enwikipedia-acc /
waca
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
| 1 | <?php |
||
| 75 | |||
| 76 | // Checks whether the user want to reset his password or register a new account. |
||
| 77 | // Performs the clause when the action is not one of the above options. |
||
| 78 | if ($action != 'register' && $action != 'forgotpw' && $action != 'sreg' && $action != "registercomplete" && $action != "login") { |
||
|
|
|||
| 79 | echo showlogin(); |
||
| 80 | BootstrapSkin::displayInternalFooter(); |
||
| 81 | die(); |
||
| 529 | $fetchStatement = gGetDb()->prepare($sqlText); |
||
| 530 | $data = array(); |
||
| 531 | |||
| 532 | //$fetchStatement->execute(array(":type" => "Interface")); |
||
| 533 | //$data['Public Interface messages'] = $fetchStatement->fetchAll(PDO::FETCH_CLASS, 'InterfaceMessage'); |
||
| 534 | |||
| 535 | $fetchStatement->execute(array(":type" => "Internal")); |
||
| 536 | $data['Internal Interface messages'] = $fetchStatement->fetchAll(PDO::FETCH_CLASS, 'InterfaceMessage'); |
||
| 670 | |||
| 671 | $template->delete(); |
||
| 672 | |||
| 673 | SessionAlert::success("Template deleted. Any users who were using this template have had automatic welcoming disabled."); |
||
| 674 | Notification::welcomeTemplateDeleted($tid); |
||
| 675 | }); |
||
| 676 | |||
| 797 | break; |
||
| 798 | case 'EMail': |
||
| 799 | // TODO: cut this down to a bare-bones implementation so we don't accidentally reject a valid address. |
||
| 800 | if (!preg_match(';^(?:[A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]+(?:\.[A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[A-Za-z0-9](?:[A-Za-z0-9-]*[A-Za-z0-9])?\.)+[A-Za-z0-9](?:[A-Za-z0-9-]*[A-Za-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[A-Za-z0-9-]*[A-Za-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$;', $_POST['target'])) { |
||
| 801 | BootstrapSkin::displayAlertBox( |
||
| 802 | "Invalid target - email address expected.", |
||
| 803 | "alert-error", |
||
| 810 | } |
||
| 811 | break; |
||
| 812 | default: |
||
| 813 | BootstrapSkin::displayAlertBox("I don't know what type of target you want to ban! You'll need to choose from email address, IP, or requested name.", "alert-error", "", false, false); |
||
| 814 | BootstrapSkin::displayInternalFooter(); |
||
| 815 | die(); |
||
| 816 | } |
||
| 921 | global $smarty; |
||
| 922 | |||
| 923 | if (isset ($_GET['ip']) || isset ($_GET['email']) || isset ($_GET['name'])) { |
||
| 924 | View Code Duplication | if (!User::getCurrent()->isAdmin() && !User::getCurrent()->isCheckuser()) { |
|
| 925 | BootstrapSkin::displayAlertBox("Only administrators or checkusers may ban users", "alert-error"); |
||
| 926 | BootstrapSkin::displayInternalFooter(); |
||
| 927 | die(); |
||
| 1143 | |||
| 1144 | // check the checksum is valid |
||
| 1145 | if ($request->getChecksum() != $_GET['sum']) { |
||
| 1146 | BootstrapSkin::displayAlertBox("This is similar to an edit conflict on Wikipedia; it means that you have tried to perform an action on a request that someone else has performed an action on since you loaded the page.", "alert-error", "Invalid Checksum", true, false); |
||
| 1147 | BootstrapSkin::displayInternalFooter(); |
||
| 1148 | die(); |
||
| 1149 | } |
||
| 1150 | |||
| 1151 | // check if an email has already been sent |
||
| 1152 | if ($request->getEmailSent() == "1" && !isset($_GET['override']) && $gem != 0) { |
||
| 1153 | $alertContent = "<p>This request has already been closed in a manner that has generated an e-mail to the user, Proceed?</p><br />"; |
||
| 1154 | $alertContent .= "<div class=\"row-fluid\">"; |
||
| 1155 | $alertContent .= "<a class=\"btn btn-success offset3 span3\" href=\"$baseurl/acc.php?sum=" . $_GET['sum'] . "&action=done&id=" . $_GET['id'] . "&override=yes&email=" . $_GET['email'] . "\">Yes</a>"; |
||
| 1156 | $alertContent .= "<a class=\"btn btn-danger span3\" href=\"$baseurl/acc.php\">No</a>"; |
||
| 1157 | $alertContent .= "</div>"; |
||
| 1158 | |||
| 1162 | } |
||
| 1163 | |||
| 1164 | // check the request is not reserved by someone else |
||
| 1165 | if ($request->getReserved() != 0 && !isset($_GET['reserveoverride']) && $request->getReserved() != User::getCurrent()->getId()) { |
||
| 1166 | $alertContent = "<p>This request is currently marked as being handled by " . $request->getReservedObject()->getUsername() . ", Proceed?</p><br />"; |
||
| 1167 | $alertContent .= "<div class=\"row-fluid\">"; |
||
| 1168 | $alertContent .= "<a class=\"btn btn-success offset3 span3\" href=\"$baseurl/acc.php?" . $_SERVER["QUERY_STRING"] . "&reserveoverride=yes\">Yes</a>"; |
||
| 1169 | $alertContent .= "<a class=\"btn btn-danger span3\" href=\"$baseurl/acc.php\">No</a>"; |
||
| 1170 | $alertContent .= "</div>"; |
||
| 1171 | |||
| 1181 | } |
||
| 1182 | |||
| 1183 | // Checks whether the username is already in use on Wikipedia. |
||
| 1184 | $userexist = file_get_contents("http://en.wikipedia.org/w/api.php?action=query&list=users&ususers=" . urlencode($request->getName()) . "&format=php"); |
||
| 1185 | $ue = unserialize($userexist); |
||
| 1186 | if (!isset ($ue['query']['users']['0']['missing'])) { |
||
| 1187 | $exists = true; |
||
| 1200 | |||
| 1201 | // check if a request being created does not already exist. |
||
| 1202 | if ($isForCreated && !$exists && !isset($_GET['createoverride'])) { |
||
| 1203 | $alertContent = "<p>You have chosen to mark this request as \"created\", but the account does not exist on the English Wikipedia, proceed?</p><br />"; |
||
| 1204 | $alertContent .= "<div class=\"row-fluid\">"; |
||
| 1205 | $alertContent .= "<a class=\"btn btn-success offset3 span3\" href=\"$baseurl/acc.php?" . $_SERVER["QUERY_STRING"] . "&createoverride=yes\">Yes</a>"; |
||
| 1206 | $alertContent .= "<a class=\"btn btn-danger span3\" href=\"$baseurl/acc.php\">No</a>"; |
||
| 1207 | $alertContent .= "</div>"; |
||
| 1208 | |||
| 1258 | // Get the closing user's Email signature and append it to the Email. |
||
| 1259 | if (User::getCurrent()->getEmailSig() != "") { |
||
| 1260 | $emailsig = html_entity_decode(User::getCurrent()->getEmailSig(), ENT_QUOTES, "UTF-8"); |
||
| 1261 | mail($request->getEmail(), "RE: [ACC #{$request->getId()}] English Wikipedia Account Request", $_POST['msgbody'] . "\n\n" . $emailsig, $headers); |
||
| 1262 | } |
||
| 1263 | else { |
||
| 1264 | mail($request->getEmail(), "RE: [ACC #{$request->getId()}] English Wikipedia Account Request", $_POST['msgbody'], $headers); |
||
| 1265 | } |
||
| 1266 | |||
| 1267 | $request->setEmailSent(1); |
||
| 1279 | $crea = "Custom, Not Created"; |
||
| 1280 | } |
||
| 1281 | |||
| 1282 | Logger::closeRequest(gGetDb(), $request, $gem, $messageBody); |
||
| 1283 | |||
| 1284 | Notification::requestClosed($request, $crea); |
||
| 1285 | BootstrapSkin::displayAlertBox( |
||
| 1286 | "Request " . $request->getId() . " (" . htmlentities($request->getName(), ENT_COMPAT, 'UTF-8') . ") marked as 'Done'.", |
||
| 1287 | "alert-success"); |
||
| 1288 | } |
||
| 1289 | else if ($_POST['action'] == "mail") { |
||
| 1290 | // no action other than send mail! |
||
| 1291 | Logger::sentMail(gGetDb(), $request, $messageBody); |
||
| 1292 | Logger::unreserve(gGetDb(), $request); |
||
| 1293 | |||
| 1294 | Notification::sentMail($request); |
||
| 1302 | $deto = $availableRequestStates[$_POST['action']]['deferto']; |
||
| 1303 | $detolog = $availableRequestStates[$_POST['action']]['defertolog']; |
||
| 1304 | |||
| 1305 | Logger::sentMail(gGetDb(), $request, $messageBody); |
||
| 1306 | Logger::deferRequest(gGetDb(), $request, $detolog); |
||
| 1307 | |||
| 1308 | Notification::requestDeferredWithMail($request); |
||
| 1309 | BootstrapSkin::displayAlertBox("Request {$request->getId()} deferred to $deto, sending an email.", |
||
| 1310 | "alert-success"); |
||
| 1311 | } |
||
| 1312 | else { |
||
| 1313 | // hmm. not sure what happened. Log that we sent the mail anyway. |
||
| 1314 | Logger::sentMail(gGetDb(), $request, $messageBody); |
||
| 1315 | Logger::unreserve(gGetDb(), $request); |
||
| 1316 | |||
| 1317 | Notification::sentMail($request); |
||
| 1318 | BootstrapSkin::displayAlertBox("Sent mail to Request {$request->getId()}", |
||
| 1319 | "alert-success"); |
||
| 1320 | } |
||
| 1338 | // TODO: make this transactional |
||
| 1339 | $request->save(); |
||
| 1340 | |||
| 1341 | Logger::closeRequest(gGetDb(), $request, $gem, $messageBody); |
||
| 1342 | |||
| 1343 | if ($gem == '0') { |
||
| 1344 | $crea = "Dropped"; |
||
| 1348 | $crea = $template->getName(); |
||
| 1349 | } |
||
| 1350 | |||
| 1351 | Notification::requestClosed($request, $crea); |
||
| 1352 | BootstrapSkin::displayAlertBox("Request " . $request->getId() . " (" . htmlentities($request->getName(), ENT_COMPAT, 'UTF-8') . ") marked as 'Done'.", "alert-success"); |
||
| 1353 | |||
| 1354 | $towhom = $request->getEmail(); |
||
| 1355 | if ($gem != "0") { |
||
| 1494 | $oneweek = $date->format("Y-m-d H:i:s"); |
||
| 1495 | |||
| 1496 | if ($request->getStatus() == "Closed" && $logTime < $oneweek && !User::getCurrent($database)->isAdmin()) { |
||
| 1497 | throw new TransactionException("Only administrators and checkusers can reserve a request that has been closed for over a week.", "Error"); |
||
| 1498 | } |
||
| 1499 | |||
| 1500 | if ($request->getReserved() != 0 && $request->getReserved() != User::getCurrent($database)->getId()) { |
||
| 1501 | throw new TransactionException("Request is already reserved by {$request->getReservedObject()->getUsername()}.", "Error"); |
||
| 1502 | } |
||
| 1503 | |||
| 1504 | if ($request->getReserved() == 0) { |
||
| 1518 | if (!isset($_GET['confclosed'])) { |
||
| 1519 | if ($request->getStatus() == "Closed") { |
||
| 1520 | // FIXME: bootstrappify properly |
||
| 1521 | throw new TransactionException('This request is currently closed. Are you sure you wish to reserve it?<br /><ul><li><a href="' . $_SERVER["REQUEST_URI"] . '&confclosed=yes">Yes, reserve this closed request</a></li><li><a href="' . $baseurl . '/acc.php">No, return to main request interface</a></li></ul>', "Request closed", "alert-info"); |
||
| 1522 | } |
||
| 1523 | } |
||
| 1524 | |||
| 1538 | die(); |
||
| 1539 | } |
||
| 1540 | elseif ($action == "breakreserve") { |
||
| 1541 | global $smarty; |
||
| 1542 | |||
| 1543 | $database = gGetDb(); |
||
| 1544 | |||
| 1559 | $reservedUser = $request->getReservedObject(); |
||
| 1560 | |||
| 1561 | if ($reservedUser == false) { |
||
| 1562 | BootstrapSkin::displayAlertBox("Could not find user who reserved the request (!!).", "alert-error", "Error", true, false); |
||
| 1563 | BootstrapSkin::displayInternalFooter(); |
||
| 1564 | die(); |
||
| 1565 | } |
||
| 1581 | die(); |
||
| 1582 | } |
||
| 1583 | else { |
||
| 1584 | global $baseurl; |
||
| 1585 | $smarty->assign("reservedUser", $reservedUser); |
||
| 1586 | $smarty->assign("request", $request); |
||
| 1587 | |||
| 1611 | die(); |
||
| 1612 | } |
||
| 1613 | elseif ($action == "comment") { |
||
| 1614 | global $smarty; |
||
| 1615 | |||
| 1616 | $request = Request::getById($_GET['id'], gGetDb()); |
||
| 1617 | $smarty->assign("request", $request); |
||
| 1620 | die(); |
||
| 1621 | } |
||
| 1622 | elseif ($action == "comment-add") { |
||
| 1623 | global $baseurl, $smarty; |
||
| 1624 | |||
| 1625 | $request = Request::getById($_POST['id'], gGetDb()); |
||
| 1626 | if ($request == false) { |
||
| 1642 | } |
||
| 1643 | |||
| 1644 | //Look for and detect IPv4/IPv6 addresses in comment text, and warn the commenter. |
||
| 1645 | View Code Duplication | if ((preg_match('/\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/', $_POST['comment']) || preg_match('/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/', $_POST['comment'])) && $_POST['privpol-check-override'] != "override") { |
|
| 1646 | BootstrapSkin::displayAlertBox("IP address detected in comment text. Warning acknowledgement checkbox must be checked.", "alert-error", "Error", true, false); |
||
| 1647 | $smarty->assign("request", $request); |
||
| 1648 | $smarty->assign("comment", $_POST['comment']); |
||
| 1649 | $smarty->assign("actionLocation", "comment-add"); |
||
| 1670 | } |
||
| 1671 | |||
| 1672 | BootstrapSkin::displayAlertBox( |
||
| 1673 | "<a href='$baseurl/acc.php?action=zoom&id={$request->getId()}&hash=$urlhash'>Return to request #{$request->getId()}</a>", |
||
| 1674 | "alert-success", |
||
| 1675 | "Comment added Successfully!", |
||
| 1676 | true, false); |
||
| 1700 | } |
||
| 1701 | |||
| 1702 | //Look for and detect IPv4/IPv6 addresses in comment text, and warn the commenter. |
||
| 1703 | View Code Duplication | if ((preg_match('/\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/', $_POST['comment']) || preg_match('/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/', $_POST['comment'])) && $_POST['privpol-check-override'] != "override") { |
|
| 1704 | BootstrapSkin::displayAlertBox("IP address detected in comment text. Warning acknowledgement checkbox must be checked.", "alert-error", "Error", true, false); |
||
| 1705 | $smarty->assign("request", $request); |
||
| 1706 | $smarty->assign("comment", $_POST['comment']); |
||
| 1707 | $smarty->assign("actionLocation", "comment-quick"); |
||
| 1777 | } |
||
| 1778 | |||
| 1779 | // Unauthorized if user is not an admin or the user who made the comment being edited. |
||
| 1780 | if (!User::getCurrent()->isAdmin() && !User::getCurrent()->isCheckuser() && $comment->getUser() != User::getCurrent()->getId()) { |
||
| 1781 | BootstrapSkin::displayAccessDenied(); |
||
| 1782 | BootstrapSkin::displayInternalFooter(); |
||
| 1783 | die(); |
||
| 1813 | } |
||
| 1814 | } |
||
| 1815 | elseif ($action == "sendtouser") { |
||
| 1816 | global $baseurl; |
||
| 1817 | |||
| 1818 | $database = gGetDb(); |
||
| 1819 | |||
| 1830 | $curuser = User::getCurrent()->getUsername(); |
||
| 1831 | |||
| 1832 | if ($user == false) { |
||
| 1833 | BootstrapSkin::displayAlertBox("We couldn't find the user you wanted to send the reservation to. Please check that this user exists and is an active user on the tool.", "alert-error", "Could not find user", true, false); |
||
| 1834 | BootstrapSkin::displayInternalFooter(); |
||
| 1835 | die(); |
||
| 1836 | } |
||
| 1844 | throw new TransactionException("Error updating reserved status of request."); |
||
| 1845 | } |
||
| 1846 | |||
| 1847 | Logger::sendReservation($database, Request::getById($request, $database), $user); |
||
| 1848 | }); |
||
| 1849 | |||
| 1850 | Notification::requestReservationSent($request, $user); |
||
| 1877 | $emailTemplate->setDefaultAction($_POST['defaultaction']); |
||
| 1878 | $emailTemplate->setActive(isset($_POST['active'])); |
||
| 1879 | |||
| 1880 | // Check if the entered name already exists (since these names are going to be used as the labels for buttons on the zoom page). |
||
| 1881 | // getByName(...) returns false on no records found. |
||
| 1882 | if (EmailTemplate::getByName($_POST['name'], $database)) { |
||
| 1883 | throw new TransactionException("That Email template name is already being used. Please choose another."); |
||
| 1900 | $smarty->assign('createdid', $createdid); |
||
| 1901 | $smarty->assign('requeststates', $availableRequestStates); |
||
| 1902 | $smarty->assign('emailTemplate', new EmailTemplate()); |
||
| 1903 | $smarty->assign('emailmgmtpage', 'Create'); //Use a variable so we don't need two Smarty templates for creating and editing. |
||
| 1904 | $smarty->display("email-management/edit.tpl"); |
||
| 1905 | BootstrapSkin::displayInternalFooter(); |
||
| 1906 | die(); |
||
| 1935 | $emailTemplate->setPreloadOnly(isset($_POST['preloadonly'])); |
||
| 1936 | } |
||
| 1937 | |||
| 1938 | // Check if the entered name already exists (since these names are going to be used as the labels for buttons on the zoom page). |
||
| 1939 | $nameCheck = EmailTemplate::getByName($_POST['name'], gGetDb()); |
||
| 1940 | if ($nameCheck != false && $nameCheck->getId() != $_GET['edit']) { |
||
| 1941 | BootstrapSkin::displayAlertBox("That Email template name is already being used. Please choose another."); |
||
| 1964 | $smarty->assign('emailTemplate', $emailTemplate); |
||
| 1965 | $smarty->assign('createdid', $createdid); |
||
| 1966 | $smarty->assign('requeststates', $availableRequestStates); |
||
| 1967 | $smarty->assign('emailmgmtpage', 'Edit'); // Use a variable so we don't need two Smarty templates for creating and editing. |
||
| 1968 | $smarty->display("email-management/edit.tpl"); |
||
| 1969 | BootstrapSkin::displayInternalFooter(); |
||
| 1970 | die(); |
||
| 2044 |
Scrutinizer Auto-Fixer
Simon Walker
Steven Donovan
Andrew "FastLizard4" Adams
addshore
Loading history...
Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line.