function cp_welcome_email_send($member_id) {
global $PREFS, $DB, $REGX;
if ( ! class_exists('EEmail'))
{
require PATH_CORE.'core.email'.EXT;
}
$password_string = "abcdefghijklmnopqrstuvwxyz1234567890";
$password = "";
for($i=0; $i<8; $i++) {
$password .= $password_string[ rand(0, strlen($password_string)-1) ];
}
$message = $this->settings["welcome_email_body"];
$from = $this->settings["welcome_email_from"];
$subject = $this->settings["welcome_email_subject"];
$subject = str_replace("{site_name}", $PREFS->ini('site_name'), $subject);
$query = $DB->query("SELECT username, screen_name, email from exp_members WHERE member_id = " . $member_id);
$message = str_replace("{password}", $password, $message);
$message = str_replace("{username}", $query->row["username"], $message);
$message = str_replace("{name}", $query->row["screen_name"], $message);
$message = str_replace("{site_name}", $PREFS->ini('site_name'), $message);
$message = str_replace("{site_url}", $PREFS->ini('site_url'), $message);
$DB->query("UPDATE exp_members SET password = SHA('". $password . "') WHERE member_id = " . $member_id);
$to = $query->row["email"];
$email = new EEmail;
$email->wordwrap = false;
$email->mailtype = 'text';
$email->from( $from );
$email->to( $to );
if ($this->settings["welcome_email_bcc"]=="yes") {
$email->bcc( $PREFS->ini('webmaster_email') );
}
$email->subject( $subject );
$email->message($REGX->entities_to_ascii( $message ));
$email->Send();
}
/** ----------------------------------------
/** Reset the user's password
/** ----------------------------------------*/
function reset_password()
{
global $LANG, $PREFS, $SESS, $FNS, $DSP, $IN, $OUT, $DB;
/** ----------------------------------------
/** Is user banned?
/** ----------------------------------------*/
if ($SESS->userdata['is_banned'] == TRUE)
{
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
if ( ! $id = $IN->GBL('id'))
{
return $OUT->show_user_error('submission', array($LANG->line('mbr_no_reset_id')));
}
$time = time() - (60*60*24);
// Get the member ID from the reset_password field
$query = $DB->query("SELECT member_id FROM exp_reset_password WHERE resetcode ='".$DB->escape_str($id)."' and date > $time");
if ($query->num_rows == 0)
{
return $OUT->show_user_error('submission', array($LANG->line('mbr_id_not_found')));
}
$member_id = $query->row['member_id'];
// Fetch the user data
$sql = "SELECT username, email FROM exp_members WHERE member_id ='$member_id'";
$query = $DB->query($sql);
if ($query->num_rows == 0)
{
return false;
}
$address = $query->row['email'];
$username = $query->row['username'];
$rand = $FNS->random('alpha', 8);
// Update member's password
$sql = "UPDATE exp_members SET password = '******' WHERE member_id = '$member_id'";
$DB->query($sql);
// Kill old data from the reset_password field
$DB->query("DELETE FROM exp_reset_password WHERE date < $time || member_id = '$member_id'");
// Buid the email message
if ($IN->GBL('r') == 'f')
{
if ($IN->GBL('board_id') !== FALSE && is_numeric($IN->GBL('board_id')))
{
$query = $DB->query("SELECT board_forum_url, board_label FROM exp_forum_boards WHERE board_id = '".$DB->escape_str($IN->GBl('board_id'))."'");
}
else
{
$query = $DB->query("SELECT board_forum_url, board_label FROM exp_forum_boards WHERE board_id = '1'");
}
$return = $query->row['board_forum_url'];
$site_name = $query->row['board_label'];
}
else
{
$site_name = stripslashes($PREFS->ini('site_name'));
$return = $PREFS->ini('site_url');
}
$swap = array(
'name' => $username,
'username' => $username,
'password' => $rand,
'site_name' => $site_name,
'site_url' => $return
);
$template = $FNS->fetch_email_template('reset_password_notification');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
// Instantiate the email class
require PATH_CORE.'core.email'.EXT;
$email = new EEmail;
$email->wordwrap = true;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($address);
$email->subject($email_tit);
$email->message($email_msg);
if ( ! $email->Send())
{
return $OUT->show_user_error('submission', array($LANG->line('error_sending_email')));
}
/** ----------------------------------------
/** Build success message
/** ----------------------------------------*/
$site_name = ($PREFS->ini('site_name') == '') ? $LANG->line('back') : stripslashes($PREFS->ini('site_name'));
$data = array( 'title' => $LANG->line('mbr_login'),
'heading' => $LANG->line('thank_you'),
'content' => $LANG->line('password_has_been_reset'),
'link' => array($return, $site_name)
);
$OUT->show_message($data);
}
/** ----------------------------------------
/** Register Member
/** ----------------------------------------*/
function register_member()
{
global $IN, $DB, $SESS, $PREFS, $FNS, $LOC, $LANG, $OUT, $STAT, $REGX, $EXT;
/** -------------------------------------
/** Do we allow new member registrations?
/** ------------------------------------*/
if ($PREFS->ini('allow_member_registration') == 'n')
{
return false;
}
/** ----------------------------------------
/** Is user banned?
/** ----------------------------------------*/
if ($SESS->userdata['is_banned'] == TRUE)
{
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
/** ----------------------------------------
/** Blacklist/Whitelist Check
/** ----------------------------------------*/
if ($IN->blacklisted == 'y' && $IN->whitelisted == 'n')
{
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
/* -------------------------------------------
/* 'member_member_register_start' hook.
/* - Take control of member registration routine
/* - Added EE 1.4.2
*/
$edata = $EXT->call_extension('member_member_register_start');
if ($EXT->end_script === TRUE) return;
/*
/* -------------------------------------------*/
/** ----------------------------------------
/** Set the default globals
/** ----------------------------------------*/
$default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location');
foreach ($default as $val)
{
if ( ! isset($_POST[$val])) $_POST[$val] = '';
}
if ($_POST['screen_name'] == '')
$_POST['screen_name'] = $_POST['username'];
/** -------------------------------------
/** Instantiate validation class
/** -------------------------------------*/
if ( ! class_exists('Validate'))
{
require PATH_CORE.'core.validate'.EXT;
}
$VAL = new Validate(
array(
'member_id' => '',
'val_type' => 'new', // new or update
'fetch_lang' => TRUE,
'require_cpw' => FALSE,
'enable_log' => FALSE,
'username' => $_POST['username'],
'cur_username' => '',
'screen_name' => $_POST['screen_name'],
'cur_screen_name' => '',
'password' => $_POST['password'],
'password_confirm' => $_POST['password_confirm'],
'cur_password' => '',
'email' => $_POST['email'],
'cur_email' => ''
)
);
$VAL->validate_username();
$VAL->validate_screen_name();
$VAL->validate_password();
$VAL->validate_email();
/** -------------------------------------
/** Do we have any custom fields?
/** -------------------------------------*/
$query = $DB->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields WHERE m_field_reg = 'y'");
$cust_errors = array();
$cust_fields = array();
if ($query->num_rows > 0)
{
foreach ($query->result as $row)
{
if (isset($_POST['m_field_id_'.$row['m_field_id']]))
{
if ($row['m_field_required'] == 'y' AND $_POST['m_field_id_'.$row['m_field_id']] == '')
{
$cust_errors[] = $LANG->line('mbr_field_required').' '.$row['m_field_label'];
}
$cust_fields['m_field_id_'.$row['m_field_id']] = $REGX->xss_clean($_POST['m_field_id_'.$row['m_field_id']]);
}
}
}
if ($PREFS->ini('use_membership_captcha') == 'y')
{
if ( ! isset($_POST['captcha']) || $_POST['captcha'] == '')
{
$cust_errors[] = $LANG->line('captcha_required');
}
}
if ($PREFS->ini('require_terms_of_service') == 'y')
{
if ( ! isset($_POST['accept_terms']))
{
$cust_errors[] = $LANG->line('mbr_terms_of_service_required');
}
}
$errors = array_merge($VAL->errors, $cust_errors);
/** -------------------------------------
/** Display error is there are any
/** -------------------------------------*/
if (count($errors) > 0)
{
return $OUT->show_user_error('submission', $errors);
}
/** ----------------------------------------
/** Do we require captcha?
/** ----------------------------------------*/
if ($PREFS->ini('use_membership_captcha') == 'y')
{
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='".$DB->escape_str($_POST['captcha'])."' AND ip_address = '".$IN->IP."' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row['count'] == 0)
{
return $OUT->show_user_error('submission', array($LANG->line('captcha_incorrect')));
}
$DB->query("DELETE FROM exp_captcha WHERE (word='".$DB->escape_str($_POST['captcha'])."' AND ip_address = '".$IN->IP."') OR date < UNIX_TIMESTAMP()-7200");
}
/** ----------------------------------------
/** Secure Mode Forms?
/** ----------------------------------------*/
if ($PREFS->ini('secure_forms') == 'y')
{
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."' AND ip_address = '".$IN->IP."' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row['count'] == 0)
{
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
$DB->query("DELETE FROM exp_security_hashes WHERE (hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."') OR date < UNIX_TIMESTAMP()-7200");
}
/** -------------------------------------
/** Assign the base query data
/** -------------------------------------*/
// Set member group
if ($PREFS->ini('req_mbr_activation') == 'manual' || $PREFS->ini('req_mbr_activation') == 'email')
{
$data['group_id'] = 4; // Pending
}
else
{
if ($PREFS->ini('default_member_group') == '')
{
$data['group_id'] = 4; // Pending
}
else
{
$data['group_id'] = $PREFS->ini('default_member_group');
}
}
$data['username'] = $_POST['username'];
$data['password'] = $FNS->hash(stripslashes($_POST['password']));
$data['ip_address'] = $IN->IP;
$data['unique_id'] = $FNS->random('encrypt');
$data['join_date'] = $LOC->now;
$data['email'] = $_POST['email'];
$data['screen_name'] = $_POST['screen_name'];
$data['url'] = $REGX->prep_url($_POST['url']);
$data['location'] = $_POST['location'];
// Optional Fields
$optional = array('bio' => 'bio',
'language' => 'deft_lang',
'timezone' => 'server_timezone',
'time_format' => 'time_format');
foreach($optional as $key => $value)
{
if (isset($_POST[$value]))
{
$data[$key] = $_POST[$value];
}
}
$data['daylight_savings'] = ($IN->GBL('daylight_savings', 'POST') == 'y') ? 'y' : 'n';
// We generate an authorization code if the member needs to self-activate
if ($PREFS->ini('req_mbr_activation') == 'email')
{
$data['authcode'] = $FNS->random('alpha', 10);
}
/** -------------------------------------
/** Insert basic member data
/** -------------------------------------*/
$DB->query($DB->insert_string('exp_members', $data));
$member_id = $DB->insert_id;
/** -------------------------------------
/** Insert custom fields
/** -------------------------------------*/
$cust_fields['member_id'] = $member_id;
$DB->query($DB->insert_string('exp_member_data', $cust_fields));
/** -------------------------------------
/** Create a record in the member homepage table
/** -------------------------------------*/
// This is only necessary if the user gains CP access, but we'll add the record anyway.
$DB->query($DB->insert_string('exp_member_homepage', array('member_id' => $member_id)));
/** -------------------------------------
/** Mailinglist Subscribe
/** -------------------------------------*/
$mailinglist_subscribe = FALSE;
if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe']))
{
// Kill duplicate emails from authorizatin queue.
$DB->query("DELETE FROM exp_mailing_list_queue WHERE email = '".$DB->escape_str($_POST['email'])."'");
// Validate Mailing List ID
$query = $DB->query("SELECT COUNT(*) AS count
FROM exp_mailing_lists
WHERE list_id = '".$DB->escape_str($_POST['mailinglist_subscribe'])."'");
// Email Not Already in Mailing List
$results = $DB->query("SELECT count(*) AS count
FROM exp_mailing_list
WHERE email = '".$DB->escape_str($_POST['email'])."'
AND list_id = '".$DB->escape_str($_POST['mailinglist_subscribe'])."'");
/** -------------------------------------
/** INSERT Email
/** -------------------------------------*/
if ($query->row['count'] > 0 && $results->row['count'] == 0)
{
$mailinglist_subscribe = TRUE;
$code = $FNS->random('alpha', 10);
if ($PREFS->ini('req_mbr_activation') == 'email')
{
// Activated When Membership Activated
$DB->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)
VALUES ('".$DB->escape_str($_POST['email'])."', '".$DB->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')");
}
elseif ($PREFS->ini('req_mbr_activation') == 'manual')
{
// Mailing List Subscribe Email
$DB->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)
VALUES ('".$DB->escape_str($_POST['email'])."', '".$DB->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')");
$LANG->fetch_language_file('mailinglist');
$qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?';
$action_id = $FNS->fetch_action_id('Mailinglist', 'authorize_email');
$swap = array(
'activation_url' => $FNS->fetch_site_index(0, 0).$qs.'ACT='.$action_id.'&id='.$code,
'site_name' => stripslashes($PREFS->ini('site_name')),
'site_url' => $PREFS->ini('site_url')
);
$template = $FNS->fetch_email_template('mailinglist_activation_instructions');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
if ( ! class_exists('EEmail'))
{
require PATH_CORE.'core.email'.EXT;
}
$E = new EEmail;
$E->wordwrap = true;
$E->mailtype = 'plain';
$E->priority = '3';
$E->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$E->to($_POST['email']);
$E->subject($email_tit);
$E->message($email_msg);
$E->Send();
}
else
{
// Automatically Accepted
$DB->query("INSERT INTO exp_mailing_list (user_id, list_id, authcode, email, ip_address)
VALUES ('', '".$DB->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".$DB->escape_str($_POST['email'])."', '".$DB->escape_str($IN->IP)."')");
}
}
}
/** -------------------------------------
/** Update global member stats
/** -------------------------------------*/
if ($PREFS->ini('req_mbr_activation') == 'none')
{
$STAT->update_member_stats();
}
/** -------------------------------------
/** Send admin notifications
/** -------------------------------------*/
if ($PREFS->ini('new_member_notification') == 'y' AND $PREFS->ini('mbr_notification_emails') != '')
{
$name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username'];
$swap = array(
'name' => $name,
'site_name' => stripslashes($PREFS->ini('site_name')),
'control_panel_url' => $PREFS->ini('cp_url'),
'username' => $data['username'],
'email' => $data['email']
);
$template = $FNS->fetch_email_template('admin_notify_reg');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
$notify_address = $REGX->remove_extra_commas($PREFS->ini('mbr_notification_emails'));
/** ----------------------------
/** Send email
/** ----------------------------*/
if ( ! class_exists('EEmail'))
{
require PATH_CORE.'core.email'.EXT;
}
$email = new EEmail;
$email->wordwrap = true;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($notify_address);
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
// -------------------------------------------
// 'member_member_register' hook.
// - Additional processing when a member is created through the User Side
//
$edata = $EXT->call_extension('member_member_register', $data);
if ($EXT->end_script === TRUE) return;
//
// -------------------------------------------
/** -------------------------------------
/** Send user notifications
/** -------------------------------------*/
if ($PREFS->ini('req_mbr_activation') == 'email')
{
$qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?';
$action_id = $FNS->fetch_action_id('Member', 'activate_member');
$name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username'];
$board_id = ($IN->GBL('board_id') !== FALSE && is_numeric($IN->GBL('board_id'))) ? $IN->GBL('board_id') : 1;
$forum_id = ($IN->GBL('FROM') == 'forum') ? '&r=f&board_id='.$board_id : '';
$add = ($mailinglist_subscribe !== TRUE) ? '' : '&mailinglist='.$_POST['mailinglist_subscribe'];
$swap = array(
'name' => $name,
'activation_url' => $FNS->fetch_site_index(0, 0).$qs.'ACT='.$action_id.'&id='.$data['authcode'].$forum_id.$add,
'site_name' => stripslashes($PREFS->ini('site_name')),
'site_url' => $PREFS->ini('site_url'),
'username' => $data['username'],
'email' => $data['email']
);
$template = $FNS->fetch_email_template('mbr_activation_instructions');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
if ( ! class_exists('EEmail'))
{
require PATH_CORE.'core.email'.EXT;
}
$email = new EEmail;
$email->wordwrap = true;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($data['email']);
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
$message = $LANG->line('mbr_membership_instructions_email');
}
elseif ($PREFS->ini('req_mbr_activation') == 'manual')
{
$message = $LANG->line('mbr_admin_will_activate');
}
else
{
/** ----------------------------------------
/** Log user in
/** ----------------------------------------*/
$expire = 60*60*24*182;
$FNS->set_cookie($SESS->c_expire , time()+$expire, $expire);
$FNS->set_cookie($SESS->c_uniqueid , $data['unique_id'], $expire);
$FNS->set_cookie($SESS->c_password , $data['password'], $expire);
/** ----------------------------------------
/** Create a new session
/** ----------------------------------------*/
if ($PREFS->ini('user_session_type') == 'cs' || $PREFS->ini('user_session_type') == 's')
{
$SESS->sdata['session_id'] = $FNS->random();
$SESS->sdata['member_id'] = $member_id;
$SESS->sdata['last_activity'] = $LOC->now;
$SESS->sdata['site_id'] = $PREFS->ini('site_id');
$FNS->set_cookie($SESS->c_session , $SESS->sdata['session_id'], $SESS->session_length);
$DB->query($DB->insert_string('exp_sessions', $SESS->sdata));
}
/** ----------------------------------------
/** Update existing session variables
/** ----------------------------------------*/
$SESS->userdata['username'] = $data['username'];
$SESS->userdata['member_id'] = $member_id;
/** ----------------------------------------
/** Update stats
/** ----------------------------------------*/
$cutoff = $LOC->now - (15 * 60);
$weblog_id = (USER_BLOG !== FALSE) ? UB_BLOG_ID : 0;
$DB->query("DELETE FROM exp_online_users WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND ((ip_address = '$IN->IP' AND member_id = '0') OR (date < $cutoff AND weblog_id = '$weblog_id'))");
$data = array(
'weblog_id' => $weblog_id,
'member_id' => $SESS->userdata('member_id'),
'name' => ($SESS->userdata['screen_name'] == '') ? $SESS->userdata['username'] : $SESS->userdata['screen_name'],
'ip_address' => $IN->IP,
'date' => $LOC->now,
'anon' => 'y',
'site_id' => $PREFS->ini('site_id')
);
$DB->query($DB->update_string('exp_online_users', $data, array("ip_address" => $IN->IP, "member_id" => $data['member_id'], "weblog_id" => $data['weblog_id'])));
$message = $LANG->line('mbr_your_are_logged_in');
}
/** ----------------------------------------
/** Build the message
/** ----------------------------------------*/
if ($IN->GBL('FROM') == 'forum')
{
if ($IN->GBL('board_id') !== FALSE && is_numeric($IN->GBL('board_id')))
{
$query = $DB->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '".$DB->escape_str($IN->GBl('board_id'))."'");
}
else
{
$query = $DB->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'");
}
$site_name = $query->row['board_label'];
$return = $query->row['board_forum_url'];
}
else
{
$site_name = ($PREFS->ini('site_name') == '') ? $LANG->line('back') : stripslashes($PREFS->ini('site_name'));
$return = $PREFS->ini('site_url');
}
$data = array( 'title' => $LANG->line('mbr_registration_complete'),
'heading' => $LANG->line('thank_you'),
'content' => $LANG->line('mbr_registration_completed')."\n\n".$message,
'redirect' => '',
'link' => array($return, $site_name)
);
$OUT->show_message($data);
}
/** ---------------------------------------
/** Receive a trackback
/** ---------------------------------------*/
function receive_trackback()
{
global $EXT, $REGX, $DB, $IN, $FNS, $LANG, $LOC, $PREFS, $STAT, $SESS;
/** ----------------------------------------
/** Is the nation of the user banend?
/** ----------------------------------------*/
$SESS->nation_ban_check();
$entry_id = !isset($_POST['tb_id']) ? '' : strip_tags($_POST['tb_id']);
$charset = !isset($_POST['charset']) ? 'auto' : strtoupper(trim($_POST['charset']));
if ($entry_id != '' && !is_numeric($entry_id)) {
$entry_id = '';
}
if ($entry_id == '' && !isset($_GET['ACT_1'])) {
return $this->trackback_response(1);
}
if ($entry_id == '' && !is_numeric($_GET['ACT_1'])) {
return $this->trackback_response(1);
}
$id = $entry_id == '' ? $_GET['ACT_1'] : $entry_id;
/** -----------------------------------
/** Verify and pre-process post data
/** -----------------------------------*/
$required_post_data = array('url', 'title', 'blog_name', 'excerpt');
foreach ($required_post_data as $val) {
if (!isset($_POST[$val]) || $_POST[$val] == '') {
return $this->trackback_response(1);
}
if ($val != 'url') {
if (function_exists('mb_convert_encoding')) {
$_POST[$val] = mb_convert_encoding($_POST[$val], strtoupper($PREFS->ini('charset')), strtoupper($charset));
} elseif (function_exists('iconv')) {
$return = @iconv($charset != 'auto' ? strtoupper($charset) : '', strtoupper($PREFS->ini('charset')), $_POST[$val]);
if ($return !== FALSE) {
$_POST[$val] = $return;
}
} elseif (function_exists('utf8_encode') && strtoupper($PREFS->ini('charset') == 'UTF-8')) {
$_POST[$val] = utf8_encode($_POST[$val]);
}
}
$_POST[$val] = $val != 'url' ? $REGX->xml_convert(strip_tags($_POST[$val]), TRUE) : strip_tags($_POST[$val]);
}
/** ----------------------------
/** Fetch preferences
/** ----------------------------*/
$sql = "SELECT exp_weblog_titles.title, \n exp_weblog_titles.url_title,\n exp_weblog_titles.site_id,\n exp_weblog_titles.allow_trackbacks, \n exp_weblog_titles.trackback_total, \n exp_weblog_titles.weblog_id,\n exp_weblogs.blog_title,\n exp_weblogs.blog_url,\n exp_weblogs.trackback_system_enabled,\n exp_weblogs.comment_url,\n exp_weblogs.comment_notify,\n exp_weblogs.comment_notify_emails,\n exp_weblogs.comment_notify_authors,\n exp_weblogs.trackback_max_hits,\n exp_weblogs.trackback_use_captcha\n FROM exp_weblog_titles, exp_weblogs\n WHERE exp_weblog_titles.weblog_id = exp_weblogs.weblog_id\n AND exp_weblog_titles.entry_id = '" . $DB->escape_str($id) . "'";
$query = $DB->query($sql);
if ($query->num_rows == 0) {
return $this->trackback_response(1);
}
foreach ($query->row as $key => $val) {
${$key} = $val;
}
/** ----------------------------
/** Are pings allowed?
/** ----------------------------*/
if ($allow_trackbacks == 'n' || $trackback_system_enabled == 'n') {
return $this->trackback_response(1);
}
/** -----------------------------------
/** Do we require the TB Captcha?
/** -----------------------------------*/
if ($trackback_use_captcha == 'y') {
// First we see if the captcha is passed from input class
$captcha = isset($_GET['ACT_2']) ? $_GET['ACT_2'] : '';
// If not, we need to fetch it from: $_POST['url']
if ($captcha == '') {
$url = $IN->URI;
$url_array = explode('/', trim($url, '/'));
$captcha = $url_array[count($url_array) - 1];
}
// Captchas are 8 characters long, so if the string we just fetched
// is not then send them to the corn fields.
if (strlen($captcha) < 8) {
return $this->trackback_response(3);
}
// Query the captcha table
$res = $DB->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $DB->escape_str($captcha) . "' AND date > UNIX_TIMESTAMP()-7200");
// No cappy? Very crappy...
if ($res->row['count'] == 0) {
return $this->trackback_response(3);
}
// Kill the captcha and any old, expired ones from the DB.
$DB->query("DELETE FROM exp_captcha WHERE word='" . $DB->escape_str($captcha) . "' OR date < UNIX_TIMESTAMP()-7200");
// We need to remove the captcha string from the end of the URL
// before we store it in the database.
$_POST['url'] = str_replace($captcha, '', $_POST['url']);
$_POST['url'] = $FNS->remove_double_slashes($_POST['url']);
}
// end captcha stuff...
/** ----------------------------
/** Blacklist/Whitelist Check
/** ----------------------------*/
if ($IN->blacklisted == 'y' && $IN->whitelisted == 'n') {
return $this->trackback_response(3);
}
/** ----------------------------
/** Spam check
/** ----------------------------*/
$last_hour = $LOC->now - 3600;
$query = $DB->query("SELECT COUNT(*) as count FROM exp_trackbacks WHERE trackback_ip = '" . $IN->IP . "' AND trackback_date > '{$last_hour}'");
if ($query->row['count'] >= $trackback_max_hits) {
return $this->trackback_response(4);
}
/** ----------------------------
/** Check for previous pings
/** ----------------------------*/
$query = $DB->query("SELECT COUNT(*) as count FROM exp_trackbacks WHERE trackback_url = '" . $DB->escape_str($_POST['url']) . "' AND entry_id = '" . $DB->escape_str($id) . "'");
if ($query->row['count'] > 0) {
return $this->trackback_response(2);
}
/** ----------------------------------------
/** Limit size of excerpt
/** ----------------------------------------*/
$content = $FNS->char_limiter($_POST['excerpt']);
/** ----------------------------------------
/** Do we allow duplicate data?
/** ----------------------------------------*/
if ($PREFS->ini('deny_duplicate_data') == 'y') {
$query = $DB->query("SELECT count(*) AS count FROM exp_trackbacks WHERE content = '" . $DB->escape_str($content) . "' ");
if ($query->row['count'] > 0) {
return $this->trackback_response(2);
}
}
/** ----------------------------
/** Insert the trackback
/** ----------------------------*/
$data = array('entry_id' => $id, 'weblog_id' => $weblog_id, 'title' => $_POST['title'], 'content' => $content, 'weblog_name' => $_POST['blog_name'], 'trackback_url' => $REGX->xml_convert($_POST['url']), 'trackback_date' => $LOC->now, 'trackback_ip' => $IN->IP, 'site_id' => $site_id);
/* -------------------------------------
/* 'insert_trackback_insert_array' hook.
/* - Modify any of the soon to be inserted values
*/
if ($EXT->active_hook('insert_trackback_insert_array') === TRUE) {
$data = $EXT->call_extension('insert_trackback_insert_array', $data);
if ($EXT->end_script === TRUE) {
return;
}
}
/*
/* -------------------------------------*/
$DB->query($DB->insert_string('exp_trackbacks', $data));
$trackback_id = $DB->insert_id;
if ($DB->affected_rows == 0) {
return $this->trackback_response(3);
}
/** ------------------------------------------------
/** Update trackback count and "recent trackback" date
/** ------------------------------------------------*/
$query = $DB->query("SELECT trackback_total, author_id FROM exp_weblog_titles WHERE entry_id = '{$id}'");
$trackback_total = $query->row['trackback_total'] + 1;
$author_id = $query->row['author_id'];
$DB->query("UPDATE exp_weblog_titles SET trackback_total = '{$trackback_total}', recent_trackback_date = '" . $LOC->now . "' WHERE entry_id = '{$id}'");
$DB->query("UPDATE exp_weblogs SET last_trackback_date = '" . $LOC->now . "' WHERE weblog_id = '{$weblog_id}'");
/** ----------------------------------------
/** Update global stats
/** ----------------------------------------*/
$STAT->update_trackback_stats($weblog_id);
/** ----------------------------------------
/** Fetch Notification Emails
/** ----------------------------------------*/
$notify_emails = '';
if ($comment_notify == 'y' and $comment_notify_emails != '') {
$notify_emails = $comment_notify_emails;
}
if ($comment_notify_authors == 'y') {
$result = $DB->query("SELECT email FROM exp_members WHERE member_id = '" . $DB->escape_str($author_id) . "'");
$notify_emails .= ',' . $result->row['email'];
}
/** ----------------------------
/** Send notification
/** ----------------------------*/
if ($notify_emails != '') {
/** ----------------------------
/** Build email message
/** ----------------------------*/
$delete_link = $PREFS->ini('cp_url') . '?S=0&C=edit' . '&M=del_comment_conf' . '&weblog_id=' . $weblog_id . '&entry_id=' . $id . '&trackback_id=' . $trackback_id;
$swap = array('entry_title' => $title, 'comment_url' => $FNS->remove_double_slashes($comment_url . '/' . $url_title . '/'), 'sending_weblog_name' => stripslashes($_POST['blog_name']), 'sending_entry_title' => stripslashes($_POST['title']), 'sending_weblog_url' => $_POST['url'], 'trackback_id' => $trackback_id, 'trackback_ip' => $IN->IP, 'delete_link' => $delete_link);
$template = $FNS->fetch_email_template('admin_notify_trackback');
$email_msg = $FNS->var_swap($template['data'], $swap);
$email_tit = $FNS->var_swap($template['title'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
require PATH_CORE . 'core.email' . EXT;
$email = new EEmail();
foreach (explode(',', $notify_emails) as $addy) {
if ($addy == '') {
continue;
}
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
}
/** ----------------------------
/** Return response
/** ----------------------------*/
return $this->trackback_response(0);
}
/** -----------------------------------
/** Send Message
/** -----------------------------------*/
function send_message()
{
global $LANG, $DB, $IN, $LOC, $FNS, $SESS, $REGX, $PREFS;
$submission_error = array();
/** ----------------------------------------
/** Is the user banned?
/** ----------------------------------------*/
if ($SESS->userdata['is_banned'] === TRUE) {
return $this->_error_page();
}
/** ----------------------------------------
/** Is the IP or User Agent unavalable?
/** ----------------------------------------*/
if ($IN->IP == '0.0.0.0' || $SESS->userdata['user_agent'] == '') {
return $this->_error_page();
}
/** -------------------------------------
/** Status Setting
/** -------------------------------------*/
if ($IN->GBL('preview') or $IN->GBL('remove')) {
$status = 'preview';
} elseif ($IN->GBL('draft')) {
$status = 'draft';
} else {
$status = 'sent';
}
/** -------------------------------------
/** Already Sent?
/** -------------------------------------*/
if ($IN->GBL('message_id') !== FALSE && is_numeric($IN->GBL('message_id'))) {
$query = $DB->query("SELECT message_status FROM exp_message_data WHERE message_id = '" . $DB->escape_str($IN->GBL('message_id')) . "'");
if ($query->num_rows > 0 && $query->row['message_status'] == 'sent') {
return $this->_error_page($LANG->line('messsage_already_sent'));
}
}
/* -------------------------------------------
/* Hidden Configuration Variables
/* - prv_msg_waiting_period => How many hours after becoming a member until they can PM?
/* -------------------------------------------*/
$waiting_period = $PREFS->ini('prv_msg_waiting_period') !== FALSE ? (int) $PREFS->ini('prv_msg_waiting_period') : 1;
if ($SESS->userdata['join_date'] > $LOC->now - $waiting_period * 60 * 60) {
return $this->_error_page(str_replace(array('%time%', '%email%', '%site%'), array($waiting_period, $FNS->encode_email($PREFS->ini('webmaster_email')), $PREFS->ini('site_name')), $LANG->line('waiting_period_not_reached')));
}
/* -------------------------------------------
/* Hidden Configuration Variables
/* - prv_msg_throttling_period => How many seconds between PMs?
/* -------------------------------------------*/
if ($status == 'sent' && $SESS->userdata['group_id'] != 1) {
$period = $PREFS->ini('prv_msg_throttling_period') !== FALSE ? (int) $PREFS->ini('prv_msg_throttling_period') : 30;
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_data d\n \t\t\t\t\t\t WHERE d.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_date > " . $DB->escape_str($LOC->now - $period));
if ($query->row['count'] > 0) {
return $this->_error_page(str_replace('%x', $period, $LANG->line('send_throttle')));
}
}
/** ------------------------------------------
/** Is there a recipient, subject, and body?
/** ------------------------------------------*/
if ($IN->GBL('recipients') == '' && $status == 'sent') {
$submission_error[] = $LANG->line('empty_recipients_field');
} elseif ($IN->GBL('subject') == '') {
$submission_error[] = $LANG->line('empty_subject_field');
} elseif ($IN->GBL('body') == '') {
$submission_error[] = $LANG->line('empty_body_field');
}
/** -------------------------------------------
/** Deny Duplicate Data
/** -------------------------------------------*/
if ($PREFS->ini('deny_duplicate_data') == 'y') {
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_data d\n \t\t\t\t\t\t WHERE d.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_body = '" . $DB->escape_str($REGX->xss_clean($IN->GBL('body'))) . "'");
if ($query->row['count'] > 0) {
return $this->_error_page($LANG->line('duplicate_message_sent'));
}
}
/** ------------------------------------------
/** Valid Recipients? - Only Checked on Sent
/** ------------------------------------------*/
$recipients = $this->convert_recipients($IN->GBL('recipients'), 'array', 'member_id');
$cc = trim($IN->GBL('cc')) == '' ? array() : $this->convert_recipients($IN->GBL('cc'), 'array', 'member_id');
$recip_orig = sizeof($recipients);
$cc_orig = sizeof($cc);
// Make sure CC does not contain members in Recipients
$cc = array_diff($cc, $recipients);
if (sizeof($recipients) == 0 && $status == 'sent') {
$submission_error[] = $LANG->line('empty_recipients_field');
}
if ($this->invalid_name === TRUE) {
$submission_error[] = $LANG->line('invalid_username');
}
/** ------------------------------------------
/** Too Big for Its Britches?
/** ------------------------------------------*/
if ($this->max_chars != 0 && strlen($IN->GBL('body')) > $this->max_chars) {
$submission_error[] = str_replace('%max%', $this->max_chars, $LANG->line('message_too_large'));
}
/** -------------------------------------
/** Super Admins get a free pass
/** -------------------------------------*/
if ($SESS->userdata('group_id') != 1) {
/** ------------------------------------------
/** Sender Allowed to Send More Messages?
/** ------------------------------------------*/
$query = $DB->query("SELECT COUNT(c.copy_id) AS count \n\t\t\t\t\t\t\t\t FROM exp_message_copies c, exp_message_data d\n\t\t\t\t\t\t\t\t WHERE c.message_id = d.message_id\n\t\t\t\t\t\t\t\t AND c.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_date > " . ($LOC->now - 24 * 60 * 60));
if ($query->row['count'] + sizeof($recipients) + sizeof($cc) > $this->send_limit) {
$submission_error[] = $LANG->line('sending_limit_warning');
}
/** ------------------------------------------
/** Sender Allowed to Store More Messages?
/** ------------------------------------------*/
if ($this->storage_limit != '0' && ($IN->GBL('sent_copy') !== FALSE && $IN->GBL('sent_copy') == 'y')) {
if ($this->total_messages == '') {
$this->storage_usage();
}
if ($this->total_messages + 1 > $this->storage_limit) {
$submission_error[] = $LANG->line('storage_limit_warning');
}
}
}
/** -------------------------------------
/** Upload Path Set?
/** -------------------------------------*/
if ($this->upload_path == '' && (isset($_POST['remove']) || isset($_FILES['userfile']['name']) && $_FILES['userfile']['name'] != '')) {
$submission_error[] = $LANG->line('unable_to_recieve_attach');
}
/** -------------------------------------
/** Attachments?
/** -------------------------------------*/
if ($IN->GBL('attach') !== FALSE && $IN->GBL('attach') != '') {
$this->attachments = explode('|', $_POST['attach']);
}
/* -------------------------------------
/* Create Forward Attachments
/*
/* We have to copy the attachments for
/* forwarded messages. We only do this
/* when the compose messaage page is first
/* submitted. We have a special variable
/* called 'create_attach' to tell us when
/* that is.
/* -------------------------------------*/
if ($this->attach_allowed == 'y' && $this->upload_path != '' && sizeof($this->attachments) > 0 && $IN->GBL('create_attach')) {
if (($message = $this->_duplicate_files()) !== TRUE) {
$submission_error[] = $message . BR;
}
}
/** -------------------------------------
/** Is this a remove attachment request?
/** -------------------------------------*/
if (isset($_POST['remove']) && $this->upload_path != '') {
$id = key($_POST['remove']);
if (is_numeric($id)) {
$this->_remove_attachment($id);
// Treat an attachment removal like a draft, where we do not
// see the preview only the message.
$this->hide_preview = TRUE;
}
}
/** -------------------------------------
/** Do we have an attachment to deal with?
/** -------------------------------------*/
if ($this->attach_allowed == 'y') {
if ($this->upload_path != '' and isset($_FILES['userfile']['name']) and $_FILES['userfile']['name'] != '') {
$preview = $IN->GBL('preview', 'POST') !== FALSE ? TRUE : FALSE;
if (($message = $this->_attach_file()) !== TRUE) {
$submission_error[] = $message . BR;
}
}
}
/** -----------------------------------
/** Check Overflow
/** -----------------------------------*/
$details = array();
$details['overflow_recipients'] = array();
$details['overflow_cc'] = array();
for ($i = 0, $size = sizeof($recipients); $i < $size; $i++) {
if ($this->_check_overflow($recipients[$i]) === FALSE) {
$details['overflow_recipients'][] = $recipients[$i];
unset($recipients[$i]);
}
}
for ($i = 0, $size = sizeof($cc); $i < $size; $i++) {
if ($this->_check_overflow($cc[$i]) === FALSE) {
$details['overflow_cc'][] = $cc[$i];
unset($cc[$i]);
}
}
/* -------------------------------------------------
/* If we have people unable to receive a message
/* because of an overflow we make the message a
/* preview and will send a message to the sender.
/* -------------------------------------*/
if (sizeof($details['overflow_recipients']) > 0 or sizeof($details['overflow_cc']) > 0) {
sort($recipients);
sort($cc);
$overflow_names = array();
/* -------------------------------------
/* Send email alert regarding a full
/* inbox to these users, load names
/* for error message
/* -------------------------------------*/
global $PREFS;
$query = $DB->query("SELECT exp_members.screen_name, exp_members.email, exp_members.accept_messages, exp_member_groups.prv_msg_storage_limit\n\t\t\t\t\t\t\t\t FROM exp_members\n\t\t\t\t\t\t\t\t LEFT JOIN exp_member_groups ON exp_member_groups.group_id = exp_members.group_id\n\t\t\t\t\t\t\t\t WHERE exp_members.member_id IN ('" . implode("','", array_merge($details['overflow_recipients'], $details['overflow_cc'])) . "')\n\t\t\t\t\t\t\t\t AND exp_member_groups.site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "'");
if ($query->num_rows > 0) {
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
$email->wordwrap = true;
$swap = array('sender_name' => $SESS->userdata('screen_name'), 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'));
$template = $FNS->fetch_email_template('pm_inbox_full');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
foreach ($query->result as $row) {
$overflow_names[] = $row['screen_name'];
if ($row['accept_messages'] != 'y') {
continue;
}
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($row['email']);
$email->subject($email_tit);
$email->message($FNS->var_swap($email_msg, array('recipient_name' => $row['screen_name'], 'pm_storage_limit' => $row['prv_msg_storage_limit'])));
$email->Send();
}
}
$submission_error[] = str_replace('%overflow_names%', implode(', ', $overflow_names), $LANG->line('overflow_recipients'));
}
/** ----------------------------------------
/** Submission Errors Force a Preview
/** ----------------------------------------*/
if (sizeof($submission_error) > 0) {
$status = 'preview';
$this->hide_preview = TRUE;
$this->invalid_name = FALSE;
}
/* -------------------------------------
/* Check Blocked on Sent
/*
/* If a message is blocked, we will not notify
/* the sender of this and simply proceed.
/* -------------------------------------*/
if ($status == 'sent') {
$sql = "SELECT member_id FROM exp_message_listed\n\t\t\t\t\tWHERE listed_type = 'blocked'\n\t\t\t\t\tAND listed_member = '{$this->member_id}'\n\t\t\t\t\tAND \n\t\t\t\t\t(\n\t\t\t\t\tmember_id IN ('" . implode("','", $recipients) . "')";
if (sizeof($cc) > 0) {
$sql .= "OR\n\t\t\t\t\t\t member_id IN ('" . implode("','", $cc) . "')";
}
$sql .= ")";
$blocked = $DB->query($sql);
if ($blocked->num_rows > 0) {
foreach ($blocked->result as $row) {
$details['blocked'][] = $row['member_id'];
}
$recipients = array_diff($recipients, $details['blocked']);
$cc = sizeof($cc) > 0 ? array_diff($cc, $details['blocked']) : array();
sort($recipients);
sort($cc);
}
}
/** -------------------------------------
/** Store Data
/** -------------------------------------*/
$data = array('message_id' => '', 'sender_id' => $this->member_id, 'message_date' => $LOC->now, 'message_subject' => $REGX->xss_clean($IN->GBL('subject')), 'message_body' => $REGX->xss_clean($IN->GBL('body')), 'message_tracking' => !$IN->GBL('tracking') ? 'n' : 'y', 'message_attachments' => sizeof($this->attachments) > 0 ? 'y' : 'n', 'message_recipients' => implode('|', $recipients), 'message_cc' => implode('|', $cc), 'message_hide_cc' => !$IN->GBL('hide_cc') ? 'n' : 'y', 'message_sent_copy' => !$IN->GBL('sent_copy') ? 'n' : 'y', 'total_recipients' => sizeof($recipients) + sizeof($cc), 'message_status' => $status);
if ($IN->GBL('message_id') && is_numeric($IN->GBL('message_id'))) {
/* -------------------------------------
/* Preview or Draft previously submitted.
/* So, we're updating an already existing message
/* -------------------------------------*/
$message_id = $IN->GBL('message_id');
unset($data['message_id']);
$DB->query($DB->update_string('exp_message_data', $data, "message_id = '" . $DB->escape_str($message_id) . "'"));
} else {
$DB->query($DB->insert_string('exp_message_data', $data));
$message_id = $DB->insert_id;
}
/** -----------------------------------------
/** Send out Messages to Recipients and CC
/** -----------------------------------------*/
if ($status == 'sent') {
$copy_data = array('copy_id' => '', 'message_id' => $message_id, 'sender_id' => $this->member_id);
/** -----------------------------------------
/** Send out Messages to Recipients and CC
/** -----------------------------------------*/
for ($i = 0, $size = sizeof($recipients); $i < $size; $i++) {
$copy_data['recipient_id'] = $recipients[$i];
$copy_data['message_authcode'] = $FNS->random('alpha', 10);
$DB->query($DB->insert_string('exp_message_copies', $copy_data));
}
for ($i = 0, $size = sizeof($cc); $i < $size; $i++) {
$copy_data['recipient_id'] = $cc[$i];
$copy_data['message_authcode'] = $FNS->random('alpha', 10);
$DB->query($DB->insert_string('exp_message_copies', $copy_data));
}
/** ----------------------------------
/** Increment exp_members.private_messages
/** ----------------------------------*/
$DB->query("UPDATE exp_members SET private_messages = private_messages + 1\n\t\t\t\t\t\tWHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')");
/** ----------------------------------
/** Send Any and All Email Notifications
/** ----------------------------------*/
$query = $DB->query("SELECT screen_name, email FROM exp_members\n\t\t\t\t\t\t\t\t WHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')\n\t\t\t\t\t\t\t\t AND notify_of_pm = 'y'\n\t\t\t\t\t\t\t\t AND member_id != {$this->member_id}");
if ($query->num_rows > 0) {
global $PREFS;
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(0);
$TYPE->smileys = FALSE;
$TYPE->highlight_code = TRUE;
if ($PREFS->ini('enable_censoring') == 'y' && $PREFS->ini('censored_words') != '') {
$subject = $TYPE->filter_censored_words($REGX->xss_clean($IN->GBL('subject')));
} else {
$subject = $REGX->xss_clean($IN->GBL('subject'));
}
$body = $TYPE->parse_type(stripslashes($REGX->xss_clean($IN->GBL('body'))), array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n'));
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
$email->wordwrap = true;
$swap = array('sender_name' => $SESS->userdata('screen_name'), 'message_subject' => $subject, 'message_content' => $body, 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'));
$template = $FNS->fetch_email_template('private_message_notification');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
foreach ($query->result as $row) {
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($row['email']);
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($FNS->var_swap($email_msg, array('recipient_name' => $row['screen_name']))));
$email->Send();
}
}
}
/** -------------------------------------
/** Sent Copy?
/** -------------------------------------*/
if ($status == 'sent' && $data['message_sent_copy'] == 'y') {
$copy_data['recipient_id'] = $this->member_id;
$copy_data['message_authcode'] = $FNS->random('alpha', 10);
$copy_data['message_folder'] = '2';
// Sent Message Folder
$copy_data['message_read'] = 'y';
// Already read automatically
$DB->query($DB->insert_string('exp_message_copies', $copy_data));
}
/** -------------------------------------
/** Replying or Forwarding?
/** -------------------------------------*/
if ($status == 'sent' && ($IN->GBL('replying') !== FALSE or $IN->GBL('forwarding') !== FALSE)) {
$copy_id = $IN->GBL('replying') !== FALSE ? $IN->GBL('replying') : $IN->GBL('forwarding');
$status = $IN->GBL('replying') !== FALSE ? 'replied' : 'forwarded';
$DB->query("UPDATE exp_message_copies SET message_status = '{$status}' WHERE copy_id = '{$copy_id}'");
}
/** -------------------------------------
/** Correct Member ID for Attachments
/** -------------------------------------*/
if (sizeof($this->attachments) > 0) {
$DB->query("UPDATE exp_message_attachments SET message_id = '{$message_id}' \n\t\t\t\t\t\tWHERE attachment_id IN ('" . implode("','", $this->attachments) . "')");
}
/** -------------------------------------
/** Remove Temp Status for Attachments
/** -------------------------------------*/
if ($status == 'sent') {
$DB->query("UPDATE exp_message_attachments SET is_temp = 'n' WHERE message_id = '{$message_id}'");
}
/** -------------------------------------
/** Redirect Them
/** -------------------------------------*/
if ($status == 'preview') {
return $this->compose($message_id, $submission_error);
} elseif ($status == 'draft') {
$this->drafts();
} else {
$FNS->redirect($this->_create_path('inbox'));
}
}
// Get the member email address
$sql_member = "SELECT email FROM exp_members WHERE member_id='" . $row['member_id'] . "'";
$sql_query = $DB->query($sql_member);
// Assemble the email
$receipient = $sql_query->row['email'];
$bcc_emails = $PREFS->core_ini['webmaster_email'];
$email_subject = "Your Be Fabulous subscription has expired";
$email_msg = "Hello\n";
$email_msg = $email_msg . "\n";
$email_msg = $email_msg . "This is just a brief email to let you know that your Be Fabulous 12 month subscription has expired.\n";
$email_msg = $email_msg . "\n";
$email_msg = $email_msg . "To re-subscribe simply visit http://www.be-fabulous.co.uk and log-in to your account. You will see an option on the right hand side of the 'All about you' page to 'Upgrade your subscription'.\n";
$email_msg = $email_msg . "\n";
$email_msg = $email_msg . "If you need any help or have any questions please don't hesitate to contact us by replying to this email or calling Karen on +44 (0) 7970 732057.\n";
$email_msg = $email_msg . "\n";
$email_msg = $email_msg . " - End of Message - \n";
// Send the Email
$email = new EEmail();
$email->wordwrap = false;
$email->mailtype = 'text';
$email->validate = true;
$email->from($PREFS->core_ini['webmaster_email'], $PREFS->core_ini['webmaster_name']);
$email->to($receipient);
$email->bcc($bcc_emails);
$email->subject($email_subject);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
$email->initialize();
}
}
}
/** -----------------------------------------
/** USAGE: Submit New Post.
/** -----------------------------------------*/
function newPost($plist)
{
global $DB, $LANG, $FNS, $LOC, $PREFS, $REGX, $IN, $STAT;
$parameters = $plist->output_parameters();
if (!$this->fetch_member_data($parameters['2'], $parameters['3'])) {
return new XML_RPC_Response('0', '802', $LANG->line('invalid_access'));
}
/** ---------------------------------------
/** Parse Out Weblog Information
/** ---------------------------------------*/
$this->parse_weblog($parameters['1']);
$this->status = $parameters['5'] == '0' ? 'closed' : 'open';
$sticky = 'n';
/** ---------------------------------------
/** Parse Weblog Meta-Information
/** ---------------------------------------*/
// using entities because of <title> conversion by xss_clean()
if (preg_match('/<title>(.+?)<\\/title>/is', $parameters['4'], $matches)) {
$this->title = $PREFS->ini('auto_convert_high_ascii') == 'y' ? $REGX->ascii_to_entities(trim($matches['1'])) : $matches['1'];
$parameters['4'] = str_replace($matches['0'], '', $parameters['4']);
}
if (preg_match('/<weblog_id>(.+?)<\\/weblog_id>/is', $parameters['4'], $matches)) {
$this->weblog_id = trim($matches['1']);
$parameters['4'] = str_replace($matches['0'], '', $parameters['4']);
$this->parse_weblog($this->weblog_id);
}
if (preg_match('/<category>(.*?)<\\/category>/is', $parameters['4'], $matches)) {
$this->categories = trim($matches['1']);
$parameters['4'] = str_replace($matches['0'], '', $parameters['4']);
if (strlen($this->categories) > 0) {
$this->check_categories("AND exp_weblogs.weblog_id = '{$this->weblog_id}'");
}
}
if (preg_match('/<sticky>(.+?)<\\/sticky>/is', $parameters['4'], $matches)) {
$sticky = (trim($matches['1']) == 'yes' or trim($matches['1']) == 'y') ? 'y' : 'n';
$parameters['4'] = str_replace($matches['0'], '', $parameters['4']);
}
/** ---------------------------------------
/** Default Weblog Data for weblog_id
/** ---------------------------------------*/
$query = $DB->query("SELECT deft_comments, deft_trackbacks, cat_group,\n \t\t\t\t\t\t blog_title, blog_url,\n \t\t\t\t\t\t weblog_notify_emails, weblog_notify, comment_url\n \t\t\t\t\t\t FROM exp_weblogs\n \t\t\t\t\t\t WHERE weblog_id = '{$this->weblog_id}'");
if ($query->num_rows == 0) {
return new XML_RPC_Response('0', '802', $LANG->line('invalid_weblog'));
}
$notify_address = ($query->row['weblog_notify'] == 'y' and $query->row['weblog_notify_emails'] != '') ? $query->row['weblog_notify_emails'] : '';
/** ---------------------------------------
/** URL Title Unique?
/** ---------------------------------------*/
$url_title = $REGX->create_url_title($this->title, TRUE);
$sql = "SELECT count(*) AS count \n\t\t\t\tFROM exp_weblog_titles \n\t\t\t\tWHERE url_title = '" . $DB->escape_str($url_title) . "' \n\t\t\t\tAND weblog_id = '{$this->weblog_id}'";
$results = $DB->query($sql);
// Already have default title
if ($results->row['count'] > 0) {
// Give it a moblog title
$inbetween = $PREFS->ini('word_separator') == 'dash' ? '-' : '_';
$url_title .= $inbetween . 'api';
/** ---------------------------------------
/** Multiple Title Find
/** ---------------------------------------*/
$sql = "SELECT count(*) AS count \n\t\t\t\t\tFROM exp_weblog_titles \n\t\t\t\t\tWHERE url_title LIKE '" . $DB->escape_like_str($url_title) . "%' \n\t\t\t\t\tAND weblog_id = '{$this->weblog_id}'";
$results = $DB->query($sql);
$url_title .= $results->row['count'] + 1;
}
/** ---------------------------------
/** Build our query string
/** ---------------------------------*/
$metadata = array('entry_id' => '', 'weblog_id' => $this->weblog_id, 'author_id' => $this->userdata['member_id'], 'title' => $this->title, 'url_title' => $url_title, 'ip_address' => $IN->IP, 'entry_date' => $LOC->now, 'edit_date' => gmdate("YmdHis", $LOC->now), 'year' => gmdate('Y', $LOC->now), 'month' => gmdate('m', $LOC->now), 'day' => gmdate('d', $LOC->now), 'sticky' => $sticky, 'status' => $this->status, 'allow_comments' => $query->row['deft_comments'], 'allow_trackbacks' => $query->row['deft_trackbacks']);
/** ---------------------------------------
/** Parse Weblog Field Data
/** ---------------------------------------*/
$entry_data = array('weblog_id' => $this->weblog_id);
if (sizeof($this->fields) > 0) {
foreach ($this->fields as $field_id => $afield) {
if (preg_match('/<' . $afield['0'] . '>(.+?)<\\/' . $afield['0'] . '>/is', $parameters['4'], $matches)) {
if (!isset($entry_data['field_id_' . $field_id])) {
$entry_data['field_id_' . $field_id] = $matches['1'];
$entry_data['field_ft_' . $field_id] = $afield['1'];
} else {
$entry_data['field_id_' . $field_id] .= "\n" . $matches['1'];
}
$parameters['4'] = trim(str_replace($matches['0'], '', $parameters['4']));
}
}
}
if (trim($parameters['4']) != '') {
if (!isset($entry_data[$this->field])) {
$entry_data['field_id_' . $this->field] = trim($parameters['4']);
$entry_data['field_ft_' . $this->field] = $this->fields[$this->field]['1'];
} else {
$entry_data[$this->field] .= "\n" . trim($parameters['4']);
}
}
/** ---------------------------------
/** Insert the entry data
/** ---------------------------------*/
$metadata['site_id'] = $this->site_id;
$DB->query($DB->insert_string('exp_weblog_titles', $metadata));
$entry_data['entry_id'] = $DB->insert_id;
$entry_data['site_id'] = $this->site_id;
$DB->query($DB->insert_string('exp_weblog_data', $entry_data));
/** ---------------------------------
/** Insert Categories, if any
/** ---------------------------------*/
if (sizeof($this->ecategories) > 0) {
foreach ($this->ecategories as $catid => $cat_name) {
$DB->query("INSERT INTO exp_category_posts \n \t\t\t\t\t(entry_id, cat_id) \n \t\t\t\t\tVALUES \n \t\t\t\t\t('" . $entry_data['entry_id'] . "', '{$catid}')");
}
}
/** ----------------------------
/** Send admin notification
/** ----------------------------*/
if ($notify_address != '') {
$swap = array('name' => $this->userdata['screen_name'], 'email' => $this->userdata['email'], 'weblog_name' => $query->row['blog_title'], 'entry_title' => $metadata['title'], 'entry_url' => $FNS->remove_double_slashes($query->row['blog_url'] . '/' . $metadata['url_title'] . '/'), 'comment_url' => $FNS->remove_double_slashes($query->row['comment_url'] . '/' . $metadata['url_title'] . '/'));
$template = $FNS->fetch_email_template('admin_notify_entry');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
// We don't want to send a notification if the person
// leaving the entry is in the notification list
$notify_address = str_replace($this->userdata['email'], "", $notify_address);
$notify_address = $REGX->remove_extra_commas($notify_address);
if ($notify_address != '') {
/** ----------------------------
/** Send email
/** ----------------------------*/
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
foreach (explode(',', $notify_address) as $addy) {
$email->initialize();
$email->wordwrap = false;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->reply_to($PREFS->ini('webmaster_email'));
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
}
}
/** ---------------------------------
/** Clear caches if needed
/** ---------------------------------*/
if ($PREFS->ini('new_posts_clear_caches') == 'y') {
$FNS->clear_caching('all');
} else {
$FNS->clear_caching('sql');
}
/** ---------------------------------------
/** Update those stats, stat!
/** ---------------------------------------*/
$STAT->update_weblog_stats($this->weblog_id);
$query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '" . $this->userdata['member_id'] . "'");
$total_entries = $query->row['total_entries'] + 1;
$DB->query("UPDATE exp_members set total_entries = '{$total_entries}', last_entry_date = '" . $LOC->now . "' WHERE member_id = '" . $this->userdata['member_id'] . "'");
/** ---------------------------------
/** Return Entry ID of new entry
/** ---------------------------------*/
return new XML_RPC_Response(new XML_RPC_Values($entry_data['entry_id'], 'string'));
}
/** -----------------------------
/** Send email in batch mode
/** -----------------------------*/
function batch_send()
{
global $IN, $DSP, $FNS, $LANG, $DB, $SESS, $PREFS, $REGX;
$DSP->title = $LANG->line('communicate');
$DSP->show_crumb = FALSE;
$debug_msg = '';
if (!($id = $IN->GBL('id'))) {
return $DSP->error_message($LANG->line('problem_with_id'), 0);
}
/** -----------------------------
/** Fetch mailing list IDs
/** -----------------------------*/
$list_templates = array();
if ($this->mailinglist_exists == TRUE) {
$query = $DB->query("SELECT list_id FROM exp_email_cache_ml WHERE cache_id = '" . $DB->escape_str($id) . "'");
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
// Fetch the template for each list
$query = $DB->query("SELECT list_template, list_title FROM exp_mailing_lists WHERE list_id = '" . $row['list_id'] . "'");
$list_templates[$row['list_id']] = array('list_template' => $query->row['list_template'], 'list_title' => $query->row['list_title']);
}
}
}
/** -----------------------------
/** Fetch cached email
/** -----------------------------*/
$query = $DB->query("SELECT * FROM exp_email_cache WHERE cache_id = '" . $DB->escape_str($id) . "'");
if ($query->num_rows == 0) {
return $DSP->error_message($LANG->line('cache_data_missing'), 0);
}
// Turn the result fields into variables
foreach ($query->row as $key => $val) {
if ($key == 'recipient_array') {
${$key} = $REGX->array_stripslashes(unserialize($val));
} else {
${$key} = $val;
}
}
/** -------------------------------------------------
/** Determine which emails correspond to this batch
/** -------------------------------------------------*/
$finished = FALSE;
$total = count($recipient_array);
$batch = $PREFS->ini('email_batch_size');
if ($batch > $total) {
$batch = $total;
$finished = TRUE;
}
/** ---------------------------------------
/** Apply text formatting if necessary
/** ---------------------------------------*/
if ($text_fmt != 'none' && $text_fmt != '') {
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(0);
$TYPE->parse_smileys = FALSE;
$message = $TYPE->parse_type($message, array('text_format' => $text_fmt, 'html_format' => 'all', 'auto_links' => 'n', 'allow_img_url' => 'y'));
}
/** ---------------------
/** Send emails
/** ---------------------*/
$action_id = $FNS->fetch_action_id('Mailinglist', 'unsubscribe');
require PATH_CORE . 'core.email' . EXT;
$email = new EEmail();
$email->wordwrap = $wordwrap == 'y' ? TRUE : FALSE;
$email->mailtype = $mailtype;
$email->priority = $priority;
$i = 0;
foreach ($recipient_array as $key => $val) {
if ($i == $batch) {
break;
}
$screen_name = '';
$list_id = FALSE;
if (is_array($val) and substr($key, 0, 1) == 'm') {
$screen_name = $val['1'];
$val = $val['0'];
} elseif (is_array($val) and substr($key, 0, 1) == 'l') {
$list_id = $val['1'];
$val = $val['0'];
}
$email->initialize();
$email->from($from_email, $from_name);
$email->to($val);
$email->subject($subject);
// m = member id
// l = mailing list
// r = general recipient
// Make a copy so we don't mess up the original
$msg = $message;
$msg_alt = $plaintext_alt;
if (substr($key, 0, 1) == 'l') {
$msg = $this->parse_template($list_templates[$list_id], $msg, $action_id, substr($key, 1), $mailtype);
$msg_alt = $this->parse_template($list_templates[$list_id], $msg_alt, $action_id, substr($key, 1), 'plain');
}
$msg = str_replace('{name}', $screen_name, $msg);
$msg_alt = str_replace('{name}', $screen_name, $msg_alt);
$email->message($msg, $msg_alt);
$error = FALSE;
if (!$email->Send()) {
$error = TRUE;
}
$debug_msg = $this->debug_message($email->debug_msg);
if ($error == TRUE) {
// Let's adjust the recipient array up to this point
reset($recipient_array);
$recipient_array = addslashes(serialize(array_slice($recipient_array, $i)));
$n = $total_sent + $i;
$DB->query("UPDATE exp_email_cache SET total_sent = '{$n}', recipient_array = '{$recipient_array}' WHERE cache_id = '" . $DB->escape_str($id) . "'");
return $DSP->error_message($LANG->line('error_sending_email') . $debug_msg, 0);
}
$i++;
}
$n = $total_sent + $i;
/** ------------------------
/** More batches to do...
/** ------------------------*/
if ($finished == FALSE) {
reset($recipient_array);
$recipient_array = addslashes(serialize(array_slice($recipient_array, $i)));
$DB->query("UPDATE exp_email_cache SET total_sent = '{$n}', recipient_array = '{$recipient_array}' WHERE cache_id = '" . $DB->escape_str($id) . "'");
$DSP->refresh = BASE . AMP . 'C=communicate' . AMP . 'M=batch_send' . AMP . 'id=' . $id;
$DSP->ref_rate = 4;
$r = $DSP->heading(BR . $LANG->line('sending_email'));
$stats = str_replace("%x", $total_sent + 1, $LANG->line('currently_sending_batch'));
$stats = str_replace("%y", $n, $stats);
$r .= $DSP->qdiv('itemWrapper', $stats);
$remaining = $total - $batch;
$r .= $DSP->qdiv('itemWrapper', $LANG->line('emails_remaining') . NBS . NBS . $remaining);
$r .= $DSP->qdiv('', $DSP->qdiv('alert', $LANG->line('batchmode_warning')));
} else {
$DB->query("UPDATE exp_email_cache SET total_sent = '{$n}', recipient_array = '' WHERE cache_id = '" . $DB->escape_str($id) . "'");
$r = $DSP->heading(BR . $LANG->line('email_sent'));
$r .= $DSP->qdiv('success', $LANG->line('all_email_sent_message'));
$total = $total_sent + $batch;
$r .= $DSP->qdiv('itemWrapper', $LANG->line('total_emails_sent') . NBS . NBS . $total);
}
$DSP->body = $r;
}
/** ---------------------------------------
/** Reset password
/** ---------------------------------------*/
function reset_password()
{
global $LANG, $PREFS, $FNS, $DSP, $IN, $DB;
if (!($id = $IN->GBL('id', 'GET'))) {
return $this->login_form();
}
$time = time() - 60 * 60 * 24;
// Get the member ID from the reset_password field
$query = $DB->query("SELECT member_id FROM exp_reset_password WHERE resetcode ='{$id}' and date > {$time}");
if ($query->num_rows == 0) {
return $this->login_form();
}
$member_id = $query->row['member_id'];
// Fetch the user data
$query = $DB->query("SELECT username, email FROM exp_members WHERE member_id ='{$member_id}'");
if ($query->num_rows == 0) {
return $this->login_form();
}
$address = $query->row['email'];
$username = $query->row['username'];
$rand = $FNS->random('alpha', 8);
// Update member's password
$DB->query("UPDATE exp_members SET password = '******' WHERE member_id = '" . $DB->escape_str($member_id) . "'");
// Kill old data from the reset_password field
$DB->query("DELETE FROM exp_reset_password WHERE date < {$time} OR member_id = '" . $DB->escape_str($member_id) . "'");
// Buid the email message
$message = $username . "," . $DSP->nl(2) . $LANG->line('new_login_info') . $DSP->nl(2) . $LANG->line('username') . ': ' . $username . $DSP->nl(1) . $LANG->line('password') . ': ' . $rand;
// Instantiate the email class
require PATH_CORE . 'core.email' . EXT;
$email = new EEmail();
$email->wordwrap = true;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($address);
$email->subject($LANG->line('your_new_login_info'));
$email->message($message);
if (!$email->Send()) {
$res = $LANG->line('error_sending_email');
} else {
$res = $LANG->line('password_has_been_reset');
}
$return = $DSP->div('loginBox') . $DSP->div('default') . $DSP->br(4) . $res . $DSP->br(5) . $DSP->anchor(BASE, $LANG->line('return_to_login')) . $DSP->br(5) . $DSP->div_c() . $DSP->div_c();
$DSP->set_return_data($LANG->line('forgotten_password'), $return);
}
/**
* Send Notification
*
* This is the function that ultimately sends all notifications.
*
* @see http://expressionengine.com/developers/extension_hooks/delete_entries_loop/
* @since version 1.0.0
*/
function send_notification($action, $data)
{
global $PREFS, $FNS, $DB, $SESS, $REGX;
$query = $DB->query("SELECT blog_title, blog_url, weblog_notify, weblog_notify_emails\n\t\t FROM exp_weblogs\n\t\t WHERE weblog_id = '" . $data['weblog_id'] . "'");
$weblog_name = $REGX->ascii_to_entities($query->row['blog_title']);
$weblog_url = $query->row['blog_url'];
$notify_address = ($query->row['weblog_notify'] == ($action == 'deleted' ? 'y' : 'o') and $query->row['weblog_notify_emails'] != '') ? $query->row['weblog_notify_emails'] : '';
// If the 'skip_self' setting is selected,
// remove the current user's e-mail address from the list
if ($this->settings['skip_self'] == 'y') {
if (eregi($SESS->userdata('email'), $notify_address)) {
$notify_address = str_replace($SESS->userdata('email'), '', $notify_address);
}
}
$notify_address = $REGX->remove_extra_commas($notify_address);
if ($notify_address != '') {
$swap = array('action' => $action, 'weblog_url' => $weblog_url, 'url_title' => $data['url_title'], 'url' => ($weblog_url and $data['url_title']) ? $FNS->remove_double_slashes($weblog_url . '/' . $data['url_title'] . '/') : '', 'name' => $SESS->userdata('screen_name'), 'email' => $SESS->userdata('email'), 'entry_id' => $data['entry_id'], 'entry_title' => $data['title'], 'entry_status' => $data['status'], 'weblog_id' => $data['weblog_id'], 'weblog_name' => $weblog_name);
$email_tit = $FNS->var_swap($this->settings['email_tit_template'], $swap);
$email_msg = $FNS->var_swap($this->settings['email_msg_template'], $swap);
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
foreach (explode(',', $notify_address) as $addy) {
$email->initialize();
$email->wordwrap = false;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->reply_to($PREFS->ini('webmaster_email'));
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
}
}
/** -----------------------------------------
/** USAGE: Submit New Post.
/** -----------------------------------------*/
function newPost($plist)
{
global $DB, $LANG, $FNS, $LOC, $PREFS, $REGX, $IN, $STAT;
$parameters = $plist->output_parameters();
if (!$this->fetch_member_data($parameters['1'], $parameters['2'])) {
return new XML_RPC_Response('0', '802', $LANG->line('invalid_access'));
}
/** ---------------------------------------
/** Parse Out Weblog Information
/** ---------------------------------------*/
$this->parse_weblog($parameters['0']);
if ($this->entry_status != '' && $this->entry_status != 'null') {
$this->status = $this->entry_status;
} else {
$this->status = $parameters['4'] == '0' ? 'closed' : 'open';
}
/** ---------------------------------------
/** Default Weblog Data for weblog_id
/** ---------------------------------------*/
$query = $DB->query("SELECT deft_comments, deft_trackbacks, cat_group, deft_category,\n \t\t\t\t\t\t blog_title, blog_url, tb_return_url, trackback_field, trackback_system_enabled,\n \t\t\t\t\t\t weblog_notify_emails, weblog_notify, comment_url\n \t\t\t\t\t\t FROM exp_weblogs \n \t\t\t\t\t\t WHERE weblog_id = '{$this->weblog_id}'");
if ($query->num_rows == 0) {
return new XML_RPC_Response('0', '804', $LANG->line('invalid_weblog'));
}
foreach ($query->row as $key => $value) {
${$key} = $value;
}
$notify_address = ($query->row['weblog_notify'] == 'y' and $query->row['weblog_notify_emails'] != '') ? $query->row['weblog_notify_emails'] : '';
/** ---------------------------------------
/** Parse Data Struct
/** ---------------------------------------*/
$this->title = $parameters['3']['title'];
$ping_urls = !isset($parameters['3']['mt_tb_ping_urls']) ? '' : implode("\n", $parameters['3']['mt_tb_ping_urls']);
$this->field_data['excerpt'] = !isset($parameters['3']['mt_excerpt']) ? '' : $parameters['3']['mt_excerpt'];
$this->field_data['content'] = !isset($parameters['3']['description']) ? '' : $parameters['3']['description'];
$this->field_data['more'] = !isset($parameters['3']['mt_text_more']) ? '' : $parameters['3']['mt_text_more'];
$this->field_data['keywords'] = !isset($parameters['3']['mt_keywords']) ? '' : $parameters['3']['mt_keywords'];
if (isset($parameters['3']['mt_allow_comments'])) {
$deft_comments = $parameters['3']['mt_allow_comments'] == 1 ? 'y' : 'n';
}
if (isset($parameters['3']['mt_allow_pings'])) {
$deft_trackbacks = $parameters['3']['mt_allow_pings'] == 1 ? 'y' : 'n';
}
if (isset($parameters['3']['categories']) && sizeof($parameters['3']['categories']) > 0) {
$cats = array();
foreach ($parameters['3']['categories'] as $cat) {
if (trim($cat) != '') {
$cats[] = $cat;
}
}
if (sizeof($cats) == 0 && !empty($deft_category)) {
$cats = array($deft_category);
}
if (sizeof($cats) > 0) {
$this->check_categories(array_unique($cats));
}
} elseif (!empty($deft_category)) {
$this->check_categories(array($deft_category));
}
if (!empty($parameters['3']['dateCreated'])) {
$entry_date = $this->iso8601_decode($parameters['3']['dateCreated']);
} else {
$entry_date = $LOC->now;
}
/** ---------------------------------------
/** URL Title Unique?
/** ---------------------------------------*/
$url_title = $REGX->create_url_title($this->title, TRUE);
$sql = "SELECT count(*) AS count \n\t\t\t\tFROM exp_weblog_titles \n\t\t\t\tWHERE url_title = '" . $DB->escape_str($url_title) . "' \n\t\t\t\tAND weblog_id = '{$this->weblog_id}'";
$results = $DB->query($sql);
// Already have default title
if ($results->row['count'] > 0) {
// Give it a moblog title
$inbetween = $PREFS->ini('word_separator') == 'dash' ? '-' : '_';
$url_title .= $inbetween . 'api';
/** ---------------------------------------
/** Multiple Title Find
/** ---------------------------------------*/
$sql = "SELECT count(*) AS count \n\t\t\t\t\tFROM exp_weblog_titles \n\t\t\t\t\tWHERE url_title LIKE '" . $DB->escape_like_str($url_title) . "%' \n\t\t\t\t\tAND weblog_id = '{$this->weblog_id}'";
$results = $DB->query($sql);
$url_title .= $results->row['count'] + 1;
}
/** ---------------------------------
/** Build our query string
/** --------------------------------*/
$metadata = array('entry_id' => '', 'weblog_id' => $this->weblog_id, 'author_id' => $this->userdata['member_id'], 'title' => $this->title, 'url_title' => $url_title, 'ip_address' => $IN->IP, 'entry_date' => $entry_date, 'edit_date' => gmdate("YmdHis", $entry_date), 'year' => gmdate('Y', $entry_date), 'month' => gmdate('m', $entry_date), 'day' => gmdate('d', $entry_date), 'status' => $this->status, 'allow_comments' => $deft_comments, 'allow_trackbacks' => $deft_trackbacks);
/** ---------------------------------------
/** Parse Weblog Field Data
/** ---------------------------------------*/
$entry_data = array('weblog_id' => $this->weblog_id);
// Default formatting for all of the weblog's fields...
foreach ($this->fields as $field_id => $field_data) {
$entry_data['field_ft_' . $field_id] = $field_data['1'];
}
$convert_breaks = !isset($parameters['3']['mt_convert_breaks']) ? '' : $parameters['3']['mt_convert_breaks'];
if ($convert_breaks != '') {
$plugins = $this->fetch_plugins();
if (!in_array($convert_breaks, $plugins)) {
$convert_breaks = '';
}
}
if (isset($this->fields[$this->excerpt_field])) {
if (isset($entry_data['field_id_' . $this->excerpt_field])) {
$entry_data['field_id_' . $this->excerpt_field] .= $this->field_data['excerpt'];
} else {
$entry_data['field_id_' . $this->excerpt_field] = $this->field_data['excerpt'];
}
$entry_data['field_ft_' . $this->excerpt_field] = $convert_breaks != '' ? $convert_breaks : $this->fields[$this->excerpt_field]['1'];
}
if (isset($this->fields[$this->content_field])) {
if (isset($entry_data['field_id_' . $this->content_field])) {
$entry_data['field_id_' . $this->content_field] .= $this->field_data['content'];
} else {
$entry_data['field_id_' . $this->content_field] = $this->field_data['content'];
}
$entry_data['field_ft_' . $this->content_field] = $convert_breaks != '' ? $convert_breaks : $this->fields[$this->content_field]['1'];
}
if (isset($this->fields[$this->more_field])) {
if (isset($entry_data['field_id_' . $this->more_field])) {
$entry_data['field_id_' . $this->more_field] .= $this->field_data['more'];
} else {
$entry_data['field_id_' . $this->more_field] = $this->field_data['more'];
}
$entry_data['field_ft_' . $this->more_field] = $convert_breaks != '' ? $convert_breaks : $this->fields[$this->more_field]['1'];
}
if (isset($this->fields[$this->keywords_field])) {
if (isset($entry_data['field_id_' . $this->keywords_field])) {
$entry_data['field_id_' . $this->keywords_field] .= $this->field_data['keywords'];
} else {
$entry_data['field_id_' . $this->keywords_field] = $this->field_data['keywords'];
}
$entry_data['field_ft_' . $this->keywords_field] = $convert_breaks != '' ? $convert_breaks : $this->fields[$this->keywords_field]['1'];
}
/** ---------------------------------
/** DST Setting
/** ---------------------------------*/
if ($PREFS->ini('honor_entry_dst') == 'y') {
$metadata['dst_enabled'] = $PREFS->ini('daylight_savings') == 'y' ? 'y' : 'n';
}
/** ---------------------------------
/** Insert the entry data
/** ---------------------------------*/
$metadata['site_id'] = $this->site_id;
$DB->query($DB->insert_string('exp_weblog_titles', $metadata));
$entry_data['entry_id'] = $DB->insert_id;
$entry_data['site_id'] = $this->site_id;
$DB->query($DB->insert_string('exp_weblog_data', $entry_data));
/** ---------------------------------
/** Insert Categories, if any
/** ---------------------------------*/
if (sizeof($this->categories) > 0) {
foreach ($this->categories as $catid => $cat_name) {
$DB->query("INSERT INTO exp_category_posts \n \t\t\t\t\t(entry_id, cat_id) \n \t\t\t\t\tVALUES \n \t\t\t\t\t('" . $entry_data['entry_id'] . "', '{$catid}')");
}
}
/** ------------------------------------
/** Send Pings - So Many Conditions...
/** ------------------------------------*/
if (trim($ping_urls) != '' && $trackback_system_enabled == 'y' && isset($entry_data['field_id_' . $trackback_field]) && $entry_data['field_id_' . $trackback_field] != '' && $metadata['status'] != 'closed' && $entry_date < $LOC->now + 90) {
$entry_link = $REGX->prep_query_string($tb_return_url == '' ? $blog_url : $tb_return_url);
$entry_link = $FNS->remove_double_slashes($entry_link . '/' . $metadata['url_title'] . '/');
$tb_data = array('entry_id' => $entry_data['entry_id'], 'entry_link' => $FNS->remove_double_slashes($entry_link), 'entry_title' => $metadata['title'], 'entry_content' => $entry_data['field_id_' . $trackback_field], 'tb_format' => $entry_data['field_ft_' . $trackback_field], 'weblog_name' => $blog_title, 'trackback_url' => str_replace("\n", ',', $ping_urls));
require PATH_MOD . 'trackback/mcp.trackback' . EXT;
$TB = new Trackback_CP();
$tb_res = $TB->send_trackback($tb_data);
/** ---------------------------------------
/** Update the "sent_trackbacks" field
/** ---------------------------------------*/
// Fetch the URLs that were sent successfully and update the DB
if (count($tb_res['0']) > 0) {
foreach ($tb_res['0'] as $val) {
$sent_trackbacks .= $val . "\n";
}
$DB->query("UPDATE exp_weblog_titles SET sent_trackbacks = '{$sent_trackbacks}' WHERE entry_id = '" . $entry_data['entry_id'] . "'");
}
$tb_errors = count($tb_res['1']) > 0 ? TRUE : FALSE;
}
/** ----------------------------
/** Send admin notification
/** ----------------------------*/
if ($notify_address != '') {
$swap = array('name' => $this->userdata['screen_name'], 'email' => $this->userdata['email'], 'weblog_name' => $blog_title, 'entry_title' => $metadata['title'], 'entry_url' => $FNS->remove_double_slashes($blog_url . '/' . $metadata['url_title'] . '/'), 'comment_url' => $FNS->remove_double_slashes($comment_url . '/' . $metadata['url_title'] . '/'));
$template = $FNS->fetch_email_template('admin_notify_entry');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
// We don't want to send a notification if the person
// leaving the entry is in the notification list
$notify_address = str_replace($this->userdata['email'], "", $notify_address);
$notify_address = $REGX->remove_extra_commas($notify_address);
if ($notify_address != '') {
/** ----------------------------
/** Send email
/** ----------------------------*/
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
foreach (explode(',', $notify_address) as $addy) {
$email->initialize();
$email->wordwrap = false;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->reply_to($PREFS->ini('webmaster_email'));
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
}
}
/** ---------------------------------
/** Clear caches if needed
/** ---------------------------------*/
if ($PREFS->ini('new_posts_clear_caches') == 'y') {
$FNS->clear_caching('all');
} else {
$FNS->clear_caching('sql');
}
/** ---------------------------------
/** Update Those Sexy Stats, Baby!
/** ---------------------------------*/
$STAT->update_weblog_stats($this->weblog_id);
$query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '" . $this->userdata['member_id'] . "'");
$total_entries = $query->row['total_entries'] + 1;
$DB->query("UPDATE exp_members set total_entries = '{$total_entries}', last_entry_date = '{$entry_date}' WHERE member_id = '" . $this->userdata['member_id'] . "'");
/** ---------------------------------
/** Return Entry ID of new entry
/** ---------------------------------*/
return new XML_RPC_Response(new XML_RPC_Values($entry_data['entry_id'], 'string'));
}
/** ---------------------------------
/** Validate/Delete Selected Members
/** ---------------------------------*/
function validate_members()
{
global $IN, $DSP, $DB, $LANG, $PREFS, $REGX, $FNS, $EXT, $STAT;
if (!$DSP->allowed_group('can_admin_members')) {
return $DSP->no_access_message();
}
if (!$DSP->allowed_group('can_delete_members')) {
if ($_POST['action'] == 'delete') {
return $DSP->no_access_message();
}
}
if (!$IN->GBL('toggle', 'POST')) {
return $this->member_validation();
}
$send_email = isset($_POST['send_notification']) ? TRUE : FALSE;
if ($send_email == TRUE) {
if ($_POST['action'] == 'activate') {
$template = $FNS->fetch_email_template('validated_member_notify');
} else {
$template = $FNS->fetch_email_template('decline_member_validation');
}
require PATH_CORE . 'core.email' . EXT;
$email = new EEmail();
$email->wordwrap = true;
}
$group_id = $PREFS->ini('default_member_group');
foreach ($_POST as $key => $val) {
if (strstr($key, 'toggle') and !is_array($val)) {
if ($send_email == TRUE) {
$query = $DB->query("SELECT username, screen_name, email FROM exp_members WHERE member_id = '{$val}'");
if ($query->num_rows == 1 and $query->row['email'] != "") {
$swap = array('name' => $query->row['screen_name'] != '' ? $query->row['screen_name'] : $query->row['username'], 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'));
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($query->row['email']);
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
}
if (isset($_POST['action']) && $_POST['action'] == 'activate') {
$DB->query("UPDATE exp_members SET group_id = '{$group_id}' WHERE member_id = '" . $DB->escape_str($val) . "'");
} else {
$DB->query("DELETE FROM exp_members WHERE member_id = '{$val}'");
$DB->query("DELETE FROM exp_member_data WHERE member_id = '{$val}'");
$DB->query("DELETE FROM exp_member_homepage WHERE member_id = '{$val}'");
$message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'");
$DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'");
$DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'");
$DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'");
$DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'");
if ($message_query->num_rows > 0) {
foreach ($message_query->result as $row) {
$count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
$DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '" . $row['recipient_id'] . "'"));
}
}
}
}
}
$STAT->update_member_stats();
// -------------------------------------------
// 'cp_members_validate_members' hook.
// - Additional processing when member(s) are validated in the CP
// - Added 1.5.2, 2006-12-28
//
$edata = $EXT->call_extension('cp_members_validate_members');
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
$title = $LANG->line('member_validation');
$DSP->title = $title;
$DSP->crumb = $DSP->anchor(BASE . AMP . 'C=admin' . AMP . 'area=members_and_groups', $LANG->line('members_and_groups')) . $DSP->crumb_item($title);
$DSP->body = $DSP->qdiv('tableHeading', $title);
$msg = $_POST['action'] == 'activate' ? $LANG->line('members_are_validated') : $LANG->line('members_are_deleted');
$DSP->body .= $DSP->qdiv('box', $msg);
}
private function _notify_admin($email, $subject, $body)
{
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
$email->wordwrap = true;
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($email);
$email->subject($subject);
$email->message($REGX->entities_to_ascii($body));
$email->Send();
}
/** -------------------------------------
/** Member self-delete
/** -------------------------------------*/
function member_delete()
{
global $DB, $FNS, $IN, $LANG, $OUT, $PREFS, $REGX, $SESS, $STAT;
/** -------------------------------------
/** Make sure they got here via a form
/** -------------------------------------*/
if ( ! $IN->GBL('ACT', 'POST'))
{
// No output for you, Mr. URL Hax0r
return FALSE;
}
$LANG->fetch_language_file('login');
/* -------------------------------------
/* No sneakiness - we'll do this in case the site administrator
/* has foolishly turned off secure forms and some monkey is
/* trying to delete their account from an off-site form or
/* after logging out.
/* -------------------------------------*/
if ($SESS->userdata['member_id'] == 0 OR $SESS->userdata['can_delete_self'] !== 'y')
{
return $OUT->show_user_error('general', $LANG->line('not_authorized'));
}
/** -------------------------------------
/** If the user is a SuperAdmin, then no deletion
/** -------------------------------------*/
if ($SESS->userdata['group_id'] == 1)
{
return $OUT->show_user_error('general', $LANG->line('cannot_delete_super_admin'));
}
/** ----------------------------------------
/** Is IP and User Agent required for login? Then, same here.
/** ----------------------------------------*/
if ($PREFS->ini('require_ip_for_login') == 'y')
{
if ($SESS->userdata['ip_address'] == '' || $SESS->userdata['user_agent'] == '')
{
return $OUT->show_user_error('general', $LANG->line('unauthorized_request'));
}
}
/** ----------------------------------------
/** Check password lockout status
/** ----------------------------------------*/
if ($SESS->check_password_lockout() === TRUE)
{
return $OUT->show_user_error('general', str_replace("%x", $PREFS->ini('password_lockout_interval'), $LANG->line('password_lockout_in_effect')));
}
/* -------------------------------------
/* Are you who you say you are, or someone sitting at someone
/* else's computer being mean?!
/* -------------------------------------*/
$query = $DB->query("SELECT password FROM exp_members WHERE member_id = '".$SESS->userdata['member_id']."'");
$password = $FNS->hash(stripslashes($IN->GBL('password', 'POST')));
if ($query->row['password'] != $password)
{
$SESS->save_password_lockout();
return $OUT->show_user_error('general', $LANG->line('invalid_pw'));
}
/** -------------------------------------
/** No turning back, get to deletin'!
/** -------------------------------------*/
$id = $SESS->userdata['member_id'];
$DB->query("DELETE FROM exp_members WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'");
$message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'");
$DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'");
$DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'");
$DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'");
if ($message_query->num_rows > 0)
{
foreach($message_query->result as $row)
{
$count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '".$row['recipient_id']."' AND message_read = 'n'");
$DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '".$row['recipient_id']."'"));
}
}
/** -------------------------------------
/** Delete Forum Posts
/** -------------------------------------*/
if ($PREFS->ini('forum_is_installed') == "y")
{
$DB->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'");
// Snag the affected topic id's before deleting the member for the update afterwards
$query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'");
if ($query->num_rows > 0)
{
$topic_ids = array();
foreach ($query->result as $row)
{
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$DB->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'");
// Update the forum stats
$query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if ( ! class_exists('Forum'))
{
require PATH_MOD.'forum/mod.forum'.EXT;
require PATH_MOD.'forum/mod.forum_core'.EXT;
}
$FRM = new Forum_Core;
foreach ($query->result as $row)
{
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids))
{
foreach ($topic_ids as $topic_id)
{
$FRM->_update_topic_stats($topic_id);
}
}
}
/** -------------------------------------
/** Va-poo-rize Weblog Entries and Comments
/** -------------------------------------*/
$entry_ids = array();
$weblog_ids = array();
$recount_ids = array();
// Find Entry IDs and Weblog IDs, then delete
$query = $DB->query("SELECT entry_id, weblog_id FROM exp_weblog_titles WHERE author_id = '{$id}'");
if ($query->num_rows > 0)
{
foreach ($query->result as $row)
{
$entry_ids[] = $row['entry_id'];
$weblog_ids[] = $row['weblog_id'];
}
$DB->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'");
$DB->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('".implode("','", $entry_ids)."')");
$DB->query("DELETE FROM exp_comments WHERE entry_id IN ('".implode("','", $entry_ids)."')");
$DB->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('".implode("','", $entry_ids)."')");
}
// Find the affected entries AND weblog ids for author's comments
$query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE author_id = '{$id}'");
if ($query->num_rows > 0)
{
foreach ($query->result as $row)
{
$recount_ids[] = $row['entry_id'];
$weblog_ids[] = $row['weblog_id'];
}
$recount_ids = array_diff($recount_ids, $entry_ids);
}
// Delete comments by member
$DB->query("DELETE FROM exp_comments WHERE author_id = '{$id}'");
// Update stats on weblog entries that were NOT deleted AND had comments by author
if (count($recount_ids) > 0)
{
foreach (array_unique($recount_ids) as $entry_id)
{
$query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '".$DB->escape_str($entry_id)."'");
$comment_date = ($query->num_rows == 0 OR !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date'];
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'");
$DB->query("UPDATE exp_weblog_titles SET comment_total = '".$DB->escape_str($query->row['count'])."', recent_comment_date = '$comment_date' WHERE entry_id = '{$entry_id}'");
}
}
if (count($weblog_ids) > 0)
{
foreach (array_unique($weblog_ids) as $weblog_id)
{
$STAT->update_weblog_stats($weblog_id);
$STAT->update_comment_stats($weblog_id);
}
}
/** -------------------------------------
/** Email notification recipients
/** -------------------------------------*/
if ($SESS->userdata['mbr_delete_notify_emails'] != '')
{
$notify_address = $SESS->userdata['mbr_delete_notify_emails'];
$swap = array(
'name' => $SESS->userdata['screen_name'],
'email' => $SESS->userdata['email'],
'site_name' => stripslashes($PREFS->ini('site_name'))
);
$email_tit = $FNS->var_swap($LANG->line('mbr_delete_notify_title'), $swap);
$email_msg = $FNS->var_swap($LANG->line('mbr_delete_notify_message'), $swap);
// No notification for the user themselves, if they're in the list
if (eregi($SESS->userdata('email'), $notify_address))
{
$notify_address = str_replace($SESS->userdata['email'], "", $notify_address);
}
$notify_address = $REGX->remove_extra_commas($notify_address);
if ($notify_address != '')
{
/** ----------------------------
/** Send email
/** ----------------------------*/
if ( ! class_exists('EEmail'))
{
require PATH_CORE.'core.email'.EXT;
}
$email = new EEmail;
foreach (explode(',', $notify_address) as $addy)
{
$email->initialize();
$email->wordwrap = false;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->reply_to($PREFS->ini('webmaster_email'));
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
}
}
/** -------------------------------------
/** Trash the Session and cookies
/** -------------------------------------*/
$DB->query("DELETE FROM exp_online_users WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND ip_address = '{$IN->IP}' AND member_id = '{$id}'");
$DB->query("DELETE FROM exp_sessions WHERE session_id = '".$SESS->userdata['session_id']."'");
$FNS->set_cookie($SESS->c_uniqueid);
$FNS->set_cookie($SESS->c_password);
$FNS->set_cookie($SESS->c_session);
$FNS->set_cookie($SESS->c_expire);
$FNS->set_cookie($SESS->c_anon);
$FNS->set_cookie('read_topics');
$FNS->set_cookie('tracker');
/** -------------------------------------
/** Update global member stats
/** -------------------------------------*/
$STAT->update_member_stats();
/** -------------------------------------
/** Build Success Message
/** -------------------------------------*/
$url = $PREFS->ini('site_url');
$name = stripslashes($PREFS->ini('site_name'));
$data = array( 'title' => $LANG->line('mbr_delete'),
'heading' => $LANG->line('thank_you'),
'content' => $LANG->line('mbr_account_deleted'),
'redirect' => '',
'link' => array($url, $name)
);
$OUT->show_message($data);
}
/** ----------------------------------------
/** Insert new comment
/** ----------------------------------------*/
function insert_new_comment()
{
global $IN, $SESS, $PREFS, $DB, $FNS, $OUT, $LANG, $REGX, $LOC, $STAT, $EXT;
$default = array('name', 'email', 'url', 'comment', 'location', 'entry_id');
foreach ($default as $val) {
if (!isset($_POST[$val])) {
$_POST[$val] = '';
}
}
// No entry ID? What the heck are they doing?
if (!is_numeric($_POST['entry_id'])) {
return false;
}
// If the comment is empty, bounce them back
if ($_POST['comment'] == '') {
if (!isset($_POST['RET']) or $_POST['RET'] == '') {
return false;
}
$FNS->redirect($_POST['RET']);
}
/** ----------------------------------------
/** Fetch the comment language pack
/** ----------------------------------------*/
$LANG->fetch_language_file('comment');
/** ----------------------------------------
/** Is the user banned?
/** ----------------------------------------*/
if ($SESS->userdata['is_banned'] == TRUE) {
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
/** ----------------------------------------
/** Is the IP address and User Agent required?
/** ----------------------------------------*/
if ($PREFS->ini('require_ip_for_posting') == 'y') {
if ($IN->IP == '0.0.0.0' || $SESS->userdata['user_agent'] == "") {
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
}
/** ----------------------------------------
/** Is the nation of the user banend?
/** ----------------------------------------*/
$SESS->nation_ban_check();
/** ----------------------------------------
/** Can the user post comments?
/** ----------------------------------------*/
if ($SESS->userdata['can_post_comments'] == 'n') {
$error[] = $LANG->line('cmt_no_authorized_for_comments');
return $OUT->show_user_error('general', $error);
}
/** ----------------------------------------
/** Blacklist/Whitelist Check
/** ----------------------------------------*/
if ($IN->blacklisted == 'y' && $IN->whitelisted == 'n') {
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
/** ----------------------------------------
/** Is this a preview request?
/** ----------------------------------------*/
if (isset($_POST['preview'])) {
return $this->preview_handler();
}
// -------------------------------------------
// 'insert_comment_start' hook.
// - Allows complete rewrite of comment submission routine.
// - Or could be used to modify the POST data before processing
//
$edata = $EXT->call_extension('insert_comment_start');
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
/** ----------------------------------------
/** Fetch weblog preferences
/** ----------------------------------------*/
$sql = "SELECT exp_weblog_titles.title, \n exp_weblog_titles.url_title,\n exp_weblog_titles.weblog_id,\n exp_weblog_titles.author_id,\n exp_weblog_titles.comment_total,\n exp_weblog_titles.allow_comments,\n exp_weblog_titles.entry_date,\n exp_weblog_titles.comment_expiration_date,\n exp_weblogs.blog_title,\n exp_weblogs.comment_system_enabled,\n exp_weblogs.comment_max_chars,\n exp_weblogs.comment_use_captcha,\n exp_weblogs.comment_timelock,\n exp_weblogs.comment_require_membership,\n exp_weblogs.comment_moderate,\n exp_weblogs.comment_require_email,\n exp_weblogs.comment_notify,\n exp_weblogs.comment_notify_authors,\n exp_weblogs.comment_notify_emails,\n exp_weblogs.comment_expiration\n FROM exp_weblog_titles, exp_weblogs\n WHERE exp_weblog_titles.weblog_id = exp_weblogs.weblog_id\n AND exp_weblog_titles.entry_id = '" . $DB->escape_str($_POST['entry_id']) . "'\n\t\t\t\tAND exp_weblog_titles.status != 'closed' ";
// -------------------------------------------
// 'insert_comment_preferences_sql' hook.
// - Rewrite or add to the comment preference sql query
// - Could be handy for comment/weblog restrictions
//
if ($EXT->active_hook('insert_comment_preferences_sql') === TRUE) {
$sql = $EXT->call_extension('insert_comment_preferences_sql', $sql);
if ($EXT->end_script === TRUE) {
return $edata;
}
}
//
// -------------------------------------------
$query = $DB->query($sql);
unset($sql);
if ($query->num_rows == 0) {
return false;
}
/** ----------------------------------------
/** Are comments allowed?
/** ----------------------------------------*/
if ($query->row['allow_comments'] == 'n' || $query->row['comment_system_enabled'] == 'n') {
return $OUT->show_user_error('submission', $LANG->line('cmt_comments_not_allowed'));
}
/** ----------------------------------------
/** Has commenting expired?
/** ----------------------------------------*/
if ($this->comment_expiration_mode == 0) {
if ($query->row['comment_expiration_date'] > 0) {
if ($LOC->now > $query->row['comment_expiration_date']) {
return $OUT->show_user_error('submission', $LANG->line('cmt_commenting_has_expired'));
}
}
} else {
if ($query->row['comment_expiration'] > 0) {
$days = $query->row['entry_date'] + $query->row['comment_expiration'] * 86400;
if ($LOC->now > $days) {
return $OUT->show_user_error('submission', $LANG->line('cmt_commenting_has_expired'));
}
}
}
/** ----------------------------------------
/** Is there a comment timelock?
/** ----------------------------------------*/
if ($query->row['comment_timelock'] != '' and $query->row['comment_timelock'] > 0) {
if ($SESS->userdata['group_id'] != 1) {
$time = $LOC->now - $query->row['comment_timelock'];
$result = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE comment_date > '{$time}' AND ip_address = '{$IN->IP}' ");
if ($result->row['count'] > 0) {
return $OUT->show_user_error('submission', str_replace("%s", $query->row['comment_timelock'], $LANG->line('cmt_comments_timelock')));
}
}
}
/** ----------------------------------------
/** Do we allow duplicate data?
/** ----------------------------------------*/
if ($PREFS->ini('deny_duplicate_data') == 'y') {
if ($SESS->userdata['group_id'] != 1) {
$result = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE comment = '" . $DB->escape_str($_POST['comment']) . "' ");
if ($result->row['count'] > 0) {
return $OUT->show_user_error('submission', $LANG->line('cmt_duplicate_comment_warning'));
}
}
}
/** ----------------------------------------
/** Assign data
/** ----------------------------------------*/
$author_id = $query->row['author_id'];
$entry_title = $query->row['title'];
$url_title = $query->row['url_title'];
$blog_title = $query->row['blog_title'];
$weblog_id = $query->row['weblog_id'];
$comment_total = $query->row['comment_total'] + 1;
$require_membership = $query->row['comment_require_membership'];
$comment_moderate = ($SESS->userdata['group_id'] == 1 or $SESS->userdata['exclude_from_moderation'] == 'y') ? 'n' : $query->row['comment_moderate'];
$author_notify = $query->row['comment_notify_authors'];
$notify_address = ($query->row['comment_notify'] == 'y' and $query->row['comment_notify_emails'] != '') ? $query->row['comment_notify_emails'] : '';
/** ----------------------------------------
/** Start error trapping
/** ----------------------------------------*/
$error = array();
if ($SESS->userdata('member_id') != 0) {
// If the user is logged in we'll reassign the POST variables with the user data
$_POST['name'] = $SESS->userdata['screen_name'] != '' ? $SESS->userdata['screen_name'] : $SESS->userdata['username'];
$_POST['email'] = $SESS->userdata['email'];
$_POST['url'] = $SESS->userdata['url'];
$_POST['location'] = $SESS->userdata['location'];
}
/** ----------------------------------------
/** Is membership is required to post...
/** ----------------------------------------*/
if ($require_membership == 'y') {
// Not logged in
if ($SESS->userdata('member_id') == 0) {
return $OUT->show_user_error('submission', $LANG->line('cmt_must_be_member'));
}
// Membership is pending
if ($SESS->userdata['group_id'] == 4) {
return $OUT->show_user_error('general', $LANG->line('cmt_account_not_active'));
}
} else {
/** ----------------------------------------
/** Missing name?
/** ----------------------------------------*/
if ($_POST['name'] == '') {
$error[] = $LANG->line('cmt_missing_name');
}
/** -------------------------------------
/** Is name banned?
/** -------------------------------------*/
if ($SESS->ban_check('screen_name', $_POST['name'])) {
$error[] = $LANG->line('cmt_name_not_allowed');
}
/** ----------------------------------------
/** Missing or invalid email address
/** ----------------------------------------*/
if ($query->row['comment_require_email'] == 'y') {
if ($_POST['email'] == '') {
$error[] = $LANG->line('cmt_missing_email');
} elseif (!$REGX->valid_email($_POST['email'])) {
$error[] = $LANG->line('cmt_invalid_email');
}
}
}
/** -------------------------------------
/** Is email banned?
/** -------------------------------------*/
if ($_POST['email'] != '') {
if ($SESS->ban_check('email', $_POST['email'])) {
$error[] = $LANG->line('cmt_banned_email');
}
}
/** ----------------------------------------
/** Is comment too big?
/** ----------------------------------------*/
if ($query->row['comment_max_chars'] != '' and $query->row['comment_max_chars'] != 0) {
if (strlen($_POST['comment']) > $query->row['comment_max_chars']) {
$str = str_replace("%n", strlen($_POST['comment']), $LANG->line('cmt_too_large'));
$str = str_replace("%x", $query->row['comment_max_chars'], $str);
$error[] = $str;
}
}
/** ----------------------------------------
/** Do we have errors to display?
/** ----------------------------------------*/
if (count($error) > 0) {
return $OUT->show_user_error('submission', $error);
}
/** ----------------------------------------
/** Do we require captcha?
/** ----------------------------------------*/
if ($query->row['comment_use_captcha'] == 'y') {
if ($PREFS->ini('captcha_require_members') == 'y' || ($PREFS->ini('captcha_require_members') == 'n' and $SESS->userdata('member_id') == 0)) {
if (!isset($_POST['captcha']) || $_POST['captcha'] == '') {
return $OUT->show_user_error('submission', $LANG->line('captcha_required'));
} else {
$res = $DB->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $DB->escape_str($_POST['captcha']) . "' AND ip_address = '" . $IN->IP . "' AND date > UNIX_TIMESTAMP()-7200");
if ($res->row['count'] == 0) {
return $OUT->show_user_error('submission', $LANG->line('captcha_incorrect'));
}
$DB->query("DELETE FROM exp_captcha WHERE (word='" . $DB->escape_str($_POST['captcha']) . "' AND ip_address = '" . $IN->IP . "') OR date < UNIX_TIMESTAMP()-7200");
}
}
}
/** ----------------------------------------
/** Build the data array
/** ----------------------------------------*/
$notify = $IN->GBL('notify_me', 'POST') ? 'y' : 'n';
$cmtr_name = $REGX->xss_clean($_POST['name']);
$cmtr_email = $_POST['email'];
$cmtr_url = $REGX->xss_clean($REGX->prep_url($_POST['url']));
$cmtr_loc = $REGX->xss_clean($_POST['location']);
$data = array('weblog_id' => $weblog_id, 'entry_id' => $_POST['entry_id'], 'author_id' => $SESS->userdata('member_id'), 'name' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'comment' => $REGX->xss_clean($_POST['comment']), 'comment_date' => $LOC->now, 'ip_address' => $IN->IP, 'notify' => $notify, 'status' => $comment_moderate == 'y' ? 'c' : 'o', 'site_id' => $PREFS->ini('site_id'));
// -------------------------------------------
// 'insert_comment_insert_array' hook.
// - Modify any of the soon to be inserted values
//
if ($EXT->active_hook('insert_comment_insert_array') === TRUE) {
$data = $EXT->call_extension('insert_comment_insert_array', $data);
if ($EXT->end_script === TRUE) {
return $edata;
}
}
//
// -------------------------------------------
/** ----------------------------------------
/** Insert data
/** ----------------------------------------*/
if ($PREFS->ini('secure_forms') == 'y') {
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $DB->escape_str($_POST['XID']) . "' AND ip_address = '" . $IN->IP . "' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row['count'] > 0) {
$sql = $DB->insert_string('exp_comments', $data);
$DB->query($sql);
$comment_id = $DB->insert_id;
$DB->query("DELETE FROM exp_security_hashes WHERE (hash='" . $DB->escape_str($_POST['XID']) . "' AND ip_address = '" . $IN->IP . "') OR date < UNIX_TIMESTAMP()-7200");
} else {
$FNS->redirect(stripslashes($_POST['RET']));
}
} else {
$sql = $DB->insert_string('exp_comments', $data);
$DB->query($sql);
$comment_id = $DB->insert_id;
}
if ($comment_moderate == 'n') {
/** ------------------------------------------------
/** Update comment total and "recent comment" date
/** ------------------------------------------------*/
$DB->query("UPDATE exp_weblog_titles SET comment_total = '{$comment_total}', recent_comment_date = '" . $LOC->now . "' WHERE entry_id = '" . $DB->escape_str($_POST['entry_id']) . "'");
/** ----------------------------------------
/** Update member comment total and date
/** ----------------------------------------*/
if ($SESS->userdata('member_id') != 0) {
$query = $DB->query("SELECT total_comments FROM exp_members WHERE member_id = '" . $SESS->userdata('member_id') . "'");
$DB->query("UPDATE exp_members SET total_comments = '" . ($query->row['total_comments'] + 1) . "', last_comment_date = '" . $LOC->now . "' WHERE member_id = '" . $SESS->userdata('member_id') . "'");
}
/** ----------------------------------------
/** Update comment stats
/** ----------------------------------------*/
$STAT->update_comment_stats($weblog_id, $LOC->now);
/** ----------------------------------------
/** Fetch email notification addresses
/** ----------------------------------------*/
$query = $DB->query("SELECT DISTINCT(email), name, comment_id, author_id FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($_POST['entry_id']) . "' AND notify = 'y'");
$recipients = array();
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
if ($row['email'] == "" and $row['author_id'] != 0) {
$result = $DB->query("SELECT email, screen_name FROM exp_members WHERE member_id = '" . $DB->escape_str($row['author_id']) . "'");
if ($result->num_rows == 1) {
$recipients[] = array($result->row['email'], $row['comment_id'], $result->row['screen_name']);
}
} elseif ($row['email'] != "") {
$recipients[] = array($row['email'], $row['comment_id'], $row['name']);
}
}
}
}
/** ----------------------------------------
/** Fetch Author Notification
/** ----------------------------------------*/
if ($author_notify == 'y') {
$result = $DB->query("SELECT email FROM exp_members WHERE member_id = '" . $DB->escape_str($author_id) . "'");
$notify_address .= ',' . $result->row['email'];
}
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(FALSE, FALSE);
$TYPE->smileys = FALSE;
$comment = $REGX->xss_clean($_POST['comment']);
$comment = $TYPE->parse_type($comment, array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n'));
/** ----------------------------
/** Send admin notification
/** ----------------------------*/
if ($notify_address != '') {
$swap = array('name' => $cmtr_name, 'name_of_commenter' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'weblog_name' => $blog_title, 'entry_title' => $entry_title, 'comment_id' => $comment_id, 'comment' => $comment, 'comment_url' => $FNS->remove_session_id($_POST['RET']), 'delete_link' => $PREFS->ini('cp_url') . '?S=0&C=edit' . '&M=del_comment_conf' . '&weblog_id=' . $weblog_id . '&entry_id=' . $_POST['entry_id'] . '&comment_id=' . $comment_id);
$template = $FNS->fetch_email_template('admin_notify_comment');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
// We don't want to send an admin notification if the person
// leaving the comment is an admin in the notification list
if ($_POST['email'] != '') {
if (strpos($notify_address, $_POST['email']) !== FALSE) {
$notify_address = str_replace($_POST['email'], "", $notify_address);
}
}
$notify_address = $REGX->remove_extra_commas($notify_address);
if ($notify_address != '') {
/** ----------------------------
/** Send email
/** ----------------------------*/
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$replyto = $data['email'] == '' ? $PREFS->ini('webmaster_email') : $data['email'];
$email = new EEmail();
$sent = array();
foreach (explode(',', $notify_address) as $addy) {
if (in_array($addy, $sent)) {
continue;
}
$email->initialize();
$email->wordwrap = false;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->reply_to($replyto);
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
$sent[] = $addy;
}
}
}
/** ----------------------------------------
/** Send user notifications
/** ----------------------------------------*/
if ($comment_moderate == 'n') {
$email_msg = '';
if (count($recipients) > 0) {
$qs = $PREFS->ini('force_query_string') == 'y' ? '' : '?';
$action_id = $FNS->fetch_action_id('Comment_CP', 'delete_comment_notification');
$swap = array('name_of_commenter' => $cmtr_name, 'weblog_name' => $blog_title, 'entry_title' => $entry_title, 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'), 'comment_url' => $FNS->remove_session_id($_POST['RET']), 'comment_id' => $comment_id, 'comment' => $comment);
$template = $FNS->fetch_email_template('comment_notification');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
$email->wordwrap = true;
$cur_email = $_POST['email'] == '' ? FALSE : $_POST['email'];
if (!isset($sent)) {
$sent = array();
}
foreach ($recipients as $val) {
// We don't notify the person currently commenting. That would be silly.
if ($val['0'] != $cur_email and !in_array($val['0'], $sent)) {
$title = $email_tit;
$message = $email_msg;
$title = str_replace('{name_of_recipient}', $val['2'], $title);
$message = str_replace('{name_of_recipient}', $val['2'], $message);
$title = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $title);
$message = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $message);
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($val['0']);
$email->subject($title);
$email->message($REGX->entities_to_ascii($message));
$email->Send();
$sent[] = $val['0'];
}
}
}
/** ----------------------------------------
/** Clear cache files
/** ----------------------------------------*/
$FNS->clear_caching('all', $FNS->fetch_site_index() . $_POST['URI']);
// clear out the entry_id version if the url_title is in the URI, and vice versa
if (preg_match("#\\/" . preg_quote($url_title) . "\\/#", $_POST['URI'], $matches)) {
$FNS->clear_caching('all', $FNS->fetch_site_index() . preg_replace("#" . preg_quote($matches['0']) . "#", "/{$data['entry_id']}/", $_POST['URI']));
} else {
$FNS->clear_caching('all', $FNS->fetch_site_index() . preg_replace("#{$data['entry_id']}#", $url_title, $_POST['URI']));
}
}
/** ----------------------------------------
/** Set cookies
/** ----------------------------------------*/
if ($notify == 'y') {
$FNS->set_cookie('notify_me', 'yes', 60 * 60 * 24 * 365);
} else {
$FNS->set_cookie('notify_me', 'no', 60 * 60 * 24 * 365);
}
if ($IN->GBL('save_info', 'POST')) {
$FNS->set_cookie('save_info', 'yes', 60 * 60 * 24 * 365);
$FNS->set_cookie('my_name', $_POST['name'], 60 * 60 * 24 * 365);
$FNS->set_cookie('my_email', $_POST['email'], 60 * 60 * 24 * 365);
$FNS->set_cookie('my_url', $_POST['url'], 60 * 60 * 24 * 365);
$FNS->set_cookie('my_location', $_POST['location'], 60 * 60 * 24 * 365);
} else {
$FNS->set_cookie('save_info', 'no', 60 * 60 * 24 * 365);
$FNS->set_cookie('my_name', '');
$FNS->set_cookie('my_email', '');
$FNS->set_cookie('my_url', '');
$FNS->set_cookie('my_location', '');
}
// -------------------------------------------
// 'insert_comment_end' hook.
// - More emails, more processing, different redirect
// - $comment_id added 1.6.1
//
$edata = $EXT->call_extension('insert_comment_end', $data, $comment_moderate, $comment_id);
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
/** -------------------------------------------
/** Bounce user back to the comment page
/** -------------------------------------------*/
if ($comment_moderate == 'y') {
$data = array('title' => $LANG->line('cmt_comment_accepted'), 'heading' => $LANG->line('thank_you'), 'content' => $LANG->line('cmt_will_be_reviewed'), 'redirect' => $_POST['RET'], 'link' => array($_POST['RET'], $LANG->line('cmt_return_to_comments')), 'rate' => 3);
$OUT->show_message($data);
} else {
$FNS->redirect($_POST['RET']);
}
}
/** -----------------------------------------
/** Change Comment Status
/** -----------------------------------------*/
function change_comment_status($status = '')
{
global $IN, $DSP, $DB, $LANG, $PREFS, $REGX, $FNS, $SESS, $STAT;
$weblog_id = $IN->GBL('weblog_id');
$entry_id = $IN->GBL('entry_id');
$current_page = $IN->GBL('current_page');
$comments = array();
$trackbacks = array();
foreach ($_POST as $key => $val) {
if (strstr($key, 'toggle') and !is_array($val)) {
if (substr($val, 0, 1) == 'c') {
$comments[] = $DB->escape_str(substr($val, 1));
}
}
}
if ($IN->GBL('comment_id') !== FALSE && is_numeric($IN->GBL('comment_id'))) {
$comments[] = $DB->escape_str($IN->GBL('comment_id'));
}
if (sizeof($comments) == 0) {
return $DSP->no_access_message();
}
if (!$DSP->allowed_group('can_moderate_comments') && !$DSP->allowed_group('can_edit_all_comments')) {
return $DSP->no_access_message();
}
if ($DSP->allowed_group('can_edit_all_comments')) {
// Can Edit All Comments
$sql = "SELECT exp_comments.entry_id, exp_comments.weblog_id, exp_comments.author_id\n\t\t\t\t\tFROM exp_comments\n\t\t\t\t\tWHERE exp_comments.comment_id IN ('" . implode("','", $comments) . "')";
} else {
// Can Moderate Comments, but only from non-USER blogs.
$sql = "SELECT exp_comments.entry_id, exp_comments.weblog_id, exp_comments.author_id\n\t\t\t\t\tFROM exp_comments, exp_weblogs\n\t\t\t\t\tWHERE exp_comments.comment_id IN ('" . implode("','", $comments) . "') \n\t\t\t\t\tAND exp_comments.weblog_id = exp_weblogs.weblog_id ";
$sql .= USER_BLOG !== FALSE ? "AND exp_weblogs.weblog_id = '" . UB_BLOG_ID . "' " : "AND exp_weblogs.is_user_blog = 'n' ";
}
/** -------------------------------
/** Retrieve Our Results
/** -------------------------------*/
$query = $DB->query($sql);
if ($query->num_rows == 0) {
return $DSP->no_access_message();
}
$entry_ids = array();
$author_ids = array();
$weblog_ids = array();
foreach ($query->result as $row) {
$entry_ids[] = $row['entry_id'];
$author_ids[] = $row['author_id'];
$weblog_ids[] = $row['weblog_id'];
}
$entry_ids = array_unique($entry_ids);
$author_ids = array_unique($author_ids);
$weblog_ids = array_unique($weblog_ids);
/** -------------------------------
/** Change Status
/** -------------------------------*/
$status = ($status == 'close' or isset($_GET['status']) and $_GET['status'] == 'close') ? 'c' : 'o';
$DB->query("UPDATE exp_comments SET status = '{$status}' WHERE comment_id IN ('" . implode("','", $comments) . "') ");
foreach (array_unique($entry_ids) as $entry_id) {
$query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($entry_id) . "'");
$comment_date = ($query->num_rows == 0 or !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date'];
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '" . $DB->escape_str($entry_id) . "' AND status = 'o'");
$DB->query("UPDATE exp_weblog_titles SET comment_total = '" . $query->row['count'] . "', recent_comment_date = '{$comment_date}' WHERE entry_id = '" . $DB->escape_str($entry_id) . "'");
}
// Quicker and updates just the weblogs
foreach (array_unique($weblog_ids) as $weblog_id) {
$STAT->update_comment_stats($weblog_id, '', FALSE);
}
// Updates the total stats
$STAT->update_comment_stats();
foreach (array_unique($author_ids) as $author_id) {
$res = $DB->query("SELECT COUNT(comment_id) AS comment_total, MAX(comment_date) AS comment_date FROM exp_comments WHERE author_id = '{$author_id}'");
$comment_total = $res->row['comment_total'];
$comment_date = !empty($res->row['comment_date']) ? $res->row['comment_date'] : 0;
$DB->query($DB->update_string('exp_members', array('total_comments' => $comment_total, 'last_comment_date' => $comment_date), "member_id = '{$author_id}'"));
}
/** ----------------------------------------
/** Send email notification
/** ----------------------------------------*/
if ($status == 'o') {
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(0);
/** ----------------------------------------
/** Go Through Array of Entries
/** ----------------------------------------*/
foreach ($comments as $comment_id) {
$query = $DB->query("SELECT comment, name, email, comment_date, entry_id\n\t\t\t\t\t\t\t\t\t FROM exp_comments \n\t\t\t\t\t\t\t\t\t WHERE comment_id = '" . $DB->escape_str($comment_id) . "'");
/*
Find all of the unique commenters for this entry that have
notification turned on, posted at/before this comment
and do not have the same email address as this comment.
*/
$results = $DB->query("SELECT DISTINCT(email), name, comment_id \n\t\t\t\t\t\t\t\t\t FROM exp_comments \n\t\t\t\t\t\t\t\t\t WHERE status = 'o' \n\t\t\t\t\t\t\t\t\t AND entry_id = '" . $DB->escape_str($query->row['entry_id']) . "'\n\t\t\t\t\t\t\t\t\t AND notify = 'y'\n\t\t\t\t\t\t\t\t\t AND email != '" . $DB->escape_str($query->row['email']) . "'\n\t\t\t\t\t\t\t\t\t AND comment_date <= '" . $DB->escape_str($query->row['comment_date']) . "'");
$recipients = array();
if ($results->num_rows > 0) {
foreach ($results->result as $row) {
$recipients[] = array($row['email'], $row['comment_id'], $row['name']);
}
}
$email_msg = '';
if (count($recipients) > 0) {
$comment = $TYPE->parse_type($query->row['comment'], array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n'));
$qs = $PREFS->ini('force_query_string') == 'y' ? '' : '?';
$action_id = $FNS->fetch_action_id('Comment_CP', 'delete_comment_notification');
$results = $DB->query("SELECT wt.title, wt.url_title, w.blog_title, w.comment_url, w.blog_url\n\t\t\t\t\t\t\t\t\t\t FROM exp_weblog_titles wt, exp_weblogs w \n\t\t\t\t\t\t\t\t\t\t WHERE wt.entry_id = '" . $DB->escape_str($query->row['entry_id']) . "'\n\t\t\t\t\t\t\t\t\t\t AND wt.weblog_id = w.weblog_id");
$com_url = $results->row['comment_url'] == '' ? $results->row['blog_url'] : $results->row['comment_url'];
$swap = array('name_of_commenter' => $query->row['name'], 'name' => $query->row['name'], 'weblog_name' => $results->row['blog_title'], 'entry_title' => $results->row['title'], 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'), 'comment' => $comment, 'comment_id' => $comment_id, 'comment_url' => $FNS->remove_double_slashes($com_url . '/' . $results->row['url_title'] . '/'));
$template = $FNS->fetch_email_template('comment_notification');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
$email->wordwrap = true;
$sent = array();
foreach ($recipients as $val) {
if (!in_array($val['0'], $sent)) {
$title = $email_tit;
$message = $email_msg;
// Deprecate the {name} variable at some point
$title = str_replace('{name}', $val['2'], $title);
$message = str_replace('{name}', $val['2'], $message);
$title = str_replace('{name_of_recipient}', $val['2'], $title);
$message = str_replace('{name_of_recipient}', $val['2'], $message);
$title = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $title);
$message = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $message);
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($val['0']);
$email->subject($title);
$email->message($REGX->entities_to_ascii($message));
$email->Send();
$sent[] = $val['0'];
}
}
}
}
}
$FNS->clear_caching('all');
$val = $IN->GBL('validate') == 1 ? AMP . 'validate=1' : '';
if ($IN->GBL('search_in') !== FALSE) {
$url = BASE . AMP . 'C=edit' . AMP . 'M=view_entries' . AMP . 'search_in=comments' . AMP . 'rownum=' . $IN->GBL('current_page') . AMP . 'order=desc' . AMP . 'keywords=' . $IN->GBL('keywords');
} else {
$url = BASE . AMP . 'C=edit' . AMP . 'M=view_comments' . AMP . 'weblog_id=' . $weblog_id . AMP . 'entry_id=' . $entry_id . AMP . 'current_page=' . $current_page . AMP . 'U=1' . $val;
}
$FNS->redirect($url);
exit;
}
/**
* Sends an email to either the site administrator or the author of the entry / comment.
*
* @param string $to_who author or admin
* @param string $emails comma separated list of emails
* @since version 1.0.0
*/
private function send_notifications($to_who, $emails, $data)
{
global $DSP, $PREFS;
// grab the template
$settings = $this->settings['addon'][$PREFS->ini('site_id')];
$template = $this->parse_template($settings["{$to_who}_{$this->quarantinable_type}_notification_template"], $data);
$subject = $this->parse_template($settings["{$to_who}_{$this->quarantinable_type}_notification_subject"], $data);
/** ----------------------------
/** Send email
/** ----------------------------*/
// get the email class
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
// create a new email object
$E = new EEmail();
$E->wordwrap = $PREFS->ini('word_wrap');
$E->mailtype = $PREFS->ini('mail_format');
$E->priority = 3;
// set the prefs
// im sending it to myself
$E->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$E->to($emails);
// create a subject line
$E->subject($subject);
// add the message to the email object
$E->message($template);
if ($E->Send() === FALSE) {
return $DSP->error_message($LANG->line('error_sending_email'), 0);
}
}
function test_email()
{
global $IN, $DB, $REGX, $LANG, $TMPL, $FNS, $PREFS, $LOC;
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email_msg = 'Cron executed at ' . date("M d, Y H:i", $LOC->server_now);
$email = new EEmail();
$email->initialize();
$email->wordwrap = true;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to('*****@*****.**');
$email->reply_to($PREFS->ini('webmaster_email'));
$email->subject('cron works');
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
/** ----------------------------------
/** Send Member Email
/** ----------------------------------*/
function send_email()
{
global $DB, $IN, $FNS, $OUT, $LANG, $PREFS, $LOC, $SESS;
if ( ! $member_id = $IN->GBL('MID', 'POST'))
{
return false;
}
/** ----------------------------------------
/** Is the user banned?
/** ----------------------------------------*/
if ($SESS->userdata['is_banned'] == TRUE)
{
return false;
}
/** ---------------------------------
/** Is the user logged in?
/** ---------------------------------*/
if ($SESS->userdata('member_id') == 0)
{
return $this->profile_login_form($this->_member_path('email_console/'.$member_id));
}
/** ---------------------------------
/** Are we missing data?
/** ---------------------------------*/
if ( ! $member_id = $IN->GBL('MID', 'POST'))
{
return false;
}
if ( ! isset($_POST['subject']) || ! isset($_POST['message']))
{
return false;
}
if ($_POST['subject'] == '' OR $_POST['message'] == '')
{
return $OUT->show_user_error('submission', array($LANG->line('mbr_missing_fields')));
}
/** ----------------------------------------
/** Check Email Timelock
/** ----------------------------------------*/
if ($SESS->userdata['group_id'] != 1)
{
$lock = $PREFS->ini('email_console_timelock');
if (is_numeric($lock) AND $lock != 0)
{
if (($SESS->userdata['last_email_date'] + ($lock*60)) > $LOC->now)
{
return $this->_var_swap($this->_load_element('email_user_message'),
array(
'lang:message' => str_replace("%x", $lock, $LANG->line('mbr_email_timelock_not_expired')),
'css_class' => 'highlight',
'lang:close_window' => $LANG->line('mbr_close_window')
)
);
}
}
}
/** ---------------------------------
/** Do we have a secure hash?
/** ---------------------------------*/
if ($PREFS->ini('secure_forms') == 'y')
{
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row['count'] == 0)
{
return false;
}
$DB->query("DELETE FROM exp_security_hashes WHERE (hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."') OR date < UNIX_TIMESTAMP()-7200");
}
/** ---------------------------------
/** Does the recipient accept email?
/** ---------------------------------*/
$query = $DB->query("SELECT email, screen_name, accept_user_email FROM exp_members WHERE member_id = '{$member_id}'");
if ($query->num_rows == 0)
{
return false;
}
if ($query->row['accept_user_email'] != 'y')
{
return $this->_var_swap($this->_load_element('email_user_message'),
array(
'lang:message' => $LANG->line('mbr_email_not_accepted'),
'css_class' => 'highlight'
)
);
}
$message = stripslashes($_POST['message'])."\n\n";
$message .= $LANG->line('mbr_email_forwarding')."\n";
$message .= $PREFS->ini('site_url')."\n";
$message .= $LANG->line('mbr_email_forwarding_cont');
/** ----------------------------
/** Send email
/** ----------------------------*/
if ( ! class_exists('EEmail'))
{
require PATH_CORE.'core.email'.EXT;
}
$email = new EEmail;
$email->wordwrap = true;
$email->from($SESS->userdata['email']);
$email->subject(stripslashes($_POST['subject']));
$email->message($message);
if (isset($_POST['self_copy']))
{
/* If CC'ing the send, they get the email and the recipient is BCC'ed
Because Rick says his filter blocks emails without a To: field
*/
$email->to($SESS->userdata['email']);
$email->bcc($query->row['email']);
}
else
{
$email->to($query->row['email']);
}
$swap['lang:close_window'] = $LANG->line('mbr_close_window');
if ( ! $email->Send())
{
$swap['lang:message'] = $LANG->line('mbr_email_error');
$swap['css_class'] = 'alert';
}
else
{
$this->log_email($query->row['email'], $query->row['screen_name'], $_POST['subject'], $_POST['message']);
$swap['lang:message'] = $LANG->line('mbr_good_email');
$swap['css_class'] = 'success';
$DB->query("UPDATE exp_members SET last_email_date = '{$LOC->now}' WHERE member_id = '".$SESS->userdata('member_id')."'");
}
$this->_set_page_title($LANG->line('email_console'));
return $this->_var_swap($this->_load_element('email_user_message'), $swap);
}