public function saveLog($xml) { // !!! // @todo Вот не знаю стоит ли тут делать так, или все же легче вызвать self::initReqXml(); но там у нас сессия инициализируется $this->_clientXml = new DOMDocument(); libxml_use_internal_errors(true); if (!$this->_clientXml->loadXML($xml)) { $this->_debug = 1; $xe_levels = array(LIBXML_ERR_WARNING => 'WARNING', LIBXML_ERR_ERROR => 'ERROR', LIBXML_ERR_FATAL => 'FATAL'); foreach (libxml_get_errors() as $xe) { $err .= $xe_levels[$xe->level] . ": (line: {$xe->line}, column: {$xe->column}): {$xe->message}"; } libxml_clear_errors(); $this->error(EXTERNAL_ERR_WRONG_REQ, $err); } $ns_name = basename($this->_clientXml->documentElement->getAttribute('xmlns:f')); if ($ns_name == '') { $ns_name = basename($this->_clientXml->documentElement->getAttribute('xmlns:hh')); } else { $ns_name = 'freetray'; } if ($ns_name == '') { $ns_name = 'other'; } $log = new log("external/{$ns_name}-%d%m%Y.log"); $log->writeln('--------------' . getRemoteIP() . '--------------'); $log->writeln($xml); }
/** * Создать анонима * * @param char $error * @return integer идентификатор анонима */ function Create(&$error) { global $DB; $id = 0; if (!$error) { $data = array('icq' => $this->icq, 'mail' => $this->mail, 'phone' => $this->phone, 'ip' => getRemoteIP()); $DB->insert('anonymous', $data); $id = $DB->val("SELECT currval('anonymous_id_seq');"); $error = $DB->error; } return $id; }
public function _request($url, $xml, $scope = '') { if (!$this->_log) { $this->_log = new log('wm_payments/wm_payments-%d%m%Y.log'); } $this->_log->linePrefix = '%d.%m.%Y %H:%M:%S : ' . getRemoteIP() . " : {$scope} : "; $res = parent::_request($url, $xml, $scope); $this->_log->writeln('REQUEST:'); $this->_log->writeln($res->GetRequest()); $this->_log->writeln('RESPONSE:'); $this->_log->writeln($res->GetResponse()); return $res; }
function EditOpinion($op_id, $message, $rating, $counter, $from = 'frl') { @session_start(); $objResponse = new xajaxResponse(); $message = trim($message); if (!in_array($rating, array(-1, 0, 1))) { $objResponse->assign('rating_error', 'innerHTML', 'Вы не выбрали категорию отзыва'); } elseif ($message == '') { $objResponse->script("opinionFormError('error_edit_msg_{$op_id}');"); } elseif (strlen($message) > opinions::$opinion_max_length) { $objResponse->script("opinionMaxLengthError('edit_msg_{$op_id}', " . opinions::$opinion_max_length . ');'); } else { $message = str_replace('&', '&', $message); $message = stripslashes($message); $message = change_q_x($message, FALSE, TRUE, '', false, false); $msg = opinions::GetMessageById($op_id); $old_rating = $msg['rating']; if (get_uid(0) == $msg['fromuser_id'] || hasPermissions('users')) { $error = opinions::Edit($msg['fromuser_id'], $op_id, $message, $rating, getRemoteIP(), hasPermissions('users'), get_uid(0)); } else { $error = 'Ошибка'; } if (!$error) { $msg = opinions::GetMessageById($op_id); if ($msg) { $user = new users(); $user->GetUserByUID($_SESSION['page_user_id']); $objResponse->assign('opid_' . $op_id, 'innerHTML', opinions::printTheme($msg, $from, $counter, false)); $ot = $old_rating == 1 ? 'plus' : ($old_rating == -1 ? 'minus' : 'neitral'); $nt = $rating == 1 ? 'plus' : ($rating == -1 ? 'minus' : 'neitral'); $objResponse->call('opinionChConuters', 'ops-' . $from . $ot, 'ops-' . $from . $nt); $block_class = 'ops-one-' . $nt; $objResponse->script("\$('opid_{$op_id}').removeClass('ops-one-plus').removeClass('ops-one-neitral').removeClass('ops-one-minus');"); $objResponse->script("\$('opid_{$op_id}').addClass('{$block_class}')"); $objResponse->script("opinionCheckMaxLengthStop('edit_msg_{$op_id}');"); } else { $objResponse->script("alert('" . serialize($msg) . "')"); } } else { $objResponse->script("alert('" . $error . "')"); } } return $objResponse; }
function processForm($aFormValues) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/smail.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/blogs.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; global $session; session_start(); get_uid(false); $objResponse = new xajaxResponse(); //$pname = change_q($_POST['name'], true); $msg = change_q($aFormValues['calltext'], false, 0); //$mail = trim($_POST['mail']); //$attach = $_FILES['attach']; $login = $_SESSION['login'] ? $_SESSION['login'] : '******'; $tn = 0; $f_name = ''; $uid = get_uid(false); $usr = new users($uid); $pname = $_SESSION['name'] . ' ' . $_SESSION['surname']; $mail = $usr->GetField($uid, $error, 'email'); if (!$msg) { $alert['msg'] = 'Поле заполнено некорректно'; $error_flag = 1; } if (!$error_flag) { $error .= blogs::NewThread($uid, 3, 0, $name, $msg, $f_name, getRemoteIP(), 1, $tn); } if (!$error && !$error_flag) { $sm = new smail(); $error .= $sm->NewFeedbackPost($pname, $msg, $mail, $_SESSION['login'], 4); $msg = $name = $mail = ''; $info_msg = '<br><center><table class="view_info" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="n_qpr"><td height="20"><img src="/images/ico_ok.gif" alt="" border="0" height="18" width="19"></td><td nowrap>Ваше сообщение отправлено</td></tr></tbody></table>'; $objResponse->assign('calltext', 'value', ''); $objResponse->assign('cbok', 'innerHTML', $info_msg); //$objResponse->assign("submitButton","disabled",false); $objResponse->assign('submitButton', 'value', 'Отправить'); } return $objResponse; }
/** * Проверяем фиксируем UTM метки. * * @return bool */ public function checkUtm() { $sess_id = session_id(); //После авторизации обновляем UID пользователя if (!isset($_SESSION['ga_stat_updated']) && isset($_SESSION['uid']) && $_SESSION['uid'] > 0) { $this->db()->update(self::TABLE, array('user_id' => $_SESSION['uid']), 'user_id IS NULL AND sess_id = ?', $sess_id); $_SESSION['ga_stat_updated'] = true; } if (!isset($_GET['utm_source'], $_GET['utm_medium'], $_GET['utm_campaign'])) { return false; } $utm_source = __paramInit('string', 'utm_source', null, null, 150); $utm_medium = __paramInit('string', 'utm_medium', null, null, 150); $utm_campaign = __paramInit('string', 'utm_campaign', null, null, 150); if (empty($utm_source) && empty($utm_medium) && empty($utm_campaign)) { return false; } //Хеш на ссылку живет 30 минут в течении жизни сессии $hash = md5($_SERVER['REQUEST_URI'] . date('d.m.Y H') . (date('i') > 30)); //Не фиксируем метки на одинаковые страницы и исключаем накрутку if (isset($_SESSION['ga_stat_url_hash'][$hash])) { return false; } $_SESSION['ga_stat_url_hash'][$hash] = true; //Храним максимум до 100 разных хеш-ссылок в сессии и старые выбрасываем if (count($_SESSION['ga_stat_url_hash']) > 100) { $_SESSION['ga_stat_url_hash'] = array_slice($_SESSION['ga_stat_url_hash'], -100); } //Фиксируем метку $data = array('utm_source' => $utm_source, 'utm_medium' => $utm_medium, 'utm_campaign' => $utm_campaign, 'ip' => getRemoteIP(), 'url' => parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 'sess_id' => $sess_id); if (isset($_SESSION['uid']) && $_SESSION['uid'] > 0) { $data['user_id'] = $_SESSION['uid']; } $ret = $this->db()->insert(self::TABLE, $data); return $ret; }
function checkLogin($mode = 'REDIRECT') { $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_in=0, logged_change='" . time() . "' "; $sql .= "WHERE logged_in=1 AND (" . time() . "-logged_change) > " . intval($GLOBALS['phpwcms']["max_time"]); _dbQuery($sql, 'UPDATE'); checkLoginCount(); if (empty($_SESSION["wcs_user"])) { @session_destroy(); $ref_url = ''; if (!empty($_SERVER['QUERY_STRING'])) { $ref_url = '?ref=' . rawurlencode(PHPWCMS_URL . 'phpwcms.php?' . xss_clean($_SERVER['QUERY_STRING'])); } if ($mode == 'REDIRECT') { // check again if user was logged in and this is a valid redirect request $sql = 'SELECT COUNT(*) FROM ' . DB_PREPEND . 'phpwcms_userlog WHERE '; $sql .= "logged_ip=" . _dbEscape(getRemoteIP()) . " AND "; $sql .= '( ' . time() . ' - logged_change ) < 3600'; $ref_url = _dbCount($sql) > 0 ? get_login_file() . $ref_url : ''; headerRedirect(PHPWCMS_URL . $ref_url); } else { return false; } } return true; }
/** * Серый список IP * * @param users $user */ function checkGrayIp($user) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/gray_ip.php'; $aGrayList = gray_ip::getGrayListByRegIp(getRemoteIP()); if ($aGrayList) { // есть записи в списке первичных IP gray_ip::addSecondaryIp($user->uid, $user->login, $user->role, $aGrayList); } }
foreach ($cnt_form["target"] as $value) { if (strtolower($cnt_form['fromEmail']) == strtolower($value)) { $POST_ERR[] = '@@Sender’s email must be different from recipient’s email@@'; break; } } } } // do $POST_ERR test again to handle possible duplicates // in case 'checktofrom' = 1 if (!empty($POST_DO) && empty($POST_ERR)) { // check if there are form values which should be saved in db if (count($POST_savedb)) { $POST_savedb_sql = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_formresult '; $POST_savedb_sql .= '(formresult_pid, formresult_ip, formresult_content) VALUES ('; $POST_savedb_sql .= $crow['acontent_id'] . ", " . _dbEscape(getRemoteIP()) . ", "; $POST_savedb_sql .= _dbEscape(serialize($POST_savedb)) . ")"; $POST_savedb_sql = _dbQuery($POST_savedb_sql, 'INSERT'); } // send mail, include phpmailer class require_once PHPWCMS_ROOT . '/include/inc_ext/phpmailer/PHPMailerAutoload.php'; // now run all CC -> but sent as full email to each CC recipient if (count($cnt_form['cc'])) { $mail = new PHPMailer(); $mail->Mailer = $phpwcms['SMTP_MAILER']; $mail->Host = $phpwcms['SMTP_HOST']; $mail->Port = $phpwcms['SMTP_PORT']; if ($phpwcms['SMTP_AUTH']) { $mail->SMTPAuth = 1; $mail->Username = $phpwcms['SMTP_USER']; $mail->Password = $phpwcms['SMTP_PASS'];
/** * Проверка на наши запросы POST, GET защита от CSRF * */ function csrf_magic() { static $log; if (defined("NO_CSRF")) { return true; } // Не проеверяем если отключена проверка в скрипте if ($_POST['u_token_key'] != $_SESSION['rand']) { if (!$log) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/log.php"; $log = new log('csrf/' . SERVER . '-%d%m%Y.log', 'a', '%d.%m.%Y %H:%M:%S - ' . getRemoteIP() . ' "' . $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . '"' . ' "' . $_SERVER['HTTP_USER_AGENT'] . '"'); } $log->writeln(" post_key: {$_POST['u_token_key']}, session_key: {$_SESSION['rand']}"); $_POST = array(); $_REQUEST = array(); } }
public function registration($type_wizard = step_wizard_registration::TYPE_WIZARD_EMP) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/captcha.php"; $action = __paramInit('string', null, 'action'); if ($this->status == step_wizard::STATUS_CONFIRM) { if ($_SESSION['email'] == 0) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; $user = new users(); $email = $user->GetField(wizard::getUserIDReg(), $error, "email"); $_SESSION['email'] = $email; } if ($action == registration::ACTION_SEND_MAIL) { $send = registration::actionSendMail(false); if ($send) { header("Location: /wizard/registration/"); exit; } } } $type_user = $type_wizard; if ($action == 'registration' && $this->status == 0) { $error = array(); if (!$_SESSION["regform_captcha_entered"]) { session_start(); $captchanum = __paramInit('string', null, 'captchanum'); $num = __paramInit('string', null, 'rndnum'); $_SESSION['w_reg_captcha_num'] = $captchanum; $captcha = new captcha($captchanum); if (!$captcha->checkNumber($num)) { $error['captcha'] = 'Неверный код. Попробуйте еще раз'; unset($_SESSION['w_reg_captcha_num']); } } if ($type_wizard == step_wizard_registration::TYPE_WIZARD_EMP) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/employer.php"; } else { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/freelancer.php"; } $login = trim(__paramInit('string', null, 'login')); $email = trim(__paramInit('string', null, 'email')); $agree = trim(__paramInit('string', null, 'agree')); $phone = trim(__paramInit('string', null, 'phone')); $smscode = trim(__paramInit('string', null, 'smscode')); // пароль берем напрямую из $_POST, а то __paramInit режет спецсимволы (пароль хешируется - SQL инъекция невозможна) $passwd = $_POST['password']; if (!$agree) { $error['agree'] = 'Прочтите и согласитесь с правилами'; } if ($passwd == '') { $error['pwd'] = 'Введите пароль'; } if (!preg_match("/^[a-zA-Z0-9]+[-a-zA-Z0-9_]{2,}\$/", $login)) { $error['login'] = '******'; } if (in_array(strtolower($login), $GLOBALS['disallowUserLogins'])) { $error['login'] = '******'; } if (!is_email($email)) { $error['email'] = 'Поле заполнено некорректно'; } if ($smscode != $_SESSION["smsCode"]) { $error['smscode'] = 'Код не совпал'; } if ($phone != $_SESSION["reg_phone"]) { $error['phone'] = 'Вы вводили другой номер при запросе кода'; } $phone = preg_replace("#^\\+#", "", $_SESSION["reg_phone"]); if (empty($error['login'])) { $sql = "SELECT uid FROM users WHERE lower(login) = ?"; if ($this->_db->val($sql, strtolower($login))) { $error['login'] = '******'; } } if (empty($error['email']) && empty($error['captcha'])) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/temp_email.php"; if (temp_email::isTempEmail($email)) { $error['email'] = 'К сожалению, регистрация аккаунта на указанный адрес электронной почты невозможна. Пожалуйста, для регистрации воспользуйтесь почтовым адресом другого домена'; } else { $sql = "SELECT uid FROM users WHERE lower(email) = ?"; if ($this->_db->val($sql, strtolower($email))) { $error['email'] = 'Указанная вами электронная почта уже зарегистрирована. Авторизуйтесь на сайте или укажите другую электронную почту.'; } } } if (count($error) == 0) { if ($type_wizard == step_wizard_registration::TYPE_WIZARD_EMP) { $newuser = new employer(); } else { $newuser = new freelancer(); } $newuser->checked_name = false; if ($type_wizard == step_wizard_registration::TYPE_WIZARD_EMP) { $newuser->role = 1; } else { $newuser->role = 0; } $newuser->login = substr($login, 0, 15); $newuser->email = substr($email, 0, 64); $newuser->passwd = substr($passwd, 0, 24); $id = $newuser->Create($rerror, $error); if ($id && !$error) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/activate_code.php"; $this->parent->saveActionWizard($this, step_wizard::STATUS_CONFIRM); $this->parent->bindUserIDReg($id); unset($_SESSION['ref_uri']); require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/smail.php'; $smail = new smail(); $bSuspect = users::isSuspiciousUser($id, $newuser->login, '', $newuser->uname, '', $newuser->usurname, ''); $sPasswd = $bSuspect ? $newuser->passwd : ''; // чтобы из админки можно было выслать $smail->NewUser $code = activate_code::Create($id, $newuser->login, $sPasswd, $error); if (!$bSuspect) { $_SESSION['suspect'] = false; // юзер не подозрительный - сразу отпавляем юзеру письмо с кодом активации $smail->NewUser($newuser->login, false, $code, $this->getWizardUserID(), $newuser->role ? 'emp' : 'frl'); } else { $_SESSION['suspect'] = true; // отправляем уведомление админу о том, что зарегистрировался подозрительный юзер // если админ его одобрит - то письмо с кодом активации уйдет из админки $smail->adminNewSuspectUser($newuser->login, $newuser->uname, $newuser->usurname); } //Записываем подтвержденный номер телефона в финансы require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/sms_gate.php"; $phone = '+' . preg_replace("#^\\+#", "", $_SESSION["reg_phone"]); unset($_SESSION["regform_captcha_entered"]); sms_gate::saveSmsInfo($phone, $_SESSION["reg_sms_isnn"], $_SESSION["smsCode"], $_SESION["reg_sms_date_send"], $id); // стираем куку, чтобы показался блок "Вы успешно зарегистрировались" setcookie('master_auth', "", time() - 3600, '/'); // Серый список IP ---------------------- require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/gray_ip.php'; $aGrayList = gray_ip::getGrayListByRegIp(getRemoteIP()); if ($aGrayList) { // есть записи в списке первичных IP gray_ip::addSecondaryIp($id, $newuser->login, $newuser->role, $aGrayList); } //--------------------------------------- $_SESSION['email'] = $newuser->email; header("Location: /wizard/registration/"); exit; } } } elseif ($action == 'authorization') { $auth_error = $this->authorization($auth_login); } include $_SERVER['DOCUMENT_ROOT'] . "/wizard/registration/steps/tpl.step.reg.php"; }
/** * Конструктор принимает три обязательных параметра и восстанавливает сессию * подключения (или создает новую, если ее нет). * * @param int $uid id пользователя * @param string $cid id сессии * @param string $ckey ключ сессии */ public function __construct($uid, $cid, $ckey) { if (!$uid || !$cid || !$ckey) { return; } $this->_uid = $uid; $this->_cid = $cid; $this->_ckey = md5($ckey . getRemoteIP() . $_SERVER['HTTP_USER_AGENT']); $this->_memBuff = new memBuff(); $this->_loadConnect(); if (empty($this->_connect)) { $this->_connect = array('evid' => $this->_counter('evid'), 'cid' => $this->_cid, 'ckey' => $this->_ckey, 'uptime' => time()); } $this->_settings = array('chat' => (int) $_SESSION['chat'], 'sound' => (int) $_SESSION['chat_sound']); }
/** * Вставка записи. * * @param $fid идентификатор файла * @param $file_name имя файла * @param $old_file_name имя файла, который был переименован при замене вновь загруженым * * @return int идентификатор записи **/ public static function addRecord($fid, $file_name, $old_file_name) { global $DB; return $DB->insert(self::TABLE, array('filename' => $file_name, 'fid' => $fid, 'old_file_name' => $old_file_name, 'ip' => getRemoteIP(), 'admin_id' => get_uid(false)), 'id'); }
/** * Конструктор. Инициализация переменных */ function static_compress($enabled = COMPRESS_STATIC, $options = array()) { if (isset($options['bem']) && $options['bem']) { $this->bem_src_path = $options['bem']; } else { $this->bem_src_path = self::BEM_SRC_PATH; } $this->_root = $options['root']; // $this->memBuff = new memBuff(); $this->enabled = $enabled; $this->_log = new log('static/' . SERVER . '-%d.log'); $this->_log->linePrefix = '%d.%m.%Y %H:%M:%S : ' . str_pad(getRemoteIP(), 15) . ' '; $this->isMSIE = stripos($_SERVER['HTTP_USER_AGENT'], 'msie ') !== false; }
$files = array(); $attach = $_FILES['attach']; if (is_array($attach) && !empty($attach['name'])) { foreach ($attach['name'] as $key => $v) { if (!$attach['name'][$key] || $key > articles_comments::MAX_FILE_COUNT) { continue; } $files[] = new CFile(array('name' => $attach['name'][$key], 'type' => $attach['type'][$key], 'tmp_name' => $attach['tmp_name'][$key], 'error' => $attach['error'][$key], 'size' => $attach['size'][$key])); } } list($att, $uperr, $error_flag) = $comments->UploadFiles($files, array('width' => 390, 'height' => 1000, 'less' => 0)); if ($uperr) { $alert[2] = $uperr; } if (!isset($alert)) { $new = $comments->Add($uid, $reply, $thread, $msg, $yt_link, $att, getRemoteIP(), $err, $tn); } if ($new) { $q = array(); parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $q); $q['goto'] = $new; header('Location: ./' . url($GET, $q, true, '?')); // echo "<script>document.location.href = '{$_SERVER['HTTP_REFERER']}#c_$new';</script>"; exit; } break; case 'edit-comment': if (!$uid) { header('Location: /fbd.php'); die; }
// script contains everything necessary to track ad banner clicks and so on... // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // first check if (isset($_GET['u']) && $_GET['u'] == PHPWCMS_USER_KEY) { $ads_id = intval($_GET['adclickval']); $sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_ads_campaign '; $sql .= 'WHERE adcampaign_id=' . $ads_id . ' AND adcampaign_status=1 LIMIT 1'; $ad_data = _dbQuery($sql); if (!empty($ad_data[0]['adcampaign_data'])) { $ad_data = @unserialize($ad_data[0]['adcampaign_data']); $ads_userip = getRemoteIP(); $ads_useragent = $_SERVER['HTTP_USER_AGENT']; $ads_ref = isset($_GET['r']) ? trim($_GET['r']) : ''; $ads_cat = empty($_GET['c']) ? 0 : intval($_GET['c']); $ads_article = empty($_GET['a']) ? 0 : intval($_GET['a']); if (empty($_COOKIE['phpwcmsAdsUserId']) || !preg_match('/^[0-9a-f]{32}$/', $ads_userid = $_COOKIE['phpwcmsAdsUserId'])) { $ads_userid = md5($ads_userip . microtime()); setcookie('phpwcmsAdsUserId', $ads_userid, time() + 63072000, '/', getCookieDomain()); } $sql = 'INSERT DELAYED INTO ' . DB_PREPEND . 'phpwcms_ads_tracking ('; $sql .= 'adtracking_created, adtracking_campaignid, adtracking_ip, adtracking_cookieid, '; $sql .= 'adtracking_countclick, adtracking_countview, adtracking_useragent, adtracking_ref, '; $sql .= 'adtracking_catid, adtracking_articleid) VALUES ('; $sql .= "NOW(), " . $ads_id . ", " . _dbEscape($ads_userip) . ", " . _dbEscape($ads_userid) . ", "; $sql .= "1, 0, " . _dbEscape($ads_useragent) . ", " . _dbEscape($ads_ref) . ", " . $ads_cat . ", " . $ads_article . ")"; @_dbQuery($sql, 'INSERT');
/** * Создает комментарий. * * @param int $oid id предложения, который комментируют * @param string $comment комментарий * @param int $reply id комментария на который отвечают или 0, если комментарий 1-го уровня * * @return string сообщение об ошибке или пустая строка, если все нормально */ public function CreateComment($oid, $comment, $reply = 0) { global $DB; $oid = intval($oid); $reply = intval($reply); //$comment = substr(change_q(trim($comment), true, 90), 0, 1000); if (!($offer = $this->GetOffer($oid))) { return 'Несуществующее предложение'; } if ($offer['closed'] == 't') { return 'Проект завершен'; } // пользователь забанен в текущем предложении? if ($this->is_banned) { return 'Забаненые пользователи не могут добавлять комментарии'; } // пользователь запретил комментировать свое предложение? if ($offer['comm_blocked'] == 't') { return 'Автор предложения отключил возможность комментирования'; } // добавляем комментарий $ip = getRemoteIP(); $nStopWordsCnt = 0; if (!is_pro()) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/stop_words.php'; $stop_words = new stop_words(); $nStopWordsCnt = $stop_words->calculate($comment); } $sModVal = is_pro() || !$nStopWordsCnt ? 'NULL' : '0'; $sql = ' INSERT INTO projects_contest_msgs (offer_id, user_id, reply_to, from_ip, msg, post_date, moderator_status) VALUES (?i, ?i, ' . ($reply ? $reply : 'NULL') . ", ?, ?, NOW(), {$sModVal})\n\t\t\tRETURNING id\n\t\t"; $this->new_cid = $DB->val($sql, $oid, $this->uid, $ip, $comment); if ($error = $DB->error) { return $error; } if (!is_pro() && $nStopWordsCnt) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/user_content.php'; $DB->insert('moderation', array('rec_id' => $this->new_cid, 'rec_type' => user_content::MODER_CONTEST_COM, 'stop_words_cnt' => $nStopWordsCnt)); } $sql = 'SELECT po.user_id AS frl, p.user_id AS emp, e.is_pro AS emp_is_pro, f.is_pro AS frl_is_pro FROM projects_offers po LEFT JOIN projects p ON p.id = po.project_id LEFT JOIN employer e ON e.uid = p.user_id LEFT JOIN freelancer f ON f.uid = po.user_id WHERE po.id = ?i LIMIT 1'; $users = $DB->row($sql, $oid); // стираем мемкеш $memBuff = new memBuff(); if ((int) $users['frl'] !== (int) $this->uid) { $memBuff->delete("prjMsgsCnt{$users['frl']}"); $memBuff->delete("prjMsgsCntWst{$users['frl']}"); } elseif ((int) $users['emp'] !== (int) $this->uid) { $memBuff->delete("prjMsgsCnt{$users['emp']}"); $memBuff->delete("prjLastMess{$users['emp']}"); } return ''; }
/** * Сохраняет в сессии текущий ip адрес и страну-город для баннерки, * Если ip поменялся, страна город также обновляются. */ public function CheckSessionCountryCity() { $DB = new DB('banner'); @session_start(); $ip = getRemoteIP(); if (!isset($_SESSION['last_ip']) || isset($_SESSION['last_ip']) && $_SESSION['last_ip'] != $ip || !isset($_SESSION['banners_city']) && !isset($_SESSION['banners_country'])) { $_SESSION['last_ip'] = $ip; $sql = 'SELECT city_id, country FROM ban_netwoks INNER JOIN ban_city ON ban_city.id = ban_netwoks.city_id WHERE ? BETWEEN ip_from AND ip_to ORDER BY ip_to LIMIT 1'; $res = $DB->row($sql, $ip); $_SESSION['banners_city'] = intval($res['city_id']); $_SESSION['banners_country'] = $res['country']; } }
private function _error($optype = null, $key = null) { if (!$this->_log->linePrefix) { $this->_log->linePrefix = '%d.%m.%Y %H:%M:%S - ' . getRemoteIP() . ' - "' . $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . '" : '; } $rcode = $this->getResultCode(); $rmsg = $this->getResultMessage(); $ttime = $this->_log->getTotalTime('%H:%M:%S', 3); if ($rcode == Memcached::RES_NOTFOUND || $rcode == Memcached::RES_SUCCESS || $optype == 'add' && $rcode == Memcached::RES_NOTSTORED) { return; } $this->_log->writeln("[error: {$rcode}, method: {$optype}, key: {$key}, time: {$ttime}] {$rmsg}"); }
$footer = "../footer.html"; if (!$user->login) { include ABS_PATH . "/404.php"; exit; } $obj_memcache = new memBuff(); if ($_SESSION['login']) { if ($_SESSION['login'] != $user->login) { if (!$obj_memcache->get('user_view_' . strtolower($user->login) . '_' . strtolower($_SESSION['login']))) { $obj_memcache->set('user_view_' . strtolower($user->login) . '_' . strtolower($_SESSION['login']), 1, 3600); $user->IncHits($user->login); } } } else { if (!$obj_memcache->get('user_view_' . strtolower($user->login) . '_' . getRemoteIP())) { $obj_memcache->set('user_view_' . strtolower($user->login) . '_' . getRemoteIP(), 1, 3600); $user->IncHits($user->login); } } if ($user->is_banned && !hasPermissions('users')) { if (!$content) { $content = "ban.php"; } } else { if (!$content) { $content = $page == 'opinions' ? 'content_new.php' : 'content.php'; // !!! проверить /* if ($_SESSION['login'] == $name) { $content = "content_setup.php"; $fpath = $_SERVER['DOCUMENT_ROOT'] . "/user/employer/";
$asid = $attachedfiles->createSessionID(); $attachedfiles->addNewSession($asid); $attachedfiles_session = $asid; } else { $attachedfiles = new attachedfiles($attachedfiles_session); $asid = $attachedfiles_session; } $attachedfiles_info = $attachedfiles->calcFiles(); if ($attachedfiles_session) { $countfiles = 0; } if ($msg === '' && $question === '' && empty($alert[5]) && !($countfiles || $attachedfiles_info['count']) && $yt_link === '') { $error_flag = 1; $alert[2] = 'Ошибка. Сообщение не должно быть пустым!'; } elseif (!$error && !$error_flag && ($msg !== '' || $attach['name'] || $attach_have || $attach_delete || $question || $yt_link || $attachedfiles_info['count'])) { $blog_obj->Edit($_SESSION['uid'], $thread, $msg, $msg_name, $files, getRemoteIP(), $err, $mod, NULL, $gr, $t, $attach_delete, $olduserlogin, $yt_link, $close_comments, $is_private, $ontop, null, $question, $answers, $answers_exists, $multiple); //$nStopWordsCnt = $stop_words->calculate( $msg, $msg_name, $question, $answers, $answers_exists ); $attachedfiles_files = $attachedfiles->getFiles(array(1, 3, 4)); $blog_obj->addAttachedFiles($attachedfiles_files, $thread, $olduserlogin, $draft_id ? true : false); $attachedfiles->clear(); //$blog_obj->insertIntoModeration( $thread, $nStopWordsCnt ); // больше не модерируем if ($err) { $alert = $alert + $err; } if ($draft_id && !($alert || $error || $error_flag)) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/drafts.php'; drafts::DeleteDraft($draft_id, get_uid(false), 3, true); } } if ($site == 'journal') { unset($_SESSION['user.journal.change.result']);
* $Id$ * * GeoGraph geographic photo archive project * This file copyright (C) 2008 Barry Hunter (geo@barryhunter.co.uk) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ require_once 'geograph/global.inc.php'; init_session(); header("HTTP/1.0 204 No Content"); header("Status: 204 No Content"); header("Content-Length: 0"); flush(); $db = NewADOConnection($GLOBALS['DSN']); if (!$db) { die('Database connection failed'); } $ins = "INSERT INTO vote_log SET\r\n\ttype = " . $db->Quote(@$_GET['t']) . ",\r\n\tid = " . intval(@$_GET['id']) . ",\r\n\tvote = " . intval(@$_GET['v']) . ",\r\n\tipaddr = INET_ATON('" . getRemoteIP() . "'),\r\n\tuser_id = " . intval($USER->user_id); $db->Execute($ins);
function checkLoginCount() { $check = 0; if (!empty($_SESSION["wcs_user"])) { $sql = "SELECT COUNT(*) FROM " . DB_PREPEND . "phpwcms_userlog WHERE logged_user="******"wcs_user"]) . " AND logged_in=1"; if (!empty($phpwcms['Login_IPcheck'])) { $sql .= " AND logged_ip=" . _dbEscape(getRemoteIP()); } $check = _dbCount($sql); if ($check) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . time() . " WHERE "; $sql .= "logged_user="******"wcs_user"]) . " AND logged_in=1"; _dbQuery($sql, 'UPDATE'); } else { destroyBackendSessionData(); } } return $check; }
$table .= "<tr bgcolor=\"#F4F4F4\">"; $table .= "<td class=\"error\">[" . $key . "]</td>"; $table .= "<td class=\"error\">" . html($value) . "</td>"; $table .= "</tr>\n"; } $error_template = read_textfile(PHPWCMS_ROOT . '/include/inc_lang/formmailer/' . $lang . '_formmailer.error.html'); $error_template = str_replace("<!-- RESULT //-->", $table, $error_template); echo $error_template; } } else { $translate[$lang]["bodyLine1"] = str_replace("###date###", date($translate[$lang]["dateFormat"]), $translate[$lang]["bodyLine1"]); $translate[$lang]["bodyLine1"] = str_replace("###time###", date($translate[$lang]["timeFormat"]), $translate[$lang]["bodyLine1"]); $body = $translate[$lang]["bodyLine1"] . "\n"; $body .= $translate[$lang]["bodyLine2"] . "\n"; $body .= $_SERVER['HTTP_REFERER'] . " \n"; $body .= "IP: " . getRemoteIP() . " \n\n"; $body .= "====================================================================\n\n"; $body .= $translate[$lang]["bodyRecipient"]; if ($recipient_name) { $body .= $recipient_name . " (" . $recipient . ")\n\n"; } else { $body .= $recipient . "\n\n"; } $body .= "====================================================================\n\n"; $body .= $subject . "\n"; $body .= "--------------------------------------------------------------------\n"; $l = 0; if (is_array($form) && count($form)) { foreach ($form as $key => $value) { $x = strlen($key); if ($x > $l) {
/** * Сохранение Блоги: посты и комментарии * * @param object $objResponse xajaxResponse * @param string $rec_id идентификатор записи * @param string $rec_type тип записи * @param array $aForm массив данных * @param string $sDrawFunc имя функции для выполнения после сохранения */ function _admEditBlogsSaveForm(&$objResponse, $rec_id = '', $rec_type = '', $aForm = array(), $sDrawFunc = '') { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/attachedfiles.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/user_content.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/blogs.php'; $mod = hasPermissions('blogs') ? 0 : 1; $alert = array(); $olduserlogin = $aForm['olduserlogin']; // логин автора блога $close_comments = $aForm['close_comments'] ? 't' : 'f'; // запретить комментирование $is_private = $aForm['is_private'] ? 't' : 'f'; // показывать только мне $ontop = $aForm['ontop'] ? 't' : 'f'; // закрепить тему наверху $categ = change_q_x($aForm['category'], true); // раздел $close_comments = $rec_type == 2 ? 'n' : $close_comments; $is_private = $rec_type == 2 ? 'n' : $is_private; list($gr, $t) = explode('|', $categ); // название, текст if (strlen($aForm['msg']) > blogs::MAX_DESC_CHARS) { $error_flag = 1; $alert[1] = 'Максимальный размер сообщения ' . blogs::MAX_DESC_CHARS . ' символов!'; } $msg = change_q_x(antispam($aForm['msg']), false, false, 'b|br|i|p|ul|li|cut|s|h[1-6]{1}', false, false); $name = substr_entity(change_q_x(antispam($aForm['name']), true, false), 0, 96, true); // ссылка на youtube $yt_link = $aForm['yt_link'] ? $aForm['yt_link'] : ''; if ($yt_link != '') { $v_yt_link = video_validate($yt_link); if (!$v_yt_link) { $alert[4] = 'Неверная ссылка.'; } else { $yt_link = $v_yt_link; } } // опросы $question = substr_entity(change_q_x(antispam(trim((string) $aForm['question'])), false, false, ''), 0, blogs::MAX_POLL_CHARS, true); $multiple = (bool) $aForm['multiple']; $answers = array(); $answers_exists = array(); $i = 0; if (is_array($aForm['answers']) && !empty($aForm['answers'])) { foreach ($aForm['answers'] as $pa) { if (trim((string) $pa) !== '') { $answers[] = substr_entity(change_q_x(antispam(preg_replace('/&/', '&', (string) trim($pa))), false, false, ''), 0, blogs::MAX_POLL_ANSWER_CHARS * 2, true); $i++; } } } if (is_array($aForm['answers_exists']) && !empty($aForm['answers_exists'])) { foreach ($aForm['answers_exists'] as $key => $pa) { if (trim((string) $pa) !== '') { $answers_exists[$key] = substr_entity(change_q_x(antispam(preg_replace('/&/', '&', (string) trim($pa))), false, false, ''), 0, blogs::MAX_POLL_ANSWER_CHARS * 2, true); $i++; } } } if ($i > 0 && $question === '') { $alert[5] = 'Введите текст вопроса'; } else { if ($i > blogs::MAX_POLL_ANSWERS) { $alert[5] = 'Вы можете указать максимум ' . blogs::MAX_POLL_ANSWERS . ' отетов'; } else { if ($i < 2 && $question !== '') { $alert[5] = 'Нужно указать минимум 2 варианта ответа в голосовании'; } } } // файлы $files_session = $aForm['attachedfiles_session']; if (!$files_session) { $attachedfiles = new attachedfiles('', true); $asid = $attachedfiles->createSessionID(); $attachedfiles->addNewSession($asid); $files_session = $asid; } else { $attachedfiles = new attachedfiles($files_session); $asid = $files_session; } $files_info = $attachedfiles->calcFiles(); if ($msg === '' && $question === '' && empty($alert[5]) && !$files_info['count'] && $yt_link === '') { $alert[1] = 'Сообщение не должно быть пустым'; } if (!$alert) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/messages.php'; $blogs = new blogs(); $blogs->Edit($_SESSION['uid'], $rec_id, $msg, $name, array(), getRemoteIP(), $err, $mod, '', $gr, $t, array(), $olduserlogin, $yt_link, $close_comments, $is_private, $ontop, null, $question, $answers, $answers_exists, $multiple); $files = $attachedfiles->getFiles(array(1, 3, 4)); $blogs->addAttachedFiles($files, $rec_id, $olduserlogin, false); $attachedfiles->clear(); $sReason = _parseReason($aForm['user_id'], $aForm['adm_edit_text']); messages::blogModifiedNotification($rec_type, $aForm['oldusertitle'], $aForm['post_time'], $aForm['user_name'], $aForm['user_surname'], $olduserlogin, $sReason); $content_id = user_content::MODER_BLOGS; _admEditAfterAll($objResponse, $content_id, $rec_id, $rec_type, $sDrawFunc, $aForm); } else { _setErrors($objResponse, $alert, array(1 => 'msg', 4 => 'yt_link', 5 => 'question'), $sDrawFunc); } }
sendEmail(array('recipient' => $guestbook['notify_email'], 'subject' => 'New guestbook/comment entry', 'isHTML' => 0, 'text' => $guestbook['notify'], 'from' => $phpwcms["admin_email"], 'sender' => $phpwcms["admin_email"])); } $GLOBALS['_getVar']['guestbookentry'] = $guestbook['new_entry_id']; // to avoid double Post headerRedirect(abs_url(array(), array(), '', 'urlencode')); } else { $guestbook['readform'] = 0; $CNT_TMP .= '<div style="color:#FF3300;">A technical problem occured while signing to the guestbook</div>'; } } } // do this after new gb entry was created if (isset($GLOBALS['_getVar']['guestbookentry'])) { $guestbook['sql'] = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_guestbook '; $guestbook['sql'] .= 'WHERE guestbook_id=' . intval($GLOBALS['_getVar']['guestbookentry']); $guestbook['sql'] .= " AND guestbook_ip=" . _dbEscape(getRemoteIP()); $guestbook['new_entry'] = _dbQuery($guestbook['sql']); if (!empty($guestbook['new_entry'][0])) { $guestbook['readform'] = 1; $guestbook['post']['email'] = $guestbook['new_entry'][0]['guestbook_email']; $guestbook['post']['name'] = $guestbook['new_entry'][0]['guestbook_name']; $guestbook['post']['url'] = $guestbook['new_entry'][0]['guestbook_url']; $guestbook['post']['msg'] = $guestbook['new_entry'][0]['guestbook_msg']; } unset($GLOBALS['_getVar']['guestbookentry']); } // start guestbook form if (empty($guestbook['gb_login_post'])) { $guestbook['show_postform'] = true; } elseif (_getFeUserLoginStatus()) { $guestbook['show_postform'] = true;
} if (isSpam($msg)) { $ok = false; $errors['msg'] = "Sorry, this looks like spam"; } if (!$ok) { die("ERROR: " . implode('. ', $errors)); } $smarty->assign_by_ref('msg', $msg); $smarty->assign_by_ref('contactmail', $CONF['abuse_email']); $enc_from_name = mb_encode_mimeheader($from_name, $CONF['mail_charset'], $CONF['mail_transferencoding']); $smarty->assign('http_host', "{$_SERVER['HTTP_HOST']} on behalf of {$domain}"); $body = $smarty->fetch('email_usermsg.tpl'); $subject = "{$from_name} contacting you via {$domain}"; $encsubject = mb_encode_mimeheader($CONF['mail_subjectprefix'] . $subject, $CONF['mail_charset'], $CONF['mail_transferencoding']); $ip = getRemoteIP(); $hostname = trim(`hostname -f`); $received = "Received: from [{$ip}]" . " by {$hostname} " . "with HTTP;" . strftime("%d %b %Y %H:%M:%S -0000", time()) . "\n"; if (!empty($_REQUEST['client_ip']) && preg_match("/^[\\w\\.]+\$/", $_REQUEST['client_ip'])) { $received .= "Received: from [{$_REQUEST['client_ip']}]" . " by [{$id}] " . "with HTTP;" . strftime("%d %b %Y %H:%M:%S -0000", empty($_REQUEST['timestamp']) ? time() : intval($_REQUEST['timestamp'])) . "\n"; } $mime = "MIME-Version: 1.0\n" . "Content-Type: text/plain; charset={$CONF['mail_charset']}\n" . "Content-Disposition: inline\n" . "Content-Transfer-Encoding: 8bit"; $from = "From: {$enc_from_name} <{$from_email}>\n"; $geofrom = "From: Geograph <{$CONF['mail_from']}>\n"; $envfrom = is_null($CONF['mail_envelopefrom']) ? null : "-f {$CONF['mail_envelopefrom']}"; if (preg_match('/(DORMANT|geograph\\.org\\.uk|geograph\\.co\\.uk|dev\\.null|deleted|localhost|127\\.0\\.0\\.1)/', $recipient->email)) { $email = $CONF['contact_email']; $body = "Sent as Geograph doesn't hold email address for this user [id {$recipient->user_id}]\n\n--\n\n" . $body; } else { $email = $recipient->email; }
/** * Сброс пароля пользователя в случайный пароль. * * @param integer $uid id пользователя * @param string $phone телефон введенный в разделе безопасность * * @return string новый пароль, пусто если телефон не совпадает */ public function ResetPasswordSMS($uid, $phone) { global $DB; $new_password = ''; $phone = str_replace('+', '', $phone); $phone = '+' . $phone; $sql = 'SELECT u.uid FROM users u INNER JOIN sbr_reqv s ON s.user_id = u.uid WHERE u.uid=?i AND (s._1_mob_phone = ? OR s._2_mob_phone = ?)'; if (pg_num_rows($DB->query($sql, $uid, $phone, $phone)) == 1) { mt_srand(); $new_password = substr(md5(uniqid(mt_rand())), 0, self::MAX_NEW_PASSWORD_LENGTH); $sql = 'UPDATE users SET passwd=? WHERE uid=?i'; $DB->query($sql, self::hashPasswd($new_password), $uid); // Пишем в лог смены паролей require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/restorepass_log.php'; restorepass_log::SaveToLog($uid, getRemoteIP(), 2); } return $new_password; }
} elseif (strlen($pwd) < 6) { $error = 'Слишком короткий пароль (минимум — 6 символов)'; } elseif (strlen($pwd) > 24) { $error = 'Слишком длинный пароль (максимум — 24 символа)'; } if (!$error && $codes->user_id) { require_once ABS_PATH . '/classes/users.php'; $user = new users(); $user->passwd = $pwd; $err = $user->Update($codes->user_id, $res); $u_id = $codes->user_id; $codes->DelByUT($codes->user_id, 1); if (!$err) { $info = 'Изменения внесены'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/smail.php'; $smail = new smail(); $smail->ChangePwd($codes->user_id, $pwd); // Пишем в лог смены паролей require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/restorepass_log.php'; restorepass_log::SaveToLog($codes->user_id, getRemoteIP(), 1); $pwd = users::hashPasswd(trim(stripslashes($pwd))); $user->getUserByUID($u_id); login($user->login, $pwd); session_write_close(); header('Location: /'); exit; } } } $content = 'changepwd_inner.php'; include 'template3.php';
$alert[2] = "Слишком короткий пароль (минимум — 6 символов)"; } elseif (strlen($pwd) > 24) { $error_flag = 1; $alert[2] = "Слишком длинный пароль (максимум — 24 символа)"; } if (!$error_flag) { $frl = new users(); $alert[1] = $frl->UpdatePwd($uid, $oldpwd, $pwd, 0); if (!$alert[1] && !$error_flag) { $info = "Изменения внесены"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php"; $smail = new smail(); $smail->ChangePwd($uid, $pwd); // Пишем в лог смены паролей require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/restorepass_log.php"; restorepass_log::SaveToLog($uid, getRemoteIP(), 3); } } break; case "foto_change": $foto = new CFile($_FILES['foto']); $del = trim($_POST['del']); $frl = new freelancer(); if ($foto->name || $del == 1) { $error .= $frl->UpdateFoto($uid, $foto, $del); /*if (!$error) $info_msg = "Изменения внесены"; else $error = "Файл не удовлетворяет условиям загрузки";*/ $nParam = !$error ? 1 : 2; if (!$error) { $_SESSION['photo'] = $frl->photo; }