本文整理汇总了PHP中init_groups_visitor函数的典型用法代码示例。如果您正苦于以下问题:PHP init_groups_visitor函数的具体用法?PHP init_groups_visitor怎么用?PHP init_groups_visitor使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了init_groups_visitor函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。
示例1: permissions_sql
function permissions_sql($owner_id, $remote_verified = false, $groups = null)
{
$local_user = local_user();
$remote_user = remote_user();
/**
* Construct permissions
*
* default permissions - anonymous user
*/
$sql = " AND allow_cid = '' \n\t\t\t AND allow_gid = '' \n\t\t\t AND deny_cid = '' \n\t\t\t AND deny_gid = '' \n\t";
/**
* Profile owner - everything is visible
*/
if ($local_user && $local_user == $owner_id) {
$sql = '';
} elseif ($remote_user) {
if (!$remote_verified) {
$r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1", intval($remote_user), intval($owner_id));
if (count($r)) {
$remote_verified = true;
$groups = init_groups_visitor($remote_user);
}
}
if ($remote_verified) {
$gs = '<<>>';
// should be impossible to match
if (is_array($groups) && count($groups)) {
foreach ($groups as $g) {
$gs .= '|<' . intval($g) . '>';
}
}
$sql = sprintf(" AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) \n\t\t\t\t AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) \n\t\t\t\t AND ( allow_gid = '' OR allow_gid REGEXP '%s' )\n\t\t\t\t AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s') \n\t\t\t\t", intval($remote_user), intval($remote_user), dbesc($gs), dbesc($gs));
}
}
return $sql;
}
开发者ID:nphyx,项目名称:friendica,代码行数:36,代码来源:security.php
示例2: photos_content
function photos_content(&$a)
{
// URLs:
// photos/name
// photos/name/upload
// photos/name/upload/xxxxx (xxxxx is album name)
// photos/name/album/xxxxx
// photos/name/album/xxxxx/edit
// photos/name/image/xxxxx
// photos/name/image/xxxxx/edit
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/conversation.php';
if (!x($a->data, 'user')) {
notice(t('No photos selected') . EOL);
return;
}
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
if ($a->argc > 3) {
$datatype = $a->argv[2];
$datum = $a->argv[3];
} elseif ($a->argc > 2 && $a->argv[2] === 'upload') {
$datatype = 'upload';
} else {
$datatype = 'summary';
}
if ($a->argc > 4) {
$cmd = $a->argv[4];
} else {
$cmd = 'view';
}
//
// Setup permissions structures
//
$can_post = false;
$visitor = 0;
$contact = null;
$remote_contact = false;
$owner_uid = $a->data['user']['uid'];
$community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($owner_uid));
if (count($r)) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
$visitor = remote_user();
}
}
}
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($owner_uid));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
if ($a->data['user']['hidewall'] && local_user() != $owner_uid && !$remote_contact) {
notice(t('Access to this item is restricted.') . EOL);
return;
}
$sql_extra = permissions_sql($owner_uid, $remote_contact, $groups);
$o = "";
// tabs
$_is_owner = local_user() && local_user() == $owner_uid;
$o .= profile_tabs($a, $_is_owner, $a->data['user']['nickname']);
//
// dispatch request
//
if ($datatype === 'upload') {
if (!$can_post) {
notice(t('Permission denied.'));
return;
}
$selname = $datum ? hex2bin($datum) : '';
$albumselect = '<select id="photos-upload-album-select" name="album" size="4">';
$albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>';
if (count($a->data['albums'])) {
foreach ($a->data['albums'] as $album) {
if ($album['album'] === '' || $album['album'] === 'Contact Photos' || $album['album'] === t('Contact Photos')) {
continue;
//.........这里部分代码省略.........
开发者ID:robhell,项目名称:friendica,代码行数:101,代码来源:photos.php
示例3: get_feed_for
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false)
{
$sitefeed = strlen($owner_nick) ? false : true;
// not yet implemented, need to rewrite huge chunks of following logic
$public_feed = $dfrn_id ? false : true;
$starred = false;
// not yet implemented, possible security issues
$converse = false;
if ($public_feed && $a->argc > 2) {
for ($x = 2; $x < $a->argc; $x++) {
if ($a->argv[$x] == 'converse') {
$converse = true;
}
if ($a->argv[$x] == 'starred') {
$starred = true;
}
if ($a->argv[$x] === 'category' && $a->argc > $x + 1 && strlen($a->argv[$x + 1])) {
$category = $a->argv[$x + 1];
}
}
}
// default permissions - anonymous user
$sql_extra = " AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' ";
$r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`\n\t\tFROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`\n\t\tWHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick));
if (!count($r)) {
killme();
}
$owner = $r[0];
$owner_id = $owner['user_uid'];
$owner_nick = $owner['nickname'];
$birthday = feed_birthday($owner_id, $owner['timezone']);
$sql_post_table = "";
$visibility = "";
if (!$public_feed) {
$sql_extra = '';
switch ($direction) {
case -1:
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
return false;
break;
// NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d {$sql_extra} LIMIT 1", intval($owner_id));
if (!count($r)) {
killme();
}
$contact = $r[0];
require_once 'include/security.php';
$groups = init_groups_visitor($contact['id']);
if (count($groups)) {
for ($x = 0; $x < count($groups); $x++) {
$groups[$x] = '<' . intval($groups[$x]) . '>';
}
$gs = implode('|', $groups);
} else {
$gs = '<<>>';
}
// Impossible to match
$sql_extra = sprintf("\n\t\t\tAND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )\n\t\t\tAND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )\n\t\t\tAND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\tAND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s')\n\t\t", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs));
}
if ($public_feed) {
$sort = 'DESC';
} else {
$sort = 'ASC';
}
// Include answers to status.net posts in pubsub feeds
if ($forpubsub) {
$sql_post_table = "INNER JOIN `thread` ON `thread`.`iid` = `item`.`parent`\n\t\t\t\tLEFT JOIN `item` AS `thritem` ON `thritem`.`uri`=`item`.`thr-parent` AND `thritem`.`uid`=`item`.`uid`";
$visibility = sprintf("AND (`item`.`parent` = `item`.`id`) OR (`item`.`network` = '%s' AND ((`thread`.`network`='%s') OR (`thritem`.`network` = '%s')))", dbesc(NETWORK_DFRN), dbesc(NETWORK_OSTATUS), dbesc(NETWORK_OSTATUS));
$date_field = "`received`";
$sql_order = "`item`.`received` DESC";
} else {
$date_field = "`changed`";
$sql_order = "`item`.`parent` " . $sort . ", `item`.`created` ASC";
}
if (!strlen($last_update)) {
$last_update = 'now -30 days';
}
if (isset($category)) {
$sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($owner_id));
//$sql_extra .= file_tag_file_query('item',$category,'category');
}
if ($public_feed) {
if (!$converse) {
$sql_extra .= " AND `contact`.`self` = 1 ";
}
}
$check_date = datetime_convert('UTC', 'UTC', $last_update, 'Y-m-d H:i:s');
// AND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )
//.........这里部分代码省略.........
开发者ID:EmilienB,项目名称:friendica,代码行数:101,代码来源:items.php
示例4: display_content
function display_content(&$a, $update = 0)
{
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once "include/bbcode.php";
require_once 'include/security.php';
require_once 'include/conversation.php';
require_once 'include/acl_selectors.php';
$o = '';
$a->page['htmlhead'] .= replace_macros(get_markup_template('display-head.tpl'), array());
if ($update) {
$nick = $_REQUEST['nick'];
} else {
$nick = $a->argc > 1 ? $a->argv[1] : '';
}
if ($update) {
$item_id = $_REQUEST['item_id'];
$a->profile = array('uid' => intval($update), 'profile_uid' => intval($update));
} else {
$item_id = $a->argc > 2 ? $a->argv[2] : 0;
if ($a->argc == 2) {
$nick = "";
if (local_user()) {
$r = q("SELECT `id` FROM `item`\n\t\t\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\t\t\tAND `guid` = '%s' AND `uid` = %d", $a->argv[1], local_user());
if (count($r)) {
$item_id = $r[0]["id"];
$nick = $a->user["nickname"];
}
}
if ($nick == "") {
$r = q("SELECT `user`.`nickname`, `item`.`id` FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\t\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\t\t\tAND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''\n\t\t\t\t\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''\n\t\t\t\t\t\tAND `item`.`private` = 0 AND NOT `user`.`hidewall`\n\t\t\t\t\t\tAND `item`.`guid` = '%s'", $a->argv[1]);
// AND `item`.`private` = 0 AND `item`.`wall` = 1
if (count($r)) {
$item_id = $r[0]["id"];
$nick = $r[0]["nickname"];
}
}
if ($nick == "") {
$r = q("SELECT `item`.`id` FROM `item`\n\t\t\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\t\t\tAND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''\n\t\t\t\t\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''\n\t\t\t\t\t\tAND `item`.`private` = 0 AND `item`.`uid` = 0\n\t\t\t\t\t\tAND `item`.`guid` = '%s'", $a->argv[1]);
// AND `item`.`private` = 0 AND `item`.`wall` = 1
if (count($r)) {
$item_id = $r[0]["id"];
}
}
}
}
if (!$item_id) {
$a->error = 404;
notice(t('Item not found.') . EOL);
return;
}
$groups = array();
$contact = null;
$remote_contact = false;
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['uid']) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['uid']));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($a->profile['uid']));
if (count($r)) {
$a->page_contact = $r[0];
}
$is_owner = local_user() && local_user() == $a->profile['profile_uid'] ? true : false;
if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
notice(t('Access to this profile has been restricted.') . EOL);
return;
}
if ($is_owner) {
$celeb = $a->user['page-flags'] == PAGE_SOAPBOX || $a->user['page-flags'] == PAGE_COMMUNITY ? true : false;
$x = array('is_owner' => true, 'allow_location' => $a->user['allow_location'], 'default_location' => $a->user['default-location'], 'nickname' => $a->user['nickname'], 'lockstate' => is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid'])) ? 'lock' : 'unlock', 'acl' => populate_acl($a->user, $celeb), 'bang' => '', 'visitor' => 'block', 'profile_uid' => local_user(), 'acl_data' => construct_acl_data($a, $a->user));
$o .= status_editor($a, $x, 0, true);
}
$sql_extra = item_permissions_sql($a->profile['uid'], $remote_contact, $groups);
// AND `item`.`parent` = ( SELECT `parent` FROM `item` FORCE INDEX (PRIMARY, `uri`) WHERE ( `id` = '%s' OR `uri` = '%s' ))
if ($update) {
$r = q("SELECT id FROM item WHERE item.uid = %d\n\t\t AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE (`id` = '%s' OR `uri` = '%s'))\n\t\t {$sql_extra} AND unseen = 1", intval($a->profile['uid']), dbesc($item_id), dbesc($item_id));
if (!$r) {
return '';
}
//.........这里部分代码省略.........
开发者ID:strk,项目名称:friendica,代码行数:101,代码来源:display.php
示例5: Verify
//.........这里部分代码省略.........
return true;
} else {
logger('already authenticated locally as somebody else.');
notice(t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($this->test) {
$this->Debug('already logged in locally with a conflicting identity.');
return false;
}
}
return false;
}
// Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the
// site private key
// The actual channel sending the packet ($c[0]) is not important, but this provides a
// generic zot packet with a sender which can be verified
$p = zot_build_packet($channel, $type = 'auth_check', array(array('guid' => $hubloc['hubloc_guid'], 'guid_sig' => $hubloc['hubloc_guid_sig'])), $hubloc['hubloc_sitekey'], $this->sec);
$this->Debug('auth check packet created using sitekey ' . $hubloc['hubloc_sitekey']);
$this->Debug('packet contents: ' . $p);
$result = zot_zot($hubloc['hubloc_callback'], $p);
if (!$result['success']) {
logger('auth_check callback failed.');
if ($this->test) {
$this->Debug('auth check request to your site returned .' . print_r($result, true));
}
return false;
}
$j = json_decode($result['body'], true);
if (!$j) {
logger('auth_check json data malformed.');
if ($this->test) {
$this->Debug('json malformed: ' . $result['body']);
}
return false;
}
$this->Debug('auth check request returned .' . print_r($j, true));
if (!$j['success']) {
return false;
}
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (!rsa_verify($this->sec . $hubloc['xchan_hash'], base64url_decode($j['confirm']), $hubloc['xchan_pubkey'])) {
logger('final confirmation failed.');
if ($this->test) {
$this->Debug('final confirmation failed. ' . $sec . print_r($j, true) . print_r($hubloc, true));
}
return false;
}
if (array_key_exists('service_class', $j)) {
$this->remote_service_class = $j['service_class'];
}
if (array_key_exists('level', $j)) {
$this->remote_level = $j['level'];
}
if (array_key_exists('DNT', $j)) {
$this->dnt = $j['DNT'];
}
// log them in
if ($this->test) {
// testing only - return the success result
$this->test_results['success'] = true;
$this->Debug('Authentication Success!');
$this->Finalise();
}
$_SESSION['authenticated'] = 1;
// check for delegation and if all is well, log them in locally with delegation restrictions
$this->delegate_success = false;
if ($this->delegate) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", dbesc($this->delegate));
if ($r && intval($r[0]['channel_id'])) {
$allowed = perm_is_allowed($r[0]['channel_id'], $hubloc['xchan_hash'], 'delegate');
if ($allowed) {
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
$_SESSION['delegate'] = $hubloc['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
require_once 'include/security.php';
// this will set the local_channel authentication in the session
change_channel($r[0]['channel_id']);
$this->delegate_success = true;
}
}
}
if (!$this->delegate_success) {
// normal visitor (remote_channel) login session credentials
$_SESSION['visitor_id'] = $hubloc['xchan_hash'];
$_SESSION['my_url'] = $hubloc['xchan_url'];
$_SESSION['my_address'] = $this->address;
$_SESSION['remote_service_class'] = $this->remote_service_class;
$_SESSION['remote_level'] = $this->remote_level;
$_SESSION['remote_hub'] = $this->remote_hub;
$_SESSION['DNT'] = $this->dnt;
}
$arr = array('xchan' => $hubloc, 'url' => $this->desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success', $arr);
\App::set_observer($hubloc);
require_once 'include/security.php';
\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $hubloc['xchan_name']));
logger('mod_zot: auth success from ' . $hubloc['xchan_addr']);
$this->success = true;
return true;
}
开发者ID:BlaBlaNet,项目名称:hubzilla,代码行数:101,代码来源:Auth.php
示例6: post_init
//.........这里部分代码省略.........
if ($already_authed || $j['success']) {
if ($j['success']) {
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (!rsa_verify($sec . $xx['xchan_hash'], base64url_decode($j['confirm']), $xx['xchan_pubkey'])) {
logger('mod_zot: auth: final confirmation failed.');
if ($test) {
$ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j, true) . print_r($xx, true);
continue;
}
continue;
}
if (array_key_exists('service_class', $j)) {
$remote_service_class = $j['service_class'];
}
if (array_key_exists('level', $j)) {
$remote_level = $j['level'];
}
if (array_key_exists('DNT', $j)) {
$DNT = $j['DNT'];
}
}
// everything is good... maybe
if (local_channel()) {
// tell them to logout if they're logged in locally as anything but the target remote account
// in which case just shut up because they don't need to be doing this at all.
if ($a->channel['channel_hash'] != $xx['xchan_hash']) {
logger('mod_zot: auth: already authenticated locally as somebody else.');
notice(t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($test) {
$ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
continue;
}
}
continue;
}
// log them in
if ($test) {
$ret['success'] = true;
$ret['message'] .= 'Authentication Success!' . EOL;
json_return_and_die($ret);
}
$delegation_success = false;
if ($delegate) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", dbesc($delegate));
if ($r && intval($r[0]['channel_id'])) {
$allowed = perm_is_allowed($r[0]['channel_id'], $xx['xchan_hash'], 'delegate');
if ($allowed) {
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
$_SESSION['delegate'] = $xx['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
require_once 'include/security.php';
change_channel($r[0]['channel_id']);
$delegation_success = true;
}
}
}
$_SESSION['authenticated'] = 1;
if (!$delegation_success) {
$_SESSION['visitor_id'] = $xx['xchan_hash'];
$_SESSION['my_url'] = $xx['xchan_url'];
$_SESSION['my_address'] = $address;
$_SESSION['remote_service_class'] = $remote_service_class;
$_SESSION['remote_level'] = $remote_level;
$_SESSION['remote_hub'] = $remote_hub;
$_SESSION['DNT'] = $DNT;
}
$arr = array('xchan' => $xx, 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success', $arr);
$a->set_observer($xx);
require_once 'include/security.php';
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $xx['xchan_name']));
logger('mod_zot: auth success from ' . $xx['xchan_addr']);
} else {
if ($test) {
$ret['message'] .= 'auth failure. ' . print_r($_REQUEST, true) . print_r($j, true) . EOL;
continue;
}
logger('mod_zot: magic-auth failure - not authenticated: ' . $xx['xchan_addr']);
}
if ($test) {
$ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST, true) . print_r($j, true) . EOL;
continue;
}
}
/**
* @FIXME we really want to save the return_url in the session before we
* visit rmagic. This does however prevent a recursion if you visit
* rmagic directly, as it would otherwise send you back here again.
* But z_root() probably isn't where you really want to go.
*/
if (strstr($desturl, z_root() . '/rmagic')) {
goaway(z_root());
}
if ($test) {
json_return_and_die($ret);
}
goaway($desturl);
}
}
开发者ID:23n,项目名称:hubzilla,代码行数:101,代码来源:post.php
示例7: public_permissions_sql
function public_permissions_sql($observer_hash)
{
$observer = get_app()->get_observer();
$groups = init_groups_visitor($observer_hash);
$gs = '<<>>';
// should be impossible to match
if (is_array($groups) && count($groups)) {
foreach ($groups as $g) {
$gs .= '|<' . $g . '>';
}
}
$sql = '';
if ($observer_hash) {
$sql = sprintf(" OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')\n\t\t\t AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )\n\t\t\t ))\n\t\t\t", dbesc(protect_sprintf('%<' . $observer_hash . '>%')), dbesc($gs), dbesc(protect_sprintf('%<' . $observer_hash . '>%')), dbesc($gs));
}
return $sql;
}
开发者ID:Mauru,项目名称:red,代码行数:17,代码来源:security.php
示例8: get_feed_for
function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update)
{
require_once 'bbcode.php';
// default permissions - anonymous user
$sql_extra = " \n\t\tAND `allow_cid` = '' \n\t\tAND `allow_gid` = '' \n\t\tAND `deny_cid` = '' \n\t\tAND `deny_gid` = '' \n\t";
if (strlen($owner_id) && !intval($owner_id)) {
$r = q("SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($owner_id));
if (count($r)) {
$owner_id = $r[0]['uid'];
$owner_nick = $r[0]['nickname'];
}
}
$r = q("SELECT * FROM `contact` WHERE `self` = 1 LIMIT 1");
if (count($r)) {
$owner = $r[0];
} else {
killme();
}
if ($dfrn_id != '*') {
$r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s' )) LIMIT 1", dbesc($dfrn_id), dbesc($dfrn_id));
if (!count($r)) {
return false;
}
$contact = $r[0];
$groups = init_groups_visitor($contact['id']);
if (count($groups)) {
for ($x = 0; $x < count($groups); $x++) {
$groups[$x] = '<' . intval($groups[$x]) . '>';
}
$gs = implode('|', $groups);
} else {
$gs = '<<>>';
}
// Impossible to match
$sql_extra = sprintf(" \n\t\t\tAND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\tAND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') \n\t\t", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs));
}
if ($dfrn_id == '' || $dfrn_id == '*') {
$sort = 'DESC';
} else {
$sort = 'ASC';
}
if (!strlen($last_update)) {
$last_update = 'now - 30 days';
}
$check_date = datetime_convert('UTC', 'UTC', $last_update, 'Y-m-d H:i:s');
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, \n\t\t`contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`,\n\t\t`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, \n\t\t`contact`.`id` AS `contact-id`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tWHERE `item`.`visible` = 1 \n\t\tAND NOT `item`.`type` IN ( 'remote', 'net-comment' ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )\n\t\t{$sql_extra}\n\t\tORDER BY `parent` %s, `created` ASC LIMIT 0, 300", dbesc($check_date), dbesc($check_date), dbesc($sort));
if (!count($r)) {
killme();
}
$items = $r;
$feed_template = file_get_contents('view/atom_feed.tpl');
$tomb_template = file_get_contents('view/atom_tomb.tpl');
$item_template = file_get_contents('view/atom_item.tpl');
$cmnt_template = file_get_contents('view/atom_cmnt.tpl');
$atom = '';
$atom .= replace_macros($feed_template, array('$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', $updated . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['avatar-date'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$uridate' => xmlify(datetime_convert('UTC', 'UTC', $owner['uri-date'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$namdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['name-date'] . '+00:00', 'Y-m-d\\TH:i:s\\Z'))));
foreach ($items as $item) {
// public feeds get html, our own nodes use bbcode
if ($dfrn_id == '*') {
$item['body'] = bbcode($item['body']);
$type = 'html';
} else {
$type = 'text';
}
if ($item['deleted']) {
$atom .= replace_macros($tomb_template, array('$id' => xmlify($item['uri']), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00', 'Y-m-d\\TH:i:s\\Z'))));
} else {
$verb = construct_verb($item);
$actobj = construct_activity($item);
if ($item['parent'] == $item['id']) {
$atom .= replace_macros($item_template, array('$name' => xmlify($item['name']), '$profile_page' => xmlify($item['url']), '$thumb' => xmlify($item['thumb']), '$owner_name' => xmlify($item['owner-name']), '$owner_profile_page' => xmlify($item['owner-link']), '$owner_thumb' => xmlify($item['owner-avatar']), '$item_id' => xmlify($item['uri']), '$title' => xmlify($item['title']), '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$location' => xmlify($item['location']), '$type' => $type, '$content' => xmlify($item['body']), '$verb' => xmlify($verb), '$actobj' => $actobj, '$comment_allow' => $item['last-child'] && strlen($contact['dfrn-id']) ? 1 : 0));
} else {
$atom .= replace_macros($cmnt_template, array('$name' => xmlify($item['name']), '$profile_page' => xmlify($item['url']), '$thumb' => xmlify($item['thumb']), '$item_id' => xmlify($item['uri']), '$title' => xmlify($item['title']), '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$type' => $type, '$content' => xmlify($item['body']), '$verb' => xmlify($verb), '$actobj' => $actobj, '$parent_id' => xmlify($item['parent-uri']), '$comment_allow' => $item['last-child'] ? 1 : 0));
}
}
}
$atom .= '</feed>' . "\r\n";
return $atom;
}
开发者ID:vishalp,项目名称:MistparkPE-Remix,代码行数:79,代码来源:items.php
示例9: post_init
//.........这里部分代码省略.........
$result = zot_zot($x[0]['hubloc_callback'], $p);
if (!$result['success']) {
logger('mod_zot: auth_check callback failed.');
if ($test) {
$ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
json_return_and_die($ret);
}
goaway($desturl);
}
$j = json_decode($result['body'], true);
if (!$j) {
logger('mod_zot: auth_check json data malformed.');
if ($test) {
$ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
json_return_and_die($ret);
}
}
}
if ($test) {
$ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL;
}
if ($already_authed || $j['success']) {
if ($j['success']) {
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (!rsa_verify($sec . $x[0]['xchan_hash'], base64url_decode($j['confirm']), $x[0]['xchan_pubkey'])) {
logger('mod_zot: auth: final confirmation failed.');
if ($test) {
$ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j, true) . print_r($x[0], true);
json_return_and_die($ret);
}
goaway($desturl);
}
if (array_key_exists('service_class', $j)) {
$remote_service_class = $j['service_class'];
}
if (array_key_exists('level', $j)) {
$remote_level = $j['level'];
}
if (array_key_exists('DNT', $j)) {
$DNT = $j['DNT'];
}
}
// everything is good... maybe
if (local_user()) {
// tell them to logout if they're logged in locally as anything but the target remote account
// in which case just shut up because they don't need to be doing this at all.
if ($a->channel['channel_hash'] != $x[0]['xchan_hash']) {
logger('mod_zot: auth: already authenticated locally as somebody else.');
notice(t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($test) {
$ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
json_return_and_die($ret);
}
}
goaway($desturl);
}
// log them in
if ($test) {
$ret['success'] = true;
$ret['message'] .= 'Authentication Success!' . EOL;
json_return_and_die($ret);
}
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
$_SESSION['my_url'] = $x[0]['xchan_url'];
$_SESSION['my_address'] = $address;
$_SESSION['remote_service_class'] = $remote_service_class;
$_SESSION['remote_level'] = $remote_level;
$_SESSION['remote_hub'] = $remote_hub;
$_SESSION['DNT'] = $DNT;
$arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success', $arr);
$a->set_observer($x[0]);
require_once 'include/security.php';
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $x[0]['xchan_name']));
logger('mod_zot: auth success from ' . $x[0]['xchan_addr']);
q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", intval(HUBLOC_WORKS), intval($x[0]['hubloc_id']));
} else {
if ($test) {
$ret['message'] .= 'auth failure. ' . print_r($_REQUEST, true) . print_r($j, true) . EOL;
json_return_and_die($ret);
}
logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']);
q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", intval(HUBLOC_RECEIVE_ERROR), intval($x[0]['hubloc_id']));
}
// FIXME - we really want to save the return_url in the session before we visit rmagic.
// This does however prevent a recursion if you visit rmagic directly, as it would otherwise send you back here again.
// But z_root() probably isn't where you really want to go.
if ($test) {
$ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST, true) . print_r($j, true) . EOL;
json_return_and_die($ret);
}
if (strstr($desturl, z_root() . '/rmagic')) {
goaway(z_root());
}
goaway($desturl);
}
return;
}
开发者ID:Mauru,项目名称:red,代码行数:101,代码来源:post.php
示例10: get_feed_for
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
{
// default permissions - anonymous user
if (!strlen($owner_nick)) {
killme();
}
$public_feed = $dfrn_id ? false : true;
$starred = false;
$converse = false;
if ($public_feed && $a->argc > 2) {
for ($x = 2; $x < $a->argc; $x++) {
if ($a->argv[$x] == 'converse') {
$converse = true;
}
if ($a->argv[$x] == 'starred') {
$starred = true;
}
}
}
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
$r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`\n\t\tFROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`\n\t\tWHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick));
if (!count($r)) {
killme();
}
$owner = $r[0];
$owner_id = $owner['user_uid'];
$owner_nick = $owner['nickname'];
$birthday = feed_birthday($owner_id, $owner['timezone']);
if (!$public_feed) {
$sql_extra = '';
switch ($direction) {
case -1:
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
return false;
break;
// NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d {$sql_extra} LIMIT 1", intval($owner_id));
if (!count($r)) {
killme();
}
$contact = $r[0];
$groups = init_groups_visitor($contact['id']);
if (count($groups)) {
for ($x = 0; $x < count($groups); $x++) {
$groups[$x] = '<' . intval($groups[$x]) . '>';
}
$gs = implode('|', $groups);
} else {
$gs = '<<>>';
}
// Impossible to match
$sql_extra = sprintf(" \n\t\t\tAND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\tAND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') \n\t\t", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs));
}
if ($public_feed) {
$sort = 'DESC';
} else {
$sort = 'ASC';
}
if (!strlen($last_update)) {
$last_update = 'now -30 days';
}
if ($public_feed) {
if (!$converse) {
$sql_extra .= " AND `contact`.`self` = 1 ";
}
}
$check_date = datetime_convert('UTC', 'UTC', $last_update, 'Y-m-d H:i:s');
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, \n\t\t`contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`,\n\t\t`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, \n\t\t`contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid`,\n\t\t`sign`.`signed_text`, `sign`.`signature`, `sign`.`signer`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tLEFT JOIN `sign` ON `sign`.`iid` = `item`.`id`\n\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`parent` != 0 \n\t\tAND `item`.`wall` = 1 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )\n\t\t{$sql_extra}\n\t\tORDER BY `parent` %s, `created` ASC LIMIT 0, 300", intval($owner_id), dbesc($check_date), dbesc($check_date), dbesc($sort));
// Will check further below if this actually returned results.
// We will provide an empty feed if that is the case.
$items = $r;
$feed_template = get_markup_template($dfrn_id ? 'atom_feed_dfrn.tpl' : 'atom_feed.tpl');
$atom = '';
$hubxml = feed_hublinks();
$salmon = feed_salmonlinks($owner_nick);
$atom .= replace_macros($feed_template, array('$version' => xmlify(FRIENDICA_VERSION), '$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)), '$hub' => $hubxml, '$salmon' => $salmon, '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['avatar-date'] . '+00:00', ATOM_TIME)), '$uridate' => xmlify(datetime_convert('UTC', 'UTC', $owner['uri-date'] . '+00:00', ATOM_TIME)), '$namdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['name-date'] . '+00:00', ATOM_TIME)), '$birthday' => strlen($birthday) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''));
call_hooks('atom_feed', $atom);
if (!count($items)) {
call_hooks('atom_feed_end', $atom);
$atom .= '</feed>' . "\r\n";
return $atom;
}
foreach ($items as $item) {
// public feeds get html, our own nodes use bbcode
if ($public_feed) {
$type = 'html';
// catch any email that's in a public conversation and make sure it doesn't leak
if ($item['private']) {
//.........这里部分代码省略.........
开发者ID:ryivhnn,项目名称:friendica,代码行数:101,代码来源:items.php
示例11: profile_content
function profile_content(&$a, $update = false)
{
require_once "include/bbcode.php";
require_once 'include/security.php';
$groups = array();
$tab = 'posts';
if (remote_user()) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($contact_id));
if (count($r)) {
$contact = $r[0];
}
} else {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$a->profile['profile_uid'] = 1;
if (!$update) {
if (x($_GET, 'tab')) {
$tab = notags(trim($_GET['tab']));
}
$tpl = file_get_contents('view/profile_tabs.tpl');
$o .= replace_macros($tpl, array('$url' => $a->get_baseurl() . '/' . $a->cmd, '$phototab' => $a->get_baseurl() . '/photos/' . $a->profile['nickname']));
if ($tab == 'profile') {
require_once 'view/profile_advanced.php';
return $o;
}
if (can_write_wall($a, 1)) {
$tpl = file_get_contents('view/jot-header.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
require_once 'view/acl_selectors.php';
$tpl = file_get_contents("view/jot.tpl");
if (is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid']))) {
$lockstate = 'lock';
} else {
$lockstate = 'unlock';
}
$o .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$defloc' => $_SESSION['uid'] == 1 ? $a->user['default-location'] : '', '$return_path' => $a->cmd, '$visitor' => $_SESSION['uid'] == 1 ? 'block' : 'none', '$lockstate' => $lockstate, '$acl' => $_SESSION['uid'] == 1 ? populate_acl($a->user) : '', '$profile_uid' => 1));
}
if ($tab == 'posts' && !$a->pager['start']) {
$o .= '<div id="live-profile"></div>' . "\r\n";
}
}
// default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
// Profile owner - everything is visible
if (local_user()) {
$sql_extra = '';
// Oh - while we're here... reset the Unseen messages
$r = q("UPDATE `item` SET `unseen` = 0 WHERE `type` != 'remote' AND `unseen` = 1 ");
} elseif (remote_user()) {
$gs = '<<>>';
// should be impossible to match
if (count($groups)) {
foreach ($groups as $g) {
$gs .= '|<' . intval($g) . '>';
}
}
$sql_extra = sprintf(" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) \n\t\t\t AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) \n\t\t\t AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\t AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", intval($_SESSION['visitor_id']), intval($_SESSION['visitor_id']), dbesc($gs), dbesc($gs));
}
$r = q("SELECT COUNT(*) AS `total`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` AND `type` != 'remote') \n\t\t{$sql_extra} ");
if (count($r)) {
$a->set_pager_total($r[0]['total']);
}
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, \n\t\t`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, \n\t\t`contact`.`id` AS `cid`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tAND `contact`.`blocked` = 0 AND `contact`.
|
请发表评论