Navigation

← Previous Changeset
Next Changeset →

Changeset 1350

Timestamp:

02/28/07 13:22:14 (2 years ago)

Author:

jm3

Message:

authentication and validation plus preliminary R/W XML api for AIM bot!

Files:

feedmelinks/.htaccess-global (modified) (1 diff)
feedmelinks/FAQ/index.php (modified) (2 diffs)
feedmelinks/_config/groups (added)
feedmelinks/_config/nouns (added)
feedmelinks/account.php (modified) (6 diffs)
feedmelinks/aim (added)
feedmelinks/aim/help.php (added)
feedmelinks/api/add.php (added)
feedmelinks/api/restricted (added)
feedmelinks/api/restricted/secure-call.php (added)
feedmelinks/blacklist (added)
feedmelinks/blacklist/index.php (added)
feedmelinks/modules/header.inc.php (modified) (1 diff)
feedmelinks/modules/menu.inc.php (modified) (2 diffs)
feedmelinks/modules/utils.inc.php (modified) (10 diffs)
feedmelinks/script/form-validation.js (added)
feedmelinks/script/funcs.js (modified) (2 diffs)
feedmelinks/set-up (added)
feedmelinks/set-up/IM.php (added)
feedmelinks/testing/generate-secret-code.php (added)
feedmelinks/testing/setFieldForUser.php (added)
feedmelinks/testing/validate_users_im_name.php (added)
feedmelinks/validate/IM.php (moved) (moved from feedmelinks/validate/im.php) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

feedmelinks/.htaccess-global

r1302	r1350
51	51	RewriteRule ^xml/set/comment /api/comment
52	52	RewriteRule ^xml/peeps$ /peeps-as-xml [L]
	53	RewriteRule ^api/backroom/(.*)$ /api/backroom/secure-call.php?call=$1 [L]
53	54
54	55	# JSON API

feedmelinks/FAQ/index.php

r1326	r1350
391	391	# <b>authenticate using <a href="http://httpd.apache.org/docs/1.3/howto/auth.html#basic">HTTP-Basic authentication</a></b>:<br />
392	392	<span class="subtle">http://feedmelinks.com</span>/xml/authenticate<br />
	393	(pass <code>user</code> and <code>password</code>)
393	394	<br />
394	395
…	…
471	472	We have people linking from France, Italy, Canada, Japan, China, Finland, etc.
472	473	<p/>
473		~~View our <a href="/testing/unicode-support">Unicode examples page</a>~~
474	474
475	475	</div> <a href="#top">back to top</a>

feedmelinks/account.php

r1349	r1350
142	142	?>
143	143
144		<script type="text/javascript">
145		<!--
146
147		function check_email( f ) {
148		var e = f.email.value;
149		var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
150		if( e == '' ) {
151		alert( "Please enter your email address." );
152		return false;
153		} else if( ! filter.test( e )) {
154		alert( "Please double-check your email address." );
155		return false;
156		} else {
157		return true;
158		}
159		}
160
161		function check_im( f ) {
162		var e = f.im.value;
163		var filter = /^[a-zA-Z0-9_\.\-\@]+$/;
164		if( e == '' ) {
165		alert( "Please enter your AIM name." );
166		return false;
167		} else if( ! filter.test( e )) {
168		alert( "Please double-check that your AIM name is correct." );
169		return false;
170		} else {
171		return true;
172		}
173		}
174
175		function check_passwords( f ) {
176		var p1 = f.password1.value;
177		var p2 = f.password2.value;
178
179		if( p1 == '' && p2 == '' ) {
180		alert( "Please enter a new password." );
181		return false;
182		} else if( p1 == '' ) {
183		alert( "Please confirm your new password by entering it in both fields." );
184		return false;
185		} else if( p2 == '' ) {
186		alert( "Please confirm your new password by entering it in both fields." );
187		return false;
188		} else if( p1 != p2 ) {
189		alert( "Please make sure your password is typed correctly in both fields." );
190		return false;
191		} else {
192		return true;
193		}
194		}
195
196		// -->
197		</script>
	144	<script type="text/javascript" src="/script/form-validation.js"></script>
198	145
199	146	<div id="accountBox" style="width: 48em;">
200		<h1>MY PROFILE:</h1>
	147	<h1>MY PROFILE: (<a href="/u/<?= $u ?>">VIEW MY PUBLIC PROFILE</a>)</h1>
201	148	<div class="r0" style="width: 47em; height: 49em; margin-left: auto; margin-right: auto;">
202	149
…	…
206	153
207	154	<form method="post" action="/account" name="profile_email_form"
208		onSubmit="return check_email(~~document.forms.profile_email_form~~);">
	155	onSubmit="return check_email(this);">
209	156	<input type="hidden" name="op" value="update-email" />
210	157	<tr>
…	…
232	179
233	180	<form method="post" action="/account" name="profile_im_form"
234		onSubmit="return check_im(~~document.forms.profile_im_form~~);">
	181	onSubmit="return check_im(this);">
235	182	<input type="hidden" name="op" value="update-im" />
236	183	<tr>
…	…
240	187	<td>
241	188	<big><big><?= get_IM_address_for_user( $u ) ?></big></big>
242		<span class="subtle"><?= IM_address_is_validated( $u ) ? "" : "(~~not validated~~)" ?></span>
	189	<span class="subtle"><?= IM_address_is_validated( $u ) ? "" : "(<a href='javascript:openValidate();'>not validated</a>)" ?></span>
243	190	</td>
244	191	</tr>
…	…
260	207
261	208	<form method="post" action="/account" name="profile_password_form"
262		onSubmit="return check_passwords(~~document.forms.profile_password_form~~);">
	209	onSubmit="return check_passwords(this);">
263	210	<input type="hidden" name="op" value="update-password" />
264	211	<tr>
…	…
297	244	</td>
298	245	<td>
299		<img src="/<?= get_thumbnail_image( $u ) ?>" style="padding: 5px;" />
	246	<?php if( get_thumbnail_image( $u )) { ?>
	247	<img src="<?= get_thumbnail_image( $u ) ?>" style="padding: 5px;" />
	248	<?php } ?>
300	249	</td>
301	250

feedmelinks/modules/header.inc.php

r1342	r1350
54	54	echo "</head>\n";
55	55	if( ! $noBody )
56		echo "<body>";
	56	echo "<body " . ($onLoad ? "onLoad='$onLoad'" : "") . ">";
57	57	?>
58	58

feedmelinks/modules/menu.inc.php

r1348	r1350
10	10	<% if( $u ) { %>
11	11	You are logged in as:<a class="tn" href="/"><%= $u %></a>
12		~~<% } %>~~
13	12	<a class="tn" href="/index">My Links</a>
14	13	<a class="tn" href="/u/<%= $u %>/tags">My Tags</a>
15	14	<a class="tn" href="/peeps">My Peeps</a>
16	15	<a class="tn" href="/account">My Profile</a>
	16	<% } else { %>
	17	Check out the latest material with the <a class="tn" href="/link-cruiser">link-cruiser</a>
	18	<% } %>
17	19
18	20	<br />
…	…
28	30	?>
29	31
	32	<% if( $u ) { %>
30	33	<a class="tn" href="/install">Add more links</a>
31	34	<a class="tn" href="/comments">View Recent Comments</a>
32	35	<a class="tn" href="/import">Import my Favorites</a>
	36	<?php } ?>
33	37	<a class="tn" href="/faq">FAQ</a>
34	38	<a class="tn" href="javascript:;" onClick="openContactUs()">Send Feedback!</a>

feedmelinks/modules/utils.inc.php

r1349	r1350
6	6	include_once( "env.inc.php" );
7	7	include( get_root() . "/modules/prep-cache.inc.php" );
	8
	9	function is_im_account_known( $im_name ) {
	10	if( ! $im_name ) return;
	11	$qs = "SELECT userid, imValidated FROM users WHERE im = '" . urlencode( $im_name ) . "'";
	12	$q = run_query( $qs );
	13
	14	$numRows = mysql_num_rows($q);
	15	if( ! $numRows )
	16	return;
	17	$i = 0;
	18	while( $i < $numRows ) {
	19	$valid = mysql_result($q, $i, "imValidated");
	20	echo "<user valid='$valid'>" . urldecode( mysql_result($q, $i, "userid")) . "</user>\n";
	21	$i++;
	22	}
	23	}
	24
	25	function get_sock_puppet( $user ) {
	26	if( ! $user ) return;
	27	return md5( getPasswdForUser( $user ));
	28	}
	29
	30	function validate_users_im_name( $user ) {
	31	if( ! $user ) return;
	32	$im_name = get_IM_address_for_user( $user ); # cache for later
	33	run_query( getQuery( "rude_solo_im_name", get_IM_address_for_user( $user )));
	34	setFieldForUser( $user, "im", $im_name );
	35	setFieldForUser( $user, "imValidated", 1 );
	36	return "validated";
	37	}
	38
	39	function get_im_validation_phrase_for_user( $user ) {
	40	$aim = get_IM_address_for_user( $user );
	41	$pass = getPasswdForUser( $user );
	42	$s = $aim . $pass;
	43	$hash = md5( $s );
	44
	45	$tok1 = hexdec( substr( $hash, 0, 2 ));
	46	$tok2 = hexdec( substr( $hash, 14, 2 ));
	47	$tok3 = hexdec( substr( $hash, strlen( $hash ) - 2, 2));
	48
	49	$words = file( get_root() . '/_config/nouns' );
	50	$nouns = chop( $words[ $tok1 ] );
	51	$words = file( get_root() . '/_config/groups' );
	52	$group = chop( $words[ $tok2 ] );
	53	$num = $tok3;
	54	$secret_phrase = "a $group of $num $nouns";
	55	return $secret_phrase;
	56	}
8	57
9	58	function IM_address_is_validated( $user ) {
…	…
641	690	}
642	691
643		function add_tags_from_request( $u, $newLinkID, $catNums, $con ) {
644		if( $debug ) echo "<hr>";
645
646		$newCatNames = Array();
647
648		foreach( $_POST as $paramName => $newCatName ) {
649		if( substr( $paramName, 0, strlen( "new_tag" )) == "new_tag" && $newCatName) {
650		array_push( $newCatNames, $newCatName );
651		}
652		}
653
654		foreach( $_GET as $paramName => $newCatName ) {
655		if( substr( $paramName, 0, strlen( "new_tag" )) == "new_tag" && $newCatName) {
656		array_push( $newCatNames, $newCatName );
657		}
658		}
	692	function add_tags_from_request( $u, $newLinkID, $known_tag_IDs, $con, $possibly_new_tag_names ) {
	693	# if we were called with a big list of possible tags, use that,
	694	# otherwise, slurp them out of the request (_GET + _POST arrays)
	695	if( $possibly_new_tag_names && count( $possibly_new_tag_names ) > 0 )
	696	$new_tag_names = $possibly_new_tag_names;
	697	else {
	698	$new_tag_names = Array();
	699	foreach( $_POST as $paramName => $new_tag_name )
	700	if( substr( $paramName, 0, strlen( "new_tag" )) == "new_tag" && $new_tag_name)
	701	array_push( $new_tag_names, $new_tag_name );
	702
	703	foreach( $_GET as $paramName => $new_tag_name )
	704	if( substr( $paramName, 0, strlen( "new_tag" )) == "new_tag" && $new_tag_name)
	705	array_push( $new_tag_names, $new_tag_name );
	706	}
659	707
660	708	if( $debug ) {
661		echo "User entered " . count( $new~~CatN~~ames ) . " 'new' tags: ";
662		print_r( $new~~CatN~~ames );
663		echo "<br>And " . count( $~~catNum~~s ) . " existing tags: ";
664		print_r( $~~catNum~~s );
	709	echo "User entered " . count( $new_tag_names ) . " 'new' tags: ";
	710	print_r( $new_tag_names );
	711	echo "<br>And " . count( $known_tag_IDs ) . " existing tags: ";
	712	print_r( $known_tag_IDs );
665	713	echo "<br>";
666	714	}
667	715
668		if( count( $new~~CatN~~ames )) {
669		foreach( $new~~CatN~~ames as $newCategoryName ) {
	716	if( count( $new_tag_names )) {
	717	foreach( $new_tag_names as $newCategoryName ) {
670	718	if( $debug )
671	719	echo "First we add any tags that are actually new, then we tag the link w/all the remaining existing tags:<br />";
…	…
678	726	echo "added $newCategoryName successfully as: \$newCatNum: $newCatNum<br />";
679	727	if( $newCatNum )
680		array_push( $~~catNum~~s, $newCatNum );
	728	array_push( $known_tag_IDs, $newCatNum );
681	729	} else
682	730	# user actually already had this tag, so just push it onto the rest of the existing tags to tag this link with
683		array_push( $~~catNum~~s, $categoryAlreadyExists );
	731	array_push( $known_tag_IDs, $categoryAlreadyExists );
684	732	}
685	733	} else {
…	…
692	740
693	741	if( $debug )
694		echo "<br />DEBUG: looping over " . (count($~~catNum~~s)) . " tags";
695		foreach( $~~catNum~~s as $catNum ) {
	742	echo "<br />DEBUG: looping over " . (count($known_tag_IDs)) . " tags";
	743	foreach( $known_tag_IDs as $catNum ) {
696	744	if( ! $q \|\| ! $catNum )
697	745	return;
…	…
1976	2024	} else if( $argWhichQuery == "top_linking_users" ) {
1977	2025	return "
1978		SELECT COUNT(*) AS lc, links.userid AS u FROM links, users WHERE users.userid = links.userid AND isPrivate IS NULL AND snuffed IS NULL GROUP BY links.userid ORDER BY lc DESC LIMIT " . $args[1] . ";";
1979
	2026	SELECT COUNT(*) AS lc, links.userid AS u FROM links, users WHERE users.userid = links.userid AND isPrivate IS NULL AND snuffed IS NULL GROUP BY links.userid ORDER BY lc DESC LIMIT " . $args[1] . ";";
	2027
	2028	} else if( $argWhichQuery == "rude_solo_im_name" ) {
	2029	return "
	2030	UPDATE users SET im = NULL, imValidated = NULL WHERE im = '" . urlencode( $args[1] ) . "'";
1980	2031
1981	2032	} else if( $argWhichQuery == "tag_spammer" ) {
1982	2033	return "
1983		UPDATE users SET options = (options + 1 ) WHERE userid = '" . urlencode( $args[1]) . "';";
	2034	UPDATE users SET options = (options + 1 ) WHERE userid = '" . urlencode( $args[1]) . "';";
1984	2035
1985	2036	} else if( $argWhichQuery == "user_by_user_criteria" ) {
…	…
2580	2631	# judge, jury, and executioner
2581	2632	function isJJE( $u ) {
2582		if( $u == "jm3" )
	2633	if( $u == "jm3" \|\| $u == "klaus_kinski" )
2583	2634	return true;
2584	2635	else
…	…
2587	2638
2588	2639	function isSuperUser( $u ) {
2589		if( $u == "jm3" \|\| $u == "pheezy" \|\| $u == "~~gus~~" )
	2640	if( $u == "jm3" \|\| $u == "pheezy" \|\| $u == "klaus_kinski" )
2590	2641	return 1;
2591	2642	else
…	…
2953	3004	$password = urlencode( $argPassword );
2954	3005	$name = urlencode( $argName );
2955		$post_code = urlencode( $argPostCode );
	3006
	3007	# FIXME: these three are unused for now since we don't ask for them during signup:
	3008	$post_code = urlencode( $argPostCode );
2956	3009	$im = urlencode( $argIM );
2957	3010	$im_type = urlencode( $argIMType );
2958	3011
2959		$qs = "INSERT INTO users VALUES(NULL,'$userId','$email', '$password', '$name','', 2, 1, NULL, now(), now(), ~~'$post_code', '$im', '$im_type'~~ );";
	3012	$qs = "INSERT INTO users VALUES(NULL,'$userId','$email', '$password', '$name','', 2, 1, NULL, now(), now(), NULL, NULL, NULL );";
2960	3013
2961	3014	l( "new_user: $argUserId, $argEmail" );
…	…
3281	3334	fclose( $f );
3282	3335	ignore_user_abort(false);
	3336	return "success";
3283	3337
3284	3338	} else {
…	…
3502	3556	if( $numRows )
3503	3557	return mysql_result($q, $i, $field);
	3558	}
	3559
	3560	function setFieldForUser( $user, $field, $value ) {
	3561	if( ! $user \|\| ! $field \|\| ! $value) return;
	3562	$qs = "UPDATE users SET $field = '" . urlencode( $value ) . "' WHERE userid = '" . urlencode( $user ) . "';";
	3563	run_query( $qs );
3504	3564	}
3505	3565

feedmelinks/script/funcs.js

r1326	r1350
51	51	// end funnelling
52	52	function openEdit( argId ) {
53		window.open( "/edit?id=" + argId, "foo", "width=427,height=194,scrollbars=0" );
	53	setTimeout("popup.focus()", 500);
	54	popup = window.open( "/edit?id=" + argId, "foo", "width=427,height=194,scrollbars=0" );
54	55	}
55	56
56	57	function openMailer( argId ) {
57		window.open( "/mailer?id=" + argId, "foo", "width=455,height=350" );
	58	setTimeout("popup.focus()", 500);
	59	popup = window.open( "/mailer?id=" + argId, "foo", "width=455,height=350" );
58	60	}
59	61
60	62	function openContactUs( argSubj ) {
	63	setTimeout("popup.focus()", 500);
61	64	var u = "/contact-us" + (argSubj ? "?subject=" + argSubj : "");
62		contactus=window.open( u, "contact_us", "width=500,height=600,resizable=1,status=0" );
63		if (window.focus) {contactus.focus()}
	65	popup = window.open( u, "contact_us", "width=500,height=600,resizable=1,status=0" );
64	66	}
65	67
66	68	function openDelete( argId ) {
67		window.open( "/delete?id=" + argId, "foo", "width=437,height=166" );
	69	setTimeout("popup.focus()", 500);
	70	popup = window.open( "/delete?id=" + argId, "foo", "width=437,height=166" );
	71	}
	72
	73	function openValidate() {
	74	setTimeout("popup.focus()", 500);
	75	popup = window.open( "/validate/im", "foo", "width=550,height=200" );
68	76	}
69	77
…	…
72	80	if( s.selectedIndex != 0 )
73	81	window.location = "/f/s/" + s[s.selectedIndex].value;
74		~~//_content.window.location = "/s/" + s[s.selectedIndex].value;~~
75	82	}
76	83

feedmelinks/validate/IM.php

r1349	r1350
1		<link rel="stylesheet" type="text/css" media="screen" href="/style/validation.css" />
	1	<html>
	2	<head>
	3	<title>
	4	Validate My IM Address:
	5	</title>
	6	<link rel="stylesheet" type="text/css" media="screen" href="/style/validation.css" />
	7	</head>
	8	<body>
2	9
3	10	<?php
4	11	include( "../modules/utils.inc.php" );
5
6	12	if( !$u \|\| !$tok \|\| $tok != md5( getPasswdForUser( $u )))
7	13	echo bounceTo( $site . "/login?bounceToPage=validate/im" );
	14	?>
8	15
9		$aim = get_IM_address_for_user( $u );
10		$pass = getPasswdForUser( $u );
11		$s = $aim . $pass;
12		$hash = md5( $s );
	16	<div id="challenge">
	17	<h1>Your Validation Code is:</h1>
	18	<input class="copyable" name="secret" value="<?= get_im_validation_phrase_for_user( $u ) ?>" size="22" />
	19	<small>Copy & paste the above phrase into AIM when asked for your challenge code</small>
	20	</div>
13	21
14		$tok1 = hexdec( substr( $hash, 0, 2 ));
15		$tok2 = hexdec( substr( $hash, 14, 2 ));
16		$tok3 = hexdec( substr( $hash, strlen( $hash ) - 2, 2));
17
18		$words = file( '_config/nouns' );
19		$nouns = chop( $words[ $tok1 ] );
20		$words = file( '_config/groups' );
21		$group = chop( $words[ $tok2 ] );
22		$num = $tok3;
23
24		$secret_phrase = "a $group of $num $nouns";
25		?>
26		<div id="challenge">
27		<h1>Your Validation Code is:</h1>
28		<input class="copyable" name="secret" value="<?= $secret_phrase ?>" size="22" />
29		<small>Copy & paste this into the AIM window when asked for your challenge code:</small>
30		</div>
31
	22	</body>
	23	</html>

Navigation

Changeset 1350

Legend:

Download in other formats: