Beispiel #1
0
 function create()
 {
     global $gorumuser, $gorumroll, $gorumrecognised;
     if (!isset($this->cid)) {
         $this->cid = $gorumroll->rollid;
     }
     hasAdminRights($isAdm);
     if (!$gorumrecognised && !$this->email) {
         return Roll::setFormInvalid("emailMandatory");
     }
     if (!$gorumrecognised && $this->email) {
         if (!preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$/i', $this->email)) {
             return Roll::setFormInvalid("invalidEmail");
         }
         $this->unsub = FALSE;
         $this->subscribeAction();
         if (!$isAdm) {
             return Roll::setInfoText("subscribed");
         }
     } elseif (!$isAdm) {
         $this->uid = $gorumuser->id;
         create($this);
         $this->rollBackNum = 1;
         return Roll::setInfoText("subscribed");
     } else {
         ini_set("max_execution_time", 0);
         $this->unsub = FALSE;
         $emails = array_unique(array_map(create_function('$v', 'return trim(strtolower($v));'), explode("\n", $this->email)));
         foreach ($emails as $this->email) {
             $this->subscribeAction();
         }
     }
 }
Beispiel #2
0
 function create()
 {
     global $gorumroll;
     $class = strstr($gorumroll->list, "user") ? "user" : "item";
     $this->valid();
     if (Roll::isFormInvalid()) {
         return;
     }
     if (!preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$/i', $this->youremail) || !preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$/i', $this->friendsemail)) {
         return Roll::setFormInvalid("invalidEmail");
     }
     G::load($n, Notification_adToAFriend, "notification");
     if ($n->active) {
         $obj = new $class();
         $obj->id = $gorumroll->rollid;
         $obj->getEmailParams($params);
         $params["message"] = $this->mess;
         $params["name"] = $this->yourname;
         $sp = new SendingParameters();
         $sp->to = $this->friendsemail;
         $sp->from = $this->youremail;
         $sp->replyTo = $this->youremail;
         $sp->replyToName = $this->yourname;
         $n->send($sp, $params);
     }
     //TODO: respnum increase
     Roll::setInfoText("mail_fr_sent_{$class}");
 }
Beispiel #3
0
 function checkForPostMaxSizeError()
 {
     if (!isset($_SERVER['CONTENT_LENGTH'])) {
         return;
     }
     $POST_MAX_SIZE = byteStr2num(ini_get('post_max_size'));
     if ($POST_MAX_SIZE && $_SERVER['CONTENT_LENGTH'] > $POST_MAX_SIZE) {
         Roll::setFormInvalid("postMaxSizeExceeded", $POST_MAX_SIZE);
         LocationHistory::saveInfoText();
         LocationHistory::rollBack(2);
     }
 }
Beispiel #4
0
 function validateCaptcha()
 {
     if ($this->hasCaptcha()) {
         include_once GORUM_DIR . '/captcha/php-captcha.inc.php';
         if (!PhpCaptcha::Validate($_POST['captchaField'])) {
             return Roll::setFormInvalid("invalidCaptcha");
         }
     }
     return TRUE;
 }
Beispiel #5
0
 function validMedia($attr)
 {
     if (!isset($_FILES[$attr]["name"]) || $_FILES[$attr]["name"] == "") {
         return;
     }
     if ($_FILES[$attr]["size"] == 0) {
         return Roll::setFormInvalid("picFileSizeNull");
     }
     if ($_FILES[$attr]["tmp_name"] == "none") {
         return Roll::setFormInvalid("picFileSizeToLarge1");
     }
     $_S =& new AppSettings();
     if ($_S->maxMediaSize && $_FILES[$attr]["size"] > $_S->maxMediaSize) {
         return Roll::setFormInvalid("picFileSizeToLarge2", $_S->maxMediaSize);
     }
     if (!is_uploaded_file($_FILES[$attr]["tmp_name"])) {
         handleError("Possible attack");
     }
 }
Beispiel #6
0
 function checkAndSetExpirationDays()
 {
     if (!$this->expirationAppearsInForm()) {
         $this->expiration = $this->getDefaultExpiration();
     } elseif ($defaultExpiration = $this->getDefaultExpiration()) {
         // ha uresen hagytak az expirationt, a default lep ervenybe:
         if (empty($this->expiration)) {
             $this->expiration = $defaultExpiration;
         } elseif ($this->expiration > $defaultExpiration) {
             return Roll::setFormInvalid("item_expiration_expl_2", $defaultExpiration);
         }
     }
     return TRUE;
 }
Beispiel #7
0
 function validLogin()
 {
     $user = new User();
     $user->setUniqueValue($this->getUniqueValue());
     if (load($user, array($this->getUniqueAttr())) || $user->id == $user->name) {
         Roll::setFormInvalid();
     } else {
         if (getPassword($this->password) != $user->password && $user->newPassword) {
             if (getPassword($this->password) == $user->newPassword) {
                 executeQuery(array("UPDATE @user SET password='******', newPassword='' WHERE id=#id#", $user->id));
             } else {
                 Roll::setFormInvalid();
             }
         } elseif (getPassword($this->password) != $user->password) {
             Roll::setFormInvalid();
         }
         $this->id = $user->id;
         $this->lastClickTime = $user->lastClickTime;
     }
     if (Roll::isFormInvalid()) {
         Roll::setInfoText("loginInvalid");
     }
     return !Roll::isFormInvalid();
 }
Beispiel #8
0
 function valid()
 {
     if (!isset($_FILES["picture"]["name"]) || $_FILES["picture"]["name"] == "") {
         return Category::valid();
     }
     if (isset($_FILES["picture"]["name"]) && strstr($_FILES["picture"]["name"], " ")) {
         return Roll::setFormInvalid("spacenoatt");
     }
     if ($_FILES["picture"]["size"] == 0) {
         return Roll::setFormInvalid("picFileSizeNull");
     }
     if ($_FILES["picture"]["tmp_name"] == "none") {
         return Roll::setFormInvalid("picFileSizeToLarge1");
     }
     if (!is_uploaded_file($_FILES["picture"]["tmp_name"])) {
         handleError("Possible attack");
     }
     $fname = $_FILES["picture"]["tmp_name"];
     $size = getimagesize($fname);
     if (!$size) {
         return Roll::setFormInvalid("notValidImageFile");
     }
     return Category::valid();
 }
Beispiel #9
0
 function uploadImages()
 {
     global $siteDemo;
     if (!class_exists('rss') || $siteDemo) {
         return;
     }
     $err = "";
     //$pattern = "{(\\<div id='header'\\>\\<img src='\\<\\?php echo \\\$this->imagesDir \\?\\>)(/[^']+)('\\>\\</div\\>)}ms";
     $pattern = '{(/.+\\?logoImage)|(/headpic\\.gif)}';
     $this->uploadImagesCore("logoImage", TEMPLATE_DIR . "/layout.tpl.php", $pattern, $err);
     if ($err) {
         return Roll::setFormInvalid($err);
     }
     $pattern = '{(/[^/]+\\?headerBackground)|(/top_shadow\\.jpg)}';
     $this->uploadImagesCore("headerBackground", CSS_DIR . "/layout.css", $pattern, $err);
     if ($err) {
         return Roll::setFormInvalid($err);
     }
 }
Beispiel #10
0
 function init($queryString)
 {
     global $allowedMethods;
     $_S =& new AppSettings();
     if (!count($queryPieces = AppController::getQueryPieces($queryString))) {
         $_GS =& new GlobalStat();
         if ($_GS->defPageConf) {
             $this->Controller("checkconf", "show");
         } elseif (!empty($_S->homeLocation) && $_S->homeLocation != "/") {
             $this->Controller($_S->homeLocation);
         } else {
             $this->Controller("appcategory", "showhtmllist", 0);
         }
         // default application home
     } elseif (is_numeric($queryPieces[0])) {
         // Pl: /123     /123/attr1/val1/attr2/val2
         $this->Controller("item", "showdetails", array_shift($queryPieces), $queryPieces);
     } elseif ($queryPieces[0] == "list") {
         array_shift($queryPieces);
         if (is_numeric($queryPieces[0]) || $queryPieces[0] == '*') {
             // Pl: /list/23     /list/23/attr1/val1/attr2/val2
             // ha nincs ilyen category id, de van olyan user, aminek ez a neve:
             if (G::load($obj, $queryPieces[0], "appcategory") && !loadSQL($obj = new User(), array("SELECT id FROM @user WHERE name=#name# LIMIT 1", $queryPieces[0]))) {
                 $this->Controller("item_my", "showhtmllist", array_shift($queryPieces), $queryPieces);
             } else {
                 $this->Controller("appcategory", "showhtmllist", array_shift($queryPieces), $queryPieces);
             }
         } else {
             // Egy user osszes iteme: Pl: /list/henry
             $this->Controller("item_my", "showhtmllist", urldecode(array_shift($queryPieces)), $queryPieces);
         }
     } elseif ($queryPieces[0] == "rss") {
         // Pl: /rss/category/10/latest/20/days/3
         array_shift($queryPieces);
         if ($queryPieces[0] == "modify_form") {
             $this->Controller("rss", "modify_form", "1");
         } else {
             $this->Controller("rss", "get", "0", $queryPieces);
         }
     } elseif (count($queryPieces) == 1) {
         if ($queryPieces[0] == "control_panel") {
             $this->Controller("controlpanel", "showhtmllist");
         } elseif ($queryPieces[0] == "purchaseitem" && class_exists("purchaseitem")) {
             $this->Controller("purchaseitem", "showhtmllist");
         } elseif (!$_S->permaLinksEnabled() || !$this->validPermaLink($queryPieces)) {
             $this->Controller("staticpage", "show", $queryPieces[0]);
             // Pl: /faqpage
             $template = "{$queryPieces['0']}.tpl.php";
             if (!file_exists(GORUM_TEMPLATE_DIR . "/{$template}") && !file_exists(TEMPLATE_DIR . "/{$template}") && !file_exists(COMMON_TEMPLATES . "/{$template}")) {
                 return Roll::setFormInvalid("nonExistentStaticPage", $queryPieces[0]);
             }
         }
     } elseif (is_numeric($queryPieces[1]) || $queryPieces[1] == '*') {
         // Pl: /item/123     /item/123/attr1/val1/attr2/val2
         $this->Controller(array_shift($queryPieces), "showdetails", array_shift($queryPieces), $queryPieces);
     } elseif ($_S->permaLinksEnabled() && !$this->isExistingMethod($queryPieces[1])) {
         if (!$this->validPermaLink($queryPieces)) {
             trigger_error("Invalid query string: {$queryString}", E_USER_ERROR);
             return Roll::setFormInvalid("invalidInternalLink", $queryString);
         }
     } elseif (count($queryPieces) == 2) {
         // Pl: /user/create_form/
         $this->Controller(array_shift($queryPieces), array_shift($queryPieces), 0);
     } elseif (count($queryPieces) >= 3) {
         if ($queryPieces[2] == "off") {
             $this->Controller(array_shift($queryPieces), array_shift($queryPieces), 0, $queryPieces);
         } else {
             $this->Controller(array_shift($queryPieces), array_shift($queryPieces), array_shift($queryPieces), $queryPieces);
         }
     } else {
         trigger_error("Invalid query string: {$queryString}", E_USER_ERROR);
         return Roll::setFormInvalid("invalidInternalLink", $queryString);
     }
     return TRUE;
 }
Beispiel #11
0
 function commonFieldAlreadyExists()
 {
     $id = isset($this->id) ? $this->id : 0;
     $query = "SELECT COUNT(*) FROM @customfield WHERE isCommon=1 AND columnIndex LIKE 'col_%' AND id!=#id# AND\n             ((name!='' AND name=#name# AND type=#type#) OR (name='' AND userField!=0 AND userField=#uf#))";
     getDbCount($count, array($query, $id, $this->name, $this->type, $this->userField));
     if ($count) {
         Roll::setFormInvalid("commonFieldAlreadyExists");
     }
     return $count;
 }