/** * Don't bother loading if the gd library isn't active */ public function action_plugin_activation($file) { if (!function_exists('imagecreatefromjpeg')) { Session::error(_t("Habari Silo activation failed. PHP has not loaded the gd imaging library.")); Plugins::deactivate_plugin(__FILE__); } }
/** * function add_comment * adds a comment to a post, if the comment content is not NULL * @param array An associative array of content found in the $_POST array */ public function act_add_comment() { Utils::check_request_method(array('POST')); // We need to get the post anyway to redirect back to the post page. $post = Post::get(array('id' => $this->handler_vars['id'])); if (!$post) { // trying to comment on a non-existent post? Weirdo. header('HTTP/1.1 403 Forbidden', true, 403); die; } // Allow theme action hooks to work Themes::create(); $form = $post->comment_form(); $form->get(); // Disallow non-FormUI comments if (!$form->submitted) { // Trying to submit a non-FormUI comment header('HTTP/1.1 403 Forbidden', true, 403); die; } else { // To be eventually incorporated more fully into FormUI. Plugins::act('comment_form_submit', $form); if ($form->success) { $this->add_comment($post->id, $form->cf_commenter->value, $form->cf_email->value, $form->cf_url->value, $form->cf_content->value, $form->get_values()); } else { Session::error(_t('There was a problem submitting your comment.')); $form->bounce(); //Utils::redirect( $post->permalink . '#respond' ); } } }
/** * Constructor for RenderCache * * Sets up paths and gets the list of groups from file */ public static function __static() { //Define the cache path and url self::$cache_path = HABARI_PATH . '/' . self::$rel_cache_path; self::$cache_url = Site::get_url('habari') . '/' . self::$rel_cache_path; //If the cache directory doesn't exist, make it if (!is_dir(self::$cache_path)) { mkdir(self::$cache_path, 0755); } //Enable only if the cache directory now exists and is writable self::$enabled = is_dir(self::$cache_path) && is_writeable(self::$cache_path); //Give an error if the cache directory is not writable if (!self::$enabled) { Session::error(sprintf(_t("The cache directory '%s' is not writable - the cache is disabled. The user, or group, which your web server is running as, needs to have read, write, and execute permissions on this directory."), self::$cache_path), 'RenderCache'); EventLog::log(sprintf(_t("The cache directory '%s' is not writable - the cache is disabled."), self::$cache_path), 'notice', 'RenderCache', 'habari'); return; } //Get the list of group names $group_file = self::get_group_list_file(); if (file_exists($group_file)) { self::$group_list = unserialize(file_get_contents($group_file)); } else { self::$group_list = array(); } }
/** * Handles GET requests for the import page. */ public function get_import() { // First check for troublesome plugins $bad_features = array( 'ping', 'pingback', 'spamcheck', ); $troublemakers = array(); $plugins = Plugins::list_active(); foreach( $plugins as $plugin ) { $info = Plugins::load_info( $plugin ); $provides = array(); if( isset($info->provides ) ) { foreach( $info->provides->feature as $feature ) { $provides[] = $feature; } } $has_bad = array_intersect( $bad_features, $provides ); if( count( $has_bad ) ) { $troublemakers[] = $info->name; } } if( count( $troublemakers ) ) { $troublemakers = implode( ', ', $troublemakers ); $msg = _t( 'Plugins that conflict with importing are active. To prevent undesirable consequences, please de-activate the following plugins until the import is finished: ' ) . '<br>'; $msg .= $troublemakers; $this->theme->conflicting_plugins = $msg; Session::error( $msg ); } // Now get on with creating the page $importer = isset( $_POST['importer'] ) ? $_POST['importer'] : ''; $stage = isset( $_POST['stage'] ) ? $_POST['stage'] : '1'; $step = isset( $_POST['step'] ) ? $_POST['step'] : '1'; $this->theme->enctype = Plugins::filter( 'import_form_enctype', 'application/x-www-form-urlencoded', $importer, $stage, $step ); // filter to get registered importers $importers = Plugins::filter( 'import_names', array() ); // fitler to get the output of the current importer, if one is running if ( $importer != '' ) { $output = Plugins::filter( 'import_stage', '', $importer, $stage, $step ); } else { $output = ''; } $this->theme->importer = $importer; $this->theme->stage = $stage; $this->theme->step = $step; $this->theme->importers = $importers; $this->theme->output = $output; $this->display( 'import' ); }
/** * Constructor for APCCache */ public function __construct() { $this->prefix = Options::get('private-GUID'); $this->enabled = extension_loaded('apc'); if (!$this->enabled) { Session::error(_t("The APC Cache PHP module is not loaded - the cache is disabled.", "apccache"), 'filecache'); EventLog::log(_t("The APC Cache PHP module is not loaded - the cache is disabled.", "apccache"), 'notice', 'cache', 'apccache'); } }
public function login($params = []) { if ($error = Session::authorize_admin($params['username'], $params['password'])) { Session::$error = $error; header('Location: ' . SUBDIR . '/md/admin'); } else { header('Location: ' . SUBDIR . '/md/doc-editor'); } }
public function filter_activate_plugin($ok, $file) { // Don't bother loading if the gd library isn't active if (!function_exists('imagecreatefromjpeg')) { EventLog::log(_t("S3 Silo activation failed. PHP has not loaded the gd imaging library."), 'warning', 'plugin'); Session::error(_t("S3 Silo activation failed. PHP has not loaded the gd imaging library.")); $ok = false; } return $ok; }
/** * function action_init * A function which makes sure we are good to go for plugin activation. */ public function action_init() { if (!class_exists('RenderCache')) { Session::error(_t("LaTeX activation failed. This plugin requires the RenderCache class which was not found.")); Plugins::deactivate_plugin(__FILE__); //Deactivate plugin Utils::redirect(); //Refresh page. Unfortunately, if not done so then results don't appear } }
/** * Handler FormUI success action and do the replacement **/ public function filter_do_replace($show_form, $form) { if (DB::query('UPDATE {posts} SET content = REPLACE(content, ? , ?)', array($form->search->value, $form->replace->value))) { Session::notice(sprintf(_t('Successfully replaced \'%s\' with \'%s\' in all posts'), $form->search->value, $form->replace->value)); Utils::redirect(URL::get('admin', array('page' => 'plugins', 'configure' => Plugins::id_from_file(__FILE__), 'configaction' => _t('Replace'))), false); } else { Session::error(_t('There was an error with replacement.')); } return false; }
public function action_plugin_activation($file) { if (realpath($file) == __FILE__) { // Let's make sure we at least have the default paths set $this->default_paths(); // Also, check if the upload directory exist and are writable if (!$this->check_upload_dir()) { Session::error(_t('Failed to create the upload directory for metaWeblog.')); } } }
/** * Don't bother loading if the gd library isn't active */ public function action_plugin_activation($file) { if (!function_exists('imagecreatefromjpeg')) { Session::error(_t("Habari Silo activation failed. PHP has not loaded the gd imaging library.")); Plugins::deactivate_plugin(__FILE__); } // Create required tokens ACL::create_token('create_directories', _t('Create media silo directories'), 'Administration'); ACL::create_token('delete_directories', _t('Delete media silo directories'), 'Administration'); ACL::create_token('upload_media', _t('Upload files to media silos'), 'Administration'); ACL::create_token('delete_media', _t('Delete files from media silos'), 'Administration'); }
public function act_uninstall($handler, $theme) { try { $package = HabariPackages::remove($handler->handler_vars['guid']); Session::notice("{$package->name} {$package->version} was uninstalled."); } catch (Exception $e) { Session::error('Could not complete uninstall: ' . $e->getMessage()); if (DEBUG) { Utils::debug($e); } } }
function call($method, $args = array()) { $args = array_merge(array('method' => $method, 'api_key' => $this->key), $args); ksort($args); $args = array_merge($args, array('api_sig' => $this->sign($args))); ksort($args); if ($method == 'upload') { $req = curl_init(); $args['api_key'] = $this->key; $photo = $args['photo']; $args['photo'] = '@' . $photo; curl_setopt($req, CURLOPT_URL, $this->uploadendpoint); curl_setopt($req, CURLOPT_TIMEOUT, 0); // curl_setopt($req, CURLOPT_INFILESIZE, filesize($photo)); // Sign and build request parameters curl_setopt($req, CURLOPT_POSTFIELDS, $args); curl_setopt($req, CURLOPT_CONNECTTIMEOUT, $this->conntimeout); curl_setopt($req, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($req, CURLOPT_HEADER, 0); curl_setopt($req, CURLOPT_RETURNTRANSFER, 1); $this->_http_body = curl_exec($req); if (curl_errno($req)) { throw new Exception(curl_error($req)); } curl_close($req); $xml = simplexml_load_string($this->_http_body); $this->xml = $xml; return $xml; } else { $url = $this->endpoint . implode('&', $this->encode($args)); $call = new RemoteRequest($url); $call->set_timeout(5); try { $result = $call->execute(); } catch (RemoteRequest_Timeout $t) { Session::error('Currently unable to connect to Flickr.', 'flickr API'); return false; } catch (Exception $e) { // at the moment we're using the same error message, though this is more catastrophic Session::error('Currently unable to connect to Flickr.', 'flickr API'); return false; } $response = $call->get_response_body(); try { $xml = new SimpleXMLElement($response); return $xml; } catch (Exception $e) { Session::error('Unable to process Flickr response.', 'flickr API'); return false; } } }
/** * Handles AJAX from /admin/tags * Used to delete and rename tags */ public function ajax_tags($handler_vars) { Utils::check_request_method(array('POST')); $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if ($handler_vars['digest'] != $wsse['digest']) { Session::error(_t('WSSE authentication failed.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } $tag_names = array(); $theme_dir = Plugins::filter('admin_theme_dir', Site::get_dir('admin_theme', true)); $this->theme = Themes::create('admin', 'RawPHPEngine', $theme_dir); $action = $this->handler_vars['action']; switch ($action) { case 'delete': foreach ($_POST as $id => $delete) { // skip POST elements which are not tag ids if (preg_match('/^tag_\\d+/', $id) && $delete) { $id = substr($id, 4); $tag = Tags::get_by_id($id); $tag_names[] = $tag->term_display; Tags::vocabulary()->delete_term($tag); } } $msg_status = _n(_t('Tag %s has been deleted.', array(implode('', $tag_names))), _t('%d tags have been deleted.', array(count($tag_names))), count($tag_names)); Session::notice($msg_status); break; case 'rename': if (!isset($this->handler_vars['master'])) { Session::error(_t('Error: New name not specified.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } $master = $this->handler_vars['master']; $tag_names = array(); foreach ($_POST as $id => $rename) { // skip POST elements which are not tag ids if (preg_match('/^tag_\\d+/', $id) && $rename) { $id = substr($id, 4); $tag = Tags::get_by_id($id); $tag_names[] = $tag->term_display; } } Tags::vocabulary()->merge($master, $tag_names); $msg_status = sprintf(_n('Tag %1$s has been renamed to %2$s.', 'Tags %1$s have been renamed to %2$s.', count($tag_names)), implode($tag_names, ', '), $master); Session::notice($msg_status); break; } $this->theme->tags = Tags::vocabulary()->get_tree(); $this->theme->max = Tags::vocabulary()->max_count(); echo json_encode(array('msg' => Session::messages_get(true, 'array'), 'tags' => $this->theme->fetch('tag_collection'))); }
/** * Initialize by added directory variables */ public function action_init() { $this->logs = dirname(__FILE__) . '/logs'; $this->cache = dirname(__FILE__) . '/cache'; if (!$this->confirm_dirs($error)) { Session::error("Clickheat error: {$error}"); Plugins::deactivate_plugin(__FILE__); // Deactivate plugin Utils::redirect(); //Refresh page exit; } }
/** * Constructor for MemcacheCache * * Sets up paths etc. and reads cache index, if it exists. */ public function __construct() { $this->prefix = Options::get('GUID'); $this->enabled = extension_loaded('memcache'); if ($this->enabled) { $this->memcache = new Memcache(); $this->memcache->connect(Config::get('memcache_host', 'localhost'), Config::get('memcache_port', 11211)); $this->cache_index = $this->memcache->get('habari:cache:index'); } else { Session::error(_t("The Memcache PHP module is not loaded - the cache is disabled.", "memcache"), 'memcachecache'); EventLog::log(_t("The Memcache PHP module is not loaded - the cache is disabled.", "memcache"), 'notice', 'cache', 'memcachecache'); } }
public function action_plugin_ui($plugin_id, $action) { switch ($action) { case 'update': $result = $this->filter_rssblocks_update(false, true); if ($result) { Session::notice('RSS Feeds Successfully Updated'); } else { Session::error('RSS Feeds Did Not Successfully Update'); } break; } }
/** * Check whether the preconditions for the plugin are installed * * @return boolean */ public function check_conditions() { $ok = true; if (!is_writable($this->_root_path)) { Session::error('Init failed, Search index directory is not writeable. Please update configuration with a writeable directiory.', 'Multi Search'); $ok = false; } if (!class_exists("Zend_Search_Lucene")) { Session::error('Init failed, Zend Framework or Zend Search Lucene not installed.', 'Multi Search'); $ok = false; } return $ok; }
public function action_plugin_activation($file) { if ($file == str_replace('\\', '/', $this->get_file())) { CpgDb::registerTables(); //Options::set( 'cpg__db_version', CpgDb::DB_VERSION ); CpgOptions::setDbVersion(CpgDb::DB_VERSION); if (CpgDb::install()) { Session::notice(_t('Created the CPG database tables.', 'cpg')); } else { Session::error(_t('Could not install CPG database tables.', 'cpg')); } } }
public function action_post_insert_after($post) { if (Post::status('published') != $post->status) { return; } try { $bitly = new BitlyAPI(Options::get('bitly__login'), Options::get('bitly__api_key')); $result = $bitly->shorten($post->permalink); $post->info->short_url = $result->data->url; } catch (Exception $e) { Session::error('Could not communicate with bit.ly API.', 'Bit.ly API'); } }
public function do_login($ui) { $login = $this->api_login($ui->email->value, $ui->password->value); if ($login->error != '0') { Session::error($login->error); } else { Options::set('linkit__email', $ui->email->value); Options::set('linkit__privatekey', $login->private_key); Options::set('linkit__publickey', $login->public_key); Session::notice(_t('Successful login.')); } return _t('You have logged in successfully', 'linkit'); // do not display the form again }
/** * Do some checking and setting up. */ public function action_plugin_activation($file) { // Don't bother loading if the gd library isn't active if (!function_exists('imagecreatefromjpeg')) { Session::error(_t("Simple Gallery activation failed. PHP has not loaded the gd imaging library.")); Plugins::deactivate_plugin(__FILE__); } else { /* $this->silo = new HabariSilo(); $this->silo->action_init(); $this->silo->mkdir('simplegallery'); */ } }
/** * Read session data from the database to return into the $_SESSION global. * Verifies against a number of parameters for security purposes. * * @param string $session_id The id generated by PHP for the session. * @return string The retrieved session. */ static function read($session_id) { // for offline testing $remote_address = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1'; // not always set, even by real browsers $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $session = DB::get_row('SELECT * FROM {sessions} WHERE token = ?', array($session_id)); // Verify session exists if (!$session) { self::$initial_data = false; return false; } $dodelete = false; if (!defined('SESSION_SKIP_SUBNET') || SESSION_SKIP_SUBNET != true) { // Verify on the same subnet $subnet = self::get_subnet($remote_address); if ($session->subnet != $subnet) { $dodelete = true; } } // Verify expiry if (HabariDateTime::date_create(time())->int > $session->expires) { Session::error(_t('Your session expired.'), 'expired_session'); $dodelete = true; } // Verify User Agent if ($user_agent != $session->ua) { $dodelete = true; } // Let plugins ultimately decide $dodelete = Plugins::filter('session_read', $dodelete, $session, $session_id); if ($dodelete) { $sql = 'DELETE FROM {sessions} WHERE token = ?'; $args = array($session_id); $sql = Plugins::filter('sessions_clean', $sql, 'read', $args); DB::query($sql, $args); return false; } // Do garbage collection, since PHP is bad at it $probability = ini_get('session.gc_probability'); // Allow plugins to control the probability of a gc event, return >=100 to always collect garbage $probability = Plugins::filter('gc_probability', is_numeric($probability) && $probability > 0 ? $probability : 1); if (rand(1, 100) <= $probability) { self::gc(ini_get('session.gc_maxlifetime')); } // Throttle session writes, so as to not hammer the DB self::$initial_data = ini_get('session.gc_maxlifetime') - $session->expires + HabariDateTime::date_create(time())->int < 120 ? $session->data : FALSE; return $session->data; }
function action_template_header($theme) { // Add the HTML5 shiv for IE < 9 Stack::add('template_header_javascript', array('http://cdnjs.cloudflare.com/ajax/libs/html5shiv/r29/html5.js', null, '<!--[if lt IE 9]>%s<![endif]-->'), 'html5_shiv'); // Add this line to your config.php to show an error and a notice, and // to process the raw LESS code via javascript instead of the rendered CSS: define('DEBUG_THEME', 1); if (defined('DEBUG_THEME')) { Session::error('This is a <b>sample error</b>'); Session::notice('This is a <b>sample notice</b> for ' . $_SERVER['REQUEST_URI']); Stack::add('template_header_javascript', $theme->get_url('/less/less-1.3.0.min.js'), 'less'); Stack::add('template_stylesheet', array($theme->get_url('/less/style.less'), null, array('type' => null, 'rel' => 'stylesheet/less')), 'style'); } else { Stack::add('template_stylesheet', $theme->get_url('/css/style.css'), 'style'); } }
function action_template_header($theme) { // Add the HTML5 shiv for IE < 9 Stack::add('template_header_javascript', StackItem::get('html5_shiv')); Stack::add('template_header_javascript', StackItem::get('less-js')); Stack::add('template_header_javascript', '$(function(){$("#masthead").click(function(){location.href=$("#home").attr("href");})})', 'homelink', 'jquery'); Stack::add('template_stylesheet', $theme->get_url('/fonts/new_athena_unicode.css'), 'new_athena_unicode'); Stack::add('template_stylesheet', $theme->get_url('/fonts/ss-standard.css'), 'ss-standard'); //Stack::add('template_stylesheet', $theme->get_url('/css/style.css'), 'style'); Stack::add('template_stylesheet', array($theme->get_url('/less/style.less'), null, array('type' => null, 'rel' => 'stylesheet/less')), 'style'); // Add this line to your config.php to show an error and a notice if (defined('DEBUG_THEME')) { Session::error('This is a <b>sample error</b>'); Session::notice('This is a <b>sample notice</b> for ' . $_SERVER['REQUEST_URI']); } }
public function filter_activate_plugin( $ok, $file ) { if ( Plugins::id_from_file($file) == Plugins::id_from_file(__FILE__) ) { if ( !$this->check_files() ) { EventLog::log( _t( "Habari Silo activation failed. The web server does not have permission to create the 'files' directory for the Habari Media Silo." ), 'warning', 'plugin' ); Session::error( _t( "Habari Silo activation failed. The web server does not have permission to create the 'files' directory for the Habari Media Silo." ) ); $ok = false; } // Don't bother loading if the gd library isn't active if ( !function_exists( 'imagecreatefromjpeg' ) ) { EventLog::log( _t( "Habari Silo activation failed. PHP has not loaded the gd imaging library." ), 'warning', 'plugin' ); Session::error( _t( "Habari Silo activation failed. PHP has not loaded the gd imaging library." ) ); $ok = false; } } return $ok; }
public function loginform_do_reset($form) { $name = $form->habari_username->value; if (empty($name)) { Session::error(_t('You must supply a username to reset its password.')); } else { if (!is_numeric($name) && ($user = User::get($name))) { $hash = Utils::random_password(); $user->info->password_reset = md5($hash); $user->info->commit(); $message = _t('Please visit %1$s to reset your password.', array(URL::get('auth', array('page' => 'password_reset', 'id' => $user->id, 'hash' => $hash)))); Utils::mail($user->email, _t('[%1$s] Password reset request for %2$s', array(Options::get('title'), $user->displayname)), $message); } // Moving this inside the check for user existence would allow attackers to test usernames, so don't Session::notice(_t('A password reset request has been sent to the user.')); } }
/** * Constructor for FileCache * * Sets up paths etc. and reads cache index, if it exists. */ public function __construct() { if (!defined('FILE_CACHE_LOCATION')) { define('FILE_CACHE_LOCATION', HABARI_PATH . '/user/cache/'); } $this->cache_location = FILE_CACHE_LOCATION; $this->index_file = $this->cache_location . md5('index' . Options::get('GUID')) . '.data'; $this->enabled = is_writeable($this->cache_location); if ($this->enabled) { if (file_exists($this->index_file)) { $this->cache_files = unserialize(file_get_contents($this->index_file)); } } else { Session::error(_t("The cache directory '%s' is not writable - the cache is disabled. The user, or group, which your web server is running as, needs to have read, write, and execute permissions on this directory.", array($this->cache_location)), 'filecache'); EventLog::log(_t("The cache directory '%s' is not writable - the cache is disabled.", array($this->cache_location)), 'notice', 'cache', 'habari'); } }
public function login($params = []) { Session::$error = FALSE; $email = isset($_POST['email']) ? $_POST['email'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $user = AdminUser::read_one($params['email']); if (!isset($user['username'])) { header('Location: https://www.winwrap.com/web/basic/support/login.asp?A=' . urlencode($email) . '&P=' . urlencode($password)); } else { if (isset($_POST['email'])) { Session::$error = Session::authorize_admin($email, $password); } if (Session::$error) { Render::php(HTML . 'login.php'); } else { header('Location: ' . SUBDIR . '/md/doc-editor'); } } }
public function filter_post_content($content, Post $post) { if ($post->info->password) { // if user logged in, show post // make sure it's not just the anonymous user! $user = User::identify(); if ($user instanceof User && $user != User::anonymous()) { return $content; } $session = Session::get_set('post_passwords', false); $token = Utils::crypt('42' . $post->info->password . $post->id . Options::get('GUID')); // if password was submitted verify it if (Controller::get_var('post_password') && Controller::get_var('post_password_id') == $post->id) { $pass = InputFilter::filter(Controller::get_var('post_password')); if (Utils::crypt($pass, $post->info->password)) { Session::add_to_set('post_passwords', $token, $post->id); $session[$post->id] = $token; } else { Session::error(_t('That password was incorrect.', 'postpass')); } } // if password is stored in session verify it if (isset($session[$post->id]) && $session[$post->id] == $token) { return $content; } else { $theme = Themes::create(); $theme->post = $post; return $theme->fetch('post_password_form'); } } else { return $content; } }