-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathinfo.php
executable file
·176 lines (156 loc) · 7.7 KB
/
info.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
<?php
//require_once "config.php";
require_once "go.php";
require_once "header.php";
?>
<div class="content">
<div id="response"></div>
<?php // If an update message was set prior to a redirect
// to this page display it and clear the message.
if (isset($_SESSION['update_message'])) {
foreach ($_SESSION['update_message'] as $message) {
print $message;
}
unset($_SESSION['update_message']);
}?>
<p>This page describes the details for a single GO shortcut and its aliases. To view a list of all GO shortcuts, please see the <a href="gotionary.php">GOtionary</a>.</p>
<p>GO shortcuts are managed by the people who created them. If you are one of the administrators for this shortcut, please log into the <a href="admin.php">self-service admin</a> page to change or update this shortcut.</p>
<p>If you are not an administrator of this shortcut, please contact one of the shortcut administrators listed below for any problems, changes, or updates related to this shortcut. Be sure to refer to the URL of this page when contacting them.</p>
<?php
try {
$name = str_replace(" ", "+", $_GET["code"]);
$code = Code::get($name, $institution);
if ($code->getPublic() || isset($_SESSION['AUTH'])) {
?>
<dl>
<dt>Code</dt>
<dd><?php print htmlentities($code->getName()); ?></dd>
<dt>Destination</dt>
<dd><?php
if (strlen($code->getUrl())) {
$host_url = parse_url($code->getUrl(), PHP_URL_HOST);
$internal_host = false;
foreach ($internal_hosts as $host) {
if (preg_match($host, $host_url)) {
$internal_host = true;
}
}
if (!$internal_host) {
print '<a class="external" rel="nofollow" href="'.htmlspecialchars($code->getUrl()).'">'.htmlentities($code->getUrl()).'</a>';
} else {
print '<a href="'.htmlspecialchars($code->getUrl()).'">'.htmlentities($code->getUrl()).'</a>';
}
if (!Code::isUrlValid($code->getUrl()))
print '<br/><span class="error">Error: This URL is not valid.</span>';
} else
print '<span class="error">Error: No destination is set for this code.</span>';
?></dd>
<?php
$aliases = $code->getAliases();
if (count($aliases)) {
print "<dt>Aliases</dt>";
print "<dd>".implode(' <br/>', array_keys($aliases))."</dd>";
}
?>
<dt>Administrators of this code</dt>
<dd><?php
if (count($code->getUsers())) {
$userStrings = array();
foreach ($code->getUsers() as $user) {
$userString = Go::getUserDisplayName($user->getName());
if (isAuditor()) {
$userString = "<a href=\"user_codes.php?name=".$user->getName()."\">".$userString."</a>";
}
$userStrings[] = $userString;
}
print implode ("\n <br/>", $userStrings);
print "<br/><br/>Please contact one of these people for changes to this shortcut. ";
} else {
print "None -- Contact ".GO_HELP_HTML." to claim this code.";
}
?></dd>
<dt>Display In GOtionary?</dt>
<dd><?php print ($code->getPublic()? "yes":"no"); ?></dd>
</dl>
<div class="clear"></div>
<!-- form for submitting flag as inappropriate -->
<form action="flag.php" method="post">
<?php
//we assume the current code has not been flagged
$current_code_flagged = false;
//check to see if the current code has been flagged
//by this user this session
$current_code_flagged = in_array($code->getName(), $_SESSION['flagged']);
//if not, check to see if the user is logged in and if
//so, see if they've flagged this before and it's still in
//the flag queue
if (isset($_SESSION["AUTH"]) && $current_code_flagged == false) {
$result = array();
//get a count of the times the current code appears
//in the flag table for this user
$select = $connection->prepare("SELECT COUNT(*) FROM flag WHERE code = ? AND user = ?");
$select->bindValue(1, $code->getName());
$select->bindValue(2, $_SESSION["AUTH"]->getCurrentUserId());
$select->execute();
//place the results into count
if (intval($select->fetchColumn()) > 0) {
$current_code_flagged = true;
}
}
//if the current code has been flagged this session or
//the count is greater than 0 (has been flagged by this
//user in a previous session) display this message
if ($current_code_flagged == true) {
print '<p id="already_flagged_message">You\'ve flagged this link as inappropriate. An administrator has been notified and will review the quality of this link at a later time. Thank you for your assistance in moderating our go links.</p>';
//if anon flagging is turned of and the user is not authenticated
} elseif (!isset($_SESSION["AUTH"])) {
//don't display the flag as inappropriate button
if (AUTH_METHOD == 'cas') {
print "<a href='login2.php?&url=".urlencode(curPageURL()."&destination=".curPageURL())."'>If you believe this is inappropriate click here to log in and report it.</a>";
} else {
print "<a href='login.php?r=".urlencode(curPageURL())."'>If you believe this is inappropriate click here to log in and report it.</a>";
}
//otherwise, display the flag as inappropriate button
} else {
//pass the xsrfkey and code to the processor
print '<div><input type="hidden" name="xsrfkey" value="'. $_SESSION['xsrfkey']. '" />';
print '<input type="hidden" name="code" value="'. $code->getName() .'" />';
print '<input type="hidden" name="institution" value="'. $code->getInstitution() .'" />';
print '<input type="hidden" name="url" value="'. htmlentities($code->getUrl()) .'" />';
print '<input type="submit" id="flag_inappropriate" value="Flag as Inappropriate" />';
if (isset($_SESSION['comment_required'])) {
//handle the "reason" field if it failed validation
?>
Reason: <input type="text" id="flag_comment" name="flag_comment" class="failed_validation" value="<?php if (isset($_SESSION['form_values'])) { print htmlentities($_SESSION['form_values']['flag_comment']); } ?>"/>
<?php
unset($_SESSION['comment_required']);
} else {
//handle the "reason" field normally
?>
Reason: <input type="text" id="flag_comment" name="flag_comment" value="<?php if (isset($_SESSION['form_values'])) { print htmlentities($_SESSION['form_values']['flag_comment']); } ?>"/>
<?php
}
//Display QR code
print "<p><a href='qr.php?code=".$code->getName()."&institution=".$code->getInstitution()."'>Display QR code</a></p>";
}
//superadimin stuff
if (isAuditor()) {
print "<p>Admin:<br /><a class='history_button' href='details.php?code=".$code->getName()."&institution=".$code->getInstitution()."' onclick=\"var details=window.open(this.href, 'details', 'width=960,height=700,scrollbars=yes,resizable=yes'); details.focus(); return false;\"><input type='button' value='Show History' /></a>";
}
if (isSuperAdmin()) {
print "<a class='info_edit_button' href='update.php?code=" . $code->getName() . "&institution=" . $code->getInstitution() . "&url=" . urlencode(curPageURL()) . "'><input onclick='window.location=\"update.php?code=" . $code->getName() . "&institution=" . $code->getInstitution() . "&url=" . urlencode(curPageURL()) . "\"' type='button' value='Edit this Code' /></a></p>";
}
?>
</div>
</form>
<?php
} else {
print "<div class='error'>You must be logged in to view the details of this code.</div>";
}
} catch (Throwable $e) {
error_log($e->getMessage());
print "<div class='error'>Error. Please contact ".GO_HELP_HTML."</div>";
} ?>
</div> </div>
<?php
require_once "footer.php";