File: //opt/cpanel/ea-php54/root/usr/share/pear/RVSeagullMod/modules/blogweb/classes/Api.php
<?php
require_once 'Date/TimeZone.php';
require_once 'DB/DataObject.php';
// S9Y
define('S9Y_INCLUDE_PATH', SGL_WEB_ROOT . '/blogweb');
//include(S9Y_INCLUDE_PATH . 'serendipity_config_local.inc.php');
include(S9Y_INCLUDE_PATH . '/include/db/mysql.inc.php');
// S9Y
class BlogApi
{
var $blogVersion = '';
function BlogApi()
{
include S9Y_INCLUDE_PATH . '/serendipity_config_local.inc.php';
$this->blogVersion = $serendipity['versionInstalled'];
SGL::logMessage('************** blogweb BlogApi'. $this->blogVersion);
}
function verifyAccount()
{
SGL::logMessage('************** blogweb verifyAccount'. $this->blogVersion);
$dbh = SGL_DB::singleton();
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
// รับค่า input
$req = SGL_Request::singleton();
$frm = $req->getAll();
//Fix update serendipity version 1.5.5
if (version_compare($this->blogVersion, '1.3', '>')) {
SGL::logMessage('************ verify hashkey blog version 1.5.5');
$query = "SELECT value FROM " . $conf['table']['serendipity_config'] . "
WHERE name = 'hashkey'";
$hashkey = $dbh->getOne($query);
SGL::logMessage('************ before verify hashkey : ' . $hashkey);
if (SGL::isError($hashkey) || !$hashkey) {
SGL_Error::pop();
$hashkey = time();
$query = "REPLACE INTO " . $conf['table']['serendipity_config'] . " (name, value) VALUES ('hashkey', '{$hashkey}')";
$res = $dbh->query($query);
}
SGL::logMessage('************ after verify hashkey : ' . $hashkey);
}
//Fix update serendipity version 1.5.5
$sglUserName = SGL_Session::getUsername();
SGL::logMessage('************** blogweb user' . $sglUserName);
$query = "
SELECT authorid
FROM " . $conf['table']['serendipity_authors'] . "
WHERE username = " . $dbh->quoteSmart($sglUserName) . "
LIMIT 0,1
";
//Fix PHP5.3 (use MDB2)
$res = $dbh->getAll($query, SGL_DB_FETCHMODE_ASSOC);
if (count($res) < 1) {
SGL::logMessage('************** blogweb Addnew user');
$oUser = DB_DataObject::factory($conf['table']['user']);
$oUser->get(SGL_Session::getUid());
$input->username = $oUser->username;
$input->email = $oUser->email;
$input->first_name = $oUser->first_name;
$input->last_name = $oUser->last_name;
$input->password = $frm['frmPassword'];
$this->registerUser($input);
}
return true;
}
function addUser($input)
{
$input->username = $input->user->username;
$input->password = $input->user->passwd;
$input->first_name = $input->user->first_name;
$input->last_name = $input->user->last_name;
$input->email = $input->user->email;
$dbh = SGL_DB::singleton();
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
$sglUserName = $input->username;
$query = "
SELECT authorid
FROM " . $conf['table']['serendipity_authors'] . "
WHERE username = '{$sglUserName}'
LIMIT 0,1
";
//Fix PHP5.3 (use MDB2)
$res = $dbh->getAll($query, SGL_DB_FETCHMODE_ASSOC);
if (count($res) < 1) {
$this->registerUser($input);
}
return true;
}
function registerUser($input)
{
SGL::logMessage('************** registerUser blogweb : ' . $input->username);
$dbh = SGL_DB::singleton();
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
$realname = $input->username;
if ($input->first_name != '' && $input->last_name != '') {
$realname = $input->first_name . ' ' . $input->last_name;
}
$sglUserId = SGL_Session::getUid();
$userlevel = 0;
$roleID = SGL_Session::getRoleId();
if ($roleID == SGL_ADMIN) {
$userlevel = 255;
}
//Fix update serendipity version 1.5.5
if (version_compare($this->blogVersion, '1.3', '>')) {
SGL::logMessage('blog version 1.5.5');
$query = "SELECT value FROM " . $conf['table']['serendipity_config'] . "
WHERE name = 'hashkey'";
SGL::logMessage('************** ' . $query);
$hashkey = $dbh->getOne($query);
SGL::logMessage('************** After check hask : ' . $hashkey);
$password = sha1($hashkey . $input->password);
$query = "INSERT INTO " . $conf['table']['serendipity_authors'] . " (
`username`, `password`, `realname`, `email`, `userlevel`, `hashtype`
) VALUES (
'{$input->username}', '{$password}', '{$realname}', '{$input->email}', '{$userlevel}', '1'
)";
} else {
SGL::logMessage('blog version 1.3');
$password = md5($input->password);
$query = "INSERT INTO " . $conf['table']['serendipity_authors'] . " (
`username`, `password`, `realname`, `email`, `userlevel`
) VALUES (
'{$input->username}', '{$password}', '{$realname}', '{$input->email}', '{$userlevel}'
)";
}
//Fix update serendipity version 1.5.5
$res = $dbh->query($query);
$authotId = $this->_getAuthorIdByUsername($input->username);
$permalink = 'authors/' . $authotId . '-' . $input->username;
if ($authotId > 0) {
$query = "INSERT INTO " . $conf['table']['serendipity_permalinks'] . " (
`permalink`, `entry_id`, `type`
) VALUES (
'{$permalink}', '{$authotId}', 'author'
)";
$dbh->query($query);
}
return true;
}
function login($password)
{
SGL::logMessage('************** Login password : ' . $password);
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
$hash = sha1(uniqid(rand(), true));
$sglUserName = SGL_Session::getUsername();
$sglUserId = SGL_Session::getUid();
$dbh = SGL_DB::singleton();
require_once SGL_MOD_DIR . '/user/classes/UserDAO.php';
$daUser = UserDAO::singleton();
$aMapping = $daUser->getPrefsMapping();
$sesTimeOutId = $aMapping['sessionTimeout'];
//update session timeout by usrid
$daUser->updatePrefsByUserId(array($sesTimeOutId => 604800), $sglUserId);
$aPref=$daUser->getPrefsByUserId($sglUserId);
$sglSessionTimeout = $aPref['sessionTimeout'];
$password = trim($password);
//Fix update serendipity version 1.5.5
if (version_compare($this->blogVersion, '1.3', '>')) {
SGL::logMessage('blog version 1.5.5');
$query = "SELECT value FROM " . $conf['table']['serendipity_config'] . "
WHERE name = 'hashkey'";
$hashkey = $dbh->getOne($query);
SGL::logMessage('************** Login hask : ' . $hashkey);
$newPassword = sha1($hashkey . $password);
} else {
SGL::logMessage('blog version 1.3');
$newPassword = md5($password);
}
//Fix update serendipity version 1.5.5
$this->_resetPassword($sglUserName, $newPassword);
$oUser = DB_DataObject::factory($conf['table']['user']);
$oUser->get(SGL_Session::getUid());
//$this->_changeAdminConfiguration($oUser->first_name, $oUser->email);
$realname = $oUser->username;
if ($oUser->first_name != '' && $oUser->last_name != '') {
$realname = $oUser->first_name . ' ' . $oUser->last_name;
}
$this->changeUserAccountProfile($oUser->username_orig, $oUser->username, $realname, $oUser->email);
$query = "SELECT value FROM " . $conf['table']['serendipity_config'] . "
WHERE name = 'serendipityHTTPPath'";
$serendipityHTTPPath = $dbh->getOne($query);
$host = $_SERVER['HTTP_HOST'];
if ($pos = strpos($host, ":")) {
$host = substr($host, 0, $pos);
}
$array['username'] = $sglUserName;
$array['password'] = $password;
$package = serialize($array);
if (function_exists('mcrypt_encrypt')) {
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC), MCRYPT_RAND);
$key = base64_encode($iv);
$package = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $package, MCRYPT_MODE_CBC, $iv);
setcookie("serendipity[author_information_iv]", $key, time() + $sglSessionTimeout, '/', $host, false);
$_COOKIE['author_information_iv'] = $key;
}
$package = base64_encode($package);
$rnd = md5(uniqid(time(), true) . $_SERVER['REMOTE_ADDR']);
$query = "DELETE FROM " . $conf['table']['serendipity_options'] . "
WHERE okey = 'l_" . serendipity_db_escape_string($serendipity['COOKIE']['author_information']) . "'
OR (okey LIKE 'l_%' AND name < " . (time() - 1814400) . ")";
$dbh->query($query);
$query = "INSERT INTO " . $conf['table']['serendipity_options'] . " (`name`, `value`, `okey`) VALUES ('" . time() . "', '" . $package . "', 'l_" . $rnd . "')";
$dbh->query($query);
//Fix update serendipity version 1.5.5
if (version_compare($this->blogVersion, '1.3', '>')) {
SGL::logMessage('-----------------blog version 1.5.5');
setcookie("serendipity[author_information]", $rnd, time() + $sglSessionTimeout, '/', $host, false);
$_COOKIE['author_information'] = $rnd;
//set session
setcookie("serendipity[author_token]", $rnd, time() + $sglSessionTimeout, '/', $host, false);
$_COOKIE['author_token'] = $rnd;
setcookie("serendipity[old_session]", session_id(), time() + $sglSessionTimeout, '/', $host, false);
$_COOKIE['old_session'] = session_id();
$_SESSION['serendipityAuthedUser'] = 1;
$_SESSION['author_token'] = $rnd;
$_SESSION['serendipityPassword'] = $password;
$_SESSION['serendipityUser'] = $sglUserName;
$_SESSION['serendipityAuthorid'] = 1;
$_SESSION['serendipityHashType'] = 1;
$_SESSION['serendipityUserlevel'] = 255;
$_SESSION['serendipityAuthedUser'] = true;
$_SESSION['hashkey'] = $hashkey;
} else {
SGL::logMessage('blog version 1.3');
setcookie("serendipity[author_information]", $rnd, time() + $sglSessionTimeout, '/', $host, false);
$_COOKIE['author_information'] = $rnd;
$_SESSION['author_token'] = '1';
}
//Fix update serendipity version 1.5.5
return true;
}
function logout()
{
$dbh = SGL_DB::singleton();
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
$query = "SELECT value FROM " . $conf['table']['serendipity_config'] . "
WHERE name = 'serendipityHTTPPath'";
$serendipityHTTPPath = $dbh->getOne($query);
$host = $_SERVER['HTTP_HOST'];
$host = $_SERVER['HTTP_HOST'];
if ($pos = strpos($host, ":")) {
$host = substr($host, 0, $pos);
}
setcookie("serendipity[author_information_iv]", '', time() - 4000, '/', $host);
setcookie("serendipity[author_information]", '', time() - 4000, '/', $host);
setcookie("serendipity[author_token]", '', time() - 4000, '/', $host);
unset($_COOKIE['author_information_iv']);
unset($_COOKIE['author_information']);
unset($_COOKIE['author_token']);
return true;
}
function changePassword($password, $relogin = true)
{
$dbh = SGL_DB::singleton();
$sglUserName = SGL_Session::getUsername();
$c = SGL_Config::singleton();
$conf = $c->getAll();
//Fix update serendipity version 1.5.5
if (version_compare($this->blogVersion, '1.3', '>')) {
SGL::logMessage('blog version 1.5.5');
$query = "SELECT value FROM " . $conf['table']['serendipity_config'] . "
WHERE name = 'hashkey'";
$hashkey = $dbh->getOne($query);
$newPassword = sha1($hashkey . $password);
} else {
SGL::logMessage('blog version 1.3');
$newPassword = md5($password);
}
//Fix update serendipity version 1.5.5
$this->_resetPassword($sglUserName, $newPassword);
if ($relogin === true) {
$this->logout();
$this->login($password);
}
return true;
}
function _resetPassword($username, $newPassword)
{
SGL::logMessage('************** _resetPassword : ' . $newPassword);
$dbh = SGL_DB::singleton();
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
//Fix update serendipity version 1.5.5
if (version_compare($this->blogVersion, '1.3', '>')) {
SGL::logMessage('************** _resetPassword : blog version 1.5.5');
$query = "
UPDATE " . $conf['table']['serendipity_authors'] . "
SET password = " . $dbh->quoteSmart($newPassword) . "
, hashtype = 1
WHERE username = " . $dbh->quoteSmart($username);
} else {
SGL::logMessage('************** _resetPassword : blog version 1.3');
$query = "
UPDATE " . $conf['table']['serendipity_authors'] . "
SET password = " . $dbh->quoteSmart($newPassword) . "
WHERE username = " . $dbh->quoteSmart($username);
}
//Fix update serendipity version 1.5.5
$dbh->query($query);
return true;
}
function _getAuthorIdByUsername($username)
{
$dbh = SGL_DB::singleton();
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
$query = "
SELECT authorid
FROM " . $conf['table']['serendipity_authors'] . "
WHERE username = " . $dbh->quoteSmart($username) . "
LIMIT 0,1
";
$res = $dbh->getOne($query);
return $res;
}
// การเปลี่ยน Username ทำให้รหัสผ่านเดิมใช้ไม่ได้ ต้อง reset รหัสผ่าน
function changeUserAccountProfile($currentUsername, $newUsername, $firstName, $email)
{
$dbh = SGL_DB::singleton();
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
$sglUserId = SGL_Session::getUid();
$userlevel = 0;
$roleID = SGL_Session::getRoleId();
if ($roleID == SGL_ADMIN) {
$userlevel = 255;
}
$currentUsername = ($currentUsername) ? $currentUsername : $newUsername;
$query = "
UPDATE " . $conf['table']['serendipity_authors'] . "
SET
username = " . $dbh->quoteSmart($newUsername) . ",
realname = " . $dbh->quoteSmart($firstName) . ",
userlevel = " . $dbh->quoteSmart($userlevel) . ",
email = " . $dbh->quoteSmart($email) . "
WHERE username = " . $dbh->quoteSmart($currentUsername);
$dbh->query($query);
return true;
}
function deleteUser($aUserId)
{
SGL::logMessage(null, PEAR_LOG_DEBUG);
global $serendipity;
$dbh = SGL_DB::singleton();
$c = SGL_Config::singleton();
$conf = $c->getAll();
if (!is_array($aUserId)) {
$aUserId = array($aUserId);
} else {
$aUserId = array_unique($aUserId);
}
$userIdQuery = implode(',', $aUserId);
$query = "
SELECT username
FROM " . $conf['table']['user'] . "
WHERE usr_id IN (" . $userIdQuery . ")
";
$aSglUserName = $dbh->getCol($query);
$memberList = '';
foreach ($aSglUserName as $key) {
$memberList .= '\'' . $key . '\',';
}
$memberList .= '\' \'';
$query = "SELECT authorid
FROM {$conf['table']['serendipity_authors']}
WHERE username IN ({$memberList})";
$aSerendipityUserId = $dbh->getCol($query);
if (!is_array($aSerendipityUserId)) {
$aSerendipityUserId = array($aSerendipityUserId);
} else {
$aSerendipityUserId = array_unique($aSerendipityUserId);
}
foreach ($aSerendipityUserId as $key=>$userId) {
$this->_serendipity_deleteAuthor($userId);
}
return true;
}
function changeUserPreference($input)
{
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
$sglUserName = SGL_Session::getUsername();
$dbh = SGL_DB::singleton();
// ค้นหาค่า Offset
$timezone = $input->aPrefs['timezone'];
$offset = $GLOBALS['_DATE_TIMEZONE_DATA'][$timezone]['offset'] / 1000 / 60 / 60;
$url = SGL_BASE_URL . '/offset.php';
$curlContent = file_get_contents($url);
$timeOffset = $offset - $curlContent;
// สิ้นสุดการ ค้นหาค่า Offset
require_once(SGL_MOD_DIR . '/main/classes/Main.php');
$oMain = new Main;
$setSmfLang = $oMain->languageMap('blogweb', $input->aPrefs['language']);
$query = "
SELECT authorid FROM " . $conf['table']['serendipity_authors'] . "
WHERE username = '$sglUserName'";
$authId = $dbh->getOne($query);
// Set language.
$query = "
UPDATE " . $conf['table']['serendipity_config'] . "
SET value = '{$setSmfLang}'
WHERE name = 'lang'
AND authorid = '{$authId}';
";
$dbh->query($query);
$query = "
SELECT name FROM " . $conf['table']['serendipity_config'] . "
WHERE name='serverOffsetHours' and authorid = '$authId'";
$serverOffsetHours = $dbh->getOne($query);
// Set time offset.
if (count($serverOffsetHours)) {
$query = "
UPDATE " . $conf['table']['serendipity_config'] . "
SET value = '{$timeOffset}'
WHERE name = 'serverOffsetHours'
AND authorid = '{$authId}';
";
$dbh->query($query);
} else {
$query = "
REPLACE INTO " . $conf['table']['serendipity_config'] . " (name, value, authorid)
VALUES ('serverOffsetHours', '{$timeOffset}', {$authId});
";
$dbh->query($query);
}
}
function changeDefaultPreference($input)
{
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
$dbh = SGL_DB::singleton();
if ($input->pref->name == 'timezone') {
$timezone = $input->pref->default_value;
$timeOffset = 0;
if (isset($GLOBALS['_DATE_TIMEZONE_DATA'][$timezone]['offset'])) {
$offset = $GLOBALS['_DATE_TIMEZONE_DATA'][$timezone]['offset'] / 1000 / 60 / 60;
$url = SGL_BASE_URL . '/offset.php';
$curlContent = file_get_contents($url);
$timeOffset = $offset - $curlContent;
}
// Set time offset.
$query = "
UPDATE " . $conf['table']['serendipity_config'] . "
SET value = '{$timeOffset}'
WHERE name = 'serverOffsetHours'
AND authorid = '0';
";
$dbh->query($query);
} elseif ($input->pref->name == 'language') {
require_once(SGL_MOD_DIR . '/main/classes/Main.php');
$oMain = new Main;
$setLang = $oMain->languageMap('blogweb', $input->pref->default_value);
// Set language.
$query = "
UPDATE " . $conf['table']['serendipity_config'] . "
SET value = " . $dbh->quoteSmart($setLang) . "
WHERE name = 'lang'
AND authorid = '0';
";
$dbh->query($query);
}
}
function _serendipity_deleteAuthor($authorid)
{
global $serendipity;
$dbh = SGL_DB::singleton();
// รับค่า config
$c = SGL_Config::singleton();
$conf = $c->getAll();
$query =
"DELETE FROM " . $conf['table']['serendipity_authors'] . "
WHERE authorid=" . (int)$authorid;
if ($dbh->query($query)) {
$query =
"DELETE FROM " . $conf['table']['serendipity_permalinks'] . "
WHERE entry_id=" . (int)$authorid . " and type='author'";
$dbh->query($query);
}
return true;
}
function getBlogwebVersion()
{
include_once S9Y_INCLUDE_PATH . '/serendipity_config_local.inc.php';
return $serendipity['versionInstalled'];
}
}
?>