case 1:
if ($config['language_dir_default'] != $config['language_dir']) {
$activation_url .= "&l=" . $config['language_dir'];
}
$user_details_url = "";
$email_to = $user_email;
$email_subject = $lang['update_email_emailsubject'];
$email_template = "newemail_activation";
$new_email_msg = $lang['update_email_instruction'];
break;
case 0:
default:
break;
}
if (!empty($email_to)) {
$site_email->set_to($email_to);
$site_email->set_subject($email_subject);
$site_email->register_vars(array("user_details_url" => $user_details_url, "activation_url" => $activation_url, "user_name" => $user_info['user_name'], "site_name" => $config['site_name']));
$site_email->set_body($email_template, $config['language_dir']);
$site_email->send_email();
}
} else {
$msg = $lang['general_error'];
$error = 1;
}
}
if (!$error) {
$additional_sql = "";
if (!empty($additional_user_fields)) {
$table_fields = $site_db->get_table_fields(USERS_TABLE);
foreach ($additional_user_fields as $key => $val) {
show_error_page($lang['no_permission']);
exit;
}
$activationkey = trim($HTTP_GET_VARS['activationkey']);
$sql = "SELECT " . get_user_table_field("", "user_name") . get_user_table_field(", ", "user_email") . get_user_table_field(", ", "user_activationkey") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'";
$row = $site_db->query_firstrow($sql);
if (!$row) {
$msg = $lang['invalid_activationkey'];
} else {
$sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_level") . " = " . USER . "\n WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'";
$site_db->query($sql);
$msg = $lang['activation_success'];
if ($config['account_activation'] == 2) {
include ROOT_PATH . 'includes/email.php';
$site_email = new Email();
$site_email->set_to($row[$user_table_fields['user_email']]);
$site_email->set_subject($lang['activation_success_emailsubject']);
$site_email->register_vars(array("user_name" => $row[$user_table_fields['user_name']], "site_name" => $config['site_name']));
$site_email->set_body("activation_success", $config['language_dir']);
$site_email->send_email();
}
}
}
}
//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
$clickstream = "<span class=\"clickstream\"><a href=\"" . $site_sess->url(ROOT_PATH . "index.php") . "\" class=\"clickstream\">" . $lang['home'] . "</a>" . $config['category_separator'] . $lang['register'] . "</span>";
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$subject = stripslashes(trim($HTTP_POST_VARS['subject']));
$message = stripslashes(trim($HTTP_POST_VARS['message']));
if ($subject == "") {
$error['subject'] = 1;
}
if ($message == "") {
$error['message'] = 1;
}
if (!isset($HTTP_POST_VARS['emails']) || empty($HTTP_POST_VARS['emails'])) {
$error['emails'] = 1;
}
if (empty($error)) {
@set_time_limit(1200);
include ROOT_PATH . 'includes/email.php';
$site_email = new Email();
$site_email->set_to($config['site_email']);
$site_email->set_subject($subject);
$site_email->register_vars(array("message" => $message, "site_email" => $config['site_email'], "site_name" => $config['site_name']));
$site_email->set_body("admin_email", $config['language_dir']);
$emails = $HTTP_POST_VARS['emails'];
$site_email->set_bcc($emails);
echo $site_email->send_email() ? $lang['send_emails_success'] : $lang['send_emails_error'];
echo "<p>";
show_text_link($lang['back'], "javascript:history.back(1)");
} else {
$msg = sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']);
$action = "emailusers";
}
}
if ($action == "emailusers") {
if ($msg != "") {
$user_lastaction = $user_lastaction != "" ? "UNIX_TIMESTAMP('{$user_lastaction}')" : time();
$additional_sql = "";
if (!empty($additional_user_fields)) {
$table_fields = $site_db->get_table_fields(USERS_TABLE);
foreach ($additional_user_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
$additional_sql .= ", {$key} = '" . un_htmlspecialchars(trim($HTTP_POST_VARS[$key])) . "'";
}
}
}
$sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_level") . " = {$user_level}, " . get_user_table_field("", "user_name") . " = '{$user_name}',{$passinsert} " . get_user_table_field("", "user_email") . " = '{$user_email}', " . get_user_table_field("", "user_showemail") . " = {$user_showemail}, " . get_user_table_field("", "user_allowemails") . " = {$user_allowemails}, " . get_user_table_field("", "user_invisible") . " = {$user_invisible}, " . get_user_table_field("", "user_joindate") . " = {$user_joindate}, " . get_user_table_field("", "user_lastaction") . " = {$user_lastaction}, " . get_user_table_field("", "user_homepage") . " = '{$user_homepage}', " . get_user_table_field("", "user_icq") . " = '{$user_icq}'" . $additional_sql . "\n WHERE " . get_user_table_field("", "user_id") . " = {$user_id}";
$result = $site_db->query($sql);
if ($result && $config['account_activation'] == 2 && $activation && $user_level != USER_AWAITING) {
include ROOT_PATH . 'includes/email.php';
$site_email = new Email();
$site_email->set_to($user_email);
$site_email->set_subject($lang['activation_success_emailsubject']);
$site_email->register_vars(array("user_name" => $user_name, "site_name" => $config['site_name']));
$site_email->set_body("activation_success", $config['language_dir']);
$site_email->send_email();
}
$msg = $result ? $lang['user_edit_success'] : $lang['user_edit_error'];
} else {
$msg .= sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']);
}
$action = "edituser";
}
if ($action == "edituser") {
if ($msg != "") {
printf("<b>%s</b>\n", $msg);
}
$captcha = isset($HTTP_POST_VARS['captcha']) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";
$back_url = !empty($HTTP_POST_VARS['back_url']) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['back_url']))) : $site_sess->url(ROOT_PATH . "index.php", "&");
$postcard_id = get_random_key(POSTCARDS_TABLE, "postcard_id");
$current_time = time();
if ($captcha_enable_postcards && !captcha_validate($captcha)) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required'];
$action = "previewcard";
$main_template = "postcard_preview";
} else {
$sql = "INSERT INTO " . POSTCARDS_TABLE . "\n (postcard_id, image_id, postcard_date, postcard_bg_color, postcard_border_color, postcard_font_color, postcard_font_face, postcard_sender_name, postcard_sender_email, postcard_recipient_name, postcard_recipient_email, postcard_headline, postcard_message)\n VALUES\n ('{$postcard_id}', {$image_id}, {$current_time}, '{$bg_color}', '{$border_color}', '{$font_color}', '{$font_face}', '{$sender_name}', '{$sender_email}', '{$recipient_name}', '{$recipient_email}', '{$headline}', '{$message}')";
$result = $site_db->query($sql);
if ($result) {
$postcard_url = $script_url . "/postcards.php?" . URL_POSTCARD_ID . "=" . $postcard_id;
include ROOT_PATH . 'includes/email.php';
$site_email = new Email();
$site_email->set_to(stripslashes($recipient_email));
$site_email->set_from(stripslashes($sender_email), stripslashes($sender_name));
$site_email->set_subject($lang['send_postcard_emailsubject']);
$site_email->register_vars(array("sender_name" => stripslashes($sender_name), "sender_email" => stripslashes($sender_email), "recipient_name" => stripslashes($recipient_name), "postcard_url" => stripslashes($postcard_url), "postcard_send_date" => format_date($config['date_format'] . " " . $config['time_format'], $current_time), "site_name" => $config['site_name']));
$site_email->set_body("postcard_message", $config['language_dir']);
$site_email->send_email();
$msg .= $lang['send_postcard_success'];
$msg .= "<br /><a href=\"" . $back_url . "\">" . $lang['back_to_gallery'] . "</a>";
$action = "showcard";
} else {
$msg = $lang['general_error'];
$action = "previewcard";
$main_template = "postcard_preview";
}
}
}
/**
* reset a password for a given username (email)
* and returns new generated password
*
* @param string username (email)
*
* @return string new generated password
*
* @access public
*
* @author patrick.kracht, thorsten.moll
*/
public function passwd()
{
if (isset($_POST["LoginUsername"])) {
$username = trim($_POST["LoginUsername"]);
if (empty($username)) {
throw new Exception("Sie haben keine Emailadresse angegeben!", 303);
}
} else {
throw new Exception("Sie haben keine Emailadresse angegeben!", 303);
}
// check, if user with md5-pass exists in database
$query = "SELECT mid, firstname, lastname FROM tr_users WHERE email = '{$username}';";
$result = $_SESSION[$_SESSION["_SqlType"]]->query_first($query);
// only if one hit
if (!isset($result["mid"])) {
throw new Exception("Die Emailadresse '{$username}' ist mir unbekannt!", 304);
} else {
$passwd = $this->generate_password();
$passmd5 = md5($passwd);
$query = "UPDATE tr_users SET password = '******' WHERE email = '{$username}';";
$_SESSION[$_SESSION["_SqlType"]]->query($query);
$count = $_SESSION[$_SESSION["_SqlType"]]->affected_rows();
// successful updated database
if ($count == 1) {
$tpl = "passwd.email.html";
$email = new Email(array($tpl, "Sie haben Ihr Passwort vergessen?"));
$email->set_sender("*****@*****.**", "Webmaster");
$email->set_to($username, $result["firstname"] . " " . $result["lastname"]);
$email->assign($tpl, "{{URL}}", "http://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["SCRIPT_NAME"]) . "/");
$email->assign($tpl, "{{USER}}", $username);
$email->assign($tpl, "{{PASS}}", $passwd);
if ($email->send()) {
throw new Exception("Es wurde ein neues Passwort an '{$username}' geschickt!", 305);
} else {
throw new Exception("Die Email konnte nicht gesendet werden! Wir arbeiten daran...", 306);
}
} else {
throw new Exception("Es gab Probleme mit der Datenbank! Wir arbeiten daran...", 307);
}
}
}
