/** * Constructor. * * @param mixed $message Response status/error message, may be string or array. * @param mixed $payload Payload. */ public function __construct($message, $payload = null) { $this->messages = (array) $message; $this->payload = $payload; if ($this->newCsrfToken) { $this->authid = SecurityUtil::generateAuthKey(ModUtil::getName()); $this->csrfToken = SecurityUtil::generateCsrfToken(); } }
/** * Zikula_View insert function to dynamically generated an authorisation key * * Available parameters: * - module: The well-known name of a module to execute a function from (required) * - assign: If set, the results are assigned to the corresponding variable instead of printed out * * Example * <input type="hidden" name="authid" value="{insert name='generateauthkey' module='Users'}" /> * * @param array $params All attributes passed to this function from the template. * @param Zikula_View $view Reference to the Zikula_View object. * * @return string */ function smarty_insert_generateauthkey($params, $view) { LogUtil::log(__f('Warning! Template plugin {%1$s} is deprecated, please use {%2$s} instead.', array('insert name="secgenauthkey" ...', "insert name='csrftoken' ...")), E_USER_DEPRECATED); $module = isset($params['module']) ? $params['module'] : null; if (!$module) { $module = ModUtil::getName(); } $result = SecurityUtil::generateAuthKey($module); // NOTE: assign parameter is handled by the smarty_core_run_insert_handler(...) function in lib/vendor/Smarty/internals/core.run_insert_handler.php return $result; }
/** * Constructor. * * @param mixed $payload Application data. * @param mixed $message Response status/error message, may be string or array. * @param array $options Options. */ public function __construct($payload, $message = null, array $options = array()) { $this->payload = $payload; $this->messages = (array) $message; $this->options = $options; if ($this->newCsrfToken) { if (System::isLegacyMode()) { $this->authid = SecurityUtil::generateAuthKey(ModUtil::getName()); } $this->csrfToken = SecurityUtil::generateCsrfToken(); } }
/** * Constructor. * * @param mixed $payload Application data. * @param mixed $message Response status/error message, may be string or array. * @param array $options Options. */ public function __construct($payload, $message = null, array $options = array()) { $this->payload = $payload; $this->messages = (array) $message; $this->options = $options; if ($this->newCsrfToken) { $this->csrfToken = \SecurityUtil::generateCsrfToken(); } if (\System::isLegacyMode()) { $this->authid = \SecurityUtil::generateAuthKey(\ModUtil::getName()); } parent::__construct('', $this->statusCode); }
/** * Smarty function to generate a unique key to secure forms content as unique. * * Note that you must not cache the outputs from this function, as its results * change aech time it is called. The Zikula developers are looking for ways to * automise this. * * * Available parameters: * - module: The well-known name of a module to execute a function from (required) * - assign: If set, the results are assigned to the corresponding variable instead of printed out * * Example * <input type="hidden" name="authid" value="{securityutil_generateauthkey module='MyModule'}"> * * @todo prevent this function from being cached (Smarty 2.6.0) * @param array $params All attributes passed to this function from the template * @param object $smarty Reference to the Smarty object * @return string the authentication key * @deprecated */ function smarty_function_securityutil_generateauthkey($params, $smarty) { LogUtil::log(__f('Warning! Template plugin {%1$s} is deprecated, please use {%2$s} instead.', array('securityutil_generateauthkey', 'insert.generateauthkey')), E_USER_DEPRECATED); if (!isset($params['module'])) { $smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('securityutil_generateauthkey', 'module'))); return false; } $result = SecurityUtil::generateAuthKey($params['module']); if (isset($params['assign'])) { $smarty->assign($params['assign'], $result); } else { return $result; } }
/** * Smarty function to generate a unique key to secure forms content as unique. * * Note that you must not cache the outputs from this function, as its results * change aech time it is called. The Zikula developers are looking for ways to * automise this. * * * Available parameters: * - module: The well-known name of a module to execute a function from (required) * - assign: If set, the results are assigned to the corresponding variable instead of printed out * * Example * <input type="hidden" name="authid" value="{secgenauthkey module="MyModule"}"> * * @todo prevent this function from being cached (Smarty 2.6.0) * @param array $params All attributes passed to this function from the template * @param object $smarty Reference to the Smarty object * @return string the authentication key * @deprecated */ function smarty_function_secgenauthkey($params, $smarty) { LogUtil::log(__f('Warning! Template plugin {%1$s} is deprecated, please use {%2$s} instead.', array('secgenauthkey', 'insert name="csrftoken"')), E_USER_DEPRECATED); $assign = isset($params['assign']) ? $params['assign'] : null; $module = isset($params['module']) ? $params['module'] : null; if (!$module) { $module = ModUtil::getName(); } $result = SecurityUtil::generateAuthKey($module); if ($assign) { $smarty->assign($assign, $result); } else { return $result; } }
$response = new Zikula_Response_Ajax_Forbidden($e->getMessage()); } catch (Zikula_Exception_Fatal $e) { $response = new Zikula_Response_Ajax_Fatal($e->getMessage()); } catch (PDOException $e) { $response = new Zikula_Response_Ajax_Fatal($e->getMessage()); } catch (Exception $e) { $response = new Zikula_Response_Ajax_Fatal($e->getMessage()); } // Handle database transactions if (System::getVar('Z_CONFIG_USE_TRANSACTIONS')) { if (isset($e) && $e instanceof Exception) { $dbConn->rollback(); } else { $dbConn->commit(); } } // Process final response. // If response is not instanceof Zikula_Response_Ajax_AbstractBase provide compat solution if (!$response instanceof Zikula_Response_Ajax_AbstractBase) { $response = !is_array($response) ? array('data' => $response) : $response; $response['statusmsg'] = LogUtil::getStatusMessages(); if (System::isLegacyMode()) { $response['authid'] = SecurityUtil::generateAuthKey(ModUtil::getName()); } $response = json_encode($response); header("HTTP/1.1 200 OK"); header('Content-type: application/json'); } // Issue response. echo $response; System::shutdown();
/** * Encode data in JSON and return. * * This functions can add a new authid if requested to do so (default). * If the supplied args is not an array, it will be converted to an * array with 'data' as key. * Authid field will always be named 'authid'. Any other field 'authid' * will be overwritten! * Script execution stops here * * @param mixed $args String or array of data. * @param boolean $createauthid Create a new authid and send it back to the calling javascript. * @param boolean $xjsonheader Send result in X-JSON: header for prototype.js. * @param boolean $statusmsg Include statusmsg in output. * @param string $code Optional error code, default '200 OK'. * * @deprecated since 1.3.0 * * @return void */ public static function output($args, $createauthid = false, $xjsonheader = false, $statusmsg = true, $code = '200 OK') { if (!System::isLegacyMode()) { $response = new Zikula_Response_Ajax($args); echo $response; System::shutDown(); } // Below for reference - to be deleted. // check if an error message is set $msgs = LogUtil::getErrorMessagesText('<br />'); if ($msgs != false && !empty($msgs)) { self::error($msgs); } $data = !is_array($args) ? array('data' => $args) : $args; if ($statusmsg === true) { // now check if a status message is set $msgs = LogUtil::getStatusMessagesText('<br />'); $data['statusmsg'] = $msgs; } if ($createauthid === true) { $data['authid'] = SecurityUtil::generateAuthKey(ModUtil::getName()); } // convert the data to UTF-8 if not already encoded as such // Note: this isn't strict test but relying on the site language pack encoding seems to be a good compromise if (ZLanguage::getEncoding() != 'utf-8') { $data = DataUtil::convertToUTF8($data); } $output = json_encode($data); header("HTTP/1.0 $code"); header('Content-type: application/json'); if ($xjsonheader == true) { header('X-JSON:(' . $output . ')'); } echo $output; System::shutdown(); }
} $forward_page .= $forward_match[$i]; } } // Begin PNphpBB2 Module // $forward_page = $forward_match[0] . '?' . $forward_page; $forward_page = $forward_match[0] . '&' . $forward_page; // End PNphpBB2 Module } else { $forward_page = $forward_match[0]; } } } $username = $userdata['user_id'] != ANONYMOUS ? $userdata['username'] : ''; // Begin PNphpBB2 Module // $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />'; $s_hidden_fields = '<input type="hidden" name="url" value="' . append_sid($forward_page) . '">'; //$s_hidden_fields .= '<input type="hidden" name="module" value="NS-User">'; //$s_hidden_fields .= '<input type="hidden" name="module" value="Users">'; //$s_hidden_fields .= '<input type="hidden" name="func" value="login">'; // End PNphpBB2 Module $s_hidden_fields .= isset($_GET['admin']) ? '<input type="hidden" name="admin" value="1" />' : ''; $modinfo = ModUtil::getInfoFromName("ZphpBB2"); make_jumpbox('viewforum.' . $phpEx); $template->assign_vars(array('USERNAME' => DataUtil::formatForDisplay($username), 'L_ENTER_PASSWORD' => isset($_GET['admin']) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'], 'U_SEND_PASSWORD' => ModUtil::url('Users', 'user', 'lostpassword'), 'S_LOGIN_ACTION' => ModUtil::url('Users', 'user', 'login', array('returnpage' => urlencode(System::getCurrentUri()))), 'AUTHID' => SecurityUtil::generateAuthKey("Users"), 'URL' => append_sid($forward_page), 'S_HIDDEN_FIELDS' => $s_hidden_fields)); $template->pparse('body'); include $phpbb_root_path . 'includes/page_tail.' . $phpEx; } else { redirect(append_sid("index.{$phpEx}", true)); } }
$sessions .= "<tr><td>board_config['path_ranks']</td><td>" . $board_config['path_ranks'] . "</td><td></tr>"; $sessions .= "<tr><td>board_config['path_cellpics']</td><td>" . $board_config['path_cellpics'] . "</td><td></tr>"; $sessions .= "<tr><td>board_config['style_name']</td><td>" . $board_config['style_name'] . "</td><td></tr>"; $sessions .= "</table>"; */ // End PNphpBB2 Module // // The following assigns all _common_ variables that may be used at any point // in a template. // // Begin PNphpBB2 Module $fullpage = SessionUtil::getVar('fullpage'); $info[title] = $page_title; // End PNphpBB2 Module $template->assign_vars(array('SESSIONS' => $sessions, 'CSS_PNTHEME' => $board_config['theme_name'], 'CSS_PNPHPBB' => $board_config['style_name'], 'SITENAME' => $board_config['sitename'], 'SITE_DESCRIPTION' => $board_config['site_desc'], 'PAGE_TITLE' => $page_title, 'LAST_VISIT_DATE' => sprintf($lang['You_last_visit'], $s_last_visit), 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), 'TOTAL_USERS_ONLINE' => $l_online_users, 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], create_date($board_config['default_dateformat'], $board_config['record_online_date'], $board_config['board_timezone'])), 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, 'PRIVATE_MESSAGE_NEW_FLAG' => $s_privmsg_new, 'PRIVMSG_IMG' => $icon_pm, 'L_USERNAME' => $lang['Username'], 'L_PASSWORD' => $lang['Password'], 'L_LOGIN_LOGOUT' => $l_login_logout, 'L_LOGIN' => $lang['Login'], 'L_LOG_ME_IN' => $lang['Log_me_in'], 'L_AUTO_LOGIN' => $lang['Log_me_in'], 'L_INDEX' => sprintf($lang['Forum_Index'], $board_config['sitename']), 'L_REGISTER' => $lang['Register'], 'L_PROFILE' => $lang['Profile'], 'L_SEARCH' => $lang['Search'], 'L_PRIVATEMSGS' => $lang['Private_Messages'], 'L_WHO_IS_ONLINE' => $lang['Who_is_Online'], 'L_MEMBERLIST' => $lang['Memberlist'], 'L_FAQ' => $lang['FAQ'], 'L_USERGROUPS' => $lang['Usergroups'], 'L_SEARCH_NEW' => $lang['Search_new'], 'L_SEARCH_UNANSWERED' => $lang['Search_unanswered'], 'L_SEARCH_SELF' => $lang['Search_your_posts'], 'L_WHOSONLINE_ADMIN' => sprintf($lang['Admin_online_color'], '<span style="color:#' . $phpbb_theme['fontcolor3'] . '">', '</span>'), 'L_WHOSONLINE_MOD' => sprintf($lang['Mod_online_color'], '<span style="color:#' . $phpbb_theme['fontcolor2'] . '">', '</span>'), 'L_MIN_MAX_IMAGE' => $fullpage == 1 ? "icon_mini_min.gif" : "icon_mini_max.gif", 'L_MIN_MAX' => $fullpage == 1 ? $lang['ZphpBB2_Minimize'] : $lang['ZphpBB2_Maximize'], 'L_SUBFORUM_IMAGE' => $subforum == 1 ? "icon_subforum_off.gif" : "icon_subforum_on.gif", 'L_SUBFORUM' => $subforum == 1 ? $lang['ZphpBB2_SubForum_Off'] : $lang['ZphpBB2_SubForum_On'], 'L_ADMIN_INFO' => $lang['Admin_panel'], 'U_SEARCH_UNANSWERED' => append_sid('search.' . $phpEx . '?search_id=unanswered'), 'U_SEARCH_SELF' => append_sid('search.' . $phpEx . '?search_id=egosearch'), 'U_SEARCH_NEW' => append_sid('search.' . $phpEx . '?search_id=newposts'), 'U_INDEX' => append_sid('index.' . $phpEx), 'U_REGISTER' => ModUtil::url('Users', 'user', 'register'), 'ADMIN_LINK' => $admin_link, 'U_MIN_MAX' => $fullpage == 1 ? append_sid('index.' . $phpEx . '?minmax=0') : append_sid('index.' . $phpEx . '?minmax=1'), 'U_SUBFORUM' => $subforum == 1 ? append_sid('index.' . $phpEx . '?subforum=0') : append_sid('index.' . $phpEx . '?subforum=1'), 'U_ADMIN_LINK' => ModUtil::url('ZphpBB2', 'admin', 'main'), 'U_PROFILE' => append_sid('profile.' . $phpEx . '?mode=editprofile'), 'U_PRIVATEMSGS' => $board_config['pnphpbb2_pn_pm'] ? ModUtil::url('InterCom', 'user', 'main') : append_sid('privmsg.' . $phpEx . '?folder=inbox'), 'U_PRIVATEMSGS_POPUP' => append_sid('privmsg.' . $phpEx . '?mode=newpm', true), 'U_SEARCH' => append_sid('search.' . $phpEx), 'U_MEMBERLIST' => append_sid('memberlist.' . $phpEx), 'U_MODCP' => append_sid('modcp.' . $phpEx), 'U_FAQ' => append_sid('faq.' . $phpEx), 'U_VIEWONLINE' => append_sid('viewonline.' . $phpEx), 'U_LOGIN_LOGOUT' => $u_login_logout, 'U_GROUP_CP' => append_sid('groupcp.' . $phpEx), 'S_CONTENT_DIRECTION' => $lang['DIRECTION'], 'S_CONTENT_ENCODING' => $lang['ENCODING'], 'S_CONTENT_DIR_LEFT' => $lang['LEFT'], 'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'], 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone), 'S_LOGIN_ACTION' => append_sid('login.' . $phpEx), 'T_MODNAME' => 'ZphpBB2', 'T_THEME_NAME' => $phpbb_theme['template_name'], 'T_HEAD_STYLESHEET' => $phpbb_theme['head_stylesheet'], 'T_BODY_BACKGROUND' => $phpbb_theme['body_background'], 'T_BODY_BGCOLOR' => '#' . $phpbb_theme['body_bgcolor'], 'T_BODY_TEXT' => '#' . $phpbb_theme['body_text'], 'T_BODY_LINK' => '#' . $phpbb_theme['body_link'], 'T_BODY_VLINK' => '#' . $phpbb_theme['body_vlink'], 'T_BODY_ALINK' => '#' . $phpbb_theme['body_alink'], 'T_BODY_HLINK' => '#' . $phpbb_theme['body_hlink'], 'T_TR_COLOR1' => '#' . $phpbb_theme['tr_color1'], 'T_TR_COLOR2' => '#' . $phpbb_theme['tr_color2'], 'T_TR_COLOR3' => '#' . $phpbb_theme['tr_color3'], 'T_TR_CLASS1' => $phpbb_theme['tr_class1'], 'T_TR_CLASS2' => $phpbb_theme['tr_class2'], 'T_TR_CLASS3' => $phpbb_theme['tr_class3'], 'T_TH_COLOR1' => '#' . $phpbb_theme['th_color1'], 'T_TH_COLOR2' => '#' . $phpbb_theme['th_color2'], 'T_TH_COLOR3' => '#' . $phpbb_theme['th_color3'], 'T_TH_CLASS1' => $phpbb_theme['th_class1'], 'T_TH_CLASS2' => $phpbb_theme['th_class2'], 'T_TH_CLASS3' => $phpbb_theme['th_class3'], 'T_TD_COLOR1' => '#' . $phpbb_theme['td_color1'], 'T_TD_COLOR2' => '#' . $phpbb_theme['td_color2'], 'T_TD_COLOR3' => '#' . $phpbb_theme['td_color3'], 'T_TD_CLASS1' => $phpbb_theme['td_class1'], 'T_TD_CLASS2' => $phpbb_theme['td_class2'], 'T_TD_CLASS3' => $phpbb_theme['td_class3'], 'T_FONTFACE1' => $phpbb_theme['fontface1'], 'T_FONTFACE2' => $phpbb_theme['fontface2'], 'T_FONTFACE3' => $phpbb_theme['fontface3'], 'T_FONTSIZE1' => $phpbb_theme['fontsize1'], 'T_FONTSIZE2' => $phpbb_theme['fontsize2'], 'T_FONTSIZE3' => $phpbb_theme['fontsize3'], 'T_FONTCOLOR1' => '#' . $phpbb_theme['fontcolor1'], 'T_FONTCOLOR2' => '#' . $phpbb_theme['fontcolor2'], 'T_FONTCOLOR3' => '#' . $phpbb_theme['fontcolor3'], 'T_SPAN_CLASS1' => $phpbb_theme['span_class1'], 'T_SPAN_CLASS2' => $phpbb_theme['span_class2'], 'T_SPAN_CLASS3' => $phpbb_theme['span_class3'], 'USERS_MODULE_AUTHID' => SecurityUtil::generateAuthKey('Users'), 'THEME_IMAGES' => $board_config['image_sub_path'], 'L_FORUM' => $lang['Forum'], 'LOGOSIZE' => $logosize[3], 'MINISIZE' => $minisize[3], 'NAV_LINKS' => $nav_links_html)); // Begin PNphpBB2 Module if ($board_config['pnphpbb2_logo_on'] == 1) { $template->assign_block_vars('switch_logo_on', array()); } if (@is_readable($board_config['template_path'] . '/forum_header.tpl')) { $template->set_filenames(array('forum_header' => 'forum_header.tpl')); $template->assign_var_from_handle('FORUM_HEADER', 'forum_header'); } if ($board_config['pnphpbb2_allow_full_page'] == 1) { $template->assign_block_vars('switch_allow_full_page', array()); } if ($board_config['pnphpbb2_allow_sub_change'] == 1) { $template->assign_block_vars('switch_allow_sub_change', array()); } //if ( empty($board_config['privmsg_disable']) )
/** * Force the caducity of a note * @author: Albert Pérez Monfort (aperezm@xtec.cat) * @param: args Array with the id of the note * @return: Redirect to the user main page */ public function save($args) { if (!SecurityUtil::checkPermission('IWnoteboard::', '::', ACCESS_READ)) { AjaxUtil::error(DataUtil::formatForDisplayHTML($this->__('Sorry! No authorization to access this module.'))); } $permissions = ModUtil::apiFunc('IWnoteboard', 'user', 'permisos', array('uid' => UserUtil::getVar('uid'))); // Security check if (!$permissions['potverificar']) { AjaxUtil::error(DataUtil::formatForDisplayHTML($this->__('You are not allowed to do this action'))); } $nid = FormUtil::getPassedValue('nid', -1, 'GET'); if ($nid == -1) { LogUtil::registerError('no block id'); AjaxUtil::output(); } // get a note information $note = ModUtil::apiFunc('IWnoteboard', 'user', 'get', array('nid' => $nid)); if ($note == false) { LogUtil::registerError('unable to get note info for nid=' . DataUtil::formatForDisplay($nid)); AjaxUtil::output(); } $security = SecurityUtil::generateAuthKey(); $save = ModUtil::func('IWnoteboard', 'user', 'nova', array('nid' => $nid, 'm' => 'c', 'authid' => $security)); if (!$save) { AjaxUtil::error(DataUtil::formatForDisplayHTML($this->__('The action has failed'))); } //Delete users headlines var. This renoval the block information if ($note['titular'] != '') { $sv = ModUtil::func('IWmain', 'user', 'genSecurityValue'); ModUtil::apiFunc('IWmain', 'user', 'usersVarsDelModule', array('name' => 'nbheadlines', 'module' => 'IWnoteboard', 'sv' => $sv)); } AjaxUtil::output(array('nid' => $nid)); }