倒计时1周年 沉痛的一天
Aug 13

facebook首页的php源码泄漏?

IT Add comments
作者: 肖建彬 | 可以转载, 转载时务必以超链接形式标明文章原始出处和作者信息及版权声明
网址:http://www.xiaojb.com/archives/it/facebook-home-page-php-code.shtml

来源:http://facebooksecrets.blogspot.com/2007/08/facebook-home-page-code.html

  1. <?php
  2.  
  3.  
  4. include_once $_SERVER['PHP_ROOT'].'/html/init.php';
  5. include_once $_SERVER['PHP_ROOT'].'/lib/home.php';
  6. include_once $_SERVER['PHP_ROOT'].'/lib/requests.php';
  7. include_once $_SERVER['PHP_ROOT'].'/lib/feed/newsfeed.php';
  8. include_once $_SERVER['PHP_ROOT'].'/lib/poke.php';
  9. include_once $_SERVER['PHP_ROOT'].'/lib/share.php';
  10. include_once $_SERVER['PHP_ROOT'].'/lib/orientation.php';
  11. include_once $_SERVER['PHP_ROOT'].'/lib/feed/newsfeed.php';
  12. include_once $_SERVER['PHP_ROOT'].'/lib/mobile/register.php';
  13. include_once $_SERVER['PHP_ROOT'].'/lib/forms_lib.php';
  14. include_once $_SERVER['PHP_ROOT'].'/lib/contact_importer/contact_importer.php';
  15. include_once $_SERVER['PHP_ROOT'].'/lib/feed/util.php';
  16. include_once $_SERVER['PHP_ROOT'].'/lib/hiding_prefs.php';
  17. include_once $_SERVER['PHP_ROOT'].'/lib/abtesting.php';
  18. include_once $_SERVER['PHP_ROOT'].'/lib/friends.php';
  19. include_once $_SERVER['PHP_ROOT'].'/lib/statusupdates.php';
  20.  
  21. // lib/display/feed.php has to be declared here for scope issues.
  22. // This keeps display/feed.php cleaner and easier to understand.
  23. include_once $_SERVER['PHP_ROOT'].'/lib/display/feed.php';
  24. include_once $_SERVER['PHP_ROOT'].'/lib/monetization_box.php';
  25.  
  26. // require login
  27. $user = require_login();
  28. print_time('require_login');
  29. param_request(array( 'react' => $PARAM_EXISTS));
  30.  
  31. // Check and fix broken emails
  32. // LN - disabling due to excessive can_see dirties and sets when enabled.
  33. //check_and_fix_broken_emails($user);
  34.  
  35. // migrate AIM screenname from profile to screenname table if needed
  36. migrate_screenname ($user);
  37.  
  38. // homepage announcement variables
  39. $HIDE_ANNOUNCEMENT_BIT = get_site_variable('HIDE_ANNOUNCEMENT_BIT');
  40. $HIDE_INTRO_BITMASK = get_site_variable('HIDE_INTRO_BITMASK');
  41.  
  42. // redirects
  43. if (is_sponsor_user()) {
  44.   redirect('bizhome.php', 'www');
  45.  }
  46.  
  47. include_once $_SERVER['PHP_ROOT'].'/lib/mesg.php';
  48. include_once $_SERVER['PHP_ROOT'].'/lib/invitetool.php';
  49. include_once $_SERVER['PHP_ROOT'].'/lib/grammar.php';
  50. include_once $_SERVER['PHP_ROOT'].'/lib/securityq.php';
  51. include_once $_SERVER['PHP_ROOT'].'/lib/events.php';
  52. include_once $_SERVER['PHP_ROOT'].'/lib/rooster/stories.php';
  53.  
  54. // todo: password confirmation redirects here (from html/reset.php),
  55. // do we want a confirmation message?
  56.  
  57. param_get_slashed(array(
  58.             'feeduser' => $PARAM_INT, //debug: gets feed for user here
  59.             'err' => $PARAM_STRING, // returning from a failed entry on an orientation form
  60.             'error' => $PARAM_STRING, // an error can also be here because the profile photo upload code is crazy
  61.             'ret' => $PARAM_INT,
  62.             'success' => $PARAM_INT, // successful profile picture upload
  63.             'jn' => $PARAM_INT, // joined a network for orientation
  64.             'np' => $PARAM_INT, // network pending (for work/address network)
  65.             'me' => $PARAM_STRING, // mobile error
  66.             'mr' => $PARAM_EXISTS, // force mobile reg view
  67.             'mobile' => $PARAM_EXISTS, // mobile confirmation code sent
  68.             'jif' => $PARAM_EXISTS, // just imported friends
  69.             'ied' => $PARAM_STRING, // import email domain
  70.             'o' => $PARAM_EXISTS, // first time orientation, passed on confirm
  71.             'verified' => $PARAM_EXISTS)); // verified mobile phone
  72.  
  73. param_post(array(
  74.          'leave_orientation' => $PARAM_EXISTS,
  75.          'show_orientation' => $PARAM_INT, // show an orientation step
  76.          'hide_orientation' => $PARAM_INT)); // skip an orientation step
  77.  
  78. // homepage actions
  79. if ($req_react && validate_expiring_hash($req_react, $GLOBALS['url_md5key'])) {
  80.   $show_reactivated_message = true;
  81.  } else {
  82.   $show_reactivated_message = false;
  83.  }
  84. tpl_set('show_reactivated_message', $show_reactivated_message);
  85.  
  86.  
  87. // upcoming events
  88. events_check_future_events($user); // make sure big tunas haven't moved around
  89. $upcoming_events = events_get_imminent_for_user($user);
  90.  
  91. // this is all stuff that can be fetched together!
  92. $upcoming_events_short = array();
  93. obj_multiget_short(array_keys($upcoming_events), true, $upcoming_events_short);
  94. $new_pokes = 0;
  95. //only get the next N pokes for display
  96. //where N is set in the dbget to avoid caching issues
  97. $poke_stats = get_num_pokes($user);
  98. get_next_pokes($user, true, $new_pokes);
  99. $poke_count = $poke_stats['unseen'];
  100.  
  101. $targeted_data = array();
  102. home_get_cache_targeted_data($user, true, $targeted_data);
  103. $announcement_data = array();
  104. home_get_cache_announcement_data($user, true, $announcement_data);
  105. $orientation = 0;
  106. orientation_get_status($user, true, $orientation);
  107. $short_profile = array();
  108. profile_get_short($user, true, $short_profile);
  109. // pure priming stuff
  110. privacy_get_network_settings($user, true);
  111. $presence = array();
  112. mobile_get_presence_data($user, true, $presence);
  113. feedback_get_event_weights($user, true);
  114. // Determine if we want to display the feed intro message
  115. $intro_settings = 0;
  116. user_get_hide_intro_bitmask($user, true, $intro_settings);
  117. $user_friend_finder = true;
  118. contact_importer_get_used_friend_finder($user, true, $used_friend_finder);
  119. $all_requests = requests_get_cache_data($user);
  120. // FIXME?: is it sub-optimal to call this both in requests_get_cache_data and here?
  121. $friends_status = statusupdates_get_recent($user, null, 3);
  122. memcache_dispatch(); // populate cache data
  123.  
  124. // Merman's Admin profile always links to the Merman's home
  125. if (user_has_obj_attached($user)) {
  126.   redirect('mhome.php', 'www');
  127.  }
  128.  
  129. if (is_array($upcoming_events)) {
  130.   foreach ($upcoming_events as $event_id => $data) {
  131.     $upcoming_events[$event_id]['name'] = txt_set($upcoming_events_short[$event_id]['name']);
  132.   }
  133.  }
  134.  
  135. tpl_set('upcoming_events' , $upcoming_events);
  136.  
  137. // disabled account actions
  138. $disabled_warning = ((IS_DEV_SITE || IS_QA_SITE) && is_disabled_user($user));
  139. tpl_set('disabled_warning', $disabled_warning);
  140.  
  141. // new pokes (no more messages here, they are in the top nav!)
  142. if (!user_is_guest($user)) {
  143.   tpl_set('poke_count' , $poke_count);
  144.   tpl_set('pokes' , $new_pokes);
  145.  }
  146.  
  147. // get announcement computations
  148. tpl_set('targeted_data' , $targeted_data);
  149. tpl_set('announcement_data' , $announcement_data);
  150.  
  151.  
  152. // birthday notifications
  153. tpl_set('birthdays' , $birthdays = user_get_birthday_notifications($user, $short_profile));
  154. tpl_set('show_birthdays' , $show_birthdays = (count($birthdays) || !$orientation));
  155.  
  156. // user info
  157. tpl_set('first_name' , user_get_first_name(txt_set($short_profile['id'])));
  158. tpl_set('user' , $user);
  159.  
  160. // decide if there are now any requests to show
  161. $show_requests = false;
  162. foreach ($all_requests as $request_category) {
  163.   if ($request_category) {
  164.     $show_requests = true;
  165.     break;
  166.   }
  167. }
  168. tpl_set('all_requests', $show_requests ? $all_requests : null);
  169.  
  170. $permissions = privacy_get_reduced_network_permissions($user, $user);
  171.  
  172. // status
  173. $user_info = array('user' => $user,
  174.            'firstname' => user_get_first_name($user),
  175.            'see_all' => '/statusupdates/?ref=hp',
  176.            'profile_pic' => make_profile_image_src_direct($user, 'thumb'),
  177.            'square_pic' => make_profile_image_src_direct($user, 'square'));
  178.  
  179. if (!empty($presence) && $presence['status_time'] > (time() - 60*60*24*7)) {
  180.   $status = array('message' => txt_set($presence['status']),
  181.           'time' => $presence['status_time'],
  182.           'source' => $presence['status_source']);
  183.  } else {
  184.   $status = array('message' => null, 'time' => null, 'source' => null);
  185.  }
  186. tpl_set('user_info', $user_info);
  187.  
  188. tpl_set('show_status', $show_status = !$orientation);
  189. tpl_set('status', $status);
  190. tpl_set('status_custom', $status_custom = mobile_get_status_custom($user));
  191. tpl_set('friends_status', $friends_status);
  192.  
  193. // orientation
  194. if ($orientation) {
  195.   if ($post_leave_orientation) {
  196.     orientation_update_status($user, $orientation, 2);
  197.     notification_notify_exit_orientation($user);
  198.     dirty_user($user);
  199.     redirect('home.php');
  200.   } else if (orientation_eligible_exit(array('uid'=>$user)) == 2) {
  201.     orientation_update_status($user, $orientation, 1);
  202.     notification_notify_exit_orientation($user);
  203.     dirty_user($user);
  204.     redirect('home.php');
  205.   }
  206.  }
  207.  
  208. // timezone - outside of stealth, update user's timezone if necessary
  209. $set_time = !user_is_alpha($user, 'stealth');
  210. tpl_set('timezone_autoset', $set_time );
  211. if ($set_time) {
  212.   $daylight_savings = get_site_variable('DAYLIGHT_SAVINGS_ON');
  213.   tpl_set('timezone', $short_profile['timezone'] - ($daylight_savings ? 4 : 5) );
  214.  }
  215.  
  216. // set next step if we can
  217. if (!$orientation) {
  218.   user_set_next_step($user, $short_profile);
  219.  }
  220.  
  221. // note: don't make this an else with the above statement, because then no news feed stories will be fetched if they're exiting orientation
  222. if ($orientation) {
  223.   extract(orientation_get_const());
  224.  
  225.   require_js('js/dynamic_dialog.js');
  226.   require_js('js/suggest.js');
  227.   require_js('js/typeahead_ns.js');
  228.   require_js('js/suggest.js');
  229.   require_js('js/editregion.js');
  230.   require_js('js/orientation.js');
  231.   require_css('css/typeahead.css');
  232.   require_css('css/editor.css');
  233.  
  234.   if ($post_hide_orientation && $post_hide_orientation <= $ORIENTATION_MAX) {
  235.     $orientation['orientation_bitmask'] |= ($post_hide_orientation * $ORIENTATION_SKIPPED_MODIFIER);
  236.     orientation_update_status($user, $orientation);
  237.   } else if ($post_show_orientation && $post_show_orientation <= $ORIENTATION_MAX) {
  238.     $orientation['orientation_bitmask'] &= ~($post_show_orientation * $ORIENTATION_SKIPPED_MODIFIER);
  239.     orientation_update_status($user, $orientation);
  240.   }
  241.  
  242.   $stories = orientation_get_stories($user, $orientation);
  243.   switch ($get_err) {
  244.   case $ORIENTATION_ERR_COLLEGE:
  245.     $temp = array(); // the affil_retval_msg needs some parameters won't be used
  246.     $stories[$ORIENTATION_NETWORK]['failed_college']=affil_retval_msg($get_ret, $temp, $temp);
  247.     break;
  248.   case $ORIENTATION_ERR_CORP:
  249.     $temp = array();
  250.     // We special case the network not recognized error here, because affil_retval_msg is retarded.
  251.     $stories[$ORIENTATION_NETWORK]['failed_corp'] = ($get_ret == 70) ? 'The email you entered did not match any of our supported networks. ' .
  252.       'Click <a href="/networks/networks.php?view=companies">here</a> to see our supported list. ' .
  253.       'Go <a href="help.php?tab=suggest">here</a> to suggest your network for the future.'
  254.       : affil_retval_msg($get_ret, $temp, $temp);
  255.     break;
  256.   }
  257.  
  258.   // photo upload error
  259.   if ($get_error) {
  260.     $stories[$ORIENTATION_ORDER[$ORIENTATION_PROFILE]]['upload_error'] = pic_get_error_text($get_error);
  261.   }
  262.   // photo upload success
  263.   else if ($get_success == 1) {
  264.     $stories[$ORIENTATION_ORDER[$ORIENTATION_PROFILE]]['uploaded_pic'] = true;
  265.     // join network success
  266.   } else if ($get_jn) {
  267.     $stories[$ORIENTATION_ORDER[$ORIENTATION_NETWORK]]['joined'] = array(
  268.                                      'id' => $get_jn,
  269.                                      'name' => network_get_name($get_jn));
  270.     // network join pending
  271.   } else if ($get_np) {
  272.  
  273.     $stories[$ORIENTATION_ORDER[$ORIENTATION_NETWORK]]['join_pending'] = array(
  274.                                            'id' => $get_np,
  275.                                            'email' => get_affil_email_conf($user, $get_np),
  276.                                            'network' => network_get_name($get_np));
  277.     // just imported friend confirmation
  278.   } else if ($get_jif) {
  279.     $stories[$ORIENTATION_ORDER[$ORIENTATION_NETWORK]]['just_imported_friends'] = true;
  280.     $stories[$ORIENTATION_ORDER[$ORIENTATION_NETWORK]]['domain'] = $get_ied;
  281.   }
  282.  
  283.   // Mobile web API params
  284.   if ($get_mobile) {
  285.     $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['sent_code'] = true;
  286.     $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['view'] = 'confirm';
  287.   }
  288.   if ($get_verified) {
  289.     $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['verified'] = true;
  290.   }
  291.   if ($get_me) {
  292.     $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['error'] = $get_me;
  293.   }
  294.   if ($get_mr) {
  295.     $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['view'] = 'register';
  296.   }
  297.  
  298.   if (orientation_eligible_exit($orientation)) {
  299.     tpl_set('orientation_show_exit', true);
  300.   }
  301.   tpl_set('orientation_stories', $stories);
  302.  
  303.   //if in orientation, we hide all feed intros (all 1's in bitmask)
  304.   $intro_settings = -1;
  305.  
  306.  }
  307. tpl_set('orientation', $orientation);
  308.  
  309. // Rooster Stories
  310. if (!$orientation &&
  311.     ((get_site_variable('ROOSTER_ENABLED') == 2) ||
  312.      (get_site_variable('ROOSTER_DEV_ENABLED') == 2))) {
  313.   $rooster_story_count = get_site_variable('ROOSTER_STORY_COUNT');
  314.   if (!isset($rooster_story_count)) {
  315.     // Set default if something is wrong with the sitevar
  316.     $rooster_story_count = 2;
  317.   }
  318.   $rooster_stories = rooster_get_stories($user, $rooster_story_count, $log_omissions = true);
  319.   if (!empty($rooster_stories) && !empty($rooster_stories['stories'])) {
  320.     // Do page-view level logging here
  321.     foreach($rooster_stories['stories'] as $story) {
  322.       rooster_log_action($user, $story, ROOSTER_LOG_ACTION_VIEW);
  323.     }
  324.     tpl_set('rooster_stories', $rooster_stories);
  325.   }
  326.  }
  327.  
  328. // set the variables for the home announcement code
  329. $hide_announcement_tpl = ($intro_settings | $HIDE_INTRO_BITMASK) & $HIDE_ANNOUNCEMENT_BIT;
  330. // if on qa/dev site, special rules
  331. $HIDE_INTRO_ON_DEV = get_site_variable('HIDE_INTRO_ON_DEV');
  332. if ((IS_QA_SITE || IS_DEV_SITE) && !$HIDE_INTRO_ON_DEV) {
  333.   $hide_announcement_tpl = 0;
  334.  }
  335.  
  336. tpl_set('hide_announcement', $hide_announcement_tpl);
  337. if($is_candidate = is_candidate_user($user)) {
  338.   tpl_set('hide_announcement', false);
  339.  }
  340. $home_announcement_tpl = !$hide_announcement_tpl || $is_candidate ? home_get_announcement_info($user) : 0;
  341. tpl_set('home_announcement', $home_announcement_tpl);
  342. tpl_set('hide_announcement_bit', $HIDE_ANNOUNCEMENT_BIT);
  343.  
  344. $show_friend_finder = !$orientation && contact_importer_enabled($user) && !user_get_hiding_pref($user, 'home_friend_finder');
  345. tpl_set('show_friend_finder', $show_friend_finder);
  346. if ($show_friend_finder && (user_get_friend_count($user) > 20)) {
  347.   tpl_set('friend_finder_hide_options', array('text'=>'close',
  348.                           'onclick'=>"return clearFriendFinder()"));
  349.  } else {
  350.   tpl_set('friend_finder_hide_options', null);
  351.  }
  352.  
  353. $account_info = user_get_account_info($user);
  354. $account_create_time = $account_info['time'];
  355.  
  356. tpl_set('show_friend_finder_top',
  357.     !$used_friend_finder);
  358.  
  359. tpl_set('user', $user);
  360.  
  361.  
  362. // MONETIZATION BOX
  363. $minimize_monetization_box = user_get_hiding_pref($user, 'home_monetization');
  364. $show_monetization_box = (!$orientation &&
  365.               get_site_variable('HOMEPAGE_MONETIZATION_BOX'));
  366. tpl_set('show_monetization_box', $show_monetization_box);
  367. tpl_set('minimize_monetization_box', $minimize_monetization_box);
  368.  
  369. if ($show_monetization_box) {
  370.   $monetization_box_data = monetization_box_user_get_data($user);
  371.   txt_set('monetization_box_data', $monetization_box_data);
  372.  }
  373.  
  374.  
  375. // ORIENTATION
  376. if ($orientation) {
  377.   $network_ids = id_get_networks($user);
  378.   $network_names = multiget_network_name($network_ids);
  379.   $in_corp_network = in_array($GLOBALS['TYPE_CORP'], array_map('extract_network_type', $network_ids));
  380.   $show_corp_search = $in_corp_network ||
  381.     get_age(user_get_basic_info_attr($user, 'birthday')) >= 21;
  382.   $pending_hs = is_hs_pending_user($user);
  383.   $hs_id = null;
  384.   $hs_name = null;
  385.   if ($pending_hs) {
  386.     foreach (id_get_pending_networks($user) as $network) {
  387.       if (extract_network_type($network['network_key']) == $GLOBALS['TYPE_HS']) {
  388.     $hs_id = $network['network_key'];
  389.     $hs_name = network_get_name($hs_id);
  390.     break;
  391.       }
  392.     }
  393.   }
  394.   //$orientation_people = orientation_get_friend_and_inviter_ids($user);
  395.   $orientation_people = array('friends' => user_get_all_friends($user),
  396.                   'pending' => array_keys(user_get_friend_requests($user)),
  397.                   'inviters'=> array(), // wc: don't show inviters for now
  398.                   );
  399.   $orientation_info = array_merge($orientation_people,
  400.                   array('network_names' => $network_names,
  401.                     'show_corp_search' => $show_corp_search,
  402.                     'pending_hs' => array('hs_id'=>$hs_id,
  403.                                   'hs_name'=>$hs_name),
  404.                     'user' => $user,
  405.                     ));
  406.   tpl_set('orientation_info', $orientation_info);
  407.  
  408.   tpl_set('simple_orientation_first_login', $get_o); // unused right now
  409.  }
  410.  
  411.  
  412. // Roughly determine page length for ads
  413. // first, try page length using right-hand panel
  414. $ads_page_length_data = 3 + // 3 for profile pic + next step
  415.   ($show_friend_finder ? 1 : 0) +
  416.   ($show_status ? ($status_custom ? count($friends_status) : 0) : 0) +
  417.   ($show_monetization_box ? 1 : 0) +
  418.   ($show_birthdays ? count($birthdays) : 0)