function SendSite($yname, $ymail, $fname, $fmail, $random_num = "0", $gfx_check) { global $sitename, $slogan, $nukeurl, $module_name, $gfx_chk, $sitekey; if (empty($fname) or empty($fmail) or empty($yname) or empty($ymail)) { include "header.php"; title("{$sitename} - " . _RECOMMEND . ""); OpenTable(); echo "<center>" . _SENDSITEERROR . "<br><br>" . _GOBACK . ""; CloseTable(); include "footer.php"; die; } $fname = removecrlf(filter($fname, "nohtml")); $fmail = validate_mail(removecrlf(filter($fmail, "nohtml"))); $yname = removecrlf(filter($yname, "nohtml")); $ymail = validate_mail(removecrlf(filter($ymail, "nohtml"))); $datekey = date("F j"); $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey)); $code = substr($rcode, 2, 3); if (extension_loaded("gd") and $code != $gfx_check and $gfx_chk != 0) { $mess = 1; Header("Location: modules.php?name={$module_name}&op=RecommendSite&mess={$mess}"); } else { $subject = "" . _INTSITE . " {$sitename}"; $message = "" . _HELLO . " {$fname}:\n\n" . _YOURFRIEND . " {$yname} " . _OURSITE . " {$sitename} " . _INTSENT . "\n\n\n" . _FSITENAME . " {$sitename}\n{$slogan}\n" . _FSITEURL . " {$nukeurl}\n"; mail($fmail, $subject, $message, "From: \"{$yname}\" <{$ymail}>\nX-Mailer: PHP/" . phpversion()); update_points(3); Header("Location: modules.php?name={$module_name}&op=SiteSent&fname={$fname}"); } }
function create_first($name, $url, $email, $pwd, $user_new) { global $prefix, $db, $user_prefix, $Default_Theme; $first = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_authors")); if ($first == 0) { $pwd = htmlentities($pwd); $pwd = md5($pwd); $the_adm = "God"; $email = validate_mail($email); $db->sql_query("INSERT INTO " . $prefix . "_authors VALUES ('" . addslashes($name) . "', '{$the_adm}', '" . addslashes($url) . "', '" . addslashes($email) . "', '{$pwd}', '0', '1', '')"); if ($user_new == 1) { $user_regdate = date("M d, Y"); $user_avatar = "gallery/blank.gif"; $commentlimit = 4096; if ($url == "http://") { $url = ""; } $db->sql_query("INSERT INTO " . $user_prefix . "_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'" . addslashes($name) . "','" . addslashes($email) . "','" . addslashes($url) . "','{$user_avatar}','{$user_regdate}','{$pwd}','{$Default_Theme}','{$commentlimit}', '2', 'english','D M d, Y g:i a')"); } login(); } }
function Add($title, $url, $auth_name, $cat, $description, $email, $filesize, $version, $homepage) { global $prefix, $db, $user; $sql = "SELECT url FROM " . $prefix . "_downloads_downloads WHERE url='{$url}'"; $result = $db->sql_query($sql); $numrows = $db->sql_numrows($result); if ($numrows > 0) { include "header.php"; menu(1); echo "<br>"; OpenTable(); echo "<center><b>" . _DOWNLOADALREADYEXT . "</b><br><br>" . "" . _GOBACK . ""; CloseTable(); include "footer.php"; } else { if (is_user($user)) { $user2 = base64_decode($user); $user2 = addslashes($user2); $cookie = explode(":", $user2); cookiedecode($user); $submitter = $cookie[1]; } // Check if Title exist if (empty($title)) { include "header.php"; menu(1); echo "<br>"; OpenTable(); echo "<center><b>" . _DOWNLOADNOTITLE . "</b><br><br>" . "" . _GOBACK . ""; CloseTable(); include "footer.php"; } // Check if URL exist if (empty($url)) { include "header.php"; menu(1); echo "<br>"; OpenTable(); echo "<center><b>" . _DOWNLOADNOURL . "</b><br><br>" . "" . _GOBACK . ""; CloseTable(); include "footer.php"; } // Check if Description exist if (empty($description)) { include "header.php"; menu(1); echo "<br>"; OpenTable(); echo "<center><b>" . _DOWNLOADNODESC . "</b><br><br>" . "" . _GOBACK . ""; CloseTable(); include "footer.php"; } $cat = explode("-", $cat); if (empty($cat[1])) { $cat[1] = 0; } $title = filter($title, "nohtml", 1); $url = filter($url, "nohtml", 1); $description = filter($description, "", 1); $auth_name = filter($auth_name, "nohtml", 1); if (!empty($email)) { $email = validate_mail(filter($email, "nohtml", 1)); } $filesize = ereg_replace("\\.", "", $filesize); $filesize = ereg_replace("\\,", "", $filesize); $cat[0] = intval($cat[0]); $cat[1] = intval($cat[1]); $num_new = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_downloads_newdownload WHERE title='{$title}' OR url='{$url}' OR description='{$description}'")); if ($num_new == 0) { $db->sql_query("INSERT INTO " . $prefix . "_downloads_newdownload VALUES (NULL, '{$cat['0']}', '{$cat['1']}', '" . addslashes($title) . "', '" . addslashes($url) . "', '" . addslashes($description) . "', '" . addslashes($auth_name) . "', '" . addslashes($email) . "', '" . addslashes($submitter) . "', '" . addslashes($filesize) . "', '" . addslashes($version) . "', '" . addslashes($homepage) . "')"); } include "header.php"; menu(1); echo "<br>"; OpenTable(); echo "<center><b>" . _DOWNLOADRECEIVED . "</b><br>"; if (empty($email)) { echo _CHECKFORIT; } CloseTable(); include "footer.php"; } }
function remindme($lang) { $with_name = true; $with_captcha = true; $action = 'init'; if (isset($_POST['remindme_send'])) { $action = 'remindme'; } $login = $confirmed = $code = $token = false; if (!empty($_SESSION['login'])) { $login = $_SESSION['login']; } else { if (!empty($_SESSION['user']['name'])) { $login = $_SESSION['user']['name']; } else { if (!empty($_SESSION['user']['mail'])) { $login = $_SESSION['user']['mail']; } } } switch ($action) { case 'remindme': if (isset($_POST['remindme_login'])) { $login = strtolower(strflat(readarg($_POST['remindme_login']))); } if (isset($_POST['remindme_confirmed'])) { $confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false; } if (isset($_POST['remindme_code'])) { $code = readarg($_POST['remindme_code']); } if (isset($_POST['remindme_token'])) { $token = readarg($_POST['remindme_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_login = false; $bad_login = false; $missing_confirmation = false; $email_sent = false; $user_page = false; $internal_error = false; $contact_page = false; switch ($action) { case 'remindme': if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$login) { $missing_login = true; } else { if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) { $bad_login = true; } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'remindme': if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) { break; } require_once 'models/user.inc'; $user_id = user_find($login); if (!$user_id) { $bad_login = true; require_once 'log.php'; write_log('password.err', substr($login, 0, 40)); break; } $user = user_get($user_id); if (!$user) { $internal_error = true; break; } if (!$user['user_active'] or $user['user_banned']) { $bad_login = true; break; } require_once 'newpassword.php'; $newpassword = newpassword(); if (!user_set_newpassword($user_id, $newpassword)) { $internal_error = true; break; } require_once 'emailcrypto.php'; global $sitename, $webmaster; $to = $user['user_mail']; $subject = translate('email:new_password_subject', $lang); $msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang); if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) { $internal_error = true; } else { $email_sent = $to; } $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } else { if ($email_sent) { $user_page = url('user', $lang); } } $_SESSION['remindme_token'] = $token = token_id(); $errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('email_sent', 'user_page'); $output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos')); return $output; }
function finishNewUser($username, $user_email, $user_password, $random_num, $gfx_check) { global $stop, $EditedMessage, $adminmail, $sitename, $Default_Theme, $user_prefix, $db, $storyhome, $module_name, $nukeurl; include "header.php"; include "config.php"; userCheck($username, $user_email); $user_email = validate_mail($user_email); $user_regdate = date("M d, Y"); $user_password = htmlspecialchars(stripslashes($user_password)); if (!isset($stop)) { $datekey = date("F j"); $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey)); $code = substr($rcode, 2, 6); if (extension_loaded("gd") and $code != $gfx_check and ($gfx_chk == 3 or $gfx_chk == 4 or $gfx_chk == 6 or $gfx_chk == 7)) { Header("Location: modules.php?name={$module_name}"); die; } mt_srand((double) microtime() * 1000000); $maxran = 1000000; $check_num = mt_rand(0, $maxran); $check_num = md5($check_num); $time = time(); $finishlink = "{$nukeurl}/modules.php?name={$module_name}&op=activate&username={$username}&check_num={$check_num}"; $new_password = md5($user_password); $new_password = htmlspecialchars(stripslashes($new_password)); $username = substr(htmlspecialchars(str_replace("\\'", "'", trim($username))), 0, 25); $username = rtrim($username, "\\"); $username = str_replace("'", "\\'", $username); $user_email = filter($user_email, "nohtml", 1); $result = $db->sql_query("INSERT INTO " . $user_prefix . "_users_temp (user_id, username, user_email, user_password, user_regdate, check_num, time) VALUES (NULL, '{$username}', '{$user_email}', '{$new_password}', '{$user_regdate}', '{$check_num}', '{$time}')"); if (!$result) { echo "" . _ERROR . "<br>"; } else { $message = "" . _WELCOMETO . " {$sitename}!\n\n" . _YOUUSEDEMAIL . " ({$user_email}) " . _TOREGISTER . " {$sitename}.\n\n " . _TOFINISHUSER . "\n\n {$finishlink}\n\n " . _FOLLOWINGMEM . "\n\n" . _UNICKNAME . " {$username}\n" . _UPASSWORD . " {$user_password}"; $subject = "" . _ACTIVATIONSUB . ""; $from = "{$adminmail}"; mail($user_email, $subject, $message, "From: {$from}\nX-Mailer: PHP/" . phpversion()); title("{$sitename}: " . _USERREGLOGIN . ""); OpenTable(); echo "<center><b>" . _ACCOUNTCREATED . "</b><br><br>"; echo "" . _YOUAREREGISTERED . "" . "<br><br>" . "" . _FINISHUSERCONF . "<br><br>" . "" . _THANKSUSER . " {$sitename}!</center>"; CloseTable(); } } else { echo "{$stop}"; } include "footer.php"; }
function newsletterpage($lang, $newsletter, $page) { global $with_toolbar; $newsletter_id = thread_id($newsletter); if (!$newsletter_id) { return run('error/notfound', $lang); } $page_id = thread_node_id($newsletter_id, $page, $lang); if (!$page_id) { return run('error/notfound', $lang); } $r = thread_get($lang, $newsletter_id); if (!$r) { return run('error/notfound', $lang); } extract($r); /* thread_type thread_name thread_title thread_abstract thread_cloud thread_nocloud thread_nosearch thread_nocomment thread_nomorecomment */ $newsletter_name = $thread_name; $newsletter_title = $thread_title; $newsletter_nocloud = $thread_nocloud; $newsletter_nosearch = $thread_nosearch; $r = thread_get_node($lang, $newsletter_id, $page_id); if (!$r) { return run('error/notfound', $lang); } extract($r); /* node_number node_ignored node_name node_title node_abstract node_cloud node_modified */ if ($node_ignored) { return run('error/notfound', $lang); } $page_name = $node_name; $page_title = $node_title; $page_abstract = $node_abstract; $page_cloud = $node_cloud; $page_modified = $node_modified; if ($newsletter_title and $page_title) { head('title', $newsletter_title . ' - ' . $page_title); } else { if ($page_title) { head('title', $page_title); } else { if ($newsletter_title) { head('title', $newsletter_title); } } } head('description', false); head('keywords', false); head('robots', 'noindex, nofollow'); $message_title = $message_html = $message_text = false; $r = newsletter_get_message($newsletter_id, $page_id, $lang); if ($r) { list($message_title, $message_html, $message_text) = $r; } $postnews = false; $with_mail = false; $mailto = false; $missing_mail = false; $bad_mail = false; $email_sent = false; if (user_has_role('administrator') and $message_title and ($message_html or $message_text)) { require_once 'userprofile.php'; $mailto = user_profile('mail'); $with_mail = true; if (isset($_POST['newsletterpage_send'])) { if (isset($_POST['newsletterpage_mailto'])) { $mailto = strtolower(strflat(readarg($_POST['newsletterpage_mailto']))); if (!$mailto) { $missing_mail = true; } else { if (!validate_mail($mailto)) { $bad_mail = true; } } } if (!($missing_mail or $bad_mail)) { require_once 'emailhtml.php'; $cssfile = ROOT_DIR . DIRECTORY_SEPARATOR . 'css' . DIRECTORY_SEPARATOR . 'newsletter.css'; $css = @file_get_contents($cssfile); $r = emailhtml($message_text, $message_html, $css, $mailto, $message_title); if ($r) { $email_sent = true; } } } $postnews = build('postnews', $lang, $newsletter_id, $page_id); } $prev_page_label = $prev_page_url = false; $r = thread_node_prev($lang, $newsletter_id, $page_id); if ($r) { extract($r); /* prev_node_id prev_node_name prev_node_title prev_node_number */ $prev_page_label = $prev_node_title ? $prev_node_title : $prev_node_number; $prev_page_url = url('newsletter', $lang) . '/' . ($prev_node_name ? $prev_node_name : $prev_node_id); } $next_page_label = $next_page_url = false; $r = thread_node_next($lang, $newsletter_id, $page_id); if ($r) { extract($r); /* next_node_id next_node_name next_node_title next_node_number */ $next_page_label = $next_node_title ? $next_node_title : $next_node_number; $next_page_url = url('newsletter', $lang) . '/' . ($next_node_name ? $next_node_name : $next_node_id); } $content = view('newsletterpage', $lang, compact('page_id', 'page_title', 'page_modified', 'message_title', 'message_text', 'message_html', 'prev_page_url', 'prev_page_label', 'next_page_url', 'next_page_label', 'postnews', 'with_mail', 'mailto', 'missing_mail', 'bad_mail', 'email_sent')); $search = false; if (!$newsletter_nosearch) { $search_text = ''; $search_url = url('search', $lang, $newsletter_name); $suggest_url = url('suggest', $lang, $newsletter_name); $search = view('searchinput', $lang, compact('search_url', 'search_text', 'suggest_url')); } $cloud = false; if (!$newsletter_nocloud) { $cloud_url = url('search', $lang, $newsletter_name); $byname = $bycount = $index = true; $cloud = build('cloud', $lang, $cloud_url, $newsletter_id, false, 15, compact('byname', 'bycount', 'index')); } $headline_text = $newsletter_title ? $newsletter_title : $newsletter_id; $headline_url = url('newsletter', $lang); $headline = compact('headline_text', 'headline_url'); $title = view('headline', false, $headline); $sidebar = view('sidebar', false, compact('search', 'cloud', 'title')); $search = !$newsletter_nosearch ? compact('search_url', 'search_text', 'suggest_url') : false; $edit = user_has_role('writer') ? url('newsletteredit', $_SESSION['user']['locale']) . '/' . $newsletter_id . '/' . $page_id . '?' . 'clang=' . $lang : false; $validate = url('newsletter', $lang) . '/' . $page_name; $banner = build('banner', $lang, $with_toolbar ? compact('headline', 'search') : compact('headline', 'edit', 'validate', 'search')); $toolbar = $with_toolbar ? build('toolbar', $lang, compact('edit', 'validate')) : false; $output = layout('standard', compact('toolbar', 'banner', 'content', 'sidebar')); return $output; }
function subscribe($lang) { global $sitekey, $system_languages; $with_locale = count($system_languages) > 1; // true, false $with_captcha = true; $action = 'init'; if (isset($_POST['subscribe_send'])) { $action = 'subscribe'; } $confirmed = $code = $token = false; $user_mail = user_profile('mail'); $user_locale = user_profile('locale'); if (!$user_locale) { $user_locale = $lang; } $unsubscribe_page = false; switch ($action) { case 'init': if ($sitekey) { $unsubscribe_page = url('newsletterunsubscribe', $lang); } break; case 'subscribe': if (isset($_POST['subscribe_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['subscribe_mail']))); } if ($with_locale) { if (isset($_POST['subscribe_locale'])) { $user_locale = readarg($_POST['subscribe_locale']); } } if (isset($_POST['subscribe_confirmed'])) { $confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false; } if (isset($_POST['subscribe_code'])) { $code = readarg($_POST['subscribe_code']); } if (isset($_POST['subscribe_token'])) { $token = readarg($_POST['subscribe_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_mail = false; $bad_mail = false; $duplicated_mail = false; $missing_locale = false; $bad_locale = false; $missing_confirmation = false; $email_registered = false; $internal_error = false; $contact_page = false; switch ($action) { case 'subscribe': if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) { $bad_mail = true; } else { if (newsletter_get_user($user_mail)) { $duplicated_mail = true; } } } if ($with_locale) { if (!$user_locale) { $missing_locale = true; } else { if (!validate_locale($user_locale)) { $bad_locale = true; } } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'subscribe': if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) { break; } $r = newsletter_create_user($user_mail, $user_locale); if (!$r) { $internal_error = true; break; } require_once 'serveripaddress.php'; require_once 'emailme.php'; global $sitename; $ip = server_ip_address(); $timestamp = strftime('%Y-%m-%d %H:%M:%S', time()); $subject = 'subscribe' . '@' . $sitename; $msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail; @emailme($subject, $msg); $email_registered = true; $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['subscribe_token'] = $token = token_id(); $errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('email_registered'); $output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos')); return $output; }
function login($lang) { $with_name = true; $with_captcha = true; $with_facebook = false; $with_newuser = true; $with_newpassword = true; if ($with_facebook) { require_once 'facebook.php'; $facebook = facebook(); } $login = $password = $code = $token = false; if (isset($_SESSION['login'])) { $login = $_SESSION['login']; } $action = 'init'; if (isset($_POST['login_enter'])) { $action = 'enter'; } switch ($action) { case 'init': if ($with_facebook) { $facebook_user = $facebook->getUser(); if ($facebook_user) { try { $facebook_user_profile = $facebook->api('/me', 'GET'); if (!empty($facebook_user_profile['email'])) { $login = $facebook_user_profile['email']; } $action = 'facebook'; } catch (FacebookApiException $e) { } $facebook->destroySession(); } } break; case 'enter': if (isset($_POST['login_login'])) { $login = strtolower(strflat(readarg($_POST['login_login']))); } if (isset($_POST['login_password'])) { $password = readarg($_POST['login_password']); } if (isset($_POST['login_code'])) { $code = readarg($_POST['login_code']); } if (isset($_POST['login_token'])) { $token = readarg($_POST['login_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_login = false; $bad_login = false; $missing_password = false; $access_denied = false; switch ($action) { case 'enter': if (!isset($_SESSION['login_token']) or $token != $_SESSION['login_token']) { $bad_token = true; break; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['login']) ? $_SESSION['captcha']['login'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$password) { $missing_password = true; } /* fall thru */ /* fall thru */ case 'facebook': if (!$login) { $missing_login = true; } else { if (!(validate_user_name($login) or validate_mail($login))) { $bad_login = true; } } break; default: break; } switch ($action) { case 'enter': case 'facebook': if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_password) { break; } require_once 'models/user.inc'; $user = user_login($login, $password); if (!$user) { $access_denied = true; require_once 'log.php'; write_log('enter.err', substr($login, 0, 100)); $_SESSION['login'] = $login; break; } $user['ip'] = client_ip_address(); if (in_array('administrator', $user['role'])) { require_once 'serveripaddress.php'; require_once 'emailme.php'; global $sitename; $ip = server_ip_address(); $timestamp = strftime('%Y-%m-%d %H:%M:%S', time()); $subject = 'login' . '@' . $sitename; $msg = $ip . ' ' . $timestamp . ' ' . $user['id'] . ' ' . $lang . ' ' . $user['ip']; @emailme($subject, $msg); if ($action == 'facebook') { $access_denied = true; break; } } session_regenerate(); $_SESSION['user'] = $user; unset($_SESSION['login']); unset($_SESSION['login_token']); return true; default: break; } $connectbar = false; if ($with_facebook) { $scope = 'email'; $facebook_login_url = $facebook->getLoginUrl(compact('scope')); $connectbar = view('connect', $lang, compact('facebook_login_url')); } $password_page = $with_newpassword ? url('password', $lang) : false; $newuser_page = $with_newuser ? url('newuser', $lang) : false; $_SESSION['login_token'] = $token = token_id(); $errors = compact('missing_code', 'bad_code', 'missing_login', 'bad_login', 'missing_password', 'access_denied'); $output = view('login', $lang, compact('token', 'connectbar', 'with_captcha', 'with_name', 'password_page', 'newuser_page', 'login', 'errors')); return $output; }
if ($debug == "true") { echo "UserName:{$username}<br>SiteName: {$sitename}"; } startjournal($sitename, $user); $jid = intval($jid); $sql = "select title from " . $prefix . "_journal where jid='{$jid}'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $jtitle = $row['title']; $send = intval($send); $sent = intval($sent); if ($send == 1) { $fname = removecrlf($fname); $fmail = validate_mail(removecrlf($fmail)); $yname = removecrlf($yname); $ymail = validate_mail(removecrlf($ymail)); $subject = "" . _INTERESTING . " {$sitename}"; $message = "" . _HELLO . " {$fname}:\n\n" . _YOURFRIEND . " {$yname} " . _CONSIDERED . "\n\n\n{$jtitle}\n" . _URL . ": {$nukeurl}/modules.php?name={$module_name}&file=display&jid={$jid}\n\n\n" . _AREMORE . "\n\n---\n{$sitename}\n{$nukeurl}"; mail($fmail, $subject, $message, "From: \"{$yname}\" <{$ymail}>\nX-Mailer: PHP/" . phpversion()); $title = urlencode($jtitle); $fname = urlencode($fname); $sent = 1; } if ($sent == 1) { echo "<br>"; title("" . _SENDJFRIEND . ""); OpenTable(); echo "<center>" . _FSENT . "<br><br>[ <a href=\"modules.php?name={$module_name}&file=display&jid={$jid}\">" . _RETURNJOURNAL2 . "</a> ]</center>"; CloseTable(); journalfoot(); die;
function unsubscribe($lang) { $with_captcha = true; $action = 'init'; if (isset($_POST['unsubscribe_send'])) { $action = 'unsubscribe'; } $confirmed = $code = $token = false; $user_mail = user_profile('mail'); $subscribe_page = false; switch ($action) { case 'init': $subscribe_page = url('newslettersubscribe', $lang); break; case 'unsubscribe': if (isset($_POST['unsubscribe_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['unsubscribe_mail']))); } if (isset($_POST['unsubscribe_confirmed'])) { $confirmed = readarg($_POST['unsubscribe_confirmed']) == 'on' ? true : false; } if (isset($_POST['unsubscribe_code'])) { $code = readarg($_POST['unsubscribe_code']); } if (isset($_POST['unsubscribe_token'])) { $token = readarg($_POST['unsubscribe_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_mail = false; $bad_mail = false; $unknown_mail = false; $missing_confirmation = false; $mail_unsubscribed = false; $internal_error = false; $contact_page = false; switch ($action) { case 'unsubscribe': if (!isset($_SESSION['unsubscribe_token']) or $token != $_SESSION['unsubscribe_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['unsubscribe']) ? $_SESSION['captcha']['unsubscribe'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) { $bad_mail = true; } else { if (!newsletter_get_user($user_mail)) { $unknown_mail = true; } } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'unsubscribe': if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $unknown_mail or $missing_confirmation) { break; } require_once 'urlencodeaction.php'; $id = 1; // confirmnewsletterunsubscribe, see saction $param = $user_mail; $s64 = urlencodeaction($id, $param); if (!$s64) { $internal_error = true; break; } $saction_page = url('saction', $lang); if (!$saction_page) { $internal_error = true; break; } global $base_url; $url = $base_url . $saction_page . '/' . $s64; require_once 'emailtext.php'; $to = $user_mail; $subject = translate('newsletter:unregister_subject', $lang); $f = translate('newsletter:unregister_text', $lang); $s = sprintf($f, $url); $msg = $s . "\n\n" . translate('email:salutations', $lang); emailtext($msg, $to, $subject, false); $mail_unsubscribed = $user_mail; $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['unsubscribe_token'] = $token = token_id(); $errors = compact('missing_mail', 'bad_mail', 'unknown_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('mail_unsubscribed'); $output = view('unsubscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'confirmed', 'subscribe_page', 'errors', 'infos')); return $output; }
function useredit($lang, $user_id) { global $system_languages, $supported_roles; $is_admin = user_has_role('administrator'); $is_owner = $user_id == user_profile('id'); $with_name = true; $with_status = ($user_id != 1 and $is_admin); $with_delete = ($user_id != 1 and $is_admin and !$is_owner); $with_newpassword = false; // ($user_id != 1 and $is_owner); $with_locale = count($system_languages) > 1 ? true : false; $with_role = ($user_id != 1 and $is_admin); $with_timezone = ($user_id != 1 and $is_admin); $with_website = true; $with_info = false; $confirmed = false; $action = 'init'; if (isset($_POST['useredit_modify'])) { $action = 'modify'; } if ($with_newpassword) { if (isset($_POST['useredit_change'])) { $action = 'change'; } } if ($with_delete) { if (isset($_POST['useredit_delete'])) { $action = 'delete'; } else { if (isset($_POST['useredit_confirmdelete'])) { $action = 'delete'; $confirmed = true; } else { if (isset($_POST['useredit_cancel'])) { $action = 'cancel'; } } } } $user_name = $user_mail = $user_locale = $user_timezone = false; $user_website = false; $user_active = $user_banned = false; $user_accessed = false; $user_role = false; $user_newpassword = false; $user_lastname = $user_firstname = false; $token = false; switch ($action) { case 'init': case 'reset': $r = user_get($user_id); if ($r) { extract($r); /* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */ } $user_newpassword = false; if ($with_info) { $r = user_get_info($user_id); if ($r) { extract($r); /* user_lastname, user_firstname */ } } if ($with_role) { $user_role = user_get_role($user_id); } break; case 'modify': case 'change': case 'delete': case 'cancel': if ($with_info) { if (isset($_POST['useredit_lastname'])) { $user_lastname = readarg($_POST['useredit_lastname']); } if (isset($_POST['useredit_firstname'])) { $user_firstname = readarg($_POST['useredit_firstname']); } } if (isset($_POST['useredit_name'])) { $user_name = strtolower(strflat(readarg($_POST['useredit_name']))); } if (isset($_POST['useredit_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['useredit_mail']))); } if (isset($_POST['useredit_website'])) { $user_website = strtolower(strflat(readarg($_POST['useredit_website']))); } if (isset($_POST['useredit_timezone'])) { $user_timezone = readarg($_POST['useredit_timezone']); } if (isset($_POST['useredit_locale'])) { $user_locale = readarg($_POST['useredit_locale']); } if ($with_role) { if (isset($_POST['useredit_role'])) { $user_role = readarg($_POST['useredit_role']); } } if ($with_status) { if (isset($_POST['useredit_active'])) { $user_active = readarg($_POST['useredit_active']) == 'on'; } if (isset($_POST['useredit_banned'])) { $user_banned = readarg($_POST['useredit_banned']) == 'on'; } if (isset($_POST['useredit_accessed'])) { $user_accessed = (int) readarg($_POST['useredit_accessed']); } } if ($with_newpassword) { if (isset($_POST['useredit_newpassword'])) { $user_newpassword = readarg($_POST['useredit_newpassword']); } } if (isset($_POST['useredit_token'])) { $token = readarg($_POST['useredit_token']); } break; default: break; } $bad_token = false; $missing_lastname = false; $missing_firstname = false; $missing_name = false; $bad_name = false; $duplicated_name = false; $missing_mail = false; $bad_mail = false; $duplicated_mail = false; $bad_role = false; $bad_website = false; $missing_locale = false; $bad_locale = false; $bad_timezone = false; $missing_newpassword = false; $bad_newpassword = false; $account_modified = false; $password_changed = false; $internal_error = false; $contact_page = false; switch ($action) { case 'modify': if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) { $bad_token = true; } if ($with_info) { if (!$user_lastname) { $missing_lastname = true; } if (!$user_firstname) { $missing_firstname = true; } } if ($with_name and !$user_name) { $missing_name = true; } if ($user_name) { if (!validate_user_name($user_name)) { $bad_name = true; } else { if (!user_check_name($user_name, $user_id)) { $duplicated_name = true; } } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail)) { $bad_mail = true; } else { if (!user_check_mail($user_mail, $user_id)) { $duplicated_mail = true; } } } if ($user_role) { foreach ($user_role as $role) { if (!validate_role($role)) { $bad_role = true; break; } } } if ($user_website) { if (!validate_website($user_website)) { $bad_website = true; } else { $user_website = normalize_website($user_website); } } if ($user_timezone) { if (!validate_timezone($user_timezone)) { $bad_timezone = true; } } if ($with_locale and !$user_locale) { $missing_locale = true; } if ($user_locale) { if (!validate_locale($user_locale)) { $bad_locale = true; } } break; case 'change': if (!$user_newpassword) { $missing_newpassword = true; } else { if (!validate_password($user_newpassword)) { $bad_newpassword = true; } } break; default: break; } $confirm_delete = false; switch ($action) { case 'modify': if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) { break; } $r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone); if (!$r) { $internal_error = true; break; } if ($is_owner) { $_SESSION['user']['name'] = $user_name; $_SESSION['user']['mail'] = $user_mail; $_SESSION['user']['website'] = $user_website; $_SESSION['user']['locale'] = $user_locale; $_SESSION['user']['timezone'] = $user_timezone; } if ($with_info) { $r = user_set_info($user_id, $user_lastname, $user_firstname); if (!$r) { $internal_error = true; break; } if ($is_owner) { $_SESSION['user']['lastname'] = $user_lastname; $_SESSION['user']['firstname'] = $user_firstname; } } if ($with_role) { $r = user_set_role($user_id, $user_role); if (!$r) { $internal_error = true; break; } } if ($with_status) { $r = user_set_status($user_id, $user_active, $user_banned); if (!$r) { $internal_error = true; break; } } $account_modified = true; break; case 'change': if ($missing_newpassword or $bad_newpassword) { break; } $r = user_set_newpassword($user_id, $user_newpassword); if (!$r) { $internal_error = true; break; } $password_changed = true; break; case 'delete': if (!$confirmed) { $confirm_delete = true; break; } $r = user_delete($user_id); if (!$r) { $internal_error = true; break; } return false; default: break; } $user_newpassword = false; if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['useredit_token'] = $token = token_id(); $errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page'); $infos = compact('account_modified', 'password_changed'); $output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete')); return $output; }
function validate_form_data($form_id) { global $label; if (!defined('MAX_UPLOAD_BYTES')) { define('MAX_UPLOAD_BYTES', 150000); } $sql = "SELECT *, t2.field_label AS LABEL, t2.error_message as error_message FROM form_fields as t1, form_field_translations as t2 WHERE t1.field_id=t2.field_id AND t2.lang='" . $_SESSION['MDS_LANG'] . "' AND form_id='{$form_id}' AND field_type != 'SEPERATOR' AND field_type != 'BLANK' AND field_type != 'NOTE' order by field_sort"; $result = mysql_query($sql) or die(mysql_error()); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($row['field_type'] == 'TEXT' || $row['field_type'] == 'TEXTAREA' || $row['field_type'] == 'EDITOR') { if (check_for_bad_words($_REQUEST[$row['field_id']])) { $error .= $row['LABEL'] . " - " . $label['bad_words_not_accept'] . "<br>"; } } if (BREAK_LONG_WORDS == 'YES') { if ($row['field_type'] == 'TEXT' || $row['field_type'] == 'TEXTAREA') { // HTML not allowed $_REQUEST[$row['field_id']] = trim(break_long_words($_REQUEST[$row['field_id']], false)); } if ($row['field_type'] == 'EDITOR') { // field where limited HTML is allowed $_REQUEST[$row['field_id']] = trim(break_long_words($_REQUEST[$row['field_id']], true)); } } define('STRIP_LATIN1', 'YES'); define('STRIP_HTML', 'YES'); // clean the data.. if (STRIP_LATIN1 == 'YES') { $_REQUEST[$row[field_id]] = remove_non_latin1_chars($_REQUEST[$row[field_id]]); } if ($row[field_type] == 'EDITOR' || $row[field_type] == 'TEXTAREA') { if (STRIP_HTML == 'YES') { $_REQUEST[$row[field_id]] = stripslashes($_REQUEST[$row[field_id]]); //echo htmlentities($_REQUEST[$row[field_id]]); $_REQUEST[$row[field_id]] = removeEvilTags($_REQUEST[$row[field_id]]); $_REQUEST[$row[field_id]] = str_replace("'", "\\'", $_REQUEST[$row[field_id]]); } } if (($row['field_type'] == 'FILE' || $row['field_type'] == 'IMAGE') && $_FILES[$row['field_id']]['name'] != '') { $a = explode(".", $_FILES[$row['field_id']]['name']); $ext = array_pop($a); if (!is_filetype_allowed($_FILES[$row['field_id']]['name']) && $row['field_type'] == 'FILE') { $label['vaild_file_ext_error'] = str_replace("%EXT_LIST%", ALLOWED_EXT, $label['vaild_file_ext_error']); $label['vaild_file_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_file_ext_error']); $error .= $label['vaild_file_ext_error'] . "<br>"; } if (!is_imagetype_allowed($_FILES[$row['field_id']]['name']) && $row['field_type'] == 'IMAGE') { $label['vaild_image_ext_error'] = str_replace("%EXT_LIST%", ALLOWED_IMG, $label['vaild_image_ext_error']); $label['vaild_image_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_image_ext_error']); $error .= $label['vaild_image_ext_error'] . "<br>"; } if (ini_get("safe_mode") === false) { if (filesize($_FILES[$row['field_id']]['tmp_name']) > MAX_UPLOAD_BYTES) { $label['valid_file_size_error'] = str_replace("%FILE_NAME%", $_FILES[$row['field_id']]['name'], $label['valid_file_size_error']); $error .= $label['valid_file_size_error'] . "<br>"; } } //echo "filesize: ".filesize($_FILES[$row['field_id']]['tmp_name']); } if ($row[is_required] == 'Y') { if ($row['field_type'] == 'DATE' || $row['field_type'] == 'DATE_CAL') { $row['reg_expr'] = "date"; // default to date check } //if ($row[field_type]=='TEXT') { //$_REQUEST[$row[field_id]] = htmlspecialchars ($_REQUEST[$row[field_id]]); // escape html... //} switch ($row['reg_expr']) { case "not_empty": if (trim($_REQUEST[$row[field_id]] == '')) { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } break; case "email": if (!validate_mail(trim($_REQUEST[$row[field_id]]))) { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } break; case "date": if ($row['field_type'] == 'DATE') { $day = $_REQUEST[$row[field_id] . "d"]; $month = $_REQUEST[$row[field_id] . "m"]; $year = $_REQUEST[$row[field_id] . "y"]; } else { $ts = strtotime($row['field_id'] . " GMT"); $day = date('d', $ts); $month = date('m', $ts); $year = date('y', $ts); } //$date_str = "$year-$month-$day"; // ISO 8601 //echo $date_str." *".strtotime($date_str)."*<Br>"; if (!@checkdate($month, $day, $year)) { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } break; case 'url': if ($_REQUEST[$row[field_id]] == '' || $_REQUEST[$row[field_id]] == 'http://') { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } elseif (VALIDATE_LINK == 'YES') { //$handle = fopen($_REQUEST[url], "r"); $url_arr = explode("/", $_REQUEST[$row[field_id]]); $host = array_shift($url_arr); $host = array_shift($url_arr); $host = array_shift($url_arr); $fp = @fsockopen($host, 80, $errno, $errstr, 30); if (!$fp) { //$error .= "<b>- Cannot connect to host in the URL. ($errstr)</b><br>"; } else { $path = implode("/", $url_arr); $out = "GET /{$path} HTTP/1.1\r\n"; $out .= "Host: {$host}\r\n"; $out .= "Connection: Close\r\n\r\n"; fwrite($fp, $out); $str = fgets($fp); if (strpos($str, "404") || strpos($str, "401") || strpos($str, "403")) { $error .= "- " . $row['LABEL'] . "<b>" . $label['advertiser_publish_bad_url'] . "</b><br>"; } fclose($fp); } } default: if (trim($_REQUEST[$row[field_id]] == '')) { $error .= " - '" . $row['LABEL'] . "' " . $row['error_message'] . "<br>"; } break; } } } return $error; }
function mailme($lang, $to = false, $with_appointment = false, $with_captcha = true, $with_home = true) { $action = 'init'; if (isset($_POST['mailme_send'])) { $action = 'send'; } $mail = $subject = $message = $date = $hour = $minute = $code = $token = false; if (isset($_SESSION['user']['mail'])) { $mail = $_SESSION['user']['mail']; } switch ($action) { case 'send': if (isset($_POST['mailme_mail'])) { $mail = strtolower(strflat(readarg($_POST['mailme_mail']))); } if (isset($_POST['mailme_subject'])) { $subject = readarg($_POST['mailme_subject']); } if (isset($_POST['mailme_message'])) { $message = readarg($_POST['mailme_message']); } if ($with_appointment) { if (isset($_POST['mailme_date'])) { $date = readarg($_POST['mailme_date']); } if (isset($_POST['mailme_hour'])) { $hour = readarg($_POST['mailme_hour']); } if (isset($_POST['mailme_minute'])) { $minute = readarg($_POST['mailme_minute']); } } if (isset($_POST['mailme_code'])) { $code = readarg($_POST['mailme_code']); } if (isset($_POST['mailme_token'])) { $token = readarg($_POST['mailme_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_mail = false; $bad_mail = false; $missing_subject = false; $bad_subject = false; $missing_message = false; $bad_appointment = false; $email_sent = false; $home_page = false; $internal_error = false; switch ($action) { case 'send': if (!isset($_SESSION['mailme_token']) or $token != $_SESSION['mailme_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['mailme']) ? $_SESSION['captcha']['mailme'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$mail) { $missing_mail = true; } else { if (!validate_mail($mail)) { $bad_mail = true; } } if (!$subject) { $missing_subject = true; } else { if (is_mail_injected($subject)) { $bad_subject = true; } } if (!$message) { $missing_message = true; } if ($with_appointment) { if ($date) { if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) { $bad_appointment = true; } else { if (!checkdate($d[3], $d[4], $d[1])) { $bad_appointment = true; } else { if (mktime(0, 0, 0, $d[3], $d[4], $d[1]) <= mktime(0, 0, 0, date("m"), date("d"), date("y"))) { $bad_appointment = true; } } } } if (is_numeric($hour) and is_numeric($minute)) { if ($hour < 0 or $hour > 23 or $minute < 0 or $minute > 59) { $bad_appointment = true; } } } break; default: break; } switch ($action) { case 'send': if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $missing_subject or $bad_subject or $missing_message or $bad_appointment) { break; } require_once 'emailme.php'; if ($date) { $f = translate('email:appointment', $lang); $s = sprintf($f ? $f : "%s %02d:%02d", $date, $hour, $minute); $message .= "\n\n{$s}"; } $r = emailme($subject, $message, $mail, $to); if (!$r) { $internal_error = true; break; } $subject = $message = $date = $hour = $minute = false; if ($with_home) { global $home_action; $home_page = url($home_action, $lang); } $email_sent = true; break; default: break; } $_SESSION['mailme_token'] = $token = token_id(); $errors = compact('missing_code', 'bad_code', 'missing_mail', 'bad_mail', 'missing_subject', 'bad_subject', 'missing_message', 'bad_appointment', 'internal_error'); $infos = compact('email_sent', 'home_page'); $output = view('mailme', $lang, compact('token', 'with_captcha', 'with_appointment', 'mail', 'subject', 'message', 'date', 'hour', 'minute', 'errors', 'infos')); return $output; }