function event_hook($event, &$bag, &$eventData, $addData = null) { global $serendipity; $hooks =& $bag->get('event_hooks'); $logout_url = $this->get_config('logout_url'); if (isset($hooks[$event])) { switch ($event) { case 'frontend_configure': if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) { serendipity_login(); } elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) { serendipity_logout(); header('Status: 302 Found'); if ($logout_url != "") { header("Location: {$logout_url}"); } else { header("Location: {$serendipity['baseURL']}{$serendipity['indexFile']}"); } exit; } return true; break; default: return false; } } else { return false; } }
header("HTTP/1.0 401 Unauthorized"); header("Status: 401 Unauthorized"); exit; } else { if (!isset($serendipity['POST']['user'])) { $serendipity['POST']['user'] = $_SERVER['PHP_AUTH_USER']; } if (!isset($serendipity['POST']['pass'])) { $serendipity['POST']['pass'] = $_SERVER['PHP_AUTH_PW']; } } } elseif (isset($_REQUEST['http_auth_user']) && isset($_REQUEST['http_auth_pw'])) { $serendipity['POST']['user'] = $_REQUEST['http_auth_user']; $serendipity['POST']['pass'] = $_REQUEST['http_auth_pw']; } serendipity_login(false); } if (isset($_SESSION['serendipityAuthorid'])) { serendipity_load_configuration($_SESSION['serendipityAuthorid']); $serendipity['lang'] = serendipity_getPostAuthSessionLanguage(); } // Try to fix some path settings. It seems common users have this setting wrong // when s9y is installed into the root directory, especially 0.7.1 upgrade users. if (empty($serendipity['serendipityHTTPPath'])) { $serendipity['serendipityHTTPPath'] = '/'; } /* Changing this is NOT recommended, rewrite rules does not take them into account - yet */ serendipity_initPermalinks(); // Apply constants/definitions from custom permalinks serendipity_permalinkPatterns(); /*
serendipity_plugin_api::hook_event('backend_configure', $serendipity); } } if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') { serendipity_logout(); header("Location: " . $serendipity['baseURL']); } else { if (IS_installed === true) { /* Check author token to insure session not hijacked */ if (!isset($_SESSION['author_token']) || !isset($serendipity['COOKIE']['author_token']) || $_SESSION['author_token'] !== $serendipity['COOKIE']['author_token']) { $_SESSION['serendipityAuthedUser'] = false; serendipity_session_destroy(); } if (!serendipity_userLoggedIn()) { // Try again to log in, this time with enabled external authentication event hook serendipity_login(true); } } } // If we are inside an iframe, halt the script if (serendipity_is_iframe() !== false) { include_once S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php'; // An iframe may NOT contain <html> and </html> tags, that's why we emit different headers here than on serendipity_admin.php // We need to restore GET/POST variables to that depending plugins inside the iframe // can still fetch all that variables; and we also tighten security by not allowing // to pass any different GET/POST variables to our iframe. $iframe_mode = $serendipity['GET']['iframe_mode']; $serendipity['POST'] =& $_SESSION['save_entry_POST']; $serendipity['GET'] =& $_SESSION['save_entry_POST']; // GET-Vars are the same as POST to ensure compatibility. $serendipity['hidefooter'] = true;
function event_hook($event, &$bag, &$eventData, $addData = null) { global $serendipity; static $login_url = null; if ($login_url === null) { $login_url = $serendipity['baseURL'] . $serendipity['indexFile'] . '?/plugin/loginbox'; } $hooks =& $bag->get('event_hooks'); if (isset($hooks[$event])) { switch ($event) { case 'frontend_saveComment': if (!isset($serendipity['csuccess'])) { $serendipity['csuccess'] = 'true'; } if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn() && $addData['source2'] != 'adduser') { $eventData = array('allow_comments' => false); $serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON; return false; } if (serendipity_db_bool($this->get_config('registered_only')) && !$this->inGroup() && $addData['source2'] != 'adduser') { $eventData = array('allow_comments' => false); $serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON; return false; } if (serendipity_db_bool($this->get_config('true_identities')) && !serendipity_userLoggedIn()) { $user = str_replace(" b", '', $addData['name']); $user = serendipity_db_escape_string(preg_replace('@\\s+@', ' ', trim($user))); $user = trim($user); $authors = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}authors WHERE realname = '" . $user . "'"); if (is_array($authors) && isset($authors[0]['authorid'])) { $eventData = array('allow_comments' => false); $serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_CHECK_REASON, $login_url, 'onclick="javascript:loginbox = window.open(this.href, \'loginbox\', \'width=300,height=300,locationbar=no,menubar=no,personalbar=no,statusbar=yes,status=yes,toolbar=no\'); return false;"'); } } break; case 'external_plugin': if ($eventData != 'loginbox') { return true; } $out = array(); serendipity_plugin_api::hook_event('backend_login_page', $out); serendipity_smarty_init(); $serendipity['smarty']->assign(array('loginform_add' => $out, 'loginform_url' => $login_url, 'loginform_user' => $_SESSION['serendipityUser'], 'loginform_mail' => $_SESSION['serendipityEmail'], 'close_window' => defined('LOGIN_ACTION'), 'is_logged_in' => serendipity_userLoggedIn(), 'is_error' => defined('LOGIN_ERROR'))); $filename = 'loginbox.tpl'; $tfile = serendipity_getTemplateFile($filename, 'serendipityPath'); if (!$tfile || $tfile == $filename) { $tfile = dirname(__FILE__) . '/' . $filename; } $inclusion = $serendipity['smarty']->security_settings[INCLUDE_ANY]; $serendipity['smarty']->security_settings[INCLUDE_ANY] = true; $serendipity['smarty']->display($tfile); break; case 'frontend_display': if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn()) { $serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_ONLY_REASON, $serendipity['baseURL'] . $serendipity['indexFile'] . '?serendipity[subpage]=adduser', $serendipity['baseURL'] . 'serendipity_admin.php'); $eventData['allow_comments'] = false; } break; case 'frontend_configure': if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) { serendipity_login(); if (serendipity_userLoggedIn()) { define('LOGIN_ACTION', 'login'); header('X-s9y-auth: Login'); } else { define('LOGIN_ERROR', true); } } elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) { serendipity_logout(); if (!serendipity_userLoggedIn()) { header('X-s9y-auth: Logout'); define('LOGIN_ACTION', 'logout'); } } if ((serendipity_db_bool($this->get_config('registered_only')) || serendipity_db_bool($this->get_config('true_identities'))) && $_SESSION['serendipityAuthedUser']) { if (defined('IN_serendipity_admin') && $serendipity['GET']['adminAction'] == 'doEdit') { // void } else { $serendipity['COOKIE']['name'] = isset($_SESSION['serendipityRealname']) ? $_SESSION['serendipityRealname'] : $_SESSION['serendipityUser']; $serendipity['COOKIE']['email'] = $_SESSION['serendipityEmail']; if ($serendipity['POST']['comment']) { $serendipity['POST']['name'] = $serendipity['COOKIE']['name']; $serendipity['POST']['email'] = $serendipity['COOKIE']['email']; } } } return true; break; case 'entry_display': if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation']) || !empty($this->clean_page)) { if (is_array($eventData)) { $eventData['clean_page'] = true; } } break; case 'entries_header': if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation'])) { $this->clean_page = true; $url = $serendipity['baseURL'] . $serendipity['indexFile']; $hidden['subpage'] = 'adduser'; $username = substr($serendipity['POST']['adduser_user'], 0, 40); $password = substr($serendipity['POST']['adduser_pass'], 0, 32); $email = $serendipity['POST']['adduser_email']; echo '<div id="adduser_form" style="padding-left: 4px; padding-right: 10px"><a id="adduser"></a>'; // Get the config from the sidebar plugin $pair_config = array('userlevel' => USERLEVEL_EDITOR, 'no_create' => false, 'right_publish' => false, 'instructions' => $this->get_config('instructions', ''), 'usergroups' => array(), 'straight_insert' => false, 'approve' => false, 'use_captcha' => false); $config = serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}config WHERE name LIKE 'serendipity_plugin_adduser:%'"); if (is_array($config)) { foreach ($config as $conf) { $names = explode('/', $conf['name']); if ($names[1] == 'instructions' && !empty($pair_config['instructions'])) { continue; } if ($names[1] == 'usergroups') { $ug = (array) explode(',', $conf['value']); foreach ($ug as $cid) { if ($cid === false || empty($cid)) { continue; } $pair_config[$names[1]][$cid] = $cid; } } else { $pair_config[$names[1]] = serendipity_get_bool($conf['value']); } } } if (!serendipity_common_adduser::adduser($username, $password, $email, $pair_config['userlevel'], $pair_config['usergroups'], $pair_config['no_create'], $pair_config['right_publish'], $pair_config['straight_insert'], $pair_config['approve'], $pair_config['use_captcha'])) { serendipity_common_adduser::loginform($url, $hidden, $pair_config['instructions'], $username, $password, $email, $pair_config['use_captcha']); } echo '</div>'; } return true; break; default: return false; } } else { return false; } }
// No multipart-message, so this is the body: $body =& $structure->body; } if ($params['auth'] == 'mailbody') { preg_match('@^\\(([^:]*):(.*)\\)@', $body, $matches); $body = trim(preg_replace('@^\\(' . preg_quote($matches[1]) . ':' . preg_quote($matches[2]) . '\\)@', '', $body)); $serendipity['POST']['user'] = $matches[1]; $serendipity['POST']['pass'] = $matches[2]; } elseif ($params['auth'] == 'mailsubject') { preg_match('@^\\(([^:]*):(.*)\\)@', $subject, $matches); $subject = trim(preg_replace('@^\\(' . preg_quote($matches[1]) . ':' . preg_quote($matches[2]) . '\\)@', '', $subject)); $serendipity['POST']['user'] = $matches[1]; $serendipity['POST']['pass'] = $matches[2]; } $serendipity['POST']['auto'] = 'true'; if (serendipity_userLoggedIn() || function_exists('serendipity_login') && serendipity_login()) { logger(sprintf(MAIL2S9Y_AUTHENTICATION_GRANTED, $params['auth'])); } else { logger(sprintf(MAIL2S9Y_AUTHENTICATION_FAILED, $params['auth'])); die(sprintf(MAIL2S9Y_AUTHENTICATION_FAILED, $params['auth'])); mail($from, MAIL2S9Y_POSTING_FAILED, sprintf(MAIL2S9Y_AUTHENTICATION_FAILED, $params['auth'])); } if (count($writefiles) > 0) { foreach ($writefiles as $idx => $filearray) { $fd = fopen($filearray['image'], 'w'); fwrite($fd, $filearray['data']); fclose($fd); } } logger(sprintf(MAIL2S9Y_MAILINFO, $from, $subject, strlen($body), $images)); if ($post > 0) {
function picasa_pre_upload() { global $serendipity; if (!serendipity_userLoggedIn()) { if (!serendipity_login()) { // save off the rss data because it won't be posted again if ($_POST['rss']) { $_SESSION['picasa_rss'] = $_POST['rss']; } echo "<html>\n"; echo "<head>\n"; echo "<script language=javascript> function sf() { document.getElementById('serendipity[user]').focus(); }</script>\n"; echo "</head>\n"; echo "<body onload='javscript:sf()'>\n"; echo "<form name='f' method='post' action='index.php?/plugin/picasa_pre_upload'>\n"; echo "<h2>" . PLUGIN_EVENT_PICASA_UPLOAD_HEADER . $serendipity['baseURL'] . "</h2>\n"; echo PLUGIN_EVENT_PICASA_UPLOAD_USERNAME . "<br />\n"; echo "<input type='text' name='serendipity[user]' /><br />\n"; echo PLUGIN_EVENT_PICASA_UPLOAD_PASSWORD . "<br />\n"; echo "<input type='password' name='serendipity[pass]' /><br />\n"; echo "<input id='autologin' type='checkbox' name='serendipity[auto]' /><label for='autologin'>" . PLUGIN_EVENT_PICASA_UPLOAD_REMEMBER_LOGIN . "</label><br />\n"; echo "<input type='submit' name='submit' value='" . PLUGIN_EVENT_PICASA_UPLOAD_LOGIN . "' />"; echo "<input type='button' value='" . PLUGIN_EVENT_PICASA_UPLOAD_DISCARD . "' onclick=\"location.href='minibrowser:close'\">\n"; echo "</form>\n"; echo "</body>\n"; echo "</html>\n"; return; } } if (!$_POST['rss']) { if (!$_SESSION['picasa_rss']) { echo PLUGIN_EVENT_PICASA_ERR_MISSING_RSS; return; } else { $rss = $_SESSION['picasa_rss']; } } else { $rss = $_POST['rss']; } $imgSize = $this->get_config('upload_image_size'); $thumbSize = $serendipity['thumbSize']; $xh = new xmlHandler(); $nodeNames = array("PHOTO:THUMBNAIL", "PHOTO:IMGSRC", "TITLE", "DESCRIPTION"); $xh->setElementNames($nodeNames); $xh->setStartTag("ITEM"); $xh->setXmlData($rss); $pData = $xh->xmlParse(); // save this since we need to access the descriptions during upload $_SESSION['picasa_rss_parsed'] = $pData; echo "<html>\n"; echo "<head>\n"; echo "<script language=javascript> function sf() { document.getElementById('albumName').focus(); }</script>\n"; echo "</head>\n"; echo "<body onload='javscript:sf()'>\n"; echo "<form name='f' method='post' action='index.php?/plugin/picasa_upload'>\n"; echo "<h2>" . PLUGIN_EVENT_PICASA_UPLOAD_HEADER . $serendipity['baseURL'] . "</h2>\n"; echo "<div>" . PLUGIN_EVENT_PICASA_UPLOAD_ALBUMNAME . "</div>\n"; echo "<div><input type='text' name='albumName' tabindex='1'></div>\n"; echo "<div>" . PLUGIN_EVENT_PICASA_UPLOAD_DESCRIPTION . "</div>\n"; echo "<div><textarea name='albumDescription' rows='5' cols='50'></textarea></div>\n"; echo "<div>" . PLUGIN_EVENT_PICASA_UPLOAD_PARENTDIR . "</div>\n"; echo "<select name='parentDir' id='parentDir'>\n"; echo "<option value=''>" . PLUGIN_EVENT_PICASA_UPLOAD_PARENTDIR_BASEDIR . "</option>\n"; $picasapath = $this->get_config('picasapath'); $paths = serendipity_traversePath($picasapath); $prunedPaths = array(); foreach ($paths as $path) { $name = $path['name']; $relpath = $path['relpath']; // check if this is a subdirectory of an already pruned directory $subdirOfPruned = false; foreach ($prunedPaths as $prunedPath) { if (0 == strncmp($prunedPath, $relpath, strlen($prunedPath))) { $subdirOfPruned = true; break; } } // don't allow nesting of albums; if the album has any subdirectories, collisions could happen if (!file_exists($picasapath . '/' . $relpath . '/index.xml')) { if (!$subdirOfPruned) { $splitPath = explode('/', $relpath); $encodedRelpath = htmlentities($relpath, ENT_QUOTES, LANG_CHARSET); $prefix = str_repeat(' ', count($splitPath)); echo "<option value='{$encodedRelpath}'>{$prefix} {$name}</option>\n"; } } else { $prunedPaths[] = $relpath; } } echo "</select>\n"; // Image request queue: add image requests for base image & clickthrough foreach ($pData as $e) { // use a thumbnail if you don't want exif (saves space) // thumbnail requests are clamped at 144 pixels // (negative values give square-cropped images) $small = $e['photo:thumbnail'] . "?size={$thumbSize}"; $large = $e['photo:imgsrc'] . "?size={$imgSize}"; echo "<input type='hidden' name='{$large}'>\n"; echo "<input type='hidden' name='{$small}'>\n"; } echo "<br />\n"; echo "<input type=submit value='" . PLUGIN_EVENT_PICASA_UPLOAD_UPLOAD . "'>\n"; echo "<input type=button value='" . PLUGIN_EVENT_PICASA_UPLOAD_DISCARD . "' onclick=\"location.href='minibrowser:close'\">\n"; echo "</form><br />\n"; // Preview "tray": draw thumbnails of each image that will be uploaded foreach ($pData as $e) { $thumb = $e['photo:thumbnail']; echo "<img src='{$thumb}?size={$thumbSize}'>\n"; } echo "</body>\n"; echo "</html>\n"; }