/** * set a permanent cookie * * @param string cookie name * @param string cookie value */ public static function set_cookie($name, $value) { global $context; // assign the cookie to this instance of yacs Safe::setcookie($name, $value, time() + 60 * 60 * 24 * 500, $context['url_to_root']); // also set cookies used in leading index.php if ($home = getenv('YACS_HOME')) { Safe::setcookie($name, $value, time() + 60 * 60 * 24 * 500, $home . '/'); } if ($context['url_to_root'] == '/yacs/') { Safe::setcookie($name, $value, time() + 60 * 60 * 24 * 500, '/'); } }
Logger::error(i18n::s('This page has no overlay')); // not a valid poll } elseif (!@count($overlay->attributes['answers'])) { Logger::error(i18n::s('Not a valid poll')); // not a valid vote } elseif ($vote < 1 || $vote > @count($overlay->attributes['answers'])) { Logger::error(i18n::s('Not a valid vote')); // a vote has already been registered } elseif (isset($_COOKIE['poll_' . $item['id']])) { Safe::header('Status: 401 Unauthorized', TRUE, 401); Logger::error(i18n::s('You have already voted')); // record the vote } else { // set a cookie to remember the vote for 100 days if ($id && $vote) { Safe::setcookie('poll_' . $item['id'], $vote, time() + 60 * 60 * 24 * 100, $context['url_to_root']); } // increment answers $vote--; list($label, $count) = $overlay->attributes['answers'][$vote]; $overlay->attributes['answers'][$vote] = array($label, $count + 1); // supports up to two levels arrays foreach ($overlay->attributes as $name => $value) { if (is_array($value)) { foreach ($value as $sub_name => $sub_value) { $overlay->attributes[$name][$sub_name] = str_replace('\\', '\\\\', $sub_value); } } else { $overlay->attributes[$name] = str_replace('\\', '\\\\', $value); } }
<?php /** * break a session * * @author Bernard Paques * @reference * @license http://www.gnu.org/copyleft/lesser.txt GNU Lesser General Public License */ // common definitions and initial processing include_once '../shared/global.php'; // if it was a HEAD request, stop here if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'HEAD') { return; } // clear permanent name Safe::setcookie('surfer_name', '', time() + 60 * 60 * 24 * 500, '/'); // destroy surfer session Surfer::reset(); // redirect to another page if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] && !preg_match('/login\\.php/i', $_SERVER['HTTP_REFERER'])) { Safe::redirect($_SERVER['HTTP_REFERER']); } else { Safe::redirect($context['url_to_home'] . $context['url_to_root']); }
// give a four $context['text'] .= '<div style="float: left;"><input name="rating" type="radio" value="4" onclick="$(\'#main_form\').submit()" /> ' . i18n::s('Good') . ' </div> '; // give a three $context['text'] .= '<div style="float: left;"><input name="rating" type="radio" value="3" onclick="$(\'#main_form\').submit()" /> ' . i18n::s('Average') . ' </div> '; // give a two $context['text'] .= '<div style="float: left;"><input name="rating" type="radio" value="2" onclick="$(\'#main_form\').submit()" /> ' . i18n::s('Poor') . ' </div> '; // give a one $context['text'] .= '<div style="float: left;"><input name="rating" type="radio" value="1" onclick="$(\'#main_form\').submit()" /> ' . i18n::s('Forget it') . ' </div> '; $context['text'] .= '<br style="clear: left;" />'; // end of the form $context['text'] .= '</div></form>'; // record the rating } else { // set a cookie to remember the rating for 100 days if ($rating) { Safe::setcookie('rating_' . $item['id'], $rating, time() + 60 * 60 * 24 * 100, $context['url_to_root']); } // update the database Articles::rate($item['id'], $rating); // touch the related anchor if (is_object($anchor)) { $anchor->touch('article:update', $item['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y'); } // clear the cache Articles::clear($item); // return from rating if (!headers_sent()) { // go back to page referring to here if (isset($_REQUEST['referer'])) { Safe::redirect($_REQUEST['referer']); } else {
$context['page_title'] = i18n::s('Validate your e-mail address'); // stop crawlers if (Surfer::is_crawler()) { Safe::header('Status: 401 Unauthorized', TRUE, 401); Logger::error(i18n::s('You are not allowed to perform this operation.')); // not found } elseif (!isset($item['id'])) { include '../error.php'; // bad handle } elseif ($id != $item['handle']) { include '../error.php'; } elseif (Users::validate($item['id'])) { // congratulations $context['text'] .= sprintf(i18n::s('<p>%s,</p><p>Your e-mail address has been validated, and you are now an active member of this community.</p>'), ucfirst($item['nick_name'])); // set permanent name shown from top level Safe::setcookie('surfer_name', $item['nick_name'], time() + 60 * 60 * 24 * 500, '/'); // save surfer profile in session context Surfer::set($item); // follow-up commands $follow_up = i18n::s('Where do you want to go now?'); $menu = array(); $menu = array_merge($menu, array(Users::get_permalink($item) => i18n::s('My profile'))); $menu = array_merge($menu, array($context['url_to_root'] => i18n::s('Front page'))); $follow_up .= Skin::build_list($menu, 'menu_bar'); $context['text'] .= Skin::build_block($follow_up, 'bottom'); // failed operation } else { $context['text'] .= '<p>' . i18n::s('Your e-mail address has not been validated.') . "</p>\n"; } // render the skin render_skin();
// extra panel // // user profile aside $context['components']['profile'] = Skin::build_profile($user, 'extra'); // navigation links, in an extra box $links = array(); $links = array_merge($links, array($context['url_to_root'] => i18n::s('Front page'))); $links = array_merge($links, array('sections/' => i18n::s('Site map'))); $links = array_merge($links, array('users/' => i18n::s('People'))); $links = array_merge($links, array('categories/' => i18n::s('Categories'))); $links = array_merge($links, array('search.php' => i18n::s('Search'))); $context['components']['boxes'] .= Skin::build_box(i18n::s('Navigate'), Skin::build_list($links, 'compact'), 'boxes'); // failed authentication } else { // set permanent name shown from top level Safe::setcookie('surfer_name', preg_replace('/(@.+)$/', '', $name), time() + 60 * 60 * 24 * 500, '/'); // reset the current session Surfer::reset(); // share status Logger::error(i18n::s('Failed authentication'), FALSE); // help surfer to recover if ($items =& Users::search($name, 1.0, 7, 'password')) { // display candidate profiles if (is_array($items)) { $items =& Skin::build_list($items, 'decorated'); } $context['text'] .= Skin::build_box(i18n::s('Have you lost your password?'), $items); } // ask for support $context['text'] .= Skin::build_box(i18n::s('Do you need more help?'), '<p>' . sprintf(i18n::s('Use the %s to ask for help'), Skin::build_link('query.php', i18n::s('query form'), 'shortcut')) . '</p>'); }
/** * put an updated user profile in the database * * If present, only the password is changed. Or other fields except the password are modified. * * To change a password, set fields 'id', 'password' and 'confirm' * * @param array an array of fields * @return TRUE on success, FALSE otherwise * * @see users/edit.php * @see users/password.php * @see users/select_avatar.php **/ public static function put(&$fields) { global $context; // load the record $item = Users::get($fields['id']); if (!isset($item['id']) || !$item['id']) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // remember who is changing this record Surfer::check_default_editor($fields); // if a password change if (isset($fields['password'])) { // ensure that the password has been provided twice if (!isset($fields['confirm']) || $fields['confirm'] != $fields['password']) { Logger::error(i18n::s('New password has to be confirmed.')); return FALSE; } // hash password, we are coming from an interactive form $fields['password'] = md5($fields['password']); // else if a regular profile update } else { // nick_name is required if (!isset($fields['nick_name']) || !trim($fields['nick_name'])) { Logger::error(i18n::s('Please indicate a nick name.')); return FALSE; } // some weird users put spaces around $fields['nick_name'] = trim($fields['nick_name']); // nick_name may be already used if (($used = Users::get($fields['nick_name'])) && $used['id'] != $fields['id']) { Logger::error(i18n::s('Another member already has this nick name. Please select a different one.')); return FALSE; } // ensure we have a full name if (!isset($fields['full_name']) || !trim($fields['full_name'])) { $fields['full_name'] = $fields['nick_name']; } // protect from hackers if (isset($fields['avatar_url'])) { $fields['avatar_url'] = encode_link($fields['avatar_url']); } // set default values if (!isset($fields['active']) || !$fields['active']) { $fields['active'] = 'Y'; } if (isset($fields['selected_editor'])) { $fields['editor'] = $fields['selected_editor']; } elseif (isset($context['users_default_editor'])) { $fields['editor'] = $context['users_default_editor']; } else { $fields['editor'] = 'yacs'; } if (!isset($fields['interface']) || $fields['interface'] != 'C') { $fields['interface'] = 'I'; } if (!isset($fields['with_newsletters']) || $fields['with_newsletters'] != 'Y') { $fields['with_newsletters'] = 'N'; } if (!isset($fields['without_alerts']) || $fields['without_alerts'] != 'N') { $fields['without_alerts'] = 'Y'; } if (!isset($fields['without_confirmations']) || $fields['without_confirmations'] != 'N') { $fields['without_confirmations'] = 'Y'; } if (!isset($fields['without_messages']) || $fields['without_messages'] != 'N') { $fields['without_messages'] = 'Y'; } if (!isset($fields['birth_date']) || !$fields['birth_date']) { $fields['birth_date'] = NULL_DATE; } // clean provided tags if (isset($fields['tags'])) { $fields['tags'] = trim($fields['tags'], " \t.:,!?"); } // save new settings in session and in cookie if (Surfer::is($fields['id'])) { // change preferred editor $_SESSION['surfer_editor'] = $fields['editor']; Safe::setcookie('surfer_editor', $fields['editor'], NULL, '/'); // change preferred language if (isset($fields['language']) && $_SESSION['surfer_language'] != $fields['language']) { $_SESSION['surfer_language'] = $fields['language']; $_SESSION['l10n_modules'] = array(); } } } // update an existing record $query = "UPDATE " . SQL::table_name('users') . " SET "; // change only the password if (isset($fields['password'])) { $query .= "password='******'password']) . "'"; } else { $query .= "email='" . SQL::escape(isset($fields['email']) ? $fields['email'] : '') . "', " . "aim_address='" . SQL::escape(isset($fields['aim_address']) ? $fields['aim_address'] : '') . "', " . "alternate_number='" . SQL::escape(isset($fields['alternate_number']) ? $fields['alternate_number'] : '') . "', " . "avatar_url='" . SQL::escape(isset($fields['avatar_url']) ? $fields['avatar_url'] : '') . "', " . "birth_date='" . SQL::escape($fields['birth_date']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "editor='" . SQL::escape($fields['editor']) . "', " . "from_where='" . SQL::escape(isset($fields['from_where']) ? $fields['from_where'] : '') . "', " . "full_name='" . SQL::escape(isset($fields['full_name']) ? $fields['full_name'] : '') . "', " . "icq_address='" . SQL::escape(isset($fields['icq_address']) ? $fields['icq_address'] : '') . "', " . "interface='" . SQL::escape($fields['interface']) . "', " . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "', " . "irc_address='" . SQL::escape(isset($fields['irc_address']) ? $fields['irc_address'] : '') . "', " . "jabber_address='" . SQL::escape(isset($fields['jabber_address']) ? $fields['jabber_address'] : '') . "', " . "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : 'none') . "', " . "msn_address='" . SQL::escape(isset($fields['msn_address']) ? $fields['msn_address'] : '') . "', " . "nick_name='" . SQL::escape($fields['nick_name']) . "', " . "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "', " . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "pgp_key='" . SQL::escape(isset($fields['pgp_key']) ? $fields['pgp_key'] : '') . "', " . "phone_number='" . SQL::escape(isset($fields['phone_number']) ? $fields['phone_number'] : '') . "', " . "signature='" . SQL::escape(isset($fields['signature']) ? $fields['signature'] : '') . "', " . "skype_address='" . SQL::escape(isset($fields['skype_address']) ? $fields['skype_address'] : '') . "', " . "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "', " . "twitter_address='" . SQL::escape(isset($fields['twitter_address']) ? $fields['twitter_address'] : '') . "', " . "vcard_agent='" . SQL::escape(isset($fields['vcard_agent']) ? $fields['vcard_agent'] : '') . "', " . "vcard_label='" . SQL::escape(isset($fields['vcard_label']) ? $fields['vcard_label'] : '') . "', " . "vcard_organization='" . SQL::escape(isset($fields['vcard_organization']) ? $fields['vcard_organization'] : '') . "', " . "vcard_title='" . SQL::escape(isset($fields['vcard_title']) ? $fields['vcard_title'] : '') . "', " . "web_address='" . SQL::escape(isset($fields['web_address']) ? $fields['web_address'] : '') . "', " . "with_newsletters='" . $fields['with_newsletters'] . "', " . "without_alerts='" . $fields['without_alerts'] . "', " . "without_confirmations='" . $fields['without_confirmations'] . "', " . "without_messages='" . $fields['without_messages'] . "', " . "yahoo_address='" . SQL::escape(isset($fields['yahoo_address']) ? $fields['yahoo_address'] : '') . "'"; // fields set only by associates -- see users/edit.php if (Surfer::is_associate()) { $query .= ", " . "capability='" . SQL::escape($fields['capability']) . "', " . "active='" . SQL::escape($fields['active']) . "'"; } } // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='user:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query $query .= " WHERE id = " . SQL::escape($item['id']); SQL::query($query, FALSE, $context['users_connection']); // list the user in categories if (isset($fields['tags']) && $fields['tags']) { Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']); } // clear all the cache on profile update, because of avatars, etc. $fields['id'] = $item['id']; Users::clear($fields); // send a confirmation message on password change if (isset($context['with_email']) && $context['with_email'] == 'Y' && isset($fields['confirm']) && $item['email'] && $item['without_confirmations'] != 'Y') { // message title $subject = sprintf(i18n::s('Your account at %s'), strip_tags($context['site_name'])); // message body $message = '<p>' . sprintf(i18n::s('This message has been automatically sent to you to confirm a change of your profile at %s.'), '<a href="' . $context['url_to_master'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Your nick name is %s'), $item['nick_name']) . BR . sprintf(i18n::s('Authenticate with password %s'), $fields['confirm']) . '</p>' . '<p>' . sprintf(i18n::s('On-line help is available at %s'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '">' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Thank you for your interest into %s.'), '<a href="' . $context['url_to_master'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>'; // enable threading $headers = Mailer::set_thread('user:'******'id']); // post the confirmation message Mailer::notify(NULL, $item['email'], $subject, $message, $headers); } // update user session if (isset($fields['nick_name']) && Surfer::get_id() && $fields['id'] == Surfer::get_id() && is_callable(array('Surfer', 'set'))) { Surfer::set($fields); } // end of job return TRUE; }