function ProcessError($message)
{
    print "{$message}";
    logEvent("Error: {$message}");
    finish("error", $message);
    exit;
}
function deleteImages($id)
{
    global $portfolioFolder;
    foreach (glob("{$portfolioFolder}/{$id}-*") as $filename) {
        unlink($filename);
    }
    logEvent("delete-images", $id);
}
Beispiel #3
0
function setForceLogout($uid)
{
    global $mysqli;
    $fl = '' . time() . ',' . $_SERVER['REMOTE_ADDR'] . '';
    $M_query = "UPDATE users SET forcelogout='{$fl}' WHERE id='" . $uid . "';";
    error_log($M_query);
    $M_result = $mysqli->query($M_query);
    logEvent('users', 'force-logout', encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'}, M_query: `{$M_query}`"));
}
Beispiel #4
0
function workaroundToUpgradePortfolio()
{
    global $portfolioFolder;
    foreach (glob("{$portfolioFolder}/*-db.json") as $dbFilename) {
        $db = readDb($dbFilename);
        $db->sort = isset($db->sort) ? $db->sort : intval($db->id) * 10000;
        $db->original = isset($db->original) ? $db->original : $db->{"original-file-name"};
        $db->uploaded = isset($db->uploaded) ? $db->uploaded : $db->{"upload-date"};
        $db->display = isset($db->display) ? $db->display === "on" || $db->display === true : true;
        saveDb($dbFilename, $db);
    }
    logEvent("portfolio-upgrade-done", "last-image", $db->id, $db);
}
Beispiel #5
0
    function logout(){
		logEvent('LOGOUT', $_SESSION['CurrentUser']['mid'], $_SESSION['CurrentUser']['mid'],
			addslashes($_SESSION['CurrentUser']['title'] . ' ' . $_SESSION['CurrentUser']['firstnames'] . ' ' . $_SESSION['CurrentUser']['surname']));
		foreach($_SESSION as $key => $val){
            unset($_SESSION[$key]);
        }
        		
		$msg = 'Thank you for using Pusthaka.<br>' .
			'We are always looking for ways to improve your experience with the UCSC Library and we ' .
			'welcome your suggestions as to how we may do so.<br>' .
			'Please send us your comments by email to ' . "<a href='mailto:lib@ucsc.cmb.ac.lk'>lib@ucsc.cmb.ac.lk</a><br>";
		$title = 'Thank You';
		$backlink = 'index.php';
		$backlinkTitle = 'Go Back to Pusthaka Home Page';
		displayMsg($msg, $title, $backlink, $backlinkTitle);		
    }
Beispiel #6
0
function runGpio($cmd, $pin, $args = '')
{
    if ($cmd == 'write') {
        logEvent($pin, $args);
    }
    exec("/usr/bin/gpio mode {$pin} out", $out, $status);
    $status = NULL;
    $out = NULL;
    exec("/usr/bin/gpio {$cmd} {$pin} {$args}", $out, $status);
    if ($status) {
        print "<p class='error'>Failed to execute /usr/bin/gpio {$cmd} {$pin} {$args}: Status {$status}</p>\n";
    }
    if (is_array($out) && count($out) > 0) {
        return $out[0];
    } else {
        return NULL;
    }
}
    function send($to_name = "", $to_addr, $from_name, $from_addr, $subject = '', $headers = '',$envelope = '') {
    	$this->From = $from_addr;
			$this->FromName = $from_name;
      if (ereg("dev",VERSION)) {
      	# make sure we are not sending out emails to real users
        # when developing
      	$this->AddAddress('*****@*****.**');
      } else {
      	$this->AddAddress($to_addr);
      }
      $this->Subject = $subject;
      if(!parent::Send()) {
        #echo "Message was not sent <p>";
        logEvent("Mailer Error: " . $this->ErrorInfo);
        return 0;
      }#
      return 1;
    }
 function send($to_name = "", $to_addr, $from_name, $from_addr, $subject = '', $headers = '', $envelope = '')
 {
     $this->From = $from_addr;
     $this->FromName = $from_name;
     if (strstr(VERSION, "dev")) {
         # make sure we are not sending out emails to real users
         # when developing
         $this->AddAddress($GLOBALS["developer_email"]);
     } else {
         $this->AddAddress($to_addr);
     }
     $this->Subject = $subject;
     if (!parent::Send()) {
         #echo "Message was not sent <p>";
         logEvent("Mailer Error: " . $this->ErrorInfo);
         return 0;
     }
     #
     return 1;
 }
Beispiel #9
0
function resendConfirm($id)
{
    global $tables, $envelope, $prepend;
    $userdata = Sql_Fetch_Array_Query("select * from {$tables["user"]} where id = {$id}");
    $lists_req = Sql_Query(sprintf('select %s.name from %s,%s where 
  	%s.listid = %s.id and %s.userid = %d', $tables["list"], $tables["list"], $tables["listuser"], $tables["listuser"], $tables["list"], $tables["listuser"], $id));
    while ($row = Sql_Fetch_Row($lists_req)) {
        $lists .= '  * ' . $row[0] . "\n";
    }
    if ($userdata["subscribepage"]) {
        $subscribemessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("subscribemessage:" . $userdata["subscribepage"], $id));
        $subject = getConfig("subscribesubject:" . $userdata["subscribepage"]);
    } else {
        $subscribemessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("subscribemessage", $id));
        $subject = getConfig("subscribesubject");
    }
    logEvent("Resending confirmation request to " . $userdata["email"]);
    if (!TEST) {
        return sendMail($userdata["email"], $subject, $prepend . $subscribemessage, system_messageheaders($userdata["email"]), $envelope);
    }
}
Beispiel #10
0
function resendConfirm($id)
{
    global $tables, $envelope;
    $userdata = Sql_Fetch_Array_Query("select * from {$tables['user']} where id = {$id}");
    $lists_req = Sql_Query(sprintf('select %s.name from %s,%s where
    %s.listid = %s.id and %s.userid = %d', $tables['list'], $tables['list'], $tables['listuser'], $tables['listuser'], $tables['list'], $tables['listuser'], $id));
    while ($row = Sql_Fetch_Row($lists_req)) {
        $lists .= '  * ' . $row[0] . "\n";
    }
    if ($userdata['subscribepage']) {
        $subscribemessage = str_replace('[LISTS]', $lists, getUserConfig('subscribemessage:' . $userdata['subscribepage'], $id));
        $subject = getConfig('subscribesubject:' . $userdata['subscribepage']);
    } else {
        $subscribemessage = str_replace('[LISTS]', $lists, getUserConfig('subscribemessage', $id));
        $subject = getConfig('subscribesubject');
    }
    logEvent($GLOBALS['I18N']->get('Resending confirmation request to') . ' ' . $userdata['email']);
    if (!TEST) {
        return sendMail($userdata['email'], $subject, $_REQUEST['prepend'] . $subscribemessage, system_messageheaders($userdata['email']), $envelope);
    }
}
Beispiel #11
0
    $contactId = $contactsNew->insertIntoDB();
    // Insert into DB
    $pwdNew = new Pwd();
    $pwdNew->setUsr($logon);
    $pwdNew->setContactsid($contactId);
    $pwdNew->setSeclev(100);
    $pwdNew->setPw(mkPwd($pw));
    file_put_contents('/etc/athenace/pwd', "{$_POST['custid']}\t{$_POST['suppid']}\t{$logon}\t{$pw}\n", FILE_APPEND);
    // Dont add to the Password table unless they have a custid or a suppid
    if (isset($_POST['custid']) && $_POST['custid'] > 0 || isset($_POST['suppid']) && $_POST['suppid'] > 0) {
        $pwdNew->insertIntoDB();
    } else {
        // Not adding to passwd table
        // i.e contacts not associated with a customer or supplier cant log in
    }
    $logresult = logEvent(6, $logContent);
    header("Location: /contacts/?Added=" . $result['id']);
    exit;
}
include "../tmpl/header.php";
if (isset($_GET['FromAddCustomer'])) {
    ?>

<div id=help>Your new Customer has been saved. You can now add a contact for this Customer</div>

<?php 
}
?>
<h1>Add a New Contact</h1>

<form role="form" action="<?php 
Beispiel #12
0
     $report .= sprintf('<br/>' . $GLOBALS['I18N']->get('%d duplicate emails found.'), $count["duplicate"]);
 }
 if ($_SESSION["overwrite"] == "yes") {
     $report .= sprintf('<br/>' . $GLOBALS['I18N']->get('Subscriber data was updated for %d subscribers'), $count["dataupdate"]);
 }
 if ($count['foundblacklisted']) {
     $report .= sprintf('<br/>' . $GLOBALS['I18N']->get('%s emails were on the blacklist and have not been added to the lists'), $count["foundblacklisted"]);
 }
 $report .= sprintf('<br/>' . $GLOBALS['I18N']->get('%d subscribers were matched by foreign key, %d by email'), $count["fkeymatch"], $count["emailmatch"]);
 if (!$GLOBALS['commandline']) {
     print $report;
     if (function_exists('sendmail')) {
         sendMail(getConfig("admin_address"), $GLOBALS['I18N']->get('phplist Import Results'), $report);
     }
     if (function_exists('logevent')) {
         logEvent($report);
     }
     foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
         $plugin->importReport($report);
     }
 } else {
     output($report);
 }
 $htmlupdate = $report . '<br/>' . PageLinkButton("import2", s('Import some more emails'));
 $htmlupdate = str_replace("'", "\\'", $htmlupdate);
 clearImport();
 $status = '<script type="text/javascript">
   var parentJQuery = window.parent.jQuery;
   parentJQuery("#progressbar").progressbar("destroy");
   parentJQuery("#busyimage").hide();
   parentJQuery("#progresscount").html(\'' . $htmlupdate . '\');
Beispiel #13
0
function precacheMessage($messageid, $forwardContent = 0)
{
    global $cached;
    $domain = getConfig('domain');
    #    $message = Sql_query("select * from {$GLOBALS["tables"]["message"]} where id = $messageid");
    #    $cached[$messageid] = array();
    #    $message = Sql_fetch_array($message);
    $message = loadMessageData($messageid);
    ## the reply to is actually not in use
    if (preg_match("/([^ ]+@[^ ]+)/", $message["replyto"], $regs)) {
        # if there is an email in the from, rewrite it as "name <email>"
        $message["replyto"] = str_replace($regs[0], "", $message["replyto"]);
        $cached[$messageid]["replytoemail"] = $regs[0];
        # if the email has < and > take them out here
        $cached[$messageid]["replytoemail"] = str_replace("<", "", $cached[$messageid]["replytoemail"]);
        $cached[$messageid]["replytoemail"] = str_replace(">", "", $cached[$messageid]["replytoemail"]);
        # make sure there are no quotes around the name
        $cached[$messageid]["replytoname"] = str_replace('"', "", ltrim(rtrim($message["replyto"])));
    } elseif (strpos($message["replyto"], " ")) {
        # if there is a space, we need to add the email
        $cached[$messageid]["replytoname"] = $message["replyto"];
        $cached[$messageid]["replytoemail"] = "listmaster@{$domain}";
    } else {
        if (!empty($message["replyto"])) {
            $cached[$messageid]["replytoemail"] = $message["replyto"] . "@{$domain}";
            ## makes more sense not to add the domain to the word, but the help says it does
            ## so let's keep it for now
            $cached[$messageid]["replytoname"] = $message["replyto"] . "@{$domain}";
        }
    }
    $cached[$messageid]["fromname"] = $message["fromname"];
    $cached[$messageid]["fromemail"] = $message["fromemail"];
    $cached[$messageid]["to"] = $message["tofield"];
    #0013076: different content when forwarding 'to a friend'
    $cached[$messageid]["subject"] = $forwardContent ? stripslashes($message["forwardsubject"]) : $message["subject"];
    #0013076: different content when forwarding 'to a friend'
    $cached[$messageid]["content"] = $forwardContent ? stripslashes($message["forwardmessage"]) : $message["message"];
    if (USE_MANUAL_TEXT_PART && !$forwardContent) {
        $cached[$messageid]["textcontent"] = $message["textmessage"];
    } else {
        $cached[$messageid]["textcontent"] = '';
    }
    #  var_dump($cached);exit;
    #0013076: different content when forwarding 'to a friend'
    $cached[$messageid]["footer"] = $forwardContent ? stripslashes($message["forwardfooter"]) : $message["footer"];
    if (strip_tags($cached[$messageid]["footer"]) != $cached[$messageid]["footer"]) {
        $cached[$messageid]["textfooter"] = HTML2Text($cached[$messageid]["footer"]);
        $cached[$messageid]["htmlfooter"] = $cached[$messageid]["footer"];
    } else {
        $cached[$messageid]["textfooter"] = $cached[$messageid]["footer"];
        $cached[$messageid]["htmlfooter"] = parseText($cached[$messageid]["footer"]);
    }
    $cached[$messageid]["htmlformatted"] = strip_tags($cached[$messageid]["content"]) != $cached[$messageid]["content"];
    $cached[$messageid]["sendformat"] = $message["sendformat"];
    if ($message["template"]) {
        $req = Sql_Fetch_Row_Query("select template from {$GLOBALS["tables"]["template"]} where id = {$message["template"]}");
        $cached[$messageid]["template"] = stripslashes($req[0]);
        $cached[$messageid]["templateid"] = $message["template"];
        #   dbg("TEMPLATE: ".$req[0]);
    } else {
        $cached[$messageid]["template"] = '';
        $cached[$messageid]["templateid"] = 0;
    }
    ## @@ put this here, so it can become editable per email sent out at a later stage
    $cached[$messageid]["html_charset"] = 'UTF-8';
    #getConfig("html_charset");
    ## @@ need to check on validity of charset
    if (!$cached[$messageid]["html_charset"]) {
        $cached[$messageid]["html_charset"] = 'UTF-8';
        #'iso-8859-1';
    }
    $cached[$messageid]["text_charset"] = 'UTF-8';
    #getConfig("text_charset");
    if (!$cached[$messageid]["text_charset"]) {
        $cached[$messageid]["text_charset"] = 'UTF-8';
        #'iso-8859-1';
    }
    ## if we are sending a URL that contains user attributes, we cannot pre-parse the message here
    ## but that has quite some impact on speed. So check if that's the case and apply
    $cached[$messageid]['userspecific_url'] = preg_match('/\\[.+\\]/', $message['sendurl']);
    if (!$cached[$messageid]['userspecific_url']) {
        ## Fetch external content here, because URL does not contain placeholders
        if ($GLOBALS["can_fetchUrl"] && preg_match("/\\[URL:([^\\s]+)\\]/i", $cached[$messageid]["content"], $regs)) {
            $remote_content = fetchUrl($regs[1], array());
            #  $remote_content = fetchUrl($message['sendurl'],array());
            # @@ don't use this
            #      $remote_content = includeStyles($remote_content);
            if ($remote_content) {
                $cached[$messageid]['content'] = str_replace($regs[0], $remote_content, $cached[$messageid]['content']);
                #  $cached[$messageid]['content'] = $remote_content;
                $cached[$messageid]["htmlformatted"] = strip_tags($remote_content) != $remote_content;
                ## 17086 - disregard any template settings when we have a valid remote URL
                $cached[$messageid]["template"] = NULL;
                $cached[$messageid]["templateid"] = NULL;
            } else {
                #print Error(s('unable to fetch web page for sending'));
                logEvent("Error fetching URL: " . $message['sendurl'] . ' cannot proceed');
                return false;
            }
        }
        if (VERBOSE && !empty($GLOBALS['getspeedstats'])) {
            output('fetch URL end');
        }
        /*
        print $message['sendurl'];
        print $remote_content;exit;
        */
    }
    // end if not userspecific url
    if ($cached[$messageid]["htmlformatted"]) {
        #   $cached[$messageid]["content"] = compressContent($cached[$messageid]["content"]);
    }
    $cached[$messageid]['google_track'] = $message['google_track'];
    /*
        else {
    print $message['sendurl'];
    exit;
    }
    */
    if (VERBOSE && !empty($GLOBALS['getspeedstats'])) {
        output('parse config start');
    }
    /*
     * this is not a good idea, as it'll replace eg "unsubscribeurl" with a general one instead of personalised
     *   if (is_array($GLOBALS["default_config"])) {
      foreach($GLOBALS["default_config"] as $key => $val) {
        if (is_array($val)) {
          $cached[$messageid]['content'] = str_ireplace("[$key]",getConfig($key),$cached[$messageid]['content']);
          $cached[$messageid]["textcontent"] = str_ireplace("[$key]",getConfig($key),$cached[$messageid]["textcontent"]);
          $cached[$messageid]["textfooter"] = str_ireplace("[$key]",getConfig($key),$cached[$messageid]['textfooter']);
          $cached[$messageid]["htmlfooter"] = str_ireplace("[$key]",getConfig($key),$cached[$messageid]['htmlfooter']);
        }
      }
    }
    */
    if (VERBOSE && !empty($GLOBALS['getspeedstats'])) {
        output('parse config end');
    }
    ## ##17233 not that many fields are actually useful, so don't blatantly use all
    #  foreach($message as $key => $val) {
    foreach (array('subject', 'id', 'fromname', 'fromemail') as $key) {
        $val = $message[$key];
        if (!is_array($val)) {
            $cached[$messageid]['content'] = str_ireplace("[{$key}]", $val, $cached[$messageid]['content']);
            $cached[$messageid]["textcontent"] = str_ireplace("[{$key}]", $val, $cached[$messageid]["textcontent"]);
            $cached[$messageid]["textfooter"] = str_ireplace("[{$key}]", $val, $cached[$messageid]['textfooter']);
            $cached[$messageid]["htmlfooter"] = str_ireplace("[{$key}]", $val, $cached[$messageid]['htmlfooter']);
        }
    }
    if (preg_match("/##LISTOWNER=(.*)/", $cached[$messageid]['content'], $regs)) {
        $cached[$messageid]['listowner'] = $regs[1];
        $cached[$messageid]['content'] = str_replace($regs[0], "", $cached[$messageid]['content']);
    } else {
        $cached[$messageid]['listowner'] = 0;
    }
    if (!empty($cached[$messageid]['listowner'])) {
        $att_req = Sql_Query("select name,value from {$GLOBALS["tables"]["adminattribute"]},{$GLOBALS["tables"]["admin_attribute"]} where {$GLOBALS["tables"]["adminattribute"]}.id = {$GLOBALS["tables"]["admin_attribute"]}.adminattributeid and {$GLOBALS["tables"]["admin_attribute"]}.adminid = " . $cached[$messageid]['listowner']);
        while ($att = Sql_Fetch_Array($att_req)) {
            $cached[$messageid]['content'] = preg_replace("#\\[LISTOWNER." . strtoupper(preg_quote($att["name"])) . "\\]#", $att["value"], $cached[$messageid]['content']);
        }
    }
    $baseurl = $GLOBALS['website'];
    if (defined('UPLOADIMAGES_DIR') && UPLOADIMAGES_DIR) {
        ## escape subdirectories, otherwise this renders empty
        $dir = str_replace('/', '\\/', UPLOADIMAGES_DIR);
        $cached[$messageid]['content'] = preg_replace('/<img(.*)src="\\/' . $dir . '(.*)>/iU', '<img\\1src="' . $GLOBALS['public_scheme'] . '://' . $baseurl . '/' . UPLOADIMAGES_DIR . '\\2>', $cached[$messageid]['content']);
    }
    //if (defined('FCKIMAGES_DIR') && FCKIMAGES_DIR) {
    //$cached[$messageid]['content'] = preg_replace('/<img(.*)src="\/lists\/'.FCKIMAGES_DIR.'(.*)>/iU','<img\\1src="'.$GLOBALS['public_scheme'].'://'.$baseurl.'/lists/'.FCKIMAGES_DIR.'\\2>',$cached[$messageid]['content']);
    //}
    return 1;
}
Beispiel #14
0
function repeatMessage($msgid)
{
    #  if (!USE_REPETITION && !USE_rss) return;
    $data = loadMessageData($msgid);
    ## do not repeat when it has already been done
    if ($data['repeatinterval'] == 0 || !empty($data['repeatedid'])) {
        return;
    }
    # calculate the future embargo, a multiple of repeatinterval minutes after the current embargo
    $msgdata = Sql_Fetch_Array_Query(sprintf('SELECT *,
        embargo +
            INTERVAL (FLOOR(TIMESTAMPDIFF(MINUTE, embargo, GREATEST(embargo, NOW())) / repeatinterval) + 1) * repeatinterval MINUTE AS newembargo
        FROM %s
        WHERE id = %d AND now() < repeatuntil', $GLOBALS['tables']['message'], $msgid));
    if (!$msgdata) {
        logEvent("Message {$msgid} not repeated due to reaching the repeatuntil date");
        return;
    }
    # check whether the new embargo is not on an exclusion
    if (isset($GLOBALS['repeat_exclude']) && is_array($GLOBALS['repeat_exclude'])) {
        $loopcnt = 0;
        while (excludedDateForRepetition($msgdata['newembargo'])) {
            if (++$loopcnt > 15) {
                logEvent("Unable to find new embargo date too many exclusions? for message {$msgid}");
                return;
            }
            $result = Sql_Fetch_Array_Query(sprintf("SELECT '%s' + INTERVAL repeatinterval MINUTE AS newembargo\n            FROM %s\n            WHERE id = %d", $msgdata['newembargo'], $GLOBALS['tables']['message'], $msgid));
            $msgdata['newembargo'] = $result['newembargo'];
        }
    }
    # copy the new message
    Sql_Query(sprintf('
    insert into %s (entered) values(now())', $GLOBALS['tables']['message']));
    $newid = Sql_Insert_id();
    require dirname(__FILE__) . '/structure.php';
    if (!is_array($DBstruct['message'])) {
        logEvent("Error including structure when trying to duplicate message {$msgid}");
        return;
    }
    foreach ($DBstruct['message'] as $column => $rec) {
        if ($column != 'id' && $column != 'entered' && $column != 'sendstart') {
            Sql_Query(sprintf('update %s set %s = "%s" where id = %d', $GLOBALS['tables']['message'], $column, addslashes($msgdata[$column]), $newid));
        }
    }
    $req = Sql_Query(sprintf("SELECT *\n    FROM %s\n    WHERE id = %d AND name NOT IN ('id')", $GLOBALS['tables']['messagedata'], $msgid));
    while ($row = Sql_Fetch_Array($req)) {
        setMessageData($newid, $row['name'], $row['data']);
    }
    Sql_Query(sprintf('update %s set embargo = "%s",status = "submitted",sent = "" where id = %d', $GLOBALS['tables']['message'], $msgdata['newembargo'], $newid));
    list($e['year'], $e['month'], $e['day'], $e['hour'], $e['minute'], $e['second']) = sscanf($msgdata['newembargo'], '%04d-%02d-%02d %02d:%02d:%02d');
    unset($e['second']);
    setMessageData($newid, 'embargo', $e);
    foreach (array('processed', 'astext', 'ashtml', 'astextandhtml', 'aspdf', 'astextandpdf', 'viewed', 'bouncecount') as $item) {
        Sql_Query(sprintf('update %s set %s = 0 where id = %d', $GLOBALS['tables']['message'], $item, $newid));
    }
    # lists
    $req = Sql_Query(sprintf('select listid from %s where messageid = %d', $GLOBALS['tables']['listmessage'], $msgid));
    while ($row = Sql_Fetch_Row($req)) {
        Sql_Query(sprintf('insert into %s (messageid,listid,entered) values(%d,%d,now())', $GLOBALS['tables']['listmessage'], $newid, $row[0]));
    }
    # attachments
    $req = Sql_Query(sprintf('select * from %s,%s where %s.messageid = %d and %s.attachmentid = %s.id', $GLOBALS['tables']['message_attachment'], $GLOBALS['tables']['attachment'], $GLOBALS['tables']['message_attachment'], $msgid, $GLOBALS['tables']['message_attachment'], $GLOBALS['tables']['attachment']));
    while ($row = Sql_Fetch_Array($req)) {
        if (is_file($row['remotefile'])) {
            # if the "remote file" is actually local, we want to refresh the attachment, so we set
            # filename to nothing
            $row['filename'] = '';
        }
        Sql_Query(sprintf('insert into %s (filename,remotefile,mimetype,description,size)
      values("%s","%s","%s","%s",%d)', $GLOBALS['tables']['attachment'], addslashes($row['filename']), addslashes($row['remotefile']), addslashes($row['mimetype']), addslashes($row['description']), $row['size']));
        $attid = Sql_Insert_id();
        Sql_Query(sprintf('insert into %s (messageid,attachmentid) values(%d,%d)', $GLOBALS['tables']['message_attachment'], $newid, $attid));
    }
    logEvent("Message {$msgid} was successfully rescheduled as message {$newid}");
    ## remember we duplicated, in order to avoid doing it again (eg when requeuing)
    setMessageData($msgid, 'repeatedid', $newid);
    if (getConfig('pqchoice') == 'phplistdotcom') {
        activateRemoteQueue();
    }
}
Beispiel #15
0
require_once "authlib.php";
$code = $_POST['ccode'];
$oldCode = $_POST['oldCode'];
$perms = $_POST['perms'];
$user = null;
if (!empty($oldCode) && hasPerm("codes.edit", $user)) {
    logEvent($conn, $logTable, "Changed SeaCode {$oldCode} to {$code}");
    $cmd = $conn->prepare("update {$codeTable} set codename = :code, perms = :perms \n\t\twhere codename = :oldCode");
    $cmd->bindParam(":code", $code, PDO::PARAM_STR, 10);
    $cmd->bindParam(":oldCode", $oldCode, PDO::PARAM_STR, 10);
    $cmd->bindParam(":perms", $perms, PDO::PARAM_STR, 100);
    $cmd->execute();
    $conn = $altConn = null;
    header('Location: codelist.php');
    die('');
}
$cmd = $conn->prepare("select userID from {$codeTable} where codename = :code");
$cmd->bindParam(":code", $code, PDO::PARAM_STR, 10);
$cmd->execute();
$results = $cmd->fetchAll();
if (count($results) === 0 && hasPerm("codes.add", $user)) {
    logEvent($conn, $logTable, "Added new SeaCode {$code}");
    $cmd = $conn->prepare("insert into {$codeTable} (codename, perms) \n\t\tvalues (:code, :perms)");
    $cmd->bindParam(":code", $code, PDO::PARAM_STR, 10);
    $cmd->bindParam(":perms", $perms, PDO::PARAM_STR, 100);
    $cmd->execute();
    header('Location: codelist.php');
} else {
    header('Location: code.php');
}
$conn = $altConn = null;
Beispiel #16
0
function processBounceData($bounceid, $msgid, $userid)
{
    global $tables;
    $useremailQ = Sql_fetch_row_query(sprintf('select email from %s where id = %d', $tables['user'], $userid));
    $useremail = $useremailQ[0];
    if ($msgid === "systemmessage" && !empty($userid)) {
        Sql_Query(sprintf('update %s
      set status = "bounced system message",
      comment = "%s marked unconfirmed"
      where id = %d', $tables["bounce"], $userid, $bounceid));
        logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, user marked unconfirmed"));
        addUserHistory($useremail, $GLOBALS['I18N']->get("Bounced system message"), "\n    <br/>" . $GLOBALS['I18N']->get("User marked unconfirmed") . "\n    <br/><a href=\"./?page=bounce&amp;id={$bounceid}\">" . $GLOBALS['I18N']->get("View Bounce") . "</a>\n\n    ");
        Sql_Query(sprintf('update %s
      set confirmed = 0
      where id = %d', $tables["user"], $userid));
    } elseif (!empty($msgid) && !empty($userid)) {
        ## check if we already have this um as a bounce
        ## so that we don't double count "delayed" like bounces
        $exists = Sql_Fetch_Row_Query(sprintf('select count(*) from %s where user = %d and message = %d', $tables["user_message_bounce"], $userid, $msgid));
        if (empty($exists[0])) {
            Sql_Query(sprintf('insert into %s
        set user = %d, message = %d, bounce = %d', $tables["user_message_bounce"], $userid, $msgid, $bounceid));
            Sql_Query(sprintf('update %s
        set status = "bounced list message %d",
        comment = "%s bouncecount increased"
        where id = %d', $tables["bounce"], $msgid, $userid, $bounceid));
            Sql_Query(sprintf('update %s
        set bouncecount = bouncecount + 1
        where id = %d', $tables["message"], $msgid));
            Sql_Query(sprintf('update %s
        set bouncecount = bouncecount + 1
        where id = %d', $tables["user"], $userid));
        } else {
            ## we create the relationship, but don't increase counters
            Sql_Query(sprintf('insert into %s
        set user = %d, message = %d, bounce = %d', $tables["user_message_bounce"], $userid, $msgid, $bounceid));
            ## we cannot translate this text
            Sql_Query(sprintf('update %s
        set status = "duplicate bounce for %d",
        comment = "duplicate bounce for subscriber %d on message %d"
        where id = %d', $tables["bounce"], $userid, $userid, $msgid, $bounceid));
        }
    } elseif ($userid) {
        Sql_Query(sprintf('update %s
      set status = "bounced unidentified message",
      comment = "%s bouncecount increased"
      where id = %d', $tables["bounce"], $userid, $bounceid));
        Sql_Query(sprintf('update %s
      set bouncecount = bouncecount + 1
      where id = %d', $tables["user"], $userid));
    } elseif ($msgid === 'systemmessage') {
        Sql_Query(sprintf('update %s
      set status = "bounced system message",
      comment = "unknown user"
      where id = %d', $tables["bounce"], $bounceid));
        logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, but unknown user"));
    } elseif ($msgid) {
        Sql_Query(sprintf('update %s
      set status = "bounced list message %d",
      comment = "unknown user"
      where id = %d', $tables["bounce"], $msgid, $bounceid));
        Sql_Query(sprintf('update %s
      set bouncecount = bouncecount + 1
      where id = %d', $tables["message"], $msgid));
    } else {
        Sql_Query(sprintf('update %s
      set status = "unidentified bounce",
      comment = "not processed"
      where id = %d', $tables["bounce"], $bounceid));
        return false;
    }
    return true;
}
Beispiel #17
0
function forwardPage($id)
{
    global $tables;
    $ok = true;
    $subtitle = '';
    $info = '';
    $html = '';
    $form = '';
    $personalNote = '';
    ## Check requirements
    # message
    $mid = 0;
    if (isset($_REQUEST['mid'])) {
        $mid = sprintf('%d', $_REQUEST['mid']);
        $messagedata = loadMessageData($mid);
        $mid = $messagedata['id'];
        if ($mid) {
            $subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']);
        }
    }
    #mid set
    # user
    if (!isset($_REQUEST['uid']) || !$_REQUEST['uid']) {
        FileNotFound();
    }
    ## get userdata
    $req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables['user'], sql_escape($_REQUEST['uid'])));
    $userdata = Sql_Fetch_Array($req);
    ## verify that this subscriber actually received this message to forward, otherwise they're not allowed
    $allowed = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and messageid = %d', $GLOBALS['tables']['usermessage'], $userdata['id'], $mid));
    if (empty($userdata['id']) || $allowed[0] != $userdata['id']) {
        ## when sending a test email as an admin, the entry isn't there yet
        if (empty($_SESSION['adminloggedin']) || $_SESSION['adminloggedin'] != $_SERVER['REMOTE_ADDR']) {
            FileNotFound('<br/><i>' . $GLOBALS['I18N']->get('When testing the phpList forward functionality, you need to be logged in as an administrator.') . '</i><br/>');
        }
    }
    $firstpage = 1;
    ## is this the initial page or a followup
    # forward addresses
    $forwardemail = '';
    if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) {
        $firstpage = 0;
        $forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ', $tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id']));
        $forwardemail = stripslashes($_REQUEST['email']);
        $emails = explode("\n", $forwardemail);
        $emails = trimArray($emails);
        $forwardemail = implode("\n", $emails);
        #0011860: forward to friend, multiple emails
        $emailCount = $forwardPeriodCount[0];
        foreach ($emails as $index => $email) {
            $emails[$index] = trim($email);
            if (is_email($email)) {
                ++$emailCount;
            } else {
                $info .= sprintf('<br />' . $GLOBALS['strForwardInvalidEmail'], $email);
                $ok = false;
            }
        }
        if ($emailCount > FORWARD_EMAIL_COUNT) {
            $info .= '<br />' . $GLOBALS['strForwardCountReached'];
            $ok = false;
        }
    } else {
        $ok = false;
    }
    #0011996: forward to friend - personal message
    # text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max
    if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) {
        if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) {
            $info .= '<BR />' . $GLOBALS['strForwardNoteLimitReached'];
            $ok = false;
        }
        $personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote'])));
        $userdata['personalNote'] = $personalNote;
    }
    if ($userdata['id'] && $mid) {
        if ($ok && count($emails)) {
            ## All is well, send it
            require_once 'admin/sendemaillib.php';
            #0013845 Lead Ref Scheme
            if (FORWARD_FRIEND_COUNT_ATTRIBUTE) {
                $iCountFriends = FORWARD_FRIEND_COUNT_ATTRIBUTE;
            } else {
                $iCountFriends = 0;
            }
            if ($iCountFriends) {
                $nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends));
            }
            ## remember the lists for this message in order to notify only those admins
            ## that own them
            $messagelists = array();
            $messagelistsreq = Sql_Query(sprintf('select listid from %s where messageid = %d', $GLOBALS['tables']['listmessage'], $mid));
            while ($row = Sql_Fetch_Row($messagelistsreq)) {
                array_push($messagelists, $row[0]);
            }
            foreach ($emails as $index => $email) {
                #0011860: forward to friend, multiple emails
                $done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $email, $mid));
                $info .= '<br />' . $email . ': ';
                if ($done['status'] === 'sent') {
                    $info .= $GLOBALS['strForwardAlreadyDone'];
                } elseif (isBlackListed($email)) {
                    $info .= $GLOBALS['strForwardBlacklistedEmail'];
                } else {
                    if (!TEST) {
                        # forward the message
                        # sendEmail will take care of blacklisting
                        ### CHECK $email vs $forwardemail
                        if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) {
                            $info .= $GLOBALS['strForwardSuccessInfo'];
                            sendAdminCopy(s('Message Forwarded'), s('%s has forwarded message %d to %s', $userdata['email'], $mid, $email), $messagelists);
                            Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
                 values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
                            if ($iCountFriends) {
                                ++$nFriends;
                            }
                        } else {
                            $info .= $GLOBALS['strForwardFailInfo'];
                            sendAdminCopy(s('Message Forwarded'), s('%s tried forwarding message %d to %s but failed', $userdata['email'], $mid, $email), $messagelists);
                            Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
                values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
                            $ok = false;
                        }
                    }
                }
            }
            # foreach friend
            if ($iCountFriends) {
                saveUserAttribute($userdata['id'], $iCountFriends, array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends));
            }
        }
        #ok & emails
    } else {
        # no valid sender
        logEvent(s('Forward request from invalid user ID: %s', substr($_REQUEST['uid'], 0, 150)));
        $info .= '<BR />' . $GLOBALS['strForwardFailInfo'];
        $ok = false;
    }
    /*
      $data = PageData($id);
      if (isset($data['language_file']) && is_file(dirname(__FILE__).'/texts/'.basename($data['language_file']))) {
        @include dirname(__FILE__).'/texts/'.basename($data['language_file']);
      }
    */
    ## BAS Multiple Forward
    ## build response page
    $form = '<form method="post" action="">';
    $form .= sprintf('<input type=hidden name="mid" value="%d">', $mid);
    $form .= sprintf('<input type=hidden name="id" value="%d">', $id);
    $form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']);
    $form .= sprintf('<input type=hidden name="p" value="forward">');
    if (!$ok) {
        #0011860: forward to friend, multiple emails
        if (FORWARD_EMAIL_COUNT == 1) {
            $form .= '<br /><h2>' . $GLOBALS['strForwardEnterEmail'] . '</h2>';
            $form .= sprintf('<input type=text name="email" value="%s" size=50 class="attributeinput">', $forwardemail);
        } else {
            $form .= '<br /><h2>' . sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT) . '</h2>';
            $form .= sprintf('<textarea name="email" rows="10" cols="50" class="attributeinput">%s</textarea>', $forwardemail);
        }
        #0011996: forward to friend - personal message
        if (FORWARD_PERSONAL_NOTE_SIZE) {
            $form .= sprintf('<h2>' . $GLOBALS['strForwardPersonalNote'] . '</h2>', FORWARD_PERSONAL_NOTE_SIZE);
            $cols = 50;
            $rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40));
            $form .= sprintf('<br/><textarea type="text" name="personalNote" rows="%d" cols="%d" class="attributeinput">%s</textarea>', $rows, $cols, $personalNote);
        }
        $form .= sprintf('<br /><input type="submit" value="%s"></form>', $GLOBALS['strContinue']);
    }
    ### END BAS
    ### Michiel, remote response page
    $remote_content = '';
    if (preg_match("/\\[URL:([^\\s]+)\\]/i", $messagedata['message'], $regs)) {
        if (isset($regs[1]) && strlen($regs[1])) {
            $url = $regs[1];
            if (!preg_match('/^http/i', $url)) {
                $url = 'http://' . $url;
            }
            $remote_content = fetchUrl($url);
        }
    }
    if (!empty($remote_content) && preg_match('/\\[FORWARDFORM\\]/', $remote_content, $regs)) {
        if ($firstpage) {
            ## this is the initial page, not a follow up one.
            $remote_content = str_replace($regs[0], $info . $form, $remote_content);
        } else {
            $remote_content = str_replace($regs[0], $info, $remote_content);
        }
        $res = $remote_content;
    } else {
        $res = '<title>' . $GLOBALS['strForwardTitle'] . '</title>';
        $res .= $GLOBALS['pagedata']['header'];
        $res .= '<h3>' . $subtitle . '</h3>';
        if ($ok) {
            $res .= '<h4>' . $info . '</h4>';
        } elseif (!empty($info)) {
            $res .= '<div class="error missing">' . $info . '</div>';
        }
        $res .= $form;
        $res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>';
        $res .= $GLOBALS['pagedata']['footer'];
    }
    ### END MICHIEL
    return $res;
}
Beispiel #18
0
<?php

//Setup Connection and check authorization
require_once "authlib.php";
if (hasPerm("codes.clear")) {
    //Check if a UserID is specified
    $code = base64_decode($_GET['ccode']);
    //Grab the user and set address to null
    logEvent($conn, $logTable, "Cleared SeaCode {$code}");
    $cmd = $conn->prepare("update {$codeTable} set userID = null where codename = :code");
    $cmd->bindParam(":code", $code, PDO::PARAM_INT);
    $cmd->execute();
}
//Disconnect
$conn = $altConn = null;
header('Location: codelist.php');
Beispiel #19
0
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
include "/srv/athenace/lib/shared/common.php";
if (isset($_GET['pg']) && $_GET['pg'] == 'logout') {
    $loggedin = chkCookie();
    logEvent("30", $loggedin);
    killCookie();
    header("Location: {$www_url}");
    exit;
}
$token = base64_decode($_GET['t']);
$parts = preg_split('/\\|/', decrypt($token));
$usr = $parts[0];
$pw = $parts[1];
// $staffid = pass ( $usr, $pw, 'staff' );
if (!isset($_POST['pt']) || $_POST['pt'] == '') {
    $staffid = pass($usr, $pw, 'staff');
} else {
    $cke = base64_decode($_POST['pt']);
    $keywords = preg_split("/\\./", $cke);
    if ($keywords[4] == 'ATHENASECCHK') {
Beispiel #20
0
 public function postLogin(Request $request)
 {
     logEvent('user-logged-in', '[User='******']' . ', User-Agent=[' . $request->header('User-Agent') . ']');
     return $this->login($request);
 }
function output($message, $logit = 1)
{
    global $report;
    if ($GLOBALS["commandline"]) {
        @ob_end_clean();
        print strip_tags($message) . "\n";
        $infostring = '';
        ob_start();
    } else {
        $infostring = "[" . date("D j M Y H:i", time()) . "] [" . $_SERVER["REMOTE_ADDR"] . "]";
        #print "$infostring $message<br>\n";
        $lines = explode("\n", $message);
        foreach ($lines as $line) {
            $line = preg_replace('/"/', '\\"', $line);
            ## contribution in forums, http://forums.phplist.com/viewtopic.php?p=14648
            //Replace the "&rsquo;" which is not replaced by html_decode
            $line = preg_replace("/&rsquo;/", "'", $line);
            //Decode HTML chars
            $line = html_entity_decode($line, ENT_QUOTES, 'UTF-8');
            # hmm, language switch form is now in the page as well....
            print '<script language="Javascript" type="text/javascript">
//        if (document.forms[0].name == "outputform") {
          document.outputform.output.value += "' . $line . '";
          document.outputform.output.value += "\\n";
//        } else
//          document.writeln("' . $line . '");
      </script>' . "\n";
        }
        flush();
    }
    $report .= "\n{$infostring} {$message}";
    if ($logit) {
        logEvent($message);
    }
    flush();
}
Beispiel #22
0
function fetchUrl($url, $userdata = array())
{
    require_once "HTTP/Request.php";
    # logEvent("Fetching $url");
    if (sizeof($userdata)) {
        foreach ($userdata as $key => $val) {
            $url = eregi_replace("\\[{$key}\\]", urlencode($val), $url);
        }
    }
    if (!isset($GLOBALS['urlcache'])) {
        $GLOBALS['urlcache'] = array();
    }
    # keep in memory cache in case we send a page to many emails
    if (isset($GLOBALS['urlcache'][$url]) && is_array($GLOBALS['urlcache'][$url]) && time() - $GLOBALS['urlcache'][$url]['fetched'] < REMOTE_URL_REFETCH_TIMEOUT) {
        #     logEvent($url . " is cached in memory");
        return $GLOBALS['urlcache'][$url]['content'];
    }
    $dbcache_lastmodified = getPageCacheLastModified($url);
    $timeout = time() - $dbcache_lastmodified;
    if ($timeout < REMOTE_URL_REFETCH_TIMEOUT) {
        #    logEvent($url.' was cached in database');
        return getPageCache($url);
    } else {
        #    logEvent($url.' is not cached in database '.$timeout.' '. $dbcache_lastmodified." ".time());
    }
    # add a small timeout, although the biggest timeout will exist in doing the DNS lookup,
    # so it won't make too much of a difference
    $request_parameters = array('timeout' => 10, 'allowRedirects' => 1, 'method' => 'HEAD');
    $headreq =& new HTTP_Request($url, $request_parameters);
    $headreq->addHeader('User-Agent', 'phplist v' . VERSION . ' (http://www.phplist.com)');
    if (!PEAR::isError($headreq->sendRequest(false))) {
        $code = $headreq->getResponseCode();
        if ($code != 200) {
            logEvent('Fetching ' . $url . ' failed, error code ' . $code);
            return 0;
        }
        $header = $headreq->getResponseHeader();
        ## relying on the last modified header doesn't work for many pages
        ## use current time instead
        ## see http://mantis.phplist.com/view.php?id=7684
        #    $lastmodified = strtotime($header["last-modified"]);
        $lastmodified = time();
        $cache = getPageCache($url, $lastmodified);
        if (!$cache) {
            $request_parameters['method'] = 'GET';
            $req =& new HTTP_Request($url, $request_parameters);
            $req->addHeader('User-Agent', 'phplist v' . VERSION . ' (http://www.phplist.com)');
            logEvent('Fetching ' . $url);
            if (!PEAR::isError($req->sendRequest(true))) {
                $content = $req->getResponseBody();
                $content = addAbsoluteResources($content, $url);
                logEvent('Fetching ' . $url . ' success');
                setPageCache($url, $lastmodified, $content);
            } else {
                logEvent('Fetching ' . $url . ' failed');
                return 0;
            }
        } else {
            logEvent($url . ' was cached in database');
            $content = $cache;
        }
    } else {
        logEvent('Fetching ' . $url . ' failed');
        return 0;
    }
    $GLOBALS['urlcache'][$url] = array('fetched' => time(), 'content' => $content);
    return $content;
}
Beispiel #23
0
function fetchUrlPear($url, $request_parameters)
{
    if (VERBOSE) {
        logEvent($url . ' fetching with PEAR');
    }
    if (0 && $GLOBALS['has_pear_http_request'] == 2) {
        $headreq = new HTTP_Request2($url, $request_parameters);
        $headreq->setHeader('User-Agent', 'phplist v' . VERSION . 'p (http://www.phplist.com)');
    } else {
        $headreq = new HTTP_Request($url, $request_parameters);
        $headreq->addHeader('User-Agent', 'phplist v' . VERSION . 'p (http://www.phplist.com)');
    }
    if (!PEAR::isError($headreq->sendRequest(false))) {
        $code = $headreq->getResponseCode();
        if ($code != 200) {
            logEvent('Fetching ' . $url . ' failed, error code ' . $code);
            return 0;
        }
        $header = $headreq->getResponseHeader();
        if (preg_match('/charset=(.*)/i', $header['content-type'], $regs)) {
            $remote_charset = strtoupper($regs[1]);
        }
        $request_parameters['method'] = 'GET';
        if (0 && $GLOBALS['has_pear_http_request'] == 2) {
            $req = new HTTP_Request2($url, $request_parameters);
            $req->setHeader('User-Agent', 'phplist v' . VERSION . 'p (http://www.phplist.com)');
        } else {
            $req = new HTTP_Request($url, $request_parameters);
            $req->addHeader('User-Agent', 'phplist v' . VERSION . 'p (http://www.phplist.com)');
        }
        logEvent('Fetching ' . $url);
        if (VERBOSE && function_exists('output')) {
            output('Fetching remote: ' . $url);
        }
        if (!PEAR::isError($req->sendRequest(true))) {
            $content = $req->getResponseBody();
            if ($remote_charset != 'UTF-8' && function_exists('iconv')) {
                $content = iconv($remote_charset, 'UTF-8//TRANSLIT', $content);
            }
        } else {
            logEvent('Fetching ' . $url . ' failed on GET ' . $req->getResponseCode());
            return 0;
        }
    } else {
        logEvent('Fetching ' . $url . ' failed on HEAD');
        return 0;
    }
    return $content;
}
Beispiel #24
0
    sro('/Pages/restricted/admin.php');
    die("");
}
global $suid, $mysqli;
$uid = cleanInput('/[^0-9]/', $_POST['keyfield']);
if ("{$uid}" == "{$suid}") {
    logEvent("audelete", "current-user", encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'} : {$uid} == {$suid}"));
    die("Cannot delete current user.");
} else {
    if ($uid == '1') {
        logEvent("audelete", "admin-user", encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'} : {$uid}, {$suid}"));
        die("Cannot delete user.");
    } else {
        $M_query = "SELECT * FROM users WHERE id='{$uid}';";
        $M_result = $mysqli->query($M_query) or die("error");
        $M_count = $M_result->num_rows;
        if ($M_count == 1) {
            $M_row = $M_result->fetch_assoc();
            $toAdd = encodeHex("users: ['" . implode("','", array_keys($M_row)) . "'], {'" . implode("', '", $M_row) . "'}");
            $M_query1 = "DELETE FROM users WHERE id='{$uid}'";
            $M_result1 = $mysqli->query($M_query1);
            $M_query2 = "INSERT INTO deleted (fid, data) VALUES ('{$uid}', '{$toAdd}')";
            $M_result2 = $mysqli->query($M_query2);
            logEvent("audelete", "success", encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'} : {$uid},  {$suid}, M_query: `{$M_query}`, M_count: `{$M_count}`, M_row: ['" . implode("','", array_keys($M_row)) . "'], {'" . implode("', '", $M_row) . "'}, toAdd: {$toAdd}, M_query1: {$M_query1}, M_query2: {$M_query2}"));
            print "success";
        } else {
            logEvent("audelete", "no-user", encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'} : {$uid},  {$suid}, M_query: `{$M_query}`, M_count: `{$M_count}`"));
            die("No such user");
        }
    }
}
Beispiel #25
0
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
include "/srv/athenace/lib/shared/common.php";
$ret = sendDBEmail();
// Returns:
// 1 on No mail,
// 2 on Sent a Mail Successfully
// 3 on failed sending mail, i.e. there was an error
$logContent = '';
if ($ret == 2) {
    $logContent .= 'Sent a Mail Successfully';
    $logresult = logEvent(32, $logContent);
} elseif ($ret == 3) {
    $logContent .= 'Failed Sending Mail';
    $logresult = logEvent(32, $logContent);
} else {
}
function sendDBEmail()
{
    // This function picks up an unsent mail from the Database and sends it.
    // This is desgined to be run from CRON
    // Returns:
    // 1 on No mail,
    // 2 on Sent a Mail Successfully
    // 3 on failed sending mail, i.e. there was an error
    global $db;
    $owner = siteDets();
    require_once '/srv/athenace/lib/pub/PHPMailer-5.2.10/PHPMailerAutoload.php';
    $sqltext = "SELECT * FROM mail WHERE sent=? AND body<>'' LIMIT 1;";
    // rint $sqltext. "\n";
Beispiel #26
0
    foreach ($plugins as $piName => $pi) {
        if (!pluginCanEnable($piName)) {
            unset($plugins[$piName]);
            $disabled_plugins[$piName] = 1;
        }
    }
    saveConfig('plugins_disabled', serialize($disabled_plugins), 0);
    saveConfig(md5('plugin-' . $disable . '-initialised'), 0);
    $status = $GLOBALS['img_cross'] . '<script type="text/javascript">document.location = document.location; </script>';
} elseif (isset($_GET['enable']) && !empty($GLOBALS['allplugins'][$_GET['enable']])) {
    if (pluginCanEnable($_GET['enable'])) {
        if (isset($disabled_plugins[$_GET['enable']])) {
            unset($disabled_plugins[$_GET['enable']]);
        }
        if (isset($GLOBALS['allplugins'][$_GET['enable']])) {
            $GLOBALS['allplugins'][$_GET['enable']]->initialise();
        }
        #  var_dump($disabled_plugins);
        saveConfig('plugins_disabled', serialize($disabled_plugins), 0);
        $status = $GLOBALS['img_tick'] . '<script type="text/javascript">document.location = document.location; </script>';
    } else {
        logEvent(s('Failed to enable plugin (%s), dependencies failed', clean($_GET['enable'])));
        $status = $GLOBALS['img_cross'];
    }
} elseif (isset($_GET['initialise'])) {
    if (isset($GLOBALS['plugins'][$_GET['initialise']])) {
        $status = $GLOBALS['plugins'][$_GET['initialise']]->initialise();
    }
}
#var_dump($_GET);
return $status;
Beispiel #27
0
            $msg = $GLOBALS['I18N']->get('Failed sending a change password token');
        }
        $page = "login";
    } elseif (!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) {
        #$msg = 'Not logged in';
        $page = "login";
    } elseif (CHECK_SESSIONIP && $_SESSION["adminloggedin"] && $_SESSION["adminloggedin"] != $_SERVER["REMOTE_ADDR"]) {
        logEvent(sprintf($GLOBALS['I18N']->get('login ip invalid from %s for %s (was %s)'), $_SERVER['REMOTE_ADDR'], $_SESSION["logindetails"]['adminname'], $_SESSION["adminloggedin"]));
        $msg = $GLOBALS['I18N']->get('Your IP address has changed. For security reasons, please login again');
        $_SESSION["adminloggedin"] = "";
        $_SESSION["logindetails"] = "";
        $page = "login";
    } elseif ($_SESSION["adminloggedin"] && $_SESSION["logindetails"]) {
        $validate = $GLOBALS["admin_auth"]->validateAccount($_SESSION["logindetails"]["id"]);
        if (!$validate[0]) {
            logEvent(sprintf($GLOBALS['I18N']->get('invalidated login from %s for %s (error %s)'), $_SERVER['REMOTE_ADDR'], $_SESSION["logindetails"]['adminname'], $validate[1]));
            $_SESSION["adminloggedin"] = "";
            $_SESSION["logindetails"] = "";
            $page = "login";
            $msg = $validate[1];
        }
    } else {
        $page = "login";
    }
}
if ($page == 'login') {
    unset($_GET['pi']);
}
if (!empty($_SESSION['session_age']) && $_SESSION['session_age'] > SESSION_TIMEOUT) {
    $_SESSION["adminloggedin"] = "";
    $_SESSION["logindetails"] = "";
Beispiel #28
0
 function sendMail($to, $subject, $message, $header = "", $parameters = "")
 {
     #    mail($to,$subject,$message);
     dbg("mail {$to} {$subject}");
     if (!$to) {
         logEvent("Error: empty To: in message with subject {$subject} to send");
         return 0;
     } elseif (!$subject) {
         logEvent("Error: empty Subject: in message to send to {$to}");
         return 0;
     }
     if (isBlackListed($to)) {
         logEvent("Error, {$to} is blacklisted, not sending");
         Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $this->tables["user"], $to));
         addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed");
         return 0;
     }
     $v = phpversion();
     $v = preg_replace("/\\-.*\$/", "", $v);
     $header .= "X-Mailer: webbler/phplist v" . VERSION . ' (http://www.phplist.com)' . "\n";
     $from_address = $this->getConfig("message_from_address");
     $from_name = $this->getConfig("message_from_name");
     if ($from_name) {
         $header .= "From: \"{$from_name}\" <{$from_address}>\n";
     } else {
         $header .= "From: {$from_address}\n";
     }
     $message_replyto_address = $this->getConfig("message_replyto_address");
     if ($message_replyto_address) {
         $header .= "Reply-To: {$message_replyto_address}\n";
     } else {
         $header .= "Reply-To: {$from_address}\n";
     }
     $v = VERSION;
     $v = ereg_replace("-dev", "", $v);
     $header .= "X-MessageID: systemmessage\n";
     if ($useremail) {
         $header .= "X-User: "******"\n";
     }
     if ($this->message_envelope) {
         $header = rtrim($header);
         if ($header) {
             $header .= "\n";
         }
         $header .= "Errors-To: " . $this->message_envelope;
         if (!$parameters || !ereg("-f" . $this->message_envelope)) {
             $parameters = '-f' . $this->message_envelope;
         }
     }
     if (!ereg("dev", VERSION)) {
         if (mail($to, $subject, $message, $header, $parameters)) {
             return 1;
         } else {
             return mail($to, $subject, $message, $header);
         }
     } else {
         # send mails to one place when running a test version
         $message = "To: {$to}\n" . $message;
         if ($this->developer_email) {
             return mail($this->developer_email, $subject, $message, $header, $parameters);
         } else {
             print "Error: Running CVS version, but developer_email not set";
         }
     }
 }
Beispiel #29
0
function doUpdate($argsObj, &$tprojectMgr, $sessionTprojectID)
{
    $key2get = array('status_ok', 'msg');
    $op = new stdClass();
    $op->ui = new stdClass();
    $op->status_ok = 0;
    $op->msg = '';
    $op->template = null;
    $op->reloadType = 'none';
    $oldObjData = $tprojectMgr->get_by_id($argsObj->tprojectID);
    $op->oldName = $oldObjData['name'];
    $check_op = crossChecks($argsObj, $tprojectMgr);
    foreach ($key2get as $key) {
        $op->{$key} = $check_op[$key];
    }
    if ($op->status_ok) {
        $options = prepareOptions($argsObj);
        if ($tprojectMgr->update($argsObj->tprojectID, trim($argsObj->tprojectName), $argsObj->color, $argsObj->notes, $options, $argsObj->active, $argsObj->tcasePrefix, $argsObj->is_public)) {
            $op->msg = '';
            $tprojectMgr->activate($argsObj->tprojectID, $argsObj->active);
            $tprojectMgr->setIssueTrackerEnabled($argsObj->tprojectID, $argsObj->issue_tracker_enabled);
            $itMgr = new tlIssueTracker($tprojectMgr->db);
            if ($doLink = $argsObj->issue_tracker_id > 0) {
                $itMgr->link($argsObj->issue_tracker_id, $argsObj->tprojectID);
            } else {
                $issueT = $itMgr->getLinkedTo($argsObj->tprojectID);
                if (!is_null($issueT)) {
                    $itMgr->unlink($issueT['issuetracker_id'], $issueT['testproject_id']);
                }
            }
            $tprojectMgr->setReqMgrIntegrationEnabled($argsObj->tprojectID, $argsObj->reqmgr_integration_enabled);
            $mgr = new tlReqMgrSystem($tprojectMgr->db);
            if ($doLink = $argsObj->reqmgrsystem_id > 0) {
                $mgr->link($argsObj->reqmgrsystem_id, $argsObj->tprojectID);
            } else {
                $et = $mgr->getLinkedTo($argsObj->tprojectID);
                if (!is_null($et)) {
                    $mgr->unlink($et['reqmgrsystem_id'], $et['testproject_id']);
                }
            }
            if (!$argsObj->is_public) {
                // does user have an SPECIFIC role on Test Project ?
                // if answer is yes => do nothing
                if (!tlUser::hasRoleOnTestProject($tprojectMgr->db, $argsObj->userID, $argsObj->tprojectID)) {
                    $tprojectMgr->addUserRole($argsObj->userID, $argsObj->tprojectID, $argsObj->user->globalRole->dbID);
                }
            }
            $event = new stdClass();
            $event->message = TLS("audit_testproject_saved", $argsObj->tprojectName);
            $event->logLevel = "AUDIT";
            $event->source = "GUI";
            $event->objectID = $argsObj->tprojectID;
            $event->objectType = "testprojects";
            $event->code = "UPDATE";
            logEvent($event);
        } else {
            $op->status_ok = 0;
        }
    }
    if ($op->status_ok) {
        if ($sessionTprojectID == $argsObj->tprojectID) {
            $op->reloadType = 'reloadNavBar';
        }
    } else {
        $op->ui->doActionValue = 'doUpdate';
        $op->ui->buttonValue = lang_get('btn_save');
        $op->ui->caption = sprintf(lang_get('caption_edit_tproject'), $op->oldName);
    }
    return $op;
}
Beispiel #30
0
function processQueueOutput($message, $logit = 1, $target = 'summary')
{
    global $report, $shadecount, $counters, $messageid;
    if (isset($counters['total_users_for_message ' . $messageid])) {
        $total = $counters['total_users_for_message ' . $messageid];
    } else {
        $total = 0;
    }
    if (!isset($shadecount)) {
        $shadecount = 0;
    }
    if (is_array($message)) {
        $tmp = '';
        foreach ($message as $key => $val) {
            $tmp .= $key . '=' . $val . '; ';
        }
        $message = $tmp;
    }
    if (!empty($GLOBALS['commandline'])) {
        cl_output(strip_tags($message) . ' [' . $GLOBALS['processqueue_timer']->interval(1) . '] (' . $GLOBALS['pagestats']['number_of_queries'] . ')');
        $infostring = '[' . date('D j M Y H:i', time()) . '] [CL]';
    } elseif ($GLOBALS['inRemoteCall']) {
        ## with a remote call we suppress output
        @ob_end_clean();
        $infostring = '';
        $message = '';
        @ob_start();
        return;
    } else {
        $infostring = '[' . date('D j M Y H:i', time()) . '] [' . $_SERVER['REMOTE_ADDR'] . ']';
        #print "$infostring $message<br/>\n";
        $lines = explode("\n", $message);
        foreach ($lines as $line) {
            $line = preg_replace('/"/', '\\"', $line);
            ## contribution in forums, http://forums.phplist.com/viewtopic.php?p=14648
            //Replace the "&rsquo;" which is not replaced by html_decode
            $line = preg_replace('/&rsquo;/', "'", $line);
            //Decode HTML chars
            $line = html_entity_decode($line, ENT_QUOTES, 'UTF-8');
            print "\n" . '<div class="output shade' . $shadecount . '">' . $line . '</div>';
            $line = str_replace("'", "\\'", $line);
            // #16880 - avoid JS error
            print '<script type="text/javascript">
      var parentJQuery = window.parent.jQuery;
      parentJQuery("#processqueue' . $target . '").append(\'<div class="output shade' . $shadecount . '">' . $line . '</div>\');
      parentJQuery("#processqueue' . $target . '").animate({scrollTop:100000}, "slow");
      </script>';
            $shadecount = !$shadecount;
            for ($i = 0; $i < 10000; ++$i) {
                print '  ';
                if ($i % 100 == 0) {
                    print "\n";
                }
            }
        }
        flush();
    }
    $report .= "\n{$infostring} {$message}";
    if ($logit) {
        logEvent($message);
    }
    flush();
}