| [ PHPXref.com ] | [ Generated: Sun Jul 20 16:25:17 2008 ] | [ ActionApps 2.8.1b ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Script for submitting items anonymously, without accessing the admin interface 4 * 5 * See documentation in doc/anonym.html. 6 * 7 * Parameters (usually from a HTML form): 8 * <pre> 9 * my_item_id - item id, used when editing (not adding a new) item in the 10 * anonymous form 11 * slice_id - id of slice into which the item is added 12 * notvalidate - if true, data input validation is skipped 13 * ok_url - url where to go, if item is successfully stored in database 14 * err_url - url where to go, if item is not stored in database (due to 15 * validation of data, ...) 16 * force_status_code - you may add this to force to change the status code 17 * but the new status code must always be higher than bin2fill 18 * setting (you can't add to the Active bin, for example) 19 * notshown[] - array (form field ID => 1) of unpacked IDs, e.g. v7075626c6973685f646174652e2e2e2e 20 * which are shown in the control panel but not in the anonym form 21 * bool use_post2shtml If true, use the post2shtml script to send the error 22 * description and the values filled to fillform.php3. 23 * bool text_password If true, the password is stored in text form (not encrypted). 24 * </pre> 25 * 26 * @package UserInput 27 * @version $Id: filler.php3,v 1.36 2005/06/15 09:38:51 honzam Exp $ 28 * @author Honza Malík, Jakub Adámek, Econnect 29 * @copyright Copyright (C) 1999, 2000 Association for Progressive Communications 30 */ 31 /* 32 Copyright (C) 1999, 2000 Association for Progressive Communications 33 http://www.apc.org/ 34 35 This program is free software; you can redistribute it and/or modify 36 it under the terms of the GNU General Public License as published by 37 the Free Software Foundation; either version 2 of the License, or 38 (at your option) any later version. 39 40 This program is distributed in the hope that it will be useful, 41 but WITHOUT ANY WARRANTY; without even the implied warranty of 42 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 43 GNU General Public License for more details. 44 45 You should have received a copy of the GNU General Public License 46 along with this program (LICENSE); if not, write to the Free Software 47 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 48 */ 49 50 /** 51 * Handle with PHP magic quotes - quote the variables if quoting is set off 52 * @param mixed $val the variable or array to quote (add slashes) 53 * @return mixed the quoted variables (with added slashes) 54 */ 55 //$GLOBALS[debug]=0; $GLOBALS[errcheck] =1; 56 57 $debugfill=$GLOBALS[debugfill]; 58 59 function Myaddslashes($val, $n=1) { 60 if (!is_array($val)) { 61 return addslashes($val); 62 } 63 for (reset($val); list($k, $v) = each($val); ) 64 $ret[$k] = Myaddslashes($v, $n+1); 65 return $ret; 66 } 67 68 if (!get_magic_quotes_gpc()) { 69 // Overrides GPC variables 70 if ( isset($HTTP_GET_VARS) AND is_array($HTTP_GET_VARS)) 71 for (reset($HTTP_GET_VARS); list($k, $v) = each($HTTP_GET_VARS); ) 72 $$k = Myaddslashes($v); 73 if ( isset($HTTP_POST_VARS) AND is_array($HTTP_POST_VARS)) 74 for (reset($HTTP_POST_VARS); list($k, $v) = each($HTTP_POST_VARS); ) 75 $$k = Myaddslashes($v); 76 if ( isset($HTTP_COOKIE_VARS) AND is_array($HTTP_COOKIE_VARS)) 77 for (reset($HTTP_COOKIE_VARS); list($k, $v) = each($HTTP_COOKIE_VARS); ) 78 $$k = Myaddslashes($v); 79 } 80 81 /** APC-AA configuration file */ 82 require_once "include/config.php3"; 83 /** Main include file for using session management function on a page */ 84 require_once $GLOBALS['AA_INC_PATH']."locsess.php3"; 85 /** Set of useful functions used on most pages */ 86 require_once $GLOBALS['AA_INC_PATH']."util.php3"; 87 require_once $GLOBALS['AA_INC_PATH']."formutil.php3"; 88 /** Defines class for inserting and updating database fields */ 89 require_once $GLOBALS['AA_INC_PATH']."varset.php3"; 90 require_once $GLOBALS['AA_INC_PATH']."itemfunc.php3"; 91 /** utility for notifying people of events by email */ 92 require_once $GLOBALS['AA_INC_PATH']."notify.php3"; 93 /** defines PageCache class used for caching informations into database */ 94 require_once $GLOBALS['AA_INC_PATH']."pagecache.php3"; 95 /** date helper functions */ 96 require_once $GLOBALS['AA_INC_PATH']."date.php3"; 97 require_once $GLOBALS['AA_INC_PATH']."feeding.php3"; 98 require_once $GLOBALS['AA_INC_PATH']."zids.php3"; 99 require_once $GLOBALS['AA_INC_PATH']."sliceobj.php3"; 100 101 102 function UseShowResult($txt,$url) { 103 // allows to call a script showing the error results from fillform 104 $GLOBALS["HTTP_POST_VARS"]["result"] = $txt; 105 // allows fillform to use this data 106 $GLOBALS["HTTP_POST_VARS"]["oldcontent4id"] = StripslashesArray($GLOBALS["content4id"]); 107 if (!$url) huhe("Warning: no Url on anonymous form (could be ok_url or err_url missing"); 108 $GLOBALS["shtml_page"] = $url; 109 if ($GLOBALS[debugfill]) huhl("Filler:UseShowResult"); 110 require_once "post2shtml.php3"; // Beware this doesn't just define functions! 111 exit; 112 } 113 114 /** 115 * Outputs a notification page when an error occurs. 116 * If the err_url parameter is passed, redirects to the specified URL, 117 * and passes $txt as the URL parameter named "result". 118 * else generates an error page with the $txt message. 119 * @param string $txt error message to print 120 */ 121 function SendErrorPage($txt) { 122 if ( !$GLOBALS["err_url"] ) { 123 if ($GLOBALS[debugfill]) huhl("SendErrorPage with no url and txt=",$txt," err_url=",$GLOBALS["err_url"] ); 124 echo HtmlPageBegin(""); 125 echo "</head><body>"; 126 if (is_array($txt)) { 127 PrintArray($txt); 128 } else { 129 echo $txt; 130 } 131 echo "</body></html>"; 132 exit; 133 } else { 134 if (!$GLOBALS["use_post2shtml"]) { 135 $posturl = con_url($GLOBALS["err_url"], "result=".substr(serialize($txt),0,1000)); 136 if ($GLOBALS[debugfill]) huhl("Going to post2shtml posturl=",$posturl); 137 go_url($posturl); 138 } else { 139 if ($GLOBALS[debugfill]) huhl("Show result with url=",$GLOBALS["err_url"], " txt=",$txt); 140 UseShowResult($txt,$GLOBALS["err_url"]); 141 } 142 } 143 } 144 145 /** 146 * Loads a page if posting is successful. If the ok_url parameter is passed, 147 * redirects to the specified URL, else returns to the calling page. 148 */ 149 function SendOkPage($txt) { 150 global $debugfill; 151 if ($debugfill) huhl("Filler:SendOkPage:",$txt); 152 if (!$GLOBALS["ok_url"]) { 153 go_url($GLOBALS['HTTP_REFERER']); 154 } elseif (!$GLOBALS["use_post2shtml"]) { 155 go_url($GLOBALS["ok_url"]); 156 } else { 157 UseShowResult($txt,$GLOBALS["ok_url"]); 158 } 159 } 160 161 //$debugfill=1; 162 if ($debugfill) huhl("DEBUGGING FILL PLEASE COME BACK LATER"); 163 164 // init used objects 165 //if ($debugfill) huhl("Filler: Globals=",$GLOBALS); 166 if ( !$slice_id ) SendErrorPage(array ("fatal"=>_m("Slice ID not defined"))); 167 168 $slice = new slice($slice_id); 169 $p_slice_id = q_pack_id($slice_id); 170 $slice_info = GetSliceInfo($slice_id); 171 172 if (!$slice_info) { 173 SendErrorPage(array ("fatal"=>_m("Bad slice ID"))); 174 } 175 176 // if you want to edit an item from an anonymous form, prepare its ID into 177 // the my_item_id hidden field 178 if (!$my_item_id) { 179 $my_item_id = new_id(); 180 $insert = true; 181 } else { 182 $db->query("SELECT id FROM item WHERE id='".q_pack_id($my_item_id)."'"); 183 $insert = ! $db->next_record(); 184 } 185 if ($debugfill) huhl("Debugfill insert=",$insert); 186 187 // Fills also global variable $oldcontent4id (which is NOT! DB quoted) 188 // (so $oldcontent4id is incompatible with $content4id - should be fixed 189 // by using ItemContent object in near future) 190 ValidateContent4Id($err_valid, $slice, $insert ? "insert" : "update", $my_item_id, !$notvalidate, $notshown); 191 list($fields, $prifields) = $slice->fields(); 192 193 if (!(isset($prifields) AND is_array($prifields))) { 194 SendErrorPage(array ("fatal"=>_m("No fields defined for this slice"))); 195 } 196 197 if ($debugfill) huhl("Debugfill err_valid=",$err_valid); 198 199 if (count($err_valid) > 1) { 200 unset($err_valid["Init"]); 201 $zids = new zids(); 202 foreach ( $err_valid as $field_zid => $msg) { 203 $zids->refill(substr($field_zid,1)); // remove first 'v' in the name 204 if ($debugfill) huhl("Debugfill $zids=",$zids, '-', $zids->packedids(0)); 205 $result["validate"][$zids->packedids(0)] = $msg; 206 } 207 } 208 209 // prepare content4id array before calling StoreItem (content4id is QUOTED!) 210 $content4id = GetContentFromForm( $slice, $oldcontent4id, $insert ); 211 212 // copy old values for fields not shown in the form 213 if (! $insert && is_array($notshown)) { 214 foreach ( $notshown as $vfield_id => $foo) { 215 $field_ids[] = substr($vfield_id,1); // remove first 'v' 216 } 217 $zids = new zids($field_ids,'l'); 218 for ($i = 0; $i < $zids->count(); $i ++) { 219 $field_id = $zids->packedids($i); 220 $content4id[$field_id] = $oldcontent4id[$field_id]; 221 } 222 } 223 224 // put the item into the right bin 225 $bin2fill = $slice_info["permit_anonymous_post"]; 226 if ($debugfill) huhl("bin2fill=",$bin2fill, " force_status_code=",$force_status_code); 227 if ( $bin2fill < 1 ) SendErrorPage(array("fatal"=>_m("Anonymous posting not admitted."))); 228 // you may force to put the item into a higher bin (active < hold < trash) 229 $bin2fill = max ($bin2fill, $force_status_code); 230 // Allow setting status code in form, but only below force or bin2fill 231 $content4id["status_code....."][0]['value'] = max($bin2fill,$content4id["status_code....."][0]['value'] ); 232 233 if ($insert) { 234 $content4id["flags..........."][0]['value'] = ITEM_FLAG_ANONYMOUS_EDITABLE; 235 } elseif (!is_array($result)) { 236 if ($debugfill) huhl("Perms=",$slice_info["permit_anonymous_edit"]); 237 // Proove we are permitted to update this item. 238 switch ($slice_info["permit_anonymous_edit"]) { 239 case ANONYMOUS_EDIT_NOT_ALLOWED: $permok = false; break; 240 case ANONYMOUS_EDIT_ALL: $permok = true; break; 241 case ANONYMOUS_EDIT_ONLY_ANONYMOUS: 242 case ANONYMOUS_EDIT_NOT_EDITED_IN_AA: 243 $oldflags = $oldcontent4id["flags..........."][0]['value']; 244 // are we allowed to update this item? 245 $permok = (($oldflags & ITEM_FLAG_ANONYMOUS_EDITABLE) != 0); 246 $content4id["flags..........."][0]['value'] = $oldflags; 247 break; 248 case ANONYMOUS_EDIT_HTTP_AUTH: 249 // For HTTP_AUTH permissions the reader is found in fillform.php3. 250 // Here we don't get the $_SERVER["REMOTE_USER"] information. 251 $permok = true; 252 break; 253 case ANONYMOUS_EDIT_PASSWORD: 254 if ($debugfill) huhl("Checking Password"); 255 $permok = false; 256 reset ($fields); 257 while (list ($fid) = each($fields)) 258 if (substr ($fid,0,14) == "password......") { 259 $password = $content4id[$fid][0]['value']; 260 $crypt_password = crypt($password, 'xx'); 261 $old_password = $oldcontent4id[$fid][0]['value']; 262 if ($debugfill) huhl("Checking password field=$fid = new=$password old=$old_password text_password=$text_password crypt=$crypt_password"); 263 $permok = ( 264 // Old check, based on text_password flag 265 ($text_password 266 ? ($password == $old_password) 267 : ($crypt_password == $old_password)) 268 // Heuristic based on if old looks encrypted 269 || ( (substr($old_password,0,2) != 'xx') 270 && ($old_password == $password))); 271 if ($debugfill) huhl("permok=$permok"); 272 break; 273 } 274 break; 275 } 276 277 if (!$permok) { 278 $result["permissions"] = _m("You are not allowed to update this item."); 279 } 280 } 281 282 if ($debugfill) huhl("result=",$result); 283 284 // See doc/anonym.html for structure of $result, which is intended 285 // for fillform.php3 to interpret and display 286 287 if ($debugfill) exit; 288 289 if ($debugfill) huhl("Going to Store Item"); 290 if ($debugfill) huhl("content4id=",$content4id); 291 if (is_array($result)) { 292 SendErrorPage( $result ); 293 } elseif (!StoreItem( $my_item_id, $slice_id, $content4id, $fields, $insert, true, true, $oldcontent4id )) { // insert, invalidatecache, feed 294 if ($debugfill) huhl("Filler: sending error"); 295 SendErrorPage( array("store" => _m("Some error in store item."))); 296 } else { 297 if ($debugfill) huhl("Filler: Sending ok"); 298 SendOkPage( array("success" => $insert ? "insert" : "update" )); 299 } 300 301 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| [ Powered by PHPXref - Served by Debian GNU/Linux ] |