Surfer::set_cookie('screening', $_SESSION['surfer_token']);
// don't do that again
unset($_SESSION['surfer_token']);
}
// retrieve session data, but not if run from the command line, and not from robot nor spider
if (isset($_SERVER['REMOTE_ADDR']) && !Surfer::is_crawler() && !headers_sent()) {
// permanent identification has been selected
if (isset($context['users_with_permanent_authentication']) && $context['users_with_permanent_authentication'] != 'N') {
// use cookie to identify user -- user id, time of login, gmt offset, salt
if (!Surfer::is_logged() && isset($_COOKIE['screening']) && ($nouns = explode('|', $_COOKIE['screening'], 4)) && count($nouns) == 4) {
// get user by id
if (!($user = Users::get($nouns[0]))) {
} elseif (!isset($user['id']) || $user['id'] != $nouns[0]) {
} elseif (!isset($user['handle']) || strcmp($nouns[3], md5($nouns[1] . '|' . $user['handle']))) {
} else {
Surfer::set($user, TRUE);
}
}
// allow no more than one hour of inactivity
} elseif (isset($_SESSION['watchdog']) && time() > $_SESSION['watchdog'] + 3600) {
Surfer::reset();
}
// refresh the watchdog
$_SESSION['watchdog'] = time();
// bare server-side flash detection
if (isset($_SERVER['HTTP_ACCEPT']) && preg_match('/application\\/x-shockwave-flash/i', $_SERVER['HTTP_ACCEPT'])) {
$_SESSION['browser_has_flash'] = TRUE;
}
}
// filter HTML tags of submitted material
if (@count($_REQUEST) && (!isset($context['allow_html_input']) || $context['allow_html_input'] != 'Y')) {
/**
* dynamically generate the page
*
* @see skins/index.php
*/
function send_body()
{
global $context, $action;
// check that the user is an admin, but only if there is at least one user record
$query = "SELECT count(*) FROM " . SQL::table_name('users');
if (!Surfer::is_associate() && SQL::query($query) !== FALSE) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
echo '<p>' . i18n::s('You are not allowed to perform this operation.') . "</p>\n";
return;
}
// log the current surfer as an associate if not yet the case
if (!Surfer::is_associate()) {
$fields = array();
$fields['id'] = 1;
$fields['nick_name'] = 'admin';
$fields['email'] = '';
$fields['capability'] = 'A';
Surfer::set($fields);
echo '<p>' . i18n::s('You have associate privilege') . '</p>';
}
// check every table of the database
if ($action == 'build') {
// maybe we will have to switch the server off
$temporary_off = FALSE;
// ensure nobody else will access the database during the operation
if (file_exists('../parameters/switch.on')) {
if (Safe::rename($context['path_to_root'] . 'parameters/switch.on', $context['path_to_root'] . 'parameters/switch.off')) {
echo BR . i18n::s('The server has been switched off.');
$temporary_off = TRUE;
}
// let concurrent on-going transactions finish properly
Safe::sleep(3);
// first installation
} elseif (!file_exists('../parameters/switch.off')) {
echo '<p>' . i18n::s('Review provided information and go to the bottom of the page to move forward.') . "</a></p>\n";
}
// ensure utf8 character set for this database
$query = "ALTER DATABASE `" . $context['database'] . "` DEFAULT CHARACTER SET utf8";
SQL::query($query);
// create tables for users
echo Users::setup();
// create tables for activities
echo Activities::setup();
// create tables for notifications
include_once '../users/notifications.php';
echo Notifications::setup();
// create tables for messages
echo Mailer::setup();
// create tables for visits
include_once '../users/visits.php';
echo Visits::setup();
// create tables for sections
echo Sections::setup();
// create tables for articles
echo Articles::setup();
// create tables for images
include_once '../images/images.php';
echo Images::setup();
// create tables for tables
include_once '../tables/tables.php';
echo Tables::setup();
// create tables for files
echo Files::setup();
// create tables for links
include_once '../links/links.php';
echo Links::setup();
// create tables for locations
include_once '../locations/locations.php';
echo Locations::setup();
// create tables for comments
include_once '../comments/comments.php';
echo Comments::setup();
// create tables for categories
echo Categories::setup();
// create tables for members
include_once '../shared/members.php';
echo Members::setup();
// create tables for dates
include_once '../dates/dates.php';
echo Dates::setup();
// create tables for servers
include_once '../servers/servers.php';
echo Servers::setup();
// create tables for versions
include_once '../versions/versions.php';
echo Versions::setup();
// create tables for enrolments
include_once '../shared/enrolments.php';
echo Enrolments::setup();
// create tables for values
include_once '../shared/values.php';
echo Values::setup();
// create tables for the cache
echo Cache::setup();
// create tables for the php documentation
include_once '../scripts/phpdoc.php';
echo PhpDoc::setup();
// the setup hook
if (is_callable(array('Hooks', 'include_scripts'))) {
echo Hooks::include_scripts('control/setup.php');
}
// reopen the server for others
if ($temporary_off && Safe::rename($context['path_to_root'] . 'parameters/switch.off', $context['path_to_root'] . 'parameters/switch.on')) {
echo '<p>' . i18n::s('The server has been switched on.') . '</p>';
}
// in the middle of an update
if (file_exists('../parameters/switch.off')) {
echo Skin::build_block('<form method="get" action="../scripts/run_once.php">' . "\n" . '<p class="assistant_bar">' . Skin::build_submit_button(i18n::s('Run one-time scripts and go to the Control Panel')) . '</p>' . "\n" . '</form>', 'bottom');
// this may take several minutes
echo '<p>' . i18n::s('When you will click on the button the server will be immediately requested to proceed. However, because of the so many things to do on the back-end, you may have to wait for minutes before getting a response displayed. Thank you for your patience.') . '</p>';
// populate the database on first installation
} elseif (!file_exists('../parameters/switch.on')) {
echo Skin::build_block('<form method="get" action="populate.php">' . "\n" . '<p class="assistant_bar">' . Skin::build_submit_button(i18n::s('Initialize the database')) . '</p>' . "\n" . '</form>', 'bottom');
// or back to the control panel
} else {
$menu = array('control/' => i18n::s('Control Panel'));
echo Skin::build_list($menu, 'menu_bar');
}
// clear the cache
Cache::clear();
// remember the change
$label = i18n::c('The database has been optimised');
Logger::remember('control/setup.php: ' . $label);
// ask for confirmation
} else {
// the splash message
echo '<p>' . i18n::s('This script will check the structure of the database and optimize data storage:') . '</p>' . "\n" . '<ul>' . "\n" . '<li>' . i18n::s('Missing tables will be created, if necessary.') . '</li>' . "\n" . '<li>' . i18n::s('Some columns may be created or converted if their type has evolved.') . '</li>' . "\n" . '<li>' . i18n::s('All indexes will be (re)built.') . '</li>' . "\n" . '<li>' . i18n::s('Data files will be optimized as well.') . '</li>' . "\n" . '</ul>' . "\n";
// the submit button
echo '<form method="post" action="' . $context['script_url'] . '" id="main_form"><p>' . Skin::build_submit_button(i18n::s('Ensure the database structure is accurate'), NULL, NULL, 'confirmed') . '<input type="hidden" name="action" value="build" />' . '</p></form>';
// the script used for form handling at the browser
Page::insert_script('$("#confirmed").focus();');
// this may take several minutes
echo '<p>' . i18n::s('When you will click on the button the server will be immediately requested to proceed. However, because of the so many things to do on the back-end, you may have to wait for minutes before getting a response displayed. Thank you for your patience.') . '</p>';
}
}
$context['page_title'] = i18n::s('Validate your e-mail address');
// stop crawlers
if (Surfer::is_crawler()) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// not found
} elseif (!isset($item['id'])) {
include '../error.php';
// bad handle
} elseif ($id != $item['handle']) {
include '../error.php';
} elseif (Users::validate($item['id'])) {
// congratulations
$context['text'] .= sprintf(i18n::s('<p>%s,</p><p>Your e-mail address has been validated, and you are now an active member of this community.</p>'), ucfirst($item['nick_name']));
// set permanent name shown from top level
Safe::setcookie('surfer_name', $item['nick_name'], time() + 60 * 60 * 24 * 500, '/');
// save surfer profile in session context
Surfer::set($item);
// follow-up commands
$follow_up = i18n::s('Where do you want to go now?');
$menu = array();
$menu = array_merge($menu, array(Users::get_permalink($item) => i18n::s('My profile')));
$menu = array_merge($menu, array($context['url_to_root'] => i18n::s('Front page')));
$follow_up .= Skin::build_list($menu, 'menu_bar');
$context['text'] .= Skin::build_block($follow_up, 'bottom');
// failed operation
} else {
$context['text'] .= '<p>' . i18n::s('Your e-mail address has not been validated.') . "</p>\n";
}
// render the skin
render_skin();
if (!defined('BR')) {
define('BR', '<br>');
}
if (!defined('EOT')) {
define('EOT', '>');
}
// if no configuration file or if no database
if (!file_exists('../parameters/control.include.php') || !isset($context['connection']) || !$context['connection']) {
// consider the current surfer as an associate, but only on first installation
if (!Surfer::is_associate() && !file_exists('../parameters/switch.on') && !file_exists('../parameters/switch.off')) {
$fields = array();
$fields['id'] = 1;
$fields['nick_name'] = 'admin';
$fields['email'] = '';
$fields['capability'] = 'A';
Surfer::set($fields);
Logger::error(i18n::s('You are considered temporarily as an associate, with specific rights on this server. Please do not close your browser until the end of the configuration.'));
}
}
// the path to this page
$context['path_bar'] = array('control/' => i18n::s('Control Panel'));
// the title of the page
$context['page_title'] = sprintf(i18n::s('%s: %s'), i18n::s('Configure'), i18n::s('System parameters'));
// ensure we have an associate
if (!Surfer::is_associate()) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// forward to the control panel
$menu = array('control/' => i18n::s('Control Panel'));
$context['text'] .= Skin::build_list($menu, 'menu_bar');
// nothing more in demo mode
* @author Christophe Battarel [email]christophe.battarel@altairis.fr[/email]
* @tester Ghjmora
* @tester GnapZ
* @tester Cyandrea
* @tester Lucrecius
* @reference
* @license http://www.gnu.org/copyleft/lesser.txt GNU Lesser General Public License
*/
// common definitions and initial processing
include_once '../shared/global.php';
include_once 'links.php';
// allow for direct login
if (isset($_REQUEST['account']) && isset($_REQUEST['password'])) {
// authenticate the surfer and start a session
if ($user = Users::login($_REQUEST['account'], $_REQUEST['password'])) {
Surfer::set($user);
}
}
// look for the id
$id = NULL;
if (isset($_REQUEST['id'])) {
$id = $_REQUEST['id'];
} elseif (isset($context['arguments'][0]) && !isset($context['arguments'][1])) {
$id = $context['arguments'][0];
}
$id = strip_tags($id);
// get the item from the database
$item = Links::get($id);
// get the related anchor, if any
$anchor = NULL;
if (isset($_REQUEST['anchor'])) {
/**
* put an updated user profile in the database
*
* If present, only the password is changed. Or other fields except the password are modified.
*
* To change a password, set fields 'id', 'password' and 'confirm'
*
* @param array an array of fields
* @return TRUE on success, FALSE otherwise
*
* @see users/edit.php
* @see users/password.php
* @see users/select_avatar.php
**/
public static function put(&$fields)
{
global $context;
// load the record
$item = Users::get($fields['id']);
if (!isset($item['id']) || !$item['id']) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// remember who is changing this record
Surfer::check_default_editor($fields);
// if a password change
if (isset($fields['password'])) {
// ensure that the password has been provided twice
if (!isset($fields['confirm']) || $fields['confirm'] != $fields['password']) {
Logger::error(i18n::s('New password has to be confirmed.'));
return FALSE;
}
// hash password, we are coming from an interactive form
$fields['password'] = md5($fields['password']);
// else if a regular profile update
} else {
// nick_name is required
if (!isset($fields['nick_name']) || !trim($fields['nick_name'])) {
Logger::error(i18n::s('Please indicate a nick name.'));
return FALSE;
}
// some weird users put spaces around
$fields['nick_name'] = trim($fields['nick_name']);
// nick_name may be already used
if (($used = Users::get($fields['nick_name'])) && $used['id'] != $fields['id']) {
Logger::error(i18n::s('Another member already has this nick name. Please select a different one.'));
return FALSE;
}
// ensure we have a full name
if (!isset($fields['full_name']) || !trim($fields['full_name'])) {
$fields['full_name'] = $fields['nick_name'];
}
// protect from hackers
if (isset($fields['avatar_url'])) {
$fields['avatar_url'] = encode_link($fields['avatar_url']);
}
// set default values
if (!isset($fields['active']) || !$fields['active']) {
$fields['active'] = 'Y';
}
if (isset($fields['selected_editor'])) {
$fields['editor'] = $fields['selected_editor'];
} elseif (isset($context['users_default_editor'])) {
$fields['editor'] = $context['users_default_editor'];
} else {
$fields['editor'] = 'yacs';
}
if (!isset($fields['interface']) || $fields['interface'] != 'C') {
$fields['interface'] = 'I';
}
if (!isset($fields['with_newsletters']) || $fields['with_newsletters'] != 'Y') {
$fields['with_newsletters'] = 'N';
}
if (!isset($fields['without_alerts']) || $fields['without_alerts'] != 'N') {
$fields['without_alerts'] = 'Y';
}
if (!isset($fields['without_confirmations']) || $fields['without_confirmations'] != 'N') {
$fields['without_confirmations'] = 'Y';
}
if (!isset($fields['without_messages']) || $fields['without_messages'] != 'N') {
$fields['without_messages'] = 'Y';
}
if (!isset($fields['birth_date']) || !$fields['birth_date']) {
$fields['birth_date'] = NULL_DATE;
}
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// save new settings in session and in cookie
if (Surfer::is($fields['id'])) {
// change preferred editor
$_SESSION['surfer_editor'] = $fields['editor'];
Safe::setcookie('surfer_editor', $fields['editor'], NULL, '/');
// change preferred language
if (isset($fields['language']) && $_SESSION['surfer_language'] != $fields['language']) {
$_SESSION['surfer_language'] = $fields['language'];
$_SESSION['l10n_modules'] = array();
}
}
}
// update an existing record
$query = "UPDATE " . SQL::table_name('users') . " SET ";
// change only the password
if (isset($fields['password'])) {
$query .= "password='******'password']) . "'";
} else {
$query .= "email='" . SQL::escape(isset($fields['email']) ? $fields['email'] : '') . "', " . "aim_address='" . SQL::escape(isset($fields['aim_address']) ? $fields['aim_address'] : '') . "', " . "alternate_number='" . SQL::escape(isset($fields['alternate_number']) ? $fields['alternate_number'] : '') . "', " . "avatar_url='" . SQL::escape(isset($fields['avatar_url']) ? $fields['avatar_url'] : '') . "', " . "birth_date='" . SQL::escape($fields['birth_date']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "editor='" . SQL::escape($fields['editor']) . "', " . "from_where='" . SQL::escape(isset($fields['from_where']) ? $fields['from_where'] : '') . "', " . "full_name='" . SQL::escape(isset($fields['full_name']) ? $fields['full_name'] : '') . "', " . "icq_address='" . SQL::escape(isset($fields['icq_address']) ? $fields['icq_address'] : '') . "', " . "interface='" . SQL::escape($fields['interface']) . "', " . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "', " . "irc_address='" . SQL::escape(isset($fields['irc_address']) ? $fields['irc_address'] : '') . "', " . "jabber_address='" . SQL::escape(isset($fields['jabber_address']) ? $fields['jabber_address'] : '') . "', " . "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : 'none') . "', " . "msn_address='" . SQL::escape(isset($fields['msn_address']) ? $fields['msn_address'] : '') . "', " . "nick_name='" . SQL::escape($fields['nick_name']) . "', " . "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "', " . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "pgp_key='" . SQL::escape(isset($fields['pgp_key']) ? $fields['pgp_key'] : '') . "', " . "phone_number='" . SQL::escape(isset($fields['phone_number']) ? $fields['phone_number'] : '') . "', " . "signature='" . SQL::escape(isset($fields['signature']) ? $fields['signature'] : '') . "', " . "skype_address='" . SQL::escape(isset($fields['skype_address']) ? $fields['skype_address'] : '') . "', " . "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "', " . "twitter_address='" . SQL::escape(isset($fields['twitter_address']) ? $fields['twitter_address'] : '') . "', " . "vcard_agent='" . SQL::escape(isset($fields['vcard_agent']) ? $fields['vcard_agent'] : '') . "', " . "vcard_label='" . SQL::escape(isset($fields['vcard_label']) ? $fields['vcard_label'] : '') . "', " . "vcard_organization='" . SQL::escape(isset($fields['vcard_organization']) ? $fields['vcard_organization'] : '') . "', " . "vcard_title='" . SQL::escape(isset($fields['vcard_title']) ? $fields['vcard_title'] : '') . "', " . "web_address='" . SQL::escape(isset($fields['web_address']) ? $fields['web_address'] : '') . "', " . "with_newsletters='" . $fields['with_newsletters'] . "', " . "without_alerts='" . $fields['without_alerts'] . "', " . "without_confirmations='" . $fields['without_confirmations'] . "', " . "without_messages='" . $fields['without_messages'] . "', " . "yahoo_address='" . SQL::escape(isset($fields['yahoo_address']) ? $fields['yahoo_address'] : '') . "'";
// fields set only by associates -- see users/edit.php
if (Surfer::is_associate()) {
$query .= ", " . "capability='" . SQL::escape($fields['capability']) . "', " . "active='" . SQL::escape($fields['active']) . "'";
}
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='user:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
$query .= " WHERE id = " . SQL::escape($item['id']);
SQL::query($query, FALSE, $context['users_connection']);
// list the user in categories
if (isset($fields['tags']) && $fields['tags']) {
Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']);
}
// clear all the cache on profile update, because of avatars, etc.
$fields['id'] = $item['id'];
Users::clear($fields);
// send a confirmation message on password change
if (isset($context['with_email']) && $context['with_email'] == 'Y' && isset($fields['confirm']) && $item['email'] && $item['without_confirmations'] != 'Y') {
// message title
$subject = sprintf(i18n::s('Your account at %s'), strip_tags($context['site_name']));
// message body
$message = '<p>' . sprintf(i18n::s('This message has been automatically sent to you to confirm a change of your profile at %s.'), '<a href="' . $context['url_to_master'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Your nick name is %s'), $item['nick_name']) . BR . sprintf(i18n::s('Authenticate with password %s'), $fields['confirm']) . '</p>' . '<p>' . sprintf(i18n::s('On-line help is available at %s'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '">' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Thank you for your interest into %s.'), '<a href="' . $context['url_to_master'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>';
// enable threading
$headers = Mailer::set_thread('user:'******'id']);
// post the confirmation message
Mailer::notify(NULL, $item['email'], $subject, $message, $headers);
}
// update user session
if (isset($fields['nick_name']) && Surfer::get_id() && $fields['id'] == Surfer::get_id() && is_callable(array('Surfer', 'set'))) {
Surfer::set($fields);
}
// end of job
return TRUE;
}