1];
$config = array_merge($dconfig, $config);
$SUBDOMAIN = "master";
$TITLE = $title ?: "master";
$LINKS = [
["href" => "/manage/event.php", "text" => "Events"],
["href" => "/manage/users.php", "text" => "Users"],
["href" => "/manage/user-notes.php", "text" => "Notes"],
["href" => "/manage/github.php", "text" => "Github"],
];
$CSS = ["/styles/master.css"];
$SEARCH = [];
if (strstr($_SERVER["SCRIPT_FILENAME"], "users.php")) {
$SEARCH = ["method" => "get", "action" => "/manage/users.php", "placeholder" => "Search profiles", "name" => "search"];
$CSS[] = "/styles/user-autocomplete.css";
}
if (strstr($_SERVER["SCRIPT_FILENAME"], "event.php")) {
$SEARCH = ["method" => "get", "action" => "/manage/event.php", "placeholder" => "Search Events", "name" => "search"];
}
if (strstr($_SERVER["SCRIPT_FILENAME"], "user-notes.php")) {
$SEARCH = ["method" => "get", "action" => "/manage/user-notes.php", "placeholder" => "Search notes (keyword, ID or sect:)", "name" => "keyword"];
}
if (isset($_SESSION['credentials'])) {
array_unshift($LINKS, ["href" => "/manage/users.php?username=" . $_SESSION["credentials"][0], "text" => "My Profile"]);
$LINKS[] = ["href" => "/login.php?action=logout", "text" => "Logout"];
}
include __DIR__ . "/../shared/templates/header.inc";
if ($config["columns"] > 1) {
echo '';
} else {
echo '';
}
}
function foot($secondscreen = null) {
$SECONDSCREEN = $secondscreen;
$JS = [
"/js/master.js",
];
if (strstr($_SERVER["SCRIPT_FILENAME"], "users.php")) {
array_push(
$JS,
"//people.php.net/js/jquery.autocomplete.min.js",
"//people.php.net/js/userlisting.php",
"//people.php.net/js/search.js"
);
}
?>
$message
"; }
function warn($message) { echo format_warn($message); }
// -----------------------------------------------------------------------------------
function db_connect($dieonerror = TRUE)
{
if (!mysql_connect("localhost", "nobody", "")) {
if ($dieonerror) {
die(format_warn("Unable to connect to database!"));
}
return FALSE;
}
elseif (!mysql_select_db("phpmasterdb")) {
if ($dieonerror) {
die(format_warn("Unable to select database!"));
}
return FALSE;
}
return TRUE;
}
class Query {
private $query = '';
public function __construct($str = '', $params = []) {
$this->add($str, $params);
}
public function add($str, $params = []) {
if (substr_count($str, '?') !== count($params)) {
die("Incorrect number of parameters to query.");
}
$i = 0;
$this->query .= preg_replace_callback('/\?(int)?/', function($matches) use ($params, &$i) {
if (isset($matches[1]) && $matches[1] === 'int') {
return (int) $params[$i++];
} else {
return "'" . mysql_real_escape_string($params[$i++]) . "'";
}
}, $str);
}
public function addQuery(Query $q) {
$this->query .= $q->get();
}
public function get() {
return $this->query;
}
}
function db_query(Query $query)
{
$query = $query->get();
//var_dump($query);
$res = mysql_query($query);
if (!$res) {
$bt = debug_backtrace();
die(format_warn("Query failed: " . hsc(mysql_error()) . "\n" . hsc($query) . "
({$bt[0]['file']}:{$bt[0]['line']})"));
}
return $res;
}
function db_query_safe($query, array $params = [])
{
return db_query(new Query($query, $params));
}
function db_get_one($query)
{
$res = mysql_query($query);
if ($res && mysql_num_rows($res)) {
return mysql_result($res, 0);
}
return FALSE;
}
// -----------------------------------------------------------------------------------
function array_to_url($array,$overlay=[]) {
$params = [];
foreach($array as $k => $v) {
$params[$k] = rawurlencode($k) . "=" . rawurlencode($v);
}
foreach($overlay as $k => $v) {
if ($array[$k] == $v) {
$params["forward"] = $array["forward"] ? "forward=0" : "forward=1";
continue;
}
$params["forward"] = "forward=0";
$params[$k] = rawurlencode($k) . "=" . rawurlencode($v);
}
return implode("&", $params);
}
/**
* @param int $begin
* @param int $rows
* @param int $skip
* @param int $total
*/
function show_prev_next($begin, $rows, $skip, $total, $extra = [], $table = true)
{?>
0) {
printf("« Previous %d",
$_SERVER['PHP_SELF'],
array_to_url($extra, ["begin" => max(0,$begin-$skip)]),
min($skip,$begin));
}
?>
|
|
|
Next %d »",
$_SERVER['PHP_SELF'],
array_to_url($extra, ["begin" => $begin+$skip]),
min($skip,$total-($begin+$skip)));
}
?>
|
{$row['name']}";
}
}
function is_sqlite_type_available($avails, $check) {
// All possible sqlite types associated with our assigned bitwise values
$all = ['sqlite' => 1, 'sqlite3' => 2, 'pdo_sqlite' => 4, 'pdo_sqlite2' => 8];
if (!$avails || empty($all[$check])) {
return false;
}
$avail = (int) $all[$check];
$avails = (int) $avails;
if (($avails & $avail) === $avail) {
return true;
}
return false;
}
function verify_ssh_keys($string) {
return count(get_ssh_keys($string)) > 0;
}
function get_ssh_keys($string) {
$results = [];
if (preg_match_all('@(ssh-(?:rsa|dss) ([^\s]+) ([^\s]*))@', $string, $matches, PREG_SET_ORDER)) {
foreach ($matches as $match) {
$results[] = ['key' => $match[1],
'name' => $match[3]];
}
}
return $results;
}
// We use markdown for people profiles
include_once dirname(__FILE__) . '/../vendor/michelf/php-markdown-extra/markdown.php';
// -----------------------------------------------------------------------------------
//
function find_group_address_from_notes_for($id) {
$res = db_query_safe("SELECT note FROM users_note WHERE userid = ? LIMIT 1", [$id]);
$row = mysql_fetch_assoc($res);
$cc = "";
if (preg_match("/\[group: (\w+)\]/", $row["note"], $matches)) {
switch($matches[1]) {
case "php":
$cc = "internals@lists.php.net";
break;
case "pear":
$cc = "pear-group@lists.php.net";
break;
case "pecl":
$cc = "pecl-dev@lists.php.net";
break;
case "doc":
$cc = "phpdoc@lists.php.net";
break;
}
}
return $cc;
}
define("MT_USER_APPROVE_MAIL", "group@php.net");
define("MT_USER_REMOVE_MAIL", "group@php.net");
function user_approve($id) {
$res = db_query_safe("UPDATE users SET cvsaccess=1, enable=1 WHERE userid=?", [$id]);
if ($res && mysql_affected_rows()) {
$cc = find_group_address_from_notes_for($id);
$mailtext = $cc ? $cc : EMAIL_DEFAULT_CC;
$userinfo = fetch_user($id);
$message = mt_approve_user($userinfo, $mailtext);
/* Notify the user */
mail($userinfo["email"], "VCS Account Request: $userinfo[username]", $message, "From: PHP Group ", "-fnoreply@php.net");
/* Notify the public records */
$to = MT_USER_APPROVE_MAIL . ($cc ? ",$cc" : "");
$subject = "Re: VCS Account Request: $userinfo[username]";
$message = "VCS Account Approved: $userinfo[username] approved by {$_SESSION["username"]} \o/";
$headers = "From: PHP Group \nIn-Reply-To: ";
mail($to, $subject, $message, $headers, "-fnoreply@php.net");
warn("record $id ($userinfo[username]) approved");
return true;
}
else {
warn("wasn't able to grant access to id $id.");
return false;
}
}
function user_remove($id) {
$userinfo = fetch_user($id);
$res = db_query_safe("DELETE FROM users WHERE userid=?", [$id]);
if ($res && mysql_affected_rows()) {
$cc = find_group_address_from_notes_for($id);
$message = $userinfo['cvsaccess'] ? mt_remove_user($userinfo) : mt_deny_user($userinfo);
/* Notify the user */
mail($userinfo['email'],"VCS Account Request: $userinfo[username]",$message,"From: PHP Group ", "-fnoreply@php.net");
$to = MT_USER_REMOVE_MAIL . ($cc ? ",$cc" : "");
$subject = "Re: VCS Account Request: $userinfo[username]";
$message = $userinfo['cvsaccess']
? "VCS Account Deleted: $userinfo[username] deleted by {$_SESSION["username"]} /o\\"
: "VCS Account Rejected: $userinfo[username] rejected by {$_SESSION["username"]} /o\\";
/* Notify public records */
mail($to, $subject, $message,"From: PHP Group \nIn-Reply-To: ", "-fnoreply@php.net");
db_query_safe("DELETE FROM users_note WHERE userid=?", [$id]);
db_query_safe("DELETE FROM users_profile WHERE userid=?", [$id]);
warn("record $id ($userinfo[username]) removed");
return true;
}
else {
warn("wasn't able to delete id $id.");
return false;
}
}
function is_admin($user) {
$admins = [
"jimw",
"rasmus",
"andrei",
"zeev",
"andi",
"sas",
"thies",
"rubys",
"ssb",
"wez",
"shane",
"sterling",
"goba",
"imajes",
"jon",
"alan_k",
"stas",
"iliaa",
"jmcastagnetto",
"mj",
"gwynne",
"lsmith",
"dsp",
"philip",
"davidc",
"helly",
"derick",
"bjori",
"pajoye",
"danbrown",
"felipe",
"johannes",
"tyrael",
"salathe",
"cmb",
"kalle",
"krakjoe",
"nikic"
];
return in_array($user, $admins);
}
function is_mirror_site_admin($user) {
$admins = [
"jimw",
"rasmus",
"andrei",
"zeev",
"andi",
"sas",
"thies",
"rubys",
"ssb",
"imajes",
"goba",
"derick",
"cortesi",
"wez",
"bjori",
"philip",
"danbrown",
"tyrael",
"dm",
"kalle",
"googleguy",
"nikic"
];
return in_array($user, $admins);
}
# returns false if $user is not allowed to modify $userid
function can_modify($user,$userid) {
if (is_admin($user)) return true;
$query = "SELECT userid FROM users WHERE userid = ? AND (email = ? OR username = ?)";
$res = db_query_safe($query, [$userid, $user, $user]);
return $res ? mysql_num_rows($res) : false;
}
function fetch_user($user) {
if ((int)$user) {
$res = db_query_safe(
"SELECT * FROM users LEFT JOIN users_note USING (userid) WHERE users.userid = ?",
[$user]);
} else {
$res = db_query_safe(
"SELECT * FROM users LEFT JOIN users_note USING (userid) WHERE username = ? OR email = ?",
[$user, $user]);
}
return mysql_fetch_array($res);
}
function invalid_input($in) {
if (!empty($in['email']) && strlen($in['email']) && !is_emailable_address($in['email'])) {
return "'". hsc($in['email']) ."' does not look like a valid email address";
}
if (!empty($in['username']) && !preg_match("/^[-\w]+\$/",$in['username'])) {
return "'". hsc($in['username']) ."' is not a valid username";
}
if (!empty($in['rawpasswd']) && $in['rawpasswd'] != $in['rawpasswd2']) {
return "the passwords you specified did not match!";
}
if (!empty($in['sshkey']) && !verify_ssh_keys($in['sshkey'])) {
return "the ssh key doesn't seem to have the necessary format";
}
return false;
}
function validateAction($k) {
switch($k) {
case "approve":
case "remove":
return $k;
default:
warn("that action ('" . hsc($k) . "') is not understood.");
}
return false;
}
function fetch_event($id) {
$res = db_query_safe("SELECT * FROM phpcal WHERE id = ?", [$id]);
return mysql_fetch_array($res,MYSQL_ASSOC);
}
function display_options($options,$current) {
foreach ($options as $k => $v) {
echo '\n";
}
}