Menu
▾
▴
[mxbb-commits] mx_gallery2/includes gallery_constants.php, 1.4, 1.5 gallery_functions.php, 1.3, 1.4
|
From: Jon O. <jon...@us...> - 2006-06-17 20:47:21
|
Update of /cvsroot/mxbb/mx_gallery2/includes In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv5129/modules/mx_gallery2/includes Modified Files: gallery_constants.php gallery_functions.php Log Message: security Index: gallery_constants.php =================================================================== RCS file: /cvsroot/mxbb/mx_gallery2/includes/gallery_constants.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** gallery_constants.php 5 Apr 2006 22:34:09 -0000 1.4 --- gallery_constants.php 17 Jun 2006 20:47:18 -0000 1.5 *************** *** 8,12 **** * */ ! // ---------------------------------------------------------------------START // This file defines specific constants for the module --- 8,17 ---- * */ ! ! if( !defined('IN_PORTAL') || !is_object($mx_block)) ! { ! die("Hacking attempt"); ! } ! // ---------------------------------------------------------------------START // This file defines specific constants for the module *************** *** 28,32 **** // ------------------------------------------------------------------------- $mx_user->extend(MX_LANG_MAIN, MX_IMAGES_NONE); ! $mx_page->add_copyright( 'mxBB Gallery2 Module' ); } --- 33,37 ---- // ------------------------------------------------------------------------- $mx_user->extend(MX_LANG_MAIN, MX_IMAGES_NONE); ! $mx_page->add_copyright( 'mxBB Gallery2 Module' ); } Index: gallery_functions.php =================================================================== RCS file: /cvsroot/mxbb/mx_gallery2/includes/gallery_functions.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** gallery_functions.php 5 Apr 2006 22:34:09 -0000 1.3 --- gallery_functions.php 17 Jun 2006 20:47:18 -0000 1.4 *************** *** 9,12 **** --- 9,17 ---- */ + if( !defined('IN_PORTAL') || !is_object($mx_block)) + { + die("Hacking attempt"); + } + // // Gallery Embed Doc *************** *** 57,61 **** // if you don't want to use $g2data['headHtml'] directly, you can get the css, // javascript and page title separately by calling... ! if (isset($g2moddata['headHtml'])) { list($title, $css, $javascript) = GalleryEmbed::parseHead($g2moddata['headHtml']); --- 62,66 ---- // if you don't want to use $g2data['headHtml'] directly, you can get the css, // javascript and page title separately by calling... ! if (isset($g2moddata['headHtml'])) { list($title, $css, $javascript) = GalleryEmbed::parseHead($g2moddata['headHtml']); *************** *** 113,120 **** users directly. ! If the emApp supports user groups then add hooks to keep groups in sync. Synchronizing groups is optional, even if the emApp supports groups. The process is the same as above, using GalleryEmbed::createGroup, ::updateGroup, ::deleteGroup(), ::addUserToGroup() and ! ::removeUserFromGroup(). Note that G2 does not support nested groups.. if the emApp does then the hooks will have to expand the groups into the list of users and update the G2 groups accordingly. --- 118,125 ---- users directly. ! If the emApp supports user groups then add hooks to keep groups in sync. Synchronizing groups is optional, even if the emApp supports groups. The process is the same as above, using GalleryEmbed::createGroup, ::updateGroup, ::deleteGroup(), ::addUserToGroup() and ! ::removeUserFromGroup(). Note that G2 does not support nested groups.. if the emApp does then the hooks will have to expand the groups into the list of users and update the G2 groups accordingly. *************** *** 140,181 **** var $user_map_data = array(); // current user map data var $user_gallery_user_data = array(); // duplicate gallery user data ! /*********************************************************/ /* Init Gallery Embed Class */ /*********************************************************/ ! function init() { global $db, $gallery, $embedPath, $embedUri, $relativeG2Path, $loginRedirect, $fullInit, $map_debug; ! // // only init once // ! if ($this->isInitiated) { $map_debug .= "<br>GalleryEmbed is inititated - resting"; return true; } ! $map_debug .= "<br>Inititating GalleryEmbed - ..."; $ret = GalleryEmbed :: init(array ( 'embedPath' => $embedPath, ! 'embedUri' => $embedUri, 'relativeG2Path' => $relativeG2Path, 'loginRedirect' => $loginRedirect, ! 'activeUserId' => '', 'fullInit' => $fullInit)); ! $gallery->guaranteeTimeLimit(300); ! ! if (!$ret->isSuccess()) { $map_debug .= '<br>G2 did not return a success status upon an init request. Here is the error message from G2: <br /> [#(1)]'.$ret->getAsHtml(); return false; } ! $this->isInitiated = true; return true; } ! // // Syncronize GD and phpBB Users --- 145,186 ---- var $user_map_data = array(); // current user map data var $user_gallery_user_data = array(); // duplicate gallery user data ! /*********************************************************/ /* Init Gallery Embed Class */ /*********************************************************/ ! function init() { global $db, $gallery, $embedPath, $embedUri, $relativeG2Path, $loginRedirect, $fullInit, $map_debug; ! // // only init once // ! if ($this->isInitiated) { $map_debug .= "<br>GalleryEmbed is inititated - resting"; return true; } ! $map_debug .= "<br>Inititating GalleryEmbed - ..."; $ret = GalleryEmbed :: init(array ( 'embedPath' => $embedPath, ! 'embedUri' => $embedUri, 'relativeG2Path' => $relativeG2Path, 'loginRedirect' => $loginRedirect, ! 'activeUserId' => '', 'fullInit' => $fullInit)); ! $gallery->guaranteeTimeLimit(300); ! ! if (!$ret->isSuccess()) { $map_debug .= '<br>G2 did not return a success status upon an init request. Here is the error message from G2: <br /> [#(1)]'.$ret->getAsHtml(); return false; } ! $this->isInitiated = true; return true; } ! // // Syncronize GD and phpBB Users *************** *** 194,236 **** * @return bool true or false */ ! function _g2addexternalMapEntry($externalId, $entityId, $entityType ) { ! global $db, $failures, $fullpath, $map_debug; ! $is_ok = true; ! if (is_int($entityType)) { $entityType = $entityType == MAP_MXBB_USER ? 'GalleryUser' : 'GalleryGroup'; } ! require_once ($fullpath."/".'modules/core/classes/ExternalIdMap.class'); ! $ret = ExternalIdMap :: addMapEntry(array ('externalId' => $externalId, 'entityType' => $entityType, 'entityId' => $entityId)); ! ! if ($ret->isError()) { $failures[] = $externalId; $is_ok = false; } ! $map_debug .= $is_ok ? '<br>externalMapEntry inserted successfully' : '<br>ERROR: externalMapEntry not inserted'; return $is_ok; } ! ! function _g2updateexternalMapEntry($externalId, $entityId, $entityType) { ! global $db, $failures, $fullpath, $map_debug; ! $is_ok = true; ! if (is_int($entityType)) { $entityType = $entityType == MAP_MXBB_USER ? 'GalleryUser' : 'GalleryGroup'; } ! require_once ($fullpath."/".'modules/core/classes/ExternalIdMap.class'); $ret = ExternalIdMap :: removeMapEntry(array ('externalId' => $externalId)); ! if ($ret->isError()) { $map_debug .= 'WARNING: mapping does not exist'; --- 199,241 ---- * @return bool true or false */ ! function _g2addexternalMapEntry($externalId, $entityId, $entityType ) { ! global $db, $failures, $fullpath, $map_debug; ! $is_ok = true; ! if (is_int($entityType)) { $entityType = $entityType == MAP_MXBB_USER ? 'GalleryUser' : 'GalleryGroup'; } ! require_once ($fullpath."/".'modules/core/classes/ExternalIdMap.class'); ! $ret = ExternalIdMap :: addMapEntry(array ('externalId' => $externalId, 'entityType' => $entityType, 'entityId' => $entityId)); ! ! if ($ret->isError()) { $failures[] = $externalId; $is_ok = false; } ! $map_debug .= $is_ok ? '<br>externalMapEntry inserted successfully' : '<br>ERROR: externalMapEntry not inserted'; return $is_ok; } ! ! function _g2updateexternalMapEntry($externalId, $entityId, $entityType) { ! global $db, $failures, $fullpath, $map_debug; ! $is_ok = true; ! if (is_int($entityType)) { $entityType = $entityType == MAP_MXBB_USER ? 'GalleryUser' : 'GalleryGroup'; } ! require_once ($fullpath."/".'modules/core/classes/ExternalIdMap.class'); $ret = ExternalIdMap :: removeMapEntry(array ('externalId' => $externalId)); ! if ($ret->isError()) { $map_debug .= 'WARNING: mapping does not exist'; *************** *** 240,254 **** $ret = ExternalIdMap :: addMapEntry(array ('externalId' => $externalId, 'entityType' => $entityType, 'entityId' => $entityId)); ! ! if ($ret->isError()) { $failures[] = $externalId; $is_ok = false; } ! $map_debug .= $is_ok ? '<br>externalMapEntry updated successfully' : '<br>ERROR: externalMapEntry not updated'; return $is_ok; ! } ! // // Do a standard phpbb db query, to find out if gallery is syncronized with current user --- 245,259 ---- $ret = ExternalIdMap :: addMapEntry(array ('externalId' => $externalId, 'entityType' => $entityType, 'entityId' => $entityId)); ! ! if ($ret->isError()) { $failures[] = $externalId; $is_ok = false; } ! $map_debug .= $is_ok ? '<br>externalMapEntry updated successfully' : '<br>ERROR: externalMapEntry not updated'; return $is_ok; ! } ! // // Do a standard phpbb db query, to find out if gallery is syncronized with current user *************** *** 256,261 **** function _is_mapped() { ! global $db, $userdata, $map_debug; ! // // Try to reuse old check result --- 261,266 ---- function _is_mapped() { ! global $db, $userdata, $map_debug; ! // // Try to reuse old check result *************** *** 269,275 **** return $is_mapped; } ! ! $map_debug .= '<br>Qeury to see if user is mapped'; ! // // Validate if the mxBB is already mapped in Gallery2 --- 274,280 ---- return $is_mapped; } ! ! $map_debug .= '<br>Qeury to see if user is mapped'; ! // // Validate if the mxBB is already mapped in Gallery2 *************** *** 277,302 **** $sql = "SELECT * FROM " . GALLERY_USER_MAP_TABLE . " map, ! " . GALLERY_USER_TABLE . " gus WHERE map.g_externalId = '" . $userdata['user_id'] . "' AND map.g_entityId = gus.g_id"; ! if ( !$result = $db->sql_query( $sql ) ) { mx_message_die( GENERAL_ERROR, "Could not query Gallery count", "", __LINE__, __FILE__, $sql ); ! } ! if( $total_maps = $db->sql_numrows($result) ) { $this->user_map_data = $db->sql_fetchrow($result); ! } ! $is_mapped = $total_maps > 0; ! $userdata[$userdata_key] = $is_mapped; $map_debug .= '<br>is_mapped: ' . intval($is_mapped); ! return $is_mapped; } ! // // Find already registered gallery users, also registered by phpbb, and not mapped --- 282,307 ---- $sql = "SELECT * FROM " . GALLERY_USER_MAP_TABLE . " map, ! " . GALLERY_USER_TABLE . " gus WHERE map.g_externalId = '" . $userdata['user_id'] . "' AND map.g_entityId = gus.g_id"; ! if ( !$result = $db->sql_query( $sql ) ) { mx_message_die( GENERAL_ERROR, "Could not query Gallery count", "", __LINE__, __FILE__, $sql ); ! } ! if( $total_maps = $db->sql_numrows($result) ) { $this->user_map_data = $db->sql_fetchrow($result); ! } ! $is_mapped = $total_maps > 0; ! $userdata[$userdata_key] = $is_mapped; $map_debug .= '<br>is_mapped: ' . intval($is_mapped); ! return $is_mapped; } ! // // Find already registered gallery users, also registered by phpbb, and not mapped *************** *** 308,313 **** global $db, $userdata, $map_debug; ! $map_debug .= '<br>Qeury to see if user is already a gallery user'; ! // // Validate if the mxBB is already mapped in Gallery2 --- 313,318 ---- global $db, $userdata, $map_debug; ! $map_debug .= '<br>Qeury to see if user is already a gallery user'; ! // // Validate if the mxBB is already mapped in Gallery2 *************** *** 318,339 **** WHERE gus.g_userName = '" . $userdata['username'] . "' OR gus.g_email = '" . $userdata['user_email'] . "'"; ! if ( !$result = $db->sql_query( $sql ) ) { mx_message_die( GENERAL_ERROR, "Could not query Gallery count", "", __LINE__, __FILE__, $sql ); ! } ! if( $total_gallery_users = $db->sql_numrows($result) ) { $this->user_gallery_user_data = $db->sql_fetchrow($result); ! } ! $is_gallery_user = $total_gallery_users > 0; ! $map_debug .= '<br>is_gallery_user: ' . intval($is_gallery_user); ! ! return $is_gallery_user; } ! // // Public class method --- 323,344 ---- WHERE gus.g_userName = '" . $userdata['username'] . "' OR gus.g_email = '" . $userdata['user_email'] . "'"; ! if ( !$result = $db->sql_query( $sql ) ) { mx_message_die( GENERAL_ERROR, "Could not query Gallery count", "", __LINE__, __FILE__, $sql ); ! } ! if( $total_gallery_users = $db->sql_numrows($result) ) { $this->user_gallery_user_data = $db->sql_fetchrow($result); ! } ! $is_gallery_user = $total_gallery_users > 0; ! $map_debug .= '<br>is_gallery_user: ' . intval($is_gallery_user); ! ! return $is_gallery_user; } ! // // Public class method *************** *** 343,349 **** { global $userdata, $map_debug; ! $map_ok = true; ! if ( $userdata['user_id'] != ANONYMOUS ) { --- 348,354 ---- { global $userdata, $map_debug; ! $map_ok = true; ! if ( $userdata['user_id'] != ANONYMOUS ) { *************** *** 354,373 **** $args['fullname'] = $userdata['username']; $args['username'] = $userdata['username']; ! $args['hashedpassword'] = $userdata['user_password']; $args['hashmethod'] = 'md5'; $args['email'] = $userdata['user_email']; $args['creationtimestamp'] = $userdata['user_regdate']; ! ! if( !$this->_is_mapped() ) { $map_debug .= '<br>Not mapped - do mapping'; ! // // only init once // ! if (!$this->init()) { return false; ! } // --- 359,378 ---- $args['fullname'] = $userdata['username']; $args['username'] = $userdata['username']; ! $args['hashedpassword'] = $userdata['user_password']; $args['hashmethod'] = 'md5'; $args['email'] = $userdata['user_email']; $args['creationtimestamp'] = $userdata['user_regdate']; ! ! if( !$this->_is_mapped() ) { $map_debug .= '<br>Not mapped - do mapping'; ! // // only init once // ! if (!$this->init()) { return false; ! } // *************** *** 375,379 **** // For exdample the mxBB admin may have configured the Gallery admin account WITH THE SAME EMAIL // ! if ($this->_is_gallery_user()) { // --- 380,384 ---- // For exdample the mxBB admin may have configured the Gallery admin account WITH THE SAME EMAIL // ! if ($this->_is_gallery_user()) { // *************** *** 383,412 **** // $is_ok = true; ! // // Map mxBB user to existing Gallery user // ! if ( !$this->_g2addexternalMapEntry($user_id, $this->user_gallery_user_data['g_id'], MAP_MXBB_USER) ) { $map_debug .= '<br>Gallery user exists - do mapping to this user...'; $failures[] = $user_id; $is_ok = false; ! } ! $map_debug .= $is_ok ? '<br>mapping ok' : '<br>ERROR: mapping failed'; ! // // Nothing else to do ;) // return $is_ok; ! } ! // // we create the user ! // $ret = GalleryEmbed :: createUser($user_id, $args); $map_debug .= '<br>Creating user...'; ! ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not create user'; --- 388,417 ---- // $is_ok = true; ! // // Map mxBB user to existing Gallery user // ! if ( !$this->_g2addexternalMapEntry($user_id, $this->user_gallery_user_data['g_id'], MAP_MXBB_USER) ) { $map_debug .= '<br>Gallery user exists - do mapping to this user...'; $failures[] = $user_id; $is_ok = false; ! } ! $map_debug .= $is_ok ? '<br>mapping ok' : '<br>ERROR: mapping failed'; ! // // Nothing else to do ;) // return $is_ok; ! } ! // // we create the user ! // $ret = GalleryEmbed :: createUser($user_id, $args); $map_debug .= '<br>Creating user...'; ! ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not create user'; *************** *** 414,455 **** $map_ok = false; } ! // // Add a mxBB user group (if not exists) // list ($ret, $group) = GalleryCoreApi::loadEntityByExternalId(MAP_USERGROUP_ID, 'GalleryGroup'); ! if ($ret->isError()) { $map_debug .= '<br>Adding mxBB user group...'; ! // // If group doesn't exists - ADD // $ret = GalleryEmbed :: createGroup(MAP_USERGROUP_ID, 'mxBB Users'); ! ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not create mxBB user group'; $failures[] = $user_id; $map_ok = false; ! } } ! $ret = GalleryEmbed :: addUserToGroup($user_id, MAP_USERGROUP_ID); $map_debug .= '<br>Adding user to mxBB user group...'; ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not add user to mxBB user group'; $failures[] = $user_id; $map_ok = false; ! } ! // // Add admin to admin group ! // if ($userdata['user_level'] == ADMIN) { $map_debug .= '<br>User is admin - to additional settings'; ! // // Map the ExternalmapId for admins to the gallery admingroup --- 419,460 ---- $map_ok = false; } ! // // Add a mxBB user group (if not exists) // list ($ret, $group) = GalleryCoreApi::loadEntityByExternalId(MAP_USERGROUP_ID, 'GalleryGroup'); ! if ($ret->isError()) { $map_debug .= '<br>Adding mxBB user group...'; ! // // If group doesn't exists - ADD // $ret = GalleryEmbed :: createGroup(MAP_USERGROUP_ID, 'mxBB Users'); ! ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not create mxBB user group'; $failures[] = $user_id; $map_ok = false; ! } } ! $ret = GalleryEmbed :: addUserToGroup($user_id, MAP_USERGROUP_ID); $map_debug .= '<br>Adding user to mxBB user group...'; ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not add user to mxBB user group'; $failures[] = $user_id; $map_ok = false; ! } ! // // Add admin to admin group ! // if ($userdata['user_level'] == ADMIN) { $map_debug .= '<br>User is admin - to additional settings'; ! // // Map the ExternalmapId for admins to the gallery admingroup *************** *** 457,461 **** // list ($ret, $adminGroupId) = GalleryCoreApi::getPluginParameter('module', 'core', 'id.adminGroup'); ! if ($ret->isError()) { $map_debug .= '<br>ERROR: Unable to fetch the admin group. Here is the error message from G2: <br />'.$ret->getAsHtml(); --- 462,466 ---- // list ($ret, $adminGroupId) = GalleryCoreApi::getPluginParameter('module', 'core', 'id.adminGroup'); ! if ($ret->isError()) { $map_debug .= '<br>ERROR: Unable to fetch the admin group. Here is the error message from G2: <br />'.$ret->getAsHtml(); *************** *** 463,489 **** return false; } ! // // Is there a mapping to the gallery admin group? // list ($ret, $GroupId) = GalleryCoreApi::loadEntityByExternalId(MAP_ADMINGROUP_ID, 'GalleryGroup'); ! if ($ret->isError() || $adminGroupId != $GroupId) { $map_debug .= '<br>Map to the Gallery admin group...'; ! // // If not, do it // ! if ( !$this->_g2updateexternalMapEntry(MAP_ADMINGROUP_ID, $adminGroupId, MAP_MXBB_GROUP) ) { $map_debug .= 'ERROR: Could not create group mapping to gallery admin group'; $failures[] = $user_id; $map_ok = false; ! } } ! $ret = GalleryEmbed :: addUserToGroup($user_id, MAP_ADMINGROUP_ID); $map_debug .= '<br>Adding user to mxBB admin group...'; ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not add user to mxBB admin group'; --- 468,494 ---- return false; } ! // // Is there a mapping to the gallery admin group? // list ($ret, $GroupId) = GalleryCoreApi::loadEntityByExternalId(MAP_ADMINGROUP_ID, 'GalleryGroup'); ! if ($ret->isError() || $adminGroupId != $GroupId) { $map_debug .= '<br>Map to the Gallery admin group...'; ! // // If not, do it // ! if ( !$this->_g2updateexternalMapEntry(MAP_ADMINGROUP_ID, $adminGroupId, MAP_MXBB_GROUP) ) { $map_debug .= 'ERROR: Could not create group mapping to gallery admin group'; $failures[] = $user_id; $map_ok = false; ! } } ! $ret = GalleryEmbed :: addUserToGroup($user_id, MAP_ADMINGROUP_ID); $map_debug .= '<br>Adding user to mxBB admin group...'; ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not add user to mxBB admin group'; *************** *** 492,496 **** } } ! $map_debug .= $map_ok ? '<br>User added/mapped successfully' : '<br>ERROR: user not added/mapped'; } --- 497,501 ---- } } ! $map_debug .= $map_ok ? '<br>User added/mapped successfully' : '<br>ERROR: user not added/mapped'; } *************** *** 503,507 **** { $map_debug .= '<br>Already mapped but userdata is changed - update mapping'; ! // // only init once --- 508,512 ---- { $map_debug .= '<br>Already mapped but userdata is changed - update mapping'; ! // // only init once *************** *** 510,514 **** return false; } ! // // if the map exists, just update the user data --- 515,519 ---- return false; } ! // // if the map exists, just update the user data *************** *** 516,521 **** $ret = GalleryEmbed :: updateUser($user_id, $args); $map_debug .= '<br>Updating user...'; ! ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not update user<br>'; --- 521,526 ---- $ret = GalleryEmbed :: updateUser($user_id, $args); $map_debug .= '<br>Updating user...'; ! ! if ( !$ret->isSuccess() ) { $map_debug .= 'ERROR: Could not update user<br>'; *************** *** 523,538 **** $map_ok = false; } ! ! $map_debug .= $map_ok ? '<br>user updated successfully' : '<br>ERROR: user not updated'; } } ! else { ! $map_debug .= '<br>Guest user - no mapping needed'; } return $map_ok; } ! /* // --- 528,543 ---- $map_ok = false; } ! ! $map_debug .= $map_ok ? '<br>user updated successfully' : '<br>ERROR: user not updated'; } } ! else { ! $map_debug .= '<br>Guest user - no mapping needed'; } return $map_ok; } ! /* // |
