Permalink
Browse files

Merge branch 'master' of https://github.com/joindin/joind.in

  • Loading branch information...
mvriel committed Mar 1, 2012
2 parents 62c41cf + 16b31d3 commit 624940125afa818a4714b2611ca4eb874a7f2d6e
View
4 README
@@ -17,7 +17,6 @@ Quick start
(use the correct username and password)
4. Create directories for user-added content.
> mkdir src/system/cache/ctokens && chown apache:apache src/system/cache/ctokens
- > mkdir src/inc/img/user_gravatar && chown apache:apache src/inc/img/user_gravatar
(or whatever user and group your web server runs as)
5. Create configuration files for database and config (based on the .dist templates):
> cp src/system/application/config/database.php.dist src/system/application/config/database.php
@@ -85,9 +84,6 @@ The following are the steps you'll need to correctly install the software:
- In the /src/system/cache directory, create a web server-writeable
directory called "ctokens"
-- In the /src/inc/img directory, create a web server writable directory
- called "user_gravatar"
-
- In your src/system/application/config directory:
> Make a database.php file using the database.php.dist as a guide
> Make a config.php file using the config.php.dist as a guide
View
@@ -0,0 +1,33 @@
+-- Drop the function if it exists
+DROP FUNCTION IF EXISTS get_talk_rating;
+
+
+-- Create get_talk_rating function that takes into account ratings that should not be added (speaker ratings)
+-- + IFNULL() fix for making sure this works on non-claimed talks (jthijssen)
+-- + Not using ratings=0, since they didn't rate at all (jthijssen)
+DELIMITER //
+
+CREATE FUNCTION get_talk_rating(talk_id INT) RETURNS int
+ READS SQL DATA
+BEGIN
+ DECLARE rating_out INT;
+ DECLARE EXIT HANDLER FOR NOT FOUND RETURN NULL;
+
+ SELECT IFNULL(ROUND(AVG(rating)), 0) INTO rating_out
+ FROM talk_comments tc
+ WHERE
+ tc.talk_id = talk_id AND
+ tc.rating != 0 AND
+ tc.user_id NOT IN
+ (
+ SELECT IFNULL(ts.speaker_id,0) FROM talk_speaker ts WHERE ts.talk_id = talk_id
+ UNION
+ SELECT 0
+ );
+
+ RETURN rating_out;
+END//
+
+
+-- Increase patch count
+INSERT INTO patch_history SET patch_number = 32;
View
@@ -0,0 +1,5 @@
+-- adding finnish language as an option
+INSERT INTO lang SET lang_name = 'Finnish', lang_abbr = 'fi';
+
+INSERT INTO patch_history SET patch_number = 33;
+
@@ -283,13 +283,21 @@ protected function _generateTalkComments($count) {
$private = $this->_chance("COMMENT_IS_PRIVATE") ? 1 : 0;
+ if ($this->_chance(TALK_COMMENT_IS_ANONYMOUS)) {
+ $user_id = "NULL";
+ } else {
+ $user = $this->_cacheFetchRandom('users');
+ $user_id = $user->id;
+ }
+
+
$tmp = $this->getData()->getCommentSourceData();
$source = $tmp[array_rand($tmp)];
if (! $first) echo ",\n";
printf ("(%d, %d, '%s', %d, %d, %d, %d, %d, NULL, '%s')",
- $talk->id, $rating, $comment, (time()-rand(0,10000000)), $id, $private, 1, $id, $source);
+ $talk->id, $rating, $comment, (time()-rand(0,10000000)), $id, $private, 1, $user_id, $source);
$first = false;
@@ -639,4 +647,4 @@ function _genLorum($max = 15) {
} // End class
- ?>
+ ?>
View
@@ -237,8 +237,8 @@ function cancelTrackEdit(rid){
function saveTrackAdd(rid){
var obj = new Object();
obj.event_id = $('#event_id').val();
- obj.track_name = $("#track_tbl_body input[id='name_"+rid+"']").val();
- obj.track_desc = $("#track_tbl_body textarea[id='desc_"+rid+"']").val();
+ obj.track_name = "<![CDATA[" + $("#track_tbl_body input[id='name_"+rid+"']").val() + "]]>";
+ obj.track_desc = "<![CDATA[" + $("#track_tbl_body textarea[id='desc_"+rid+"']").val() + "]]>";
apiRequest('event','addtrack',obj, function(obj) {
notifications.alert(obj.msg);
@@ -254,8 +254,8 @@ function saveTrackAdd(rid){
function saveTrackUpdate(rid){
var obj = new Object();
obj.event_id = $('#event_id').val();
- obj.track_name = $("#track_tbl_body input[id='name_"+rid+"']").val();
- obj.track_desc = $("#track_tbl_body textarea[id='desc_"+rid+"']").val();
+ obj.track_name = "<![CDATA[" + $("#track_tbl_body input[id='name_"+rid+"']").val() + "]]>";
+ obj.track_desc = "<![CDATA[" + $("#track_tbl_body textarea[id='desc_"+rid+"']").val() + "]]>";
obj.track_id = $("#track_tbl_body input[id='trackid_"+rid+"']").val();
obj.track_color = $("#track_tbl_body input[id='track_color_"+rid+"']").val();
@@ -381,11 +381,6 @@ $config['akismet_blog'] = '';
$config['defensio_key'] = '';
$config['defensio_owner'] = '';
-// Directory to store chached Gravatar images
-// Note that the Gravatar cache must be accessible to the web server
-$config['gravatar_cache_dir'] = realpath(dirname(__FILE__) .'/../../../inc/img/user_gravatar');
-$config['gravatar_cache_relative_url'] = '/inc/img/user_gravatar';
-
// If you're debugging and want all emails to go to one address, use this
// $config['debug_email'] = '';
@@ -53,6 +53,14 @@ protected function _login($user)
// send them back to where they came from, either the referer if they
// have one, or the flashdata
$referer = $this->input->server('HTTP_REFERER');
+
+ // Only allow the referrer to be on this site - this prevents a loop
+ // to Twitter after login, and other possible phishing attacks
+ $base = $this->config->item('base_url');
+ if (substr($referer, 0, strlen($base)) != $base) {
+ $referer = $base;
+ }
+
$to = $this->session->flashdata('url_after_login')
? $this->session->flashdata('url_after_login') : $referer;
@@ -1,204 +0,0 @@
-<?php
-/**
- * Facebook pages controller.
- *
- * PHP version 5
- *
- * @category Joind.in
- * @package Controllers
- * @copyright 2009 - 2010 Joind.in
- * @license http://github.com/joindin/joind.in/blob/master/doc/LICENSE JoindIn
- * @link http://github.com/joindin/joind.in
- */
-
-/** Required for inheritance */
-require('AuthAbstract.php');
-
-/**
- * Facebook pages controller.
- *
- * Responsible for handling the oAuth authentication for facebook logins.
- *
- * This controller requires 2 configuration settings to be present in the
- * config.php:
- *
- * - facebook_app_id
- * - facebook_app_secret
- *
- * The values for these settings can be obtained by created a facebook
- * application at: https://developers.facebook.com/apps.
- *
- * To use this controller should the user be directed to
- * the `facebook/request_token` page,.
- *
- * @category Joind.in
- * @package Controllers
- * @copyright 2012 Joind.in
- * @license http://github.com/joindin/joind.in/blob/master/doc/LICENSE JoindIn
- * @link http://github.com/joindin/joind.in
- * @author Mike van Riel <mike.vanriel@naenius.com>
- *
- * @property CI_Config $config
- * @property CI_Input $input
- * @property CI_Session $session
- * @property CI_Loader $load
- * @property CI_Template $template
- * @property User_model $user_model
- * @property Curl $curl
- */
-class Facebook extends AuthAbstract
-{
- /**
- * oAuth initialization action.
- *
- * This action will send the user to facebook and ask for their credentials.
- * After confirmation will the user be directed to the facebook/access_token
- * action, will the application be authenticated and the user authorized with
- * joind.in.
- *
- * This action uses CSRF protection with a token that is valid for 1
- * page-load only; refreshing of the access_token page will not work.
- *
- * @return void
- */
- public function request_token()
- {
- // http_build_query sanitizes the data and prevents injection attacks
- $query = http_build_query(array(
- 'client_id' => $this->config->item('facebook_app_id'),
- 'redirect_uri' => site_url('facebook/access_token'),
- 'state' => $this->generateCsrfSecret(),
- 'scope' => 'email'
- ));
-
- redirect('http://www.facebook.com/dialog/oauth?' . $query);
- }
-
- /**
- * oAuth authorization action.
- *
- * This action will receive a 'code' and 'state' GET variable from facebook.
- * The code is a unique code that can be used to authorize this application
- * where the state variable is used to do a CSRF authentication.
- *
- * After a successful authorization with facebook will joind.in obtain the
- * basic user data from Facebook, sign in the user and redirect to the
- * previous page.
- *
- * @return void
- */
- public function access_token()
- {
- $this->load->model('user_model');
-
- // facebook returns information as GET parameters but code_ignitor
- // clears the $_GET array. It is safe to assume that spoofing the
- // $_REQUEST will have little security impact.
- $state = $_REQUEST['state'];
- if ($state != $this->getCsrfSecret()) {
- show_error(
- 'Aborting authentication: A possible CSRF attack occurred'
- );
- }
-
- $facebook_user = $this->getFacebookUserdata(
- $this->authenticateAppWithFacebook()
- );
-
- // return the first user with the given e-mail address
- $user = current($this->user_model->getUserByEmail($facebook_user->email));
-
- if (!$user) {
- $user = $this->_addUser(
- $this->user_model->findAvailableUsername($facebook_user->username),
- '', $facebook_user->email, $facebook_user->name, ''
- );
-
- // overwrite user and url to re-use the _login method
- $this->session->set_flashdata(
- 'url_after_login', site_url('user/manage')
- );
- }
-
- $this->_login($user);
- }
-
- /**
- * Generates a CSRF secret that is valid for one request.
- *
- * @return string
- */
- protected function generateCsrfSecret()
- {
- $csrf_value = md5(uniqid(rand(), TRUE));
- $this->session->set_userdata('facebook_csrf', $csrf_value);
-
- return $csrf_value;
- }
-
- /**
- * Returns the CSRF secret, or empty if none is present.
- *
- * @return string
- */
- protected function getCsrfSecret()
- {
- $token = $this->session->userdata('facebook_csrf');
- $this->session->unset_userdata('facebook_csrf');
- return $token;
- }
-
- /**
- * Authenticates this app with facebook and returns the access_token.
- *
- * @return string
- */
- protected function authenticateAppWithFacebook()
- {
- $this->load->library('curl');
-
- // http_build_query sanitizes the data and prevents injection attacks
- $query = http_build_query(array(
- 'client_id' => $this->config->item('facebook_app_id'),
- 'redirect_uri' => site_url('facebook/access_token'),
- 'client_secret' => $this->config->item('facebook_app_secret'),
- 'code' => $_REQUEST['code'] // CI cleanses $_GET
- ));
-
- $response = $this->curl->simple_get(
- 'https://graph.facebook.com/oauth/access_token?' . $query
- );
-
- if (!$response) {
- show_error(
- 'An error occurred during authentication with Facebook, no '
- . 'additional information has been returned'
- );
- }
-
- $params = array();
- parse_str($response, $params);
- return $params['access_token'];
- }
-
- /**
- * Retrieves the facebook user object.
- *
- * @param string $access_token
- *
- * @todo consider moving this to a separate model class.
- *
- * @return stdClass
- */
- protected function getFacebookUserdata($access_token)
- {
- $this->load->library('curl');
-
- return json_decode(
- $this->curl->simple_get(
- 'https://graph.facebook.com/me?access_token=' . $access_token
- )
- );
- }
-
-}
@@ -144,4 +144,3 @@ private function _connect($url, $auth)
}
}
// ./system/application/libraries
-?>
@@ -1,5 +1,11 @@
<?php
- $speaker = (isset($claimed[0]->userid) && $claimed[0]->userid != 0 && user_get_id() == $claimed[0]->userid);
+ $speaker = false;
+ foreach ($claimed as $claim) {
+ if (isset($claim->userid) && $claim->userid != 0 && user_get_id() == $claim->userid) {
+ $speaker = true;
+ }
+ }
+
if ($detail->allow_comments) {
if (!$auth) {
@@ -55,7 +61,7 @@
<?php endif; ?>
</div>
-<?php if (isset($claimed[0]->userid) && $claimed[0]->userid != 0 && user_get_id() == $claimed[0]->userid): ?>
+<?php if ($speaker): ?>
<?php else: ?>
<?php if ($alreadyRated) : ?>
Oops, something went wrong.

0 comments on commit 6249401

Please sign in to comment.