote_value > 0 and link_id = vote_link_id group by link_id order by votes desc limit 1"); if ($res) { $votes_hour = $res->votes * 6; $title['most'] = text_to_summary($res->link_title, 70) . ' <span style="font-size: 90%;">[' . $votes_hour . " " . _('votos/hora') . "]</span>"; $url['most'] = "http://" . get_server_name() . "/story.php?id={$res->link_id}"; } $res = $db->get_row("select link_id, link_title, link_votes, link_anonymous from links where link_status = 'published' order by link_date desc limit 1"); if ($res) { $title['published'] = text_to_summary($res->link_title, 70) . ' <span style="font-size: 90%;">[' . ($res->link_votes + $res->link_anonymous) . " " . _('votos') . "]</span>";
// You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include 'config.php'; include mnminclude . 'html1-mobile.php'; $offset = (get_current_page() - 1) * $page_size; if (!empty($globals['base_user_url']) && !empty($_SERVER['PATH_INFO'])) { $url_args = preg_split('/\\/+/', $_SERVER['PATH_INFO']); array_shift($url_args); // The first element is always a "/" $_REQUEST['login'] = clean_input_string($url_args[0]); $_REQUEST['view'] = $url_args[1]; } else { $_REQUEST['login'] = clean_input_string($_REQUEST['login']); if (!empty($globals['base_user_url']) && !empty($_REQUEST['login'])) { header('Location: ' . get_user_uri($_REQUEST['login'], clean_input_string($_REQUEST['view']))); die; } } $login = $_REQUEST['login']; if (empty($login)) { if ($current_user->user_id > 0) { header('Location: ' . get_user_uri($current_user->user_login)); die; } else { header('Location: ' . $globals['base_url']); die; } } $user = new User(); $user->username = $db->escape($login);
<?php // The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include 'config.php'; include mnminclude . 'html1-mobile.php'; $offset = (get_current_page() - 1) * $page_size; $url_args = $globals['path']; $login = clean_input_string($url_args[1]); if (empty($login)) { if ($current_user->user_id > 0) { header('Location: ' . get_user_uri($current_user->user_login)); die; } else { header('Location: ' . $globals['base_url']); die; } } $user = new User(); $user->username = $db->escape($login); if (!$user->read()) { not_found(); } do_header($login); echo '<div id="singlewrap">' . "\n"; $url_login = urlencode($login); do_profile();
function do_register2() { global $db, $current_user, $globals; if ( !ts_is_human()) { register_error(_('el código de seguridad no es correcto')); return; } if (!check_user_fields()) return; $username=clean_input_string(trim($_POST['username'])); // sanity check $dbusername=$db->escape($username); // sanity check $password=md5(trim($_POST['password'])); $email=clean_input_string(trim($_POST['email'])); // sanity check $dbemail=$db->escape($email); // sanity check $user_ip = $globals['form_user_ip']; $standard = (int)$_POST['standard']; if (!user_exists($username)) { if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip, user_standard) VALUES ('$dbusername', '$dbusername', '$dbemail', '$dbemail', '$password', now(), '$user_ip', '$standard')")) { echo '<fieldset>'."\n"; echo '<legend><span class="sign">'._("registro de usuario").'</span></legend>'."\n"; $user=new User(); $user->username=$username; if(!$user->read()) { register_error(_('error insertando usuario en la base de datos')); } else { require_once(mnminclude.'mail.php'); $sent = send_recover_mail($user); $globals['user_ip'] = $user_ip; //we force to insert de log with the same IP as the form log_insert('user_new', $user->id, $user->id); } echo '</fieldset>'."\n"; } else { register_error(_("error insertando usuario en la base de datos")); } } else { register_error(_("el usuario ya existe")); } }
if ($error) { echo '<?xml version="1.0" encoding="utf-8"?' . ">\n"; echo "<response>\n"; echo "<error>1</error>\n"; echo "<message>{$error_message}</message>\n"; echo "</response>"; die; } else { echo '<?xml version="1.0" encoding="utf-8"?' . ">\n"; echo "<response>\n"; echo "<error>0</error>\n"; echo "</response>"; } die; } $tb_url = clean_input_string($_POST['url']); $title = $_POST['title']; $excerpt = $_POST['excerpt']; $blog_name = $_POST['blog_name']; $charset = $_POST['charset']; if (!empty($charset)) { $title = @iconv($charset, 'UTF-8//IGNORE', $title); $excerpt = @iconv($charset, 'UTF-8//IGNORE', $excerpt); $blog_name = @iconv($charset, 'UTF-8//IGNORE', $blog_name); } $tb_id = intval($_GET['id']); $link = new Link(); $link->id = $tb_id; if (!$tb_id > 0 || !$link->read()) { trackback_response(1, 'I really need an ID for this to work.'); }
// The source code packaged with this file is Free Software, Copyright (C) 2005-2009 by // Benjamí Villoslada <benjami at bitassa dot cat>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". // Don't check the user is logged $globals['no_auth'] = true; include 'config.php'; include mnminclude . 'html1.php'; $errn = $_GET["e"]; // Check we must reconstruct an image in cache directory $cache_dir = preg_quote($globals['base_url'] . $globals['cache_dir'], '/'); if (preg_match("/{$cache_dir}/", $_SERVER['REQUEST_URI'])) { $filename = basename(clean_input_string($_SERVER['REQUEST_URI'])); $base_filename = preg_replace('/\\..+$/', '', $filename); $parts = explode('-', $base_filename); switch ($parts[0]) { case "media_thumb": case "media_thumb_2x": // Comments' and posts' thumnails if (!Upload::is_thumb_public($parts[1])) { break; } $media = new Upload($parts[1], $parts[2], 0); if (!$media->read()) { break; } if ($media->create_thumbs($parts[0])) { header("HTTP/1.0 200 OK");
// This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as // published by the Free Software Foundation, either version 3 of the // License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". $base = dirname(dirname($_SERVER["SCRIPT_FILENAME"])); // Get parent dir that works with symbolic links include "{$base}/config.php"; $service = clean_input_string($_GET['service']); $op = clean_input_string($_GET['op']); switch ($service) { case 'twitter': default: require_once 'twitter.php'; $req = new TwitterOAuth(); if ($op == 'init') { $req->authRequest(); } else { $req->authorize(); } }
function save_sub($id, &$errors) { global $current_user, $db; // Double check $owner = intval($_POST['owner']); if (!SitesMgr::can_edit($id)) { array_push($errors, _('usuario no autorizado a editar')); return false; } $site = SitesMgr::get_info(); $extended = SitesMgr::get_extended_properties($id); if ($_POST['created_from'] != $site->id) { array_push($errors, _('sitio erróneo')); } if ($owner != $current_user->user_id && !$current_user->admin) { array_push($errors, _('propietario erróneo')); } $name = mb_substr(clean_input_string($_POST['name']), 0, 12); if (mb_strlen($name) < 3 || !preg_match('/^\\p{L}[\\p{L}\\d_]+$/u', $name)) { array_push($errors, _('nombre erróneo') . ' ' . $_POST['name']); } $name_long = mb_substr(clean_text($_POST['name_long']), 0, 40); if (mb_strlen($name_long) < 6) { array_push($errors, _('título erróneo')); } $name = $db->escape($name); $name_long = $db->escape($name_long); if ($db->get_var("select count(*) from subs where name = '{$name}' and id != {$id}") > 0) { array_push($errors, _('nombre duplicado')); } $page_mode = $db->escape($_POST['page_mode']); if ($current_user->admin) { $enabled = intval($_POST['enabled']); $allow_main_link = intval($_POST['allow_main_link']); } else { // Keep the values $enabled = $site->enabled; $allow_main_link = $site->allow_main_link; $_POST['post_html'] = $extended['post_html']; } $nsfw = intval($_POST['nsfw']); $private = intval($_POST['private']); // Check the extended info foreach (array('no_link', 'no_anti_spam', 'allow_local_links', 'intro_max_len', 'intro_min_len') as $k) { if (isset($_POST[$k]) && $_POST[$k] !== '') { $_POST[$k] = intval($_POST[$k]); } } if ($_POST['intro_max_len'] > 5000) { $_POST['intro_max_len'] = 5000; } if (empty($errors)) { $db->transaction(); if ($id > 0) { $r = $db->query("update subs set owner = {$owner}, enabled = {$enabled}, allow_main_link = {$allow_main_link}, nsfw = {$nsfw}, name = '{$name}', name_long = '{$name_long}', private = {$private}, page_mode = '{$page_mode}' where id = {$id}"); } else { $r = $db->query("insert into subs (created_from, owner, nsfw, name, name_long, sub, private) values ({$site->id}, {$owner}, {$nsfw}, '{$name}', '{$name_long}', 1, {$private})"); $id = $db->insert_id; } if ($r && $id > 0) { // Copy values from first site $r = $db->query("update subs as a join subs as b on a.id = {$id} and b.id={$site->id} set a.server_name = b.server_name, a.base_url = b.base_url"); // Update copy_from if ($current_user->admin) { sub_copy_from($id, $_POST['copy_from']); } // Update colors $color_regex = '/^#[a-f0-9]{6}/i'; if (preg_match($color_regex, $_POST['color1'])) { $color1 = $db->escape($_POST['color1']); } else { $color1 = ''; } if (preg_match($color_regex, $_POST['color2'])) { $color2 = $db->escape($_POST['color2']); } else { $color2 = ''; } $db->query("update subs set color1 = '{$color1}', color2 = '{$color2}' where id = {$id}"); } if ($r && $id > 0) { SitesMgr::store_extended_properties($id, $_POST); $db->commit(); store_image($id); return $id; } else { array_push($errors, _('error actualizando la base de datos')); $db->rollback(); } } return false; }
case 0: $subs = SitesMgr::get_subscriptions($current_user->user_id); $template = 'subs_simple.html'; $all = false; break; case 1: $all = false; $template = 'subs.html'; $sql = "select subs.*, user_id, user_login, user_avatar, count(*) as c from subs LEFT JOIN users ON (user_id = owner), sub_statuses where date > date_sub(now(), interval 5 day) and subs.id = sub_statuses.id and sub_statuses.id = sub_statuses.origen and sub_statuses.status = 'published' and subs.sub = 1 group by subs.id order by c desc limit 50"; $subs = $db->get_results($sql); break; default: $all = true; $chars = $db->get_col("select distinct(left(ucase(name), 1)) from subs"); // Check if we must show just those beginning with a letter if (!empty($_GET['c']) && ($char_selected = substr(clean_input_string($_GET['c']), 0, 1))) { $extra = "subs.name like '{$char_selected}%' and"; $rows = $db->get_var("select count(*) from subs where {$extra} subs.sub = 1 and created_from = " . SitesMgr::my_id()); } else { $extra = ''; $rows = -1; } $template = 'subs.html'; $page_size = 50; $page = get_current_page(); $offset = ($page - 1) * $page_size; $sql = "select subs.*, user_id, user_login, user_avatar from subs, users where {$extra} subs.sub = 1 and created_from = " . SitesMgr::my_id() . " and user_id = owner order by name asc limit {$offset}, {$page_size}"; $subs = $db->get_results($sql); } $all_subs = $db->get_results($sql); $subs = array();
echo '<div id="sidebar">'; do_banner_right(); do_best_stories(); do_best_posts(); do_best_comments(); echo '</div>' . "\n"; /*** END SIDEBAR ***/ echo '<div id="singlewrap">' . "\n"; echo '<div style="margin: 20px 0"><h2>' . _('apuntes de blogs') . ' <a href="' . $globals['base_url_general'] . 'blogs_rss2.php" title="blogs"><img src="' . $globals['base_static'] . 'img/common/feed-icon-001.png" width="18" height="18" alt="rss2"/></a></h2>'; echo '</div>'; echo '<table class="decorated">'; $entries = $db->get_results("select rss.blog_id, rss.user_id, title, url, user_login, user_avatar, blogs.blog_url, blogs.blog_title from rss, users, blogs where rss.blog_id = blogs.blog_id and rss.user_id = users.user_id order by rss.date desc limit {$offset},{$page_size}"); if ($entries) { foreach ($entries as $entry) { $title = strip_tags($entry->title); $url = clean_input_string($entry->url); $blog_title = strip_tags($entry->blog_title); echo '<tr>'; echo '<td style="width:35px"><a href="' . get_user_uri($entry->user_login) . '" class="tooltip u:' . $entry->user_id . '"><img class="avatar" src="' . get_avatar_url($entry->user_id, $entry->user_avatar, 25) . '" width="25" height="25" alt="avatar"/></a></td>'; echo '<td style="font-size:110%;width:30%"><a href="' . $entry->blog_url . '" rel="nofollow">' . $blog_title . '</a></td>'; echo '<td style="font-size:120%"><a href="' . $url . '" rel="nofollow">' . $title . '</a></td>'; echo '</tr>'; } } echo '</table>'; echo '<fieldset id="nota"><legend>' . _('nota') . '</legend>'; echo _('Los enlaces son de apuntes de blogs indicados en el perfil de usuarios activos de Menéame.'); echo ' '; echo _('No tienen relación con meneame.net, ni han sido seleccionados por su comunidad de usuarios.'); echo '</fieldset>'; do_pages($rows, $page_size);
<?php // The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include '../config.php'; include 'common.php'; if (!isset($_REQUEST['id']) && !empty($_SERVER['PATH_INFO'])) { $argv = preg_split('/\\/+/', $_SERVER['PATH_INFO'], 4, PREG_SPLIT_NO_EMPTY); $argv[0] = clean_input_string($argv[0]); } else { $argv = preg_split('/\\/+/', $_REQUEST['id'], 4, PREG_SPLIT_NO_EMPTY); $argv[0] = clean_input_string($argv[0]); } if ($argv[0] == _priv) { // Load priv.php include 'priv.php'; die; } include mnminclude . 'html1.php'; include mnminclude . 'favorites.php'; $globals['search_options'] = array('w' => 'posts'); if ($current_user->user_id > 0) { array_push($globals['extra_js'], 'jquery.form.min.js'); } $user = new User(); $min_date = date("Y-m-d H:00:00", time() - 192800); // about 48 hours
function do_login() { global $current_user, $globals; $form_ip_check = check_form_auth_ip(); $previous_login_failed = Log::get_date('login_failed', $globals['form_user_ip_int'], 0, 300); // Show menéame intro only if first try and the there were not previous logins if (!$globals['mobile'] && $previous_login_failed < 3 && empty($_POST["processlogin"]) && empty($_COOKIE['u'])) { echo '<div class="faq wideonly" style="float:right; width:55%; margin-top: 10px;">' . "\n"; // Only prints if the user was redirected from submit.php if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) { echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n"; } echo '<h3>' . _('¿Qué es menéame?') . '</h3>' . "\n"; echo '<p>' . _('Es un sitio que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal') . '.</p>' . "\n"; echo '<h3>' . _('¿Todavía no eres usuario de menéame?') . '</h3>' . "\n"; echo '<p>' . _('Como usuario registrado podrás, entre otras cosas') . ':</p>' . "\n"; echo '<ul style="margin-left: 1.5em">' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Enviar historias') . '</strong><br />' . "\n"; echo '<p>' . _('Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php">preguntas frecuentes sobre menéame</a>') . '.</p>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Escribir comentarios') . '</strong><br />' . "\n"; echo '<p>' . _('Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos') . '.</p>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Perfil de usuario') . '</strong><br />' . "\n"; echo '<p>' . _('Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil') . '.</p>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Chatear en tiempo real desde la fisgona') . '</strong><br />' . "\n"; echo '<p>' . _('Gracias a la <a href="sneak.php">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame') . '</p>' . "\n"; echo '</li>' . "\n"; echo '</ul>' . "\n"; echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n"; echo '</div>' . "\n"; echo '<div class="genericform" style="float:left; width:40%; margin: 0">' . "\n"; } else { echo '<div class="genericform" style="float:auto;">' . "\n"; } echo '<form action="' . get_auth_link() . 'login.php" id="thisform" method="post">' . "\n"; if ($_POST["processlogin"] == 1) { // Check the IP, otherwise redirect if (!$form_ip_check) { header('HTTP/1.1 303 Load'); header("Location: http://" . $_COOKIE['return_site'] . $globals['base_url'] . "login.php"); die; } $username = clean_input_string(trim($_POST['username'])); $password = trim($_POST['password']); // Check form if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) { Log::insert('login_failed', $globals['form_user_ip_int'], 0); recover_error(_('el código de seguridad no es correcto') . " ({$previous_login_failed})"); } elseif (strlen($password) > 0 && $current_user->Authenticate($username, $password, $_POST['persistent']) == false) { Log::insert('login_failed', $globals['form_user_ip_int'], 0); $previous_login_failed++; recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta') . " ({$previous_login_failed})"); } else { UserAuth::check_clon_from_cookies(); // If the user is authenticating from a mobile device, keep her in the standard version if ($globals['mobile']) { setcookie('nomobile', '1', 0, $globals['base_url'], UserAuth::domain()); } header('HTTP/1.1 303 Load'); if (!empty($_REQUEST['return'])) { header('Location: http://' . $_COOKIE['return_site'] . $_REQUEST['return']); } else { header('Location: http://' . $_COOKIE['return_site'] . $globals['base_url']); } die; } } echo '<fieldset>' . "\n"; echo '<legend><span class="sign">' . _('usuario y contraseña') . '</span></legend>' . "\n"; echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n"; echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n"; echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n"; echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n"; echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n"; // Print captcha if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) { ts_print_form(); } get_form_auth_ip(); echo '<p><input type="submit" value="login" class="button" tabindex="4" /></p>' . "\n"; print_oauth_icons($_REQUEST['return']); echo '<input type="hidden" name="processlogin" value="1"/>' . "\n"; echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n"; echo '</fieldset>' . "\n"; echo '</form>' . "\n"; echo '<div class="recoverpass" style="text-align:center"><h4><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></h4></div>' . "\n"; echo '</div>' . "\n"; echo '<br/> '; }