jonas/online-bookmarks
1
0
Fork 0
Code Releases Activity

sending lib to the repos

Browse Source
This commit is contained in:
Stefan Frech
2008-04-20 13:31:29 +00:00
committed by Jonas Kattendick
parent c313cfa40b
commit 03dca2fcae
7 changed files with 937 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
lib/auth.php Normal file
View File

@@ -0,0 +1,154 @@
<?php
class auth {
var $username = '';
var $password = '';
function auth () {
if (!session_id ()){
session_start();
}
if ($this->check_auth ()) {
$_SESSION['logged_in'] = true;
}
else {
$_SESSION['logged_in'] = false;
}
}
function check_auth () {
if (session_id ()
&& isset ($_SESSION['challengekey'])
&& strlen ($_SESSION['challengekey']) === 32
&& isset ($_SESSION['username'])
&& $_SESSION['username'] != ''
&& isset ($_SESSION['logged_in'])
&& $_SESSION['logged_in']) {
return true;
}
else if ($this->check_cookie ()) {
return true;
}
return false;
}
function assign_data () {
if ( isset($_POST['username'])
&& isset($_POST['password'])
&& $_POST['username'] != ''
&& $_POST['password'] != '') {
$this->username = $_POST['username'];
$this->password = $_POST['password'];
return true;
}
return false;
}
function login () {
$_SESSION['logged_in'] = false;
if ($this->assign_data ()) {
global $mysql;
$query = sprintf("SELECT COUNT(*) FROM user WHERE md5(username)=md5('%s') AND password=md5('%s')",
$mysql->escape ($this->username),
$mysql->escape ($this->password));
if ($mysql->query ($query) && mysql_result ($mysql->result, 0) === "1") {
if (isset ($_POST['remember'])) {
global $cookie;
$cookie['data'] = serialize (array ($this->username, md5 ($cookie['seed'] . md5 ($this->password))));
@setcookie ($cookie['name'],
$cookie['data'],
$cookie['expire'],
$cookie['path'],
$cookie['domain']);
}
$this->set_login_data ($this->username);
}
else {
$this->logout ();
}
}
unset ($_POST['password']);
unset ($this->password);
}
function logout () {
global $cookie;
unset ($_SESSION['challengekey']);
unset ($_SESSION['username']);
@setcookie ($cookie['name'], "", time() - 1, $cookie['path'], $cookie['domain']);
$_SESSION['logged_in'] = false;
}
function set_login_data ($username) {
$_SESSION['challengekey'] = md5 ($username . microtime ());
$_SESSION['username'] = $username;
$_SESSION['logged_in'] = true;
}
function check_cookie () {
global $cookie, $mysql;
if ( isset ($cookie['name'])
&& $cookie['name'] != ''
&& isset ($_COOKIE[$cookie['name']])) {
list ($cookie['username'], $cookie['password_hash']) = @unserialize ($_COOKIE[$cookie['name']]);
$query = sprintf("SELECT COUNT(*) FROM user WHERE username='%s' AND MD5(CONCAT('%s', password))='%s'",
$mysql->escape ($cookie['username']),
$mysql->escape ($cookie['seed']),
$mysql->escape ($cookie['password_hash']));
if ($mysql->query ($query) && mysql_result ($mysql->result, 0) === "1") {
$this->set_login_data ($cookie['username']);
return true;
}
else {
$this->logout ();
return false;
}
}
return false;
}
function display_login_form () {
?>
<form name="loginform" method="POST" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
<center>
<table border="0" style="text-align:left;">
<tr>
<td>Username:</td>
<td><input name="username" type="text" value="" tabindex="1"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" value="" tabindex="2"></td>
</tr>
<tr>
<td>Remember login:</td>
<td><input type="checkbox" name="remember" tabindex="3"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login" tabindex="4"></td>
</tr>
</table>
<?php
if (strtolower (basename ($_SERVER['SCRIPT_NAME'])) == "index.php") {
echo '<br><div><a href="./shared.php">Users Sharing Bookmarks</a></div>';
}
?>
</center>
</form>
<script type="text/javascript">
document.loginform.username.focus();
</script>
<?php
}
}
?>

112
lib/lib.js Normal file
View File

@@ -0,0 +1,112 @@
function reloadclose(){
window.opener.location.reload();
self.close();
}
function bookmarknew(folderid) {
bookmark_new = window.open("./bookmark_new.php?folderid=" + folderid, "bookmarknew","toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500");
}
function bookmarkedit(bmlist) {
if (bmlist==""){
alert("No Bookmarks selected.");
}
else {
bookmark_edit = window.open("./bookmark_edit.php?bmlist=" + bmlist, "bookmarkedit","toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500");
}
}
function bookmarkmove(bmlist) {
if (bmlist==""){
alert("No Bookmarks selected.");
}
else {
bookmark_move = window.open("./bookmark_move.php", bmlist, "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=450");
}
}
function bookmarkdelete(bmlist) {
if (bmlist==""){
alert("No Bookmarks selected.");
}
else {
bookmark_delete = window.open("./bookmark_delete.php?bmlist=" + bmlist, "bookmarkdelete", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=450");
}
}
function foldernew(folderid) {
folder_new = window.open("./folder_new.php?folderid=" + folderid, "foldernew", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=200");
}
function folderedit(folderid) {
if (folderid=="" || folderid=='0'){
alert("No Folder selected.");
}
else {
folder_edit = window.open("./folder_edit.php?folderid=" + folderid, "folderedit", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=220");
}
}
function foldermove(folderid) {
if (folderid=="" || folderid=='0'){
alert("No Folder selected.");
}
else {
folder_move = window.open("./folder_move.php", folderid, "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=450");
}
}
function folderdelete(folderid) {
if (folderid=="" || folderid=="0"){
alert("No Folder selected.");
}
else {
folder_delete= window.open("./folder_delete.php?folderid=" + folderid, "folderdelete", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=200");
}
}
function selectfolder(url) {
select_folder = window.open("./select_folder.php" + url, "selectfolder", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=450");
}
function chpw() {
chpw_window = window.open("./change_password.php", "chpw", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=200");
}
function checkselected(){
var i;
var parameter='';
for ( i = 0; i < window.document.forms['bookmarks'].elements.length; i++) {
if (window.document.forms['bookmarks'].elements[i].checked == true) {
parameter = parameter + window.document.forms['bookmarks'].elements[i].name + "_";
}
}
result=parameter.replace(/_$/,"");
return result
}
/* This function is from the following location:
http://www.squarefree.com/bookmarklets/
*/
function selection(boxes){
var x,k,f,j;
x=document.forms;
for (k = 0; k < x.length; ++k){
f = x[k];
for (j = 0; j < f.length; ++j){
if (f[j].type.toLowerCase() == "checkbox"){
if (boxes == "all"){
f[j].checked = true ;
}
else if (boxes == "none"){
f[j].checked = false ;
}
else if (boxes == "toggle") {
f[j].checked = !f[j].checked ;
}
}
}
}
}

443
lib/lib.php Normal file
View File

@@ -0,0 +1,443 @@
<?php
###
### prints a message and exits the application properly
###
function message ($message) {
if (isset ($message)) {
echo "<p>" . $message . "</p>";
}
require_once (ABSOLUTE_PATH . "footer.php");
}
/*
* Checks whether the user is logged in.
* Displays a link to login if not and exit application.
*/
function logged_in_only () {
if (! isset ($_SESSION['logged_in']) || ! $_SESSION['logged_in']) {
global $auth;
$auth->display_login_form ();
require_once (ABSOLUTE_PATH . "footer.php");
}
}
function input_validation ($data, $charset = 'UTF-8') {
if (is_array ($data)) {
foreach ($data as $key => $value) {
$data[$key] = input_validation ($value);
}
}
else {
$data = htmlentities (trim ($data), ENT_QUOTES, $charset);
}
return $data;
}
/*
* Verify some GET variables
*/
###
### Setting the expand variable. If empty in _GET we use the one from _SESSION if available.
### Call this function only once, otherwise some strange things will happen.
###
function set_get_expand () {
if (!isset ($_GET['expand'])) {
if (isset ($_SESSION['expand']) && is_array ($_SESSION['expand'])) {
$return = set_num_array ($_SESSION['expand']);
}
else {
$return = array();
}
}
else if ($_GET['expand'] == '') {
$return = array();
}
else {
$return = explode (",", $_GET['expand']);
$return = set_num_array ($return);
}
$return = input_validation ($return);
$_SESSION['expand'] = $return;
return ($return);
}
function set_get_folderid () {
if (!isset ($_GET['folderid']) || $_GET['folderid'] == '' || !is_numeric ($_GET['folderid'])) {
if (isset ($_SESSION['folderid'])) {
$return = $_SESSION['folderid'];
}
else {
$return = 0;
}
}
else {
$return = $_GET['folderid'];
}
$return = input_validation ($return);
$_SESSION['folderid'] = $return;
return ($return);
}
################## GET title and url are handled a bit special
function set_get_title () {
if (!isset ($_GET['title']) || $_GET['title'] == '') {
$return = '';
}
else {
$return = $_GET['title'];
}
return input_validation ($return);
}
function set_get_url () {
if (!isset ($_GET['url']) || $_GET['url'] == '') {
$return = '';
}
else {
$return = $_GET['url'];
}
return input_validation ($return);
}
function set_session_title () {
if (!isset ($_SESSION['title']) || $_SESSION['title'] == '') {
$return = '';
}
else {
$return = $_SESSION['title'];
}
return $return;
}
function set_session_url () {
if (!isset ($_SESSION['url']) || $_SESSION['url'] == '') {
$return = '';
}
else {
$return = $_SESSION['url'];
}
return $return;
}
function set_title () {
$get_title = set_get_title ();
$session_title = set_session_title ();
if ($get_title == '' && $session_title == '') {
$return = '';
}
else if ($get_title != '') {
$_SESSION['title'] = $get_title;
$return = $get_title;
}
else if ($session_title != '') {
$_SESSION['title'] = $session_title;
$return = $session_title;
}
return $return;
}
function set_url () {
$get_url = set_get_url ();
$session_url = set_session_url ();
if ($get_url == '' && $session_url == '') {
$return = '';
}
else if ($get_url != '') {
$_SESSION['url'] = $get_url;
$return = $get_url;
}
else if ($session_url != '') {
$_SESSION['url'] = $session_url;
$return = $session_url;
}
return $return;
}
#############################################
function set_get_noconfirm () {
if (!isset ($_GET['noconfirm']) || $_GET['noconfirm'] == '') {
$return = false;
}
else {
$return = true;
}
return $return;
}
/*
* Verify some POST variables
*/
function set_post_childof () {
if (!isset ($_POST['childof']) || $_POST['childof'] == '' || !is_numeric($_POST['childof'])) {
$return = 0;
}
else {
$return = $_POST['childof'];
}
return input_validation ($return);
}
function set_post_title () {
if (!isset ($_POST['title']) || $_POST['title'] == '') {
$return = '';
}
else {
$return = $_POST['title'];
}
return input_validation ($return);
}
function set_post_url () {
if (!isset ($_POST['url']) || $_POST['url'] == '') {
$return = '';
}
else {
$return = $_POST['url'];
}
return input_validation ($return);
}
function set_post_description () {
if (!isset ($_POST['description']) || $_POST['description'] == '') {
$return = '';
}
else {
$return = $_POST['description'];
}
return input_validation ($return);
}
function set_post_foldername () {
if (!isset ($_POST['foldername']) || $_POST['foldername'] == '') {
$return = '';
}
else {
$return = $_POST['foldername'];
}
return input_validation ($return);
}
function set_post_sourcefolder () {
if (!isset ($_POST['sourcefolder']) || $_POST['sourcefolder'] == '' || !is_numeric ($_POST['sourcefolder'])) {
$return = '';
}
else {
$return = $_POST['sourcefolder'];
}
return input_validation ($return);
}
function set_post_parentfolder () {
if (!isset ($_POST['parentfolder']) || $_POST['parentfolder'] == '' || !is_numeric ($_POST['parentfolder'])) {
$return = 0;
}
else {
$return = $_POST['parentfolder'];
}
return input_validation ($return);
}
function set_post_browser () {
if (!isset ($_POST['browser'])) {
$return = '';
}
else if ($_POST['browser'] == 'opera') {
$return = 'opera';
}
else if ($_POST['browser'] == 'netscape') {
$return = 'netscape';
}
else if ($_POST['browser'] == 'IE') {
$return = 'IE';
}
else {
$return = '';
}
return input_validation ($return);
}
#########################################################
###
###
###
function return_charsets () {
$charsets = array (
'ISO-8859-1',
'ISO-8859-15',
'UTF-8',
'cp866',
'cp1251',
'cp1252',
'KOI8-R',
'BIG5',
'GB2312',
'BIG5-HKSCS',
'Shift_JIS',
'EUC-JP',
);
return $charsets;
}
function set_post_charset () {
$charsets = return_charsets ();
if (!isset ($_POST['charset']) || $_POST['charset'] == '') {
$return = 'UTF-8';
}
else if (in_array ($_POST['charset'], $charsets)) {
$return = $_POST['charset'];
}
else {
$return = 'UTF-8';
}
return $return;
}
function check_username ($username) {
$return = false;
if (isset ($username) || $username == '') {
global $mysql;
$query = sprintf ("SELECT COUNT(*) FROM user WHERE md5(username)=md5('%s')",
$mysql->escape ($username));
if ($mysql->query ($query)) {
if (mysql_result ($mysql->result, 0) == 1) {
$return = true;
}
}
}
return input_validation ($return);
}
function admin_only () {
$return = false;
global $mysql, $username;
$query = sprintf ("SELECT COUNT(*) FROM user WHERE admin='1'
AND username='%s'",
$mysql->escape ($username));
if ($mysql->query ($query)) {
if (mysql_result ($mysql->result, 0) == "1") {
$return = true;
}
}
return input_validation ($return);
}
function set_get_string_var ($varname, $default = '') {
if (! isset ($_GET[$varname]) || $_GET[$varname] == '') {
$return = $default;
}
else {
$return = $_GET[$varname];
}
return input_validation ($return);
}
function set_post_string_var ($varname, $default = '') {
if (! isset ($_POST[$varname]) || $_POST[$varname] == '') {
$return = $default;
}
else {
$return = $_POST[$varname];
}
return input_validation ($return);
}
function set_post_num_var ($varname, $default = 0) {
if (! isset ($_POST[$varname]) || $_POST[$varname] == '' || !is_numeric ($_POST[$varname])) {
$return = $default;
}
else {
$return = intval ($_POST[$varname]);
}
return input_validation ($return);
}
function set_post_bool_var ($varname, $default = true) {
if (! isset ($_POST[$varname])) {
$return = $default;
}
else if (! $_POST[$varname] ) {
$return = false;
}
else if ($_POST[$varname] ) {
$return = true;
}
else {
$return = $default;
}
return $return;
}
function set_get_num_list ($varname) {
if (!isset ($_GET[$varname]) || $_GET[$varname] == '') {
$return = array ();
}
else {
$return = set_num_array (explode ("_", $_GET[$varname]));
}
return input_validation ($return);
}
function set_post_num_list ($varname) {
if (!isset ($_POST[$varname]) || $_POST[$varname] == '') {
$return = array ();
}
else {
$return = set_num_array (explode ("_", $_POST[$varname]));
}
return input_validation ($return);
}
/*
* This function checks the values of each entry in an array.
* It returns an array with unique and only numeric entries.
*/
function set_num_array ($array){
foreach ($array as $key => $value) {
if ($value == '' || !is_numeric ($value)) {
unset ($array[$key]);
}
}
return array_unique ($array);
}
function print_footer () {
echo '<a href="http://www.frech.ch/online-bookmarks/" target="_blank">Online-Bookmarks</a>' . "\n";
@readfile (ABSOLUTE_PATH . "VERSION");
echo ' by Stefan Frech';
}
function object_count () {
global $mysql, $username;
$return = '';
$query = sprintf ("SELECT (SELECT COUNT(*) FROM bookmark WHERE user='%s') AS bookmarks,
(SELECT COUNT(*) FROM folder WHERE user='%s') AS folders",
$mysql->escape ($username),
$mysql->escape ($username));
if ($mysql->query ($query)) {
if (mysql_num_rows ($mysql->result) == "1") {
$row = mysql_fetch_object ($mysql->result);
$return = "You have $row->bookmarks Bookmarks and $row->folders Folders";
}
}
else {
$return = $mysql->error;
}
echo $return;
}
?>

99
lib/login.php Normal file
View File

@@ -0,0 +1,99 @@
<?php
if (basename ($_SERVER['SCRIPT_NAME']) == basename (__FILE__)) {
die ("no direct access allowed");
}
$display_login_form = false;
if (isset ($_SESSION)) {
if (isset ($_POST['username']) && $_POST['username'] != '' && ! $_SESSION['logged_in']) {
$auth->login ();
}
if (isset ($_GET['login']) && $_GET['login'] && ! $_SESSION['logged_in']) {
$display_login_form = true;
}
if (isset ($_GET['logout']) && $_GET['logout'] && $_SESSION['logged_in']) {
$auth->logout ();
}
if (isset ($_SESSION['username']) && ! check_username ($_SESSION['username'])) { # XXX hoffe das ist ok so.
$auth->logout ();
}
if (isset ($_SESSION['logged_in']) && $_SESSION['logged_in']) {
if (isset ($_SESSION['username']) && $_SESSION['username'] != '') {
$username = $_SESSION['username'];
$query = sprintf ("SELECT * FROM user WHERE username='%s'",
$mysql->escape ($username));
# now get the settings.
if ($mysql->query ($query)) {
$settings = mysql_fetch_assoc ($mysql->result);
}
else {
message ($mysql->error);
}
unset ($settings['password']);
}
else {
# instead of user preferences, set default settings.
$settings = default_settings ();
$username = '';
$auth->logout ();
}
}
else {
$settings = default_settings ();
$username = '';
$auth->logout ();
}
}
else {
$settings = default_settings ();
$username = '';
$auth->logout ();
}
function default_settings () {
$settings = array (
'root_folder_name' => '',
'column_width_folder' => 400,
'column_width_bookmark' => 0,
'table_height' => 400,
'confirm_delete' => true,
'open_new_window' => true,
'show_bookmark_description' => true,
'show_bookmark_icon' => true,
'show_column_date' => true,
'date_format' => '0',
'show_column_edit' => false,
'show_column_move' => false,
'show_column_delete' => false,
'fast_folder_minus' => true,
'fast_folder_plus' => true,
'fast_symbol' => true,
'simple_tree_mode' => false,
);
return $settings;
}
# adjust some settings
if ($settings['column_width_bookmark'] == 0 || ! is_numeric ($settings['column_width_bookmark'])) {
$column_width_bookmark = "100%";
}
else {
$column_width_bookmark = $settings['column_width_bookmark'] . "px";
}
$column_width_folder = $settings['column_width_folder'] . "px";
$table_height = $settings['table_height'] . "px";
if ( ! is_numeric ($settings['date_format'])) {
$settings['date_format'] = 0;
}
# set some often used vars
$folderid = set_get_folderid ();
$expand = set_get_expand ();
?>

35
lib/mysql.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
class mysql {
var $error = "";
var $result = false;
function mysql () {
global $dsn;
if ( ! @mysql_connect ($dsn['hostspec'], $dsn['username'], $dsn['password'])) {
$this->error = mysql_error ();
}
if ( ! @mysql_select_db ($dsn['database'])) {
$this->error = mysql_error ();
}
}
function query ($query) {
if ($this->result = mysql_query ($query)) {
return true;
}
else{
$this->error = mysql_error ();
return false;
}
}
function escape ($string) {
return mysql_real_escape_string ($string);
}
}
?>

39
lib/pngfix.js Normal file
View File

@@ -0,0 +1,39 @@
/*
Correctly handle PNG transparency in Win IE 5.5 & 6.
http://homepage.ntlworld.com/bobosola. Updated 18-Jan-2006.
Use in <HEAD> with DEFER keyword wrapped in conditional comments:
<!--[if lt IE 7]>
<script defer type="text/javascript" src="pngfix.js"></script>
<![endif]-->
*/
var arVersion = navigator.appVersion.split("MSIE")
var version = parseFloat(arVersion[1])
if ((version >= 5.5) && (document.body.filters))
{
for(var i=0; i<document.images.length; i++)
{
var img = document.images[i]
var imgName = img.src.toUpperCase()
if (imgName.substring(imgName.length-3, imgName.length) == "PNG")
{
var imgID = (img.id) ? "id='" + img.id + "' " : ""
var imgClass = (img.className) ? "class='" + img.className + "' " : ""
var imgTitle = (img.title) ? "title='" + img.title + "' " : "title='" + img.alt + "' "
var imgStyle = "display:inline-block;" + img.style.cssText
if (img.align == "left") imgStyle = "float:left;" + imgStyle
if (img.align == "right") imgStyle = "float:right;" + imgStyle
if (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle
var strNewHTML = "<span " + imgID + imgClass + imgTitle
+ " style=\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";"
+ "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader"
+ "(src=\'" + img.src + "\', sizingMethod='scale');\"></span>"
img.outerHTML = strNewHTML
i = i-1
}
}
}

55
lib/webstart.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
if ( ini_get( 'register_globals' ) ) {
if ( isset( $_REQUEST['GLOBALS'] ) ) {
die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
}
$verboten = array(
'GLOBALS',
'_SERVER',
'HTTP_SERVER_VARS',
'_GET',
'HTTP_GET_VARS',
'_POST',
'HTTP_POST_VARS',
'_COOKIE',
'HTTP_COOKIE_VARS',
'_FILES',
'HTTP_POST_FILES',
'_ENV',
'HTTP_ENV_VARS',
'_REQUEST',
'_SESSION',
'HTTP_SESSION_VARS'
);
foreach ( $_REQUEST as $name => $value ) {
if( in_array( $name, $verboten ) ) {
header( "HTTP/1.x 500 Internal Server Error" );
echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
die( -1 );
}
unset( $GLOBALS[$name] );
}
}
function &fix_magic_quotes( &$arr ) {
if ( get_magic_quotes_gpc() ) {
foreach( $arr as $key => $val ) {
if( is_array( $val ) ) {
fix_magic_quotes( $arr[$key] );
} else {
$arr[$key] = stripslashes( $val );
}
}
}
return $arr;
}
fix_magic_quotes( $_COOKIE );
fix_magic_quotes( $_ENV );
fix_magic_quotes( $_GET );
fix_magic_quotes( $_POST );
fix_magic_quotes( $_REQUEST );
?>