/**
* reminder post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Reminder
* @author Henry Ruhs
*/
function reminder_post()
{
$emailValidator = new Redaxscript\Validator\Email();
$captchaValidator = new Redaxscript\Validator\Captcha();
/* clean post */
if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/reminder'] == 'visited') {
$email = clean($_POST['email'], 3);
$task = $_POST['task'];
$solution = $_POST['solution'];
}
/* validate post */
if ($email == '') {
$error = l('email_empty');
} else {
if ($emailValidator->validate($email) == Redaxscript\Validator\Validator::FAILED) {
$error = l('email_incorrect');
} else {
if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\Validator::FAILED) {
$error = l('captcha_incorrect');
} else {
if (retrieve('id', 'users', 'email', $email) == '') {
$error = l('email_unknown');
} else {
/* query users */
$query = 'SELECT id, user, password FROM ' . PREFIX . 'users WHERE email = \'' . $email . '\' && status = 1';
$result = mysql_query($query);
if ($result) {
while ($r = mysql_fetch_assoc($result)) {
if ($r) {
foreach ($r as $key => $value) {
${$key} = stripslashes($value);
}
}
/* send reminder information */
$passwordResetRoute = ROOT . '/' . REWRITE_ROUTE . 'password_reset/' . $id . '/' . $password;
$passwordResetLink = anchor_element('external', '', '', $passwordResetRoute, $passwordResetRoute);
$toArray = array(s('author') => s('email'));
$fromArray = array($name => $email);
$subject = l('reminder');
$bodyArray = array('<strong>' . l('user') . l('colon') . '</strong> ' . $user, '<br />', '<strong>' . l('password_reset') . l('colon') . '</strong> ' . $passwordResetLink);
/* mailer object */
$mailer = new Redaxscript\Mailer($toArray, $fromArray, $subject, $bodyArray);
$mailer->send();
}
}
}
}
}
}
/* handle error */
if ($error) {
if (s('blocker') == 1) {
$_SESSION[ROOT . '/attack_blocked']++;
}
notification(l('error_occurred'), $error, l('back'), 'reminder');
} else {
notification(l('operation_completed'), l('reminder_sent'), l('login'), 'login');
}
$_SESSION[ROOT . '/reminder'] = '';
}
/**
* reminder post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Reminder
* @author Henry Ruhs
*/
function reminder_post()
{
$emailValidator = new Redaxscript\Validator\Email();
$captchaValidator = new Redaxscript\Validator\Captcha();
/* clean post */
if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/reminder'] == 'visited') {
$email = clean($_POST['email'], 3);
$task = $_POST['task'];
$solution = $_POST['solution'];
}
/* validate post */
if ($email == '') {
$error = l('email_empty');
} else {
if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('email_incorrect');
} else {
if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('captcha_incorrect');
} else {
if (Redaxscript\Db::forTablePrefix('users')->where('email', $email)->findOne()->id == '') {
$error = l('email_unknown');
} else {
/* query users */
$result = Redaxscript\Db::forTablePrefix('users')->where(array('email' => $email, 'status' => 1))->findArray();
if ($result) {
foreach ($result as $r) {
if ($r) {
foreach ($r as $key => $value) {
${$key} = stripslashes($value);
}
}
/* send reminder information */
$passwordResetRoute = ROOT . '/' . REWRITE_ROUTE . 'password_reset/' . $id . '/' . sha1($password);
$passwordResetLink = anchor_element('external', '', '', $passwordResetRoute, $passwordResetRoute);
$toArray = array(s('author') => s('email'));
$fromArray = array($name => $email);
$subject = l('reminder');
$bodyArray = array('<strong>' . l('user') . l('colon') . '</strong> ' . $user, '<br />', '<strong>' . l('password_reset') . l('colon') . '</strong> ' . $passwordResetLink);
/* mailer object */
$mailer = new Redaxscript\Mailer();
$mailer->init($toArray, $fromArray, $subject, $bodyArray);
$mailer->send();
}
}
}
}
}
}
/* handle error */
if ($error) {
if (s('blocker') == 1) {
$_SESSION[ROOT . '/attack_blocked']++;
}
notification(l('error_occurred'), $error, l('back'), 'reminder');
} else {
notification(l('operation_completed'), l('reminder_sent'), l('login'), 'login');
}
$_SESSION[ROOT . '/reminder'] = '';
}
/**
* check install
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Install
* @author Henry Ruhs
*
* @return integer
*/
function check_install()
{
global $name, $user, $password, $email;
$registry = Redaxscript\Registry::getInstance();
$loginValidator = new Redaxscript\Validator\Login();
$emailValidator = new Redaxscript\Validator\Email();
if ($_POST['install_post'] && $registry->get('dbStatus') && $name && $loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::PASSED && $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::PASSED && $emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::PASSED) {
$output = 1;
} else {
$output = 0;
}
return $output;
}
/**
* login post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Login
* @author Henry Ruhs
*/
function login_post()
{
$passwordValidator = new Redaxscript\Validator\Password();
$loginValidator = new Redaxscript\Validator\Login();
$emailValidator = new Redaxscript\Validator\Email();
$captchaValidator = new Redaxscript\Validator\Captcha();
/* clean post */
if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/login'] == 'visited') {
$post_user = $_POST['user'];
$post_password = $_POST['password'];
$task = $_POST['task'];
$solution = $_POST['solution'];
$login_by_email = 0;
$users = Redaxscript\Db::forTablePrefix('users');
if ($emailValidator->validate($post_user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$post_user = clean($post_user, 0);
$users->where('user', $post_user);
} else {
$post_user = clean($post_user, 3);
$login_by_email = 1;
$users->where('email', $post_user);
}
$users_result = $users->findArray();
foreach ($users_result as $r) {
foreach ($r as $key => $value) {
$key = 'my_' . $key;
${$key} = stripslashes($value);
}
}
}
/* validate post */
if ($post_user == '') {
$error = l('user_empty');
} else {
if ($post_password == '') {
$error = l('password_empty');
} else {
if ($login_by_email == 0 && $loginValidator->validate($post_user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('user_incorrect');
} else {
if ($login_by_email == 1 && $emailValidator->validate($post_user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('email_incorrect');
} else {
if ($passwordValidator->validate($post_password, $my_password) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('password_incorrect');
} else {
if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('captcha_incorrect');
} else {
if ($my_id == '') {
$error = l('login_incorrect');
} else {
if ($my_status == 0) {
$error = l('access_no');
} else {
/* setup login session */
$_SESSION[ROOT . '/logged_in'] = TOKEN;
$_SESSION[ROOT . '/my_id'] = $my_id;
$_SESSION[ROOT . '/my_name'] = $my_name;
$_SESSION[ROOT . '/my_user'] = $my_user;
$_SESSION[ROOT . '/my_email'] = $my_email;
if (file_exists('languages/' . $my_language . '.php')) {
$_SESSION[ROOT . '/language'] = $my_language;
$_SESSION[ROOT . '/language_selected'] = 1;
}
$_SESSION[ROOT . '/my_groups'] = $my_groups;
/* query groups */
$groups_result = Redaxscript\Db::forTablePrefix('groups')->whereIdIn(explode(',', $my_groups))->where('status', 1)->findArray();
if ($groups_result) {
$num_rows = count($groups_result);
foreach ($groups_result as $r) {
if ($r) {
foreach ($r as $key => $value) {
$key = 'groups_' . $key;
${$key} .= stripslashes($value);
if (++$counter < $num_rows) {
${$key} .= ', ';
}
}
}
}
}
/* setup access session */
$access_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users');
foreach ($access_array as $value) {
$groups_value = 'groups_' . $value;
$position_new = strpos(${$groups_value}, '1');
$position_edit = strpos(${$groups_value}, '2');
$position_delete = strpos(${$groups_value}, '3');
$_SESSION[ROOT . '/' . $value . '_delete'] = $_SESSION[ROOT . '/' . $value . '_edit'] = $_SESSION[ROOT . '/' . $value . '_new'] = 0;
if ($position_new > -1) {
$_SESSION[ROOT . '/' . $value . '_new'] = 1;
}
if ($position_edit > -1) {
$_SESSION[ROOT . '/' . $value . '_edit'] = 1;
}
if ($position_delete > -1) {
$_SESSION[ROOT . '/' . $value . '_delete'] = 1;
}
}
$position_modules_install = strpos($groups_modules, '1');
$position_modules_edit = strpos($groups_modules, '2');
$position_modules_uninstall = strpos($groups_modules, '3');
$position_settings_edit = strpos($groups_settings, '1');
$position_filter = strpos($groups_filter, '0');
$_SESSION[ROOT . '/filter'] = 1;
$_SESSION[ROOT . '/settings_edit'] = $_SESSION[ROOT . '/modules_uninstall'] = $_SESSION[ROOT . '/modules_edit'] = $_SESSION[ROOT . '/modules_install'] = 0;
if ($position_modules_install > -1) {
$_SESSION[ROOT . '/modules_install'] = 1;
}
if ($position_modules_edit > -1) {
$_SESSION[ROOT . '/modules_edit'] = 1;
}
if ($position_modules_uninstall > -1) {
$_SESSION[ROOT . '/modules_uninstall'] = 1;
}
if ($position_settings_edit > -1) {
$_SESSION[ROOT . '/settings_edit'] = 1;
}
if ($position_filter > -1) {
$_SESSION[ROOT . '/filter'] = 0;
}
$_SESSION[ROOT . '/update'] = NOW;
}
}
}
}
}
}
}
}
/* handle error */
if ($error) {
if (s('blocker') == 1) {
$_SESSION[ROOT . '/attack_blocked']++;
}
notification(l('error_occurred'), $error, l('back'), 'login');
} else {
notification(l('welcome'), l('logged_in'), l('continue'), 'admin');
}
$_SESSION[ROOT . '/login'] = '';
}
/**
* comment post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Comments
* @author Henry Ruhs
*/
function comment_post()
{
$emailValidator = new Redaxscript\Validator\Email();
$captchaValidator = new Redaxscript\Validator\Captcha();
$urlValidator = new Redaxscript\Validator\Url();
/* clean post */
if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/comment'] == 'visited') {
$author = $r['author'] = clean($_POST['author'], 0);
$email = $r['email'] = clean($_POST['email'], 3);
$url = $r['url'] = clean($_POST['url'], 4);
$text = break_up($_POST['text']);
$text = $r['text'] = clean($text, 1);
$r['language'] = clean($_POST['language'], 0);
$r['date'] = clean($_POST['date'], 5);
$article = $r['article'] = clean($_POST['article'], 0);
$r['rank'] = Redaxscript\Db::forTablePrefix('comments')->max('rank') + 1;
$r['access'] = Redaxscript\Db::forTablePrefix('articles')->whereIdIs($article)->access;
if ($r['access'] == '') {
$r['access'] = null;
}
$task = $_POST['task'];
$solution = $_POST['solution'];
$route = build_route('articles', $article);
}
/* validate post */
if ($author == '') {
$error = l('author_empty');
} else {
if ($email == '') {
$error = l('email_empty');
} else {
if ($text == '') {
$error = l('comment_empty');
} else {
if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('email_incorrect');
} else {
if ($url && $urlValidator->validate($url) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('url_incorrect');
} else {
if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('captcha_incorrect');
} else {
if (COMMENTS_NEW == 0 && s('moderation') == 1) {
$r['status'] = 0;
$success = l('comment_moderation');
} else {
$r['status'] = 1;
$success = l('comment_sent');
}
/* send comment notification */
if (s('notification') == 1) {
/* prepare body parts */
$emailLink = anchor_element('email', '', '', $email);
if ($url) {
$urlLink = anchor_element('external', '', '', $url);
}
$articleRoute = ROOT . '/' . REWRITE_ROUTE . $route;
$articleLink = anchor_element('external', '', '', $articleRoute, $articleRoute);
/* prepare mail inputs */
$toArray = array(s('author') => s('email'));
$fromArray = array($author => $email);
$subject = l('comment_new');
$bodyArray = array('<strong>' . l('author') . l('colon') . '</strong> ' . $author, '<br />', '<strong>' . l('email') . l('colon') . '</strong> ' . $emailLink, '<br />', '<strong>' . l('url') . l('colon') . '</strong> ' . $urlLink, '<br />', '<strong>' . l('article') . l('colon') . '</strong> ' . $articleLink, '<br />', '<br />', '<strong>' . l('comment') . l('colon') . '</strong> ' . $text);
/* mailer object */
$mailer = new Redaxscript\Mailer();
$mailer->init($toArray, $fromArray, $subject, $bodyArray);
$mailer->send();
}
/* create comment */
Redaxscript\Db::forTablePrefix('comments')->create()->set($r)->save();
}
}
}
}
}
}
/* handle error */
if ($error) {
if (s('blocker') == 1) {
$_SESSION[ROOT . '/attack_blocked']++;
}
notification(l('error_occurred'), $error, l('back'), $route);
} else {
notification(l('operation_completed'), $success, l('continue'), $route);
}
$_SESSION[ROOT . '/comment'] = '';
}
/**
* admin process
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Admin
* @author Henry Ruhs
*/
function admin_process()
{
$aliasValidator = new Redaxscript\Validator\Alias();
$loginValidator = new Redaxscript\Validator\Login();
$specialFilter = new Redaxscript\Filter\Special();
/* clean post */
switch (TABLE_PARAMETER) {
/* categories */
case 'categories':
$parent = $r['parent'] = clean($_POST['parent'], 0);
/* articles */
/* articles */
case 'articles':
$r['keywords'] = clean($_POST['keywords'], 5);
$r['template'] = clean($_POST['template'], 0);
/* extras */
/* extras */
case 'extras':
$title = $r['title'] = clean($_POST['title'], 5);
if (TABLE_PARAMETER != 'categories') {
$r['headline'] = clean($_POST['headline'], 0);
}
$r['sibling'] = clean($_POST['sibling'], 0);
/* comments */
/* comments */
case 'comments':
if (TABLE_PARAMETER == 'comments') {
$r['url'] = clean($_POST['url'], 4);
}
$author = $r['author'] = clean($_POST['author'], 0);
if (TABLE_PARAMETER != 'categories') {
$text = $r['text'] = clean($_POST['text'], 1);
$date = $_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day'] . ' ' . $_POST['hour'] . ':' . $_POST['minute'] . ':00';
$date = $r['date'] = clean($date, 5);
}
$rank = $r['rank'] = clean($_POST['rank'], 0);
/* groups */
/* groups */
case 'groups':
if (TABLE_PARAMETER != 'comments') {
$alias = $r['alias'] = clean($_POST['alias'], 2);
}
/* users */
/* users */
case 'users':
if (TABLE_PARAMETER != 'groups') {
$language = $r['language'] = clean($_POST['language'], 0);
}
/* modules */
/* modules */
case 'modules':
$alias = clean($_POST['alias'], 2);
$status = $r['status'] = clean($_POST['status'], 0);
if (TABLE_PARAMETER != 'groups' && TABLE_PARAMETER != 'users' && GROUPS_EDIT == 1) {
$access = array_map(array($specialFilter, 'sanitize'), $_POST['access']);
$access = array_map('clean', $access);
$access_string = implode(', ', $access);
if ($access_string == '') {
$access_string = null;
}
$access = $r['access'] = $access_string;
}
if (TABLE_PARAMETER != 'extras' && TABLE_PARAMETER != 'comments') {
$r['description'] = clean($_POST['description'], 5);
}
$token = $_POST['token'];
break;
}
/* clean contents post */
if (TABLE_PARAMETER == 'articles') {
$r['infoline'] = clean($_POST['infoline'], 0);
$comments = $r['comments'] = clean($_POST['comments'], 0);
if ($category && ID_PARAMETER == '') {
$status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status;
}
}
if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras') {
$category = $r['category'] = clean($_POST['category'], 0);
}
if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') {
if ($date > NOW) {
$status = $r['status'] = 2;
} else {
$date = $r['date'] = NOW;
}
}
if (TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') {
$article = $r['article'] = clean($_POST['article'], 0);
}
if (TABLE_PARAMETER == 'comments' && ID_PARAMETER == '') {
$status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status;
}
if (TABLE_PARAMETER == 'comments' || TABLE_PARAMETER == 'users') {
$email = $r['email'] = clean($_POST['email'], 3);
}
/* clean groups post */
if (TABLE_PARAMETER == 'groups' && (ID_PARAMETER == '' || ID_PARAMETER > 1)) {
$groups_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules');
foreach ($groups_array as $value) {
${$value} = array_map(array($specialFilter, 'sanitize'), $_POST[$value]);
${$value} = array_map('clean', ${$value});
$groups_string = implode(', ', ${$value});
if ($groups_string == '') {
$groups_string = 0;
}
$r[$value] = $groups_string;
}
$r['settings'] = clean($_POST['settings'], 0);
$r['filter'] = clean($_POST['filter'], 0);
}
if ((TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users') && ID_PARAMETER == 1) {
$status = $r['status'] = 1;
}
if (TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users' || TABLE_PARAMETER == 'modules') {
$name = $r['name'] = clean($_POST['name'], 0);
}
/* clean users post */
if (TABLE_PARAMETER == 'users') {
if ($_POST['user']) {
$user = $r['user'] = clean($_POST['user'], 0);
} else {
$user = $r['user'] = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->user;
}
$password_check = $password_confirm = 1;
if ($_POST['edit'] && $_POST['password'] == '' && $_POST['password_confirm'] == '' || $_POST['delete']) {
$password_check = 0;
}
if ($_POST['password'] != $_POST['password_confirm']) {
$password_confirm = 0;
}
$password = clean($_POST['password'], 0);
if ($password_check == 1 && $password_confirm == 1) {
$passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance());
$passwordHash->init($password);
$r['password'] = $passwordHash->getHash();
}
if ($_POST['new']) {
$r['first'] = $r['last'] = NOW;
}
if (ID_PARAMETER == '' || ID_PARAMETER > 1) {
$groups = array_map(array($specialFilter, 'sanitize'), $_POST['groups']);
$groups = array_map('clean', $groups);
$groups_string = implode(', ', $groups);
if ($groups_string == '') {
$groups_string = 0;
}
$groups = $r['groups'] = $groups_string;
}
}
$r_keys = array_keys($r);
$last = end($r_keys);
/* validate post */
switch (TABLE_PARAMETER) {
/* contents */
case 'categories':
case 'articles':
case 'extras':
if ($title == '') {
$error = l('title_empty');
} else {
$title_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->title;
$id_title = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('title', $title)->findOne()->id;
}
if ($id_title && strcasecmp($title_id, $title) < 0) {
$error = l('title_exists');
}
if (TABLE_PARAMETER == 'categories') {
$opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id;
}
if (TABLE_PARAMETER == 'articles') {
$opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id;
}
if ($opponent_id) {
$error = l('alias_exists');
}
if (TABLE_PARAMETER != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) {
$error = l('alias_incorrect');
}
/* groups */
/* groups */
case 'groups':
if ($alias == '') {
$error = l('alias_empty');
} else {
$alias_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->alias;
$id_alias = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('alias', $alias)->findOne()->id;
}
if ($id_alias && strcasecmp($alias_id, $alias) < 0) {
$error = l('alias_exists');
}
}
/* validate general post */
switch (TABLE_PARAMETER) {
case 'articles':
case 'extras':
case 'comments':
if ($text == '') {
$error = l('text_empty');
}
break;
case 'groups':
case 'users':
case 'modules':
if ($name == '') {
$error = l('name_empty');
}
break;
}
/* validate users post */
if (TABLE_PARAMETER == 'users') {
if ($user == '') {
$error = l('user_incorrect');
} else {
$user_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->user;
$id_user = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('user', $user)->findOne()->id;
}
if ($id_user && strcasecmp($user_id, $user) < 0) {
$error = l('user_exists');
}
if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('user_incorrect');
}
if ($password_check == 1) {
if ($password == '') {
$error = l('password_empty');
}
if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('password_incorrect');
}
}
}
/* validate last post */
$emailValidator = new Redaxscript\Validator\Email();
switch (TABLE_PARAMETER) {
case 'comments':
if ($author == '') {
$error = l('author_empty');
}
case 'users':
if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('email_incorrect');
}
}
$route = 'admin';
/* handle error */
if ($error) {
if (ID_PARAMETER == '') {
$route .= '/new/' . TABLE_PARAMETER;
} else {
$route .= '/edit/' . TABLE_PARAMETER . '/' . ID_PARAMETER;
}
notification(l('error_occurred'), $error, l('back'), $route);
return;
} else {
if (TABLE_EDIT == 1 || TABLE_DELETE == 1) {
$route .= '/view/' . TABLE_PARAMETER;
if ($alias) {
$route .= '#' . $alias;
} else {
if ($user) {
$route .= '#' . $user;
}
}
}
}
/* process */
switch (true) {
/* query new */
case $_POST['new']:
Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save();
notification(l('operation_completed'), '', l('continue'), $route);
return;
/* query edit */
/* query edit */
case $_POST['edit']:
Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save();
/* query categories */
if (TABLE_PARAMETER == 'categories') {
$categoryChildren = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('parent', ID_PARAMETER);
$categoryArray = array_merge($categoryChildren->findArrayFlat(), array(ID_PARAMETER));
$articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray);
$articleArray = $articleChildren->findArrayFlat();
if (count($articleArray) > 0) {
Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(array('status' => $status, 'access' => $access))->save();
}
$categoryChildren->findMany()->set(array('status' => $status, 'access' => $access))->save();
$articleChildren->findMany()->set(array('status' => $status, 'access' => $access))->save();
}
/* query articles */
if (TABLE_PARAMETER == 'articles') {
if ($comments == 0) {
$status = 0;
}
Redaxscript\Db::forTablePrefix('comments')->where('article', ID_PARAMETER)->findMany()->set(array('status' => $status, 'access' => $access))->save();
}
if (USERS_EXCEPTION == 1) {
$_SESSION[ROOT . '/my_name'] = $name;
$_SESSION[ROOT . '/my_email'] = $email;
if (file_exists('languages/' . $language . '.php')) {
$_SESSION[ROOT . '/language'] = $language;
$_SESSION[ROOT . '/language_selected'] = 1;
}
}
notification(l('operation_completed'), '', l('continue'), $route);
return;
}
}
/**
* admin process
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Admin
* @author Henry Ruhs
*/
function admin_process()
{
$aliasValidator = new Redaxscript\Validator\Alias();
$loginValidator = new Redaxscript\Validator\Login();
/* clean post */
switch (TABLE_PARAMETER) {
/* categories */
case 'categories':
$parent = $r['parent'] = clean($_POST['parent'], 0);
/* articles */
/* articles */
case 'articles':
$r['keywords'] = clean($_POST['keywords'], 1);
$r['template'] = clean($_POST['template'], 0);
/* extras */
/* extras */
case 'extras':
$title = $r['title'] = clean($_POST['title'], 1);
if (TABLE_PARAMETER != 'categories') {
$r['headline'] = clean($_POST['headline'], 0);
}
/* comments */
/* comments */
case 'comments':
if (TABLE_PARAMETER == 'comments') {
$r['url'] = clean($_POST['url'], 4);
}
$author = $r['author'] = clean($_POST['author'], 0);
if (TABLE_PARAMETER != 'categories') {
$text = $r['text'] = clean($_POST['text'], 1);
$date = $_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day'] . ' ' . $_POST['hour'] . ':' . $_POST['minute'] . ':00';
$date = $r['date'] = clean($date, 1);
}
$rank = $r['rank'] = clean($_POST['rank'], 0);
/* groups */
/* groups */
case 'groups':
if (TABLE_PARAMETER != 'comments') {
$alias = $r['alias'] = clean($_POST['alias'], 2);
}
/* users */
/* users */
case 'users':
if (TABLE_PARAMETER != 'groups') {
$language = $r['language'] = clean($_POST['language'], 0);
}
/* modules */
/* modules */
case 'modules':
$alias = clean($_POST['alias'], 2);
$status = $r['status'] = clean($_POST['status'], 0);
if (TABLE_PARAMETER != 'groups' && TABLE_PARAMETER != 'users' && GROUPS_EDIT == 1) {
$access = array_map('clean_special', $_POST['access']);
$access = array_map('clean_mysql', $access);
$access_string = implode(', ', $access);
if ($access_string == '') {
$access_string = 0;
}
$access = $r['access'] = $access_string;
}
if (TABLE_PARAMETER != 'extras' && TABLE_PARAMETER != 'comments') {
$r['description'] = clean($_POST['description'], 1);
}
$token = $_POST['token'];
break;
}
/* clean contents post */
if (TABLE_PARAMETER == 'articles') {
$r['infoline'] = clean($_POST['infoline'], 0);
$comments = $r['comments'] = clean($_POST['comments'], 0);
if ($category && ID_PARAMETER == '') {
$status = $r['status'] = retrieve('status', 'categories', 'id', $category);
}
}
if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras') {
$category = $r['category'] = clean($_POST['category'], 0);
}
if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') {
if ($date > NOW) {
$status = $r['status'] = 2;
} else {
$date = $r['date'] = NOW;
}
}
if (TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') {
$article = $r['article'] = clean($_POST['article'], 0);
}
if (TABLE_PARAMETER == 'comments' && ID_PARAMETER == '') {
$status = $r['status'] = retrieve('status', 'articles', 'id', $article);
}
if (TABLE_PARAMETER == 'comments' || TABLE_PARAMETER == 'users') {
$email = $r['email'] = clean($_POST['email'], 3);
}
/* clean groups post */
if (TABLE_PARAMETER == 'groups' && (ID_PARAMETER == '' || ID_PARAMETER > 1)) {
$groups_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules');
foreach ($groups_array as $value) {
${$value} = array_map('clean_special', $_POST[$value]);
${$value} = array_map('clean_mysql', ${$value});
$groups_string = implode(', ', ${$value});
if ($groups_string == '') {
$groups_string = 0;
}
$r[$value] = $groups_string;
}
$r['settings'] = clean($_POST['settings'], 0);
$r['filter'] = clean($_POST['filter'], 0);
}
if ((TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users') && ID_PARAMETER == 1) {
$status = $r['status'] = 1;
}
if (TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users' || TABLE_PARAMETER == 'modules') {
$name = $r['name'] = clean($_POST['name'], 0);
}
/* clean users post */
if (TABLE_PARAMETER == 'users') {
$user = $r['user'] = clean($_POST['user'], 0);
$password_check = $password_confirm = 1;
if ($_POST['edit'] && $_POST['password'] == '' && $_POST['password_confirm'] == '' || $_POST['delete']) {
$password_check = 0;
}
if ($_POST['password'] != $_POST['password_confirm']) {
$password_confirm = 0;
}
$password = clean($_POST['password'], 0);
if ($password_check == 1 && $password_confirm == 1) {
$r['password'] = sha1($password) . SALT;
}
if ($_POST['new']) {
$r['first'] = $r['last'] = NOW;
}
if (ID_PARAMETER == '' || ID_PARAMETER > 1) {
$groups = array_map('clean_special', $_POST['groups']);
$groups = array_map('clean_mysql', $groups);
$groups_string = implode(', ', $groups);
if ($groups_string == '') {
$groups_string = 0;
}
$groups = $r['groups'] = $groups_string;
}
}
$r_keys = array_keys($r);
$last = end($r_keys);
/* validate post */
switch (TABLE_PARAMETER) {
/* contents */
case 'categories':
case 'articles':
case 'extras':
if ($title == '') {
$error = l('title_empty');
} else {
$title_id = retrieve('title', TABLE_PARAMETER, 'id', ID_PARAMETER);
$id_title = retrieve('id', TABLE_PARAMETER, 'title', $title);
}
if ($id_title && strcasecmp($title_id, $title) < 0) {
$error = l('title_exists');
}
if (TABLE_PARAMETER == 'categories') {
$opponent_id = retrieve('id', 'articles', 'alias', $alias);
}
if (TABLE_PARAMETER == 'articles') {
$opponent_id = retrieve('id', 'categories', 'alias', $alias);
}
if ($opponent_id) {
$error = l('alias_exists');
}
if (TABLE_PARAMETER != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\Validator::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\Validator::PASSED) {
$error = l('alias_incorrect');
}
/* groups */
/* groups */
case 'groups':
if ($alias == '') {
$error = l('alias_empty');
} else {
$alias_id = retrieve('alias', TABLE_PARAMETER, 'id', ID_PARAMETER);
$id_alias = retrieve('id', TABLE_PARAMETER, 'alias', $alias);
}
if ($id_alias && strcasecmp($alias_id, $alias) < 0) {
$error = l('alias_exists');
}
}
/* validate general post */
switch (TABLE_PARAMETER) {
case 'articles':
case 'extras':
case 'comments':
if ($text == '') {
$error = l('text_empty');
}
break;
case 'groups':
case 'users':
case 'modules':
if ($name == '') {
$error = l('name_empty');
}
break;
}
/* validate users post */
if (TABLE_PARAMETER == 'users') {
if ($user == '') {
$error = l('user_incorrect');
} else {
$user_id = retrieve('user', TABLE_PARAMETER, 'id', ID_PARAMETER);
$id_user = retrieve('id', TABLE_PARAMETER, 'user', $user);
}
if ($id_user && strcasecmp($user_id, $user) < 0) {
$error = l('user_exists');
}
if ($loginValidator->validate($user) == Redaxscript\Validator\Validator::FAILED) {
$error = l('user_incorrect');
}
if ($password_check == 1) {
if ($password == '') {
$error = l('password_empty');
}
if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\Validator::FAILED) {
$error = l('password_incorrect');
}
}
}
/* validate last post */
$emailValidator = new Redaxscript\Validator\Email();
switch (TABLE_PARAMETER) {
case 'comments':
if ($author == '') {
$error = l('author_empty');
}
case 'users':
if ($emailValidator->validate($email) == Redaxscript\Validator\Validator::FAILED) {
$error = l('email_incorrect');
}
}
$route = 'admin';
/* handle error */
if ($error) {
if (ID_PARAMETER == '') {
$route .= '/new/' . TABLE_PARAMETER;
} else {
$route .= '/edit/' . TABLE_PARAMETER . '/' . ID_PARAMETER;
}
notification(l('error_occurred'), $error, l('back'), $route);
return null;
} else {
if (TABLE_EDIT == 1 || TABLE_DELETE == 1) {
$route .= '/view/' . TABLE_PARAMETER;
if ($alias) {
$route .= '#' . $alias;
} else {
if ($user) {
$route .= '#' . $user;
}
}
}
}
/* process */
switch (true) {
/* query new */
case $_POST['new']:
foreach ($r as $key => $value) {
$key_string .= $key;
$value_string .= '\'' . $value . '\'';
if ($last != $key) {
$key_string .= ', ';
$value_string .= ', ';
}
}
$general_insert_query = 'INSERT INTO ' . PREFIX . TABLE_PARAMETER . ' (' . $key_string . ') VALUES (' . $value_string . ')';
mysql_query($general_insert_query);
notification(l('operation_completed'), '', l('continue'), $route);
return null;
/* query edit */
/* query edit */
case $_POST['edit']:
foreach ($r as $key => $value) {
$set_string .= $key . ' = \'' . $value . '\'';
if ($last != $key) {
$set_string .= ', ';
}
}
$general_update_query = 'UPDATE ' . PREFIX . TABLE_PARAMETER . ' SET ' . $set_string . ' WHERE id = ' . ID_PARAMETER . ' LIMIT 1';
/* categories */
if (TABLE_PARAMETER == 'categories') {
$categories_string = admin_children('categories', ID_PARAMETER, 0);
$categories_children_string = admin_children('categories', ID_PARAMETER, 2);
$categories_update_query = 'UPDATE ' . PREFIX . 'categories SET status = ' . $status . ', access = \'' . $access . '\' WHERE id IN (' . $categories_string . ')';
$articles_update_query = 'UPDATE ' . PREFIX . 'articles SET status = ' . $status . ', access = \'' . $access . '\' WHERE category IN (' . $categories_string . ')';
$comments_update_query = 'UPDATE ' . PREFIX . 'comments SET status = ' . $status . ', access = \'' . $access . '\' WHERE article IN (' . $categories_children_string . ')';
mysql_query($categories_update_query);
mysql_query($articles_update_query);
}
/* articles */
if (TABLE_PARAMETER == 'articles') {
if ($comments == 0) {
$status = 0;
}
$comments_update_query = 'UPDATE ' . PREFIX . 'comments SET status = ' . $status . ', access = \'' . $access . '\' WHERE article = ' . ID_PARAMETER;
}
/* general */
mysql_query($general_update_query);
if ($comments_update_query) {
mysql_query($comments_update_query);
}
if (USERS_EXCEPTION == 1) {
$_SESSION[ROOT . '/my_name'] = $name;
$_SESSION[ROOT . '/my_email'] = $email;
if (file_exists('languages/' . $language . '.php')) {
$_SESSION[ROOT . '/language'] = $language;
$_SESSION[ROOT . '/language_selected'] = 1;
}
}
notification(l('operation_completed'), '', l('continue'), $route);
return null;
}
}
/**
* admin process
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Admin
* @author Henry Ruhs
*/
function admin_process()
{
$aliasFilter = new Redaxscript\Filter\Alias();
$emailFilter = new Redaxscript\Filter\Email();
$urlFilter = new Redaxscript\Filter\Url();
$htmlFilter = new Redaxscript\Filter\Html();
$aliasValidator = new Redaxscript\Validator\Alias();
$loginValidator = new Redaxscript\Validator\Login();
$specialFilter = new Redaxscript\Filter\Special();
$messenger = new Redaxscript\Admin\Messenger(Redaxscript\Registry::getInstance());
$filter = Redaxscript\Registry::get('filter');
$tableParameter = Redaxscript\Registry::get('tableParameter');
$idParameter = Redaxscript\Registry::get('idParameter');
/* clean post */
switch ($tableParameter) {
/* categories */
case 'categories':
$parent = $r['parent'] = $specialFilter->sanitize($_POST['parent']);
/* articles */
/* articles */
case 'articles':
$r['keywords'] = $_POST['keywords'];
$r['robots'] = $specialFilter->sanitize($_POST['robots']);
$r['template'] = $specialFilter->sanitize($_POST['template']);
/* extras */
/* extras */
case 'extras':
$title = $r['title'] = $_POST['title'];
if ($tableParameter != 'categories') {
$r['headline'] = $specialFilter->sanitize($_POST['headline']);
}
$r['sibling'] = $specialFilter->sanitize($_POST['sibling']);
$author = $r['author'] = Redaxscript\Registry::get('myUser');
/* comments */
/* comments */
case 'comments':
if ($tableParameter == 'comments') {
$r['url'] = $urlFilter->sanitize($_POST['url']);
$author = $r['author'] = $_POST['author'];
}
if ($tableParameter != 'categories') {
$text = $r['text'] = $filter ? $htmlFilter->sanitize($_POST['text']) : $_POST['text'];
$date = $r['date'] = $_POST['date'];
}
$rank = $r['rank'] = $specialFilter->sanitize($_POST['rank']);
/* groups */
/* groups */
case 'groups':
if ($tableParameter != 'comments') {
$alias = $r['alias'] = $aliasFilter->sanitize($_POST['alias']);
}
/* users */
/* users */
case 'users':
if ($tableParameter != 'groups') {
$language = $r['language'] = $specialFilter->sanitize($_POST['language']);
}
/* modules */
/* modules */
case 'modules':
$alias = $aliasFilter->sanitize($_POST['alias']);
$status = $r['status'] = $specialFilter->sanitize($_POST['status']);
if ($tableParameter != 'groups' && $tableParameter != 'users' && Redaxscript\Registry::get('groupsEdit')) {
$access = array_map([$specialFilter, 'sanitize'], $_POST['access']);
$access_string = implode(', ', $access);
if (!$access_string) {
$access_string = null;
}
$access = $r['access'] = $access_string;
}
if ($tableParameter != 'extras' && $tableParameter != 'comments') {
$r['description'] = $_POST['description'];
}
$token = $_POST['token'];
break;
}
/* clean contents post */
if ($tableParameter == 'articles') {
$r['byline'] = $specialFilter->sanitize($_POST['byline']);
$comments = $r['comments'] = $specialFilter->sanitize($_POST['comments']);
if ($category && !$idParameter) {
$status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status;
}
}
if ($tableParameter == 'articles' || $tableParameter == 'extras') {
$category = $r['category'] = $specialFilter->sanitize($_POST['category']);
}
if ($tableParameter == 'articles' || $tableParameter == 'extras' || $tableParameter == 'comments') {
if ($date > Redaxscript\Registry::get('now')) {
$status = $r['status'] = 2;
}
if (!$date) {
$r['date'] = Redaxscript\Registry::get('now');
}
}
if ($tableParameter == 'extras' || $tableParameter == 'comments') {
$article = $r['article'] = $specialFilter->sanitize($_POST['article']);
}
if ($tableParameter == 'comments' && !$idParameter) {
$status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status;
}
if ($tableParameter == 'comments' || $tableParameter == 'users') {
$email = $r['email'] = $emailFilter->sanitize($_POST['email']);
}
/* clean groups post */
if ($tableParameter == 'groups' && (!$idParameter || $idParameter > 1)) {
$groups_array = ['categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules'];
foreach ($groups_array as $value) {
${$value} = array_map([$specialFilter, 'sanitize'], $_POST[$value]);
$groups_string = implode(', ', ${$value});
if (!$groups_string) {
$groups_string = 0;
}
$r[$value] = $groups_string;
}
$r['settings'] = $specialFilter->sanitize($_POST['settings']);
$r['filter'] = $specialFilter->sanitize($_POST['filter']);
}
if (($tableParameter == 'groups' || $tableParameter == 'users') && $idParameter == 1) {
$status = $r['status'] = 1;
}
if ($tableParameter == 'groups' || $tableParameter == 'users' || $tableParameter == 'modules') {
$name = $r['name'] = $specialFilter->sanitize($_POST['name']);
}
/* clean users post */
if ($tableParameter == 'users') {
if ($_POST['user']) {
$user = $r['user'] = $specialFilter->sanitize($_POST['user']);
} else {
$user = $r['user'] = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user;
}
$password_check = $password_confirm = 1;
if ($_POST['edit'] && !$_POST['password'] && !$_POST['password_confirm'] || $_POST['delete']) {
$password_check = 0;
}
if ($_POST['password'] != $_POST['password_confirm']) {
$password_confirm = 0;
}
$password = $specialFilter->sanitize($_POST['password']);
if ($password_check == 1 && $password_confirm == 1) {
$passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance());
$passwordHash->init($password);
$r['password'] = $passwordHash->getHash();
}
if ($_POST['new']) {
$r['first'] = $r['last'] = Redaxscript\Registry::get('now');
}
if (!$idParameter || $idParameter > 1) {
$groups = array_map([$specialFilter, 'sanitize'], $_POST['groups']);
$groups_string = implode(', ', $groups);
if (!$groups_string) {
$groups_string = 0;
}
$groups = $r['groups'] = $groups_string;
}
}
$r_keys = array_keys($r);
$last = end($r_keys);
/* validate post */
switch ($tableParameter) {
/* contents */
case 'categories':
case 'articles':
case 'extras':
if (!$title) {
$error = Redaxscript\Language::get('title_empty');
}
if ($tableParameter == 'categories') {
$opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id;
}
if ($tableParameter == 'articles') {
$opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id;
}
if ($opponent_id) {
$error = Redaxscript\Language::get('alias_exists');
}
if ($tableParameter != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) {
$error = Redaxscript\Language::get('alias_incorrect');
}
/* groups */
/* groups */
case 'groups':
if (!$alias) {
$error = Redaxscript\Language::get('alias_empty');
} else {
$alias_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->alias;
$id_alias = Redaxscript\Db::forTablePrefix($tableParameter)->where('alias', $alias)->findOne()->id;
}
if ($id_alias && strcasecmp($alias_id, $alias) < 0) {
$error = Redaxscript\Language::get('alias_exists');
}
}
/* validate general post */
switch ($tableParameter) {
case 'articles':
case 'extras':
case 'comments':
if (!$text) {
$error = Redaxscript\Language::get('text_empty');
}
break;
case 'groups':
case 'users':
case 'modules':
if (!$name) {
$error = Redaxscript\Language::get('name_empty');
}
break;
}
/* validate users post */
if ($tableParameter == 'users') {
if (!$user) {
$error = Redaxscript\Language::get('user_incorrect');
} else {
$user_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user;
$id_user = Redaxscript\Db::forTablePrefix($tableParameter)->where('user', $user)->findOne()->id;
}
if ($id_user && strcasecmp($user_id, $user) < 0) {
$error = Redaxscript\Language::get('user_exists');
}
if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = Redaxscript\Language::get('user_incorrect');
}
if ($password_check == 1) {
if (!$password) {
$error = Redaxscript\Language::get('password_empty');
}
if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = Redaxscript\Language::get('password_incorrect');
}
}
}
/* validate last post */
$emailValidator = new Redaxscript\Validator\Email();
switch ($tableParameter) {
case 'comments':
if (!$author) {
$error = Redaxscript\Language::get('author_empty');
}
case 'users':
if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = Redaxscript\Language::get('email_incorrect');
}
}
$route = 'admin';
/* handle error */
if ($error) {
if (!$idParameter) {
$route .= '/new/' . $tableParameter;
} else {
$route .= '/edit/' . $tableParameter . '/' . $idParameter;
}
/* show error */
echo $messenger->setRoute(Redaxscript\Language::get('back'), $route)->error($error, Redaxscript\Language::get('error_occurred'));
return;
} else {
if (Redaxscript\Registry::get('tableEdit') == 1 || Redaxscript\Registry::get('tableEdit') == 1) {
$route .= '/view/' . $tableParameter;
if ($alias) {
$route .= '#' . $alias;
} else {
if ($user) {
$route .= '#' . $user;
}
}
}
}
/* select to null */
foreach ($r as $key => $value) {
if ($value == 'select') {
$r[$key] = null;
}
}
/* process */
switch (true) {
/* query new */
case $_POST['new']:
Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save();
/* show success */
echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed'));
return;
/* query edit */
/* query edit */
case $_POST['edit']:
Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save();
/* query categories */
if ($tableParameter == 'categories') {
$categoryChildren = Redaxscript\Db::forTablePrefix($tableParameter)->where('parent', $idParameter);
$categoryArray = array_merge($categoryChildren->findFlatArray(), [$idParameter]);
$articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray);
$articleArray = $articleChildren->findFlatArray();
if (count($articleArray) > 0) {
Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(['status' => $status, 'access' => $access])->save();
}
$categoryChildren->findMany()->set(['status' => $status, 'access' => $access])->save();
$articleChildren->findMany()->set(['status' => $status, 'access' => $access])->save();
}
/* query articles */
if ($tableParameter == 'articles') {
if ($comments == 0) {
$status = 0;
}
Redaxscript\Db::forTablePrefix('comments')->where('article', $idParameter)->findMany()->set(['status' => $status, 'access' => $access])->save();
}
if ($tableParameter == 'users' && $idParameter == Redaxscript\Registry::get('myId')) {
$auth = new Redaxscript\Auth(Redaxscript\Request::getInstance());
$auth->init();
$auth->setUser('name', $name);
$auth->setUser('email', $email);
$auth->setUser('language', $language);
$auth->save();
Redaxscript\Request::setSession('language', $language);
}
/* show success */
echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed'));
return;
}
}
/**
* login post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Login
* @author Henry Ruhs
*/
function login_post()
{
$loginValidator = new Redaxscript\Validator\Login();
$emailValidator = new Redaxscript\Validator\Email();
$captchaValidator = new Redaxscript\Validator\Captcha();
/* clean post */
if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/login'] == 'visited') {
$post_user = $_POST['user'];
$post_password = $_POST['password'];
$task = $_POST['task'];
$solution = $_POST['solution'];
$login_by_email = 0;
$users_query = 'SELECT id, name, user, email, password, language, status, groups FROM ' . PREFIX . 'users ';
if ($emailValidator->validate($post_user) == Redaxscript\Validator\Validator::FAILED) {
$post_user = clean($post_user, 0);
$users_query .= 'WHERE user = \'' . $post_user . '\' LIMIT 1';
} else {
$post_user = clean($post_user, 3);
$login_by_email = 1;
$users_query .= 'WHERE email = \'' . $post_user . '\' LIMIT 1';
}
$users_result = mysql_query($users_query);
while ($r = mysql_fetch_assoc($users_result)) {
foreach ($r as $key => $value) {
$key = 'my_' . $key;
${$key} = stripslashes($value);
}
}
}
/* validate post */
if ($post_user == '') {
$error = l('user_empty');
} else {
if ($post_password == '') {
$error = l('password_empty');
} else {
if ($login_by_email == 0 && $loginValidator->validate($post_user) == Redaxscript\Validator\Validator::FAILED) {
$error = l('user_incorrect');
} else {
if ($login_by_email == 1 && $emailValidator->validate($post_user) == Redaxscript\Validator\Validator::FAILED) {
$error = l('email_incorrect');
} else {
if ($loginValidator->validate($post_password) == Redaxscript\Validator\Validator::FAILED) {
$error = l('password_incorrect');
} else {
if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\Validator::FAILED) {
$error = l('captcha_incorrect');
} else {
if ($my_id == '' || md5($post_password) . SALT != $my_password && sha1($post_password) . SALT != $my_password) {
$error = l('login_incorrect');
} else {
if ($my_status == 0) {
$error = l('access_no');
} else {
/* setup login session */
$_SESSION[ROOT . '/logged_in'] = TOKEN;
$_SESSION[ROOT . '/my_id'] = $my_id;
$_SESSION[ROOT . '/my_name'] = $my_name;
$_SESSION[ROOT . '/my_user'] = $my_user;
$_SESSION[ROOT . '/my_email'] = $my_email;
if (file_exists('languages/' . $my_language . '.php')) {
$_SESSION[ROOT . '/language'] = $my_language;
$_SESSION[ROOT . '/language_selected'] = 1;
}
$_SESSION[ROOT . '/my_groups'] = $my_groups;
/* query groups */
$groups_query = 'SELECT categories, articles, extras, comments, groups, users, modules, settings, filter FROM ' . PREFIX . 'groups WHERE id IN (' . $my_groups . ') && status = 1';
$groups_result = mysql_query($groups_query);
if ($groups_result) {
$num_rows = mysql_num_rows($groups_result);
while ($r = mysql_fetch_assoc($groups_result)) {
if ($r) {
foreach ($r as $key => $value) {
$key = 'groups_' . $key;
${$key} .= stripslashes($value);
if (++$counter < $num_rows) {
${$key} .= ', ';
}
}
}
}
}
/* setup access session */
$access_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users');
foreach ($access_array as $value) {
$groups_value = 'groups_' . $value;
$position_new = strpos(${$groups_value}, '1');
$position_edit = strpos(${$groups_value}, '2');
$position_delete = strpos(${$groups_value}, '3');
$_SESSION[ROOT . '/' . $value . '_delete'] = $_SESSION[ROOT . '/' . $value . '_edit'] = $_SESSION[ROOT . '/' . $value . '_new'] = 0;
if ($position_new > -1) {
$_SESSION[ROOT . '/' . $value . '_new'] = 1;
}
if ($position_edit > -1) {
$_SESSION[ROOT . '/' . $value . '_edit'] = 1;
}
if ($position_delete > -1) {
$_SESSION[ROOT . '/' . $value . '_delete'] = 1;
}
}
$position_modules_install = strpos($groups_modules, '1');
$position_modules_edit = strpos($groups_modules, '2');
$position_modules_uninstall = strpos($groups_modules, '3');
$position_settings_edit = strpos($groups_settings, '1');
$position_filter = strpos($groups_filter, '0');
$_SESSION[ROOT . '/filter'] = 1;
$_SESSION[ROOT . '/settings_edit'] = $_SESSION[ROOT . '/modules_uninstall'] = $_SESSION[ROOT . '/modules_edit'] = $_SESSION[ROOT . '/modules_install'] = 0;
if ($position_modules_install > -1) {
$_SESSION[ROOT . '/modules_install'] = 1;
}
if ($position_modules_edit > -1) {
$_SESSION[ROOT . '/modules_edit'] = 1;
}
if ($position_modules_uninstall > -1) {
$_SESSION[ROOT . '/modules_uninstall'] = 1;
}
if ($position_settings_edit > -1) {
$_SESSION[ROOT . '/settings_edit'] = 1;
}
if ($position_filter > -1) {
$_SESSION[ROOT . '/filter'] = 0;
}
$_SESSION[ROOT . '/update'] = NOW;
}
}
}
}
}
}
}
}
/* handle error */
if ($error) {
if (s('blocker') == 1) {
$_SESSION[ROOT . '/attack_blocked']++;
}
notification(l('error_occurred'), $error, l('back'), 'login');
} else {
notification(l('welcome'), l('logged_in'), l('continue'), 'admin');
}
$_SESSION[ROOT . '/login'] = '';
}
/**
* registration post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Registration
* @author Henry Ruhs
*/
function registration_post()
{
/* clean post */
if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/registration'] == 'visited') {
$name = $r['name'] = clean($_POST['name'], 0);
$user = $r['user'] = clean($_POST['user'], 0);
$email = $r['email'] = clean($_POST['email'], 3);
$password = substr(sha1(uniqid()), 0, 10);
$passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance());
$passwordHash->init($password);
$r['password'] = $passwordHash->getHash();
$r['description'] = '';
$r['language'] = Redaxscript\Registry::get('language');
$r['first'] = $r['last'] = NOW;
$r['groups'] = Redaxscript\Db::forTablePrefix('groups')->where('alias', 'members')->findOne()->id;
if ($r['groups'] == '') {
$r['groups'] = 0;
}
$task = $_POST['task'];
$solution = $_POST['solution'];
}
/* validate post */
$loginValidator = new Redaxscript\Validator\Login();
$emailValidator = new Redaxscript\Validator\Email();
$captchaValidator = new Redaxscript\Validator\Captcha();
if ($name == '') {
$error = l('name_empty');
} else {
if ($user == '') {
$error = l('user_empty');
} else {
if ($email == '') {
$error = l('email_empty');
} else {
if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('user_incorrect');
} else {
if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('email_incorrect');
} else {
if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('captcha_incorrect');
} else {
if (Redaxscript\Db::forTablePrefix('users')->where('user', $user)->findOne()->id) {
$error = l('user_exists');
} else {
if (USERS_NEW == 0 && s('verification') == 1) {
$r['status'] = 0;
$success = l('registration_verification');
} else {
$r['status'] = 1;
$success = l('registration_sent');
}
/* send login information */
$loginRoute = ROOT . '/' . REWRITE_ROUTE . 'login';
$loginLink = anchor_element('external', '', '', $loginRoute, $loginRoute);
$toArray = array($name => $email);
if (s('notification') == 1) {
$toArray[s('author')] = s('email');
}
$fromArray = array($author => $email);
$subject = l('registration');
$bodyArray = array('<strong>' . l('name') . l('colon') . '</strong> ' . $name, '<br />', '<strong>' . l('user') . l('colon') . '</strong> ' . $user, '<br />', '<strong>' . l('password') . l('colon') . '</strong> ' . $password, '<br />', '<strong>' . l('login') . l('colon') . '<strong> ' . $loginLink);
/* mailer object */
$mailer = new Redaxscript\Mailer();
$mailer->init($toArray, $fromArray, $subject, $bodyArray);
$mailer->send();
/* create user */
Redaxscript\Db::forTablePrefix('users')->create()->set($r)->save();
}
}
}
}
}
}
}
/* handle error */
if ($error) {
if (s('blocker') == 1) {
$_SESSION[ROOT . '/attack_blocked']++;
}
notification(l('error_occurred'), $error, l('back'), 'registration');
} else {
notification(l('operation_completed'), $success, l('login'), 'login');
}
$_SESSION[ROOT . '/registration'] = '';
}
/**
* contact post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Modules
* @author Henry Ruhs
*/
function contact_post()
{
$emailValidator = new Redaxscript\Validator\Email();
$captchaValidator = new Redaxscript\Validator\Captcha();
$urlValidator = new Redaxscript\Validator\Url();
/* clean post */
if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/contact'] == 'visited') {
$author = clean($_POST['author'], 0);
$email = clean($_POST['email'], 3);
$url = clean($_POST['url'], 4);
$text = break_up($_POST['text']);
$text = clean($text, 1);
$task = $_POST['task'];
$solution = $_POST['solution'];
}
/* validate post */
if ($author == '') {
$error = l('author_empty');
} else {
if ($email == '') {
$error = l('email_empty');
} else {
if ($text == '') {
$error = l('message_empty');
} else {
if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('email_incorrect');
} else {
if ($url && $urlValidator->validate($url) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('url_incorrect');
} else {
if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) {
$error = l('captcha_incorrect');
} else {
/* prepare body parts */
$emailLink = anchor_element('email', '', '', $email, $email);
if ($url) {
$urlLink = anchor_element('external', '', '', $url, $url);
}
/* prepare mail inputs */
$toArray = array(s('author') => s('email'));
$fromArray = array($author => $email);
$subject = l('contact');
$bodyArray = array('<strong>' . l('author') . l('colon') . '</strong> ' . $author, '<br />', '<strong>' . l('email') . l('colon') . '</strong> ' . $emailLink, '<br />', '<strong>' . l('url') . l('colon') . '</strong> ' . $urlLink, '<br />', '<br />', '<strong>' . l('message') . l('colon') . '</strong> ' . $text);
/* mailer object */
$mailer = new Redaxscript\Mailer();
$mailer->init($toArray, $fromArray, $subject, $bodyArray);
$mailer->send();
}
}
}
}
}
}
/* handle error */
if ($error) {
if (s('blocker') == 1) {
$_SESSION[ROOT . '/attack_blocked']++;
}
notification(l('error_occurred'), $error, l('home'), ROOT);
} else {
notification(l('operation_completed'), l('message_sent', '_contact'), l('home'), ROOT);
}
$_SESSION[ROOT . '/contact'] = '';
}
function check_install()
{
global $name, $user, $password, $email;
$loginValidator = new Redaxscript\Validator\Login();
$emailValidator = new Redaxscript\Validator\Email();
if ($_POST['install_post'] && DB_CONNECTED == 1 && $name && $loginValidator->validate($user) == Redaxscript\Validator\Validator::PASSED && $loginValidator->validate($password) == Redaxscript\Validator\Validator::PASSED && $emailValidator->validate($email) == Redaxscript\Validator\Validator::PASSED) {
$output = 1;
} else {
$output = 0;
}
return $output;
}
/**
* registration post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Registration
* @author Henry Ruhs
*/
function registration_post()
{
/* clean post */
if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/registration'] == 'visited') {
$name = $r['name'] = clean($_POST['name'], 0);
$user = $r['user'] = clean($_POST['user'], 0);
$email = $r['email'] = clean($_POST['email'], 3);
$password = hash_generator(10);
$r['password'] = sha1($password) . SALT;
$r['description'] = '';
$r['language'] = LANGUAGE;
$r['first'] = $r['last'] = NOW;
$r['groups'] = retrieve('id', 'groups', 'alias', 'members');
if ($r['groups'] == '') {
$r['groups'] = 0;
}
$task = $_POST['task'];
$solution = $_POST['solution'];
}
/* validate post */
$loginValidator = new Redaxscript\Validator\Login();
$emailValidator = new Redaxscript\Validator\Email();
$captchaValidator = new Redaxscript\Validator\Captcha();
if ($name == '') {
$error = l('name_empty');
} else {
if ($user == '') {
$error = l('user_empty');
} else {
if ($email == '') {
$error = l('email_empty');
} else {
if ($loginValidator->validate($user) == Redaxscript\Validator\Validator::FAILED) {
$error = l('user_incorrect');
} else {
if ($emailValidator->validate($email) == Redaxscript\Validator\Validator::FAILED) {
$error = l('email_incorrect');
} else {
if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\Validator::FAILED) {
$error = l('captcha_incorrect');
} else {
if (retrieve('id', 'users', 'user', $user)) {
$error = l('user_exists');
} else {
if (USERS_NEW == 0 && s('verification') == 1) {
$r['status'] = 0;
$success = l('registration_verification');
} else {
$r['status'] = 1;
$success = l('registration_sent');
}
/* send login information */
$loginRoute = ROOT . '/' . REWRITE_ROUTE . 'login';
$loginLink = anchor_element('external', '', '', $loginRoute, $loginRoute);
$toArray = array($name => $email);
if (s('notification') == 1) {
$toArray[s('author')] = s('email');
}
$fromArray = array($author => $email);
$subject = l('registration');
$bodyArray = array('<strong>' . l('name') . l('colon') . '</strong> ' . $name . ' (' . MY_IP . ')', '<strong>' . l('user') . l('colon') . '</strong> ' . $user, '<strong>' . l('password') . l('colon') . '</strong> ' . $password, '<br />', '<strong>' . l('login') . l('colon') . '<strong> ' . $loginLink);
/* mailer object */
$mailer = new Redaxscript\Mailer($toArray, $fromArray, $subject, $bodyArray);
$mailer->send();
/* build key and value strings */
$r_keys = array_keys($r);
$last = end($r_keys);
foreach ($r as $key => $value) {
$key_string .= $key;
$value_string .= '\'' . $value . '\'';
if ($last != $key) {
$key_string .= ', ';
$value_string .= ', ';
}
}
/* insert user */
$query = 'INSERT INTO ' . PREFIX . 'users (' . $key_string . ') VALUES (' . $value_string . ')';
mysql_query($query);
}
}
}
}
}
}
}
/* handle error */
if ($error) {
if (s('blocker') == 1) {
$_SESSION[ROOT . '/attack_blocked']++;
}
notification(l('error_occurred'), $error, l('back'), 'registration');
} else {
notification(l('operation_completed'), $success, l('login'), 'login');
}
$_SESSION[ROOT . '/registration'] = '';
}
/**
* comment post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Comments
* @author Henry Ruhs
*/
function comment_post()
{
$emailValidator = new Redaxscript\Validator\Email();
$captchaValidator = new Redaxscript\Validator\Captcha();
$urlValidator = new Redaxscript\Validator\Url();
/* clean post */
if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/comment'] == 'visited') {
$author = $r['author'] = clean($_POST['author'], 0);
$email = $r['email'] = clean($_POST['email'], 3);
$url = $r['url'] = clean($_POST['url'], 4);
$text = break_up($_POST['text']);
$text = $r['text'] = clean($text, 1);
$r['language'] = clean($_POST['language'], 0);
$r['date'] = clean($_POST['date'], 1);
$article = $r['article'] = clean($_POST['article'], 0);
$r['rank'] = query_plumb('rank', 'comments', 'max') + 1;
$r['access'] = clean($_POST['access'], 0);
if ($r['access'] == '') {
$r['access'] = 0;
}
$task = $_POST['task'];
$solution = $_POST['solution'];
$route = build_route('articles', $article);
}
/* validate post */
if ($author == '') {
$error = l('author_empty');
} else {
if ($email == '') {
$error = l('email_empty');
} else {
if ($text == '') {
$error = l('comment_empty');
} else {
if ($emailValidator->validate($email) == Redaxscript\Validator\Validator::FAILED) {
$error = l('email_incorrect');
} else {
if ($url && $urlValidator->validate($url) == Redaxscript\Validator\Validator::FAILED) {
$error = l('url_incorrect');
} else {
if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\Validator::FAILED) {
$error = l('captcha_incorrect');
} else {
if (COMMENTS_NEW == 0 && s('moderation') == 1) {
$r['status'] = 0;
$success = l('comment_moderation');
} else {
$r['status'] = 1;
$success = l('comment_sent');
}
/* send comment notification */
if (s('notification') == 1) {
/* prepare body parts */
$emailLink = anchor_element('email', '', '', $email);
if ($url) {
$urlLink = anchor_element('external', '', '', $url);
}
$articleRoute = ROOT . '/' . REWRITE_ROUTE . $route;
$articleLink = anchor_element('external', '', '', $articleRoute, $articleRoute);
/* prepare mail inputs */
$toArray = array(s('author') => s('email'));
$fromArray = array($author => $email);
$subject = l('comment_new');
$bodyArray = array('<strong>' . l('author') . l('colon') . '</strong> ' . $author . ' (' . MY_IP . ')', '<strong>' . l('email') . l('colon') . '</strong> ' . $emailLink, '<strong>' . l('url') . l('colon') . '</strong> ' . $urlLink, '<br />', '<strong>' . l('comment') . l('colon') . '</strong> ' . $text, '<br />', '<strong>' . l('article') . l('colon') . '</strong> ' . $articleLink);
/* mailer object */
$mailer = new Redaxscript\Mailer($toArray, $fromArray, $subject, $bodyArray);
$mailer->send();
}
/* build key and value strings */
$r_keys = array_keys($r);
$last = end($r_keys);
foreach ($r as $key => $value) {
$key_string .= $key;
$value_string .= '\'' . $value . '\'';
if ($last != $key) {
$key_string .= ', ';
$value_string .= ', ';
}
}
/* insert comment */
$query = 'INSERT INTO ' . PREFIX . 'comments (' . $key_string . ') VALUES (' . $value_string . ')';
mysql_query($query);
}
}
}
}
}
}
/* handle error */
if ($error) {
if (s('blocker') == 1) {
$_SESSION[ROOT . '/attack_blocked']++;
}
notification(l('error_occurred'), $error, l('back'), $route);
} else {
notification(l('operation_completed'), $success, l('continue'), $route);
}
$_SESSION[ROOT . '/comment'] = '';
}
