/// <summary> /// Cvs the check old password. /// </summary> /// <param name="sender">The sender.</param> /// <param name="e">The <see cref="System.Web.UI.WebControls.ServerValidateEventArgs"/> instance containing the event data.</param> protected void cvCheckOldPassword(object sender, ServerValidateEventArgs e) { string pwd = Hash.Compute(txtBoxOldPassword.Text); if (pwd == GlobalSettings.GetMasterPassword()) { if ((txtNewPassword.Text.Length != 0) && (txtNewPassword.Text != null)) { e.IsValid = true; } else { e.IsValid = false; ((CustomValidator)sender).ErrorMessage = Properties.Messages.PasswordEmpty; } } else { e.IsValid = false; ((CustomValidator)sender).ErrorMessage = Properties.Messages.WrongPassword; } }
/// <summary> /// Computes the Hash of a Username, mixing it with other data, in order to avoid illegal Account activations. /// </summary> /// <param name="username">The Username.</param> /// <param name="email">The email.</param> /// <param name="dateTime">The date/time.</param> /// <returns>The secured Hash of the Username.</returns> public static string ComputeSecurityHash(string username, string email, DateTime dateTime) { return(Hash.ComputeSecurityHash(username, email, dateTime, GlobalSettings.GetMasterPassword())); }
protected void Page_Load(object sender, EventArgs e) { currentWiki = DetectWiki(); rssFeedsMode = Settings.GetRssFeedsMode(currentWiki); if (rssFeedsMode == RssFeedsMode.Disabled) { Response.Clear(); Response.StatusCode = 404; Response.End(); return; } string currentUsername = SessionFacade.GetCurrentUsername(); string[] currentGroups = SessionFacade.GetCurrentGroupNames(currentWiki); AuthChecker authChecker = new AuthChecker(Collectors.CollectorsBox.GetSettingsProvider(currentWiki)); currentNamespace = DetectNamespace(); if (string.IsNullOrEmpty(currentNamespace)) { currentNamespace = null; } if (SessionFacade.LoginKey == null) { // Look for username/password in the query string if (Request["Username"] != null && Request["Password"] != null) { // Try to authenticate UserInfo u = Users.FindUser(currentWiki, Request["Username"]); if (u != null) { // Very "dirty" way - pages should not access Providers if (u.Provider.TestAccount(u, Request["Password"])) { // Valid account currentUsername = Request["Username"]; currentGroups = Users.FindUser(currentWiki, currentUsername).Groups; } } else { // Check for built-in admin account if (Request["Username"].Equals("admin") && Request["Password"].Equals(GlobalSettings.GetMasterPassword())) { currentUsername = "******"; currentGroups = new string[] { Settings.GetAdministratorsGroup(currentWiki) }; } } } } Response.ClearContent(); Response.ContentType = "text/xml;charset=UTF-8"; Response.ContentEncoding = System.Text.UTF8Encoding.UTF8; if (Request["Page"] != null) { PageContent page = Pages.FindPage(currentWiki, Request["Page"]); if (page == null) { return; } if (Request["Discuss"] == null) { // Check permission for the page bool canReadPage = authChecker.CheckActionForPage(page.FullName, Actions.ForPages.ReadPage, currentUsername, currentGroups); if (!canReadPage) { Response.StatusCode = 401; return; } // Start an XML writer for the output stream using (XmlWriter rss = XmlWriter.Create(Response.OutputStream)) { // Build an RSS header BuildRssHeader(rss); // Build the channel element BuildChannelHead(rss, Settings.GetWikiTitle(currentWiki) + " - " + Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, page.Title, false, FormattingContext.PageContent, page.FullName)), Settings.GetMainUrl(currentWiki) + page.FullName + GlobalSettings.PageExtension, Settings.GetMainUrl(currentWiki) + UrlTools.BuildUrl(currentWiki, "RSS.aspx?Page=", page.FullName), Formatter.StripHtml(page.Title) + " - " + Properties.Messages.PageUpdates); // Write the item element rss.WriteStartElement("item"); rss.WriteStartElement("title"); rss.WriteCData(Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, page.Title, false, FormattingContext.PageContent, page.FullName))); rss.WriteEndElement(); rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + page.FullName + GlobalSettings.PageExtension); UserInfo user = Users.FindUser(currentWiki, page.User); string username = user != null?Users.GetDisplayName(user) : page.User; // Create the description tag rss.WriteStartElement("description"); if (rssFeedsMode == RssFeedsMode.Summary) { rss.WriteCData(Formatter.StripHtml(page.Title) + ": " + Properties.Messages.ThePageHasBeenUpdatedBy + " " + page.User + (page.Comment.Length > 0 ? ".<br />" + page.Comment : ".")); } else { rss.WriteCData(FormattedContent.GetFormattedPageContent(currentWiki, page)); } rss.WriteEndElement(); // Write the remaining elements rss.WriteElementString("author", username); rss.WriteElementString("pubDate", page.LastModified.ToUniversalTime().ToString("R")); rss.WriteStartElement("guid"); rss.WriteAttributeString("isPermaLink", "false"); rss.WriteString(GetGuid(page.FullName, page.LastModified)); rss.WriteEndElement(); // Complete the item element CompleteCurrentElement(rss); // Complete the channel element CompleteCurrentElement(rss); // Complete the rss element CompleteCurrentElement(rss); // Finish off rss.Flush(); rss.Close(); } } else { // Check permission for the discussion bool canReadDiscussion = authChecker.CheckActionForPage(page.FullName, Actions.ForPages.ReadDiscussion, currentUsername, currentGroups); if (!canReadDiscussion) { Response.StatusCode = 401; return; } List <Message> messages = new List <Message>(Pages.GetPageMessages(page)); // Un-tree Messages messages = UnTreeMessages(messages); // Sort from newer to older messages.Sort(new MessageDateTimeComparer(true)); // Start an XML writer for the output stream using (XmlWriter rss = XmlWriter.Create(Response.OutputStream)) { // Build an RSS header BuildRssHeader(rss); // Build the channel element BuildChannelHead(rss, Settings.GetWikiTitle(currentWiki) + " - " + Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, page.Title, false, FormattingContext.PageContent, page.FullName)) + " - Discussion Updates", Settings.GetMainUrl(currentWiki) + page.FullName + GlobalSettings.PageExtension + "?Discuss=1", Settings.GetMainUrl(currentWiki) + UrlTools.BuildUrl(currentWiki, "RSS.aspx?Page=", page.FullName, "&Discuss=1"), Settings.GetWikiTitle(currentWiki) + " - " + Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, page.Title, false, FormattingContext.PageContent, page.FullName)) + " - Discussion Updates"); for (int i = 0; i < messages.Count; i++) { // Write the item element rss.WriteStartElement("item"); rss.WriteStartElement("title"); rss.WriteCData(Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, messages[i].Subject, false, FormattingContext.MessageBody, page.FullName))); rss.WriteEndElement(); rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + page.FullName + GlobalSettings.PageExtension + "?Discuss=1"); UserInfo user = Users.FindUser(currentWiki, messages[i].Username); string username = user != null?Users.GetDisplayName(user) : messages[i].Username; // Create the description tag rss.WriteStartElement("description"); if (rssFeedsMode == RssFeedsMode.Summary) { rss.WriteCData(Properties.Messages.AMessageHasBeenPostedBy.Replace("##SUBJECT##", messages[i].Subject) + " " + username + "."); } else { rss.WriteCData(FormattingPipeline.FormatWithPhase3(currentWiki, FormattingPipeline.FormatWithPhase1And2(currentWiki, messages[i].Body, false, FormattingContext.MessageBody, page.FullName), FormattingContext.MessageBody, page.FullName)); } rss.WriteEndElement(); // Write the remaining elements rss.WriteElementString("author", username); rss.WriteElementString("pubDate", messages[i].DateTime.ToUniversalTime().ToString("R")); rss.WriteStartElement("guid"); rss.WriteAttributeString("isPermaLink", "false"); rss.WriteString(GetGuid(page.FullName + "-" + messages[i].ID.ToString(), messages[i].DateTime)); rss.WriteEndElement(); // Complete the item element CompleteCurrentElement(rss); } // Complete the channel element CompleteCurrentElement(rss); // Complete the rss element CompleteCurrentElement(rss); // Finish off rss.Flush(); rss.Close(); } } } else { if (Request["Discuss"] == null) { // All page updates // Start an XML writer for the output stream using (XmlWriter rss = XmlWriter.Create(Response.OutputStream)) { // Build an RSS header BuildRssHeader(rss); bool useCat = false; string cat = ""; if (Request["Category"] != null) { useCat = true; cat = Request["Category"]; } // Build the channel element BuildChannelHead(rss, Settings.GetWikiTitle(currentWiki) + " - " + Properties.Messages.PageUpdates, Settings.GetMainUrl(currentWiki), Settings.GetMainUrl(currentWiki) + UrlTools.BuildUrl(currentWiki, "RSS.aspx", (useCat ? ("?Category=" + cat) : "")), Properties.Messages.RecentPageUpdates); RecentChange[] ch = RecentChanges.GetAllChanges(currentWiki); Array.Reverse(ch); for (int i = 0; i < ch.Length; i++) { // Suppress this entry if we've already reported this page (so we don't create duplicate entries in the feed page) bool duplicateFound = false; for (int j = 0; j < i; j++) { if (ch[j].Page == ch[i].Page) { duplicateFound = true; break; } } if (duplicateFound) { continue; } // Skip message-related entries if (!IsPageChange(ch[i].Change)) { continue; } PageContent p = Pages.FindPage(currentWiki, ch[i].Page); if (p != null) { // Check permissions for every page bool canReadThisPage = authChecker.CheckActionForPage(p.FullName, Actions.ForPages.ReadPage, currentUsername, currentGroups); if (!canReadThisPage) { continue; } if (useCat) { CategoryInfo[] infos = Pages.GetCategoriesForPage(p); if (infos.Length == 0 && cat != "-") { continue; } else if (infos.Length != 0) { bool found = false; for (int k = 0; k < infos.Length; k++) { if (infos[k].FullName == cat) { found = true; break; } } if (!found) { continue; } } } } // Check namespace if (p != null && NameTools.GetNamespace(p.FullName) != currentNamespace) { continue; } // Skip deleted pages as their category binding is unknown if (p == null && useCat) { continue; } // Write the item element rss.WriteStartElement("item"); rss.WriteStartElement("title"); rss.WriteCData(Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, ch[i].Title, false, FormattingContext.PageContent, p.FullName))); rss.WriteEndElement(); if (ch[i].Change != Change.PageDeleted && p != null) { if (ch[i].Change != Change.PageDeleted && p != null) { rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + ch[i].Page + GlobalSettings.PageExtension); } else { rss.WriteElementString("link", Settings.GetMainUrl(currentWiki)); } } UserInfo user = Users.FindUser(currentWiki, ch[i].User); string username = user != null?Users.GetDisplayName(user) : ch[i].User; rss.WriteElementString("author", username); // Create the description tag StringBuilder sb = new StringBuilder(); if (rssFeedsMode == RssFeedsMode.Summary || p == null) { switch (ch[i].Change) { case Change.PageUpdated: sb.Append(Properties.Messages.ThePageHasBeenUpdatedBy); break; case Change.PageDeleted: sb.Append(Properties.Messages.ThePageHasBeenDeletedBy); break; case Change.PageRenamed: sb.Append(Properties.Messages.ThePageHasBeenRenamedBy); break; case Change.PageRolledBack: sb.Append(Properties.Messages.ThePageHasBeenRolledBackBy); break; } sb.Append(" " + username + (ch[i].Description.Length > 0 ? ".<br />" + ch[i].Description : ".")); } else { // p != null sb.Append(FormattedContent.GetFormattedPageContent(currentWiki, p)); } rss.WriteStartElement("description"); rss.WriteCData(sb.ToString()); rss.WriteEndElement(); // Write the remaining elements rss.WriteElementString("pubDate", ch[i].DateTime.ToUniversalTime().ToString("R")); rss.WriteStartElement("guid"); rss.WriteAttributeString("isPermaLink", "false"); rss.WriteString(GetGuid(ch[i].Page, ch[i].DateTime)); rss.WriteEndElement(); // Complete the item element rss.WriteEndElement(); } // Complete the channel element CompleteCurrentElement(rss); // Complete the rss element CompleteCurrentElement(rss); // Finish off rss.Flush(); rss.Close(); } } else { // All discussion updates // Start an XML writer for the output stream using (XmlWriter rss = XmlWriter.Create(Response.OutputStream)) { // Build an RSS header BuildRssHeader(rss); bool useCat = false; string cat = ""; if (Request["Category"] != null) { useCat = true; cat = Request["Category"]; } // Build the channel element BuildChannelHead(rss, Settings.GetWikiTitle(currentWiki) + " - " + Properties.Messages.DiscussionUpdates, Settings.GetMainUrl(currentWiki), Settings.GetMainUrl(currentWiki) + UrlTools.BuildUrl(currentWiki, "RSS.aspx", (useCat ? ("?Category=" + cat) : "")), Properties.Messages.RecentDiscussionUpdates); RecentChange[] ch = RecentChanges.GetAllChanges(currentWiki); Array.Reverse(ch); for (int i = 0; i < ch.Length; i++) { // Skip page-related entries if (!IsMessageChange(ch[i].Change)) { continue; } PageContent p = Pages.FindPage(currentWiki, ch[i].Page); if (p != null) { // Check permissions for every page bool canReadThisPageDiscussion = authChecker.CheckActionForPage(p.FullName, Actions.ForPages.ReadDiscussion, currentUsername, currentGroups); if (!canReadThisPageDiscussion) { continue; } if (useCat) { CategoryInfo[] infos = Pages.GetCategoriesForPage(p); if (infos.Length == 0 && cat != "-") { continue; } else if (infos.Length != 0) { bool found = false; for (int k = 0; k < infos.Length; k++) { if (infos[k].FullName == cat) { found = true; break; } } if (!found) { continue; } } } // Check namespace if (NameTools.GetNamespace(p.FullName) != currentNamespace) { continue; } // Write the item element rss.WriteStartElement("item"); rss.WriteStartElement("title"); rss.WriteCData(Properties.Messages.Discussion + ": " + Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, ch[i].Title, false, FormattingContext.PageContent, p.FullName))); rss.WriteEndElement(); string id = Tools.GetMessageIdForAnchor(ch[i].DateTime); if (ch[i].Change != Change.MessageDeleted) { rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + ch[i].Page + GlobalSettings.PageExtension + "?Discuss=1#" + id); } else { rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + ch[i].Page + GlobalSettings.PageExtension + "?Discuss=1"); } string messageContent = FindMessageContent(ch[i].Page, id); UserInfo user = Users.FindUser(currentWiki, ch[i].User); string username = user != null?Users.GetDisplayName(user) : ch[i].User; // Create the description tag StringBuilder sb = new StringBuilder(); if (rssFeedsMode == RssFeedsMode.Summary || messageContent == null) { switch (ch[i].Change) { case Change.MessagePosted: sb.Append(Properties.Messages.AMessageHasBeenPostedBy.Replace("##SUBJECT##", ch[i].MessageSubject)); break; case Change.MessageEdited: sb.Append(Properties.Messages.AMessageHasBeenEditedBy.Replace("##SUBJECT##", ch[i].MessageSubject)); break; case Change.MessageDeleted: sb.Append(Properties.Messages.AMessageHasBeenDeletedBy.Replace("##SUBJECT##", ch[i].MessageSubject)); break; } sb.Append(" " + username + (ch[i].Description.Length > 0 ? ".<br />" + ch[i].Description : ".")); } else { sb.Append(FormattingPipeline.FormatWithPhase3(currentWiki, FormattingPipeline.FormatWithPhase1And2(currentWiki, messageContent, false, FormattingContext.MessageBody, null), FormattingContext.MessageBody, null)); } rss.WriteStartElement("description"); rss.WriteCData(sb.ToString()); rss.WriteEndElement(); // Write the remaining elements rss.WriteElementString("author", username); rss.WriteElementString("pubDate", ch[i].DateTime.ToUniversalTime().ToString("R")); rss.WriteStartElement("guid"); rss.WriteAttributeString("isPermaLink", "false"); rss.WriteString(GetGuid(ch[i].Page, ch[i].DateTime)); rss.WriteEndElement(); // Complete the item element rss.WriteEndElement(); } } // Complete the channel element CompleteCurrentElement(rss); // Complete the rss element CompleteCurrentElement(rss); // Finish off rss.Flush(); rss.Close(); } } } }
protected void Application_BeginRequest(object sender, EventArgs e) { if (Application[StartupOK] == null) { Application.Lock(); if (Application[StartupOK] == null) { // Setup Resource Exchanger ScrewTurn.Wiki.Exchanger.ResourceExchanger = new ScrewTurn.Wiki.ResourceExchanger(); ScrewTurn.Wiki.StartupTools.Startup(); // All is OK, proceed with normal startup operations Application[StartupOK] = "OK"; } Application.UnLock(); } string physicalPath = null; try { physicalPath = HttpContext.Current.Request.PhysicalPath; } catch (ArgumentException) { // Illegal characters in path HttpContext.Current.Response.Redirect("~/PageNotFound.aspx"); return; } string currentWiki = Tools.DetectCurrentWiki(); string url = HttpContext.Current.Request.Url.ToString(); foreach (RequestHandlerRegistryEntry handler in Host.Instance.GetRequestHandlers(currentWiki).Values) { if (handler.Methods.Any(m => StringComparer.OrdinalIgnoreCase.Compare(m, HttpContext.Current.Request.HttpMethod) == 0)) { Match match = handler.UrlRegex.Match(url); if (match.Success) { try { var plugin = Collectors.CollectorsBox.FormatterProviderCollector.GetProvider(handler.CallerType.FullName, currentWiki); if (plugin != null && plugin.HandleRequest(HttpContext.Current, match)) { HttpContext.Current.Response.End(); return; } } catch (Exception ex) { if (ex is ThreadAbortException) { continue; } if (ex.InnerException != null && ex.InnerException is ThreadAbortException) { continue; } LogError(ex); } } } } // Extract the physical page name, e.g. MainPage, Edit or Category string pageName = Path.GetFileNameWithoutExtension(physicalPath); // Exctract the extension, e.g. .ashx or .aspx string ext = (Path.GetExtension(HttpContext.Current.Request.PhysicalPath) + "").ToLowerInvariant(); // Remove trailing dot, .ashx -> ashx if (ext.Length > 0) { ext = ext.Substring(1); } // IIS7+Integrated Pipeline handles all requests through the ASP.NET engine // All non-interesting files are not processed, such as GIF, CSS, etc. if (ext.Length == 0 || ext == "ashx" || ext == "aspx") { if (!Request.PhysicalPath.ToLowerInvariant().Contains("createmasterpassword.aspx")) { if (Application[MasterPasswordOk] == null) { Application.Lock(); if (Application[MasterPasswordOk] == null) { // Setup Master Password if (!String.IsNullOrEmpty(GlobalSettings.GetMasterPassword())) { Application[MasterPasswordOk] = "OK"; } } Application.UnLock(); } if (Application[MasterPasswordOk] == null) { ScrewTurn.Wiki.UrlTools.Redirect("~/CreateMasterPassword.aspx"); } } else if (!string.IsNullOrEmpty(GlobalSettings.GetMasterPassword())) { ScrewTurn.Wiki.UrlTools.RedirectHome(currentWiki); } } ScrewTurn.Wiki.UrlTools.RouteCurrentRequest(); }