/** * Return tag cloud * * @param array $tags key = tag, val = (quantity, id, size) * @return string html */ function tagcloud($tags) { $html = ''; if ($tags) { foreach ($tags as $key => $val) { $url = suxFunct::makeURL('/blog/tag/' . $val['id']); $html .= "<a href='{$url}' style='font-size: {$val['size']}%;' class='tag' >{$key}</a> <span class='quantity' >({$val['quantity']})</span> "; } } return $html; }
/** * Build the form and show the template * * @param array $dirty reference to unverified $_POST */ function formBuild(&$dirty) { $photoalbum = array(); // Editing a photoalbum $tmp = $this->photo->getAlbumByID($this->id); if (!$tmp) { suxFunct::redirect(suxFunct::makeURL('/photos')); } // Invalid id $photoalbum['id'] = $tmp['id']; $photoalbum['cover'] = $tmp['thumbnail']; // Don't allow spoofing unset($dirty['id']); $this->tpl->assign($photoalbum); // -------------------------------------------------------------------- // Form logic // -------------------------------------------------------------------- if (!empty($dirty)) { $this->tpl->assign($dirty); } else { suxValidate::disconnect(); } if (!suxValidate::is_registered_form()) { suxValidate::connect($this->tpl, true); // Reset connection // Register our validators suxValidate::register_validator('integrity', 'integrity:id', 'hasIntegrity'); } // -------------------------------------------------------------------- // Templating // -------------------------------------------------------------------- // Start pager $this->pager->limit = $this->per_page; $this->pager->setStart(); $this->pager->setPages($this->photo->countPhotos($this->id)); $this->r->text['pager'] = $this->pager->pageList(suxFunct::makeUrl("/photos/album/annotate/{$this->id}")); $this->r->arr['photos'] = $this->photo->getPhotos($this->pager->limit, $this->pager->start, $this->id); $this->r->text['form_url'] = suxFunct::makeUrl('/photos/album/annotate/' . $this->id, array('page' => $_GET['page'])); $this->r->text['back_url'] = suxFunct::getPreviousURL(); $this->r->title .= " | {$this->r->gtext['annotate_2']}"; $this->tpl->display('annotate.tpl'); }
/** * Constructor * * @param int $id message id */ function __construct($id = null) { // Declare objects $this->nb = new suxUserNaiveBayesian(); $this->msg = new suxThreadedMessages(); $this->r = new blogRenderer($this->module); // Renderer suxValidate::register_object('this', $this); // Register self to validator parent::__construct(); // Let the parent do the rest // Declare properties $this->msg->setPublished(null); if ($id) { if (!filter_var($id, FILTER_VALIDATE_INT) || $id < 1) { suxFunct::redirect(suxFunct::makeURL('/blog')); } // Invalid id } // Redirect if not logged in if (empty($_SESSION['users_id'])) { suxFunct::redirect(suxFunct::makeUrl('/user/register')); } // Security check if (!$this->user->isRoot()) { $access = $this->user->getAccess($this->module); if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['admin']) { if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['publisher']) { suxFunct::redirect(suxFunct::makeUrl('/blog')); } // Verfiy that we are allowed to edit this if (filter_var($id, FILTER_VALIDATE_INT)) { $tmp = $this->msg->getByID($id); if ($tmp['users_id'] != $_SESSION['users_id']) { suxFunct::redirect(suxFunct::makeUrl('/blog')); } } } } // Assign id: $this->id = $id; }
/** * Constructor * * @param int $id message id */ function __construct($id = null) { // Declare objects $this->bm = new suxBookmarks(); $this->r = new bookmarksRenderer($this->module); // Renderer suxValidate::register_object('this', $this); // Register self to validator parent::__construct(); // Let the parent do the rest // Declare properties $this->bm->setPublished(null); if ($id) { if (!filter_var($id, FILTER_VALIDATE_INT) || $id < 1) { suxFunct::redirect(suxFunct::makeURL('/bookmarks')); } // Invalid id } // Redirect if not logged in if (empty($_SESSION['users_id'])) { suxFunct::redirect(suxFunct::makeUrl('/user/register')); } // Check that the user is allowed to be here if (!$this->user->isRoot()) { $access = $this->user->getAccess($this->module); if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['admin']) { suxFunct::redirect(suxFunct::makeUrl('/bookmarks')); } } // This module can fallback on approve module foreach ($GLOBALS['CONFIG']['PREV_SKIP'] as $val) { if (mb_strpos($val, 'bookmarks/approve') === false) { $this->prev_skip[] = $val; } } // Assign id: $this->id = $id; }
/** * Constructor * * @param int $id album id */ function __construct($id = null) { if ($id) { if (!filter_var($id, FILTER_VALIDATE_INT) || $id < 1) { suxFunct::redirect(suxFunct::makeURL('/photos')); } // Invalid id } // Declare objects $this->photo = new suxPhoto(); // Photos $this->r = new photosRenderer($this->module); // Renderer suxValidate::register_object('this', $this); // Register self to validator parent::__construct(); // Let the parent do the rest // Declare properties $this->photo->setPublished(null); $this->id = $id; // Redirect if not logged in if (empty($_SESSION['users_id'])) { suxFunct::redirect(suxFunct::makeUrl('/user/register')); } // Security check if (!$this->user->isRoot()) { $access = $this->user->getAccess($this->module); if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['admin']) { if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['publisher']) { suxFunct::redirect(suxFunct::makeURL('/photos')); } elseif ($id) { if (!$this->photo->isAlbumOwner($id, $_SESSION['users_id'])) { suxFunct::redirect(suxFunct::makeURL('/photos')); } } } } }
/** * Handle a consumer's request to see if the end user is logged in * @param bool $wait */ private function checkid($wait) { $this->debug("checkid: wait? {$wait}"); /* Get the OpenID Request Parameters */ $identity = $_GET['openid_identity']; if (empty($identity)) { $this->errorGet('Missing identity'); } $assoc_handle = null; if (!empty($_GET['openid_assoc_handle'])) { $assoc_handle = $_GET['openid_assoc_handle']; } $return_to = $_GET['openid_return_to']; if (empty($return_to)) { $this->error400('Missing return_to'); } $trust_root = $return_to; if (!empty($_GET['openid_trust_root'])) { $trust_root = $_GET['openid_trust_root']; } $sreg_required = ''; if (!empty($_GET['openid_sreg_required'])) { $sreg_required = $_GET['openid_sreg_required']; } $sreg_optional = ''; if (!empty($_GET['openid_sreg_optional'])) { $sreg_optional = $_GET['openid_sreg_optional']; } // concatenate required and optional, if they want it we give it $sreg_requested = $sreg_required . ',' . $sreg_optional; // do the trust_root analysis if ($trust_root != $return_to) { // the urls are not the same, be sure return decends from trust if (!$this->urlDescends($return_to, $trust_root)) { $this->error500('Invalid trust_root: "' . $trust_root . '"'); } } // Make sure i am this identifier if (!mb_strpos($identity, 'user/profile') || !$this->urlDescends(suxFunct::canonicalizeUrl($identity), suxFunct::canonicalizeUrl(suxFunct::makeURL('/', null, true)))) { $this->debug("Invalid identity: {$identity}"); $this->debug("IdP URL: " . $this->profile['my_url']); $this->errorGet($return_to, "Invalid identity: '{$identity}'"); } // Establish trust if ($this->user->loginCheck() && $this->checkTrusted($_SESSION['users_id'], $trust_root)) { // The user trusts this URL $_SESSION['openid_accepted_url'] = $trust_root; } else { if ($wait && (!session_is_registered('openid_accepted_url') || $_SESSION['openid_accepted_url'] != $trust_root)) { // checkid_setup_mode() $_SESSION['openid_cancel_accept_url'] = $return_to; $_SESSION['openid_post_accept_url'] = $this->profile['req_url']; $_SESSION['openid_unaccepted_url'] = $trust_root; $this->debug('Transferring to acceptance mode.'); $this->debug('Cancel URL: ' . $_SESSION['openid_cancel_accept_url']); $this->debug('Post URL: ' . $_SESSION['openid_post_accept_url']); $q = mb_strpos($this->profile['my_url'], '?') ? '&' : '?'; $this->wrapRefresh($this->profile['my_url'] . $q . 'openid.mode=accept'); } } // begin setting up return keys $keys = array('mode' => 'id_res'); // if the user is not logged in, transfer to the authorization mode if ($this->user->loginCheck() === false) { if ($wait) { unset($_SESSION['openid_uniqid']); $_SESSION['openid_cancel_auth_url'] = $return_to; $_SESSION['openid_post_auth_url'] = $this->profile['req_url']; $this->debug('Transferring to authorization mode.'); $this->debug('Cancel URL: ' . $_SESSION['openid_cancel_auth_url']); $this->debug('Post URL: ' . $_SESSION['openid_post_auth_url']); $q = mb_strpos($this->profile['my_url'], '?') ? '&' : '?'; $this->wrapRefresh($this->profile['my_url'] . $q . 'openid.mode=authorize'); } else { $keys['user_setup_url'] = $this->profile['my_url']; } } else { // Trust URL if (isset($_SESSION['openid_always_trust']) && $_SESSION['openid_always_trust'] == 'yes') { $this->trustUrl($_SESSION['users_id'], $_SESSION['openid_accepted_url']); } // the user is logged in // remove the refresh URLs if set unset($_SESSION['openid_cancel_auth_url']); unset($_SESSION['openid_post_auth_url']); // check the assoc handle list($shared_secret, $expires) = $this->secret($assoc_handle); // if I can't verify the assoc_handle, or if it's expired if (!$shared_secret || is_numeric($expires) && $expires < time()) { $this->debug("Session expired or missing key: {$expires} < " . time()); if ($assoc_handle != null) { $keys['invalidate_handle'] = $assoc_handle; $this->destroyAssocHandle($assoc_handle); } $lifetime = time() + $this->profile['lifetime']; list($assoc_handle, $shared_secret) = $this->newAssoc($lifetime); } // $keys['identity'] = $this->profile['my_url']; $keys['identity'] = suxFunct::makeUrl('/user/profile/' . $_SESSION['nickname'], null, true); $keys['assoc_handle'] = $assoc_handle; $keys['return_to'] = $return_to; $fields = array_keys($keys); $tokens = ''; foreach ($fields as $key) { $tokens .= sprintf("%s:%s\n", $key, $keys[$key]); } // add sreg keys if ($this->user->loginCheck()) { $u = $this->user->getByID($_SESSION['users_id'], true); $sreg = @array('nickname' => $u['nickname'], 'email' => $u['email'], 'fullname' => "{$u['given_name']} {$u['family_name']}", 'dob' => $u['dob'], 'gender' => $u['gender'], 'postcode' => $u['postcode'], 'country' => $u['country'], 'language' => $u['language'], 'timezone' => $u['timezone']); // Unset empties foreach ($sreg as $key => $val) { $val = trim($val); if (empty($val)) { unset($sreg[$key]); } } // Sign keys foreach (explode(',', $sreg_requested) as $key) { $skey = 'sreg.' . $key; if (!empty($sreg[$key])) { $tokens .= sprintf("%s:%s\n", $skey, $sreg[$key]); $keys[$skey] = $sreg[$key]; $fields[] = $skey; } } } $keys['signed'] = implode(',', $fields); $keys['sig'] = base64_encode(hash_hmac('sha1', $tokens, $shared_secret, true)); } $this->wrapLocation($return_to, $keys); }
/** * Process the form * * @param array $clean reference to validated $_POST */ function formProcess(&$clean) { if (!isset($_FILES['image']) || !is_uploaded_file($_FILES['image']['tmp_name'])) { throw new Exception('No file uploaded?'); } // Check that the user is allowed to upload photos / Security check #2 if (!$this->user->isRoot()) { $access = $this->user->getAccess($this->module); if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['admin']) { if ($access < $GLOBALS['CONFIG']['ACCESS'][$this->module]['publisher']) { suxFunct::redirect(suxFunct::makeURL('/photos')); } elseif (!$this->photo->isAlbumOwner($clean['album'], $_SESSION['users_id'])) { suxFunct::redirect(suxFunct::makeURL('/photos')); } } } // Commence collecting $photo array $photo['photoalbums_id'] = $clean['album']; // Get extension $format = explode('.', $_FILES['image']['name']); $format = strtolower(end($format)); // Set the data dir $data_dir = suxFunct::dataDir($this->module); if ($format != 'zip') { // ---------------------------------------------------------------- // Image file // ---------------------------------------------------------------- list($resize, $fullsize) = suxPhoto::renameImage($_FILES['image']['name']); $photo['image'] = $resize; // Add image to $photo array $resize = $data_dir . "/{$resize}"; $fullsize = $data_dir . "/{$fullsize}"; $md5 = md5_file($_FILES['image']['tmp_name']); if (!$this->photo->isDupe($md5, $_SESSION['users_id'], $photo['photoalbums_id'])) { suxPhoto::resizeImage($format, $_FILES['image']['tmp_name'], $resize, $this->tpl->getConfigVars('thumbnailWidth'), $this->tpl->getConfigVars('thumbnailHeight')); move_uploaded_file($_FILES['image']['tmp_name'], $fullsize); // Insert $photo into database $photo['md5'] = $md5; $this->photo->savePhoto($_SESSION['users_id'], $photo); } } else { // ---------------------------------------------------------------- // Zip file // ---------------------------------------------------------------- $tmp_dir = $GLOBALS['CONFIG']['PATH'] . '/temporary/' . md5(uniqid(mt_rand(), true)); if (!is_dir($tmp_dir) && !mkdir($tmp_dir, 0777, true)) { throw new Exception('Can\'t create temp dir ' . $tmp_dir); } if (suxFunct::unzip($_FILES['image']['tmp_name'], $tmp_dir)) { $valid_formats = array('jpg', 'jpeg', 'png', 'gif'); $files = array(); foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($tmp_dir)) as $file) { if (!$file->isFile()) { continue; } if (mb_strpos($file->getPathname(), '__MACOSX') !== false) { continue; } $files[$file->getPathname()] = $file->getFilename(); } foreach ($files as $filepath => $file) { $format = explode('.', $file); $format = strtolower(end($format)); if (!in_array($format, $valid_formats)) { continue; } // Skip list($resize, $fullsize) = suxPhoto::renameImage($file); $photo['image'] = $resize; // Add image to $photo array $resize = $data_dir . "/{$resize}"; $fullsize = $data_dir . "/{$fullsize}"; $md5 = md5_file($filepath); if (!$this->photo->isDupe($md5, $_SESSION['users_id'], $photo['photoalbums_id'])) { suxPhoto::resizeImage($format, $filepath, $resize, $this->tpl->getConfigVars('thumbnailWidth'), $this->tpl->getConfigVars('thumbnailHeight')); copy($filepath, $fullsize); // Insert $photo into database $photo['md5'] = $md5; $this->photo->savePhoto($_SESSION['users_id'], $photo); } } } suxFunct::obliterateDir($tmp_dir); } $this->log->write($_SESSION['users_id'], "sux0r::photosUpload() photoalbums_id: {$photo['photoalbums_id']}", 1); // Private $this->photo->setPublished(true); $tmp = $this->photo->getAlbumByID($photo['photoalbums_id']); // Is actually published? $this->photo->setPublished(null); // Revert if ($tmp) { // Clear all caches, cheap and easy $this->tpl->clearAllCache(); // Log message $log = ''; $url = suxFunct::makeUrl("/user/profile/{$_SESSION['nickname']}", null, true); $log .= "<a href='{$url}'>{$_SESSION['nickname']}</a> "; $log .= mb_strtolower($this->r->gtext['uploaded_images']); $url = suxFunct::makeUrl("/photos/album/{$tmp['id']}", null, true); $log .= " <a href='{$url}'>{$tmp['title']}</a>"; // Log $this->log->write($_SESSION['users_id'], $log); // Clear caches, cheap and easy $tpl = new suxTemplate('user'); $tpl->clearCache(null, $_SESSION['nickname']); } }