function _slug($field) { if ($this->edit_slug()) { return true; } if (!empty($this->slug) && $this->slug !== '__generate__') { return true; } $this->load->helper(array('url', 'text', 'string')); $slug = reduce_multiples(strtolower(url_title(convert_accented_characters($this->title), 'dash')), '-', true); if (empty($slug)) { $t = new Album(); $max = $t->select_max('id')->get(); $slug = $max->id + 1; } if (is_numeric($slug)) { $slug = "{$slug}-1"; } $s = new Slug(); while ($s->where('id', "album.{$slug}")->count() > 0) { $slug = increment_string($slug, '-'); } $this->db->query("INSERT INTO {$s->table}(id) VALUES ('album.{$slug}')"); $this->slug = $slug; }
/** * Send admin notification * * Sends an admin notification email * * @access public * @param string * @param int * @param int */ function send_admin_notification($notify_address, $channel_id, $entry_id) { ee()->api->instantiate('channel_structure'); ee()->load->model('channel_entries_model'); $e = ee()->channel_entries_model->get_entry($entry_id, $channel_id); $c = ee()->api_channel_structure->get_channel_info($channel_id); $swap = array('name' => ee()->session->userdata('screen_name'), 'email' => ee()->session->userdata('email'), 'channel_name' => $c->row('channel_title'), 'entry_title' => $e->row('title'), 'entry_url' => reduce_double_slashes($c->row('channel_url') . '/' . $e->row('url_title')), 'comment_url' => reduce_double_slashes($c->row('comment_url') . '/' . $e->row('url_title')), 'cp_edit_entry_url' => cp_url('content_publish/entry_form', array('site_id' => $e->row('site_id'), 'channel_id' => $e->row('channel_id'), 'entry_id' => $e->row('entry_id')), TRUE)); $template = ee()->functions->fetch_email_template('admin_notify_entry'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // We don't want to send a notification to the user // triggering the event if (strpos($notify_address, ee()->session->userdata('email')) !== FALSE) { $notify_address = str_replace(ee()->session->userdata('email'), "", $notify_address); } $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { // Send email ee()->load->library('email'); foreach (explode(',', $notify_address) as $addy) { ee()->email->EE_initialize(); ee()->email->wordwrap = false; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->send(); } } }
public function clearLogs() { $directory = reduce_multiples(DOCROOT . SITEPATH . BASEPATH . 'logs/', '/'); if (!@is_dir($directory)) { show_error('Directory not found.<br/><em>Path: ' . $directory . '</em>'); } return shell_exec('rm -fv ' . $directory . 'log-*.php'); }
function zonepath($file = null, $zone = null) { $zone = is_null($zone) ? CI()->zone : $zone; $path = SITEPATH . 'cms/' . $zone . '/'; if (!is_null($file)) { $path .= '/' . $file; } return reduce_multiples($path, '/'); }
function _slug($field) { if ($this->edit_slug()) { return true; } if (!empty($this->old_slug)) { return true; } $this->load->helper(array('url', 'text', 'string')); if (empty($this->title)) { $info = pathinfo($this->filename); $base = $info['filename']; } else { $base = $this->title; } $slug = reduce_multiples(strtolower(url_title(convert_accented_characters($base), 'dash')), '-', true); if ($slug === $this->slug) { return true; } if (empty($slug)) { $t = new Content(); $max = $t->select_max('id')->get(); $slug = $max->id + 1; } if (is_numeric($slug)) { $slug = "{$slug}-1"; } $s = new Slug(); // Need to lock the table here to ensure that requests arriving at the same time // still get unique slugs if ($this->has_db_permission('lock tables')) { $this->db->query("LOCK TABLE {$s->table} WRITE"); $locked = true; } else { $locked = false; } while ($s->where('id', "content.{$slug}")->count() > 0) { $slug = increment_string($slug, '-'); } $this->db->query("INSERT INTO {$s->table}(id) VALUES ('content.{$slug}')"); if ($locked) { $this->db->query('UNLOCK TABLES'); } if (empty($this->old_slug)) { if (!empty($this->slug) && $this->slug !== '__generate__') { $this->old_slug = ',' . $this->slug . ','; } else { if (!empty($this->title)) { $this->old_slug = ',' . $slug . ','; } } } $this->slug = $slug; }
public function test_reduce_multiples() { $strs = array('Fred, Bill,, Joe, Jimmy' => 'Fred, Bill, Joe, Jimmy', 'Ringo, John, Paul,,' => 'Ringo, John, Paul,'); foreach ($strs as $str => $expect) { $this->assertEquals($expect, reduce_multiples($str)); } $strs = array('Fred, Bill,, Joe, Jimmy' => 'Fred, Bill, Joe, Jimmy', 'Ringo, John, Paul,,' => 'Ringo, John, Paul'); foreach ($strs as $str => $expect) { $this->assertEquals($expect, reduce_multiples($str, ',', TRUE)); } }
public function __construct() { parent::__construct(); $lang = new MY_Lang(); $lang->load('install'); $lang->load('main'); // $this->host = 'http://' . str_replace('index.php', '', $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']) . 'index.php/'; $this->load->helper('string'); $this->load->helper('form_csrf'); $this->host = reduce_multiples($this->host); $this->loadedExt = get_loaded_extensions(); }
function index() { // Make sure the user is not already logged in. if ($this->authentication->isLoggedIn()) { // Already logged in redirect('/'); } $form_action = $this->session->flashdata('redirect_uri') ? reduce_multiples(SITEPATH . $this->session->flashdata('redirect_uri'), '/') : $this->config->item('base_url'); $this->layout->appendTitle('Please Login'); $this->layout->setLayout('plain'); $this->layout->setBodyClass('popup plain'); $this->load->view('login/index', array('form_action' => $form_action)); }
public function get($fields = array(), $return = false) { $item = parent::get($fields); $item_updated = array(); if (count($item)) { // Make model specific updates to result array for ($i = 0; $i < count($item); $i++) { $row = $item[$i]; if (empty($params['SELECT_SET']) || $params['SELECT_SET'] != 'basic') { $row['sort_name'] = strtolower($row['title']); $row['date'] = date('m-d-Y H:i', strtotime($row[$this->date_field['update']])); $row['timestamp'] = date('U', strtotime($row[$this->date_field['update']])); // Only perform the following if this is a file if (!empty($row['type']) && $row['type'] == 'file') { $var_length = (int) $this->FILE_CONF['file_dir_depth'] * 3; $path_array = str_split(str_pad($row[$this->id_field], $var_length, '0', STR_PAD_LEFT), 3); $upload_path = implode('/', $path_array); /* // To get the file's directory path. Don't need but lets keep around. unset($path_array[count($path_array)-1]); $dir_path = implode('/', $path_array); $row['server_dir'] = DOCROOT . $this->FILE_CONF['file_location'] . $dir_path; */ $base_view_path = $row[$this->id_field] . ($this->FILE_CONF['force_name_in_uri'] ? '/' . $row['file_name'] : '') . $row['ext']; // Add file paths // $row['real_path'] = DOCROOT . zonepath($this->FILE_CONF['file_directory'] . '/' . $upload_path . $row['ext'], 'local'); $row['base_path'] = DOCROOT . zonepath($this->FILE_CONF['file_directory'] . '/' . $upload_path, 'local'); $row['server_path'] = $row['base_path'] . $row['ext']; $row['view_path'] = reduce_multiples($this->FILE_CONF['file_website_location'] . $base_view_path, '/'); $row['manage_path'] = reduce_multiples(SITEPATH . $this->zone . CI()->SITE_CONF['file_uri_trigger'] . '/' . $base_view_path, '/'); // Add file size $row['file_size'] = file_exists($row['server_path']) ? filesize($row['server_path']) : 0; $row['file_size_display'] = file_exists($row['server_path']) ? $this->formatFileSize(filesize($row['server_path'])) : 0; } } $item_updated[] = $row; } if (count($item_updated) > 1 && !empty($item_updated[0]['sort_name'])) { // Sort array $sort_array = array(); foreach ($item_updated as $row) { $sort_array[] = $row['sort_name']; } array_multisort($sort_array, SORT_ASC, $item_updated); } } return $item_updated; }
/** * @Description: description * @Params: assetid * * @returns: array (sectionid, entryid) */ public function del_asset($assetid) { $this->db->select('*'); $this->db->from('assetfields'); $this->db->where('id', $assetid); $this->db->limit(1); $query = $this->db->get(); $entryid = ""; $fieldname = ""; foreach ($query->result() as $row) { $entryid = $row->entryid; $fieldname = $row->fieldname; } //now get the sectionid $this->db->select('sectionid'); $this->db->from('entry'); $this->db->where('id', $entryid); $this->db->limit(1); $query2 = $this->db->get(); $sectionid = ""; foreach ($query2->result() as $row) { $sectionid = $row->sectionid; } //now do the delete $this->db->where('id', $assetid); $this->db->delete('assetfields'); //now remove from contents table $this->db->select($fieldname); $this->db->from('content'); $this->db->where('entryid', $entryid); $query = $this->db->get(); $orig = ""; foreach ($query->result() as $row) { $orig = $row->{$fieldname}; } //remove id rebuild comma delimited string $orig = str_replace($assetid, "", $orig); //utlitise string helper to tidy comma output $orig = reduce_multiples($orig, ",", TRUE); $object = array($fieldname => $orig); $this->db->where('entryid', $entryid); $this->db->update('content', $object); $tmp = array('entryid' => $entryid, 'sectionid' => $sectionid); return $tmp; }
/** * Show the folders contents */ public function contents($id = '', $filter = '') { if (!$this->file_folders_m->exists($id)) { show_error(lang('files.folders.not_exists')); } $this->load->library('table'); // Make a breadcrumb trail $crumbs = $this->file_folders_m->breadcrumb($id); $breadcrumb = ''; foreach ($crumbs as $item) { $breadcrumb .= $item['name'] . ' » '; } $this->data->crumbs = trim(reduce_multiples($breadcrumb, "» ")); // Get a list of all child folders $this->file_folders_m->clear_folders(); if (isset($crumbs[0]['id']) && $crumbs[0]['id'] != '') { $this->file_folders_m->folder_tree($crumbs[0]['id']); } else { $this->file_folders_m->folder_tree($id); } $sub_folders = $this->file_folders_m->get_folders(); // Get the selected information. $this->data->folder = $this->file_folders_m->get($id); $this->data->selected_folder = 0; $this->data->id = $id; $this->data->selected_filter = $filter; $this->data->types = array('a' => lang('files.a'), 'v' => lang('files.v'), 'd' => lang('files.d'), 'i' => lang('files.i'), 'o' => lang('files.o')); $this->file_m->order_by('date_added', 'DESC'); // Get all files if ($filter != '') { $this->data->files = $this->file_m->get_many_by(array('folder_id' => $id, 'type' => $filter)); } else { $this->data->files = $this->file_m->get_many_by('folder_id', $id); } // Set a default label if (empty($sub_folders)) { $sub_folders = array(0 => lang('files.dropdown.no_subfolders')); } else { $sub_folders = array(0 => lang('files.dropdown.root')) + $sub_folders; } $this->data->sub_folders = $sub_folders; $this->load->view('admin/folders/contents', $this->data); }
function __construct() { parent::__construct(); $this->checkPHPVersion(); $this->load->helper(array('form', 'url', 'date', 'html_entities', 'string', 'encryption')); $this->load->library(array('session', 'xsl_transform')); $this->load->model('config_model'); $this->SITE_CONF = $this->loadConfig('website'); // Show output profiler? if ($this->input->get('show_profiler')) { $this->output->enable_profiler(TRUE); } $this->current_uri = reduce_multiples(SITEPATH . $this->uri->uri_string(), '/'); // Set timezone if (!empty($this->SITE_CONF['timezone'])) { date_default_timezone_set($this->SITE_CONF['timezone']); } if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { $this->is_ajax = TRUE; } }
function _slug($field) { if ($this->edit_slug()) { return true; } $this->load->helper(array('url', 'text', 'string')); $slug = reduce_multiples(strtolower(url_title(convert_accented_characters($this->title), 'dash')), '-', true); if (empty($slug)) { $t = new Text(); $max = $t->select_max('id')->get(); $slug = $max->id + 1; } if (is_numeric($slug)) { $slug = "{$slug}-1"; } if ($this->slug === $slug || !empty($this->slug) && $this->slug !== '__generate__') { return; } $s = new Slug(); // Need to lock the table here to ensure that requests arriving at the same time // still get unique slugs if ($this->has_db_permission('lock tables')) { $this->db->query("LOCK TABLE {$s->table} WRITE"); $locked = true; } else { $locked = false; } $page_type = is_numeric($this->page_type) ? $this->page_type : 0; $prefix = $page_type === 1 ? 'page' : 'essay'; while ($s->where('id', "{$prefix}.{$slug}")->count() > 0) { $slug = increment_string($slug, '-'); } $this->db->query("INSERT INTO {$s->table}(id) VALUES ('{$prefix}.{$slug}')"); if ($locked) { $this->db->query('UNLOCK TABLES'); } $this->slug = $slug; }
/** * Send email notifications to email addresses for the respective member * group of the users being deleted * * @param Array $member_ids Array of member_ids being deleted * @return void */ private function _member_delete_notifications($member_ids) { // Email notification recipients $group_query = ee()->db->distinct('member_id')->select('screen_name, email, mbr_delete_notify_emails')->join('member_groups', 'members.group_id = member_groups.group_id', 'left')->where('mbr_delete_notify_emails !=', '')->where_in('member_id', $member_ids)->get('members'); foreach ($group_query->result() as $member) { $notify_address = $member->mbr_delete_notify_emails; $swap = array('name' => $member->screen_name, 'email' => $member->email, 'site_name' => stripslashes(ee()->config->item('site_name'))); ee()->lang->loadfile('member'); $email_title = ee()->functions->var_swap(lang('mbr_delete_notify_title'), $swap); $email_message = ee()->functions->var_swap(lang('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (strpos($notify_address, $member->email) !== FALSE) { $notify_address = str_replace($member->email, "", $notify_address); } // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { ee()->load->library('email'); ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->EE_initialize(); ee()->email->wordwrap = FALSE; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_title); ee()->email->message(entities_to_ascii($email_message)); ee()->email->send(); } } } }
/** * Get Category By Article. * * Get a list of categories an article is associated with. * * @access public * @param int the unique id * @return array */ function get_cats_by_article($id) { $this->db->from('article2cat'); $this->db->join('categories', 'category_id_rel = cat_id', 'left'); $this->db->where('article_id_rel', (int) $id); $this->db->where('cat_display', 'yes'); $query = $this->db->get(); if ($query->num_rows() == 0) { return FALSE; } $this->load->helper('string'); $output = ''; foreach ($query->result_array() as $row) { $output .= ' ' . anchor('categories/' . $row['cat_uri'], $row['cat_name']) . ','; } return reduce_multiples($output, ',', TRUE); }
/** * Member self-delete */ public function member_delete() { // Make sure they got here via a form if (!ee()->input->post('ACT')) { // No output for you, Mr. URL Hax0r return FALSE; } ee()->lang->loadfile('login'); // No sneakiness - we'll do this in case the site administrator // has foolishly turned off secure forms and some monkey is // trying to delete their account from an off-site form or // after logging out. if (ee()->session->userdata('member_id') == 0 or ee()->session->userdata('can_delete_self') !== 'y') { return ee()->output->show_user_error('general', ee()->lang->line('not_authorized')); } // If the user is a SuperAdmin, then no deletion if (ee()->session->userdata('group_id') == 1) { return ee()->output->show_user_error('general', ee()->lang->line('cannot_delete_super_admin')); } // Is IP and User Agent required for login? Then, same here. if (ee()->config->item('require_ip_for_login') == 'y') { if (ee()->session->userdata('ip_address') == '' or ee()->session->userdata('user_agent') == '') { return ee()->output->show_user_error('general', ee()->lang->line('unauthorized_request')); } } // Check password lockout status if (ee()->session->check_password_lockout(ee()->session->userdata('username')) === TRUE) { ee()->lang->loadfile('login'); return ee()->output->show_user_error('general', sprintf(lang('password_lockout_in_effect'), ee()->config->item('password_lockout_interval'))); } // Are you who you say you are, or someone sitting at someone // else's computer being mean?! ee()->load->library('auth'); if (!ee()->auth->authenticate_id(ee()->session->userdata('member_id'), ee()->input->post('password'))) { ee()->session->save_password_lockout(ee()->session->userdata('username')); return ee()->output->show_user_error('general', ee()->lang->line('invalid_pw')); } // No turning back, get to deletin'! ee()->load->model('member_model'); ee()->member_model->delete_member(ee()->session->userdata('member_id')); // Email notification recipients if (ee()->session->userdata('mbr_delete_notify_emails') != '') { $notify_address = ee()->session->userdata('mbr_delete_notify_emails'); $swap = array('name' => ee()->session->userdata('screen_name'), 'email' => ee()->session->userdata('email'), 'site_name' => stripslashes(ee()->config->item('site_name'))); $email_subject = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_title'), $swap); $email_msg = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (strpos($notify_address, ee()->session->userdata('email')) !== FALSE) { $notify_address = str_replace(ee()->session->userdata('email'), "", $notify_address); } // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { // Send email ee()->load->library('email'); // Load the text helper ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->EE_initialize(); ee()->email->wordwrap = FALSE; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_subject); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->send(); } } } ee()->db->where('session_id', ee()->session->userdata('session_id'))->delete('sessions'); ee()->functions->set_cookie(ee()->session->c_session); ee()->functions->set_cookie(ee()->session->c_expire); ee()->functions->set_cookie(ee()->session->c_anon); ee()->functions->set_cookie('read_topics'); ee()->functions->set_cookie('tracker'); // Build Success Message $url = ee()->config->item('site_url'); $name = stripslashes(ee()->config->item('site_name')); $data = array('title' => ee()->lang->line('mbr_delete'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name)); ee()->output->show_message($data); }
</ul></div> <div id='friends' class="reputation_content" style="display: none"> <div class="Box_Content" id='Box_Content'> <!-- Status Bottom Blk --> <div class="Sta_Bttm_Blk" > <ul> <?php $CI =& get_instance(); $friends_id = $CI->fb_friends_id($room_id); if ($friends_id) { foreach ($friends_id as $fb_id) { $this->load->helper('string'); $frnds_id = reduce_multiples($fb_id, ",", TRUE); // echo $frnds_id; ?> <li class="clearfix"> <div class="Sta_Rat_Prof clsFloatLeft apt_profile"> <a href="<?php echo site_url('users/profile') . '/' . $frnds_id; ?> "> <img height="82" width="76" src="<?php echo $this->Gallery->profilepic($frnds_id, 2); ?> " alt="Profile" /> </a> <center><span class="apt_username"><?php
/** * Insert New Comment * * @access public * @return string */ function insert_new_comment() { $default = array('name', 'email', 'url', 'comment', 'location', 'entry_id'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } // No entry ID? What the heck are they doing? if (!is_numeric($_POST['entry_id'])) { return FALSE; } /** ---------------------------------------- /** Fetch the comment language pack /** ----------------------------------------*/ ee()->lang->loadfile('comment'); // No comment- let's end it here if (trim($_POST['comment']) == '') { $error = ee()->lang->line('cmt_missing_comment'); return ee()->output->show_user_error('submission', $error); } /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ if (ee()->session->userdata['is_banned'] == TRUE) { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } /** ---------------------------------------- /** Is the IP address and User Agent required? /** ----------------------------------------*/ if (ee()->config->item('require_ip_for_posting') == 'y') { if (ee()->input->ip_address() == '0.0.0.0' or ee()->session->userdata['user_agent'] == "") { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } } /** ---------------------------------------- /** Is the nation of the user banend? /** ----------------------------------------*/ ee()->session->nation_ban_check(); /** ---------------------------------------- /** Can the user post comments? /** ----------------------------------------*/ if (ee()->session->userdata['can_post_comments'] == 'n') { $error[] = ee()->lang->line('cmt_no_authorized_for_comments'); return ee()->output->show_user_error('general', $error); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } /** ---------------------------------------- /** Is this a preview request? /** ----------------------------------------*/ if (isset($_POST['preview'])) { return $this->preview_handler(); } // ------------------------------------------- // 'insert_comment_start' hook. // - Allows complete rewrite of comment submission routine. // - Or could be used to modify the POST data before processing // ee()->extensions->call('insert_comment_start'); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- /** ---------------------------------------- /** Fetch channel preferences /** ----------------------------------------*/ // Bummer, saw the hook after converting the query /* ee()->db->select('channel_titles.title, channel_titles.url_title, channel_titles.channel_id, channel_titles.author_id, channel_titles.comment_total, channel_titles.allow_comments, channel_titles.entry_date, channel_titles.comment_expiration_date, channels.channel_title, channels.comment_system_enabled, channels.comment_max_chars, channels.comment_use_captcha, channels.comment_timelock, channels.comment_require_membership, channels.comment_moderate, channels.comment_require_email, channels.comment_notify, channels.comment_notify_authors, channels.comment_notify_emails, channels.comment_expiration' ); ee()->db->from(array('channel_titles', 'channels')); ee()->db->where('channel_titles.channel_id = channels.channel_id'); ee()->db->where('channel_titles.entry_id', $_POST['entry_id']); ee()->db->where('channel_titles.status', 'closed'); */ $sql = "SELECT exp_channel_titles.title,\n\t\t\t\texp_channel_titles.url_title,\n\t\t\t\texp_channel_titles.entry_id,\n\t\t\t\texp_channel_titles.channel_id,\n\t\t\t\texp_channel_titles.author_id,\n\t\t\t\texp_channel_titles.allow_comments,\n\t\t\t\texp_channel_titles.entry_date,\n\t\t\t\texp_channel_titles.comment_expiration_date,\n\t\t\t\texp_channels.channel_title,\n\t\t\t\texp_channels.comment_system_enabled,\n\t\t\t\texp_channels.comment_max_chars,\n\t\t\t\texp_channels.comment_use_captcha,\n\t\t\t\texp_channels.comment_timelock,\n\t\t\t\texp_channels.comment_require_membership,\n\t\t\t\texp_channels.comment_moderate,\n\t\t\t\texp_channels.comment_require_email,\n\t\t\t\texp_channels.comment_notify,\n\t\t\t\texp_channels.comment_notify_authors,\n\t\t\t\texp_channels.comment_notify_emails,\n\t\t\t\texp_channels.comment_expiration,\n\t\t\t\texp_channels.channel_url,\n\t\t\t\texp_channels.comment_url,\n\t\t\t\texp_channels.site_id\n\t\t\tFROM\texp_channel_titles, exp_channels\n\t\t\tWHERE\texp_channel_titles.channel_id = exp_channels.channel_id\n\t\t\tAND\texp_channel_titles.entry_id = '" . ee()->db->escape_str($_POST['entry_id']) . "'"; // Added entry_status param, so it is possible to post to closed title //AND exp_channel_titles.status != 'closed' "; // ------------------------------------------- // 'insert_comment_preferences_sql' hook. // - Rewrite or add to the comment preference sql query // - Could be handy for comment/channel restrictions // if (ee()->extensions->active_hook('insert_comment_preferences_sql') === TRUE) { $sql = ee()->extensions->call('insert_comment_preferences_sql', $sql); if (ee()->extensions->end_script === TRUE) { return; } } // // ------------------------------------------- $query = ee()->db->query($sql); unset($sql); if ($query->num_rows() == 0) { return FALSE; } /** ---------------------------------------- /** Are comments allowed? /** ----------------------------------------*/ if ($query->row('allow_comments') == 'n' or $query->row('comment_system_enabled') == 'n') { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_comments_not_allowed')); } /** ---------------------------------------- /** Has commenting expired? /** ----------------------------------------*/ $force_moderation = $query->row('comment_moderate'); if ($this->comment_expiration_mode == 0) { if ($query->row('comment_expiration_date') > 0) { if (ee()->localize->now > $query->row('comment_expiration_date')) { if (ee()->config->item('comment_moderation_override') == 'y') { $force_moderation = 'y'; } else { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_commenting_has_expired')); } } } } else { if ($query->row('comment_expiration') > 0) { $days = $query->row('entry_date') + $query->row('comment_expiration') * 86400; if (ee()->localize->now > $days) { if (ee()->config->item('comment_moderation_override') == 'y') { $force_moderation = 'y'; } else { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_commenting_has_expired')); } } } } /** ---------------------------------------- /** Is there a comment timelock? /** ----------------------------------------*/ if ($query->row('comment_timelock') != '' and $query->row('comment_timelock') > 0) { if (ee()->session->userdata['group_id'] != 1) { $time = ee()->localize->now - $query->row('comment_timelock'); ee()->db->where('comment_date >', $time); ee()->db->where('ip_address', ee()->input->ip_address()); $result = ee()->db->count_all_results('comments'); if ($result > 0) { return ee()->output->show_user_error('submission', str_replace("%s", $query->row('comment_timelock'), ee()->lang->line('cmt_comments_timelock'))); } } } /** ---------------------------------------- /** Do we allow duplicate data? /** ----------------------------------------*/ if (ee()->config->item('deny_duplicate_data') == 'y') { if (ee()->session->userdata['group_id'] != 1) { ee()->db->where('comment', $_POST['comment']); $result = ee()->db->count_all_results('comments'); if ($result > 0) { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_duplicate_comment_warning')); } } } /** ---------------------------------------- /** Assign data /** ----------------------------------------*/ $author_id = $query->row('author_id'); $entry_title = $query->row('title'); $url_title = $query->row('url_title'); $channel_title = $query->row('channel_title'); $channel_id = $query->row('channel_id'); $require_membership = $query->row('comment_require_membership'); $comment_moderate = (ee()->session->userdata['group_id'] == 1 or ee()->session->userdata['exclude_from_moderation'] == 'y') ? 'n' : $force_moderation; $author_notify = $query->row('comment_notify_authors'); $comment_url = $query->row('comment_url'); $channel_url = $query->row('channel_url'); $entry_id = $query->row('entry_id'); $comment_site_id = $query->row('site_id'); $notify_address = ($query->row('comment_notify') == 'y' and $query->row('comment_notify_emails') != '') ? $query->row('comment_notify_emails') : ''; /** ---------------------------------------- /** Start error trapping /** ----------------------------------------*/ $error = array(); if (ee()->session->userdata('member_id') != 0) { // If the user is logged in we'll reassign the POST variables with the user data $_POST['name'] = ee()->session->userdata['screen_name'] != '' ? ee()->session->userdata['screen_name'] : ee()->session->userdata['username']; $_POST['email'] = ee()->session->userdata['email']; $_POST['url'] = is_null(ee()->session->userdata['url']) ? '' : ee()->session->userdata['url']; $_POST['location'] = is_null(ee()->session->userdata['location']) ? '' : ee()->session->userdata['location']; } /** ---------------------------------------- /** Is membership is required to post... /** ----------------------------------------*/ if ($require_membership == 'y') { // Not logged in if (ee()->session->userdata('member_id') == 0) { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_must_be_member')); } // Membership is pending if (ee()->session->userdata['group_id'] == 4) { return ee()->output->show_user_error('general', ee()->lang->line('cmt_account_not_active')); } } else { /** ---------------------------------------- /** Missing name? /** ----------------------------------------*/ if (trim($_POST['name']) == '') { $error[] = ee()->lang->line('cmt_missing_name'); } /** ------------------------------------- /** Is name banned? /** -------------------------------------*/ if (ee()->session->ban_check('screen_name', $_POST['name'])) { $error[] = ee()->lang->line('cmt_name_not_allowed'); } // Let's make sure they aren't putting in funky html to bork our screens $_POST['name'] = str_replace(array('<', '>'), array('<', '>'), $_POST['name']); /** ---------------------------------------- /** Missing or invalid email address /** ----------------------------------------*/ if ($query->row('comment_require_email') == 'y') { ee()->load->helper('email'); if ($_POST['email'] == '') { $error[] = ee()->lang->line('cmt_missing_email'); } elseif (!valid_email($_POST['email'])) { $error[] = ee()->lang->line('cmt_invalid_email'); } } } /** ------------------------------------- /** Is email banned? /** -------------------------------------*/ if ($_POST['email'] != '') { if (ee()->session->ban_check('email', $_POST['email'])) { $error[] = ee()->lang->line('cmt_banned_email'); } } /** ---------------------------------------- /** Is comment too big? /** ----------------------------------------*/ if ($query->row('comment_max_chars') != '' and $query->row('comment_max_chars') != 0) { if (strlen($_POST['comment']) > $query->row('comment_max_chars')) { $str = str_replace("%n", strlen($_POST['comment']), ee()->lang->line('cmt_too_large')); $str = str_replace("%x", $query->row('comment_max_chars'), $str); $error[] = $str; } } /** ---------------------------------------- /** Do we have errors to display? /** ----------------------------------------*/ if (count($error) > 0) { return ee()->output->show_user_error('submission', $error); } /** ---------------------------------------- /** Do we require CAPTCHA? /** ----------------------------------------*/ if ($query->row('comment_use_captcha') == 'y') { if (ee()->config->item('captcha_require_members') == 'y' or ee()->config->item('captcha_require_members') == 'n' and ee()->session->userdata('member_id') == 0) { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { return ee()->output->show_user_error('submission', ee()->lang->line('captcha_required')); } else { ee()->db->where('word', $_POST['captcha']); ee()->db->where('ip_address', ee()->input->ip_address()); ee()->db->where('date > UNIX_TIMESTAMP()-7200', NULL, FALSE); $result = ee()->db->count_all_results('captcha'); if ($result == 0) { return ee()->output->show_user_error('submission', ee()->lang->line('captcha_incorrect')); } // @TODO: AR ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } } } /** ---------------------------------------- /** Build the data array /** ----------------------------------------*/ ee()->load->helper('url'); $notify = ee()->input->post('notify_me') ? 'y' : 'n'; $cmtr_name = ee()->input->post('name', TRUE); $cmtr_email = ee()->input->post('email'); $cmtr_loc = ee()->input->post('location', TRUE); $cmtr_url = ee()->input->post('url', TRUE); $cmtr_url = prep_url($cmtr_url); $data = array('channel_id' => $channel_id, 'entry_id' => $_POST['entry_id'], 'author_id' => ee()->session->userdata('member_id'), 'name' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'comment' => ee()->security->xss_clean($_POST['comment']), 'comment_date' => ee()->localize->now, 'ip_address' => ee()->input->ip_address(), 'status' => $comment_moderate == 'y' ? 'p' : 'o', 'site_id' => $comment_site_id); // ------------------------------------------- // 'insert_comment_insert_array' hook. // - Modify any of the soon to be inserted values // if (ee()->extensions->active_hook('insert_comment_insert_array') === TRUE) { $data = ee()->extensions->call('insert_comment_insert_array', $data); if (ee()->extensions->end_script === TRUE) { return; } } // // ------------------------------------------- $return_link = !stristr($_POST['RET'], 'http://') && !stristr($_POST['RET'], 'https://') ? ee()->functions->create_url($_POST['RET']) : $_POST['RET']; // Secure Forms check if (ee()->security->secure_forms_check(ee()->input->post('XID')) == FALSE) { ee()->functions->redirect(stripslashes($return_link)); } // Insert data $sql = ee()->db->insert_string('exp_comments', $data); ee()->db->query($sql); $comment_id = ee()->db->insert_id(); if ($notify == 'y') { ee()->load->library('subscription'); ee()->subscription->init('comment', array('entry_id' => $entry_id), TRUE); if ($cmtr_id = ee()->session->userdata('member_id')) { ee()->subscription->subscribe($cmtr_id); } else { ee()->subscription->subscribe($cmtr_email); } } if ($comment_moderate == 'n') { /** ------------------------------------------------ /** Update comment total and "recent comment" date /** ------------------------------------------------*/ ee()->db->set('recent_comment_date', ee()->localize->now); ee()->db->where('entry_id', $_POST['entry_id']); ee()->db->update('channel_titles'); /** ---------------------------------------- /** Update member comment total and date /** ----------------------------------------*/ if (ee()->session->userdata('member_id') != 0) { ee()->db->select('total_comments'); ee()->db->where('member_id', ee()->session->userdata('member_id')); $query = ee()->db->get('members'); ee()->db->set('total_comments', $query->row('total_comments') + 1); ee()->db->set('last_comment_date', ee()->localize->now); ee()->db->where('member_id', ee()->session->userdata('member_id')); ee()->db->update('members'); } /** ---------------------------------------- /** Update comment stats /** ----------------------------------------*/ ee()->stats->update_comment_stats($channel_id, ee()->localize->now); /** ---------------------------------------- /** Fetch email notification addresses /** ----------------------------------------*/ ee()->load->library('subscription'); ee()->subscription->init('comment', array('entry_id' => $entry_id), TRUE); // Remove the current user $ignore = ee()->session->userdata('member_id') != 0 ? ee()->session->userdata('member_id') : ee()->input->post('email'); // Grab them all $subscriptions = ee()->subscription->get_subscriptions($ignore); ee()->load->model('comment_model'); ee()->comment_model->recount_entry_comments(array($entry_id)); $recipients = ee()->comment_model->fetch_email_recipients($_POST['entry_id'], $subscriptions); } /** ---------------------------------------- /** Fetch Author Notification /** ----------------------------------------*/ if ($author_notify == 'y') { ee()->db->select('email'); ee()->db->where('member_id', $author_id); $result = ee()->db->get('members'); $notify_address .= ',' . $result->row('email'); } /** ---------------------------------------- /** Instantiate Typography class /** ----------------------------------------*/ ee()->load->library('typography'); ee()->typography->initialize(array('parse_images' => FALSE, 'allow_headings' => FALSE, 'smileys' => FALSE, 'word_censor' => ee()->config->item('comment_word_censoring') == 'y' ? TRUE : FALSE)); $comment = ee()->security->xss_clean($_POST['comment']); $comment = ee()->typography->parse_type($comment, array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n')); $path = $comment_url == '' ? $channel_url : $comment_url; $comment_url_title_auto_path = reduce_double_slashes($path . '/' . $url_title); /** ---------------------------- /** Send admin notification /** ----------------------------*/ if ($notify_address != '') { $cp_url = ee()->config->item('cp_url') . '?S=0&D=cp&C=addons_modules&M=show_module_cp&module=comment'; $swap = array('name' => $cmtr_name, 'name_of_commenter' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'channel_name' => $channel_title, 'entry_title' => $entry_title, 'comment_id' => $comment_id, 'comment' => $comment, 'comment_url' => reduce_double_slashes(ee()->input->remove_session_id(ee()->functions->fetch_site_index() . '/' . $_POST['URI'])), 'delete_link' => $cp_url . '&method=delete_comment_confirm&comment_id=' . $comment_id, 'approve_link' => $cp_url . '&method=change_comment_status&comment_id=' . $comment_id . '&status=o', 'close_link' => $cp_url . '&method=change_comment_status&comment_id=' . $comment_id . '&status=c', 'channel_id' => $channel_id, 'entry_id' => $entry_id, 'url_title' => $url_title, 'comment_url_title_auto_path' => $comment_url_title_auto_path); $template = ee()->functions->fetch_email_template('admin_notify_comment'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // We don't want to send an admin notification if the person // leaving the comment is an admin in the notification list // For added security, we only trust the post email if the // commenter is logged in. if (ee()->session->userdata('member_id') != 0 && $_POST['email'] != '') { if (strpos($notify_address, $_POST['email']) !== FALSE) { $notify_address = str_replace($_POST['email'], '', $notify_address); } } // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ ee()->load->library('email'); $replyto = $data['email'] == '' ? ee()->config->item('webmaster_email') : $data['email']; $sent = array(); // Load the text helper ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { if (in_array($addy, $sent)) { continue; } ee()->email->EE_initialize(); ee()->email->wordwrap = false; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to($replyto); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->send(); $sent[] = $addy; } } } /** ---------------------------------------- /** Send user notifications /** ----------------------------------------*/ if ($comment_moderate == 'n') { $email_msg = ''; if (count($recipients) > 0) { $action_id = ee()->functions->fetch_action_id('Comment_mcp', 'delete_comment_notification'); $swap = array('name_of_commenter' => $cmtr_name, 'channel_name' => $channel_title, 'entry_title' => $entry_title, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'comment_url' => reduce_double_slashes(ee()->input->remove_session_id(ee()->functions->fetch_site_index() . '/' . $_POST['URI'])), 'comment_id' => $comment_id, 'comment' => $comment, 'channel_id' => $channel_id, 'entry_id' => $entry_id, 'url_title' => $url_title, 'comment_url_title_auto_path' => $comment_url_title_auto_path); $template = ee()->functions->fetch_email_template('comment_notification'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ ee()->load->library('email'); ee()->email->wordwrap = true; $cur_email = $_POST['email'] == '' ? FALSE : $_POST['email']; if (!isset($sent)) { $sent = array(); } // Load the text helper ee()->load->helper('text'); foreach ($recipients as $val) { // We don't notify the person currently commenting. That would be silly. if (!in_array($val['0'], $sent)) { $title = $email_tit; $message = $email_msg; $sub = $subscriptions[$val['1']]; $sub_qs = 'id=' . $sub['subscription_id'] . '&hash=' . $sub['hash']; // Deprecate the {name} variable at some point $title = str_replace('{name}', $val['2'], $title); $message = str_replace('{name}', $val['2'], $message); $title = str_replace('{name_of_recipient}', $val['2'], $title); $message = str_replace('{name_of_recipient}', $val['2'], $message); $title = str_replace('{notification_removal_url}', ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&' . $sub_qs, $title); $message = str_replace('{notification_removal_url}', ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&' . $sub_qs, $message); ee()->email->EE_initialize(); ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($val['0']); ee()->email->subject($title); ee()->email->message(entities_to_ascii($message)); ee()->email->send(); $sent[] = $val['0']; } } } /** ---------------------------------------- /** Clear cache files /** ----------------------------------------*/ ee()->functions->clear_caching('all', ee()->functions->fetch_site_index() . $_POST['URI']); // clear out the entry_id version if the url_title is in the URI, and vice versa if (preg_match("#\\/" . preg_quote($url_title) . "\\/#", $_POST['URI'], $matches)) { ee()->functions->clear_caching('all', ee()->functions->fetch_site_index() . preg_replace("#" . preg_quote($matches['0']) . "#", "/{$data['entry_id']}/", $_POST['URI'])); } else { ee()->functions->clear_caching('all', ee()->functions->fetch_site_index() . preg_replace("#{$data['entry_id']}#", $url_title, $_POST['URI'])); } } /** ---------------------------------------- /** Set cookies /** ----------------------------------------*/ if ($notify == 'y') { ee()->functions->set_cookie('notify_me', 'yes', 60 * 60 * 24 * 365); } else { ee()->functions->set_cookie('notify_me', 'no', 60 * 60 * 24 * 365); } if (ee()->input->post('save_info')) { ee()->functions->set_cookie('save_info', 'yes', 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_name', $_POST['name'], 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_email', $_POST['email'], 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_url', $_POST['url'], 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_location', $_POST['location'], 60 * 60 * 24 * 365); } else { ee()->functions->set_cookie('save_info', 'no', 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_name', ''); ee()->functions->set_cookie('my_email', ''); ee()->functions->set_cookie('my_url', ''); ee()->functions->set_cookie('my_location', ''); } // ------------------------------------------- // 'insert_comment_end' hook. // - More emails, more processing, different redirect // - $comment_id added in 1.6.1 // ee()->extensions->call('insert_comment_end', $data, $comment_moderate, $comment_id); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- /** ------------------------------------------- /** Bounce user back to the comment page /** -------------------------------------------*/ if ($comment_moderate == 'y') { $data = array('title' => ee()->lang->line('cmt_comment_accepted'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('cmt_will_be_reviewed'), 'redirect' => $return_link, 'link' => array($return_link, ee()->lang->line('cmt_return_to_comments')), 'rate' => 3); ee()->output->show_message($data); } else { ee()->functions->redirect($return_link); } }
/** ------------------------------------- /** Member self-delete /** -------------------------------------*/ function member_delete() { /** ------------------------------------- /** Make sure they got here via a form /** -------------------------------------*/ if ( ! $this->EE->input->post('ACT')) { // No output for you, Mr. URL Hax0r return FALSE; } $this->EE->lang->loadfile('login'); /* ------------------------------------- /* No sneakiness - we'll do this in case the site administrator /* has foolishly turned off secure forms and some monkey is /* trying to delete their account from an off-site form or /* after logging out. /* -------------------------------------*/ if ($this->EE->session->userdata['member_id'] == 0 OR $this->EE->session->userdata['can_delete_self'] !== 'y') { return $this->EE->output->show_user_error('general', $this->EE->lang->line('not_authorized')); } /** ------------------------------------- /** If the user is a SuperAdmin, then no deletion /** -------------------------------------*/ if ($this->EE->session->userdata['group_id'] == 1) { return $this->EE->output->show_user_error('general', $this->EE->lang->line('cannot_delete_super_admin')); } /** ---------------------------------------- /** Is IP and User Agent required for login? Then, same here. /** ----------------------------------------*/ if ($this->EE->config->item('require_ip_for_login') == 'y') { if ($this->EE->session->userdata['ip_address'] == '' OR $this->EE->session->userdata['user_agent'] == '') { return $this->EE->output->show_user_error('general', $this->EE->lang->line('unauthorized_request')); } } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if ($this->EE->session->check_password_lockout($this->EE->session->userdata['username']) === TRUE) { return $this->EE->output->show_user_error('general', str_replace("%x", $this->EE->config->item('password_lockout_interval'), $this->EE->lang->line('password_lockout_in_effect'))); } /* ------------------------------------- /* Are you who you say you are, or someone sitting at someone /* else's computer being mean?! /* -------------------------------------*/ $query = $this->EE->db->query("SELECT password FROM exp_members WHERE member_id = '".$this->EE->session->userdata['member_id']."'"); $password = $this->EE->functions->hash(stripslashes($this->EE->input->post('password'))); if ($query->row('password') != $password) { $this->EE->session->save_password_lockout($this->EE->session->userdata['username']); return $this->EE->output->show_user_error('general', $this->EE->lang->line('invalid_pw')); } /** ------------------------------------- /** No turning back, get to deletin'! /** -------------------------------------*/ $id = $this->EE->session->userdata['member_id']; $this->EE->db->query("DELETE FROM exp_members WHERE member_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'"); $message_query = $this->EE->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'"); $this->EE->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'"); if ($message_query->num_rows() > 0) { foreach($message_query->result_array() as $row) { $count_query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '".$row['recipient_id']."' AND message_read = 'n'"); $this->EE->db->query($this->EE->db->update_string('exp_members', array('private_messages' => $count_query->row('count') ), "member_id = '".$row['recipient_id']."'")); } } /** ------------------------------------- /** Delete Forum Posts /** -------------------------------------*/ if ($this->EE->config->item('forum_is_installed') == "y") { $this->EE->db->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_forum_administrators WHERE admin_member_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_forum_moderators WHERE mod_member_id = '{$id}'"); // Snag the affected topic id's before deleting the member for the update afterwards $query = $this->EE->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $this->EE->db->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'"); // Kill any attachments $query = $this->EE->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE member_id = '{$id}'"); if ($query->num_rows() > 0) { // Grab the upload path $res = $this->EE->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards'); $paths = array(); foreach ($res->result_array() as $row) { $paths[$row['board_id']] = $row['board_upload_path']; } foreach ($query->result_array() as $row) { if ( ! isset($paths[$row['board_id']])) { continue; } $file = $paths[$row['board_id']].$row['filehash'].$row['extension']; $thumb = $paths[$row['board_id']].$row['filehash'].'_t'.$row['extension']; @unlink($file); @unlink($thumb); $this->EE->db->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'"); } } // Update the forum stats $query = $this->EE->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if ( ! class_exists('Forum')) { require PATH_MOD.'forum/mod.forum'.EXT; require PATH_MOD.'forum/mod.forum_core'.EXT; } $FRM = new Forum_Core; foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Va-poo-rize Channel Entries and Comments /** -------------------------------------*/ $entry_ids = array(); $channel_ids = array(); $recount_ids = array(); // Find Entry IDs and Channel IDs, then delete $query = $this->EE->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $entry_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $this->EE->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('".implode("','", $entry_ids)."')"); $this->EE->db->query("DELETE FROM exp_comments WHERE entry_id IN ('".implode("','", $entry_ids)."')"); } // Find the affected entries AND channel ids for author's comments $query = $this->EE->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $recount_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member $this->EE->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); // Update stats on channel entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = $this->EE->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '".$this->EE->db->escape_str($entry_id)."'"); $comment_date = ($query->num_rows() == 0 OR ! is_numeric($query->row('max_date') )) ? 0 : $query->row('max_date') ; $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); $this->EE->db->query("UPDATE exp_channel_titles SET comment_total = '".$this->EE->db->escape_str($query->row('count') )."', recent_comment_date = '$comment_date' WHERE entry_id = '{$entry_id}'"); } } if (count($channel_ids) > 0) { foreach (array_unique($channel_ids) as $channel_id) { $this->EE->stats->update_channel_stats($channel_id); $this->EE->stats->update_comment_stats($channel_id); } } /** ------------------------------------- /** Email notification recipients /** -------------------------------------*/ if ($this->EE->session->userdata['mbr_delete_notify_emails'] != '') { $notify_address = $this->EE->session->userdata['mbr_delete_notify_emails']; $swap = array( 'name' => $this->EE->session->userdata['screen_name'], 'email' => $this->EE->session->userdata['email'], 'site_name' => stripslashes($this->EE->config->item('site_name')) ); $email_tit = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_title'), $swap); $email_msg = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (strpos($notify_address, $this->EE->session->userdata('email')) !== FALSE) { $notify_address = str_replace($this->EE->session->userdata['email'], "", $notify_address); } $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); // Load the text helper $this->EE->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { $this->EE->email->EE_initialize(); $this->EE->email->wordwrap = FALSE; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($addy); $this->EE->email->reply_to($this->EE->config->item('webmaster_email')); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->send(); } } } /** ------------------------------------- /** Trash the Session and cookies /** -------------------------------------*/ $this->EE->db->query("DELETE FROM exp_online_users WHERE site_id = '".$this->EE->db->escape_str($this->EE->config->item('site_id'))."' AND ip_address = '".$this->EE->input->ip_address()."' AND member_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_sessions WHERE session_id = '".$this->EE->session->userdata['session_id']."'"); $this->EE->functions->set_cookie($this->EE->session->c_uniqueid); $this->EE->functions->set_cookie($this->EE->session->c_password); $this->EE->functions->set_cookie($this->EE->session->c_session); $this->EE->functions->set_cookie($this->EE->session->c_expire); $this->EE->functions->set_cookie($this->EE->session->c_anon); $this->EE->functions->set_cookie('read_topics'); $this->EE->functions->set_cookie('tracker'); /** ------------------------------------- /** Update /** -------------------------------------*/ $this->EE->stats->update_member_stats(); /** ------------------------------------- /** Build Success Message /** -------------------------------------*/ $url = $this->EE->config->item('site_url'); $name = stripslashes($this->EE->config->item('site_name')); $data = array( 'title' => $this->EE->lang->line('mbr_delete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name) ); $this->EE->output->show_message($data); }
/** * Member Delete * * Delete Members * * @return mixed */ public function member_delete() { if (!$this->cp->allowed_group('can_access_members') or !$this->cp->allowed_group('can_delete_members')) { show_error(lang('unauthorized_access')); } if (!$this->input->post('delete') or !is_array($this->input->post('delete'))) { $this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members'); } $this->load->model('member_model'); // Fetch member ID numbers and build the query $ids = array(); $member_ids = array(); foreach ($this->input->post('delete') as $key => $val) { if ($val != '') { $ids[] = "member_id = '" . $this->db->escape_str($val) . "'"; $member_ids[] = $this->db->escape_str($val); } } $IDS = implode(" OR ", $ids); // SAFETY CHECK // Let's fetch the Member Group ID of each member being deleted // If there is a Super Admin in the bunch we'll run a few more safeties $super_admins = 0; $query = $this->db->query("SELECT group_id FROM exp_members WHERE " . $IDS); foreach ($query->result_array() as $row) { if ($query->row('group_id') == 1) { $super_admins++; } } if ($super_admins > 0) { // You must be a Super Admin to delete a Super Admin if ($this->session->userdata['group_id'] != 1) { show_error(lang('must_be_superadmin_to_delete_one')); } // You can't delete the only Super Admin $query = $this->member_model->count_members(1); if ($super_admins >= $query) { show_error(lang('can_not_delete_super_admin')); } } // If we got this far we're clear to delete the members $this->load->model('member_model'); $this->member_model->delete_member($member_ids, $this->input->post('heir')); /** ---------------------------------- /** Email notification recipients /** ----------------------------------*/ $this->db->select('DISTINCT(member_id), screen_name, email, mbr_delete_notify_emails'); $this->db->join('member_groups', 'members.group_id = member_groups.group_id', 'left'); $this->db->where('mbr_delete_notify_emails !=', ''); $this->db->where_in('member_id', $member_ids); $group_query = $this->db->get('members'); foreach ($group_query->result() as $member) { $notify_address = $member->mbr_delete_notify_emails; $swap = array('name' => $member->screen_name, 'email' => $member->email, 'site_name' => stripslashes($this->config->item('site_name'))); $this->lang->loadfile('member'); $email_tit = $this->functions->var_swap(lang('mbr_delete_notify_title'), $swap); $email_msg = $this->functions->var_swap(lang('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (strpos($notify_address, $member->email) !== FALSE) { $notify_address = str_replace($member->email, "", $notify_address); } $this->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { // Send email $this->load->library('email'); // Load the text helper $this->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { $this->email->EE_initialize(); $this->email->wordwrap = FALSE; $this->email->from($this->config->item('webmaster_email'), $this->config->item('webmaster_name')); $this->email->to($addy); $this->email->reply_to($this->config->item('webmaster_email')); $this->email->subject($email_tit); $this->email->message(entities_to_ascii($email_msg)); $this->email->send(); } } } /* ------------------------------------------- /* 'cp_members_member_delete_end' hook. /* - Additional processing when a member is deleted through the CP */ $edata = $this->extensions->call('cp_members_member_delete_end', $member_ids); if ($this->extensions->end_script === TRUE) { return; } /* /* -------------------------------------------*/ // Update $this->stats->update_member_stats(); $cp_message = count($ids) == 1 ? lang('member_deleted') : lang('members_deleted'); $this->session->set_flashdata('message_success', $cp_message); $this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members'); }
function contentGenerateMeta() { ob_end_clean(); //var_dump($_POST); $what = CI::model('core')->getParamFromURL('generate_what'); $what = trim($what); if ($what == '') { $what = $_POST['generate_what']; } ob_end_clean(); $data = $_POST['data']; $data = trim($data); $data = reduce_multiples($data); $data = strip_quotes($data); switch ($what) { case 'content_meta_title': $data = addslashes($data); $data = mb_trim($data); $data = trim($data); print $data; break; case 'content_meta_description': $data = strip_tags($data); $data = addslashes($data); $data = mb_trim($data); $data = trim($data); $data = word_limiter($data, 20, '...'); print $data; break; case 'content_meta_keywords': $data = strip_tags($data); $data = addslashes($data); $data = mb_trim($data); $data = trim($data); $data = CI::model('taxonomy')->taxonomyGenerateTagsFromString($data); $data = word_limiter($data, 30, ' '); print $data; break; default: break; } exit; }
/** * Create Slug * * Returns a string with all spaces converted to underscores (by default), accented * characters converted to non-accented characters, and non word characters removed. * * @param string $string the string you want to slug * @param string $replacement will replace keys in map * @return string */ public function create_slug($string) { $CI =& get_instance(); $CI->load->helper(array('url', 'text', 'string')); $string = strtolower(url_title(convert_accented_characters($string), $this->replacement)); return reduce_multiples($string, $this->_get_replacement(), TRUE); }
/** * Register Member */ public function register_member() { // Do we allow new member registrations? if (ee()->config->item('allow_member_registration') == 'n') { return FALSE; } // Is user banned? if (ee()->session->userdata('is_banned') === TRUE) { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } // Blacklist/Whitelist Check if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } ee()->load->helper('url'); // ------------------------------------------- // 'member_member_register_start' hook. // - Take control of member registration routine // - Added EE 1.4.2 // ee()->extensions->call('member_member_register_start'); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Set the default globals $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } // Instantiate validation class if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => trim_nbs($_POST['username']), 'cur_username' => '', 'screen_name' => trim_nbs($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => trim($_POST['email']), 'cur_email' => '')); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); // Do we have any custom fields? $query = ee()->db->select('m_field_id, m_field_name, m_field_label, m_field_type, m_field_list_items, m_field_required')->where('m_field_reg', 'y')->get('member_fields'); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $field_name = 'm_field_id_' . $row['m_field_id']; // Assume we're going to save this data, unless it's empty to begin with $valid = isset($_POST[$field_name]) && $_POST[$field_name] != ''; // Basic validations if ($row['m_field_required'] == 'y' && !$valid) { $cust_errors[] = lang('mbr_field_required') . ' ' . $row['m_field_label']; } elseif ($row['m_field_type'] == 'select' && $valid) { // Ensure their selection is actually a valid choice $options = explode("\n", $row['m_field_list_items']); if (!in_array(htmlentities($_POST[$field_name]), $options)) { $valid = FALSE; $cust_errors[] = lang('mbr_field_invalid') . ' ' . $row['m_field_label']; } } if ($valid) { $cust_fields[$field_name] = ee()->security->xss_clean($_POST[$field_name]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = lang('mbr_emails_not_match'); } if (ee()->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = lang('captcha_required'); } } if (ee()->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = lang('mbr_terms_of_service_required'); } } // ------------------------------------------- // 'member_member_register_errors' hook. // - Additional error checking prior to submission // - Added EE 2.5.0 // ee()->extensions->call('member_member_register_errors', $this); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- $errors = array_merge($VAL->errors, $cust_errors, $this->errors); // Display error is there are any if (count($errors) > 0) { return ee()->output->show_user_error('submission', $errors); } // Do we require captcha? if (ee()->config->item('use_membership_captcha') == 'y') { $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return ee()->output->show_user_error('submission', array(lang('captcha_incorrect'))); } ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } ee()->load->helper('security'); // Assign the base query data $data = array('username' => trim_nbs(ee()->input->post('username')), 'password' => sha1($_POST['password']), 'ip_address' => ee()->input->ip_address(), 'unique_id' => ee()->functions->random('encrypt'), 'join_date' => ee()->localize->now, 'email' => trim_nbs(ee()->input->post('email')), 'screen_name' => trim_nbs(ee()->input->post('screen_name')), 'url' => prep_url(ee()->input->post('url')), 'location' => ee()->input->post('location'), 'language' => ee()->config->item('deft_lang') ? ee()->config->item('deft_lang') : 'english', 'date_format' => ee()->config->item('date_format') ? ee()->config->item('date_format') : '%n/%j/%y', 'time_format' => ee()->config->item('time_format') ? ee()->config->item('time_format') : '12', 'include_seconds' => ee()->config->item('include_seconds') ? ee()->config->item('include_seconds') : 'n', 'timezone' => ee()->config->item('default_site_timezone')); // Set member group if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if (ee()->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = ee()->config->item('default_member_group'); } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'date_format' => 'date_format', 'time_format' => 'time_format', 'include_seconds' => 'include_seconds'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } // We generate an authorization code if the member needs to self-activate if (ee()->config->item('req_mbr_activation') == 'email') { $data['authcode'] = ee()->functions->random('alnum', 10); } // Insert basic member data ee()->db->query(ee()->db->insert_string('exp_members', $data)); $member_id = ee()->db->insert_id(); // Insert custom fields $cust_fields['member_id'] = $member_id; ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields)); // Create a record in the member homepage table // This is only necessary if the user gains CP access, // but we'll add the record anyway. ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); // Mailinglist Subscribe $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. ee()->db->where('email', $_POST['email'])->delete('mailing_list_queue'); // Validate Mailing List ID $query = ee()->db->select('COUNT(*) as count')->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_lists'); // Email Not Already in Mailing List $results = ee()->db->select('COUNT(*) as count')->where('email', $_POST['email'])->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_list'); // INSERT Email if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = ee()->functions->random('alnum', 10); if (ee()->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); ee()->lang->loadfile('mailinglist'); $action_id = ee()->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url')); $template = ee()->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // Send email ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->mailtype = 'plain'; ee()->email->priority = '3'; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($_POST['email']); ee()->email->subject($email_tit); ee()->email->message($email_msg); ee()->email->send(); } else { // Automatically Accepted ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')"); } } } // Update if (ee()->config->item('req_mbr_activation') == 'none') { ee()->stats->update_member_stats(); } // Send admin notifications if (ee()->config->item('new_member_notification') == 'y' && ee()->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Remove multiple commas $notify_address = reduce_multiples(ee()->config->item('mbr_notification_emails'), ',', TRUE); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($notify_address); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // ee()->extensions->call('member_member_register', $data, $member_id); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Send user notifications if (ee()->config->item('req_mbr_activation') == 'email') { $action_id = ee()->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id')) ? ee()->input->get_post('board_id') : 1; $forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($data['email']); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); $message = lang('mbr_membership_instructions_email'); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { $message = lang('mbr_admin_will_activate'); } else { // Log user in (the extra query is a little annoying) ee()->load->library('auth'); $member_data_q = ee()->db->get_where('members', array('member_id' => $member_id)); $incoming = new Auth_result($member_data_q->row()); $incoming->remember_me(); $incoming->start_session(); $message = lang('mbr_your_are_logged_in'); } // Build the message if (ee()->input->get_post('FROM') == 'forum') { $query = $this->_do_form_query(); $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name')); $return = ee()->config->item('site_url'); } $data = array('title' => lang('mbr_registration_complete'), 'heading' => lang('thank_you'), 'content' => lang('mbr_registration_completed') . "\n\n" . $message, 'redirect' => '', 'link' => array($return, $site_name)); ee()->output->show_message($data); }
function register_member($ext, $doRegister = TRUE, $error_handling = '') { $this->EE->load->helper('security'); $inline_errors = array(); //$this->EE->load->language("member"); /** ------------------------------------- /** Do we allow new member registrations? /** ------------------------------------*/ if ($this->EE->config->item('allow_member_registration') == 'n') { return array('general', array($this->EE->lang->line('member_registrations_not_allowed'))); } /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($this->EE->session->userdata['is_banned'] == TRUE) { return array('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->load->helper('url'); /* ------------------------------------------- /* 'member_member_register_start' hook. /* - Take control of member registration routine /* - Added EE 1.4.2 */ $edata = $this->EE->extensions->call('member_member_register_start'); if ($this->EE->extensions->end_script === TRUE) { return; } /* /* -------------------------------------------*/ /** ---------------------------------------- /** Set the default globals /** ----------------------------------------*/ $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '')); // load the language file $this->EE->lang->loadfile('zoo_visitor'); $VAL->validate_email(); $inline_errors["email"] = $VAL->errors; $offset = count($VAL->errors); /** ------------------------------------- /** Zoo Visitor conditional checking /** -------------------------------------*/ if ($this->zoo_settings['email_is_username'] != 'yes') { $VAL->validate_username(); $inline_errors["username"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } if ($this->zoo_settings['use_screen_name'] != "no") { $VAL->validate_screen_name(); $inline_errors["screen_name"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } $VAL->validate_password(); $inline_errors["password"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); /** ------------------------------------- /** Do we have any custom fields? /** -------------------------------------*/ $query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields"); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { if ($row['m_field_required'] == 'y' && (!isset($_POST['m_field_id_' . $row['m_field_id']]) or $_POST['m_field_id_' . $row['m_field_id']] == '')) { $cust_errors[] = $this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']; $inline_errors[$row['m_field_name']] = array($this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']); } elseif (isset($_POST['m_field_id_' . $row['m_field_id']])) { $cust_fields['m_field_id_' . $row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_' . $row['m_field_id']]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = $this->EE->lang->line('mbr_emails_not_match'); $inline_errors["email_confirm"] = array($this->EE->lang->line('mbr_emails_not_match')); } if ($this->EE->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = $this->EE->lang->line('captcha_required'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_required')); } } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($this->EE->config->item('use_membership_captcha') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { $cust_errors[] = $this->EE->lang->line('captcha_incorrect'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_incorrect')); } //$this->EE->db->query("DELETE FROM exp_captcha WHERE (word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } if ($this->EE->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required'); $inline_errors["accept_terms"] = array($this->EE->lang->line('mbr_terms_of_service_required')); } } $errors = array_merge($VAL->errors, $cust_errors); // =========================== // = Set default membergroup = // =========================== if ($this->EE->config->item('req_mbr_activation') == 'manual' or $this->EE->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if ($this->EE->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = $this->EE->config->item('default_member_group'); } } // ============================================ // = Check if there is a membergroup selected = // ============================================ $selected_group_id = $this->check_membergroup_change($data); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($errors) > 0) { return array('submission', $inline_errors); //return array('submission', $errors); } if (!$doRegister) { return TRUE; } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if ($this->EE->config->item('secure_forms') == 'y') { if (version_compare(APP_VER, '2.5.4', '>=')) { // Secure Mode Forms? if ($this->EE->config->item('secure_forms') == 'y' and !$this->EE->security->secure_forms_check($this->EE->input->post('XID'))) { return $this->EE->output->show_user_error('general', array(lang('not_authorized'))); } } else { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } } /** ------------------------------------- /** Assign the base query data /** -------------------------------------*/ $data['username'] = $_POST['username']; $data['password'] = version_compare(APP_VER, '2.6.0', '<') ? $this->EE->functions->hash(stripslashes($_POST['password'])) : do_hash(stripslashes($_POST['password'])); $data['ip_address'] = $this->EE->input->ip_address(); $data['unique_id'] = $this->EE->functions->random('encrypt'); $data['join_date'] = $this->EE->localize->now; $data['email'] = $_POST['email']; $data['screen_name'] = $_POST['screen_name']; $data['url'] = prep_url($_POST['url']); $data['location'] = $_POST['location']; // overridden below if used as optional fields $data['language'] = $this->EE->config->item('deft_lang') ? $this->EE->config->item('deft_lang') : 'english'; $data['time_format'] = $this->EE->config->item('time_format') ? $this->EE->config->item('time_format') : 'us'; $data['timezone'] = $this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '' ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone'); if (APP_VER < '2.6.0') { $data['daylight_savings'] = $this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '' ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings'); } // ========================== // = Standard member fields = // ========================== $fields = array('bday_y', 'bday_m', 'bday_d', 'url', 'location', 'occupation', 'interests', 'aol_im', 'icq', 'yahoo_im', 'msn_im', 'bio'); foreach ($fields as $val) { if ($this->EE->input->post($val)) { $data[$val] = isset($_POST[$val]) ? $this->EE->security->xss_clean($_POST[$val]) : ''; unset($_POST[$val]); } } if (isset($data['bday_d']) && is_numeric($data['bday_d']) && is_numeric($data['bday_m'])) { $year = $data['bday_y'] != '' ? $data['bday_y'] : date('Y'); $mdays = $this->EE->localize->fetch_days_in_month($data['bday_m'], $year); if ($data['bday_d'] > $mdays) { $data['bday_d'] = $mdays; } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } /* if ($this->EE->input->post('daylight_savings') == 'y') { $data['daylight_savings'] = 'y'; } elseif ($this->EE->input->post('daylight_savings') == 'n') { $data['daylight_savings'] = 'n'; } */ // We generate an authorization code if the member needs to self-activate if ($this->EE->config->item('req_mbr_activation') == 'email') { $data['authcode'] = $this->EE->functions->random('alnum', 10); } /** ------------------------------------- /** Insert basic member data /** -------------------------------------*/ $this->EE->db->query($this->EE->db->insert_string('exp_members', $data)); $member_id = $this->EE->db->insert_id(); // ============================================= // = Override the screenname for use in emails = // ============================================= $screen_name_overriden = $this->get_override_screen_name(); $data['screen_name'] = $screen_name_overriden !== FALSE ? $screen_name_overriden : $data['screen_name']; // ========================================================================================= // = Store the selected membergroup if it is defined in the form AND activation is required = // ========================================================================================== if (isset($selected_group_id) and is_numeric($selected_group_id) and $selected_group_id != '1') { if ($this->EE->config->item('req_mbr_activation') == 'email' || $this->EE->config->item('req_mbr_activation') == 'manual') { $activation_data = array(); $activation_data['member_id'] = $member_id; $activation_data['group_id'] = $selected_group_id; $this->EE->db->insert('zoo_visitor_activation_membergroup', $activation_data); } } // ===================== // = HASH THE PASSWORD = // ===================== $this->EE->load->library('auth'); $hashed_pair = $this->EE->auth->hash_password($_POST['password']); if ($hashed_pair === FALSE) { } else { $this->EE->db->where('member_id', (int) $member_id); $this->EE->db->update('members', $hashed_pair); } /** ------------------------------------- /** Insert custom fields /** -------------------------------------*/ $cust_fields['member_id'] = $member_id; $this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields)); /** ------------------------------------- /** Create a record in the member homepage table /** -------------------------------------*/ // This is only necessary if the user gains CP access, but we'll add the record anyway. $this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); /** ------------------------------------- /** Mailinglist Subscribe /** -------------------------------------*/ $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. $this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'"); // Validate Mailing List ID $query = $this->EE->db->query("SELECT COUNT(*) AS count\n\t\t\t\t\t\t\t\t FROM exp_mailing_lists\n\t\t\t\t\t\t\t\t WHERE list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); // Email Not Already in Mailing List $results = $this->EE->db->query("SELECT count(*) AS count\n\t\t\t\t\t\t\t\t\tFROM exp_mailing_list\n\t\t\t\t\t\t\t\t\tWHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'\n\t\t\t\t\t\t\t\t\tAND list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); /** ------------------------------------- /** INSERT Email /** -------------------------------------*/ if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = $this->EE->functions->random('alnum', 10); if ($this->EE->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); $this->EE->lang->loadfile('mailinglist'); $action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url')); $template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = $this->EE->functions->var_swap($template['title'], $swap); $email_msg = $this->EE->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'plain'; $this->EE->email->priority = '3'; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($_POST['email']); $this->EE->email->subject($email_tit); $this->EE->email->message($email_msg); $this->EE->email->send(); } else { // Automatically Accepted $this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($this->EE->input->ip_address()) . "')"); } } } /** ------------------------------------- /** Update /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'none') { $this->EE->stats->update_member_stats(); } /** ------------------------------------- /** Send admin notifications /** -------------------------------------*/ if ($this->EE->config->item('new_member_notification') == 'y' and $this->EE->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'control_panel_url' => $this->EE->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($notify_address); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // $edata = $this->EE->extensions->call('member_member_register', $data, $member_id); if ($this->EE->extensions->end_script === TRUE) { return; } // // ------------------------------------------- /** ------------------------------------- /** Zoo Visitor assignment /** -------------------------------------*/ $member_data = $data; $member_data["member_id"] = $member_id; /** ------------------------------------- /** Send user notifications /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'email') { $action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = $this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id')) ? $this->EE->input->get_post('board_id') : 1; $forum_id = $this->EE->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($data['email']); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); $message = $this->EE->lang->line('mbr_membership_instructions_email'); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { $message = $this->EE->lang->line('mbr_admin_will_activate'); } else { /** ---------------------------------------- /** Log user is handled at the end of the extension /** ----------------------------------------*/ } /** ---------------------------------------- /** Build the message /** ----------------------------------------*/ if ($this->EE->input->get_post('FROM') == 'forum') { if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '" . $this->EE->db->escape_str($this->EE->input->get_post('board_id')) . "'"); } else { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = $this->EE->config->item('site_name') == '' ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name')); $return = $this->EE->config->item('site_url'); } $data = array('title' => $this->EE->lang->line('mbr_registration_complete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_registration_completed'), 'redirect' => '', 'link' => array($return, $site_name), 'result' => 'registration_complete', 'member_data' => $member_data); //$this->EE->output->show_message($data); return $data; }
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> <!-- This sitemap is being generated automatically --> <!-- Generated <?php echo date('Y-m-d H:i:s'); ?> --> <?php foreach ($pages as $page) { if (!strlen($page['path']) || $page['type'] == 'root') { continue; } if (!empty($page['options']['include_sitemap']) && $page['options']['include_sitemap'] == 'no') { continue; } $url = 'http://' . reduce_multiples($_SERVER['HTTP_HOST'] . '/' . SITEPATH . $page['path'] . '/', '/'); $mod = strlen($page['publish_date']) && $page['publish_date'] != '0000-00-00 00:00:00' ? date('Y-m-d', strtotime($page['publish_date'])) : ''; echo '<url>' . '<loc>' . $url . '</loc>' . '<lastmod>' . $mod . '</lastmod>' . '</url>'; } ?> </urlset>
/** * Grid * * This is used by the data table js. * * @access public * @return string */ public function grid() { $iTotal = $this->db->count_all('articles'); $this->db->start_cache(); //$this->db->select('user_id, user_ip, user_first_name, user_last_name, user_email, user_username, user_group, user_join_date, user_last_login'); $this->db->from('articles'); // User Level if ($this->session->userdata('user_group') == 4) { $this->db->where('article_author', $this->session->userdata['userid']); } /* Searching */ if ($this->input->post('sSearch') != '') { $q = $this->input->post('sSearch', TRUE); $this->db->orlike('article_title', $q); $this->db->orlike('article_short_desc', $q); $this->db->orlike('article_description', $q); $this->db->orlike('article_uri', $q); } /* Sorting */ if ($this->input->post('iSortCol_0')) { $sort_col = $this->input->post('iSortCol_0'); for ($i = 0; $i < $sort_col; $i++) { $this->db->order_by($this->_column_to_field($this->input->post('iSortCol_' . $i)), $this->input->post('iSortDir_' . $i)); } } else { $this->db->order_by('article_modified', 'desc'); } $this->db->stop_cache(); $iFilteredTotal = $this->db->count_all_results(); $this->db->start_cache(); /* Limit */ if ($this->input->post('iDisplayStart') && $this->input->post('iDisplayLength') != '-1') { $this->db->limit($this->input->post('iDisplayLength'), $this->input->post('iDisplayStart')); } elseif ($this->input->post('iDisplayLength')) { $this->db->limit($this->input->post('iDisplayLength')); } $query = $this->db->get(); $output = '{'; $output .= '"sEcho": ' . $this->input->post('sEcho') . ', '; $output .= '"iTotalRecords": ' . $iTotal . ', '; $output .= '"iTotalDisplayRecords": ' . $iFilteredTotal . ', '; $output .= '"aaData": [ '; foreach ($query->result_array() as $row) { $cat = ''; // Here we are flushing cache because of the "get_cats" query. $this->db->flush_cache(); $cats = $this->articles_model->get_cats_by_article($row['article_id']); foreach ($cats->result_array() as $item) { $cat .= anchor('admin/categories/edit/' . $item['cat_id'], $item['cat_name']) . ', '; } $status = '<span class="not_active">' . lang('lang_not_active') . '</span>'; if ($row['article_display'] == 'y') { $status = '<span class="active">' . lang('lang_active') . '</span>'; } $title = anchor('admin/kb/articles/edit/' . $row['article_id'], $row['article_title']); $output .= "["; $output .= '"' . addslashes($title) . '",'; $output .= '"' . addslashes(reduce_multiples($cat, ", ", TRUE)) . '",'; $output .= '"' . addslashes(date($this->config->item('short_date_format'), $row['article_date'])) . '",'; $output .= '"' . addslashes(date($this->config->item('short_date_format'), $row['article_modified'])) . '",'; $output .= '"' . addslashes($status) . '",'; $output .= '"<input type=\\"checkbox\\" name=\\"article_id[]\\" value=\\"' . $row['article_id'] . '\\" />"'; $output .= "],"; } $output = substr_replace($output, "", -1); $output .= '] }'; echo $output; }
/** * Authorize email submission */ function authorize_email() { /** ---------------------------------------- /** Fetch the mailinglist language pack /** ----------------------------------------*/ ee()->lang->loadfile('mailinglist'); // Is the mailing list turned on? if (ee()->config->item('mailinglist_enabled') == 'n') { return ee()->output->show_user_error('general', lang('mailinglist_disabled')); } /** ---------------------------------------- /** Fetch the name of the site /** ----------------------------------------*/ $site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name')); /** ---------------------------------------- /** No ID? Tisk tisk... /** ----------------------------------------*/ $id = ee()->input->get_post('id'); if ($id == FALSE) { $data = array('title' => lang('ml_mailinglist'), 'heading' => lang('error'), 'content' => lang('invalid_url'), 'link' => array(ee()->functions->fetch_site_index(), $site_name)); ee()->output->show_message($data); } /** ---------------------------------------- /** Fetch email associated with auth-code /** ----------------------------------------*/ $expire = time() - 60 * 60 * 48; ee()->db->query("DELETE FROM exp_mailing_list_queue WHERE date < '{$expire}' "); $query = ee()->db->query("SELECT email, list_id FROM exp_mailing_list_queue WHERE authcode = '" . ee()->db->escape_str($id) . "'"); if ($query->num_rows() == 0) { $data = array('title' => lang('ml_mailinglist'), 'heading' => lang('error'), 'content' => lang('ml_expired_date'), 'link' => array(ee()->functions->fetch_site_index(), $site_name)); echo ee()->output->show_message($data); exit; } /** ---------------------------------------- /** Transfer email to the mailing list /** ----------------------------------------*/ $email = $query->row('email'); $list_id = $query->row('list_id'); if ($list_id == 0) { $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_mailing_lists WHERE list_id = 1"); if ($query->row('count') != 1) { return ee()->output->show_user_error('general', lang('ml_no_list_id')); } else { $list_id = 1; } } ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($list_id) . "', '{$id}', '" . ee()->db->escape_str($email) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')"); ee()->db->query("DELETE FROM exp_mailing_list_queue WHERE authcode = '" . ee()->db->escape_str($id) . "'"); /** ---------------------------------------- /** Is there an admin notification to send? /** ----------------------------------------*/ if (ee()->config->item('mailinglist_notify') == 'y' and ee()->config->item('mailinglist_notify_emails') != '') { $query = ee()->db->select('list_title')->get_where('mailing_lists', array('list_id' => $list_id)); $swap = array('email' => $email, 'mailing_list' => $query->row('list_title')); $template = ee()->functions->fetch_email_template('admin_notify_mailinglist'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Remove multiple commas $notify_address = reduce_multiples(ee()->config->item('mailinglist_notify_emails'), ',', TRUE); if ($notify_address != '') { // Send email ee()->load->library('email'); // Load the text helper ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->EE_initialize(); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->send(); } } } /** ------------------------------ /** Success Message /** ------------------------------*/ $data = array('title' => lang('ml_mailinglist'), 'heading' => lang('thank_you'), 'content' => lang('ml_account_confirmed'), 'link' => array(ee()->functions->fetch_site_index(), $site_name)); ee()->output->show_message($data); }
public function string_helper() { $this->load->helper('string'); $this->htmlp(random_string('alnum', 16)); $this->htmlp(increment_string('file', '_')); // "file_1" $this->htmlp(increment_string('file', '-', 2)); // "file-2" $this->htmlp(increment_string('file_4')); // "file_5" for ($i = 0; $i < 10; $i++) { $this->htmlp(alternator('one', 'two', 'three', 'four', 'five')); } $string = "|repeat"; $this->htmlp(repeater($string, 30)); // DEPRECATED $string = "http://example.com//index.php"; $this->htmlp(reduce_double_slashes($string)); // results in "http://example.com/index.php" $string = "/this/that/theother/"; $this->htmlp(trim_slashes($string)); // results in this/that/theother $string = "Fred, Bill,, Joe, Jimmy"; $string = reduce_multiples($string, ","); //results in "Fred, Bill, Joe, Jimmy" $this->htmlp($string); $string = ",Fred, Bill,, Joe, Jimmy,"; $string = reduce_multiples($string, ", ", TRUE); //results in "Fred, Bill, Joe, Jimmy" $this->htmlp($string); $string = "Joe's \"dinner\""; $string = quotes_to_entities($string); //results in "Joe's "dinner"" $this->htmlp($string); $string = "Joe's \"dinner\""; $string = strip_quotes($string); //results in "Joes dinner" $this->htmlp($string); }
/** * Delete Member Account Processing * * @access public * @return string */ public function delete_account() { /** ---------------------------------------- /** Authorization Check /** ----------------------------------------*/ if ($this->_param('member_id') == FALSE or !ctype_digit($this->_param('member_id')) or !isset($_POST['ACT'])) { return $this->_output_error('general', array(ee()->lang->line('not_authorized'))); } if (ee()->session->userdata['member_id'] == 0) { return $this->_output_error('general', ee()->lang->line('not_authorized')); } // If not deleting yourself, you must be a SuperAdmin or have Delete Member permissions // If deleting yourself, you must have permission to do so. if ($this->_param('member_id') != ee()->session->userdata['member_id']) { if (ee()->session->userdata['group_id'] != 1 and ee()->session->userdata['can_delete_members'] != 'y') { return $this->_output_error('general', ee()->lang->line('not_authorized')); } } elseif (ee()->session->userdata['can_delete_self'] !== 'y') { return $this->_output_error('general', ee()->lang->line('not_authorized')); } $admin = ee()->session->userdata['member_id'] != $this->_param('member_id') ? TRUE : FALSE; /** -------------------------------------------- /** Member Data /** --------------------------------------------*/ $query = ee()->db->query("SELECT m.*,\n\t\t\t\t\tmg.mbr_delete_notify_emails\n\t\t\t FROM \texp_members AS m, \n\t\t\t\t\texp_member_groups AS mg\n\t\t\t WHERE \tm.member_id = '" . ee()->db->escape_str($this->_param('member_id')) . "'\n\t\t\t AND \tm.group_id = mg.group_id"); if ($query->num_rows() == 0) { return $this->_output_error('general', ee()->lang->line('not_authorized')); } /** ------------------------------------- /** One cannot delete a SuperAdmin from the User side. Sorry... /** -------------------------------------*/ if ($query->row('group_id') == 1) { return $this->_output_error('general', ee()->lang->line('cannot_delete_super_admin')); } /** -------------------------------------------- /** Variables! /** --------------------------------------------*/ $id = $query->row('member_id'); $check_password = $query->row('password'); $mbr_delete_notify_emails = $query->row('mbr_delete_notify_emails'); $screen_name = $query->row('screen_name'); $email = $query->row('email'); /** ---------------------------------------- /** Is IP and User Agent required for login? Then, same here. /** ----------------------------------------*/ if (ee()->config->item('require_ip_for_login') == 'y') { if (ee()->session->userdata['ip_address'] == '' or ee()->session->userdata['user_agent'] == '') { return $this->_output_error('general', ee()->lang->line('unauthorized_request')); } } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if (ee()->session->check_password_lockout() === TRUE) { return $this->_output_error('general', str_replace("%x", ee()->config->item('password_lockout_interval'), ee()->lang->line('password_lockout_in_effect'))); } /* ------------------------------------- /* If deleting self, you must submit your password. /* If SuperAdmin deleting another, must submit your password /* -------------------------------------*/ if (APP_VER >= '2.2.0') { $check_salt = $query->row('salt'); } // Fetch the SAs password instead as they are the one doing the deleting if (ee()->session->userdata['member_id'] != $this->_param('member_id')) { $squery = ee()->db->query("SELECT password" . (APP_VER < '2.2.0' ? '' : ', salt') . " \n\t\t\t\t FROM \texp_members \n\t\t\t\t WHERE \tmember_id = '" . ee()->db->escape_str(ee()->session->userdata['member_id']) . "'"); $check_password = $squery->row('password'); if (APP_VER >= '2.2.0') { $check_salt = $squery->row('salt'); } unset($squery); } if (APP_VER < '2.2.0') { $password = ee()->functions->hash(stripslashes(ee()->input->post('password'))); if ($check_password != $password) { ee()->session->save_password_lockout(); return $this->_output_error('general', ee()->lang->line('invalid_pw')); } } else { ee()->load->library('auth'); $passwd = ee()->auth->hash_password(stripslashes(ee()->input->post('password')), $check_salt); if (!isset($passwd['salt']) or $passwd['password'] != $check_password) { ee()->session->save_password_lockout(); return $this->_output_error('general', ee()->lang->line('invalid_pw')); } } // -------------------------------------------- // EE 2.4 Added a Member Model for Deleting That Works Rather Well // -------------------------------------------- if (APP_VER >= '2.4.0') { ee()->load->model('member_model'); ee()->member_model->delete_member($id); } else { /** ------------------------------------- /** No turning back, get to deletin'! /** -------------------------------------*/ ee()->db->query("DELETE FROM exp_members WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'"); $message_query = ee()->db->query("SELECT DISTINCT \trecipient_id \n\t\t\t\t FROM \t\t\t\texp_message_copies \n\t\t\t\t WHERE \t\t\t\tsender_id = '{$id}' \n\t\t\t\t AND \t\t\t\tmessage_read = 'n'"); ee()->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t\t\t\t FROM \texp_message_copies \n\t\t\t\t\t\t WHERE \trecipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); ee()->db->query(ee()->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), array('member_id' => $row['recipient_id']))); } } /** ------------------------------------- /** Delete Forum Posts /** -------------------------------------*/ if (ee()->config->item('forum_is_installed') == "y") { ee()->db->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'"); // Snag the affected topic id's before deleting the member for the update afterwards $query = ee()->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } ee()->db->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'"); // Update the forum stats $query = ee()->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } $FRM = new Forum_Core(); foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Va-poo-rize Weblog Entries and Comments /** -------------------------------------*/ $entry_ids = array(); $channel_ids = array(); $recount_ids = array(); // Find Entry IDs and Channel IDs, then DELETE! DELETE, WHA HA HA HA!! if (APP_VER < 2.0) { $query = ee()->db->query("SELECT entry_id, weblog_id AS channel_id FROM exp_weblog_titles WHERE author_id = '{$id}'"); } else { $query = ee()->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'"); } if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $entry_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } if (APP_VER < 2.0) { ee()->db->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } else { ee()->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } ee()->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); ee()->db->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } // Find the affected entries AND channel ids for author's comments if (APP_VER < 2.0) { $query = ee()->db->query("SELECT DISTINCT(entry_id), weblog_id AS channel_id FROM exp_comments WHERE author_id = '{$id}'"); } else { $query = ee()->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'"); } if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $recount_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member ee()->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); $this->EE->stats->update_member_stats(); // Update stats on channel entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = ee()->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . ee()->db->escape_str($entry_id) . "'"); $comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date'); $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); if (APP_VER < 2.0) { ee()->db->query("UPDATE exp_weblog_titles SET\tcomment_total = '" . ee()->db->escape_str($query->row('count')) . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } else { ee()->db->query("UPDATE exp_channel_titles SET comment_total = '" . ee()->db->escape_str($query->row('count')) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } } } foreach (array_unique($channel_ids) as $channel_id) { if (APP_VER < 2.0) { ee()->stats->update_weblog_stats($channel_id); } else { ee()->stats->update_channel_stats($channel_id); } ee()->stats->update_comment_stats($channel_id); } } // END conditional for EE versions below EE 2.4.0 /** ------------------------------------- /** Email notification recipients /** -------------------------------------*/ if ($mbr_delete_notify_emails != '') { $notify_address = $mbr_delete_notify_emails; $swap = array('name' => $screen_name, 'email' => $email, 'site_name' => stripslashes(ee()->config->item('site_name'))); $email_tit = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_title'), $swap); $email_msg = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (stristr($notify_address, $email)) { $notify_address = str_replace($email, "", $notify_address); } ee()->load->helper('string'); $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ ee()->load->library('email'); ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->initialize(); ee()->email->wordwrap = false; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } } } /** ------------------------------------- /** Trash the Session and cookies /** -------------------------------------*/ ee()->db->query("DELETE FROM exp_online_users \n\t\t\t\t\t\t WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' \n\t\t\t\t\t\t AND ip_address = '{ee()->input->ip_address()}' \n\t\t\t\t\t\t AND member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_sessions WHERE member_id = '" . $id . "'"); if ($admin === FALSE) { if (APP_VER < '2.2.0') { ee()->functions->set_cookie(ee()->session->c_password); } ee()->functions->set_cookie(ee()->session->c_session); ee()->functions->set_cookie(ee()->session->c_expire); ee()->functions->set_cookie(ee()->session->c_anon); ee()->functions->set_cookie('read_topics'); ee()->functions->set_cookie('tracker'); } if (ee()->extensions->active_hook('user_delete_account_end') === TRUE) { $edata = ee()->extensions->universal_call('user_delete_account_end', $this); if (ee()->extensions->end_script === TRUE) { return; } } /** ---------------------------------------- /** Override Return /** ----------------------------------------*/ if ($this->_param('override_return') !== FALSE and $this->_param('override_return') != '' && $this->is_ajax_request() === FALSE) { ee()->functions->redirect($this->_param('override_return')); exit; } /** ---------------------------------------- /** Set return /** ----------------------------------------*/ if (ee()->input->get_post('return') !== FALSE and ee()->input->get_post('return') != '') { $return = ee()->input->get_post('return'); } elseif (ee()->input->get_post('RET') !== FALSE and ee()->input->get_post('RET') != '') { $return = ee()->input->get_post('RET'); } else { $return = ee()->config->item('site_url'); } if (preg_match("/" . LD . "\\s*path=(.*?)" . RD . "/", $return, $match)) { $return = ee()->functions->create_url($match['1']); } /** ---------------------------------------- /** Return /** ----------------------------------------*/ $return = $this->_chars_decode($return); // -------------------------------------------- // AJAX Response // -------------------------------------------- if ($this->is_ajax_request()) { $this->send_ajax_response(array('success' => TRUE, 'heading' => lang('user_successful_submission'), 'message' => lang('mbr_account_deleted'), 'content' => lang('mbr_account_deleted'))); } /** ------------------------------------- /** Build Success Message /** -------------------------------------*/ $name = stripslashes(ee()->config->item('site_name')); $data = array('title' => ee()->lang->line('mbr_delete'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_account_deleted'), 'redirect' => $return); ee()->output->show_message($data); }
} */ function _Head_String($ID_Fields = '') { if (!$this->Tabel == '') { $Flag = FALSE; if ($ID_Fields == '') { $this->db->select('Data_Template_Fields'); $this->db->from('template_fields'); $this->db->join('table', 'table.ID_Table = template_fields.ID_Table'); $this->db->where('ID_Users', $this->session->ID_Users); $this->db->where('Name_Table', $this->Tabel); $query = $this->db->get(); $Flag = $query->num_rows() > 0 ? TRUE : FALSE; } if ($Flag or !$ID_Fields == '') { if ($ID_Fields == '') { $row = $query->row_array(); $ColumnArray = explode(', ', $row['Data_Template_Fields']); } else { $ColumnArray = $ID_Fields; } $this->db->select('ID_Fields_Table, Name_Fields_Table, Description_Fields_Table, Sc_Description_Fields_Table'); $this->db->from('Fields_Table'); $this->db->where_in('ID_Fields_Table', $ColumnArray); $query = $this->db->get(); $Out = ''; foreach ($query->result_array() as $row) { $this->ColTabel[$row['ID_Fields_Table']] = $row['Name_Fields_Table']; $this->Description_Fields[$row['Name_Fields_Table']] = $row['Description_Fields_Table']; $this->Sc_Description_Fields[$row['Name_Fields_Table']] = $row['Sc_Description_Fields_Table']; } if ($ID_Fields == '') { foreach ($ColumnArray as $value) { $Out .= $this->ColTabel[$value] . ', '; } } else { $Out .= $this->ColTabel[$ColumnArray] . ', '; } $this->db->reset_query(); return reduce_multiples($Out, ", ", TRUE); }