/**
* this function shows the email-form
*/
function _mailForm($MailFromName, $MailFrom, $Message, $Check = false)
{
$formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection);
$formMaker->AddForm('contact_formular', '#', $this->_Translation->GetTranslation('send'), $this->_Translation->GetTranslation('contact'), 'post');
$formMaker->AddHiddenInput('contact_formular', 'page', GetPostOrGet('page'));
$formMaker->AddHiddenInput('contact_formular', 'action', 'send');
$formMaker->AddInput('contact_formular', 'contact_mail_from_name', 'text', $this->_Translation->GetTranslation('name'), $this->_Translation->GetTranslation('please_enter_your_name_here') . ' ' . $this->_Translation->GetTranslation('(required)'), $MailFromName);
//Anti-Spam functionality (try to catch bots with a hidden field no (human) user would be able to see it) ;-)
$formMaker->AddInput('contact_formular', 'contact_important_name', 'antispam', 'Important Name', 'This is a very important thing!', '');
if ($Check) {
$formMaker->AddCheck('contact_formular', 'contact_mail_from_name', 'empty', $this->_Translation->GetTranslation('the_name_must_be_indicated'));
}
$formMaker->AddInput('contact_formular', 'contact_mail_from', 'text', $this->_Translation->GetTranslation('email'), $this->_Translation->GetTranslation('please_enter_your_email_here') . ' ' . $this->_Translation->GetTranslation('(required)'), $MailFrom);
if ($Check) {
$formMaker->AddCheck('contact_formular', 'contact_mail_from', 'empty', $this->_Translation->GetTranslation('the_email_must_be_indicated'));
}
if ($Check && $MailFrom != '') {
$formMaker->AddCheck('contact_formular', 'contact_mail_from', 'not_email', $this->_Translation->GetTranslation('this_is_an_invalid_email_address'));
}
$formMaker->AddInput('contact_formular', 'contact_message', 'textarea', $this->_Translation->GetTranslation('message'), $this->_Translation->GetTranslation('please_enter_here_the_message_you_want_to_send') . ' ' . $this->_Translation->GetTranslation('(required)'), $Message);
if ($Check) {
$formMaker->AddCheck('contact_formular', 'contact_message', 'empty', $this->_Translation->GetTranslation('please_enter_your_message'));
}
if ($formMaker->CheckInputs('contact_formular', true) && $Check) {
return '';
}
$template = "\r\n\t\t\t\t</p>" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, $Check) . '<p>';
return $template;
}
/**
* Saves a new 'version' of a Menu by it's ID
* @access private
* @return void
*/
function _CheckMenu()
{
// Get external parameters
$MenuID = GetPostOrGet('menu_id');
$MenuTitle = GetPostOrGet('menu_title');
$MenuName = GetPostOrGet('menu_name');
// Check external parameter
if (is_numeric($MenuID)) {
// Get the data of the menu from the database
$sql = "SELECT *\n\t\t \t\t\t\tFROM " . DB_PREFIX . "menu\n\t\t \t\t\t\tWHERE menu_id='{$MenuID}'";
$menuResult = $this->_SqlConnection->SqlQuery($sql);
$menu = mysql_fetch_object($menuResult);
// Initialize the formmaker class
$formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), &$this->_SqlConnection);
$formMaker->AddForm('check_menu', 'admin.php', $this->_Translation->GetTranslation('save'), $this->_Translation->GetTranslation('new_menu'), 'post');
// Add hiddeninputs to place the backcome of the menu
$formMaker->AddHiddenInput('check_menu', 'page', 'menueditor');
$formMaker->AddHiddenInput('check_menu', 'action', 'check_menu');
$formMaker->AddHiddenInput('check_menu', 'menu_id', $MenuID);
// Add the inputs to the formmaker
$formMaker->AddInput('check_menu', 'menu_title', 'text', $this->_Translation->GetTranslation('menu_title'), $this->_Translation->GetTranslation('type_here_the_title_of_the_menu'), $MenuTitle);
$formMaker->AddCheck('check_menu', 'menu_title', 'empty', $this->_Translation->GetTranslation('you_have_to_define_a_menu_title'));
$formMaker->AddInput('check_menu', 'menu_name', 'text', $this->_Translation->GetTranslation('menu_name'), $this->_Translation->GetTranslation('type_here_the_name_of_the_menu'), $MenuName);
$formMaker->AddCheck('check_menu', 'menu_name', 'empty', $this->_Translation->GetTranslation('you_have_to_define_a_menu_name'));
if ($menu->menu_name != $MenuName) {
$formMaker->AddCheck('check_menu', 'menu_name', 'already_assigned', $this->_Translation->GetTranslation('this_menu_name_is_already_assigned'), '', 'menu', 'menu_name');
}
if ($formMaker->CheckInputs('check_menu', true)) {
// Add menu to the database
$sql = "UPDATE " . DB_PREFIX . "menu\n\t \t\t\t\t\tSET menu_name='{$MenuName}', menu_title='{$MenuTitle}'\n\t \t\t\t\t\tWHERE menu_id='{$MenuID}'";
$this->_SqlConnection->SqlQuery($sql);
// Set user to the HomePage of the usermanager
$template = "\r\n\t\t\t\t" . $this->_HomePage();
return $template;
} else {
// Generate to edit the errors
$template = "\r\n\t\t\t\t" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, true);
return $template;
}
}
}
/**
* Checks the inputs of the user and saves them to the database if they are correct
* @access private
* @return string The template for the correctionspage
*/
function _CheckProfile()
{
// Get external parameters
$UserID = GetPostOrGet('user_id');
// Check wether the actual logged in user is the same that should be edited
if ($UserID == $this->_User->ID) {
// Get the values of the editfields
$UserShowname = GetPostOrGet('user_showname');
$UserName = GetPostOrGet('user_name');
$UserEmail = GetPostOrGet('user_email');
$UserPassword = GetPostOrGet('user_password');
$UserPasswordRepetition = GetPostOrGet('user_password_repetition');
$UserPreferredLanguage = GetPostOrGet('user_preferred_language');
// Get the missing data of the user
$sql = "SELECT user_email\n\t\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\t\tWHERE user_id='{$this->_User->ID}'";
$userResult = $this->_SqlConnection->SqlQuery($sql);
$user = mysql_fetch_object($userResult);
mysql_free_result($userResult);
// Initialize the formmaker class
$formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection);
$formMaker->AddForm('edit_user', 'special.php', $this->_Translation->GetTranslation('save'), $this->_Translation->GetTranslation('user'), 'post');
$formMaker->AddHiddenInput('edit_user', 'page', 'userinterface');
$formMaker->AddHiddenInput('edit_user', 'action', 'check_profile');
$formMaker->AddHiddenInput('edit_user', 'user_id', $UserID);
$formMaker->AddInput('edit_user', 'user_showname', 'text', $this->_Translation->GetTranslation('name'), $this->_Translation->GetTranslation('the_name_that_is_displayed_if_the_user_writes_a_news_for_example'), $UserShowname);
$formMaker->AddCheck('edit_user', 'user_showname', 'empty', $this->_Translation->GetTranslation('the_nickname_must_be_indicated'));
if ($this->_User->Showname != $UserShowname) {
$formMaker->AddCheck('edit_user', 'user_showname', 'already_assigned', $this->_Translation->GetTranslation('the_name_is_already_assigned'), '', 'users', 'user_showname');
}
$formMaker->AddInput('edit_user', 'user_name', 'text', $this->_Translation->GetTranslation('loginname'), $this->_Translation->GetTranslation('with_this_nick_the_user_can_login_so_he_must_not_fill_in_his_long_name'), $UserName);
$formMaker->AddCheck('edit_user', 'user_name', 'empty', $this->_Translation->GetTranslation('the_nickname_must_be_indicated'));
if ($this->_User->Name != $UserName) {
$formMaker->AddCheck('edit_user', 'user_name', 'already_assigned', $this->_Translation->GetTranslation('the_nickname_is_already_assigned'), '', 'users', 'user_name');
}
$formMaker->AddInput('edit_user', 'user_email', 'text', $this->_Translation->GetTranslation('email'), $this->_Translation->GetTranslation('using_the_email_address_the_user_is_contacted_by_the_system'), $UserEmail);
$formMaker->AddCheck('edit_user', 'user_email', 'empty', $this->_Translation->GetTranslation('the_email_address_must_be_indicated'));
$formMaker->AddCheck('edit_user', 'user_email', 'not_email', $this->_Translation->GetTranslation('this_is_not_a_valid_email_address'));
if ($user->user_email != $UserEmail) {
$formMaker->AddCheck('edit_user', 'user_email', 'already_assigned', $this->_Translation->GetTranslation('the_email_is_already_assigned_to_another_user'), '', 'users', 'user_email');
}
$formMaker->AddInput('edit_user', 'user_password', 'password', $this->_Translation->GetTranslation('password'), $this->_Translation->GetTranslation('with_this_password_the_user_can_login_to_restricted_areas'), !empty($UserPassword) ? $UserPassword : '');
$formMaker->AddInput('edit_user', 'user_password_repetition', 'password', $this->_Translation->GetTranslation('password_repetition'), $this->_Translation->GetTranslation('it_is_guaranteed_by_a_repetition_that_the_user_did_not_mistype_during_the_input'), !empty($UserPasswordRepetition) ? $UserPasswordRepetition : '');
if (!empty($UserPassword) || !empty($UserPasswordRepetition)) {
$formMaker->AddCheck('edit_user', 'user_password', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty'));
$formMaker->AddCheck('edit_user', 'user_password', 'not_same_password_value_as', $this->_Translation->GetTranslation('the_password_and_its_repetition_are_unequal'), 'user_password_repetition');
$formMaker->AddCheck('edit_user', 'user_password_repetition', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty'));
}
$formMaker->AddInput('edit_user', 'user_preferred_language', 'select', $this->_Translation->GetTranslation('preferred_language'), $this->_Translation->GetTranslation('this_is_your_preferred_language_of_the_installed_ones'));
// Get all languages installed in the system
$languageFolder = dir(__ROOT__ . "/lang/");
while ($file = $languageFolder->read()) {
// check if the found file is really a language file
if ($file != "." && $file != ".." && strpos($file, 'lang_') === 0 && substr($file, -4) == '.php') {
// extract the pure language name
$file = str_replace('lang_', '', $file);
$file = str_replace('.php', '', $file);
// Check wether the language is the actual one of the user
if ($UserPreferredLanguage == $file) {
$selected = true;
} else {
$selected = false;
}
// Add the found language to the formmaker class
$formMaker->AddSelectEntry('edit_user', 'user_preferred_language', $selected, $file, $this->_Translation->GetTranslation($file));
}
}
// Get custom fields
$sql = "SELECT value.custom_fields_values_value, field.custom_fields_information, field.custom_fields_name, field.custom_fields_title, field.custom_fields_type, field.custom_fields_required\n\t\t\t\t\tFROM (" . DB_PREFIX . "custom_fields field\n\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "custom_fields_values value\n\t\t\t\t\tON field.custom_fields_id = value.custom_fields_values_fieldid)\n\t\t\t\t\tWHERE value.custom_fields_values_userid='{$this->_User->ID}'\n\t\t\t\t\tOR value.custom_fields_values_userid IS NULL";
$customFieldsDataResult = $this->_SqlConnection->SqlQuery($sql);
while ($customFieldsData = mysql_fetch_object($customFieldsDataResult)) {
// Get external value for that field
${$customFieldsData->custom_fields_name} = GetPostOrGet($customFieldsData->custom_fields_name);
// Add input to the formmaker class
$formMaker->AddInput('edit_user', $customFieldsData->custom_fields_name, 'text', $customFieldsData->custom_fields_title, $customFieldsData->custom_fields_information . ($customFieldsData->custom_fields_required == 1 ? ' ' . $this->_Translation->GetTranslation('(required)') : ''), ${$customFieldsData->custom_fields_name});
// Get the type of the field
switch ($customFieldsData->custom_fields_type) {
case 'EMail':
$type = 'not_email';
$text = $this->_Translation->GetTranslation('this_is_not_a_valid_email_address');
break;
case 'ICQ':
$type = 'not_icq';
$text = $this->_Translation->GetTranslation('this_is_not_a_valid_icq_number');
break;
default:
$type = '';
$text = '';
break;
}
// Add necessary checks
if ($customFieldsData->custom_fields_required == 1) {
// Check wether the field has any value
$formMaker->AddCheck('edit_user', $customFieldsData->custom_fields_name, 'empty', sprintf($this->_Translation->GetTranslation('you_have_to_give_a_value_for_the_field_%field%!'), $customFieldsData->custom_fields_title));
// Check wether the field has the necessary value
if (!empty($type) && !empty($text)) {
$formMaker->AddCheck('edit_user', $customFieldsData->custom_fields_name, $type, $text);
}
} else {
if (!empty(${$customFieldsData->custom_fields_name})) {
$formMaker->AddCheck('edit_user', $customFieldsData->custom_fields_name, $type, $text);
}
}
}
if ($formMaker->CheckInputs('edit_user', true)) {
$user_password = !empty($UserPassword) ? ", user_password='******'" : '';
// Update the user in the database
$sql = "UPDATE " . DB_PREFIX . "users\n\t\t\t\t\t\t\tSET user_showname='{$UserShowname}',\n\t\t\t\t\t\t\t\tuser_name='{$UserName}',\n\t\t\t\t\t\t\t\tuser_preferred_language='{$UserPreferredLanguage}',\n\t\t\t\t\t\t\t\tuser_email='{$UserEmail}'{$user_password}\n\t\t\t\t\t\t\tWHERE user_id={$UserID}";
$this->_SqlConnection->SqlQuery($sql);
// Get custom fields
$sql = "SELECT value.custom_fields_values_value, field.custom_fields_name, value.custom_fields_values_id, field.custom_fields_id, value.custom_fields_values_userid\n\t\t\t\t\t\tFROM (" . DB_PREFIX . "custom_fields field\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "custom_fields_values value\n\t\t\t\t\t\tON field.custom_fields_id = value.custom_fields_values_fieldid)\n\t\t\t\t\t\tWHERE value.custom_fields_values_userid='{$this->_User->ID}'\n\t\t\t\t\t\tOR value.custom_fields_values_userid IS NULL";
$customFieldsDataResult = $this->_SqlConnection->SqlQuery($sql);
while ($customFieldsData = mysql_fetch_object($customFieldsDataResult)) {
// Get external value for that field
${$customFieldsData->custom_fields_name} = GetPostOrGet($customFieldsData->custom_fields_name);
if ($customFieldsData->custom_fields_values_userid != '') {
// Update existing entry
$sql = "UPDATE " . DB_PREFIX . "custom_fields_values\n\t\t\t\t\t\t\t\t\tSET custom_fields_values_value='" . ${$customFieldsData->custom_fields_name} . "'\n\t\t\t\t\t\t\t\t\tWHERE custom_fields_values_id='{$customFieldsData->custom_fields_values_id}'";
$this->_SqlConnection->SqlQuery($sql);
} else {
// Insert a new entry into the database
$sql = "INSERT INTO " . DB_PREFIX . "custom_fields_values\n\t\t\t\t\t\t\t\t\t(custom_fields_values_userid, custom_fields_values_fieldid, custom_fields_values_value)\n\t\t\t\t\t\t\t\t\tVALUES ('{$this->_User->ID}', '{$customFieldsData->custom_fields_id}', '" . ${$customFieldsData->custom_fields_name} . "')";
$this->_SqlConnection->SqlQuery($sql);
}
}
// Set user back to userinterface
header('Location: special.php?page=userinterface&lang=' . $UserPreferredLanguage);
die;
} else {
// Generate the template
$template = "\r\n\t\t\t\t" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, true);
return $template;
}
} else {
if ($this->_User->IsAdmin) {
header('Location: admin.php?page=users&action=edit_user&user_id=' . $UserID);
} else {
return $this->_Translation->GetTranslation('you_have_no_right_to_edit_the_profile_of_another_user');
}
}
}
/**
* Checks the administrator inputs
* @access private
* @param string $Language The actual language
* @return void Returns the add administrator page or sets the user back to the database settings
*/
function _CheckAdministrator($Language)
{
// Get external parameters
$Style = GetPostOrGet('style');
$Confirmation = GetPostOrGet('confirmation');
$AdminShowName = GetPostOrGet('admin_showname');
$AdminName = GetPostOrGet('admin_name');
$AdminPassword = GetPostOrGet('admin_password');
$AdminPassword2 = GetPostOrGet('admin_password2');
// Give config variables their default value to prevent PHP Eclipse from warning about a missing variable
$d_server = 'localhost';
$d_pre = 'comacms_';
$d_user = '******';
$d_pw = '';
$d_base = 'comacms';
// Is the database realy Initialized or tries someone to skip the databasesettings?
if ($Confirmation != 'yes') {
header("Location: install.php?page=5&lang={$Language}&style={$Style}&confirmation=yes");
}
// Initialize the FormMaker class
$formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection);
// Add a new form for the admin registration
$formMaker->AddForm('admin_registration', 'install.php', $this->_Translation->GetTranslation('next'), $this->_Translation->GetTranslation('create_administrator'), 'post');
// Add the hidden inputs
$formMaker->AddHiddenInput('admin_registration', 'page', '8');
$formMaker->AddHiddenInput('admin_registration', 'lang', $Language);
$formMaker->AddHiddenInput('admin_registration', 'style', $Style);
$formMaker->AddHiddenInput('admin_registration', 'confirmation', 'yes');
// Add the inputs
$formMaker->AddInput('admin_registration', 'admin_showname', 'text', $this->_Translation->GetTranslation('name'), $this->_Translation->GetTranslation('the_name_that_is_displayed_if_the_user_writes_a_news_for_example'), $AdminShowName);
$formMaker->AddInput('admin_registration', 'admin_name', 'text', $this->_Translation->GetTranslation('loginname'), $this->_Translation->GetTranslation('with_this_nick_the_user_can_login_so_he_must_not_fill_in_his_long_name'), $AdminName);
$formMaker->AddInput('admin_registration', 'admin_password', 'password', $this->_Translation->GetTranslation('password'), $this->_Translation->GetTranslation('with_this_password_the_user_can_login_to_restricted_areas'), $AdminPassword);
$formMaker->AddInput('admin_registration', 'admin_password2', 'password', $this->_Translation->GetTranslation('password_repetition'), $this->_Translation->GetTranslation('it_is_guaranteed_by_a_repetition_that_the_user_did_not_mistype_during_the_input'), $AdminPassword2);
// Add the checks for the formular
$formMaker->AddCheck('admin_registration', 'admin_showname', 'empty', $this->_Translation->GetTranslation('the_name_must_be_indicated'));
$formMaker->AddCheck('admin_registration', 'admin_name', 'empty', $this->_Translation->GetTranslation('the_nickname_must_be_indicated'));
$formMaker->AddCheck('admin_registration', 'admin_password', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty'));
$formMaker->AddCheck('admin_registration', 'admin_password', 'not_same_password_value_as', $this->_Translation->GetTranslation('the_password_and_its_repetition_are_unequal'), 'admin_password2');
$formMaker->AddCheck('admin_registration', 'admin_password2', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty'));
// Check the form and generate errorinformations
$ok = $formMaker->CheckInputs('admin_registration', true);
// If everything is ok
if ($ok && $Confirmation == 'yes') {
include __ROOT__ . '/config.php';
$sql = "INSERT INTO {$d_pre}users (user_name, user_showname, user_password, user_registerdate, user_admin, user_activated)\n\t\t\t\t\t\tVALUES ('{$AdminName}', '{$AdminShowName}', '" . md5($AdminPassword) . "', '" . mktime() . "', 1, 1);\n\t\t\t\t\t\tINSERT INTO {$d_pre}config (config_name, config_value)\n\t\t\t\t\t\tVALUES ('install_date', '" . mktime() . "');\n\t\t\t\t\t\tINSERT INTO {$d_pre}config (config_name, config_value)\n\t\t\t\t\t\tVALUES ('style', '{$Style}');\n\t\t\t\t\t\tINSERT INTO {$d_pre}pages (page_lang, page_access, page_name, page_title, page_parent_id, page_creator, page_type, page_date, page_edit_comment)\n\t\t\t\t\t\tVALUES('{$Language}', 'public', 'home', '" . $this->_Translation->GetTranslation('homepage') . "', 0, 1, 'text', " . mktime() . ", 'Installed the Homepage');";
$this->_SqlConnection = new Sql($d_user, $d_pw, $d_server);
$this->_SqlConnection->Connect($d_base);
$this->_SqlConnection->SqlExecMultiple($sql);
$lastid = mysql_insert_id();
$sql = "INSERT INTO {$d_pre}pages_text (page_id, text_page_text,text_page_html)\n\t\t\t\t\t\tVALUES ({$lastid}, '" . $this->_Translation->GetTranslation('welcome_to_this_homepage') . "', '" . $this->_Translation->GetTranslation('welcome_to_this_homepage') . "')";
$this->_SqlConnection->SqlQuery($sql);
// Lead on to the next page
header("Location: install.php?page=9&lang={$Language}&style={$Style}");
die;
} else {
// Generate template
$template = "\r\n\t\t\t\t" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, true);
return $template;
}
}
