function gdocs_file_previewer_get_token($file, $timestamp)
{
if (!elgg_instanceof($file) || !is_numeric($timestamp)) {
return false;
}
$secret = get_site_secret();
return sha1($file->guid . $secret . $timestamp);
}
function get_token($url)
{
if (elgg_get_config('image_proxy_secret')) {
$site_secret = elgg_get_config('image_proxy_secret');
} else {
$site_secret = get_site_secret();
}
return md5($site_secret . $url);
}
/**
* Generate a validation token
*
* @param string $type what kind of token
* @param int $user_guid the user_guid to generate for
*
* @return bool|string
*/
function acount_removal_generate_confirm_token($type, $user_guid)
{
$result = false;
if (!empty($user_guid) && ($user = get_user($user_guid)) && in_array($type, array("remove", "disable"))) {
$site_secret = get_site_secret();
$user_salt = $user->salt;
$result = md5($site_secret . $user_guid . $type . $user_salt);
}
return $result;
}
/**
* Create a secret code to toggle admin/normal user
*
* @param ElggUser $user the user to create the secret for (default: current user)
*
* @return false|string
*/
function admin_tools_make_switch_admin_secret(ElggUser $user = null)
{
// no param, check current logged in user
if (empty($user)) {
$user = elgg_get_logged_in_user_entity();
}
// no user to check
if (!$user instanceof ElggUser) {
return false;
}
return hash_hmac('sha256', $user->time_created, get_site_secret());
}
/**
* Get the strength of the site secret
*
* @return string "strong", "moderate", or "weak"
* @access private
*/
function getStrength()
{
$secret = get_site_secret();
if ($secret[0] !== 'z') {
$rand_max = getrandmax();
if ($rand_max < pow(2, 16)) {
return 'weak';
}
if ($rand_max < pow(2, 32)) {
return 'moderate';
}
}
return 'strong';
}
public function getThumbUrl($url = '', $handle = null)
{
$data = $this->resourceCache->get($url, $handle);
if (!empty($data['thumb_cache'])) {
$uid = md5($url);
$path = "scraper_cache/thumbs/{$uid}.{$handle}.jpg";
$dir = elgg_get_site_entity()->guid;
$dir_tc = elgg_get_site_entity()->time_created;
$query = serialize(array('uid' => $uid, 'path' => $path, 'd' => $dir, 'dts' => $dir_tc, 'ts' => $data['thumb_cache'], 'mac' => hash_hmac('sha256', $uid . $path, get_site_secret())));
$icon_url = elgg_http_add_url_query_elements('/mod/hypeApps/servers/icon.php', array('q' => base64_encode($query)));
} else {
if (!empty($data['thumbnail_url'])) {
$icon_url = $data['thumbnail_url'];
} else {
$icon_url = '/mod/hypeScraper/graphics/placeholder.png';
}
}
return elgg_normalize_url($icon_url);
}
function group_tools_invite_email(ElggGroup $group, $email, $text = "", $resend = false)
{
$result = false;
if (!empty($group) && $group instanceof ElggGroup && !empty($email) && is_email_address($email) && ($loggedin_user = elgg_get_logged_in_user_entity())) {
// get site secret
$site_secret = get_site_secret();
// generate invite code
$invite_code = md5($site_secret . $email . $group->getGUID());
if (!group_tools_check_group_email_invitation($invite_code, $group->getGUID()) || $resend) {
// make site email
$site = elgg_get_site_entity();
if (!empty($site->email)) {
if (!empty($site->name)) {
$site_from = $site->name . " <" . $site->email . ">";
} else {
$site_from = $site->email;
}
} else {
// no site email, so make one up
if (!empty($site->name)) {
$site_from = $site->name . " <noreply@" . get_site_domain($site->getGUID()) . ">";
} else {
$site_from = "noreply@" . get_site_domain($site->getGUID());
}
}
if (!$resend) {
// register invite with group
$group->annotate("email_invitation", $invite_code, ACCESS_LOGGED_IN, $group->getGUID());
}
// make subject
$subject = elgg_echo("group_tools:groups:invite:email:subject", array($group->name));
// make body
$body = elgg_echo("group_tools:groups:invite:email:body", array($loggedin_user->name, $group->name, $site->name, $text, $site->name, elgg_get_site_url() . "register", elgg_get_site_url() . "groups/invitations/?invitecode=" . $invite_code, $invite_code));
$result = elgg_send_email($site_from, $email, $subject, $body);
} else {
$result = null;
}
}
return $result;
}
/**
* Hashes the site secret, UA, and a ts.
*
* @return mixed A token if time or req is passed, and array of info if not
*/
function registration_randomizer_generate_token($passed_time = null, $passed_req = null)
{
if ($passed_time === null) {
$ts = time();
} else {
$ts = $passed_time;
}
if ($passed_req === null) {
$req = $_SERVER;
} else {
$req = $passed_req;
}
$str = get_site_secret();
$str .= filter_input(INPUT_SERVER, 'HTTP_USER_AGENT');
$str .= filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_VALIDATE_IP);
$str .= $ts;
$token = md5($str);
if ($passed_time === null && $passed_req === null) {
return array('ts' => $ts, 'token' => $token, 'req' => $req);
} else {
return $token;
}
}
function siteaccess_generate_captcha($num)
{
global $CONFIG;
$date = date("F j");
$tmp = hexdec(md5($num . $date . $CONFIG->site->url . get_site_secret()));
$code = substr($tmp, 4, 6);
return $code;
}
/**
* Generate an action token.
*
* Action tokens are based on timestamps as returned by {@link time()}.
* They are valid for one hour.
*
* Action tokens should be passed to all actions name __elgg_ts and __elgg_token.
*
* @warning Action tokens are required for all actions.
*
* @param int $timestamp Unix timestamp
*
* @see @elgg_view input/securitytoken
* @see @elgg_view input/form
* @example actions/manual_tokens.php
*
* @return string|false
* @access private
*/
function generate_action_token($timestamp)
{
$site_secret = get_site_secret();
$session_id = session_id();
// Session token
$st = $_SESSION['__elgg_session'];
if ($site_secret && $session_id) {
return md5($site_secret . $timestamp . $session_id . $st);
}
return FALSE;
}
/**
* Work around for Flash/session issues
*
* Catches Elgg attempting to forward the Flash uploader because it doesn't
* have a session cookie. Instead manually runs the action.
*
* @param string $hook The name of the hook
* @param string $type The type of the hook
* @param string $value Location being forwarded to
* @param array $params Parameters related to the forward() call
* @return void
*/
function tidypics_ajax_session_handler($hook, $type, $value, $params)
{
$www_root = elgg_get_config('wwwroot');
$url = $params['current_url'];
if ($url !== "{$www_root}action/photos/image/ajax_upload") {
return;
}
if (elgg_get_logged_in_user_guid() != 0) {
return;
}
// action_gatekeeper rejected ajax call from Flash due to session issue
// Validate token
$token = get_input('__elgg_token');
$ts = get_input('__elgg_ts');
$session_id = get_input('Elgg');
$session_token = get_input('session_token');
$tidypics_token = get_input('tidypics_token');
$user_guid = get_input('user_guid');
$user = get_user($user_guid);
$timeout = elgg_get_config('action_token_timeout');
if (!$timeout) {
$timeout = 2;
}
if (!$user) {
trigger_error('Tidypics warning: failed to get user in flash uploader', E_USER_WARNING);
return;
}
if (!$token || !$ts || !$session_id || !$tidypics_token) {
trigger_error('Tidypics warning: token information missing in flash uploader', E_USER_WARNING);
return;
}
$hour = 60 * 60;
$now = time();
if ($ts < $now - $hour || $ts > $now + $hour) {
trigger_error('Tidypics warning: failed time check in flash uploader', E_USER_WARNING);
return;
}
$generated_token = md5($session_id . get_site_secret() . $ts . $user->salt);
if ($tidypics_token !== $generated_token) {
trigger_error('Tidypics warning: token check failed in flash uploader', E_USER_WARNING);
return;
}
// passed token test, so login and process action
login($user);
$actions = elgg_get_config('actions');
include $actions['photos/image/ajax_upload']['file'];
exit;
}
private function generateCode($userGuid, $email, $date)
{
return md5($userGuid . $email . $date . elgg_get_site_url() . get_site_secret());
}
/**
* Generate an email activation code.
*
* @param int $user_guid The guid of the user
* @param string $email_address Email address
* @return string
*/
function uservalidationbyemail_generate_code($user_guid, $email_address)
{
global $CONFIG;
// Note I bind to site URL, this is important on multisite!
return md5($user_guid . $email_address . $CONFIG->site->url . get_site_secret());
}
/**
* Generate a unique code to be used in email invitations
*
* @param int $group_guid the group GUID
* @param string $email the email address
*
* @return boolean|string the invite code, or false on failure
*/
function group_tools_generate_email_invite_code($group_guid, $email)
{
$result = false;
if (!empty($group_guid) && !empty($email)) {
// get site secret
$site_secret = get_site_secret();
// generate code
$result = md5($site_secret . strtolower($email) . $group_guid);
}
return $result;
}
/**
* Notifies an user of the RSVP
*
* @param string $type type of the RSVP
* @param string $to guid of the user
*
* @return void
*/
public function notifyOnRsvp($type, $to = null)
{
$ia = elgg_set_ignore_access(true);
if ($to === null) {
$to = elgg_get_logged_in_user_guid();
}
$to_entity = get_entity($to);
if (empty($to_entity)) {
elgg_set_ignore_access($ia);
return;
}
// can we make nice links in the emails
$html_email_handler_enabled = elgg_is_active_plugin("html_email_handler");
// do we have a registration link
$registrationLink = "";
$unsubscribeLink = "";
if ($type == EVENT_MANAGER_RELATION_ATTENDING) {
if ($this->registration_needed) {
$link = elgg_get_site_url() . 'events/registration/view/?guid=' . $this->getGUID() . '&u_g=' . $to . '&k=' . md5($this->time_created . get_site_secret() . $to);
$registrationLink = PHP_EOL . PHP_EOL;
$registrationLink .= elgg_echo('event_manager:event:registration:notification:program:linktext');
$registrationLink .= PHP_EOL . PHP_EOL;
if ($html_email_handler_enabled) {
$registrationLink .= elgg_view("output/url", array("text" => $link, "href" => $link));
} else {
$registrationLink .= $link;
}
}
if ($this->register_nologin) {
$link = elgg_get_site_url() . "events/unsubscribe/" . $this->getGUID() . "/" . elgg_get_friendly_title($this->title) . "?e=" . $to_entity->email;
$unsubscribeLink = PHP_EOL . PHP_EOL;
$unsubscribeLink .= elgg_echo('event_manager:event:registration:notification:unsubscribe:linktext');
$unsubscribeLink .= PHP_EOL . PHP_EOL;
if ($html_email_handler_enabled) {
$unsubscribeLink .= elgg_view("output/url", array("text" => $link, "href" => $link));
} else {
$unsubscribeLink .= $link;
}
}
}
// make the event title for in the e-mail
if ($html_email_handler_enabled) {
$event_title_link = elgg_view("output/url", array("text" => $this->title, "href" => $this->getURL()));
} else {
$event_title_link = $this->title;
}
// notify the owner of the event
$this->notifyOwnerOnRSVP($type, $to_entity, $event_title_link, $registrationLink);
// notify the attending user
$user_subject = elgg_echo('event_manager:event:registration:notification:user:subject');
$user_message = elgg_echo('event_manager:event:registration:notification:user:text:' . $type, array($to_entity->name, $event_title_link));
$user_message .= $registrationLink;
$user_message .= $unsubscribeLink;
if ($to_entity instanceof ElggUser) {
// use notification system for real users
notify_user($to, $this->getOwnerGUID(), $user_subject, $user_message);
} else {
// send e-mail for non users
$to_email = $to_entity->name . "<" . $to_entity->email . ">";
$site = elgg_get_site_entity($this->site_guid);
if ($site->email) {
if ($site->name) {
$site_from = $site->name . " <" . $site->email . ">";
} else {
$site_from = $site->email;
}
} else {
// no site email, so make one up
if ($site->name) {
$site_from = $site->name . " <noreply@" . $site->getDomain() . ">";
} else {
$site_from = "noreply@" . $site->getDomain();
}
}
elgg_send_email($site_from, $to_email, $user_subject, $user_message);
}
elgg_set_ignore_access($ia);
}
<?php
/**
* Tidypics ajax upload form body
*
* @uses $vars['entity']
*/
$album = $vars['entity'];
$ts = time();
$batch = time();
$tidypics_token = md5(session_id() . get_site_secret() . $ts . elgg_get_logged_in_user_entity()->salt);
$basic_uploader_url = current_page_url() . '/basic';
$maxfilesize = (double) elgg_get_plugin_setting('maxfilesize', 'tidypics');
if (!$maxfilesize) {
$maxfilesize = 5;
}
$quota = elgg_get_plugin_setting('quota', 'tidypics');
if ($quota) {
$image_repo_size_md = get_metadata_byname($album->container_guid, "image_repo_size");
$image_repo_size = (int) $image_repo_size_md->value;
$image_repo_size = $image_repo_size / 1024 / 1024;
$quote_percentage = round(100 * ($image_repo_size / $quota));
// for small quotas, so one decimal place
if ($quota < 10) {
$image_repo_size = sprintf('%.1f', $image_repo_size);
} else {
$image_repo_size = round($image_repo_size);
}
if ($image_repo_size > $quota) {
$image_repo_size = $quota;
}
/**
* Generates a Single Sign On secret for a give user
*
* @param ElggUser $user user to generate the secret for
* @param int $timestamp timestamp to limit the durability of the secret
*
* @return boolean|string
*/
function ws_pack_generate_sso_secret(ElggUser $user, $timestamp)
{
static $running_cache;
$result = false;
if (!empty($user) && elgg_instanceof($user, "user", null, "ElggUser")) {
if (!isset($running_cache)) {
$running_cache = array();
}
if (!isset($running_cache[$user->getGUID()])) {
$running_cache[$user->getGUID()] = md5($user->getGUID() . get_site_secret() . $user->salt . $timestamp);
}
$result = $running_cache[$user->getGUID()];
}
return $result;
}
function zhaohuEmailUnsubEnd($group, $user_guid, $is_notificiation, $from_group)
{
$end = '<div style="clear:both;background:#ececec;text-align:center;margin-top:20px;border-top:solid 10px #ececec;border-bottom:solid 10px #ececec">' . '<div style="width:94%;margin:0 auto;border-left:solid 10px #ececec;border-right:solid 10px #ececec;min-width:220px;max-width:600px;text-align:left;font-family:arial;color:#333;font-size:12px;line-height:14px">';
if ($is_notificiation) {
if ($from_group) {
$unsub = elgg_get_site_url() . "zhgroups/emUnsub?guid=" . $group->guid . "&user="******"&k=" . md5($group->time_created . get_site_secret() . $user_guid);
$end .= '<p style="margin:0 0 .25em;color:#333"><a href="' . $unsub . '" style="color:#ccc;text-decoration:underline" target="_blank">' . elgg_echo('zhgroups:mail:unsub1') . '</a> ' . elgg_echo('zhgroups:mail:unsub2') . '</p>';
}
$end .= '<p style="margin:0 0 .25em;color:#333">' . elgg_echo('zhgroups:unsub:site') . '</p>';
}
$end .= '<p style="margin:0 0 .25em;color:#333">' . elgg_echo('51zhaohu') . ': http://51zhaohu.com</p></div></div>';
return zhaohuEmailSupport() . zhaohuEmailSocialButtons() . $end;
}
/**
* Generate a unsubscribe code to be used in validation
*
* @param ElggEntity $container Which newsletter container (ElggSite or ElggGroup)
* @param string|int $recipient The user_guid or email address of the recipient
*
* @return bool|string The unsubscribe code or false on failure
*/
function newsletter_generate_unsubscribe_code(ElggEntity $container, $recipient)
{
$result = false;
if (!empty($container) && (elgg_instanceof($container, "site") || elgg_instanceof($container, "group")) && !empty($recipient)) {
// make sure we have a user_guid or email address
if (is_numeric($recipient) || newsletter_is_email_address($recipient)) {
$plugin = elgg_get_plugin_from_id("newsletter");
$result = hash_hmac("sha256", $container->getGUID() . "|" . $recipient . "|" . $plugin->time_created, get_site_secret());
}
}
return $result;
}
function generate_key()
{
$secret = get_site_secret();
return sha1(microtime(true) . $secret);
}
/**
* Create unqiue hash and store it in the database
* @return string Hash
*/
public function save()
{
$url = sanitize_string($this->url);
$hash = sanitize_string($this->hash);
$time_created = sanitize_int($this->time_created);
$meta = !is_string($this->meta) ? json_encode($this->meta) : $this->meta;
$meta = sanitize_string($meta);
if (!$this->id) {
$query = "INSERT INTO {$this->dbprefix}url_meta_cache (long_url, hash, meta, time_created)\n\t\t\t\t\tVALUES ('{$url}','{$hash}','{$meta}',{$time_created})\n\t\t\t\t\t\tON DUPLICATE KEY UPDATE long_url='{$url}',meta='{$meta}'";
$id = insert_data($query);
$this->id = $id;
$hashids = new Hashids(get_site_secret());
$hash = $hashids->encode($id, $this->time_created);
$query = "UPDATE LOW_PRIORITY {$this->dbprefix}url_meta_cache\n\t\t\t\t\tSET hash = '{$hash}' WHERE id = {$id}";
update_data($query);
} else {
$query = "UPDATE {$this->dbprefix}url_meta_cache SET meta='{$meta}'\n\t\t\t\t\t\tWHERE id='{$this->id}'";
}
self::$cache[$this->url] = array('id' => $this->id, 'hash' => $this->hash, 'meta' => $this->meta, 'time_created' > $this->time_created);
return $hash;
}
/**
* Creates an unsubscribe code
*
* @param EventRegistration $registration registration object
* @param Event $event event
*
* @return false|string
*/
function event_manager_create_unsubscribe_code(EventRegistration $registration, Event $event = null)
{
$result = false;
if (!empty($registration) && elgg_instanceof($registration, "object", EventRegistration::SUBTYPE)) {
if (empty($event) || !elgg_instanceof($event, "object", Event::SUBTYPE)) {
$event = $registration->getOwnerEntity();
}
$site_secret = get_site_secret();
$result = md5($registration->getGUID() . $site_secret . $event->time_created);
}
return $result;
}
$guid = get_input("guid");
$user_guid = get_input('u_g', elgg_get_logged_in_user_guid());
$event = null;
if ($guid && ($entity = get_entity($guid))) {
if ($entity instanceof Event) {
$event = $entity;
}
}
$output = "";
if ($event) {
// @todo move to menu hook
$save_to_pdf_options = array("name" => "save_to_pdf", "text" => elgg_echo('event_manager:registration:view:savetopdf'), "link_class" => "elgg-button elgg-button-action", "href" => "action/event_manager/registration/pdf?k=" . md5($event->time_created . get_site_secret() . $user_guid) . "&guid=" . $guid . "&u_g=" . $user_guid, "is_action" => true);
elgg_register_menu_item("title", ElggMenuItem::factory($save_to_pdf_options));
}
if ($event && !empty($key)) {
$tempKey = md5($event->time_created . get_site_secret() . $user_guid);
if ($tempKey == $key && get_entity($user_guid)) {
$title_text = elgg_echo('event_manager:registration:registrationto') . " '" . $event->title . "'";
$old_ia = elgg_set_ignore_access(true);
$output .= elgg_view('event_manager/event/pdf', array('entity' => $event));
$output .= $event->getRegistrationData($user_guid);
if ($event->with_program) {
$output .= $event->getProgramData($user_guid);
}
elgg_set_ignore_access($old_ia);
elgg_push_breadcrumb($event->title, $event->getURL());
elgg_push_breadcrumb($title_text);
$body = elgg_view_layout('content', array('filter' => '', 'content' => $output, 'title' => $title_text));
echo elgg_view_page($title_text, $body);
} else {
forward("events");
/**
* @see generate_action_token
* @access private
*/
public function generateActionToken($timestamp)
{
$site_secret = get_site_secret();
$session_id = _elgg_services()->session->getId();
// Session token
$st = _elgg_services()->session->get('__elgg_session');
if ($site_secret && $session_id) {
return md5($site_secret . $timestamp . $session_id . $st);
}
return false;
}
/**
* Generate a token for the current user suitable for being placed in a hidden field in action forms.
*
* @param int $timestamp Unix timestamp
*/
function generate_action_token($timestamp)
{
// Get input values
$site_secret = get_site_secret();
// Current session id
$session_id = session_id();
// Get user agent
$ua = $_SERVER['HTTP_USER_AGENT'];
// Session token
$st = $_SESSION['__elgg_session'];
if ($site_secret && $session_id) {
return md5($site_secret . $timestamp . $session_id . $ua . $st);
}
return false;
}
/**
* Prepares a URL that can be used to display an icon bypassing the engine boot
*
* @param \ElggEntity $entity Entity
* @param string $size Size
* @return \ElggFile
*/
public function getURL(\ElggEntity $entity, $size = '')
{
$icon = $this->getIconFile($entity, $size);
$key = get_site_secret();
$guid = $entity->guid;
$path = $icon->getFilename();
$hmac = hash_hmac('sha256', $guid . $path, $key);
$query = serialize(array('uid' => $guid, 'd' => $entity instanceof \ElggUser ? $entity->guid : $entity->owner_guid, 'dts' => $entity instanceof \ElggUser ? $entity->time_created : $entity->getOwnerEntity()->time_created, 'path' => $path, 'ts' => $entity->icontime, 'mac' => $hmac));
$url = elgg_http_add_url_query_elements('mod/hypeApps/servers/icon.php', array('q' => base64_encode($query)));
return elgg_normalize_url($url);
}
} elseif (subsite_manager_simplesaml_check_auto_create_account($source, $saml_attributes)) {
// we have enough information to create the account so let's do that
$forward_url = "action/simplesaml/register?saml_source=" . $source;
$forward_url = elgg_add_action_tokens_to_url($forward_url);
} else {
// no user found, so forward to a different page
$forward_url = "saml/no_linked_account/" . $source;
system_message(elgg_echo("simplesaml:login:no_linked_account", array($label)));
}
}
// restore hidden settings
access_show_hidden_entities($hidden);
}
// } else {
// register_error(elgg_echo("simplesaml:error:source_not_enabled", array($label)));
// }
} else {
register_error(elgg_echo("simplesaml:error:no_source"));
}
} elseif ($returnTo = get_input("from")) {
$url_parts = parse_url($returnTo);
$site_secret = get_site_secret();
$host = $url_parts["host"];
$session_id = session_id();
$ts = time();
$validate = md5($session_id . $site_secret . $ts . $host);
$forward_url = $returnTo . "?sid=" . base64_encode($session_id) . "&ts=" . $ts . "&validate=" . $validate;
} else {
register_error(elgg_echo("simplesaml:error:loggedin"));
}
forward($forward_url);
/**
* Generate an email activation code.
*
* @param int $user_guid The guid of the user
* @param string $email_address Email address
* @return string
*/
function uservalidationbyemail_generate_code($user_guid, $email_address)
{
$site_url = elgg_get_site_url();
// Note I bind to site URL, this is important on multisite!
return md5($user_guid . $email_address . $site_url . get_site_secret());
}
function get_session_fingerprint()
{
global $CONFIG;
return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret());
}
function digest_generate_commandline_secret()
{
static $result;
if (!isset($result)) {
$site_secret = get_site_secret();
$digest_plugin = elgg_get_plugin_from_id("digest");
$result = md5($digest_plugin->getGUID() . $site_secret . $digest_plugin->time_created);
}
return $result;
}
